Windows - public versus private network adapters

With Windows Vista and 7, Microsoft introduced the concept of network classes. Network interfaces can be part of a Private or Public network. When using OpenVPN, one must be careful in which type of network the adapter is placed. By default, OpenVPN's TAP-Win32 adapter is placed in a Public network, which has a side-effect that it is not possible to mount file shares. In this recipe, we will show how to change the network type so that the trusted services such as file sharing are possible over a VPN connection. While this has little to do with configuring the OpenVPN per se, this issue comes up often enough to warrant a recipe.

Getting ready

Set up the client and server certificates using the first recipe from Chapter 2Client-server IP-only Networks. For this recipe, the server computer was running CentOS 6 Linux and OpenVPN 2.3.11. The client computer was running Windows 7 SP1 and OpenVPN 2.3.11. Keep the configuration file, basic-udp-server.conf, from the Server-side routing recipe in Chapter 2Client-server IP-only Networks at hand. For the client, keep the configuration file, basic-udp-client.ovpn, from the Using an ifconfig-pool block recipe in Chapter 2Client-server IP-only Networks at hand.

How to do it...

  1. Append the following line to the basic-udp-server.conf file:
            push "route 0.0.0.0 0.0.0.0 vpn_gateway 300" 
    
  2. Save it as example9-7-server.conf. Start the server:
    [root@server]# openvpn --config example9-7-server.conf
    
  3. On the Windows client, launch the OpenVPN GUI.
  4. After the VPN connection is established, a window will pop up asking you what type of network this is. For Windows 7, you can choose HomeWork, or Public; for Windows 8+, the choice is either Private or Public.
  5. Select the Work network, and then open the Network and Sharing Center:
    How to do it...

How it works...

With Windows 7+, each network type has different access rights. The network type with the fewest rights is Public, which means that the applications can set up TCP/IP connections, but they cannot access any of the resources available in the Work or Private networks, such as local printers and the local disks. When sharing resources that are on the same network as the OpenVPN client, this can become an issue.

Windows determines the type of network by looking at whether a default gateway is present for that network. If no default gateway is specified, the network is considered to be untrustworthy and hence it is made public. There is no option to easily change this afterward.

To overcome this peculiarity, we supply a default gateway with a very high metric:

push "route 0.0.0.0 0.0.0.0 vpn_gateway 300" 

Using a very high metric, we avoid the problem that all network traffic is routed over the VPN, which can lead to biting-your-own-tail problems.

See also

  • The Windows - elevated privileges recipe earlier in this chapter, which explains in more detail about how to run the OpenVPN GUI application with elevated privileges
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.217.40.118