Vista Client to pfSense OpenVPN [SOLVED]
-
For anyone else trying the same thing, there are some challenges involved in getting Windows Vista clients working via OpenVPN.
The situation I had at the beginning:
pfSense 1.2.3-RELEASE on a Netgate ALIX box was working as a server with a Windows XP OpenVPN-GUI 1.0.3 (OpenVPN 2.1.1) client already, in PKI mode.The Vista client, with the same client software, was not working. DNS Resolution functioned, but actual data transmission did not.
The following actions, as a whole, solved the issue. One or more of them may not be necessary to the fix.
-
Add the following two lines to the Vista client OpenVPN (.ovpn) file:
route-method exe
route-delay 2 -
Set the following programs/shortcuts to "Run as Administrator" in their properties:
OpenVPN GUI Shortcut
openvpn.exe
openssl.exe (probably not necessary)
openvpn-gui-1.0.3.exe
Now I've done a little more than other forums suggested; still no dice. DNS resolution yes, data transfer no. "route print" metrics show some odd things… all, apparently, a red herring.
- Go to the Control Panel, get to Manage your Network Connections (the list of all of them), go to the properties of your VPN connection (TAP-Win32), and checkmark the IP v4 setting... which, for whatever reason, was not checked!
Now it works, and my fiancee is happy.
Further config details (with the XP client) present in this forum post: http://forum.pfsense.org/index.php/topic,25152.0.html
-
-
It's always been a known issue that it must be run as administrator. That's the only setting that really matters.
Otherwise it doesn't have the permissions it needs to set the routes.
-
It's always been a known issue that it must be run as administrator. That's the only setting that really matters.
Otherwise it doesn't have the permissions it needs to set the routes.
By my testing, while Run as administrator is required (and yes, that's fairly well known), it is absolutely not sufficient. The route-method and route-delay settings were widely reported in other places, and the TUN/TAP interface somehow not having bound IPv4 was certainly the last impediment to OpenVPN working on the Vista box after it was working on Linux and Windows XP already.
-
I've installed the OpenVPN client quite a few times and I've only ever had to run it as admin, no other special settings were needed.
-
Same experience as jimp here - I've never had to do anything special with Vista (or 7) other than running it as Administrator. At no point did I have to change the adapter settings, or anything else.
-
I have had the same experience as jimp and Cry have said. The only time I've ever had to use route-delay is because ICS was configured on the machine. Is this perhaps the case for you?
