Client connects no TAP gateway cannot ping svr

Official client software for OpenVPN Access Server and OpenVPN Cloud.
Post Reply
Ohiotech
OpenVpn Newbie
Posts: 2
Joined: Sun Dec 06, 2015 9:44 pm

Client connects no TAP gateway cannot ping svr

Post by Ohiotech » Sun Dec 06, 2015 10:11 pm

Ubuntu 14.04 svr x64, patched up-to-date, installed OpenVPN using apt-get, win7 pro x64 desktop. Client is tested using cell phone mifi, server sets behind pfsense firewall(public IP on WAN, DHCP) latest version with port forward NAT rule for 1194 to inside 192.168.1.xxx. NAT outbound to WAN for 192.168.1.0.Client connects, no TAP gateway assigned. Can't ping anything but cell phone gateway (192.168.43.1). I have enjoyed the challenge yet, I have to ask for help before I make changes that make me start over again :-).Please advise on what I'm missing. I need to vpn from the Internet to my home LAB that is on the local server LAN. (192.168.1.0) added tunnel forward rules to iptables. ufw enabled. Thank You in advance, Ohiotech

*************************************************************************************************
*************************************************************************************************
Client connect log
*************************************************************************************************

Sun Dec 06 15:34:59 2015 us=546946 Current Parameter Settings:
Sun Dec 06 15:34:59 2015 us=546946 config = 'bxx_lab_client.ovpn'
Sun Dec 06 15:34:59 2015 us=546946 mode = 0
Sun Dec 06 15:34:59 2015 us=546946 show_ciphers = DISABLED
Sun Dec 06 15:34:59 2015 us=546946 show_digests = DISABLED
Sun Dec 06 15:34:59 2015 us=546946 show_engines = DISABLED
Sun Dec 06 15:34:59 2015 us=546946 genkey = DISABLED
Sun Dec 06 15:34:59 2015 us=546946 key_pass_file = '[UNDEF]'
Sun Dec 06 15:34:59 2015 us=546946 show_tls_ciphers = DISABLED
Sun Dec 06 15:34:59 2015 us=546946 Connection profiles [default]:
Sun Dec 06 15:34:59 2015 us=546946 proto = udp
Sun Dec 06 15:34:59 2015 us=546946 local = '[UNDEF]'
Sun Dec 06 15:34:59 2015 us=546946 local_port = 0
Sun Dec 06 15:34:59 2015 us=546946 remote = '104.171.xxx.21'
Sun Dec 06 15:34:59 2015 us=546946 remote_port = 1194
Sun Dec 06 15:34:59 2015 us=546946 remote_float = DISABLED
Sun Dec 06 15:34:59 2015 us=546946 bind_defined = DISABLED
Sun Dec 06 15:34:59 2015 us=546946 bind_local = DISABLED
Sun Dec 06 15:34:59 2015 us=546946 connect_retry_seconds = 5
Sun Dec 06 15:34:59 2015 us=546946 connect_timeout = 10
Sun Dec 06 15:34:59 2015 us=546946 NOTE: --mute triggered...
Sun Dec 06 15:34:59 2015 us=546946 265 variation(s) on previous 20 message(s) suppressed by --mute
Sun Dec 06 15:34:59 2015 us=546946 OpenVPN 2.3.8 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Aug 4

2015
Sun Dec 06 15:34:59 2015 us=546946 library versions: OpenSSL 1.0.1p 9 Jul 2015, LZO 2.08
Enter Management Password:
Sun Dec 06 15:34:59 2015 us=562546 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Sun Dec 06 15:34:59 2015 us=562546 Need hold release from management interface, waiting...
Sun Dec 06 15:34:59 2015 us=749746 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Sun Dec 06 15:34:59 2015 us=858946 MANAGEMENT: CMD 'state on'
Sun Dec 06 15:34:59 2015 us=858946 MANAGEMENT: CMD 'log all on'
Sun Dec 06 15:34:59 2015 us=890146 MANAGEMENT: CMD 'hold off'
Sun Dec 06 15:34:59 2015 us=890146 MANAGEMENT: CMD 'hold release'
Sun Dec 06 15:35:00 2015 us=46147 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
Sun Dec 06 15:35:00 2015 us=46147 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC

authentication
Sun Dec 06 15:35:00 2015 us=46147 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC

authentication
Sun Dec 06 15:35:00 2015 us=46147 LZO compression initialized
Sun Dec 06 15:35:00 2015 us=46147 Control Channel MTU parms [ L:1590 D:166 EF:66 EB:0 ET:0 EL:3 ]
Sun Dec 06 15:35:00 2015 us=46147 Socket Buffers: R=[8192->8192] S=[8192->8192]
Sun Dec 06 15:35:00 2015 us=46147 Data Channel MTU parms [ L:1590 D:1450 EF:58 EB:143 ET:32 EL:3 AF:3/1 ]
Sun Dec 06 15:35:00 2015 us=46147 Local Options String: 'V4,dev-type tap,link-mtu 1590,tun-mtu 1532,proto UDPv4,comp-

lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
Sun Dec 06 15:35:00 2015 us=46147 Expected Remote Options String: 'V4,dev-type tap,link-mtu 1590,tun-mtu 1532,proto

UDPv4,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
Sun Dec 06 15:35:00 2015 us=46147 Local Options hash (VER=V4): '48527533'
Sun Dec 06 15:35:00 2015 us=46147 Expected Remote Options hash (VER=V4): '44bd8b5e'
Sun Dec 06 15:35:00 2015 us=46147 UDPv4 link local: [undef]
Sun Dec 06 15:35:00 2015 us=46147 UDPv4 link remote: [AF_INET]104.171.xxx.21:1194
Sun Dec 06 15:35:00 2015 us=46147 MANAGEMENT: >STATE:1449434100,WAIT,,,
Sun Dec 06 15:35:00 2015 us=108547 MANAGEMENT: >STATE:1449434100,AUTH,,,
Sun Dec 06 15:35:00 2015 us=108547 TLS: Initial packet from [AF_INET]104.171.xxx.21:1194, sid=829e871a f4a24e07
Sun Dec 06 15:35:00 2015 us=592148 VERIFY OK: depth=1, C=US, ST=ZZ, L=McDill, O=bxx, OU=Cyber_Hunter, CN=bxx CA,

name=EasyRSA, emailAddress=xyz@xyz.com
Sun Dec 06 15:35:00 2015 us=607748 Validating certificate key usage
Sun Dec 06 15:35:00 2015 us=607748 ++ Certificate has key usage 00a0, expects 00a0
Sun Dec 06 15:35:00 2015 us=607748 VERIFY KU OK
Sun Dec 06 15:35:00 2015 us=607748 Validating certificate extended key usage
Sun Dec 06 15:35:00 2015 us=607748 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server

Authentication
Sun Dec 06 15:35:00 2015 us=607748 VERIFY EKU OK
Sun Dec 06 15:35:00 2015 us=607748 VERIFY OK: depth=0, C=US, ST=ZZ, L=McDill, O=bzz, OU=Cyber_Hunter, CN=server,

name=EasyRSA, emailAddress=xyz@xyz.com
Sun Dec 06 15:35:01 2015 us=559349 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Sun Dec 06 15:35:01 2015 us=559349 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Dec 06 15:35:01 2015 us=559349 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Sun Dec 06 15:35:01 2015 us=559349 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Dec 06 15:35:01 2015 us=559349 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Sun Dec 06 15:35:01 2015 us=559349 [server] Peer Connection Initiated with [AF_INET]104.171.xxx.21:1194
Sun Dec 06 15:35:02 2015 us=370551 MANAGEMENT: >STATE:1449434102,GET_CONFIG,,,
Sun Dec 06 15:35:03 2015 us=322152 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Sun Dec 06 15:35:03 2015 us=415752 PUSH: Received control message: 'PUSH_REPLY,route 192.168.1.0 255.255.255.0,route

10.8.0.0 255.255.255.0,route-gateway 10.8.0.1,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 192.168.1.1,route-gateway

10.8.0.4,ping 10,ping-restart 120,ifconfig 10.8.0.51 255.0.0.0'
Sun Dec 06 15:35:03 2015 us=415752 OPTIONS IMPORT: timers and/or timeouts modified
Sun Dec 06 15:35:03 2015 us=415752 OPTIONS IMPORT: --ifconfig/up options modified
Sun Dec 06 15:35:03 2015 us=415752 OPTIONS IMPORT: route options modified
Sun Dec 06 15:35:03 2015 us=415752 OPTIONS IMPORT: route-related options modified
Sun Dec 06 15:35:03 2015 us=415752 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sun Dec 06 15:35:03 2015 us=462553 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Sun Dec 06 15:35:03 2015 us=462553 MANAGEMENT: >STATE:1449434103,ASSIGN_IP,,10.8.0.51,
Sun Dec 06 15:35:03 2015 us=462553 open_tun, tt->ipv6=0
Sun Dec 06 15:35:03 2015 us=478153 TAP-WIN32 device [mytap] opened: \\.\Global\{A1E6ACB4-5C3D-42D8-BD2E-7D3D7853D38C}.tap
Sun Dec 06 15:35:03 2015 us=478153 TAP-Windows Driver Version 9.21
Sun Dec 06 15:35:03 2015 us=478153 TAP-Windows MTU=1500
Sun Dec 06 15:35:03 2015 us=478153 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.8.0.51/255.0.0.0 on interface

{A1E6ACB4-5C3D-42D8-BD2E-7D3D7853D38C} [DHCP-serv: 10.0.0.0, lease-time: 31536000]
Sun Dec 06 15:35:03 2015 us=478153 DHCP option string: 0604c0a8 0101
Sun Dec 06 15:35:03 2015 us=478153 Successful ARP Flush on interface [25] {A1E6ACB4-5C3D-42D8-BD2E-7D3D7853D38C}
Sun Dec 06 15:35:08 2015 us=126961 TEST ROUTES: 3/3 succeeded len=2 ret=1 a=0 u/d=up
Sun Dec 06 15:35:08 2015 us=126961 C:\Windows\system32\route.exe ADD 104.171.xxx.21 MASK 255.255.255.255 192.168.43.1
Sun Dec 06 15:35:08 2015 us=126961 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=25 and dwForwardType=4
Sun Dec 06 15:35:08 2015 us=126961 Route addition via IPAPI succeeded [adaptive]
Sun Dec 06 15:35:08 2015 us=126961 C:\Windows\system32\route.exe ADD 192.168.43.1 MASK 255.255.255.255 192.168.43.1 IF 12
Sun Dec 06 15:35:08 2015 us=126961 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=25 and dwForwardType=4
Sun Dec 06 15:35:08 2015 us=126961 Route addition via IPAPI succeeded [adaptive]
Sun Dec 06 15:35:08 2015 us=126961 C:\Windows\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.8.0.4
Sun Dec 06 15:35:08 2015 us=126961 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
Sun Dec 06 15:35:08 2015 us=126961 Route addition via IPAPI succeeded [adaptive]
Sun Dec 06 15:35:08 2015 us=126961 C:\Windows\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.8.0.4
Sun Dec 06 15:35:08 2015 us=126961 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
Sun Dec 06 15:35:08 2015 us=126961 Route addition via IPAPI succeeded [adaptive]
Sun Dec 06 15:35:08 2015 us=126961 MANAGEMENT: >STATE:1449434108,ADD_ROUTES,,,
Sun Dec 06 15:35:08 2015 us=126961 C:\Windows\system32\route.exe ADD 192.168.1.0 MASK 255.255.255.0 10.8.0.4
Sun Dec 06 15:35:08 2015 us=142561 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
Sun Dec 06 15:35:08 2015 us=142561 Route addition via IPAPI succeeded [adaptive]
Sun Dec 06 15:35:08 2015 us=142561 C:\Windows\system32\route.exe ADD 10.8.0.0 MASK 255.255.255.0 10.8.0.4
Sun Dec 06 15:35:08 2015 us=142561 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
Sun Dec 06 15:35:08 2015 us=142561 Route addition via IPAPI succeeded [adaptive]
Sun Dec 06 15:35:08 2015 us=142561 Initialization Sequence Completed
Sun Dec 06 15:35:08 2015 us=142561 MANAGEMENT: >STATE:1449434108,CONNECTED,SUCCESS,10.8.0.51,104.171.xxx.21


*************************************************************************************************
*************************************************************************************************
Route Print Data client (windows)
*************************************************************************************************
===========================================================================
Interface List
25...00 ff a1 e6 ac b4 ......TAP-Windows Adapter V9 #2
23...00 ff a8 79 9c 84 ......TAP-Windows Adapter V9
12...00 21 6a 24 53 7a ......Intel(R) WiFi Link 5300 AGN
11...70 71 bc 59 77 7f ......Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Contro
ller
16...00 50 56 c0 00 01 ......VMware Virtual Ethernet Adapter for VMnet1
17...00 50 56 c0 00 08 ......VMware Virtual Ethernet Adapter for VMnet8
1...........................Software Loopback Interface 1
21...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
19...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
22...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #6
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.21 20
0.0.0.0 128.0.0.0 10.8.0.4 10.8.0.51 20
10.0.0.0 255.0.0.0 On-link 10.8.0.51 276
10.8.0.0 255.255.255.0 10.8.0.4 10.8.0.51 20
10.8.0.51 255.255.255.255 On-link 10.8.0.51 276
10.255.255.255 255.255.255.255 On-link 10.8.0.51 276
104.171.xxx.21 255.255.255.255 192.168.43.1 192.168.1.21 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
128.0.0.0 128.0.0.0 10.8.0.4 10.8.0.51 20
169.254.0.0 255.255.0.0 On-link 169.254.241.15 276
169.254.241.15 255.255.255.255 On-link 169.254.241.15 276
169.254.255.255 255.255.255.255 On-link 169.254.241.15 276
192.168.1.0 255.255.255.0 10.8.0.4 10.8.0.51 20
192.168.1.0 255.255.255.0 On-link 192.168.1.21 276
192.168.1.21 255.255.255.255 On-link 192.168.1.21 276
192.168.1.255 255.255.255.255 On-link 192.168.1.21 276
192.168.13.0 255.255.255.0 On-link 192.168.13.1 276
192.168.13.1 255.255.255.255 On-link 192.168.13.1 276
192.168.13.255 255.255.255.255 On-link 192.168.13.1 276
192.168.29.0 255.255.255.0 On-link 192.168.29.1 276
192.168.29.1 255.255.255.255 On-link 192.168.29.1 276
192.168.29.255 255.255.255.255 On-link 192.168.29.1 276
192.168.43.1 255.255.255.255 192.168.43.1 192.168.1.21 20
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 169.254.241.15 276
224.0.0.0 240.0.0.0 On-link 10.8.0.51 276
224.0.0.0 240.0.0.0 On-link 192.168.29.1 276
224.0.0.0 240.0.0.0 On-link 192.168.13.1 276
224.0.0.0 240.0.0.0 On-link 192.168.1.21 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 169.254.241.15 276
255.255.255.255 255.255.255.255 On-link 10.8.0.51 276
255.255.255.255 255.255.255.255 On-link 192.168.29.1 276
255.255.255.255 255.255.255.255 On-link 192.168.13.1 276
255.255.255.255 255.255.255.255 On-link 192.168.1.21 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
23 276 fe80::/64 On-link
25 276 fe80::/64 On-link
16 276 fe80::/64 On-link
17 276 fe80::/64 On-link
12 276 fe80::/64 On-link
17 276 fe80::157a:edc9:50ce:b061/128
On-link
16 276 fe80::55b4:5e61:30fe:9a15/128
On-link
23 276 fe80::5891:71d2:5d00:f10f/128
On-link
25 276 fe80::b40b:3316:f41a:2e01/128
On-link
12 276 fe80::fd65:55b4:5554:c704/128
On-link
1 306 ff00::/8 On-link
23 276 ff00::/8 On-link
25 276 ff00::/8 On-link
16 276 ff00::/8 On-link
17 276 ff00::/8 On-link
12 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

**********************************************************************************************
**********************************************************************************************
server.conf
**********************************************************************************************
port 1194
proto udp
dev tap0
ca ca.crt
cert server.crt
key server.key
dh dh2048.pem
ifconfig-pool-persist ipp.txt
server-bridge 10.8.0.4 255.0.0.0 10.8.0.50 10.8.0.100
push "route 192.168.1.0 255.255.255.0"
push "route 10.8.0.0 255.255.255.0"
push "route-gateway 10.8.0.1"
push "redirect-gateway def1 bypass-dhcp"
Push "dhcp-option DNS 192.168.1.1"
duplicate-cn
keepalive 10 120
tls-auth ta.key 0
cipher AES-256-CBC
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
log-append /etc/openvpn/openvpn.log
verb 6
mute 20
#Bridge auto start/stop
up "/etc/openvpn/up.sh br0"
down "/etc/openvpn/down.sh br0"
script-security 3
*************************************************************************************************
*************************************************************************************************
vpnuser1.ovpn
*************************************************************************************************
client
dev tap
proto udp
remote 104.171.xxx.21
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert vpnuser1.crt
key vpnuser1.key
remote-cert-tls server
tls-auth ta.key 1
cipher AES-256-CBC
comp-lzo
verb 5
mute 20
*************************************************************************************************
*************************************************************************************************
Output server ifconfig
*************************************************************************************************
br0 Link encap:Ethernet HWaddr 00:0c:29:ca:b8:54
inet addr:192.168.1.141 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:feca:b854/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:32033 errors:0 dropped:0 overruns:0 frame:0
TX packets:6530 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:4332708 (4.3 MB) TX bytes:1292159 (1.2 MB)

eth0 Link encap:Ethernet HWaddr 00:0c:29:ca:b8:54
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:26799 errors:0 dropped:0 overruns:0 frame:0
TX packets:11778 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:4013641 (4.0 MB) TX bytes:2060600 (2.0 MB)

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)

tap0 Link encap:Ethernet HWaddr c6:ed:03:be:82:42
inet6 addr: fe80::c4ed:3ff:febe:8242/64 Scope:Link
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
RX packets:1288 errors:0 dropped:0 overruns:0 frame:0
TX packets:4119 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:199246 (199.2 KB) TX bytes:446195 (446.1 KB)

*********************************************************************************************
*********************************************************************************************
UFW Status
*********************************************************************************************

Status: active

To Action From
-- ------ ----
22 ALLOW Anywhere
1194/udp ALLOW Anywhere
1194/tcp ALLOW Anywhere
22 (v6) ALLOW Anywhere (v6)
1194/udp (v6) ALLOW Anywhere (v6)
1194/tcp (v6) ALLOW Anywhere (v6)

*********************************************************************************************
*********************************************************************************************
Server interfaces configuration
*********************************************************************************************

# The loopback network interface
auto lo br0
iface lo inet loopback

# Bridge network settings
iface br0 inet static
address 192.168.1.141
netmask 255.255.255.0
gateway 192.168.1.1
network 192.168.1.0
broadcast 192.168.1.255
bridge_ports eth0
dns-nameservers 192.168.1.1
bridge_fd 9
bridge_hello 2
bridge_maxage 12
bridge_stp off


# The primary network interface
iface eth0 inet manual
up ifconfig $IFACE 0.0.0.0 up
up ip link set $IFACE promisc on
down ip link set $IFACE promisc off
down ifconfig $IFACE down

********************************************************************************************
Top
Post Reply

Return to “OpenVPN Connect (iOS)”