OpenVPN client connects but no internet access

Need help configuring your VPN? Just post here and you'll get that help.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
Shervin
OpenVpn Newbie
Posts: 7
Joined: Sat Oct 27, 2018 5:38 am

OpenVPN client connects but no internet access

Post by Shervin » Mon Nov 12, 2018 8:07 pm

Hey everyone
I have setup an OpenVPN server on a DigitalOcean VPS using this guide: ttps://www.digitalocean.com/community/tutorials/how-to-set-up-an-openvpn-server-on-ubuntu-16-04
Everything seemed fine during the setup. The problem is I can now connect to my server via OpenVPN GUI client but I can't reach internet. I can't even ping 8.8.8.8 or my vpnserver gateway (10.8.0.5)
Please note that I have setup another OPENVPN server on a different VPS a while ago and it works fine on the same client. so I think the problem is with NAT rules or firewall of the VPS. Please advice.

Here's my client (windows 10) iptable when not connected to VPN: (BTW, -.-.143.128 is my server public ip)
https://imgur.com/a/8HMMsZv

iptable when connected to VPN
https://imgur.com/BcIrfkL

my network adapter configs (ipconfig /all)
https://imgur.com/zGn1eK5

my server conf:

Code: Select all

port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
dh dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
keepalive 10 120
key-direction 0
auth SHA256
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3
and my client conf: (for the sake of simplicity and security I have deleted public private key inputs.)

Code: Select all

client
dev tun
proto udp
remote -.-.143.128 1194
resolv-retry infinite
nobind
user nobody
group nogroup
persist-key
persist-tun
remote-cert-tls server
cipher AES-128-CBC
auth SHA256
key-direction 1
comp-lzo
verb 3
<ca>
-----BEGIN CERTIFICATE-----
[b][i]SOME RANDOM LETTERS[/i][/b]
-----END CERTIFICATE-----
</ca>
<cert>
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2 (0x2)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=Fort-Funston CA/name=server/emailAddress=me@myhost.mydomain
        Validity
            Not Before: Nov 12 19:07:14 2018 GMT
            Not After : Nov  9 19:07:14 2028 GMT
        Subject: C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=client1/name=server/emailAddress=me@myhost.mydomain
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:a7:7c:60:1a:8a:57:1b:3d:23:7b:66:24:b7:c3:
                    5c:9a:2a:43:03:18:bd:32:a9:f4:a6:ea:b2:31:60:
                    8a:74:3c:34:8b:c6:9e:bb:b3:89:0d:1f:5f:d0:d0:
                    1f:59:ff:5b:6a:52:a9:ff:9e:e8:d8:0f:4d:03:e9:
                    69:33:aa:58:33:87:0e:01:29:7e:50:ae:ec:e0:8f:
                    d7:05:30:c0:78:fc:b4:ab:72:c7:8b:32:e2:78:46:
                    ef:15:6a:e3:ac:f1:98:88:18:13:3f:6e:ac:7a:2b:
                    58:c7:9c:da:cb:10:4d:f9:eb:05:97:4d:a1:d6:11:
                    49:b3:6a:14:dc:42:bf:e4:c6:cf:a3:9e:38:56:ba:
                    f9:2a:1b:6d:1d:05:e3:72:7d:32:16:47:af:2b:e7:
                    02:16:e8:7e:c7:f7:69:c2:9f:31:39:f0:1c:56:6e:
                    6b:31:b2:22:6b:f0:1c:49:bb:f1:c9:c4:da:6e:f7:
                    e0:2d:fd:71:96:1f:3f:6f:53:85:01:3e:cb:80:db:
                    36:32:d4:77:c4:71:d2:62:23:24:bc:93:3d:3e:ae:
                    e0:43:e9:fa:dd:14:c6:bf:75:3b:eb:e5:12:e5:3a:
                    43:c5:69:1c:fd:dd:94:3e:8c:52:52:80:5e:38:7b:
                    41:82:54:ce:e4:7d:73:6b:b7:31:34:5f:de:b8:e6:
                    61:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: 
                CA:FALSE
            Netscape Comment: 
                Easy-RSA Generated Certificate
            X509v3 Subject Key Identifier: 
                B4:DE:4F:9A:B4:F0:BA:75:B7:E8:3F:8A:7A:C0:BB:85:E3:5C:95:D9
            X509v3 Authority Key Identifier: 
                keyid:2A:F1:92:5F:B4:28:43:DF:AF:80:1B:74:75:B9:DE:A2:DE:A8:1A:7D
                DirName:/C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/OU=MyOrganizationalUnit/CN=Fort-Funston CA/name=server/emailAddress=me@myhost.mydomain
                serial:85:F0:EE:96:08:CC:B9:E0

            X509v3 Extended Key Usage: 
                TLS Web Client Authentication
            X509v3 Key Usage: 
                Digital Signature
            X509v3 Subject Alternative Name: 
                DNS:client1
    Signature Algorithm: sha256WithRSAEncryption
         38:4f:19:99:7c:f5:27:53:73:ae:4a:f1:75:26:b4:8d:14:41:
         ed:35:40:44:53:f3:9f:55:aa:31:a4:99:08:ca:66:63:6a:ca:
         de:e9:a0:d7:4e:2a:c8:76:e2:d5:d6:d6:a7:75:09:ef:14:a4:
         a7:ae:73:19:bb:2d:25:c5:a9:4e:73:4d:a2:a4:9b:1c:31:90:
         98:0c:0b:ca:6f:74:d7:0f:76:a8:6f:c4:f5:62:62:59:27:ad:
         20:97:5a:ce:a0:7b:a0:c2:9d:69:e6:9b:26:26:ed:3f:c9:f4:
         0d:c4:02:8a:20:44:f5:61:70:fa:64:eb:27:78:d2:18:58:49:
         a6:8d:e9:8f:e4:b0:90:fd:5e:44:7e:f6:c7:1d:d7:50:7e:ea:
         db:d4:fe:f7:c4:a6:3e:32:a5:c8:d3:47:6d:f0:e4:97:fc:0d:
         92:e1:15:73:0f:5a:a9:c1:fd:eb:43:e1:cf:42:a2:03:48:0e:
         51:8a:ee:af:6f:a7:d7:50:e1:30:cf:36:40:3e:55:09:a6:33:
         1f:71:82:c4:57:3a:2b:0f:8e:3b:3b:cf:38:b4:49:87:b0:ca:
         25:8f:8e:ca:56:d8:e7:c2:d5:1b:ff:bd:bb:95:c4:61:45:19:
         9c:f9:32:6e:b8:f1:1d:75:a8:f9:e4:34:6a:71:3e:5c:28:9f:
         0b:22:e6:c0
-----BEGIN CERTIFICATE-----
[b][i]SOME RANDOM LETTERS[/i][/b]
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
[b][i]SOME RANDOM LETTERS[/i][/b]
-----END PRIVATE KEY-----
</key>
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
[b][i]SOME RANDOM LETTERS[/i][/b]
-----END OpenVPN Static key V1-----
</tls-auth>
Top
Shervin
OpenVpn Newbie
Posts: 7
Joined: Sat Oct 27, 2018 5:38 am

Re: OpenVPN client connects but no internet access

Post by Shervin » Tue Nov 13, 2018 6:55 am

This is my client log:

Code: Select all

Tue Nov 13 10:21:00 2018 NOTE: --user option is not implemented on Windows
Tue Nov 13 10:21:00 2018 NOTE: --group option is not implemented on Windows
Tue Nov 13 10:21:00 2018 OpenVPN 2.4.6 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Apr 26 2018
Tue Nov 13 10:21:00 2018 Windows version 6.2 (Windows 8 or greater) 64bit
Tue Nov 13 10:21:00 2018 library versions: OpenSSL 1.1.0h  27 Mar 2018, LZO 2.10
Enter Management Password:
Tue Nov 13 10:21:00 2018 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25341
Tue Nov 13 10:21:00 2018 Need hold release from management interface, waiting...
Tue Nov 13 10:21:01 2018 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25341
Tue Nov 13 10:21:01 2018 MANAGEMENT: CMD 'state on'
Tue Nov 13 10:21:01 2018 MANAGEMENT: CMD 'log all on'
Tue Nov 13 10:21:01 2018 MANAGEMENT: CMD 'echo all on'
Tue Nov 13 10:21:01 2018 MANAGEMENT: CMD 'bytecount 5'
Tue Nov 13 10:21:01 2018 MANAGEMENT: CMD 'hold off'
Tue Nov 13 10:21:01 2018 MANAGEMENT: CMD 'hold release'
Tue Nov 13 10:21:01 2018 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Tue Nov 13 10:21:01 2018 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Tue Nov 13 10:21:01 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]104.248.143.128:1194
Tue Nov 13 10:21:01 2018 Socket Buffers: R=[65536->65536] S=[65536->65536]
Tue Nov 13 10:21:01 2018 UDP link local: (not bound)
Tue Nov 13 10:21:01 2018 UDP link remote: [AF_INET]104.248.143.128:1194
Tue Nov 13 10:21:01 2018 MANAGEMENT: >STATE:1542091861,WAIT,,,,,,
Tue Nov 13 10:21:01 2018 MANAGEMENT: >STATE:1542091861,AUTH,,,,,,
Tue Nov 13 10:21:01 2018 TLS: Initial packet from [AF_INET]104.248.143.128:1194, sid=09c0dc79 e705cd68
Tue Nov 13 10:21:01 2018 VERIFY OK: depth=1, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=Fort-Funston CA, name=server, emailAddress=me@myhost.mydomain
Tue Nov 13 10:21:01 2018 VERIFY KU OK
Tue Nov 13 10:21:01 2018 Validating certificate extended key usage
Tue Nov 13 10:21:01 2018 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Tue Nov 13 10:21:01 2018 VERIFY EKU OK
Tue Nov 13 10:21:01 2018 VERIFY OK: depth=0, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=server, name=server, emailAddress=me@myhost.mydomain
Tue Nov 13 10:21:01 2018 Control Channel: TLSv1.2, cipher TLSv1.2 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Tue Nov 13 10:21:01 2018 [server] Peer Connection Initiated with [AF_INET]104.248.143.128:1194
Tue Nov 13 10:21:02 2018 MANAGEMENT: >STATE:1542091862,GET_CONFIG,,,,,,
Tue Nov 13 10:21:02 2018 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Tue Nov 13 10:21:02 2018 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5'
Tue Nov 13 10:21:02 2018 OPTIONS IMPORT: timers and/or timeouts modified
Tue Nov 13 10:21:02 2018 OPTIONS IMPORT: --ifconfig/up options modified
Tue Nov 13 10:21:02 2018 OPTIONS IMPORT: route options modified
Tue Nov 13 10:21:02 2018 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Tue Nov 13 10:21:02 2018 Outgoing Data Channel: Cipher 'AES-128-CBC' initialized with 128 bit key
Tue Nov 13 10:21:02 2018 Outgoing Data Channel: Using 256 bit message hash 'SHA256' for HMAC authentication
Tue Nov 13 10:21:02 2018 Incoming Data Channel: Cipher 'AES-128-CBC' initialized with 128 bit key
Tue Nov 13 10:21:02 2018 Incoming Data Channel: Using 256 bit message hash 'SHA256' for HMAC authentication
Tue Nov 13 10:21:02 2018 interactive service msg_channel=0
Tue Nov 13 10:21:02 2018 ROUTE_GATEWAY 192.168.1.2/255.255.255.0 I=7 HWADDR=b4:ae:2b:e4:f0:b8
Tue Nov 13 10:21:02 2018 open_tun
Tue Nov 13 10:21:02 2018 TAP-WIN32 device [Ethernet 2] opened: \\.\Global\{2D2259AB-1D1B-48CA-BB95-60777D17305C}.tap
Tue Nov 13 10:21:02 2018 TAP-Windows Driver Version 9.21 
Tue Nov 13 10:21:02 2018 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.8.0.6/255.255.255.252 on interface {2D2259AB-1D1B-48CA-BB95-60777D17305C} [DHCP-serv: 10.8.0.5, lease-time: 31536000]
Tue Nov 13 10:21:02 2018 Successful ARP Flush on interface [45] {2D2259AB-1D1B-48CA-BB95-60777D17305C}
Tue Nov 13 10:21:03 2018 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Tue Nov 13 10:21:03 2018 MANAGEMENT: >STATE:1542091863,ASSIGN_IP,,10.8.0.6,,,,
Tue Nov 13 10:21:08 2018 TEST ROUTES: 2/2 succeeded len=1 ret=1 a=0 u/d=up
Tue Nov 13 10:21:08 2018 C:\WINDOWS\system32\route.exe ADD 104.248.143.128 MASK 255.255.255.255 192.168.1.2
Tue Nov 13 10:21:08 2018 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=35 and dwForwardType=4
Tue Nov 13 10:21:08 2018 Route addition via IPAPI succeeded [adaptive]
Tue Nov 13 10:21:08 2018 C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.8.0.5
Tue Nov 13 10:21:08 2018 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=35 and dwForwardType=4
Tue Nov 13 10:21:08 2018 Route addition via IPAPI succeeded [adaptive]
Tue Nov 13 10:21:08 2018 C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.8.0.5
Tue Nov 13 10:21:08 2018 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=35 and dwForwardType=4
Tue Nov 13 10:21:08 2018 Route addition via IPAPI succeeded [adaptive]
Tue Nov 13 10:21:08 2018 MANAGEMENT: >STATE:1542091868,ADD_ROUTES,,,,,,
Tue Nov 13 10:21:08 2018 C:\WINDOWS\system32\route.exe ADD 10.8.0.1 MASK 255.255.255.255 10.8.0.5
Tue Nov 13 10:21:08 2018 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=35 and dwForwardType=4
Tue Nov 13 10:21:08 2018 Route addition via IPAPI succeeded [adaptive]
Tue Nov 13 10:21:08 2018 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Tue Nov 13 10:21:08 2018 Initialization Sequence Completed
Tue Nov 13 10:21:08 2018 MANAGEMENT: >STATE:1542091868,CONNECTED,SUCCESS,10.8.0.6,104.248.143.128,1194,,
Tue Nov 13 10:23:09 2018 [server] Inactivity timeout (--ping-restart), restarting
Tue Nov 13 10:23:09 2018 SIGUSR1[soft,ping-restart] received, process restarting
Tue Nov 13 10:23:09 2018 MANAGEMENT: >STATE:1542091989,RECONNECTING,ping-restart,,,,,
Tue Nov 13 10:23:09 2018 Restart pause, 5 second(s)
Tue Nov 13 10:23:14 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]104.248.143.128:1194
Tue Nov 13 10:23:14 2018 Socket Buffers: R=[65536->65536] S=[65536->65536]
Tue Nov 13 10:23:14 2018 UDP link local: (not bound)
Tue Nov 13 10:23:14 2018 UDP link remote: [AF_INET]104.248.143.128:1194
Tue Nov 13 10:23:14 2018 MANAGEMENT: >STATE:1542091994,WAIT,,,,,,
Tue Nov 13 10:23:14 2018 MANAGEMENT: >STATE:1542091994,AUTH,,,,,,
Tue Nov 13 10:23:14 2018 TLS: Initial packet from [AF_INET]104.248.143.128:1194, sid=0392965a 4c21f472
Tue Nov 13 10:23:14 2018 VERIFY OK: depth=1, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=Fort-Funston CA, name=server, emailAddress=me@myhost.mydomain
Tue Nov 13 10:23:14 2018 VERIFY KU OK
Tue Nov 13 10:23:14 2018 Validating certificate extended key usage
Tue Nov 13 10:23:14 2018 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Tue Nov 13 10:23:14 2018 VERIFY EKU OK
Tue Nov 13 10:23:14 2018 VERIFY OK: depth=0, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=server, name=server, emailAddress=me@myhost.mydomain
Tue Nov 13 10:23:14 2018 Control Channel: TLSv1.2, cipher TLSv1.2 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Tue Nov 13 10:23:14 2018 [server] Peer Connection Initiated with [AF_INET]104.248.143.128:1194
Tue Nov 13 10:23:15 2018 MANAGEMENT: >STATE:1542091995,GET_CONFIG,,,,,,
Tue Nov 13 10:23:15 2018 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Tue Nov 13 10:23:15 2018 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5'
Tue Nov 13 10:23:15 2018 OPTIONS IMPORT: timers and/or timeouts modified
Tue Nov 13 10:23:15 2018 OPTIONS IMPORT: --ifconfig/up options modified
Tue Nov 13 10:23:15 2018 OPTIONS IMPORT: route options modified
Tue Nov 13 10:23:15 2018 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Tue Nov 13 10:23:15 2018 Outgoing Data Channel: Cipher 'AES-128-CBC' initialized with 128 bit key
Tue Nov 13 10:23:15 2018 Outgoing Data Channel: Using 256 bit message hash 'SHA256' for HMAC authentication
Tue Nov 13 10:23:15 2018 Incoming Data Channel: Cipher 'AES-128-CBC' initialized with 128 bit key
Tue Nov 13 10:23:15 2018 Incoming Data Channel: Using 256 bit message hash 'SHA256' for HMAC authentication
Tue Nov 13 10:23:15 2018 Preserving previous TUN/TAP instance: Ethernet 2
Tue Nov 13 10:23:15 2018 Initialization Sequence Completed
Tue Nov 13 10:23:15 2018 MANAGEMENT: >STATE:1542091995,CONNECTED,SUCCESS,10.8.0.6,104.248.143.128,1194,,
Top
Shervin
OpenVpn Newbie
Posts: 7
Joined: Sat Oct 27, 2018 5:38 am

Re: OpenVPN client connects but no internet access

Post by Shervin » Tue Nov 13, 2018 1:21 pm

[This is my iptable of the remote server. I'm a total noob in networking but the last line seems odd to me.

Code: Select all

root@Shervin:~# ip route
default via 104.248.128.1 dev eth0 onlink
10.8.0.0/24 via 10.8.0.2 dev tun1
10.8.0.2 dev tun1  proto kernel  scope link  src 10.8.0.1
10.8.1.0/24 via 10.8.1.2 dev tun2
10.8.1.2 dev tun2  proto kernel  scope link  src 10.8.1.1
10.8.2.0/24 via 10.8.2.2 dev tun0
10.8.2.2 dev tun0  proto kernel  scope link  src 10.8.2.1
10.19.0.0/16 dev eth0  proto kernel  scope link  src 10.19.0.5
104.248.128.0/20 dev eth0  proto kernel  scope link  src 104.248.143.128
furthermore, I have another VPS server running openvpn with the same settings and its has a little different ip table: (just in case of comparison)

Code: Select all

root@Shervin:~# ip route
default via 104.248.128.1 dev eth0 onlink
10.8.0.0/24 via 10.8.0.2 dev tun1
10.8.0.2 dev tun1  proto kernel  scope link  src 10.8.0.1
10.8.1.0/24 via 10.8.1.2 dev tun2
10.8.1.2 dev tun2  proto kernel  scope link  src 10.8.1.1
10.8.2.0/24 via 10.8.2.2 dev tun0
10.8.2.2 dev tun0  proto kernel  scope link  src 10.8.2.1
10.19.0.0/16 dev eth0  proto kernel  scope link  src 10.19.0.5
104.248.128.0/20 dev eth0  proto kernel  scope link  src 104.248.143.128
Top
TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: OpenVPN client connects but no internet access

Post by TinCanTech » Tue Nov 13, 2018 1:35 pm

Have you read the Howto ?

https://community.openvpn.net/openvpn/w ... oughtheVPN
Top
Shervin
OpenVpn Newbie
Posts: 7
Joined: Sat Oct 27, 2018 5:38 am

Re: OpenVPN client connects but no internet access

Post by Shervin » Wed Nov 14, 2018 8:21 am

TinCanTech wrote:
Tue Nov 13, 2018 1:35 pm
 Have you read the Howto ?

https://community.openvpn.net/openvpn/w ... oughtheVPN
Yes I have. I have implemented every necessary setting.
I can ping 10.8.0.6 (my client DHCP ip assigned by openvpn) but cannot ping the server (10.8.0.1)
Top
TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: OpenVPN client connects but no internet access

Post by TinCanTech » Wed Nov 14, 2018 11:58 am

Please post your server log at --verb 4
Top
Shervin
OpenVpn Newbie
Posts: 7
Joined: Sat Oct 27, 2018 5:38 am

Re: OpenVPN client connects but no internet access

Post by Shervin » Wed Nov 14, 2018 3:46 pm

My Server log
Please note that I have created another droplet to test and see if I had done anything wrong so the public IP for the server is different than what it used to be. Don't get confused by that.

Code: Select all

Wed Nov 14 19:43:47 2018 us=389141 MULTI: multi_create_instance called
Wed Nov 14 19:43:47 2018 us=389231 5.112.1.69:2887 Re-using SSL/TLS context
Wed Nov 14 19:43:47 2018 us=389265 5.112.1.69:2887 LZO compression initialized
Wed Nov 14 19:43:47 2018 us=389331 5.112.1.69:2887 Control Channel MTU parms [ L:1570 D:1172 EF:78 EB:0 ET:0 EL:3 ]
Wed Nov 14 19:43:47 2018 us=389344 5.112.1.69:2887 Data Channel MTU parms [ L:1570 D:1450 EF:70 EB:143 ET:0 EL:3 AF:3/1 ]
Wed Nov 14 19:43:47 2018 us=389368 5.112.1.69:2887 Local Options String: 'V4,dev-type tun,link-mtu 1570,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-128-CBC,auth SHA256,keysize 128,tls-auth,key-method 2,tls-server'
Wed Nov 14 19:43:47 2018 us=389400 5.112.1.69:2887 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1570,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-128-CBC,auth SHA256,keysize 128,tls-auth,key-method 2,tls-client'
Wed Nov 14 19:43:47 2018 us=389417 5.112.1.69:2887 Local Options hash (VER=V4): '1089825c'
Wed Nov 14 19:43:47 2018 us=389429 5.112.1.69:2887 Expected Remote Options hash (VER=V4): '6907942a'
Wed Nov 14 19:43:47 2018 us=389454 5.112.1.69:2887 TLS: Initial packet from [AF_INET]5.112.1.69:2887, sid=f53b2726 caffedd3
Wed Nov 14 19:43:47 2018 us=715832 5.112.1.69:2887 PID_ERR replay-window backtrack occurred [1] [TLS_AUTH-0] [0_00000000] 1542210228:10 1542210228:9 t=1542210227[0] r=[0,64,15,1,1] sl=[54,10,64,528]
Wed Nov 14 19:43:47 2018 us=716146 5.112.1.69:2887 VERIFY OK: depth=1, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=Fort-Funston CA, name=server, emailAddress=me@myhost.mydomain
Wed Nov 14 19:43:47 2018 us=716241 5.112.1.69:2887 VERIFY OK: depth=0, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=client1, name=server, emailAddress=me@myhost.mydomain
Wed Nov 14 19:43:47 2018 us=842713 5.112.1.69:2887 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Wed Nov 14 19:43:47 2018 us=842789 5.112.1.69:2887 Data Channel Encrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
Wed Nov 14 19:43:47 2018 us=842801 5.112.1.69:2887 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Wed Nov 14 19:43:47 2018 us=842810 5.112.1.69:2887 Data Channel Decrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
Wed Nov 14 19:43:47 2018 us=972635 5.112.1.69:2887 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Wed Nov 14 19:43:47 2018 us=972713 5.112.1.69:2887 [client1] Peer Connection Initiated with [AF_INET]5.112.1.69:2887
Wed Nov 14 19:43:47 2018 us=972753 client1/5.112.1.69:2887 MULTI_sva: pool returned IPv4=10.8.0.6, IPv6=(Not enabled)
Wed Nov 14 19:43:47 2018 us=972795 client1/5.112.1.69:2887 MULTI: Learn: 10.8.0.6 -> client1/5.112.1.69:2887
Wed Nov 14 19:43:47 2018 us=972807 client1/5.112.1.69:2887 MULTI: primary virtual IP for client1/5.112.1.69:2887: 10.8.0.6
Wed Nov 14 19:43:49 2018 us=209820 client1/5.112.1.69:2887 PUSH: Received control message: 'PUSH_REQUEST'
Wed Nov 14 19:43:49 2018 us=209918 client1/5.112.1.69:2887 send_push_reply(): safe_cap=940
Wed Nov 14 19:43:49 2018 us=209966 client1/5.112.1.69:2887 SENT CONTROL [client1]: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 208.67.222.222,dhcp-option DNS 208.67.220.220,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5' (status=1)
And here's the client config

Code: Select all

Wed Nov 14 19:43:47 2018 NOTE: --user option is not implemented on Windows
Wed Nov 14 19:43:47 2018 NOTE: --group option is not implemented on Windows
Wed Nov 14 19:43:47 2018 OpenVPN 2.4.6 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Apr 26 2018
Wed Nov 14 19:43:47 2018 Windows version 6.1 (Windows 7) 64bit
Wed Nov 14 19:43:47 2018 library versions: OpenSSL 1.1.0h  27 Mar 2018, LZO 2.10
Enter Management Password:
Wed Nov 14 19:43:47 2018 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25343
Wed Nov 14 19:43:47 2018 Need hold release from management interface, waiting...
Wed Nov 14 19:43:48 2018 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25343
Wed Nov 14 19:43:48 2018 MANAGEMENT: CMD 'state on'
Wed Nov 14 19:43:48 2018 MANAGEMENT: CMD 'log all on'
Wed Nov 14 19:43:48 2018 MANAGEMENT: CMD 'echo all on'
Wed Nov 14 19:43:48 2018 MANAGEMENT: CMD 'bytecount 5'
Wed Nov 14 19:43:48 2018 MANAGEMENT: CMD 'hold off'
Wed Nov 14 19:43:48 2018 MANAGEMENT: CMD 'hold release'
Wed Nov 14 19:43:48 2018 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Wed Nov 14 19:43:48 2018 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Wed Nov 14 19:43:48 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]104.248.243.154:1194
Wed Nov 14 19:43:48 2018 Socket Buffers: R=[8192->8192] S=[8192->8192]
Wed Nov 14 19:43:48 2018 UDP link local: (not bound)
Wed Nov 14 19:43:48 2018 UDP link remote: [AF_INET]104.248.243.154:1194
Wed Nov 14 19:43:48 2018 MANAGEMENT: >STATE:1542210228,WAIT,,,,,,
Wed Nov 14 19:43:48 2018 MANAGEMENT: >STATE:1542210228,AUTH,,,,,,
Wed Nov 14 19:43:48 2018 TLS: Initial packet from [AF_INET]104.248.243.154:1194, sid=2ef3e607 dcbe81f0
Wed Nov 14 19:43:48 2018 VERIFY OK: depth=1, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=Fort-Funston CA, name=server, emailAddress=me@myhost.mydomain
Wed Nov 14 19:43:48 2018 VERIFY KU OK
Wed Nov 14 19:43:48 2018 Validating certificate extended key usage
Wed Nov 14 19:43:48 2018 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Wed Nov 14 19:43:48 2018 VERIFY EKU OK
Wed Nov 14 19:43:48 2018 VERIFY OK: depth=0, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=server, name=server, emailAddress=me@myhost.mydomain
Wed Nov 14 19:43:49 2018 Control Channel: TLSv1.2, cipher TLSv1.2 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Wed Nov 14 19:43:49 2018 [server] Peer Connection Initiated with [AF_INET]104.248.243.154:1194
Wed Nov 14 19:43:50 2018 MANAGEMENT: >STATE:1542210230,GET_CONFIG,,,,,,
Wed Nov 14 19:43:50 2018 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Wed Nov 14 19:43:50 2018 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 208.67.222.222,dhcp-option DNS 208.67.220.220,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5'
Wed Nov 14 19:43:50 2018 OPTIONS IMPORT: timers and/or timeouts modified
Wed Nov 14 19:43:50 2018 OPTIONS IMPORT: --ifconfig/up options modified
Wed Nov 14 19:43:50 2018 OPTIONS IMPORT: route options modified
Wed Nov 14 19:43:50 2018 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Wed Nov 14 19:43:50 2018 Outgoing Data Channel: Cipher 'AES-128-CBC' initialized with 128 bit key
Wed Nov 14 19:43:50 2018 Outgoing Data Channel: Using 256 bit message hash 'SHA256' for HMAC authentication
Wed Nov 14 19:43:50 2018 Incoming Data Channel: Cipher 'AES-128-CBC' initialized with 128 bit key
Wed Nov 14 19:43:50 2018 Incoming Data Channel: Using 256 bit message hash 'SHA256' for HMAC authentication
Wed Nov 14 19:43:50 2018 interactive service msg_channel=0
Wed Nov 14 19:43:50 2018 ROUTE_GATEWAY 192.168.1.2/255.255.255.0 I=11 HWADDR=00:21:5d:83:55:8e
Wed Nov 14 19:43:50 2018 open_tun
Wed Nov 14 19:43:50 2018 TAP-WIN32 device [Local Area Connection 2] opened: \\.\Global\{FBDFD484-E21F-432C-A2D8-4C2DFA057CB9}.tap
Wed Nov 14 19:43:50 2018 TAP-Windows Driver Version 9.21 
Wed Nov 14 19:43:50 2018 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.8.0.6/255.255.255.252 on interface {FBDFD484-E21F-432C-A2D8-4C2DFA057CB9} [DHCP-serv: 10.8.0.5, lease-time: 31536000]
Wed Nov 14 19:43:50 2018 Successful ARP Flush on interface [18] {FBDFD484-E21F-432C-A2D8-4C2DFA057CB9}
Wed Nov 14 19:43:50 2018 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Wed Nov 14 19:43:50 2018 MANAGEMENT: >STATE:1542210230,ASSIGN_IP,,10.8.0.6,,,,
Wed Nov 14 19:43:55 2018 TEST ROUTES: 2/2 succeeded len=1 ret=1 a=0 u/d=up
Wed Nov 14 19:43:55 2018 C:\Windows\system32\route.exe ADD 104.248.243.154 MASK 255.255.255.255 192.168.1.2
Wed Nov 14 19:43:55 2018 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=25 and dwForwardType=4
Wed Nov 14 19:43:55 2018 Route addition via IPAPI succeeded [adaptive]
Wed Nov 14 19:43:55 2018 C:\Windows\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.8.0.5
Wed Nov 14 19:43:55 2018 Route addition via IPAPI succeeded [adaptive]
Wed Nov 14 19:43:55 2018 C:\Windows\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.8.0.5
Wed Nov 14 19:43:55 2018 Route addition via IPAPI succeeded [adaptive]
Wed Nov 14 19:43:55 2018 MANAGEMENT: >STATE:1542210235,ADD_ROUTES,,,,,,
Wed Nov 14 19:43:55 2018 C:\Windows\system32\route.exe ADD 10.8.0.1 MASK 255.255.255.255 10.8.0.5
Wed Nov 14 19:43:55 2018 Route addition via IPAPI succeeded [adaptive]
Wed Nov 14 19:43:55 2018 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Wed Nov 14 19:43:55 2018 Initialization Sequence 19:43leted
Wed Nov 14 19:43:55 2018 MANAGEMENT: >STATE:1542210235,CONNECTED,SUCCESS,10.8.0.6,104.248.243.154,1194,,
Wed Nov 14 19:44:48 2018 C:\Windows\system32\route.exe DELETE 10.8.0.1 MASK 255.255.255.255 10.8.0.5
Wed Nov 14 19:44:48 2018 Route deletion via IPAPI succeeded [adaptive]
Wed Nov 14 19:44:48 2018 C:\Windows\system32\route.exe DELETE 104.248.243.154 MASK 255.255.255.255 192.168.1.2
Wed Nov 14 19:44:48 2018 Route deletion via IPAPI succeeded [adaptive]
Wed Nov 14 19:44:48 2018 C:\Windows\system32\route.exe DELETE 0.0.0.0 MASK 128.0.0.0 10.8.0.5
Wed Nov 14 19:44:48 2018 Route deletion via IPAPI succeeded [adaptive]
Wed Nov 14 19:44:48 2018 C:\Windows\system32\route.exe DELETE 128.0.0.0 MASK 128.0.0.0 10.8.0.5
Wed Nov 14 19:44:48 2018 Route deletion via IPAPI succeeded [adaptive]
Wed Nov 14 19:44:48 2018 Closing TUN/TAP interface
Wed Nov 14 19:44:48 2018 TAP: DHCP address released
Wed Nov 14 19:44:48 2018 SIGTERM[hard,] received, process exiting
Wed Nov 14 19:44:48 2018 MANAGEMENT: >STATE:1542210288,EXITING,SIGTERM,,,,,
Last edited by Shervin on Wed Nov 14, 2018 4:30 pm, edited 1 time in total.
Top
Shervin
OpenVpn Newbie
Posts: 7
Joined: Sat Oct 27, 2018 5:38 am

Re: OpenVPN client connects but no internet access

Post by Shervin » Wed Nov 14, 2018 4:06 pm

This is the -verb 6 log which seems interesting to me. I'm sure you can find the problem and hopefully a solution for it somewhere in the log: (Added the line numbers for simplicity)

Code: Select all

001Wed Nov 14 20:01:17 2018 us=841523 client1/5.112.1.69:2893 [client1] Inactivity timeout (--ping-restart), restarting
002Wed Nov 14 20:01:17 2018 us=841629 client1/5.112.1.69:2893 SIGUSR1[soft,ping-restart] received, client-instance restarting
003Wed Nov 14 20:02:30 2018 us=33862 event_wait : Interrupted system call (code=4)
004Wed Nov 14 20:02:30 2018 us=34053 TCP/UDP: Closing socket
005Wed Nov 14 20:02:30 2018 us=34108 /sbin/ip route del 10.8.0.0/24
006RTNETLINK answers: Operation not permitted
007Wed Nov 14 20:02:30 2018 us=35372 ERROR: Linux route delete command failed: external program exited with error status: 2
008Wed Nov 14 20:02:30 2018 us=35418 Closing TUN/TAP interface
009Wed Nov 14 20:02:30 2018 us=35444 /sbin/ip addr del dev tun0 local 10.8.0.1 peer 10.8.0.2
010RTNETLINK answers: Operation not permitted
011Wed Nov 14 20:02:30 2018 us=36524 Linux ip addr del failed: external program exited with error status: 2
012Wed Nov 14 20:02:30 2018 us=48717 SIGTERM[hard,] received, process exiting
013Wed Nov 14 20:02:30 2018 us=66444 Current Parameter Settings:
014Wed Nov 14 20:02:30 2018 us=66486   config = '/etc/openvpn/server.conf'
015Wed Nov 14 20:02:30 2018 us=66495   mode = 1
016Wed Nov 14 20:02:30 2018 us=66501   persist_config = DISABLED
017Wed Nov 14 20:02:30 2018 us=66506   persist_mode = 1
018Wed Nov 14 20:02:30 2018 us=66512   show_ciphers = DISABLED
019Wed Nov 14 20:02:30 2018 us=66517   show_digests = DISABLED
020Wed Nov 14 20:02:30 2018 us=66523   show_engines = DISABLED
021Wed Nov 14 20:02:30 2018 us=66528   genkey = DISABLED
022Wed Nov 14 20:02:30 2018 us=66533   key_pass_file = '[UNDEF]'
023Wed Nov 14 20:02:30 2018 us=66539   show_tls_ciphers = DISABLED
024Wed Nov 14 20:02:30 2018 us=66544 Connection profiles [default]:
025Wed Nov 14 20:02:30 2018 us=66550   proto = udp
026Wed Nov 14 20:02:30 2018 us=66555   local = '[UNDEF]'
027Wed Nov 14 20:02:30 2018 us=66561   local_port = 1194
028Wed Nov 14 20:02:30 2018 us=66566   remote = '[UNDEF]'
029Wed Nov 14 20:02:30 2018 us=66571   remote_port = 1194
030Wed Nov 14 20:02:30 2018 us=66577   remote_float = DISABLED
031Wed Nov 14 20:02:30 2018 us=66582   bind_defined = DISABLED
032Wed Nov 14 20:02:30 2018 us=66587   bind_local = ENABLED
033Wed Nov 14 20:02:30 2018 us=66593   connect_retry_seconds = 5
034Wed Nov 14 20:02:30 2018 us=66598   connect_timeout = 10
035Wed Nov 14 20:02:30 2018 us=66604   connect_retry_max = 0
036Wed Nov 14 20:02:30 2018 us=66609   socks_proxy_server = '[UNDEF]'
037Wed Nov 14 20:02:30 2018 us=66614   socks_proxy_port = 0
038Wed Nov 14 20:02:30 2018 us=66620   socks_proxy_retry = DISABLED
039Wed Nov 14 20:02:30 2018 us=66625   tun_mtu = 1500
040Wed Nov 14 20:02:30 2018 us=66630   tun_mtu_defined = ENABLED
041Wed Nov 14 20:02:30 2018 us=66636   link_mtu = 1500
042Wed Nov 14 20:02:30 2018 us=66641   link_mtu_defined = DISABLED
043Wed Nov 14 20:02:30 2018 us=66647   tun_mtu_extra = 0
044Wed Nov 14 20:02:30 2018 us=66652   tun_mtu_extra_defined = DISABLED
045Wed Nov 14 20:02:30 2018 us=66666   mtu_discover_type = -1
046Wed Nov 14 20:02:30 2018 us=66672   fragment = 0
047Wed Nov 14 20:02:30 2018 us=66690   mssfix = 1450
048Wed Nov 14 20:02:30 2018 us=66695   explicit_exit_notification = 0
049Wed Nov 14 20:02:30 2018 us=66700 Connection profiles END
050Wed Nov 14 20:02:30 2018 us=66706   remote_random = DISABLED
051Wed Nov 14 20:02:30 2018 us=66713   ipchange = '[UNDEF]'
052Wed Nov 14 20:02:30 2018 us=66720   dev = 'tun'
053Wed Nov 14 20:02:30 2018 us=66727   dev_type = '[UNDEF]'
054Wed Nov 14 20:02:30 2018 us=66734   dev_node = '[UNDEF]'
055Wed Nov 14 20:02:30 2018 us=66742   lladdr = '[UNDEF]'
056Wed Nov 14 20:02:30 2018 us=66748   topology = 1
057Wed Nov 14 20:02:30 2018 us=66755   tun_ipv6 = DISABLED
058Wed Nov 14 20:02:30 2018 us=66763   ifconfig_local = '10.8.0.1'
059Wed Nov 14 20:02:30 2018 us=66770   ifconfig_remote_netmask = '10.8.0.2'
060Wed Nov 14 20:02:30 2018 us=66781   ifconfig_noexec = DISABLED
061Wed Nov 14 20:02:30 2018 us=66789   ifconfig_nowarn = DISABLED
062Wed Nov 14 20:02:30 2018 us=66797   ifconfig_ipv6_local = '[UNDEF]'
063Wed Nov 14 20:02:30 2018 us=66806   ifconfig_ipv6_netbits = 0
064Wed Nov 14 20:02:30 2018 us=66812   ifconfig_ipv6_remote = '[UNDEF]'
065Wed Nov 14 20:02:30 2018 us=66817   shaper = 0
066Wed Nov 14 20:02:30 2018 us=66822   mtu_test = 0
067Wed Nov 14 20:02:30 2018 us=66827   mlock = DISABLED
068Wed Nov 14 20:02:30 2018 us=66832   keepalive_ping = 10
069Wed Nov 14 20:02:30 2018 us=66838   keepalive_timeout = 120
070Wed Nov 14 20:02:30 2018 us=66843   inactivity_timeout = 0
071Wed Nov 14 20:02:30 2018 us=66848   ping_send_timeout = 10
072Wed Nov 14 20:02:30 2018 us=66853   ping_rec_timeout = 240
073Wed Nov 14 20:02:30 2018 us=66858   ping_rec_timeout_action = 2
074Wed Nov 14 20:02:30 2018 us=66864   ping_timer_remote = DISABLED
075Wed Nov 14 20:02:30 2018 us=66869   remap_sigusr1 = 0
076Wed Nov 14 20:02:30 2018 us=66874   persist_tun = ENABLED
077Wed Nov 14 20:02:30 2018 us=66879   persist_local_ip = DISABLED
078Wed Nov 14 20:02:30 2018 us=66884   persist_remote_ip = DISABLED
079Wed Nov 14 20:02:30 2018 us=66889   persist_key = ENABLED
080Wed Nov 14 20:02:30 2018 us=66894   passtos = DISABLED
081Wed Nov 14 20:02:30 2018 us=66899   resolve_retry_seconds = 1000000000
082Wed Nov 14 20:02:30 2018 us=66905   username = 'nobody'
083Wed Nov 14 20:02:30 2018 us=66910   groupname = 'nogroup'
084Wed Nov 14 20:02:30 2018 us=66915   chroot_dir = '[UNDEF]'
085Wed Nov 14 20:02:30 2018 us=66920   cd_dir = '/etc/openvpn'
086Wed Nov 14 20:02:30 2018 us=66925   writepid = '/run/openvpn/server.pid'
087Wed Nov 14 20:02:30 2018 us=66930   up_script = '[UNDEF]'
088Wed Nov 14 20:02:30 2018 us=66936   down_script = '[UNDEF]'
089Wed Nov 14 20:02:30 2018 us=66941   down_pre = DISABLED
090Wed Nov 14 20:02:30 2018 us=66946   up_restart = DISABLED
091Wed Nov 14 20:02:30 2018 us=66951   up_delay = DISABLED
092Wed Nov 14 20:02:30 2018 us=66956   daemon = ENABLED
093Wed Nov 14 20:02:30 2018 us=66961   inetd = 0
094Wed Nov 14 20:02:30 2018 us=66966   log = ENABLED
095Wed Nov 14 20:02:30 2018 us=66971   suppress_timestamps = DISABLED
096Wed Nov 14 20:02:30 2018 us=66976   nice = 0
097Wed Nov 14 20:02:30 2018 us=66981   verbosity = 6
098Wed Nov 14 20:02:30 2018 us=66986   mute = 0
099Wed Nov 14 20:02:30 2018 us=66991   gremlin = 0
100Wed Nov 14 20:02:30 2018 us=66996   status_file = 'openvpn-status.log'
101Wed Nov 14 20:02:30 2018 us=67002   status_file_version = 1
102Wed Nov 14 20:02:30 2018 us=67007   status_file_update_freq = 10
103Wed Nov 14 20:02:30 2018 us=67012   occ = ENABLED
104Wed Nov 14 20:02:30 2018 us=67017   rcvbuf = 0
105Wed Nov 14 20:02:30 2018 us=67022   sndbuf = 0
106Wed Nov 14 20:02:30 2018 us=67027   mark = 0
107Wed Nov 14 20:02:30 2018 us=67032   sockflags = 0
108Wed Nov 14 20:02:30 2018 us=67037   fast_io = DISABLED
109Wed Nov 14 20:02:30 2018 us=67042   lzo = 7
110Wed Nov 14 20:02:30 2018 us=67047   route_script = '[UNDEF]'
111Wed Nov 14 20:02:30 2018 us=67052   route_default_gateway = '[UNDEF]'
112Wed Nov 14 20:02:30 2018 us=67058   route_default_metric = 0
113Wed Nov 14 20:02:30 2018 us=67063   route_noexec = DISABLED
114Wed Nov 14 20:02:30 2018 us=67068   route_delay = 0
115Wed Nov 14 20:02:30 2018 us=67074   route_delay_window = 30
116Wed Nov 14 20:02:30 2018 us=67084   route_delay_defined = DISABLED
117Wed Nov 14 20:02:30 2018 us=67089   route_nopull = DISABLED
118Wed Nov 14 20:02:30 2018 us=67094   route_gateway_via_dhcp = DISABLED
119Wed Nov 14 20:02:30 2018 us=67100   max_routes = 100
120Wed Nov 14 20:02:30 2018 us=67105   allow_pull_fqdn = DISABLED
121Wed Nov 14 20:02:30 2018 us=67111   route 10.8.0.0/255.255.255.0/nil/nil
122Wed Nov 14 20:02:30 2018 us=67116   management_addr = '[UNDEF]'
123Wed Nov 14 20:02:30 2018 us=67121   management_port = 0
124Wed Nov 14 20:02:30 2018 us=67127   management_user_pass = '[UNDEF]'
125Wed Nov 14 20:02:30 2018 us=67132   management_log_history_cache = 250
126Wed Nov 14 20:02:30 2018 us=67137   management_echo_buffer_size = 100
127Wed Nov 14 20:02:30 2018 us=67143   management_write_peer_info_file = '[UNDEF]'
128Wed Nov 14 20:02:30 2018 us=67148   management_client_user = '[UNDEF]'
129Wed Nov 14 20:02:30 2018 us=67154   management_client_group = '[UNDEF]'
130Wed Nov 14 20:02:30 2018 us=67159   management_flags = 0
131Wed Nov 14 20:02:30 2018 us=67164   shared_secret_file = '[UNDEF]'
132Wed Nov 14 20:02:30 2018 us=67170   key_direction = 1
133Wed Nov 14 20:02:30 2018 us=67175   ciphername_defined = ENABLED
134Wed Nov 14 20:02:30 2018 us=67180   ciphername = 'AES-128-CBC'
135Wed Nov 14 20:02:30 2018 us=67186   authname_defined = ENABLED
136Wed Nov 14 20:02:30 2018 us=67191   authname = 'SHA256'
137Wed Nov 14 20:02:30 2018 us=67196   prng_hash = 'SHA1'
138Wed Nov 14 20:02:30 2018 us=67201   prng_nonce_secret_len = 16
139Wed Nov 14 20:02:30 2018 us=67207   keysize = 0
140Wed Nov 14 20:02:30 2018 us=67212   engine = DISABLED
141Wed Nov 14 20:02:30 2018 us=67217   replay = ENABLED
142Wed Nov 14 20:02:30 2018 us=67222   mute_replay_warnings = DISABLED
143Wed Nov 14 20:02:30 2018 us=67228   replay_window = 64
144Wed Nov 14 20:02:30 2018 us=67233   replay_time = 15
145Wed Nov 14 20:02:30 2018 us=67238   packet_id_file = '[UNDEF]'
146Wed Nov 14 20:02:30 2018 us=67243   use_iv = ENABLED
147Wed Nov 14 20:02:30 2018 us=67249   test_crypto = DISABLED
148Wed Nov 14 20:02:30 2018 us=67254   tls_server = ENABLED
149Wed Nov 14 20:02:30 2018 us=67259   tls_client = DISABLED
150Wed Nov 14 20:02:30 2018 us=67264   key_method = 2
151Wed Nov 14 20:02:30 2018 us=67269   ca_file = 'ca.crt'
152Wed Nov 14 20:02:30 2018 us=67274   ca_path = '[UNDEF]'
153Wed Nov 14 20:02:30 2018 us=67279   dh_file = 'dh2048.pem'
154Wed Nov 14 20:02:30 2018 us=67285   cert_file = 'server.crt'
155Wed Nov 14 20:02:30 2018 us=67290   extra_certs_file = '[UNDEF]'
156Wed Nov 14 20:02:30 2018 us=67296   priv_key_file = 'server.key'
157Wed Nov 14 20:02:30 2018 us=67301   pkcs12_file = '[UNDEF]'
158Wed Nov 14 20:02:30 2018 us=67306   cipher_list = '[UNDEF]'
159Wed Nov 14 20:02:30 2018 us=67311   tls_verify = '[UNDEF]'
160Wed Nov 14 20:02:30 2018 us=67316   tls_export_cert = '[UNDEF]'
161Wed Nov 14 20:02:30 2018 us=67322   verify_x509_type = 0
162Wed Nov 14 20:02:30 2018 us=67327   verify_x509_name = '[UNDEF]'
163Wed Nov 14 20:02:30 2018 us=67332   crl_file = '[UNDEF]'
164Wed Nov 14 20:02:30 2018 us=67337   ns_cert_type = 0
165Wed Nov 14 20:02:30 2018 us=67342   remote_cert_ku[i] = 0
166Wed Nov 14 20:02:30 2018 us=67348   remote_cert_ku[i] = 0
167Wed Nov 14 20:02:30 2018 us=67353   remote_cert_ku[i] = 0
168Wed Nov 14 20:02:30 2018 us=67358   remote_cert_ku[i] = 0
169Wed Nov 14 20:02:30 2018 us=67363   remote_cert_ku[i] = 0
170Wed Nov 14 20:02:30 2018 us=67368   remote_cert_ku[i] = 0
171Wed Nov 14 20:02:30 2018 us=67373   remote_cert_ku[i] = 0
172Wed Nov 14 20:02:30 2018 us=67378   remote_cert_ku[i] = 0
173Wed Nov 14 20:02:30 2018 us=67383   remote_cert_ku[i] = 0
174Wed Nov 14 20:02:30 2018 us=67388   remote_cert_ku[i] = 0
175Wed Nov 14 20:02:30 2018 us=67393   remote_cert_ku[i] = 0
176Wed Nov 14 20:02:30 2018 us=67398   remote_cert_ku[i] = 0
177Wed Nov 14 20:02:30 2018 us=67403   remote_cert_ku[i] = 0
178Wed Nov 14 20:02:30 2018 us=67408   remote_cert_ku[i] = 0
179Wed Nov 14 20:02:30 2018 us=67413   remote_cert_ku[i] = 0
180Wed Nov 14 20:02:30 2018 us=67418   remote_cert_ku[i] = 0
181Wed Nov 14 20:02:30 2018 us=67423   remote_cert_eku = '[UNDEF]'
182Wed Nov 14 20:02:30 2018 us=67428   ssl_flags = 0
183Wed Nov 14 20:02:30 2018 us=67434   tls_timeout = 2
184Wed Nov 14 20:02:30 2018 us=67441   renegotiate_bytes = 0
185Wed Nov 14 20:02:30 2018 us=67452   renegotiate_packets = 0
186Wed Nov 14 20:02:30 2018 us=67459   renegotiate_seconds = 3600
187Wed Nov 14 20:02:30 2018 us=67467   handshake_window = 60
188Wed Nov 14 20:02:30 2018 us=67474   transition_window = 3600
189Wed Nov 14 20:02:30 2018 us=67481   single_session = DISABLED
190Wed Nov 14 20:02:30 2018 us=67488   push_peer_info = DISABLED
191Wed Nov 14 20:02:30 2018 us=67496   tls_exit = DISABLED
192Wed Nov 14 20:02:30 2018 us=67502   tls_auth_file = 'ta.key'
193Wed Nov 14 20:02:30 2018 us=67507   pkcs11_protected_authentication = DISABLED
194Wed Nov 14 20:02:30 2018 us=67513   pkcs11_protected_authentication = DISABLED
195Wed Nov 14 20:02:30 2018 us=67518   pkcs11_protected_authentication = DISABLED
196Wed Nov 14 20:02:30 2018 us=67523   pkcs11_protected_authentication = DISABLED
197Wed Nov 14 20:02:30 2018 us=67528   pkcs11_protected_authentication = DISABLED
198Wed Nov 14 20:02:30 2018 us=67534   pkcs11_protected_authentication = DISABLED
199Wed Nov 14 20:02:30 2018 us=67539   pkcs11_protected_authentication = DISABLED
200Wed Nov 14 20:02:30 2018 us=67544   pkcs11_protected_authentication = DISABLED
201Wed Nov 14 20:02:30 2018 us=67549   pkcs11_protected_authentication = DISABLED
202Wed Nov 14 20:02:30 2018 us=67554   pkcs11_protected_authentication = DISABLED
203Wed Nov 14 20:02:30 2018 us=67560   pkcs11_protected_authentication = DISABLED
204Wed Nov 14 20:02:30 2018 us=67565   pkcs11_protected_authentication = DISABLED
205Wed Nov 14 20:02:30 2018 us=67570   pkcs11_protected_authentication = DISABLED
206Wed Nov 14 20:02:30 2018 us=67575   pkcs11_protected_authentication = DISABLED
207Wed Nov 14 20:02:30 2018 us=67580   pkcs11_protected_authentication = DISABLED
208Wed Nov 14 20:02:30 2018 us=67586   pkcs11_protected_authentication = DISABLED
209Wed Nov 14 20:02:30 2018 us=67591   pkcs11_private_mode = 00000000
210Wed Nov 14 20:02:30 2018 us=67597   pkcs11_private_mode = 00000000
211Wed Nov 14 20:02:30 2018 us=67602   pkcs11_private_mode = 00000000
212Wed Nov 14 20:02:30 2018 us=67607   pkcs11_private_mode = 00000000
213Wed Nov 14 20:02:30 2018 us=67612   pkcs11_private_mode = 00000000
214Wed Nov 14 20:02:30 2018 us=67617   pkcs11_private_mode = 00000000
215Wed Nov 14 20:02:30 2018 us=67622   pkcs11_private_mode = 00000000
216Wed Nov 14 20:02:30 2018 us=67627   pkcs11_private_mode = 00000000
217Wed Nov 14 20:02:30 2018 us=67632   pkcs11_private_mode = 00000000
218Wed Nov 14 20:02:30 2018 us=67637   pkcs11_private_mode = 00000000
219Wed Nov 14 20:02:30 2018 us=67643   pkcs11_private_mode = 00000000
220Wed Nov 14 20:02:30 2018 us=67648   pkcs11_private_mode = 00000000
221Wed Nov 14 20:02:30 2018 us=67655   pkcs11_private_mode = 00000000
222Wed Nov 14 20:02:30 2018 us=67663   pkcs11_private_mode = 00000000
223Wed Nov 14 20:02:30 2018 us=67671   pkcs11_private_mode = 00000000
224Wed Nov 14 20:02:30 2018 us=67679   pkcs11_private_mode = 00000000
225Wed Nov 14 20:02:30 2018 us=67687   pkcs11_cert_private = DISABLED
226Wed Nov 14 20:02:30 2018 us=67693   pkcs11_cert_private = DISABLED
227Wed Nov 14 20:02:30 2018 us=67700   pkcs11_cert_private = DISABLED
228Wed Nov 14 20:02:30 2018 us=67707   pkcs11_cert_private = DISABLED
229Wed Nov 14 20:02:30 2018 us=67715   pkcs11_cert_private = DISABLED
230Wed Nov 14 20:02:30 2018 us=67723   pkcs11_cert_private = DISABLED
231Wed Nov 14 20:02:30 2018 us=67732   pkcs11_cert_private = DISABLED
232Wed Nov 14 20:02:30 2018 us=67741   pkcs11_cert_private = DISABLED
233Wed Nov 14 20:02:30 2018 us=67748   pkcs11_cert_private = DISABLED
234Wed Nov 14 20:02:30 2018 us=67754   pkcs11_cert_private = DISABLED
235Wed Nov 14 20:02:30 2018 us=67761   pkcs11_cert_private = DISABLED
236Wed Nov 14 20:02:30 2018 us=67768   pkcs11_cert_private = DISABLED
237Wed Nov 14 20:02:30 2018 us=67777   pkcs11_cert_private = DISABLED
238Wed Nov 14 20:02:30 2018 us=67786   pkcs11_cert_private = DISABLED
239Wed Nov 14 20:02:30 2018 us=67793   pkcs11_cert_private = DISABLED
240Wed Nov 14 20:02:30 2018 us=67799   pkcs11_cert_private = DISABLED
241Wed Nov 14 20:02:30 2018 us=67804   pkcs11_pin_cache_period = -1
242Wed Nov 14 20:02:30 2018 us=67810   pkcs11_id = '[UNDEF]'
243Wed Nov 14 20:02:30 2018 us=67815   pkcs11_id_management = DISABLED
244Wed Nov 14 20:02:30 2018 us=67825   server_network = 10.8.0.0
245Wed Nov 14 20:02:30 2018 us=67831   server_netmask = 255.255.255.0
246Wed Nov 14 20:02:30 2018 us=67843   server_network_ipv6 = ::
247Wed Nov 14 20:02:30 2018 us=67849   server_netbits_ipv6 = 0
248Wed Nov 14 20:02:30 2018 us=67855   server_bridge_ip = 0.0.0.0
249Wed Nov 14 20:02:30 2018 us=67861   server_bridge_netmask = 0.0.0.0
250Wed Nov 14 20:02:30 2018 us=67866   server_bridge_pool_start = 0.0.0.0
251Wed Nov 14 20:02:30 2018 us=67872   server_bridge_pool_end = 0.0.0.0
252Wed Nov 14 20:02:30 2018 us=67878   push_entry = 'redirect-gateway def1 bypass-dhcp'
253Wed Nov 14 20:02:30 2018 us=67884   push_entry = 'dhcp-option DNS 208.67.222.222'
254Wed Nov 14 20:02:30 2018 us=67889   push_entry = 'dhcp-option DNS 208.67.220.220'
255Wed Nov 14 20:02:30 2018 us=67895   push_entry = 'route 10.8.0.1'
256Wed Nov 14 20:02:30 2018 us=67900   push_entry = 'topology net30'
257Wed Nov 14 20:02:30 2018 us=67905   push_entry = 'ping 10'
258Wed Nov 14 20:02:30 2018 us=67911   push_entry = 'ping-restart 120'
259Wed Nov 14 20:02:30 2018 us=67916   ifconfig_pool_defined = ENABLED
260Wed Nov 14 20:02:30 2018 us=67924   ifconfig_pool_start = 10.8.0.4
261Wed Nov 14 20:02:30 2018 us=67930   ifconfig_pool_end = 10.8.0.251
262Wed Nov 14 20:02:30 2018 us=67936   ifconfig_pool_netmask = 0.0.0.0
263Wed Nov 14 20:02:30 2018 us=67942   ifconfig_pool_persist_filename = 'ipp.txt'
264Wed Nov 14 20:02:30 2018 us=67947   ifconfig_pool_persist_refresh_freq = 600
265Wed Nov 14 20:02:30 2018 us=67952   ifconfig_ipv6_pool_defined = DISABLED
266Wed Nov 14 20:02:30 2018 us=67958   ifconfig_ipv6_pool_base = ::
267Wed Nov 14 20:02:30 2018 us=67963   ifconfig_ipv6_pool_netbits = 0
268Wed Nov 14 20:02:30 2018 us=67969   n_bcast_buf = 256
269Wed Nov 14 20:02:30 2018 us=67974   tcp_queue_limit = 64
270Wed Nov 14 20:02:30 2018 us=67979   real_hash_size = 256
271Wed Nov 14 20:02:30 2018 us=67984   virtual_hash_size = 256
272Wed Nov 14 20:02:30 2018 us=67990   client_connect_script = '[UNDEF]'
273Wed Nov 14 20:02:30 2018 us=67995   learn_address_script = '[UNDEF]'
274Wed Nov 14 20:02:30 2018 us=68000   client_disconnect_script = '[UNDEF]'
275Wed Nov 14 20:02:30 2018 us=68005   client_config_dir = '[UNDEF]'
276Wed Nov 14 20:02:30 2018 us=68011   ccd_exclusive = DISABLED
277Wed Nov 14 20:02:30 2018 us=68016   tmp_dir = '/tmp'
278Wed Nov 14 20:02:30 2018 us=68021   push_ifconfig_defined = DISABLED
279Wed Nov 14 20:02:30 2018 us=68027   push_ifconfig_local = 0.0.0.0
280Wed Nov 14 20:02:30 2018 us=68033   push_ifconfig_remote_netmask = 0.0.0.0
281Wed Nov 14 20:02:30 2018 us=68038   push_ifconfig_ipv6_defined = DISABLED
282Wed Nov 14 20:02:30 2018 us=68044   push_ifconfig_ipv6_local = ::/0
283Wed Nov 14 20:02:30 2018 us=68050   push_ifconfig_ipv6_remote = ::
284Wed Nov 14 20:02:30 2018 us=68055   enable_c2c = DISABLED
285Wed Nov 14 20:02:30 2018 us=68060   duplicate_cn = DISABLED
286Wed Nov 14 20:02:30 2018 us=68065   cf_max = 0
287Wed Nov 14 20:02:30 2018 us=68070   cf_per = 0
288Wed Nov 14 20:02:30 2018 us=68076   max_clients = 1024
289Wed Nov 14 20:02:30 2018 us=68081   max_routes_per_client = 256
290Wed Nov 14 20:02:30 2018 us=68086   auth_user_pass_verify_script = '[UNDEF]'
291Wed Nov 14 20:02:30 2018 us=68091   auth_user_pass_verify_script_via_file = DISABLED
292Wed Nov 14 20:02:30 2018 us=68097   port_share_host = '[UNDEF]'
293Wed Nov 14 20:02:30 2018 us=68102   port_share_port = 0
294Wed Nov 14 20:02:30 2018 us=68107   client = DISABLED
295Wed Nov 14 20:02:30 2018 us=68113   pull = DISABLED
296Wed Nov 14 20:02:30 2018 us=68118   auth_user_pass_file = '[UNDEF]'
297Wed Nov 14 20:02:30 2018 us=68125 OpenVPN 2.3.10 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jun 22 2017
298Wed Nov 14 20:02:30 2018 us=68138 library versions: OpenSSL 1.0.2g  1 Mar 2016, LZO 2.08
299Wed Nov 14 20:02:30 2018 us=73689 Diffie-Hellman initialized with 2048 bit key
300Wed Nov 14 20:02:30 2018 us=74143 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
301Wed Nov 14 20:02:30 2018 us=74169 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
302Wed Nov 14 20:02:30 2018 us=74181 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
303Wed Nov 14 20:02:30 2018 us=74204 TLS-Auth MTU parms [ L:1570 D:1172 EF:78 EB:0 ET:0 EL:3 ]
304Wed Nov 14 20:02:30 2018 us=74224 Socket Buffers: R=[212992->212992] S=[212992->212992]
305Wed Nov 14 20:02:30 2018 us=74328 ROUTE_GATEWAY 104.248.240.1/255.255.240.0 IFACE=eth0 HWADDR=4e:fe:c2:42:fe:82
306Wed Nov 14 20:02:30 2018 us=75766 TUN/TAP device tun0 opened
307Wed Nov 14 20:02:30 2018 us=75806 TUN/TAP TX queue length set to 100
308Wed Nov 14 20:02:30 2018 us=75824 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
309Wed Nov 14 20:02:30 2018 us=75847 /sbin/ip link set dev tun0 up mtu 1500
310Wed Nov 14 20:02:30 2018 us=77157 /sbin/ip addr add dev tun0 local 10.8.0.1 peer 10.8.0.2
311Wed Nov 14 20:02:30 2018 us=79177 /sbin/ip route add 10.8.0.0/24 via 10.8.0.2
312Wed Nov 14 20:02:30 2018 us=80084 Data Channel MTU parms [ L:1570 D:1450 EF:70 EB:143 ET:0 EL:3 AF:3/1 ]
313Wed Nov 14 20:02:30 2018 us=84654 GID set to nogroup
314Wed Nov 14 20:02:30 2018 us=84695 UID set to nobody
315Wed Nov 14 20:02:30 2018 us=84708 UDPv4 link local (bound): [undef]
316Wed Nov 14 20:02:30 2018 us=84717 UDPv4 link remote: [undef]
317Wed Nov 14 20:02:30 2018 us=84732 MULTI: multi_init called, r=256 v=256
318Wed Nov 14 20:02:30 2018 us=84764 IFCONFIG POOL: base=10.8.0.4 size=62, ipv6=0
319Wed Nov 14 20:02:30 2018 us=84779 ifconfig_pool_read(), in='client1,10.8.0.4', TODO: IPv6
320Wed Nov 14 20:02:30 2018 us=84790 succeeded -> ifconfig_pool_set()
321Wed Nov 14 20:02:30 2018 us=84801 IFCONFIG POOL LIST
322Wed Nov 14 20:02:30 2018 us=84811 client1,10.8.0.4
323Wed Nov 14 20:02:30 2018 us=84838 Initialization Sequence Completed
324Wed Nov 14 20:02:38 2018 us=965715 MULTI: multi_create_instance called
325Wed Nov 14 20:02:38 2018 us=965771 5.112.1.69:2896 Re-using SSL/TLS context
326Wed Nov 14 20:02:38 2018 us=965821 5.112.1.69:2896 LZO compression initialized
327Wed Nov 14 20:02:38 2018 us=965964 5.112.1.69:2896 Control Channel MTU parms [ L:1570 D:1172 EF:78 EB:0 ET:0 EL:3 ]
328Wed Nov 14 20:02:38 2018 us=965987 5.112.1.69:2896 Data Channel MTU parms [ L:1570 D:1450 EF:70 EB:143 ET:0 EL:3 AF:3/1 ]
329Wed Nov 14 20:02:38 2018 us=966020 5.112.1.69:2896 Local Options String: 'V4,dev-type tun,link-mtu 1570,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-128-CBC,auth SHA256,keysize 128,tls-auth,key-method 2,tls-server'
330Wed Nov 14 20:02:38 2018 us=966033 5.112.1.69:2896 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1570,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-128-CBC,auth SHA256,keysize 128,tls-auth,key-method 2,tls-client'
331Wed Nov 14 20:02:38 2018 us=966055 5.112.1.69:2896 Local Options hash (VER=V4): '1089825c'
332Wed Nov 14 20:02:38 2018 us=966072 5.112.1.69:2896 Expected Remote Options hash (VER=V4): '6907942a'
333Wed Nov 14 20:02:38 2018 us=966106 5.112.1.69:2896 UDPv4 READ [54] from [AF_INET]5.112.1.69:2896: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #1 ] [ ] pid=0 DATA len=0
334Wed Nov 14 20:02:38 2018 us=966123 5.112.1.69:2896 TLS: Initial packet from [AF_INET]5.112.1.69:2896, sid=9bdb74f8 3a1978e7
335Wed Nov 14 20:02:38 2018 us=966163 5.112.1.69:2896 UDPv4 WRITE [66] to [AF_INET]5.112.1.69:2896: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 pid=[ #1 ] [ 0 ] pid=0 DATA len=0
336Wed Nov 14 20:02:39 2018 us=73052 5.112.1.69:2896 UDPv4 READ [62] from [AF_INET]5.112.1.69:2896: P_ACK_V1 kid=0 pid=[ #2 ] [ 0 ]
337Wed Nov 14 20:02:39 2018 us=79942 5.112.1.69:2896 UDPv4 READ [214] from [AF_INET]5.112.1.69:2896: P_CONTROL_V1 kid=0 pid=[ #3 ] [ ] pid=1 DATA len=160
338Wed Nov 14 20:02:39 2018 us=91360 5.112.1.69:2896 UDPv4 WRITE [1160] to [AF_INET]5.112.1.69:2896: P_CONTROL_V1 kid=0 pid=[ #2 ] [ 1 ] pid=1 DATA len=1094
339Wed Nov 14 20:02:39 2018 us=91575 5.112.1.69:2896 UDPv4 WRITE [1148] to [AF_INET]5.112.1.69:2896: P_CONTROL_V1 kid=0 pid=[ #3 ] [ ] pid=2 DATA len=1094
340Wed Nov 14 20:02:39 2018 us=91648 5.112.1.69:2896 UDPv4 WRITE [1148] to [AF_INET]5.112.1.69:2896: P_CONTROL_V1 kid=0 pid=[ #4 ] [ ] pid=3 DATA len=1094
341Wed Nov 14 20:02:39 2018 us=91710 5.112.1.69:2896 UDPv4 WRITE [575] to [AF_INET]5.112.1.69:2896: P_CONTROL_V1 kid=0 pid=[ #5 ] [ ] pid=4 DATA len=521
342Wed Nov 14 20:02:39 2018 us=192883 5.112.1.69:2896 UDPv4 READ [62] from [AF_INET]5.112.1.69:2896: P_ACK_V1 kid=0 pid=[ #4 ] [ 1 ]
343Wed Nov 14 20:02:39 2018 us=200868 5.112.1.69:2896 UDPv4 READ [62] from [AF_INET]5.112.1.69:2896: P_ACK_V1 kid=0 pid=[ #5 ] [ 2 ]
344Wed Nov 14 20:02:39 2018 us=208898 5.112.1.69:2896 UDPv4 READ [62] from [AF_INET]5.112.1.69:2896: P_ACK_V1 kid=0 pid=[ #6 ] [ 3 ]
345Wed Nov 14 20:02:39 2018 us=271068 5.112.1.69:2896 UDPv4 READ [1160] from [AF_INET]5.112.1.69:2896: P_CONTROL_V1 kid=0 pid=[ #7 ] [ 4 ] pid=2 DATA len=1094
346Wed Nov 14 20:02:39 2018 us=271268 5.112.1.69:2896 UDPv4 WRITE [62] to [AF_INET]5.112.1.69:2896: P_ACK_V1 kid=0 pid=[ #6 ] [ 2 ]
347Wed Nov 14 20:02:39 2018 us=271366 5.112.1.69:2896 UDPv4 READ [1148] from [AF_INET]5.112.1.69:2896: P_CONTROL_V1 kid=0 pid=[ #8 ] [ ] pid=3 DATA len=1094
348Wed Nov 14 20:02:39 2018 us=271422 5.112.1.69:2896 UDPv4 WRITE [62] to [AF_INET]5.112.1.69:2896: P_ACK_V1 kid=0 pid=[ #7 ] [ 3 ]
349Wed Nov 14 20:02:39 2018 us=271863 5.112.1.69:2896 UDPv4 READ [1148] from [AF_INET]5.112.1.69:2896: P_CONTROL_V1 kid=0 pid=[ #9 ] [ ] pid=4 DATA len=1094
350Wed Nov 14 20:02:39 2018 us=272611 5.112.1.69:2896 VERIFY OK: depth=1, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=Fort-Funston CA, name=server, emailAddress=me@myhost.mydomain
351Wed Nov 14 20:02:39 2018 us=272893 5.112.1.69:2896 VERIFY OK: depth=0, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=client1, name=server, emailAddress=me@myhost.mydomain
352Wed Nov 14 20:02:39 2018 us=280384 5.112.1.69:2896 UDPv4 WRITE [62] to [AF_INET]5.112.1.69:2896: P_ACK_V1 kid=0 pid=[ #8 ] [ 4 ]
353Wed Nov 14 20:02:39 2018 us=280530 5.112.1.69:2896 UDPv4 READ [57] from [AF_INET]5.112.1.69:2896: P_CONTROL_V1 kid=0 pid=[ #10 ] [ ] pid=5 DATA len=3
354Wed Nov 14 20:02:39 2018 us=280711 5.112.1.69:2896 UDPv4 WRITE [117] to [AF_INET]5.112.1.69:2896: P_CONTROL_V1 kid=0 pid=[ #9 ] [ 5 ] pid=5 DATA len=51
355Wed Nov 14 20:02:39 2018 us=410917 5.112.1.69:2896 UDPv4 READ [513] from [AF_INET]5.112.1.69:2896: P_CONTROL_V1 kid=0 pid=[ #11 ] [ 5 ] pid=6 DATA len=447
356Wed Nov 14 20:02:39 2018 us=411206 5.112.1.69:2896 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
357Wed Nov 14 20:02:39 2018 us=411237 5.112.1.69:2896 Data Channel Encrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
358Wed Nov 14 20:02:39 2018 us=411253 5.112.1.69:2896 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
359Wed Nov 14 20:02:39 2018 us=411271 5.112.1.69:2896 Data Channel Decrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
360Wed Nov 14 20:02:39 2018 us=411318 5.112.1.69:2896 UDPv4 WRITE [321] to [AF_INET]5.112.1.69:2896: P_CONTROL_V1 kid=0 pid=[ #10 ] [ 6 ] pid=6 DATA len=255
361Wed Nov 14 20:02:39 2018 us=511872 5.112.1.69:2896 UDPv4 READ [62] from [AF_INET]5.112.1.69:2896: P_ACK_V1 kid=0 pid=[ #12 ] [ 6 ]
362Wed Nov 14 20:02:39 2018 us=511999 5.112.1.69:2896 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
363Wed Nov 14 20:02:39 2018 us=512051 5.112.1.69:2896 [client1] Peer Connection Initiated with [AF_INET]5.112.1.69:2896
364Wed Nov 14 20:02:39 2018 us=512100 client1/5.112.1.69:2896 MULTI_sva: pool returned IPv4=10.8.0.6, IPv6=(Not enabled)
365Wed Nov 14 20:02:39 2018 us=512181 client1/5.112.1.69:2896 MULTI: Learn: 10.8.0.6 -> client1/5.112.1.69:2896
366Wed Nov 14 20:02:39 2018 us=512202 client1/5.112.1.69:2896 MULTI: primary virtual IP for client1/5.112.1.69:2896: 10.8.0.6
367Wed Nov 14 20:02:40 2018 us=570043 client1/5.112.1.69:2896 UDPv4 READ [96] from [AF_INET]5.112.1.69:2896: P_CONTROL_V1 kid=0 pid=[ #13 ] [ ] pid=7 DATA len=42
368Wed Nov 14 20:02:40 2018 us=570157 client1/5.112.1.69:2896 PUSH: Received control message: 'PUSH_REQUEST'
369Wed Nov 14 20:02:40 2018 us=570177 client1/5.112.1.69:2896 send_push_reply(): safe_cap=940
370Wed Nov 14 20:02:40 2018 us=570202 client1/5.112.1.69:2896 SENT CONTROL [client1]: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 208.67.222.222,dhcp-option DNS 208.67.220.220,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5' (status=1)
371Wed Nov 14 20:02:40 2018 us=570244 client1/5.112.1.69:2896 UDPv4 WRITE [62] to [AF_INET]5.112.1.69:2896: P_ACK_V1 kid=0 pid=[ #11 ] [ 7 ]
372Wed Nov 14 20:02:40 2018 us=570313 client1/5.112.1.69:2896 UDPv4 WRITE [272] to [AF_INET]5.112.1.69:2896: P_CONTROL_V1 kid=0 pid=[ #12 ] [ ] pid=7 DATA len=218
373Wed Nov 14 20:02:40 2018 us=732114 client1/5.112.1.69:2896 UDPv4 READ [62] from [AF_INET]5.112.1.69:2896: P_ACK_V1 kid=0 pid=[ #14 ] [ 7 ]
374Wed Nov 14 20:02:40 2018 us=791190 client1/5.112.1.69:2896 UDPv4 READ [129] from [AF_INET]5.112.1.69:2896: P_DATA_V1 kid=0 DATA len=128
375Wed Nov 14 20:02:40 2018 us=791306 client1/5.112.1.69:2896 MULTI: bad source address from client [::], packet dropped
376Wed Nov 14 20:02:40 2018 us=791380 client1/5.112.1.69:2896 UDPv4 READ [113] from [AF_INET]5.112.1.69:2896: P_DATA_V1 kid=0 DATA len=112
377Wed Nov 14 20:02:40 2018 us=791437 client1/5.112.1.69:2896 UDPv4 READ [145] from [AF_INET]5.112.1.69:2896: P_DATA_V1 kid=0 DATA len=144
378Wed Nov 14 20:02:40 2018 us=850034 client1/5.112.1.69:2896 UDPv4 READ [145] from [AF_INET]5.112.1.69:2896: P_DATA_V1 kid=0 DATA len=144
379Wed Nov 14 20:02:50 2018 us=946606 client1/5.112.1.69:2896 UDPv4 WRITE [81] to [AF_INET]5.112.1.69:2896: P_DATA_V1 kid=0 DATA len=80
380
Top
Shervin
OpenVpn Newbie
Posts: 7
Joined: Sat Oct 27, 2018 5:38 am

Re: OpenVPN client connects but no internet access

Post by Shervin » Thu Nov 15, 2018 3:08 pm

TinCanTech wrote:
Wed Nov 14, 2018 11:58 am
 Please post your server log at --verb 4
Would you help me please?
Top
TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: OpenVPN client connects but no internet access

Post by TinCanTech » Thu Nov 15, 2018 4:07 pm

Sorry, I cannot see anything wrong with your openvpn setup.

Maybe you have to setup your firewall or some other digitalocean setting ..

If you cannot find help any where else you can contact me privately : tincanteksup <at> gmail
Top
Post Reply

Return to “Configuration”