The title of this recipe may not seem related to routing issues, but the Windows network location depends on routing to work. Starting with Windows Vista, Microsoft introduced the concept of network locations. By default, there are multiple network locations: Home, Work and Public for Windows 7 and Private and Public for Windows 8 and above. These network locations apply to all network adapters, including OpenVPN's virtual TAP-Win network adapter.
The Home network location is intended for a home network. Similarly, the Work network location also provides a high level of trust at work, allowing the computer to share files, connect to printers and so on. In Windows 8 and above, the Home and Work network locations are merged together to become the trusted Private network location. The Public network location is not trusted and access to network resources is restricted by Windows, even when the Windows firewall is disabled.
The routing properties of an OpenVPN setup determine whether the TAP-Win adapter is trusted or not, and thus whether file sharing is allowed. In this recipe, we will show how to change an OpenVPN setup so that the network location can be altered.
Set up the client and server certificates using the first recipe from Chapter 2, Client-server IP-only Networks. For this recipe, the server computer was running CentOS 6 Linux and OpenVPN 2.3.11. The client was running Windows 7 64bit and OpenVPN 2.3.11. Keep the configuration file example2-7-server.conf
from the Redirecting the default gateway recipe from Chapter 2, Client-server IP-only Networks at hand, as well as the client configuration file basic-udp-client.ovpn
from the Using an ifconfig-pool block recipe from Chapter 2, Client-server IP-only Networks.
example-2-7-server.conf
: [root@server]# openvpn --config example2-7-server.conf
def1
from the push redirect-gateway def1
line:push "redirect-gateway"
VPN
.Even though all network traffic is routed over the VPN (using redirect-gateway def1
) Windows does not trust the VPN adapter and hence will refuse full access over the VPN tunnel. Windows will only trust a network adapter if it advertises a default gateway (0.0.0.0/0), or the network adapter must be part of a Windows domain. This can be fixed by changing the server configuration to use:
push "redirect-gateway"
3.141.201.106