Cannot push route to OpenVPN client on Win8



  • Hi
    I am trying to set up a roadwarrior OpenVPN client to connect back to our office and also access resources over an IPSEC tunnel from the office.
    The basic OpenVPN client works perfectly and I can access the LAN subnet at the office.
    The IPSEC Phase 2 connections are configured to route traffic from both the LAN and OpenVPN subnets. I then assume I need to add a route to the openVPN client for the remote site so that it knows to use the tunnel.
    I have used push route in the config but it seems to fail configuring the route on my windows8 machine.
    I am running the client as administrator and I have applied the tweaks as detailed here:

    http://www.vpntutorials.com/tutorials/openvpn-client-setup-tutorial-for-windows-8/

    My config file is:

    
    dev tun
    persist-tun
    persist-key
    cipher AES-128-CBC
    auth SHA1
    tls-client
    client
    resolv-retry infinite
    remote x.x.x.x 1194 udp
    lport 0
    verify-x509-name "005 Roadwarrior Cert" name
    auth-user-pass
    pkcs12 xxxxxxxx-udp-1194-gordon.p12
    tls-auth xxxxxxxx-udp-1194-gordon-tls.key 1
    ns-cert-type server
    
    # dont terminate service process on wrong password, ask again
    auth-retry interact
    # open management channel
    management 127.0.0.1 166
    # wait for management to explicitly start connection
    management-hold
    # query management channel for user/pass
    management-query-passwords
    # disconnect VPN when managment program connection is closed
    management-signal
    # forget password when management disconnects
    management-forget-disconnect
    
    route-method exe
    route-delay 2
    
    push "route 192.168.250.0 255.255.255.0"
    
    

    The connection log shows:

    
    Fri Feb 28 16:50:55 2014 OpenVPN 2.3.2 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [eurephia] [IPv6] built on Aug 22 2013
    Fri Feb 28 16:51:02 2014 Control Channel Authentication: using 'xxxxxx-udp-1194-gordon-tls.key' as a OpenVPN static key file
    Fri Feb 28 16:51:02 2014 UDPv4 link local (bound): [undef]
    Fri Feb 28 16:51:02 2014 UDPv4 link remote: [AF_INET]194.168.202.190:1194
    Fri Feb 28 16:51:02 2014 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
    Fri Feb 28 16:51:04 2014 [005 Roadwarrior Cert] Peer Connection Initiated with [AF_INET]194.168.202.190:1194
    Fri Feb 28 16:51:08 2014 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
    Fri Feb 28 16:51:08 2014 open_tun, tt->ipv6=0
    Fri Feb 28 16:51:08 2014 TAP-WIN32 device [Local Area Connection] opened: \\.\Global\{9EF70C79-7D52-466E-AD26-8476081B6FFB}.tap
    Fri Feb 28 16:51:08 2014 Notified TAP-Windows driver to set a DHCP IP/netmask of 192.168.6.6/255.255.255.252 on interface {9EF70C79-7D52-466E-AD26-8476081B6FFB} [DHCP-serv: 192.168.6.5, lease-time: 31536000]
    Fri Feb 28 16:51:08 2014 Successful ARP Flush on interface [37] {9EF70C79-7D52-466E-AD26-8476081B6FFB}
    Fri Feb 28 16:51:10 2014 env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
    Fri Feb 28 16:51:10 2014 env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
    Fri Feb 28 16:51:10 2014 env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
    Fri Feb 28 16:51:10 2014 Initialization Sequence Completed
    
    

    I am using the 32-bit installer on 64-bit machine.
    I get the same results using the OpenVPN GUI  or the Connection Manager.

    Any thoughts?

    thanks



  • as a following up…
    I have also tried this on Vista with exactly the same results.
    If I manually add the route through a command route it works perfectly.
    That isn't really a workable solution when it comes to rolling out to our staff though.


  • Banned

    Works just fine here with W8.1 even. You definitely should stop using using the 32-bit installer on 64-bit machine, uninstall everything and wipe the config remnants before installing a proper 64bit package.



  • I read a post that the OpenVPN Config Manager doesn't work on 64-bit machines, and that you need to use that for non admin users?
    If that's no-longer the case I will try your suggestion.


  • Banned

    Yes, it does not work. Frankly, it never really worked on x86 either for me. Use the x64 OpenVPN-GUI package.

    If you still have problems, make sure you have checked "Allocate only one IP per client (topology subnet), rather than an isolated subnet per client (topology net30)." in the OpenVPN server configuration.



  • ;D
    Will check that out - thanks