openvpn client connect with openvpn server but can't access internet

[bhfm511@gamil.com]

I setup openvpn server version 2.4.9-I601-Win10 on windows 10. My client can connect with openvpn server but I can't access internet.

I follow this article steps to setup.

https://www.reddit.com/r/OpenVPN/commen ... =post_body

View OriginalServer config

port 1194
proto udp
dev tun
ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\config\\server.crt"
key "C:\\Program Files\\OpenVPN\\config\\server.key"
dh "C:\\Program Files\\OpenVPN\\config\\dh1024.pem"
tls-auth "C:\\Program Files\\OpenVPN\\config\\ta.key" 0
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 10 120
cipher AES-256-CBC
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3
explicit-exit-notify 1

View OriginalClient config

client
dev tun
proto udp
remote example.ddns.us 443
resolv-retry infinite
nobind
comp-lzo
persist-key
persist-tun
remote-cert-tls server
key-direction 1
cipher AES-256-CBC
verb 3
<ca>
-----BEGIN CERTIFICATE-----
ca.crt here
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
your-device-name-here.crt here
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
your-device-name-here.key here
-----END PRIVATE KEY-----
</key>
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
ta.key here
-----END OpenVPN Static key V1-----
</tls-auth>

It can work and my client get ip address 10.8.0.6 and I can ping 10.8.0.1 gateway but I can't access internet.

Both "routing and remote access" and "openvpn" service are running.

I doubt windows 10 "routing and remote access" not working but not sure.

Anyone has experience for this kind of issue when setup openvpn on win10.


Eric

[bhfm511@gamil.com]

OK, will use [oconf] for configuration. Just know it.

[300000]

you need ip forward so it can jump from 10.8.0.0 to real ip one , without ipforward client only can ping 10.8.0.1 and 10.8.0.2 that all it can do right now

[bhfm511@gamil.com]

Hi 300000,

I follow this configuration to set up IP forwarding.

[Configuring The Server To Allow Traffic
This next part makes it so that your VPN sends all traffic through it

Open "regedit" and paste this text into the top address bar

Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
Double click "IPEnabledRouter" and enter the value data as "1"

Now open "run" and enter "services.msc"

Find "Routing and Remote Access", right click it, go into properties and change the "Startup type" to "Automatic"

Now find "OpenVPNService", right click it, go into properties and change the "Startup type" to "Automatic"

Now go into Control Panel and navigate to "Network and Sharing Center" then click "Change Adapter Settings" on the left

Find the adapter that has "TAP" underneath it, then rename that adapter to "TAP"

Right click on your adapter that has an internet connection and go to "properties"

Select "Sharing" at the top and check the box for "Allow other network users to connect..."]

[bhfm511@gamil.com]

BTW, I have another issue on my openvpn server side. When I setup "Automatic" Startup type for "OpenVPNService", openvpn server can't connect but if I choose "OpenVPNSerivce" to Manual mode, I can connect openvpn server. Can't understand well!

[bhfm511@gamil.com]

I just test to ping. Only can ping 10.8.0.1 and can't ping 10.8.0.2 also from client side.

here is route print#

[C:\WINDOWS\system32>route print
===========================================================================
接口列表
8...28 d2 44 23 00 e6 ......Qualcomm Atheros AR8171/8175 PCI-E Gigabit Ethernet Controller (NDIS 6.30)
10...00 ff 74 d6 4f 5e ......TAP-Windows Adapter V9
1...........................Software Loopback Interface 1
===========================================================================

IPv4 路由表
===========================================================================
活动路由:
网络目标 网络掩码 网关 接口 跃点数
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.29 25
10.8.0.0 255.255.255.0 10.8.0.2 10.8.0.1 281
10.8.0.0 255.255.255.252 在链路上 10.8.0.1 281
10.8.0.1 255.255.255.255 在链路上 10.8.0.1 281
10.8.0.3 255.255.255.255 在链路上 10.8.0.1 281
127.0.0.0 255.0.0.0 在链路上 127.0.0.1 331
127.0.0.1 255.255.255.255 在链路上 127.0.0.1 331
127.255.255.255 255.255.255.255 在链路上 127.0.0.1 331
192.168.0.0 255.255.255.0 在链路上 192.168.0.29 281
192.168.0.0 255.255.255.0 在链路上 10.8.0.1 50
192.168.0.29 255.255.255.255 在链路上 192.168.0.29 281
192.168.0.255 255.255.255.255 在链路上 192.168.0.29 281
192.168.0.255 255.255.255.255 在链路上 10.8.0.1 281
224.0.0.0 240.0.0.0 在链路上 127.0.0.1 331
224.0.0.0 240.0.0.0 在链路上 10.8.0.1 281
224.0.0.0 240.0.0.0 在链路上 192.168.0.29 281
255.255.255.255 255.255.255.255 在链路上 127.0.0.1 331
255.255.255.255 255.255.255.255 在链路上 10.8.0.1 281
255.255.255.255 255.255.255.255 在链路上 192.168.0.29 281
===========================================================================]

[300000]

you need to find " internet connection sharing " to enable it on service so it can routing for you

[bhfm511@gamil.com]

interesting, sharing with TAP missing here.

[oconf=]Now go into Control Panel and navigate to "Network and Sharing Center" then click "Change Adapter Settings" on the left

Find the adapter that has "TAP" underneath it, then rename that adapter to "TAP"

Right click on your adapter that has an internet connection and go to "properties"

Select "Sharing" at the top and check the box for "Allow other network users to connect..."[/oconf]

I can't find internet connecting share then choose TAP, there is nothing there.

[bhfm511@gamil.com]

Finally, I google and get this document.

https://www.thewindowsclub.com/internet ... ot-working

[Press Windows key + R.
In the Run dialog box, type regedit and press Enter to open Registry Editor.
Navigate or jump to the registry key path below:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedAccess
Then right-click on an empty space on the right pane.
Select New > DWORD (32-bit) Value.
Name the key EnableRebootPersistConnection.
Double-click the newly created key and set the Value data to 1.
Click OK to save changes.
You can now exit Registry Editor and then, proceed to change the ICS Service Startup mode to Automatic.]

Thanks for 300000's help!!!