Windows, no route to private network added?

preid · Post by **preid** » Sun Jul 29, 2012 1:01 am

Hi, guys,

Doing some Googling for the last hour or so, it appears this question has been asked before, but not typically resolved - at least, in the stuff I've read.

My problem is that on some Windows machines, the route to the private network isn't added. The machine I'm fighting with at the moment is a Windows Server 2003 machine.

My setup:

OpenVPN Subnet: 192.168.126.0/24
Private LAN Subnet: 192.168.125.0/24
OpenVPN Client Version: OpenVPN GUI 1.0.3 (2.1.4 for Windows)

When connecting with a working Windows 7 machine, everything flows smoothly through the connect process, giving me an IP of 192.168.126.10, and doing a ROUTE PRINT confirms that the adapter is properly assigned the IP and there is a route to 192.168.125.0/24 through 192.168.126.9, as it should be.

On the problem Windows 2003 machine, everything flows smoothly until the last step of the connection setup, when I observed a few seconds of pause (a timeout when trying to add the route, perhaps?). The adapter gets assigned an IP of 192.168.126.6, but doing a ROUTE PRINT reveals no route entry to 192.168.125.0/24. If I then type ROUTE ADD 192.168.125.0 MASK 255.255.255.0 192.168.126.5, I can suddenly get to the private network.

The question is, why isn't the route being added by the OpenVPN client? The log doesn't say a whole lot - no errors pop up during the connection process.

The user I'm logged in as obviously has permissions to add the route, since I can it myself via the command prompt, so it doesn't "feel" like a permissions issue.

Any ideas?

Thanks, guys!

preid · Post by **preid** » Mon Jul 30, 2012 5:15 am

A quick update here.

I disconnected, exited the OpenVPN client, then started it again and reconnected with the problem machine, and this time I got a bunch of stuff in the log that never appeared previously. This is what I'm seeing:

Code: Select all

Sun Jul 29 22:07:21 2012 TAP-WIN32 device [Local Area Connection] opened: \\.\Global\{1E90DE87-91DB-4037-8ADF-802E09B9E871}.tap
Sun Jul 29 22:07:21 2012 Notified TAP-Win32 driver to set a DHCP IP/netmask of 192.168.126.10/255.255.255.252 on interface {1E90DE87-91DB-4037-8ADF-802E09B9E871} [DHCP-serv: 192.168.126.9, lease-time: 31536000]
Sun Jul 29 22:07:56 2012 Warning: route gateway is not reachable on any active network adapters: 192.168.126.9
The route addition failed: Either the interface index is wrong or the gateway does not lie on the same network as the interface. Check the IP Address Table for the machine.
Sun Jul 29 22:07:56 2012 Warning: route gateway is not reachable on any active network adapters: 192.168.126.9
The route addition failed: Either the interface index is wrong or the gateway does not lie on the same network as the interface. Check the IP Address Table for the machine.
SYSTEM ROUTING TABLE
0.0.0.0 0.0.0.0 192.168.150.1 p=0 i=65539 t=0 pr=3 a=0 h=0 m=10/10/10/10/3
127.0.0.0 255.0.0.0 127.0.0.1 p=0 i=1 t=0 pr=2 a=0 h=0 m=1/1/1/1/1
127.0.0.1 255.255.255.255 127.0.0.1 p=0 i=1 t=0 pr=2 a=0 h=0 m=1/1/1/1/1
192.168.126.4 255.255.255.252 192.168.126.6 p=0 i=65540 t=0 pr=2 a=0 h=0 m=30/30/30/1/3
192.168.126.6 255.255.255.255 127.0.0.1 p=0 i=1 t=0 pr=2 a=0 h=0 m=30/30/30/1/1
192.168.126.255 255.255.255.255 192.168.126.6 p=0 i=65540 t=0 pr=2 a=0 h=0 m=30/30/30/1/3
192.168.150.0 255.255.255.0 192.168.150.200 p=0 i=65539 t=0 pr=2 a=0 h=0 m=10/10/10/1/3
192.168.150.200 255.255.255.255 127.0.0.1 p=0 i=1 t=0 pr=2 a=0 h=0 m=10/10/10/1/1
192.168.150.255 255.255.255.255 192.168.150.200 p=0 i=65539 t=0 pr=2 a=0 h=0 m=10/10/10/1/3
224.0.0.0 240.0.0.0 192.168.126.6 p=0 i=65540 t=0 pr=2 a=0 h=0 m=30/30/30/1/3
224.0.0.0 240.0.0.0 192.168.150.200 p=0 i=65539 t=0 pr=2 a=0 h=0 m=10/10/10/1/3
255.255.255.255 255.255.255.255 192.168.126.6 p=0 i=65540 t=0 pr=2 a=0 h=0 m=1/1/1/1/3
255.255.255.255 255.255.255.255 192.168.150.200 p=0 i=65539 t=0 pr=2 a=0 h=0 m=1/1/1/1/3
SYSTEM ADAPTER LIST
TAP-Win32 Adapter V9
  Index = 65540
  GUID = {1E90DE87-91DB-4037-8ADF-802E09B9E871}
  IP = 192.168.126.6/255.255.255.252 
  MAC = 00:ff:1e:90:de:87
  GATEWAY =  
  DHCP SERV = 192.168.126.5 
  DHCP LEASE OBTAINED = Sat Jul 28 16:54:26 2012
  DHCP LEASE EXPIRES  = Sun Jul 28 16:54:26 2013
  DNS SERV = 192.168.125.2 
Broadcom NetXtreme 5751 Gigabit Controller
  Index = 65539
  GUID = {190494A8-2651-4C75-A090-AC7E922AC5A9}
  IP = 192.168.150.200/255.255.255.0 
  MAC = 00:13:20:17:df:f6
  GATEWAY = 192.168.150.1/0.0.0.0 
  PRI WINS = 192.168.111.2/0.0.0.0 
  SEC WINS = 0.0.0.0/0.0.0.0 
  DNS SERV = 127.0.0.1 
Sun Jul 29 22:07:56 2012 Initialization Sequence Completed With Errors ( see http://openvpn.net/faq.html#dhcpclientserv )

It's apparently unhappy, but once again, I can drop to the command prompt, add the route manually, and all is well. The problem is, this is for an end user who doesn't know what a route is, let alone how to set one. I suppose I could pop a little icon on his desktop to add the route, or just add it permanently and be done with it - but this should work on it's own. I worry I'm going to run into this and have to Mickey-Mouse It(tm) all over the place. So far, I've seen it on two machines - this 2003 machine, and one Windows 7 box...and yet the same install and configuration works fine on another Windows 7 machine and even an OSX machine (with the OSX client, of course).

Post by **Mimiko** » Mon Oct 01, 2012 7:50 am

I suppose you have RRAS enabled on Win2k3. Read this: topic9538.html

preid · Post by **preid** » Mon Oct 01, 2012 8:40 am

Hi, Mimiko,

Thanks for the reply. I never did resolve the issue on the Windows Server 2003 machine. In the end, I just added the route manually and copied the data I needed to the remote server. It was a one time thing, so I didn't dig into it much.

On the Windows 7 machine, it's UAC that was in the way. Once I disabled UAC, the route add worked fine. With UAC enabled, I was able to get the route add to work by ensuring the OpenVPN GUI ran as Administrator. Since the Windows 7 machine needed to auto-connect to the VPN, I ended up creating a batch file to fire up the OpenVPN GUI with the correct command line arguments to auto-connect with, then made sure that batch file's shortcut in the Startup folder was set to run as Administrator (and to run minimized, as well, just for cleanliness). Once I figured it out with UAC enabled, I disabled UAC anyway because it pissed me off *laugh*. These machines are essentially just a bare Windows install to connect to a virtual desktop server as a thin client, so all of the Windows security nonsense being disabled isn't a concern, since these machines will never see the Internet at all (they're completely blocked from access the Internet, except for the port needed to connect via OpenVPN to the virtual desktop target).

So, problem solved, more or less.

Thanks again for your reply, Mimiko.

OpenVPN Support Forum

Windows, no route to private network added?

Windows, no route to private network added?

Re: Windows, no route to private network added?

Re: Windows, no route to private network added?

Re: Windows, no route to private network added?