Ubuntu 14.04 (virtual) server running the packaged openvpn and easy-rsa from the official repos.
Win10 client running the latest OpenVPN client GUI from the download pages here.
I have no firewall on the Ubuntu machine, just two very simple iptables rules to deal with forwarding, I am attempting to route traffic from tun0 through eth4 (the machine's only interface is called eth4 for historical reasons.)
Code: Select all
iptables -I FORWARD -i tun0 -o eth4 -s 10.8.0.0/24 -m conntrack --ctstate NEW -j ACCEPT
iptables -I FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
Code: Select all
# ifconfig -a
eth4 Link encap:Ethernet HWaddr 00:16:3e:53:98:94
inet addr:192.168.1.108 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: 2a02:c7f:c211:7c00:216:3eff:fe53:9894/64 Scope:Global
inet6 addr: fd9c:377:47de:0:216:3eff:fe53:9894/64 Scope:Global
inet6 addr: fe80::216:3eff:fe53:9894/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:21720 errors:0 dropped:0 overruns:0 frame:0
TX packets:21096 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:7114192 (7.1 MB) TX bytes:7668832 (7.6 MB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:1009 errors:0 dropped:0 overruns:0 frame:0
TX packets:1009 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:325936 (325.9 KB) TX bytes:325936 (325.9 KB)
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.8.0.1 P-t-P:10.8.0.2 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:9880 errors:0 dropped:0 overruns:0 frame:0
TX packets:12329 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:1292827 (1.2 MB) TX bytes:4099170 (4.0 MB)
Code: Select all
Wed Apr 26 20:14:04 2017 OpenVPN 2.4.1 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Mar 22 2017
Wed Apr 26 20:14:04 2017 Windows version 6.2 (Windows 8 or greater) 64bit
Wed Apr 26 20:14:04 2017 library versions: OpenSSL 1.0.2k 26 Jan 2017, LZO 2.09
Wed Apr 26 20:14:04 2017 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Wed Apr 26 20:14:04 2017 Need hold release from management interface, waiting...
Wed Apr 26 20:14:05 2017 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Wed Apr 26 20:14:05 2017 MANAGEMENT: CMD 'state on'
Wed Apr 26 20:14:05 2017 MANAGEMENT: CMD 'log all on'
Wed Apr 26 20:14:05 2017 MANAGEMENT: CMD 'echo all on'
Wed Apr 26 20:14:05 2017 MANAGEMENT: CMD 'hold off'
Wed Apr 26 20:14:05 2017 MANAGEMENT: CMD 'hold release'
Wed Apr 26 20:14:05 2017 WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
Wed Apr 26 20:14:05 2017 MANAGEMENT: >STATE:1493234045,RESOLVE,,,,,,
Wed Apr 26 20:14:05 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]188.221.21.147:1194
Wed Apr 26 20:14:05 2017 Socket Buffers: R=[65536->65536] S=[65536->65536]
Wed Apr 26 20:14:05 2017 UDP link local: (not bound)
Wed Apr 26 20:14:05 2017 UDP link remote: [AF_INET]188.221.21.147:1194
Wed Apr 26 20:14:05 2017 MANAGEMENT: >STATE:1493234045,WAIT,,,,,,
Wed Apr 26 20:14:05 2017 MANAGEMENT: >STATE:1493234045,AUTH,,,,,,
Wed Apr 26 20:14:05 2017 TLS: Initial packet from [AF_INET]188.221.21.147:1194, sid=1f620c57 1457ed1a
Wed Apr 26 20:14:06 2017 VERIFY OK: depth=1, *REDACTED*
Wed Apr 26 20:14:06 2017 VERIFY OK: nsCertType=SERVER
Wed Apr 26 20:14:06 2017 VERIFY OK: depth=0, *REDACTED*
Wed Apr 26 20:14:06 2017 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Wed Apr 26 20:14:06 2017 [jimbo.uk.to] Peer Connection Initiated with [AF_INET]188.221.21.147:1194
Wed Apr 26 20:14:07 2017 MANAGEMENT: >STATE:1493234047,GET_CONFIG,,,,,,
Wed Apr 26 20:14:07 2017 SENT CONTROL [*REDACTED*]: 'PUSH_REQUEST' (status=1)
Wed Apr 26 20:14:07 2017 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5'
Wed Apr 26 20:14:07 2017 OPTIONS IMPORT: timers and/or timeouts modified
Wed Apr 26 20:14:07 2017 OPTIONS IMPORT: --ifconfig/up options modified
Wed Apr 26 20:14:07 2017 OPTIONS IMPORT: route options modified
Wed Apr 26 20:14:07 2017 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Wed Apr 26 20:14:07 2017 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Wed Apr 26 20:14:07 2017 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Apr 26 20:14:07 2017 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Wed Apr 26 20:14:07 2017 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Apr 26 20:14:07 2017 interactive service msg_channel=596
Wed Apr 26 20:14:07 2017 ROUTE_GATEWAY 192.168.1.1/255.255.255.0 I=17 HWADDR=00:25:d3:7c:28:48
Wed Apr 26 20:14:07 2017 open_tun
Wed Apr 26 20:14:07 2017 TAP-WIN32 device [Ethernet] opened: \\.\Global\{1C86F609-7308-4239-83F4-B33DE6FC0A8B}.tap
Wed Apr 26 20:14:07 2017 TAP-Windows Driver Version 9.21
Wed Apr 26 20:14:07 2017 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.8.0.6/255.255.255.252 on interface {1C86F609-7308-4239-83F4-B33DE6FC0A8B} [DHCP-serv: 10.8.0.5, lease-time: 31536000]
Wed Apr 26 20:14:07 2017 Successful ARP Flush on interface [7] {1C86F609-7308-4239-83F4-B33DE6FC0A8B}
Wed Apr 26 20:14:07 2017 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Wed Apr 26 20:14:07 2017 MANAGEMENT: >STATE:1493234047,ASSIGN_IP,,10.8.0.6,,,,
Wed Apr 26 20:14:12 2017 TEST ROUTES: 2/2 succeeded len=1 ret=1 a=0 u/d=up
Wed Apr 26 20:14:12 2017 C:\WINDOWS\system32\route.exe ADD 188.221.21.147 MASK 255.255.255.255 192.168.1.1
Wed Apr 26 20:14:12 2017 Route addition via service succeeded
Wed Apr 26 20:14:12 2017 C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.8.0.5
Wed Apr 26 20:14:12 2017 Route addition via service succeeded
Wed Apr 26 20:14:12 2017 C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.8.0.5
Wed Apr 26 20:14:12 2017 Route addition via service succeeded
Wed Apr 26 20:14:12 2017 MANAGEMENT: >STATE:1493234052,ADD_ROUTES,,,,,,
Wed Apr 26 20:14:12 2017 C:\WINDOWS\system32\route.exe ADD 10.8.0.1 MASK 255.255.255.255 10.8.0.5
Wed Apr 26 20:14:12 2017 Route addition via service succeeded
Wed Apr 26 20:14:12 2017 Initialization Sequence Completed
Wed Apr 26 20:14:12 2017 MANAGEMENT: >STATE:1493234052,CONNECTED,SUCCESS,10.8.0.6,188.221.21.147,1194,,