Hi, Karl, Thank you for your reply.
"Can't access anything outside the subnet" means that if I try to connect to or interact with anything which does not share the first three octets of my computer's IP address, it fails. For example, using a well known browser, if I attempt to connect to a well known website using its IP address (say http://65.55.12.249/), the browser presents a generic page which indicates that it cannot display the desired page; whereas I can send e-mail messages in a certain well known e-mail client to our well known e-mail server which happens to be running on a system which shares the first three octets of my computer's IP address, and my e-mail server can then forward those messages out across the Internet for me, and I can get responses back -- but only because the e-mail server is not affected by whatever I happen to be suffering once this problem crops up. Instant messaging programs are also instantly disconnected when this problem occurs. Ping is not a valid test for us, as at least one of our firewalls blocks ICMP. I just ran ipconfig (it's like ifconfig, only for Windows) on my test XP box before and after the problem occurs, and the Default Gateway has indeed gone missing: Before the second failed OpenVPN connection attempt: C:\Documents and Settings\jcullison>ipconfig Windows IP Configuration Ethernet adapter Wireless Network Connection 2: Media State . . . . . . . . . . . : Media disconnected Ethernet adapter Local Area Connection 2: Connection-specific DNS Suffix . : teltone.com IP Address. . . . . . . . . . . . : 192.168.1.115 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.1.1 Ethernet adapter Local Area Connection 39: Media State . . . . . . . . . . . : Media disconnected Ethernet adapter Local Area Connection 40: Media State . . . . . . . . . . . : Media disconnected Ethernet adapter Local Area Connection 41: Media State . . . . . . . . . . . : Media disconnected Ethernet adapter Local Area Connection 42: Media State . . . . . . . . . . . : Media disconnected Ethernet adapter Local Area Connection 43: Media State . . . . . . . . . . . : Media disconnected After the second failed OpenVPN connection attempt: C:\Documents and Settings\jcullison>ipconfig Windows IP Configuration Ethernet adapter Wireless Network Connection 2: Media State . . . . . . . . . . . : Media disconnected Ethernet adapter Local Area Connection 2: Connection-specific DNS Suffix . : teltone.com IP Address. . . . . . . . . . . . : 192.168.1.115 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : Ethernet adapter Local Area Connection 39: Media State . . . . . . . . . . . : Media disconnected Ethernet adapter Local Area Connection 40: Media State . . . . . . . . . . . : Media disconnected Ethernet adapter Local Area Connection 41: Media State . . . . . . . . . . . : Media disconnected Ethernet adapter Local Area Connection 42: Media State . . . . . . . . . . . : Media disconnected Ethernet adapter Local Area Connection 43: Media State . . . . . . . . . . . : Media disconnected (We configure five TAP adapters for OpenVPN.) So I guess I can stop giving my guess as to what's going on and declare explicitly that something about OpenVPN is clobbering my default gateway setting when it cannot open a tunnel a second time. I opted for the devel list and not the user list because I figure I may find myself deep in OpenVPN code in the near future, and I am looking for any pointers, hints, suggestions, etc., by any folks who might be knowledgeable on the Windows side of OpenVPN development. Regards, John Cullison Software Engineer Industrial Defender - Cyber Risk Protection jculli...@industrialdefender.com 425-951-3567 FAX: 425-487-2288 Industrial Defender, Inc. 21312 30th Drive SE, Suite 102 Bothell, Washington USA 98021 21312 (c)Copyright 2009 Industrial Defender Inc. owns copyright content of this document and all attachments unless otherwise indicated. All rights reserved. Users of Industrial Defender Inc. software and tools associated with the software such as sales & marketing collateral, presentations, user manuals, training documentation etc. may not republish nor reproduce in whole or in part the information, in any form or by any means, in any manner whatsoever without the prior written permission of Industrial Defender Inc., and any such unauthorized use constitutes copyright infringement. An acknowledgment of the source must be included whenever Industrial Defender Inc. material is copied or published. If you require further information on a permitted use or license to reproduce or republish any material, address your inquiry to Industrial Defender Inc. 16 Chestnut Street, Suite 300, Foxborough, Massachusetts, 02035. Any infringement of Industrial Defender Inc. rights will result in appropriate legal action. Industrial Defender Inc. disclaims any and all liability for any consequences which may result from any unauthorized reproduction or use of this Work whatsoever. www.industrialdefender.com -----Original Message----- From: Karl O. Pinc [mailto:k...@meme.com] Sent: Wednesday, September 02, 2009 6:50 PM To: John Cullison Cc: openvpn-devel@lists.sourceforge.net Subject: Re: [Openvpn-devel] Losing connectivity when OpenVPN cannot establish tunnel under Windows On 09/02/2009 06:29:26 PM, John Cullison wrote: I noticed today, however, that I had lost Internet > connectivity once more upon attempting to create a tunnel - only this > time (or perhaps, I was looking more closely this time?) it was when > I > was attempting to create a tunnel to a router that was not online. > Ipconfig /renew restores the network, and sure enough, attempting to > establish that tunnel again, when nothing is on the other side, is > causing my networking to die the second time I attempt to establish > the > tunnel. Windows seems to be forgetting about its default gateway or > something, as I can't go anywhere outside the local subnet. I'm sure it would be helpful to know whether it's a default gateway problem "or something". If you can't get the routing tables out of Windows (about which I treasure my ignorance :-) you could try using ping with and without domain names/dns resolution to find out. If it's a dns problem, and depending on what "go(ing) anywhere" on "the local subnet" means in Windows, it could be a dns problem. Then see http://support.microsoft.com/kb/311218 referenced from the FAQ http://openvpn.net/index.php/open-source/faq.html (Note that this is really a dhcp Windows problem that typically causes dns problems.) Note that the dns problem was what your message reminded me of. I've not looked closely at your openvpn log and am not familiar enough to be able to tell offhand if it indicates any sort of problem or not. You also might try the openvpn users list as this could just be (as above) some sort of MS Windows bug exposed by your particular configuration, which would be good to post so people have a better idea of what your doing. Karl <k...@meme.com> Free Software: "You don't pay back, you pay forward." -- Robert A. Heinlein ______________________________________________________________________ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email ______________________________________________________________________
