Problem with windos 7



  • I install a server on a raspberry.
    I install a client on my iphone.
    I install a separate client on my pc (windows 7)

    With the iphone I can acces on local machine like file server on the local subnet of the openvpn server

    On window, when the client connect the server, there is no error message. but nothing work at all.

    Here is the server conf:
    dev tun
    proto udp
    port 1194
    ca /etc/openvpn/easy-rsa/keys/ca.crt
    cert /etc/openvpn/easy-rsa/keys/server.crt
    key /etc/openvpn/easy-rsa/keys/server.key
    dh /etc/openvpn/easy-rsa/keys/dh1024.pem
    keepalive 10 120
    max-clients 5
    user nobody
    group nogroup
    server 10.8.0.0 255.255.255.0
    persist-key
    persist-tun
    status /var/log/openvpn-status.log
    verb 3
    client-to-client
    push "redirect-gateway def1"
    #set the dns servers
    push "dhcp-option DNS 8.8.8.8"
    push "dhcp-option DNS 8.8.4.4"
    push "redirect-gateway local def1"
    log-append /var/log/openvpn
    comp-lzo

    here is the client conf
    dev tun
    client
    proto udp
    remote 81.28.206.197 1194
    float
    redirect-gateway def1
    resolv-retry infinite
    nobind
    persist-key
    persist-tun
    ca ca.crt
    cert client1.crt
    key client1.key
    comp-lzo
    verb 3
    route-method exe
    route-delay 2

    Here is the log of the client
    Sun Jun 16 13:21:27 2013 OpenVPN 2.3.2 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [eurephia] [IPv6] built on Jun  3 2013
    Sun Jun 16 13:21:27 2013 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25342
    Sun Jun 16 13:21:27 2013 Need hold release from management interface, waiting…
    Sun Jun 16 13:21:27 2013 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25342
    Sun Jun 16 13:21:27 2013 MANAGEMENT: CMD 'state on'
    Sun Jun 16 13:21:27 2013 MANAGEMENT: CMD 'log all on'
    Sun Jun 16 13:21:27 2013 MANAGEMENT: CMD 'hold off'
    Sun Jun 16 13:21:27 2013 MANAGEMENT: CMD 'hold release'
    Sun Jun 16 13:21:27 2013 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
    Sun Jun 16 13:21:28 2013 Socket Buffers: R=[8192->8192] S=[8192->8192]
    Sun Jun 16 13:21:28 2013 UDPv4 link local: [undef]
    Sun Jun 16 13:21:28 2013 UDPv4 link remote: [AF_INET]81.28.206.197:1194
    Sun Jun 16 13:21:28 2013 MANAGEMENT: >STATE:1371385288,WAIT,,,
    Sun Jun 16 13:21:28 2013 MANAGEMENT: >STATE:1371385288,AUTH,,,
    Sun Jun 16 13:21:28 2013 TLS: Initial packet from [AF_INET]81.28.206.197:1194, sid=f155d6c3 d8ad4eb2
    Sun Jun 16 13:21:28 2013 VERIFY OK: depth=1, C=FR, ST=AIN, L=Prevessin, O=toto, OU=changeme, CN=Vorms, name=Vorms, emailAddress=vormsty@gmail.com
    Sun Jun 16 13:21:28 2013 VERIFY OK: depth=0, C=FR, ST=AIN, L=Prevessin, O=toto, OU=changeme, CN=Vorms, name=Vorms, emailAddress=vormsty@gmail.com
    Sun Jun 16 13:21:29 2013 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
    Sun Jun 16 13:21:29 2013 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    Sun Jun 16 13:21:29 2013 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
    Sun Jun 16 13:21:29 2013 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    Sun Jun 16 13:21:29 2013 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
    Sun Jun 16 13:21:29 2013 [Vorms] Peer Connection Initiated with [AF_INET]81.28.206.197:1194
    Sun Jun 16 13:21:30 2013 MANAGEMENT: >STATE:1371385290,GET_CONFIG,,,
    Sun Jun 16 13:21:31 2013 SENT CONTROL [Vorms]: 'PUSH_REQUEST' (status=1)
    Sun Jun 16 13:21:31 2013 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,redirect-gateway local def1,route 10.8.0.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5'
    Sun Jun 16 13:21:31 2013 OPTIONS IMPORT: timers and/or timeouts modified
    Sun Jun 16 13:21:31 2013 OPTIONS IMPORT: –ifconfig/up options modified
    Sun Jun 16 13:21:31 2013 OPTIONS IMPORT: route options modified
    Sun Jun 16 13:21:31 2013 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
    Sun Jun 16 13:21:31 2013 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
    Sun Jun 16 13:21:31 2013 MANAGEMENT: >STATE:1371385291,ASSIGN_IP,,10.8.0.6,
    Sun Jun 16 13:21:31 2013 open_tun, tt->ipv6=0
    Sun Jun 16 13:21:31 2013 TAP-WIN32 device [OpenVPN] opened: \.\Global{E54947A9-4F1B-4909-A15C-DC9FFE4F8007}.tap
    Sun Jun 16 13:21:31 2013 TAP-Windows Driver Version 9.9
    Sun Jun 16 13:21:31 2013 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.8.0.6/255.255.255.252 on interface {E54947A9-4F1B-4909-A15C-DC9FFE4F8007} [DHCP-serv: 10.8.0.5, lease-time: 31536000]
    Sun Jun 16 13:21:31 2013 Successful ARP Flush on interface [16] {E54947A9-4F1B-4909-A15C-DC9FFE4F8007}
    Sun Jun 16 13:21:33 2013 TEST ROUTES: 2/2 succeeded len=1 ret=1 a=0 u/d=up
    Sun Jun 16 13:21:33 2013 C:\Windows\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.8.0.5
    Sun Jun 16 13:21:33 2013 env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
    Sun Jun 16 13:21:33 2013 C:\Windows\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.8.0.5
    Sun Jun 16 13:21:33 2013 env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
    Sun Jun 16 13:21:33 2013 MANAGEMENT: >STATE:1371385293,ADD_ROUTES,,,
    Sun Jun 16 13:21:33 2013 C:\Windows\system32\route.exe ADD 10.8.0.0 MASK 255.255.255.0 10.8.0.5
    Sun Jun 16 13:21:33 2013 env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
    Sun Jun 16 13:21:33 2013 Initialization Sequence Completed
    Sun Jun 16 13:21:33 2013 MANAGEMENT: >STATE:1371385293,CONNECTED,SUCCESS,10.8.0.6,81.28.206.197

    I see the last line connected success, but ping 10.8.0.6,81 doesn't work nor 81.28.206.197 or 192.168.1.8 (local adress of the pi)

    If somebody can help me I would be very happy…

    Best regards and many thanks for your help.

    Thierry Vorms



  • Hi,
    I think you don't have permission to route from windows 7 to server.
    I think you can run openvpn with administrator (run as administrator) or you can set that in property.



  • Hello
    Thanks for your reply.
    I am the only one user of this PC, I am the administrator.
    I try to run the gui in adminstrator mode, but nothing change.
    Must I start other binary in the openvpn folder in administrator mode ?

    I am so disapointed…

    Thanks for your help.
    Best regards
    Thierry



  • Make sure you allowed traffic from<openvpn on="" your="" pfsense="" firewall="" (openvpn-tab)<br="">Further you need to run OpenVPN as administrator when using windows Vista/7.

    If you are using the management interface and the OpenVPN Manager as client then OpenVPN runs as service and no need to use admin rights.

    All can be downloaded from the OpenVPN Export Utility package on pfsense.</openvpn>



  • Hello again,

    I disabled the avas firewall.
    I disabled the windows firewall.
    I install the software from the openvpn web site.

    I run the gui, the openvpn is not install in a service.

    I think when I launch the openVPN GUI as administrator, the openvpn software is launched in adminstator too ?

    thanks for your help, best regards

    Thierry



  • Did you set ALLOW firewall rules on pfsense OpenVPN tab?



  • I deactivate the windows firewall and the AVAST firewall.

    Best regards

    Thierry


Log in to reply