My first time ;)
Posted: Wed Oct 02, 2019 10:04 am
Hello everybody
I'm a newbie with OpenVPN and for make experiance myself I using a test environment.
[Computer A] <-> Router <-> [Computer B]
More detailed:
[opt. connected WLAN Adapter (internet) + LAN Adapter] <-> Router <-> [LAN Adapter]
[192.168.2.100 (if connected) + 192.168.3.2] <-> [192.168.3.1 <NAT> 192.168.1.7] <-> [192.168.1.50]
192.168.3.1 should represent my WAN side (router plug).
As you can see, it is a really simple configuration.
In my first step, I configured the 192.168.1.50 host as server and 192.168.3.2 as client and this worked. It was possible to enter \\192.168.1.50 and saw my shared folders.
(of course because I'm comming from WAN side, I had needed a port forwarding)
Also Microsofts Remotedesktop works, too.
Now, I swapped client and server side. Therefore I copied the ovpn files and update the ip addresses.
I thought that this szenario shound more easier, because packets are only outgoing packet and doesn't need port forwardings. But not.
The new client 192.168.1.50 is able to connect 192.168.3.2, but browsing \\192.168.3.2 in explorer fails!?
(Microsofts Remotedesktop is also able to connect)
Here my server config:
[oconf]
local 192.168.3.2
port 1194
proto udp
dev tun
cipher BF-CBC
dh "C:\\Programme\\OpenVPN\\server-keys\\dh2048.pem"
ca "C:\\Programme\\OpenVPN\\server-keys\\ca.crt"
cert "C:\\Programme\\OpenVPN\\server-keys\\Server.crt"
key "C:\\Programme\\OpenVPN\\server-keys\\Server.key"
tls-server
tls-auth "C:\\Programme\\OpenVPN\\server-keys\\ta.key" 0
server 10.19.15.0 255.255.255.0
ifconfig-pool-persist "C:\\Programme\\OpenVPN\\ipp.txt"
client-to-client
client-config-dir "C:\\Programme\\OpenVPN\\ccd"
push "route 192.168.3.0 255.255.255.0"
push "dhcp-option DNS 192.168.3.1"
keepalive 10 120
persist-key
persist-tun
status "C:\\Programme\\OpenVPN\\log\\openvpn-status.log"
log "C:\\Programme\\OpenVPN\\log\\openvpn.log"
log-append "C:\\Programme\\OpenVPN\\log\\openvpn.log"
verb 3
[/oconf]
Client side looks
[oconf]
client
dev tun
proto udp
resolv-retry infinite
nobind
persist-key
persist-tun
ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\config\\dd-wrt.crt"
key "C:\\Program Files\\OpenVPN\\config\\dd-wrt.key"
remote-cert-tls server
tls-client
tls-auth "C:\\Program Files\\OpenVPN\\config\\ta.key" 1
cipher BF-CBC
verb 3
tun-mtu 1500
[/oconf]
trace route doesn't find a route
But print route shows, that trace route should know the way
192.168.3.0 255.255.255.0 10.19.15.5 10.19.15.6 35
Firewall port 1194 of windows are opened.
I am at a loss...
You?
Log of server:
Log of client:
I'm a newbie with OpenVPN and for make experiance myself I using a test environment.
[Computer A] <-> Router <-> [Computer B]
More detailed:
[opt. connected WLAN Adapter (internet) + LAN Adapter] <-> Router <-> [LAN Adapter]
[192.168.2.100 (if connected) + 192.168.3.2] <-> [192.168.3.1 <NAT> 192.168.1.7] <-> [192.168.1.50]
192.168.3.1 should represent my WAN side (router plug).
As you can see, it is a really simple configuration.
In my first step, I configured the 192.168.1.50 host as server and 192.168.3.2 as client and this worked. It was possible to enter \\192.168.1.50 and saw my shared folders.
(of course because I'm comming from WAN side, I had needed a port forwarding)
Also Microsofts Remotedesktop works, too.
Now, I swapped client and server side. Therefore I copied the ovpn files and update the ip addresses.
I thought that this szenario shound more easier, because packets are only outgoing packet and doesn't need port forwardings. But not.
The new client 192.168.1.50 is able to connect 192.168.3.2, but browsing \\192.168.3.2 in explorer fails!?
(Microsofts Remotedesktop is also able to connect)
Here my server config:
[oconf]
local 192.168.3.2
port 1194
proto udp
dev tun
cipher BF-CBC
dh "C:\\Programme\\OpenVPN\\server-keys\\dh2048.pem"
ca "C:\\Programme\\OpenVPN\\server-keys\\ca.crt"
cert "C:\\Programme\\OpenVPN\\server-keys\\Server.crt"
key "C:\\Programme\\OpenVPN\\server-keys\\Server.key"
tls-server
tls-auth "C:\\Programme\\OpenVPN\\server-keys\\ta.key" 0
server 10.19.15.0 255.255.255.0
ifconfig-pool-persist "C:\\Programme\\OpenVPN\\ipp.txt"
client-to-client
client-config-dir "C:\\Programme\\OpenVPN\\ccd"
push "route 192.168.3.0 255.255.255.0"
push "dhcp-option DNS 192.168.3.1"
keepalive 10 120
persist-key
persist-tun
status "C:\\Programme\\OpenVPN\\log\\openvpn-status.log"
log "C:\\Programme\\OpenVPN\\log\\openvpn.log"
log-append "C:\\Programme\\OpenVPN\\log\\openvpn.log"
verb 3
[/oconf]
Client side looks
[oconf]
client
dev tun
proto udp
resolv-retry infinite
nobind
persist-key
persist-tun
ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\config\\dd-wrt.crt"
key "C:\\Program Files\\OpenVPN\\config\\dd-wrt.key"
remote-cert-tls server
tls-client
tls-auth "C:\\Program Files\\OpenVPN\\config\\ta.key" 1
cipher BF-CBC
verb 3
tun-mtu 1500
[/oconf]
trace route doesn't find a route
Code: Select all
C:\Users\Administrator>tracert 192.168.3.2
Routenverfolgung zu 192.168.3.2 über maximal 30 Hops
1 * * * Zeitüberschreitung der Anforderung.
2 * * * Zeitüberschreitung der Anforderung.
3 * * * Zeitüberschreitung der Anforderung.
192.168.3.0 255.255.255.0 10.19.15.5 10.19.15.6 35
Code: Select all
IPv4-Routentabelle
===========================================================================
Aktive Routen:
Netzwerkziel Netzwerkmaske Gateway Schnittstelle Metrik
0.0.0.0 0.0.0.0 192.168.1.7 192.168.1.50 281
10.19.15.0 255.255.255.0 10.19.15.5 10.19.15.6 35
10.19.15.4 255.255.255.252 Auf Verbindung 10.19.15.6 291
10.19.15.6 255.255.255.255 Auf Verbindung 10.19.15.6 291
10.19.15.7 255.255.255.255 Auf Verbindung 10.19.15.6 291
127.0.0.0 255.0.0.0 Auf Verbindung 127.0.0.1 331
127.0.0.1 255.255.255.255 Auf Verbindung 127.0.0.1 331
127.255.255.255 255.255.255.255 Auf Verbindung 127.0.0.1 331
192.168.1.0 255.255.255.0 Auf Verbindung 192.168.1.50 281
192.168.1.50 255.255.255.255 Auf Verbindung 192.168.1.50 281
192.168.1.255 255.255.255.255 Auf Verbindung 192.168.1.50 281
192.168.3.0 255.255.255.0 10.19.15.5 10.19.15.6 35
224.0.0.0 240.0.0.0 Auf Verbindung 127.0.0.1 331
224.0.0.0 240.0.0.0 Auf Verbindung 10.19.15.6 291
224.0.0.0 240.0.0.0 Auf Verbindung 192.168.1.50 281
255.255.255.255 255.255.255.255 Auf Verbindung 127.0.0.1 331
255.255.255.255 255.255.255.255 Auf Verbindung 10.19.15.6 291
255.255.255.255 255.255.255.255 Auf Verbindung 192.168.1.50 281
===========================================================================
Ständige Routen:
Netzwerkadresse Netzmaske Gatewayadresse Metrik
0.0.0.0 0.0.0.0 192.168.1.7 Standard
===========================================================================
I am at a loss...
You?
Log of server:
Code: Select all
Wed Oct 02 11:57:42 2019 OpenVPN 2.4.7 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Apr 25 2019
Wed Oct 02 11:57:42 2019 Windows version 6.2 (Windows 8 or greater) 64bit
Wed Oct 02 11:57:42 2019 library versions: OpenSSL 1.1.0j 20 Nov 2018, LZO 2.10
Enter Management Password:
Wed Oct 02 11:57:42 2019 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Wed Oct 02 11:57:42 2019 Need hold release from management interface, waiting...
Wed Oct 02 11:57:43 2019 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Wed Oct 02 11:57:43 2019 MANAGEMENT: CMD 'state on'
Wed Oct 02 11:57:43 2019 MANAGEMENT: CMD 'log all on'
Wed Oct 02 11:57:43 2019 MANAGEMENT: CMD 'echo all on'
Wed Oct 02 11:57:43 2019 MANAGEMENT: CMD 'bytecount 5'
Wed Oct 02 11:57:43 2019 MANAGEMENT: CMD 'hold off'
Wed Oct 02 11:57:43 2019 MANAGEMENT: CMD 'hold release'
Wed Oct 02 11:57:43 2019 Diffie-Hellman initialized with 2048 bit key
Wed Oct 02 11:57:43 2019 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Oct 02 11:57:43 2019 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Oct 02 11:57:43 2019 interactive service msg_channel=0
Wed Oct 02 11:57:43 2019 ROUTE_GATEWAY 192.168.3.1/255.255.255.0 I=11 HWADDR=e4:e7:49:50:ed:5a
Wed Oct 02 11:57:43 2019 open_tun
Wed Oct 02 11:57:43 2019 TAP-WIN32 device [OpenVPN_tun] opened: \\.\Global\{81BFF696-82E9-47AC-B23F-8C02C74DC01F}.tap
Wed Oct 02 11:57:43 2019 TAP-Windows Driver Version 9.23
Wed Oct 02 11:57:43 2019 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.19.15.1/255.255.255.252 on interface {81BFF696-82E9-47AC-B23F-8C02C74DC01F} [DHCP-serv: 10.19.15.2, lease-time: 31536000]
Wed Oct 02 11:57:43 2019 Sleeping for 10 seconds...
Wed Oct 02 11:57:53 2019 Successful ARP Flush on interface [27] {81BFF696-82E9-47AC-B23F-8C02C74DC01F}
Wed Oct 02 11:57:53 2019 MANAGEMENT: >STATE:1570010273,ASSIGN_IP,,10.19.15.1,,,,
Wed Oct 02 11:57:53 2019 MANAGEMENT: >STATE:1570010273,ADD_ROUTES,,,,,,
Wed Oct 02 11:57:53 2019 C:\WINDOWS\system32\route.exe ADD 10.19.15.0 MASK 255.255.255.0 10.19.15.2
Wed Oct 02 11:57:53 2019 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=25 and dwForwardType=4
Wed Oct 02 11:57:53 2019 Route addition via IPAPI succeeded [adaptive]
Wed Oct 02 11:57:53 2019 Could not determine IPv4/IPv6 protocol. Using AF_INET
Wed Oct 02 11:57:53 2019 Socket Buffers: R=[65536->65536] S=[65536->65536]
Wed Oct 02 11:57:53 2019 UDPv4 link local (bound): [AF_INET]192.168.3.2:1194
Wed Oct 02 11:57:53 2019 UDPv4 link remote: [AF_UNSPEC]
Wed Oct 02 11:57:53 2019 MULTI: multi_init called, r=256 v=256
Wed Oct 02 11:57:53 2019 IFCONFIG POOL: base=10.19.15.4 size=62, ipv6=0
Wed Oct 02 11:57:53 2019 ifconfig_pool_read(), in='dd-wrt,10.19.15.4', TODO: IPv6
Wed Oct 02 11:57:53 2019 succeeded -> ifconfig_pool_set()
Wed Oct 02 11:57:53 2019 IFCONFIG POOL LIST
Wed Oct 02 11:57:53 2019 dd-wrt,10.19.15.4
Wed Oct 02 11:57:53 2019 Initialization Sequence Completed
Wed Oct 02 11:57:53 2019 MANAGEMENT: >STATE:1570010273,CONNECTED,SUCCESS,10.19.15.1,,,192.168.3.2,1194
Wed Oct 02 11:57:57 2019 192.168.3.1:62099 TLS: Initial packet from [AF_INET]192.168.3.1:62099, sid=5403e9c4 2feb3ba0
Wed Oct 02 11:57:57 2019 192.168.3.1:62099 VERIFY OK: depth=1
Wed Oct 02 11:57:57 2019 192.168.3.1:62099 VERIFY OK: depth=0
Wed Oct 02 11:57:57 2019 192.168.3.1:62099 peer info: IV_VER=2.4.7
Wed Oct 02 11:57:57 2019 192.168.3.1:62099 peer info: IV_PLAT=win
Wed Oct 02 11:57:57 2019 192.168.3.1:62099 peer info: IV_PROTO=2
Wed Oct 02 11:57:57 2019 192.168.3.1:62099 peer info: IV_NCP=2
Wed Oct 02 11:57:57 2019 192.168.3.1:62099 peer info: IV_LZ4=1
Wed Oct 02 11:57:57 2019 192.168.3.1:62099 peer info: IV_LZ4v2=1
Wed Oct 02 11:57:57 2019 192.168.3.1:62099 peer info: IV_LZO=1
Wed Oct 02 11:57:57 2019 192.168.3.1:62099 peer info: IV_COMP_STUB=1
Wed Oct 02 11:57:57 2019 192.168.3.1:62099 peer info: IV_COMP_STUBv2=1
Wed Oct 02 11:57:57 2019 192.168.3.1:62099 peer info: IV_TCPNL=1
Wed Oct 02 11:57:57 2019 192.168.3.1:62099 peer info: IV_GUI_VER=OpenVPN_GUI_11
Wed Oct 02 11:57:57 2019 192.168.3.1:62099 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 4096 bit RSA
Wed Oct 02 11:57:57 2019 192.168.3.1:62099 [dd-wrt] Peer Connection Initiated with [AF_INET]192.168.3.1:62099
Wed Oct 02 11:57:57 2019 dd-wrt/192.168.3.1:62099 MULTI_sva: pool returned IPv4=10.19.15.6, IPv6=(Not enabled)
Wed Oct 02 11:57:57 2019 dd-wrt/192.168.3.1:62099 MULTI: Learn: 10.19.15.6 -> dd-wrt/192.168.3.1:62099
Wed Oct 02 11:57:57 2019 dd-wrt/192.168.3.1:62099 MULTI: primary virtual IP for dd-wrt/192.168.3.1:62099: 10.19.15.6
Wed Oct 02 11:57:58 2019 dd-wrt/192.168.3.1:62099 PUSH: Received control message: 'PUSH_REQUEST'
Wed Oct 02 11:57:58 2019 dd-wrt/192.168.3.1:62099 SENT CONTROL [dd-wrt]: 'PUSH_REPLY,route 192.168.3.0 255.255.255.0,dhcp-option DNS 192.168.3.1,route 10.19.15.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 10.19.15.6 10.19.15.5,peer-id 0,cipher AES-256-GCM' (status=1)
Wed Oct 02 11:57:58 2019 dd-wrt/192.168.3.1:62099 Data Channel: using negotiated cipher 'AES-256-GCM'
Wed Oct 02 11:57:58 2019 dd-wrt/192.168.3.1:62099 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Wed Oct 02 11:57:58 2019 dd-wrt/192.168.3.1:62099 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Code: Select all
Wed Oct 02 11:57:44 2019 OpenVPN 2.4.7 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Feb 21 2019
Wed Oct 02 11:57:44 2019 Windows version 6.2 (Windows 8 or greater) 64bit
Wed Oct 02 11:57:44 2019 library versions: OpenSSL 1.1.0j 20 Nov 2018, LZO 2.10
Enter Management Password:
Wed Oct 02 11:57:44 2019 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Wed Oct 02 11:57:44 2019 Need hold release from management interface, waiting...
Wed Oct 02 11:57:45 2019 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Wed Oct 02 11:57:45 2019 MANAGEMENT: CMD 'state on'
Wed Oct 02 11:57:45 2019 MANAGEMENT: CMD 'log all on'
Wed Oct 02 11:57:45 2019 MANAGEMENT: CMD 'echo all on'
Wed Oct 02 11:57:45 2019 MANAGEMENT: CMD 'bytecount 5'
Wed Oct 02 11:57:45 2019 MANAGEMENT: CMD 'hold off'
Wed Oct 02 11:57:45 2019 MANAGEMENT: CMD 'hold release'
Wed Oct 02 11:57:45 2019 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Oct 02 11:57:45 2019 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Oct 02 11:57:45 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]192.168.3.2:1194
Wed Oct 02 11:57:45 2019 Socket Buffers: R=[131072->131072] S=[131072->131072]
Wed Oct 02 11:57:45 2019 UDP link local: (not bound)
Wed Oct 02 11:57:45 2019 UDP link remote: [AF_INET]192.168.3.2:1194
Wed Oct 02 11:57:45 2019 MANAGEMENT: >STATE:1570010265,WAIT,,,,,,
Wed Oct 02 11:57:51 2019 MANAGEMENT: >STATE:1570010271,AUTH,,,,,,
Wed Oct 02 11:57:51 2019 TLS: Initial packet from [AF_INET]192.168.3.2:1194, sid=7fc9e3b7 7b556410
Wed Oct 02 11:57:51 2019 VERIFY OK: depth=1
Wed Oct 02 11:57:51 2019 VERIFY KU OK
Wed Oct 02 11:57:51 2019 Validating certificate extended key usage
Wed Oct 02 11:57:51 2019 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Wed Oct 02 11:57:51 2019 VERIFY EKU OK
Wed Oct 02 11:57:51 2019 VERIFY OK: depth=0
Wed Oct 02 11:57:51 2019 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 4096 bit RSA
Wed Oct 02 11:57:51 2019 [vpn.sgs.local] Peer Connection Initiated with [AF_INET]192.168.3.2:1194
Wed Oct 02 11:57:52 2019 MANAGEMENT: >STATE:1570010272,GET_CONFIG,,,,,,
Wed Oct 02 11:57:52 2019 SENT CONTROL [vpn.sgs.local]: 'PUSH_REQUEST' (status=1)
Wed Oct 02 11:57:52 2019 PUSH: Received control message: 'PUSH_REPLY,route 192.168.3.0 255.255.255.0,dhcp-option DNS 192.168.3.1,route 10.19.15.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 10.19.15.6 10.19.15.5,peer-id 0,cipher AES-256-GCM'
Wed Oct 02 11:57:52 2019 OPTIONS IMPORT: timers and/or timeouts modified
Wed Oct 02 11:57:52 2019 OPTIONS IMPORT: --ifconfig/up options modified
Wed Oct 02 11:57:52 2019 OPTIONS IMPORT: route options modified
Wed Oct 02 11:57:52 2019 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Wed Oct 02 11:57:52 2019 OPTIONS IMPORT: peer-id set
Wed Oct 02 11:57:52 2019 OPTIONS IMPORT: adjusting link_mtu to 1624
Wed Oct 02 11:57:52 2019 OPTIONS IMPORT: data channel crypto options modified
Wed Oct 02 11:57:52 2019 Data Channel: using negotiated cipher 'AES-256-GCM'
Wed Oct 02 11:57:52 2019 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Wed Oct 02 11:57:52 2019 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Wed Oct 02 11:57:52 2019 interactive service msg_channel=0
Wed Oct 02 11:57:52 2019 ROUTE_GATEWAY 192.168.1.7/255.255.255.0 I=13 HWADDR=04:d4:c4:56:bd:3b
Wed Oct 02 11:57:52 2019 open_tun
Wed Oct 02 11:57:52 2019 TAP-WIN32 device [Ethernet 2] opened: \\.\Global\{A6504028-09BD-4010-B98B-E0FCA611404A}.tap
Wed Oct 02 11:57:52 2019 TAP-Windows Driver Version 9.21
Wed Oct 02 11:57:52 2019 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.19.15.6/255.255.255.252 on interface {A6504028-09BD-4010-B98B-E0FCA611404A} [DHCP-serv: 10.19.15.5, lease-time: 31536000]
Wed Oct 02 11:57:52 2019 Successful ARP Flush on interface [11] {A6504028-09BD-4010-B98B-E0FCA611404A}
Wed Oct 02 11:57:52 2019 MANAGEMENT: >STATE:1570010272,ASSIGN_IP,,10.19.15.6,,,,
Wed Oct 02 11:57:57 2019 TEST ROUTES: 2/2 succeeded len=2 ret=1 a=0 u/d=up
Wed Oct 02 11:57:57 2019 MANAGEMENT: >STATE:1570010277,ADD_ROUTES,,,,,,
Wed Oct 02 11:57:57 2019 C:\Windows\system32\route.exe ADD 192.168.3.0 MASK 255.255.255.0 10.19.15.5
Wed Oct 02 11:57:57 2019 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=35 and dwForwardType=4
Wed Oct 02 11:57:57 2019 Route addition via IPAPI succeeded [adaptive]
Wed Oct 02 11:57:57 2019 C:\Windows\system32\route.exe ADD 10.19.15.0 MASK 255.255.255.0 10.19.15.5
Wed Oct 02 11:57:57 2019 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=35 and dwForwardType=4
Wed Oct 02 11:57:57 2019 Route addition via IPAPI succeeded [adaptive]
Wed Oct 02 11:57:57 2019 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Wed Oct 02 11:57:57 2019 Initialization Sequence Completed
Wed Oct 02 11:57:57 2019 MANAGEMENT: >STATE:1570010277,CONNECTED,SUCCESS,10.19.15.6,192.168.3.2,1194,,