Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Vista Client to pfSense OpenVPN [SOLVED]

    Scheduled Pinned Locked Moved OpenVPN
    6 Posts 4 Posters 3.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      Nadrek
      last edited by

      For anyone else trying the same thing, there are some challenges involved in getting Windows Vista clients working via OpenVPN.

      The situation I had at the beginning:
      pfSense 1.2.3-RELEASE on a Netgate ALIX box was working as a server with a Windows XP OpenVPN-GUI 1.0.3 (OpenVPN 2.1.1) client already, in PKI mode.

      The Vista client, with the same client software, was not working.  DNS Resolution functioned, but actual data transmission did not.

      The following actions, as a whole, solved the issue.  One or more of them may not be necessary to the fix.

      1. Add the following two lines to the Vista client OpenVPN (.ovpn) file:
        route-method exe
        route-delay 2

      2. Set the following programs/shortcuts to "Run as Administrator" in their properties:
        OpenVPN GUI Shortcut
        openvpn.exe 
        openssl.exe    (probably not necessary)
        openvpn-gui-1.0.3.exe

      Now I've done a little more than other forums suggested; still no dice.  DNS resolution yes, data transfer no.  "route print" metrics show some odd things… all, apparently, a red herring.

      1. Go to the Control Panel, get to Manage your Network Connections (the list of all of them), go to the properties of your VPN connection (TAP-Win32), and checkmark the IP v4 setting... which, for whatever reason, was not checked!

      Now it works, and my fiancee is happy.

      Further config details (with the XP client) present in this forum post: http://forum.pfsense.org/index.php/topic,25152.0.html

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        It's always been a known issue that it must be run as administrator. That's the only setting that really matters.

        Otherwise it doesn't have the permissions it needs to set the routes.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • N
          Nadrek
          last edited by

          @jimp:

          It's always been a known issue that it must be run as administrator. That's the only setting that really matters.

          Otherwise it doesn't have the permissions it needs to set the routes.

          By my testing, while Run as administrator is required (and yes, that's fairly well known), it is absolutely not sufficient.  The route-method and route-delay settings were widely reported in other places, and the TUN/TAP interface somehow not having bound IPv4 was certainly the last impediment to OpenVPN working on the Vista box after it was working on Linux and Windows XP already.

          1 Reply Last reply Reply Quote 0
          • jimpJ
            jimp Rebel Alliance Developer Netgate
            last edited by

            I've installed the OpenVPN client quite a few times and I've only ever had to run it as admin, no other special settings were needed.

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • Cry HavokC
              Cry Havok
              last edited by

              Same experience as jimp here - I've never had to do anything special with Vista (or 7) other than running it as Administrator.  At no point did I have to change the adapter settings, or anything else.

              1 Reply Last reply Reply Quote 0
              • C
                CaseyBlackburn
                last edited by

                I have had the same experience as jimp and Cry have said. The only time I've ever had to use route-delay is because ICS was configured on the machine. Is this perhaps the case for you?

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.