4. Vista Client to pfSense OpenVPN [SOLVED]

Vista Client to pfSense OpenVPN [SOLVED]

  • N

    For anyone else trying the same thing, there are some challenges involved in getting Windows Vista clients working via OpenVPN.

    The situation I had at the beginning:
    pfSense 1.2.3-RELEASE on a Netgate ALIX box was working as a server with a Windows XP OpenVPN-GUI 1.0.3 (OpenVPN 2.1.1) client already, in PKI mode.

    The Vista client, with the same client software, was not working.  DNS Resolution functioned, but actual data transmission did not.

    The following actions, as a whole, solved the issue.  One or more of them may not be necessary to the fix.

    1. Add the following two lines to the Vista client OpenVPN (.ovpn) file:
      route-method exe
      route-delay 2

    2. Set the following programs/shortcuts to "Run as Administrator" in their properties:
      OpenVPN GUI Shortcut
      openvpn.exe 
      openssl.exe    (probably not necessary)
      openvpn-gui-1.0.3.exe

    Now I've done a little more than other forums suggested; still no dice.  DNS resolution yes, data transfer no.  "route print" metrics show some odd things… all, apparently, a red herring.

    1. Go to the Control Panel, get to Manage your Network Connections (the list of all of them), go to the properties of your VPN connection (TAP-Win32), and checkmark the IP v4 setting... which, for whatever reason, was not checked!

    Now it works, and my fiancee is happy.

    Further config details (with the XP client) present in this forum post: http://forum.pfsense.org/index.php/topic,25152.0.html

    0
  • Rebel Alliance Developer Netgate

    It's always been a known issue that it must be run as administrator. That's the only setting that really matters.

    Otherwise it doesn't have the permissions it needs to set the routes.

    0
  • N

    @jimp:

    It's always been a known issue that it must be run as administrator. That's the only setting that really matters.

    Otherwise it doesn't have the permissions it needs to set the routes.

    By my testing, while Run as administrator is required (and yes, that's fairly well known), it is absolutely not sufficient.  The route-method and route-delay settings were widely reported in other places, and the TUN/TAP interface somehow not having bound IPv4 was certainly the last impediment to OpenVPN working on the Vista box after it was working on Linux and Windows XP already.

    0
  • Rebel Alliance Developer Netgate

    I've installed the OpenVPN client quite a few times and I've only ever had to run it as admin, no other special settings were needed.

    0

  • Same experience as jimp here - I've never had to do anything special with Vista (or 7) other than running it as Administrator.  At no point did I have to change the adapter settings, or anything else.

    0
  • C

    I have had the same experience as jimp and Cry have said. The only time I've ever had to use route-delay is because ICS was configured on the machine. Is this perhaps the case for you?

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2019 Rubicon Communications, LLC | Privacy Policy