Windows 11 TAP won't come up.So routes and tunnel fail

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • jngreene
    Junior Member
    • Oct 2024
    • 4
    #1

    Windows 11 TAP won't come up.So routes and tunnel fail

    Unless my decades of troubleshooting fail me.. The following error seems to be the root of the problem which results in the TUN/Tap device never reaching an up state, the wait timing out and failing route statements (cascading errors) and ultimately failure..

    OS/Software data
    Code:
    Server 2.5.9; Fedora 40
Client 2.5.9 with OpenVpn GUI 11.31.0.0; Windows 11 Home 23H2
    Most pertinent Errors (Scrubbed full log available upon request).
    Code:
    Set TAP-Windows TUN subnet mode network/local/netmask = 10.69.0.0/10.69.0.1/10.69.0.2 [SUCCEEDED]
Notified TAP-Windows driver to set a DHCP IP/netmask of 10.69.0.1/10.69.0.2 on interface {875FFDB8-8C40-40B3-96F7-9D602F148D2C} [DHCP-serv: 10.69.0.0, lease-time: 31536000]
DHCP option string: 0f0e6772 65656e65 6d797374 2e636f6d 06080a00 0001d043 dcdc
​
    It appears that from somewhere it is getting the idea that with 10.69.0.1/10.69.0.2 is an IP netmask pair instead of a <gateway>/<ip> routing pair.

    Client.config is
    Code:
    client
port 1194
dev tun
remote <server hostname>
# TLS parms
ca "<path_to_file>ca.crt"
cert "<path_to_file>CaptainsReadyRoom.crt"
key "<path_to_file>CaptainsReadyRoom.key"
tls-auth "<path_to_file>ta.key" 1
remote-cert-tls server
tls-client
pull
verb 4​
    ccd/CaptainsReadyRoom file for the client on the server is:
    Code:
    ifconfig-push 10.69.0.1 10.69.0.2
    Uncommented lines of server.conf file is:
    Code:
    cd /etc/openvpn/
local <server_inet_exposed_addess>
port 1194
proto udp
dev tun
ca <path_to_file>ca.crt
cert <path_to_file>server.crt
key <path_to_file>server.key
dh <path_to_file>dh.pem
topology subnet
server 10.69.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
client-config-dir ccd
route 10.69.0.0 255.255.255.252
push "route <internal subnet1> 255.255.255.0"
push "route <internal subnet2> 255.255.255.0"
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DOMAIN greenemyst.com"
push "dhcp-option DNS <internal DNS>"
push "dhcp-option DNS 208.67.220.220"
client-to-client
keepalive 10 120
tls-auth <path_to_file>ta.key 0
data-ciphers AES-256-GCM
max-clients 10
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
log-append  openvpn.log
verb 3
explicit-exit-notify 1
    Suggestions please?
    Tags: 2.5.9, windows 11 client
    • RemoteOne
      Junior Member
      • Dec 2024
      • 6
      #2
      I think your issue is your ccd file.

      The documentation for ifconfig-push states ...
      --ifconfig-push args
      Push virtual IP endpoints for client tunnel, overriding the --ifconfig-pool dynamic allocation.

      Valid syntax:
      ifconfig-push local remote-netmask [alias]


      The parameters local and remote-netmask are set according to the --ifconfig directive which you want to execute on the client machine to configure the remote end of the tunnel. Note that the parameters local and remote-netmask are from the perspective of the client, not the server. They may be DNS names rather than IP addresses, in which case they will be resolved on the server at the time of client connection.
      so your

      ifconfig-push 10.69.0.1 10.69.0.2

      is telling the client to configure itself with IP address 10.69.0.1, and that the subnet mask at the server side is 10.69.0.2

      Also, the server would usually configure itself on the first IP address (10.69.0.1) so you should not be telling the client to use that address. It would create a duplicate address when the connection tried to start.

      I have not used the command myself, but I suspect you should be pushing

      ifconfig-push 10.69.0.2 255.255.255.0

      or something similar.

        Comment

        Previous template Next
        Working...
        😀
        😂
        🥰
        😘
        🤢
        😎
        😞
        😡
        👍
        👎