Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Windows 7 machines can't communicate over VPN

    Scheduled Pinned Locked Moved OpenVPN
    1 Posts 1 Posters 695 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      Sabbasth
      last edited by

      Hi,

      Any machine can connect and talk over the VPN, except Windows machines that does not communicate with anything on the other side of the VPN.

      Server configuration

      dev ovpns1
dev-type tun
tun-ipv6
dev-node /dev/tun1
writepid /var/run/openvpn_server1.pid
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto tcp-server
cipher AES-256-CBC
up /usr/local/sbin/ovpn-linkup
down /usr/local/sbin/ovpn-linkdown
client-connect /usr/local/sbin/openvpn.attributes.sh
client-disconnect /usr/local/sbin/openvpn.attributes.sh
local 195.66.80.227
tls-server
server 10.1.20.0 255.255.255.240
client-config-dir /var/etc/openvpn-csc
username-as-common-name
auth-user-pass-verify /var/etc/openvpn/server1.php via-env
tls-verify /var/etc/openvpn/server1.tls-verify.php
lport 443
management /var/etc/openvpn/server1.sock unix
max-clients 10
push "route 10.1.8.0 255.255.252.0"
push "dhcp-option DOMAIN cyanide-studio.com"
push "dhcp-option DNS 10.1.8.11"
push "dhcp-option NTP 10.1.8.97"
push "dhcp-option WINS 10.1.8.1"
push "redirect-gateway def1"
ca /var/etc/openvpn/server1.ca
cert /var/etc/openvpn/server1.cert
key /var/etc/openvpn/server1.key
dh /etc/dh-parameters.2048
tls-auth /var/etc/openvpn/server1.tls-auth 0
comp-lzo
passtos
persist-remote-ip
float
topology subnet

      This is the client configuration

      dev tun
persist-tun
persist-key
cipher AES-256-CBC
auth SHA1
tls-client
client
resolv-retry infinite
remote 195.66.80.227 443 tcp-client
lport 0
verify-x509-name "OpenVPN-CRT" name
auth-user-pass
pkcs12 lb-TCP-443-bsemene.p12
tls-auth lb-TCP-443-bsemene-tls.key 1
ns-cert-type server
comp-lzo
redirect-gateway def1

      I can connect to the OpenVPN server without any issue

      Mon Jul 07 19:16:28 2014 OpenVPN 2.3.3 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Apr 14 2014
Enter Management Password:
Mon Jul 07 19:16:33 2014 Control Channel Authentication: using 'lb-TCP-443-bsemene-tls.key' as a OpenVPN static key file
Mon Jul 07 19:16:33 2014 Attempting to establish TCP connection with [AF_INET]195.66.80.227:443
Mon Jul 07 19:16:33 2014 TCP connection established with [AF_INET]195.66.80.227:443
Mon Jul 07 19:16:33 2014 TCPv4_CLIENT link local (bound): [undef]
Mon Jul 07 19:16:33 2014 TCPv4_CLIENT link remote: [AF_INET]195.66.80.227:443
Mon Jul 07 19:16:33 2014 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Mon Jul 07 19:16:35 2014 [OpenVPN-CRT] Peer Connection Initiated with [AF_INET]195.66.80.227:443
Mon Jul 07 19:16:37 2014 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Mon Jul 07 19:16:37 2014 open_tun, tt->ipv6=0
Mon Jul 07 19:16:37 2014 TAP-WIN32 device [Connexion au réseau local 2] opened: \\.\Global\{6B5937BF-8920-449F-97F0-F7693D7E0C94}.tap
Mon Jul 07 19:16:37 2014 Set TAP-Windows TUN subnet mode network/local/netmask = 10.1.20.0/10.1.20.2/255.255.255.240 [SUCCEEDED]
Mon Jul 07 19:16:37 2014 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.1.20.2/255.255.255.240 on interface {6B5937BF-8920-449F-97F0-F7693D7E0C94} [DHCP-serv: 10.1.20.14, lease-time: 31536000]
Mon Jul 07 19:16:37 2014 Successful ARP Flush on interface [16] {6B5937BF-8920-449F-97F0-F7693D7E0C94}
Mon Jul 07 19:16:42 2014 Initialization Sequence Completed

      From a Windows over vpn:

      • Can ping a unix machine on lan.

      • Can connect TCP services (i.e. ssh) on unix on lan.

      • Can't ping a windows machine.

      • Can't connect TCP services (i.e. http, rdp).

      From unix on lan, to both (lan and remote) Windows machines, and Mac over VPN:

      • Can connect to a TCP services (i.e. rdp, http)

      • Can ping

      From Windows on LAN :

      • Can ping the unix machine on lan

      • Can connect to TCP services (i.e. ssh) on unix on lan

      • Can't ping the windows client

      • Can't connect to TCP service (i.e. rdp) on Windows over VPN

      • Can't ping Mac over vpn

      • Can't connect TCP service on Mac over VPN

      From a Mac over vpn to the lan :

      • Can ping unix machine on lan

      • Can connect TCP service (i.e. ssh) on unix on lan

      • Can't ping Windows on lan

      • Can't connect to TCP service on Windows on lan

      • I tried to shutdown firewall on both Windows machines.

      • I authorized traffic from "public" on both machines

      • I deactivated the firewall on the VPN interface

      • I tried to play with options unsuccessfully

      • I did not find anything on the internet about Windows machine having specific issues

      I'm open to any kind of help…

      Thanks in advance,
      Bastien Semene

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.