Hi On Wed, Jul 1, 2020 at 11:21 AM Marco De Vitis <starl...@mdv.eu> wrote: > > Hi, > I use OpenVPN client 2.4.9 on Windows 10 (v2004), and I have issues with the > Network Location Awareness (NLA) Windows service. > > The issue is essentially described here, even though it dates back to Windows > 7: > https://docs.microsoft.com/it-it/archive/blogs/the_microsoft_excel_support_team_blog/office-2013-reports-no-internet-connectivity-with-vpn-connection > > My symptoms are the same: when I connect to my company VPN using OpenVPN, > soon or later (maybe after minutes, maybe hours) the NLA service decides that > no internet access is available, I get the "no internet access" tray icon, > and some applications do not work as they should, notably Spotify and Office > 365 in my case. Nevertheless, all other applications work fine and I can > successfully access the web and my company LAN. But those apps refusing to > connect are very annoying.
This is surprising as the routing table shows you are not using redirect-gateway and, except for some server side internal networks and one or two external addresses, all targets are routed in clear via the LAN gateway. > > This is the "ipconfig /all" output when connected to the VPN: > > Configurazione IP di Windows > > Nome host . . . . . . . . . . . . . . : <pcname> > Suffisso DNS primario . . . . . . . . : <companyname>.local > Tipo nodo . . . . . . . . . . . . . . : Ibrido > Routing IP abilitato. . . . . . . . . : No > Proxy WINS abilitato . . . . . . . . : No > Elenco di ricerca suffissi DNS. . . . : <companyname> > > Scheda Ethernet Ethernet: > > Stato supporto. . . . . . . . . . . . : Supporto disconnesso > Suffisso DNS specifico per connessione: > Descrizione . . . . . . . . . . . . . : Realtek PCIe GbE Family Controller > Indirizzo fisico. . . . . . . . . . . : 3C-2C-30-E6-30-91 > DHCP abilitato. . . . . . . . . . . . : Sì > Configurazione automatica abilitata : Sì > > Scheda sconosciuta OpenVPN: > > Suffisso DNS specifico per connessione: <companyname> > Descrizione . . . . . . . . . . . . . : TAP-Windows Adapter V9 > Indirizzo fisico. . . . . . . . . . . : 00-FF-98-72-CE-0F > DHCP abilitato. . . . . . . . . . . . : Sì > Configurazione automatica abilitata : Sì > Indirizzo IPv6 locale rispetto al collegamento . : > fe80::94e8:b4ce:f66f:19ab%20(Preferenziale) > Indirizzo IPv4. . . . . . . . . . . . : 172.28.254.241(Preferenziale) > Subnet mask . . . . . . . . . . . . . : 255.255.255.0 > Lease ottenuto. . . . . . . . . . . . : mercoledì 1 luglio 2020 13:07:27 > Scadenza lease . . . . . . . . . . . : giovedì 1 luglio 2021 13:07:26 > Gateway predefinito . . . . . . . . . : > Server DHCP . . . . . . . . . . . . . : 172.28.254.254 > IAID DHCPv6 . . . . . . . . . . . : 268500888 > DUID Client DHCPv6. . . . . . . . : > 00-01-00-01-24-FE-F3-1A-3C-2C-30-E6-30-91 > Server DNS . . . . . . . . . . . . . : 172.28.254.1 That is the DNS server set on the TAP interface by the VPN. Check whether it's capable of resolving external addresses. Probably what you see is due to inconsistent DNS resolution. I can't say why it works for a while and only some services are affected, but it could happen if 172.28.254.1 gives bogus results for some domains. In particular, see whether "nslookup dns.msftncsi.com 172.28.254.1" resolves to 131.107.255.255 although that may not be conclusive. > And here it the output of "route print": > > =========================================================================== > Elenco interfacce > 16...3c 2c 30 e6 30 91 ......Realtek PCIe GbE Family Controller > 20...00 ff 98 72 ce 0f ......TAP-Windows Adapter V9 > 4...4a 5f 99 1a 44 c7 ......Microsoft Wi-Fi Direct Virtual Adapter > 21...5a 5f 99 1a 44 c7 ......Microsoft Wi-Fi Direct Virtual Adapter #2 > 17...48 5f 99 1a 44 c7 ......Qualcomm QCA9377 802.11ac Wireless Adapter > 1...........................Software Loopback Interface 1 > 61...00 15 5d 9c 2e 02 ......Hyper-V Virtual Ethernet Adapter > =========================================================================== > > IPv4 Tabella route > =========================================================================== > Route attive: > Indirizzo rete Mask Gateway Interfaccia Metrica > 0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.27 35 > 10.3.64.0 255.255.192.0 172.28.254.1 172.28.254.241 259 > 10.3.66.0 255.255.255.0 172.28.254.1 172.28.254.241 259 > 10.3.67.0 255.255.255.0 172.28.254.1 172.28.254.241 259 > 10.3.68.0 255.255.252.0 172.28.254.1 172.28.254.241 259 > 10.3.72.0 255.255.255.128 172.28.254.1 172.28.254.241 259 > 90.84.191.96 255.255.255.255 172.28.254.1 172.28.254.241 259 > > 127.0.0.0 255.0.0.0 On-link 127.0.0.1 331 > 127.0.0.1 255.255.255.255 On-link 127.0.0.1 331 > 127.255.255.255 255.255.255.255 On-link 127.0.0.1 331 > 131.176.235.153 255.255.255.255 172.28.254.1 172.28.254.241 259 > 172.28.254.0 255.255.255.0 On-link 172.28.254.241 259 > 172.28.254.241 255.255.255.255 On-link 172.28.254.241 259 > 172.28.254.255 255.255.255.255 On-link 172.28.254.241 259 > 172.30.0.0 255.255.0.0 172.28.254.1 172.28.254.241 259 > 172.31.0.0 255.255.0.0 172.28.254.1 172.28.254.241 259 > 192.168.1.0 255.255.255.0 On-link 192.168.1.27 291 > 192.168.1.27 255.255.255.255 On-link 192.168.1.27 291 > 192.168.1.255 255.255.255.255 On-link 192.168.1.27 291 > 192.168.112.0 255.255.240.0 On-link 192.168.112.1 5256 > 192.168.112.1 255.255.255.255 On-link 192.168.112.1 5256 > 192.168.127.255 255.255.255.255 On-link 192.168.112.1 5256 > 192.168.151.0 255.255.255.0 172.28.254.1 172.28.254.241 259 > 192.168.250.0 255.255.255.0 172.28.254.1 172.28.254.241 259 > 224.0.0.0 240.0.0.0 On-link 127.0.0.1 331 > 224.0.0.0 240.0.0.0 On-link 192.168.1.27 291 > 224.0.0.0 240.0.0.0 On-link 192.168.112.1 5256 > 224.0.0.0 240.0.0.0 On-link 172.28.254.241 259 > 255.255.255.255 255.255.255.255 On-link 127.0.0.1 331 > 255.255.255.255 255.255.255.255 On-link 192.168.1.27 291 > 255.255.255.255 255.255.255.255 On-link 192.168.112.1 5256 > 255.255.255.255 255.255.255.255 On-link 172.28.254.241 259 > =========================================================================== Only two public IPs are redirected via VPN and neither should impact NLA or any of the services like spotify you mentioned. Selva _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
