I had a problem where Windows 7 would not allow inbound connections over my openVPN tunnel. Meaning that my Windows 7 client would allow outbound and established connections but not allow inbound connections coming from openVPN network. For instance I can ping a Linux client without firewall from my W7 client, but the Linux client cannot ping the W7 client (packets get dropped by the Windows 7 firewall).
I solved this by excluding the network adapter that was created by openVPN (tun/tap adapter) from the Windows firewall public and private profiles. Basically I would like ICMP to work and RDP but all the rest I want to have secure. At the moment I just allow all incoming connections on the network. (which is private and shared by only my machines). I was wondering if this is the most sensible thing to do or if there is a way to allow incoming ping and rdp towards the TUN/TAP interface (coming from my VPN network) without allowing any other connection?
The windows clients are all running Windows 7 Professional.
To open a port on the Windows Firewall:
Open Windows Firewall by clicking the Start button Picture of the Start button, and then clicking Control Panel. In the search box, type firewall, and then click Windows Firewall.
In the left pane, click Advanced settings. Administrator permission required If you're prompted for an administrator password or confirmation, type the password or provide confirmation.
In the Windows Firewall with Advanced Security dialog box, in the left pane, click Inbound Rules, and then, in the right pane, click New Rule.
Follow the instructions in the New Inbound Rule wizard.
ICMP rules will just need to be enabled: