Preface

This post is about a known issue with Astaro SSL VPN client installed on Windows Vista and Windows 7. You can install and run the application, make a connection to the Astaro Firewall, but you can not access the internal network. In order to create a path to the Internal network a dos command “route add destination mask gateway interface metric” should be executed after connecting to the Astaro Firewall. Running this command in dos prompt will show an error message that elevation is needed. Windows Vista/7 requires re-validation before running dangers commands to prevent malicious software installations.

Solution 1:
One way to go is to run Astaro VPN client application by right click on the .exe file and chooses Run As Administrator, Windows will ask you to approve this. Now try to connect to your Internal network.

Solution 2 (worked on Windows 7 Starter version and may not work with other win 7 versions:
I found a small VB script that can do the trick and run the application automatically. You will need to tweak it your needs.

<-SCRIPT->
set WshShell = WScript.CreateObject(“WScript.Shell”)
WshShell.run “runas /user:computer_name\User_name %comspec%” ‘Open command prompt
WScript.Sleep 500 ‘ wait for the above command to complete
WshShell.SendKeys “Password” ‘send password
WshShell.SendKeys “{ENTER}”
WScript.Sleep 1000 wait for the above command to complete
‘ Open Astaro vpn client
WshShell.SendKeys Chr(34) + “C:\Program Files\Astaro\Astaro SSL VPN Client\bin\openvpn-gui” + Chr(34)
WshShell.SendKeys “{ENTER}”
WshShell.SendKeys “exit” ‘Close command prompt
WshShell.SendKeys “{ENTER}”
WScript.Sleep 200
set wshshell = nothing

<- END SCRIPT ->

Open a new text document and copy and paste the above code, save the file as VPN.vbs. Make changes to computer name, user name, password, and time to wait for each command (Don’t make it too smaller than 500)
Before you run make sure the program is not running by checking the toolbar, otherwise you will get an error message.
Next we need to stop the program from running at boot time, to do so run the command msconfig, click the services tab and locate the Astaro application, and uncheck the box, save and exit.
Restart the system to make sure it’s clean. Now double click VPN.vbs. Connect to the Firewall and try to ping the internal network.

Done!

Will post a new update regarding this issue.

Updates 12/16/2010:

On Windows XP you will have the same issue as described above, the solution can as stated above or to add the user to the Network group, this will give the user the right permission to run the command “route add”.

Please note: the above solution won’t work on Windows 7 machines.

———————————————-END UPDATE 12/16/2010—————————————————-

Updating...