Need TAP, Can't Route @ Default GW

This forum is for admins who are looking to build or expand their OpenVPN setup.
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
LCB
OpenVPN User
Posts: 15
Joined: Wed Dec 12, 2018 3:08 pm

Need TAP, Can't Route @ Default GW

Post by LCB » Sun Dec 16, 2018 1:35 am

ETA: And I realized I posted this in the wrong forum ... any way to move it to "Server Administration?" Sorry about that.

I feel like I might be close to figuring out a solution for myself here, but I'm stuck. In my previous question about whether I need to use tap or tun for my solution, I arrived (I thought) at the need to use tap. Well, I spent a little bit this evening getting that working and I was pretty happy when it seemed to work. Then, I moved my config over to my iPhone and discovered the dreaded EVENT: TAP_NOT_SUPPORTED OSI layer 2 tunnels are not currently supported error (which I am sure a lot of mobile phone users already saw coming as they read this.)

So, do over.

The reason I started to think I needed tap was I am unable to add a route to my router (Google Fiber) and I have no other options but to use the Google router. I guess there has to be a drawback to having gigabit Internet huh? I need Internet and without being able to route the "foreign" VPN network back to the VPN server there's no way to do that, or so I thought. So, the only way was tap where I was actually bridged to the local network. But, because of the whole "no layer 2 in iOS" thing, that failed miserably.

I started thinking there's got to be a way so my non-network engineer brain tells me: "I should be able to somehow NAT the VPN's subnet at the VPN server and make this work." Right?

Well I found this post from 2011 which seems to describe what I need to do in method 4, masquerading: Accessing LAN resources when OpenVPN is not LAN's GW

I blindly charged in and started cutting and pasting (I can always snap back to an older version if I eff it up) and I got as far as "And of course create a ccd file with name like common name of client's certificate and write in it ". At that point I realized I had no business cutting and pasting a bunch of iptables statements without understanding the whole thing.

I did finally get these in which all of a sudden seemed to me like I could be opening a can of worms:

Code: Select all

Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
So I'm wondering first of all, is masquerading the solution for my problem? If so, is there maybe a "hello world" version of this somewhere?

I realize I'm probably in way over my head here but that's part of the fun, right?

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 5571
Joined: Fri Jun 03, 2016 1:17 pm

Re: Need TAP, Can't Route @ Default GW

Post by TinCanTech » Sun Dec 16, 2018 2:31 am

LCB wrote:
Sun Dec 16, 2018 1:35 am
is masquerading the solution for my problem? If so, is there maybe a "hello world" version of this
Yes and it is clearly documented in the howto ..

LCB
OpenVPN User
Posts: 15
Joined: Wed Dec 12, 2018 3:08 pm

Re: Need TAP, Can't Route @ Default GW

Post by LCB » Sun Dec 16, 2018 5:08 pm

Sir if it was clear (to me) I would not be asking. I understand helping folks out here can be a grind, especially if they do not RTFM. I have, but apparently it's not clicking for me. My goal was seeking out maybe an example configuration which has successfully implemented this solution, or maybe someone describing it in a manner different from the above thread, or the section on Using routing and OpenVPN not running on the default gateway on this page.

Specifically, and assuming this is the right area to be reviewing, this section says "The next thing you need to do on the router is to add a route for your VPN subnet." I can't do this as explained above. Maybe if I re-state my goals/requirements/limitations someone can at least tell me if I am barking up the wrong tree:
  • Need to use remote clients on both iOS and Windows
  • Need access to resources on VPN server LAN
  • Need Internet access via VPN only
  • OpenVPN running on server which is not the default gateway
  • Cannot add route to default gateway's routing table
Is this even possible?

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 5571
Joined: Fri Jun 03, 2016 1:17 pm

Re: Need TAP, Can't Route @ Default GW

Post by TinCanTech » Sun Dec 16, 2018 7:47 pm

Perhaps this will help:
viewtopic.php?f=30&t=22603

LCB
OpenVPN User
Posts: 15
Joined: Wed Dec 12, 2018 3:08 pm

Re: Need TAP, Can't Route @ Default GW

Post by LCB » Mon Dec 17, 2018 4:11 pm

It doesn't really. Again, I can appreciate the difficulty you have answering questions without items like that. I am not so much saying "I'm broken please help" but asking if what need to do is even possible. I suppose I'll assume masquerading is the right path and go down that road till I hit a wall, but I'm not actually clear it is.

ETA: Here's what I think I understand. Maybe you can tell me if this is the right method to:
  • Connect layer 3
  • Route all client traffic through gateway
  • Provide Internet access to client
Image

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 5571
Joined: Fri Jun 03, 2016 1:17 pm

Re: Need TAP, Can't Route @ Default GW

Post by TinCanTech » Mon Dec 17, 2018 6:43 pm

Your diagram is of absolutely no use what-so-ever ..

Recapping:
TinCanTech wrote:
Sun Dec 16, 2018 2:31 am
LCB wrote:
Sun Dec 16, 2018 1:35 am
is masquerading the solution for my problem? If so, is there maybe a "hello world" version of this
Yes and it is clearly documented in the howto ..
LCB wrote:
Sun Dec 16, 2018 5:08 pm
Sir if it was clear (to me) I would not be asking
it is clearly documented in the howto ..
LCB wrote:
Sun Dec 16, 2018 5:08 pm
I understand helping folks out here can be a grind, especially if they do not RTFM. I have, but apparently it's not clicking for me
Howto .. not the manual ..

But yeah, some people just don't read any of the excellent documentation here at openvpn.

LCB wrote:
Sun Dec 16, 2018 5:08 pm
My goal was
The howto has exactly what you are looking for ..... :ugeek:

LCB
OpenVPN User
Posts: 15
Joined: Wed Dec 12, 2018 3:08 pm

Re: Need TAP, Can't Route @ Default GW

Post by LCB » Tue Dec 18, 2018 11:18 pm

I do appreciate you answering me. I've read a lot of the documentation here, apparently not the right parts. I felt like (or I'd not have said it) that I'd hit all the pertinent ones but there is a awful lot and some of us do need to dig in and do in order to learn, rather than learn all of the possibilities up front. Taking a sip of water from a firehose and all that.

It's a lot easier (speaking as a person who has doled out his share of "RTFM" in my time) to say the information is in the documentation if you already know the information (or have helped to write it), than it may be for a new person to comprehend it the first time.

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 5571
Joined: Fri Jun 03, 2016 1:17 pm

Re: Need TAP, Can't Route @ Default GW

Post by TinCanTech » Wed Dec 19, 2018 1:42 am

Are you reading this garbage ?
https://openvpn.net/community-resources/

flint2003
OpenVPN User
Posts: 23
Joined: Mon Sep 24, 2018 11:48 am

Re: Need TAP, Can't Route @ Default GW

Post by flint2003 » Wed Dec 19, 2018 7:22 am

Hi all.
Let me put my two cents in as well.
Firstly, for best understanding, delete the direct link between the EUD and Internet.
Secondly, change the VPN network so that it will become right. For instance, the OpenVPN server has got the TAP adapter with IP=10.8.0.1/24. Your EUD has got 10.8.0.2/24 address for its TAP adapter.
Thirdly, if I'm not mistaken, your EUD has got a LAN? Based on your picture, it has. But I would recommend to alter the network 172.16.16.18 to 192.168.xxx.xxx/24 for better understanding what you do.
Fourthly and finally your EUD has to have got a gateway as the OpenVPN server 10.8.0.1
Redraw you picture and we can continue.

Best regards,
Flint

LCB
OpenVPN User
Posts: 15
Joined: Wed Dec 12, 2018 3:08 pm

Re: Need TUN, Can't Route @ Default GW

Post by LCB » Thu Dec 20, 2018 6:37 pm

Well this is embarrassing. When I wrote this initially I put "TAP" but I need to use "TUN" since using iOS and/or Android is mandatory (as far as I know neither of these support level 2 still?)

Anyway, I'll make the updates suggested above to mu diagram and clarify where necessary. I've been trying some different settings but so far no (complete) joy. I have to go drive out of my neighborhood to test since I have no real cell signal and using my phone and or hotspot is not possible for testing.

Thanks for sticking with me. More to come.

LCB
OpenVPN User
Posts: 15
Joined: Wed Dec 12, 2018 3:08 pm

Re: Need TUN, Can't Route @ Default GW

Post by LCB » Fri Dec 21, 2018 1:21 am

Okay, mostly working I think. The part I do not think is working is DNS. While I see the DNS in my IPCONFIG, when I check my connection with https://ipleak.net/ I see 52 DNS servers listed when I'd think there would just be two.

Code: Select all

Thu Dec 20 18:50:27 2018 us=599590 WARNING: --ifconfig-pool-persist will not work with --duplicate-cn
I do understand this one and will fix it.

Code: Select all

Thu Dec 20 18:50:27 2018 us=599641 NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x.  Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
Right now this is not a conflict, but I'll change my internal network one of these days.

Maybe this is close enough that a few tweaks will get me there:

Server Config

# Which local IP address should OpenVPN
# listen on? (optional)
local 192.168.1.11

# Which TCP/UDP port should OpenVPN listen on?
# If you want to run multiple OpenVPN instances
# on the same machine, use a different port
# number for each one. You will need to
# open up this port on your firewall.
port 1194

# TCP or UDP server?
;proto tcp
proto udp

# "dev tun" will create a routed IP tunnel,
# "dev tap" will create an ethernet tunnel.
# Use "dev tap0" if you are ethernet bridging
# and have precreated a tap0 virtual interface
# and bridged it with your ethernet interface.
# If you want to control access policies
# over the VPN, you must create firewall
# rules for the the TUN/TAP interface.
# On non-Windows systems, you can give
# an explicit unit number, such as tun0.
# On Windows, use "dev-node" for this.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
;dev tap
dev tun

# Windows needs the TAP-Win32 adapter name
# from the Network Connections panel if you
# have more than one. On XP SP2 or higher,
# you may need to selectively disable the
# Windows firewall for the TAP adapter.
# Non-Windows systems usually don't need this.
;dev-node MyTap

# SSL/TLS root certificate (ca), certificate
# (cert), and private key (key). Each client
# and the server must have their own cert and
# key file. The server and all clients will
# use the same ca file.
#
# See the "easy-rsa" directory for a series
# of scripts for generating RSA certificates
# and private keys. Remember to use
# a unique Common Name for the server
# and each of the client certificates.
#
# Any X509 key management system can be used.
# OpenVPN can also use a PKCS #12 formatted key file
# (see "pkcs12" directive in man page).
ca ./keys/ca.crt
cert ./keys/server.crt
key ./keys/server.key # This file should be kept secret

# Diffie hellman parameters.
# Generate your own with:
# openssl dhparam -out dh2048.pem 2048
dh ./keys/dh2048.pem

# Network topology
# Should be subnet (addressing via IP)
# unless Windows clients v2.0.9 and lower have to
# be supported (then net30, i.e. a /30 per client)
# Defaults to net30 (not recommended)
topology subnet

# Configure server mode and supply a VPN subnet
# for OpenVPN to draw client addresses from.
# The server will take 10.8.0.1 for itself,
# the rest will be made available to clients.
# Each client will be able to reach the server
# on 10.8.0.1. Comment this line out if you are
# ethernet bridging. See the man page for more info.
server 172.16.16.16 255.255.255.248
# 172.16.16.16/29 = 17 (server) through 22

# Maintain a record of client <-> virtual IP address
# associations in this file. If OpenVPN goes down or
# is restarted, reconnecting clients can be assigned
# the same virtual IP address from the pool that was
# previously assigned.
ifconfig-pool-persist /var/log/openvpn/ipp.txt

# Configure server mode for ethernet bridging.
# You must first use your OS's bridging capability
# to bridge the TAP interface with the ethernet
# NIC interface. Then you must manually set the
# IP/netmask on the bridge interface, here we
# assume 10.8.0.4/255.255.255.0. Finally we
# must set aside an IP range in this subnet
# (start=10.8.0.50 end=10.8.0.100) to allocate
# to connecting clients. Leave this line commented
# out unless you are ethernet bridging.
;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100

# Configure server mode for ethernet bridging
# using a DHCP-proxy, where clients talk
# to the OpenVPN server-side DHCP server
# to receive their IP address allocation
# and DNS server addresses. You must first use
# your OS's bridging capability to bridge the TAP
# interface with the ethernet NIC interface.
# Note: this mode only works on clients (such as
# Windows), where the client-side TAP adapter is
# bound to a DHCP client.
;server-bridge

# Push routes to the client to allow it
# to reach other private subnets behind
# the server. Remember that these
# private subnets will also need
# to know to route the OpenVPN client
# address pool (10.8.0.0/255.255.255.0)
# back to the OpenVPN server.
push "route 192.168.1.0 255.255.255.0"
;push "route 192.168.20.0 255.255.255.0"

# To assign specific IP addresses to specific
# clients or if a connecting client has a private
# subnet behind it that should also have VPN access,
# use the subdirectory "ccd" for client-specific
# configuration files (see man page for more info).

# EXAMPLE: Suppose the client
# having the certificate common name "Thelonious"
# also has a small subnet behind his connecting
# machine, such as 192.168.40.128/255.255.255.248.
# First, uncomment out these lines:
;client-config-dir ccd
;route 192.168.40.128 255.255.255.248
# Then create a file ccd/Thelonious with this line:
# iroute 192.168.40.128 255.255.255.248
# This will allow Thelonious' private subnet to
# access the VPN. This example will only work
# if you are routing, not bridging, i.e. you are
# using "dev tun" and "server" directives.

# EXAMPLE: Suppose you want to give
# Thelonious a fixed VPN IP address of 10.9.0.1.
# First uncomment out these lines:
;client-config-dir ccd
;route 10.9.0.0 255.255.255.252
# Then add this line to ccd/Thelonious:
# ifconfig-push 10.9.0.1 10.9.0.2

# Suppose that you want to enable different
# firewall access policies for different groups
# of clients. There are two methods:
# (1) Run multiple OpenVPN daemons, one for each
# group, and firewall the TUN/TAP interface
# for each group/daemon appropriately.
# (2) (Advanced) Create a script to dynamically
# modify the firewall in response to access
# from different clients. See man
# page for more info on learn-address script.
;learn-address ./script

# If enabled, this directive will configure
# all clients to redirect their default
# network gateway through the VPN, causing
# all IP traffic such as web browsing and
# and DNS lookups to go through the VPN
# (The OpenVPN server machine may need to NAT
# or bridge the TUN/TAP interface to the internet
# in order for this to work properly).
push "redirect-gateway def1 bypass-dhcp"

# Certain Windows-specific network settings
# can be pushed to clients, such as DNS
# or WINS server addresses. CAVEAT:
# http://openvpn.net/faq.html#dhcpcaveats
# The addresses below refer to the public
# DNS servers provided by opendns.com.
push "dhcp-option DNS 1.1.1.1"
push "dhcp-option DNS 1.0.0.1"

# Uncomment this directive to allow different
# clients to be able to "see" each other.
# By default, clients will only see the server.
# To force clients to only see the server, you
# will also need to appropriately firewall the
# server's TUN/TAP interface.
;client-to-client

# Uncomment this directive if multiple clients
# might connect with the same certificate/key
# files or common names. This is recommended
# only for testing purposes. For production use,
# each client should have its own certificate/key
# pair.
#
# IF YOU HAVE NOT GENERATED INDIVIDUAL
# CERTIFICATE/KEY PAIRS FOR EACH CLIENT,
# EACH HAVING ITS OWN UNIQUE "COMMON NAME",
# UNCOMMENT THIS LINE OUT.
duplicate-cn

# The keepalive directive causes ping-like
# messages to be sent back and forth over
# the link so that each side knows when
# the other side has gone down.
# Ping every 10 seconds, assume that remote
# peer is down if no ping received during
# a 120 second time period.
keepalive 10 120

# For extra security beyond that provided
# by SSL/TLS, create an "HMAC firewall"
# to help block DoS attacks and UDP port flooding.
#
# Generate with:
# openvpn --genkey --secret ta.key
#
# The server and each client must have
# a copy of this key.
# The second parameter should be '0'
# on the server and '1' on the clients.
tls-auth ./keys/ta.key 0 # This file is secret

# Select a cryptographic cipher.
# This config item must be copied to
# the client config file as well.
# Note that v2.4 client/server will automatically
# negotiate AES-256-GCM in TLS mode.
# See also the ncp-cipher option in the manpage
cipher AES-256-CBC

# Enable compression on the VPN link and push the
# option to the client (v2.4+ only, for earlier
# versions see below)
;compress lz4-v2
;push "compress lz4-v2"

# For compression compatible with older clients use comp-lzo
# If you enable it here, you must also
# enable it in the client config file.
;comp-lzo

# The maximum number of concurrently connected
# clients we want to allow.
max-clients 5

# It's a good idea to reduce the OpenVPN
# daemon's privileges after initialization.
#
# You can uncomment this out on
# non-Windows systems.
user nobody
group nogroup

# The persist options will try to avoid
# accessing certain resources on restart
# that may no longer be accessible because
# of the privilege downgrade.
persist-key
persist-tun

# Output a short status file showing
# current connections, truncated
# and rewritten every minute.
status /var/log/openvpn/openvpn-status.log

# By default, log messages will go to the syslog (or
# on Windows, if running as a service, they will go to
# the "\Program Files\OpenVPN\log" directory).
# Use log or log-append to override this default.
# "log" will truncate the log file on OpenVPN startup,
# while "log-append" will append to it. Use one
# or the other (but not both).
log /var/log/openvpn/openvpn.log
;log-append /var/log/openvpn/openvpn.log

# Set the appropriate level of log
# file verbosity.
#
# 0 is silent, except for fatal errors
# 4 is reasonable for general usage
# 5 and 6 can help to debug connection problems
# 9 is extremely verbose
verb 4

# Silence repeating messages. At most 20
# sequential messages of the same message
# category will be output to the log.
;mute 20

# Notify the client that when the server restarts so it
# can automatically reconnect.
explicit-exit-notify 1


/var/log/openvpn/openvpn.log:

Code: Select all

Thu Dec 20 18:50:27 2018 us=598293 Current Parameter Settings:
Thu Dec 20 18:50:27 2018 us=598320   config = '/etc/openvpn/server.conf'
Thu Dec 20 18:50:27 2018 us=598325   mode = 1
Thu Dec 20 18:50:27 2018 us=598329   persist_config = DISABLED
Thu Dec 20 18:50:27 2018 us=598332   persist_mode = 1
Thu Dec 20 18:50:27 2018 us=598336   show_ciphers = DISABLED
Thu Dec 20 18:50:27 2018 us=598339   show_digests = DISABLED
Thu Dec 20 18:50:27 2018 us=598342   show_engines = DISABLED
Thu Dec 20 18:50:27 2018 us=598346   genkey = DISABLED
Thu Dec 20 18:50:27 2018 us=598349   key_pass_file = '[UNDEF]'
Thu Dec 20 18:50:27 2018 us=598353   show_tls_ciphers = DISABLED
Thu Dec 20 18:50:27 2018 us=598356   connect_retry_max = 0
Thu Dec 20 18:50:27 2018 us=598360 Connection profiles [0]:
Thu Dec 20 18:50:27 2018 us=598363   proto = udp
Thu Dec 20 18:50:27 2018 us=598367   local = '192.168.1.11'
Thu Dec 20 18:50:27 2018 us=598370   local_port = '1194'
Thu Dec 20 18:50:27 2018 us=598374   remote = '[UNDEF]'
Thu Dec 20 18:50:27 2018 us=598377   remote_port = '1194'
Thu Dec 20 18:50:27 2018 us=598380   remote_float = DISABLED
Thu Dec 20 18:50:27 2018 us=598384   bind_defined = DISABLED
Thu Dec 20 18:50:27 2018 us=598387   bind_local = ENABLED
Thu Dec 20 18:50:27 2018 us=598390   bind_ipv6_only = DISABLED
Thu Dec 20 18:50:27 2018 us=598393   connect_retry_seconds = 5
Thu Dec 20 18:50:27 2018 us=598397   connect_timeout = 120
Thu Dec 20 18:50:27 2018 us=598400   socks_proxy_server = '[UNDEF]'
Thu Dec 20 18:50:27 2018 us=598404   socks_proxy_port = '[UNDEF]'
Thu Dec 20 18:50:27 2018 us=598407   tun_mtu = 1500
Thu Dec 20 18:50:27 2018 us=598410   tun_mtu_defined = ENABLED
Thu Dec 20 18:50:27 2018 us=598414   link_mtu = 1500
Thu Dec 20 18:50:27 2018 us=598417   link_mtu_defined = DISABLED
Thu Dec 20 18:50:27 2018 us=598420   tun_mtu_extra = 0
Thu Dec 20 18:50:27 2018 us=598424   tun_mtu_extra_defined = DISABLED
Thu Dec 20 18:50:27 2018 us=598427   mtu_discover_type = -1
Thu Dec 20 18:50:27 2018 us=598430   fragment = 0
Thu Dec 20 18:50:27 2018 us=598434   mssfix = 1450
Thu Dec 20 18:50:27 2018 us=598437   explicit_exit_notification = 1
Thu Dec 20 18:50:27 2018 us=598441 Connection profiles END
Thu Dec 20 18:50:27 2018 us=598444   remote_random = DISABLED
Thu Dec 20 18:50:27 2018 us=598448   ipchange = '[UNDEF]'
Thu Dec 20 18:50:27 2018 us=598451   dev = 'tun'
Thu Dec 20 18:50:27 2018 us=598454   dev_type = '[UNDEF]'
Thu Dec 20 18:50:27 2018 us=598458   dev_node = '[UNDEF]'
Thu Dec 20 18:50:27 2018 us=598461   lladdr = '[UNDEF]'
Thu Dec 20 18:50:27 2018 us=598465   topology = 3
Thu Dec 20 18:50:27 2018 us=598468   ifconfig_local = '172.16.16.17'
Thu Dec 20 18:50:27 2018 us=598471   ifconfig_remote_netmask = '255.255.255.248'
Thu Dec 20 18:50:27 2018 us=598475   ifconfig_noexec = DISABLED
Thu Dec 20 18:50:27 2018 us=598478   ifconfig_nowarn = DISABLED
Thu Dec 20 18:50:27 2018 us=598482   ifconfig_ipv6_local = '[UNDEF]'
Thu Dec 20 18:50:27 2018 us=598485   ifconfig_ipv6_netbits = 0
Thu Dec 20 18:50:27 2018 us=598488   ifconfig_ipv6_remote = '[UNDEF]'
Thu Dec 20 18:50:27 2018 us=598492   shaper = 0
Thu Dec 20 18:50:27 2018 us=598495   mtu_test = 0
Thu Dec 20 18:50:27 2018 us=598498   mlock = DISABLED
Thu Dec 20 18:50:27 2018 us=598502   keepalive_ping = 10
Thu Dec 20 18:50:27 2018 us=598505   keepalive_timeout = 120
Thu Dec 20 18:50:27 2018 us=598508   inactivity_timeout = 0
Thu Dec 20 18:50:27 2018 us=598512   ping_send_timeout = 10
Thu Dec 20 18:50:27 2018 us=598515   ping_rec_timeout = 240
Thu Dec 20 18:50:27 2018 us=598519   ping_rec_timeout_action = 2
Thu Dec 20 18:50:27 2018 us=598522   ping_timer_remote = DISABLED
Thu Dec 20 18:50:27 2018 us=598525   remap_sigusr1 = 0
Thu Dec 20 18:50:27 2018 us=598529   persist_tun = ENABLED
Thu Dec 20 18:50:27 2018 us=598532   persist_local_ip = DISABLED
Thu Dec 20 18:50:27 2018 us=598535   persist_remote_ip = DISABLED
Thu Dec 20 18:50:27 2018 us=598538   persist_key = ENABLED
Thu Dec 20 18:50:27 2018 us=598542   passtos = DISABLED
Thu Dec 20 18:50:27 2018 us=598546   resolve_retry_seconds = 1000000000
Thu Dec 20 18:50:27 2018 us=598550   resolve_in_advance = DISABLED
Thu Dec 20 18:50:27 2018 us=598557   username = 'nobody'
Thu Dec 20 18:50:27 2018 us=598560   groupname = 'nogroup'
Thu Dec 20 18:50:27 2018 us=598564   chroot_dir = '[UNDEF]'
Thu Dec 20 18:50:27 2018 us=598567   cd_dir = '/etc/openvpn'
Thu Dec 20 18:50:27 2018 us=598570   writepid = '/run/openvpn/server.pid'
Thu Dec 20 18:50:27 2018 us=598574   up_script = '[UNDEF]'
Thu Dec 20 18:50:27 2018 us=598577   down_script = '[UNDEF]'
Thu Dec 20 18:50:27 2018 us=598580   down_pre = DISABLED
Thu Dec 20 18:50:27 2018 us=598584   up_restart = DISABLED
Thu Dec 20 18:50:27 2018 us=598587   up_delay = DISABLED
Thu Dec 20 18:50:27 2018 us=598590   daemon = ENABLED
Thu Dec 20 18:50:27 2018 us=598594   inetd = 0
Thu Dec 20 18:50:27 2018 us=598597   log = ENABLED
Thu Dec 20 18:50:27 2018 us=598600   suppress_timestamps = DISABLED
Thu Dec 20 18:50:27 2018 us=598604   machine_readable_output = DISABLED
Thu Dec 20 18:50:27 2018 us=598607   nice = 0
Thu Dec 20 18:50:27 2018 us=598611   verbosity = 4
Thu Dec 20 18:50:27 2018 us=598614   mute = 0
Thu Dec 20 18:50:27 2018 us=598617   gremlin = 0
Thu Dec 20 18:50:27 2018 us=598621   status_file = '/var/log/openvpn/openvpn-status.log'
Thu Dec 20 18:50:27 2018 us=598624   status_file_version = 1
Thu Dec 20 18:50:27 2018 us=598628   status_file_update_freq = 10
Thu Dec 20 18:50:27 2018 us=598631   occ = ENABLED
Thu Dec 20 18:50:27 2018 us=598634   rcvbuf = 0
Thu Dec 20 18:50:27 2018 us=598638   sndbuf = 0
Thu Dec 20 18:50:27 2018 us=598641   mark = 0
Thu Dec 20 18:50:27 2018 us=598644   sockflags = 0
Thu Dec 20 18:50:27 2018 us=598648   fast_io = DISABLED
Thu Dec 20 18:50:27 2018 us=598651   comp.alg = 0
Thu Dec 20 18:50:27 2018 us=598654   comp.flags = 0
Thu Dec 20 18:50:27 2018 us=598658   route_script = '[UNDEF]'
Thu Dec 20 18:50:27 2018 us=598661   route_default_gateway = '172.16.16.18'
Thu Dec 20 18:50:27 2018 us=598665   route_default_metric = 0
Thu Dec 20 18:50:27 2018 us=598668   route_noexec = DISABLED
Thu Dec 20 18:50:27 2018 us=598672   route_delay = 0
Thu Dec 20 18:50:27 2018 us=598675   route_delay_window = 30
Thu Dec 20 18:50:27 2018 us=598679   route_delay_defined = DISABLED
Thu Dec 20 18:50:27 2018 us=598682   route_nopull = DISABLED
Thu Dec 20 18:50:27 2018 us=598686   route_gateway_via_dhcp = DISABLED
Thu Dec 20 18:50:27 2018 us=598689   allow_pull_fqdn = DISABLED
Thu Dec 20 18:50:27 2018 us=598693   management_addr = '[UNDEF]'
Thu Dec 20 18:50:27 2018 us=598696   management_port = '[UNDEF]'
Thu Dec 20 18:50:27 2018 us=598700   management_user_pass = '[UNDEF]'
Thu Dec 20 18:50:27 2018 us=598703   management_log_history_cache = 250
Thu Dec 20 18:50:27 2018 us=598707   management_echo_buffer_size = 100
Thu Dec 20 18:50:27 2018 us=598710   management_write_peer_info_file = '[UNDEF]'
Thu Dec 20 18:50:27 2018 us=598714   management_client_user = '[UNDEF]'
Thu Dec 20 18:50:27 2018 us=598717   management_client_group = '[UNDEF]'
Thu Dec 20 18:50:27 2018 us=598721   management_flags = 0
Thu Dec 20 18:50:27 2018 us=598724   shared_secret_file = '[UNDEF]'
Thu Dec 20 18:50:27 2018 us=598728   key_direction = 1
Thu Dec 20 18:50:27 2018 us=598731   ciphername = 'AES-256-CBC'
Thu Dec 20 18:50:27 2018 us=598735   ncp_enabled = ENABLED
Thu Dec 20 18:50:27 2018 us=598739   ncp_ciphers = 'AES-256-GCM:AES-128-GCM'
Thu Dec 20 18:50:27 2018 us=598742   authname = 'SHA1'
Thu Dec 20 18:50:27 2018 us=598746   prng_hash = 'SHA1'
Thu Dec 20 18:50:27 2018 us=598749   prng_nonce_secret_len = 16
Thu Dec 20 18:50:27 2018 us=598753   keysize = 0
Thu Dec 20 18:50:27 2018 us=598756   engine = DISABLED
Thu Dec 20 18:50:27 2018 us=598760   replay = ENABLED
Thu Dec 20 18:50:27 2018 us=598763   mute_replay_warnings = DISABLED
Thu Dec 20 18:50:27 2018 us=598767   replay_window = 64
Thu Dec 20 18:50:27 2018 us=598770   replay_time = 15
Thu Dec 20 18:50:27 2018 us=598774   packet_id_file = '[UNDEF]'
Thu Dec 20 18:50:27 2018 us=598777   use_iv = ENABLED
Thu Dec 20 18:50:27 2018 us=598781   test_crypto = DISABLED
Thu Dec 20 18:50:27 2018 us=598784   tls_server = ENABLED
Thu Dec 20 18:50:27 2018 us=598790   tls_client = DISABLED
Thu Dec 20 18:50:27 2018 us=598794   key_method = 2
Thu Dec 20 18:50:27 2018 us=598797   ca_file = './keys/ca.crt'
Thu Dec 20 18:50:27 2018 us=598801   ca_path = '[UNDEF]'
Thu Dec 20 18:50:27 2018 us=598804   dh_file = './keys/dh2048.pem'
Thu Dec 20 18:50:27 2018 us=598808   cert_file = './keys/server.crt'
Thu Dec 20 18:50:27 2018 us=598812   extra_certs_file = '[UNDEF]'
Thu Dec 20 18:50:27 2018 us=598815   priv_key_file = './keys/server.key'
Thu Dec 20 18:50:27 2018 us=598819   pkcs12_file = '[UNDEF]'
Thu Dec 20 18:50:27 2018 us=598822   cipher_list = '[UNDEF]'
Thu Dec 20 18:50:27 2018 us=598826   tls_verify = '[UNDEF]'
Thu Dec 20 18:50:27 2018 us=598829   tls_export_cert = '[UNDEF]'
Thu Dec 20 18:50:27 2018 us=598833   verify_x509_type = 0
Thu Dec 20 18:50:27 2018 us=598836   verify_x509_name = '[UNDEF]'
Thu Dec 20 18:50:27 2018 us=598840   crl_file = '[UNDEF]'
Thu Dec 20 18:50:27 2018 us=598843   ns_cert_type = 0
Thu Dec 20 18:50:27 2018 us=598847   remote_cert_ku[i] = 0
Thu Dec 20 18:50:27 2018 us=598850   remote_cert_ku[i] = 0
Thu Dec 20 18:50:27 2018 us=598854   remote_cert_ku[i] = 0
Thu Dec 20 18:50:27 2018 us=598857   remote_cert_ku[i] = 0
Thu Dec 20 18:50:27 2018 us=598861   remote_cert_ku[i] = 0
Thu Dec 20 18:50:27 2018 us=598864   remote_cert_ku[i] = 0
Thu Dec 20 18:50:27 2018 us=598868   remote_cert_ku[i] = 0
Thu Dec 20 18:50:27 2018 us=598871   remote_cert_ku[i] = 0
Thu Dec 20 18:50:27 2018 us=598875   remote_cert_ku[i] = 0
Thu Dec 20 18:50:27 2018 us=598878   remote_cert_ku[i] = 0
Thu Dec 20 18:50:27 2018 us=598881   remote_cert_ku[i] = 0
Thu Dec 20 18:50:27 2018 us=598885   remote_cert_ku[i] = 0
Thu Dec 20 18:50:27 2018 us=598888   remote_cert_ku[i] = 0
Thu Dec 20 18:50:27 2018 us=598892   remote_cert_ku[i] = 0
Thu Dec 20 18:50:27 2018 us=598895   remote_cert_ku[i] = 0
Thu Dec 20 18:50:27 2018 us=598899   remote_cert_ku[i] = 0
Thu Dec 20 18:50:27 2018 us=598902   remote_cert_eku = '[UNDEF]'
Thu Dec 20 18:50:27 2018 us=598906   ssl_flags = 0
Thu Dec 20 18:50:27 2018 us=598909   tls_timeout = 2
Thu Dec 20 18:50:27 2018 us=598913   renegotiate_bytes = -1
Thu Dec 20 18:50:27 2018 us=598917   renegotiate_packets = 0
Thu Dec 20 18:50:27 2018 us=598920   renegotiate_seconds = 3600
Thu Dec 20 18:50:27 2018 us=598924   handshake_window = 60
Thu Dec 20 18:50:27 2018 us=598927   transition_window = 3600
Thu Dec 20 18:50:27 2018 us=598931   single_session = DISABLED
Thu Dec 20 18:50:27 2018 us=598934   push_peer_info = DISABLED
Thu Dec 20 18:50:27 2018 us=598938   tls_exit = DISABLED
Thu Dec 20 18:50:27 2018 us=598941   tls_auth_file = './keys/ta.key'
Thu Dec 20 18:50:27 2018 us=598945   tls_crypt_file = '[UNDEF]'
Thu Dec 20 18:50:27 2018 us=598948   pkcs11_protected_authentication = DISABLED
Thu Dec 20 18:50:27 2018 us=598952   pkcs11_protected_authentication = DISABLED
Thu Dec 20 18:50:27 2018 us=598955   pkcs11_protected_authentication = DISABLED
Thu Dec 20 18:50:27 2018 us=598959   pkcs11_protected_authentication = DISABLED
Thu Dec 20 18:50:27 2018 us=598962   pkcs11_protected_authentication = DISABLED
Thu Dec 20 18:50:27 2018 us=598966   pkcs11_protected_authentication = DISABLED
Thu Dec 20 18:50:27 2018 us=598969   pkcs11_protected_authentication = DISABLED
Thu Dec 20 18:50:27 2018 us=598973   pkcs11_protected_authentication = DISABLED
Thu Dec 20 18:50:27 2018 us=598976   pkcs11_protected_authentication = DISABLED
Thu Dec 20 18:50:27 2018 us=598979   pkcs11_protected_authentication = DISABLED
Thu Dec 20 18:50:27 2018 us=598983   pkcs11_protected_authentication = DISABLED
Thu Dec 20 18:50:27 2018 us=598986   pkcs11_protected_authentication = DISABLED
Thu Dec 20 18:50:27 2018 us=598990   pkcs11_protected_authentication = DISABLED
Thu Dec 20 18:50:27 2018 us=598993   pkcs11_protected_authentication = DISABLED
Thu Dec 20 18:50:27 2018 us=598997   pkcs11_protected_authentication = DISABLED
Thu Dec 20 18:50:27 2018 us=599000   pkcs11_protected_authentication = DISABLED
Thu Dec 20 18:50:27 2018 us=599107   pkcs11_private_mode = 00000000
Thu Dec 20 18:50:27 2018 us=599112   pkcs11_private_mode = 00000000
Thu Dec 20 18:50:27 2018 us=599119   pkcs11_private_mode = 00000000
Thu Dec 20 18:50:27 2018 us=599123   pkcs11_private_mode = 00000000
Thu Dec 20 18:50:27 2018 us=599126   pkcs11_private_mode = 00000000
Thu Dec 20 18:50:27 2018 us=599130   pkcs11_private_mode = 00000000
Thu Dec 20 18:50:27 2018 us=599133   pkcs11_private_mode = 00000000
Thu Dec 20 18:50:27 2018 us=599137   pkcs11_private_mode = 00000000
Thu Dec 20 18:50:27 2018 us=599140   pkcs11_private_mode = 00000000
Thu Dec 20 18:50:27 2018 us=599143   pkcs11_private_mode = 00000000
Thu Dec 20 18:50:27 2018 us=599147   pkcs11_private_mode = 00000000
Thu Dec 20 18:50:27 2018 us=599150   pkcs11_private_mode = 00000000
Thu Dec 20 18:50:27 2018 us=599154   pkcs11_private_mode = 00000000
Thu Dec 20 18:50:27 2018 us=599157   pkcs11_private_mode = 00000000
Thu Dec 20 18:50:27 2018 us=599161   pkcs11_private_mode = 00000000
Thu Dec 20 18:50:27 2018 us=599164   pkcs11_private_mode = 00000000
Thu Dec 20 18:50:27 2018 us=599168   pkcs11_cert_private = DISABLED
Thu Dec 20 18:50:27 2018 us=599171   pkcs11_cert_private = DISABLED
Thu Dec 20 18:50:27 2018 us=599175   pkcs11_cert_private = DISABLED
Thu Dec 20 18:50:27 2018 us=599178   pkcs11_cert_private = DISABLED
Thu Dec 20 18:50:27 2018 us=599181   pkcs11_cert_private = DISABLED
Thu Dec 20 18:50:27 2018 us=599185   pkcs11_cert_private = DISABLED
Thu Dec 20 18:50:27 2018 us=599188   pkcs11_cert_private = DISABLED
Thu Dec 20 18:50:27 2018 us=599192   pkcs11_cert_private = DISABLED
Thu Dec 20 18:50:27 2018 us=599195   pkcs11_cert_private = DISABLED
Thu Dec 20 18:50:27 2018 us=599199   pkcs11_cert_private = DISABLED
Thu Dec 20 18:50:27 2018 us=599202   pkcs11_cert_private = DISABLED
Thu Dec 20 18:50:27 2018 us=599206   pkcs11_cert_private = DISABLED
Thu Dec 20 18:50:27 2018 us=599209   pkcs11_cert_private = DISABLED
Thu Dec 20 18:50:27 2018 us=599212   pkcs11_cert_private = DISABLED
Thu Dec 20 18:50:27 2018 us=599216   pkcs11_cert_private = DISABLED
Thu Dec 20 18:50:27 2018 us=599219   pkcs11_cert_private = DISABLED
Thu Dec 20 18:50:27 2018 us=599223   pkcs11_pin_cache_period = -1
Thu Dec 20 18:50:27 2018 us=599226   pkcs11_id = '[UNDEF]'
Thu Dec 20 18:50:27 2018 us=599230   pkcs11_id_management = DISABLED
Thu Dec 20 18:50:27 2018 us=599234   server_network = 172.16.16.16
Thu Dec 20 18:50:27 2018 us=599238   server_netmask = 255.255.255.248
Thu Dec 20 18:50:27 2018 us=599243   server_network_ipv6 = ::
Thu Dec 20 18:50:27 2018 us=599246   server_netbits_ipv6 = 0
Thu Dec 20 18:50:27 2018 us=599250   server_bridge_ip = 0.0.0.0
Thu Dec 20 18:50:27 2018 us=599254   server_bridge_netmask = 0.0.0.0
Thu Dec 20 18:50:27 2018 us=599258   server_bridge_pool_start = 0.0.0.0
Thu Dec 20 18:50:27 2018 us=599261   server_bridge_pool_end = 0.0.0.0
Thu Dec 20 18:50:27 2018 us=599265   push_entry = 'route 192.168.1.0 255.255.255.0'
Thu Dec 20 18:50:27 2018 us=599269   push_entry = 'redirect-gateway def1 bypass-dhcp'
Thu Dec 20 18:50:27 2018 us=599272   push_entry = 'dhcp-option DNS 1.1.1.1'
Thu Dec 20 18:50:27 2018 us=599276   push_entry = 'dhcp-option DNS 1.0.0.1'
Thu Dec 20 18:50:27 2018 us=599279   push_entry = 'route-gateway 172.16.16.17'
Thu Dec 20 18:50:27 2018 us=599283   push_entry = 'topology subnet'
Thu Dec 20 18:50:27 2018 us=599286   push_entry = 'ping 10'
Thu Dec 20 18:50:27 2018 us=599290   push_entry = 'ping-restart 120'
Thu Dec 20 18:50:27 2018 us=599293   ifconfig_pool_defined = ENABLED
Thu Dec 20 18:50:27 2018 us=599298   ifconfig_pool_start = 172.16.16.18
Thu Dec 20 18:50:27 2018 us=599303   ifconfig_pool_end = 172.16.16.21
Thu Dec 20 18:50:27 2018 us=599307   ifconfig_pool_netmask = 255.255.255.248
Thu Dec 20 18:50:27 2018 us=599310   ifconfig_pool_persist_filename = '/var/log/openvpn/ipp.txt'
Thu Dec 20 18:50:27 2018 us=599314   ifconfig_pool_persist_refresh_freq = 600
Thu Dec 20 18:50:27 2018 us=599317   ifconfig_ipv6_pool_defined = DISABLED
Thu Dec 20 18:50:27 2018 us=599321   ifconfig_ipv6_pool_base = ::
Thu Dec 20 18:50:27 2018 us=599325   ifconfig_ipv6_pool_netbits = 0
Thu Dec 20 18:50:27 2018 us=599328   n_bcast_buf = 256
Thu Dec 20 18:50:27 2018 us=599334   tcp_queue_limit = 64
Thu Dec 20 18:50:27 2018 us=599337   real_hash_size = 256
Thu Dec 20 18:50:27 2018 us=599341   virtual_hash_size = 256
Thu Dec 20 18:50:27 2018 us=599345   client_connect_script = '[UNDEF]'
Thu Dec 20 18:50:27 2018 us=599348   learn_address_script = '[UNDEF]'
Thu Dec 20 18:50:27 2018 us=599352   client_disconnect_script = '[UNDEF]'
Thu Dec 20 18:50:27 2018 us=599355   client_config_dir = '[UNDEF]'
Thu Dec 20 18:50:27 2018 us=599359   ccd_exclusive = DISABLED
Thu Dec 20 18:50:27 2018 us=599362   tmp_dir = '/tmp'
Thu Dec 20 18:50:27 2018 us=599366   push_ifconfig_defined = DISABLED
Thu Dec 20 18:50:27 2018 us=599370   push_ifconfig_local = 0.0.0.0
Thu Dec 20 18:50:27 2018 us=599375   push_ifconfig_remote_netmask = 0.0.0.0
Thu Dec 20 18:50:27 2018 us=599379   push_ifconfig_ipv6_defined = DISABLED
Thu Dec 20 18:50:27 2018 us=599383   push_ifconfig_ipv6_local = ::/0
Thu Dec 20 18:50:27 2018 us=599386   push_ifconfig_ipv6_remote = ::
Thu Dec 20 18:50:27 2018 us=599390   enable_c2c = DISABLED
Thu Dec 20 18:50:27 2018 us=599394   duplicate_cn = ENABLED
Thu Dec 20 18:50:27 2018 us=599397   cf_max = 0
Thu Dec 20 18:50:27 2018 us=599401   cf_per = 0
Thu Dec 20 18:50:27 2018 us=599404   max_clients = 5
Thu Dec 20 18:50:27 2018 us=599408   max_routes_per_client = 256
Thu Dec 20 18:50:27 2018 us=599411   auth_user_pass_verify_script = '[UNDEF]'
Thu Dec 20 18:50:27 2018 us=599415   auth_user_pass_verify_script_via_file = DISABLED
Thu Dec 20 18:50:27 2018 us=599419   auth_token_generate = DISABLED
Thu Dec 20 18:50:27 2018 us=599422   auth_token_lifetime = 0
Thu Dec 20 18:50:27 2018 us=599426   port_share_host = '[UNDEF]'
Thu Dec 20 18:50:27 2018 us=599429   port_share_port = '[UNDEF]'
Thu Dec 20 18:50:27 2018 us=599433   client = DISABLED
Thu Dec 20 18:50:27 2018 us=599436   pull = DISABLED
Thu Dec 20 18:50:27 2018 us=599440   auth_user_pass_file = '[UNDEF]'
Thu Dec 20 18:50:27 2018 us=599444 OpenVPN 2.4.4 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Sep  5 2018
Thu Dec 20 18:50:27 2018 us=599451 library versions: OpenSSL 1.1.0g  2 Nov 2017, LZO 2.08
Thu Dec 20 18:50:27 2018 us=599590 WARNING: --ifconfig-pool-persist will not work with --duplicate-cn
Thu Dec 20 18:50:27 2018 us=599641 NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x.  Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
Thu Dec 20 18:50:27 2018 us=604976 Diffie-Hellman initialized with 2048 bit key
Thu Dec 20 18:50:27 2018 us=674936 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Dec 20 18:50:27 2018 us=674962 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Dec 20 18:50:27 2018 us=674971 TLS-Auth MTU parms [ L:1621 D:1184 EF:66 EB:0 ET:0 EL:3 ]
Thu Dec 20 18:50:27 2018 us=675129 TUN/TAP device tun0 opened
Thu Dec 20 18:50:27 2018 us=675151 TUN/TAP TX queue length set to 100
Thu Dec 20 18:50:27 2018 us=675494 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Thu Dec 20 18:50:27 2018 us=675509 /sbin/ip link set dev tun0 up mtu 1500
Thu Dec 20 18:50:27 2018 us=677829 /sbin/ip addr add dev tun0 172.16.16.17/29 broadcast 172.16.16.23
Thu Dec 20 18:50:27 2018 us=679369 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
Thu Dec 20 18:50:27 2018 us=679688 Could not determine IPv4/IPv6 protocol. Using AF_INET
Thu Dec 20 18:50:27 2018 us=679779 Socket Buffers: R=[212992->212992] S=[212992->212992]
Thu Dec 20 18:50:27 2018 us=679791 UDPv4 link local (bound): [AF_INET]192.168.1.11:1194
Thu Dec 20 18:50:27 2018 us=679795 UDPv4 link remote: [AF_UNSPEC]
Thu Dec 20 18:50:27 2018 us=679812 GID set to nogroup
Thu Dec 20 18:50:27 2018 us=679849 UID set to nobody
Thu Dec 20 18:50:27 2018 us=679859 MULTI: multi_init called, r=256 v=256
Thu Dec 20 18:50:27 2018 us=679875 IFCONFIG POOL: base=172.16.16.18 size=4, ipv6=0
Thu Dec 20 18:50:27 2018 us=679891 IFCONFIG POOL LIST
Thu Dec 20 18:50:27 2018 us=680356 Initialization Sequence Completed
Thu Dec 20 18:50:32 2018 us=75059 MULTI: multi_create_instance called
Thu Dec 20 18:50:32 2018 us=79083 173.127.176.232:50620 Re-using SSL/TLS context
Thu Dec 20 18:50:32 2018 us=88894 173.127.176.232:50620 Control Channel MTU parms [ L:1621 D:1184 EF:66 EB:0 ET:0 EL:3 ]
Thu Dec 20 18:50:32 2018 us=88905 173.127.176.232:50620 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
Thu Dec 20 18:50:32 2018 us=88925 173.127.176.232:50620 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
Thu Dec 20 18:50:32 2018 us=88930 173.127.176.232:50620 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
Thu Dec 20 18:50:32 2018 us=88944 173.127.176.232:50620 TLS: Initial packet from [AF_INET]173.127.176.232:50620, sid=c96c0eed 240319e9
Thu Dec 20 18:50:32 2018 us=464791 173.127.176.232:50620 VERIFY OK: depth=1, C=US, ST=MO, L=Xxxxxxx, O=Xxxxxx.org, OU=Home, CN=Xxxxxx.org CA, name=EasyRSA, emailAddress=Xxxxxx@Xxxxxx.org
Thu Dec 20 18:50:32 2018 us=464924 173.127.176.232:50620 VERIFY OK: depth=0, C=US, ST=MO, L=Xxxxxxx, O=Xxxxxx.org, OU=Home, CN=client1, name=EasyRSA, emailAddress=Xxxxxx@Xxxxxx.org
Thu Dec 20 18:50:32 2018 us=528764 173.127.176.232:50620 peer info: IV_VER=2.4.6
Thu Dec 20 18:50:32 2018 us=528793 173.127.176.232:50620 peer info: IV_PLAT=win
Thu Dec 20 18:50:32 2018 us=528798 173.127.176.232:50620 peer info: IV_PROTO=2
Thu Dec 20 18:50:32 2018 us=528802 173.127.176.232:50620 peer info: IV_NCP=2
Thu Dec 20 18:50:32 2018 us=528806 173.127.176.232:50620 peer info: IV_LZ4=1
Thu Dec 20 18:50:32 2018 us=528810 173.127.176.232:50620 peer info: IV_LZ4v2=1
Thu Dec 20 18:50:32 2018 us=528814 173.127.176.232:50620 peer info: IV_LZO=1
Thu Dec 20 18:50:32 2018 us=528817 173.127.176.232:50620 peer info: IV_COMP_STUB=1
Thu Dec 20 18:50:32 2018 us=528822 173.127.176.232:50620 peer info: IV_COMP_STUBv2=1
Thu Dec 20 18:50:32 2018 us=528825 173.127.176.232:50620 peer info: IV_TCPNL=1
Thu Dec 20 18:50:32 2018 us=528829 173.127.176.232:50620 peer info: IV_GUI_VER=OpenVPN_GUI_11
Thu Dec 20 18:50:32 2018 us=584273 173.127.176.232:50620 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Thu Dec 20 18:50:32 2018 us=584301 173.127.176.232:50620 [client1] Peer Connection Initiated with [AF_INET]173.127.176.232:50620
Thu Dec 20 18:50:32 2018 us=584317 client1/173.127.176.232:50620 MULTI_sva: pool returned IPv4=172.16.16.18, IPv6=(Not enabled)
Thu Dec 20 18:50:32 2018 us=584358 client1/173.127.176.232:50620 MULTI: Learn: 172.16.16.18 -> client1/173.127.176.232:50620
Thu Dec 20 18:50:32 2018 us=584367 client1/173.127.176.232:50620 MULTI: primary virtual IP for client1/173.127.176.232:50620: 172.16.16.18
Thu Dec 20 18:50:33 2018 us=652154 client1/173.127.176.232:50620 PUSH: Received control message: 'PUSH_REQUEST'
Thu Dec 20 18:50:33 2018 us=652210 client1/173.127.176.232:50620 SENT CONTROL [client1]: 'PUSH_REPLY,route 192.168.1.0 255.255.255.0,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 1.1.1.1,dhcp-option DNS 1.0.0.1,route-gateway 172.16.16.17,topology subnet,ping 10,ping-restart 120,ifconfig 172.16.16.18 255.255.255.248,peer-id 0,cipher AES-256-GCM' (status=1)
Thu Dec 20 18:50:33 2018 us=652220 client1/173.127.176.232:50620 Data Channel: using negotiated cipher 'AES-256-GCM'
Thu Dec 20 18:50:33 2018 us=652232 client1/173.127.176.232:50620 Data Channel MTU parms [ L:1549 D:1450 EF:49 EB:406 ET:0 EL:3 ]
Thu Dec 20 18:50:33 2018 us=652282 client1/173.127.176.232:50620 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Thu Dec 20 18:50:33 2018 us=652288 client1/173.127.176.232:50620 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Thu Dec 20 18:50:33 2018 us=904166 client1/173.127.176.232:50620 MULTI: bad source address from client [::], packet dropped
Client Config

# Specify that we are a client and that we
# will be pulling certain config file directives
# from the server.
client

# Use the same setting as you are using on
# the server.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
;dev tap
dev tun

# Windows needs the TAP-Win32 adapter name
# from the Network Connections panel
# if you have more than one. On XP SP2,
# you may need to disable the firewall
# for the TAP adapter.
;dev-node MyTap

# Are we connecting to a TCP or
# UDP server? Use the same setting as
# on the server.
;proto tcp
proto udp

# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
remote vpn.xxxxx.org XXXX
;remote my-server-2 1194

# Choose a random host from the remote
# list for load-balancing. Otherwise
# try hosts in the order specified.
;remote-random

# Keep trying indefinitely to resolve the
# host name of the OpenVPN server. Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite

# Most clients don't need to bind to
# a specific local port number.
nobind

# Downgrade privileges after initialization (non-Windows only)
user nobody
group nogroup

# Try to preserve some state across restarts.
persist-key
persist-tun

# If you are connecting through an
# HTTP proxy to reach the actual OpenVPN
# server, put the proxy server/IP and
# port number here. See the man page
# if your proxy server requires
# authentication.
;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]

# Wireless networks often produce a lot
# of duplicate packets. Set this flag
# to silence duplicate packet warnings.
;mute-replay-warnings

# SSL/TLS parms.
# See the server config file for more
# description. It's best to use
# a separate .crt/.key file pair
# for each client. A single ca
# file can be used for all clients.
;ca ca.crt
;cert client.crt
;key client.key

# Verify server certificate by checking that the
# certicate has the correct key usage set.
# This is an important precaution to protect against
# a potential attack discussed here:
# http://openvpn.net/howto.html#mitm
#
# To use this feature, you will need to generate
# your server certificates with the keyUsage set to
# digitalSignature, keyEncipherment
# and the extendedKeyUsage to
# serverAuth
# EasyRSA can do this for you.
remote-cert-tls server

# If a tls-auth key is used on the server
# then every client must also have the key.
;tls-auth ta.key 1

# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
# Note that v2.4 client/server will automatically
# negotiate AES-256-GCM in TLS mode.
# See also the ncp-cipher option in the manpage
cipher AES-256-CBC

# Enable compression on the VPN link.
# Don't enable this unless it is also
# enabled in the server config file.
#comp-lzo

# Set log file verbosity.
verb 4

# Silence repeating messages
;mute 20

<ca>
-----BEGIN CERTIFICATE-----
MIIEujCCA6KgAwIBAgIJALrh+9XctoOXMA0GCSqGSIb3DQEBCwUAMIGZMQswCQYD
VQQGEwJVUzELMAkGA1UECBMCTU8xEzARBgNVBAcTCkthbnNhc0NpdHkxEjAQBgNV
BAoTCUJ1c3N5Lm9yZzENMAsGA1UECxMESG9tZTEVMBMGA1UEAxMMQnVzc3kub3Jn
IENBMRAwDgYDVQQpEwdFYXN5UlNBMRwwGgYJKoZIhvcNAQkBFg1sZWVAYnVzc3ku
b3JnMB4XDTE4MTIxMjE2MTgzMFoXDTI4MTIwOTE2MTgzMFowgZkxCzAJBgNVBAYT
AlVTMQswCQYDVQQIEwJNTzETMBEGA1UEBxMKS2Fuc2FzQ2l0eTESMBAGA1UEChMJ
QnVzc3kub3JnMQ0wCwYDVQQLEwRIb21lMRUwEwYDVQQDEwxCdXNzeS5vcmcgQ0Ex
EDAOBgNVBCkTB0Vhc3lSU0ExHDAaBgkqhkiG9w0BCQEWDWxlZUBidXNzeS5vcmcw
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDRENNtApRKw48BVORy5unF
+Jlowt0zLpz7MT2w6WnrBetVMcO/jpqlPr4GB0K83WMrkcZWQ7qVRsRR6uB1KGRm
HRSOSgSmutFsjmvnEn8P5JhJilm02ystJoiYZXNDP3J/hI5Ix4dqnXi2ieCdA9tS
BeclAHJFBalnTEXzoVod/P3zbrfn8gSA5w2d9rwiOxrDSXsu+N4fbtoNLgUkKqOw
WWB4jeKu330saqz9fhfAG0tcMaLmlEzdvaPm2jMjjLzZYPU5WUMod7LiTEGIufr9
v8vDTxSGqxdw3Qd5eXR8XJiWnicnaPOtrqGqedNDzdeYymHVbzeYZOcztVDjcD0/
AgMBAAGjggEBMIH+MB0GA1UdDgQWBBS0Zjly830Resk/vMVHGCFsDpIkCzCBzgYD
VR0jBIHGMIHDgBS0Zjly830Resk/vMVHGCFsDpIkC6GBn6SBnDCBmTELMAkGA1UE
BhMCVVMxCzAJBgNVBAgTAk1PMRMwEQYDVQQHEwpLYW5zYXNDaXR5MRIwEAYDVQQK
EwlCdXNzeS5vcmcxDTALBgNVBAsTBEhvbWUxFTATBgNVBAMTDEJ1c3N5Lm9yZyBD
QTEQMA4GA1UEKRMHRWFzeVJTQTEcMBoGCSqGSIb3DQEJARYNbGVlQGJ1c3N5Lm9y
Z4IJALrh+9XctoOXMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAJSn
Eb/M9OJGoRcdE3FNSSUpcmVUAQnTM7alpjzYLwFRgygbwdB9GT9UGqDdGmujsUMA
LvtZm8zh0x7Voc1Y+2lSnxQAAWOKNUeTwIRfZvggqf2IEXeLmdjhCb3pCurnVJNx
tVfL4MCsom52im8HOh87HVoXxzg+Ae9GXpO51ZRt3ocOK4vmt35NYBgfdHtj9Zsc
A79rngbJG0ZwBZolSrGHjko3CFPyL0nU51rhP0bub1WfdYrNjplCq60Xuelm+Fd1
3gd92o+Ul1GIsPJlPWWmK8mVaH8tpdfkdTAZGvYLJ8rmuKHFuc0msGLZxPN/EEN8
z5ffaqjntypcmO8WrPc=
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
MIIFEDCCA/igAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBmTELMAkGA1UEBhMCVVMx
CzAJBgNVBAgTAk1PMRMwEQYDVQQHEwpLYW5zYXNDaXR5MRIwEAYDVQQKEwlCdXNz
eS5vcmcxDTALBgNVBAsTBEhvbWUxFTATBgNVBAMTDEJ1c3N5Lm9yZyBDQTEQMA4G
A1UEKRMHRWFzeVJTQTEcMBoGCSqGSIb3DQEJARYNbGVlQGJ1c3N5Lm9yZzAeFw0x
ODEyMTIxNjIxMThaFw0yODEyMDkxNjIxMThaMIGUMQswCQYDVQQGEwJVUzELMAkG
A1UECBMCTU8xEzARBgNVBAcTCkthbnNhc0NpdHkxEjAQBgNVBAoTCUJ1c3N5Lm9y
ZzENMAsGA1UECxMESG9tZTEQMA4GA1UEAxMHY2xpZW50MTEQMA4GA1UEKRMHRWFz
eVJTQTEcMBoGCSqGSIb3DQEJARYNbGVlQGJ1c3N5Lm9yZzCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBAKz7q2TAssr6FkvCYhiS2QdHfX8D8MGynoyU4Cs/
BUVjzz1H1cG3tC3l5lwLPeuLzhgRUzJj0pa3mDSiacpH1iTBmB23/W/WYqGP2UPv
w06RGrUFId8NWNNs+OqgTWFWsoDTGZtOM+bH1w1SEzb2FCplz4dB/zh1QUp6VP+7
Yf2apwDSBhevojKf719qkFxYa90QJEjJXEky1JYuTLgOsygfypLFZI6FTn9ciKTN
ROK+1Uojv1xw5me7ax8FsRdkk3VuAo+luQfB/tRRRukMglzMirvg1pzpk66O4a3I
9bbnp3SqMvUX89JLsGAMMKlxZkdrSst7nwUqET4Rhv4L6p8CAwEAAaOCAWQwggFg
MAkGA1UdEwQCMAAwLQYJYIZIAYb4QgENBCAWHkVhc3ktUlNBIEdlbmVyYXRlZCBD
ZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUQTrDQn9TvVuQ2OPrrz6Vr0SIWWQwgc4GA1Ud
IwSBxjCBw4AUtGY5cvN9EXrJP7zFRxghbA6SJAuhgZ+kgZwwgZkxCzAJBgNVBAYT
AlVTMQswCQYDVQQIEwJNTzETMBEGA1UEBxMKS2Fuc2FzQ2l0eTESMBAGA1UEChMJ
QnVzc3kub3JnMQ0wCwYDVQQLEwRIb21lMRUwEwYDVQQDEwxCdXNzeS5vcmcgQ0Ex
EDAOBgNVBCkTB0Vhc3lSU0ExHDAaBgkqhkiG9w0BCQEWDWxlZUBidXNzeS5vcmeC
CQC64fvV3LaDlzATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwEgYD
VR0RBAswCYIHY2xpZW50MTANBgkqhkiG9w0BAQsFAAOCAQEAAEit//TutVusry6q
DlfxLK1u+AqsqISjPnfuT0IcVBgi/Yjce1XZQNY7xpKnlUGgorrdvvw4mDwk7L+C
n2vEsEUHkAmBbcSJr7LfVx+vJR3pqROqefYZ+KwjjKGzS5QHRK3h/ljCNZVqBACF
6k2tcg2SwEIKoYdg7gJMpUZ+f5eCwg/3y08/O6huoFYa4ZerhiMkq20Y75kEUP3a
REhDWsTXpgQyRck9PZ0R25x6MQc1bIlqHSE1YW2ecIcYTXZaXtXPDqB87+I0sKFI
UnmfgXoVbXowFDmcZMVazWVZmvUn2c4mB7dR+hSms3yfFWQt473/pG8s3jiWpSqm
4Vcxeg==
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCs+6tkwLLK+hZL
wmIYktkHR31/A/DBsp6MlOArPwVFY889R9XBt7Qt5eZcCz3ri84YEVMyY9KWt5g0
omnKR9YkwZgdt/1v1mKhj9lD78NOkRq1BSHfDVjTbPjqoE1hVrKA0xmbTjPmx9cN
UhM29hQqZc+HQf84dUFKelT/u2H9mqcA0gYXr6Iyn+9fapBcWGvdECRIyVxJMtSW
Lky4DrMoH8qSxWSOhU5/XIikzUTivtVKI79ccOZnu2sfBbEXZJN1bgKPpbkHwf7U
UUbpDIJczIq74Nac6ZOujuGtyPW256d0qjL1F/PSS7BgDDCpcWZHa0rLe58FKhE+
EYb+C+qfAgMBAAECggEATDb6VgLdA7daWXjElcUloCJsdaj7y6vyVUhG2GcE4ITQ
S1S6JobU+SAA9e7yEjTf0hTYDiyTHVq40f/5EmnCPSGa7wUgwcS4Yiyp8lfSOmyO
UtF3Efqkd0rdBSspzMhRD5dzAc1b6sODydeupZmYWvHOlO6MD4kCAlmR17bsvrpJ
w/naY9bHrf12NxYZ3Spbz0ytJL/VujthVvTGLLxYzKDMnE5ad83f/O+R6a323g0B
/YDqNYA/h0xH2P2en3IcIT+wnL9o+273aNRiE33phseCS1FZRJ7jENEIiayK2GEr
GmhCbaCaiMU9jPvXCPNElvk9fBheNvtJFyqvVFNXkQKBgQDmf1+CHHMRg/Ju/oQW
D71B13tkeo3q9aqVgFsP+e7T5E7xrq8Xq/OI6KJh4EHaOALDNEiWmW2FPWaOBz9L
T+lkEskx3QMqorsAunYtCfBtylvns31WTsUE58/CdeMjGHPIwvNpfjXDZuH/S5Z4
uzTyMe/lASyPpA9T1m26dCP8pwKBgQDAH0DK+0C39/8lEtoTLcKQYWihC94QV7vQ
UB3lIFXQ1yj9KPdBGdp/9V1Yd5u3TYMJXaJrr56g2jjIy/EQMC4HoL3RaXuqEzbT
MTygLj71UF8pZUCS2ApDuJrQN8FTlOLkXPr3aHDdcznCpmMwVH3aB5T68g42ffwb
niGMDsEJSQKBgQCCK36xiQWG58A65KuNlffovhtmRDvvbCuY4HMM07YHnhDjNiaV
tLsFH3PM2Iv4A9ezi8xOmHkcXO+U2AzrqEaDCITtDwahxmLbZ3Ijv1AzgKtkb54h
5rwnKA7RoCfVAxMoVsiGVAtivbB1r6dbqUWeXYtABei3egxZ6Wfwe3RzUwKBgDg/
LiX/JzR1G7LL8SKaTBMfIZW8trfMJ8VWH1p8fANXar2rZ7AclJbPzBNheSpSPCHa
0vl6AhQPr35CDwJxSJidG9Wab0UcuPldueUfhPknHaUt6pjTPTYUbua03BnPRhob
irIyVpDO8kMlmXaF1g6mF5zcjwKvIccoJaQukZ9ZAoGAZdM30ZkUqSTZ+2F4SvpS
gql2Y+Sb81SkAGRX2DcFZP4HDfWu6veTCrSzoy32NAOU+S95mv7pEDxKaoOA187U
RDc/WJG7+YnxKi1f/qtxc7iBwxB5fdQyZq+G7RS+iy2LXf62yxJ1cYz4Tgy/c9H0
vKG0EUDJMEkykJhkVY7g7fI=
-----END PRIVATE KEY-----
</key>
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
50e9f57ea90f21678187c2778a88a646
ab5bf5fb2adc7b6dbbb31cdb9c512c33
f15ce2f1ae609038014df4cf8c2d8594
6e41a154b4ec31e11c44b8f3f3959f1c
9b9348b1f2f9f89e45ff68eb8eef254b
99bc4cbcd2e866eb30dd3f4e4d24de30
6aa14842bf8d47920d248e245207fec9
49071782fd19185b7168b4a28755a228
8d558afc438bf4304cba952790e69ddd
36a1a675139ce341294502c1be2d3c1c
420fd78912ad004c9f5f8b0863ddcc07
9bc1537aa4a8b5cde209cdbbdb06842b
dab7e2658247c94ba1c20f10630fa403
ffd5be3dd86a3df5140b207a213694da
cd3543acd918e5fc7af772a26a703bb8
10ed7d6427bedf6f8b8567cf23a29a9b
-----END OpenVPN Static key V1-----
</tls-auth>


client.log:

Code: Select all

Thu Dec 20 18:50:30 2018 us=102008 OpenVPN 2.4.6 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Apr 26 2018
Thu Dec 20 18:50:30 2018 us=102008 Windows version 6.2 (Windows 8 or greater) 64bit
Thu Dec 20 18:50:30 2018 us=102008 library versions: OpenSSL 1.1.0h  27 Mar 2018, LZO 2.10
Enter Management Password:
Thu Dec 20 18:50:30 2018 us=103006 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Thu Dec 20 18:50:30 2018 us=103006 Need hold release from management interface, waiting...
Thu Dec 20 18:50:30 2018 us=538798 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Thu Dec 20 18:50:30 2018 us=646879 MANAGEMENT: CMD 'state on'
Thu Dec 20 18:50:30 2018 us=647877 MANAGEMENT: CMD 'log all on'
Thu Dec 20 18:50:30 2018 us=931846 MANAGEMENT: CMD 'echo all on'
Thu Dec 20 18:50:30 2018 us=934342 MANAGEMENT: CMD 'bytecount 5'
Thu Dec 20 18:50:30 2018 us=936837 MANAGEMENT: CMD 'hold off'
Thu Dec 20 18:50:30 2018 us=939333 MANAGEMENT: CMD 'hold release'
Thu Dec 20 18:50:30 2018 us=942826 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Dec 20 18:50:30 2018 us=942826 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Dec 20 18:50:30 2018 us=942826 Control Channel MTU parms [ L:1621 D:1184 EF:66 EB:0 ET:0 EL:3 ]
Thu Dec 20 18:50:30 2018 us=942826 MANAGEMENT: >STATE:1545353430,RESOLVE,,,,,,
Thu Dec 20 18:50:31 2018 us=246270 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
Thu Dec 20 18:50:31 2018 us=246270 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
Thu Dec 20 18:50:31 2018 us=246270 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
Thu Dec 20 18:50:31 2018 us=246791 TCP/UDP: Preserving recently used remote address: [AF_INET]XXX.XXX.XXX.XXX:XXXX
Thu Dec 20 18:50:31 2018 us=246791 Socket Buffers: R=[65536->65536] S=[64512->64512]
Thu Dec 20 18:50:31 2018 us=246791 UDP link local: (not bound)
Thu Dec 20 18:50:31 2018 us=247291 UDP link remote: [AF_INET]XXX.XXX.XXX.XXX:XXXX
Thu Dec 20 18:50:31 2018 us=247291 MANAGEMENT: >STATE:1545353431,WAIT,,,,,,
Thu Dec 20 18:50:31 2018 us=436124 MANAGEMENT: >STATE:1545353431,AUTH,,,,,,
Thu Dec 20 18:50:31 2018 us=436623 TLS: Initial packet from [AF_INET]XXX.XXX.XXX.XXX:XXXX, sid=6e960919 42cc5b68
Thu Dec 20 18:50:31 2018 us=614047 VERIFY OK: depth=1, C=US, ST=XX, L=Xxxxxx, O=Xxxxx.org, OU=Home, CN=Xxxxx.org CA, name=EasyRSA, emailAddress=xxxx@Xxxxx.org
Thu Dec 20 18:50:31 2018 us=617035 VERIFY KU OK
Thu Dec 20 18:50:31 2018 us=617539 Validating certificate extended key usage
Thu Dec 20 18:50:31 2018 us=617539 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Thu Dec 20 18:50:31 2018 us=617539 VERIFY EKU OK
Thu Dec 20 18:50:31 2018 us=617539 VERIFY OK: depth=0, C=US, ST=XX, L=Xxxxxx, O=Xxxxx.org, OU=Home, CN=vpn.xxxxxx.org, name=EasyRSA, emailAddress=xxxx@Xxxxx.org
Thu Dec 20 18:50:31 2018 us=759964 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Thu Dec 20 18:50:31 2018 us=760465 [vpn.xxxxxx.org] Peer Connection Initiated with [AF_INET]XXX.XXX.XXX.XXX:XXXX
Thu Dec 20 18:50:32 2018 us=799924 MANAGEMENT: >STATE:1545353432,GET_CONFIG,,,,,,
Thu Dec 20 18:50:32 2018 us=800365 SENT CONTROL [vpn.xxxxxx.org]: 'PUSH_REQUEST' (status=1)
Thu Dec 20 18:50:32 2018 us=882358 PUSH: Received control message: 'PUSH_REPLY,route 192.168.1.0 255.255.255.0,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 1.1.1.1,dhcp-option DNS 1.0.0.1,route-gateway 172.16.16.17,topology subnet,ping 10,ping-restart 120,ifconfig 172.16.16.18 255.255.255.248,peer-id 0,cipher AES-256-GCM'
Thu Dec 20 18:50:32 2018 us=882857 OPTIONS IMPORT: timers and/or timeouts modified
Thu Dec 20 18:50:32 2018 us=882857 OPTIONS IMPORT: --ifconfig/up options modified
Thu Dec 20 18:50:32 2018 us=882857 OPTIONS IMPORT: route options modified
Thu Dec 20 18:50:32 2018 us=882857 OPTIONS IMPORT: route-related options modified
Thu Dec 20 18:50:32 2018 us=882857 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Thu Dec 20 18:50:32 2018 us=882857 OPTIONS IMPORT: peer-id set
Thu Dec 20 18:50:32 2018 us=882857 OPTIONS IMPORT: adjusting link_mtu to 1624
Thu Dec 20 18:50:32 2018 us=883356 OPTIONS IMPORT: data channel crypto options modified
Thu Dec 20 18:50:32 2018 us=883356 Data Channel: using negotiated cipher 'AES-256-GCM'
Thu Dec 20 18:50:32 2018 us=883356 Data Channel MTU parms [ L:1552 D:1450 EF:52 EB:406 ET:0 EL:3 ]
Thu Dec 20 18:50:32 2018 us=883356 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Thu Dec 20 18:50:32 2018 us=883356 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Thu Dec 20 18:50:32 2018 us=883855 interactive service msg_channel=756
Thu Dec 20 18:50:32 2018 us=895811 ROUTE_GATEWAY 192.168.128.1/255.255.255.0 I=17 HWADDR=68:17:29:ea:5a:1f
Thu Dec 20 18:50:32 2018 us=924771 open_tun
Thu Dec 20 18:50:32 2018 us=926769 TAP-WIN32 device [OpenVPN] opened: \\.\Global\{D16B7208-63B2-4724-9633-F0F5A4EFC530}.tap
Thu Dec 20 18:50:32 2018 us=927267 TAP-Windows Driver Version 9.21 
Thu Dec 20 18:50:32 2018 us=927267 TAP-Windows MTU=1500
Thu Dec 20 18:50:32 2018 us=931259 Set TAP-Windows TUN subnet mode network/local/netmask = 172.16.16.16/172.16.16.18/255.255.255.248 [SUCCEEDED]
Thu Dec 20 18:50:32 2018 us=931259 Notified TAP-Windows driver to set a DHCP IP/netmask of 172.16.16.18/255.255.255.248 on interface {D16B7208-63B2-4724-9633-F0F5A4EFC530} [DHCP-serv: 172.16.16.22, lease-time: 31536000]
Thu Dec 20 18:50:32 2018 us=931259 DHCP option string: 06080101 01010100 0001
Thu Dec 20 18:50:32 2018 us=931259 Successful ARP Flush on interface [21] {D16B7208-63B2-4724-9633-F0F5A4EFC530}
Thu Dec 20 18:50:32 2018 us=942224 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Thu Dec 20 18:50:32 2018 us=942224 MANAGEMENT: >STATE:1545353432,ASSIGN_IP,,172.16.16.18,,,,
Thu Dec 20 18:50:37 2018 us=74276 TEST ROUTES: 2/2 succeeded len=1 ret=1 a=0 u/d=up
Thu Dec 20 18:50:37 2018 us=74276 C:\Windows\system32\route.exe ADD XXX.XXX.XXX.XXX MASK 255.255.255.255 192.168.128.1
Thu Dec 20 18:50:37 2018 us=78277 Route addition via service succeeded
Thu Dec 20 18:50:37 2018 us=78277 C:\Windows\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 172.16.16.17
Thu Dec 20 18:50:37 2018 us=82786 Route addition via service succeeded
Thu Dec 20 18:50:37 2018 us=82786 C:\Windows\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 172.16.16.17
Thu Dec 20 18:50:37 2018 us=95252 Route addition via service succeeded
Thu Dec 20 18:50:37 2018 us=95252 MANAGEMENT: >STATE:1545353437,ADD_ROUTES,,,,,,
Thu Dec 20 18:50:37 2018 us=95252 C:\Windows\system32\route.exe ADD 192.168.1.0 MASK 255.255.255.0 172.16.16.17
Thu Dec 20 18:50:37 2018 us=108711 Route addition via service succeeded
Thu Dec 20 18:50:37 2018 us=109212 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Thu Dec 20 18:50:37 2018 us=109212 Initialization Sequence Completed
Thu Dec 20 18:50:37 2018 us=109212 MANAGEMENT: >STATE:1545353437,CONNECTED,SUCCESS,172.16.16.18,XXX.XXX.XXX.XXX,XXXX,,
Thu Dec 20 18:51:05 2018 us=620059 TCP/UDP: Closing socket
Thu Dec 20 18:51:05 2018 us=620554 C:\Windows\system32\route.exe DELETE 192.168.1.0 MASK 255.255.255.0 172.16.16.17
Thu Dec 20 18:51:05 2018 us=626045 Route deletion via service succeeded
Thu Dec 20 18:51:05 2018 us=626045 C:\Windows\system32\route.exe DELETE XXX.XXX.XXX.XXX MASK 255.255.255.255 192.168.128.1
Thu Dec 20 18:51:05 2018 us=631550 Route deletion via service succeeded
Thu Dec 20 18:51:05 2018 us=631550 C:\Windows\system32\route.exe DELETE 0.0.0.0 MASK 128.0.0.0 172.16.16.17
Thu Dec 20 18:51:05 2018 us=637025 Route deletion via service succeeded
Thu Dec 20 18:51:05 2018 us=637025 C:\Windows\system32\route.exe DELETE 128.0.0.0 MASK 128.0.0.0 172.16.16.17
Thu Dec 20 18:51:05 2018 us=643512 Route deletion via service succeeded
Thu Dec 20 18:51:05 2018 us=643512 Closing TUN/TAP interface
Thu Dec 20 18:51:05 2018 us=673955 TAP: DHCP address released
Thu Dec 20 18:51:05 2018 us=673955 SIGTERM[hard,] received, process exiting
Thu Dec 20 18:51:05 2018 us=674455 MANAGEMENT: >STATE:1545353465,EXITING,SIGTERM,,,,,
Client IPCONFIG:

Code: Select all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : Sweet
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : lan

Ethernet adapter Ethernet:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : A0-D3-C1-71-28-4C
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter OpenVPN:

   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : TAP-Windows Adapter V9
   Physical Address. . . . . . . . . : 00-FF-D1-6B-72-08
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::b948:aac5:497f:4853%21(Preferred) 
   IPv4 Address. . . . . . . . . . . : 172.16.16.18(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.248
   Lease Obtained. . . . . . . . . . : Thursday, December 20, 2018 6:50:32 PM
   Lease Expires . . . . . . . . . . : Friday, December 20, 2019 6:50:33 PM
   Default Gateway . . . . . . . . . : 
   DHCP Server . . . . . . . . . . . : 172.16.16.22
   DHCPv6 IAID . . . . . . . . . . . : 352387025
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-23-75-41-2C-A0-D3-C1-71-28-4C
   DNS Servers . . . . . . . . . . . : 1.1.1.1
                                       1.0.0.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Wireless LAN adapter Wi-Fi:

   Connection-specific DNS Suffix  . : lan
   Description . . . . . . . . . . . : Intel(R) Centrino(R) Wireless-N 2230
   Physical Address. . . . . . . . . : 68-17-29-EA-5A-1F
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2600:1:d724:1d93:c80d:98ff:4dbe:86df(Preferred) 
   Temporary IPv6 Address. . . . . . : 2600:1:d724:1d93:b426:9aa4:c4ba:1d9c(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::c80d:98ff:4dbe:86df%17(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.128.34(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Thursday, December 20, 2018 6:50:23 PM
   Lease Expires . . . . . . . . . . : Friday, December 21, 2018 6:50:24 PM
   Default Gateway . . . . . . . . . : fe80::55d6:48b1:f4fb:d69c%17
                                       192.168.128.1
   DHCP Server . . . . . . . . . . . : 192.168.128.1
   DHCPv6 IAID . . . . . . . . . . . : 141039401
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-23-75-41-2C-A0-D3-C1-71-28-4C
   DNS Servers . . . . . . . . . . . : 2606:4700:4700::1111
                                       2606:4700:4700::1001
                                       1.1.1.1
                                       1.0.0.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
   Connection-specific DNS Suffix Search List :
                                       lan
Thanks for getting me this close!

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 5571
Joined: Fri Jun 03, 2016 1:17 pm

Re: Need TAP, Can't Route @ Default GW

Post by TinCanTech » Fri Dec 21, 2018 2:59 am

Are you claiming, that after all this time, you have still not found MASQ or NAT
on the OpenVPN.inc website / Howto ?

LCB
OpenVPN User
Posts: 15
Joined: Wed Dec 12, 2018 3:08 pm

Re: Need TAP, Can't Route @ Default GW

Post by LCB » Fri Dec 21, 2018 2:32 pm

TinCanTech wrote:
Fri Dec 21, 2018 2:59 am
Are you claiming, that after all this time, you have still not found MASQ or NAT
on the OpenVPN.inc website / Howto ?
Or you could say "check your firewall rules."

I did indeed find that section, and I followed the instructions:

Code: Select all

iptables -t nat -A POSTROUTING -s 172.16.16.16/29 -o enp0s3 -j MASQUERADE
My problem apparently is that Ubuntu 18 has decreed that all configurations that used to be perfectly manageable are now 10x harder.

... now I'm off to figure out how to use ufw or iptables-persistent or netfilter-persistent or something I guess.

LCB
OpenVPN User
Posts: 15
Joined: Wed Dec 12, 2018 3:08 pm

Re: Need TUN, Can't Route @ Default GW

Post by LCB » Tue Dec 25, 2018 1:01 pm

So I'm sure you've been waiting with bated breath to see how it's turned out for me. Still no go and despite what I said previously my VPN does not seem to be routing anything. As you will see below the connection does not receive a default gateway. Pretty frustrated at this point. Please don't tell me I didn't read something because I'm pretty sure I've read ALL of the documentation a couple times by now. If I configured something wrong (and I'm sure I did) it's probably because it plain did not make sense to me when I read it.

Client and server configurations remain as above, other current info follows.

/etc/iptables/rules.v4:

Code: Select all

# Generated by iptables-save v1.6.1 on Tue Dec 25 06:33:09 2018
*nat
:PREROUTING ACCEPT [1223:144391]
:INPUT ACCEPT [275:78420]
:OUTPUT ACCEPT [57:3760]
:POSTROUTING ACCEPT [57:3760]
-A POSTROUTING -s 172.16.16.16/29 -o enp0s3 -j MASQUERADE
COMMIT
# Completed on Tue Dec 25 06:33:09 2018
# Generated by iptables-save v1.6.1 on Tue Dec 25 06:33:09 2018
*filter
:INPUT ACCEPT [67:33261]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [4:372]
-A INPUT -i tun+ -j ACCEPT
-A FORWARD -i enp0s3 -o tun+ -j ACCEPT
-A FORWARD -i tun+ -o enp0s3 -j ACCEPT
COMMIT
# Completed on Tue Dec 25 06:33:09 2018
# Generated by iptables-save v1.6.1 on Tue Dec 25 06:33:09 2018
*mangle
:PREROUTING ACCEPT [4103:1648120]
:INPUT ACCEPT [3153:1582069]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [368:41829]
:POSTROUTING ACCEPT [381:43587]
COMMIT
# Completed on Tue Dec 25 06:33:09 2018
# Generated by iptables-save v1.6.1 on Tue Dec 25 06:33:09 2018
*raw
:PREROUTING ACCEPT [4103:1648120]
:OUTPUT ACCEPT [368:41829]
COMMIT
# Completed on Tue Dec 25 06:33:09 2018
iptables -L:

Code: Select all

Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
client.log

Code: Select all

Tue Dec 25 06:00:20 2018 NOTE: --user option is not implemented on Windows
Tue Dec 25 06:00:20 2018 NOTE: --group option is not implemented on Windows
Tue Dec 25 06:00:20 2018 us=977397 Current Parameter Settings:
Tue Dec 25 06:00:20 2018 us=977397   config = 'xxxxx VPN UDP.ovpn'
Tue Dec 25 06:00:20 2018 us=977397   mode = 0
Tue Dec 25 06:00:20 2018 us=977397   show_ciphers = DISABLED
Tue Dec 25 06:00:20 2018 us=977397   show_digests = DISABLED
Tue Dec 25 06:00:20 2018 us=977397   show_engines = DISABLED
Tue Dec 25 06:00:20 2018 us=977397   genkey = DISABLED
Tue Dec 25 06:00:20 2018 us=977397   key_pass_file = '[UNDEF]'
Tue Dec 25 06:00:20 2018 us=977397   show_tls_ciphers = DISABLED
Tue Dec 25 06:00:20 2018 us=977397   connect_retry_max = 0
Tue Dec 25 06:00:20 2018 us=977397 Connection profiles [0]:
Tue Dec 25 06:00:20 2018 us=977397   proto = udp
Tue Dec 25 06:00:20 2018 us=977397   local = '[UNDEF]'
Tue Dec 25 06:00:20 2018 us=977397   local_port = '[UNDEF]'
Tue Dec 25 06:00:20 2018 us=977397   remote = 'vpn.xxxxx.org'
Tue Dec 25 06:00:20 2018 us=977397   remote_port = '1194'
Tue Dec 25 06:00:20 2018 us=977397   remote_float = DISABLED
Tue Dec 25 06:00:20 2018 us=977397   bind_defined = DISABLED
Tue Dec 25 06:00:20 2018 us=977397   bind_local = DISABLED
Tue Dec 25 06:00:20 2018 us=977397   bind_ipv6_only = DISABLED
Tue Dec 25 06:00:20 2018 us=977397   connect_retry_seconds = 5
Tue Dec 25 06:00:20 2018 us=977397   connect_timeout = 120
Tue Dec 25 06:00:20 2018 us=977397   socks_proxy_server = '[UNDEF]'
Tue Dec 25 06:00:20 2018 us=977397   socks_proxy_port = '[UNDEF]'
Tue Dec 25 06:00:20 2018 us=977397   tun_mtu = 1500
Tue Dec 25 06:00:20 2018 us=977397   tun_mtu_defined = ENABLED
Tue Dec 25 06:00:20 2018 us=977397   link_mtu = 1500
Tue Dec 25 06:00:20 2018 us=977397   link_mtu_defined = DISABLED
Tue Dec 25 06:00:20 2018 us=977397   tun_mtu_extra = 0
Tue Dec 25 06:00:20 2018 us=977397   tun_mtu_extra_defined = DISABLED
Tue Dec 25 06:00:20 2018 us=977397   mtu_discover_type = -1
Tue Dec 25 06:00:20 2018 us=977397   fragment = 0
Tue Dec 25 06:00:20 2018 us=977397   mssfix = 1450
Tue Dec 25 06:00:20 2018 us=977397   explicit_exit_notification = 0
Tue Dec 25 06:00:20 2018 us=977397 Connection profiles END
Tue Dec 25 06:00:20 2018 us=977397   remote_random = DISABLED
Tue Dec 25 06:00:20 2018 us=977397   ipchange = '[UNDEF]'
Tue Dec 25 06:00:20 2018 us=977397   dev = 'tun'
Tue Dec 25 06:00:20 2018 us=977397   dev_type = '[UNDEF]'
Tue Dec 25 06:00:20 2018 us=977397   dev_node = '[UNDEF]'
Tue Dec 25 06:00:20 2018 us=977397   lladdr = '[UNDEF]'
Tue Dec 25 06:00:20 2018 us=977397   topology = 1
Tue Dec 25 06:00:20 2018 us=977397   ifconfig_local = '[UNDEF]'
Tue Dec 25 06:00:20 2018 us=977397   ifconfig_remote_netmask = '[UNDEF]'
Tue Dec 25 06:00:20 2018 us=977397   ifconfig_noexec = DISABLED
Tue Dec 25 06:00:20 2018 us=977397   ifconfig_nowarn = DISABLED
Tue Dec 25 06:00:20 2018 us=977397   ifconfig_ipv6_local = '[UNDEF]'
Tue Dec 25 06:00:20 2018 us=977397   ifconfig_ipv6_netbits = 0
Tue Dec 25 06:00:20 2018 us=977397   ifconfig_ipv6_remote = '[UNDEF]'
Tue Dec 25 06:00:20 2018 us=977397   shaper = 0
Tue Dec 25 06:00:20 2018 us=977397   mtu_test = 0
Tue Dec 25 06:00:20 2018 us=977397   mlock = DISABLED
Tue Dec 25 06:00:20 2018 us=977397   keepalive_ping = 0
Tue Dec 25 06:00:20 2018 us=977397   keepalive_timeout = 0
Tue Dec 25 06:00:20 2018 us=977397   inactivity_timeout = 0
Tue Dec 25 06:00:20 2018 us=977397   ping_send_timeout = 0
Tue Dec 25 06:00:20 2018 us=977397   ping_rec_timeout = 0
Tue Dec 25 06:00:20 2018 us=977397   ping_rec_timeout_action = 0
Tue Dec 25 06:00:20 2018 us=977397   ping_timer_remote = DISABLED
Tue Dec 25 06:00:20 2018 us=977397   remap_sigusr1 = 0
Tue Dec 25 06:00:20 2018 us=977397   persist_tun = ENABLED
Tue Dec 25 06:00:20 2018 us=977397   persist_local_ip = DISABLED
Tue Dec 25 06:00:20 2018 us=977397   persist_remote_ip = DISABLED
Tue Dec 25 06:00:20 2018 us=977397   persist_key = ENABLED
Tue Dec 25 06:00:20 2018 us=977397   passtos = DISABLED
Tue Dec 25 06:00:20 2018 us=977397   resolve_retry_seconds = 1000000000
Tue Dec 25 06:00:20 2018 us=977397   resolve_in_advance = DISABLED
Tue Dec 25 06:00:20 2018 us=977397   username = '[UNDEF]'
Tue Dec 25 06:00:20 2018 us=977397   groupname = '[UNDEF]'
Tue Dec 25 06:00:20 2018 us=977397   chroot_dir = '[UNDEF]'
Tue Dec 25 06:00:20 2018 us=977397   cd_dir = '[UNDEF]'
Tue Dec 25 06:00:20 2018 us=977397   writepid = '[UNDEF]'
Tue Dec 25 06:00:20 2018 us=977397   up_script = '[UNDEF]'
Tue Dec 25 06:00:20 2018 us=977397   down_script = '[UNDEF]'
Tue Dec 25 06:00:20 2018 us=977397   down_pre = DISABLED
Tue Dec 25 06:00:20 2018 us=977397   up_restart = DISABLED
Tue Dec 25 06:00:20 2018 us=977397   up_delay = DISABLED
Tue Dec 25 06:00:20 2018 us=977397   daemon = DISABLED
Tue Dec 25 06:00:20 2018 us=977397   inetd = 0
Tue Dec 25 06:00:20 2018 us=977397   log = ENABLED
Tue Dec 25 06:00:20 2018 us=977397   suppress_timestamps = DISABLED
Tue Dec 25 06:00:20 2018 us=977397   machine_readable_output = DISABLED
Tue Dec 25 06:00:20 2018 us=977397   nice = 0
Tue Dec 25 06:00:20 2018 us=977397   verbosity = 4
Tue Dec 25 06:00:20 2018 us=977397   mute = 0
Tue Dec 25 06:00:20 2018 us=977397   gremlin = 0
Tue Dec 25 06:00:20 2018 us=977397   status_file = '[UNDEF]'
Tue Dec 25 06:00:20 2018 us=977397   status_file_version = 1
Tue Dec 25 06:00:20 2018 us=977397   status_file_update_freq = 60
Tue Dec 25 06:00:20 2018 us=977397   occ = ENABLED
Tue Dec 25 06:00:20 2018 us=977397   rcvbuf = 0
Tue Dec 25 06:00:20 2018 us=977397   sndbuf = 0
Tue Dec 25 06:00:20 2018 us=977397   sockflags = 0
Tue Dec 25 06:00:20 2018 us=977397   fast_io = DISABLED
Tue Dec 25 06:00:20 2018 us=977397   comp.alg = 0
Tue Dec 25 06:00:20 2018 us=977397   comp.flags = 0
Tue Dec 25 06:00:20 2018 us=977397   route_script = '[UNDEF]'
Tue Dec 25 06:00:20 2018 us=977397   route_default_gateway = '[UNDEF]'
Tue Dec 25 06:00:20 2018 us=977397   route_default_metric = 0
Tue Dec 25 06:00:20 2018 us=977397   route_noexec = DISABLED
Tue Dec 25 06:00:20 2018 us=977397   route_delay = 5
Tue Dec 25 06:00:20 2018 us=977397   route_delay_window = 30
Tue Dec 25 06:00:20 2018 us=977397   route_delay_defined = ENABLED
Tue Dec 25 06:00:20 2018 us=977397   route_nopull = DISABLED
Tue Dec 25 06:00:20 2018 us=977397   route_gateway_via_dhcp = DISABLED
Tue Dec 25 06:00:20 2018 us=977397   allow_pull_fqdn = DISABLED
Tue Dec 25 06:00:20 2018 us=977397   management_addr = '127.0.0.1'
Tue Dec 25 06:00:20 2018 us=977397   management_port = '25341'
Tue Dec 25 06:00:20 2018 us=977397   management_user_pass = 'stdin'
Tue Dec 25 06:00:20 2018 us=977397   management_log_history_cache = 250
Tue Dec 25 06:00:20 2018 us=977397   management_echo_buffer_size = 100
Tue Dec 25 06:00:20 2018 us=977397   management_write_peer_info_file = '[UNDEF]'
Tue Dec 25 06:00:20 2018 us=977397   management_client_user = '[UNDEF]'
Tue Dec 25 06:00:20 2018 us=977397   management_client_group = '[UNDEF]'
Tue Dec 25 06:00:20 2018 us=977397   management_flags = 6
Tue Dec 25 06:00:20 2018 us=977397   shared_secret_file = '[UNDEF]'
Tue Dec 25 06:00:20 2018 us=977397   key_direction = 1
Tue Dec 25 06:00:20 2018 us=977397   ciphername = 'AES-256-CBC'
Tue Dec 25 06:00:20 2018 us=977397   ncp_enabled = ENABLED
Tue Dec 25 06:00:20 2018 us=977397   ncp_ciphers = 'AES-256-GCM:AES-128-GCM'
Tue Dec 25 06:00:20 2018 us=977397   authname = 'SHA1'
Tue Dec 25 06:00:20 2018 us=977397   prng_hash = 'SHA1'
Tue Dec 25 06:00:20 2018 us=977397   prng_nonce_secret_len = 16
Tue Dec 25 06:00:20 2018 us=977397   keysize = 0
Tue Dec 25 06:00:20 2018 us=977397   engine = DISABLED
Tue Dec 25 06:00:20 2018 us=977397   replay = ENABLED
Tue Dec 25 06:00:20 2018 us=977397   mute_replay_warnings = DISABLED
Tue Dec 25 06:00:20 2018 us=977397   replay_window = 64
Tue Dec 25 06:00:20 2018 us=977397   replay_time = 15
Tue Dec 25 06:00:20 2018 us=977397   packet_id_file = '[UNDEF]'
Tue Dec 25 06:00:20 2018 us=977397   use_iv = ENABLED
Tue Dec 25 06:00:20 2018 us=977397   test_crypto = DISABLED
Tue Dec 25 06:00:20 2018 us=977397   tls_server = DISABLED
Tue Dec 25 06:00:20 2018 us=977397   tls_client = ENABLED
Tue Dec 25 06:00:20 2018 us=977397   key_method = 2
Tue Dec 25 06:00:20 2018 us=977397   ca_file = '[[INLINE]]'
Tue Dec 25 06:00:20 2018 us=977397   ca_path = '[UNDEF]'
Tue Dec 25 06:00:20 2018 us=977397   dh_file = '[UNDEF]'
Tue Dec 25 06:00:20 2018 us=977397   cert_file = '[[INLINE]]'
Tue Dec 25 06:00:20 2018 us=977397   extra_certs_file = '[UNDEF]'
Tue Dec 25 06:00:20 2018 us=977397   priv_key_file = '[[INLINE]]'
Tue Dec 25 06:00:20 2018 us=977397   pkcs12_file = '[UNDEF]'
Tue Dec 25 06:00:20 2018 us=977397   cryptoapi_cert = '[UNDEF]'
Tue Dec 25 06:00:20 2018 us=977397   cipher_list = '[UNDEF]'
Tue Dec 25 06:00:20 2018 us=977397   tls_cert_profile = '[UNDEF]'
Tue Dec 25 06:00:20 2018 us=977397   tls_verify = '[UNDEF]'
Tue Dec 25 06:00:20 2018 us=977397   tls_export_cert = '[UNDEF]'
Tue Dec 25 06:00:20 2018 us=977397   verify_x509_type = 0
Tue Dec 25 06:00:20 2018 us=977397   verify_x509_name = '[UNDEF]'
Tue Dec 25 06:00:20 2018 us=977397   crl_file = '[UNDEF]'
Tue Dec 25 06:00:20 2018 us=977397   ns_cert_type = 0
Tue Dec 25 06:00:20 2018 us=977397   remote_cert_ku[i] = 65535
Tue Dec 25 06:00:20 2018 us=977397   remote_cert_ku[i] = 0
Tue Dec 25 06:00:20 2018 us=977397   remote_cert_ku[i] = 0
Tue Dec 25 06:00:20 2018 us=977397   remote_cert_ku[i] = 0
Tue Dec 25 06:00:20 2018 us=977397   remote_cert_ku[i] = 0
Tue Dec 25 06:00:20 2018 us=977397   remote_cert_ku[i] = 0
Tue Dec 25 06:00:20 2018 us=977397   remote_cert_ku[i] = 0
Tue Dec 25 06:00:20 2018 us=977397   remote_cert_ku[i] = 0
Tue Dec 25 06:00:20 2018 us=977397   remote_cert_ku[i] = 0
Tue Dec 25 06:00:20 2018 us=977397   remote_cert_ku[i] = 0
Tue Dec 25 06:00:20 2018 us=977397   remote_cert_ku[i] = 0
Tue Dec 25 06:00:20 2018 us=977397   remote_cert_ku[i] = 0
Tue Dec 25 06:00:20 2018 us=977397   remote_cert_ku[i] = 0
Tue Dec 25 06:00:20 2018 us=977397   remote_cert_ku[i] = 0
Tue Dec 25 06:00:20 2018 us=977397   remote_cert_ku[i] = 0
Tue Dec 25 06:00:20 2018 us=977397   remote_cert_ku[i] = 0
Tue Dec 25 06:00:20 2018 us=977397   remote_cert_eku = 'TLS Web Server Authentication'
Tue Dec 25 06:00:20 2018 us=977397   ssl_flags = 0
Tue Dec 25 06:00:20 2018 us=977397   tls_timeout = 2
Tue Dec 25 06:00:20 2018 us=977397   renegotiate_bytes = -1
Tue Dec 25 06:00:20 2018 us=977397   renegotiate_packets = 0
Tue Dec 25 06:00:20 2018 us=977397   renegotiate_seconds = 3600
Tue Dec 25 06:00:20 2018 us=977397   handshake_window = 60
Tue Dec 25 06:00:20 2018 us=977397   transition_window = 3600
Tue Dec 25 06:00:20 2018 us=977397   single_session = DISABLED
Tue Dec 25 06:00:20 2018 us=977397   push_peer_info = DISABLED
Tue Dec 25 06:00:20 2018 us=977397   tls_exit = DISABLED
Tue Dec 25 06:00:20 2018 us=977397   tls_auth_file = '[[INLINE]]'
Tue Dec 25 06:00:20 2018 us=977397   tls_crypt_file = '[UNDEF]'
Tue Dec 25 06:00:20 2018 us=977397   pkcs11_protected_authentication = DISABLED
Tue Dec 25 06:00:20 2018 us=977397   pkcs11_protected_authentication = DISABLED
Tue Dec 25 06:00:20 2018 us=977397   pkcs11_protected_authentication = DISABLED
Tue Dec 25 06:00:20 2018 us=977397   pkcs11_protected_authentication = DISABLED
Tue Dec 25 06:00:20 2018 us=977397   pkcs11_protected_authentication = DISABLED
Tue Dec 25 06:00:20 2018 us=977397   pkcs11_protected_authentication = DISABLED
Tue Dec 25 06:00:20 2018 us=977397   pkcs11_protected_authentication = DISABLED
Tue Dec 25 06:00:20 2018 us=977397   pkcs11_protected_authentication = DISABLED
Tue Dec 25 06:00:20 2018 us=977397   pkcs11_protected_authentication = DISABLED
Tue Dec 25 06:00:20 2018 us=977397   pkcs11_protected_authentication = DISABLED
Tue Dec 25 06:00:20 2018 us=977397   pkcs11_protected_authentication = DISABLED
Tue Dec 25 06:00:20 2018 us=977397   pkcs11_protected_authentication = DISABLED
Tue Dec 25 06:00:20 2018 us=977397   pkcs11_protected_authentication = DISABLED
Tue Dec 25 06:00:20 2018 us=977397   pkcs11_protected_authentication = DISABLED
Tue Dec 25 06:00:20 2018 us=977397   pkcs11_protected_authentication = DISABLED
Tue Dec 25 06:00:20 2018 us=977397   pkcs11_protected_authentication = DISABLED
Tue Dec 25 06:00:20 2018 us=977397   pkcs11_private_mode = 00000000
Tue Dec 25 06:00:20 2018 us=977397   pkcs11_private_mode = 00000000
Tue Dec 25 06:00:20 2018 us=977397   pkcs11_private_mode = 00000000
Tue Dec 25 06:00:20 2018 us=977397   pkcs11_private_mode = 00000000
Tue Dec 25 06:00:20 2018 us=977397   pkcs11_private_mode = 00000000
Tue Dec 25 06:00:20 2018 us=977397   pkcs11_private_mode = 00000000
Tue Dec 25 06:00:20 2018 us=977397   pkcs11_private_mode = 00000000
Tue Dec 25 06:00:20 2018 us=977397   pkcs11_private_mode = 00000000
Tue Dec 25 06:00:20 2018 us=977397   pkcs11_private_mode = 00000000
Tue Dec 25 06:00:20 2018 us=977397   pkcs11_private_mode = 00000000
Tue Dec 25 06:00:20 2018 us=977397   pkcs11_private_mode = 00000000
Tue Dec 25 06:00:20 2018 us=977397   pkcs11_private_mode = 00000000
Tue Dec 25 06:00:20 2018 us=977397   pkcs11_private_mode = 00000000
Tue Dec 25 06:00:20 2018 us=977397   pkcs11_private_mode = 00000000
Tue Dec 25 06:00:20 2018 us=977397   pkcs11_private_mode = 00000000
Tue Dec 25 06:00:20 2018 us=977397   pkcs11_private_mode = 00000000
Tue Dec 25 06:00:20 2018 us=977397   pkcs11_cert_private = DISABLED
Tue Dec 25 06:00:20 2018 us=977397   pkcs11_cert_private = DISABLED
Tue Dec 25 06:00:20 2018 us=977397   pkcs11_cert_private = DISABLED
Tue Dec 25 06:00:20 2018 us=977397   pkcs11_cert_private = DISABLED
Tue Dec 25 06:00:20 2018 us=977397   pkcs11_cert_private = DISABLED
Tue Dec 25 06:00:20 2018 us=977397   pkcs11_cert_private = DISABLED
Tue Dec 25 06:00:20 2018 us=977397   pkcs11_cert_private = DISABLED
Tue Dec 25 06:00:20 2018 us=977397   pkcs11_cert_private = DISABLED
Tue Dec 25 06:00:20 2018 us=977397   pkcs11_cert_private = DISABLED
Tue Dec 25 06:00:20 2018 us=977397   pkcs11_cert_private = DISABLED
Tue Dec 25 06:00:20 2018 us=977397   pkcs11_cert_private = DISABLED
Tue Dec 25 06:00:20 2018 us=977397   pkcs11_cert_private = DISABLED
Tue Dec 25 06:00:20 2018 us=977397   pkcs11_cert_private = DISABLED
Tue Dec 25 06:00:20 2018 us=977397   pkcs11_cert_private = DISABLED
Tue Dec 25 06:00:20 2018 us=977397   pkcs11_cert_private = DISABLED
Tue Dec 25 06:00:20 2018 us=977397   pkcs11_cert_private = DISABLED
Tue Dec 25 06:00:20 2018 us=977397   pkcs11_pin_cache_period = -1
Tue Dec 25 06:00:20 2018 us=977397   pkcs11_id = '[UNDEF]'
Tue Dec 25 06:00:20 2018 us=977397   pkcs11_id_management = DISABLED
Tue Dec 25 06:00:20 2018 us=977397   server_network = 0.0.0.0
Tue Dec 25 06:00:20 2018 us=977397   server_netmask = 0.0.0.0
Tue Dec 25 06:00:20 2018 us=977397   server_network_ipv6 = ::
Tue Dec 25 06:00:20 2018 us=977397   server_netbits_ipv6 = 0
Tue Dec 25 06:00:20 2018 us=977397   server_bridge_ip = 0.0.0.0
Tue Dec 25 06:00:20 2018 us=977397   server_bridge_netmask = 0.0.0.0
Tue Dec 25 06:00:20 2018 us=977397   server_bridge_pool_start = 0.0.0.0
Tue Dec 25 06:00:20 2018 us=977397   server_bridge_pool_end = 0.0.0.0
Tue Dec 25 06:00:20 2018 us=977397   ifconfig_pool_defined = DISABLED
Tue Dec 25 06:00:20 2018 us=977397   ifconfig_pool_start = 0.0.0.0
Tue Dec 25 06:00:20 2018 us=977397   ifconfig_pool_end = 0.0.0.0
Tue Dec 25 06:00:20 2018 us=977397   ifconfig_pool_netmask = 0.0.0.0
Tue Dec 25 06:00:20 2018 us=977397   ifconfig_pool_persist_filename = '[UNDEF]'
Tue Dec 25 06:00:20 2018 us=977397   ifconfig_pool_persist_refresh_freq = 600
Tue Dec 25 06:00:20 2018 us=977397   ifconfig_ipv6_pool_defined = DISABLED
Tue Dec 25 06:00:20 2018 us=977397   ifconfig_ipv6_pool_base = ::
Tue Dec 25 06:00:20 2018 us=977397   ifconfig_ipv6_pool_netbits = 0
Tue Dec 25 06:00:20 2018 us=977397   n_bcast_buf = 256
Tue Dec 25 06:00:20 2018 us=977397   tcp_queue_limit = 64
Tue Dec 25 06:00:20 2018 us=977397   real_hash_size = 256
Tue Dec 25 06:00:20 2018 us=977397   virtual_hash_size = 256
Tue Dec 25 06:00:20 2018 us=977397   client_connect_script = '[UNDEF]'
Tue Dec 25 06:00:20 2018 us=977397   learn_address_script = '[UNDEF]'
Tue Dec 25 06:00:20 2018 us=977397   client_disconnect_script = '[UNDEF]'
Tue Dec 25 06:00:20 2018 us=977397   client_config_dir = '[UNDEF]'
Tue Dec 25 06:00:20 2018 us=977397   ccd_exclusive = DISABLED
Tue Dec 25 06:00:20 2018 us=977397   tmp_dir = 'C:\Users\xxxxx\AppData\Local\Temp\'
Tue Dec 25 06:00:20 2018 us=977397   push_ifconfig_defined = DISABLED
Tue Dec 25 06:00:20 2018 us=977397   push_ifconfig_local = 0.0.0.0
Tue Dec 25 06:00:20 2018 us=977397   push_ifconfig_remote_netmask = 0.0.0.0
Tue Dec 25 06:00:20 2018 us=977397   push_ifconfig_ipv6_defined = DISABLED
Tue Dec 25 06:00:20 2018 us=977397   push_ifconfig_ipv6_local = ::/0
Tue Dec 25 06:00:20 2018 us=977397   push_ifconfig_ipv6_remote = ::
Tue Dec 25 06:00:20 2018 us=977397   enable_c2c = DISABLED
Tue Dec 25 06:00:20 2018 us=977397   duplicate_cn = DISABLED
Tue Dec 25 06:00:20 2018 us=977397   cf_max = 0
Tue Dec 25 06:00:20 2018 us=977397   cf_per = 0
Tue Dec 25 06:00:20 2018 us=977397   max_clients = 1024
Tue Dec 25 06:00:20 2018 us=977397   max_routes_per_client = 256
Tue Dec 25 06:00:20 2018 us=977397   auth_user_pass_verify_script = '[UNDEF]'
Tue Dec 25 06:00:20 2018 us=977397   auth_user_pass_verify_script_via_file = DISABLED
Tue Dec 25 06:00:20 2018 us=977397   auth_token_generate = DISABLED
Tue Dec 25 06:00:20 2018 us=977397   auth_token_lifetime = 0
Tue Dec 25 06:00:20 2018 us=977397   client = ENABLED
Tue Dec 25 06:00:20 2018 us=977397   pull = ENABLED
Tue Dec 25 06:00:20 2018 us=977397   auth_user_pass_file = '[UNDEF]'
Tue Dec 25 06:00:20 2018 us=977397   show_net_up = DISABLED
Tue Dec 25 06:00:20 2018 us=977397   route_method = 3
Tue Dec 25 06:00:20 2018 us=977397   block_outside_dns = DISABLED
Tue Dec 25 06:00:20 2018 us=977397   ip_win32_defined = DISABLED
Tue Dec 25 06:00:20 2018 us=977397   ip_win32_type = 3
Tue Dec 25 06:00:20 2018 us=977397   dhcp_masq_offset = 0
Tue Dec 25 06:00:20 2018 us=977397   dhcp_lease_time = 31536000
Tue Dec 25 06:00:20 2018 us=977397   tap_sxxxxxp = 0
Tue Dec 25 06:00:20 2018 us=977397   dhcp_options = DISABLED
Tue Dec 25 06:00:20 2018 us=977397   dhcp_renew = DISABLED
Tue Dec 25 06:00:20 2018 us=977397   dhcp_pre_release = DISABLED
Tue Dec 25 06:00:20 2018 us=977397   domain = '[UNDEF]'
Tue Dec 25 06:00:20 2018 us=977397   netbios_scope = '[UNDEF]'
Tue Dec 25 06:00:20 2018 us=977397   netbios_node_type = 0
Tue Dec 25 06:00:20 2018 us=977397   disable_nbt = DISABLED
Tue Dec 25 06:00:20 2018 us=977397 OpenVPN 2.4.6 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Apr 26 2018
Tue Dec 25 06:00:20 2018 us=977397 Windows version 6.2 (Windows 8 or greater) 64bit
Tue Dec 25 06:00:20 2018 us=977397 library versions: OpenSSL 1.1.0h  27 Mar 2018, LZO 2.10
Enter Management Password:
Tue Dec 25 06:00:20 2018 us=977397 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25341
Tue Dec 25 06:00:20 2018 us=977397 Need hold release from management interface, waiting...
Tue Dec 25 06:00:21 2018 us=414930 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25341
Tue Dec 25 06:00:21 2018 us=525621 MANAGEMENT: CMD 'state on'
Tue Dec 25 06:00:21 2018 us=525621 MANAGEMENT: CMD 'log all on'
Tue Dec 25 06:00:21 2018 us=822466 MANAGEMENT: CMD 'echo all on'
Tue Dec 25 06:00:21 2018 us=822466 MANAGEMENT: CMD 'bytecount 5'
Tue Dec 25 06:00:21 2018 us=822466 MANAGEMENT: CMD 'hold off'
Tue Dec 25 06:00:21 2018 us=838089 MANAGEMENT: CMD 'hold release'
Tue Dec 25 06:00:21 2018 us=838089 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Dec 25 06:00:21 2018 us=838089 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Dec 25 06:00:21 2018 us=838089 Control Channel MTU parms [ L:1621 D:1184 EF:66 EB:0 ET:0 EL:3 ]
Tue Dec 25 06:00:21 2018 us=838089 MANAGEMENT: >STATE:1545739221,RESOLVE,,,,,,
Tue Dec 25 06:00:21 2018 us=917393 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
Tue Dec 25 06:00:21 2018 us=917393 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
Tue Dec 25 06:00:21 2018 us=917393 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
Tue Dec 25 06:00:21 2018 us=917393 TCP/UDP: Preserving recently used remote address: [AF_INET]xxx.xxx.xxx.xxx:1194
Tue Dec 25 06:00:21 2018 us=917393 Socket Buffers: R=[65536->65536] S=[64512->64512]
Tue Dec 25 06:00:21 2018 us=917393 UDP link local: (not bound)
Tue Dec 25 06:00:21 2018 us=917393 UDP link remote: [AF_INET]xxx.xxx.xxx.xxx:1194
Tue Dec 25 06:00:21 2018 us=917393 MANAGEMENT: >STATE:1545739221,WAIT,,,,,,
Tue Dec 25 06:00:21 2018 us=964274 MANAGEMENT: >STATE:1545739221,AUTH,,,,,,
Tue Dec 25 06:00:21 2018 us=964274 TLS: Initial packet from [AF_INET]xxx.xxx.xxx.xxx:1194, sid=030a982f 78eac7d1
Tue Dec 25 06:00:22 2018 us=42375 VERIFY OK: depth=1, C=US, ST=MO, L=KansasCity, O=xxxxx.org, OU=Home, CN=xxxxx.org CA, name=EasyRSA, emailAddress=xxxxx@xxxxx.org
Tue Dec 25 06:00:22 2018 us=42375 VERIFY KU OK
Tue Dec 25 06:00:22 2018 us=42375 Validating certificate extended key usage
Tue Dec 25 06:00:22 2018 us=42375 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Tue Dec 25 06:00:22 2018 us=42375 VERIFY EKU OK
Tue Dec 25 06:00:22 2018 us=42375 VERIFY OK: depth=0, C=US, ST=MO, L=KansasCity, O=xxxxx.org, OU=Home, CN=vpn.xxxxx.org, name=EasyRSA, emailAddress=xxxxx@xxxxx.org
Tue Dec 25 06:00:22 2018 us=198677 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Tue Dec 25 06:00:22 2018 us=198677 [vpn.xxxxx.org] Peer Connection Initiated with [AF_INET]xxx.xxx.xxx.xxx:1194
Tue Dec 25 06:00:23 2018 us=278130 MANAGEMENT: >STATE:1545739223,GET_CONFIG,,,,,,
Tue Dec 25 06:00:23 2018 us=278130 SENT CONTROL [vpn.xxxxx.org]: 'PUSH_REQUEST' (status=1)
Tue Dec 25 06:00:23 2018 us=356251 PUSH: Received control message: 'PUSH_REPLY,route 192.168.1.0 255.255.255.0,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 1.1.1.1,dhcp-option DNS 1.0.0.1,route-gateway 172.16.16.17,topology subnet,ping 10,ping-restart 120,ifconfig 172.16.16.18 255.255.255.248,peer-id 0,cipher AES-256-GCM'
Tue Dec 25 06:00:23 2018 us=356251 OPTIONS IMPORT: timers and/or timeouts modified
Tue Dec 25 06:00:23 2018 us=356251 OPTIONS IMPORT: --ifconfig/up options modified
Tue Dec 25 06:00:23 2018 us=356251 OPTIONS IMPORT: route options modified
Tue Dec 25 06:00:23 2018 us=356251 OPTIONS IMPORT: route-related options modified
Tue Dec 25 06:00:23 2018 us=356251 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Tue Dec 25 06:00:23 2018 us=356251 OPTIONS IMPORT: peer-id set
Tue Dec 25 06:00:23 2018 us=356251 OPTIONS IMPORT: adjusting link_mtu to 1624
Tue Dec 25 06:00:23 2018 us=356251 OPTIONS IMPORT: data channel crypto options modified
Tue Dec 25 06:00:23 2018 us=356251 Data Channel: using negotiated cipher 'AES-256-GCM'
Tue Dec 25 06:00:23 2018 us=356251 Data Channel MTU parms [ L:1552 D:1450 EF:52 EB:406 ET:0 EL:3 ]
Tue Dec 25 06:00:23 2018 us=356251 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Tue Dec 25 06:00:23 2018 us=356251 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Tue Dec 25 06:00:23 2018 us=356251 interactive service msg_channel=756
Tue Dec 25 06:00:23 2018 us=371834 ROUTE_GATEWAY 192.168.128.1/255.255.255.0 I=18 HWADDR=68:17:29:ea:5a:1f
Tue Dec 25 06:00:23 2018 us=418684 open_tun
Tue Dec 25 06:00:23 2018 us=418684 TAP-WIN32 device [OpenVPN] opened: \\.\Global\{D16B7208-63B2-4724-9633-F0F5A4EFC530}.tap
Tue Dec 25 06:00:23 2018 us=418684 TAP-Windows Driver Version 9.21 
Tue Dec 25 06:00:23 2018 us=418684 TAP-Windows MTU=1500
Tue Dec 25 06:00:23 2018 us=434308 Set TAP-Windows TUN subnet mode network/local/netmask = 172.16.16.16/172.16.16.18/255.255.255.248 [SUCCEEDED]
Tue Dec 25 06:00:23 2018 us=434308 Notified TAP-Windows driver to set a DHCP IP/netmask of 172.16.16.18/255.255.255.248 on interface {D16B7208-63B2-4724-9633-F0F5A4EFC530} [DHCP-serv: 172.16.16.22, lease-time: 31536000]
Tue Dec 25 06:00:23 2018 us=434308 DHCP option string: 06080101 01010100 0001
Tue Dec 25 06:00:23 2018 us=434308 Successful ARP Flush on interface [20] {D16B7208-63B2-4724-9633-F0F5A4EFC530}
Tue Dec 25 06:00:23 2018 us=434308 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Tue Dec 25 06:00:23 2018 us=434308 MANAGEMENT: >STATE:1545739223,ASSIGN_IP,,172.16.16.18,,,,
Tue Dec 25 06:00:28 2018 us=709133 TEST ROUTES: 2/2 succeeded len=1 ret=1 a=0 u/d=up
Tue Dec 25 06:00:28 2018 us=709133 C:\WINDOWS\system32\route.exe ADD xxx.xxx.xxx.xxx MASK 255.255.255.255 192.168.128.1
Tue Dec 25 06:00:28 2018 us=709133 Route addition via service succeeded
Tue Dec 25 06:00:28 2018 us=709133 C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 172.16.16.17
Tue Dec 25 06:00:28 2018 us=724763 Route addition via service succeeded
Tue Dec 25 06:00:28 2018 us=724763 C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 172.16.16.17
Tue Dec 25 06:00:28 2018 us=724763 Route addition via service succeeded
Tue Dec 25 06:00:28 2018 us=724763 MANAGEMENT: >STATE:1545739228,ADD_ROUTES,,,,,,
Tue Dec 25 06:00:28 2018 us=724763 C:\WINDOWS\system32\route.exe ADD 192.168.1.0 MASK 255.255.255.0 172.16.16.17
Tue Dec 25 06:00:28 2018 us=740372 Route addition via service succeeded
Tue Dec 25 06:00:28 2018 us=740372 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Tue Dec 25 06:00:28 2018 us=740372 Initialization Sequence Completed
Tue Dec 25 06:00:28 2018 us=740372 MANAGEMENT: >STATE:1545739228,CONNECTED,SUCCESS,172.16.16.18,xxx.xxx.xxx.xxx,1194,,
client ipconfig /all

Code: Select all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : Sweet
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : lan

Ethernet adapter OpenVPN:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : TAP-Windows Adapter V9
   Physical Address. . . . . . . . . : 00-FF-D1-6B-72-08
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::b948:aac5:497f:4853%20(Preferred)
   IPv4 Address. . . . . . . . . . . : 172.16.16.18(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.248
   Lease Obtained. . . . . . . . . . : Tuesday, December 25, 2018 6:00:23 AM
   Lease Expires . . . . . . . . . . : Wednesday, December 25, 2019 6:00:22 AM
   Default Gateway . . . . . . . . . :
   DHCP Server . . . . . . . . . . . : 172.16.16.22
   DHCPv6 IAID . . . . . . . . . . . : 352387025
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-23-75-41-2C-A0-D3-C1-71-28-4C
   DNS Servers . . . . . . . . . . . : 1.1.1.1
                                       1.0.0.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Wireless LAN adapter Wi-Fi:

   Connection-specific DNS Suffix  . : lan
   Description . . . . . . . . . . . : Intel(R) Centrino(R) Wireless-N 2230
   Physical Address. . . . . . . . . : 68-17-29-EA-5A-1F
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2600:1:c72d:496d:c80d:98ff:4dbe:86df(Preferred)
   Temporary IPv6 Address. . . . . . : 2600:1:c72d:496d:2c23:2f5e:27b3:56ba(Preferred)
   Link-local IPv6 Address . . . . . : fe80::c80d:98ff:4dbe:86df%18(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.128.34(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Tuesday, December 25, 2018 6:00:06 AM
   Lease Expires . . . . . . . . . . : Wednesday, December 26, 2018 6:00:06 AM
   Default Gateway . . . . . . . . . : fe80::fd89:99f8:4b20:a3f%18
                                       192.168.128.1
   DHCP Server . . . . . . . . . . . : 192.168.128.1
   DHCPv6 IAID . . . . . . . . . . . : 141039401
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-23-75-41-2C-A0-D3-C1-71-28-4C
   DNS Servers . . . . . . . . . . . : 2606:4700:4700::1111
                                       2606:4700:4700::1001
                                       1.1.1.1
                                       1.0.0.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
   Connection-specific DNS Suffix Search List :
                                       lan
/var/log/openvpn/openvpn.log

Code: Select all

Tue Dec 25 06:00:10 2018 us=997284 Current Parameter Settings:
Tue Dec 25 06:00:10 2018 us=997311   config = '/etc/openvpn/server-udp.conf'
Tue Dec 25 06:00:10 2018 us=997316   mode = 1
Tue Dec 25 06:00:10 2018 us=997320   persist_config = DISABLED
Tue Dec 25 06:00:10 2018 us=997323   persist_mode = 1
Tue Dec 25 06:00:10 2018 us=997326   show_ciphers = DISABLED
Tue Dec 25 06:00:10 2018 us=997329   show_digests = DISABLED
Tue Dec 25 06:00:10 2018 us=997333   show_engines = DISABLED
Tue Dec 25 06:00:10 2018 us=997336   genkey = DISABLED
Tue Dec 25 06:00:10 2018 us=997339   key_pass_file = '[UNDEF]'
Tue Dec 25 06:00:10 2018 us=997342   show_tls_ciphers = DISABLED
Tue Dec 25 06:00:10 2018 us=997346   connect_retry_max = 0
Tue Dec 25 06:00:10 2018 us=997349 Connection profiles [0]:
Tue Dec 25 06:00:10 2018 us=997353   proto = udp
Tue Dec 25 06:00:10 2018 us=997356   local = '192.168.1.11'
Tue Dec 25 06:00:10 2018 us=997359   local_port = '1194'
Tue Dec 25 06:00:10 2018 us=997362   remote = '[UNDEF]'
Tue Dec 25 06:00:10 2018 us=997365   remote_port = '1194'
Tue Dec 25 06:00:10 2018 us=997368   remote_float = DISABLED
Tue Dec 25 06:00:10 2018 us=997371   bind_defined = DISABLED
Tue Dec 25 06:00:10 2018 us=997375   bind_local = ENABLED
Tue Dec 25 06:00:10 2018 us=997378   bind_ipv6_only = DISABLED
Tue Dec 25 06:00:10 2018 us=997381   connect_retry_seconds = 5
Tue Dec 25 06:00:10 2018 us=997384   connect_timeout = 120
Tue Dec 25 06:00:10 2018 us=997387   socks_proxy_server = '[UNDEF]'
Tue Dec 25 06:00:10 2018 us=997390   socks_proxy_port = '[UNDEF]'
Tue Dec 25 06:00:10 2018 us=997393   tun_mtu = 1500
Tue Dec 25 06:00:10 2018 us=997397   tun_mtu_defined = ENABLED
Tue Dec 25 06:00:10 2018 us=997400   link_mtu = 1500
Tue Dec 25 06:00:10 2018 us=997403   link_mtu_defined = DISABLED
Tue Dec 25 06:00:10 2018 us=997406   tun_mtu_extra = 0
Tue Dec 25 06:00:10 2018 us=997409   tun_mtu_extra_defined = DISABLED
Tue Dec 25 06:00:10 2018 us=997412   mtu_discover_type = -1
Tue Dec 25 06:00:10 2018 us=997415   fragment = 0
Tue Dec 25 06:00:10 2018 us=997418   mssfix = 1450
Tue Dec 25 06:00:10 2018 us=997422   explicit_exit_notification = 1
Tue Dec 25 06:00:10 2018 us=997425 Connection profiles END
Tue Dec 25 06:00:10 2018 us=997428   remote_random = DISABLED
Tue Dec 25 06:00:10 2018 us=997431   ipchange = '[UNDEF]'
Tue Dec 25 06:00:10 2018 us=997434   dev = 'tun'
Tue Dec 25 06:00:10 2018 us=997437   dev_type = '[UNDEF]'
Tue Dec 25 06:00:10 2018 us=997440   dev_node = '[UNDEF]'
Tue Dec 25 06:00:10 2018 us=997443   lladdr = '[UNDEF]'
Tue Dec 25 06:00:10 2018 us=997446   topology = 3
Tue Dec 25 06:00:10 2018 us=997450   ifconfig_local = '172.16.16.17'
Tue Dec 25 06:00:10 2018 us=997453   ifconfig_remote_netmask = '255.255.255.248'
Tue Dec 25 06:00:10 2018 us=997456   ifconfig_noexec = DISABLED
Tue Dec 25 06:00:10 2018 us=997459   ifconfig_nowarn = DISABLED
Tue Dec 25 06:00:10 2018 us=997462   ifconfig_ipv6_local = '[UNDEF]'
Tue Dec 25 06:00:10 2018 us=997465   ifconfig_ipv6_netbits = 0
Tue Dec 25 06:00:10 2018 us=997468   ifconfig_ipv6_remote = '[UNDEF]'
Tue Dec 25 06:00:10 2018 us=997472   shaper = 0
Tue Dec 25 06:00:10 2018 us=997475   mtu_test = 0
Tue Dec 25 06:00:10 2018 us=997478   mlock = DISABLED
Tue Dec 25 06:00:10 2018 us=997481   keepalive_ping = 10
Tue Dec 25 06:00:10 2018 us=997485   keepalive_timeout = 120
Tue Dec 25 06:00:10 2018 us=997488   inactivity_timeout = 0
Tue Dec 25 06:00:10 2018 us=997491   ping_send_timeout = 10
Tue Dec 25 06:00:10 2018 us=997494   ping_rec_timeout = 240
Tue Dec 25 06:00:10 2018 us=997497   ping_rec_timeout_action = 2
Tue Dec 25 06:00:10 2018 us=997500   ping_timer_remote = DISABLED
Tue Dec 25 06:00:10 2018 us=997503   remap_sigusr1 = 0
Tue Dec 25 06:00:10 2018 us=997506   persist_tun = ENABLED
Tue Dec 25 06:00:10 2018 us=997509   persist_local_ip = DISABLED
Tue Dec 25 06:00:10 2018 us=997512   persist_remote_ip = DISABLED
Tue Dec 25 06:00:10 2018 us=997515   persist_key = ENABLED
Tue Dec 25 06:00:10 2018 us=997518   passtos = DISABLED
Tue Dec 25 06:00:10 2018 us=997521   resolve_retry_seconds = 1000000000
Tue Dec 25 06:00:10 2018 us=997528   resolve_in_advance = DISABLED
Tue Dec 25 06:00:10 2018 us=997532   username = 'nobody'
Tue Dec 25 06:00:10 2018 us=997535   groupname = 'nogroup'
Tue Dec 25 06:00:10 2018 us=997538   chroot_dir = '[UNDEF]'
Tue Dec 25 06:00:10 2018 us=997541   cd_dir = '/etc/openvpn'
Tue Dec 25 06:00:10 2018 us=997544   writepid = '/run/openvpn/server-udp.pid'
Tue Dec 25 06:00:10 2018 us=997547   up_script = '[UNDEF]'
Tue Dec 25 06:00:10 2018 us=997551   down_script = '[UNDEF]'
Tue Dec 25 06:00:10 2018 us=997554   down_pre = DISABLED
Tue Dec 25 06:00:10 2018 us=997557   up_restart = DISABLED
Tue Dec 25 06:00:10 2018 us=997560   up_delay = DISABLED
Tue Dec 25 06:00:10 2018 us=997563   daemon = ENABLED
Tue Dec 25 06:00:10 2018 us=997566   inetd = 0
Tue Dec 25 06:00:10 2018 us=997569   log = ENABLED
Tue Dec 25 06:00:10 2018 us=997572   suppress_timestamps = DISABLED
Tue Dec 25 06:00:10 2018 us=997575   machine_readable_output = DISABLED
Tue Dec 25 06:00:10 2018 us=997578   nice = 0
Tue Dec 25 06:00:10 2018 us=997581   verbosity = 4
Tue Dec 25 06:00:10 2018 us=997584   mute = 0
Tue Dec 25 06:00:10 2018 us=997587   gremlin = 0
Tue Dec 25 06:00:10 2018 us=997590   status_file = '/var/log/openvpn/openvpn-status.log'
Tue Dec 25 06:00:10 2018 us=997593   status_file_version = 1
Tue Dec 25 06:00:10 2018 us=997596   status_file_update_freq = 10
Tue Dec 25 06:00:10 2018 us=997599   occ = ENABLED
Tue Dec 25 06:00:10 2018 us=997602   rcvbuf = 0
Tue Dec 25 06:00:10 2018 us=997605   sndbuf = 0
Tue Dec 25 06:00:10 2018 us=997608   mark = 0
Tue Dec 25 06:00:10 2018 us=997611   sockflags = 0
Tue Dec 25 06:00:10 2018 us=997614   fast_io = DISABLED
Tue Dec 25 06:00:10 2018 us=997617   comp.alg = 0
Tue Dec 25 06:00:10 2018 us=997620   comp.flags = 0
Tue Dec 25 06:00:10 2018 us=997624   route_script = '[UNDEF]'
Tue Dec 25 06:00:10 2018 us=997627   route_default_gateway = '172.16.16.18'
Tue Dec 25 06:00:10 2018 us=997630   route_default_metric = 0
Tue Dec 25 06:00:10 2018 us=997633   route_noexec = DISABLED
Tue Dec 25 06:00:10 2018 us=997636   route_delay = 0
Tue Dec 25 06:00:10 2018 us=997639   route_delay_window = 30
Tue Dec 25 06:00:10 2018 us=997642   route_delay_defined = DISABLED
Tue Dec 25 06:00:10 2018 us=997645   route_nopull = DISABLED
Tue Dec 25 06:00:10 2018 us=997648   route_gateway_via_dhcp = DISABLED
Tue Dec 25 06:00:10 2018 us=997651   allow_pull_fqdn = DISABLED
Tue Dec 25 06:00:10 2018 us=997654   management_addr = '[UNDEF]'
Tue Dec 25 06:00:10 2018 us=997657   management_port = '[UNDEF]'
Tue Dec 25 06:00:10 2018 us=997661   management_user_pass = '[UNDEF]'
Tue Dec 25 06:00:10 2018 us=997664   management_log_history_cache = 250
Tue Dec 25 06:00:10 2018 us=997667   management_echo_buffer_size = 100
Tue Dec 25 06:00:10 2018 us=997670   management_write_peer_info_file = '[UNDEF]'
Tue Dec 25 06:00:10 2018 us=997673   management_client_user = '[UNDEF]'
Tue Dec 25 06:00:10 2018 us=997676   management_client_group = '[UNDEF]'
Tue Dec 25 06:00:10 2018 us=997679   management_flags = 0
Tue Dec 25 06:00:10 2018 us=997683   shared_secret_file = '[UNDEF]'
Tue Dec 25 06:00:10 2018 us=997686   key_direction = 1
Tue Dec 25 06:00:10 2018 us=997689   ciphername = 'AES-256-CBC'
Tue Dec 25 06:00:10 2018 us=997692   ncp_enabled = ENABLED
Tue Dec 25 06:00:10 2018 us=997695   ncp_ciphers = 'AES-256-GCM:AES-128-GCM'
Tue Dec 25 06:00:10 2018 us=997699   authname = 'SHA1'
Tue Dec 25 06:00:10 2018 us=997702   prng_hash = 'SHA1'
Tue Dec 25 06:00:10 2018 us=997705   prng_nonce_secret_len = 16
Tue Dec 25 06:00:10 2018 us=997708   keysize = 0
Tue Dec 25 06:00:10 2018 us=997711   engine = DISABLED
Tue Dec 25 06:00:10 2018 us=997714   replay = ENABLED
Tue Dec 25 06:00:10 2018 us=997717   mute_replay_warnings = DISABLED
Tue Dec 25 06:00:10 2018 us=997721   replay_window = 64
Tue Dec 25 06:00:10 2018 us=997724   replay_time = 15
Tue Dec 25 06:00:10 2018 us=997727   packet_id_file = '[UNDEF]'
Tue Dec 25 06:00:10 2018 us=997730   use_iv = ENABLED
Tue Dec 25 06:00:10 2018 us=997733   test_crypto = DISABLED
Tue Dec 25 06:00:10 2018 us=997736   tls_server = ENABLED
Tue Dec 25 06:00:10 2018 us=997741   tls_client = DISABLED
Tue Dec 25 06:00:10 2018 us=997745   key_method = 2
Tue Dec 25 06:00:10 2018 us=997748   ca_file = './keys/ca.crt'
Tue Dec 25 06:00:10 2018 us=997751   ca_path = '[UNDEF]'
Tue Dec 25 06:00:10 2018 us=997754   dh_file = './keys/dh2048.pem'
Tue Dec 25 06:00:10 2018 us=997757   cert_file = './keys/server.crt'
Tue Dec 25 06:00:10 2018 us=997761   extra_certs_file = '[UNDEF]'
Tue Dec 25 06:00:10 2018 us=997764   priv_key_file = './keys/server.key'
Tue Dec 25 06:00:10 2018 us=997767   pkcs12_file = '[UNDEF]'
Tue Dec 25 06:00:10 2018 us=997770   cipher_list = '[UNDEF]'
Tue Dec 25 06:00:10 2018 us=997773   tls_verify = '[UNDEF]'
Tue Dec 25 06:00:10 2018 us=997776   tls_export_cert = '[UNDEF]'
Tue Dec 25 06:00:10 2018 us=997780   verify_x509_type = 0
Tue Dec 25 06:00:10 2018 us=997783   verify_x509_name = '[UNDEF]'
Tue Dec 25 06:00:10 2018 us=997786   crl_file = '[UNDEF]'
Tue Dec 25 06:00:10 2018 us=997789   ns_cert_type = 0
Tue Dec 25 06:00:10 2018 us=997792   remote_cert_ku[i] = 0
Tue Dec 25 06:00:10 2018 us=997795   remote_cert_ku[i] = 0
Tue Dec 25 06:00:10 2018 us=997798   remote_cert_ku[i] = 0
Tue Dec 25 06:00:10 2018 us=997801   remote_cert_ku[i] = 0
Tue Dec 25 06:00:10 2018 us=997804   remote_cert_ku[i] = 0
Tue Dec 25 06:00:10 2018 us=997807   remote_cert_ku[i] = 0
Tue Dec 25 06:00:10 2018 us=997810   remote_cert_ku[i] = 0
Tue Dec 25 06:00:10 2018 us=997813   remote_cert_ku[i] = 0
Tue Dec 25 06:00:10 2018 us=997816   remote_cert_ku[i] = 0
Tue Dec 25 06:00:10 2018 us=997819   remote_cert_ku[i] = 0
Tue Dec 25 06:00:10 2018 us=997822   remote_cert_ku[i] = 0
Tue Dec 25 06:00:10 2018 us=997825   remote_cert_ku[i] = 0
Tue Dec 25 06:00:10 2018 us=997828   remote_cert_ku[i] = 0
Tue Dec 25 06:00:10 2018 us=997831   remote_cert_ku[i] = 0
Tue Dec 25 06:00:10 2018 us=997834   remote_cert_ku[i] = 0
Tue Dec 25 06:00:10 2018 us=997837   remote_cert_ku[i] = 0
Tue Dec 25 06:00:10 2018 us=997840   remote_cert_eku = '[UNDEF]'
Tue Dec 25 06:00:10 2018 us=997844   ssl_flags = 0
Tue Dec 25 06:00:10 2018 us=997847   tls_timeout = 2
Tue Dec 25 06:00:10 2018 us=997850   renegotiate_bytes = -1
Tue Dec 25 06:00:10 2018 us=997853   renegotiate_packets = 0
Tue Dec 25 06:00:10 2018 us=997856   renegotiate_seconds = 3600
Tue Dec 25 06:00:10 2018 us=997859   handshake_window = 60
Tue Dec 25 06:00:10 2018 us=997862   transition_window = 3600
Tue Dec 25 06:00:10 2018 us=997865   single_session = DISABLED
Tue Dec 25 06:00:10 2018 us=997868   push_peer_info = DISABLED
Tue Dec 25 06:00:10 2018 us=997872   tls_exit = DISABLED
Tue Dec 25 06:00:10 2018 us=997875   tls_auth_file = './keys/ta.key'
Tue Dec 25 06:00:10 2018 us=997878   tls_crypt_file = '[UNDEF]'
Tue Dec 25 06:00:10 2018 us=997881   pkcs11_protected_authentication = DISABLED
Tue Dec 25 06:00:10 2018 us=997884   pkcs11_protected_authentication = DISABLED
Tue Dec 25 06:00:10 2018 us=997887   pkcs11_protected_authentication = DISABLED
Tue Dec 25 06:00:10 2018 us=997890   pkcs11_protected_authentication = DISABLED
Tue Dec 25 06:00:10 2018 us=997893   pkcs11_protected_authentication = DISABLED
Tue Dec 25 06:00:10 2018 us=997896   pkcs11_protected_authentication = DISABLED
Tue Dec 25 06:00:10 2018 us=997899   pkcs11_protected_authentication = DISABLED
Tue Dec 25 06:00:10 2018 us=997902   pkcs11_protected_authentication = DISABLED
Tue Dec 25 06:00:10 2018 us=997905   pkcs11_protected_authentication = DISABLED
Tue Dec 25 06:00:10 2018 us=997908   pkcs11_protected_authentication = DISABLED
Tue Dec 25 06:00:10 2018 us=997911   pkcs11_protected_authentication = DISABLED
Tue Dec 25 06:00:10 2018 us=997915   pkcs11_protected_authentication = DISABLED
Tue Dec 25 06:00:10 2018 us=997918   pkcs11_protected_authentication = DISABLED
Tue Dec 25 06:00:10 2018 us=997921   pkcs11_protected_authentication = DISABLED
Tue Dec 25 06:00:10 2018 us=997924   pkcs11_protected_authentication = DISABLED
Tue Dec 25 06:00:10 2018 us=997927   pkcs11_protected_authentication = DISABLED
Tue Dec 25 06:00:10 2018 us=997930   pkcs11_private_mode = 00000000
Tue Dec 25 06:00:10 2018 us=997933   pkcs11_private_mode = 00000000
Tue Dec 25 06:00:10 2018 us=997938   pkcs11_private_mode = 00000000
Tue Dec 25 06:00:10 2018 us=997941   pkcs11_private_mode = 00000000
Tue Dec 25 06:00:10 2018 us=997945   pkcs11_private_mode = 00000000
Tue Dec 25 06:00:10 2018 us=997948   pkcs11_private_mode = 00000000
Tue Dec 25 06:00:10 2018 us=997961   pkcs11_private_mode = 00000000
Tue Dec 25 06:00:10 2018 us=997990   pkcs11_private_mode = 00000000
Tue Dec 25 06:00:10 2018 us=997994   pkcs11_private_mode = 00000000
Tue Dec 25 06:00:10 2018 us=997997   pkcs11_private_mode = 00000000
Tue Dec 25 06:00:10 2018 us=998000   pkcs11_private_mode = 00000000
Tue Dec 25 06:00:10 2018 us=998003   pkcs11_private_mode = 00000000
Tue Dec 25 06:00:10 2018 us=998006   pkcs11_private_mode = 00000000
Tue Dec 25 06:00:10 2018 us=998009   pkcs11_private_mode = 00000000
Tue Dec 25 06:00:10 2018 us=998012   pkcs11_private_mode = 00000000
Tue Dec 25 06:00:10 2018 us=998015   pkcs11_private_mode = 00000000
Tue Dec 25 06:00:10 2018 us=998018   pkcs11_cert_private = DISABLED
Tue Dec 25 06:00:10 2018 us=998021   pkcs11_cert_private = DISABLED
Tue Dec 25 06:00:10 2018 us=998024   pkcs11_cert_private = DISABLED
Tue Dec 25 06:00:10 2018 us=998027   pkcs11_cert_private = DISABLED
Tue Dec 25 06:00:10 2018 us=998031   pkcs11_cert_private = DISABLED
Tue Dec 25 06:00:10 2018 us=998034   pkcs11_cert_private = DISABLED
Tue Dec 25 06:00:10 2018 us=998037   pkcs11_cert_private = DISABLED
Tue Dec 25 06:00:10 2018 us=998040   pkcs11_cert_private = DISABLED
Tue Dec 25 06:00:10 2018 us=998043   pkcs11_cert_private = DISABLED
Tue Dec 25 06:00:10 2018 us=998046   pkcs11_cert_private = DISABLED
Tue Dec 25 06:00:10 2018 us=998049   pkcs11_cert_private = DISABLED
Tue Dec 25 06:00:10 2018 us=998052   pkcs11_cert_private = DISABLED
Tue Dec 25 06:00:10 2018 us=998055   pkcs11_cert_private = DISABLED
Tue Dec 25 06:00:10 2018 us=998058   pkcs11_cert_private = DISABLED
Tue Dec 25 06:00:10 2018 us=998061   pkcs11_cert_private = DISABLED
Tue Dec 25 06:00:10 2018 us=998064   pkcs11_cert_private = DISABLED
Tue Dec 25 06:00:10 2018 us=998067   pkcs11_pin_cache_period = -1
Tue Dec 25 06:00:10 2018 us=998070   pkcs11_id = '[UNDEF]'
Tue Dec 25 06:00:10 2018 us=998074   pkcs11_id_management = DISABLED
Tue Dec 25 06:00:10 2018 us=998077   server_network = 172.16.16.16
Tue Dec 25 06:00:10 2018 us=998081   server_netmask = 255.255.255.248
Tue Dec 25 06:00:10 2018 us=998085   server_network_ipv6 = ::
Tue Dec 25 06:00:10 2018 us=998088   server_netbits_ipv6 = 0
Tue Dec 25 06:00:10 2018 us=998092   server_bridge_ip = 0.0.0.0
Tue Dec 25 06:00:10 2018 us=998095   server_bridge_netmask = 0.0.0.0
Tue Dec 25 06:00:10 2018 us=998099   server_bridge_pool_start = 0.0.0.0
Tue Dec 25 06:00:10 2018 us=998102   server_bridge_pool_end = 0.0.0.0
Tue Dec 25 06:00:10 2018 us=998105   push_entry = 'route 192.168.1.0 255.255.255.0'
Tue Dec 25 06:00:10 2018 us=998109   push_entry = 'redirect-gateway def1 bypass-dhcp'
Tue Dec 25 06:00:10 2018 us=998112   push_entry = 'dhcp-option DNS 1.1.1.1'
Tue Dec 25 06:00:10 2018 us=998115   push_entry = 'dhcp-option DNS 1.0.0.1'
Tue Dec 25 06:00:10 2018 us=998118   push_entry = 'route-gateway 172.16.16.17'
Tue Dec 25 06:00:10 2018 us=998121   push_entry = 'topology subnet'
Tue Dec 25 06:00:10 2018 us=998124   push_entry = 'ping 10'
Tue Dec 25 06:00:10 2018 us=998127   push_entry = 'ping-restart 120'
Tue Dec 25 06:00:10 2018 us=998130   ifconfig_pool_defined = ENABLED
Tue Dec 25 06:00:10 2018 us=998134   ifconfig_pool_start = 172.16.16.18
Tue Dec 25 06:00:10 2018 us=998139   ifconfig_pool_end = 172.16.16.21
Tue Dec 25 06:00:10 2018 us=998143   ifconfig_pool_netmask = 255.255.255.248
Tue Dec 25 06:00:10 2018 us=998146   ifconfig_pool_persist_filename = '[UNDEF]'
Tue Dec 25 06:00:10 2018 us=998149   ifconfig_pool_persist_refresh_freq = 600
Tue Dec 25 06:00:10 2018 us=998152   ifconfig_ipv6_pool_defined = DISABLED
Tue Dec 25 06:00:10 2018 us=998156   ifconfig_ipv6_pool_base = ::
Tue Dec 25 06:00:10 2018 us=998159   ifconfig_ipv6_pool_netbits = 0
Tue Dec 25 06:00:10 2018 us=998162   n_bcast_buf = 256
Tue Dec 25 06:00:10 2018 us=998167   tcp_queue_limit = 64
Tue Dec 25 06:00:10 2018 us=998171   real_hash_size = 256
Tue Dec 25 06:00:10 2018 us=998174   virtual_hash_size = 256
Tue Dec 25 06:00:10 2018 us=998177   client_connect_script = '[UNDEF]'
Tue Dec 25 06:00:10 2018 us=998180   learn_address_script = '[UNDEF]'
Tue Dec 25 06:00:10 2018 us=998183   client_disconnect_script = '[UNDEF]'
Tue Dec 25 06:00:10 2018 us=998186   client_config_dir = '[UNDEF]'
Tue Dec 25 06:00:10 2018 us=998189   ccd_exclusive = DISABLED
Tue Dec 25 06:00:10 2018 us=998192   tmp_dir = '/tmp'
Tue Dec 25 06:00:10 2018 us=998196   push_ifconfig_defined = DISABLED
Tue Dec 25 06:00:10 2018 us=998199   push_ifconfig_local = 0.0.0.0
Tue Dec 25 06:00:10 2018 us=998202   push_ifconfig_remote_netmask = 0.0.0.0
Tue Dec 25 06:00:10 2018 us=998206   push_ifconfig_ipv6_defined = DISABLED
Tue Dec 25 06:00:10 2018 us=998209   push_ifconfig_ipv6_local = ::/0
Tue Dec 25 06:00:10 2018 us=998212   push_ifconfig_ipv6_remote = ::
Tue Dec 25 06:00:10 2018 us=998215   enable_c2c = DISABLED
Tue Dec 25 06:00:10 2018 us=998219   duplicate_cn = ENABLED
Tue Dec 25 06:00:10 2018 us=998222   cf_max = 0
Tue Dec 25 06:00:10 2018 us=998225   cf_per = 0
Tue Dec 25 06:00:10 2018 us=998228   max_clients = 5
Tue Dec 25 06:00:10 2018 us=998231   max_routes_per_client = 256
Tue Dec 25 06:00:10 2018 us=998235   auth_user_pass_verify_script = '[UNDEF]'
Tue Dec 25 06:00:10 2018 us=998238   auth_user_pass_verify_script_via_file = DISABLED
Tue Dec 25 06:00:10 2018 us=998241   auth_token_generate = DISABLED
Tue Dec 25 06:00:10 2018 us=998244   auth_token_lifetime = 0
Tue Dec 25 06:00:10 2018 us=998247   port_share_host = '[UNDEF]'
Tue Dec 25 06:00:10 2018 us=998250   port_share_port = '[UNDEF]'
Tue Dec 25 06:00:10 2018 us=998254   client = DISABLED
Tue Dec 25 06:00:10 2018 us=998257   pull = DISABLED
Tue Dec 25 06:00:10 2018 us=998260   auth_user_pass_file = '[UNDEF]'
Tue Dec 25 06:00:10 2018 us=998264 OpenVPN 2.4.4 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Sep  5 2018
Tue Dec 25 06:00:10 2018 us=998271 library versions: OpenSSL 1.1.0g  2 Nov 2017, LZO 2.08
Tue Dec 25 06:00:10 2018 us=998427 NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x.  Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
Tue Dec 25 06:00:10 2018 us=998591 Diffie-Hellman initialized with 2048 bit key
Tue Dec 25 06:00:10 2018 us=998872 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Dec 25 06:00:10 2018 us=998882 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Dec 25 06:00:10 2018 us=998889 TLS-Auth MTU parms [ L:1621 D:1184 EF:66 EB:0 ET:0 EL:3 ]
Tue Dec 25 06:00:11 2018 us=2090 TUN/TAP device tun1 opened
Tue Dec 25 06:00:11 2018 us=2317 TUN/TAP TX queue length set to 100
Tue Dec 25 06:00:11 2018 us=2344 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Tue Dec 25 06:00:11 2018 us=2353 /sbin/ip link set dev tun1 up mtu 1500
Tue Dec 25 06:00:11 2018 us=6606 /sbin/ip addr add dev tun1 172.16.16.17/29 broadcast 172.16.16.23
Tue Dec 25 06:00:11 2018 us=12734 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
Tue Dec 25 06:00:11 2018 us=12971 Could not determine IPv4/IPv6 protocol. Using AF_INET
Tue Dec 25 06:00:11 2018 us=12986 Socket Buffers: R=[212992->212992] S=[212992->212992]
Tue Dec 25 06:00:11 2018 us=12997 UDPv4 link local (bound): [AF_INET]192.168.1.11:1194
Tue Dec 25 06:00:11 2018 us=13002 UDPv4 link remote: [AF_UNSPEC]
Tue Dec 25 06:00:11 2018 us=13008 GID set to nogroup
Tue Dec 25 06:00:11 2018 us=13017 UID set to nobody
Tue Dec 25 06:00:11 2018 us=13024 MULTI: multi_init called, r=256 v=256
Tue Dec 25 06:00:11 2018 us=13040 IFCONFIG POOL: base=172.16.16.18 size=4, ipv6=0
Tue Dec 25 06:00:11 2018 us=13070 Initialization Sequence Completed
Tue Dec 25 06:00:23 2018 us=204243 MULTI: multi_create_instance called
Tue Dec 25 06:00:23 2018 us=204324 184.206.209.193:62393 Re-using SSL/TLS context
Tue Dec 25 06:00:23 2018 us=204450 184.206.209.193:62393 Control Channel MTU parms [ L:1621 D:1184 EF:66 EB:0 ET:0 EL:3 ]
Tue Dec 25 06:00:23 2018 us=204458 184.206.209.193:62393 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
Tue Dec 25 06:00:23 2018 us=204479 184.206.209.193:62393 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
Tue Dec 25 06:00:23 2018 us=204483 184.206.209.193:62393 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
Tue Dec 25 06:00:23 2018 us=204499 184.206.209.193:62393 TLS: Initial packet from [AF_INET]184.206.209.193:62393, sid=ecae2ce5 b92c4ef6
Tue Dec 25 06:00:23 2018 us=354998 184.206.209.193:62393 VERIFY OK: depth=1, C=US, ST=MO, L=KansasCity, O=xxxxx.org, OU=Home, CN=xxxxx.org CA, name=EasyRSA, emailAddress=xxxxx@xxxxx.org
Tue Dec 25 06:00:23 2018 us=355116 184.206.209.193:62393 VERIFY OK: depth=0, C=US, ST=MO, L=KansasCity, O=xxxxx.org, OU=Home, CN=client1, name=EasyRSA, emailAddress=xxxxx@xxxxx.org
Tue Dec 25 06:00:23 2018 us=433932 184.206.209.193:62393 peer info: IV_VER=2.4.6
Tue Dec 25 06:00:23 2018 us=433968 184.206.209.193:62393 peer info: IV_PLAT=win
Tue Dec 25 06:00:23 2018 us=433973 184.206.209.193:62393 peer info: IV_PROTO=2
Tue Dec 25 06:00:23 2018 us=433976 184.206.209.193:62393 peer info: IV_NCP=2
Tue Dec 25 06:00:23 2018 us=433980 184.206.209.193:62393 peer info: IV_LZ4=1
Tue Dec 25 06:00:23 2018 us=433983 184.206.209.193:62393 peer info: IV_LZ4v2=1
Tue Dec 25 06:00:23 2018 us=433986 184.206.209.193:62393 peer info: IV_LZO=1
Tue Dec 25 06:00:23 2018 us=433990 184.206.209.193:62393 peer info: IV_COMP_STUB=1
Tue Dec 25 06:00:23 2018 us=433993 184.206.209.193:62393 peer info: IV_COMP_STUBv2=1
Tue Dec 25 06:00:23 2018 us=433997 184.206.209.193:62393 peer info: IV_TCPNL=1
Tue Dec 25 06:00:23 2018 us=434000 184.206.209.193:62393 peer info: IV_GUI_VER=OpenVPN_GUI_11
Tue Dec 25 06:00:23 2018 us=503766 184.206.209.193:62393 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Tue Dec 25 06:00:23 2018 us=503794 184.206.209.193:62393 [client1] Peer Connection Initiated with [AF_INET]184.206.209.193:62393
Tue Dec 25 06:00:23 2018 us=503809 client1/184.206.209.193:62393 MULTI_sva: pool returned IPv4=172.16.16.18, IPv6=(Not enabled)
Tue Dec 25 06:00:23 2018 us=503828 client1/184.206.209.193:62393 MULTI: Learn: 172.16.16.18 -> client1/184.206.209.193:62393
Tue Dec 25 06:00:23 2018 us=503833 client1/184.206.209.193:62393 MULTI: primary virtual IP for client1/184.206.209.193:62393: 172.16.16.18
Tue Dec 25 06:00:24 2018 us=593946 client1/184.206.209.193:62393 PUSH: Received control message: 'PUSH_REQUEST'
Tue Dec 25 06:00:24 2018 us=594048 client1/184.206.209.193:62393 SENT CONTROL [client1]: 'PUSH_REPLY,route 192.168.1.0 255.255.255.0,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 1.1.1.1,dhcp-option DNS 1.0.0.1,route-gateway 172.16.16.17,topology subnet,ping 10,ping-restart 120,ifconfig 172.16.16.18 255.255.255.248,peer-id 0,cipher AES-256-GCM' (status=1)
Tue Dec 25 06:00:24 2018 us=594055 client1/184.206.209.193:62393 Data Channel: using negotiated cipher 'AES-256-GCM'
Tue Dec 25 06:00:24 2018 us=594066 client1/184.206.209.193:62393 Data Channel MTU parms [ L:1549 D:1450 EF:49 EB:406 ET:0 EL:3 ]
Tue Dec 25 06:00:24 2018 us=594110 client1/184.206.209.193:62393 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Tue Dec 25 06:00:24 2018 us=594115 client1/184.206.209.193:62393 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
/etc/sysctl.conf:

Code: Select all

#
# /etc/sysctl.conf - Configuration file for setting system variables
# See /etc/sysctl.d/ for additional system variables.
# See sysctl.conf (5) for information.
#

#kernel.domainname = example.com

# Uncomment the following to stop low-level messages on console
#kernel.printk = 3 4 1 3

##############################################################3
# Functions previously found in netbase
#

# Uncomment the next two lines to enable Spoof protection (reverse-path filter)
# Turn on Source Address Verification in all interfaces to
# prevent some spoofing attacks
#net.ipv4.conf.default.rp_filter=1
#net.ipv4.conf.all.rp_filter=1

# Uncomment the next line to enable TCP/IP SYN cookies
# See http://lwn.net/Articles/277146/
# Note: This may impact IPv6 TCP sessions too
#net.ipv4.tcp_syncookies=1

# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1

# Uncomment the next line to enable packet forwarding for IPv6
#  Enabling this option disables Stateless Address Autoconfiguration
#  based on Router Advertisements for this host
net.ipv6.conf.all.forwarding=1


###################################################################
# Additional settings - these settings can improve the network
# security of the host and prevent against some network attacks
# including spoofing attacks and man in the middle attacks through
# redirection. Some network environments, however, require that these
# settings are disabled so review and enable them as needed.
#
# Do not accept ICMP redirects (prevent MITM attacks)
#net.ipv4.conf.all.accept_redirects = 0
#net.ipv6.conf.all.accept_redirects = 0
# _or_
# Accept ICMP redirects only for gateways listed in our default
# gateway list (enabled by default)
# net.ipv4.conf.all.secure_redirects = 1
#
# Do not send ICMP redirects (we are not a router)
#net.ipv4.conf.all.send_redirects = 0
#
# Do not accept IP source route packets (we are not a router)
#net.ipv4.conf.all.accept_source_route = 0
#net.ipv6.conf.all.accept_source_route = 0
#
# Log Martian Packets
#net.ipv4.conf.all.log_martians = 1
#

###################################################################
# Magic system request Key
# 0=disable, 1=enable all
# Debian kernels have this set to 0 (disable the key)
# See https://www.kernel.org/doc/Documentation/sysrq.txt
# for what other values do
#kernel.sysrq=1

###################################################################
# Protected links
#
# Protects against creating or following links under certain conditions
# Debian kernels have both set to 1 (restricted)
# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt
#fs.protected_hardlinks=0
#fs.protected_symlinks=0
Client route print:

Code: Select all

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    192.168.128.1   192.168.128.34     50
          0.0.0.0        128.0.0.0     172.16.16.17     172.16.16.18    262
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
        128.0.0.0        128.0.0.0     172.16.16.17     172.16.16.18    262
  xxx.xxx.xxx.xxx  255.255.255.255    192.168.128.1   192.168.128.34    306
     172.16.16.16  255.255.255.248         On-link      172.16.16.18    262
     172.16.16.18  255.255.255.255         On-link      172.16.16.18    262
     172.16.16.23  255.255.255.255         On-link      172.16.16.18    262
      192.168.1.0    255.255.255.0     172.16.16.17     172.16.16.18    262
    192.168.128.0    255.255.255.0         On-link    192.168.128.34    306
   192.168.128.34  255.255.255.255         On-link    192.168.128.34    306
  192.168.128.255  255.255.255.255         On-link    192.168.128.34    306
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link      172.16.16.18    262
        224.0.0.0        240.0.0.0         On-link    192.168.128.34    306
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link      172.16.16.18    262
  255.255.255.255  255.255.255.255         On-link    192.168.128.34    306
===========================================================================
Persistent Routes:
  None
Last edited by LCB on Tue Dec 25, 2018 1:14 pm, edited 1 time in total.

LCB
OpenVPN User
Posts: 15
Joined: Wed Dec 12, 2018 3:08 pm

Re: Need TUN, Can't Route @ Default GW

Post by LCB » Tue Dec 25, 2018 1:13 pm

(cont)

Client's PING results:

Code: Select all

C:\Users\xxxxx>ping 172.16.16.17

Pinging 172.16.16.17 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 172.16.16.17:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

C:\Users\xxxxx>ping 192.168.1.11

Pinging 192.168.1.11 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 192.168.1.11:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
	
C:\Users\xxxxx>ping 172.16.16.18

Pinging 172.16.16.18 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 172.16.16.18:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 5571
Joined: Fri Jun 03, 2016 1:17 pm

Re: Need TAP, Can't Route @ Default GW

Post by TinCanTech » Tue Dec 25, 2018 3:44 pm

I cannot see anything wrong with your configuration ..

Try using tcpdump on your server to figure out where the packets do go
and check all your interface names and IP subnets.

LCB
OpenVPN User
Posts: 15
Joined: Wed Dec 12, 2018 3:08 pm

Re: Need TAP, Can't Route @ Default GW

Post by LCB » Tue Dec 25, 2018 4:47 pm

Actually I was just coming back to report what I found. I spun up an OpenVPN-AS VM to check some things and noticed something in the config pages that led me to disable the routing line I have for the 192.168.1.0/24 subnet in the config. Maybe I added that in between my first post and this morning when nothing worked. I guess that's not needed (and breaks things - makes sense) when you NAT.

So, now I'm back to the original issue: When I hit whatsmyip.org it tells me the IP address of my home router's WAN interface which is correct. I can ping all the addresses I want to ping internally on my home network. The two issues I see are:
  • My DNS servers (as shown by https://www.expressvpn.com/dns-leak-test) do not show the DNS servers listed in the server's config
  • STUN tests shows my local (VPN assigned) IP - not sure if this is VPN thing or a browser thing for sure
To verify, by client log does show the correct DNS servers:

Code: Select all

Tue Dec 25 10:34:16 2018 us=209837 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 1.1.1.1,dhcp-option DNS 1.0.0.1,route-gateway 172.16.16.17,topology subnet,ping 10,ping-restart 120,ifconfig 172.16.16.18 255.255.255.248,peer-id 0,cipher AES-256-GCM
So, progress, but I'd still like my DNS traffic to go through the VPN.

LCB
OpenVPN User
Posts: 15
Joined: Wed Dec 12, 2018 3:08 pm

Re: Need TAP, Can't Route @ Default GW

Post by LCB » Tue Dec 25, 2018 5:18 pm

Okay, checked via tcpdump and the request is hitting the server and looks right, not sure why the VPN test is showing my local connection DNS:

Code: Select all

11:13:02.349181  In ethertype IPv4 (0x0800), length 70: 172.16.16.18.51623 > 1.1.1.1.53: 51575+ A? cnet.com. (26)
11:13:02.349199 Out 08:00:27:dc:2e:43 ethertype IPv4 (0x0800), length 70: 192.168.1.11.51623 > 1.1.1.1.53: 51575+ A? cnet.com. (26)
11:13:02.350971  In f4:f5:e8:6b:b3:7b ethertype IPv4 (0x0800), length 86: 1.1.1.1.53 > 192.168.1.11.51623: 51575 1/0/0 A 64.30.228.118 (42)
11:13:02.350979 Out ethertype IPv4 (0x0800), length 86: 1.1.1.1.53 > 172.16.16.18.51623: 51575 1/0/0 A 64.30.228.118 (42)
... curious ...

sammalone1954
OpenVpn Newbie
Posts: 1
Joined: Sun Feb 10, 2019 12:52 am

Re: Need TAP, Can't Route @ Default GW

Post by sammalone1954 » Sun Feb 10, 2019 12:55 am

If you're running ExpressVpn, I found a way to get the OemVista.inf (tap driver) and where to put it.
You can email me if this might help? Can't find an ExpressVpn forum to help others with the "Can't connect" problem.

LCB
OpenVPN User
Posts: 15
Joined: Wed Dec 12, 2018 3:08 pm

Re: Need TAP, Can't Route @ Default GW

Post by LCB » Sun Feb 10, 2019 12:59 am

I do run ExpressVPN elsewhere, but this is not an issue with that. Thanks for the offer though!

I'm still not exactly sure why I can't get DNS working the way I think it should, but this has been overcome bu events and is working "fine enough."

Post Reply