client connect to openvpn on W10 server but no internet

This forum is for admins who are looking to build or expand their OpenVPN setup.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
derrickearly
OpenVpn Newbie
Posts: 14
Joined: Fri Oct 08, 2021 8:01 pm

client connect to openvpn on W10 server but no internet

Post by derrickearly » Sat Oct 09, 2021 10:37 pm

I followed the steps in viewtopic.php?f=7&t=7806.

server.ovpn

Code: Select all

local 192.168.1.175
port 1194
proto udp
dev tun
server 10.8.0.0 255.255.255.0
ca ca.crt
cert mrtuxVPN.crt
key mrtuxVPN.key  # This file should be kept secret
dh dh.pem
tls-auth ta_new.key 0 # This file is secret
# push "redirect-gateway def1"
push "redirect-gateway local def1"
push "dhcp-option DNS 8.8.8.8"      
keepalive 10 120
comp-lzo                   
persist-key
persist-tun
verb 4
client.ovpn

Code: Select all

client
dev tun
proto udp
remote x.x.x 1194
resolv-retry infinite
nobind
persist-key
persist-tun

comp-lzo
verb 3
explicit-exit-notify 2
ping 10
ping-restart 60

route-method exe
route-delay 2

<ca>
</ca>
<cert>
</cert>
<key>
</key>
remote-cert-tls server
tls-auth [inline] 1
<tls-auth>
</tls-auth>
verb 4
[/cond]
Last edited by derrickearly on Sat Oct 09, 2021 10:59 pm, edited 3 times in total.

derrickearly
OpenVpn Newbie
Posts: 14
Joined: Fri Oct 08, 2021 8:01 pm

Re: client connect to openvpn server but no internet

Post by derrickearly » Sat Oct 09, 2021 10:42 pm

Here is my server log:

Code: Select all

2021-10-09 18:06:38 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
2021-10-09 18:06:38 us=828000 WARNING: --topology net30 support for server configs with IPv4 pools will be removed in a future release. Please migrate to --topology subnet as soon as possible.
2021-10-09 18:06:38 us=828000 --cipher is not set. Previous OpenVPN version defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers-fallback BF-CBC' to your configuration and/or add BF-CBC to --data-ciphers.
2021-10-09 18:06:38 us=843000 OpenVPN 2.5.4 Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Oct  5 2021
2021-10-09 18:06:38 us=843000 Windows version 10.0 (Windows 10 or greater) 64bit
2021-10-09 18:06:38 us=843000 library versions: OpenSSL 1.1.1k  25 Mar 2021, LZO 2.10
2021-10-09 18:06:38 us=843000 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25343
2021-10-09 18:06:38 us=843000 Need hold release from management interface, waiting...
2021-10-09 18:06:39 us=250000 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25343
2021-10-09 18:06:39 us=359000 MANAGEMENT: CMD 'state on'
2021-10-09 18:06:39 us=359000 MANAGEMENT: CMD 'log all on'
2021-10-09 18:06:39 us=703000 MANAGEMENT: CMD 'echo all on'
2021-10-09 18:06:39 us=703000 MANAGEMENT: CMD 'bytecount 5'
2021-10-09 18:06:39 us=718000 MANAGEMENT: CMD 'hold off'
2021-10-09 18:06:39 us=718000 MANAGEMENT: CMD 'hold release'
2021-10-09 18:06:39 us=718000 NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x.  Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
2021-10-09 18:06:39 us=734000 Diffie-Hellman initialized with 2048 bit key
2021-10-09 18:06:39 us=750000 MANAGEMENT: CMD 'password [...]'
2021-10-09 18:06:39 us=750000 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2021-10-09 18:06:39 us=750000 Your OpenSSL library was built without elliptic curve support. Skipping ECDH parameter loading.
2021-10-09 18:06:39 us=765000 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2021-10-09 18:06:39 us=765000 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2021-10-09 18:06:39 us=765000 TLS-Auth MTU parms [ L:1622 D:1184 EF:66 EB:0 ET:0 EL:3 ]
2021-10-09 18:06:39 us=765000 interactive service msg_channel=768
2021-10-09 18:06:39 us=765000 ROUTE_GATEWAY 192.168.1.1/255.255.255.0 I=17 HWADDR=18:a9:05:22:e1:cf
2021-10-09 18:06:39 us=765000 open_tun
2021-10-09 18:06:39 us=781000 tap-windows6 device [OpenVPN TAP-Windows6] opened
2021-10-09 18:06:39 us=781000 TAP-Windows Driver Version 9.24 
2021-10-09 18:06:39 us=781000 TAP-Windows MTU=1500
2021-10-09 18:06:39 us=781000 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.8.0.1/255.255.255.252 on interface {873FEC21-4CD2-4519-9A03-26F944F551DC} [DHCP-serv: 10.8.0.2, lease-time: 31536000]
2021-10-09 18:06:39 us=781000 Sleeping for 10 seconds...
2021-10-09 18:06:49 us=890000 Successful ARP Flush on interface [15] {873FEC21-4CD2-4519-9A03-26F944F551DC}
2021-10-09 18:06:49 us=890000 do_ifconfig, ipv4=1, ipv6=0
2021-10-09 18:06:49 us=890000 MANAGEMENT: >STATE:1633817209,ASSIGN_IP,,10.8.0.1,,,,
2021-10-09 18:06:49 us=890000 IPv4 MTU set to 1500 on interface 15 using service
2021-10-09 18:06:49 us=890000 MANAGEMENT: >STATE:1633817209,ADD_ROUTES,,,,,,
2021-10-09 18:06:49 us=890000 C:\WINDOWS\system32\route.exe ADD 10.8.0.0 MASK 255.255.255.0 10.8.0.2
2021-10-09 18:06:49 us=906000 Route addition via service succeeded
2021-10-09 18:06:49 us=906000 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 ]
2021-10-09 18:06:49 us=906000 Could not determine IPv4/IPv6 protocol. Using AF_INET
2021-10-09 18:06:49 us=906000 Socket Buffers: R=[65536->65536] S=[65536->65536]
2021-10-09 18:06:49 us=906000 UDPv4 link local (bound): [AF_INET]192.168.1.175:1194
2021-10-09 18:06:49 us=906000 UDPv4 link remote: [AF_UNSPEC]
2021-10-09 18:06:49 us=906000 MULTI: multi_init called, r=256 v=256
2021-10-09 18:06:49 us=906000 IFCONFIG POOL IPv4: base=10.8.0.4 size=62
2021-10-09 18:06:49 us=906000 Initialization Sequence Completed
2021-10-09 18:06:49 us=906000 MANAGEMENT: >STATE:1633817209,CONNECTED,SUCCESS,10.8.0.1,,,192.168.1.175,1194
2021-10-09 18:20:03 us=484000 MULTI: multi_create_instance called
2021-10-09 18:20:03 us=484000 xxx.xxx.xxx.xxx:59257 Re-using SSL/TLS context
2021-10-09 18:20:03 us=484000 xxx.xxx.xxx.xxx:59257 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2021-10-09 18:20:03 us=484000 xxx.xxx.xxx.xxx:59257 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2021-10-09 18:20:03 us=484000 xxx.xxx.xxx.xxx:59257 LZO compression initializing
2021-10-09 18:20:03 us=484000 xxx.xxx.xxx.xxx:59257 Control Channel MTU parms [ L:1622 D:1184 EF:66 EB:0 ET:0 EL:3 ]
2021-10-09 18:20:03 us=484000 xxx.xxx.xxx.xxx:59257 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 ]
2021-10-09 18:20:03 us=484000 xxx.xxx.xxx.xxx:59257 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server'
2021-10-09 18:20:03 us=484000 xxx.xxx.xxx.xxx:59257 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client'
2021-10-09 18:20:03 us=484000 xxx.xxx.xxx.xxx:59257 TLS: Initial packet from [AF_INET]xxx.xxx.xxx.xxx:59257, sid=abf687b6 022c2cde
2021-10-09 18:20:03 us=500000 xxx.xxx.xxx.xxx:59257 VERIFY OK: depth=1, CN=mrtux-CA
2021-10-09 18:20:03 us=500000 xxx.xxx.xxx.xxx:59257 VERIFY OK: depth=0, CN=client
2021-10-09 18:20:03 us=500000 xxx.xxx.xxx.xxx:59257 peer info: IV_VER=2.5..4
2021-10-09 18:20:03 us=500000 xxx.xxx.xxx.xxx:59257 peer info: IV_PLAT=win
2021-10-09 18:20:03 us=500000 xxx.xxx.xxx.xxx:59257 peer info: IV_PROTO=6
2021-10-09 18:20:03 us=500000 xxx.xxx.xxx.xxx:59257 peer info: IV_NCP=2
2021-10-09 18:20:03 us=500000 xxx.xxx.xxx.xxx:59257 peer info: IV_CIPHERS=AES-256-GCM:AES-128-GCM
2021-10-09 18:20:03 us=500000 xxx.xxx.xxx.xxx:59257 peer info: IV_LZ4=1
2021-10-09 18:20:03 us=500000 xxx.xxx.xxx.xxx:59257 peer info: IV_LZ4v2=1
2021-10-09 18:20:03 us=500000 xxx.xxx.xxx.xxx:59257 peer info: IV_LZO=1
2021-10-09 18:20:03 us=500000 xxx.xxx.xxx.xxx:59257 peer info: IV_COMP_STUB=1
2021-10-09 18:20:03 us=500000 xxx.xxx.xxx.xxx:59257 peer info: IV_COMP_STUBv2=1
2021-10-09 18:20:03 us=500000 xxx.xxx.xxx.xxx:59257 peer info: IV_TCPNL=1
2021-10-09 18:20:03 us=500000 xxx.xxx.xxx.xxx:59257 peer info: IV_GUI_VER=OpenVPN_GUI_11
2021-10-09 18:20:03 us=500000 xxx.xxx.xxx.xxx:59257 peer info: IV_SSO=openurl,crtext
2021-10-09 18:20:03 us=515000 xxx.xxx.xxx.xxx:59257 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256
2021-10-09 18:20:03 us=515000 xxx.xxx.xxx.xxx:59257 [client] Peer Connection Initiated with [AF_INET]xxx.xxx.xxx.xxx:59257
2021-10-09 18:20:03 us=515000 client/xxx.xxx.xxx.xxx:59257 MULTI_sva: pool returned IPv4=10.8.0.6, IPv6=(Not enabled)
2021-10-09 18:20:03 us=515000 client/xxx.xxx.xxx.xxx:59257 MULTI: Learn: 10.8.0.6 -> client/xxx.xxx.xxx.xxx:59257
2021-10-09 18:20:03 us=515000 client/xxx.xxx.xxx.xxx:59257 MULTI: primary virtual IP for client/xxx.xxx.xxx.xxx:59257: 10.8.0.6
2021-10-09 18:20:03 us=515000 client/xxx.xxx.xxx.xxx:59257 Data Channel: using negotiated cipher 'AES-256-GCM'
2021-10-09 18:20:03 us=515000 client/xxx.xxx.xxx.xxx:59257 Data Channel MTU parms [ L:1550 D:1450 EF:50 EB:406 ET:0 EL:3 ]
2021-10-09 18:20:03 us=515000 client/xxx.xxx.xxx.xxx:59257 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2021-10-09 18:20:03 us=515000 client/xxx.xxx.xxx.xxx:59257 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2021-10-09 18:20:03 us=515000 client/xxx.xxx.xxx.xxx:59257 SENT CONTROL [client]: 'PUSH_REPLY,redirect-gateway local def1,dhcp-option DNS 8.8.8.8,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5,peer-id 0,cipher AES-256-GCM' (status=1)
2021-10-09 18:20:03 us=875000 client/xxx.xxx.xxx.xxx:59257 MULTI: bad source address from client [::], packet dropped
2021-10-09 18:24:04 us=875000 client/xxx.xxx.xxx.xxx:59257 [client] Inactivity timeout (--ping-restart), restarting
2021-10-09 18:24:04 us=875000 client/xxx.xxx.xxx.xxx:59257 SIGUSR1[soft,ping-restart] received, client-instance restarting
2021-10-09 18:24:41 us=515000 MULTI: multi_create_instance called
2021-10-09 18:24:41 us=515000 xxx.xxx.xxx.xxx:51809 Re-using SSL/TLS context
2021-10-09 18:24:41 us=515000 xxx.xxx.xxx.xxx:51809 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2021-10-09 18:24:41 us=515000 xxx.xxx.xxx.xxx:51809 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2021-10-09 18:24:41 us=515000 xxx.xxx.xxx.xxx:51809 LZO compression initializing
2021-10-09 18:24:41 us=515000 xxx.xxx.xxx.xxx:51809 Control Channel MTU parms [ L:1622 D:1184 EF:66 EB:0 ET:0 EL:3 ]
2021-10-09 18:24:41 us=515000 xxx.xxx.xxx.xxx:51809 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 ]
2021-10-09 18:24:41 us=515000 xxx.xxx.xxx.xxx:51809 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server'
2021-10-09 18:24:41 us=515000 xxx.xxx.xxx.xxx:51809 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client'
2021-10-09 18:24:41 us=515000 xxx.xxx.xxx.xxx:51809 TLS: Initial packet from [AF_INET]xxx.xxx.xxx.xxx:51809, sid=a972ca11 45181788
2021-10-09 18:24:41 us=531000 xxx.xxx.xxx.xxx:51809 VERIFY OK: depth=1, CN=mrtux-CA
2021-10-09 18:24:41 us=531000 xxx.xxx.xxx.xxx:51809 VERIFY OK: depth=0, CN=client
2021-10-09 18:24:41 us=531000 xxx.xxx.xxx.xxx:51809 peer info: IV_VER=2.5..4
2021-10-09 18:24:41 us=531000 xxx.xxx.xxx.xxx:51809 peer info: IV_PLAT=win
2021-10-09 18:24:41 us=531000 xxx.xxx.xxx.xxx:51809 peer info: IV_PROTO=6
2021-10-09 18:24:41 us=531000 xxx.xxx.xxx.xxx:51809 peer info: IV_NCP=2
2021-10-09 18:24:41 us=531000 xxx.xxx.xxx.xxx:51809 peer info: IV_CIPHERS=AES-256-GCM:AES-128-GCM
2021-10-09 18:24:41 us=531000 xxx.xxx.xxx.xxx:51809 peer info: IV_LZ4=1
2021-10-09 18:24:41 us=531000 xxx.xxx.xxx.xxx:51809 peer info: IV_LZ4v2=1
2021-10-09 18:24:41 us=531000 xxx.xxx.xxx.xxx:51809 peer info: IV_LZO=1
2021-10-09 18:24:41 us=531000 xxx.xxx.xxx.xxx:51809 peer info: IV_COMP_STUB=1
2021-10-09 18:24:41 us=531000 xxx.xxx.xxx.xxx:51809 peer info: IV_COMP_STUBv2=1
2021-10-09 18:24:41 us=531000 xxx.xxx.xxx.xxx:51809 peer info: IV_TCPNL=1
2021-10-09 18:24:41 us=531000 xxx.xxx.xxx.xxx:51809 peer info: IV_GUI_VER=OpenVPN_GUI_11
2021-10-09 18:24:41 us=531000 xxx.xxx.xxx.xxx:51809 peer info: IV_SSO=openurl,crtext
2021-10-09 18:24:41 us=531000 xxx.xxx.xxx.xxx:51809 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256
2021-10-09 18:24:41 us=531000 xxx.xxx.xxx.xxx:51809 [client] Peer Connection Initiated with [AF_INET]xxx.xxx.xxx.xxx:51809
2021-10-09 18:24:41 us=531000 client/xxx.xxx.xxx.xxx:51809 MULTI_sva: pool returned IPv4=10.8.0.6, IPv6=(Not enabled)
2021-10-09 18:24:41 us=531000 client/xxx.xxx.xxx.xxx:51809 MULTI: Learn: 10.8.0.6 -> client/xxx.xxx.xxx.xxx:51809
2021-10-09 18:24:41 us=531000 client/xxx.xxx.xxx.xxx:51809 MULTI: primary virtual IP for client/xxx.xxx.xxx.xxx:51809: 10.8.0.6
2021-10-09 18:24:41 us=531000 client/xxx.xxx.xxx.xxx:51809 Data Channel: using negotiated cipher 'AES-256-GCM'
2021-10-09 18:24:41 us=531000 client/xxx.xxx.xxx.xxx:51809 Data Channel MTU parms [ L:1550 D:1450 EF:50 EB:406 ET:0 EL:3 ]
2021-10-09 18:24:41 us=531000 client/xxx.xxx.xxx.xxx:51809 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2021-10-09 18:24:41 us=531000 client/xxx.xxx.xxx.xxx:51809 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2021-10-09 18:24:41 us=531000 client/xxx.xxx.xxx.xxx:51809 SENT CONTROL [client]: 'PUSH_REPLY,redirect-gateway local def1,dhcp-option DNS 8.8.8.8,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5,peer-id 0,cipher AES-256-GCM' (status=1)
2021-10-09 18:24:42 us=390000 client/xxx.xxx.xxx.xxx:51809 MULTI: bad source address from client [::], packet dropped
2021-10-09 18:26:32 us=593000 TCP/UDP: Closing socket
2021-10-09 18:26:32 us=593000 C:\WINDOWS\system32\route.exe DELETE 10.8.0.0 MASK 255.255.255.0 10.8.0.2
2021-10-09 18:26:32 us=593000 Route deletion via service succeeded
2021-10-09 18:26:32 us=593000 Closing TUN/TAP interface
2021-10-09 18:26:32 us=656000 TAP: DHCP address released
2021-10-09 18:26:32 us=656000 SIGTERM[hard,] received, process exiting
2021-10-09 18:26:32 us=656000 MANAGEMENT: >STATE:1633818392,EXITING,SIGTERM,,,,,
Last edited by derrickearly on Sat Oct 09, 2021 10:57 pm, edited 3 times in total.

derrickearly
OpenVpn Newbie
Posts: 14
Joined: Fri Oct 08, 2021 8:01 pm

Re: client connect to openvpn server but no internet

Post by derrickearly » Sat Oct 09, 2021 10:44 pm

And the client log.

Code: Select all

2021-10-09 18:20:01 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
2021-10-09 18:20:01 us=687000 --cipher is not set. Previous OpenVPN version defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers-fallback BF-CBC' to your configuration and/or add BF-CBC to --data-ciphers.
2021-10-09 18:20:01 us=687000 Current Parameter Settings:
2021-10-09 18:20:01 us=687000   config = 'client_clean.ovpn'
2021-10-09 18:20:01 us=687000   mode = 0
2021-10-09 18:20:01 us=687000   show_ciphers = DISABLED
2021-10-09 18:20:01 us=687000   show_digests = DISABLED
2021-10-09 18:20:01 us=687000   show_engines = DISABLED
2021-10-09 18:20:01 us=687000   genkey = DISABLED
2021-10-09 18:20:01 us=687000   genkey_filename = '[UNDEF]'
2021-10-09 18:20:01 us=687000   key_pass_file = '[UNDEF]'
2021-10-09 18:20:01 us=687000   show_tls_ciphers = DISABLED
2021-10-09 18:20:01 us=687000   connect_retry_max = 0
2021-10-09 18:20:01 us=687000 Connection profiles [0]:
2021-10-09 18:20:01 us=687000   proto = udp
2021-10-09 18:20:01 us=687000   local = '[UNDEF]'
2021-10-09 18:20:01 us=687000   local_port = '[UNDEF]'
2021-10-09 18:20:01 us=687000   remote = 'mrtuxvpn.ddnsfree.com'
2021-10-09 18:20:01 us=687000   remote_port = '1194'
2021-10-09 18:20:01 us=687000   remote_float = DISABLED
2021-10-09 18:20:01 us=687000   bind_defined = DISABLED
2021-10-09 18:20:01 us=687000   bind_local = DISABLED
2021-10-09 18:20:01 us=687000   bind_ipv6_only = DISABLED
2021-10-09 18:20:01 us=687000   connect_retry_seconds = 5
2021-10-09 18:20:01 us=687000   connect_timeout = 120
2021-10-09 18:20:01 us=687000   socks_proxy_server = '[UNDEF]'
2021-10-09 18:20:01 us=687000   socks_proxy_port = '[UNDEF]'
2021-10-09 18:20:01 us=687000   tun_mtu = 1500
2021-10-09 18:20:01 us=687000   tun_mtu_defined = ENABLED
2021-10-09 18:20:01 us=687000   link_mtu = 1500
2021-10-09 18:20:01 us=687000   link_mtu_defined = DISABLED
2021-10-09 18:20:01 us=687000   tun_mtu_extra = 0
2021-10-09 18:20:01 us=687000   tun_mtu_extra_defined = DISABLED
2021-10-09 18:20:01 us=687000   mtu_discover_type = -1
2021-10-09 18:20:01 us=687000   fragment = 0
2021-10-09 18:20:01 us=687000   mssfix = 1450
2021-10-09 18:20:01 us=687000   explicit_exit_notification = 2
2021-10-09 18:20:01 us=687000   tls_auth_file = '[INLINE]'
2021-10-09 18:20:01 us=687000   key_direction = 1
2021-10-09 18:20:01 us=687000   tls_crypt_file = '[UNDEF]'
2021-10-09 18:20:01 us=687000   tls_crypt_v2_file = '[UNDEF]'
2021-10-09 18:20:01 us=687000 Connection profiles END
2021-10-09 18:20:01 us=687000   remote_random = DISABLED
2021-10-09 18:20:01 us=687000   ipchange = '[UNDEF]'
2021-10-09 18:20:01 us=687000   dev = 'tun'
2021-10-09 18:20:01 us=687000   dev_type = '[UNDEF]'
2021-10-09 18:20:01 us=687000   dev_node = '[UNDEF]'
2021-10-09 18:20:01 us=687000   lladdr = '[UNDEF]'
2021-10-09 18:20:01 us=687000   topology = 1
2021-10-09 18:20:01 us=687000   ifconfig_local = '[UNDEF]'
2021-10-09 18:20:01 us=687000   ifconfig_remote_netmask = '[UNDEF]'
2021-10-09 18:20:01 us=687000   ifconfig_noexec = DISABLED
2021-10-09 18:20:01 us=687000   ifconfig_nowarn = DISABLED
2021-10-09 18:20:01 us=687000   ifconfig_ipv6_local = '[UNDEF]'
2021-10-09 18:20:01 us=687000   ifconfig_ipv6_netbits = 0
2021-10-09 18:20:01 us=687000   ifconfig_ipv6_remote = '[UNDEF]'
2021-10-09 18:20:01 us=687000   shaper = 0
2021-10-09 18:20:01 us=687000   mtu_test = 0
2021-10-09 18:20:01 us=687000   mlock = DISABLED
2021-10-09 18:20:01 us=687000   keepalive_ping = 0
2021-10-09 18:20:01 us=687000   keepalive_timeout = 0
2021-10-09 18:20:01 us=687000   inactivity_timeout = 0
2021-10-09 18:20:01 us=687000   ping_send_timeout = 10
2021-10-09 18:20:01 us=687000   ping_rec_timeout = 60
2021-10-09 18:20:01 us=687000   ping_rec_timeout_action = 2
2021-10-09 18:20:01 us=687000   ping_timer_remote = DISABLED
2021-10-09 18:20:01 us=687000   remap_sigusr1 = 0
2021-10-09 18:20:01 us=687000   persist_tun = ENABLED
2021-10-09 18:20:01 us=687000   persist_local_ip = DISABLED
2021-10-09 18:20:01 us=687000   persist_remote_ip = DISABLED
2021-10-09 18:20:01 us=687000   persist_key = ENABLED
2021-10-09 18:20:01 us=687000   passtos = DISABLED
2021-10-09 18:20:01 us=687000   resolve_retry_seconds = 1000000000
2021-10-09 18:20:01 us=687000   resolve_in_advance = DISABLED
2021-10-09 18:20:01 us=687000   username = '[UNDEF]'
2021-10-09 18:20:01 us=687000   groupname = '[UNDEF]'
2021-10-09 18:20:01 us=687000   chroot_dir = '[UNDEF]'
2021-10-09 18:20:01 us=687000   cd_dir = '[UNDEF]'
2021-10-09 18:20:01 us=687000   writepid = '[UNDEF]'
2021-10-09 18:20:01 us=687000   up_script = '[UNDEF]'
2021-10-09 18:20:01 us=687000   down_script = '[UNDEF]'
2021-10-09 18:20:01 us=687000   down_pre = DISABLED
2021-10-09 18:20:01 us=687000   up_restart = DISABLED
2021-10-09 18:20:01 us=687000   up_delay = DISABLED
2021-10-09 18:20:01 us=687000   daemon = DISABLED
2021-10-09 18:20:01 us=687000   inetd = 0
2021-10-09 18:20:01 us=687000   log = ENABLED
2021-10-09 18:20:01 us=687000   suppress_timestamps = DISABLED
2021-10-09 18:20:01 us=687000   machine_readable_output = DISABLED
2021-10-09 18:20:01 us=687000   nice = 0
2021-10-09 18:20:01 us=687000   verbosity = 4
2021-10-09 18:20:01 us=687000   mute = 0
2021-10-09 18:20:01 us=687000   gremlin = 0
2021-10-09 18:20:01 us=687000   status_file = '[UNDEF]'
2021-10-09 18:20:01 us=687000   status_file_version = 1
2021-10-09 18:20:01 us=687000   status_file_update_freq = 60
2021-10-09 18:20:01 us=687000   occ = ENABLED
2021-10-09 18:20:01 us=687000   rcvbuf = 0
2021-10-09 18:20:01 us=687000   sndbuf = 0
2021-10-09 18:20:01 us=687000   sockflags = 0
2021-10-09 18:20:01 us=687000   fast_io = DISABLED
2021-10-09 18:20:01 us=687000   comp.alg = 2
2021-10-09 18:20:01 us=687000   comp.flags = 1
2021-10-09 18:20:01 us=687000   route_script = '[UNDEF]'
2021-10-09 18:20:01 us=687000   route_default_gateway = '[UNDEF]'
2021-10-09 18:20:01 us=687000   route_default_metric = 0
2021-10-09 18:20:01 us=687000   route_noexec = DISABLED
2021-10-09 18:20:01 us=687000   route_delay = 2
2021-10-09 18:20:01 us=687000   route_delay_window = 30
2021-10-09 18:20:01 us=687000   route_delay_defined = ENABLED
2021-10-09 18:20:01 us=687000   route_nopull = DISABLED
2021-10-09 18:20:01 us=687000   route_gateway_via_dhcp = DISABLED
2021-10-09 18:20:01 us=687000   allow_pull_fqdn = DISABLED
2021-10-09 18:20:01 us=687000   Pull filters:
2021-10-09 18:20:01 us=687000     ignore "route-method"
2021-10-09 18:20:01 us=687000   management_addr = '127.0.0.1'
2021-10-09 18:20:01 us=687000   management_port = '25340'
2021-10-09 18:20:01 us=687000   management_user_pass = 'stdin'
2021-10-09 18:20:01 us=687000   management_log_history_cache = 250
2021-10-09 18:20:01 us=687000   management_echo_buffer_size = 100
2021-10-09 18:20:01 us=687000   management_write_peer_info_file = '[UNDEF]'
2021-10-09 18:20:01 us=687000   management_client_user = '[UNDEF]'
2021-10-09 18:20:01 us=687000   management_client_group = '[UNDEF]'
2021-10-09 18:20:01 us=687000   management_flags = 6
2021-10-09 18:20:01 us=687000   shared_secret_file = '[UNDEF]'
2021-10-09 18:20:01 us=687000   key_direction = 1
2021-10-09 18:20:01 us=687000   ciphername = 'BF-CBC'
2021-10-09 18:20:01 us=687000   ncp_enabled = ENABLED
2021-10-09 18:20:01 us=687000   ncp_ciphers = 'AES-256-GCM:AES-128-GCM'
2021-10-09 18:20:01 us=687000   authname = 'SHA1'
2021-10-09 18:20:01 us=687000   prng_hash = 'SHA1'
2021-10-09 18:20:01 us=687000   prng_nonce_secret_len = 16
2021-10-09 18:20:01 us=687000   keysize = 0
2021-10-09 18:20:01 us=687000   engine = DISABLED
2021-10-09 18:20:01 us=687000   replay = ENABLED
2021-10-09 18:20:01 us=687000   mute_replay_warnings = DISABLED
2021-10-09 18:20:01 us=687000   replay_window = 64
2021-10-09 18:20:01 us=687000   replay_time = 15
2021-10-09 18:20:01 us=687000   packet_id_file = '[UNDEF]'
2021-10-09 18:20:01 us=687000   test_crypto = DISABLED
2021-10-09 18:20:01 us=687000   tls_server = DISABLED
2021-10-09 18:20:01 us=687000   tls_client = ENABLED
2021-10-09 18:20:01 us=687000   ca_file = '[INLINE]'
2021-10-09 18:20:01 us=687000   ca_path = '[UNDEF]'
2021-10-09 18:20:01 us=687000   dh_file = '[UNDEF]'
2021-10-09 18:20:01 us=687000   cert_file = '[INLINE]'
2021-10-09 18:20:01 us=687000   extra_certs_file = '[UNDEF]'
2021-10-09 18:20:01 us=687000   priv_key_file = '[INLINE]'
2021-10-09 18:20:01 us=687000   pkcs12_file = '[UNDEF]'
2021-10-09 18:20:01 us=687000   cryptoapi_cert = '[UNDEF]'
2021-10-09 18:20:01 us=687000   cipher_list = '[UNDEF]'
2021-10-09 18:20:01 us=687000   cipher_list_tls13 = '[UNDEF]'
2021-10-09 18:20:01 us=687000   tls_cert_profile = '[UNDEF]'
2021-10-09 18:20:01 us=687000   tls_verify = '[UNDEF]'
2021-10-09 18:20:01 us=687000   tls_export_cert = '[UNDEF]'
2021-10-09 18:20:01 us=687000   verify_x509_type = 0
2021-10-09 18:20:01 us=687000   verify_x509_name = '[UNDEF]'
2021-10-09 18:20:01 us=687000   crl_file = '[UNDEF]'
2021-10-09 18:20:01 us=687000   ns_cert_type = 0
2021-10-09 18:20:01 us=687000   remote_cert_ku[i] = 65535
2021-10-09 18:20:01 us=687000   remote_cert_ku[i] = 0
2021-10-09 18:20:01 us=687000   remote_cert_ku[i] = 0
2021-10-09 18:20:01 us=687000   remote_cert_ku[i] = 0
2021-10-09 18:20:01 us=687000   remote_cert_ku[i] = 0
2021-10-09 18:20:01 us=687000   remote_cert_ku[i] = 0
2021-10-09 18:20:01 us=687000   remote_cert_ku[i] = 0
2021-10-09 18:20:01 us=687000   remote_cert_ku[i] = 0
2021-10-09 18:20:01 us=687000   remote_cert_ku[i] = 0
2021-10-09 18:20:01 us=687000   remote_cert_ku[i] = 0
2021-10-09 18:20:01 us=687000   remote_cert_ku[i] = 0
2021-10-09 18:20:01 us=687000   remote_cert_ku[i] = 0
2021-10-09 18:20:01 us=687000   remote_cert_ku[i] = 0
2021-10-09 18:20:01 us=687000   remote_cert_ku[i] = 0
2021-10-09 18:20:01 us=687000   remote_cert_ku[i] = 0
2021-10-09 18:20:01 us=687000   remote_cert_ku[i] = 0
2021-10-09 18:20:01 us=687000   remote_cert_eku = 'TLS Web Server Authentication'
2021-10-09 18:20:01 us=687000   ssl_flags = 0
2021-10-09 18:20:01 us=687000   tls_timeout = 2
2021-10-09 18:20:01 us=687000   renegotiate_bytes = -1
2021-10-09 18:20:01 us=687000   renegotiate_packets = 0
2021-10-09 18:20:01 us=687000   renegotiate_seconds = 3600
2021-10-09 18:20:01 us=687000   handshake_window = 60
2021-10-09 18:20:01 us=687000   transition_window = 3600
2021-10-09 18:20:01 us=687000   single_session = DISABLED
2021-10-09 18:20:01 us=687000   push_peer_info = DISABLED
2021-10-09 18:20:01 us=687000   tls_exit = DISABLED
2021-10-09 18:20:01 us=687000   tls_crypt_v2_metadata = '[UNDEF]'
2021-10-09 18:20:01 us=687000   pkcs11_protected_authentication = DISABLED
2021-10-09 18:20:01 us=687000   pkcs11_protected_authentication = DISABLED
2021-10-09 18:20:01 us=687000   pkcs11_protected_authentication = DISABLED
2021-10-09 18:20:01 us=687000   pkcs11_protected_authentication = DISABLED
2021-10-09 18:20:01 us=687000   pkcs11_protected_authentication = DISABLED
2021-10-09 18:20:01 us=687000   pkcs11_protected_authentication = DISABLED
2021-10-09 18:20:01 us=687000   pkcs11_protected_authentication = DISABLED
2021-10-09 18:20:01 us=687000   pkcs11_protected_authentication = DISABLED
2021-10-09 18:20:01 us=687000   pkcs11_protected_authentication = DISABLED
2021-10-09 18:20:01 us=687000   pkcs11_protected_authentication = DISABLED
2021-10-09 18:20:01 us=687000   pkcs11_protected_authentication = DISABLED
2021-10-09 18:20:01 us=687000   pkcs11_protected_authentication = DISABLED
2021-10-09 18:20:01 us=687000   pkcs11_protected_authentication = DISABLED
2021-10-09 18:20:01 us=687000   pkcs11_protected_authentication = DISABLED
2021-10-09 18:20:01 us=687000   pkcs11_protected_authentication = DISABLED
2021-10-09 18:20:01 us=687000   pkcs11_protected_authentication = DISABLED
2021-10-09 18:20:01 us=687000   pkcs11_private_mode = 00000000
2021-10-09 18:20:01 us=687000   pkcs11_private_mode = 00000000
2021-10-09 18:20:01 us=687000   pkcs11_private_mode = 00000000
2021-10-09 18:20:01 us=687000   pkcs11_private_mode = 00000000
2021-10-09 18:20:01 us=687000   pkcs11_private_mode = 00000000
2021-10-09 18:20:01 us=687000   pkcs11_private_mode = 00000000
2021-10-09 18:20:01 us=687000   pkcs11_private_mode = 00000000
2021-10-09 18:20:01 us=687000   pkcs11_private_mode = 00000000
2021-10-09 18:20:01 us=687000   pkcs11_private_mode = 00000000
2021-10-09 18:20:01 us=687000   pkcs11_private_mode = 00000000
2021-10-09 18:20:01 us=687000   pkcs11_private_mode = 00000000
2021-10-09 18:20:01 us=687000   pkcs11_private_mode = 00000000
2021-10-09 18:20:01 us=687000   pkcs11_private_mode = 00000000
2021-10-09 18:20:01 us=687000   pkcs11_private_mode = 00000000
2021-10-09 18:20:01 us=687000   pkcs11_private_mode = 00000000
2021-10-09 18:20:01 us=687000   pkcs11_private_mode = 00000000
2021-10-09 18:20:01 us=687000   pkcs11_cert_private = DISABLED
2021-10-09 18:20:01 us=687000   pkcs11_cert_private = DISABLED
2021-10-09 18:20:01 us=687000   pkcs11_cert_private = DISABLED
2021-10-09 18:20:01 us=687000   pkcs11_cert_private = DISABLED
2021-10-09 18:20:01 us=687000   pkcs11_cert_private = DISABLED
2021-10-09 18:20:01 us=687000   pkcs11_cert_private = DISABLED
2021-10-09 18:20:01 us=687000   pkcs11_cert_private = DISABLED
2021-10-09 18:20:01 us=687000   pkcs11_cert_private = DISABLED
2021-10-09 18:20:01 us=687000   pkcs11_cert_private = DISABLED
2021-10-09 18:20:01 us=687000   pkcs11_cert_private = DISABLED
2021-10-09 18:20:01 us=687000   pkcs11_cert_private = DISABLED
2021-10-09 18:20:01 us=687000   pkcs11_cert_private = DISABLED
2021-10-09 18:20:01 us=687000   pkcs11_cert_private = DISABLED
2021-10-09 18:20:01 us=687000   pkcs11_cert_private = DISABLED
2021-10-09 18:20:01 us=687000   pkcs11_cert_private = DISABLED
2021-10-09 18:20:01 us=687000   pkcs11_cert_private = DISABLED
2021-10-09 18:20:01 us=687000   pkcs11_pin_cache_period = -1
2021-10-09 18:20:01 us=687000   pkcs11_id = '[UNDEF]'
2021-10-09 18:20:01 us=687000   pkcs11_id_management = DISABLED
2021-10-09 18:20:01 us=687000   server_network = 0.0.0.0
2021-10-09 18:20:01 us=687000   server_netmask = 0.0.0.0
2021-10-09 18:20:01 us=687000   server_network_ipv6 = ::
2021-10-09 18:20:01 us=687000   server_netbits_ipv6 = 0
2021-10-09 18:20:01 us=687000   server_bridge_ip = 0.0.0.0
2021-10-09 18:20:01 us=687000   server_bridge_netmask = 0.0.0.0
2021-10-09 18:20:01 us=687000   server_bridge_pool_start = 0.0.0.0
2021-10-09 18:20:01 us=687000   server_bridge_pool_end = 0.0.0.0
2021-10-09 18:20:01 us=687000   ifconfig_pool_defined = DISABLED
2021-10-09 18:20:01 us=687000   ifconfig_pool_start = 0.0.0.0
2021-10-09 18:20:01 us=687000   ifconfig_pool_end = 0.0.0.0
2021-10-09 18:20:01 us=687000   ifconfig_pool_netmask = 0.0.0.0
2021-10-09 18:20:01 us=687000   ifconfig_pool_persist_filename = '[UNDEF]'
2021-10-09 18:20:01 us=687000   ifconfig_pool_persist_refresh_freq = 600
2021-10-09 18:20:01 us=687000   ifconfig_ipv6_pool_defined = DISABLED
2021-10-09 18:20:01 us=687000   ifconfig_ipv6_pool_base = ::
2021-10-09 18:20:01 us=687000   ifconfig_ipv6_pool_netbits = 0
2021-10-09 18:20:01 us=687000   n_bcast_buf = 256
2021-10-09 18:20:01 us=687000   tcp_queue_limit = 64
2021-10-09 18:20:01 us=687000   real_hash_size = 256
2021-10-09 18:20:01 us=687000   virtual_hash_size = 256
2021-10-09 18:20:01 us=687000   client_connect_script = '[UNDEF]'
2021-10-09 18:20:01 us=687000   learn_address_script = '[UNDEF]'
2021-10-09 18:20:01 us=687000   client_disconnect_script = '[UNDEF]'
2021-10-09 18:20:01 us=687000   client_config_dir = '[UNDEF]'
2021-10-09 18:20:01 us=687000   ccd_exclusive = DISABLED
2021-10-09 18:20:01 us=687000   tmp_dir = 'C:\Users\basil\AppData\Local\Temp\'
2021-10-09 18:20:01 us=687000   push_ifconfig_defined = DISABLED
2021-10-09 18:20:01 us=687000   push_ifconfig_local = 0.0.0.0
2021-10-09 18:20:01 us=687000   push_ifconfig_remote_netmask = 0.0.0.0
2021-10-09 18:20:01 us=687000   push_ifconfig_ipv6_defined = DISABLED
2021-10-09 18:20:01 us=687000   push_ifconfig_ipv6_local = ::/0
2021-10-09 18:20:01 us=687000   push_ifconfig_ipv6_remote = ::
2021-10-09 18:20:01 us=687000   enable_c2c = DISABLED
2021-10-09 18:20:01 us=687000   duplicate_cn = DISABLED
2021-10-09 18:20:01 us=687000   cf_max = 0
2021-10-09 18:20:01 us=687000   cf_per = 0
2021-10-09 18:20:01 us=687000   max_clients = 1024
2021-10-09 18:20:01 us=687000   max_routes_per_client = 256
2021-10-09 18:20:01 us=687000   auth_user_pass_verify_script = '[UNDEF]'
2021-10-09 18:20:01 us=687000   auth_user_pass_verify_script_via_file = DISABLED
2021-10-09 18:20:01 us=687000   auth_token_generate = DISABLED
2021-10-09 18:20:01 us=687000   auth_token_lifetime = 0
2021-10-09 18:20:01 us=687000   auth_token_secret_file = '[UNDEF]'
2021-10-09 18:20:01 us=687000   vlan_tagging = DISABLED
2021-10-09 18:20:01 us=687000   vlan_accept = all
2021-10-09 18:20:01 us=687000   vlan_pvid = 1
2021-10-09 18:20:01 us=687000   client = ENABLED
2021-10-09 18:20:01 us=687000   pull = ENABLED
2021-10-09 18:20:01 us=687000   auth_user_pass_file = '[UNDEF]'
2021-10-09 18:20:01 us=687000   show_net_up = DISABLED
2021-10-09 18:20:01 us=687000   route_method = 3
2021-10-09 18:20:01 us=687000   block_outside_dns = DISABLED
2021-10-09 18:20:01 us=687000   ip_win32_defined = DISABLED
2021-10-09 18:20:01 us=687000   ip_win32_type = 3
2021-10-09 18:20:01 us=687000   dhcp_masq_offset = 0
2021-10-09 18:20:01 us=687000   dhcp_lease_time = 31536000
2021-10-09 18:20:01 us=687000   tap_sleep = 0
2021-10-09 18:20:01 us=687000   dhcp_options = DISABLED
2021-10-09 18:20:01 us=687000   dhcp_renew = DISABLED
2021-10-09 18:20:01 us=687000   dhcp_pre_release = DISABLED
2021-10-09 18:20:01 us=687000   domain = '[UNDEF]'
2021-10-09 18:20:01 us=687000   netbios_scope = '[UNDEF]'
2021-10-09 18:20:01 us=687000   netbios_node_type = 0
2021-10-09 18:20:01 us=687000   disable_nbt = DISABLED
2021-10-09 18:20:01 us=687000 OpenVPN 2.5.4 Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Oct  5 2021
2021-10-09 18:20:01 us=687000 Windows version 10.0 (Windows 10 or greater) 64bit
2021-10-09 18:20:01 us=687000 library versions: OpenSSL 1.1.1k  25 Mar 2021, LZO 2.10
2021-10-09 18:20:01 us=703000 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
2021-10-09 18:20:01 us=703000 Need hold release from management interface, waiting...
2021-10-09 18:20:02 us=140000 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
2021-10-09 18:20:02 us=250000 MANAGEMENT: CMD 'state on'
2021-10-09 18:20:02 us=250000 MANAGEMENT: CMD 'log all on'
2021-10-09 18:20:02 us=500000 MANAGEMENT: CMD 'echo all on'
2021-10-09 18:20:02 us=500000 MANAGEMENT: CMD 'bytecount 5'
2021-10-09 18:20:02 us=500000 MANAGEMENT: CMD 'hold off'
2021-10-09 18:20:02 us=500000 MANAGEMENT: CMD 'hold release'
2021-10-09 18:20:02 us=515000 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2021-10-09 18:20:02 us=515000 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2021-10-09 18:20:02 us=515000 LZO compression initializing
2021-10-09 18:20:02 us=515000 Control Channel MTU parms [ L:1622 D:1184 EF:66 EB:0 ET:0 EL:3 ]
2021-10-09 18:20:02 us=515000 MANAGEMENT: >STATE:1633818002,RESOLVE,,,,,,
2021-10-09 18:20:02 us=625000 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 ]
2021-10-09 18:20:02 us=625000 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client'
2021-10-09 18:20:02 us=625000 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server'
2021-10-09 18:20:02 us=625000 TCP/UDP: Preserving recently used remote address: [AF_INET]xxx.xxx.xxx.xxx:1194
2021-10-09 18:20:02 us=625000 Socket Buffers: R=[65536->65536] S=[65536->65536]
2021-10-09 18:20:02 us=625000 UDP link local: (not bound)
2021-10-09 18:20:02 us=625000 UDP link remote: [AF_INET]xxx.xxx.xxx.xxx:1194
2021-10-09 18:20:02 us=625000 MANAGEMENT: >STATE:1633818002,WAIT,,,,,,
2021-10-09 18:20:02 us=625000 MANAGEMENT: >STATE:1633818002,AUTH,,,,,,
2021-10-09 18:20:02 us=625000 TLS: Initial packet from [AF_INET]xxx.xxx.xxx.xxx:1194, sid=e20e9ac4 66467121
2021-10-09 18:20:02 us=640000 VERIFY OK: depth=1, CN=mrtux-CA
2021-10-09 18:20:02 us=640000 VERIFY KU OK
2021-10-09 18:20:02 us=640000 Validating certificate extended key usage
2021-10-09 18:20:02 us=640000 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2021-10-09 18:20:02 us=640000 VERIFY EKU OK
2021-10-09 18:20:02 us=640000 VERIFY OK: depth=0, CN=mrtuxVPN
2021-10-09 18:20:02 us=656000 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256
2021-10-09 18:20:02 us=656000 [mrtuxVPN] Peer Connection Initiated with [AF_INET]xxx.xxx.xxx.xxx:1194
2021-10-09 18:20:02 us=656000 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway local def1,dhcp-option DNS 8.8.8.8,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5,peer-id 0,cipher AES-256-GCM'
2021-10-09 18:20:02 us=656000 OPTIONS IMPORT: timers and/or timeouts modified
2021-10-09 18:20:02 us=656000 OPTIONS IMPORT: --ifconfig/up options modified
2021-10-09 18:20:02 us=656000 OPTIONS IMPORT: route options modified
2021-10-09 18:20:02 us=656000 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2021-10-09 18:20:02 us=656000 OPTIONS IMPORT: peer-id set
2021-10-09 18:20:02 us=656000 OPTIONS IMPORT: adjusting link_mtu to 1625
2021-10-09 18:20:02 us=656000 OPTIONS IMPORT: data channel crypto options modified
2021-10-09 18:20:02 us=656000 Data Channel: using negotiated cipher 'AES-256-GCM'
2021-10-09 18:20:02 us=656000 Data Channel MTU parms [ L:1553 D:1450 EF:53 EB:406 ET:0 EL:3 ]
2021-10-09 18:20:02 us=656000 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2021-10-09 18:20:02 us=656000 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2021-10-09 18:20:02 us=656000 interactive service msg_channel=460
2021-10-09 18:20:02 us=656000 ROUTE_GATEWAY 192.168.1.1/255.255.255.0 I=9 HWADDR=30:3a:64:7d:4e:89
2021-10-09 18:20:02 us=671000 open_tun
2021-10-09 18:20:02 us=687000 tap-windows6 device [OpenVPN TAP-Windows6] opened
2021-10-09 18:20:02 us=687000 TAP-Windows Driver Version 9.24 
2021-10-09 18:20:02 us=687000 TAP-Windows MTU=1500
2021-10-09 18:20:02 us=687000 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.8.0.6/255.255.255.252 on interface {9FF6A5BB-3007-43C6-882B-FC97045EB2A9} [DHCP-serv: 10.8.0.5, lease-time: 31536000]
2021-10-09 18:20:02 us=687000 DHCP option string: 06040808 0808
2021-10-09 18:20:02 us=687000 Successful ARP Flush on interface [46] {9FF6A5BB-3007-43C6-882B-FC97045EB2A9}
2021-10-09 18:20:02 us=703000 do_ifconfig, ipv4=1, ipv6=0
2021-10-09 18:20:02 us=703000 MANAGEMENT: >STATE:1633818002,ASSIGN_IP,,10.8.0.6,,,,
2021-10-09 18:20:02 us=703000 IPv4 MTU set to 1500 on interface 46 using service
2021-10-09 18:20:04 TEST ROUTES: 2/2 succeeded len=1 ret=1 a=0 u/d=up
2021-10-09 18:20:04 C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.8.0.5
2021-10-09 18:20:04 Route addition via service succeeded
2021-10-09 18:20:04 C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.8.0.5
2021-10-09 18:20:04 us=15000 Route addition via service succeeded
2021-10-09 18:20:04 us=15000 MANAGEMENT: >STATE:1633818004,ADD_ROUTES,,,,,,
2021-10-09 18:20:04 us=15000 C:\WINDOWS\system32\route.exe ADD 10.8.0.1 MASK 255.255.255.255 10.8.0.5
2021-10-09 18:20:04 us=15000 Route addition via service succeeded
2021-10-09 18:20:04 us=15000 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2021-10-09 18:20:04 us=15000 Initialization Sequence Completed
2021-10-09 18:20:04 us=15000 MANAGEMENT: >STATE:1633818004,CONNECTED,SUCCESS,10.8.0.6,xxx.xxx.xxx.xxx,1194,,
2021-10-09 18:20:04 us=15000 Recursive routing detected, drop tun packet to [AF_INET]xxx.xxx.xxx.xxx:1194
:
:
:
2021-10-09 18:20:32 us=515000 Recursive routing detected, drop tun packet to [AF_INET]xxx.xxx.xxx.xxx:1194
2021-10-09 18:20:32 us=546000 Recursive routing detected, drop tun packet to [AF_INET]xxx.xxx.xxx.xxx:1194
2021-10-09 18:20:32 us=546000 Recursive routing detected, drop tun packet to [AF_INET]xxx.xxx.xxx.xxx:1194
2021-10-09 18:20:32 us=765000 Recursive routing detected, drop tun packet to [AF_INET]xxx.xxx.xxx.xxx:1194
2021-10-09 18:20:32 us=859000 Recursive routing detected, drop tun packet to [AF_INET]xxx.xxx.xxx.xxx:1194
2021-10-09 18:20:32 us=859000 Recursive routing detected, drop tun packet to [AF_INET]xxx.xxx.xxx.xxx:1194
2021-10-09 18:20:33 us=140000 TCP/UDP: Closing socket
2021-10-09 18:20:33 us=140000 C:\WINDOWS\system32\route.exe DELETE 10.8.0.1 MASK 255.255.255.255 10.8.0.5
2021-10-09 18:20:33 us=140000 Route deletion via service succeeded
2021-10-09 18:20:33 us=140000 C:\WINDOWS\system32\route.exe DELETE 0.0.0.0 MASK 128.0.0.0 10.8.0.5
2021-10-09 18:20:33 us=156000 Route deletion via service succeeded
2021-10-09 18:20:33 us=156000 C:\WINDOWS\system32\route.exe DELETE 128.0.0.0 MASK 128.0.0.0 10.8.0.5
2021-10-09 18:20:33 us=156000 Route deletion via service succeeded
2021-10-09 18:20:33 us=156000 Closing TUN/TAP interface
2021-10-09 18:20:33 us=234000 TAP: DHCP address released
2021-10-09 18:20:33 us=250000 SIGTERM[soft,exit-with-notification] received, process exiting
2021-10-09 18:20:33 us=250000 MANAGEMENT: >STATE:1633818033,EXITING,exit-with-notification,,,,,

The dropped packets don't look good.

When I change the client.ovpn to use "remote 192.168.1.175 1194" the recursive routing is eliminated.
Last edited by derrickearly on Sun Oct 10, 2021 12:02 am, edited 1 time in total.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: client connect to openvpn on W10 server but no internet

Post by TinCanTech » Sat Oct 09, 2021 11:57 pm

You are using the local flag to --redirect-gateway .. are you connecting to a local server ?

derrickearly
OpenVpn Newbie
Posts: 14
Joined: Fri Oct 08, 2021 8:01 pm

Re: client connect to openvpn on W10 server but no internet

Post by derrickearly » Sun Oct 10, 2021 12:07 am

The server and client are on the same LAN. I'm trying test out the setup prior to using clients external to the LAN.

I tried reverting back to my external ip address for the server, and removed the local option from redirect-gateway. The recursive routing stopped.

I still cannot access the internet on the client.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: client connect to openvpn on W10 server but no internet

Post by TinCanTech » Sun Oct 10, 2021 3:30 am

Windows .. have fun.

derrickearly
OpenVpn Newbie
Posts: 14
Joined: Fri Oct 08, 2021 8:01 pm

Re: client connect to openvpn on W10 server but no internet

Post by derrickearly » Sun Oct 10, 2021 1:10 pm

Maybe this guys instructions will help.
https://palitechsociety.blogspot.com/20 ... ws-10.html

derrickearly
OpenVpn Newbie
Posts: 14
Joined: Fri Oct 08, 2021 8:01 pm

Re: client connect to openvpn on W10 server but no internet

Post by derrickearly » Mon Oct 11, 2021 7:24 pm

Still struggling. I sorted some firewall issues viewtopic.php?f=4&t=33151, but still cannot connect to the internet on the client machine through the vpn. Here are my latest config files.

server.ovpn

dev-node "OpenVPN TAP-Windows6"
local 192.168.1.177
port 1194
proto udp
dev tun
server 10.8.0.0 255.255.255.0
topology subnet

ca ca.crt
cert mrtuxVPN.crt
key mrtuxVPN.key # This file should be kept secret
dh dh.pem
tls-auth ta_new.key 0 # This file is secret

push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"

keepalive 10 120
comp-lzo
persist-key
persist-tun

client-config-dir "C:\\OpenVPN\\config"
ccd-exclusive
#route 10.0.0.0 255.255.255.0

verb 4


client.ovpn

client
dev tun
proto udp
remote x.x.x.x 1194
resolv-retry infinite
nobind
persist-key
persist-tun

comp-lzo
verb 3
explicit-exit-notify 2
ping 10
ping-restart 60

route-method exe
route-delay 2

<ca>
-----BEGIN CERTIFICATE-----
MIIDQjCCAiqgAwIBAgIUKyTwTF/TOJx2EIqEIQerd2eahF0wDQYJKoZIhvcNAQEL
BQAwEzERMA8GA1UEAwwIbXJ0dXgtQ0EwHhcNMjExMDA4MTk0ODQ4WhcNMzExMDA2
MTk0ODQ4WjATMREwDwYDVQQDDAhtcnR1eC1DQTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALbpYS3bDCLBsT0cLP6eAd207fO830x3zD+pgCp5w56BvDiI
5n0mkYDEMsNVVD2CKIA4VOPp0zcq6hTgoqlDFWvWkjtFrjGZAUq5nU8fSQaXaTKY
qJ9yCHdvMglbDtBB21PMgdAApHdEkcCT/shXYuef/AHGii1KpCI+Avz7/5UwwC1s
pqBCtJ9jxA0ag02vraZxDm1uPirRM8q06QNarF8VKSh9QInxP8d3qq2gnEFhPqhY
VIZwr7szk8RfMnVKg37hDtalBF0EwfXTuuBgVzIfcvqQNHYsNSDM2u9Zt7qZilzJ
vaiZEsmbSq0EWxha2eg2L+97b2/6VgArEWMXHt8CAwEAAaOBjTCBijAdBgNVHQ4E
FgQUiCAjCMXDwKWB+iSRL3z5ZpVdWAAwTgYDVR0jBEcwRYAUiCAjCMXDwKWB+iSR
L3z5ZpVdWAChF6QVMBMxETAPBgNVBAMMCG1ydHV4LUNBghQrJPBMX9M4nHYQioQh
B6t3Z5qEXTAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjANBgkqhkiG9w0BAQsF
AAOCAQEASlapMvKmgQ44v4UKXZAXH74xiIQNSxflLmBSsc34cYf4RCMtA4v0iHTE
dYP1dBQXX6QaSDWUArcnOrGYxTMJQCa2dInPW6z/L1cUerEhrGc6HUcOMnsBUhZ3
OFmlTpDKSCxkecegq1/Z/GwnwGkr6XnBCB9a3YrBGd6+vQTznomkt19Ng1vMNwGJ
D1aV+IrHTGIv9uU0B9EXx1RxOTI2+gVCsEUGObh+lDZab8kmFP7gavBT3L13rcjf
wo4Sa8of2X+HjRqRbqeynNKWaTrOFa/Dvt6pGNd5ozOO4xkRPmDiCMo1pxm6XzWl
3CfeCT2FZD5E5oqZcr0FLjqWrhaf0w==
-----END CERTIFICATE-----
</ca>
<cert>
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
77:36:c9:2a:5c:66:b5:7b:cf:d3:69:1c:fc:36:c2:89
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=mrtux-CA
Validity
Not Before: Oct 8 20:53:29 2021 GMT
Not After : Jan 11 20:53:29 2024 GMT
Subject: CN=client
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ea:62:7e:40:de:71:8d:30:05:39:5e:9e:e4:d1:
69:67:3d:37:ce:b2:2e:e2:0c:b4:dd:cf:2f:8d:2d:
e3:25:af:3a:e0:77:e0:43:ad:7a:30:d9:ed:5e:b1:
32:da:6f:44:f5:44:48:f7:f3:fe:47:7a:96:42:69:
89:e3:5c:c6:c0:ba:b5:5b:ae:36:c7:88:ea:e3:0b:
3b:90:24:2e:66:ad:4b:dd:f9:d8:6c:fe:a8:d6:7b:
f0:3e:67:b0:82:b0:23:d9:ad:ac:eb:f2:4c:6b:e9:
43:5e:18:3b:1c:ea:7c:15:8b:9e:66:8f:5e:f0:73:
11:60:df:60:6a:d3:f9:c0:03:0f:e6:47:01:ee:8e:
23:41:32:34:b0:33:af:b9:5a:27:e5:db:57:04:7e:
9e:09:23:9e:41:c5:59:bb:f1:4d:1d:7c:f1:d9:eb:
44:79:52:f9:4b:2a:ec:40:b8:41:32:64:f0:6f:5a:
98:b8:bc:6e:18:33:b6:2e:23:35:fb:03:1c:a1:92:
8a:45:c9:b5:bf:e3:06:d9:05:4a:6d:a5:eb:3e:fb:
3b:31:04:e4:0a:87:41:55:9e:26:6f:3d:56:a5:22:
a0:12:22:29:a7:02:3c:82:79:7a:27:e0:28:19:d5:
8f:1b:1c:e3:cc:70:c2:4e:2e:df:a4:1e:54:7a:3b:
d9:67
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Subject Key Identifier:
68:D1:E8:8B:8A:4D:40:8D:65:47:B6:28:6A:4D:97:23:25:95:1C:2B
X509v3 Authority Key Identifier:
keyid:88:20:23:08:C5:C3:C0:A5:81:FA:24:91:2F:7C:F9:66:95:5D:58:00
DirName:/CN=mrtux-CA
serial:2B:24:F0:4C:5F:D3:38:9C:76:10:8A:84:21:07:AB:77:67:9A:84:5D

X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
Signature Algorithm: sha256WithRSAEncryption
b6:d6:4a:eb:3c:76:9b:27:1c:ae:23:7a:57:ea:8b:c2:99:c4:
19:5a:d0:9d:86:a0:a5:ad:50:72:97:06:8f:e5:09:70:9c:01:
cf:9d:7c:74:f9:25:aa:15:d3:60:10:d9:56:44:0b:66:f4:ea:
38:94:8c:70:8a:9c:0b:20:40:6e:27:ac:ce:ec:17:36:a7:e8:
ea:4b:75:a4:a3:fd:d9:2e:a0:15:48:8c:f0:e0:84:79:89:9a:
3e:28:ed:cd:d1:38:25:c4:eb:0e:30:cd:45:fb:15:7a:eb:9c:
4a:01:e8:ce:19:12:a0:12:9a:08:c0:16:24:a4:79:7e:0b:82:
a5:f3:be:f7:2e:aa:4c:dd:ad:77:99:16:db:b2:90:e3:be:84:
c0:af:39:ad:80:ac:69:cc:3a:5a:81:69:0d:c1:83:38:45:55:
5b:26:45:68:a0:bf:d7:c7:c9:a2:e6:81:ab:fd:9d:89:cb:da:
c3:6c:f1:3c:6f:26:79:3c:6a:78:4f:86:63:cb:b9:51:e3:c6:
0d:2c:31:5b:2b:8a:7d:4b:bf:b4:15:58:a2:04:10:dc:6c:1c:
71:bf:72:19:dc:28:63:41:a4:50:04:e3:4b:71:11:a8:0a:57:
77:a0:84:93:97:e2:17:81:c8:2c:27:a4:b8:cb:da:c5:94:54:
e2:34:33:b0
-----BEGIN CERTIFICATE-----
MIIDTjCCAjagAwIBAgIQdzbJKlxmtXvP02kc/DbCiTANBgkqhkiG9w0BAQsFADAT
MREwDwYDVQQDDAhtcnR1eC1DQTAeFw0yMTEwMDgyMDUzMjlaFw0yNDAxMTEyMDUz
MjlaMBExDzANBgNVBAMMBmNsaWVudDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
AQoCggEBAOpifkDecY0wBTlenuTRaWc9N86yLuIMtN3PL40t4yWvOuB34EOtejDZ
7V6xMtpvRPVESPfz/kd6lkJpieNcxsC6tVuuNseI6uMLO5AkLmatS9352Gz+qNZ7
8D5nsIKwI9mtrOvyTGvpQ14YOxzqfBWLnmaPXvBzEWDfYGrT+cADD+ZHAe6OI0Ey
NLAzr7laJ+XbVwR+ngkjnkHFWbvxTR188dnrRHlS+Usq7EC4QTJk8G9amLi8bhgz
ti4jNfsDHKGSikXJtb/jBtkFSm2l6z77OzEE5AqHQVWeJm89VqUioBIiKacCPIJ5
eifgKBnVjxsc48xwwk4u36QeVHo72WcCAwEAAaOBnzCBnDAJBgNVHRMEAjAAMB0G
A1UdDgQWBBRo0eiLik1AjWVHtihqTZcjJZUcKzBOBgNVHSMERzBFgBSIICMIxcPA
pYH6JJEvfPlmlV1YAKEXpBUwEzERMA8GA1UEAwwIbXJ0dXgtQ0GCFCsk8Exf0zic
dhCKhCEHq3dnmoRdMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAN
BgkqhkiG9w0BAQsFAAOCAQEAttZK6zx2myccriN6V+qLwpnEGVrQnYagpa1QcpcG
j+UJcJwBz518dPklqhXTYBDZVkQLZvTqOJSMcIqcCyBAbieszuwXNqfo6kt1pKP9
2S6gFUiM8OCEeYmaPijtzdE4JcTrDjDNRfsVeuucSgHozhkSoBKaCMAWJKR5fguC
pfO+9y6qTN2td5kW27KQ476EwK85rYCsacw6WoFpDcGDOEVVWyZFaKC/18fJouaB
q/2dicvaw2zxPG8meTxqeE+GY8u5UePGDSwxWyuKfUu/tBVYogQQ3Gwccb9yGdwo
Y0GkUATjS3ERqApXd6CEk5fiF4HILCekuMvaxZRU4jQzsA==
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDqYn5A3nGNMAU5
Xp7k0WlnPTfOsi7iDLTdzy+NLeMlrzrgd+BDrXow2e1esTLab0T1REj38/5HepZC
aYnjXMbAurVbrjbHiOrjCzuQJC5mrUvd+dhs/qjWe/A+Z7CCsCPZrazr8kxr6UNe
GDsc6nwVi55mj17wcxFg32Bq0/nAAw/mRwHujiNBMjSwM6+5Wifl21cEfp4JI55B
xVm78U0dfPHZ60R5UvlLKuxAuEEyZPBvWpi4vG4YM7YuIzX7AxyhkopFybW/4wbZ
BUptpes++zsxBOQKh0FVniZvPValIqASIimnAjyCeXon4CgZ1Y8bHOPMcMJOLt+k
HlR6O9lnAgMBAAECggEBAJEKMAyeWnA/NgxhVDxOpkYfqOg8dSynJklYS5m2uqh4
PhvnspzOvh16zhvZ1Zk8X9TS08C0eTbsUg14174djFR5dX7tWLKzNH8ZVVuGODyL
orYTRO11zS8k9O75JU5KB3VNtwMvJkFk0K5qmjHznKOMiZH3yI1M94UV1cllsVgy
nalhHBXFF0rUXNdrz6os06byH0c2SioE4pXvJ4BFGk891Rc6I3jgrQMGudMa0qgW
oGPXZG8yP8YhxCSUBa8a8qKRBoew49YvJ07tXaHQzrM1x7m6jIqaVFeUsbxv/is0
5W99eXGotYSf/ddHYyDp9BnaFHCLAr1lvWtTiOObDiECgYEA+jcTm0XGQzhQUMZp
toxyNXkIrqYUAeLZqTb4Eica4ZVwxJblrktniRZx1X3V8AkL1ARN2+enwAcZBmEI
+PU4clFmxDz59AKHmuP6GOvTr3MDRWwRHLFx1D4Mu4ZRKHy59BsKfETJWMOyPJFv
CyRCGqs48cqTBhD8WiCioXNw7ncCgYEA7825Bo20qOVwus1Fi22Hid4gN4hDoOAo
W9QRjUyh4mxxRju8YIyKtr/DDQQWU5ekpHECkqVlAXBUdmgSPSeFbq7PEZ7+bwvr
50nls07jz3aFTT5bch+D6aYyY3Xa8yxiog1h156Ed5E35tDEYklhDNOJfJEzBuF7
MpFr2pKreJECgYBDQaqzgf3Y87oi/DJOL1JDrVT4HQwjtaZsJapotrozCMhXD3iN
cRdTcgUHLdvjuYrEYqPLCGm+5CmF3W9b/A5ALEFDXmCRhlyM9dqz+C/eaTvn3TR8
UfYW5tblUSVfjKcvRlV7McItaezu+uiuRgC+ymd0Fs+OQeKTF1KfszgX4QKBgQDM
Ac4ovyE0lo0CvmMtrK6kIW5zD9/I2yo6hP2xocIO6IatY2BtGuNfeWAskI+V6epN
Yz73FvII+VFBsmPh1t9zPBA5Q3PdcNzuVTWvB6xS8NeS0TvmqN0GRzeS2c69FcOL
basRTnAPcGGIYY7QtvBzgvryGGy6q9StPn3s4t4xoQKBgQDDO4ZhfUs91rfQVztE
owKekNHE/DkDSTh1mrqtxp1EEXyUv3ATrYISezA77sqC/HqpAW0CNZEdZ0QK/gLt
SbHZxoEsYdsFRe1cTR5ANkO2FnpAoJ5IFQamy6uQ/+7fWFAzZ3bhZIct/yYj8CFA
XSVlXrLtC5mbzlG176/GwHf/7w==
-----END PRIVATE KEY-----
</key>
remote-cert-tls server
tls-auth [inline] 1
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
0857e43cde9f0a70ddb7151b63729ed3
3f5f34bc1f3839d9533bb8a1376080ba
793562316de07d0a44d2febd77148d1d
89c9ea0f86c3455906c6cb2f35b8a51f
a88837c3c0ab0831720e606f4884e5f2
2c12ef48e056f864c7e547f0f6ee0cc7
f7dad5df7aabfb5016c954e7c4315cdf
22e6a7cd455d920b88dc4a4e490d1f48
e0e0cdc29993ac7e254dea76aebdc843
9c462647ab41676fcecdb7aa10b6bbdb
fe40364a5be1b4361b74d18c372c23b7
196dd2907d583b6a48deef8036dcc5de
231a75a217ba96f68007b8ef01940e16
4c511c32abe72064f954967e9ed40477
c0d47e16a27c014bb8eeb84145a1cda0
4671664978a0f8cac76e9114e2f92330
-----END OpenVPN Static key V1-----
</tls-auth>
verb 4


client

#ifconfig-push 10.10.10.5 10.10.10.6
#iroute 10.0.0.0 255.255.255.0
#iroute 192.168.1.0 255.255.255.0

#ifconfig-push 10.8.0.10 255.255.255.0
#ifconfig-push 10.8.0.10 10.8.0.9

iroute 192.168.1.0 255.255.255.0

Last edited by derrickearly on Tue Oct 12, 2021 3:04 pm, edited 1 time in total.

derrickearly
OpenVpn Newbie
Posts: 14
Joined: Fri Oct 08, 2021 8:01 pm

Re: client connect to openvpn on W10 server but no internet

Post by derrickearly » Mon Oct 11, 2021 9:21 pm

I tried to carefully follow 300000 instructions here.

viewtopic.php?t=29336#p88454

I'm still not able to connect to the internet on the client.

I had to add

Code: Select all

push "redirect-gateway def1"
to force the internet flow through the vpn.

server.ovpn

dev-node "OpenVPN TAP-Windows6"
local 192.168.1.177
port 1194
#ip-win32 manual
proto udp
dev tun
server 10.8.0.0 255.255.255.0
topology subnet

ca ca.crt
cert mrtuxVPN.crt
key mrtuxVPN.key # This file should be kept secret
dh dh.pem
tls-auth ta_new.key 0 # This file is secret

push "redirect-gateway def1"
#push "dhcp-option DNS 8.8.8.8"
push "route 10.0.0.0 255.255.255.0 vpn_gateway"
#push "block-outside-dns"

keepalive 10 120
comp-lzo
persist-key
persist-tun

client-config-dir "C:\\OpenVPN\\config"
ccd-exclusive
#route 10.0.0.0 255.255.255.0
route 0.0.0.0 192.0.0.0 net_gateway
route 64.0.0.0 192.0.0.0 net_gateway
route 128.0.0.0 192.0.0.0 net_gateway
route 192.0.0.0 192.0.0.0 net_gateway
register-dns


verb 4
explicit-exit-notify 1

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: client connect to openvpn on W10 server but no internet

Post by TinCanTech » Mon Oct 11, 2021 9:36 pm

derrickearly wrote:
Mon Oct 11, 2021 9:21 pm
I had to add

Code: Select all

push "redirect-gateway def1"
to force the internet flow through the vpn.
According to your posts, you were already usuing that option, which you need.

derrickearly
OpenVpn Newbie
Posts: 14
Joined: Fri Oct 08, 2021 8:01 pm

Re: client connect to openvpn on W10 server but no internet

Post by derrickearly » Mon Oct 11, 2021 9:45 pm

300000’s ovpn recommendation was missing the redirect push.

viewtopic.php?t=29336#p88454

derrickearly
OpenVpn Newbie
Posts: 14
Joined: Fri Oct 08, 2021 8:01 pm

Re: client connect to openvpn on W10 server but no internet

Post by derrickearly » Tue Oct 12, 2021 12:08 am

Finally! Looks like I have internet access on my client through the vpn. Here is the windows step that I missed.

On the server, Control Panel\Network and Internet\Network Connections, right click the adapter that carries your internet connection and select Properties. Click the sharing tab. Check both boxes and select the OpenVPN TAP-Windows6 in the drop down.

I missed checking the second box.

Here is the server config that I ended up using.

server.ovpn

dev-node "OpenVPN TAP-Windows6"
local 192.168.1.177
port 1194
proto udp
dev tun
server 10.8.0.0 255.255.255.0
topology subnet

ca ca.crt
cert mrtuxVPN.crt
key mrtuxVPN.key # This file should be kept secret
dh dh.pem
tls-auth ta_new.key 0 # This file is secret

push "redirect-gateway def1"
push "block-outside-dns"
push "dhcp-option DNS 1.1.1.1"
push "dhcp-option DNS 1.0.0.1"

keepalive 10 120
comp-lzo
persist-key
persist-tun

client-config-dir "C:\\OpenVPN\\config"
ccd-exclusive
register-dns

verb 4
explicit-exit-notify 1

Post Reply