Windows firewall doesnot allow to connect from vpn

4

2

I connect to my home asus router through openvpn. I can use internet over vpn but do not see any windows computer in local network.

For example, I can ping android, linux devices or ip camera in my local network but cannot ping windows computers. ( I can do this from local network) (My local computers have Windows 7 or Windows 10)

I assume that the problem in windows firewall, but i do not know what to do with this.

Addresses in local network have form 192.168.1.x

For openvpn client the router creates virtual network 10.8.0.x

rcv

Posted 2016-07-30T19:31:07.643

Reputation: 63

Simple test - disable the windows firewall and test a ping again. If it still does not work it is not the firewall. if it is the firewall you will need to add a rules that allows icmp packages from a certain network. – Ivan Viktorovic – 2016-07-30T20:15:36.193

Answers

7

Your windows machines will see 192.168.1.x as the "Home network" (AKA the private profile) which they trust. The 10.8.0.x range is being routed from the router, and as far as your windows machines are concerned is external (Public) and not completely trustworthy.

You can create a new inbound rule in windows advanced firewall. To do this do the following:

  • Open Windows firewall with advanced security
  • Click inbound rules on the left
  • Click New rule on the right
  • Click Custom rule
  • Specify programs or leave as all programs
  • Specify ports or leave as all ports
  • Click "These ip addresses" under remote IP
  • Click "This ip address range"
  • Type From "10.8.0.1" To "10.8.0.254"
  • Close and click Next, then leave as "Allow the connetion"
  • Apply to all profiles
  • Name it & Finish

You should then be able to connect to your home devices through your vpn

Lister

Posted 2016-07-30T19:31:07.643

Reputation: 1 185

Isn't the range of 10.0.0.0 to 10.255.255.255 private anyway? If they are blocking this range they also need to block [172.16.0.0 - 172.31.255.255] and [192.168.0.0 - 192.168.255.255]. Does MS provide some Documentation of what they are blocking? You solution worked btw Thanks! – Lars – 2017-06-16T08:56:53.483

Your correct in that all 3 ranges are private. The key is the question: are they familiar to your network? If not, they are treated as untrusted. If your subnet is 192.168.0.0/24, firewalls will generally assume you control it, and give more leeway to any machine on that subnet. This is generally referred to as the "trusted/Private/Home network". – Lister – 2017-06-16T18:32:14.340

Can this be done automatically? (using batch script without doing all these clicks?) – Pavel P – 2019-11-05T17:05:12.853

Asked: 2016-07-30T19:31:07.643

Viewed: 8 345 times

Active: 2016-08-01T11:52:59.430