Opened 2 years ago

Last modified 2 years ago

#1065 new Bug / Defect

OpenVPN 2.4.6 Not NAT on Windows Server 2012 R2

Reported by: frans_a4 Owned by:
Priority: major Milestone: release 2.4.6
Component: Generic / unclassified Version:
Severity: Not set (select this one, unless your'e a OpenVPN developer) Keywords:
Cc:

Description

OpenVPN 2.4.6 (server-mod) on Windows Server 2012 R2-x64 connects but Not NAT Or there is a problem with TAP driver, And Clients are connected but they do not have the Internet.


More Tests:

Windows Server 2012 R2-64 / OpenVPN-Server Mod:
openvpn-install-2.4.6-I601.exe : Clients can Conncet to open-vpn server but not have any ping Or ability to open the web-page.

openvpn-install-2.4.6-I602.exe : Clients can Conncet to open-vpn server but not have any ping Or ability to open the web-page.

openvpn-install-2.3.14-I601-x86_64.exe : works Fine

openvpn-install-2.3.18-I602-x86_64.exe : works Fine


Windows Server 2016 Standard / OpenVPN-Server Mod:
openvpn-install-2.4.6-I602.exe : works Fine

Change History (4)

comment:1 Changed 2 years ago by Gert Döring

Where is the server running? Who is supposed to do the NAT? Please provide configs and logs of the device that should do the NAT.

OpenVPN is normally not doing NAT at all on the server side, so this bug report is lacking many details to understand what is going on.

comment:2 Changed 2 years ago by frans_a4

I've been NAT with routing and remote access on Windows Server 2012 R2 And set IPEnableRouter=1 in windows registry. routing and remote access-Service is also Started after OpenVPN-Service.
The primary network card (which has the Internet) receives the IP from the DHCP.

OpenVPN 2.4.6-I602-Config:
(Server):

proto tcp
port 1194
dev tun
route-metric 1
ca "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\server.crt"
key "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\server.key"
dh "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\dh4096.pem"
server 10.8.0.0 255.255.255.0
push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 10 120
comp-lzo
persist-key
persist-tun
route-delay 2
tap-sleep 3
status openvpn-status.log
verb 3

(client):

client
dev tun
proto tcp
remote <SERVER-IP> 1194
resolv-retry infinite
nobind
persist-key
persist-tun
route-delay 1 3
comp-lzo
verb 3

<ca>
MY CA
</ca>

<cert>
MY CERT
</cert>

<key>
MY KEY
</key>
Last edited 2 years ago by frans_a4 (previous) (diff)

comment:3 Changed 2 years ago by Selva Nair

As 2.3 works but 2.4 does not, NAT is unlikely to be the issue. Look at the server and clients logs (at verb = 4) for any possible errors. Is it only external access that is affected? -- can a client successfully ping the server IP? What version does the client run?

Last edited 2 years ago by Selva Nair (previous) (diff)

comment:4 Changed 2 years ago by Antonio

@frans_a4 is this still an issue? If so, any chance you could provide the information asked by selvanair?

Note: See TracTickets for help on using tickets.