Opened 3 years ago

Closed 6 weeks ago

#1065 closed Bug / Defect (invalid)

OpenVPN 2.4.6 Not NAT on Windows Server 2012 R2

Reported by: frans_a4 Owned by:
Priority: major Milestone:
Component: Generic / unclassified Version: OpenVPN 2.4.6 (Community Ed)
Severity: Not set (select this one, unless your'e a OpenVPN developer) Keywords:


OpenVPN 2.4.6 (server-mod) on Windows Server 2012 R2-x64 connects but Not NAT Or there is a problem with TAP driver, And Clients are connected but they do not have the Internet.

More Tests:

Windows Server 2012 R2-64 / OpenVPN-Server Mod:
openvpn-install-2.4.6-I601.exe : Clients can Conncet to open-vpn server but not have any ping Or ability to open the web-page.

openvpn-install-2.4.6-I602.exe : Clients can Conncet to open-vpn server but not have any ping Or ability to open the web-page.

openvpn-install-2.3.14-I601-x86_64.exe : works Fine

openvpn-install-2.3.18-I602-x86_64.exe : works Fine

Windows Server 2016 Standard / OpenVPN-Server Mod:
openvpn-install-2.4.6-I602.exe : works Fine

Change History (5)

comment:1 Changed 3 years ago by Gert Döring

Where is the server running? Who is supposed to do the NAT? Please provide configs and logs of the device that should do the NAT.

OpenVPN is normally not doing NAT at all on the server side, so this bug report is lacking many details to understand what is going on.

comment:2 Changed 3 years ago by frans_a4

I've been NAT with routing and remote access on Windows Server 2012 R2 And set IPEnableRouter=1 in windows registry. routing and remote access-Service is also Started after OpenVPN-Service.
The primary network card (which has the Internet) receives the IP from the DHCP.

OpenVPN 2.4.6-I602-Config:

proto tcp
port 1194
dev tun
route-metric 1
ca "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\server.crt"
key "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\server.key"
dh "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\dh4096.pem"
push "redirect-gateway def1"
push "dhcp-option DNS"
push "dhcp-option DNS"
keepalive 10 120
route-delay 2
tap-sleep 3
status openvpn-status.log
verb 3


dev tun
proto tcp
remote <SERVER-IP> 1194
resolv-retry infinite
route-delay 1 3
verb 3



Last edited 3 years ago by frans_a4 (previous) (diff)

comment:3 Changed 3 years ago by Selva Nair

As 2.3 works but 2.4 does not, NAT is unlikely to be the issue. Look at the server and clients logs (at verb = 4) for any possible errors. Is it only external access that is affected? -- can a client successfully ping the server IP? What version does the client run?

Last edited 3 years ago by Selva Nair (previous) (diff)

comment:4 Changed 3 years ago by Antonio

@frans_a4 is this still an issue? If so, any chance you could provide the information asked by selvanair?

comment:5 Changed 6 weeks ago by Gert Döring

Milestone: release 2.4.6
Resolution: invalid
Status: newclosed
Version: OpenVPN 2.4.6 (Community Ed)

We can't fix anything without the requested information.

(Especially if 2.4.6 works fine on Server 2016 but not on 2012r2, it's unlikely to be an OpenVPN issue)

Note: See TracTickets for help on using tickets.