OpenVPN Support Forum

I am trying to configure OpenVPN setup on a Endian community box.

It mostly works... but!

On Linux, I connect. I can ping the green interface, and I can ping an inside address.
Everything works as it should.

With Windows XP.
I can connect to the VPN.
I can ping the green interface and an inside machine.
No problem.

On WIndows 7.
I can connect to the VPN
I can ping the Green interface.
I can ping a public website through the VPN (google)
I cannot ping any inside address. (Host Unreachable)

[update]
I check the routes, I have a route configured by the VPN network--mask--greenIP-- metric 31

If I Manually add a route.
Then restart the VPN connection... it works!

WTH???


No matter what I do. Same user, same rights, same internet connection. Routes look good.
Same firewall rules apply to all VPN connections.
For some reason beyond my understanding, all VPN connections work great.... EXCEPT with Windows 7.

What's wrong???
I always thought that if I can ping the green interface, then a failure to get beyond is due to firewall rules. But I'm using the SAME USER, and the same connection...

Any ideas??

without config files it is impossible to tell.

As a general debugging tip for Win7: try adding to the client config to see if that helps.

For more assistance, post your config files , as well as a detailed client log during the connection phase.

The client config file is

client
dev tap
proto udp
remote ***.***.***.***
resolv-retry infinite
nobind
persist-key
persist-tun
ca vpn.pem
auth-user-pass
comp-lzo
route-method exe
route-delay 2
script-security 2 system


OpenVPN config (on Endian Firewall)

AUTH_TYPE=psk
CLIENT_TO_CLIENT=on
DOMAIN=....
DROP_DHCP=on
GLOBAL_DNS=192.168.192.12,192.168.192.13
GLOBAL_NETWORKS=192.168.192.0/24
OPENVPN_ENABLED=on
PORT=1194
PROTOCOL=udp
PURPLE_DEVICE=tap0
PURPLE_IP_BEGIN=192.168.192.20
PURPLE_IP_END=192.168.192.24
PURPLE_NET=
PUSH_DOMAIN=on
PUSH_GLOBAL_DNS=on
PUSH_GLOBAL_NETWORKS=on


I've narrowed down the issue to a route added to the client. It doesn't do this if the client is XP or Linux.
But if the client is Windows7, it adds a route like this
192.168.192.0 255.255.255.0 192.168.192.20 metric1
And then it also adds
192.168.192.0 255.255.255.0 192.168.192.248 metric31

This creates a conflict and Windows doesn't route packets to the VPN gateway, so nothing gets through.
If I manually delete the rout
route delete 192.168.192.0
Then everything starts working properly.
I don't know why Windows7 adds the extra route, or why it puts a metric of 31 on the VPN route.

I have no clue how the endian firewall works...
Can you try adding to the client config file, reconnect and then post the (sanitized) logfile here or on pastebin...