I am trying to configure OpenVPN setup on a Endian community box.
It mostly works... but!
On Linux, I connect. I can ping the green interface, and I can ping an inside address.
Everything works as it should.
With Windows XP.
I can connect to the VPN.
I can ping the green interface and an inside machine.
No problem.
On WIndows 7.
I can connect to the VPN
I can ping the Green interface.
I can ping a public website through the VPN (google)
I cannot ping any inside address. (Host Unreachable)
[update]
I check the routes, I have a route configured by the VPN network--mask--greenIP-- metric 31
If I Manually add a route.
Then restart the VPN connection... it works!
WTH???
No matter what I do. Same user, same rights, same internet connection. Routes look good.
Same firewall rules apply to all VPN connections.
For some reason beyond my understanding, all VPN connections work great.... EXCEPT with Windows 7.
What's wrong???
I always thought that if I can ping the green interface, then a failure to get beyond is due to firewall rules. But I'm using the SAME USER, and the same connection...
Any ideas??
Windows 7, strange issues.
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
-
janjust
- Forum Team
- Posts: 2703
- Joined: Fri Aug 20, 2010 2:57 pm
- Location: Amsterdam
- Contact:
Re: Windows 7, strange issues.
without config files it is impossible to tell.
As a general debugging tip for Win7: try adding
to the client config to see if that helps.
For more assistance, post your config files , as well as a detailed client log during the connection phase.
As a general debugging tip for Win7: try adding
Code: Select all
route-method exeFor more assistance, post your config files , as well as a detailed client log during the connection phase.
-
rex007can
- OpenVpn Newbie
- Posts: 2
- Joined: Fri Feb 18, 2011 11:19 pm
Re: Windows 7, strange issues.
The client config file is
client
dev tap
proto udp
remote ***.***.***.***
resolv-retry infinite
nobind
persist-key
persist-tun
ca vpn.pem
auth-user-pass
comp-lzo
route-method exe
route-delay 2
script-security 2 system
OpenVPN config (on Endian Firewall)
AUTH_TYPE=psk
CLIENT_TO_CLIENT=on
DOMAIN=....
DROP_DHCP=on
GLOBAL_DNS=192.168.192.12,192.168.192.13
GLOBAL_NETWORKS=192.168.192.0/24
OPENVPN_ENABLED=on
PORT=1194
PROTOCOL=udp
PURPLE_DEVICE=tap0
PURPLE_IP_BEGIN=192.168.192.20
PURPLE_IP_END=192.168.192.24
PURPLE_NET=
PUSH_DOMAIN=on
PUSH_GLOBAL_DNS=on
PUSH_GLOBAL_NETWORKS=on
I've narrowed down the issue to a route added to the client. It doesn't do this if the client is XP or Linux.
But if the client is Windows7, it adds a route like this
192.168.192.0 255.255.255.0 192.168.192.20 metric1
And then it also adds
192.168.192.0 255.255.255.0 192.168.192.248 metric31
This creates a conflict and Windows doesn't route packets to the VPN gateway, so nothing gets through.
If I manually delete the rout
route delete 192.168.192.0
Then everything starts working properly.
I don't know why Windows7 adds the extra route, or why it puts a metric of 31 on the VPN route.
client
dev tap
proto udp
remote ***.***.***.***
resolv-retry infinite
nobind
persist-key
persist-tun
ca vpn.pem
auth-user-pass
comp-lzo
route-method exe
route-delay 2
script-security 2 system
OpenVPN config (on Endian Firewall)
AUTH_TYPE=psk
CLIENT_TO_CLIENT=on
DOMAIN=....
DROP_DHCP=on
GLOBAL_DNS=192.168.192.12,192.168.192.13
GLOBAL_NETWORKS=192.168.192.0/24
OPENVPN_ENABLED=on
PORT=1194
PROTOCOL=udp
PURPLE_DEVICE=tap0
PURPLE_IP_BEGIN=192.168.192.20
PURPLE_IP_END=192.168.192.24
PURPLE_NET=
PUSH_DOMAIN=on
PUSH_GLOBAL_DNS=on
PUSH_GLOBAL_NETWORKS=on
I've narrowed down the issue to a route added to the client. It doesn't do this if the client is XP or Linux.
But if the client is Windows7, it adds a route like this
192.168.192.0 255.255.255.0 192.168.192.20 metric1
And then it also adds
192.168.192.0 255.255.255.0 192.168.192.248 metric31
This creates a conflict and Windows doesn't route packets to the VPN gateway, so nothing gets through.
If I manually delete the rout
route delete 192.168.192.0
Then everything starts working properly.
I don't know why Windows7 adds the extra route, or why it puts a metric of 31 on the VPN route.
Last edited by rex007can on Mon Feb 21, 2011 3:01 pm, edited 1 time in total.
-
janjust
- Forum Team
- Posts: 2703
- Joined: Fri Aug 20, 2010 2:57 pm
- Location: Amsterdam
- Contact:
Re: Windows 7, strange issues.
I have no clue how the endian firewall works...
Can you try adding
to the client config file, reconnect and then post the (sanitized) logfile here or on pastebin...
Can you try adding
Code: Select all
verb 5