Wrong Route on Windows Server

This forum is for admins who are looking to build or expand their OpenVPN setup.
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
andy232
OpenVpn Newbie
Posts: 4
Joined: Fri Nov 30, 2018 8:44 am

Wrong Route on Windows Server

Post by andy232 » Fri Nov 30, 2018 8:58 am

Hello,

I am using OpenVPN v2.4.6 on Windows Server 2008 R2.
I have the following problem.
After starting OpenVPN on the server the following route is wrong:

Code: Select all

Target       Networkmask          Gateway        Interface         Metrik
10.8.0.0    255.255.255.0         10.8.0.2         192.168.2.10    20

The interface should be 10.8.0.1 and not 192.168.2.10 because that is the ip address of the lan adapter and not the TAP Windows Adapter.
And with this wrong route nobody can reach the server.

On my other Windows Server 2016 I could solve this problem by restarting the openvpnservice with a script. But on Windows Server 2008 R2 this does not help.
The only solution is to deactivate and reactivate the OpenVPN Adapter in Windows. Unfortunately this cannot be done by a script. There are serveral scripts to to this but they do not work with the TAP-Adapter.

Does anybody has a tip ?

The correct route should be:

Code: Select all

Target       Networkmask          Gateway        Interface         Metrik
10.8.0.0    255.255.255.0         10.8.0.2         10.8.0.1   20


I also tried to set a static route and so on but with no luck.

Thank You!

Greetings, Andreas.

flint2003
OpenVPN User
Posts: 19
Joined: Mon Sep 24, 2018 11:48 am

Re: Wrong Route on Windows Server

Post by flint2003 » Fri Nov 30, 2018 10:25 am

Hello.
Please, show us the config files how you establish the routes. Manually or with the OpenVPN?

cname
OpenVpn Newbie
Posts: 3
Joined: Sat Dec 01, 2018 9:33 pm

Re: Wrong Route on Windows Server

Post by cname » Sat Dec 01, 2018 11:15 pm

This may or may not work for Windows Server 2008: https://www.lwyh.org/en/openvpn-windows ... -2019.html

andy232
OpenVpn Newbie
Posts: 4
Joined: Fri Nov 30, 2018 8:44 am

Re: Wrong Route on Windows Server

Post by andy232 » Mon Dec 03, 2018 10:15 am

Hi,

here is my openvpn config:

Server Config

port 1194
proto udp
dev tun
dev-node OpenVPN
cd ..\\easy-rsa\\keys
ca ca.crt
cert server.crt
key server.key # This file should be kept secret
dh dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 192.168.2.0 255.255.255.0"
push "dhcp-option WINS 10.8.0.1"
push "dhcp-option DNS 10.8.0.1"
duplicate-cn
keepalive 10 120
compress lz4-v2
persist-key
persist-tun
status openvpn-status.log
verb 3
explicit-exit-notify 1
auth-nocache


I do not any additional or manual routing

flint2003
OpenVPN User
Posts: 19
Joined: Mon Sep 24, 2018 11:48 am

Re: Wrong Route on Windows Server

Post by flint2003 » Mon Dec 03, 2018 11:14 am

Hi Andy
This is my working configuration
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
dev tun
proto udp4
port 443
ca ca.crt
cert server.crt
key server.key
dh dh4096.pem
topology subnet
tls-server
client-config-dir ccd
setenv PATH "C:\\Windows\\System32;C:\\WINDOWS;C:\\WINDOWS\\System32\\Wbem"
route-method exe
route-delay 10
server 10.8.0.0 255.255.255.0
route-gateway 10.8.0.1
route 10.8.0.0 255.255.255.0
route 172.18.9.0 255.255.255.0 10.8.0.2
cipher AES-128-CBC
comp-lzo
mssfix
keepalive 10 120
verb 4
# tls-cipher "DEFAULT:@SECLEVEL=0" - use this for 2.4.6 version only
tls-auth ta.key 0
tun-mtu 1500
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Well, pay attention on as follows:
1) "client-config-dir ccd" - this folder with files about every client. You can read about it in "HOW TO"
2) this set of directives:
server 10.8.0.0 255.255.255.0
route-gateway 10.8.0.1
route 10.8.0.0 255.255.255.0
route 172.18.9.0 255.255.255.0 10.8.0.2

I explicitly appointed all required information about my OpenVPN server

3) "route 172.18.9.0 255.255.255.0 10.8.0.2"
This is a route to the client. I've got only one client thus the route is one only too

I hope my information can help you to run your server anywhere

andy232
OpenVpn Newbie
Posts: 4
Joined: Fri Nov 30, 2018 8:44 am

Re: Wrong Route on Windows Server [solved]

Post by andy232 » Tue Dec 04, 2018 3:38 pm

Hello

thank You for the tips. Finally I found an error on the openvpn-log that the route could not be set.
I saw this post viewtopic.php?t=12362 and added a batch to remove and install the TAP-Adapter every morning:

Code: Select all

"C:\Program Files\TAP-Windows\bin\tapinstall.exe" remove tap0901
"C:\Program Files\TAP-Windows\bin\tapinstall.exe" install "C:\Program Files\TAP-Windows\driver\OemVista.inf" tap0901
Now it works!

Greetings, Andreas

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 5095
Joined: Fri Jun 03, 2016 1:17 pm

Re: Wrong Route on Windows Server

Post by TinCanTech » Tue Dec 04, 2018 3:53 pm

@andy232, that is a terrible solution ..

It sounds more like you are experiencing the "Windows wake from sleep TAP adaptor" bug.

flint2003
OpenVPN User
Posts: 19
Joined: Mon Sep 24, 2018 11:48 am

Re: Wrong Route on Windows Server

Post by flint2003 » Wed Dec 05, 2018 2:04 pm

It's a very strange solution made by andy232.
As we can see, the configuration file (*.ovpn) was made with mistakes.
Andy, why didn't you take the template of a configuration file and changed it?
You made the strange workaround instead of that.
It's really strange. I cannot understand things you were guided by......

andy232
OpenVpn Newbie
Posts: 4
Joined: Fri Nov 30, 2018 8:44 am

Re: Wrong Route on Windows Server

Post by andy232 » Wed Dec 05, 2018 6:18 pm

Thankyou for the Suggestions. Starting from Scratch with a New Config file Sounds good. I will do it next Year when I have More Time.....

Greetings, Andy

Post Reply