Losing route to LAN

Caesar · Post by **Caesar** » Thu Aug 26, 2010 7:49 pm

Hi,

while my rig works fine with openvpn my laptop shows some strange behaviour. After establishing the connection everything looks fine and i can ping machines via the tunnel, but after some seconds the client looses the route to the tunneled lan (10.0.0.0). My rig works with the same connection even after hours. Both are Windows XP Pro SP3

Output of route print delay between the commands ~3 secs:

Code: Select all

C:\>route print
===========================================================================
Schnittstellenliste
0x1 ........................... MS TCP Loopback interface
0x2 ...d8 d3 85 e9 f6 87 ...... Realtek PCIe GBE Family Controller - Paketplane
-Miniport
0x3 ...00 ff 4e 6b 29 d5 ...... Astaro SSL VPN Adapter - Paketplaner-Miniport
===========================================================================
===========================================================================
Aktive Routen:
     Netzwerkziel    Netzwerkmaske          Gateway   Schnittstelle  Anzahl
          0.0.0.0          0.0.0.0      192.168.0.1   192.168.0.100       10
         10.0.0.0        255.0.0.0        10.87.1.9      10.87.1.10       1
        10.87.1.1  255.255.255.255        10.87.1.9      10.87.1.10       1
        10.87.1.8  255.255.255.252       10.87.1.10      10.87.1.10       1
       10.87.1.10  255.255.255.255        127.0.0.1       127.0.0.1       1
   10.255.255.255  255.255.255.255       10.87.1.10      10.87.1.10       1
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1       1
      192.168.0.0    255.255.255.0    192.168.0.100   192.168.0.100       10
    192.168.0.100  255.255.255.255        127.0.0.1       127.0.0.1       10
    192.168.0.255  255.255.255.255    192.168.0.100   192.168.0.100       10
     192.168.52.0    255.255.255.0        10.87.1.9      10.87.1.10       1
        224.0.0.0        240.0.0.0       10.87.1.10      10.87.1.10       1
        224.0.0.0        240.0.0.0    192.168.0.100   192.168.0.100       10
  255.255.255.255  255.255.255.255       10.87.1.10      10.87.1.10       1
  255.255.255.255  255.255.255.255    192.168.0.100   192.168.0.100       1
Standardgateway:       192.168.0.1
===========================================================================
Ständige Routen:
  Keine

C:\>route print
===========================================================================
Schnittstellenliste
0x1 ........................... MS TCP Loopback interface
0x2 ...d8 d3 85 e9 f6 87 ...... Realtek PCIe GBE Family Controller - Paketplane
-Miniport
0x3 ...00 ff 4e 6b 29 d5 ...... Astaro SSL VPN Adapter - Paketplaner-Miniport
===========================================================================
===========================================================================
Aktive Routen:
     Netzwerkziel    Netzwerkmaske          Gateway   Schnittstelle  Anzahl
          0.0.0.0          0.0.0.0      192.168.0.1   192.168.0.100       10
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1       1
      169.254.0.0      255.255.0.0   169.254.193.35  169.254.193.35       1
   169.254.193.35  255.255.255.255        127.0.0.1       127.0.0.1       1
  169.254.255.255  255.255.255.255   169.254.193.35  169.254.193.35       1
      192.168.0.0    255.255.255.0    192.168.0.100   192.168.0.100       10
    192.168.0.100  255.255.255.255        127.0.0.1       127.0.0.1       10
    192.168.0.255  255.255.255.255    192.168.0.100   192.168.0.100       10
        224.0.0.0        240.0.0.0   169.254.193.35  169.254.193.35       1
        224.0.0.0        240.0.0.0    192.168.0.100   192.168.0.100       10
  255.255.255.255  255.255.255.255   169.254.193.35  169.254.193.35       1
  255.255.255.255  255.255.255.255    192.168.0.100   192.168.0.100       1
Standardgateway:       192.168.0.1
===========================================================================
Ständige Routen:
  Keine

C:\>route print
===========================================================================
Schnittstellenliste
0x1 ........................... MS TCP Loopback interface
0x2 ...d8 d3 85 e9 f6 87 ...... Realtek PCIe GBE Family Controller - Paketplane
-Miniport
0x3 ...00 ff 4e 6b 29 d5 ...... Astaro SSL VPN Adapter - Paketplaner-Miniport
===========================================================================
===========================================================================
Aktive Routen:
     Netzwerkziel    Netzwerkmaske          Gateway   Schnittstelle  Anzahl
          0.0.0.0          0.0.0.0      192.168.0.1   192.168.0.100       10
        10.87.1.8  255.255.255.252       10.87.1.10      10.87.1.10       1
       10.87.1.10  255.255.255.255        127.0.0.1       127.0.0.1       1
   10.255.255.255  255.255.255.255       10.87.1.10      10.87.1.10       1
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1       1
      192.168.0.0    255.255.255.0    192.168.0.100   192.168.0.100       10
    192.168.0.100  255.255.255.255        127.0.0.1       127.0.0.1       10
    192.168.0.255  255.255.255.255    192.168.0.100   192.168.0.100       10
        224.0.0.0        240.0.0.0       10.87.1.10      10.87.1.10       1
        224.0.0.0        240.0.0.0    192.168.0.100   192.168.0.100       10
  255.255.255.255  255.255.255.255       10.87.1.10      10.87.1.10       1
  255.255.255.255  255.255.255.255    192.168.0.100   192.168.0.100       1
Standardgateway:       192.168.0.1
===========================================================================
Ständige Routen:
  Keine

C:\>

Client Config:

Code: Select all

client
dev tun
proto tcp
tls-remote XXXXXXX
resolv-retry infinite
nobind
persist-key
persist-tun
ca XXX.crt
cert XXX.crt
key XXX.key
auth-user-pass
cipher AES-128-CBC
auth MD5
comp-lzo
verb 3
reneg-sec 0
route-method exe
route-delay 2

Log file:

Code: Select all

Thu Aug 26 21:34:15 2010 OpenVPN 2.1_rc22 i686-pc-cygwin [SSL] [LZO2] built on Mar 16 2010
Thu Aug 26 21:34:19 2010 WARNING: Make sure you understand the semantics of --tls-remote before using it (see the man page).
Thu Aug 26 21:34:19 2010 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Thu Aug 26 21:34:19 2010 LZO compression initialized
Thu Aug 26 21:34:19 2010 Control Channel MTU parms [ L:1556 D:140 EF:40 EB:0 ET:0 EL:0 ]
Thu Aug 26 21:34:19 2010 Data Channel MTU parms [ L:1556 D:1450 EF:56 EB:135 ET:0 EL:0 AF:3/1 ]
Thu Aug 26 21:34:19 2010 Local Options hash (VER=V4): '619088b2'
Thu Aug 26 21:34:19 2010 Expected Remote Options hash (VER=V4): 'a4f12474'
Thu Aug 26 21:34:19 2010 Attempting to establish TCP connection with 91.89.104.46:1443
Thu Aug 26 21:34:19 2010 TCP connection established with 91.89.104.46:1443
Thu Aug 26 21:34:19 2010 Socket Buffers: R=[8192->8192] S=[8192->8192]
Thu Aug 26 21:34:19 2010 TCPv4_CLIENT link local: [undef]
Thu Aug 26 21:34:19 2010 TCPv4_CLIENT link remote: 91.89.104.46:1443
Thu Aug 26 21:34:19 2010 TLS: Initial packet from 91.89.104.46:1443, sid=a9d9f331 a27d36a0
Thu Aug 26 21:34:19 2010 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Thu Aug 26 21:34:19 2010 VERIFY OK: depth=1, XXX
Thu Aug 26 21:34:19 2010 VERIFY X509NAME OK: XXX
Thu Aug 26 21:34:19 2010 VERIFY OK: depth=0, XXX
Thu Aug 26 21:34:21 2010 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Thu Aug 26 21:34:21 2010 Data Channel Encrypt: Using 128 bit message hash 'MD5' for HMAC authentication
Thu Aug 26 21:34:21 2010 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Thu Aug 26 21:34:21 2010 Data Channel Decrypt: Using 128 bit message hash 'MD5' for HMAC authentication
Thu Aug 26 21:34:21 2010 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Thu Aug 26 21:34:21 2010 [asg-Weinheim] Peer Connection Initiated with 91.89.104.46:1443
Thu Aug 26 21:34:23 2010 SENT CONTROL [XXX]: 'PUSH_REQUEST' (status=1)
Thu Aug 26 21:34:24 2010 PUSH: Received control message: 'PUSH_REPLY,ifconfig 10.87.1.10 10.87.1.9,ping-restart 120,ping 10,topology net30,route 10.87.1.1,dhcp-option DNS 10.81.4.30,route 192.168.52.0 255.255.255.0,route 10.0.0.0 255.0.0.0'
Thu Aug 26 21:34:24 2010 OPTIONS IMPORT: timers and/or timeouts modified
Thu Aug 26 21:34:24 2010 OPTIONS IMPORT: --ifconfig/up options modified
Thu Aug 26 21:34:24 2010 OPTIONS IMPORT: route options modified
Thu Aug 26 21:34:24 2010 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Thu Aug 26 21:34:24 2010 ROUTE default_gateway=192.168.0.1
Thu Aug 26 21:34:24 2010 TAP-WIN32 device [LAN-Verbindung 3] opened: \\.\Global\{4E6B29D5-08E9-4BCB-AD04-68C661EDBBE1}.tap
Thu Aug 26 21:34:24 2010 TAP-Win32 Driver Version 9.6 
Thu Aug 26 21:34:24 2010 TAP-Win32 MTU=1500
Thu Aug 26 21:34:24 2010 Notified TAP-Win32 driver to set a DHCP IP/netmask of 10.87.1.10/255.255.255.252 on interface {4E6B29D5-08E9-4BCB-AD04-68C661EDBBE1} [DHCP-serv: 10.87.1.9, lease-time: 31536000]
Thu Aug 26 21:34:24 2010 Successful ARP Flush on interface [3] {4E6B29D5-08E9-4BCB-AD04-68C661EDBBE1}
Thu Aug 26 21:34:26 2010 TEST ROUTES: 0/0 succeeded len=3 ret=0 a=0 u/d=down
Thu Aug 26 21:34:26 2010 Route: Waiting for TUN/TAP interface to come up...
Thu Aug 26 21:34:28 2010 TEST ROUTES: 3/3 succeeded len=3 ret=1 a=0 u/d=up
Thu Aug 26 21:34:28 2010 C:\WINDOWS\system32\route.exe ADD 10.87.1.1 MASK 255.255.255.255 10.87.1.9
Thu Aug 26 21:34:28 2010 C:\WINDOWS\system32\route.exe ADD 192.168.52.0 MASK 255.255.255.0 10.87.1.9
Thu Aug 26 21:34:28 2010 C:\WINDOWS\system32\route.exe ADD 10.0.0.0 MASK 255.0.0.0 10.87.1.9
Thu Aug 26 21:34:28 2010 Initialization Sequence Completed

Any help is appreciated

Cheers,
Caesar