Can someone help me read my OpenVPN log?????

Business solution to host your own OpenVPN server with web management interface and bundled clients.
Post Reply
Porsche 914-6
OpenVpn Newbie
Posts: 5
Joined: Fri Apr 27, 2018 2:52 am

Can someone help me read my OpenVPN log?????

Post by Porsche 914-6 » Sat Jun 30, 2018 5:22 pm

I am a ignornat about OpenVPN beyong how to use it!
Can someone help me read my OpenVPN log?

Just upgraded fimrware (latest version for R7000 incorpoating the OpenVPN fix) from NG and installed latest OpenVPN client. Seems to work fine. I don't know how to interpret the log. Of concern are lines with >>>>>>>>>>> marked. Despite the first >>>>>>>>> I am able to connect successfully. What does it all mean? For the second >>>>>>>> what does that mean? How to fix any of this?

Note: This is not the entire log. I did not include the begging part as didn't feel it was of concern. Also REDACTED replaces sensitive information. Thanks in advance!

>>>>>>>>>Thu Jun 28 07:02:16 2018 us=881345 OpenVPN ROUTE: OpenVPN needs a gateway parameter for a --route option and no default was specified by either --route-gateway or --ifconfig options
Thu Jun 28 07:02:16 2018 us=881345 OpenVPN ROUTE: failed to parse/resolve route for host/network: 192.168.1.0
Thu Jun 28 07:02:16 2018 us=882345 open_tun
Thu Jun 28 07:02:16 2018 us=887346 TAP-WIN32 device [NETGEAR-VPN] opened: \\.\Global\{REDACTED}.tap
Thu Jun 28 07:02:16 2018 us=888346 TAP-Windows Driver Version 9.21
Thu Jun 28 07:02:16 2018 us=888346 TAP-Windows MTU=1500
Thu Jun 28 07:02:16 2018 us=889346 Successful ARP Flush on interface [53] {REDACTED}
Thu Jun 28 07:02:17 2018 us=423376 Extracted DHCP router address: 192.168.1.1
Thu Jun 28 07:02:21 2018 us=82586 TEST ROUTES: 1/1 succeeded len=0 ret=1 a=0 u/d=up
Thu Jun 28 07:02:21 2018 us=82586 C:\Windows\system32\route.exe ADD REDACTEDMASK 255.255.255.255 REDACTED
Thu Jun 28 07:02:21 2018 us=94586 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=25 and dwForwardType=4
Thu Jun 28 07:02:21 2018 us=94586 Route addition via IPAPI succeeded [adaptive]
Thu Jun 28 07:02:21 2018 us=94586 C:\Windows\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 192.168.1.1
Thu Jun 28 07:02:21 2018 us=105587 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
Thu Jun 28 07:02:21 2018 us=105587 Route addition via IPAPI succeeded [adaptive]
Thu Jun 28 07:02:21 2018 us=105587 C:\Windows\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 192.168.1.1
Thu Jun 28 07:02:21 2018 us=116588 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
Thu Jun 28 07:02:21 2018 us=116588 Route addition via IPAPI succeeded [adaptive]
>>>>>>>>>>>Thu Jun 28 07:02:21 2018 us=117588 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Thu Jun 28 07:02:21 2018 us=117588 Initialization Sequence Completed
Thu Jun 28 07:02:21 2018 us=117588 MANAGEMENT: >STATE:REDACTED,CONNECTED,SUCCESS,,REDACTED,,

BohdanH
OpenVpn Newbie
Posts: 2
Joined: Thu Jul 05, 2018 9:02 am

Re: Can someone help me read my OpenVPN log?????

Post by BohdanH » Thu Jul 05, 2018 10:56 am

This message means that the OpenVPN was launched without specifying the needed parameter for the gateway, you need to include either one of the theese:

1) --route network/IP [netmask] [gateway] [metric]
Add route to routing table after connection is established. Multiple routes can be specified. Routes will be automatically torn down in reverse order prior to TUN/TAP device close.
This option is intended as a convenience proxy for the route(8) shell command, while at the same time providing portable semantics across OpenVPN's platform space.

netmask default -- 255.255.255.255

gateway default -- taken from --route-gateway or the second parameter to --ifconfig when --dev tun is specified.

metric default -- taken from --route-metric otherwise 0.

The default can be specified by leaving an option blank or setting it to "default".

The network and gateway parameters can also be specified as a DNS or /etc/hosts file resolvable name, or as one of three special keywords:

vpn_gateway -- The remote VPN endpoint address (derived either from --route-gateway or the second parameter to --ifconfig when --dev tun is specified).

net_gateway -- The pre-existing IP default gateway, read from the routing table (not supported on all OSes).

remote_host -- The --remote address if OpenVPN is being run in client mode, and is undefined in server mode.


2) --route-gateway gw|'dhcp'
Specify a default gateway gw for use with --route.
If dhcp is specified as the parameter, the gateway address will be extracted from a DHCP negotiation with the OpenVPN server-side LAN.


3) --ifconfig l rn
Set TUN/TAP adapter parameters. l is the IP address of the local VPN endpoint. For TUN devices in point-to-point mode, rn is the IP address of the remote VPN endpoint. For TAP devices, or TUN devices used with --topology subnet, rn is the subnet mask of the virtual network segment which is being created or connected to.
For TUN devices, which facilitate virtual point-to-point IP connections (when used in --topology net30 or p2p mode), the proper usage of --ifconfig is to use two private IP addresses which are not a member of any existing subnet which is in use. The IP addresses may be consecutive and should have their order reversed on the remote peer. After the VPN is established, by pinging rn, you will be pinging across the VPN.

For TAP devices, which provide the ability to create virtual ethernet segments, or TUN devices in --topology subnet mode (which create virtual "multipoint networks"), --ifconfig is used to set an IP address and subnet mask just as a physical ethernet adapter would be similarly configured. If you are attempting to connect to a remote ethernet bridge, the IP address and subnet should be set to values which would be valid on the the bridged ethernet segment (note also that DHCP can be used for the same purpose).

This option, while primarily a proxy for the ifconfig(8) command, is designed to simplify TUN/TAP tunnel configuration by providing a standard interface to the different ifconfig implementations on different platforms.

--ifconfig parameters which are IP addresses can also be specified as a DNS or /etc/hosts file resolvable name.

For TAP devices, --ifconfig should not be used if the TAP interface will be getting an IP address lease from a DHCP server.


You can read here about the all of the configuration options: https://community.openvpn.net/openvpn/w ... n24ManPage

I suggest you to also take a look there at the Example 3: A tunnel with full TLS-based security for the reference.

Post Reply