Openvpn 2.5.x Windows clients not getting gateway

ocampo · January 7, 2022, 10:02pm

Hi there, first post !
I'm having a hard time on the title.

I've configured several openvpn sites with little o no problems since ages.
New release (21.02) and new version of openvpn: 2.5.x .

After going over the new network configuration (devices et al) I managed to config opevpn .

On linux client (NetworkManager on debian / bullseye / amd64) work flawlessly, configuring on the vpn client side a route to reach the server network.
On Windows (7 & 10) it seems to run route.exe (from the log) with the same parameters.
I've installed openvpn 2.5.4 on both Windows machines.

How can I make Windows get the gateway correctly?

Thanks in advance .

PS: Compression is disabled on openvpn

Lucky1 · January 7, 2022, 10:14pm

I remember having a play with 21.02.r1 or 2
and I had to manly add tap0 to lan in interfaces

slh · January 8, 2022, 3:29am

Audit the used security ciphers and compression settings, afaik (not using OpenVPN myself) the newer versions disabled several insecure ciphers.

Lucky1 · January 8, 2022, 9:51pm

did you get anywhere ?

ocampo · January 10, 2022, 12:49am

I can connect succesfully (with a warning that i'm using 160 hash).

On linux i created a route on that connection for the remote network 10.66.43.0 255.255.255.0 using the gateway 10.8.20.1 . Works fine .
I see on Windows 10 opevpn log, that also a route with same values is run on connect, but is not forwarding traffic to the remote network . I also see running "route print" command that it seems polluted with lots of routes (which shouldn't be there) .

My Windows skills is delclining on a daily basis. I work using linux since 23 years.

The exact openwrt version is : OpenWrt 21.02.0, r16279-5cc0535800
Thanks

Lucky1 · January 10, 2022, 3:43am

I do know some versions of windows 10 don't work over wifi
it has a thing that if a lan is detected it dosconects wifi & uses the lan cable
but well if connecting ovre wifi it thinks the vpn connecton is lan & disconect the wifi
then the vpn drops out & wifi kicks back in
have to love microsoft

Lucky1 · January 10, 2022, 3:54am

here are the last config files i use on a shapshot for 2.5 don't know it they still work tho
add in you own certificats etc
Client.ovpn
remote server 1194

client.ovpn

remote-cert-tls server 
dev tap0 
proto udp 
resolv-retry infinite 
nobind 
persist-key 
persist-tun 
float
#If the pushed routes appear not to be added on windows hosts, add the following:
route-delay 30
auth-nocache
compress lz4-v2
<ca>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</ca> 
<cert>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</cert> 
<key>
-----BEGIN PRIVATE KEY-----
-----END PRIVATE KEY-----
</key>

key-direction 1
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
-----END OpenVPN Static key V1-----
</tls-auth>

server.ovpn

port 1194
ifconfig-pool-persist /tmp/ipp.txt
keepalive 10 120
persist-key
persist-tun
user nobody
log /tmp/openvpn-status.log
verb 3
client-to-client
dev tap0
compress lz4-v2
server-bridge 192.168.1.1 255.255.255.0 192.168.1.200 192.168.1.209

<ca>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</ca>

<cert>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</cert>

<key>
-----BEGIN PRIVATE KEY-----
-----END PRIVATE KEY-----
</key>
<dh>
-----BEGIN DH PARAMETERS-----
-----END DH PARAMETERS-----
</dh>

key-direction 0
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
-----END OpenVPN Static key V1-----
</tls-auth>