Help needed: OpenVPN server in TAP mode behind router

Need help configuring your VPN? Just post here and you'll get that help.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
netware5
OpenVpn Newbie
Posts: 15
Joined: Tue Apr 08, 2014 11:54 am

Help needed: OpenVPN server in TAP mode behind router

Post by netware5 » Tue Apr 18, 2017 1:50 pm

Hi guys,

I am trying to set up an OpenVPN server in TAP mode behind router, but no success so far. I am doing something wrong, but cannot understand what. Any suggestions will be highly appreciated.

Here is the description what I have and what I want to achieve.

Background
My home network is 192.168.xx.0/24. The router's LAN side IP is 192.168.xx.1. The router is RT-N66U with Merlin's 380.64 FW. The router serves as DHCP and DNS server for the whole LAN. An OpenVPN 2.3.14 server is listening on router's WAN side. The OpenVPN server is configured in TAP mode listening on WAN side TCP port (Ethernet bridging) and pushes to clients directives to redirect all traffic through the tunnel. So, when client (Windows 10 OpenVPN 2.4) connects to the server it becomes part of the LAN with IP address 192.168.xx.yy an can browse all LAN devices. This configuration runs trouble free since 2013.

What I wish?
In order to significantly increase the tunnel speed I decided to install a dedicated OpenVPN server inside the LAN keeping the concept - TAP interface (Ethernet bridging) and redirecting all client's traffic through the tunnel.

What I did?
I created a dedicated Ubuntu 16.04 server as a guest virtual machine within the host OS of my home NAS (Nas4Free - FreeBSD) using VirtualBox. Now the LAN configuration is as follows:
Router IP: 192.168.xx.1 (also serving as LAN DHCP and DNS server)
Host OS IP: 192.168.xx.51
Ubuntu Server 16.04 VM (dedicated for OpenVPN server) IP: 192.168.xx.5
Successfully did the following:
- installed Ubuntu VM;
- installed and configured OpenVPN 2.4 server, created br0 interface and bridged eth0 with tap0;
- the Ubuntu VM is visible and accessible within the LAN, taking its IP by DHCP from the router. I can SSH to it, ping it, etc. from within the LAN;
- forwarded the OpenVPN listening IP port (TCP) from router's WAN side to Ubuntu's LAN IP port (TCP);
- the Windows OpenVPN client negotiates and connects successfully from outside.

What is the problem?
OpenVPN client connects successfully with OpenVPN server. The keys, certificates, encryption, etc. are OK. Windows TAP adapter for some reasons is unable to set its default gateway. The Windows ipconfig command shows that the Windows TAP adapter does not have gateway (empty field). So the traffic is not redirected. The client cannot ping any LAN device (router, VM's host and the Ubuntu VM itself). This is obvious because the windows TAP adapter has no gateway assigned.

I am suspicious that something went wrong with Ubuntu's firewall and the packets received from the tunnel are not routed to the LAN and vice versa. Unfortunately there is no clear tutorial in Internet how to set up Ubuntu 16.04 OpenVPN server in TAP mode behind router. There are a lot of tutorials how to do this in TUN mode, but not in TAP mode. There are also some tutorials for TAP mode, but they are either for older Ubuntu versions or for OpenVPN server that acts also as LAN-WAN router or both. Ubuntu 16.04 uses ufw as a front end for iptables and I have no experience with it. I am not very experienced with iptables too. Until now all my OpenVPN servers were configured on routers using GUI. I tried every tutorial found, but failed. The ip forwarding is enabled on Ubuntu server. I also tried switching the server firewall off, bit no success. All LAN devices concerned are wired.
Top
netware5
OpenVpn Newbie
Posts: 15
Joined: Tue Apr 08, 2014 11:54 am

Re: Help needed: OpenVPN server in TAP mode behind router

Post by netware5 » Tue Apr 18, 2017 2:08 pm

Here is my server.conf
Server Config
server-bridge 192.168.xx.5 255.255.255.0 192.168.xx.200 192.168.xx.250
push "route-gateway 192.168.xx.1"
push "route 0.0.0.0 255.255.255.255 net_gateway"
proto tcp-server
port xx
dev tap0
script-security 2
cipher AES-256-CBC
keepalive 15 60
verb 3
duplicate-cn
push "dhcp-option DNS 192.168.xx.1"
push "dhcp-option DOMAIN <my domain>"
push "redirect-gateway def1"
tls-auth static.key 0
ca ca.crt
dh dh.pem
cert server.crt
key server.key
status-version 2
status status 10
tcp-nodelay
sndbuf 262144
rcvbuf 262144
Top
netware5
OpenVpn Newbie
Posts: 15
Joined: Tue Apr 08, 2014 11:54 am

Re: Help needed: OpenVPN server in TAP mode behind router

Post by netware5 » Tue Apr 18, 2017 2:15 pm

Here is my client config
Client Config
client
remote <public IP of the router>
route-delay 30
port <TCP port where Ubuntu server is listening, duly forwarded from the router>
proto tcp-client
dev tap
ca ca.crt
cert Pendgy-office.crt
key Pendgy-office.key
remote-cert-tls server
tls-auth ta.key 1
cipher AES-256-CBC
ping 10
verb 4
mute 10
Top
TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Help needed: OpenVPN server in TAP mode behind router

Post by TinCanTech » Tue Apr 18, 2017 2:29 pm

netware5 wrote:Any suggestions will be highly appreciated
netware5 wrote:This is obvious because the windows TAP adapter has no gateway assigned.
netware5 wrote:Ubuntu Server 16.04 VM (dedicated for OpenVPN server) IP: 192.168.xx.5
netware5 wrote:server-bridge 192.168.xx.5 255.255.255.0 192.168.xx.200 192.168.xx.250
Look closely at --server-bridge syntax:
https://community.openvpn.net/openvpn/w ... nPage#lbAH
Top
netware5
OpenVpn Newbie
Posts: 15
Joined: Tue Apr 08, 2014 11:54 am

Re: Help needed: OpenVPN server in TAP mode behind router

Post by netware5 » Tue Apr 18, 2017 2:45 pm

TinCanTech wrote:Look closely at --server-bridge syntax:
https://community.openvpn.net/openvpn/w ... nPage#lbAH
Thank you for your fast response. I already carefully read the man page you referred to. It is stated that:
"If --server-bridge is used without any parameters, it will enable a DHCP-proxy mode, where connecting OpenVPN clients will receive an IP address for their TAP adapter from the DHCP server running on the OpenVPN server-side LAN."
"The gateway and netmask parameters to --server-bridge can be set to either the IP/netmask of the bridge interface, or the IP/netmask of the default gateway/router on the bridged subnet."

I've tried three possible variants - just plain server-bridge directive (no parameters), server bridge with first parameter 192.168.xx.1 and with 192.168.xx.5. The result is the same.
Top
TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Help needed: OpenVPN server in TAP mode behind router

Post by TinCanTech » Tue Apr 18, 2017 4:14 pm

netware5 wrote:I already carefully read the man page
At least you read it .. I strongly recommend the default gateway of the subnet not the bridge interface IP.
Top
netware5
OpenVpn Newbie
Posts: 15
Joined: Tue Apr 08, 2014 11:54 am

Re: Help needed: OpenVPN server in TAP mode behind router

Post by netware5 » Tue Apr 18, 2017 4:34 pm

TinCanTech wrote:
netware5 wrote:I already carefully read the man page
At least you read it .. I strongly recommend the default gateway of the subnet not the bridge interface IP.
OK, but as I said, it is still not working. I've tried all variants before my first posting. Now I tried again following your advice. Still not working. The Windows client connects, negotiates and even says "Connected, the IP address assigned is ... ", bit no ping and no any other connection to any device within the 192.168.xx.0 LAN. The ping command says "Destination unreachable". The same client, with the same configuration file (except the port number of course) works with almost the same server config based on the LAN gateway with only difference that the server-bridge directive is without parameters. So, I think that the problem is with routing/bridging/firewalling in Ubuntu server, not in the OpenVPN server config itself. I hope somebody may post here a working config of bridging and firewall on Ubuntu server in TAP mode behind router.
Server Config
server-bridge 192.168.xx.1 255.255.255.0 192.168.xx.200 192.168.xx.250
push "route-gateway 192.168.xx.1"
push "route 0.0.0.0 255.255.255.255 net_gateway"
proto tcp-server
port xx
dev tap0
script-security 2
cipher AES-256-CBC
keepalive 15 60
verb 3
duplicate-cn
push "dhcp-option DNS 192.168.xx.1"
push "dhcp-option DOMAIN xxxx.xx"
push "redirect-gateway def1"
tls-auth static.key 0
ca ca.crt
dh dh.pem
cert server.crt
key server.key
status-version 2
status status 10
tcp-nodelay
sndbuf 262144
rcvbuf 262144
Top
TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Help needed: OpenVPN server in TAP mode behind router

Post by TinCanTech » Tue Apr 18, 2017 5:57 pm

Please set --verb 4 in your configs, restart your VPN and post complete, sanitized logs.
Top
netware5
OpenVpn Newbie
Posts: 15
Joined: Tue Apr 08, 2014 11:54 am

Re: Help needed: OpenVPN server in TAP mode behind router

Post by netware5 » Wed Apr 19, 2017 1:10 pm

TinCanTech wrote:Please set --verb 4 in your configs, restart your VPN and post complete, sanitized logs.
@TinCanTech,

Here they are:

Client log

Code: Select all

Wed Apr 19 14:13:35 2017 us=571541 Current Parameter Settings:
Wed Apr 19 14:13:35 2017 us=571541   config = 'Office_to_OpenVPNGate_TCP.ovpn'
Wed Apr 19 14:13:35 2017 us=571541   mode = 0
Wed Apr 19 14:13:35 2017 us=571541   show_ciphers = DISABLED
Wed Apr 19 14:13:35 2017 us=571541   show_digests = DISABLED
Wed Apr 19 14:13:35 2017 us=571541   show_engines = DISABLED
Wed Apr 19 14:13:35 2017 us=571541   genkey = DISABLED
Wed Apr 19 14:13:35 2017 us=571541   key_pass_file = '[UNDEF]'
Wed Apr 19 14:13:35 2017 us=571541   show_tls_ciphers = DISABLED
Wed Apr 19 14:13:35 2017 us=571541   connect_retry_max = 0
Wed Apr 19 14:13:35 2017 us=571541 NOTE: --mute triggered...
Wed Apr 19 14:13:35 2017 us=571541 282 variation(s) on previous 10 message(s) suppressed by --mute
Wed Apr 19 14:13:35 2017 us=571541 OpenVPN 2.4.0 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Jan 31 2017
Wed Apr 19 14:13:35 2017 us=571541 Windows version 6.2 (Windows 8 or greater) 64bit
Wed Apr 19 14:13:35 2017 us=571541 library versions: OpenSSL 1.0.2k  26 Jan 2017, LZO 2.09
Enter Management Password:
Wed Apr 19 14:13:35 2017 us=571541 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Wed Apr 19 14:13:35 2017 us=571541 Need hold release from management interface, waiting...
Wed Apr 19 14:13:36 2017 us=40433 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Wed Apr 19 14:13:36 2017 us=149847 MANAGEMENT: CMD 'state on'
Wed Apr 19 14:13:36 2017 us=149847 MANAGEMENT: CMD 'log all on'
Wed Apr 19 14:13:36 2017 us=165349 MANAGEMENT: CMD 'hold off'
Wed Apr 19 14:13:36 2017 us=165349 MANAGEMENT: CMD 'hold release'
Wed Apr 19 14:13:36 2017 us=165349 WARNING: --ping should normally be used with --ping-restart or --ping-exit
Wed Apr 19 14:13:36 2017 us=227856 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Apr 19 14:13:36 2017 us=227856 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Apr 19 14:13:36 2017 us=227856 Control Channel MTU parms [ L:1655 D:1182 EF:68 EB:0 ET:0 EL:3 ]
Wed Apr 19 14:13:36 2017 us=227856 Data Channel MTU parms [ L:1655 D:1450 EF:123 EB:411 ET:32 EL:3 ]
Wed Apr 19 14:13:36 2017 us=227856 Local Options String (VER=V4): 'V4,dev-type tap,link-mtu 1591,tun-mtu 1532,proto TCPv4_CLIENT,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
Wed Apr 19 14:13:36 2017 us=227856 Expected Remote Options String (VER=V4): 'V4,dev-type tap,link-mtu 1591,tun-mtu 1532,proto TCPv4_SERVER,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
Wed Apr 19 14:13:36 2017 us=227856 TCP/UDP: Preserving recently used remote address: [AF_INET]78.xxx.yyy.zzz:ppp
Wed Apr 19 14:13:36 2017 us=227856 Socket Buffers: R=[65536->65536] S=[65536->65536]
Wed Apr 19 14:13:36 2017 us=227856 Attempting to establish TCP connection with [AF_INET]78.xxx.yyy.zzz:ppp [nonblock]
Wed Apr 19 14:13:36 2017 us=227856 MANAGEMENT: >STATE:1492600416,TCP_CONNECT,,,,,,
Wed Apr 19 14:13:37 2017 us=233753 TCP connection established with [AF_INET]78.xxx.yyy.zzz:ppp 
Wed Apr 19 14:13:37 2017 us=233753 TCP_CLIENT link local: (not bound)
Wed Apr 19 14:13:37 2017 us=233753 TCP_CLIENT link remote: [AF_INET]78.xxx.yyy.zzz:ppp
Wed Apr 19 14:13:37 2017 us=233753 MANAGEMENT: >STATE:1492600417,WAIT,,,,,,
Wed Apr 19 14:13:37 2017 us=233753 MANAGEMENT: >STATE:1492600417,AUTH,,,,,,
Wed Apr 19 14:13:37 2017 us=233753 TLS: Initial packet from [AF_INET]78.xxx.yyy.zzz:ppp, sid=3510755e db4bd12c
Wed Apr 19 14:13:37 2017 us=343053 VERIFY OK: depth=1, .......................
Wed Apr 19 14:13:37 2017 us=343053 Validating certificate key usage
Wed Apr 19 14:13:37 2017 us=343053 ++ Certificate has key usage  00a0, expects 00a0
Wed Apr 19 14:13:37 2017 us=343053 VERIFY KU OK
Wed Apr 19 14:13:37 2017 us=343053 Validating certificate extended key usage
Wed Apr 19 14:13:37 2017 us=343053 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Wed Apr 19 14:13:37 2017 us=343053 VERIFY EKU OK
Wed Apr 19 14:13:37 2017 us=343053 VERIFY OK: depth=0, ......................
Wed Apr 19 14:13:37 2017 us=358650 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Wed Apr 19 14:13:37 2017 us=358650 [server] Peer Connection Initiated with [AF_INET]78.xxx.yyy.zzz:ppp 
Wed Apr 19 14:13:38 2017 us=532425 MANAGEMENT: >STATE:1492600418,GET_CONFIG,,,,,,
Wed Apr 19 14:13:38 2017 us=532425 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Wed Apr 19 14:13:38 2017 us=532425 PUSH: Received control message: 'PUSH_REPLY,route-gateway 192.168.xx.1,route 0.0.0.0 255.255.255.255 net_gateway,dhcp-option DNS 192.168.xx.1,dhcp-option DOMAIN pendgy.bg,redirect-gateway def1,route-gateway 192.168.xx.1,ping 15,ping-restart 60,socket-flags TCP_NODELAY,ifconfig 192.168.xx.200 255.255.255.0,peer-id 0,cipher AES-256-GCM'
Wed Apr 19 14:13:38 2017 us=532425 OPTIONS IMPORT: timers and/or timeouts modified
Wed Apr 19 14:13:38 2017 us=532425 OPTIONS IMPORT: --socket-flags option modified
Wed Apr 19 14:13:38 2017 us=532425 Socket flags: TCP_NODELAY=1 succeeded
Wed Apr 19 14:13:38 2017 us=532425 OPTIONS IMPORT: --ifconfig/up options modified
Wed Apr 19 14:13:38 2017 us=532425 OPTIONS IMPORT: route options modified
Wed Apr 19 14:13:38 2017 us=532425 OPTIONS IMPORT: route-related options modified
Wed Apr 19 14:13:38 2017 us=532425 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Wed Apr 19 14:13:38 2017 us=532425 OPTIONS IMPORT: peer-id set
Wed Apr 19 14:13:38 2017 us=532425 OPTIONS IMPORT: adjusting link_mtu to 1658
Wed Apr 19 14:13:38 2017 us=532425 OPTIONS IMPORT: data channel crypto options modified
Wed Apr 19 14:13:38 2017 us=532425 Data Channel MTU parms [ L:1586 D:1450 EF:54 EB:411 ET:32 EL:3 ]
Wed Apr 19 14:13:38 2017 us=532425 Data Channel Encrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
Wed Apr 19 14:13:38 2017 us=532425 Data Channel Decrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
Wed Apr 19 14:13:38 2017 us=532425 interactive service msg_channel=0
Wed Apr 19 14:13:38 2017 us=532425 ROUTE_GATEWAY <the client's local LAN gateway IP>/255.255.255.0 I=9 HWADDR=90:1b:0e:8e:4e:99
Wed Apr 19 14:13:38 2017 us=547935 open_tun
Wed Apr 19 14:13:38 2017 us=547935 TAP-WIN32 device [Ethernet 2] opened: \\.\Global\{4AA5D80D-D685-4A9C-A13E-838D4D3711FF}.tap
Wed Apr 19 14:13:38 2017 us=547935 TAP-Windows Driver Version 9.21 
Wed Apr 19 14:13:38 2017 us=547935 TAP-Windows MTU=1500
Wed Apr 19 14:13:38 2017 us=547935 Notified TAP-Windows driver to set a DHCP IP/netmask of 192.168.xx.200/255.255.255.0 on interface {4AA5D80D-D685-4A9C-A13E-838D4D3711FF} [DHCP-serv: 192.168.xx.0, lease-time: 31536000]
Wed Apr 19 14:13:38 2017 us=547935 DHCP option string: 0f097065 6e646779 2e626706 04c0a84d 01
Wed Apr 19 14:13:38 2017 us=547935 Successful ARP Flush on interface [7] {4AA5D80D-D685-4A9C-A13E-838D4D3711FF}
Wed Apr 19 14:13:38 2017 us=563560 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Wed Apr 19 14:13:38 2017 us=563560 MANAGEMENT: >STATE:1492600418,ASSIGN_IP,,192.168.xx.200,,,,
Wed Apr 19 14:14:08 2017 us=281904 TEST ROUTES: 2/2 succeeded len=1 ret=1 a=0 u/d=up
Wed Apr 19 14:14:08 2017 us=281904 C:\Windows\system32\route.exe ADD 78.xxx.yyy.zzz MASK 255.255.255.255 <the client's local LAN gateway IP>
Wed Apr 19 14:14:08 2017 us=281904 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=25 and dwForwardType=4
Wed Apr 19 14:14:08 2017 us=281904 Route addition via IPAPI succeeded [adaptive]
Wed Apr 19 14:14:08 2017 us=281904 C:\Windows\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 192.168.xx.1
Wed Apr 19 14:14:08 2017 us=281904 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=35 and dwForwardType=4
Wed Apr 19 14:14:08 2017 us=281904 Route addition via IPAPI succeeded [adaptive]
Wed Apr 19 14:14:08 2017 us=281904 C:\Windows\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 192.168.xx.1
Wed Apr 19 14:14:08 2017 us=281904 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=35 and dwForwardType=4
Wed Apr 19 14:14:08 2017 us=281904 Route addition via IPAPI succeeded [adaptive]
Wed Apr 19 14:14:08 2017 us=281904 MANAGEMENT: >STATE:1492600448,ADD_ROUTES,,,,,,
Wed Apr 19 14:14:08 2017 us=281904 C:\Windows\system32\route.exe ADD 0.0.0.0 MASK 255.255.255.255 <the client's local LAN gateway IP>
Wed Apr 19 14:14:08 2017 us=281904 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=25 and dwForwardType=4
Wed Apr 19 14:14:08 2017 us=281904 Route addition via IPAPI succeeded [adaptive]
Wed Apr 19 14:14:08 2017 us=281904 Initialization Sequence Completed
Wed Apr 19 14:14:08 2017 us=281904 MANAGEMENT: >STATE:1492600448,CONNECTED,SUCCESS,192.168.xx.200,78.xxx.yyy.zzz,ppp,<the client's local LAN gateway IP> <the client's local IP>,23783
Server log (after VM reboot), the connection from client initiated at 14:13

Code: Select all

Wed Apr 19 13:58:23 2017 us=420617 WARNING: file 'server.key' is group or others accessible
Wed Apr 19 13:58:23 2017 us=420668 WARNING: file 'static.key' is group or others accessible
Wed Apr 19 13:58:23 2017 us=420690 Current Parameter Settings:
Wed Apr 19 13:58:23 2017 us=420697   config = '/etc/openvpn/server.conf'
Wed Apr 19 13:58:23 2017 us=420704   mode = 1
Wed Apr 19 13:58:23 2017 us=420710   persist_config = DISABLED
Wed Apr 19 13:58:23 2017 us=420717   persist_mode = 1
Wed Apr 19 13:58:23 2017 us=420723   show_ciphers = DISABLED
Wed Apr 19 13:58:23 2017 us=420729   show_digests = DISABLED
Wed Apr 19 13:58:23 2017 us=420735   show_engines = DISABLED
Wed Apr 19 13:58:23 2017 us=420741   genkey = DISABLED
Wed Apr 19 13:58:23 2017 us=420758   key_pass_file = '[UNDEF]'
Wed Apr 19 13:58:23 2017 us=420766   show_tls_ciphers = DISABLED
Wed Apr 19 13:58:23 2017 us=420772   connect_retry_max = 0
Wed Apr 19 13:58:23 2017 us=420779 Connection profiles [0]:
Wed Apr 19 13:58:23 2017 us=420785   proto = tcp-server
Wed Apr 19 13:58:23 2017 us=420791   local = '[UNDEF]'
Wed Apr 19 13:58:23 2017 us=420797   local_port = '37'
Wed Apr 19 13:58:23 2017 us=420803   remote = '[UNDEF]'
Wed Apr 19 13:58:23 2017 us=420809   remote_port = '37'
Wed Apr 19 13:58:23 2017 us=420815   remote_float = DISABLED
Wed Apr 19 13:58:23 2017 us=420821   bind_defined = DISABLED
Wed Apr 19 13:58:23 2017 us=420827   bind_local = ENABLED
Wed Apr 19 13:58:23 2017 us=420833   bind_ipv6_only = DISABLED
Wed Apr 19 13:58:23 2017 us=420839   connect_retry_seconds = 5
Wed Apr 19 13:58:23 2017 us=420845   connect_timeout = 120
Wed Apr 19 13:58:23 2017 us=420851   socks_proxy_server = '[UNDEF]'
Wed Apr 19 13:58:23 2017 us=420857   socks_proxy_port = '[UNDEF]'
Wed Apr 19 13:58:23 2017 us=420863   tun_mtu = 1500
Wed Apr 19 13:58:23 2017 us=420869   tun_mtu_defined = ENABLED
Wed Apr 19 13:58:23 2017 us=420875   link_mtu = 1500
Wed Apr 19 13:58:23 2017 us=420881   link_mtu_defined = DISABLED
Wed Apr 19 13:58:23 2017 us=420887   tun_mtu_extra = 32
Wed Apr 19 13:58:23 2017 us=420894   tun_mtu_extra_defined = ENABLED
Wed Apr 19 13:58:23 2017 us=420900   mtu_discover_type = -1
Wed Apr 19 13:58:23 2017 us=420906   fragment = 0
Wed Apr 19 13:58:23 2017 us=420912   mssfix = 1450
Wed Apr 19 13:58:23 2017 us=420918   explicit_exit_notification = 0
Wed Apr 19 13:58:23 2017 us=420925 Connection profiles END
Wed Apr 19 13:58:23 2017 us=420931   remote_random = DISABLED
Wed Apr 19 13:58:23 2017 us=420937   ipchange = '[UNDEF]'
Wed Apr 19 13:58:23 2017 us=420943   dev = 'tap0'
Wed Apr 19 13:58:23 2017 us=420949   dev_type = '[UNDEF]'
Wed Apr 19 13:58:23 2017 us=420954   dev_node = '[UNDEF]'
Wed Apr 19 13:58:23 2017 us=420960   lladdr = '[UNDEF]'
Wed Apr 19 13:58:23 2017 us=420966   topology = 1
Wed Apr 19 13:58:23 2017 us=420972   ifconfig_local = '[UNDEF]'
Wed Apr 19 13:58:23 2017 us=420978   ifconfig_remote_netmask = '[UNDEF]'
Wed Apr 19 13:58:23 2017 us=420984   ifconfig_noexec = DISABLED
Wed Apr 19 13:58:23 2017 us=420990   ifconfig_nowarn = DISABLED
Wed Apr 19 13:58:23 2017 us=420996   ifconfig_ipv6_local = '[UNDEF]'
Wed Apr 19 13:58:23 2017 us=421002   ifconfig_ipv6_netbits = 0
Wed Apr 19 13:58:23 2017 us=421008   ifconfig_ipv6_remote = '[UNDEF]'
Wed Apr 19 13:58:23 2017 us=421014   shaper = 0
Wed Apr 19 13:58:23 2017 us=421020   mtu_test = 0
Wed Apr 19 13:58:23 2017 us=421026   mlock = DISABLED
Wed Apr 19 13:58:23 2017 us=421032   keepalive_ping = 15
Wed Apr 19 13:58:23 2017 us=421037   keepalive_timeout = 60
Wed Apr 19 13:58:23 2017 us=421043   inactivity_timeout = 0
Wed Apr 19 13:58:23 2017 us=421049   ping_send_timeout = 15
Wed Apr 19 13:58:23 2017 us=421056   ping_rec_timeout = 120
Wed Apr 19 13:58:23 2017 us=421061   ping_rec_timeout_action = 2
Wed Apr 19 13:58:23 2017 us=421067   ping_timer_remote = DISABLED
Wed Apr 19 13:58:23 2017 us=421073   remap_sigusr1 = 0
Wed Apr 19 13:58:23 2017 us=421079   persist_tun = DISABLED
Wed Apr 19 13:58:23 2017 us=421085   persist_local_ip = DISABLED
Wed Apr 19 13:58:23 2017 us=421091   persist_remote_ip = DISABLED
Wed Apr 19 13:58:23 2017 us=421097   persist_key = DISABLED
Wed Apr 19 13:58:23 2017 us=421107   passtos = DISABLED
Wed Apr 19 13:58:23 2017 us=421114   resolve_retry_seconds = 1000000000
Wed Apr 19 13:58:23 2017 us=421120   resolve_in_advance = DISABLED
Wed Apr 19 13:58:23 2017 us=421126   username = '[UNDEF]'
Wed Apr 19 13:58:23 2017 us=421131   groupname = '[UNDEF]'
Wed Apr 19 13:58:23 2017 us=421137   chroot_dir = '[UNDEF]'
Wed Apr 19 13:58:23 2017 us=421143   cd_dir = '/etc/openvpn'
Wed Apr 19 13:58:23 2017 us=421149   writepid = '/run/openvpn/server.pid'
Wed Apr 19 13:58:23 2017 us=421155   up_script = '[UNDEF]'
Wed Apr 19 13:58:23 2017 us=421161   down_script = '[UNDEF]'
Wed Apr 19 13:58:23 2017 us=421167   down_pre = DISABLED
Wed Apr 19 13:58:23 2017 us=421174   up_restart = DISABLED
Wed Apr 19 13:58:23 2017 us=421181   up_delay = DISABLED
Wed Apr 19 13:58:23 2017 us=421187   daemon = ENABLED
Wed Apr 19 13:58:23 2017 us=421193   inetd = 0
Wed Apr 19 13:58:23 2017 us=421199   log = ENABLED
Wed Apr 19 13:58:23 2017 us=421205   suppress_timestamps = DISABLED
Wed Apr 19 13:58:23 2017 us=421211   machine_readable_output = DISABLED
Wed Apr 19 13:58:23 2017 us=421217   nice = 0
Wed Apr 19 13:58:23 2017 us=421223   verbosity = 4
Wed Apr 19 13:58:23 2017 us=421229   mute = 0
Wed Apr 19 13:58:23 2017 us=421234   gremlin = 0
Wed Apr 19 13:58:23 2017 us=421240   status_file = 'status'
Wed Apr 19 13:58:23 2017 us=421246   status_file_version = 2
Wed Apr 19 13:58:23 2017 us=421252   status_file_update_freq = 100
Wed Apr 19 13:58:23 2017 us=421257   occ = ENABLED
Wed Apr 19 13:58:23 2017 us=421263   rcvbuf = 262144
Wed Apr 19 13:58:23 2017 us=421269   sndbuf = 262144
Wed Apr 19 13:58:23 2017 us=421275   mark = 0
Wed Apr 19 13:58:23 2017 us=421280   sockflags = 2
Wed Apr 19 13:58:23 2017 us=421286   fast_io = DISABLED
Wed Apr 19 13:58:23 2017 us=421292   comp.alg = 0
Wed Apr 19 13:58:23 2017 us=421298   comp.flags = 0
Wed Apr 19 13:58:23 2017 us=421304   route_script = '[UNDEF]'
Wed Apr 19 13:58:23 2017 us=421310   route_default_gateway = '[UNDEF]'
Wed Apr 19 13:58:23 2017 us=421316   route_default_metric = 0
Wed Apr 19 13:58:23 2017 us=421322   route_noexec = DISABLED
Wed Apr 19 13:58:23 2017 us=421328   route_delay = 0
Wed Apr 19 13:58:23 2017 us=421334   route_delay_window = 30
Wed Apr 19 13:58:23 2017 us=421339   route_delay_defined = DISABLED
Wed Apr 19 13:58:23 2017 us=421345   route_nopull = DISABLED
Wed Apr 19 13:58:23 2017 us=421351   route_gateway_via_dhcp = DISABLED
Wed Apr 19 13:58:23 2017 us=421357   allow_pull_fqdn = DISABLED
Wed Apr 19 13:58:23 2017 us=421364   management_addr = '[UNDEF]'
Wed Apr 19 13:58:23 2017 us=421369   management_port = '[UNDEF]'
Wed Apr 19 13:58:23 2017 us=421375   management_user_pass = '[UNDEF]'
Wed Apr 19 13:58:23 2017 us=421381   management_log_history_cache = 250
Wed Apr 19 13:58:23 2017 us=421387   management_echo_buffer_size = 100
Wed Apr 19 13:58:23 2017 us=421393   management_write_peer_info_file = '[UNDEF]'
Wed Apr 19 13:58:23 2017 us=421399   management_client_user = '[UNDEF]'
Wed Apr 19 13:58:23 2017 us=421405   management_client_group = '[UNDEF]'
Wed Apr 19 13:58:23 2017 us=421411   management_flags = 0
Wed Apr 19 13:58:23 2017 us=421417   shared_secret_file = '[UNDEF]'
Wed Apr 19 13:58:23 2017 us=421423   key_direction = 1
Wed Apr 19 13:58:23 2017 us=421429   ciphername = 'AES-256-CBC'
Wed Apr 19 13:58:23 2017 us=421435   ncp_enabled = ENABLED
Wed Apr 19 13:58:23 2017 us=421441   ncp_ciphers = 'AES-256-GCM:AES-128-GCM'
Wed Apr 19 13:58:23 2017 us=421447   authname = 'SHA1'
Wed Apr 19 13:58:23 2017 us=421453   prng_hash = 'SHA1'
Wed Apr 19 13:58:23 2017 us=421459   prng_nonce_secret_len = 16
Wed Apr 19 13:58:23 2017 us=421465   keysize = 0
Wed Apr 19 13:58:23 2017 us=421471   engine = DISABLED
Wed Apr 19 13:58:23 2017 us=421477   replay = ENABLED
Wed Apr 19 13:58:23 2017 us=421483   mute_replay_warnings = DISABLED
Wed Apr 19 13:58:23 2017 us=421489   replay_window = 64
Wed Apr 19 13:58:23 2017 us=421495   replay_time = 15
Wed Apr 19 13:58:23 2017 us=421501   packet_id_file = '[UNDEF]'
Wed Apr 19 13:58:23 2017 us=421507   use_iv = ENABLED
Wed Apr 19 13:58:23 2017 us=421517   test_crypto = DISABLED
Wed Apr 19 13:58:23 2017 us=421523   tls_server = ENABLED
Wed Apr 19 13:58:23 2017 us=421529   tls_client = DISABLED
Wed Apr 19 13:58:23 2017 us=421535   key_method = 2
Wed Apr 19 13:58:23 2017 us=421541   ca_file = 'ca.crt'
Wed Apr 19 13:58:23 2017 us=421547   ca_path = '[UNDEF]'
Wed Apr 19 13:58:23 2017 us=421553   dh_file = 'dh.pem'
Wed Apr 19 13:58:23 2017 us=421559   cert_file = 'server.crt'
Wed Apr 19 13:58:23 2017 us=421565   extra_certs_file = '[UNDEF]'
Wed Apr 19 13:58:23 2017 us=421571   priv_key_file = 'server.key'
Wed Apr 19 13:58:23 2017 us=421577   pkcs12_file = '[UNDEF]'
Wed Apr 19 13:58:23 2017 us=421583   cipher_list = '[UNDEF]'
Wed Apr 19 13:58:23 2017 us=421589   tls_verify = '[UNDEF]'
Wed Apr 19 13:58:23 2017 us=421595   tls_export_cert = '[UNDEF]'
Wed Apr 19 13:58:23 2017 us=421601   verify_x509_type = 0
Wed Apr 19 13:58:23 2017 us=421607   verify_x509_name = '[UNDEF]'
Wed Apr 19 13:58:23 2017 us=421613   crl_file = '[UNDEF]'
Wed Apr 19 13:58:23 2017 us=421618   ns_cert_type = 0
Wed Apr 19 13:58:23 2017 us=421624   remote_cert_ku[i] = 0
Wed Apr 19 13:58:23 2017 us=421630   remote_cert_ku[i] = 0
Wed Apr 19 13:58:23 2017 us=421636   remote_cert_ku[i] = 0
Wed Apr 19 13:58:23 2017 us=421642   remote_cert_ku[i] = 0
Wed Apr 19 13:58:23 2017 us=421648   remote_cert_ku[i] = 0
Wed Apr 19 13:58:23 2017 us=421654   remote_cert_ku[i] = 0
Wed Apr 19 13:58:23 2017 us=421660   remote_cert_ku[i] = 0
Wed Apr 19 13:58:23 2017 us=421665   remote_cert_ku[i] = 0
Wed Apr 19 13:58:23 2017 us=421671   remote_cert_ku[i] = 0
Wed Apr 19 13:58:23 2017 us=421677   remote_cert_ku[i] = 0
Wed Apr 19 13:58:23 2017 us=421682   remote_cert_ku[i] = 0
Wed Apr 19 13:58:23 2017 us=421688   remote_cert_ku[i] = 0
Wed Apr 19 13:58:23 2017 us=421694   remote_cert_ku[i] = 0
Wed Apr 19 13:58:23 2017 us=421699   remote_cert_ku[i] = 0
Wed Apr 19 13:58:23 2017 us=421705   remote_cert_ku[i] = 0
Wed Apr 19 13:58:23 2017 us=421711   remote_cert_ku[i] = 0
Wed Apr 19 13:58:23 2017 us=421717   remote_cert_eku = '[UNDEF]'
Wed Apr 19 13:58:23 2017 us=421723   ssl_flags = 0
Wed Apr 19 13:58:23 2017 us=421728   tls_timeout = 2
Wed Apr 19 13:58:23 2017 us=421734   renegotiate_bytes = -1
Wed Apr 19 13:58:23 2017 us=421740   renegotiate_packets = 0
Wed Apr 19 13:58:23 2017 us=421756   renegotiate_seconds = 3600
Wed Apr 19 13:58:23 2017 us=421763   handshake_window = 60
Wed Apr 19 13:58:23 2017 us=421769   transition_window = 3600
Wed Apr 19 13:58:23 2017 us=421776   single_session = DISABLED
Wed Apr 19 13:58:23 2017 us=421782   push_peer_info = DISABLED
Wed Apr 19 13:58:23 2017 us=421788   tls_exit = DISABLED
Wed Apr 19 13:58:23 2017 us=421794   tls_auth_file = 'static.key'
Wed Apr 19 13:58:23 2017 us=421800   tls_crypt_file = '[UNDEF]'
Wed Apr 19 13:58:23 2017 us=421806   pkcs11_protected_authentication = DISABLED
Wed Apr 19 13:58:23 2017 us=421812   pkcs11_protected_authentication = DISABLED
Wed Apr 19 13:58:23 2017 us=421818   pkcs11_protected_authentication = DISABLED
Wed Apr 19 13:58:23 2017 us=421824   pkcs11_protected_authentication = DISABLED
Wed Apr 19 13:58:23 2017 us=421830   pkcs11_protected_authentication = DISABLED
Wed Apr 19 13:58:23 2017 us=421836   pkcs11_protected_authentication = DISABLED
Wed Apr 19 13:58:23 2017 us=421842   pkcs11_protected_authentication = DISABLED
Wed Apr 19 13:58:23 2017 us=421847   pkcs11_protected_authentication = DISABLED
Wed Apr 19 13:58:23 2017 us=421853   pkcs11_protected_authentication = DISABLED
Wed Apr 19 13:58:23 2017 us=421859   pkcs11_protected_authentication = DISABLED
Wed Apr 19 13:58:23 2017 us=421865   pkcs11_protected_authentication = DISABLED
Wed Apr 19 13:58:23 2017 us=421871   pkcs11_protected_authentication = DISABLED
Wed Apr 19 13:58:23 2017 us=421877   pkcs11_protected_authentication = DISABLED
Wed Apr 19 13:58:23 2017 us=421882   pkcs11_protected_authentication = DISABLED
Wed Apr 19 13:58:23 2017 us=421888   pkcs11_protected_authentication = DISABLED
Wed Apr 19 13:58:23 2017 us=421894   pkcs11_protected_authentication = DISABLED
Wed Apr 19 13:58:23 2017 us=421904   pkcs11_private_mode = 00000000
Wed Apr 19 13:58:23 2017 us=421911   pkcs11_private_mode = 00000000
Wed Apr 19 13:58:23 2017 us=421917   pkcs11_private_mode = 00000000
Wed Apr 19 13:58:23 2017 us=421923   pkcs11_private_mode = 00000000
Wed Apr 19 13:58:23 2017 us=421929   pkcs11_private_mode = 00000000
Wed Apr 19 13:58:23 2017 us=421935   pkcs11_private_mode = 00000000
Wed Apr 19 13:58:23 2017 us=421941   pkcs11_private_mode = 00000000
Wed Apr 19 13:58:23 2017 us=421947   pkcs11_private_mode = 00000000
Wed Apr 19 13:58:23 2017 us=421953   pkcs11_private_mode = 00000000
Wed Apr 19 13:58:23 2017 us=421959   pkcs11_private_mode = 00000000
Wed Apr 19 13:58:23 2017 us=421965   pkcs11_private_mode = 00000000
Wed Apr 19 13:58:23 2017 us=421972   pkcs11_private_mode = 00000000
Wed Apr 19 13:58:23 2017 us=421978   pkcs11_private_mode = 00000000
Wed Apr 19 13:58:23 2017 us=421984   pkcs11_private_mode = 00000000
Wed Apr 19 13:58:23 2017 us=421990   pkcs11_private_mode = 00000000
Wed Apr 19 13:58:23 2017 us=421996   pkcs11_private_mode = 00000000
Wed Apr 19 13:58:23 2017 us=422001   pkcs11_cert_private = DISABLED
Wed Apr 19 13:58:23 2017 us=422007   pkcs11_cert_private = DISABLED
Wed Apr 19 13:58:23 2017 us=422013   pkcs11_cert_private = DISABLED
Wed Apr 19 13:58:23 2017 us=422019   pkcs11_cert_private = DISABLED
Wed Apr 19 13:58:23 2017 us=422025   pkcs11_cert_private = DISABLED
Wed Apr 19 13:58:23 2017 us=422031   pkcs11_cert_private = DISABLED
Wed Apr 19 13:58:23 2017 us=422036   pkcs11_cert_private = DISABLED
Wed Apr 19 13:58:23 2017 us=422042   pkcs11_cert_private = DISABLED
Wed Apr 19 13:58:23 2017 us=422048   pkcs11_cert_private = DISABLED
Wed Apr 19 13:58:23 2017 us=422054   pkcs11_cert_private = DISABLED
Wed Apr 19 13:58:23 2017 us=422060   pkcs11_cert_private = DISABLED
Wed Apr 19 13:58:23 2017 us=422066   pkcs11_cert_private = DISABLED
Wed Apr 19 13:58:23 2017 us=422071   pkcs11_cert_private = DISABLED
Wed Apr 19 13:58:23 2017 us=422077   pkcs11_cert_private = DISABLED
Wed Apr 19 13:58:23 2017 us=422083   pkcs11_cert_private = DISABLED
Wed Apr 19 13:58:23 2017 us=422089   pkcs11_cert_private = DISABLED
Wed Apr 19 13:58:23 2017 us=422095   pkcs11_pin_cache_period = -1
Wed Apr 19 13:58:23 2017 us=422101   pkcs11_id = '[UNDEF]'
Wed Apr 19 13:58:23 2017 us=422106   pkcs11_id_management = DISABLED
Wed Apr 19 13:58:23 2017 us=422113   server_network = 0.0.0.0
Wed Apr 19 13:58:23 2017 us=422120   server_netmask = 0.0.0.0
Wed Apr 19 13:58:23 2017 us=422131   server_network_ipv6 = ::
Wed Apr 19 13:58:23 2017 us=422137   server_netbits_ipv6 = 0
Wed Apr 19 13:58:23 2017 us=422144   server_bridge_ip = 192.168.xx.1
Wed Apr 19 13:58:23 2017 us=422151   server_bridge_netmask = 255.255.255.0
Wed Apr 19 13:58:23 2017 us=422158   server_bridge_pool_start = 192.168.xx.200
Wed Apr 19 13:58:23 2017 us=422165   server_bridge_pool_end = 192.168.xx.250
Wed Apr 19 13:58:23 2017 us=422171   push_entry = 'route-gateway 192.168.xx.1'
Wed Apr 19 13:58:23 2017 us=422177   push_entry = 'route 0.0.0.0 255.255.255.255 net_gateway'
Wed Apr 19 13:58:23 2017 us=422184   push_entry = 'dhcp-option DNS 192.168.xx.1'
Wed Apr 19 13:58:23 2017 us=422190   push_entry = 'dhcp-option DOMAIN pendgy.bg'
Wed Apr 19 13:58:23 2017 us=422196   push_entry = 'redirect-gateway def1'
Wed Apr 19 13:58:23 2017 us=422202   push_entry = 'route-gateway 192.168.xx.1'
Wed Apr 19 13:58:23 2017 us=422208   push_entry = 'ping 15'
Wed Apr 19 13:58:23 2017 us=422213   push_entry = 'ping-restart 60'
Wed Apr 19 13:58:23 2017 us=422219   push_entry = 'socket-flags TCP_NODELAY'
Wed Apr 19 13:58:23 2017 us=422225   ifconfig_pool_defined = ENABLED
Wed Apr 19 13:58:23 2017 us=422232   ifconfig_pool_start = 192.168.xx.200
Wed Apr 19 13:58:23 2017 us=422238   ifconfig_pool_end = 192.168.xx.250
Wed Apr 19 13:58:23 2017 us=422245   ifconfig_pool_netmask = 255.255.255.0
Wed Apr 19 13:58:23 2017 us=422251   ifconfig_pool_persist_filename = '[UNDEF]'
Wed Apr 19 13:58:23 2017 us=422257   ifconfig_pool_persist_refresh_freq = 600
Wed Apr 19 13:58:23 2017 us=422263   ifconfig_ipv6_pool_defined = DISABLED
Wed Apr 19 13:58:23 2017 us=422273   ifconfig_ipv6_pool_base = ::
Wed Apr 19 13:58:23 2017 us=422280   ifconfig_ipv6_pool_netbits = 0
Wed Apr 19 13:58:23 2017 us=422286   n_bcast_buf = 256
Wed Apr 19 13:58:23 2017 us=422292   tcp_queue_limit = 64
Wed Apr 19 13:58:23 2017 us=422298   real_hash_size = 256
Wed Apr 19 13:58:23 2017 us=422304   virtual_hash_size = 256
Wed Apr 19 13:58:23 2017 us=422310   client_connect_script = '[UNDEF]'
Wed Apr 19 13:58:23 2017 us=422316   learn_address_script = '[UNDEF]'
Wed Apr 19 13:58:23 2017 us=422321   client_disconnect_script = '[UNDEF]'
Wed Apr 19 13:58:23 2017 us=441175   client_config_dir = '[UNDEF]'
Wed Apr 19 13:58:23 2017 us=441200   ccd_exclusive = DISABLED
Wed Apr 19 13:58:23 2017 us=441209   tmp_dir = '/tmp'
Wed Apr 19 13:58:23 2017 us=441216   push_ifconfig_defined = DISABLED
Wed Apr 19 13:58:23 2017 us=441224   push_ifconfig_local = 0.0.0.0
Wed Apr 19 13:58:23 2017 us=441232   push_ifconfig_remote_netmask = 0.0.0.0
Wed Apr 19 13:58:23 2017 us=441238   push_ifconfig_ipv6_defined = DISABLED
Wed Apr 19 13:58:23 2017 us=441247   push_ifconfig_ipv6_local = ::/0
Wed Apr 19 13:58:23 2017 us=441254   push_ifconfig_ipv6_remote = ::
Wed Apr 19 13:58:23 2017 us=441260   enable_c2c = DISABLED
Wed Apr 19 13:58:23 2017 us=441267   duplicate_cn = ENABLED
Wed Apr 19 13:58:23 2017 us=441273   cf_max = 0
Wed Apr 19 13:58:23 2017 us=441279   cf_per = 0
Wed Apr 19 13:58:23 2017 us=441285   max_clients = 1024
Wed Apr 19 13:58:23 2017 us=441291   max_routes_per_client = 256
Wed Apr 19 13:58:23 2017 us=441298   auth_user_pass_verify_script = '[UNDEF]'
Wed Apr 19 13:58:23 2017 us=441304   auth_user_pass_verify_script_via_file = DISABLED
Wed Apr 19 13:58:23 2017 us=441310   auth_token_generate = DISABLED
Wed Apr 19 13:58:23 2017 us=441316   auth_token_lifetime = 0
Wed Apr 19 13:58:23 2017 us=441322   port_share_host = '[UNDEF]'
Wed Apr 19 13:58:23 2017 us=441328   port_share_port = '[UNDEF]'
Wed Apr 19 13:58:23 2017 us=441334   client = DISABLED
Wed Apr 19 13:58:23 2017 us=441340   pull = DISABLED
Wed Apr 19 13:58:23 2017 us=441346   auth_user_pass_file = '[UNDEF]'
Wed Apr 19 13:58:23 2017 us=441354 OpenVPN 2.4.1 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Mar 22 2017
Wed Apr 19 13:58:23 2017 us=441367 library versions: OpenSSL 1.0.2g  1 Mar 2016, LZO 2.08
Wed Apr 19 13:58:23 2017 us=447312 NOTE: when bridging your LAN adapter with the TAP adapter, note that the new bridge adapter will often take on its own IP address that is different from what the LAN adapter was previously set to
Wed Apr 19 13:58:23 2017 us=457414 Diffie-Hellman initialized with 2048 bit key
Wed Apr 19 13:58:23 2017 us=472151 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Apr 19 13:58:23 2017 us=472174 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Apr 19 13:58:23 2017 us=472188 TLS-Auth MTU parms [ L:1655 D:1182 EF:68 EB:0 ET:0 EL:3 ]
Wed Apr 19 13:58:23 2017 us=475982 TUN/TAP device tap0 opened
Wed Apr 19 13:58:23 2017 us=476013 TUN/TAP TX queue length set to 100
Wed Apr 19 13:58:23 2017 us=476043 Data Channel MTU parms [ L:1655 D:1450 EF:123 EB:411 ET:32 EL:3 ]
Wed Apr 19 13:58:23 2017 us=476054 Could not determine IPv4/IPv6 protocol. Using AF_INET
Wed Apr 19 13:58:23 2017 us=476069 Socket Buffers: R=[87380->425984] S=[16384->425984]
Wed Apr 19 13:58:23 2017 us=476082 Listening for incoming TCP connection on [AF_INET][undef]:37
Wed Apr 19 13:58:23 2017 us=476092 Socket flags: TCP_NODELAY=1 succeeded
Wed Apr 19 13:58:23 2017 us=476100 TCPv4_SERVER link local (bound): [AF_INET][undef]:37
Wed Apr 19 13:58:23 2017 us=476107 TCPv4_SERVER link remote: [AF_UNSPEC]
Wed Apr 19 13:58:23 2017 us=476116 MULTI: multi_init called, r=256 v=256
Wed Apr 19 13:58:23 2017 us=476137 IFCONFIG POOL: base=192.168.xx.200 size=51, ipv6=0
Wed Apr 19 13:58:23 2017 us=476155 MULTI: TCP INIT maxclients=1024 maxevents=1028
Wed Apr 19 13:58:23 2017 us=476182 Initialization Sequence Completed
Wed Apr 19 14:13:36 2017 us=261419 MULTI: multi_create_instance called
Wed Apr 19 14:13:36 2017 us=262342 Re-using SSL/TLS context
Wed Apr 19 14:13:36 2017 us=263667 Control Channel MTU parms [ L:1655 D:1182 EF:68 EB:0 ET:0 EL:3 ]
Wed Apr 19 14:13:36 2017 us=263985 Data Channel MTU parms [ L:1655 D:1450 EF:123 EB:411 ET:32 EL:3 ]
Wed Apr 19 14:13:36 2017 us=265352 Local Options String (VER=V4): 'V4,dev-type tap,link-mtu 1591,tun-mtu 1532,proto TCPv4_SERVER,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
Wed Apr 19 14:13:36 2017 us=265553 Expected Remote Options String (VER=V4): 'V4,dev-type tap,link-mtu 1591,tun-mtu 1532,proto TCPv4_CLIENT,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
Wed Apr 19 14:13:36 2017 us=265908 TCP connection established with [AF_INET]82.xxx.yyy.zzz:12806
Wed Apr 19 14:13:36 2017 us=266195 Socket flags: TCP_NODELAY=1 succeeded
Wed Apr 19 14:13:36 2017 us=266350 TCP_SERVER link local: (not bound)
Wed Apr 19 14:13:36 2017 us=266474 TCP_SERVER link remote: [AF_INET]82.xxx.yyy.zzz:12806
Wed Apr 19 14:13:37 2017 us=255244 82.xxx.yyy.zzz:12806 TLS: Initial packet from [AF_INET]82.xxx.yyy.zzz:12806, sid=fe1caf27 472f7400
Wed Apr 19 14:13:37 2017 us=371983 82.xxx.yyy.zzz:12806 VERIFY OK: depth=1, ................
Wed Apr 19 14:13:37 2017 us=373589 82.xxx.yyy.zzz:12806 VERIFY OK: depth=0, ................
Wed Apr 19 14:13:37 2017 us=381800 82.xxx.yyy.zzz:12806 peer info: IV_VER=2.4.0
Wed Apr 19 14:13:37 2017 us=381933 82.xxx.yyy.zzz:12806 peer info: IV_PLAT=win
Wed Apr 19 14:13:37 2017 us=382004 82.xxx.yyy.zzz:12806 peer info: IV_PROTO=2
Wed Apr 19 14:13:37 2017 us=382136 82.xxx.yyy.zzz:12806 peer info: IV_NCP=2
Wed Apr 19 14:13:37 2017 us=382206 82.xxx.yyy.zzz:12806 peer info: IV_LZ4=1
Wed Apr 19 14:13:37 2017 us=382251 82.xxx.yyy.zzz:12806 peer info: IV_LZ4v2=1
Wed Apr 19 14:13:37 2017 us=382296 82.xxx.yyy.zzz:12806 peer info: IV_LZO=1
Wed Apr 19 14:13:37 2017 us=382362 82.xxx.yyy.zzz:12806 peer info: IV_COMP_STUB=1
Wed Apr 19 14:13:37 2017 us=382408 82.xxx.yyy.zzz:12806 peer info: IV_COMP_STUBv2=1
Wed Apr 19 14:13:37 2017 us=382453 82.xxx.yyy.zzz:12806 peer info: IV_TCPNL=1
Wed Apr 19 14:13:37 2017 us=382520 82.xxx.yyy.zzz:12806 peer info: IV_GUI_VER=OpenVPN_GUI_11
Wed Apr 19 14:13:37 2017 us=387998 82.xxx.yyy.zzz:12806 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Wed Apr 19 14:13:37 2017 us=388317 82.xxx.yyy.zzz:12806 [Pendgy-office] Peer Connection Initiated with [AF_INET]82.xxx.yyy.zzz:12806
Wed Apr 19 14:13:37 2017 us=388477 Pendgy-office/82.xxx.yyy.zzz:12806 MULTI_sva: pool returned IPv4=192.168.77.200, IPv6=(Not enabled)
Wed Apr 19 14:13:38 2017 us=551687 Pendgy-office/82.xxx.yyy.zzz:12806 PUSH: Received control message: 'PUSH_REQUEST'
Wed Apr 19 14:13:38 2017 us=551973 Pendgy-office/82.xxx.yyy.zzz:12806 SENT CONTROL [Pendgy-office]: 'PUSH_REPLY,route-gateway 192.168.xx.1,route 0.0.0.0 255.255.255.255 net_gateway,dhcp-option DNS 192.168.xx.1,dhcp-option DOMAIN pendgy.bg,redirect-gateway def1,route-gateway 192.168.xx.1,ping 15,ping-restart 60,socket-flags TCP_NODELAY,ifconfig 192.168.xx.200 255.255.255.0,peer-id 0,cipher AES-256-GCM' (status=1)
Wed Apr 19 14:13:38 2017 us=552320 Pendgy-office/82.xxx.yyy.zzz:12806 Data Channel MTU parms [ L:1583 D:1450 EF:51 EB:411 ET:32 EL:3 ]
Wed Apr 19 14:13:38 2017 us=552850 Pendgy-office/82.xxx.yyy.zzz:12806 Data Channel Encrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
Wed Apr 19 14:13:38 2017 us=552928 Pendgy-office/82.xxx.yyy.zzz:12806 Data Channel Decrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
Wed Apr 19 14:13:38 2017 us=584479 Pendgy-office/82.xxx.yyy.zzz:12806 MULTI: Learn: 00:ff:4a:a5:d8:0d -> Pendgy-office/82.xxx.yyy.zzz:12806
Wed Apr 19 14:16:23 2017 us=176312 Pendgy-office/82.xxx.yyy.zzz:12806 Connection reset, restarting [-1]
Wed Apr 19 14:16:23 2017 us=176418 Pendgy-office/82.xxx.yyy.zzz:12806 SIGUSR1[soft,connection-reset] received, client-instance restarting
Wed Apr 19 14:16:23 2017 us=176651 TCP/UDP: Closing socket
Top
TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Help needed: OpenVPN server in TAP mode behind router

Post by TinCanTech » Wed Apr 19, 2017 1:23 pm

netware5 wrote:

Code: Select all

push "route-gateway 192.168.xx.1"
push "route 0.0.0.0 255.255.255.255 net_gateway"
Remove this from your server config and restart.
Top
netware5
OpenVpn Newbie
Posts: 15
Joined: Tue Apr 08, 2014 11:54 am

Re: Help needed: OpenVPN server in TAP mode behind router

Post by netware5 » Wed Apr 19, 2017 1:44 pm

TinCanTech wrote:
netware5 wrote:

Code: Select all

push "route-gateway 192.168.xx.1"
push "route 0.0.0.0 255.255.255.255 net_gateway"
Remove this from your server config and restart.
Done. No change. I think that the client cannot reach the gateway 192.168.xx.1 and that's the reason to be unable to set the default gateway. The only device from remote LAN it can ping is 192.168.xx.200, i.e. the client's own remote LAN IP address.
Top
TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Help needed: OpenVPN server in TAP mode behind router

Post by TinCanTech » Wed Apr 19, 2017 2:15 pm

netware5 wrote:I think that the client cannot reach the gateway 192.168.xx.1
You understand that 192.168.x.x is a private network which cannot be remotely hacked and so you hiding it achieves nothing .. ?

Are the server and client either:
  • On the same physical LAN ?
  • Or using the same IP subnet ?
Top
netware5
OpenVpn Newbie
Posts: 15
Joined: Tue Apr 08, 2014 11:54 am

Re: Help needed: OpenVPN server in TAP mode behind router

Post by netware5 » Wed Apr 19, 2017 2:29 pm

TinCanTech wrote:
netware5 wrote:I think that the client cannot reach the gateway 192.168.xx.1
You understand that 192.168.x.x is a private network which cannot be remotely hacked and so you hiding it achieves nothing .. ?

Are the server and client either:
  • On the same physical LAN ?
  • Or using the same IP subnet ?
They are not on the same physical LAN. The server is at home, the client is at my office. The local LAN in my office and the local LAN at home are on different private subnets. At home is 192 .... in the office is 10 ....
Top
TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Help needed: OpenVPN server in TAP mode behind router

Post by TinCanTech » Wed Apr 19, 2017 3:22 pm

netware5 wrote:The client cannot ping any LAN device (router, VM's host and the Ubuntu VM itself). This is obvious because the windows TAP adapter has no gateway assigned.
The client TAP adapter does not require a gateway parameter.

Please post while connected to the VPN (sanitized but leave me enough to work with !)
I presume you have read this:
https://openvpn.net/index.php/open-sour ... dging.html
Top
netware5
OpenVpn Newbie
Posts: 15
Joined: Tue Apr 08, 2014 11:54 am

Re: Help needed: OpenVPN server in TAP mode behind router

Post by netware5 » Wed Apr 19, 2017 4:18 pm

TinCanTech wrote:
netware5 wrote:The client cannot ping any LAN device (router, VM's host and the Ubuntu VM itself). This is obvious because the windows TAP adapter has no gateway assigned.
The client TAP adapter does not require a gateway parameter.

Please post while connected to the VPN (sanitized but leave me enough to work with !)
I presume you have read this:
https://openvpn.net/index.php/open-sour ... dging.html
Regarding the client TAP adapter default GW - sorry, it is my fault. I've checked now when connected to working OpenVPN server on my home router - it also has no GW.

As now I am in the office, the only way to manage any home LAN device is using ssh through OpenVPN tunnel connected to my home router. I can print the requested server info, but it will be without client connected. When the client is connected to Ubuntu server I have no access to the server, so I am unable to print brctl show, ifconfig and route. In order to do this I need to be back at home. I will use one laptop connected to mobile phone to connect to OpenVPN from outside and second laptop to access the server from inside by ssh. My server has no physical console and monitor. I will be back at home tonight.

Now I am able to provide you with client side info. Just for comparison I am posting also the same info for the case when the client is connected to the working OpenVPN server on my home router.

Yes, I have read the link you referred to.

Client to router ipconfig /all

Code: Select all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : BNSA-870
   Primary Dns Suffix  . . . . . . . : BNSA.LOCAL
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : BNSA.LOCAL
                                       bnra.bg
                                       pendgy.bg

Ethernet adapter Ethernet:

   Connection-specific DNS Suffix  . : bnra.bg
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 90-1B-0E-8E-4E-99
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::dd66:9d24:5403:fa38%9(Preferred) 
   IPv4 Address. . . . . . . . . . . : 10.96.251.207(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : 19  ЇаЁ« 2017 Ј. 9:59:05
   Lease Expires . . . . . . . . . . : 19  ЇаЁ« 2017 Ј. 20:29:05
   Default Gateway . . . . . . . . . : 10.96.251.11
   DHCP Server . . . . . . . . . . . : 10.96.251.11
   DHCPv6 IAID . . . . . . . . . . . : 42998542
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1F-D7-5F-B8-90-1B-0E-8E-4E-99
   DNS Servers . . . . . . . . . . . : 10.96.251.83
                                       10.96.251.84
   Primary WINS Server . . . . . . . : 10.96.251.83
   Secondary WINS Server . . . . . . : 10.96.251.84
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Npcap Loopback Adapter:

   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Npcap Loopback Adapter
   Physical Address. . . . . . . . . : 02-00-4C-4F-4F-50
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::3c6b:b7be:4a9f:f092%23(Preferred) 
   Autoconfiguration IPv4 Address. . : 169.254.240.146(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.0.0
   Default Gateway . . . . . . . . . : 
   DHCPv6 IAID . . . . . . . . . . . : 386007116
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1F-D7-5F-B8-90-1B-0E-8E-4E-99
   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Ethernet 2:

   Connection-specific DNS Suffix  . : pendgy.bg
   Description . . . . . . . . . . . : TAP-Windows Adapter V9
   Physical Address. . . . . . . . . : 00-FF-4A-A5-D8-0D
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::a0a4:d5f2:485a:f463%7(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.77.71(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : 19  ЇаЁ« 2017 Ј. 18:17:18
   Lease Expires . . . . . . . . . . : 20  ЇаЁ« 2017 Ј. 18:17:18
   Default Gateway . . . . . . . . . : 
   DHCP Server . . . . . . . . . . . : 192.168.77.1
   DHCPv6 IAID . . . . . . . . . . . : 167837514
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1F-D7-5F-B8-90-1B-0E-8E-4E-99
   DNS Servers . . . . . . . . . . . : 192.168.77.1
                                       192.168.77.1
   Primary WINS Server . . . . . . . : 192.168.77.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.bnra.bg:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : bnra.bg
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.pendgy.bg:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : pendgy.bg
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{204DAD5D-C415-4E06-B2DD-98D1E7B268F8}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Client to router route print -4

Code: Select all

===========================================================================
Interface List
  9...90 1b 0e 8e 4e 99 ......Realtek PCIe GBE Family Controller
 23...02 00 4c 4f 4f 50 ......Npcap Loopback Adapter
  7...00 ff 4a a5 d8 0d ......TAP-Windows Adapter V9
  1...........................Software Loopback Interface 1
 15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 13...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
 40...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #5
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0     10.96.251.11    10.96.251.207     25
          0.0.0.0        128.0.0.0     192.168.77.1    192.168.77.71     35
          0.0.0.0  255.255.255.255     10.96.251.11    10.96.251.207     25
      10.96.251.0    255.255.255.0         On-link     10.96.251.207    281
    10.96.251.207  255.255.255.255         On-link     10.96.251.207    281
    10.96.251.255  255.255.255.255         On-link     10.96.251.207    281
      78.xxx.yyy.zzz  255.255.255.255     10.96.251.11    10.96.251.207     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
        128.0.0.0        128.0.0.0     192.168.77.1    192.168.77.71     35
      169.254.0.0      255.255.0.0         On-link   169.254.240.146    281
  169.254.240.146  255.255.255.255         On-link   169.254.240.146    281
  169.254.255.255  255.255.255.255         On-link   169.254.240.146    281
     192.168.77.0    255.255.255.0         On-link     192.168.77.71    291
    192.168.77.71  255.255.255.255         On-link     192.168.77.71    291
   192.168.77.255  255.255.255.255         On-link     192.168.77.71    291
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link   169.254.240.146    281
        224.0.0.0        240.0.0.0         On-link     192.168.77.71    291
        224.0.0.0        240.0.0.0         On-link     10.96.251.207    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link   169.254.240.146    281
  255.255.255.255  255.255.255.255         On-link     192.168.77.71    291
  255.255.255.255  255.255.255.255         On-link     10.96.251.207    281
===========================================================================
Persistent Routes:
  None
Client to Ubuntu ipconfig /all

Code: Select all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : BNSA-870
   Primary Dns Suffix  . . . . . . . : BNSA.LOCAL
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : BNSA.LOCAL
                                       bnra.bg
                                       pendgy.bg

Ethernet adapter Ethernet:

   Connection-specific DNS Suffix  . : bnra.bg
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 90-1B-0E-8E-4E-99
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::dd66:9d24:5403:fa38%9(Preferred) 
   IPv4 Address. . . . . . . . . . . : 10.96.251.207(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : 19  ЇаЁ« 2017 Ј. 9:59:05
   Lease Expires . . . . . . . . . . : 19  ЇаЁ« 2017 Ј. 20:29:05
   Default Gateway . . . . . . . . . : 10.96.251.11
   DHCP Server . . . . . . . . . . . : 10.96.251.11
   DHCPv6 IAID . . . . . . . . . . . : 42998542
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1F-D7-5F-B8-90-1B-0E-8E-4E-99
   DNS Servers . . . . . . . . . . . : 10.96.251.83
                                       10.96.251.84
   Primary WINS Server . . . . . . . : 10.96.251.83
   Secondary WINS Server . . . . . . : 10.96.251.84
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Npcap Loopback Adapter:

   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Npcap Loopback Adapter
   Physical Address. . . . . . . . . : 02-00-4C-4F-4F-50
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::3c6b:b7be:4a9f:f092%23(Preferred) 
   Autoconfiguration IPv4 Address. . : 169.254.240.146(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.0.0
   Default Gateway . . . . . . . . . : 
   DHCPv6 IAID . . . . . . . . . . . : 386007116
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1F-D7-5F-B8-90-1B-0E-8E-4E-99
   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Ethernet 2:

   Connection-specific DNS Suffix  . : pendgy.bg
   Description . . . . . . . . . . . : TAP-Windows Adapter V9
   Physical Address. . . . . . . . . : 00-FF-4A-A5-D8-0D
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::a0a4:d5f2:485a:f463%7(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.77.200(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : 19  ЇаЁ« 2017 Ј. 18:47:49
   Lease Expires . . . . . . . . . . : 19  ЇаЁ« 2018 Ј. 18:47:49
   Default Gateway . . . . . . . . . : 
   DHCP Server . . . . . . . . . . . : 192.168.77.0
   DHCPv6 IAID . . . . . . . . . . . : 167837514
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1F-D7-5F-B8-90-1B-0E-8E-4E-99
   DNS Servers . . . . . . . . . . . : 192.168.77.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.bnra.bg:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : bnra.bg
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.pendgy.bg:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : pendgy.bg
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{204DAD5D-C415-4E06-B2DD-98D1E7B268F8}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Client to Ubuntu route print -4

Code: Select all

===========================================================================
Interface List
  9...90 1b 0e 8e 4e 99 ......Realtek PCIe GBE Family Controller
 23...02 00 4c 4f 4f 50 ......Npcap Loopback Adapter
  7...00 ff 4a a5 d8 0d ......TAP-Windows Adapter V9
  1...........................Software Loopback Interface 1
 15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 13...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
 40...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #5
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0     10.96.251.11    10.96.251.207     25
          0.0.0.0        128.0.0.0     192.168.77.1   192.168.77.200     35
      10.96.251.0    255.255.255.0         On-link     10.96.251.207    281
    10.96.251.207  255.255.255.255         On-link     10.96.251.207    281
    10.96.251.255  255.255.255.255         On-link     10.96.251.207    281
      78.xxx.yyy.zzz  255.255.255.255     10.96.251.11    10.96.251.207     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
        128.0.0.0        128.0.0.0     192.168.77.1   192.168.77.200     35
      169.254.0.0      255.255.0.0         On-link   169.254.240.146    281
  169.254.240.146  255.255.255.255         On-link   169.254.240.146    281
  169.254.255.255  255.255.255.255         On-link   169.254.240.146    281
     192.168.77.0    255.255.255.0         On-link    192.168.77.200    291
   192.168.77.200  255.255.255.255         On-link    192.168.77.200    291
   192.168.77.255  255.255.255.255         On-link    192.168.77.200    291
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link   169.254.240.146    281
        224.0.0.0        240.0.0.0         On-link    192.168.77.200    291
        224.0.0.0        240.0.0.0         On-link     10.96.251.207    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link   169.254.240.146    281
  255.255.255.255  255.255.255.255         On-link    192.168.77.200    291
  255.255.255.255  255.255.255.255         On-link     10.96.251.207    281
===========================================================================
Persistent Routes:
  None
Top
TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Help needed: OpenVPN server in TAP mode behind router

Post by TinCanTech » Wed Apr 19, 2017 4:40 pm

If you can connect properly to your router then you should be able to ping/ssh etc the Ubuntu server
over that VPN, without needing to connect to the Ubuntu server. Because the Ubuntu server is on the
same LAN as the router (192.168.77.0/24) and also, thereby, on the same LAN as your client connecting
to the router.
Top
netware5
OpenVpn Newbie
Posts: 15
Joined: Tue Apr 08, 2014 11:54 am

Re: Help needed: OpenVPN server in TAP mode behind router

Post by netware5 » Wed Apr 19, 2017 4:48 pm

TinCanTech wrote:If you can connect properly to your router then you should be able to ping/ssh etc the Ubuntu server
over that VPN, without needing to connect to the Ubuntu server. Because they are on the same LAN.
Yes, I know and I can. But I had the impression that you want to have the printouts under condition that the client is connected to Ubuntu's OpenVPN server not to router's OpenVPN server. Of course I can do this now with client connected to router's OpenVPN server.
Top
netware5
OpenVpn Newbie
Posts: 15
Joined: Tue Apr 08, 2014 11:54 am

Re: Help needed: OpenVPN server in TAP mode behind router

Post by netware5 » Wed Apr 19, 2017 4:59 pm

Here is the server's info

Code: Select all

root@OpenVPNGate:~# brctl show
bridge name     bridge id               STP enabled     interfaces
br0             8000.080027a0608d       no              enp0s3

Code: Select all

root@OpenVPNGate:~# ifconfig
br0       Link encap:Ethernet  HWaddr 08:00:27:a0:60:8d
          inet addr:192.168.77.5  Bcast:192.168.77.255  Mask:255.255.255.0
          inet6 addr: fe80::a00:27ff:fea0:608d/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:7064 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2806 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:554796 (554.7 KB)  TX bytes:277333 (277.3 KB)

enp0s3    Link encap:Ethernet  HWaddr 08:00:27:a0:60:8d
          inet6 addr: fe80::a00:27ff:fea0:608d/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:318295 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2811 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:70697805 (70.6 MB)  TX bytes:292791 (292.7 KB)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:160 errors:0 dropped:0 overruns:0 frame:0
          TX packets:160 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1
          RX bytes:11840 (11.8 KB)  TX bytes:11840 (11.8 KB)

Code: Select all

root@OpenVPNGate:~# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         router.asus.com 0.0.0.0         UG    0      0        0 br0
192.168.77.0    *               255.255.255.0   U     0      0        0 br0
Top
TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Help needed: OpenVPN server in TAP mode behind router

Post by TinCanTech » Wed Apr 19, 2017 5:37 pm

TinCanTech wrote:I presume you have read this:
https://openvpn.net/index.php/open-sour ... dging.html
Please read it carefully .. :ugeek:
Top
netware5
OpenVpn Newbie
Posts: 15
Joined: Tue Apr 08, 2014 11:54 am

Re: Help needed: OpenVPN server in TAP mode behind router

Post by netware5 » Thu Apr 20, 2017 10:29 pm

TinCanTech wrote:
TinCanTech wrote:I presume you have read this:
https://openvpn.net/index.php/open-sour ... dging.html
Please read it carefully .. :ugeek:
Thanks! It is my fault. The tap0 interface has not been in "up" state and has not been bridged to br0. This is due to my little experience with configuring OpenVPN on Ubuntu servers. As I said - until last week I had experience mainly with OpenVPN servers on routers, where all that stuff is managed through GUI.

Now everything is working fine. Thank you!
Top
Post Reply

Return to “Configuration”