Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Pushed routes gets added to Windows XP client, but dissappears after 10 seconds

    Scheduled Pinned Locked Moved
    OpenVPN
    2
    3
    2.9k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      tor
      last edited by

      Hello, I am back again, with a new problem on my OpenVPN road warrior set up. On one dodgy Windows XP Professional client I have trouble with routing through the VPN tunnel.

      When the VPN tunnel is established, the push directives gets pulled by the client, and the routing gets set, apparently correctly:

      But after about 10 seconds, the pushed routes dissappears. The tunnel seems to be up still. The openvpn gui icon in the system tray is still green, the TAP interface is still configured

      I can If I manually add routes on the client using

      route add 10.10.0.0 mask 255.255.0.0 10.12.1.5

      the I can ping that network again.

      My pfsense openvpn push directives are as follows:

      push "route 10.10.0.0 255.255.0.0"; push "route 10.11.0.0 255.255.0.0"

      Clients are configured to pull routes (pull directive).

      I am wondering if this has anything to do with the ping 10 directive which I put in my clients' config.vpn files (inspired by some how-to somewhere). However, I have only one client which has this problem.

      So, perhaps theres something removing the pushed routes on the client? What could this be?

      The client once had some symantec internet security or something like that preinstalled, but that was since uninstalled. I know symantec products are infamous for not cleanly uninstalling, so maybe this could have something to do with it? (I hope not as I have no idea how to do anything about that, save reinstalling the OS).

      Also, as you can see on the screenshots, only the pushed routes dissapear. The ones added to the 4-address network (10.12.1.0) remain behind.

      More info:
      Lenovo Thinkpad T61 running Windows XP Professional SP3
      Tried disabling wireless and bluetooth in case that had something to do with it.
      Tried removing "Thinkvantage Access Connection" which manages network connections, but with no result.

      1 Reply Last reply Reply Quote 0
      • GruensFroeschliG
        GruensFroeschli
        last edited by

        Dont use a tap interface.
        Use the same on both sides of the tunnel and pfSense always uses a tun.

        This is a PKI setup i assume?

        If you're trying to push /16 subnets.
        Make sure the openVPN-subnet is not included in the pushed subnets since windows seems to have problems with that.

        We do what we must, because we can.

        Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

        1 Reply Last reply Reply Quote 0
        • T
          tor
          last edited by

          What I meant by tap interface is the TAP-Win32 Adapter V8 listed in network connections on the Windows client. Both sides are using dev tun.

          Yes it's a PKI setup.

          The Openvpn subnet is 10.12.0.0/16 and isnt pushed as a route.

          I have found a workaround to the problem. By using

          route-delay 15

          the routes gets set permanently. The user has to wait 15 seconds when connecting to the VPN. But its an acceptable solution.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post