openvpn on Windows Server 2012

This forum is for all inquiries relating to the installation of OpenVPN from source and with binaries.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please visit (and READ) the OpenVPN HowTo http://openvpn.net/howto prior to asking any questions in here!
Post Reply
jeff.sadowski
OpenVpn Newbie
Posts: 8
Joined: Thu Sep 01, 2011 6:53 pm

openvpn on Windows Server 2012

Post by jeff.sadowski » Fri May 10, 2013 8:06 pm

I installed the 64 bit compiled version of openvpn 2.3.1 on a 64 bit windows server 2012. It seemed to install ok.
I configured it as I have it on my windows server 2003 server with minute changes(port and addresses only)
It appears to start fine but I can not connect to it. I think I might need to do something windows server 2012 specific.
Are there any documents on how to allow 3rd party network apps to run on windows server 2012 that anyone knows of? I opened the firewall and even disabled it till I get it working. I suspect something deeper.

The logs on the server only show that it started. The managment interface works. The firewall is off.

Code: Select all

Fri May 10 13:02:00 2013 OpenVPN 2.3.1 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [eurephia] [IPv6] built on Mar 28 2013
Fri May 10 13:02:00 2013 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:7505
Fri May 10 13:02:00 2013 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Fri May 10 13:02:00 2013 Diffie-Hellman initialized with 1024 bit key
Fri May 10 13:02:00 2013 Socket Buffers: R=[65536->65536] S=[65536->65536]
Fri May 10 13:02:00 2013 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Fri May 10 13:02:00 2013 open_tun, tt->ipv6=0
Fri May 10 13:02:00 2013 TAP-WIN32 device [Local Area Connection] opened: \\.\Global\{53838C20-FD9E-47C3-8B72-F3E69F67E39B}.tap
Fri May 10 13:02:00 2013 TAP-Windows Driver Version 9.9 
Fri May 10 13:02:00 2013 Set TAP-Windows TUN subnet mode network/local/netmask = 192.168.253.0/192.168.253.1/255.255.255.0 [SUCCEEDED]
Fri May 10 13:02:00 2013 Notified TAP-Windows driver to set a DHCP IP/netmask of 192.168.253.1/255.255.255.0 on interface {53838C20-FD9E-47C3-8B72-F3E69F67E39B} [DHCP-serv: 192.168.253.254, lease-time: 31536000]
Fri May 10 13:02:00 2013 Sleeping for 10 seconds...
Fri May 10 13:02:10 2013 Successful ARP Flush on interface [25] {53838C20-FD9E-47C3-8B72-F3E69F67E39B}
Fri May 10 13:02:10 2013 UDPv4 link local (bound): [undef]
Fri May 10 13:02:10 2013 UDPv4 link remote: [undef]
Fri May 10 13:02:10 2013 MULTI: multi_init called, r=256 v=256
Fri May 10 13:02:10 2013 IFCONFIG POOL: base=192.168.253.2 size=252, ipv6=0
Fri May 10 13:02:10 2013 Initialization Sequence Completed
Fri May 10 13:13:15 2013 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:7505
Fri May 10 13:13:20 2013 MANAGEMENT: CMD 'status'
Fri May 10 13:15:54 2013 MANAGEMENT: CMD 'stsatus'
Fri May 10 13:15:57 2013 MANAGEMENT: CMD 'status'

The client log shows

Code: Select all

Fri May 10 13:20:06 2013 OpenVPN 2.3.1 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [eurephia] [IPv6] built on Mar 28 2013
Fri May 10 13:20:06 2013 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Fri May 10 13:20:06 2013 Need hold release from management interface, waiting...
Fri May 10 13:20:06 2013 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Fri May 10 13:20:06 2013 MANAGEMENT: CMD 'state on'
Fri May 10 13:20:06 2013 MANAGEMENT: CMD 'log all on'
Fri May 10 13:20:06 2013 MANAGEMENT: CMD 'hold off'
Fri May 10 13:20:06 2013 MANAGEMENT: CMD 'hold release'
Fri May 10 13:20:06 2013 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Fri May 10 13:20:06 2013 Socket Buffers: R=[8192->8192] S=[8192->8192]
Fri May 10 13:20:06 2013 UDPv4 link local: [undef]
Fri May 10 13:20:06 2013 UDPv4 link remote: [AF_INET]192.168.16.4:11941
Fri May 10 13:20:06 2013 MANAGEMENT: >STATE:1368213606,WAIT,,,
I'm only testing but would like a backup server to connect to.
Top
oddie121
OpenVpn Newbie
Posts: 5
Joined: Mon Aug 12, 2013 1:38 pm

Re: openvpn on Windows Server 2012

Post by oddie121 » Mon Aug 12, 2013 2:03 pm

I know this is a bit old but here's what i had to do on Windows Server 2012 to get the tunnel to open up correctly after moving my config from Server 2003 to Server 2012

Install OpenVPN (I just upgraded to the latest to 2.3.2 from 2.3.1)
Install Service as part of install
Create new keys/certs/etc
Set configuration file from 2003 (mine is TCP)
Set Service to Auto instead of the default of manual
Disable Windows firewall on all profiles
Set the server to autologon (HKLM\SOFTWWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon)((you may need to create the below keys of string value))
DefaultDomain <servername>
DefaultPassword <mypassword>
DefaultUserName Administrator (or <YourUserNameHere>)
AutoAdminLogon 1
ForceAutoLogon 1

Create bat file below and save it to C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
FileName: NetworkSharing.bat
Contents <spaces provided for ease of copy>:

control.exe /name Microsoft.NetworkAndSharingCenter

Modify your 2003 config to include the following on the server.conf if you don't already have it:
tun-mtu 1500
mssfix 1300
tcp-queue-limit 256

Modify your client config to include the following if you don't already have it:
tun-mtu 1500
mssfix 1300

It seemed to me 2012 has something that blocks the driver from loading fully until you open the Network Sharing and Connection center as a User. Once this was done everything would initialize and would allow the client to connect. Crappy workaround but it works for me at the moment as its just me that connects.
The only other issue i have is when i RDP to my server my ping times go erratic compared to my WAN and i drop my RDP sessions. I'll end up opening a post for this and not highjack yours :)

Hope this helps!

Edit: forgot about firewall :-\
Top
Post Reply

Return to “Installation Help”