Problem with windos 7
-
I install a server on a raspberry.
I install a client on my iphone.
I install a separate client on my pc (windows 7)With the iphone I can acces on local machine like file server on the local subnet of the openvpn server
On window, when the client connect the server, there is no error message. but nothing work at all.
Here is the server conf:
dev tun
proto udp
port 1194
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/server.crt
key /etc/openvpn/easy-rsa/keys/server.key
dh /etc/openvpn/easy-rsa/keys/dh1024.pem
keepalive 10 120
max-clients 5
user nobody
group nogroup
server 10.8.0.0 255.255.255.0
persist-key
persist-tun
status /var/log/openvpn-status.log
verb 3
client-to-client
push "redirect-gateway def1"
#set the dns servers
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
push "redirect-gateway local def1"
log-append /var/log/openvpn
comp-lzohere is the client conf
dev tun
client
proto udp
remote 81.28.206.197 1194
float
redirect-gateway def1
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client1.crt
key client1.key
comp-lzo
verb 3
route-method exe
route-delay 2Here is the log of the client
Sun Jun 16 13:21:27 2013 OpenVPN 2.3.2 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [eurephia] [IPv6] built on Jun 3 2013
Sun Jun 16 13:21:27 2013 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25342
Sun Jun 16 13:21:27 2013 Need hold release from management interface, waiting…
Sun Jun 16 13:21:27 2013 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25342
Sun Jun 16 13:21:27 2013 MANAGEMENT: CMD 'state on'
Sun Jun 16 13:21:27 2013 MANAGEMENT: CMD 'log all on'
Sun Jun 16 13:21:27 2013 MANAGEMENT: CMD 'hold off'
Sun Jun 16 13:21:27 2013 MANAGEMENT: CMD 'hold release'
Sun Jun 16 13:21:27 2013 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Sun Jun 16 13:21:28 2013 Socket Buffers: R=[8192->8192] S=[8192->8192]
Sun Jun 16 13:21:28 2013 UDPv4 link local: [undef]
Sun Jun 16 13:21:28 2013 UDPv4 link remote: [AF_INET]81.28.206.197:1194
Sun Jun 16 13:21:28 2013 MANAGEMENT: >STATE:1371385288,WAIT,,,
Sun Jun 16 13:21:28 2013 MANAGEMENT: >STATE:1371385288,AUTH,,,
Sun Jun 16 13:21:28 2013 TLS: Initial packet from [AF_INET]81.28.206.197:1194, sid=f155d6c3 d8ad4eb2
Sun Jun 16 13:21:28 2013 VERIFY OK: depth=1, C=FR, ST=AIN, L=Prevessin, O=toto, OU=changeme, CN=Vorms, name=Vorms, emailAddress=vormsty@gmail.com
Sun Jun 16 13:21:28 2013 VERIFY OK: depth=0, C=FR, ST=AIN, L=Prevessin, O=toto, OU=changeme, CN=Vorms, name=Vorms, emailAddress=vormsty@gmail.com
Sun Jun 16 13:21:29 2013 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Jun 16 13:21:29 2013 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Jun 16 13:21:29 2013 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Jun 16 13:21:29 2013 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Jun 16 13:21:29 2013 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Sun Jun 16 13:21:29 2013 [Vorms] Peer Connection Initiated with [AF_INET]81.28.206.197:1194
Sun Jun 16 13:21:30 2013 MANAGEMENT: >STATE:1371385290,GET_CONFIG,,,
Sun Jun 16 13:21:31 2013 SENT CONTROL [Vorms]: 'PUSH_REQUEST' (status=1)
Sun Jun 16 13:21:31 2013 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,redirect-gateway local def1,route 10.8.0.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5'
Sun Jun 16 13:21:31 2013 OPTIONS IMPORT: timers and/or timeouts modified
Sun Jun 16 13:21:31 2013 OPTIONS IMPORT: –ifconfig/up options modified
Sun Jun 16 13:21:31 2013 OPTIONS IMPORT: route options modified
Sun Jun 16 13:21:31 2013 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sun Jun 16 13:21:31 2013 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Sun Jun 16 13:21:31 2013 MANAGEMENT: >STATE:1371385291,ASSIGN_IP,,10.8.0.6,
Sun Jun 16 13:21:31 2013 open_tun, tt->ipv6=0
Sun Jun 16 13:21:31 2013 TAP-WIN32 device [OpenVPN] opened: \.\Global{E54947A9-4F1B-4909-A15C-DC9FFE4F8007}.tap
Sun Jun 16 13:21:31 2013 TAP-Windows Driver Version 9.9
Sun Jun 16 13:21:31 2013 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.8.0.6/255.255.255.252 on interface {E54947A9-4F1B-4909-A15C-DC9FFE4F8007} [DHCP-serv: 10.8.0.5, lease-time: 31536000]
Sun Jun 16 13:21:31 2013 Successful ARP Flush on interface [16] {E54947A9-4F1B-4909-A15C-DC9FFE4F8007}
Sun Jun 16 13:21:33 2013 TEST ROUTES: 2/2 succeeded len=1 ret=1 a=0 u/d=up
Sun Jun 16 13:21:33 2013 C:\Windows\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.8.0.5
Sun Jun 16 13:21:33 2013 env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
Sun Jun 16 13:21:33 2013 C:\Windows\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.8.0.5
Sun Jun 16 13:21:33 2013 env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
Sun Jun 16 13:21:33 2013 MANAGEMENT: >STATE:1371385293,ADD_ROUTES,,,
Sun Jun 16 13:21:33 2013 C:\Windows\system32\route.exe ADD 10.8.0.0 MASK 255.255.255.0 10.8.0.5
Sun Jun 16 13:21:33 2013 env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
Sun Jun 16 13:21:33 2013 Initialization Sequence Completed
Sun Jun 16 13:21:33 2013 MANAGEMENT: >STATE:1371385293,CONNECTED,SUCCESS,10.8.0.6,81.28.206.197I see the last line connected success, but ping 10.8.0.6,81 doesn't work nor 81.28.206.197 or 192.168.1.8 (local adress of the pi)
If somebody can help me I would be very happy…
Best regards and many thanks for your help.
Thierry Vorms
-
Hi,
I think you don't have permission to route from windows 7 to server.
I think you can run openvpn with administrator (run as administrator) or you can set that in property. -
Hello
Thanks for your reply.
I am the only one user of this PC, I am the administrator.
I try to run the gui in adminstrator mode, but nothing change.
Must I start other binary in the openvpn folder in administrator mode ?I am so disapointed…
Thanks for your help.
Best regards
Thierry -
Make sure you allowed traffic from<openvpn on="" your="" pfsense="" firewall="" (openvpn-tab)<br="">Further you need to run OpenVPN as administrator when using windows Vista/7.
If you are using the management interface and the OpenVPN Manager as client then OpenVPN runs as service and no need to use admin rights.
All can be downloaded from the OpenVPN Export Utility package on pfsense.</openvpn>
-
Hello again,
I disabled the avas firewall.
I disabled the windows firewall.
I install the software from the openvpn web site.I run the gui, the openvpn is not install in a service.
I think when I launch the openVPN GUI as administrator, the openvpn software is launched in adminstator too ?
thanks for your help, best regards
Thierry
-
Did you set ALLOW firewall rules on pfsense OpenVPN tab?
-
I deactivate the windows firewall and the AVAST firewall.
Best regards
Thierry