Wrong routing using OpenVPN connect - correct through OpenVPN community edition

Official client software for OpenVPN Access Server and OpenVPN Cloud.
Post Reply
ChristianHenke
OpenVpn Newbie
Posts: 1
Joined: Wed Mar 31, 2021 6:17 am

Wrong routing using OpenVPN connect - correct through OpenVPN community edition

Post by ChristianHenke » Wed Mar 31, 2021 6:27 am

Hi -

I have downloaded first the OpenVPN Connect client
https://openvpn.net/downloads/openvpn-c ... indows.msi

And used this to connect to an OpenVPN server. The connection is established and the tun interface created.
The route table also has the correct entry and gateway.
Nevertheless, if I try to ping the other side the routing does go through my regular interface (I verified using tracert).

If I use the community edition everything works fine
https://swupdate.openvpn.org/community/ ... -amd64.msi

Why is there a different behavior? I would like to be able to use OpenVPN connect as well.

Thanks
Christian

Here is the *.opvn file

client
dev tun
proto udp
remote eu-west-1.openvpn.emnify.net 1194
resolv-retry infinite
nobind
explicit-exit-notify 3
keepalive 1 5
user root
group nogroup
;persist-key
;persist-tun
ns-cert-type server
verb 3
;auth-nocache
auth-user-pass C:\Program Files\OpenVPN\config\credentials.txt
auth-retry nointeract
<ca>
-----BEGIN CERTIFICATE-----
....
-----END CERTIFICATE-----
</ca>

<cert>
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=de, ST=Bavaria, L=Wuerzburg, O=EMnify, OU=EMnify Operations, CN=openvpn.emnify.net/name=EMnify/emailAddress=support@emnify.com
Validity
Not Before: Jun 27 18:24:21 2016 GMT
Not After : Jun 25 18:24:21 2026 GMT
Subject: C=de, ST=Bavaria, L=Wuerzburg, O=EMnify, OU=EMnify Operations, CN=client/name=EMnify/emailAddress=support@emnify.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:cc:cf:bf:43:9b:c2:8e:bf:cf:9a:69:f0:91:42:
cf:e2:a7:25:04:24:2d:51:c6:e9:2e:62:2d:d4:c6:
d5:1a:aa:23:f2:f0:26:47:8e:c7:39:af:e0:ff:d6:
d7:5b:33:f9:8f:74:e1:ef:27:d2:32:b7:a7:33:cd:
f7:f3:df:e4:2e:c4:97:87:69:fb:c0:bd:96:1a:0c:
b7:39:6a:bf:b4:c7:aa:c2:99:ad:2c:96:92:69:cf:
2c:d0:7d:1b:40:7b:dd:40:71:9a:28:15:78:86:0e:
4a:f6:a4:95:51:f5:ef:b4:a6:61:ac:6f:54:14:b7:
87:f8:77:5a:50:67:37:8c:81:5c:e7:d2:ef:f5:57:
4d:fd:44:27:b6:d8:91:59:1b:02:e8:18:b3:e9:34:
f5:53:b8:5d:9e:5e:1f:08:9b:1b:0a:8d:cf:ec:81:
c3:cc:eb:d7:f5:c1:0e:b3:74:41:e4:0f:f6:56:53:
20:b5:e5:93:f1:47:b5:ec:91:39:32:36:7d:e3:54:
1d:46:ef:2f:3b:7c:d0:0b:4d:73:65:51:36:82:4d:
f2:4c:71:f4:ad:61:d2:8d:4e:4d:56:07:37:9a:eb:
5d:78:ae:6f:b3:7e:6a:c9:11:98:15:83:19:73:b3:
27:ab:c3:12:99:86:e4:6b:92:fd:ff:2d:00:6f:00:
6e:27
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
Easy-RSA Generated Certificate
X509v3 Subject Key Identifier:
3A:61:76:B2:7B:B0:29:6A:AC:82:95:5D:61:56:E4:40:A3:0B:FC:CA
X509v3 Authority Key Identifier:
keyid:FB:E8:15:06:72:47:20:F4:17:8F:78:E9:A2:18:A5:D6:2A:26:01:E2
DirName:/C=de/ST=Bavaria/L=Wuerzburg/O=EMnify/OU=EMnify Operations/CN=openvpn.emnify.net/name=EMnify/emailAddress=support@emnify.com
serial:A1:8C:49:99:E2:73:62:29

X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
X509v3 Subject Alternative Name:
DNS:client
Signature Algorithm: sha256WithRSAEncryption
6f:24:a5:2b:83:2b:4f:12:de:fe:96:9d:dd:56:93:90:e3:92:
67:68:86:af:c1:2e:ed:31:44:6d:1b:11:d0:c1:3a:19:48:ee:
ce:f8:77:b3:61:26:20:20:20:9d:c0:44:b3:49:1f:4b:b0:78:
37:df:3c:0d:b9:5a:ab:99:45:1f:8f:2f:43:ab:1b:3e:b6:9a:
71:91:a3:f0:67:8f:21:38:6b:48:e0:d4:99:91:59:97:4e:5f:
07:58:a3:3d:94:83:aa:ee:17:c5:af:88:26:7a:3a:7d:2b:37:
6a:b8:a8:3d:06:4a:90:a3:3a:8b:66:1f:df:18:78:d2:d9:3b:
75:d8:e2:99:c6:75:34:d7:8a:24:ec:4a:8a:b3:71:73:5f:bf:
2e:0e:aa:6e:b9:ed:1a:6e:ad:ab:a5:0d:4f:06:30:c9:f0:d6:
b6:af:91:d9:00:53:b7:69:a4:e9:e8:ef:cf:18:77:85:2b:2c:
89:64:a5:a8:1c:5d:96:7c:ec:bf:5d:8f:1a:28:fb:2f:75:75:
f9:2e:72:b9:5a:61:53:8d:8c:b8:a4:e7:46:49:15:65:b4:b2:
c1:b6:85:77:f1:aa:15:2f:2e:67:84:de:bb:cd:7e:f1:be:dd:
f9:e5:c6:c8:cd:cd:a4:cd:16:0a:88:fc:64:fa:a5:46:8e:4b:
a5:84:33:2b
-----BEGIN CERTIFICATE-----
.....
-----END CERTIFICATE-----
</cert>

<key>
-----BEGIN PRIVATE KEY-----
...
-----END PRIVATE KEY-----
</key>

User avatar
openvpn_inc
OpenVPN Inc.
Posts: 1333
Joined: Tue Feb 16, 2021 10:41 am

Re: Wrong routing using OpenVPN connect - correct through OpenVPN community edition

Post by openvpn_inc » Wed Apr 07, 2021 9:51 am

Hello,

In order to diagnose this further what we would need is the 'push reply' options list that gets sent from the server to the client, as that holds the routing instructions, and to know which version of OpenVPN open source and OpenVPN Connect v3 you're using, and routing table output in a situation where it is working, and where it is not working, and some background information on your system's networking configuration.

The reason why it might be different is because OpenVPN Connect v3 uses OpenVPN 3 core library, whereas open source OpenVPN2 is of course the OpenVPN2 library. You may have a unique situation that is somehow leading to a problem. It would be good to learn more details about this so it can be investigated and resolved. It might even be (wouldn't be the first time) that the options pushed are the problem and that it can be resolved with a simple adjustment on the server side.

I would recommend you send this information to the correct department at https://openvpn.net/support as it is likely this information we require to reproduce and diagnose this issue might contain some private information.

Kind regards,
Johan
Image OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support

Post Reply