Double-Hop VPN-Raspberry Pi 3 B+/Half kinda works

Need help configuring your VPN? Just post here and you'll get that help.
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
Pen16
OpenVpn Newbie
Posts: 1
Joined: Mon Oct 07, 2019 7:41 am

Double-Hop VPN-Raspberry Pi 3 B+/Half kinda works

Post by Pen16 » Tue Oct 08, 2019 1:44 am

Hello wise nerds,

I have been working getting a double-hop VPN server working using this guide https://www.comparitech.com/blog/vpn-pr ... e_VPN_port. I have managed to get everything working for the most part. I cannot seem to get my second hop outgoing connection to work however and I could use your help.

I have gotten to the point of having my android ovpn configuration client connects to my incoming server. With the current settings though, no traffic makes it back to my android. Can't load any pages.

However if I change my outgoing server configuration file to read 'remote 185.229.59.46 4430' instead of what its supposed to be 'remote 185.229.59.46 443', then I can get a single hop connection from my android to my incoming server and can have traffic back and forth. This is just on my home IP however and I would like to get the second bounce through my paid for VPN service

I have also routed all traffic through the VPN like described here https://openvpn.net/community-resources ... /#redirect.

My router port forwarding is:
PiVPN(WardenClyffe) Reserved IP 192.168.136.207 with open port 4430 TCP
I have Google Fiber with their given router/network box.

I cant seem to figure out what is blocking the traffic though. It is very bizarre to me that I can get half of it working by changing my outgoing.conf port to 4430, but again this is only half of what I need.

On my android openvpn client I have set it to TCP VPN protocol and IP4-ONLY TUNNEL under IPv6 tunnel preferences but I have only used these because I cannot figure out what is really happening.

Can you guys help me see what I am doing wrong here? I would really appreciate it. I have been working on this for over a month now (I know!) and I would love to get this up and running.
Thank You all in advance!

Here are some troubleshooting logs:

ifconfig

Code: Select all

eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.136.207  netmask 255.255.255.0  broadcast 192.168.136.255
        inet6 fe80::2b2:32b:85e5:3d10  prefixlen 64  scopeid 0x20<link>
        inet6 2605:a601:773:9800:34d1:1da4:e31a:a8f1  prefixlen 64  scopeid 0x0<global>
        ether b8:27:eb:22:7e:66  txqueuelen 1000  (Ethernet)
        RX packets 566032  bytes 397233758 (378.8 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 522368  bytes 414627453 (395.4 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

tun-incoming: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1500
        inet 10.8.0.1  netmask 255.255.255.0  destination 10.8.0.1
        inet6 fe80::be5c:58c4:75fc:d7e  prefixlen 64  scopeid 0x20<link>
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 100  (UNSPEC)
        RX packets 26  bytes 3677 (3.5 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 22  bytes 9159 (8.9 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

tun-outgoing: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1500
        inet 10.7.3.2  netmask 255.255.255.0  destination 10.7.3.2
        inet6 fe80::4b5c:5a6a:ee8a:bfeb  prefixlen 64  scopeid 0x20<link>
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 100  (UNSPEC)
        RX packets 2  bytes 104 (104.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 10  bytes 1002 (1002.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

wlan0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        ether b8:27:eb:77:2b:33  txqueuelen 1000  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
route -n

Code: Select all

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.7.3.1        128.0.0.0       UG    0      0        0 tun-outgoing
0.0.0.0         192.168.136.1   0.0.0.0         UG    202    0        0 eth0
10.7.3.0        0.0.0.0         255.255.255.0   U     0      0        0 tun-outgoing
10.8.0.0        0.0.0.0         255.255.255.0   U     0      0        0 tun-incoming
128.0.0.0       10.7.3.1        128.0.0.0       UG    0      0        0 tun-outgoing
185.229.59.46   192.168.136.1   255.255.255.255 UGH   0      0        0 eth0
192.168.136.0   192.168.136.100 255.255.255.0   UG    0      0        0 eth0
192.168.136.0   0.0.0.0         255.255.255.0   U     202    0        0 eth0
/lib/dhcpcd/dhcpcd-hooks/40-routes

Code: Select all

ip rule add from 192.168.136.207 lookup 101
ip route add default via 192.168.136.1 table 101
server.conf (Seems to be working just fine)

Code: Select all

dev tun-incoming
dev-type tun
proto tcp
port 4430
ca /etc/openvpn/easy-rsa/pki/ca.crt
cert /etc/openvpn/easy-rsa/pki/issued/WardenClyffe_ab71822e-0853-453a-ba92-90f955a9fa57.crt
key /etc/openvpn/easy-rsa/pki/private/WardenClyffe_ab71822e-0853-453a-ba92-90f955a9fa57.key
dh none
topology subnet
server 10.8.0.0 255.255.255.0
# Set your primary domain name server address for clients
push "dhcp-option DNS 103.86.96.100"
push "dhcp-option DNS 103.86.99.100"
# Prevent DNS leaks on Windows
push "block-outside-dns"
# Override the Client default gateway by using 0.0.0.0/1 and
# 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of
# overriding but not wiping out the original default gateway.
push "redirect-gateway def1"
client-to-client
keepalive 1800 3600
remote-cert-tls client
tls-version-min 1.2
tls-crypt /etc/openvpn/easy-rsa/pki/ta.key
cipher AES-256-CBC
auth SHA256
user nobody
group nogroup
persist-key
persist-tun
crl-verify /etc/openvpn/crl.pem
status /var/log/openvpn-status.log 20
status-version 3
syslog
verb 3
#DuplicateCNs allow access control on a less-granular, per user basis.
#Remove # if you will manage access by user instead of device.
#duplicate-cn
# Generated for use by PiVPN.io

log-append /var/log/server.log
Sever.log (Seems to be working just fine)

Code: Select all

Mon Oct  7 20:00:21 2019 OpenVPN 2.4.7 arm-unknown-linux-gnueabihf [SSL (OpenSMon Oct  7 20:00:21 2019 OpenVPN 2.4.7$
Mon Oct  7 20:00:21 2019 library versions: OpenSSL 1.1.1d  10 Sep 2019, LZO 2.10
Mon Oct  7 20:00:21 2019 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Mon Oct  7 20:00:21 2019 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentic$
Mon Oct  7 20:00:21 2019 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Mon Oct  7 20:00:21 2019 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentic$
Mon Oct  7 20:00:21 2019 TUN/TAP device tun-incoming opened
Mon Oct  7 20:00:21 2019 TUN/TAP TX queue length set to 100
Mon Oct  7 20:00:21 2019 /sbin/ip link set dev tun-incoming up mtu 1500
Mon Oct  7 20:00:21 2019 /sbin/ip addr add dev tun-incoming 10.8.0.1/24 broadcast 10.8.0.255
Mon Oct  7 20:00:21 2019 Could not determine IPv4/IPv6 protocol. Using AF_INET
Mon Oct  7 20:00:21 2019 Socket Buffers: R=[87380->87380] S=[16384->16384]
Mon Oct  7 20:00:21 2019 Listening for incoming TCP connection on [AF_INET][undef]:4430
Mon Oct  7 20:00:21 2019 TCPv4_SERVER link local (bound): [AF_INET][undef]:4430
Mon Oct  7 20:00:21 2019 TCPv4_SERVER link remote: [AF_UNSPEC]
Mon Oct  7 20:00:21 2019 GID set to nogroup
Mon Oct  7 20:00:21 2019 UID set to nobody
Mon Oct  7 20:00:21 2019 MULTI: multi_init called, r=256 v=256
Mon Oct  7 20:00:21 2019 IFCONFIG POOL: base=10.8.0.2 size=252, ipv6=0
Mon Oct  7 20:00:21 2019 MULTI: TCP INIT maxclients=1024 maxevents=1028
Mon Oct  7 20:00:21 2019 Initialization Sequence Completed
Mon Oct  7 20:00:21 2019 TCP connection established with [AF_INET]192.168.136.1:39813
Mon Oct  7 20:00:21 2019 192.168.136.1:39813 TLS: Initial packet from [AF_INET]192.168.136.1:39813, sid=aa199d33 50e$
Mon Oct  7 20:00:21 2019 192.168.136.1:39813 VERIFY OK: depth=1, CN=ChangeMe
Mon Oct  7 20:00:21 2019 192.168.136.1:39813 VERIFY KU OK
Mon Oct  7 20:00:21 2019 192.168.136.1:39813 Validating certificate extended key usage
Mon Oct  7 20:00:21 2019 OpenVPN 2.4.7 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/$
Mon Oct  7 20:00:21 2019 library versions: OpenSSL 1.1.1d  10 Sep 2019, LZO 2.10
Mon Oct  7 20:00:21 2019 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Mon Oct  7 20:00:21 2019 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentic$
Mon Oct  7 20:00:21 2019 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Mon Oct  7 20:00:21 2019 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentic$
Mon Oct  7 20:00:21 2019 TUN/TAP device tun-incoming opened
Mon Oct  7 20:00:21 2019 TUN/TAP TX queue length set to 100
Mon Oct  7 20:00:21 2019 /sbin/ip link set dev tun-incoming up mtu 1500
Mon Oct  7 20:00:21 2019 /sbin/ip addr add dev tun-incoming 10.8.0.1/24 broadcast 10.8.0.255
Mon Oct  7 20:00:21 2019 Could not determine IPv4/IPv6 protocol. Using AF_INET
Mon Oct  7 20:00:21 2019 Socket Buffers: R=[87380->87380] S=[16384->16384]
Mon Oct  7 20:00:21 2019 Listening for incoming TCP connection on [AF_INET][undef]:4430
Mon Oct  7 20:00:21 2019 TCPv4_SERVER link local (bound): [AF_INET][undef]:4430
Mon Oct  7 20:00:21 2019 TCPv4_SERVER link remote: [AF_UNSPEC]
Mon Oct  7 20:00:21 2019 GID set to nogroup
Mon Oct  7 20:00:21 2019 UID set to nobody
Mon Oct  7 20:00:21 2019 MULTI: multi_init called, r=256 v=256
Mon Oct  7 20:00:21 2019 IFCONFIG POOL: base=10.8.0.2 size=252, ipv6=0
Mon Oct  7 20:00:21 2019 MULTI: TCP INIT maxclients=1024 maxevents=1028
Mon Oct  7 20:00:21 2019 Initialization Sequence Completed
Mon Oct  7 20:00:21 2019 TCP connection established with [AF_INET]192.168.136.1:39813
Mon Oct  7 20:00:21 2019 192.168.136.1:39813 TLS: Initial packet from [AF_INET]192.168.136.1:39813, sid=aa199d33 50e$
Mon Oct  7 20:00:21 2019 192.168.136.1:39813 VERIFY OK: depth=1, CN=ChangeMe
Mon Oct  7 20:00:21 2019 192.168.136.1:39813 VERIFY KU OK
Mon Oct  7 20:00:21 2019 192.168.136.1:39813 Validating certificate extended key usage
Mon Oct  7 20:00:21 2019 192.168.136.1:39813 ++ Certificate has EKU (str) TLS Web Client Authentication, expects TLS Web Client Authentication
Mon Oct  7 20:00:21 2019 192.168.136.1:39813 VERIFY EKU OK
Mon Oct  7 20:00:21 2019 192.168.136.1:39813 VERIFY OK: depth=0, CN=Field-Cell
Mon Oct  7 20:00:21 2019 192.168.136.1:39813 peer info: IV_GUI_VER=OC30Android
Mon Oct  7 20:00:21 2019 192.168.136.1:39813 peer info: IV_VER=3.git::728733ae:Release
Mon Oct  7 20:00:21 2019 192.168.136.1:39813 peer info: IV_PLAT=android
Mon Oct  7 20:00:21 2019 192.168.136.1:39813 peer info: IV_NCP=2
Mon Oct  7 20:00:21 2019 192.168.136.1:39813 peer info: IV_TCPNL=1
Mon Oct  7 20:00:21 2019 192.168.136.1:39813 peer info: IV_PROTO=2
Mon Oct  7 20:00:21 2019 192.168.136.1:39813 peer info: IV_AUTO_SESS=1
Mon Oct  7 20:00:21 2019 192.168.136.1:39813 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384, 384 bit EC, curve: secp384r1
Mon Oct  7 20:00:21 2019 192.168.136.1:39813 [Field-Cell] Peer Connection Initiated with [AF_INET]192.168.136.1:39813
Mon Oct  7 20:00:21 2019 Field-Cell/192.168.136.1:39813 MULTI_sva: pool returned IPv4=10.8.0.2, IPv6=(Not enabled)
Mon Oct  7 20:00:21 2019 Field-Cell/192.168.136.1:39813 MULTI: Learn: 10.8.0.2 -> Field-Cell/192.168.136.1:39813
Mon Oct  7 20:00:21 2019 Field-Cell/192.168.136.1:39813 MULTI: primary virtual IP for Field-Cell/192.168.136.1:39813: 10.8.0.2
Mon Oct  7 20:00:21 2019 Field-Cell/192.168.136.1:39813 PUSH: Received control message: 'PUSH_REQUEST'
Mon Oct  7 20:00:21 2019 Field-Cell/192.168.136.1:39813 SENT CONTROL [Field-Cell]: 'PUSH_REPLY,dhcp-option DNS 103.86.96.100,dhcp-option DNS 103.86.99.100,block-outside-dns,redirect-gateway def1,route-gateway 10.8.0.1,topology subnet,pi$
Mon Oct  7 20:00:21 2019 Field-Cell/192.168.136.1:39813 Data Channel: using negotiated cipher 'AES-256-GCM'
Mon Oct  7 20:00:21 2019 Field-Cell/192.168.136.1:39813 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Mon Oct  7 20:00:21 2019 Field-Cell/192.168.136.1:39813 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Mon Oct  7 20:06:11 2019 Field-Cell/192.168.136.1:39813 Connection reset, restarting [0]
Mon Oct  7 20:06:11 2019 Field-Cell/192.168.136.1:39813 SIGUSR1[soft,connection-reset] received, client-instance restarting
Mon Oct  7 20:06:13 2019 TCP connection established with [AF_INET]192.168.136.1:39819
Mon Oct  7 20:06:13 2019 192.168.136.1:39819 TLS: Initial packet from [AF_INET]192.168.136.1:39819, sid=e055b8d1 1dcced03
Mon Oct  7 20:06:13 2019 192.168.136.1:39819 VERIFY OK: depth=1, CN=ChangeMe
Mon Oct  7 20:06:13 2019 192.168.136.1:39819 VERIFY KU OK
Mon Oct  7 20:06:13 2019 192.168.136.1:39819 Validating certificate extended key usage
Mon Oct  7 20:06:13 2019 192.168.136.1:39819 ++ Certificate has EKU (str) TLS Web Client Authentication, expects TLS Web Client Authentication
Mon Oct  7 20:06:13 2019 192.168.136.1:39819 VERIFY EKU OK
Mon Oct  7 20:06:13 2019 192.168.136.1:39819 VERIFY OK: depth=0, CN=Field-Cell
Mon Oct  7 20:06:13 2019 192.168.136.1:39819 peer info: IV_GUI_VER=OC30Android
Mon Oct  7 20:06:13 2019 192.168.136.1:39819 peer info: IV_VER=3.git::728733ae:Release
Mon Oct  7 20:06:13 2019 192.168.136.1:39819 peer info: IV_PLAT=android
Mon Oct  7 20:06:13 2019 192.168.136.1:39819 peer info: IV_NCP=2
Mon Oct  7 20:06:13 2019 192.168.136.1:39819 peer info: IV_TCPNL=1
Mon Oct  7 20:06:13 2019 192.168.136.1:39819 peer info: IV_PROTO=2
Mon Oct  7 20:06:13 2019 192.168.136.1:39819 peer info: IV_AUTO_SESS=1
Mon Oct  7 20:06:13 2019 192.168.136.1:39819 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384, 384 bit EC, curve: secp384r1
Mon Oct  7 20:06:13 2019 192.168.136.1:39819 [Field-Cell] Peer Connection Initiated with [AF_INET]192.168.136.1:39819
Mon Oct  7 20:06:13 2019 Field-Cell/192.168.136.1:39819 MULTI_sva: pool returned IPv4=10.8.0.2, IPv6=(Not enabled)
Mon Oct  7 20:06:13 2019 Field-Cell/192.168.136.1:39819 MULTI: Learn: 10.8.0.2 -> Field-Cell/192.168.136.1:39819
Mon Oct  7 20:06:13 2019 Field-Cell/192.168.136.1:39819 MULTI: primary virtual IP for Field-Cell/192.168.136.1:39819: 10.8.0.2
Mon Oct  7 20:06:13 2019 Field-Cell/192.168.136.1:39819 PUSH: Received control message: 'PUSH_REQUEST'
Mon Oct  7 20:06:13 2019 Field-Cell/192.168.136.1:39819 SENT CONTROL [Field-Cell]: 'PUSH_REPLY,dhcp-option DNS 103.86.96.100,dhcp-option DNS 103.86.99.100,block-outside-dns,redirect-gateway def1,route-gateway 10.8.0.1,topology subnet,pi$
Mon Oct  7 20:06:13 2019 Field-Cell/192.168.136.1:39819 Data Channel: using negotiated cipher 'AES-256-GCM'
Mon Oct  7 20:06:13 2019 Field-Cell/192.168.136.1:39819 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Mon Oct  7 20:06:13 2019 Field-Cell/192.168.136.1:39819 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Outgoing.conf

Code: Select all

client
dev tun-outgoing
dev-type tun
proto tcp
remote 185.229.59.46 443
resolv-retry infinite
remote-random
nobind
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun
ping 15
ping-restart 0
ping-timer-rem
reneg-sec 0
comp-lzo no

remote-cert-tls server

#mute 10000
auth-user-pass /etc/openvpn/NordVPN.auth
verb 3
pull
fast-io
cipher AES-256-CBC
auth SHA512

<ca>
-----BEGIN CERTIFICATE-----
MIIFCjCCAvKgAwIBAgIBATANBgkqhkiG9w0BAQ0FADA5MQswCQYDVQQGEwJQQTEQ
MA4GA1UEChMHTm9yZFZQTjEYMBYGA1UEAxMPTm9yZFZQTiBSb290IENBMB4XDTE2
MDEwMTAwMDAwMFoXDTM1MTIzMTIzNTk1OVowOTELMAkGA1UEBhMCUEExEDAOBgNV
BAoTB05vcmRWUE4xGDAWBgNVBAMTD05vcmRWUE4gUm9vdCBDQTCCAiIwDQYJKoZI
hvcNAQEBBQADggIPADCCAgoCggIBAMkr/BYhyo0F2upsIMXwC6QvkZps3NN2/eQF
kfQIS1gql0aejsKsEnmY0Kaon8uZCTXPsRH1gQNgg5D2gixdd1mJUvV3dE3y9FJr
XMoDkXdCGBodvKJyU6lcfEVF6/UxHcbBguZK9UtRHS9eJYm3rpL/5huQMCppX7kU
eQ8dpCwd3iKITqwd1ZudDqsWaU0vqzC2H55IyaZ/5/TnCk31Q1UP6BksbbuRcwOV
skEDsm6YoWDnn/IIzGOYnFJRzQH5jTz3j1QBvRIuQuBuvUkfhx1FEwhwZigrcxXu
MP+QgM54kezgziJUaZcOM2zF3lvrwMvXDMfNeIoJABv9ljw969xQ8czQCU5lMVmA
37ltv5Ec9U5hZuwk/9QO1Z+d/r6Jx0mlurS8gnCAKJgwa3kyZw6e4FZ8mYL4vpRR
hPdvRTWCMJkeB4yBHyhxUmTRgJHm6YR3D6hcFAc9cQcTEl/I60tMdz33G6m0O42s
Qt/+AR3YCY/RusWVBJB/qNS94EtNtj8iaebCQW1jHAhvGmFILVR9lzD0EzWKHkvy
WEjmUVRgCDd6Ne3eFRNS73gdv/C3l5boYySeu4exkEYVxVRn8DhCxs0MnkMHWFK6
MyzXCCn+JnWFDYPfDKHvpff/kLDobtPBf+Lbch5wQy9quY27xaj0XwLyjOltpiST
LWae/Q4vAgMBAAGjHTAbMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMA0GCSqG
SIb3DQEBDQUAA4ICAQC9fUL2sZPxIN2mD32VeNySTgZlCEdVmlq471o/bDMP4B8g
nQesFRtXY2ZCjs50Jm73B2LViL9qlREmI6vE5IC8IsRBJSV4ce1WYxyXro5rmVg/
k6a10rlsbK/eg//GHoJxDdXDOokLUSnxt7gk3QKpX6eCdh67p0PuWm/7WUJQxH2S
DxsT9vB/iZriTIEe/ILoOQF0Aqp7AgNCcLcLAmbxXQkXYCCSB35Vp06u+eTWjG0/
pyS5V14stGtw+fA0DJp5ZJV4eqJ5LqxMlYvEZ/qKTEdoCeaXv2QEmN6dVqjDoTAo
k0t5u4YRXzEVCfXAC3ocplNdtCA72wjFJcSbfif4BSC8bDACTXtnPC7nD0VndZLp
+RiNLeiENhk0oTC+UVdSc+n2nJOzkCK0vYu0Ads4JGIB7g8IB3z2t9ICmsWrgnhd
NdcOe15BincrGA8avQ1cWXsfIKEjbrnEuEk9b5jel6NfHtPKoHc9mDpRdNPISeVa
wDBM1mJChneHt59Nh8Gah74+TM1jBsw4fhJPvoc7Atcg740JErb904mZfkIEmojC
VPhBHVQ9LHBAdM8qFI2kRK0IynOmAZhexlP/aT/kpEsEPyaZQlnBn3An1CRz8h0S
PApL8PytggYKeQmRhl499+6jLxcZ2IegLfqq41dzIjwHwTMplg+1pKIOVojpWA==
-----END CERTIFICATE-----
</ca>
key-direction 1
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
e685bdaf659a25a200e2b9e39e51ff03
0fc72cf1ce07232bd8b2be5e6c670143
f51e937e670eee09d4f2ea5a6e4e6996
5db852c275351b86fc4ca892d78ae002
d6f70d029bd79c4d1c26cf14e9588033
cf639f8a74809f29f72b9d58f9b8f5fe
fc7938eade40e9fed6cb92184abb2cc1
0eb1a296df243b251df0643d53724cdb
5a92a1d6cb817804c4a9319b57d53be5
80815bcfcb2df55018cc83fc43bc7ff8
2d51f9b88364776ee9d12fc85cc7ea5b
9741c4f598c485316db066d52db4540e
212e1518a9bd4828219e24b20d88f598
a196c9de96012090e333519ae18d3509
9427e7b372d348d352dc4c85e18cd4b9
3f8a56ddb2e64eb67adfc9b337157ff4
-----END OpenVPN Static key V1-----
</tls-auth>

route 192.168.136.0 255.255.255.0 192.168.136.100
Outgoing.log

Code: Select all

Mon Oct  7 20:00:21 2019 WARNING: file '/etc/openvpn/NordVPN.auth' is group or others accessible
Mon Oct  7 20:00:21 2019 OpenVPN 2.4.7 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/$
Mon Oct  7 20:00:21 2019 library versions: OpenSSL 1.1.1d  10 Sep 2019, LZO 2.10
Mon Oct  7 20:00:21 2019 WARNING: --ping should normally be used with --ping-restart or --ping-exit
Mon Oct  7 20:00:21 2019 NOTE: --fast-io is disabled since we are not using UDP
Mon Oct  7 20:00:21 2019 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authe$
Mon Oct  7 20:00:21 2019 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authe$
Mon Oct  7 20:00:21 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]185.229.59.46:443
Mon Oct  7 20:00:21 2019 Socket Buffers: R=[87380->87380] S=[16384->16384]
Mon Oct  7 20:00:21 2019 Attempting to establish TCP connection with [AF_INET]185.229.59.46:443 [nonblock]
Mon Oct  7 20:00:22 2019 TCP connection established with [AF_INET]185.229.59.46:443
Mon Oct  7 20:00:22 2019 TCP_CLIENT link local: (not bound)
Mon Oct  7 20:00:22 2019 TCP_CLIENT link remote: [AF_INET]185.229.59.46:443
Mon Oct  7 20:00:22 2019 TLS: Initial packet from [AF_INET]185.229.59.46:443, sid=1079b8fe 847b7c97
Mon Oct  7 20:00:22 2019 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to$
Mon Oct  7 20:00:22 2019 VERIFY OK: depth=2, C=PA, O=NordVPN, CN=NordVPN Root CA
Mon Oct  7 20:00:22 2019 VERIFY OK: depth=1, C=PA, O=NordVPN, CN=NordVPN CA3
Mon Oct  7 20:00:22 2019 VERIFY KU OK
Mon Oct  7 20:00:22 2019 Validating certificate extended key usage
Mon Oct  7 20:00:22 2019 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authenti$
Mon Oct  7 20:00:22 2019 VERIFY EKU OK
Mon Oct  7 20:00:22 2019 VERIFY OK: depth=0, CN=us3781.nordvpn.com
Mon Oct  7 20:00:22 2019 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 4096 bit RSA
Mon Oct  7 20:00:22 2019 [us3781.nordvpn.com] Peer Connection Initiated with [AF_INET]185.229.59.46:443
Mon Oct  7 20:00:23 2019 SENT CONTROL [us3781.nordvpn.com]: 'PUSH_REQUEST' (status=1)
Mon Oct  7 20:00:23 2019 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 103.86.96$
Mon Oct  7 20:00:23 2019 OPTIONS IMPORT: timers and/or timeouts modified
Mon Oct  7 20:00:23 2019 OPTIONS IMPORT: --explicit-exit-notify can only be used with --proto udp
Mon Oct  7 20:00:23 2019 OPTIONS IMPORT: compression parms modified
Mon Oct  7 20:00:23 2019 OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
Mon Oct  7 20:00:23 2019 Socket Buffers: R=[341760->327680] S=[44800->327680]
Mon Oct  7 20:00:23 2019 OPTIONS IMPORT: --ifconfig/up options modified
Mon Oct  7 20:00:23 2019 OPTIONS IMPORT: route options modified
Mon Oct  7 20:00:23 2019 OPTIONS IMPORT: route-related options modified
Mon Oct  7 20:00:23 2019 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Mon Oct  7 20:00:23 2019 OPTIONS IMPORT: peer-id set
Mon Oct  7 20:00:23 2019 OPTIONS IMPORT: adjusting link_mtu to 1659
Mon Oct  7 20:00:23 2019 OPTIONS IMPORT: data channel crypto options modified
Mon Oct  7 20:00:23 2019 Data Channel: using negotiated cipher 'AES-256-GCM'
Mon Oct  7 20:00:23 2019 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Mon Oct  7 20:00:23 2019 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Mon Oct  7 20:00:23 2019 ROUTE_GATEWAY 192.168.136.1/255.255.255.0 IFACE=eth0 HWADDR=b8:27:eb:22:7e:66
Mon Oct  7 20:00:23 2019 TUN/TAP device tun-outgoing opened
Mon Oct  7 20:00:23 2019 TUN/TAP TX queue length set to 100
Mon Oct  7 20:00:23 2019 /sbin/ip link set dev tun-outgoing up mtu 1500
Mon Oct  7 20:00:23 2019 /sbin/ip addr add dev tun-outgoing 10.7.3.2/24 broadcast 10.7.3.255
Mon Oct  7 20:00:23 2019 /sbin/ip route add 185.229.59.46/32 via 192.168.136.1
Mon Oct  7 20:00:23 2019 /sbin/ip route add 0.0.0.0/1 via 10.7.3.1
Mon Oct  7 20:00:23 2019 /sbin/ip route add 128.0.0.0/1 via 10.7.3.1
Mon Oct  7 20:00:23 2019 /sbin/ip route add 192.168.136.0/24 via 192.168.136.100
Mon Oct  7 20:00:23 2019 Initialization Sequence Completed
openvpn-status.log

Code: Select all

TITLE   OpenVPN 2.4.7 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] b$
TIME    Mon Oct  7 20:13:54 2019        1570497234
HEADER  CLIENT_LIST     Common Name     Real Address    Virtual Address Virtual IPv6 Address    Bytes Received  Byte$
CLIENT_LIST     Field-Cell      192.168.136.1:39819     10.8.0.2                26219   2615    Mon Oct  7 20:06:13 $
HEADER  ROUTING_TABLE   Virtual Address Common Name     Real Address    Last Ref        Last Ref (time_t)
ROUTING_TABLE   10.8.0.2        Field-Cell      192.168.136.1:39819     Mon Oct  7 20:12:57 2019        1570497177
GLOBAL_STATS    Max bcast/mcast queue length    1
END
Android OpenVPN log File

Code: Select all

20:22:37.492 -- EVENT: CORE_THREAD_INACTIVE trans=TO_DISCONNECTED

20:22:37.492 -- Tunnel bytes per CPU second: 0

20:22:37.493 -- ----- OpenVPN Stop -----

20:22:40.296 -- ----- OpenVPN Start -----

20:22:40.296 -- EVENT: CORE_THREAD_ACTIVE trans=TO_DISCONNECTED

20:22:40.298 -- OpenVPN core 3.git::728733ae:Release android arm64 64-bit PT_PROXY built on Aug 14 2019 14:13:26

20:22:40.305 -- Frame=512/2048/512 mssfix-ctrl=1250

20:22:40.313 -- UNUSED OPTIONS
4 [resolv-retry] [infinite]
5 [nobind]
6 [persist-key]
7 [persist-tun]
10 [verify-x509-name] [WardenClyffe_ab71822e-0853-453a-ba92-90f955a9fa57] [name]
13 [auth-nocache]
14 [verb] [3]

20:22:40.314 -- EVENT: RESOLVE trans=TO_DISCONNECTED

20:22:40.315 -- Contacting 99.198.174.134:4430 via TCPv4

20:22:40.316 -- EVENT: WAIT trans=TO_DISCONNECTED

20:22:40.402 -- Connecting to [99.198.174.134]:4430 (99.198.174.134) via TCPv4

20:22:40.410 -- EVENT: CONNECTING trans=TO_DISCONNECTED

20:22:40.414 -- Tunnel Options:V4,dev-type tun,link-mtu 1571,tun-mtu 1500,proto TCPv4_CLIENT,cipher AES-256-CBC,auth SHA256,keysize 256,key-method 2,tls-client

20:22:40.414 -- Creds: UsernameEmpty/PasswordEmpty

20:22:40.415 -- Peer Info:
IV_GUI_VER=OC30Android
IV_VER=3.git::728733ae:Release
IV_PLAT=android
IV_NCP=2
IV_TCPNL=1
IV_PROTO=2
IV_AUTO_SESS=1


20:22:40.552 -- VERIFY OK : depth=1
cert. version     : 3
serial number     : 0F:0E:38:ED:CC:DA:F4:87:B8:94:F9:5E:3B:5A:BB:CB:BB:B1:EF:9D
issuer name       : CN=ChangeMe
subject name      : CN=ChangeMe
issued  on        : 2019-09-20 10:59:02
expires on        : 2029-09-17 10:59:02
signed using      : ECDSA with SHA256
EC key size       : 384 bits
basic constraints : CA=true
key usage         : Key Cert Sign, CRL Sign


20:22:40.555 -- VERIFY OK : depth=0
cert. version     : 3
serial number     : F8:24:59:F9:57:E0:56:4B:A0:72:EE:C9:9F:D6:64:2A
issuer name       : CN=ChangeMe
subject name      : CN=WardenClyffe_ab71822e-0853-453a-ba92-90f955a9fa57
issued  on        : 2019-09-20 10:59:03
expires on        : 2029-09-17 10:59:03
signed using      : ECDSA with SHA256
EC key size       : 384 bits
basic constraints : CA=false
subject alt name  : WardenClyffe_ab71822e-0853-453a-ba92-90f955a9fa57
key usage         : Digital Signature, Key Encipherment
ext key usage     : TLS Web Server Authentication


20:22:40.660 -- SSL Handshake: TLSv1.2/TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384

20:22:40.660 -- Session is ACTIVE

20:22:40.661 -- EVENT: GET_CONFIG trans=TO_DISCONNECTED

20:22:40.663 -- Sending PUSH_REQUEST to server...

20:22:40.708 -- OPTIONS:
0 [dhcp-option] [DNS] [103.86.96.100]
1 [dhcp-option] [DNS] [103.86.99.100]
2 [block-outside-dns]
3 [redirect-gateway] [def1]
4 [route-gateway] [10.8.0.1]
5 [topology] [subnet]
6 [ping] [1800]
7 [ping-restart] [3600]
8 [ifconfig] [10.8.0.2] [255.255.255.0]
9 [peer-id] [0]
10 [cipher] [AES-256-GCM]


20:22:40.709 -- PROTOCOL OPTIONS:
  cipher: AES-256-GCM
  digest: SHA256
  compress: NONE
  peer ID: 0

20:22:40.710 -- EVENT: ASSIGN_IP trans=TO_DISCONNECTED

20:22:40.732 -- Connected via tun

20:22:40.733 -- EVENT: CONNECTED info='99.198.174.134:4430 (99.198.174.134) via /TCPv4 on tun/10.8.0.2/ gw=[10.8.0.1/]'
I apologize for the massive amount to info. :)

Post Reply