Pushed routes gets added to Windows XP client, but dissappears after 10 seconds



  • Hello, I am back again, with a new problem on my OpenVPN road warrior set up. On one dodgy Windows XP Professional client I have trouble with routing through the VPN tunnel.

    When the VPN tunnel is established, the push directives gets pulled by the client, and the routing gets set, apparently correctly:

    But after about 10 seconds, the pushed routes dissappears. The tunnel seems to be up still. The openvpn gui icon in the system tray is still green, the TAP interface is still configured

    I can If I manually add routes on the client using

    route add 10.10.0.0 mask 255.255.0.0 10.12.1.5
    

    the I can ping that network again.

    My pfsense openvpn push directives are as follows:

    push "route 10.10.0.0 255.255.0.0"; push "route 10.11.0.0 255.255.0.0"
    

    Clients are configured to pull routes (pull directive).

    I am wondering if this has anything to do with the ping 10 directive which I put in my clients' config.vpn files (inspired by some how-to somewhere). However, I have only one client which has this problem.

    So, perhaps theres something removing the pushed routes on the client? What could this be?

    The client once had some symantec internet security or something like that preinstalled, but that was since uninstalled. I know symantec products are infamous for not cleanly uninstalling, so maybe this could have something to do with it? (I hope not as I have no idea how to do anything about that, save reinstalling the OS).

    Also, as you can see on the screenshots, only the pushed routes dissapear. The ones added to the 4-address network (10.12.1.0) remain behind.

    More info:
    Lenovo Thinkpad T61 running Windows XP Professional SP3
    Tried disabling wireless and bluetooth in case that had something to do with it.
    Tried removing "Thinkvantage Access Connection" which manages network connections, but with no result.



  • Dont use a tap interface.
    Use the same on both sides of the tunnel and pfSense always uses a tun.

    This is a PKI setup i assume?

    If you're trying to push /16 subnets.
    Make sure the openVPN-subnet is not included in the pushed subnets since windows seems to have problems with that.



  • What I meant by tap interface is the TAP-Win32 Adapter V8 listed in network connections on the Windows client. Both sides are using dev tun.

    Yes it's a PKI setup.

    The Openvpn subnet is 10.12.0.0/16 and isnt pushed as a route.

    I have found a workaround to the problem. By using

    route-delay 15
    

    the routes gets set permanently. The user has to wait 15 seconds when connecting to the VPN. But its an acceptable solution.


Log in to reply