Hi Jason,
On 26/06/18 04:49, Jason Haar wrote:
Hey there
I'm trying to get a Win2012 openvpn client to talk to a Redhat7
openvpn server but aren't having much luck. I've reduced the config
down to bare minimums: the link comes up, IP addresses are assigned at
both ends - but they cannot even ping each other.
It screams "firewall", but as far as I can see I've turned them off
*and* disconnected the Windows one from the openvpn interface - so
that shouldn't be it. But if I try to ping the server from the Win2012
client, tcpdump on the tun interface on the server shows the "echo
request" coming in and the "echo reply" going back out over the same
interface - but Windows never receives it (ie it still smells firewall
to me).
Routing table points the vpn subnet to the vpn (the ping proves it) -
but no joy. I can't initiate pings in either direction.
The weird thing if I reboot the Win client, after the link comes up I
can *successfully* ping the client *once* (ie one packet). After that
the dead symptoms kick in. I mean - what's that about? :-)
Is there something weird that makes Win2012 act differently than (say)
Win10? I've actually copied the openvpn config to a Win10 system where
it works fine - so this is definitely a working config - just not for
Win2012. Both ends are fully patched and the Windows installer was
grabbed yesterday from openvpn.net <http://openvpn.net>
Are you using "redirect_gateway def1" ?
Just to make sure: can you try adding
route 0.0.0.0 0.0.0.0 vpn_gateway 800
(i.e. a ridiculously high metric) to the client config file and then
reconnect?
It might be that Windows NLA got more strict in 2012 compare to Win10
HTH,
JJK
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
