Cannot push route to OpenVPN client on Win8
-
Hi
I am trying to set up a roadwarrior OpenVPN client to connect back to our office and also access resources over an IPSEC tunnel from the office.
The basic OpenVPN client works perfectly and I can access the LAN subnet at the office.
The IPSEC Phase 2 connections are configured to route traffic from both the LAN and OpenVPN subnets. I then assume I need to add a route to the openVPN client for the remote site so that it knows to use the tunnel.
I have used push route in the config but it seems to fail configuring the route on my windows8 machine.
I am running the client as administrator and I have applied the tweaks as detailed here:http://www.vpntutorials.com/tutorials/openvpn-client-setup-tutorial-for-windows-8/
My config file is:
dev tun persist-tun persist-key cipher AES-128-CBC auth SHA1 tls-client client resolv-retry infinite remote x.x.x.x 1194 udp lport 0 verify-x509-name "005 Roadwarrior Cert" name auth-user-pass pkcs12 xxxxxxxx-udp-1194-gordon.p12 tls-auth xxxxxxxx-udp-1194-gordon-tls.key 1 ns-cert-type server # dont terminate service process on wrong password, ask again auth-retry interact # open management channel management 127.0.0.1 166 # wait for management to explicitly start connection management-hold # query management channel for user/pass management-query-passwords # disconnect VPN when managment program connection is closed management-signal # forget password when management disconnects management-forget-disconnect route-method exe route-delay 2 push "route 192.168.250.0 255.255.255.0"The connection log shows:
Fri Feb 28 16:50:55 2014 OpenVPN 2.3.2 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [eurephia] [IPv6] built on Aug 22 2013 Fri Feb 28 16:51:02 2014 Control Channel Authentication: using 'xxxxxx-udp-1194-gordon-tls.key' as a OpenVPN static key file Fri Feb 28 16:51:02 2014 UDPv4 link local (bound): [undef] Fri Feb 28 16:51:02 2014 UDPv4 link remote: [AF_INET]194.168.202.190:1194 Fri Feb 28 16:51:02 2014 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this Fri Feb 28 16:51:04 2014 [005 Roadwarrior Cert] Peer Connection Initiated with [AF_INET]194.168.202.190:1194 Fri Feb 28 16:51:08 2014 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0 Fri Feb 28 16:51:08 2014 open_tun, tt->ipv6=0 Fri Feb 28 16:51:08 2014 TAP-WIN32 device [Local Area Connection] opened: \\.\Global\{9EF70C79-7D52-466E-AD26-8476081B6FFB}.tap Fri Feb 28 16:51:08 2014 Notified TAP-Windows driver to set a DHCP IP/netmask of 192.168.6.6/255.255.255.252 on interface {9EF70C79-7D52-466E-AD26-8476081B6FFB} [DHCP-serv: 192.168.6.5, lease-time: 31536000] Fri Feb 28 16:51:08 2014 Successful ARP Flush on interface [37] {9EF70C79-7D52-466E-AD26-8476081B6FFB} Fri Feb 28 16:51:10 2014 env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem Fri Feb 28 16:51:10 2014 env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem Fri Feb 28 16:51:10 2014 env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem Fri Feb 28 16:51:10 2014 Initialization Sequence CompletedI am using the 32-bit installer on 64-bit machine.
I get the same results using the OpenVPN GUI or the Connection Manager.Any thoughts?
thanks
-
as a following up…
I have also tried this on Vista with exactly the same results.
If I manually add the route through a command route it works perfectly.
That isn't really a workable solution when it comes to rolling out to our staff though.
-
Works just fine here with W8.1 even. You definitely should stop using using the 32-bit installer on 64-bit machine, uninstall everything and wipe the config remnants before installing a proper 64bit package.
-
I read a post that the OpenVPN Config Manager doesn't work on 64-bit machines, and that you need to use that for non admin users?
If that's no-longer the case I will try your suggestion.
-
Yes, it does not work. Frankly, it never really worked on x86 either for me. Use the x64 OpenVPN-GUI package.
If you still have problems, make sure you have checked "Allocate only one IP per client (topology subnet), rather than an isolated subnet per client (topology net30)." in the OpenVPN server configuration.
-
;D
Will check that out - thanks