OpenVPN TUN Adapter and Windows 7's Firewall
Greetings, I am writing to determine what exactly is going on with a connection I'm having and to get more information on how the Windows 7 multiple active firewall profiles works? Goals: -To lock down any network I physically connect to (be it wireless or wired) to a heavily restricted public firewall profile (HTTPS out, HTTP out, ICMP out, DNS out, VPN OUT). -Once connected to the VPN which provides me a default route to the internet over the VPN connection, to apply a more relaxed private profile which allows more connectivity. Using OpenVPN 2.1 RC19, I am able to connect to my VPN connection and get internet access appropriately when the firewall is turned off, however, for some reason the Windows Firewall is not detecting the network properly. Under Network & Sharing Center, Windows identifies the network as an unidentified network. After doing some research, I've read that this occurs due to Windows using the MAC of the default gateway of that network for identification. OpenVPN doesn't do this by default, instead creating more specific routes to the internet than Windows has for routing. It adds the following "default" routes: route 0.0.0.0 mask 128.0.0.0 int 10.8.0.10 gw 10.8.0.9 I can fix this by applying a default gateway to the TAP/TUN Adapter, and Windows then "identifies" the network, but the Public profile is still applying to it--even though I identified it as a work/private network. I even went in to the windows firewall options and unchecked the public option from affecting "Local Area Connection 2" (the TUN connection), but it still insists on applying. Does anyone have any information on this or could help me figure out how to fix this?
September 16th, 2009 3:54pm

Hi Nicholas, OpenVPN has asked me to contact you guys. I'm more than willing to convince them that it is their software that is the problem (and I'm 99% sure it is), but unfortunately finger pointing doesn't exactly solve the problem I'm having. I've further elaborated on my configuration in another thread. http://social.technet.microsoft.com/Forums/en/w7itpronetworking/thread/b9cd4de4-274e-45b4-95e3-94ac13127b37 Any help would be really useful to try and figure this out.
Free Windows Admin Tool Kit Click here and download it now
October 20th, 2009 10:49am

I'm experiencing the same problem. My analysis indicates this is an issue with the way Windows attempts to identify networks without a default gateway. See http://social.technet.microsoft.com/Forums/en-IE/w7itpronetworking/thread/5e9a21ae-a116-4584-a917-2a0c244e0de7 .
October 22nd, 2009 1:22pm

Hi, the only way I could let OpenVPN run as it should was to disable firewall completely on the TUN/TAP adapter.If not, even thought access to the vpn was ok from the client to the vpn network, no access was enabled to the client by the vpn networl, becausewindows firewall was blocking any access to the "considered public and unidentified network"...To do this, Windows7 needs you to specify it "per profile", instead of "per NIC" as before.So, go to Windows Firewall, Advanced Settings, Windows Firewall Properties. Here you can customize network protection for each profile.Go into every profile and customize it by disabling it on the TUN/TAP adapter.To me, this solved any problem.Anyway, I consider it a stupid choice to let the system decide it is a public network based on the absence of a local default gateway...who says you needa default gateway to acess a specific private network?? At least, it should let me decide and change it.Bah!Gabriele.
Free Windows Admin Tool Kit Click here and download it now
March 13th, 2010 5:49am

I fixed the problem by changing the TAP-Win32 network adapter setting "Media Status" from "Application Controlled" to "Always Connected" This can be found in Network Connections and right clicking on the TAP-Win32 adapter and choosing properties. Choose "Configure..." the TAP-Win32 adapter and then click on the "Advanced" tab. No firewall changes needed and also works on Windows 8 gmaydude, I appreciate if you could provide your OpenVPN client config and TAP config. Running Windows 8 and I've tried numerous "solutions" but still get Unidentified Network. Best, Bill
September 5th, 2012 7:43am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics