VPN client side issues

[jrhoops]

Hello,

I have asus ac88u running merlin and openvpn server. My clients connect successfully but are unable to ping or RDP to certain (seemingly random) machines.

192.168.1.0 is inside interface. 10.8.0.0 is vpn interface. They can ping pretty much everything but a few select desktops and are unable to RDP to those desktops. I can ssh into the router from the VPN and successfully ping those same devices. I can connect via TAP and successfully ping and RDP to those desktops, it just seems that tun mode randomly fails to route certain addresses back.

This is a relatively flat network and none of the devices that are unreachable have any hardware in common (switch, cables, make, model, OS). I am stumped as to any utilities or commands to run from the router side of things to see what is happening to this traffic. Any advice?

 

[jrhoops]

 

[Xentrk]

Hello,

I have asus ac88u running merlin and openvpn server. My clients connect successfully but are unable to ping or RDP to certain (seemingly random) machines.

192.168.1.0 is inside interface. 10.8.0.0 is vpn interface. They can ping pretty much everything but a few select desktops and are unable to RDP to those desktops. I can ssh into the router from the VPN and successfully ping those same devices. I can connect via TAP and successfully ping and RDP to those desktops, it just seems that tun mode randomly fails to route certain addresses back.

This is a relatively flat network and none of the devices that are unreachable have any hardware in common (switch, cables, make, model, OS). I am stumped as to any utilities or commands to run from the router side of things to see what is happening to this traffic. Any advice?

Do you have these boxes checked on the server?

 

[jrhoops]

yes, I also have additional options configured to push domain and additional dns. I believe I have it narrowed down to corrupt firewall settings on some client machines, this explains the randomness of it.

 

[yorgi]

yes, I also have additional options configured to push domain and additional dns. I believe I have it narrowed down to corrupt firewall settings on some client machines, this explains the randomness of it.

Take a look at my article in the part B section, I explain how to create a firewall rule on a windows PC in order to RDP and file shares
https://www.snbforums.com/threads/h...with-asus-routers-380-67-updated-07-19.33638/

 

[jrhoops]

Yes sir, I did read that article and that is what encouraged me to look into the firewall issue. So it turned out to be kaspersky firewall being enabled and taking over the windows firewall service. I opted to disable the kaspersky firewall in order to restore gpo capabilities for the windows firewall. I'm not sure how only 10 or so PCs end up with this change. Rookie move on my part for overlooking something that obvious/simple. All is well but on the bright side it did encourage me to enable both server processes to provide both TAP and TUN options.