Routing all client traffic through the VPN on Win10 (AGAIN)

This forum is for admins who are looking to build or expand their OpenVPN setup.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
User avatar
UltraFine
OpenVpn Newbie
Posts: 16
Joined: Mon Sep 13, 2021 8:32 pm

Routing all client traffic through the VPN on Win10 (AGAIN)

Post by UltraFine » Mon Sep 13, 2021 9:09 pm

Hi

I nearly got it working, but some little thing seems still missing. I have the follwoing
setup on Windows. My aim is to make all traffic go through Windows OpenVPN server.

The problem is I can connect to the OpenVPN Server but I cannot browse anything.
I get this errors:

Code: Select all

Mon Sep 13 21:58:41 2021 Client1/176.2.32.1:53546 MULTI: bad source address from client [192.168.0.100], packet dropped
I followed the tutorial, ready several posts, enabled Routing and RAS Services, fixed the registry, and forwared port 7777 in ISP-Router1. I also let "OpenVPN TAP-Windows" Adapter of the server use the LAN connection of the Server.

Here is my config as a picture
https://ibb.co/XyKYbct
Image
OpenVPN-Server IP 192.168.2.110, 10.8.0.1 (sits behind a ISP-Router of ISP1)
OpenVPN-Client IP 192.168.0.100, gets 10.8.0.6 (sits behind a ISP-Router of ISP2). Cannot ping 8.8.8.8 or 10.8.0.1

client config:

Code: Select all

client
dev tun
proto tcp
remote 51.123.1.23 7777
resolv-retry infinite
nobind
persist-tun
ca ca.crt
cert client.crt
key client.key
remote-cert-tls server
tls-auth ta.key 1
cipher AES-256-CBC
verb 3
redirect-gateway def1
Server config:

Code: Select all


port 7777
proto tcp4
dev tun
ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\config\\server.crt"
key "C:\\Program Files\\OpenVPN\\config\\server.key"
dh "C:\\Program Files\\OpenVPN\\config\\dh2048.pem"
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100
;server-bridge
;push "route 192.168.10.0 255.255.255.0"
;push "route 192.168.20.0 255.255.255.0"
client-config-dir "C:\\Program Files\\OpenVPN\\config\\ccd"
;route 192.168.40.128 255.255.255.248
;client-config-dir ccd
;route 10.9.0.0 255.255.255.252
;learn-address ./script
;push "redirect-gateway def1 bypass-dhcp"
;push "dhcp-option DNS 208.67.222.222"
;push "dhcp-option DNS 208.67.220.220"
;client-to-client
;duplicate-cn
keepalive 10 120
tls-auth ta.key 0 # This file is secret
cipher AES-256-CBC
;compress lz4-v2
;push "compress lz4-v2"
;comp-lzo
;max-clients 100
;user nobody
;group nobody
persist-key
persist-tun
status openvpn-status.log
;log         openvpn.log
;log-append  openvpn.log
verb 4
;mu
explicit-exit-notify 0
push "redirect-gateway def1"
push "remote-gateway 10.8.0.1"
push "dhcp-option DNS 8.8.8.8"
keepalive 10 60
ccd / DEFAULT config:

Code: Select all

--iroute 192.168.0.0 255.255.255.0

trideep
OpenVpn Newbie
Posts: 9
Joined: Tue Jul 06, 2021 7:05 am

Re: Routing all client traffic through the VPN on Win10 (AGAIN)

Post by trideep » Tue Sep 14, 2021 1:58 am

Did you try removing the two dashes (--) before the only entry at DEFAULT ccd file? Your iroute entry is not being read by the server.

User avatar
UltraFine
OpenVpn Newbie
Posts: 16
Joined: Mon Sep 13, 2021 8:32 pm

Re: Routing all client traffic through the VPN on Win10 (AGAIN)

Post by UltraFine » Tue Sep 14, 2021 2:26 am

@trideep. Good point. I removed the two dashes. Same behaviour though. Nothing changed. Cannot ping 8.8.8.8 or 10.8.0.1. Here is what I see on the server side when I connect:

Code: Select all

Tue Sep 14 04:18:05 2021 Client1/176.2.32.1:60653 MULTI_sva: pool returned IPv4=10.8.0.6, IPv6=(Not enabled)
Tue Sep 14 04:18:05 2021 Client1/176.2.32.1:60653 OPTIONS IMPORT: reading client specific options from: C:\Program Files\OpenVPN\config\ccd\DEFAULT
Tue Sep 14 04:18:05 2021 Client1/176.2.32.1:60653 MULTI: Learn: 10.8.0.6 -> Client1/176.2.32.1:60653
Tue Sep 14 04:18:05 2021 Client1/176.2.32.1:60653 MULTI: primary virtual IP for Client1/176.2.32.1:60653: 10.8.0.6
Tue Sep 14 04:18:05 2021 Client1/176.2.32.1:60653 MULTI: internal route 192.168.0.0/24 -> Client1/176.2.32.1:60653
Tue Sep 14 04:18:05 2021 Client1/176.2.32.1:60653 MULTI: Learn: 192.168.0.0/24 -> Client1/176.2.32.1:60653
Tue Sep 14 04:18:05 2021 Client1/176.2.32.1:60653 Data Channel: using negotiated cipher 'AES-256-GCM'
Tue Sep 14 04:18:05 2021 Client1/176.2.32.1:60653 Data Channel MTU parms [ L:1551 D:1450 EF:51 EB:406 ET:0 EL:3 ]
Tue Sep 14 04:18:05 2021 Client1/176.2.32.1:60653 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Tue Sep 14 04:18:05 2021 Client1/176.2.32.1:60653 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Tue Sep 14 04:18:05 2021 Client1/176.2.32.1:60653 SENT CONTROL [Client1]: 'PUSH_REPLY,redirect-gateway def1,remote-gateway 10.8.0.1,dhcp-option DNS 8.8.8.8,route 10.8.0.1,topology net30,ping 10,ping-restart 60,ifconfig 10.8.0.6 10.8.0.5,peer-id 0,cipher AES-256-GCM' (status=1)
Tue Sep 14 04:18:05 2021 Client1/176.2.32.1:60653 MULTI: bad source address from client [::], packet dropped
Tue Sep 14 04:18:10 2021 Client1/176.2.32.1:60653 MULTI: Learn: 192.168.0.100 -> Client1/176.2.32.1:60653

trideep
OpenVpn Newbie
Posts: 9
Joined: Tue Jul 06, 2021 7:05 am

Re: Routing all client traffic through the VPN on Win10 (AGAIN)

Post by trideep » Tue Sep 14, 2021 3:03 am

I don't know about your NAT configuration but you should at least have ping to 10.8.0.1. May be you could disable windows firewall or any Anti Virus just for a brief diagnosis. I know windows at least block icmp requests by default.

User avatar
UltraFine
OpenVpn Newbie
Posts: 16
Joined: Mon Sep 13, 2021 8:32 pm

Re: Routing all client traffic through the VPN on Win10 (AGAIN)

Post by UltraFine » Tue Sep 14, 2021 8:40 am

- - - S O L V E D - - -

I removed this line from the server-config:

Code: Select all

push "dhcp-option DNS 8.8.8.8"
And it works now. I can connect with my Samsung S7 to the OpenVPN-server using mobile connection and it shows the ServerIP on whatismyip.com.

Interestingly when Samsung S7 is connected to the OpenVPN-Server using the Android OpenVPN App and I open up a Mobile Hotspot, all clients connected to the Mobile Hotspot access the internet with the IP of the mobile conncetion and NOT of the VPN-Server.

Does anyone know, how to route the Mobile Hotspot traffic to the OpenVPN connection of the smartphone?

User avatar
UltraFine
OpenVpn Newbie
Posts: 16
Joined: Mon Sep 13, 2021 8:32 pm

Re: Routing all client traffic through the VPN on Win10 (AGAIN)

Post by UltraFine » Thu Sep 16, 2021 10:29 am

UltraFine wrote:
Tue Sep 14, 2021 8:40 am
- - - S O L V E D - - -

I removed this line from the server-config:

Code: Select all

push "dhcp-option DNS 8.8.8.8"
And it works now. I can connect with my Samsung S7 to the OpenVPN-server using mobile connection and it shows the ServerIP on whatismyip.com.

Interestingly when Samsung S7 is connected to the OpenVPN-Server using the Android OpenVPN App and I open up a Mobile Hotspot, all clients connected to the Mobile Hotspot access the internet with the IP of the mobile conncetion and NOT of the VPN-Server.

Does anyone know, how to route the Mobile Hotspot traffic to the OpenVPN connection of the smartphone?
Jut to answer my own question. For those who might find this post in the archives in future:
I found out that you can fully bridge between Mobile Hotspot and OpenVPN-App on a Samsung S7 smartphone using an App called "VPN Tether". It is a one click prozess. The only thing you need is a rooted device. That app forwards all traffic that arrives at the Mobile Hotspot (from a Windows10 Client) to the VPN connection (VPN-Server). All other apps I tried did not fully forward the traffic because they work with a local proxy that they create on the Smartphone and force you to connect to that proxy. For instance by changing the Windows Internetoptions. Thus only HTTP traffic gets forwareded to OpenVPN Server.

mjans71
OpenVpn Newbie
Posts: 3
Joined: Fri Sep 17, 2021 6:25 pm

Re: Routing all client traffic through the VPN on Win10 (AGAIN)

Post by mjans71 » Fri Sep 17, 2021 7:39 pm

I followed the tutorial, ready several posts, enabled Routing and RAS Services, fixed the registry, and forwared port 7777 in ISP-Router1. I also let "OpenVPN TAP-Windows" Adapter of the server use the LAN connection of the Server.
Having issues on Windows. Can you post the links of articles you found helpful and that detail fixing the registry and forwarding port 7777 ?

Post Reply