Unidentified Network Win10



  • Hi all im having a bit of a problem,
    I use windows 10 and im getting unidentified Network on my OpenVPN connection,

    Im under a school firewall, they block HTTPS sites like facebook, and i have a homeServer with OpenVPN under PFSense Firewall, sometimes i can connect to facebook on the school, but sometimes it wont work because the traffic is being routed to school firewall.

    Here is what works:
    _- Can ping my local computers like my file server etc… at home.

    • My IP is my Home Server IP on school under OpenVPN Tunnel_

    What doesnt work:
    Routing probably ?

    here is my routing:

    Interface List
      3...00 1d ba 83 5c 98 ......Marvell Yukon 88E8055 PCI-E Gigabit Ethernet Controller
      6...00 ff 55 e8 ba ed ......TAP-Windows Adapter V9
      8...00 16 ea 43 1e 92 ......Intel(R) WiFi Link 5100 AGN
      1...........................Software Loopback Interface 1
    ===========================================================================
    
    IPv4 Route Table
    ===========================================================================
    Active Routes:
    Network Destination        Netmask          Gateway       Interface  Metric
              0.0.0.0          0.0.0.0     192.168.43.1   192.168.43.164     25
              0.0.0.0        128.0.0.0      192.168.2.5      192.168.2.6     20
        84.91.204.249  255.255.255.255     192.168.43.1   192.168.43.164     25
            127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
            127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
      127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
            128.0.0.0        128.0.0.0      192.168.2.5      192.168.2.6     20
          192.168.1.0    255.255.255.0      192.168.2.5      192.168.2.6     20
          192.168.2.0    255.255.255.0      192.168.2.5      192.168.2.6     20
          192.168.2.4  255.255.255.252         On-link       192.168.2.6    276
          192.168.2.6  255.255.255.255         On-link       192.168.2.6    276
          192.168.2.7  255.255.255.255         On-link       192.168.2.6    276
         192.168.43.0    255.255.255.0         On-link    192.168.43.164    281
       192.168.43.164  255.255.255.255         On-link    192.168.43.164    281
       192.168.43.255  255.255.255.255         On-link    192.168.43.164    281
            224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
            224.0.0.0        240.0.0.0         On-link    192.168.43.164    281
            224.0.0.0        240.0.0.0         On-link       192.168.2.6    276
      255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      255.255.255.255  255.255.255.255         On-link    192.168.43.164    281
      255.255.255.255  255.255.255.255         On-link       192.168.2.6    276
    

    My PFsense config:
    Pfsense IP: 192.168.1.2
    OpenVPN tunnel: 192.168.2.0/24
    OpenVPN client example IP: 192.168.2.10
    DNS that i pass to the tunnel: 192.168.1.2 / 209.244.0.3 / 209.244.0.4

    Since i pass those DNS it should work on School to acess HTTPS sites since it should be routing to my tunnel to home server?
    I am sure that i have a routing problem, but im not sure what to do ?
    thanks in advnce!



  • Do you send all traffic through your tunnel?
    Try to only use your private IP DNS server as the others can be resolved locally (and could be blocked there).



  • If your Win10 machine is 192.168.2.6 and your pfsense is 192.168.2.5, then you should have the ipv4 routing setup because of these two routes:

              0.0.0.0        128.0.0.0      192.168.2.5      192.168.2.6     20
            128.0.0.0        128.0.0.0      192.168.2.5      192.168.2.6     20
    

    I'm not sure what these are but they're probably ok

          192.168.2.4  255.255.255.252         On-link       192.168.2.6    276
          192.168.2.6  255.255.255.255         On-link       192.168.2.6    276
          192.168.2.7  255.255.255.255         On-link       192.168.2.6    276
    

    Anyways, it could be that the school offers IPv6 and you have a split tunnel. Your IPv6 traffic doesn't go through your VPN unless you've done some extra work.

    Try pinging 192.168.2.6. Make sure that works first. Next ping an external IPv4 address 8.8.8.8 for example. Make sure they're going through the VPN with tracert.

    Now try pinging facebook.com. Try forcing IPv6 with the -6 option. See what happens. If those don't work, post the tracert.

    Like johonix said, try not to use the school's DNS as they might be altering the responses to block things that way. G/L.



  • Almost forgot, make sure you have a firewall rule for the openvpn adapter to be lenient enough for your vpn client. Sounds like you have that if you can ping your server but you didn't mention it.

    Also, if you're using manual outbound nat rules, then make sure you have a proper outbound nat rule for your openvpn subnet. If you're using automatic, then I'm not sure what you do.



  • Hi all, thanks for answering!

    I have allowed in firewall the OpenVPN exe outbound and inbound!
    IPv6 doesnt work, so it might be disabled or not in use:

    C:\Windows\system32>tracert -6 8.8.8.8
    Unable to resolve target system name 8.8.8.8.
    

    IPv4 seems not going trought my VPN… i think that i need to change the route?

    C:\Windows\system32>tracert 8.8.8.8
    
    Tracing route to google-public-dns-a.google.com [8.8.8.8]
    over a maximum of 30 hops:
    
      1    21 ms    25 ms    22 ms  192.168.2.1
      2    23 ms    25 ms    35 ms  ipfirewall.redespro [192.168.0.1]
      3    33 ms    40 ms    36 ms  10.2.0.1
      4    31 ms    28 ms    44 ms  pa1-84-91-0-105.netvisao.pt [84.91.0.105]
      5    57 ms    31 ms    30 ms  pa1-84-91-1-13.netvisao.pt [84.91.1.13]
      6    77 ms    75 ms     *     pa1-84-91-0-137.netvisao.pt [84.91.0.137]
      7    77 ms    85 ms    59 ms  209.85.242.173
      8    47 ms    33 ms    35 ms  google-public-dns-a.google.com [8.8.8.8]
    

    The IPfire is the school firewall, it doesnt seem to go trought my tunnel, i still can acess my machines at home and have my home IP as o see on myip website!

    I can acess my PFsense so here is my NAT outbound rules, they are set auto:

    And here my OpenVpn Server Settings:

    Thanks again for your time!



  • I have allowed in firewall the OpenVPN exe outbound and inbound!

    I was referring to the pfsense firewall. If you go to firewall->rules, there's a tab for floating, wan, lan, and openvpn. Make sure the rules in the openvpn tab are lenient enough.

    Make sure your openvpn log (both on Win10 and pfsense) say "Initialization Sequence Completed".

    When you did tracert -6 8.8.8.8, you were trying to do an IPv6 traceroute to an IPv4 address. This cannot work. I just wanted to see if your school had IPv6 but this might be moot if you're not routing IPv4 properly. You could do tracert -6 www.google.com to see if your school has ipv6. Or if they let you go here: http://test-ipv6.com/

    Based on your Win10 routing table, I'd expect this to work. Not sure what's missing at this point. Maybe posting the openvpn logs would help?



  • Hi again and thank you,

    As i said before it works sometimes, this time i used school wifi, and the traffic flows trough the tunnel,

    here is trace route:

    C:\Windows\system32>tracert 8.8.8.8
    
    Tracing route to google-public-dns-a.google.com [8.8.8.8]
    over a maximum of 30 hops:
    
      1    21 ms    27 ms    24 ms  192.168.2.1
      2    23 ms    23 ms    20 ms  192.168.0.1
      3    33 ms    54 ms    47 ms  10.2.0.1
      4    38 ms    26 ms    36 ms  pa1-84-91-0-105.netvisao.pt [84.91.0.105]
      5    28 ms    35 ms    30 ms  pa1-84-91-1-13.netvisao.pt [84.91.1.13]
      6    34 ms    35 ms    48 ms  pa1-84-91-0-137.netvisao.pt [84.91.0.137]
      7    46 ms    45 ms    33 ms  209.85.242.173
      8    34 ms    29 ms    35 ms  google-public-dns-a.google.com [8.8.8.8]
    
    Trace complete.
    
    

    As you can see here 192.168.2.1 is the Subnet Created by OpenVPN
    192.168.0.1 is my ISP Modem at least at home, and netvisao is my ISP so on….

    And here is the Route Print:

    IPv4 Route Table
    ===========================================================================
    Active Routes:
    Network Destination        Netmask          Gateway       Interface  Metric
              0.0.0.0          0.0.0.0     192.168.24.1   192.168.29.198     25
              0.0.0.0        128.0.0.0      192.168.2.5      192.168.2.6     20
        84.91.204.249  255.255.255.255     192.168.24.1   192.168.29.198     25
            127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
            127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
      127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
            128.0.0.0        128.0.0.0      192.168.2.5      192.168.2.6     20
          192.168.0.0      255.255.0.0         On-link    192.168.29.198    281
          192.168.1.0    255.255.255.0      192.168.2.5      192.168.2.6     20
          192.168.2.0    255.255.255.0      192.168.2.5      192.168.2.6     20
          192.168.2.4  255.255.255.252         On-link       192.168.2.6    276
          192.168.2.6  255.255.255.255         On-link       192.168.2.6    276
          192.168.2.7  255.255.255.255         On-link       192.168.2.6    276
       192.168.29.198  255.255.255.255         On-link    192.168.29.198    281
      192.168.255.255  255.255.255.255         On-link    192.168.29.198    281
            224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
            224.0.0.0        240.0.0.0         On-link       192.168.2.6    276
            224.0.0.0        240.0.0.0         On-link    192.168.29.198    281
      255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      255.255.255.255  255.255.255.255         On-link       192.168.2.6    276
      255.255.255.255  255.255.255.255         On-link    192.168.29.198    281
    ===========================================================================
    

    Here is the IPConfig:

    Ethernet adapter Ethernet 2:
    
       Connection-specific DNS Suffix  . :
       Link-local IPv6 Address . . . . . : fe80::51de:4dfe:e6c3:9b64%6
       IPv4 Address. . . . . . . . . . . : 192.168.2.6
       Subnet Mask . . . . . . . . . . . : 255.255.255.252
       Default Gateway . . . . . . . . . :
    
    Wireless LAN adapter Wi-Fi:
    
       Connection-specific DNS Suffix  . : localdomain
       Link-local IPv6 Address . . . . . : fe80::f84d:75f:9fe7:5d5e%8
       IPv4 Address. . . . . . . . . . . : 192.168.29.198
       Subnet Mask . . . . . . . . . . . : 255.255.0.0
       Default Gateway . . . . . . . . . : 192.168.24.1
    
    C:\Windows\system32>
    

    It doesnt show a gateway in TAP or OPEN VPN

    Heres the log of the OPenVPN

    And Rules of the OpenVPN in the Firewall



  • It could be that the VPN is unstable enough that windows falls back to the original route through the school. I think windows does this automatically.

    In your config you should have a line "redirect-gateway def1". This is what adds these routes:

              0.0.0.0        128.0.0.0      192.168.2.5      192.168.2.6     20
            128.0.0.0        128.0.0.0      192.168.2.5      192.168.2.6     20
    

    These are supposed to be preferred by Windows over this one:

              0.0.0.0          0.0.0.0     192.168.43.1   192.168.43.164     25
    

    Try removing the "def1" from "redirect-gateway def1" in your Windows config. See the following for details on redirect-gateway.
    https://openvpn.net/index.php/open-source/documentation/manuals/65-openvpn-20x-manpage.html

    Edit: If you don't have redirect-gateway in your config it's because it's being pushed by pfsense. Turn off the "Redirect Gateway" check box in pfsense and add "redirect-gateway" to your windows config.


Log in to reply