Unable to ping Windows machines with TUN setup

[pierre]

I have had a TAP setup since 2006, working without a glitch. I just installed a second OpenVPN server with TUN on the same machine (because the iOS app does not support TAP). It's also working (took way longer than expected, but that's not for this thread).

When connecting with TUN, I cannot ping any Windows machines located on the server LAN from any client (iOS nor Windows), UNLESS I turn off the Private side of the firewall on those Windows machines. I have no problem pinging Mac machines, even if they have their firewall on.

By the way, I only have that problem with Windows machine if I connect using the TUN server. I don't have the problem with the TAP server.

Obviously turning off the firewall on the Windows machines is not an ideal solution. Apparently the Windows machines see the ping packets as coming from an "unsafe" network (my interpretation of the situation, not necessarily the case).

Granted, they are coming from a different subnet. The LAN is on 192.168.xxx.0 and the TUN VPN is on 10.8.0.0. But I made sure the OpenVPN adapters on both server and client were considered Private networks, by adding
push "route 0.0.0.0 0.0.0.0 vpn_gateway 999"
route 0.0.0.0 0.0.0.0 vpn_gateway 999
to the TUN server config (as recommended somewhere on this site).

So is it a mask issue? If so where? But somehow I suspect it's something else, but don't know what. So what's causing this ping failure and how can I address it?

Edit: I must add that I have no problems reaching the same Windows machines using the same IP addresses via TeamViewer or VNC. So the problem is specific to TUN, pings and the firewall.

Thanks for any insight.

[pierre]

I found out that by adding 10.8.0.0/24 to the list of remote IP addresses, in the Scope tab of the inbound rule named "File and Printer Sharing (Echo Request - ICMPv4-In)" (the one for Private/Public network), then it worked.

But that means I have to do it on every Windows machine. A bit tedious. And it needs to be remembered for a new machine, or a machine where Windows gets reinstalled.

I would prefer to do something to the configuration of the TUN server. Is there a way?

[gahbes]

Did you ever find out what caused this? I have exactly the same issue. I can ping everything but Windows machines.

It's so strange, I've been looking for a solution for the last two days.

Any tips would be much appreciated.

Thanks!

[pierre]

Five and a half years have passed and I had forgotten what this was about. Had to reread my original post.
So, no, I have not heard anything about this. And to be honest, I would not have remembered I had found a sort of workaround, hadn't I come here to reread my post. Given the time elapsed, I have the feeling no one knows or no one cares. What a shame.