Windows 7 machines can't communicate over VPN
-
Hi,
Any machine can connect and talk over the VPN, except Windows machines that does not communicate with anything on the other side of the VPN.
Server configuration
dev ovpns1 dev-type tun tun-ipv6 dev-node /dev/tun1 writepid /var/run/openvpn_server1.pid #user nobody #group nobody script-security 3 daemon keepalive 10 60 ping-timer-rem persist-tun persist-key proto tcp-server cipher AES-256-CBC up /usr/local/sbin/ovpn-linkup down /usr/local/sbin/ovpn-linkdown client-connect /usr/local/sbin/openvpn.attributes.sh client-disconnect /usr/local/sbin/openvpn.attributes.sh local 195.66.80.227 tls-server server 10.1.20.0 255.255.255.240 client-config-dir /var/etc/openvpn-csc username-as-common-name auth-user-pass-verify /var/etc/openvpn/server1.php via-env tls-verify /var/etc/openvpn/server1.tls-verify.php lport 443 management /var/etc/openvpn/server1.sock unix max-clients 10 push "route 10.1.8.0 255.255.252.0" push "dhcp-option DOMAIN cyanide-studio.com" push "dhcp-option DNS 10.1.8.11" push "dhcp-option NTP 10.1.8.97" push "dhcp-option WINS 10.1.8.1" push "redirect-gateway def1" ca /var/etc/openvpn/server1.ca cert /var/etc/openvpn/server1.cert key /var/etc/openvpn/server1.key dh /etc/dh-parameters.2048 tls-auth /var/etc/openvpn/server1.tls-auth 0 comp-lzo passtos persist-remote-ip float topology subnet
This is the client configuration
dev tun persist-tun persist-key cipher AES-256-CBC auth SHA1 tls-client client resolv-retry infinite remote 195.66.80.227 443 tcp-client lport 0 verify-x509-name "OpenVPN-CRT" name auth-user-pass pkcs12 lb-TCP-443-bsemene.p12 tls-auth lb-TCP-443-bsemene-tls.key 1 ns-cert-type server comp-lzo redirect-gateway def1
I can connect to the OpenVPN server without any issue
Mon Jul 07 19:16:28 2014 OpenVPN 2.3.3 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Apr 14 2014 Enter Management Password: Mon Jul 07 19:16:33 2014 Control Channel Authentication: using 'lb-TCP-443-bsemene-tls.key' as a OpenVPN static key file Mon Jul 07 19:16:33 2014 Attempting to establish TCP connection with [AF_INET]195.66.80.227:443 Mon Jul 07 19:16:33 2014 TCP connection established with [AF_INET]195.66.80.227:443 Mon Jul 07 19:16:33 2014 TCPv4_CLIENT link local (bound): [undef] Mon Jul 07 19:16:33 2014 TCPv4_CLIENT link remote: [AF_INET]195.66.80.227:443 Mon Jul 07 19:16:33 2014 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this Mon Jul 07 19:16:35 2014 [OpenVPN-CRT] Peer Connection Initiated with [AF_INET]195.66.80.227:443 Mon Jul 07 19:16:37 2014 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0 Mon Jul 07 19:16:37 2014 open_tun, tt->ipv6=0 Mon Jul 07 19:16:37 2014 TAP-WIN32 device [Connexion au réseau local 2] opened: \\.\Global\{6B5937BF-8920-449F-97F0-F7693D7E0C94}.tap Mon Jul 07 19:16:37 2014 Set TAP-Windows TUN subnet mode network/local/netmask = 10.1.20.0/10.1.20.2/255.255.255.240 [SUCCEEDED] Mon Jul 07 19:16:37 2014 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.1.20.2/255.255.255.240 on interface {6B5937BF-8920-449F-97F0-F7693D7E0C94} [DHCP-serv: 10.1.20.14, lease-time: 31536000] Mon Jul 07 19:16:37 2014 Successful ARP Flush on interface [16] {6B5937BF-8920-449F-97F0-F7693D7E0C94} Mon Jul 07 19:16:42 2014 Initialization Sequence Completed
From a Windows over vpn:
-
Can ping a unix machine on lan.
-
Can connect TCP services (i.e. ssh) on unix on lan.
-
Can't ping a windows machine.
-
Can't connect TCP services (i.e. http, rdp).
From unix on lan, to both (lan and remote) Windows machines, and Mac over VPN:
-
Can connect to a TCP services (i.e. rdp, http)
-
Can ping
From Windows on LAN :
-
Can ping the unix machine on lan
-
Can connect to TCP services (i.e. ssh) on unix on lan
-
Can't ping the windows client
-
Can't connect to TCP service (i.e. rdp) on Windows over VPN
-
Can't ping Mac over vpn
-
Can't connect TCP service on Mac over VPN
From a Mac over vpn to the lan :
-
Can ping unix machine on lan
-
Can connect TCP service (i.e. ssh) on unix on lan
-
Can't ping Windows on lan
-
Can't connect to TCP service on Windows on lan
-
I tried to shutdown firewall on both Windows machines.
-
I authorized traffic from "public" on both machines
-
I deactivated the firewall on the VPN interface
-
I tried to play with options unsuccessfully
-
I did not find anything on the internet about Windows machine having specific issues
I'm open to any kind of help…
Thanks in advance,
Bastien Semene -