2003 2008 actualite aio amorin blade bond cleaning default disposal driver eclaire email Exchange football gaudeau grown hp IET initiator iscsi lab lead letogolais linux membrane microsoft miniport mpio multipath neuilly oil openVPN proliant recovery recycler replication result scan SCST server setup solvent SQL sqlserver target togo tool water windows

Setting up openVPN on windows

OpenVPN is an opensource project that provides VPN client and server connectivity to variety of platforms. However, there are ceratin windows specifics that prevent default configuration from working properly. Namely, the default configurations use tun interface. The issue with tun implementation on windows is that for security reason it is network-isolated with network mask 255.255.255.252 (or /32 in bit notation). This makes perfect sense as first IP is used for Network, second is Gateway, third is Client and fourth is Broadcast. The issue is that openVPN relies on TUN/TAP interface while assuming that it allows unsecured addressing.

With tun you will see, for example, your server running on .1 and client on .6 for isolation purposes, however client will understand server as .5 which server does not accept. Your ping, for example, will not return. There is a simple solution for this, howerver. Even if you force additional routes to the client, on the client those rules will be overwritten to /32 block.

Scroll down for additional info labeled How to set up openVPN properly on Windows 2003

More info: How to set up openVPN properly on Windows 2003

permanent link to article http://freecash.hogger.net/setting_up_openvpn_on_windows

You must use TAP on both server and client. Suddenly client will be able to obtain, for example, .2 IP and netmask/24 (255.255.255.0). The reason behind it is that TAP interface implements virtual network card rather than virtual connection point. There is no inherent security override in windows on virtual network cards as there is on connection point. Both server and client must use same type so you can't set up server with TUN and client with TAP, both must run TAP.