Nope - didn't make any difference. I've tried TCP and UDP (with link-mtu
1200) - no difference.
There probably aren't many people out there who tried openvpn on a Windows
server. Probably a corner case. I think it would be best for me to delete
the server (gotta love virtuals) and replace it with a Win10 system. Will
probably be OK for what I want.
On Tue, Jun 26, 2018 at 9:11 PM Jan Just Keijser <janj...@nikhef.nl> wrote:
> Hi Jason,
>
> On 26/06/18 04:49, Jason Haar wrote:
>
> Hey there
>
> I'm trying to get a Win2012 openvpn client to talk to a Redhat7 openvpn
> server but aren't having much luck. I've reduced the config down to bare
> minimums: the link comes up, IP addresses are assigned at both ends - but
> they cannot even ping each other.
>
> It screams "firewall", but as far as I can see I've turned them off *and*
> disconnected the Windows one from the openvpn interface - so that shouldn't
> be it. But if I try to ping the server from the Win2012 client, tcpdump on
> the tun interface on the server shows the "echo request" coming in and the
> "echo reply" going back out over the same interface - but Windows never
> receives it (ie it still smells firewall to me).
>
> Routing table points the vpn subnet to the vpn (the ping proves it) - but
> no joy. I can't initiate pings in either direction.
>
> The weird thing if I reboot the Win client, after the link comes up I can
> *successfully* ping the client *once* (ie one packet). After that the dead
> symptoms kick in. I mean - what's that about? :-)
>
> Is there something weird that makes Win2012 act differently than (say)
> Win10? I've actually copied the openvpn config to a Win10 system where it
> works fine - so this is definitely a working config - just not for Win2012.
> Both ends are fully patched and the Windows installer was grabbed yesterday
> from openvpn.net
>
>
> Are you using "redirect_gateway def1" ?
>
> Just to make sure: can you try adding
> route 0.0.0.0 0.0.0.0 vpn_gateway 800
>
> (i.e. a ridiculously high metric) to the client config file and then
> reconnect?
> It might be that Windows NLA got more strict in 2012 compare to Win10
>
> HTH,
>
> JJK
>
>
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
