The (in)famous XP SP2 + 3rd party firewall problem
Updated: March 18, 2005
There is a known problem with running OpenVPN on Windows with Service Pack 2 and some 3:e party firewalls installed.
The symptoms of the problem is that you can successfully connect to a remote server, and in the OpenVPN log you can see that you have been assigned an IP address, but OpenVPN is never able to accually assign the IP address to the TAP-Win32 interface via DHCP.
As the interface never receives any IP address additional route additions also fail. Setting the IP address manually on the TAP-Win32 interface allows the routes to be added successfully to the system, so the OpenVPN log show no errors, but it is still not possible to ping through the tunnel.
Un-installing the TAP-Win32 driver and re-installing it usually makes OpenVPN work until the machine is rebooted.
Un-installing either XP SP2 or the firewall application solves the problem. There is currently no other known way to solve this problem except testing with a newer version of the firewall, or switching to a known working firewall.
Another common fault that causes similar problems is if the DHCP Client service is not running in the machine. Make sure it does!
On this page I'll try to keep a list of known working and non-working firewalls. Please report to me if you are running OpenVPN on a machine running XP with SP2 and some firewall installed, both if it works or does not work. Please also report to me even if your firewall is already listed below. More people reporting that a particular firewall works or doesn't work is more trustworthy that a single report...
Before reporting that "It doesn't work", please test it thoughly, and make sure you can get it working by either un-installing SP2 or the firewall, so you don't have any other configuration problem.
| Firewall Name | Version | Reported Working | Reported Broken |
| F-Secure Client Security | 5.55 | 2 | 0 |
Kerio Personal Firewall |
2.1.5 | 1 | 2 |
Kerio Personal Firewall |
4.0.? | 0 | 1 |
Kerio Personal Firewall |
4.1.2 | 1 | 5 |
| SSH Sentinel | 1.4.? | 0 | 1 |
| Sygate Personal Firewall | 5.6.2808 | 1 | 0 |
| ZoneAlarm | 5.5.062.011 | 2 | 0 |