up/down scripts on Win client and ipconfig_remote var

How to customize and extend your OpenVPN installation.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Jakobud
OpenVpn Newbie
Posts: 12
Joined: Sat Feb 06, 2021 10:46 pm

up/down scripts on Win client and ipconfig_remote var

Post by Jakobud » Sat Feb 06, 2021 11:57 pm

Back in Windows 7, I used the OpenVPN GUI to setup my connection so that when I connect to the VPN I would get some form of split tunneling using up/down scripts:

Code: Select all

...
script-security 2
up up.bat
down down.bat
...
up.bat:

Code: Select all

ROUTE ADD 0.0.0.0 MASK 0.0.0.0 %ifconfig_remote%
down.bat

Code: Select all

ROUTE DELETE 0.0.0.0 MASK 0.0.0.0 %ifconfig_remote%
This seemed to always work great. It would ensure my normal internet traffic would continue to go through my ISP. But my VPN adapter was connected to a VPN and I could use something like ForceBindIP.exe to force individual applications to use the VPN.

So recently I switched some computers over to Windows 10 with the latest OpenVPN GUI and I am having a hard time recreating this setup. It appears that with the latest OpenVPN GUI that the ifconfig_remote variable isn't being passed to up/down scripts anymore. I'm not sure why. When running up/down scripts the only variables I seem to see are ifconfig_netmask and ifconfig_local.

I've also tried some other approaches. It was suggested to me that I don't use ROUTE command to do this but rather just set the route in the config.ovpn. I tried this:

Code: Select all

route 0.0.0.0 0.0.0.0
But that didn't seem to have any affect. I also the route-nopull option but that doesn't appear to setup any route at all for my VPN Adapter so I can't get any traffic through the VPN that way at all. If I do a route-nopull I would have to manually setup my VPN Adapter route(s) right? How would I do this?

What is the best way to achieve what I'm looking for here? I'm really new to OpenVPN stuff and trying hard to learn things but there is lots that I'm not clear on.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: up/down scripts on Win client and ipconfig_remote var

Post by TinCanTech » Sun Feb 07, 2021 12:03 am

You seriously need to update your crap.

Jakobud
OpenVpn Newbie
Posts: 12
Joined: Sat Feb 06, 2021 10:46 pm

Re: up/down scripts on Win client and ipconfig_remote var

Post by Jakobud » Sun Feb 07, 2021 5:21 am

I'm asking for help here...

Also I'm not sure what you mean I need to update things. Am I using really old syntax or something? What is the modern solution? I'm a newb to all of this. Trying to learn.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: up/down scripts on Win client and ipconfig_remote var

Post by TinCanTech » Sun Feb 07, 2021 7:02 pm


Jakobud
OpenVpn Newbie
Posts: 12
Joined: Sat Feb 06, 2021 10:46 pm

Re: up/down scripts on Win client and ipconfig_remote var

Post by Jakobud » Mon Feb 08, 2021 5:42 am

Sure thing here is all the info

Code: Select all

Microsoft Windows [Version 10.0.19042.746]

Code: Select all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : DESKTOP-TR49B5J
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : Home

Ethernet adapter Ethernet:

   Connection-specific DNS Suffix  . : Home
   Description . . . . . . . . . . . : Realtek PCIe GbE Family Controller
   Physical Address. . . . . . . . . : 24-4B-FE-95-37-EA
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::d4fc:a708:97a9:b6b3%10(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.0.131(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Wednesday, February 3, 2021 7:26:47 AM
   Lease Expires . . . . . . . . . . : Monday, February 8, 2021 9:27:39 PM
   Default Gateway . . . . . . . . . : 192.168.0.1
   DHCP Server . . . . . . . . . . . : 192.168.0.1
   DHCPv6 IAID . . . . . . . . . . . : 337923070
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-27-9C-23-FF-24-4B-FE-95-37-EA
   DNS Servers . . . . . . . . . . . : 192.168.0.1
                                       8.8.8.8
   NetBIOS over Tcpip. . . . . . . . : Enabled

Unknown adapter OpenVPN Wintun:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Wintun Userspace Tunnel
   Physical Address. . . . . . . . . :
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Ethernet 2:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : VirtualBox Host-Only Ethernet Adapter
   Physical Address. . . . . . . . . : 0A-00-27-00-00-1F
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::2030:1947:85fe:2109%31(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.56.1(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . :
   DHCPv6 IAID . . . . . . . . . . . : 520749095
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-27-9C-23-FF-24-4B-FE-95-37-EA
   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Unknown adapter OpenVPN TAP-Windows6:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : TAP-Windows Adapter V9
   Physical Address. . . . . . . . . : 00-FF-21-18-E2-D1
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Bluetooth Network Connection 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network) #2
   Physical Address. . . . . . . . . : 00-19-0E-11-24-AE
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
Client config

client
dev tun
proto udp
remote vpn.privacy.net 1198
resolv-retry infinite
nobind
persist-key
persist-tun
cipher aes-128-cbc
auth sha1
tls-client
remote-cert-tls server
auth-user-pass auth
auth-nocache
compress
verb 4
reneg-sec 0
disable-occ
<crl-verify>
-----BEGIN X509 CRL-----
xxxxxxxxxxxxxxxx
-----END X509 CRL-----
</crl-verify>

<ca>
-----BEGIN CERTIFICATE-----
xxxxxxxxxxxxxxxx
-----END CERTIFICATE-----
</ca>

Code: Select all

2021-02-07 13:18:56 us=820873 DEPRECATED OPTION: --cipher set to 'aes-128-cbc' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'aes-128-cbc' to --data-ciphers or change --cipher 'aes-128-cbc' to --data-ciphers-fallback 'aes-128-cbc' to silence this warning.
2021-02-07 13:18:56 us=821874 Current Parameter Settings:
2021-02-07 13:18:56 us=821874   config = 'config.ovpn'
2021-02-07 13:18:56 us=821874   mode = 0
2021-02-07 13:18:56 us=821874   show_ciphers = DISABLED
2021-02-07 13:18:56 us=821874   show_digests = DISABLED
2021-02-07 13:18:56 us=821874   show_engines = DISABLED
2021-02-07 13:18:56 us=821874   genkey = DISABLED
2021-02-07 13:18:56 us=821874   genkey_filename = '[UNDEF]'
2021-02-07 13:18:56 us=821874   key_pass_file = '[UNDEF]'
2021-02-07 13:18:56 us=821874   show_tls_ciphers = DISABLED
2021-02-07 13:18:56 us=821874   connect_retry_max = 0
2021-02-07 13:18:56 us=821874 Connection profiles [0]:
2021-02-07 13:18:56 us=821874   proto = udp
2021-02-07 13:18:56 us=821874   local = '[UNDEF]'
2021-02-07 13:18:56 us=821874   local_port = '[UNDEF]'
2021-02-07 13:18:56 us=821874   remote = 'us3.privacy.network'
2021-02-07 13:18:56 us=821874   remote_port = '1198'
2021-02-07 13:18:56 us=821874   remote_float = DISABLED
2021-02-07 13:18:56 us=821874   bind_defined = DISABLED
2021-02-07 13:18:56 us=821874   bind_local = DISABLED
2021-02-07 13:18:56 us=821874   bind_ipv6_only = DISABLED
2021-02-07 13:18:56 us=821874   connect_retry_seconds = 5
2021-02-07 13:18:56 us=821874   connect_timeout = 120
2021-02-07 13:18:56 us=821874   socks_proxy_server = '[UNDEF]'
2021-02-07 13:18:56 us=821874   socks_proxy_port = '[UNDEF]'
2021-02-07 13:18:56 us=821874   tun_mtu = 1500
2021-02-07 13:18:56 us=821874   tun_mtu_defined = ENABLED
2021-02-07 13:18:56 us=821874   link_mtu = 1500
2021-02-07 13:18:56 us=821874   link_mtu_defined = DISABLED
2021-02-07 13:18:56 us=821874   tun_mtu_extra = 0
2021-02-07 13:18:56 us=821874   tun_mtu_extra_defined = DISABLED
2021-02-07 13:18:56 us=821874   mtu_discover_type = -1
2021-02-07 13:18:56 us=821874   fragment = 0
2021-02-07 13:18:56 us=821874   mssfix = 1450
2021-02-07 13:18:56 us=821874   explicit_exit_notification = 0
2021-02-07 13:18:56 us=821874   tls_auth_file = '[UNDEF]'
2021-02-07 13:18:56 us=821874   key_direction = not set
2021-02-07 13:18:56 us=821874   tls_crypt_file = '[UNDEF]'
2021-02-07 13:18:56 us=821874   tls_crypt_v2_file = '[UNDEF]'
2021-02-07 13:18:56 us=821874 Connection profiles [1]:
2021-02-07 13:18:56 us=821874   proto = udp
2021-02-07 13:18:56 us=821874   local = '[UNDEF]'
2021-02-07 13:18:56 us=821874   local_port = '[UNDEF]'
2021-02-07 13:18:56 us=821874   remote = 'us-atlanta.privacy.network'
2021-02-07 13:18:56 us=821874   remote_port = '1198'
2021-02-07 13:18:56 us=821874   remote_float = DISABLED
2021-02-07 13:18:56 us=821874   bind_defined = DISABLED
2021-02-07 13:18:56 us=821874   bind_local = DISABLED
2021-02-07 13:18:56 us=821874   bind_ipv6_only = DISABLED
2021-02-07 13:18:56 us=821874   connect_retry_seconds = 5
2021-02-07 13:18:56 us=821874   connect_timeout = 120
2021-02-07 13:18:56 us=821874   socks_proxy_server = '[UNDEF]'
2021-02-07 13:18:56 us=821874   socks_proxy_port = '[UNDEF]'
2021-02-07 13:18:56 us=821874   tun_mtu = 1500
2021-02-07 13:18:56 us=821874   tun_mtu_defined = ENABLED
2021-02-07 13:18:56 us=821874   link_mtu = 1500
2021-02-07 13:18:56 us=821874   link_mtu_defined = DISABLED
2021-02-07 13:18:56 us=821874   tun_mtu_extra = 0
2021-02-07 13:18:56 us=821874   tun_mtu_extra_defined = DISABLED
2021-02-07 13:18:56 us=821874   mtu_discover_type = -1
2021-02-07 13:18:56 us=821874   fragment = 0
2021-02-07 13:18:56 us=821874   mssfix = 1450
2021-02-07 13:18:56 us=821874   explicit_exit_notification = 0
2021-02-07 13:18:56 us=821874   tls_auth_file = '[UNDEF]'
2021-02-07 13:18:56 us=821874   key_direction = not set
2021-02-07 13:18:56 us=821874   tls_crypt_file = '[UNDEF]'
2021-02-07 13:18:56 us=821874   tls_crypt_v2_file = '[UNDEF]'
2021-02-07 13:18:56 us=821874 Connection profiles [2]:
2021-02-07 13:18:56 us=821874   proto = udp
2021-02-07 13:18:56 us=821874   local = '[UNDEF]'
2021-02-07 13:18:56 us=821874   local_port = '[UNDEF]'
2021-02-07 13:18:56 us=821874   remote = 'us-washingtondc.privacy.network'
2021-02-07 13:18:56 us=821874   remote_port = '1198'
2021-02-07 13:18:56 us=821874   remote_float = DISABLED
2021-02-07 13:18:56 us=821874   bind_defined = DISABLED
2021-02-07 13:18:56 us=821874   bind_local = DISABLED
2021-02-07 13:18:56 us=821874   bind_ipv6_only = DISABLED
2021-02-07 13:18:56 us=821874   connect_retry_seconds = 5
2021-02-07 13:18:56 us=821874   connect_timeout = 120
2021-02-07 13:18:56 us=821874   socks_proxy_server = '[UNDEF]'
2021-02-07 13:18:56 us=821874   socks_proxy_port = '[UNDEF]'
2021-02-07 13:18:56 us=821874   tun_mtu = 1500
2021-02-07 13:18:56 us=821874   tun_mtu_defined = ENABLED
2021-02-07 13:18:56 us=821874   link_mtu = 1500
2021-02-07 13:18:56 us=821874   link_mtu_defined = DISABLED
2021-02-07 13:18:56 us=821874   tun_mtu_extra = 0
2021-02-07 13:18:56 us=821874   tun_mtu_extra_defined = DISABLED
2021-02-07 13:18:56 us=821874   mtu_discover_type = -1
2021-02-07 13:18:56 us=821874   fragment = 0
2021-02-07 13:18:56 us=821874   mssfix = 1450
2021-02-07 13:18:56 us=821874   explicit_exit_notification = 0
2021-02-07 13:18:56 us=821874   tls_auth_file = '[UNDEF]'
2021-02-07 13:18:56 us=821874   key_direction = not set
2021-02-07 13:18:56 us=821874   tls_crypt_file = '[UNDEF]'
2021-02-07 13:18:56 us=821874   tls_crypt_v2_file = '[UNDEF]'
2021-02-07 13:18:56 us=821874 Connection profiles [3]:
2021-02-07 13:18:56 us=821874   proto = udp
2021-02-07 13:18:56 us=821874   local = '[UNDEF]'
2021-02-07 13:18:56 us=821874   local_port = '[UNDEF]'
2021-02-07 13:18:56 us=821874   remote = 'us-texas.privacy.network'
2021-02-07 13:18:56 us=821874   remote_port = '1198'
2021-02-07 13:18:56 us=821874   remote_float = DISABLED
2021-02-07 13:18:56 us=821874   bind_defined = DISABLED
2021-02-07 13:18:56 us=821874   bind_local = DISABLED
2021-02-07 13:18:56 us=821874   bind_ipv6_only = DISABLED
2021-02-07 13:18:56 us=821874   connect_retry_seconds = 5
2021-02-07 13:18:56 us=821874   connect_timeout = 120
2021-02-07 13:18:56 us=821874   socks_proxy_server = '[UNDEF]'
2021-02-07 13:18:56 us=821874   socks_proxy_port = '[UNDEF]'
2021-02-07 13:18:56 us=821874   tun_mtu = 1500
2021-02-07 13:18:56 us=821874   tun_mtu_defined = ENABLED
2021-02-07 13:18:56 us=821874   link_mtu = 1500
2021-02-07 13:18:56 us=821874   link_mtu_defined = DISABLED
2021-02-07 13:18:56 us=821874   tun_mtu_extra = 0
2021-02-07 13:18:56 us=821874   tun_mtu_extra_defined = DISABLED
2021-02-07 13:18:56 us=821874   mtu_discover_type = -1
2021-02-07 13:18:56 us=821874   fragment = 0
2021-02-07 13:18:56 us=821874   mssfix = 1450
2021-02-07 13:18:56 us=821874   explicit_exit_notification = 0
2021-02-07 13:18:56 us=821874   tls_auth_file = '[UNDEF]'
2021-02-07 13:18:56 us=821874   key_direction = not set
2021-02-07 13:18:56 us=821874   tls_crypt_file = '[UNDEF]'
2021-02-07 13:18:56 us=821874   tls_crypt_v2_file = '[UNDEF]'
2021-02-07 13:18:56 us=821874 Connection profiles [4]:
2021-02-07 13:18:56 us=821874   proto = udp
2021-02-07 13:18:56 us=821874   local = '[UNDEF]'
2021-02-07 13:18:56 us=821874   local_port = '[UNDEF]'
2021-02-07 13:18:56 us=821874   remote = 'us-siliconvalley.privacy.network'
2021-02-07 13:18:56 us=821874   remote_port = '1198'
2021-02-07 13:18:56 us=821874   remote_float = DISABLED
2021-02-07 13:18:56 us=821874   bind_defined = DISABLED
2021-02-07 13:18:56 us=821874   bind_local = DISABLED
2021-02-07 13:18:56 us=821874   bind_ipv6_only = DISABLED
2021-02-07 13:18:56 us=821874   connect_retry_seconds = 5
2021-02-07 13:18:56 us=821874   connect_timeout = 120
2021-02-07 13:18:56 us=821874   socks_proxy_server = '[UNDEF]'
2021-02-07 13:18:56 us=821874   socks_proxy_port = '[UNDEF]'
2021-02-07 13:18:56 us=821874   tun_mtu = 1500
2021-02-07 13:18:56 us=821874   tun_mtu_defined = ENABLED
2021-02-07 13:18:56 us=821874   link_mtu = 1500
2021-02-07 13:18:56 us=821874   link_mtu_defined = DISABLED
2021-02-07 13:18:56 us=821874   tun_mtu_extra = 0
2021-02-07 13:18:56 us=821874   tun_mtu_extra_defined = DISABLED
2021-02-07 13:18:56 us=821874   mtu_discover_type = -1
2021-02-07 13:18:56 us=821874   fragment = 0
2021-02-07 13:18:56 us=821874   mssfix = 1450
2021-02-07 13:18:56 us=821874   explicit_exit_notification = 0
2021-02-07 13:18:56 us=821874   tls_auth_file = '[UNDEF]'
2021-02-07 13:18:56 us=821874   key_direction = not set
2021-02-07 13:18:56 us=821874   tls_crypt_file = '[UNDEF]'
2021-02-07 13:18:56 us=821874   tls_crypt_v2_file = '[UNDEF]'
2021-02-07 13:18:56 us=821874 Connection profiles [5]:
2021-02-07 13:18:56 us=821874   proto = udp
2021-02-07 13:18:56 us=821874   local = '[UNDEF]'
2021-02-07 13:18:56 us=821874   local_port = '[UNDEF]'
2021-02-07 13:18:56 us=821874   remote = 'us-seattle.privacy.network'
2021-02-07 13:18:56 us=821874   remote_port = '1198'
2021-02-07 13:18:56 us=821874   remote_float = DISABLED
2021-02-07 13:18:56 us=821874   bind_defined = DISABLED
2021-02-07 13:18:56 us=821874   bind_local = DISABLED
2021-02-07 13:18:56 us=821874   bind_ipv6_only = DISABLED
2021-02-07 13:18:56 us=821874   connect_retry_seconds = 5
2021-02-07 13:18:56 us=821874   connect_timeout = 120
2021-02-07 13:18:56 us=821874   socks_proxy_server = '[UNDEF]'
2021-02-07 13:18:56 us=821874   socks_proxy_port = '[UNDEF]'
2021-02-07 13:18:56 us=821874   tun_mtu = 1500
2021-02-07 13:18:56 us=821874   tun_mtu_defined = ENABLED
2021-02-07 13:18:56 us=821874   link_mtu = 1500
2021-02-07 13:18:56 us=821874   link_mtu_defined = DISABLED
2021-02-07 13:18:56 us=821874   tun_mtu_extra = 0
2021-02-07 13:18:56 us=821874   tun_mtu_extra_defined = DISABLED
2021-02-07 13:18:56 us=821874   mtu_discover_type = -1
2021-02-07 13:18:56 us=821874   fragment = 0
2021-02-07 13:18:56 us=821874   mssfix = 1450
2021-02-07 13:18:56 us=821874   explicit_exit_notification = 0
2021-02-07 13:18:56 us=821874   tls_auth_file = '[UNDEF]'
2021-02-07 13:18:56 us=821874   key_direction = not set
2021-02-07 13:18:56 us=821874   tls_crypt_file = '[UNDEF]'
2021-02-07 13:18:56 us=821874   tls_crypt_v2_file = '[UNDEF]'
2021-02-07 13:18:56 us=821874 Connection profiles [6]:
2021-02-07 13:18:56 us=821874   proto = udp
2021-02-07 13:18:56 us=821874   local = '[UNDEF]'
2021-02-07 13:18:56 us=821874   local_port = '[UNDEF]'
2021-02-07 13:18:56 us=821874   remote = 'us-newyorkcity.privacy.network'
2021-02-07 13:18:56 us=822874   remote_port = '1198'
2021-02-07 13:18:56 us=822874   remote_float = DISABLED
2021-02-07 13:18:56 us=822874   bind_defined = DISABLED
2021-02-07 13:18:56 us=822874   bind_local = DISABLED
2021-02-07 13:18:56 us=822874   bind_ipv6_only = DISABLED
2021-02-07 13:18:56 us=822874   connect_retry_seconds = 5
2021-02-07 13:18:56 us=822874   connect_timeout = 120
2021-02-07 13:18:56 us=822874   socks_proxy_server = '[UNDEF]'
2021-02-07 13:18:56 us=822874   socks_proxy_port = '[UNDEF]'
2021-02-07 13:18:56 us=822874   tun_mtu = 1500
2021-02-07 13:18:56 us=822874   tun_mtu_defined = ENABLED
2021-02-07 13:18:56 us=822874   link_mtu = 1500
2021-02-07 13:18:56 us=822874   link_mtu_defined = DISABLED
2021-02-07 13:18:56 us=822874   tun_mtu_extra = 0
2021-02-07 13:18:56 us=822874   tun_mtu_extra_defined = DISABLED
2021-02-07 13:18:56 us=822874   mtu_discover_type = -1
2021-02-07 13:18:56 us=822874   fragment = 0
2021-02-07 13:18:56 us=822874   mssfix = 1450
2021-02-07 13:18:56 us=822874   explicit_exit_notification = 0
2021-02-07 13:18:56 us=822874   tls_auth_file = '[UNDEF]'
2021-02-07 13:18:56 us=822874   key_direction = not set
2021-02-07 13:18:56 us=822874   tls_crypt_file = '[UNDEF]'
2021-02-07 13:18:56 us=822874   tls_crypt_v2_file = '[UNDEF]'
2021-02-07 13:18:56 us=822874 Connection profiles [7]:
2021-02-07 13:18:56 us=822874   proto = udp
2021-02-07 13:18:56 us=822874   local = '[UNDEF]'
2021-02-07 13:18:56 us=822874   local_port = '[UNDEF]'
2021-02-07 13:18:56 us=822874   remote = 'us-lasvegas.privacy.network'
2021-02-07 13:18:56 us=822874   remote_port = '1198'
2021-02-07 13:18:56 us=822874   remote_float = DISABLED
2021-02-07 13:18:56 us=822874   bind_defined = DISABLED
2021-02-07 13:18:56 us=822874   bind_local = DISABLED
2021-02-07 13:18:56 us=822874   bind_ipv6_only = DISABLED
2021-02-07 13:18:56 us=822874   connect_retry_seconds = 5
2021-02-07 13:18:56 us=822874   connect_timeout = 120
2021-02-07 13:18:56 us=822874   socks_proxy_server = '[UNDEF]'
2021-02-07 13:18:56 us=822874   socks_proxy_port = '[UNDEF]'
2021-02-07 13:18:56 us=822874   tun_mtu = 1500
2021-02-07 13:18:56 us=822874   tun_mtu_defined = ENABLED
2021-02-07 13:18:56 us=822874   link_mtu = 1500
2021-02-07 13:18:56 us=822874   link_mtu_defined = DISABLED
2021-02-07 13:18:56 us=822874   tun_mtu_extra = 0
2021-02-07 13:18:56 us=822874   tun_mtu_extra_defined = DISABLED
2021-02-07 13:18:56 us=822874   mtu_discover_type = -1
2021-02-07 13:18:56 us=822874   fragment = 0
2021-02-07 13:18:56 us=822874   mssfix = 1450
2021-02-07 13:18:56 us=822874   explicit_exit_notification = 0
2021-02-07 13:18:56 us=822874   tls_auth_file = '[UNDEF]'
2021-02-07 13:18:56 us=822874   key_direction = not set
2021-02-07 13:18:56 us=822874   tls_crypt_file = '[UNDEF]'
2021-02-07 13:18:56 us=822874   tls_crypt_v2_file = '[UNDEF]'
2021-02-07 13:18:56 us=822874 Connection profiles [8]:
2021-02-07 13:18:56 us=822874   proto = udp
2021-02-07 13:18:56 us=822874   local = '[UNDEF]'
2021-02-07 13:18:56 us=822874   local_port = '[UNDEF]'
2021-02-07 13:18:56 us=822874   remote = 'us-houston.privacy.network'
2021-02-07 13:18:56 us=822874   remote_port = '1198'
2021-02-07 13:18:56 us=822874   remote_float = DISABLED
2021-02-07 13:18:56 us=822874   bind_defined = DISABLED
2021-02-07 13:18:56 us=822874   bind_local = DISABLED
2021-02-07 13:18:56 us=822874   bind_ipv6_only = DISABLED
2021-02-07 13:18:56 us=822874   connect_retry_seconds = 5
2021-02-07 13:18:56 us=822874   connect_timeout = 120
2021-02-07 13:18:56 us=822874   socks_proxy_server = '[UNDEF]'
2021-02-07 13:18:56 us=822874   socks_proxy_port = '[UNDEF]'
2021-02-07 13:18:56 us=822874   tun_mtu = 1500
2021-02-07 13:18:56 us=822874   tun_mtu_defined = ENABLED
2021-02-07 13:18:56 us=822874   link_mtu = 1500
2021-02-07 13:18:56 us=822874   link_mtu_defined = DISABLED
2021-02-07 13:18:56 us=822874   tun_mtu_extra = 0
2021-02-07 13:18:56 us=822874   tun_mtu_extra_defined = DISABLED
2021-02-07 13:18:56 us=822874   mtu_discover_type = -1
2021-02-07 13:18:56 us=822874   fragment = 0
2021-02-07 13:18:56 us=822874   mssfix = 1450
2021-02-07 13:18:56 us=822874   explicit_exit_notification = 0
2021-02-07 13:18:56 us=822874   tls_auth_file = '[UNDEF]'
2021-02-07 13:18:56 us=822874   key_direction = not set
2021-02-07 13:18:56 us=822874   tls_crypt_file = '[UNDEF]'
2021-02-07 13:18:56 us=822874   tls_crypt_v2_file = '[UNDEF]'
2021-02-07 13:18:56 us=822874 Connection profiles [9]:
2021-02-07 13:18:56 us=822874   proto = udp
2021-02-07 13:18:56 us=822874   local = '[UNDEF]'
2021-02-07 13:18:56 us=822874   local_port = '[UNDEF]'
2021-02-07 13:18:56 us=822874   remote = 'us-florida.privacy.network'
2021-02-07 13:18:56 us=822874   remote_port = '1198'
2021-02-07 13:18:56 us=822874   remote_float = DISABLED
2021-02-07 13:18:56 us=822874   bind_defined = DISABLED
2021-02-07 13:18:56 us=822874   bind_local = DISABLED
2021-02-07 13:18:56 us=822874   bind_ipv6_only = DISABLED
2021-02-07 13:18:56 us=822874   connect_retry_seconds = 5
2021-02-07 13:18:56 us=822874   connect_timeout = 120
2021-02-07 13:18:56 us=822874   socks_proxy_server = '[UNDEF]'
2021-02-07 13:18:56 us=822874   socks_proxy_port = '[UNDEF]'
2021-02-07 13:18:56 us=822874   tun_mtu = 1500
2021-02-07 13:18:56 us=822874   tun_mtu_defined = ENABLED
2021-02-07 13:18:56 us=822874   link_mtu = 1500
2021-02-07 13:18:56 us=822874   link_mtu_defined = DISABLED
2021-02-07 13:18:56 us=822874   tun_mtu_extra = 0
2021-02-07 13:18:56 us=822874   tun_mtu_extra_defined = DISABLED
2021-02-07 13:18:56 us=822874   mtu_discover_type = -1
2021-02-07 13:18:56 us=822874   fragment = 0
2021-02-07 13:18:56 us=822874   mssfix = 1450
2021-02-07 13:18:56 us=822874   explicit_exit_notification = 0
2021-02-07 13:18:56 us=822874   tls_auth_file = '[UNDEF]'
2021-02-07 13:18:56 us=822874   key_direction = not set
2021-02-07 13:18:56 us=822874   tls_crypt_file = '[UNDEF]'
2021-02-07 13:18:56 us=822874   tls_crypt_v2_file = '[UNDEF]'
2021-02-07 13:18:56 us=822874 Connection profiles [10]:
2021-02-07 13:18:56 us=822874   proto = udp
2021-02-07 13:18:56 us=822874   local = '[UNDEF]'
2021-02-07 13:18:56 us=822874   local_port = '[UNDEF]'
2021-02-07 13:18:56 us=822874   remote = 'us-newjersey.privacy.network'
2021-02-07 13:18:56 us=822874   remote_port = '1198'
2021-02-07 13:18:56 us=822874   remote_float = DISABLED
2021-02-07 13:18:56 us=822874   bind_defined = DISABLED
2021-02-07 13:18:56 us=822874   bind_local = DISABLED
2021-02-07 13:18:56 us=822874   bind_ipv6_only = DISABLED
2021-02-07 13:18:56 us=822874   connect_retry_seconds = 5
2021-02-07 13:18:56 us=822874   connect_timeout = 120
2021-02-07 13:18:56 us=822874   socks_proxy_server = '[UNDEF]'
2021-02-07 13:18:56 us=822874   socks_proxy_port = '[UNDEF]'
2021-02-07 13:18:56 us=822874   tun_mtu = 1500
2021-02-07 13:18:56 us=822874   tun_mtu_defined = ENABLED
2021-02-07 13:18:56 us=822874   link_mtu = 1500
2021-02-07 13:18:56 us=822874   link_mtu_defined = DISABLED
2021-02-07 13:18:56 us=822874   tun_mtu_extra = 0
2021-02-07 13:18:56 us=822874   tun_mtu_extra_defined = DISABLED
2021-02-07 13:18:56 us=822874   mtu_discover_type = -1
2021-02-07 13:18:56 us=822874   fragment = 0
2021-02-07 13:18:56 us=822874   mssfix = 1450
2021-02-07 13:18:56 us=822874   explicit_exit_notification = 0
2021-02-07 13:18:56 us=822874   tls_auth_file = '[UNDEF]'
2021-02-07 13:18:56 us=822874   key_direction = not set
2021-02-07 13:18:56 us=822874   tls_crypt_file = '[UNDEF]'
2021-02-07 13:18:56 us=822874   tls_crypt_v2_file = '[UNDEF]'
2021-02-07 13:18:56 us=822874 Connection profiles [11]:
2021-02-07 13:18:56 us=822874   proto = udp
2021-02-07 13:18:56 us=822874   local = '[UNDEF]'
2021-02-07 13:18:56 us=822874   local_port = '[UNDEF]'
2021-02-07 13:18:56 us=822874   remote = 'us-denver.privacy.network'
2021-02-07 13:18:56 us=822874   remote_port = '1198'
2021-02-07 13:18:56 us=822874   remote_float = DISABLED
2021-02-07 13:18:56 us=822874   bind_defined = DISABLED
2021-02-07 13:18:56 us=822874   bind_local = DISABLED
2021-02-07 13:18:56 us=822874   bind_ipv6_only = DISABLED
2021-02-07 13:18:56 us=822874   connect_retry_seconds = 5
2021-02-07 13:18:56 us=822874   connect_timeout = 120
2021-02-07 13:18:56 us=822874   socks_proxy_server = '[UNDEF]'
2021-02-07 13:18:56 us=822874   socks_proxy_port = '[UNDEF]'
2021-02-07 13:18:56 us=822874   tun_mtu = 1500
2021-02-07 13:18:56 us=822874   tun_mtu_defined = ENABLED
2021-02-07 13:18:56 us=822874   link_mtu = 1500
2021-02-07 13:18:56 us=822874   link_mtu_defined = DISABLED
2021-02-07 13:18:56 us=822874   tun_mtu_extra = 0
2021-02-07 13:18:56 us=822874   tun_mtu_extra_defined = DISABLED
2021-02-07 13:18:56 us=822874   mtu_discover_type = -1
2021-02-07 13:18:56 us=822874   fragment = 0
2021-02-07 13:18:56 us=822874   mssfix = 1450
2021-02-07 13:18:56 us=822874   explicit_exit_notification = 0
2021-02-07 13:18:56 us=822874   tls_auth_file = '[UNDEF]'
2021-02-07 13:18:56 us=822874   key_direction = not set
2021-02-07 13:18:56 us=822874   tls_crypt_file = '[UNDEF]'
2021-02-07 13:18:56 us=822874   tls_crypt_v2_file = '[UNDEF]'
2021-02-07 13:18:56 us=822874 Connection profiles [12]:
2021-02-07 13:18:56 us=822874   proto = udp
2021-02-07 13:18:56 us=822874   local = '[UNDEF]'
2021-02-07 13:18:56 us=822874   local_port = '[UNDEF]'
2021-02-07 13:18:56 us=822874   remote = 'us-chicago.privacy.network'
2021-02-07 13:18:56 us=822874   remote_port = '1198'
2021-02-07 13:18:56 us=822874   remote_float = DISABLED
2021-02-07 13:18:56 us=822874   bind_defined = DISABLED
2021-02-07 13:18:56 us=822874   bind_local = DISABLED
2021-02-07 13:18:56 us=823873   bind_ipv6_only = DISABLED
2021-02-07 13:18:56 us=823873   connect_retry_seconds = 5
2021-02-07 13:18:56 us=823873   connect_timeout = 120
2021-02-07 13:18:56 us=823873   socks_proxy_server = '[UNDEF]'
2021-02-07 13:18:56 us=823873   socks_proxy_port = '[UNDEF]'
2021-02-07 13:18:56 us=823873   tun_mtu = 1500
2021-02-07 13:18:56 us=823873   tun_mtu_defined = ENABLED
2021-02-07 13:18:56 us=823873   link_mtu = 1500
2021-02-07 13:18:56 us=823873   link_mtu_defined = DISABLED
2021-02-07 13:18:56 us=823873   tun_mtu_extra = 0
2021-02-07 13:18:56 us=823873   tun_mtu_extra_defined = DISABLED
2021-02-07 13:18:56 us=823873   mtu_discover_type = -1
2021-02-07 13:18:56 us=823873   fragment = 0
2021-02-07 13:18:56 us=823873   mssfix = 1450
2021-02-07 13:18:56 us=823873   explicit_exit_notification = 0
2021-02-07 13:18:56 us=823873   tls_auth_file = '[UNDEF]'
2021-02-07 13:18:56 us=823873   key_direction = not set
2021-02-07 13:18:56 us=823873   tls_crypt_file = '[UNDEF]'
2021-02-07 13:18:56 us=823873   tls_crypt_v2_file = '[UNDEF]'
2021-02-07 13:18:56 us=823873 Connection profiles [13]:
2021-02-07 13:18:56 us=823873   proto = udp
2021-02-07 13:18:56 us=823873   local = '[UNDEF]'
2021-02-07 13:18:56 us=823873   local_port = '[UNDEF]'
2021-02-07 13:18:56 us=823873   remote = 'us-california.privacy.network'
2021-02-07 13:18:56 us=823873   remote_port = '1198'
2021-02-07 13:18:56 us=823873   remote_float = DISABLED
2021-02-07 13:18:56 us=823873   bind_defined = DISABLED
2021-02-07 13:18:56 us=823873   bind_local = DISABLED
2021-02-07 13:18:56 us=823873   bind_ipv6_only = DISABLED
2021-02-07 13:18:56 us=823873   connect_retry_seconds = 5
2021-02-07 13:18:56 us=823873   connect_timeout = 120
2021-02-07 13:18:56 us=823873   socks_proxy_server = '[UNDEF]'
2021-02-07 13:18:56 us=823873   socks_proxy_port = '[UNDEF]'
2021-02-07 13:18:56 us=823873   tun_mtu = 1500
2021-02-07 13:18:56 us=823873   tun_mtu_defined = ENABLED
2021-02-07 13:18:56 us=823873   link_mtu = 1500
2021-02-07 13:18:56 us=823873   link_mtu_defined = DISABLED
2021-02-07 13:18:56 us=823873   tun_mtu_extra = 0
2021-02-07 13:18:56 us=823873   tun_mtu_extra_defined = DISABLED
2021-02-07 13:18:56 us=823873   mtu_discover_type = -1
2021-02-07 13:18:56 us=823873   fragment = 0
2021-02-07 13:18:56 us=823873   mssfix = 1450
2021-02-07 13:18:56 us=823873   explicit_exit_notification = 0
2021-02-07 13:18:56 us=823873   tls_auth_file = '[UNDEF]'
2021-02-07 13:18:56 us=823873   key_direction = not set
2021-02-07 13:18:56 us=823873   tls_crypt_file = '[UNDEF]'
2021-02-07 13:18:56 us=823873   tls_crypt_v2_file = '[UNDEF]'
2021-02-07 13:18:56 us=823873 Connection profiles END
2021-02-07 13:18:56 us=823873   remote_random = ENABLED
2021-02-07 13:18:56 us=823873   ipchange = '[UNDEF]'
2021-02-07 13:18:56 us=823873   dev = 'tun'
2021-02-07 13:18:56 us=823873   dev_type = '[UNDEF]'
2021-02-07 13:18:56 us=823873   dev_node = '[UNDEF]'
2021-02-07 13:18:56 us=823873   lladdr = '[UNDEF]'
2021-02-07 13:18:56 us=823873   topology = 1
2021-02-07 13:18:56 us=823873   ifconfig_local = '[UNDEF]'
2021-02-07 13:18:56 us=823873   ifconfig_remote_netmask = '[UNDEF]'
2021-02-07 13:18:56 us=823873   ifconfig_noexec = DISABLED
2021-02-07 13:18:56 us=823873   ifconfig_nowarn = DISABLED
2021-02-07 13:18:56 us=823873   ifconfig_ipv6_local = '[UNDEF]'
2021-02-07 13:18:56 us=823873   ifconfig_ipv6_netbits = 0
2021-02-07 13:18:56 us=823873   ifconfig_ipv6_remote = '[UNDEF]'
2021-02-07 13:18:56 us=823873   shaper = 0
2021-02-07 13:18:56 us=823873   mtu_test = 0
2021-02-07 13:18:56 us=823873   mlock = DISABLED
2021-02-07 13:18:56 us=823873   keepalive_ping = 0
2021-02-07 13:18:56 us=823873   keepalive_timeout = 0
2021-02-07 13:18:56 us=823873   inactivity_timeout = 0
2021-02-07 13:18:56 us=823873   ping_send_timeout = 0
2021-02-07 13:18:56 us=823873   ping_rec_timeout = 0
2021-02-07 13:18:56 us=823873   ping_rec_timeout_action = 0
2021-02-07 13:18:56 us=823873   ping_timer_remote = DISABLED
2021-02-07 13:18:56 us=823873   remap_sigusr1 = 0
2021-02-07 13:18:56 us=823873   persist_tun = ENABLED
2021-02-07 13:18:56 us=823873   persist_local_ip = DISABLED
2021-02-07 13:18:56 us=823873   persist_remote_ip = DISABLED
2021-02-07 13:18:56 us=823873   persist_key = ENABLED
2021-02-07 13:18:56 us=823873   passtos = DISABLED
2021-02-07 13:18:56 us=823873   resolve_retry_seconds = 1000000000
2021-02-07 13:18:56 us=823873   resolve_in_advance = DISABLED
2021-02-07 13:18:56 us=823873   username = '[UNDEF]'
2021-02-07 13:18:56 us=823873   groupname = '[UNDEF]'
2021-02-07 13:18:56 us=823873   chroot_dir = '[UNDEF]'
2021-02-07 13:18:56 us=823873   cd_dir = '[UNDEF]'
2021-02-07 13:18:56 us=823873   writepid = '[UNDEF]'
2021-02-07 13:18:56 us=823873   up_script = '[UNDEF]'
2021-02-07 13:18:56 us=823873   down_script = '[UNDEF]'
2021-02-07 13:18:56 us=823873   down_pre = DISABLED
2021-02-07 13:18:56 us=823873   up_restart = DISABLED
2021-02-07 13:18:56 us=823873   up_delay = DISABLED
2021-02-07 13:18:56 us=823873   daemon = DISABLED
2021-02-07 13:18:56 us=823873   inetd = 0
2021-02-07 13:18:56 us=823873   log = ENABLED
2021-02-07 13:18:56 us=823873   suppress_timestamps = DISABLED
2021-02-07 13:18:56 us=823873   machine_readable_output = DISABLED
2021-02-07 13:18:56 us=823873   nice = 0
2021-02-07 13:18:56 us=823873   verbosity = 4
2021-02-07 13:18:56 us=823873   mute = 0
2021-02-07 13:18:56 us=823873   gremlin = 0
2021-02-07 13:18:56 us=823873   status_file = '[UNDEF]'
2021-02-07 13:18:56 us=823873   status_file_version = 1
2021-02-07 13:18:56 us=823873   status_file_update_freq = 60
2021-02-07 13:18:56 us=823873   occ = DISABLED
2021-02-07 13:18:56 us=823873   rcvbuf = 0
2021-02-07 13:18:56 us=823873   sndbuf = 0
2021-02-07 13:18:56 us=823873   sockflags = 0
2021-02-07 13:18:56 us=823873   fast_io = DISABLED
2021-02-07 13:18:56 us=823873   comp.alg = 1
2021-02-07 13:18:56 us=823873   comp.flags = 4
2021-02-07 13:18:56 us=823873   route_script = '[UNDEF]'
2021-02-07 13:18:56 us=823873   route_default_gateway = '[UNDEF]'
2021-02-07 13:18:56 us=823873   route_default_metric = 0
2021-02-07 13:18:56 us=823873   route_noexec = DISABLED
2021-02-07 13:18:56 us=823873   route_delay = 5
2021-02-07 13:18:56 us=823873   route_delay_window = 30
2021-02-07 13:18:56 us=823873   route_delay_defined = ENABLED
2021-02-07 13:18:56 us=823873   route_nopull = DISABLED
2021-02-07 13:18:56 us=823873   route_gateway_via_dhcp = DISABLED
2021-02-07 13:18:56 us=823873   allow_pull_fqdn = DISABLED
2021-02-07 13:18:56 us=823873   Pull filters:
2021-02-07 13:18:56 us=823873     ignore "route-method"
2021-02-07 13:18:56 us=823873   management_addr = '127.0.0.1'
2021-02-07 13:18:56 us=823873   management_port = '25340'
2021-02-07 13:18:56 us=823873   management_user_pass = 'stdin'
2021-02-07 13:18:56 us=823873   management_log_history_cache = 250
2021-02-07 13:18:56 us=823873   management_echo_buffer_size = 100
2021-02-07 13:18:56 us=823873   management_write_peer_info_file = '[UNDEF]'
2021-02-07 13:18:56 us=823873   management_client_user = '[UNDEF]'
2021-02-07 13:18:56 us=823873   management_client_group = '[UNDEF]'
2021-02-07 13:18:56 us=823873   management_flags = 6
2021-02-07 13:18:56 us=823873   shared_secret_file = '[UNDEF]'
2021-02-07 13:18:56 us=823873   key_direction = not set
2021-02-07 13:18:56 us=823873   ciphername = 'aes-128-cbc'
2021-02-07 13:18:56 us=823873   ncp_enabled = ENABLED
2021-02-07 13:18:56 us=823873   ncp_ciphers = 'AES-256-GCM:AES-128-GCM:AES-128-CBC'
2021-02-07 13:18:56 us=823873   authname = 'sha1'
2021-02-07 13:18:56 us=823873   prng_hash = 'SHA1'
2021-02-07 13:18:56 us=823873   prng_nonce_secret_len = 16
2021-02-07 13:18:56 us=823873   keysize = 0
2021-02-07 13:18:56 us=823873   engine = DISABLED
2021-02-07 13:18:56 us=823873   replay = ENABLED
2021-02-07 13:18:56 us=823873   mute_replay_warnings = DISABLED
2021-02-07 13:18:56 us=823873   replay_window = 64
2021-02-07 13:18:56 us=823873   replay_time = 15
2021-02-07 13:18:56 us=823873   packet_id_file = '[UNDEF]'
2021-02-07 13:18:56 us=823873   test_crypto = DISABLED
2021-02-07 13:18:56 us=823873   tls_server = DISABLED
2021-02-07 13:18:56 us=823873   tls_client = ENABLED
2021-02-07 13:18:56 us=824874   ca_file = '[INLINE]'
2021-02-07 13:18:56 us=824874   ca_path = '[UNDEF]'
2021-02-07 13:18:56 us=824874   dh_file = '[UNDEF]'
2021-02-07 13:18:56 us=824874   cert_file = '[UNDEF]'
2021-02-07 13:18:56 us=824874   extra_certs_file = '[UNDEF]'
2021-02-07 13:18:56 us=824874   priv_key_file = '[UNDEF]'
2021-02-07 13:18:56 us=824874   pkcs12_file = '[UNDEF]'
2021-02-07 13:18:56 us=824874   cryptoapi_cert = '[UNDEF]'
2021-02-07 13:18:56 us=824874   cipher_list = '[UNDEF]'
2021-02-07 13:18:56 us=824874   cipher_list_tls13 = '[UNDEF]'
2021-02-07 13:18:56 us=824874   tls_cert_profile = '[UNDEF]'
2021-02-07 13:18:56 us=824874   tls_verify = '[UNDEF]'
2021-02-07 13:18:56 us=824874   tls_export_cert = '[UNDEF]'
2021-02-07 13:18:56 us=824874   verify_x509_type = 0
2021-02-07 13:18:56 us=824874   verify_x509_name = '[UNDEF]'
2021-02-07 13:18:56 us=824874   crl_file = '[INLINE]'
2021-02-07 13:18:56 us=824874   ns_cert_type = 0
2021-02-07 13:18:56 us=824874   remote_cert_ku[i] = 65535
2021-02-07 13:18:56 us=824874   remote_cert_ku[i] = 0
2021-02-07 13:18:56 us=824874   remote_cert_ku[i] = 0
2021-02-07 13:18:56 us=824874   remote_cert_ku[i] = 0
2021-02-07 13:18:56 us=824874   remote_cert_ku[i] = 0
2021-02-07 13:18:56 us=824874   remote_cert_ku[i] = 0
2021-02-07 13:18:56 us=824874   remote_cert_ku[i] = 0
2021-02-07 13:18:56 us=824874   remote_cert_ku[i] = 0
2021-02-07 13:18:56 us=824874   remote_cert_ku[i] = 0
2021-02-07 13:18:56 us=824874   remote_cert_ku[i] = 0
2021-02-07 13:18:56 us=824874   remote_cert_ku[i] = 0
2021-02-07 13:18:56 us=824874   remote_cert_ku[i] = 0
2021-02-07 13:18:56 us=824874   remote_cert_ku[i] = 0
2021-02-07 13:18:56 us=824874   remote_cert_ku[i] = 0
2021-02-07 13:18:56 us=824874   remote_cert_ku[i] = 0
2021-02-07 13:18:56 us=824874   remote_cert_ku[i] = 0
2021-02-07 13:18:56 us=824874   remote_cert_eku = 'TLS Web Server Authentication'
2021-02-07 13:18:56 us=824874   ssl_flags = 0
2021-02-07 13:18:56 us=824874   tls_timeout = 2
2021-02-07 13:18:56 us=824874   renegotiate_bytes = -1
2021-02-07 13:18:56 us=824874   renegotiate_packets = 0
2021-02-07 13:18:56 us=824874   renegotiate_seconds = 0
2021-02-07 13:18:56 us=824874   handshake_window = 60
2021-02-07 13:18:56 us=824874   transition_window = 3600
2021-02-07 13:18:56 us=824874   single_session = DISABLED
2021-02-07 13:18:56 us=824874   push_peer_info = DISABLED
2021-02-07 13:18:56 us=824874   tls_exit = DISABLED
2021-02-07 13:18:56 us=824874   tls_crypt_v2_metadata = '[UNDEF]'
2021-02-07 13:18:56 us=824874   pkcs11_protected_authentication = DISABLED
2021-02-07 13:18:56 us=824874   pkcs11_protected_authentication = DISABLED
2021-02-07 13:18:56 us=824874   pkcs11_protected_authentication = DISABLED
2021-02-07 13:18:56 us=824874   pkcs11_protected_authentication = DISABLED
2021-02-07 13:18:56 us=824874   pkcs11_protected_authentication = DISABLED
2021-02-07 13:18:56 us=824874   pkcs11_protected_authentication = DISABLED
2021-02-07 13:18:56 us=824874   pkcs11_protected_authentication = DISABLED
2021-02-07 13:18:56 us=824874   pkcs11_protected_authentication = DISABLED
2021-02-07 13:18:56 us=824874   pkcs11_protected_authentication = DISABLED
2021-02-07 13:18:56 us=824874   pkcs11_protected_authentication = DISABLED
2021-02-07 13:18:56 us=824874   pkcs11_protected_authentication = DISABLED
2021-02-07 13:18:56 us=824874   pkcs11_protected_authentication = DISABLED
2021-02-07 13:18:56 us=824874   pkcs11_protected_authentication = DISABLED
2021-02-07 13:18:56 us=824874   pkcs11_protected_authentication = DISABLED
2021-02-07 13:18:56 us=824874   pkcs11_protected_authentication = DISABLED
2021-02-07 13:18:56 us=824874   pkcs11_protected_authentication = DISABLED
2021-02-07 13:18:56 us=824874   pkcs11_private_mode = 00000000
2021-02-07 13:18:56 us=824874   pkcs11_private_mode = 00000000
2021-02-07 13:18:56 us=824874   pkcs11_private_mode = 00000000
2021-02-07 13:18:56 us=824874   pkcs11_private_mode = 00000000
2021-02-07 13:18:56 us=824874   pkcs11_private_mode = 00000000
2021-02-07 13:18:56 us=824874   pkcs11_private_mode = 00000000
2021-02-07 13:18:56 us=824874   pkcs11_private_mode = 00000000
2021-02-07 13:18:56 us=824874   pkcs11_private_mode = 00000000
2021-02-07 13:18:56 us=824874   pkcs11_private_mode = 00000000
2021-02-07 13:18:56 us=824874   pkcs11_private_mode = 00000000
2021-02-07 13:18:56 us=824874   pkcs11_private_mode = 00000000
2021-02-07 13:18:56 us=824874   pkcs11_private_mode = 00000000
2021-02-07 13:18:56 us=824874   pkcs11_private_mode = 00000000
2021-02-07 13:18:56 us=824874   pkcs11_private_mode = 00000000
2021-02-07 13:18:56 us=824874   pkcs11_private_mode = 00000000
2021-02-07 13:18:56 us=824874   pkcs11_private_mode = 00000000
2021-02-07 13:18:56 us=824874   pkcs11_cert_private = DISABLED
2021-02-07 13:18:56 us=824874   pkcs11_cert_private = DISABLED
2021-02-07 13:18:56 us=824874   pkcs11_cert_private = DISABLED
2021-02-07 13:18:56 us=824874   pkcs11_cert_private = DISABLED
2021-02-07 13:18:56 us=824874   pkcs11_cert_private = DISABLED
2021-02-07 13:18:56 us=824874   pkcs11_cert_private = DISABLED
2021-02-07 13:18:56 us=824874   pkcs11_cert_private = DISABLED
2021-02-07 13:18:56 us=824874   pkcs11_cert_private = DISABLED
2021-02-07 13:18:56 us=824874   pkcs11_cert_private = DISABLED
2021-02-07 13:18:56 us=824874   pkcs11_cert_private = DISABLED
2021-02-07 13:18:56 us=824874   pkcs11_cert_private = DISABLED
2021-02-07 13:18:56 us=824874   pkcs11_cert_private = DISABLED
2021-02-07 13:18:56 us=824874   pkcs11_cert_private = DISABLED
2021-02-07 13:18:56 us=824874   pkcs11_cert_private = DISABLED
2021-02-07 13:18:56 us=824874   pkcs11_cert_private = DISABLED
2021-02-07 13:18:56 us=824874   pkcs11_cert_private = DISABLED
2021-02-07 13:18:56 us=824874   pkcs11_pin_cache_period = -1
2021-02-07 13:18:56 us=824874   pkcs11_id = '[UNDEF]'
2021-02-07 13:18:56 us=824874   pkcs11_id_management = DISABLED
2021-02-07 13:18:56 us=824874   server_network = 0.0.0.0
2021-02-07 13:18:56 us=824874   server_netmask = 0.0.0.0
2021-02-07 13:18:56 us=824874   server_network_ipv6 = ::
2021-02-07 13:18:56 us=824874   server_netbits_ipv6 = 0
2021-02-07 13:18:56 us=824874   server_bridge_ip = 0.0.0.0
2021-02-07 13:18:56 us=824874   server_bridge_netmask = 0.0.0.0
2021-02-07 13:18:56 us=824874   server_bridge_pool_start = 0.0.0.0
2021-02-07 13:18:56 us=824874   server_bridge_pool_end = 0.0.0.0
2021-02-07 13:18:56 us=824874   ifconfig_pool_defined = DISABLED
2021-02-07 13:18:56 us=824874   ifconfig_pool_start = 0.0.0.0
2021-02-07 13:18:56 us=824874   ifconfig_pool_end = 0.0.0.0
2021-02-07 13:18:56 us=824874   ifconfig_pool_netmask = 0.0.0.0
2021-02-07 13:18:56 us=824874   ifconfig_pool_persist_filename = '[UNDEF]'
2021-02-07 13:18:56 us=824874   ifconfig_pool_persist_refresh_freq = 600
2021-02-07 13:18:56 us=824874   ifconfig_ipv6_pool_defined = DISABLED
2021-02-07 13:18:56 us=824874   ifconfig_ipv6_pool_base = ::
2021-02-07 13:18:56 us=824874   ifconfig_ipv6_pool_netbits = 0
2021-02-07 13:18:56 us=824874   n_bcast_buf = 256
2021-02-07 13:18:56 us=824874   tcp_queue_limit = 64
2021-02-07 13:18:56 us=824874   real_hash_size = 256
2021-02-07 13:18:56 us=824874   virtual_hash_size = 256
2021-02-07 13:18:56 us=824874   client_connect_script = '[UNDEF]'
2021-02-07 13:18:56 us=824874   learn_address_script = '[UNDEF]'
2021-02-07 13:18:56 us=824874   client_disconnect_script = '[UNDEF]'
2021-02-07 13:18:56 us=824874   client_config_dir = '[UNDEF]'
2021-02-07 13:18:56 us=824874   ccd_exclusive = DISABLED
2021-02-07 13:18:56 us=824874   tmp_dir = 'C:\Users\Jake\AppData\Local\Temp\'
2021-02-07 13:18:56 us=824874   push_ifconfig_defined = DISABLED
2021-02-07 13:18:56 us=824874   push_ifconfig_local = 0.0.0.0
2021-02-07 13:18:56 us=824874   push_ifconfig_remote_netmask = 0.0.0.0
2021-02-07 13:18:56 us=824874   push_ifconfig_ipv6_defined = DISABLED
2021-02-07 13:18:56 us=824874   push_ifconfig_ipv6_local = ::/0
2021-02-07 13:18:56 us=824874   push_ifconfig_ipv6_remote = ::
2021-02-07 13:18:56 us=824874   enable_c2c = DISABLED
2021-02-07 13:18:56 us=824874   duplicate_cn = DISABLED
2021-02-07 13:18:56 us=824874   cf_max = 0
2021-02-07 13:18:56 us=824874   cf_per = 0
2021-02-07 13:18:56 us=824874   max_clients = 1024
2021-02-07 13:18:56 us=824874   max_routes_per_client = 256
2021-02-07 13:18:56 us=824874   auth_user_pass_verify_script = '[UNDEF]'
2021-02-07 13:18:56 us=824874   auth_user_pass_verify_script_via_file = DISABLED
2021-02-07 13:18:56 us=824874   auth_token_generate = DISABLED
2021-02-07 13:18:56 us=824874   auth_token_lifetime = 0
2021-02-07 13:18:56 us=824874   auth_token_secret_file = '[UNDEF]'
2021-02-07 13:18:56 us=824874   vlan_tagging = DISABLED
2021-02-07 13:18:56 us=824874   vlan_accept = all
2021-02-07 13:18:56 us=824874   vlan_pvid = 1
2021-02-07 13:18:56 us=824874   client = ENABLED
2021-02-07 13:18:56 us=824874   pull = ENABLED
2021-02-07 13:18:56 us=824874   auth_user_pass_file = 'auth'
2021-02-07 13:18:56 us=824874   show_net_up = DISABLED
2021-02-07 13:18:56 us=824874   route_method = 3
2021-02-07 13:18:56 us=824874   block_outside_dns = DISABLED
2021-02-07 13:18:56 us=824874   ip_win32_defined = DISABLED
2021-02-07 13:18:56 us=824874   ip_win32_type = 3
2021-02-07 13:18:56 us=824874   dhcp_masq_offset = 0
2021-02-07 13:18:56 us=824874   dhcp_lease_time = 31536000
2021-02-07 13:18:56 us=824874   tap_sleep = 0
2021-02-07 13:18:56 us=824874   dhcp_options = DISABLED
2021-02-07 13:18:56 us=824874   dhcp_renew = DISABLED
2021-02-07 13:18:56 us=824874   dhcp_pre_release = DISABLED
2021-02-07 13:18:56 us=824874   domain = '[UNDEF]'
2021-02-07 13:18:56 us=824874   netbios_scope = '[UNDEF]'
2021-02-07 13:18:56 us=824874   netbios_node_type = 0
2021-02-07 13:18:56 us=824874   disable_nbt = DISABLED
2021-02-07 13:18:56 us=824874 OpenVPN 2.5.0 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Oct 28 2020
2021-02-07 13:18:56 us=824874 Windows version 10.0 (Windows 10 or greater) 64bit
2021-02-07 13:18:56 us=824874 library versions: OpenSSL 1.1.1h  22 Sep 2020, LZO 2.10
Enter Management Password:
2021-02-07 13:18:56 us=825874 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
2021-02-07 13:18:56 us=825874 Need hold release from management interface, waiting...
2021-02-07 13:18:57 us=321986 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
2021-02-07 13:18:57 us=433009 MANAGEMENT: CMD 'state on'
2021-02-07 13:18:57 us=433009 MANAGEMENT: CMD 'log all on'
2021-02-07 13:18:57 us=709072 MANAGEMENT: CMD 'echo all on'
2021-02-07 13:18:57 us=712072 MANAGEMENT: CMD 'bytecount 5'
2021-02-07 13:18:57 us=714073 MANAGEMENT: CMD 'hold off'
2021-02-07 13:18:57 us=717073 MANAGEMENT: CMD 'hold release'
2021-02-07 13:18:57 us=724075 CRL: loaded 1 CRLs from file -----BEGIN X509 CRL-----
<REMOVED>
-----END X509 CRL-----

2021-02-07 13:18:57 us=724075 Control Channel MTU parms [ L:1622 D:1212 EF:38 EB:0 ET:0 EL:3 ]
2021-02-07 13:18:57 us=724075 MANAGEMENT: >STATE:1612729137,RESOLVE,,,,,,
2021-02-07 13:18:57 us=770086 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 ]
2021-02-07 13:18:57 us=770086 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-128-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
2021-02-07 13:18:57 us=770086 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-128-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
2021-02-07 13:18:57 us=770086 TCP/UDP: Preserving recently used remote address: [AF_INET]x.x.x.x
2021-02-07 13:18:57 us=770086 Socket Buffers: R=[65536->65536] S=[65536->65536]
2021-02-07 13:18:57 us=770086 UDP link local: (not bound)
2021-02-07 13:18:57 us=770086 UDP link remote: [AF_INET]x.x.x.x
2021-02-07 13:18:57 us=770086 MANAGEMENT: >STATE:1612729137,WAIT,,,,,,
2021-02-07 13:18:57 us=810094 MANAGEMENT: >STATE:1612729137,AUTH,,,,,,
2021-02-07 13:18:57 us=810094 TLS: Initial packet from [AF_INET]x.x.x.x, sid=61d904c2 9f26a0c6
2021-02-07 13:18:57 us=853104 VERIFY KU OK
2021-02-07 13:18:57 us=853104 Validating certificate extended key usage
2021-02-07 13:18:57 us=853104 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2021-02-07 13:18:57 us=853104 VERIFY EKU OK
2021-02-07 13:18:57 us=853104 VERIFY OK: depth=0, C=US, ST=CA, L=LosAngeles, O=Private Internet Access, OU=Private Internet Access, CN=phoenix410, name=phoenix410
2021-02-07 13:18:57 us=928121 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 2048 bit RSA
2021-02-07 13:18:57 us=928121 [phoenix410] Peer Connection Initiated with [AF_INET]x.x.x.x
2021-02-07 13:18:59 us=83379 MANAGEMENT: >STATE:1612729139,GET_CONFIG,,,,,,
2021-02-07 13:18:59 us=83379 SENT CONTROL [phoenix410]: 'PUSH_REQUEST' (status=1)
2021-02-07 13:18:59 us=122388 PUSH: Received control message: 'PUSH_REPLY,comp-lzo no,redirect-gateway def1,route-ipv6 2000::/3,dhcp-option DNS x.x.x.x,route-gateway x.x.x.x,topology subnet,ping 10,ping-restart 60,ifconfig x.x.x.x 255.255.255.0,peer-id 2,cipher AES-128-GCM'
2021-02-07 13:18:59 us=123389 OPTIONS IMPORT: timers and/or timeouts modified
2021-02-07 13:18:59 us=123389 OPTIONS IMPORT: compression parms modified
2021-02-07 13:18:59 us=123389 OPTIONS IMPORT: --ifconfig/up options modified
2021-02-07 13:18:59 us=123389 OPTIONS IMPORT: route options modified
2021-02-07 13:18:59 us=123389 OPTIONS IMPORT: route-related options modified
2021-02-07 13:18:59 us=123389 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2021-02-07 13:18:59 us=123389 OPTIONS IMPORT: peer-id set
2021-02-07 13:18:59 us=123389 OPTIONS IMPORT: adjusting link_mtu to 1625
2021-02-07 13:18:59 us=123389 OPTIONS IMPORT: data channel crypto options modified
2021-02-07 13:18:59 us=123389 Data Channel: using negotiated cipher 'AES-128-GCM'
2021-02-07 13:18:59 us=123389 Data Channel MTU parms [ L:1553 D:1450 EF:53 EB:406 ET:0 EL:3 ]
2021-02-07 13:18:59 us=123389 Outgoing Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
2021-02-07 13:18:59 us=123389 Incoming Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
2021-02-07 13:18:59 us=123389 interactive service msg_channel=784
2021-02-07 13:18:59 us=124389 ROUTE_GATEWAY 192.168.0.1/255.255.255.0 I=10 HWADDR=24:4b:fe:95:37:ea
2021-02-07 13:18:59 us=130390 GDG6: remote_host_ipv6=n/a
2021-02-07 13:18:59 us=131391 NOTE: GetBestInterfaceEx returned error: Element not found.   (code=1168)
2021-02-07 13:18:59 us=131391 ROUTE6: default_gateway=UNDEF
2021-02-07 13:18:59 us=131391 open_tun
2021-02-07 13:18:59 us=133391 tap-windows6 device [OpenVPN TAP-Windows6] opened
2021-02-07 13:18:59 us=133391 TAP-Windows Driver Version 9.24 
2021-02-07 13:18:59 us=133391 TAP-Windows MTU=1500
2021-02-07 13:18:59 us=134392 Set TAP-Windows TUN subnet mode network/local/netmask = x.x.x.x/x.x.x.x/255.255.255.0 [SUCCEEDED]
2021-02-07 13:18:59 us=134392 Notified TAP-Windows driver to set a DHCP IP/netmask of x.x.x.x/255.255.255.0 on interface {2118E2D1-D821-47AF-A8DD-94D9D7493EE5} [DHCP-serv: x.x.x.x, lease-time: 31536000]
2021-02-07 13:18:59 us=134392 DHCP option string: 06040a00 00f3
2021-02-07 13:18:59 us=135392 Successful ARP Flush on interface [36] {2118E2D1-D821-47AF-A8DD-94D9D7493EE5}
2021-02-07 13:18:59 us=138392 do_ifconfig, ipv4=1, ipv6=0
2021-02-07 13:18:59 us=138392 MANAGEMENT: >STATE:1612729139,ASSIGN_IP,,x.x.x.x,,,,
2021-02-07 13:18:59 us=138392 IPv4 MTU set to 1500 on interface 36 using service
2021-02-07 13:19:04 us=889682 TEST ROUTES: 1/1 succeeded len=0 ret=1 a=0 u/d=up
2021-02-07 13:19:04 us=889682 C:\WINDOWS\system32\route.exe ADD x.x.x.x MASK 255.255.255.255 192.168.0.1
2021-02-07 13:19:04 us=890683 Route addition via service succeeded
2021-02-07 13:19:04 us=890683 C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 x.x.x.x
2021-02-07 13:19:04 us=891683 Route addition via service succeeded
2021-02-07 13:19:04 us=891683 C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 x.x.x.x
2021-02-07 13:19:04 us=893683 Route addition via service succeeded
2021-02-07 13:19:04 us=893683 WARNING: OpenVPN was configured to add an IPv6 route. However, no IPv6 has been configured for OpenVPN TAP-Windows6, therefore the route installation may fail or may not work as expected.
2021-02-07 13:19:04 us=893683 add_route_ipv6(2000::/3 -> :: metric -1) dev OpenVPN TAP-Windows6
2021-02-07 13:19:04 us=893683 IPv6 route addition via service succeeded
2021-02-07 13:19:04 us=893683 Initialization Sequence Completed
2021-02-07 13:19:04 us=893683 MANAGEMENT: >STATE:1612729144,CONNECTED,SUCCESS,x.x.x.x,x.x.x.x,1198,,
That's all my diagnostic info. What is the best way to accomplish what I'm trying to do? Just to reiterate and be clear I'm trying to do the following:

1. When I connect to the VPN, Windows continues to use the normal default ISP internet connection. However I still want the VPN connection to have it's routes created so that I can use something like ForceBindIP to force individual applications to use the VPN Adapter connection. Also there are some programs out there like QBittorrent that allow you to specify with adapter you want it to use.

I used to be able to accomplish this by setting some specific routes using Windows ROUTE command using up/down scripts. But this doesn't seem to be working with the latest OpenVPN GUI. It doesn't appear that the ifconfig_remote variable is being passed to up/down scripts but I'm not sure. Maybe there is a better way to do it by setting route(s) directly in the config.ovpn?

I think this is split tunneling or some form of it (?). Thank you for the help. I really appreciate it.
Last edited by Pippin on Mon Feb 08, 2021 11:57 am, edited 1 time in total.
Reason: Formatting

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: up/down scripts on Win client and ipconfig_remote var

Post by TinCanTech » Mon Feb 08, 2021 5:42 pm

Your VPN is working as it should.

These are the env vars:
https://community.openvpn.net/openvpn/w ... nPage#lbAV

If the GUI does not allow you to do what you want then try without the GUI.

Jakobud
OpenVpn Newbie
Posts: 12
Joined: Sat Feb 06, 2021 10:46 pm

Re: up/down scripts on Win client and ipconfig_remote var

Post by Jakobud » Mon Feb 08, 2021 6:29 pm

Yes I know the VPN works fine. I'm trying to do this split tunneling thing though and it's not clear how to. That's what I'm asking for help on.

Thanks for the link to the environment variables. I have already looked through this and it appears that ifconfig_remote should be passed to up/down scripts but I can't seem to get it to work.

Do you have an example of passing ifconfig_remote to an external .bat script in Windows via up/down?

Also yes I tried doing the same thing with the command line, passing my config file in. Same result.

Jakobud
OpenVpn Newbie
Posts: 12
Joined: Sat Feb 06, 2021 10:46 pm

Re: up/down scripts on Win client and ipconfig_remote var

Post by Jakobud » Mon Feb 08, 2021 6:32 pm

Hmmm I also just came across this:

https://community.openvpn.net/openvpn/ticket/1047

So is this a bug that ifconfig_remote is not being passed to up/down scripts?

Is there a way to accomplish what I'm trying to do with just the route command in the config? Should this work?

Code: Select all

route 0.0.0.0 0.0.0.0 ifconfig_remote

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: up/down scripts on Win client and ipconfig_remote var

Post by TinCanTech » Mon Feb 08, 2021 7:23 pm

Jakobud wrote:
Mon Feb 08, 2021 6:32 pm
Hmmm I also just came across this:

https://community.openvpn.net/openvpn/ticket/1047
Yes. That is the problem
Jakobud wrote:
Mon Feb 08, 2021 6:32 pm
So is this a bug that ifconfig_remote is not being passed to up/down scripts?
Not a bug, just badly documented.
Jakobud wrote:
Mon Feb 08, 2021 6:32 pm
Is there a way to accomplish what I'm trying to do with just the route command in the config? Should this work?

Code: Select all

route 0.0.0.0 0.0.0.0 ifconfig_remote
No.

Instead of ifconfig_remote use route_vpn_gateway

Jakobud
OpenVpn Newbie
Posts: 12
Joined: Sat Feb 06, 2021 10:46 pm

Re: up/down scripts on Win client and ipconfig_remote var

Post by Jakobud » Mon Feb 08, 2021 7:30 pm

Ah okay thanks. So I tried this in my config:

Code: Select all

route 0.0.0.0 0.0.0.0 route_vpn_gateway
and I'm getting this error in the log:

Code: Select all

2021-02-08 12:29:33 us=457960 OpenVPN ROUTE: failed to parse/resolve route for host/network: 0.0.0.0

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: up/down scripts on Win client and ipconfig_remote var

Post by TinCanTech » Mon Feb 08, 2021 8:03 pm

Jakobud wrote:
Sat Feb 06, 2021 11:57 pm
Back in Windows 7, I used the OpenVPN GUI to setup my connection so that when I connect to the VPN I would get some form of split tunneling using up/down scripts:

Code: Select all

...
script-security 2
up up.bat
down down.bat
...
up.bat:

Code: Select all

ROUTE ADD 0.0.0.0 MASK 0.0.0.0 %ifconfig_remote%
down.bat

Code: Select all

ROUTE DELETE 0.0.0.0 MASK 0.0.0.0 %ifconfig_remote%
This seemed to always work great. It would ensure my normal internet traffic would continue to go through my ISP. But my VPN adapter was connected to a VPN and I could use something like ForceBindIP.exe to force individual applications to use the VPN.
I am not convinced it worked as you think it did. The route you are adding is superseded by "redirect-gateway def1"

Jakobud
OpenVpn Newbie
Posts: 12
Joined: Sat Feb 06, 2021 10:46 pm

Re: up/down scripts on Win client and ipconfig_remote var

Post by Jakobud » Mon Feb 08, 2021 10:00 pm

Perhaps I was mistaken on that setup. I'm not sure. I just followed instructions from somewhere on that setup but don't really understand what that route actually did.

Anyways, I did read about redirect-gateway def1. I added that to my configuration and it still appears that all my internet traffic still gets routed through the VPN connection. Would it be helpful if I posted logs of that?

Thank you again for your help,

Jakobud
OpenVpn Newbie
Posts: 12
Joined: Sat Feb 06, 2021 10:46 pm

Re: up/down scripts on Win client and ipconfig_remote var

Post by Jakobud » Mon Feb 08, 2021 10:14 pm

So when I add redirect-gateway def1 to my config I see this in my log:

Code: Select all

2021-02-08 15:09:52 us=834841 PUSH: Received control message: 'PUSH_REPLY,comp-lzo no,redirect-gateway def1,route-ipv6 2000::/3,dhcp-option DNS X.X.X.X,route-gateway X.X.X.X,topology subnet,ping 10,ping-restart 60,ifconfig X.X.X.X 255.255.255.0,peer-id 1,cipher AES-128-GCM'
2021-02-08 15:09:52 us=834841 WARNING: You have specified redirect-gateway and redirect-private at the same time (or the same option multiple times). This is not well supported and may lead to unexpected results
I don't see any sort of redirect-private in my config though.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: up/down scripts on Win client and ipconfig_remote var

Post by TinCanTech » Mon Feb 08, 2021 10:15 pm

Jakobud wrote:
Mon Feb 08, 2021 10:00 pm
I did read about redirect-gateway def1. I added that to my configuration and it still appears that all my internet traffic still gets routed through the VPN connection
That is exactly what it is supposed to do.

If you don't want to do that trhe add this to your client config:

Code: Select all

pull-filter ignore "redirect-gateway"
Then your traffic will not go via the VPN. Unfortunately, none of your data will pass over the VPN.

Jakobud
OpenVpn Newbie
Posts: 12
Joined: Sat Feb 06, 2021 10:46 pm

Re: up/down scripts on Win client and ipconfig_remote var

Post by Jakobud » Mon Feb 08, 2021 10:17 pm

Also looking more closely at the logs I see the following routes being added

Code: Select all

2021-02-08 15:09:57 us=327848 C:\WINDOWS\system32\route.exe ADD X.X.X.X MASK 255.255.255.255 192.168.0.1
2021-02-08 15:09:57 us=328849 Route addition via service succeeded
2021-02-08 15:09:57 us=328849 C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 X.X.X.X
2021-02-08 15:09:57 us=330850 Route addition via service succeeded
2021-02-08 15:09:57 us=330850 C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 X.X.X.X
2021-02-08 15:09:57 us=331850 Route addition via service succeeded
So in order to keep the VPN connection from taking over my default route could I just use route-noexec? Then I would need to manually add routes to make the VPN connection still have routes but just not routes that are default that take over all internet traffic. Does that sound correct? What are each of these routes doing exactly?

Jakobud
OpenVpn Newbie
Posts: 12
Joined: Sat Feb 06, 2021 10:46 pm

Re: up/down scripts on Win client and ipconfig_remote var

Post by Jakobud » Mon Feb 08, 2021 10:22 pm

Okay okay I think we are getting somewhere. I think I understand this a bit better. So I used the pull-filter so when the VPN makes the connection, no routes are created. Okay perfect so far.

So now, the VPN doesn't work. Like no traffic can go through it because there are no routes for it obviously. How do I make the necessary routes for it to be functional without making it the default gateway?

thank you!

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: up/down scripts on Win client and ipconfig_remote var

Post by TinCanTech » Mon Feb 08, 2021 10:24 pm

I'll just cut to the chase ..

Windblows cannot do what you want it to do.

You need advanced policy routing, which no version of Windows does.

Jakobud
OpenVpn Newbie
Posts: 12
Joined: Sat Feb 06, 2021 10:46 pm

Re: up/down scripts on Win client and ipconfig_remote var

Post by Jakobud » Mon Feb 08, 2021 10:38 pm

Hmmm okay. I know Windows is limited but it's what I'm using at the moment.

So just to learn a bit more about this, what is the difference between ifconfig_remote, ifconfig_local and route_vpn_gateway. So if I connect to a VPN server, and my VPN connection is assigned 15.34.45.183 with a gateway of 15.34.45.1, is 15.34.45.183 my ifconfig_local and 15.34.45.1 my route_vpn_gateway? If so, what is the ifconfig_remote? or so I have it switched around?

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: up/down scripts on Win client and ipconfig_remote var

Post by TinCanTech » Mon Feb 08, 2021 10:50 pm

Jakobud wrote:
Mon Feb 08, 2021 10:38 pm
I know Windows is limited but it's what I'm using at the moment
Microsoft have public document which states absolutely that Windows does not do policy routing and why.
Jakobud wrote:
Mon Feb 08, 2021 10:38 pm
So just to learn a bit more about this
All your questions are answered in the page I linked above.

The trac ticket you found explains exactly why you cannot use ifconfig_remote.

In a nut-shell .. no matter what you believe, this has never worked the way you thought it did.

Jakobud
OpenVpn Newbie
Posts: 12
Joined: Sat Feb 06, 2021 10:46 pm

Re: up/down scripts on Win client and ipconfig_remote var

Post by Jakobud » Mon Feb 08, 2021 10:56 pm

Okay thanks.

So you are saying that when a Windows computer connects to a VPN the only way anything is going to work is if the VPN connection becomes the primary tunnel? It's all or nothing?

If I was to switch over to using Ubuntu how would I accomplish this routing?

And yeah, I don't really understand what the different variables mean exactly from the doc's. Some sort of example would sure be helpful. For example the doc's say:
ifconfig_remote - The remote VPN endpoint IP address specified in the –ifconfig option (second parameter) when –dev tun is used.
Yeah.... so.. Does this mean it's the IP address of the VPN server I am connecting to?

Post Reply