OpenVPN Support Forum

Community Support Forum
https://forums.openvpn.net/

Previously working config does not work for Windows 8

https://forums.openvpn.net/viewtopic.php?t=11200

Page 1 of 1

Previously working config does not work for Windows 8

Posted: Wed Aug 29, 2012 4:27 pm
by dazappa
I am connecting from Windows 8 Pro RTM to a Centos 5.8 server. Server version is 2.2.2, client 2.3-a3. The configuration has not changed between Win 7 and 8. (I did an in-place upgrade of 7 so now I only have 8).

Server config:

Code: Select all

dev tun
proto udp
remote 10.10.10.0
port 5000
nobind
comp-lzo
persist-key
persist-tun
ca ca.crt
cert client1.crt
key client1.key
ping 60
ping-restart 120
Client config:

Code: Select all

client
remote 69.175.32.12 5000
dev tun
proto udp
comp-lzo
ca ca.crt
cert client1.crt
key client1.key
route-delay 2
route-method exe
redirect-gateway def1
dhcp-option DNS 8.8.8.8
verb 3
Log:

Code: Select all

Wed Aug 29 11:49:32 2012 OpenVPN 2.3_alpha3 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [eurephia] [PF_INET6] [IPv6 payload 20110522-1 (2.2.0)] built on Jul 24 2012
Enter Management Password:
Wed Aug 29 11:49:32 2012 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.10:25340
Wed Aug 29 11:49:32 2012 Need hold release from management interface, waiting...
Wed Aug 29 11:49:32 2012 MANAGEMENT: Client connected from [AF_INET]127.0.0.10:25340
Wed Aug 29 11:49:32 2012 MANAGEMENT: CMD 'state on'
Wed Aug 29 11:49:32 2012 MANAGEMENT: CMD 'log all on'
Wed Aug 29 11:49:32 2012 MANAGEMENT: CMD 'hold off'
Wed Aug 29 11:49:32 2012 MANAGEMENT: CMD 'hold release'
Wed Aug 29 11:49:32 2012 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Wed Aug 29 11:49:32 2012 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Wed Aug 29 11:49:33 2012 Socket Buffers: R=[65536->65536] S=[65536->65536]
Wed Aug 29 11:49:33 2012 MANAGEMENT: >STATE:1346255373,RESOLVE,,,
Wed Aug 29 11:49:33 2012 UDPv4 link local (bound): [undef]
Wed Aug 29 11:49:33 2012 UDPv4 link remote: [AF_INET]69.175.32.12:5000
Wed Aug 29 11:49:33 2012 MANAGEMENT: >STATE:1346255373,WAIT,,,
Wed Aug 29 11:49:33 2012 MANAGEMENT: >STATE:1346255373,AUTH,,,
Wed Aug 29 11:49:33 2012 TLS: Initial packet from [AF_INET]69.175.32.12:5000, sid=32177e92 6ad9b752
Wed Aug 29 11:49:33 2012 VERIFY OK: depth=1, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=changeme, CN=changeme, name=changeme, emailAddress=mail@host.domain
Wed Aug 29 11:49:33 2012 VERIFY OK: depth=0, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=changeme, CN=server, name=changeme, emailAddress=mail@host.domain
Wed Aug 29 11:49:34 2012 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Aug 29 11:49:34 2012 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Aug 29 11:49:34 2012 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Aug 29 11:49:34 2012 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Aug 29 11:49:34 2012 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Wed Aug 29 11:49:34 2012 [server] Peer Connection Initiated with [AF_INET]69.175.32.12:5000
Wed Aug 29 11:49:35 2012 MANAGEMENT: >STATE:1346255375,GET_CONFIG,,,
Wed Aug 29 11:49:36 2012 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Wed Aug 29 11:49:36 2012 PUSH: Received control message: 'PUSH_REPLY,route 10.10.10.0 255.255.255.0,redirect-gateway,route 10.10.10.1,topology net30,ping 10,ping-restart 60,ifconfig 10.10.10.6 10.10.10.5'
Wed Aug 29 11:49:36 2012 OPTIONS IMPORT: timers and/or timeouts modified
Wed Aug 29 11:49:36 2012 OPTIONS IMPORT: --ifconfig/up options modified
Wed Aug 29 11:49:36 2012 OPTIONS IMPORT: route options modified
Wed Aug 29 11:49:36 2012 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Wed Aug 29 11:49:36 2012 MANAGEMENT: >STATE:1346255376,ASSIGN_IP,,10.10.10.6,
Wed Aug 29 11:49:36 2012 open_tun, tt->ipv6=0
Wed Aug 29 11:49:36 2012 TAP-WIN32 device [Local Area Connection] opened: \\.\Global\{4139E25A-7D5B-4AB9-AC97-668C859E0C78}.tap
Wed Aug 29 11:49:36 2012 TAP-Windows Driver Version 9.9 
Wed Aug 29 11:49:36 2012 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.10.10.6/255.255.255.252 on interface {4139E25A-7D5B-4AB9-AC97-668C859E0C78} [DHCP-serv: 10.10.10.5, lease-time: 31536000]
Wed Aug 29 11:49:36 2012 Successful ARP Flush on interface [18] {4139E25A-7D5B-4AB9-AC97-668C859E0C78}
Wed Aug 29 11:49:38 2012 TEST ROUTES: 3/3 succeeded len=2 ret=1 a=0 u/d=up
Wed Aug 29 11:49:38 2012 C:\WINDOWS\system32\route.exe ADD 69.175.32.12 MASK 255.255.255.255 172.16.102.65
Wed Aug 29 11:49:38 2012 env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
 OK!
Wed Aug 29 11:49:38 2012 C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.10.10.5
Wed Aug 29 11:49:38 2012 env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
 OK!
Wed Aug 29 11:49:38 2012 C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.10.10.5
Wed Aug 29 11:49:38 2012 env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
 OK!
Wed Aug 29 11:49:38 2012 MANAGEMENT: >STATE:1346255378,ADD_ROUTES,,,
Wed Aug 29 11:49:38 2012 C:\WINDOWS\system32\route.exe ADD 10.10.10.0 MASK 255.255.255.0 10.10.10.5
Wed Aug 29 11:49:38 2012 env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
 OK!
Wed Aug 29 11:49:38 2012 C:\WINDOWS\system32\route.exe ADD 10.10.10.1 MASK 255.255.255.255 10.10.10.5
Wed Aug 29 11:49:38 2012 env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
 OK!
Wed Aug 29 11:49:38 2012 Initialization Sequence Completed
Wed Aug 29 11:49:38 2012 MANAGEMENT: >STATE:1346255378,CONNECTED,SUCCESS,10.10.10.6,69.175.32.12
Server is really just configured for one person and authorized with the key only. Once connected I can ping 10.10.10.1, but I cannot ping outside IPs or domains. The server "shouldn't need to be touched" as nothing has changed between the configurations, and yet Windows 8 doesn't work. Like under Win 7, I am running the OpenVPN GUI as administrator.

Additional Windows 8 specific steps I have tried:
Following the topic here: topic7806.html
Starting the suggested service does not help.
Enabling sharing and selecting LAN2 (both before and after connecting) has no effect.

Re: Previously working config does not work for Windows 8

Posted: Wed Jun 05, 2013 9:35 am
by ajen
Hi!
Try to delete in Client config :

route-delay 2
route-method exe

Anwser the resluts. Cheers.
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/