I cannot get GPO to apply to a machine over a VPN. We are using OpenVPN that is part of our corporate firewall. The openvpn client on the remote machine is configured to connect to the corporate network on computer start-up. With this configuration I can joint the domain, manually run scripts to map network drives, log on with domain credentials and i can even ping the remote machine from the corporate lan. But GPO is not applying. I modified a policy and enabled detect slow links. Do I need to do this on every policy or just one in that OU?
Also note that the remote machine gets an IP address in a different range than the corporate LAN and the firewall/openvpn server handles routing (LAN ip 192.169.x.x and VPN 172.16.x.x). I can do a tracert from both ends and get there in 2 hops so I don't see routing an issue. Is there some other setting in Windows 2000 AD/DC that needs to be set to allow GPO over a different IP than the DC itself?
OpenVPN installs a TAP-Win32 adapter in the client machine and the DNS address is set to the IP address of the DC.
From the remote machine I can ping both lan IP and lan FQDN.