I've made some progress. I can get to the shares behind my firewall using the OpenVPN client now. I was able to set the proper firewall settings. I'm using Windows Defender on a Win 10 Home computer. I followed the advice from this Stack Exchange post.
https://serverfault.com/questions/65197 ... es#tab-top
Basically, I added the VPN client's assigned subnet mask to all of the private profile rules for File and Printer Sharing.
TinCanTech wrote: ↑Thu Feb 25, 2021 4:13 pm
Read you router manual and also the openvpn howto. Again!
Ok, so I did that & aside from making me woefully embarrassed at not really reading the howto the first time, it made me realize that I need to add the push "redirect-gateway def1" directive in the server configuration file... which I don't think I have access to for OpenVPN on my router.
I may need to give up on that part. My main goal was connecting to my plex server from outside my network. If I have to continue to use my IpVanish VPN for internet use, I'm ok with that. Routing my internet traffic through OpenVPN would be nice, but ultimately not necessary.
TinCanTech wrote: ↑Thu Feb 25, 2021 4:13 pm
If you post your client log at
--verb 4 I'll check if it looks ok.
I can do that... I learned it from the HowTo

Thanks for your help TinCanTech.
Code: Select all
2/27/2021, 11:13:06 PM OpenVPN core 3.git::662eae9a win x86_64 64-bit built on Oct 27 2020 12:49:07
⏎2/27/2021, 11:13:06 PM Frame=512/2048/512 mssfix-ctrl=1250
⏎2/27/2021, 11:13:06 PM UNUSED OPTIONS
5 [resolv-retry] [infinite]
6 [nobind]
7 [persist-key]
8 [persist-tun]
10 [verb] [4]
⏎2/27/2021, 11:13:06 PM EVENT: RESOLVE ⏎2/27/2021, 11:13:06 PM EVENT: WAIT ⏎2/27/2021, 11:13:06 PM WinCommandAgent: transmitting bypass route to ***.***.***.***
{
"host" : "***.***.***.***",
"ipv6" : false
}
⏎2/27/2021, 11:13:06 PM Connecting to [thednsname.araknisdns.com]:1194 (***.***.***.***) via TCPv4
⏎2/27/2021, 11:13:06 PM EVENT: CONNECTING ⏎2/27/2021, 11:13:06 PM Tunnel Options:V4,dev-type tun,link-mtu 1559,tun-mtu 1500,proto TCPv4_CLIENT,cipher AES-128-CBC,auth SHA1,keysize 128,key-method 2,tls-client
⏎2/27/2021, 11:13:06 PM Creds: UsernameEmpty/PasswordEmpty
⏎2/27/2021, 11:13:06 PM Peer Info:
IV_VER=3.git::662eae9a
IV_PLAT=win
IV_NCP=2
IV_TCPNL=1
IV_PROTO=2
IV_AUTO_SESS=1
IV_GUI_VER=OCWindows_3.2.2-1455
IV_SSO=openurl
⏎2/27/2021, 11:13:07 PM SSL Handshake: CN=araknis, TLSv1, cipher SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
⏎2/27/2021, 11:13:07 PM Session is ACTIVE
⏎2/27/2021, 11:13:07 PM Sending PUSH_REQUEST to server...
⏎2/27/2021, 11:13:07 PM EVENT: GET_CONFIG ⏎2/27/2021, 11:13:07 PM OPTIONS:
0 [route] [192.168.1.0] [255.255.255.0]
1 [route] [172.0.0.0] [255.255.255.0]
2 [topology] [net30]
3 [ping] [10]
4 [ping-restart] [120]
5 [ifconfig] [172.0.0.6] [172.0.0.5]
⏎2/27/2021, 11:13:07 PM PROTOCOL OPTIONS:
cipher: AES-128-CBC
digest: SHA1
compress: NONE
peer ID: -1
⏎2/27/2021, 11:13:07 PM CAPTURED OPTIONS:
Session Name: thednsname.araknisdns.com
Layer: OSI_LAYER_3
Remote Address: ***.***.***.***
Tunnel Addresses:
172.0.0.6/30 -> 172.0.0.5 [net30]
Reroute Gateway: IPv4=0 IPv6=0 flags=[ IPv4 ]
Block IPv6: no
Add Routes:
192.168.1.0/24
172.0.0.0/24
Exclude Routes:
DNS Servers:
Search Domains:
⏎2/27/2021, 11:13:07 PM EVENT: ASSIGN_IP ⏎2/27/2021, 11:13:07 PM SetupClient: transmitting tun setup list to \\.\pipe\agent_ovpnconnect
{
"confirm_event" : "a013000000000000",
"destroy_event" : "d813000000000000",
"tun" :
{
"adapter_domain_suffix" : "",
"add_routes" :
[
{
"address" : "192.168.1.0",
"gateway" : "",
"ipv6" : false,
"metric" : -1,
"net30" : false,
"prefix_length" : 24
},
{
"address" : "172.0.0.0",
"gateway" : "",
"ipv6" : false,
"metric" : -1,
"net30" : false,
"prefix_length" : 24
}
],
"block_ipv6" : false,
"layer" : 3,
"mtu" : 0,
"remote_address" :
{
"address" : "***.***.***.***",
"ipv6" : false
},
"reroute_gw" :
{
"flags" : 256,
"ipv4" : false,
"ipv6" : false
},
"route_metric_default" : -1,
"session_name" : "thednsname.araknisdns.com",
"tunnel_address_index_ipv4" : 0,
"tunnel_address_index_ipv6" : -1,
"tunnel_addresses" :
[
{
"address" : "172.0.0.6",
"gateway" : "172.0.0.5",
"ipv6" : false,
"metric" : -1,
"net30" : true,
"prefix_length" : 30
}
]
},
"wintun" : false
}
POST np://[\\.\pipe\agent_ovpnconnect]/tun-setup : 200 OK
TAP ADAPTERS:
guid='{80609D91-786D-47C7-ADD5-723078B485D8}' index=11 name='Local Area Connection'
Open TAP device "Local Area Connection" PATH="\\.\Global\{80609D91-786D-47C7-ADD5-723078B485D8}.tap" SUCCEEDED
TAP-Windows Driver Version 9.24
ActionDeleteAllRoutesOnInterface iface_index=11
netsh interface ip set interface 11 metric=1
Ok.
netsh interface ip set address 11 static 172.0.0.6 255.255.255.252 gateway=172.0.0.5 store=active
IPHelper: add route 192.168.1.0/24 11 172.0.0.5 metric=-1
IPHelper: add route 172.0.0.0/24 11 172.0.0.5 metric=-1
ipconfig /flushdns
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
TAP handle: 9c17000000000000
⏎2/27/2021, 11:13:07 PM Connected via TUN_WIN
⏎2/27/2021, 11:13:07 PM EVENT: CONNECTED thednsname.araknisdns.com:1194 (***.***.***.***) via /TCPv4 on TUN_WIN/172.0.0.6/ gw=[172.0.0.5/]⏎