Have routing problem on my server

Business solution to host your own OpenVPN server with web management interface and bundled clients.
Post Reply
lindylex
OpenVpn Newbie
Posts: 5
Joined: Thu Oct 22, 2015 5:23 am

Have routing problem on my server

Post by lindylex » Thu Oct 22, 2015 7:33 pm

O.S. Debian jessie

ON THE SERVER

cat /etc/openvpn/server.conf

Code: Select all

dev tun
#proto tcp
proto udp
port 1194
ca /etc/openvpn/ca.crt
cert /etc/openvpn/server.crt
key /etc/openvpn/server.key
dh /etc/openvpn/dh2048.pem
user nobody
group nogroup
server 10.8.0.0 255.255.255.0
persist-key
persist-tun
status /var/log/openvpn-status.log
verb 3
client-to-client
push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
log-append /var/log/openvpn
comp-lzo
ON THE SERVER

ifconfig -a

Code: Select all

eth0      Link encap:Ethernet  HWaddr 00:0d:60:6c:39:3e  
          BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

eth1      Link encap:Ethernet  HWaddr 00:1b:2f:31:99:46  
          inet addr:192.168.1.115  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::21b:2fff:fe31:9946/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:232748 errors:0 dropped:0 overruns:0 frame:0
          TX packets:60373 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:22956697 (21.8 MiB)  TX bytes:9382931 (8.9 MiB)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:318 errors:0 dropped:0 overruns:0 frame:0
          TX packets:318 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:19283 (18.8 KiB)  TX bytes:19283 (18.8 KiB)

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          inet addr:10.8.0.1  P-t-P:10.8.0.2  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:1338 errors:0 dropped:0 overruns:0 frame:0
          TX packets:7 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100 
          RX bytes:82710 (80.7 KiB)  TX bytes:600 (600.0 B)
ON THE SERVER

cat /var/log/openvpn-status.log

Code: Select all

OpenVPN CLIENT LIST
Updated,Thu Oct 22 15:28:35 2015
Common Name,Real Address,Bytes Received,Bytes Sent,Connected Since
XXXXNAME,my.IP.my.IP:45831,12808,5642,Thu Oct 22 15:17:37 2015
ROUTING TABLE
Virtual Address,Common Name,Real Address,Last Ref
10.8.0.6,XXXXNAME,my.IP.my.IP:45831,Thu Oct 22 15:18:32 2015
GLOBAL STATS
Max bcast/mcast queue length,0
END
ON THE SERVER

cat /var/log/openvpn

Code: Select all

RTNETLINK answers: Operation not permitted
Thu Oct 22 14:52:33 2015 ERROR: Linux route delete command failed: external program exited with error status: 2
Thu Oct 22 14:52:33 2015 Closing TUN/TAP interface
Thu Oct 22 14:52:33 2015 /sbin/ip addr del dev tun0 local 10.8.0.1 peer 10.8.0.2
RTNETLINK answers: Operation not permitted
Thu Oct 22 14:52:33 2015 Linux ip addr del failed: external program exited with error status: 2
Thu Oct 22 14:52:33 2015 SIGTERM[hard,] received, process exiting
Options error: --dh fails with '/etc/openvpn/dh1024.pem': No such file or directory
Options error: Please correct these errors.
Use --help for more information.
Thu Oct 22 14:54:26 2015 OpenVPN 2.3.4 i586-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Dec  1 2014
Thu Oct 22 14:54:26 2015 library versions: OpenSSL 1.0.1k 8 Jan 2015, LZO 2.08
Thu Oct 22 14:54:26 2015 WARNING: --keepalive option is missing from server config
Thu Oct 22 14:54:26 2015 NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x.  Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
Thu Oct 22 14:54:26 2015 Diffie-Hellman initialized with 2048 bit key
Thu Oct 22 14:54:26 2015 Socket Buffers: R=[163840->131072] S=[163840->131072]
Thu Oct 22 14:54:26 2015 ROUTE_GATEWAY 192.168.1.1/255.255.255.0 IFACE=eth1 HWADDR=00:1b:2f:31:99:46
Thu Oct 22 14:54:26 2015 TUN/TAP device tun0 opened
Thu Oct 22 14:54:26 2015 TUN/TAP TX queue length set to 100
Thu Oct 22 14:54:26 2015 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Thu Oct 22 14:54:26 2015 /sbin/ip link set dev tun0 up mtu 1500
Thu Oct 22 14:54:26 2015 /sbin/ip addr add dev tun0 local 10.8.0.1 peer 10.8.0.2
Thu Oct 22 14:54:26 2015 /sbin/ip route add 10.8.0.0/24 via 10.8.0.2
Thu Oct 22 14:54:26 2015 GID set to nogroup
Thu Oct 22 14:54:26 2015 UID set to nobody
Thu Oct 22 14:54:26 2015 UDPv4 link local (bound): [undef]
Thu Oct 22 14:54:26 2015 UDPv4 link remote: [undef]
Thu Oct 22 14:54:26 2015 MULTI: multi_init called, r=256 v=256
Thu Oct 22 14:54:26 2015 IFCONFIG POOL: base=10.8.0.4 size=62, ipv6=0
Thu Oct 22 14:54:26 2015 Initialization Sequence Completed
Thu Oct 22 15:05:40 2015 68.82.29.112:37245 TLS: Initial packet from [AF_INET]68.82.29.112:37245, sid=b4fc6ac8 53cc6982
Thu Oct 22 15:05:42 2015 68.82.29.112:37245 VERIFY OK: depth=1, C=US, ST=PA, L=Upper Merion, O=UMDGC, OU=UMDGCLLC, CN=UMDGC CA, name=server, emailAddress=umdgcllc@gmail.com
Thu Oct 22 15:05:42 2015 68.82.29.112:37245 VERIFY OK: depth=0, C=US, ST=PA, L=Upper Merion, O=UMDGC, OU=UMDGCLLC, CN=dave, name=server, emailAddress=umdgcllc@gmail.com
Thu Oct 22 15:05:42 2015 68.82.29.112:37245 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Oct 22 15:05:42 2015 68.82.29.112:37245 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Oct 22 15:05:42 2015 68.82.29.112:37245 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Oct 22 15:05:42 2015 68.82.29.112:37245 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Oct 22 15:05:42 2015 68.82.29.112:37245 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Thu Oct 22 15:05:42 2015 68.82.29.112:37245 [dave] Peer Connection Initiated with [AF_INET]68.82.29.112:37245
Thu Oct 22 15:05:42 2015 dave/68.82.29.112:37245 MULTI_sva: pool returned IPv4=10.8.0.6, IPv6=(Not enabled)
Thu Oct 22 15:05:42 2015 dave/68.82.29.112:37245 MULTI: Learn: 10.8.0.6 -> dave/68.82.29.112:37245
Thu Oct 22 15:05:42 2015 dave/68.82.29.112:37245 MULTI: primary virtual IP for dave/68.82.29.112:37245: 10.8.0.6
Thu Oct 22 15:05:45 2015 dave/68.82.29.112:37245 PUSH: Received control message: 'PUSH_REQUEST'
Thu Oct 22 15:05:45 2015 dave/68.82.29.112:37245 send_push_reply(): safe_cap=940
Thu Oct 22 15:05:45 2015 dave/68.82.29.112:37245 SENT CONTROL [dave]: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route 10.8.0.0 255.255.255.0,topology net30,ifconfig 10.8.0.6 10.8.0.5' (status=1)
Thu Oct 22 15:07:46 2015 68.82.29.112:60657 TLS: Initial packet from [AF_INET]68.82.29.112:60657, sid=c521713f 43614c3d
Thu Oct 22 15:07:47 2015 68.82.29.112:60657 VERIFY OK: depth=1, C=US, ST=PA, L=Upper Merion, O=UMDGC, OU=UMDGCLLC, CN=UMDGC CA, name=server, emailAddress=umdgcllc@gmail.com
Thu Oct 22 15:07:47 2015 68.82.29.112:60657 VERIFY OK: depth=0, C=US, ST=PA, L=Upper Merion, O=UMDGC, OU=UMDGCLLC, CN=dave, name=server, emailAddress=umdgcllc@gmail.com
Thu Oct 22 15:07:47 2015 68.82.29.112:60657 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Oct 22 15:07:47 2015 68.82.29.112:60657 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Oct 22 15:07:47 2015 68.82.29.112:60657 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Oct 22 15:07:47 2015 68.82.29.112:60657 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Oct 22 15:07:47 2015 68.82.29.112:60657 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Thu Oct 22 15:07:47 2015 68.82.29.112:60657 [dave] Peer Connection Initiated with [AF_INET]68.82.29.112:60657
Thu Oct 22 15:07:47 2015 MULTI: new connection by client 'dave' will cause previous active sessions by this client to be dropped.  Remember to use the --duplicate-cn option if you want multiple clients using the same certificate or username to concurrently connect.
Thu Oct 22 15:07:47 2015 MULTI_sva: pool returned IPv4=10.8.0.6, IPv6=(Not enabled)
Thu Oct 22 15:07:47 2015 MULTI: Learn: 10.8.0.6 -> dave/68.82.29.112:60657
Thu Oct 22 15:07:47 2015 MULTI: primary virtual IP for dave/68.82.29.112:60657: 10.8.0.6
Thu Oct 22 15:07:48 2015 dave/68.82.29.112:60657 PUSH: Received control message: 'PUSH_REQUEST'
Thu Oct 22 15:07:48 2015 dave/68.82.29.112:60657 send_push_reply(): safe_cap=940
Thu Oct 22 15:07:48 2015 dave/68.82.29.112:60657 SENT CONTROL [dave]: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route 10.8.0.0 255.255.255.0,topology net30,ifconfig 10.8.0.6 10.8.0.5' (status=1)
Thu Oct 22 15:09:50 2015 68.82.29.112:58037 TLS: Initial packet from [AF_INET]68.82.29.112:58037, sid=f79f70f8 c1c233f7
Thu Oct 22 15:09:51 2015 68.82.29.112:58037 VERIFY OK: depth=1, C=US, ST=PA, L=Upper Merion, O=UMDGC, OU=UMDGCLLC, CN=UMDGC CA, name=server, emailAddress=umdgcllc@gmail.com
Thu Oct 22 15:09:51 2015 68.82.29.112:58037 VERIFY OK: depth=0, C=US, ST=PA, L=Upper Merion, O=UMDGC, OU=UMDGCLLC, CN=dave, name=server, emailAddress=umdgcllc@gmail.com
Thu Oct 22 15:09:52 2015 68.82.29.112:58037 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Oct 22 15:09:52 2015 68.82.29.112:58037 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Oct 22 15:09:52 2015 68.82.29.112:58037 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Oct 22 15:09:52 2015 68.82.29.112:58037 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Oct 22 15:09:52 2015 68.82.29.112:58037 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Thu Oct 22 15:09:52 2015 68.82.29.112:58037 [dave] Peer Connection Initiated with [AF_INET]68.82.29.112:58037
Thu Oct 22 15:09:52 2015 MULTI: new connection by client 'dave' will cause previous active sessions by this client to be dropped.  Remember to use the --duplicate-cn option if you want multiple clients using the same certificate or username to concurrently connect.
Thu Oct 22 15:09:52 2015 MULTI_sva: pool returned IPv4=10.8.0.6, IPv6=(Not enabled)
Thu Oct 22 15:09:52 2015 MULTI: Learn: 10.8.0.6 -> dave/68.82.29.112:58037
Thu Oct 22 15:09:52 2015 MULTI: primary virtual IP for dave/68.82.29.112:58037: 10.8.0.6
Thu Oct 22 15:09:53 2015 dave/68.82.29.112:58037 PUSH: Received control message: 'PUSH_REQUEST'
Thu Oct 22 15:09:53 2015 dave/68.82.29.112:58037 send_push_reply(): safe_cap=940
Thu Oct 22 15:09:53 2015 dave/68.82.29.112:58037 SENT CONTROL [dave]: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route 10.8.0.0 255.255.255.0,topology net30,ifconfig 10.8.0.6 10.8.0.5' (status=1)
Thu Oct 22 15:12:05 2015 68.82.29.112:46924 TLS: Initial packet from [AF_INET]68.82.29.112:46924, sid=756b158f ae8351af
Thu Oct 22 15:12:07 2015 68.82.29.112:46924 VERIFY OK: depth=1, C=US, ST=PA, L=Upper Merion, O=UMDGC, OU=UMDGCLLC, CN=UMDGC CA, name=server, emailAddress=umdgcllc@gmail.com
Thu Oct 22 15:12:07 2015 68.82.29.112:46924 VERIFY OK: depth=0, C=US, ST=PA, L=Upper Merion, O=UMDGC, OU=UMDGCLLC, CN=dave, name=server, emailAddress=umdgcllc@gmail.com
Thu Oct 22 15:12:07 2015 68.82.29.112:46924 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Oct 22 15:12:07 2015 68.82.29.112:46924 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Oct 22 15:12:07 2015 68.82.29.112:46924 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Oct 22 15:12:07 2015 68.82.29.112:46924 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Oct 22 15:12:07 2015 68.82.29.112:46924 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Thu Oct 22 15:12:07 2015 68.82.29.112:46924 [dave] Peer Connection Initiated with [AF_INET]68.82.29.112:46924
Thu Oct 22 15:12:07 2015 MULTI: new connection by client 'dave' will cause previous active sessions by this client to be dropped.  Remember to use the --duplicate-cn option if you want multiple clients using the same certificate or username to concurrently connect.
Thu Oct 22 15:12:07 2015 MULTI_sva: pool returned IPv4=10.8.0.6, IPv6=(Not enabled)
Thu Oct 22 15:12:07 2015 MULTI: Learn: 10.8.0.6 -> dave/68.82.29.112:46924
Thu Oct 22 15:12:07 2015 MULTI: primary virtual IP for dave/68.82.29.112:46924: 10.8.0.6
Thu Oct 22 15:12:09 2015 dave/68.82.29.112:46924 PUSH: Received control message: 'PUSH_REQUEST'
Thu Oct 22 15:12:09 2015 dave/68.82.29.112:46924 send_push_reply(): safe_cap=940
Thu Oct 22 15:12:09 2015 dave/68.82.29.112:46924 SENT CONTROL [dave]: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route 10.8.0.0 255.255.255.0,topology net30,ifconfig 10.8.0.6 10.8.0.5' (status=1)
Thu Oct 22 15:15:33 2015 68.82.29.112:36059 TLS: Initial packet from [AF_INET]68.82.29.112:36059, sid=31bb5fb8 a1df7f5b
Thu Oct 22 15:15:34 2015 68.82.29.112:36059 VERIFY OK: depth=1, C=US, ST=PA, L=Upper Merion, O=UMDGC, OU=UMDGCLLC, CN=UMDGC CA, name=server, emailAddress=umdgcllc@gmail.com
Thu Oct 22 15:15:34 2015 68.82.29.112:36059 VERIFY OK: depth=0, C=US, ST=PA, L=Upper Merion, O=UMDGC, OU=UMDGCLLC, CN=dave, name=server, emailAddress=umdgcllc@gmail.com
Thu Oct 22 15:15:34 2015 68.82.29.112:36059 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Oct 22 15:15:34 2015 68.82.29.112:36059 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Oct 22 15:15:34 2015 68.82.29.112:36059 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Oct 22 15:15:34 2015 68.82.29.112:36059 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Oct 22 15:15:34 2015 68.82.29.112:36059 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Thu Oct 22 15:15:34 2015 68.82.29.112:36059 [dave] Peer Connection Initiated with [AF_INET]68.82.29.112:36059
Thu Oct 22 15:15:34 2015 MULTI: new connection by client 'dave' will cause previous active sessions by this client to be dropped.  Remember to use the --duplicate-cn option if you want multiple clients using the same certificate or username to concurrently connect.
Thu Oct 22 15:15:34 2015 MULTI_sva: pool returned IPv4=10.8.0.6, IPv6=(Not enabled)
Thu Oct 22 15:15:34 2015 MULTI: Learn: 10.8.0.6 -> dave/68.82.29.112:36059
Thu Oct 22 15:15:34 2015 MULTI: primary virtual IP for dave/68.82.29.112:36059: 10.8.0.6
Thu Oct 22 15:15:35 2015 dave/68.82.29.112:36059 PUSH: Received control message: 'PUSH_REQUEST'
Thu Oct 22 15:15:35 2015 dave/68.82.29.112:36059 send_push_reply(): safe_cap=940
Thu Oct 22 15:15:35 2015 dave/68.82.29.112:36059 SENT CONTROL [dave]: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route 10.8.0.0 255.255.255.0,topology net30,ifconfig 10.8.0.6 10.8.0.5' (status=1)
Thu Oct 22 15:17:37 2015 68.82.29.112:45831 TLS: Initial packet from [AF_INET]68.82.29.112:45831, sid=10a6682a a6339aea
Thu Oct 22 15:17:39 2015 68.82.29.112:45831 VERIFY OK: depth=1, C=US, ST=PA, L=Upper Merion, O=UMDGC, OU=UMDGCLLC, CN=UMDGC CA, name=server, emailAddress=umdgcllc@gmail.com
Thu Oct 22 15:17:39 2015 68.82.29.112:45831 VERIFY OK: depth=0, C=US, ST=PA, L=Upper Merion, O=UMDGC, OU=UMDGCLLC, CN=dave, name=server, emailAddress=umdgcllc@gmail.com
Thu Oct 22 15:17:39 2015 68.82.29.112:45831 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Oct 22 15:17:39 2015 68.82.29.112:45831 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Oct 22 15:17:39 2015 68.82.29.112:45831 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Oct 22 15:17:39 2015 68.82.29.112:45831 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Oct 22 15:17:39 2015 68.82.29.112:45831 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Thu Oct 22 15:17:39 2015 68.82.29.112:45831 [dave] Peer Connection Initiated with [AF_INET]68.82.29.112:45831
Thu Oct 22 15:17:39 2015 MULTI: new connection by client 'dave' will cause previous active sessions by this client to be dropped.  Remember to use the --duplicate-cn option if you want multiple clients using the same certificate or username to concurrently connect.
Thu Oct 22 15:17:39 2015 MULTI_sva: pool returned IPv4=10.8.0.6, IPv6=(Not enabled)
Thu Oct 22 15:17:39 2015 MULTI: Learn: 10.8.0.6 -> dave/68.82.29.112:45831
Thu Oct 22 15:17:39 2015 MULTI: primary virtual IP for dave/68.82.29.112:45831: 10.8.0.6
Thu Oct 22 15:17:41 2015 dave/68.82.29.112:45831 PUSH: Received control message: 'PUSH_REQUEST'
Thu Oct 22 15:17:41 2015 dave/68.82.29.112:45831 send_push_reply(): safe_cap=940
Thu Oct 22 15:17:41 2015 dave/68.82.29.112:45831 SENT CONTROL [dave]: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route 10.8.0.0 255.255.255.0,topology net30,ifconfig 10.8.0.6 10.8.0.5' (status=1)
Top
Post Reply

Return to “The OpenVPN Access Server”