The wireless client successfully connects to the server, but a tcpdump reveals that all outbound traffic comes from an ip 172.31.99.252 that isn't bound to any interface, and isn't configured in any file.
I am unsure how to proceed. Here are my configs and logs.
Edit:
*** Also, there are no iptables rules in place on the client.
port 1194
proto udp
dev tun
sndbuf 0
rcvbuf 0
ca ca.crt
cert server.crt
key server.key
dh dh.pem
auth SHA512
tls-auth ta.key 0
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
keepalive 10 120
cipher AES-256-CBC
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3
crl-verify crl.pem
client
dev tun
proto udp
sndbuf 0
rcvbuf 0
remote 138.68.183.251 1194
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
auth SHA512
cipher AES-256-CBC
comp-lzo
setenv opt block-outside-dns
key-direction 1
verb 3
<ca></ca>
<cert></cert>
<key></key>
<tls-auth></tls-auth>
Sun Feb 11 11:44:46 2018 Unrecognized option or missing parameter(s) in josh@inconspicuous.ovpn:15: block-outside-dns (2.3.10)
Sun Feb 11 11:44:46 2018 OpenVPN 2.3.10 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jun 22 2017
Sun Feb 11 11:44:46 2018 library versions: OpenSSL 1.0.2g 1 Mar 2016, LZO 2.08
Sun Feb 11 11:44:46 2018 Control Channel Authentication: tls-auth using INLINE static key file
Sun Feb 11 11:44:46 2018 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Sun Feb 11 11:44:46 2018 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Sun Feb 11 11:44:46 2018 Socket Buffers: R=[212992->212992] S=[212992->212992]
Sun Feb 11 11:44:46 2018 UDPv4 link local: [undef]
Sun Feb 11 11:44:46 2018 UDPv4 link remote: [AF_INET]138.68.183.251:1194
Sun Feb 11 11:44:47 2018 TLS: Initial packet from [AF_INET]138.68.183.251:1194, sid=e3210c25 c73100d8
Sun Feb 11 11:44:47 2018 VERIFY OK: depth=1, CN=ChangeMe
Sun Feb 11 11:44:47 2018 Validating certificate key usage
Sun Feb 11 11:44:47 2018 ++ Certificate has key usage 00a0, expects 00a0
Sun Feb 11 11:44:47 2018 VERIFY KU OK
Sun Feb 11 11:44:47 2018 Validating certificate extended key usage
Sun Feb 11 11:44:47 2018 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Sun Feb 11 11:44:47 2018 VERIFY EKU OK
Sun Feb 11 11:44:47 2018 VERIFY OK: depth=0, CN=server
Sun Feb 11 11:44:47 2018 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Sun Feb 11 11:44:47 2018 Data Channel Encrypt: Using 512 bit message hash 'SHA512' for HMAC authentication
Sun Feb 11 11:44:47 2018 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Sun Feb 11 11:44:47 2018 Data Channel Decrypt: Using 512 bit message hash 'SHA512' for HMAC authentication
Sun Feb 11 11:44:47 2018 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Sun Feb 11 11:44:47 2018 [server] Peer Connection Initiated with [AF_INET]138.68.183.251:1194
Sun Feb 11 11:44:50 2018 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Sun Feb 11 11:44:50 2018 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 8.8.8.8,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.8.0.4 255.255.255.0'
Sun Feb 11 11:44:50 2018 OPTIONS IMPORT: timers and/or timeouts modified
Sun Feb 11 11:44:50 2018 OPTIONS IMPORT: --ifconfig/up options modified
Sun Feb 11 11:44:50 2018 OPTIONS IMPORT: route options modified
Sun Feb 11 11:44:50 2018 OPTIONS IMPORT: route-related options modified
Sun Feb 11 11:44:50 2018 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sun Feb 11 11:44:50 2018 ROUTE_GATEWAY 192.168.0.1/255.255.255.0 IFACE=wlp8s0 HWADDR=f0:d5:bf:ad:82:d9
Sun Feb 11 11:44:50 2018 TUN/TAP device tun0 opened
Sun Feb 11 11:44:50 2018 TUN/TAP TX queue length set to 100
Sun Feb 11 11:44:50 2018 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Sun Feb 11 11:44:50 2018 /sbin/ip link set dev tun0 up mtu 1500
Sun Feb 11 11:44:50 2018 /sbin/ip addr add dev tun0 10.8.0.4/24 broadcast 10.8.0.255
Sun Feb 11 11:44:50 2018 /sbin/ip route add 138.68.183.251/32 via 192.168.0.1
Sun Feb 11 11:44:50 2018 /sbin/ip route add 0.0.0.0/1 via 10.8.0.1
Sun Feb 11 11:44:50 2018 /sbin/ip route add 128.0.0.0/1 via 10.8.0.1
Sun Feb 11 11:44:50 2018 Initialization Sequence Completed
listening on tun0, link-type RAW (Raw IP), capture size 262144 bytes
11:46:03.508407 IP 172.31.99.252.46390 > 54.165.192.198.443: Flags [S], seq 1756514146, win 29200, options [mss 1460,sackOK,TS val 4003311696 ecr 0,nop,wscale 7], length 0
11:46:03.568703 IP 172.31.99.252.44604 > 38.127.167.13.443: Flags [S], seq 120227118, win 29200, options [mss 1460,sackOK,TS val 610668249 ecr 0,nop,wscale 7], length 0