Due to this fact, client has no VPN traffic. More information on the log below.
I suppose the problem is when the client tries to connect and keeps old local IP but gets other push data from another server.
Server OS: FreeBSD-11.0p3 x64
Server VPN: openvpn-2.3.12_1
Client OS: Windows10 x64
Client VPN: openvpn-2.4.0-I601
Server config:
Code: Select all
local 10.0.0.10
port 1194
proto tcp
sndbuf 0
rcvbuf 0
push "sndbuf 393216"
push "rcvbuf 393216"
dev tun
topology subnet
server 10.10.10.0 255.255.255.128
ifconfig-pool-persist ipp.txt
push "route 10.10.10.0 255.255.254.0"
push "route 10.0.0.0 255.255.254.0"
push "route-metric 1"
push "register-dns";
push "dhcp-option DOMAIN domain.local"
push "dhcp-option DNS 10.0.0.16"
push "dhcp-option DNS 10.0.1.16"
push "dhcp-option DNS 10.0.0.17"
client-to-client
duplicate-cn
keepalive 10 30
cipher AES-256-CBC
auth SHA512
comp-lzo
max-clients 10
user nobody
group nobody
persist-key
persist-tun
status openvpn1-status.log
verb 3
Code: Select all
client
dev tun
proto tcp
remote IP1 1194
remote IP2 1194
remote IP1 1195
remote IP2 1195
remote-random
resolv-retry infinite
nobind
persist-key
persist-tun
cipher AES-256-CBC
auth SHA512
comp-lzo
verb 3
block-outside-dns
Code: Select all
Attempting to establish TCP connection with [AF_INET]IP1:1194 [nonblock]
MANAGEMENT: >STATE:1483383753,TCP_CONNECT,,,,,,
TCP connection established with [AF_INET]IP1:1194
TCP_CLIENT link local: (not bound)
TCP_CLIENT link remote: [AF_INET]IP1:1194
MANAGEMENT: >STATE:1483383754,WAIT,,,,,,
MANAGEMENT: >STATE:1483383754,AUTH,,,,,,
TLS: Initial packet from [AF_INET]IP1:1194, sid=70cada80 ade327ae
Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
[Server] Peer Connection Initiated with [AF_INET]IP1:1194
MANAGEMENT: >STATE:1483383756,GET_CONFIG,,,,,,
SENT CONTROL [Server]: 'PUSH_REQUEST' (status=1)
PUSH: Received control message: 'PUSH_REPLY,sndbuf 393216,rcvbuf 393216,route 10.10.10.0 255.255.254.0,route 10.0.0.0 255.255.254.0,route-metric 5,register-dns,dhcp-option DOMAIN domain.local,dhcp-option DNS 10.0.0.16,dhcp-option DNS 10.0.1.16,dhcp-option DNS 10.0.0.17,route-gateway 10.10.11.1,topology subnet,ping 10,ping-restart 30,ifconfig 10.10.11.2 255.255.255.128'
OPTIONS IMPORT: timers and/or timeouts modified
OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
Socket Buffers: R=[393216->393216] S=[393216->393216]
OPTIONS IMPORT: --ifconfig/up options modified
OPTIONS IMPORT: route options modified
OPTIONS IMPORT: route-related options modified
OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Data Channel Encrypt: Using 512 bit message hash 'SHA512' for HMAC authentication
Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Data Channel Decrypt: Using 512 bit message hash 'SHA512' for HMAC authentication
Preserving previous TUN/TAP instance: OpenVPN
Block_DNS: WFP engine opened
Block_DNS: Using existing sublayer
Block_DNS: Added permit filters for exe_path
Block_DNS: Added block filters for all interfaces
Block_DNS: Added permit filters for TAP interface
Initialization Sequence Completed
MANAGEMENT: >STATE:1483383756,CONNECTED,SUCCESS,10.10.11.130,IP1,1194,192.168.8.100,60134
Start ipconfig commands for register-dns...
C:\WINDOWS\system32\ipconfig.exe /flushdns
C:\WINDOWS\system32\ipconfig.exe /registerdns
End ipconfig commands for register-dns...
Code: Select all
MANAGEMENT: CMD 'signal SIGHUP'
C:\WINDOWS\system32\route.exe DELETE 10.10.10.0 MASK 255.255.254.0 10.10.11.129
Route deletion via IPAPI succeeded [adaptive]
C:\WINDOWS\system32\route.exe DELETE 10.0.0.0 MASK 255.255.254.0 10.10.11.129
Route deletion via IPAPI succeeded [adaptive]
Closing TUN/TAP interface
SIGHUP[hard,] received, process restarting
MANAGEMENT: >STATE:1483383998,RECONNECTING,SIGHUP,,,,,
OpenVPN 2.4.0 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Dec 27 2016
Windows version 6.2 (Windows 8 or greater) 64bit
library versions: OpenSSL 1.0.2i 22 Sep 2016, LZO 2.09
Restart pause, 2 second(s)
WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
TCP/UDP: Preserving recently used remote address: [AF_INET]IP3:1195
Socket Buffers: R=[65536->65536] S=[65536->65536]
Attempting to establish TCP connection with [AF_INET]IP3:1195 [nonblock]
MANAGEMENT: >STATE:1483384000,TCP_CONNECT,,,,,,
TCP connection established with [AF_INET]IP3:1195
TCP_CLIENT link local: (not bound)
TCP_CLIENT link remote: [AF_INET]IP3:1195
MANAGEMENT: >STATE:1483384001,WAIT,,,,,,
MANAGEMENT: >STATE:1483384001,AUTH,,,,,,
TLS: Initial packet from [AF_INET]IP3:1195, sid=2952b2b8 47b91772
Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
[Server] Peer Connection Initiated with [AF_INET]IP3:1195
MANAGEMENT: >STATE:1483384003,GET_CONFIG,,,,,,
SENT CONTROL [Server]: 'PUSH_REQUEST' (status=1)
PUSH: Received control message: 'PUSH_REPLY,sndbuf 393216,rcvbuf 393216,route 10.10.10.0 255.255.254.0,route 10.0.0.0 255.255.254.0,route-metric 5,register-dns,dhcp-option DOMAIN iptrace.pl,dhcp-option DNS 10.0.0.16,dhcp-option DNS 10.0.1.16,dhcp-option DNS 10.0.0.17,route-gateway 10.10.11.129,topology subnet,ping 10,ping-restart 30,ifconfig 10.10.11.130 255.255.255.128'
OPTIONS IMPORT: timers and/or timeouts modified
OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
Socket Buffers: R=[65536->393216] S=[65536->393216]
OPTIONS IMPORT: --ifconfig/up options modified
OPTIONS IMPORT: route options modified
OPTIONS IMPORT: route-related options modified
OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Data Channel Encrypt: Using 512 bit message hash 'SHA512' for HMAC authentication
Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Data Channel Decrypt: Using 512 bit message hash 'SHA512' for HMAC authentication
interactive service msg_channel=0
ROUTE_GATEWAY 192.168.8.1/255.255.255.0 I=22 HWADDR=ab:cd:ef:09:87:65
open_tun
TAP-WIN32 device [OpenVPN] opened: \\.\Global\{155F822B-3722-4398-8375-DDF340C07E2A}.tap
TAP-Windows Driver Version 9.21
Set TAP-Windows TUN subnet mode network/local/netmask = 10.10.11.128/10.10.11.130/255.255.255.128 [SUCCEEDED]
Notified TAP-Windows driver to set a DHCP IP/netmask of 10.10.11.130/255.255.255.128 on interface {155F822B-3722-4398-8375-DDF340C07E2A} [DHCP-serv: 10.10.11.254, lease-time: 31536000]
Successful ARP Flush on interface [2] {155F822B-3722-4398-8375-DDF340C07E2A}
do_ifconfig, tt->did_ifconfig_ipv6_setup=0
MANAGEMENT: >STATE:1483384003,ASSIGN_IP,,10.10.11.130,,,,
Block_DNS: WFP engine opened
Block_DNS: Using existing sublayer
Block_DNS: Added permit filters for exe_path
Block_DNS: Added block filters for all interfaces
Block_DNS: Added permit filters for TAP interface
TEST ROUTES: 2/2 succeeded len=2 ret=1 a=0 u/d=up
MANAGEMENT: >STATE:1483384008,ADD_ROUTES,,,,,,
C:\WINDOWS\system32\route.exe ADD 10.10.10.0 MASK 255.255.254.0 10.10.11.129 METRIC 5
Route addition via IPAPI succeeded [adaptive]
C:\WINDOWS\system32\route.exe ADD 10.0.0.0 MASK 255.255.254.0 10.10.11.129 METRIC 5
Route addition via IPAPI succeeded [adaptive]
Initialization Sequence Completed
MANAGEMENT: >STATE:1483384008,CONNECTED,SUCCESS,10.10.11.130,IP3,1195,192.168.8.100,60177
Start ipconfig commands for register-dns...
C:\WINDOWS\system32\ipconfig.exe /flushdns
C:\WINDOWS\system32\ipconfig.exe /registerdns
End ipconfig commands for register-dns...