K
K
kalach_892015-09-21 17:10:28
openvpn
kalach_89, 2015-09-21 17:10:28

OpenVpn and Windows 10. Why might it not work?

Good day. There is a gateway on centos 6.6. Its main task is to distribute white ip from the rip to other servers. It deployed an openvpn server in bridge mode and distributing the remaining white ip to clients via dhtsp. iptables are configured, the gateway fulfills its role. When connecting from 2 PCs to Win7 via vpn, there are no problems, he prescribes routes, the Internet goes through vpn. When connecting with Win10, a connection occurs, routes are registered, but the main connection remains the main interface. Empirically, it turned out that if you forcibly lower the Tap metric for the adapter to a level below the metric of the main interface, then the routes are correct, through the vpn interface, but there is still no Internet. Access is only by rip block. Maybe someone came across and will help smart advice. The network is marked as trusted in the firewall. Seems, that you need to kick some kind of service. Since time 8, connection sharing does not work until you restart. Maybe there is something similar here.
Server
local XXXX
port 1723
proto tcp-server
dev tap0
tun-mtu 1500
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/openvpn.crt
key /etc/openvpn/keys/openvpn.key
dh / etc/openvpn/keys/dh1024.pem
daemon
server-bridge XXXX 255.255.255.248 XXXX XXXX
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
push "redirect-gateway"
keepalive 10 120
client- to-client
tls-auth /etc/openvpn/ta.key 0
cipher AES-256-CBC
auth SHA512
comp-lzo
max-clients 3
user openvpn
group openvpn
persist-key
persist-tun
status /var/log/openvpn-status.log
log-append /var/log/openvpn.log
verb 3
mute 20
Client
ca C:\\OpenVPN\\ca.crt
cert C:\\OpenVPN\\home.crt
key C:\\OpenVPN\\home.key
dh C:\\OpenVPN\\dh1024.pem
tls-auth C:\\OpenVPN\\ta.key 1
client
dev tap
proto tcp
remote XXXX 1723
resolv-retry infinite
nobind
persist- key
persist-tun
remote-cert-tls server
tls-auth C:\\openvpn\\ta.key 1
cipher AES-256-CBC
auth SHA512
comp-lzo
verb 3
default routes
List of interfaces
3...00 ff 7b db 59 0a ......TAP-Windows Adapter V9
17...14 da e9 21 2e 77 ......Realtek PCIe GBE Family Controller
9...00 15 e9 ef a5 1d ......D-Link DGE-528T Gigabit Ethernet Adapter
43......................CKTV
1... ........................Software Loopback Interface 1
====================== ================================================= ===
IPv4 route table
========================================== ===============================
Active Routes:
Network Address Netmask Gateway Address Interface Metric
0.0.0.0 0.0.0.0 On- link 10.1.108.167 20
10.1.1088.167 255.255.255.255 On-link 10.1.108.167 276
127.0.0.0 255.0.0.0 on-link 127.0.0.1 4531
127.0.0.1 255.255.255.255 On-Link 127.0.0.1 4531
127.255.255.255 255.255.255.255 255.255.255.255 On-Link 127.0. 0.1 4531
172.25.0.0 255.255.0.0 172.25.31.1 172.25.31.86 4246
172.25.31.0 255.255.255.0 ON-LINK 172.25.31.86 4501
172.25.31.86 255.255.255.255 On-link 172.25.31.86 4501
172.25.31.255 255.255.255.255 172.25.31.86 4501
192.168.137.0 255.255.255.0 On-link 192.168.137.1 4501
192.168.137.1 255.255.255.255 ON-LINK 192.168.137.1 4501
192.168.137.255 255.255.255.255 On-Link 192.168.137.1 4501
224.0.0.0 240.0.0.0 On-Link 127.0.0.1 4531
224.0.0.0 240.0.0.0 On-Link 172.25. 31.86 4501
224.0.0.0 240.0.0.0 On-Link 192.168.137.1 4501
224.0.0.0 240.0.0.0 On-Link 10.1.108.167 21
255.255.255.255 255.255.255.255 255.255.255.255 255.255.255.255 255.255.255.255
255.255.255.255 255.255.255.255 172.25.31.86 4501
255.255.255.255 255.255.255.255 On-link 192.168.137.1 4501
255.255.255.255 255.255.255.255 On-link 10.1.108.167 276
==================================== =====================================
Permanent routes:
No
routes after VPN connection Interface
list
17 ...14 da e9 21 2e 77 ......Realtek PCIe GBE Family Controller
9...00 15 e9 ef a5 1d ......D-Link DGE-528T Gigabit Ethernet Adapter
3...00 ff 7b db 59 0a ......TAP-Windows Adapter V9
43................................CKTV
1.... .......................Software Loopback Interface 1
======================= ================================================= ==
IPv4 route table
================================================= =========================
Active Routes:
Network Address Netmask Gateway Address Interface Metric
0.0.0.0 0.0.0.0 XXXX 10.1.108.167 21
10.1.108.167 255.255.255.255 on-link 10.1.108.167 276
10.41.0.0 255.255.0.0 xxxx 10.1.108.167 21
xxxa 255.255.255.248 on-link xxxb 5739 xxxx
255.255.255.255 on-link 10.1.108.167 20
xxxb 255.255.255.255 On-Link XXXB 5739
XXXC 255.255.255.255 On-link XXXB 5739
127.0.0.0 255.0.0.0 On-Link 127.0.0.1 4531
127.0.0.1 255.255.255.255 On-Link 127.0.0.1 4531
127.255.255.255 255.255.255.255 On-Link 127.0.0.1 4531
172.25.0.0 255.255.0.0 172.25.31.1 172.25. 31.86 4246
172.25.31.0 255.255.255.0 On-link 172.25.31.86 4501
172.25.31.86 255.255.255.255 on-link 172.25.31.86 4501
172.25.31.255 255.255.255.255 255.255.255.255 On-Link 172.25.31.86 4501
192.168.137.0 255.255.255.0 On- LINK 192.168.137.1 4501
192.168.137.1 255.255.255.255 On-link 192.168.137.1 4501
192.168.137.255 255.255.255.255 On-Link 192.168.137.1 4501
224.0.0.0 240.0.0.0 On-Link 127.0.0.1 4531
224.0.0.0 240.0.0.0 On-Link 172.25.31.86 4501
224.0.0.0 240.0.0.0 On-Link 192.168. 137.1 4501
224.0.0.0 240.0.0.0 On-link XXXB 5739
224.0.0.0 240.0.0.0 On-Link 10.1.108.167 21
255.255.255.255 255.255.255.255 255.255.255.255 255.255.255.255
255.255.255.255 255.255.255.255 On-Link 172.25. 31.86 4501
255.255.255.255 255.255.255.255 On-link 192.168.137.1 4501
255.255.255.255 255.255.255.255 On-link XXXB 5739 255.255.255.255
255.255.255.255 On-link 10.1.108.167 276
===============================================
Constants routes:
No
routes with a lower metric tap interface
List of interfaces
17...14 da e9 21 2e 77 ......Realtek PCIe GBE Family Controller
9...00 15 e9 ef a5 1d ......D- Link DGE-528T Gigabit Ethernet Adapter
3...00 ff 7b db 59 0a ......TAP-Windows Adapter V9
43......... ......CKTV
1......................Software Loopback Interface 1
=========== ================================================= ==============
IPv4 route table
============================================= ============================
Active Routes:
Network Address Network Mask Gateway Address Interface Metric
0.0.0.0 0.0.0.0 XXXX XXXB 20
10.1. 108.167 255.255.255.255 on-link 10.1.108.167 276
10.41.0.0 255.255.0.0 XXXX XXXB 20
XXXA 255.255.255.248 on-link XXXB 276 xxxx
255.255.255.255 on-link 10.1.108.167 20
xxxb 255.255.255.255 On-Link XXXB 276
xxxc 255.255.255.255 On-link XXXB 276
127.0.0.0 255.0.0.0 On-Link 127.0.0.1 4531
127.0.0.1 255.255.255.255 On-Link 127.0.0.1 4531
127.255.255.255 255.255.255.255 On-Link 127.0.0.1 4531
172.25.0.0 255.255.0.0 172.25.31.1 172.25. 31.86 4246
172.25.31.0 255.255.255.0 On-link 172.25.31.86 4501
172.25.31.86 255.255.255.255 on-link 172.25.31.86 4501
172.25.31.255 255.255.255.255 255.255.255.255 On-Link 172.25.31.86 4501
192.168.137.0 255.255.255.0 On- LINK 192.168.137.1 4501
192.168.137.1 255.255.255.255 On-link 192.168.137.1 4501
192.168.137.255 255.255.255.255 On-Link 192.168.137.1 4501
224.0.0.0 240.0.0.0 On-Link 127.0.0.1 4531
224.0.0.0 240.0.0.0 On-Link 172.25.31.86 4501
224.0.0.0 240.0.0.0 On-Link 192.168. 137.1 4501
224.0.0.0 240.0.0.0 ON-LINK XXXB 276
224.0.0.0 240.0.0.0 On-Link 10.1.108.167 21
255.255.255.255 255.255.255.255 255.255.255.255 255.255.255.255 255.255.255.255 255.255.255.255
255.255.255.255 255.255.255.255. 31.86 4501
255.255.255.255 255.255.255.255 On-link 192.168.137.1 4501
255.255.255.255 255.255.255.255 On-link XXXB 276
255.255.255.255 255.255.255.255 On-link 10.1.108.167
276 ===============================================
Constants routes:
None
10.1.108.167 - ip address from operator
172.25.0.0/16 - operator locale
192.168.137.0/24 - home locale
XXXX - openvpn server address
XXXA - first rip address
XXXB - received address when connecting
XXXС - broadcast address

Answer the question

In order to leave comments, you need to log in

1 answer(s)
K
kalach_89, 2015-09-28
@kalach_89

was able to decide.
replaced push "redirect-gateway" with push "redirect-gateway def1". Before connecting via vpn, I lowered the metric of the tap adapter below the metric of the main interface. After connecting, the route 0.0.0.0 mask 128.0.0.0 appeared through GW vnp and through the Tap adapter.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question