I have a network1 at home and a remote network2. I want to VPN from network2 to network1 (home). In network1 I have a couple of Windows 7 PCs. In network2 I have a couple of Windows 10 PCs. Network details are:
network1 (home) = 192.168.2.0/24, gateway = 192.168.2.1, public IP = 79.X.X.X
network2 (remote) = 192.168.43.0/24, gateway = 192.168.43.1, public IP = 95.X.X.X
These are my server and client .ovpn files:
dev tap
dev-node TAPadapter
proto udp
remote [network1_public_ip] 1194
resolv-retry infinite
nobind
persist-key
persist-tun
mute-replay-warnings
ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\config\\client.crt"
key "C:\\Program Files\\OpenVPN\\config\\client.key"
remote-cert-tls server
tls-auth ta.key 1
cipher AES-256-CBC
comp-lzo
verb 3
mute 20
proto udp
dev tap
dev-node TAPadapter
ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\config\\server.crt"
dh "C:\\Program Files\\OpenVPN\\config\\dh1024.pem"
ifconfig-pool-persist ipp.txt
server-bridge 192.168.2.240 255.255.255.0 192.168.2.241 192.168.2.249
server-bridge
push "route 192.168.2.0 255.255.255.0"
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
keepalive 10 120
cipher AES-256-CBC
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3
explicit-exit-notify 1
Port UDP 1194 is open on the router on network1.
I start both OpenVPN GUIs as administrator, connect the client to the server and it connects no problem, I can ping 192.168.2.X from 192.168.43.X, but the internet traffic still goes out directly, not through the VPN (I go to http://www.whatismyp.com and it still shows the 95.X.X.X IP address instead of the 79.X.X.X, which is what I want).
I tried installing OpenVPN on the other Windows 7 computer and using the server config on it, and I get exactly the same behaviour, so it seems to point to some configuration issue.
This is the server output log:
Tue Jul 25 16:57:40 2017 Windows version 6.1 (Windows 7) 64bit
Tue Jul 25 16:57:40 2017 library versions: OpenSSL 1.0.2l 25 May 2017, LZO 2.10
Enter Management Password:
Tue Jul 25 16:57:40 2017 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Tue Jul 25 16:57:40 2017 Need hold release from management interface, waiting...
Tue Jul 25 16:57:41 2017 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Tue Jul 25 16:57:41 2017 MANAGEMENT: CMD 'state on'
Tue Jul 25 16:57:41 2017 MANAGEMENT: CMD 'log all on'
Tue Jul 25 16:57:41 2017 MANAGEMENT: CMD 'echo all on'
Tue Jul 25 16:57:41 2017 MANAGEMENT: CMD 'hold off'
Tue Jul 25 16:57:41 2017 MANAGEMENT: CMD 'hold release'
Tue Jul 25 16:57:41 2017 NOTE: when bridging your LAN adapter with the TAP adapter, note that the new bridge adapter will often take on its own IP address that is different from what the LAN adapter was previously set to
Tue Jul 25 16:57:41 2017 Diffie-Hellman initialized with 1024 bit key
Tue Jul 25 16:57:41 2017 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jul 25 16:57:41 2017 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jul 25 16:57:41 2017 interactive service msg_channel=0
Tue Jul 25 16:57:41 2017 open_tun
Tue Jul 25 16:57:41 2017 TAP-WIN32 device [TAPadapter] opened: \\.\Global\{3675BBD5-E11B-407C-8AD5-1C51E5979A9D}.tap
Tue Jul 25 16:57:41 2017 TAP-Windows Driver Version 9.21
Tue Jul 25 16:57:41 2017 Sleeping for 10 seconds...
Tue Jul 25 16:57:51 2017 NOTE: FlushIpNetTable failed on interface [15] {3675BBD5-E11B-407C-8AD5-1C51E5979A9D} (status=1168) : Element not found.
Tue Jul 25 16:57:51 2017 Could not determine IPv4/IPv6 protocol. Using AF_INET6
Tue Jul 25 16:57:51 2017 Socket Buffers: R=[8192->8192] S=[8192->8192]
Tue Jul 25 16:57:51 2017 setsockopt(IPV6_V6ONLY=0)
Tue Jul 25 16:57:51 2017 UDPv6 link local (bound): [AF_INET6][undef]:1194
Tue Jul 25 16:57:51 2017 UDPv6 link remote: [AF_UNSPEC]
Tue Jul 25 16:57:51 2017 MULTI: multi_init called, r=256 v=256
Tue Jul 25 16:57:51 2017 IFCONFIG POOL: base=192.168.2.241 size=9, ipv6=0
Tue Jul 25 16:57:51 2017 ifconfig_pool_read(), in='server,192.168.2.241', TODO: IPv6
Tue Jul 25 16:57:51 2017 succeeded -> ifconfig_pool_set()
Tue Jul 25 16:57:51 2017 IFCONFIG POOL LIST
Tue Jul 25 16:57:51 2017 server,192.168.2.241
Tue Jul 25 16:57:51 2017 Initialization Sequence Completed
Tue Jul 25 16:57:51 2017 MANAGEMENT: >STATE:1500994671,CONNECTED,SUCCESS,,,,::ffff:0:0,1194
and this is the client output log:
Tue Jul 25 17:01:51 2017 Windows version 6.2 (Windows 8 or greater) 64bit
Tue Jul 25 17:01:51 2017 library versions: OpenSSL 1.0.2l 25 May 2017, LZO 2.10
Enter Management Password:
Tue Jul 25 17:01:51 2017 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Tue Jul 25 17:01:51 2017 Need hold release from management interface, waiting...
Tue Jul 25 17:01:51 2017 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Tue Jul 25 17:01:51 2017 MANAGEMENT: CMD 'state on'
Tue Jul 25 17:01:51 2017 MANAGEMENT: CMD 'log all on'
Tue Jul 25 17:01:51 2017 MANAGEMENT: CMD 'echo all on'
Tue Jul 25 17:01:51 2017 MANAGEMENT: CMD 'hold off'
Tue Jul 25 17:01:52 2017 MANAGEMENT: CMD 'hold release'
Tue Jul 25 17:01:52 2017 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jul 25 17:01:52 2017 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jul 25 17:01:52 2017 MANAGEMENT: >STATE:1500994912,RESOLVE,,,,,,
Tue Jul 25 17:01:52 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]79.X.X.X:1194
Tue Jul 25 17:01:52 2017 Socket Buffers: R=[65536->65536] S=[65536->65536]
Tue Jul 25 17:01:52 2017 UDP link local: (not bound)
Tue Jul 25 17:01:52 2017 UDP link remote: [AF_INET]79.X.X.X:1194
Tue Jul 25 17:01:52 2017 MANAGEMENT: >STATE:1500994912,WAIT,,,,,,
Tue Jul 25 17:01:52 2017 MANAGEMENT: >STATE:1500994912,AUTH,,,,,,
Tue Jul 25 17:01:52 2017 TLS: Initial packet from [AF_INET]79.X.X.X:1194, sid=4279e9ed 93a5e490
Tue Jul 25 17:01:52 2017 VERIFY OK: depth=1, C=XX, ST=XX, L=XX, O=XX, OU=XX, CN=XX, name=XX, emailAddress=XX
Tue Jul 25 17:01:52 2017 VERIFY KU OK
Tue Jul 25 17:01:52 2017 Validating certificate extended key usage
Tue Jul 25 17:01:52 2017 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Tue Jul 25 17:01:52 2017 VERIFY EKU OK
Tue Jul 25 17:01:52 2017 VERIFY OK: depth=0, C=XX, ST=XX, L=XX, O=XX, OU=XX, CN=XX, name=XX, emailAddress=XX
Tue Jul 25 17:01:53 2017 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA
Tue Jul 25 17:01:53 2017 [server] Peer Connection Initiated with [AF_INET]79.X.X.X:1194
Tue Jul 25 17:01:54 2017 MANAGEMENT: >STATE:1500994914,GET_CONFIG,,,,,,
Tue Jul 25 17:01:54 2017 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Tue Jul 25 17:01:54 2017 PUSH: Received control message: 'PUSH_REPLY,route 192.168.2.0 255.255.255.0,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 8.8.8.8,route-gateway 192.168.2.240,ping 10,ping-restart 120,ifconfig 192.168.2.241 255.255.255.0,peer-id 1,cipher AES-256-GCM'
Tue Jul 25 17:01:54 2017 OPTIONS IMPORT: timers and/or timeouts modified
Tue Jul 25 17:01:54 2017 OPTIONS IMPORT: --ifconfig/up options modified
Tue Jul 25 17:01:54 2017 OPTIONS IMPORT: route options modified
Tue Jul 25 17:01:54 2017 OPTIONS IMPORT: route-related options modified
Tue Jul 25 17:01:54 2017 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Tue Jul 25 17:01:54 2017 OPTIONS IMPORT: peer-id set
Tue Jul 25 17:01:54 2017 OPTIONS IMPORT: adjusting link_mtu to 1657
Tue Jul 25 17:01:54 2017 OPTIONS IMPORT: data channel crypto options modified
Tue Jul 25 17:01:54 2017 Data Channel: using negotiated cipher 'AES-256-GCM'
Tue Jul 25 17:01:54 2017 Data Channel Encrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
Tue Jul 25 17:01:54 2017 Data Channel Decrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
Tue Jul 25 17:01:54 2017 interactive service msg_channel=0
Tue Jul 25 17:01:54 2017 ROUTE_GATEWAY 192.168.43.1/255.255.255.0 I=4 HWADDR=fc:f8:ae:97:32:f9
Tue Jul 25 17:01:54 2017 open_tun
Tue Jul 25 17:01:54 2017 TAP-WIN32 device [TAPadapter] opened: \\.\Global\{DDA274F3-0D5E-45FD-ACE4-50928A2A5CEB}.tap
Tue Jul 25 17:01:54 2017 TAP-Windows Driver Version 9.21
Tue Jul 25 17:01:54 2017 Notified TAP-Windows driver to set a DHCP IP/netmask of 192.168.2.241/255.255.255.0 on interface {DDA274F3-0D5E-45FD-ACE4-50928A2A5CEB} [DHCP-serv: 192.168.2.0, lease-time: 31536000]
Tue Jul 25 17:01:54 2017 Successful ARP Flush on interface [13] {DDA274F3-0D5E-45FD-ACE4-50928A2A5CEB}
Tue Jul 25 17:01:54 2017 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Tue Jul 25 17:01:54 2017 MANAGEMENT: >STATE:1500994914,ASSIGN_IP,,192.168.2.241,,,,
Tue Jul 25 17:01:59 2017 TEST ROUTES: 2/2 succeeded len=1 ret=1 a=0 u/d=up
Tue Jul 25 17:01:59 2017 C:\WINDOWS\system32\route.exe ADD 79.X.X.X MASK 255.255.255.255 192.168.43.1
Tue Jul 25 17:01:59 2017 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=55 and dwForwardType=4
Tue Jul 25 17:01:59 2017 Route addition via IPAPI succeeded [adaptive]
Tue Jul 25 17:01:59 2017 C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 192.168.2.240
Tue Jul 25 17:01:59 2017 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=35 and dwForwardType=4
Tue Jul 25 17:01:59 2017 Route addition via IPAPI succeeded [adaptive]
Tue Jul 25 17:01:59 2017 C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 192.168.2.240
Tue Jul 25 17:01:59 2017 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=35 and dwForwardType=4
Tue Jul 25 17:01:59 2017 Route addition via IPAPI succeeded [adaptive]
Tue Jul 25 17:01:59 2017 MANAGEMENT: >STATE:1500994919,ADD_ROUTES,,,,,,
Tue Jul 25 17:01:59 2017 C:\WINDOWS\system32\route.exe ADD 192.168.2.0 MASK 255.255.255.0 192.168.2.240
Tue Jul 25 17:01:59 2017 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=35 and dwForwardType=4
Tue Jul 25 17:01:59 2017 Route addition via IPAPI succeeded [adaptive]
Tue Jul 25 17:01:59 2017 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Tue Jul 25 17:01:59 2017 Initialization Sequence Completed
Tue Jul 25 17:01:59 2017 MANAGEMENT: >STATE:1500994919,CONNECTED,SUCCESS,192.168.2.241,79.X.X.X,1194,,
===========================================================================
Interface List
11...e0 db 55 xx xx xx ......Realtek PCIe GBE Family Controller
15...fc f8 ae xx xx xx ......Microsoft Wi-Fi Direct Virtual Adapter
13...00 ff dd xx xx xx ......TAP-Windows Adapter V9
4...fc f8 ae xx xx xx ......Intel(R) Dual Band Wireless-N 7260
1...........................Software Loopback Interface 1
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.43.1 192.168.43.193 55
0.0.0.0 128.0.0.0 192.168.2.240 192.168.2.241 35
79.X.X.X 255.255.255.255 192.168.43.1 192.168.43.193 55
127.0.0.0 255.0.0.0 On-link 127.0.0.1 331
127.0.0.1 255.255.255.255 On-link 127.0.0.1 331
127.255.255.255 255.255.255.255 On-link 127.0.0.1 331
128.0.0.0 128.0.0.0 192.168.2.240 192.168.2.241 35
192.168.2.0 255.255.255.0 On-link 192.168.2.241 291
192.168.2.0 255.255.255.0 192.168.2.240 192.168.2.241 35
192.168.2.241 255.255.255.255 On-link 192.168.2.241 291
192.168.2.255 255.255.255.255 On-link 192.168.2.241 291
192.168.43.0 255.255.255.0 On-link 192.168.43.193 311
192.168.43.193 255.255.255.255 On-link 192.168.43.193 311
192.168.43.255 255.255.255.255 On-link 192.168.43.193 311
224.0.0.0 240.0.0.0 On-link 127.0.0.1 331
224.0.0.0 240.0.0.0 On-link 192.168.2.241 291
224.0.0.0 240.0.0.0 On-link 192.168.43.193 311
255.255.255.255 255.255.255.255 On-link 127.0.0.1 331
255.255.255.255 255.255.255.255 On-link 192.168.2.241 291
255.255.255.255 255.255.255.255 On-link 192.168.43.193 311
===========================================================================
Persistent Routes:
None
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 331 ::1/128 On-link
1 331 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
Thanks!