Windows – OpenVPN used to work, now can’t ping 10.8.0.1

openvpnwindowswindows-server-2012

Please help!

I had OpenVPN configured and working on a server 2012 with windows clients. After a restart I can't ping 10.8.0.1 anymore – neither on client nor server.

It's unlikely that config's been changed. What MAY have changed is the IP's of the client. I think they used to be .4 and .8 (as in ipp.txt). Now they're .6 and .10 but I can't get them back. It could be that they really were .6 and .10 when everything was working also.

One more thing MAY be different on the server log file, compared to an old saved log file that I know worked:

Thu Aug 11 15:14:22 2016 C:\WINDOWS\system32\route.exe ADD 10.8.0.0 MASK 255.255.255.0 10.8.0.2
Thu Aug 11 15:14:22 2016 Warning: route gateway is not reachable on any active network adapters: 10.8.0.2
Thu Aug 11 15:14:22 2016 Route addition via IPAPI failed [adaptive]
Thu Aug 11 15:14:22 2016 Route addition fallback to route.exe
OK!

That used to be:

Fri May 27 18:16:54 2016 C:\WINDOWS\system32\route.exe ADD 10.8.0.0 MASK 255.255.255.0 10.8.0.2
Fri May 27 18:16:54 2016 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Fri May 27 18:16:54 2016 Route addition via IPAPI succeeded [adaptive]

The route is there though, according to route print.

As I said, I can't be absolutely sure any of these clues have anything to do with it.

Thank you!

Edit:

I've never had this in my config before:

route-method exe
route-delay 2

But I tried it following the advice of @cormpadre. The log now shows

Thu Aug 11 15:56:48 2016 C:\WINDOWS\system32\route.exe ADD 10.8.0.0 MASK 255.255.255.0 10.8.0.2
OK!

but still no ping.

Edit 2 – Experiments with Wireshark

Got wireshark listening on both client and server, on VPN adapters and LAN/internet adapters while pinging.

Client pings 10.8.0.1.

ICMP packets on client VPN adapter. No response.

UPD packets on client LAN adapter. Getting responses.

UPD packets on server LAN adapter. Sending responses.

No packets on server VPN adapter.

Server pings 10.8.0.6 and 10.8.0.1.

I deem only control packets on server LAN adapter. These are sent regardless
and ping packets tend to be 101 bytes when they're UDP-wrapped.

Nothing on the server VPN adapter. Ever. Flat line.

Edit 3

Found out how to tune Wireshark to OpenVPN packets. Those UDP packets turned out to P_DATA_V1 types. The control packets seem to be ignored.

Best Answer

Here are the steps which resolved the issue mentioned by Martin.

  1. Backup C:\Program Files\OpenVPN\config
  2. Uninstall tap adapter and openvpn from add/remove programs
  3. Reboot computer
  4. Download and install latest OpenVpn package (openvpn-install-2.4.7-I607-Win7.exe)
  5. Copy the backup config to C:\Program Files\OpenVPN\config
  6. Start the OpenVpnService service and change to automatic startup.
  7. Check C:\Program Files\OpenVPN\log\server.log

Successful ARP Flush on interface [12] {36785BD5-BF1D-4430-90EA-1E32927ED68F}

C:\Windows\system32\route.exe ADD 10.8.0.0 MASK 255.255.255.0 10.8.0.2

ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=10 and dwForwardType=4

Route addition via IPAPI succeeded [adaptive]

  1. Connect using OpenVPN Client.

Hope that helps.

Regards,

Andy.

Related Topic