[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

[Openvpn-users] VPN Routing with a Windows 2000 as OpenVPN server?

  • Subject: [Openvpn-users] VPN Routing with a Windows 2000 as OpenVPN server?
  • From: Matthew Mastracci <matt@xxxxxxxxxx>
  • Date: Tue, 06 Apr 2004 23:02:40 -0600
Has anyone had any experience with the difficult routing configuration
stuff in Windows 2000 with 2.0-test19?  I've tried the same
configuration on a both Windows and a Linux box as server.  The Linux
box works great - traffic goes across the tunnel as expected, but the
Windows box fails.  

The Windows box doesn't seem to set up the correct OpenVPN route for
routing back across the VPN.  Without that route, packets end up routed
circularly (the firewall default gateway bounces them back via static
route).  

If I add the route by hand, the packets disappear into the ether.  I've
seen some random ARP requests on the interface for the IP it's looking
for.  The TAP/TUN code looks like it should be handling these, but for
some reason they aren't answered.

I've spend a few hours looking at what might cause it, but nothing seems
to jump out at me.  It happens for me on a Windows 2000 Server box and a
Windows 2000 Pro box.  I've enabled IP routing on both, but no luck so
far.

I'll probably just use a linux server for now, but I thought I'd warn
everyone that this configuration is likely broken right now in
2.0-test19.

-- 
Matthew Mastracci <matt@xxxxxxxxxx>

mode server

port 52212
proto udp
dev tun
ifconfig 192.168.2.1 192.168.2.2
tun-mtu 1500

tls-server 
ca cacert.pem
cert office.crt
key office.key
dh dh2048.pem

# Delete client instances after some period
# of inactivity.
inactive 600

# Pool of /30 subnets to be allocated to clients.
# When a client connects, an --ifconfig command
# will be automatically generated and pushed back to
# the client.
ifconfig-pool 192.168.2.4 192.168.2.255

# Push route to client to bind it to our local
# virtual endpoint.
push "route 192.168.2.1 255.255.255.255"
#push "route 192.168.1.0 255.255.255.0"

# Route the --ifconfig pool range into the
# OpenVPN server.
route 192.168.2.0 255.255.255.0

ping 10
#comp-lzo

verb 6
# Allow server-side option push
pull

# Connection parameters
remote 192.168.145.99
port 52212
proto udp
dev tun
tun-mtu 1500

# Certificate parameters
tls-client
ca cacert.pem
cert client.crt
key client.key

# Transport parameters
ping 10
# comp-lzo

# up test.bat

# Verbosity
verb 6
mute 10