Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Cannot push route to OpenVPN client on Win8

    Scheduled Pinned Locked Moved OpenVPN
    6 Posts 2 Posters 2.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      Gob
      last edited by

      Hi
      I am trying to set up a roadwarrior OpenVPN client to connect back to our office and also access resources over an IPSEC tunnel from the office.
      The basic OpenVPN client works perfectly and I can access the LAN subnet at the office.
      The IPSEC Phase 2 connections are configured to route traffic from both the LAN and OpenVPN subnets. I then assume I need to add a route to the openVPN client for the remote site so that it knows to use the tunnel.
      I have used push route in the config but it seems to fail configuring the route on my windows8 machine.
      I am running the client as administrator and I have applied the tweaks as detailed here:

      http://www.vpntutorials.com/tutorials/openvpn-client-setup-tutorial-for-windows-8/

      My config file is:

      
      dev tun
      persist-tun
      persist-key
      cipher AES-128-CBC
      auth SHA1
      tls-client
      client
      resolv-retry infinite
      remote x.x.x.x 1194 udp
      lport 0
      verify-x509-name "005 Roadwarrior Cert" name
      auth-user-pass
      pkcs12 xxxxxxxx-udp-1194-gordon.p12
      tls-auth xxxxxxxx-udp-1194-gordon-tls.key 1
      ns-cert-type server
      
      # dont terminate service process on wrong password, ask again
      auth-retry interact
      # open management channel
      management 127.0.0.1 166
      # wait for management to explicitly start connection
      management-hold
      # query management channel for user/pass
      management-query-passwords
      # disconnect VPN when managment program connection is closed
      management-signal
      # forget password when management disconnects
      management-forget-disconnect
      
      route-method exe
      route-delay 2
      
      push "route 192.168.250.0 255.255.255.0"
      
      

      The connection log shows:

      
      Fri Feb 28 16:50:55 2014 OpenVPN 2.3.2 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [eurephia] [IPv6] built on Aug 22 2013
      Fri Feb 28 16:51:02 2014 Control Channel Authentication: using 'xxxxxx-udp-1194-gordon-tls.key' as a OpenVPN static key file
      Fri Feb 28 16:51:02 2014 UDPv4 link local (bound): [undef]
      Fri Feb 28 16:51:02 2014 UDPv4 link remote: [AF_INET]194.168.202.190:1194
      Fri Feb 28 16:51:02 2014 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
      Fri Feb 28 16:51:04 2014 [005 Roadwarrior Cert] Peer Connection Initiated with [AF_INET]194.168.202.190:1194
      Fri Feb 28 16:51:08 2014 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
      Fri Feb 28 16:51:08 2014 open_tun, tt->ipv6=0
      Fri Feb 28 16:51:08 2014 TAP-WIN32 device [Local Area Connection] opened: \\.\Global\{9EF70C79-7D52-466E-AD26-8476081B6FFB}.tap
      Fri Feb 28 16:51:08 2014 Notified TAP-Windows driver to set a DHCP IP/netmask of 192.168.6.6/255.255.255.252 on interface {9EF70C79-7D52-466E-AD26-8476081B6FFB} [DHCP-serv: 192.168.6.5, lease-time: 31536000]
      Fri Feb 28 16:51:08 2014 Successful ARP Flush on interface [37] {9EF70C79-7D52-466E-AD26-8476081B6FFB}
      Fri Feb 28 16:51:10 2014 env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
      Fri Feb 28 16:51:10 2014 env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
      Fri Feb 28 16:51:10 2014 env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
      Fri Feb 28 16:51:10 2014 Initialization Sequence Completed
      
      

      I am using the 32-bit installer on 64-bit machine.
      I get the same results using the OpenVPN GUI  or the Connection Manager.

      Any thoughts?

      thanks

      If I fix one more thing than I break in a day, it's a good day!

      1 Reply Last reply Reply Quote 0
      • G
        Gob
        last edited by

        as a following up…
        I have also tried this on Vista with exactly the same results.
        If I manually add the route through a command route it works perfectly.
        That isn't really a workable solution when it comes to rolling out to our staff though.

        If I fix one more thing than I break in a day, it's a good day!

        1 Reply Last reply Reply Quote 0
        • D
          doktornotor Banned
          last edited by

          Works just fine here with W8.1 even. You definitely should stop using using the 32-bit installer on 64-bit machine, uninstall everything and wipe the config remnants before installing a proper 64bit package.

          1 Reply Last reply Reply Quote 0
          • G
            Gob
            last edited by

            I read a post that the OpenVPN Config Manager doesn't work on 64-bit machines, and that you need to use that for non admin users?
            If that's no-longer the case I will try your suggestion.

            If I fix one more thing than I break in a day, it's a good day!

            1 Reply Last reply Reply Quote 0
            • D
              doktornotor Banned
              last edited by

              Yes, it does not work. Frankly, it never really worked on x86 either for me. Use the x64 OpenVPN-GUI package.

              If you still have problems, make sure you have checked "Allocate only one IP per client (topology subnet), rather than an isolated subnet per client (topology net30)." in the OpenVPN server configuration.

              1 Reply Last reply Reply Quote 0
              • G
                Gob
                last edited by

                ;D
                Will check that out - thanks

                If I fix one more thing than I break in a day, it's a good day!

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.