Wrong routing using OpenVPN connect - correct through OpenVPN community edition
Posted: Wed Mar 31, 2021 6:27 am
Hi -
I have downloaded first the OpenVPN Connect client
https://openvpn.net/downloads/openvpn-c ... indows.msi
And used this to connect to an OpenVPN server. The connection is established and the tun interface created.
The route table also has the correct entry and gateway.
Nevertheless, if I try to ping the other side the routing does go through my regular interface (I verified using tracert).
If I use the community edition everything works fine
https://swupdate.openvpn.org/community/ ... -amd64.msi
Why is there a different behavior? I would like to be able to use OpenVPN connect as well.
Thanks
Christian
Here is the *.opvn file
client
dev tun
proto udp
remote eu-west-1.openvpn.emnify.net 1194
resolv-retry infinite
nobind
explicit-exit-notify 3
keepalive 1 5
user root
group nogroup
;persist-key
;persist-tun
ns-cert-type server
verb 3
;auth-nocache
auth-user-pass C:\Program Files\OpenVPN\config\credentials.txt
auth-retry nointeract
<ca>
-----BEGIN CERTIFICATE-----
....
-----END CERTIFICATE-----
</ca>
<cert>
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=de, ST=Bavaria, L=Wuerzburg, O=EMnify, OU=EMnify Operations, CN=openvpn.emnify.net/name=EMnify/emailAddress=support@emnify.com
Validity
Not Before: Jun 27 18:24:21 2016 GMT
Not After : Jun 25 18:24:21 2026 GMT
Subject: C=de, ST=Bavaria, L=Wuerzburg, O=EMnify, OU=EMnify Operations, CN=client/name=EMnify/emailAddress=support@emnify.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:cc:cf:bf:43:9b:c2:8e:bf:cf:9a:69:f0:91:42:
cf:e2:a7:25:04:24:2d:51:c6:e9:2e:62:2d:d4:c6:
d5:1a:aa:23:f2:f0:26:47:8e:c7:39:af:e0:ff:d6:
d7:5b:33:f9:8f:74:e1:ef:27:d2:32:b7:a7:33
f7:f3:df:e4:2e:c4:97:87:69:fb:c0:bd:96:1a:0c:
b7:39:6a:bf:b4:c7:aa:c2:99:ad:2c:96:92:69:cf:
2c:d0:7d:1b:40:7b:dd:40:71:9a:28:15:78:86:0e:
4a:f6:a4:95:51:f5:ef:b4:a6:61:ac:6f:54:14:b7:
87:f8:77:5a:50:67:37:8c:81:5c:e7:d2:ef:f5:57:
4d:fd:44:27:b6:d8:91:59:1b:02:e8:18:b3:e9:34:
f5:53:b8:5d:9e:5e:1f:08:9b:1b:0a:8d:cf:ec:81:
c3:cc:eb:d7:f5:c1:0e:b3:74:41:e4:0f:f6:56:53:
20:b5:e5:93:f1:47:b5:ec:91:39:32:36:7d:e3:54:
1d:46:ef:2f:3b:7c:d0:0b:4d:73:65:51:36:82:4d:
f2:4c:71:f4:ad:61:d2:8d:4e:4d:56:07:37:9a:eb:
5d:78:ae:6f:b3:7e:6a:c9:11:98:15:83:19:73:b3:
27c3:12:99:86:e4:6b:92:fd:ff:2d:00:6f:00:
6e:27
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
Easy-RSA Generated Certificate
X509v3 Subject Key Identifier:
3A:61:76:B2:7B:B0:29:6A:AC:82:95:5D:61:56:E4:40:A3:0B:FC:CA
X509v3 Authority Key Identifier:
keyid:FB:E8:15:06:72:47:20:F4:17:8F:78:E9:A2:18:A5:D6:2A:26:01:E2
DirName:/C=de/ST=Bavaria/L=Wuerzburg/O=EMnify/OU=EMnify Operations/CN=openvpn.emnify.net/name=EMnify/emailAddress=support@emnify.com
serial:A1:8C:49:99:E2:73:62:29
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
X509v3 Subject Alternative Name:
DNS:client
Signature Algorithm: sha256WithRSAEncryption
6f:24:a5:2b:83:2b:4f:12fe:96:9d:dd:56:93:90:e3:92:
67:68:86:af:c1:2e:ed:31:44:6d:1b:11:d0:c1:3a:19:48:ee:
ce:f8:77:b3:61:26:20:20:20:9d:c0:44:b3:49:1f:4b:b0:78:
37:df:3c:0d:b9:5a99:45:1f:8f:2f:431b:3e:b6:9a:
71:91:a3:f0:67:8f:21:38:6b:48:e0:d4:99:91:59:97:4e:5f:
07:58:a3:3d:94:83:aa:ee:17:c5:af:88:26:7a:3a:7d:2b:37:
6a:b8:a8:3d:06:4a:90:a3:3a:8b:66:1f:df:18:78:d2:d9:3b:
75:d8:e2:99:c6:75:34:d7:8a:24:ec:4a:8a:b3:71:73:5f:bf:
2e:0e:aa:6e:b9:ed:1a:6e:ada5:0d:4f:06:30:c9:f0:d6:
b6:af:91:d9:00:53:b7:69:a4:e9:e8:ef:cf:18:77:85:2b:2c:
89:64:a5:a8:1c:5d:96:7c:ec:bf:5d:8f:1a:28:fb:2f:75:75:
f9:2e:72:b9:5a:61:53:8d:8c:b8:a4:e7:46:49:15:65:b4:b2:
c1:b6:85:77:f1:aa:15:2f:2e:67:84bb7e:f1:be:dd:
f9:e5:c6:c8cd:a416:0a:88:fc:64:fa:a5:46:8e:4b:
a5:84:33:2b
-----BEGIN CERTIFICATE-----
.....
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
...
-----END PRIVATE KEY-----
</key>
I have downloaded first the OpenVPN Connect client
https://openvpn.net/downloads/openvpn-c ... indows.msi
And used this to connect to an OpenVPN server. The connection is established and the tun interface created.
The route table also has the correct entry and gateway.
Nevertheless, if I try to ping the other side the routing does go through my regular interface (I verified using tracert).
If I use the community edition everything works fine
https://swupdate.openvpn.org/community/ ... -amd64.msi
Why is there a different behavior? I would like to be able to use OpenVPN connect as well.
Thanks
Christian
Here is the *.opvn file
client
dev tun
proto udp
remote eu-west-1.openvpn.emnify.net 1194
resolv-retry infinite
nobind
explicit-exit-notify 3
keepalive 1 5
user root
group nogroup
;persist-key
;persist-tun
ns-cert-type server
verb 3
;auth-nocache
auth-user-pass C:\Program Files\OpenVPN\config\credentials.txt
auth-retry nointeract
<ca>
-----BEGIN CERTIFICATE-----
....
-----END CERTIFICATE-----
</ca>
<cert>
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=de, ST=Bavaria, L=Wuerzburg, O=EMnify, OU=EMnify Operations, CN=openvpn.emnify.net/name=EMnify/emailAddress=support@emnify.com
Validity
Not Before: Jun 27 18:24:21 2016 GMT
Not After : Jun 25 18:24:21 2026 GMT
Subject: C=de, ST=Bavaria, L=Wuerzburg, O=EMnify, OU=EMnify Operations, CN=client/name=EMnify/emailAddress=support@emnify.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:cc:cf:bf:43:9b:c2:8e:bf:cf:9a:69:f0:91:42:
cf:e2:a7:25:04:24:2d:51:c6:e9:2e:62:2d:d4:c6:
d5:1a:aa:23:f2:f0:26:47:8e:c7:39:af:e0:ff:d6:
d7:5b:33:f9:8f:74:e1:ef:27:d2:32:b7:a7:33
f7:f3:df:e4:2e:c4:97:87:69:fb:c0:bd:96:1a:0c:
b7:39:6a:bf:b4:c7:aa:c2:99:ad:2c:96:92:69:cf:
2c:d0:7d:1b:40:7b:dd:40:71:9a:28:15:78:86:0e:
4a:f6:a4:95:51:f5:ef:b4:a6:61:ac:6f:54:14:b7:
87:f8:77:5a:50:67:37:8c:81:5c:e7:d2:ef:f5:57:
4d:fd:44:27:b6:d8:91:59:1b:02:e8:18:b3:e9:34:
f5:53:b8:5d:9e:5e:1f:08:9b:1b:0a:8d:cf:ec:81:
c3:cc:eb:d7:f5:c1:0e:b3:74:41:e4:0f:f6:56:53:
20:b5:e5:93:f1:47:b5:ec:91:39:32:36:7d:e3:54:
1d:46:ef:2f:3b:7c:d0:0b:4d:73:65:51:36:82:4d:
f2:4c:71:f4:ad:61:d2:8d:4e:4d:56:07:37:9a:eb:
5d:78:ae:6f:b3:7e:6a:c9:11:98:15:83:19:73:b3:
27c3:12:99:86:e4:6b:92:fd:ff:2d:00:6f:00:
6e:27
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
Easy-RSA Generated Certificate
X509v3 Subject Key Identifier:
3A:61:76:B2:7B:B0:29:6A:AC:82:95:5D:61:56:E4:40:A3:0B:FC:CA
X509v3 Authority Key Identifier:
keyid:FB:E8:15:06:72:47:20:F4:17:8F:78:E9:A2:18:A5:D6:2A:26:01:E2
DirName:/C=de/ST=Bavaria/L=Wuerzburg/O=EMnify/OU=EMnify Operations/CN=openvpn.emnify.net/name=EMnify/emailAddress=support@emnify.com
serial:A1:8C:49:99:E2:73:62:29
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
X509v3 Subject Alternative Name:
DNS:client
Signature Algorithm: sha256WithRSAEncryption
6f:24:a5:2b:83:2b:4f:12fe:96:9d:dd:56:93:90:e3:92:
67:68:86:af:c1:2e:ed:31:44:6d:1b:11:d0:c1:3a:19:48:ee:
ce:f8:77:b3:61:26:20:20:20:9d:c0:44:b3:49:1f:4b:b0:78:
37:df:3c:0d:b9:5a99:45:1f:8f:2f:431b:3e:b6:9a:
71:91:a3:f0:67:8f:21:38:6b:48:e0:d4:99:91:59:97:4e:5f:
07:58:a3:3d:94:83:aa:ee:17:c5:af:88:26:7a:3a:7d:2b:37:
6a:b8:a8:3d:06:4a:90:a3:3a:8b:66:1f:df:18:78:d2:d9:3b:
75:d8:e2:99:c6:75:34:d7:8a:24:ec:4a:8a:b3:71:73:5f:bf:
2e:0e:aa:6e:b9:ed:1a:6e:ada5:0d:4f:06:30:c9:f0:d6:
b6:af:91:d9:00:53:b7:69:a4:e9:e8:ef:cf:18:77:85:2b:2c:
89:64:a5:a8:1c:5d:96:7c:ec:bf:5d:8f:1a:28:fb:2f:75:75:
f9:2e:72:b9:5a:61:53:8d:8c:b8:a4:e7:46:49:15:65:b4:b2:
c1:b6:85:77:f1:aa:15:2f:2e:67:84bb7e:f1:be:dd:
f9:e5:c6:c8cd:a416:0a:88:fc:64:fa:a5:46:8e:4b:
a5:84:33:2b
-----BEGIN CERTIFICATE-----
.....
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
...
-----END PRIVATE KEY-----
</key>