Windows 10 OpenVPN Client connects but can't access anything

Please, could you show the Windows 10 client's routing table while connected?

C:\> route print

According to the client log, the OpenVPN client did not add a static route to the OpenVPN server through the original default gateway (the one used before the connection establishes). This prevents OpenVPN client packets from reaching the server, because of the absence of a route to it. I suggest you to change the server config, replacing the line:

push "redirect-gateway local def1"

With one of these:

push "redirect-gateway autolocal def1"

push "redirect-gateway def1"

Reference:

  $ man 8 openvpn


   --redirect-gateway flags...
          Automatically execute routing commands to cause all outgoing IP traffic to be redirected over the VPN.  This is a client-side option.

          This option performs three steps:

          (1) Create a static route for the --remote address which forwards to the pre-existing default gateway.  This is done so that (3) will not create a routing loop.

          (2) Delete the default gateway route.

          (3) Set the new default gateway to be the VPN endpoint address (derived either from --route-gateway or the second parameter to --ifconfig when --dev tun is specified).

          When the tunnel is torn down, all of the above steps are reversed so that the original default route is restored.

          Option flags:

          local  --  Add the local flag if both OpenVPN servers are directly connected via a common subnet, such as with wireless.  The local flag will cause step 1 above to be omit‐
          ted.

          autolocal -- Try to automatically determine whether to enable local flag above.

          def1 -- Use this flag to override the default gateway by using 0.0.0.0/1 and 128.0.0.0/1 rather than 0.0.0.0/0.  This has the benefit of overriding but not wiping  out  the
          original default gateway.

          bypass-dhcp  --  Add  a  direct  route  to the DHCP server (if it is non-local) which bypasses the tunnel (Available on Windows clients, may not be available on non-Windows
          clients).

          bypass-dns -- Add a direct route to the DNS server(s) (if they are non-local) which bypasses the tunnel (Available on Windows clients, may not be available  on  non-Windows
          clients).

          block-local  --  Block  access to local LAN when the tunnel is active, except for the LAN gateway itself.  This is accomplished by routing the local LAN (except for the LAN
          gateway address) into the tunnel.

          ipv6 -- Redirect IPv6 routing into the tunnel.  This works similar to the def1 flag, that is, more specific IPv6 routes are added (2000::/4, 3000::/4), covering  the  whole
          IPv6 unicast space.

          !ipv4 -- Do not redirect IPv4 traffic - typically used in the flag pair ipv6 !ipv4 to redirect IPv6-only.

With older versions of the OpenVPN-GUI, this was a symptom of the OpenVPN.exe file not running with administrative privileges, which were required in order to make changes to the routing table.

Connect and check the routing table with netstat -rn. If routes to your remote network(s) are not present, find the openvpn.exe binary and change it so that it runs as an Administrator.


It may sound obvious, but have you tried disabling firewall in Windows 10? Another option is to double-check your addressing as according to your log it seems that your gateway address is 10.8.0.5, not 10.8.0.1.

Tags:

Windows 10

Openvpn

Recent Posts