Windows 7 machines can't communicate over VPN



  • Hi,

    Any machine can connect and talk over the VPN, except Windows machines that does not communicate with anything on the other side of the VPN.

    Server configuration

    dev ovpns1
    dev-type tun
    tun-ipv6
    dev-node /dev/tun1
    writepid /var/run/openvpn_server1.pid
    #user nobody
    #group nobody
    script-security 3
    daemon
    keepalive 10 60
    ping-timer-rem
    persist-tun
    persist-key
    proto tcp-server
    cipher AES-256-CBC
    up /usr/local/sbin/ovpn-linkup
    down /usr/local/sbin/ovpn-linkdown
    client-connect /usr/local/sbin/openvpn.attributes.sh
    client-disconnect /usr/local/sbin/openvpn.attributes.sh
    local 195.66.80.227
    tls-server
    server 10.1.20.0 255.255.255.240
    client-config-dir /var/etc/openvpn-csc
    username-as-common-name
    auth-user-pass-verify /var/etc/openvpn/server1.php via-env
    tls-verify /var/etc/openvpn/server1.tls-verify.php
    lport 443
    management /var/etc/openvpn/server1.sock unix
    max-clients 10
    push "route 10.1.8.0 255.255.252.0"
    push "dhcp-option DOMAIN cyanide-studio.com"
    push "dhcp-option DNS 10.1.8.11"
    push "dhcp-option NTP 10.1.8.97"
    push "dhcp-option WINS 10.1.8.1"
    push "redirect-gateway def1"
    ca /var/etc/openvpn/server1.ca
    cert /var/etc/openvpn/server1.cert
    key /var/etc/openvpn/server1.key
    dh /etc/dh-parameters.2048
    tls-auth /var/etc/openvpn/server1.tls-auth 0
    comp-lzo
    passtos
    persist-remote-ip
    float
    topology subnet
    
    

    This is the client configuration

    dev tun
    persist-tun
    persist-key
    cipher AES-256-CBC
    auth SHA1
    tls-client
    client
    resolv-retry infinite
    remote 195.66.80.227 443 tcp-client
    lport 0
    verify-x509-name "OpenVPN-CRT" name
    auth-user-pass
    pkcs12 lb-TCP-443-bsemene.p12
    tls-auth lb-TCP-443-bsemene-tls.key 1
    ns-cert-type server
    comp-lzo
    redirect-gateway def1
    
    

    I can connect to the OpenVPN server without any issue

    Mon Jul 07 19:16:28 2014 OpenVPN 2.3.3 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Apr 14 2014
    Enter Management Password:
    Mon Jul 07 19:16:33 2014 Control Channel Authentication: using 'lb-TCP-443-bsemene-tls.key' as a OpenVPN static key file
    Mon Jul 07 19:16:33 2014 Attempting to establish TCP connection with [AF_INET]195.66.80.227:443
    Mon Jul 07 19:16:33 2014 TCP connection established with [AF_INET]195.66.80.227:443
    Mon Jul 07 19:16:33 2014 TCPv4_CLIENT link local (bound): [undef]
    Mon Jul 07 19:16:33 2014 TCPv4_CLIENT link remote: [AF_INET]195.66.80.227:443
    Mon Jul 07 19:16:33 2014 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
    Mon Jul 07 19:16:35 2014 [OpenVPN-CRT] Peer Connection Initiated with [AF_INET]195.66.80.227:443
    Mon Jul 07 19:16:37 2014 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
    Mon Jul 07 19:16:37 2014 open_tun, tt->ipv6=0
    Mon Jul 07 19:16:37 2014 TAP-WIN32 device [Connexion au réseau local 2] opened: \\.\Global\{6B5937BF-8920-449F-97F0-F7693D7E0C94}.tap
    Mon Jul 07 19:16:37 2014 Set TAP-Windows TUN subnet mode network/local/netmask = 10.1.20.0/10.1.20.2/255.255.255.240 [SUCCEEDED]
    Mon Jul 07 19:16:37 2014 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.1.20.2/255.255.255.240 on interface {6B5937BF-8920-449F-97F0-F7693D7E0C94} [DHCP-serv: 10.1.20.14, lease-time: 31536000]
    Mon Jul 07 19:16:37 2014 Successful ARP Flush on interface [16] {6B5937BF-8920-449F-97F0-F7693D7E0C94}
    Mon Jul 07 19:16:42 2014 Initialization Sequence Completed
    
    

    From a Windows over vpn:

    • Can ping a unix machine on lan.

    • Can connect TCP services (i.e. ssh) on unix on lan.

    • Can't ping a windows machine.

    • Can't connect TCP services (i.e. http, rdp).

    From unix on lan, to both (lan and remote) Windows machines, and Mac over VPN:

    • Can connect to a TCP services (i.e. rdp, http)

    • Can ping

    From Windows on LAN :

    • Can ping the unix machine on lan

    • Can connect to TCP services (i.e. ssh) on unix on lan

    • Can't ping the windows client

    • Can't connect to TCP service (i.e. rdp) on Windows over VPN

    • Can't ping Mac over vpn

    • Can't connect TCP service on Mac over VPN

    From a Mac over vpn to the lan :

    • Can ping unix machine on lan

    • Can connect TCP service (i.e. ssh) on unix on lan

    • Can't ping Windows on lan

    • Can't connect to TCP service on Windows on lan

    • I tried to shutdown firewall on both Windows machines.

    • I authorized traffic from "public" on both machines

    • I deactivated the firewall on the VPN interface

    • I tried to play with options unsuccessfully

    • I did not find anything on the internet about Windows machine having specific issues

    I'm open to any kind of help…

    Thanks in advance,
    Bastien Semene