Connected to openVPN, but no Internet access (VPS server, Win10 client)

Stefab · Post by **Stefab** » Wed Oct 14, 2020 11:53 pm

Hey, I've been using openVPN with a server running on a VPS (TurnKey Linux 14.1 - OpenVPN (64-bit)) which I access from my client desktop running Windows 10 for over a year without problems.

Today, I formatted my laptop and reinstalled the OS. After reinstalling, I reloaded the exact same openVPN profile into the openVPN client ( version: 3.2.1 (1180)) and tried to connect. I can successfully connect to the VPN server, however I don't have Internet access after connecting.

Since I was able to use the VPN without this isse (and the exact same server/profile settings) before resetting my desktop, I suspect that there is an issue between Windows and the openVPN server. I also faintly remember, that when I set everything up a while back, that there was an issue with routing in windows, but of course I never documented what I did to solve this issue back then, and am now stuck with the same problem but no solution

(at least I know, there must be a solution, since it worked before!)

I'm far from being an expert in all of this, so I feel that I might miss something very obvious and simple to someone who understands 100% what's supposed to be going on. I'd be really really grateful for any tips or solutions you might have to offer.

Thanks,
Stefan
-----------------
Config Files
----------------

Here's the server config

Server Config

# PUBLIC_ADDRESS: X.X.XX.XXX (used by openvpn-addclient)

port 1194
proto udp
dev tun

comp-lzo
keepalive 10 120

persist-key
persist-tun
user nobody
group nogroup
cipher AES-128-CBC

chroot /etc/openvpn/easy-rsa/keys/crl.jail
crl-verify crl.pem

ca /etc/openvpn/easy-rsa/keys/ca.crt
dh /etc/openvpn/easy-rsa/keys/dh2048.pem
tls-auth /etc/openvpn/easy-rsa/keys/ta.key 0
key /etc/openvpn/easy-rsa/keys/server.key
cert /etc/openvpn/easy-rsa/keys/server.crt

ifconfig-pool-persist /var/lib/openvpn/server.ipp
client-config-dir /etc/openvpn/server.ccd
;status /var/log/openvpn/server.log
verb 4

# virtual subnet unique for openvpn to draw client addresses from
# the server will be configured with x.x.x.1
# important: must not be used on your network
server 10.8.0.0 255.255.255.0

# push routes to clients to allow them to reach private subnets
push "route 10.8.0.6 255.255.255.255"
push "route 10.8.0.5 255.255.255.255"
push "route 192.168.0.191 255.255.255.255"

push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
push "dhcp-option DNS 10.8.0.1"

log /dev/null
status /dev/null

The Client Config

client

remote XXXX 1194
proto udp
ns-cert-type server

client
dev tun
resolv-retry infinite
keepalive 10 120
nobind
comp-lzo
verb 3

;user nobody
;group nogroup

Server Log:

Code: Select all

Thu Oct 15 00:04:08 2020 us=811899 Current Parameter Settings:
Thu Oct 15 00:04:08 2020 us=811981   config = '/etc/openvpn/server.conf'
Thu Oct 15 00:04:08 2020 us=811987   mode = 1
Thu Oct 15 00:04:08 2020 us=811992   persist_config = DISABLED
Thu Oct 15 00:04:08 2020 us=811996   persist_mode = 1
Thu Oct 15 00:04:08 2020 us=812000   show_ciphers = DISABLED
Thu Oct 15 00:04:08 2020 us=812004   show_digests = DISABLED
Thu Oct 15 00:04:08 2020 us=812008   show_engines = DISABLED
Thu Oct 15 00:04:08 2020 us=812012   genkey = DISABLED
Thu Oct 15 00:04:08 2020 us=812016   key_pass_file = '[UNDEF]'
Thu Oct 15 00:04:08 2020 us=812020   show_tls_ciphers = DISABLED
Thu Oct 15 00:04:08 2020 us=812024 Connection profiles [default]:
Thu Oct 15 00:04:08 2020 us=812054   proto = udp
Thu Oct 15 00:04:08 2020 us=812059   local = '[UNDEF]'
Thu Oct 15 00:04:08 2020 us=812063   local_port = 1194
Thu Oct 15 00:04:08 2020 us=812067   remote = '[UNDEF]'
Thu Oct 15 00:04:08 2020 us=812072   remote_port = 1194
Thu Oct 15 00:04:08 2020 us=812076   remote_float = DISABLED
Thu Oct 15 00:04:08 2020 us=812079   bind_defined = DISABLED
Thu Oct 15 00:04:08 2020 us=812084   bind_local = ENABLED
Thu Oct 15 00:04:08 2020 us=812088   connect_retry_seconds = 5
Thu Oct 15 00:04:08 2020 us=812092   connect_timeout = 10
Thu Oct 15 00:04:08 2020 us=812096   connect_retry_max = 0
Thu Oct 15 00:04:08 2020 us=812100   socks_proxy_server = '[UNDEF]'
Thu Oct 15 00:04:08 2020 us=812104   socks_proxy_port = 0
Thu Oct 15 00:04:08 2020 us=812108   socks_proxy_retry = DISABLED
Thu Oct 15 00:04:08 2020 us=812112   tun_mtu = 1500
Thu Oct 15 00:04:08 2020 us=812116   tun_mtu_defined = ENABLED
Thu Oct 15 00:04:08 2020 us=812120   link_mtu = 1500
Thu Oct 15 00:04:08 2020 us=812124   link_mtu_defined = DISABLED
Thu Oct 15 00:04:08 2020 us=812128   tun_mtu_extra = 0
Thu Oct 15 00:04:08 2020 us=812132   tun_mtu_extra_defined = DISABLED
Thu Oct 15 00:04:08 2020 us=812136   mtu_discover_type = -1
Thu Oct 15 00:04:08 2020 us=812140   fragment = 0
Thu Oct 15 00:04:08 2020 us=812144   mssfix = 1450
Thu Oct 15 00:04:08 2020 us=812148   explicit_exit_notification = 0
Thu Oct 15 00:04:08 2020 us=812152 Connection profiles END
Thu Oct 15 00:04:08 2020 us=812156   remote_random = DISABLED
Thu Oct 15 00:04:08 2020 us=812160   ipchange = '[UNDEF]'
Thu Oct 15 00:04:08 2020 us=812164   dev = 'tun'
Thu Oct 15 00:04:08 2020 us=812168   dev_type = '[UNDEF]'
Thu Oct 15 00:04:08 2020 us=812172   dev_node = '[UNDEF]'
Thu Oct 15 00:04:08 2020 us=812176   lladdr = '[UNDEF]'
Thu Oct 15 00:04:08 2020 us=812180   topology = 1
Thu Oct 15 00:04:08 2020 us=812184   tun_ipv6 = DISABLED
Thu Oct 15 00:04:08 2020 us=812188   ifconfig_local = '10.8.0.1'
Thu Oct 15 00:04:08 2020 us=812193   ifconfig_remote_netmask = '10.8.0.2'
Thu Oct 15 00:04:08 2020 us=812198   ifconfig_noexec = DISABLED
Thu Oct 15 00:04:08 2020 us=812202   ifconfig_nowarn = DISABLED
Thu Oct 15 00:04:08 2020 us=812205   ifconfig_ipv6_local = '[UNDEF]'
Thu Oct 15 00:04:08 2020 us=812209   ifconfig_ipv6_netbits = 0
Thu Oct 15 00:04:08 2020 us=812213   ifconfig_ipv6_remote = '[UNDEF]'
Thu Oct 15 00:04:08 2020 us=812218   shaper = 0
Thu Oct 15 00:04:08 2020 us=812222   mtu_test = 0
Thu Oct 15 00:04:08 2020 us=812226   mlock = DISABLED
Thu Oct 15 00:04:08 2020 us=812230   keepalive_ping = 10
Thu Oct 15 00:04:08 2020 us=812234   keepalive_timeout = 120
Thu Oct 15 00:04:08 2020 us=812238   inactivity_timeout = 0
Thu Oct 15 00:04:08 2020 us=812242   ping_send_timeout = 10
Thu Oct 15 00:04:08 2020 us=812246   ping_rec_timeout = 240
Thu Oct 15 00:04:08 2020 us=812250   ping_rec_timeout_action = 2
Thu Oct 15 00:04:08 2020 us=812255   ping_timer_remote = DISABLED
Thu Oct 15 00:04:08 2020 us=812260   remap_sigusr1 = 0
Thu Oct 15 00:04:08 2020 us=812264   persist_tun = ENABLED
Thu Oct 15 00:04:08 2020 us=812268   persist_local_ip = DISABLED
Thu Oct 15 00:04:08 2020 us=812272   persist_remote_ip = DISABLED
Thu Oct 15 00:04:08 2020 us=812276   persist_key = ENABLED
Thu Oct 15 00:04:08 2020 us=812294   passtos = DISABLED
Thu Oct 15 00:04:08 2020 us=812305   resolve_retry_seconds = 1000000000
Thu Oct 15 00:04:08 2020 us=812318   username = 'nobody'
Thu Oct 15 00:04:08 2020 us=812325   groupname = 'nogroup'
Thu Oct 15 00:04:08 2020 us=812331   chroot_dir = '/etc/openvpn/easy-rsa/keys/crl.jail'
Thu Oct 15 00:04:08 2020 us=812337   cd_dir = '/etc/openvpn'
Thu Oct 15 00:04:08 2020 us=812344   writepid = '[UNDEF]'
Thu Oct 15 00:04:08 2020 us=812350   up_script = '[UNDEF]'
Thu Oct 15 00:04:08 2020 us=812360   down_script = '[UNDEF]'
Thu Oct 15 00:04:08 2020 us=812364   down_pre = DISABLED
Thu Oct 15 00:04:08 2020 us=812368   up_restart = DISABLED
Thu Oct 15 00:04:08 2020 us=812372   up_delay = DISABLED
Thu Oct 15 00:04:08 2020 us=812376   daemon = ENABLED
Thu Oct 15 00:04:08 2020 us=812380   inetd = 0
Thu Oct 15 00:04:08 2020 us=812384   log = ENABLED
Thu Oct 15 00:04:08 2020 us=812388   suppress_timestamps = DISABLED
Thu Oct 15 00:04:08 2020 us=812392   nice = 0
Thu Oct 15 00:04:08 2020 us=812396   verbosity = 4
Thu Oct 15 00:04:08 2020 us=812402   mute = 0
Thu Oct 15 00:04:08 2020 us=812406   gremlin = 0
Thu Oct 15 00:04:08 2020 us=812411   status_file = '/etc/openvpn/status.log'
Thu Oct 15 00:04:08 2020 us=812415   status_file_version = 1
Thu Oct 15 00:04:08 2020 us=812419   status_file_update_freq = 10
Thu Oct 15 00:04:08 2020 us=812423   occ = ENABLED
Thu Oct 15 00:04:08 2020 us=812427   rcvbuf = 65536
Thu Oct 15 00:04:08 2020 us=812431   sndbuf = 65536
Thu Oct 15 00:04:08 2020 us=812435   mark = 0
Thu Oct 15 00:04:08 2020 us=812439   sockflags = 0
Thu Oct 15 00:04:08 2020 us=812443   fast_io = DISABLED
Thu Oct 15 00:04:08 2020 us=812447   lzo = 7
Thu Oct 15 00:04:08 2020 us=812451   route_script = '[UNDEF]'
Thu Oct 15 00:04:08 2020 us=812457   route_default_gateway = '[UNDEF]'
Thu Oct 15 00:04:08 2020 us=812461   route_default_metric = 0
Thu Oct 15 00:04:08 2020 us=812466   route_noexec = DISABLED
Thu Oct 15 00:04:08 2020 us=812470   route_delay = 0
Thu Oct 15 00:04:08 2020 us=812474   route_delay_window = 30
Thu Oct 15 00:04:08 2020 us=812478   route_delay_defined = DISABLED
Thu Oct 15 00:04:08 2020 us=812482   route_nopull = DISABLED
Thu Oct 15 00:04:08 2020 us=812486   route_gateway_via_dhcp = DISABLED
Thu Oct 15 00:04:08 2020 us=812490   max_routes = 100
Thu Oct 15 00:04:08 2020 us=812504   allow_pull_fqdn = DISABLED
Thu Oct 15 00:04:08 2020 us=812510   route 10.8.0.0/255.255.255.0/nil/nil
Thu Oct 15 00:04:08 2020 us=812514   management_addr = '[UNDEF]'
Thu Oct 15 00:04:08 2020 us=812519   management_port = 0
Thu Oct 15 00:04:08 2020 us=812523   management_user_pass = '[UNDEF]'
Thu Oct 15 00:04:08 2020 us=812527   management_log_history_cache = 250
Thu Oct 15 00:04:08 2020 us=812533   management_echo_buffer_size = 100
Thu Oct 15 00:04:08 2020 us=812537   management_write_peer_info_file = '[UNDEF]'
Thu Oct 15 00:04:08 2020 us=812541   management_client_user = '[UNDEF]'
Thu Oct 15 00:04:08 2020 us=812545   management_client_group = '[UNDEF]'
Thu Oct 15 00:04:08 2020 us=812549   management_flags = 0
Thu Oct 15 00:04:08 2020 us=812554   shared_secret_file = '[UNDEF]'
Thu Oct 15 00:04:08 2020 us=812559   key_direction = 1
Thu Oct 15 00:04:08 2020 us=812563   ciphername_defined = ENABLED
Thu Oct 15 00:04:08 2020 us=812567   ciphername = 'AES-128-CBC'
Thu Oct 15 00:04:08 2020 us=812571   authname_defined = ENABLED
Thu Oct 15 00:04:08 2020 us=812575   authname = 'SHA1'
Thu Oct 15 00:04:08 2020 us=812579   prng_hash = 'SHA1'
Thu Oct 15 00:04:08 2020 us=812584   prng_nonce_secret_len = 16
Thu Oct 15 00:04:08 2020 us=812588   keysize = 0
Thu Oct 15 00:04:08 2020 us=812592   engine = DISABLED
Thu Oct 15 00:04:08 2020 us=812622   replay = ENABLED
Thu Oct 15 00:04:08 2020 us=812627   mute_replay_warnings = DISABLED
Thu Oct 15 00:04:08 2020 us=812631   replay_window = 64
Thu Oct 15 00:04:08 2020 us=812637   replay_time = 15
Thu Oct 15 00:04:08 2020 us=812641   packet_id_file = '[UNDEF]'
Thu Oct 15 00:04:08 2020 us=812645   use_iv = ENABLED
Thu Oct 15 00:04:08 2020 us=812649   test_crypto = DISABLED
Thu Oct 15 00:04:08 2020 us=812653   tls_server = ENABLED
Thu Oct 15 00:04:08 2020 us=812657   tls_client = DISABLED
Thu Oct 15 00:04:08 2020 us=812665   key_method = 2
Thu Oct 15 00:04:08 2020 us=812669   ca_file = '/etc/openvpn/easy-rsa/keys/ca.crt'
Thu Oct 15 00:04:08 2020 us=812673   ca_path = '[UNDEF]'
Thu Oct 15 00:04:08 2020 us=812677   dh_file = '/etc/openvpn/easy-rsa/keys/dh2048.pem'
Thu Oct 15 00:04:08 2020 us=812681   cert_file = '/etc/openvpn/easy-rsa/keys/server.crt'
Thu Oct 15 00:04:08 2020 us=812686   priv_key_file = '/etc/openvpn/easy-rsa/keys/server.key'
Thu Oct 15 00:04:08 2020 us=812690   pkcs12_file = '[UNDEF]'
Thu Oct 15 00:04:08 2020 us=812695   cipher_list = '[UNDEF]'
Thu Oct 15 00:04:08 2020 us=812699   tls_verify = '[UNDEF]'
Thu Oct 15 00:04:08 2020 us=812703   tls_export_cert = '[UNDEF]'
Thu Oct 15 00:04:08 2020 us=812707   verify_x509_type = 0
Thu Oct 15 00:04:08 2020 us=812711   verify_x509_name = '[UNDEF]'
Thu Oct 15 00:04:08 2020 us=812715   crl_file = 'crl.pem'
Thu Oct 15 00:04:08 2020 us=812719   ns_cert_type = 0
Thu Oct 15 00:04:08 2020 us=812723   remote_cert_ku[i] = 0
Thu Oct 15 00:04:08 2020 us=812727   remote_cert_ku[i] = 0
Thu Oct 15 00:04:08 2020 us=812731   remote_cert_ku[i] = 0
Thu Oct 15 00:04:08 2020 us=812735   remote_cert_ku[i] = 0
Thu Oct 15 00:04:08 2020 us=812739   remote_cert_ku[i] = 0
Thu Oct 15 00:04:08 2020 us=812743   remote_cert_ku[i] = 0
Thu Oct 15 00:04:08 2020 us=812749   remote_cert_ku[i] = 0
Thu Oct 15 00:04:08 2020 us=812756   remote_cert_ku[i] = 0
Thu Oct 15 00:04:08 2020 us=812761   remote_cert_ku[i] = 0
Thu Oct 15 00:04:08 2020 us=812765   remote_cert_ku[i] = 0
Thu Oct 15 00:04:08 2020 us=812769   remote_cert_ku[i] = 0
Thu Oct 15 00:04:08 2020 us=812773   remote_cert_ku[i] = 0
Thu Oct 15 00:04:08 2020 us=812777   remote_cert_ku[i] = 0
Thu Oct 15 00:04:08 2020 us=812781   remote_cert_ku[i] = 0
Thu Oct 15 00:04:08 2020 us=812784   remote_cert_ku[i] = 0
Thu Oct 15 00:04:08 2020 us=812788   remote_cert_ku[i] = 0
Thu Oct 15 00:04:08 2020 us=812792   remote_cert_eku = '[UNDEF]'
Thu Oct 15 00:04:08 2020 us=812796   ssl_flags = 0
Thu Oct 15 00:04:08 2020 us=812800   tls_timeout = 2
Thu Oct 15 00:04:08 2020 us=812804   renegotiate_bytes = 0
Thu Oct 15 00:04:08 2020 us=812808   renegotiate_packets = 0
Thu Oct 15 00:04:08 2020 us=812812   renegotiate_seconds = 3600
Thu Oct 15 00:04:08 2020 us=812816   handshake_window = 60
Thu Oct 15 00:04:08 2020 us=812820   transition_window = 3600
Thu Oct 15 00:04:08 2020 us=812824   single_session = DISABLED
Thu Oct 15 00:04:08 2020 us=812829   push_peer_info = DISABLED
Thu Oct 15 00:04:08 2020 us=812833   tls_exit = DISABLED
Thu Oct 15 00:04:08 2020 us=812837   tls_auth_file = '/etc/openvpn/easy-rsa/keys/ta.key'
Thu Oct 15 00:04:08 2020 us=812841   pkcs11_protected_authentication = DISABLED
Thu Oct 15 00:04:08 2020 us=812845   pkcs11_protected_authentication = DISABLED
Thu Oct 15 00:04:08 2020 us=812849   pkcs11_protected_authentication = DISABLED
Thu Oct 15 00:04:08 2020 us=812853   pkcs11_protected_authentication = DISABLED
Thu Oct 15 00:04:08 2020 us=812857   pkcs11_protected_authentication = DISABLED
Thu Oct 15 00:04:08 2020 us=812861   pkcs11_protected_authentication = DISABLED
Thu Oct 15 00:04:08 2020 us=812865   pkcs11_protected_authentication = DISABLED
Thu Oct 15 00:04:08 2020 us=812869   pkcs11_protected_authentication = DISABLED
Thu Oct 15 00:04:08 2020 us=812873   pkcs11_protected_authentication = DISABLED
Thu Oct 15 00:04:08 2020 us=812877   pkcs11_protected_authentication = DISABLED
Thu Oct 15 00:04:08 2020 us=812881   pkcs11_protected_authentication = DISABLED
Thu Oct 15 00:04:08 2020 us=812885   pkcs11_protected_authentication = DISABLED
Thu Oct 15 00:04:08 2020 us=812889   pkcs11_protected_authentication = DISABLED
Thu Oct 15 00:04:08 2020 us=812893   pkcs11_protected_authentication = DISABLED
Thu Oct 15 00:04:08 2020 us=812897   pkcs11_protected_authentication = DISABLED
Thu Oct 15 00:04:08 2020 us=812900   pkcs11_protected_authentication = DISABLED
Thu Oct 15 00:04:08 2020 us=812905   pkcs11_private_mode = 00000000
Thu Oct 15 00:04:08 2020 us=812909   pkcs11_private_mode = 00000000
Thu Oct 15 00:04:08 2020 us=812913   pkcs11_private_mode = 00000000
Thu Oct 15 00:04:08 2020 us=812919   pkcs11_private_mode = 00000000
Thu Oct 15 00:04:08 2020 us=812923   pkcs11_private_mode = 00000000
Thu Oct 15 00:04:08 2020 us=812927   pkcs11_private_mode = 00000000
Thu Oct 15 00:04:08 2020 us=812931   pkcs11_private_mode = 00000000
Thu Oct 15 00:04:08 2020 us=812935   pkcs11_private_mode = 00000000
Thu Oct 15 00:04:08 2020 us=812939   pkcs11_private_mode = 00000000
Thu Oct 15 00:04:08 2020 us=812943   pkcs11_private_mode = 00000000
Thu Oct 15 00:04:08 2020 us=812947   pkcs11_private_mode = 00000000
Thu Oct 15 00:04:08 2020 us=812951   pkcs11_private_mode = 00000000
Thu Oct 15 00:04:08 2020 us=812955   pkcs11_private_mode = 00000000
Thu Oct 15 00:04:08 2020 us=812959   pkcs11_private_mode = 00000000
Thu Oct 15 00:04:08 2020 us=812963   pkcs11_private_mode = 00000000
Thu Oct 15 00:04:08 2020 us=812967   pkcs11_private_mode = 00000000
Thu Oct 15 00:04:08 2020 us=812971   pkcs11_cert_private = DISABLED
Thu Oct 15 00:04:08 2020 us=812975   pkcs11_cert_private = DISABLED
Thu Oct 15 00:04:08 2020 us=812979   pkcs11_cert_private = DISABLED
Thu Oct 15 00:04:08 2020 us=812983   pkcs11_cert_private = DISABLED
Thu Oct 15 00:04:08 2020 us=812987   pkcs11_cert_private = DISABLED
Thu Oct 15 00:04:08 2020 us=812991   pkcs11_cert_private = DISABLED
Thu Oct 15 00:04:08 2020 us=812994   pkcs11_cert_private = DISABLED
Thu Oct 15 00:04:08 2020 us=812998   pkcs11_cert_private = DISABLED
Thu Oct 15 00:04:08 2020 us=813002   pkcs11_cert_private = DISABLED
Thu Oct 15 00:04:08 2020 us=813006   pkcs11_cert_private = DISABLED
Thu Oct 15 00:04:08 2020 us=813010   pkcs11_cert_private = DISABLED
Thu Oct 15 00:04:08 2020 us=813014   pkcs11_cert_private = DISABLED
Thu Oct 15 00:04:08 2020 us=813018   pkcs11_cert_private = DISABLED
Thu Oct 15 00:04:08 2020 us=813022   pkcs11_cert_private = DISABLED
Thu Oct 15 00:04:08 2020 us=813026   pkcs11_cert_private = DISABLED
Thu Oct 15 00:04:08 2020 us=813030   pkcs11_cert_private = DISABLED
Thu Oct 15 00:04:08 2020 us=813034   pkcs11_pin_cache_period = -1
Thu Oct 15 00:04:08 2020 us=813038   pkcs11_id = '[UNDEF]'
Thu Oct 15 00:04:08 2020 us=813042   pkcs11_id_management = DISABLED
Thu Oct 15 00:04:08 2020 us=813047   server_network = 10.8.0.0
Thu Oct 15 00:04:08 2020 us=813051   server_netmask = 255.255.255.0
Thu Oct 15 00:04:08 2020 us=813057   server_network_ipv6 = ::
Thu Oct 15 00:04:08 2020 us=813062   server_netbits_ipv6 = 0
Thu Oct 15 00:04:08 2020 us=813066   server_bridge_ip = 0.0.0.0
Thu Oct 15 00:04:08 2020 us=813070   server_bridge_netmask = 0.0.0.0
Thu Oct 15 00:04:08 2020 us=813075   server_bridge_pool_start = 0.0.0.0
Thu Oct 15 00:04:08 2020 us=813079   server_bridge_pool_end = 0.0.0.0
Thu Oct 15 00:04:08 2020 us=813083   push_entry = 'route 10.8.0.6 255.255.255.255'
Thu Oct 15 00:04:08 2020 us=813088   push_entry = 'route 10.8.0.5 255.255.255.255'
Thu Oct 15 00:04:08 2020 us=813092   push_entry = 'route 192.168.0.191 255.255.255.255'
Thu Oct 15 00:04:08 2020 us=813097   push_entry = 'redirect-gateway def1'
Thu Oct 15 00:04:08 2020 us=813101   push_entry = 'dhcp-option DNS 8.8.8.8'
Thu Oct 15 00:04:08 2020 us=813106   push_entry = 'dhcp-option DNS 8.8.4.4'
Thu Oct 15 00:04:08 2020 us=813110   push_entry = 'dhcp-option DNS 10.8.0.1'
Thu Oct 15 00:04:08 2020 us=813114   push_entry = 'route 10.8.0.1'
Thu Oct 15 00:04:08 2020 us=813118   push_entry = 'topology net30'
Thu Oct 15 00:04:08 2020 us=813122   push_entry = 'ping 10'
Thu Oct 15 00:04:08 2020 us=813126   push_entry = 'ping-restart 120'
Thu Oct 15 00:04:08 2020 us=813130   ifconfig_pool_defined = ENABLED
Thu Oct 15 00:04:08 2020 us=813135   ifconfig_pool_start = 10.8.0.4
Thu Oct 15 00:04:08 2020 us=813139   ifconfig_pool_end = 10.8.0.251
Thu Oct 15 00:04:08 2020 us=813143   ifconfig_pool_netmask = 0.0.0.0
Thu Oct 15 00:04:08 2020 us=813148   ifconfig_pool_persist_filename = '/var/lib/openvpn/server.ipp'
Thu Oct 15 00:04:08 2020 us=813152   ifconfig_pool_persist_refresh_freq = 600
Thu Oct 15 00:04:08 2020 us=813156   ifconfig_ipv6_pool_defined = DISABLED
Thu Oct 15 00:04:08 2020 us=813160   ifconfig_ipv6_pool_base = ::
Thu Oct 15 00:04:08 2020 us=813166   ifconfig_ipv6_pool_netbits = 0
Thu Oct 15 00:04:08 2020 us=813171   n_bcast_buf = 256
Thu Oct 15 00:04:08 2020 us=813175   tcp_queue_limit = 64
Thu Oct 15 00:04:08 2020 us=813179   real_hash_size = 256
Thu Oct 15 00:04:08 2020 us=813183   virtual_hash_size = 256
Thu Oct 15 00:04:08 2020 us=813187   client_connect_script = '[UNDEF]'
Thu Oct 15 00:04:08 2020 us=813191   learn_address_script = '[UNDEF]'
Thu Oct 15 00:04:08 2020 us=813195   client_disconnect_script = '[UNDEF]'
Thu Oct 15 00:04:08 2020 us=813199   client_config_dir = '/etc/openvpn/server.ccd'
Thu Oct 15 00:04:08 2020 us=813204   ccd_exclusive = DISABLED
Thu Oct 15 00:04:08 2020 us=813208   tmp_dir = '/tmp'
Thu Oct 15 00:04:08 2020 us=813212   push_ifconfig_defined = DISABLED
Thu Oct 15 00:04:08 2020 us=813218   push_ifconfig_local = 0.0.0.0
Thu Oct 15 00:04:08 2020 us=813225   push_ifconfig_remote_netmask = 0.0.0.0
Thu Oct 15 00:04:08 2020 us=813230   push_ifconfig_ipv6_defined = DISABLED
Thu Oct 15 00:04:08 2020 us=813235   push_ifconfig_ipv6_local = ::/0
Thu Oct 15 00:04:08 2020 us=813239   push_ifconfig_ipv6_remote = ::
Thu Oct 15 00:04:08 2020 us=813243   enable_c2c = DISABLED
Thu Oct 15 00:04:08 2020 us=813247   duplicate_cn = DISABLED
Thu Oct 15 00:04:08 2020 us=813251   cf_max = 0
Thu Oct 15 00:04:08 2020 us=813255   cf_per = 0
Thu Oct 15 00:04:08 2020 us=813260   max_clients = 1024
Thu Oct 15 00:04:08 2020 us=813264   max_routes_per_client = 256
Thu Oct 15 00:04:08 2020 us=813268   auth_user_pass_verify_script = '[UNDEF]'
Thu Oct 15 00:04:08 2020 us=813272   auth_user_pass_verify_script_via_file = DISABLED
Thu Oct 15 00:04:08 2020 us=813276   port_share_host = '[UNDEF]'
Thu Oct 15 00:04:08 2020 us=813280   port_share_port = 0
Thu Oct 15 00:04:08 2020 us=813284   client = DISABLED
Thu Oct 15 00:04:08 2020 us=813288   pull = DISABLED
Thu Oct 15 00:04:08 2020 us=813293   auth_user_pass_file = '[UNDEF]'
Thu Oct 15 00:04:08 2020 us=813298 OpenVPN 2.3.4 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jun 26 2017
Thu Oct 15 00:04:08 2020 us=813305 library versions: OpenSSL 1.0.1t  3 May 2016, LZO 2.08
Thu Oct 15 00:04:08 2020 us=814533 Diffie-Hellman initialized with 2048 bit key
Thu Oct 15 00:04:08 2020 us=814886 Control Channel Authentication: using '/etc/openvpn/easy-rsa/keys/ta.key' as a OpenVPN static key file
Thu Oct 15 00:04:08 2020 us=814900 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Oct 15 00:04:08 2020 us=814906 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Oct 15 00:04:08 2020 us=814918 TLS-Auth MTU parms [ L:1558 D:166 EF:66 EB:0 ET:0 EL:0 ]
Thu Oct 15 00:04:08 2020 us=814931 Socket Buffers: R=[133120->131072] S=[133120->131072]
Thu Oct 15 00:04:08 2020 us=814987 ROUTE_GATEWAY ON_LINK IFACE=venet0 HWADDR=00:00:00:00:00:00
Thu Oct 15 00:04:08 2020 us=815405 TUN/TAP device tun0 opened
Thu Oct 15 00:04:08 2020 us=815418 TUN/TAP TX queue length set to 100
Thu Oct 15 00:04:08 2020 us=815427 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Thu Oct 15 00:04:08 2020 us=815440 /sbin/ip link set dev tun0 up mtu 1500
Thu Oct 15 00:04:08 2020 us=821301 /sbin/ip addr add dev tun0 local 10.8.0.1 peer 10.8.0.2
Thu Oct 15 00:04:08 2020 us=823280 /sbin/ip route add 10.8.0.0/24 via 10.8.0.2
Thu Oct 15 00:04:08 2020 us=828313 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ]
Thu Oct 15 00:04:08 2020 us=831009 chroot to '/etc/openvpn/easy-rsa/keys/crl.jail' and cd to '/' succeeded
Thu Oct 15 00:04:08 2020 us=831052 GID set to nogroup
Thu Oct 15 00:04:08 2020 us=831062 UID set to nobody
Thu Oct 15 00:04:08 2020 us=831077 UDPv4 link local (bound): [undef]
Thu Oct 15 00:04:08 2020 us=831083 UDPv4 link remote: [undef]
Thu Oct 15 00:04:08 2020 us=831092 MULTI: multi_init called, r=256 v=256
Thu Oct 15 00:04:08 2020 us=831166 IFCONFIG POOL: base=10.8.0.4 size=62, ipv6=0
Thu Oct 15 00:04:08 2020 us=831180 ifconfig_pool_read(), in='satori,10.8.0.4', TODO: IPv6
Thu Oct 15 00:04:08 2020 us=831202 succeeded -> ifconfig_pool_set()
Thu Oct 15 00:04:08 2020 us=831208 IFCONFIG POOL LIST
Thu Oct 15 00:04:08 2020 us=831214 satori,10.8.0.4
Thu Oct 15 00:04:08 2020 us=831239 Initialization Sequence Completed
Thu Oct 15 00:04:11 2020 us=442523 MULTI: multi_create_instance called
Thu Oct 15 00:04:11 2020 us=442558 XX.XX.XX.XX:36977 Re-using SSL/TLS context
Thu Oct 15 00:04:11 2020 us=442585 XX.XX.XX.XX:36977 LZO compression initialized
Thu Oct 15 00:04:11 2020 us=442718 XX.XX.XX.XX:36977 Control Channel MTU parms [ L:1558 D:166 EF:66 EB:0 ET:0 EL:0 ]
Thu Oct 15 00:04:11 2020 us=442729 XX.XX.XX.XX:36977 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ]
Thu Oct 15 00:04:11 2020 us=442761 XX.XX.XX.XX:36977 Local Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-128-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server'
Thu Oct 15 00:04:11 2020 us=442770 XX.XX.XX.XX:36977 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-128-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client'
Thu Oct 15 00:04:11 2020 us=442797 XX.XX.XX.XX:36977 Local Options hash (VER=V4): 'a2e63101'
Thu Oct 15 00:04:11 2020 us=442808 XX.XX.XX.XX:36977 Expected Remote Options hash (VER=V4): '272f1b58'
Thu Oct 15 00:04:11 2020 us=442839 XX.XX.XX.XX:36977 TLS: Initial packet from [AF_INET]XX.XX.XX.XX:36977, sid=7814d93f e667b814
Thu Oct 15 00:04:11 2020 us=840215 XX.XX.XX.XX:36977 CRL CHECK OK: C=US, ST=CA, L=San Francisco, O=TurnKey Linux, OU=OpenVPN, CN=server, name=openvpn, emailAddress=stefanvonulan@gmail.com
Thu Oct 15 00:04:11 2020 us=840249 XX.XX.XX.XX:36977 VERIFY OK: depth=1, C=US, ST=CA, L=San Francisco, O=TurnKey Linux, OU=OpenVPN, CN=server, name=openvpn, emailAddress=stefanvonulan@gmail.com
Thu Oct 15 00:04:11 2020 us=840389 XX.XX.XX.XX:36977 CRL CHECK OK: C=US, ST=CA, L=San Francisco, O=TurnKey Linux, OU=OpenVPN, CN=satori, name=openvpn, emailAddress=satorisnooks@goaproductions.org
Thu Oct 15 00:04:11 2020 us=840423 XX.XX.XX.XX:36977 VERIFY OK: depth=0, C=US, ST=CA, L=San Francisco, O=TurnKey Linux, OU=OpenVPN, CN=satori, name=openvpn, emailAddress=satorisnooks@goaproductions.org
Thu Oct 15 00:04:11 2020 us=872659 XX.XX.XX.XX:36977 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1558', remote='link-mtu 1542'
Thu Oct 15 00:04:11 2020 us=872682 XX.XX.XX.XX:36977 WARNING: 'cipher' is used inconsistently, local='cipher AES-128-CBC', remote='cipher BF-CBC'
Thu Oct 15 00:04:11 2020 us=872774 XX.XX.XX.XX:36977 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Thu Oct 15 00:04:11 2020 us=872784 XX.XX.XX.XX:36977 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Oct 15 00:04:11 2020 us=872790 XX.XX.XX.XX:36977 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Thu Oct 15 00:04:11 2020 us=872795 XX.XX.XX.XX:36977 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Oct 15 00:04:11 2020 us=908694 XX.XX.XX.XX:36977 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Thu Oct 15 00:04:11 2020 us=908733 XX.XX.XX.XX:36977 [satori] Peer Connection Initiated with [AF_INET]XX.XX.XX.XX:36977
Thu Oct 15 00:04:11 2020 us=908778 satori/XX.XX.XX.XX:36977 MULTI_sva: pool returned IPv4=10.8.0.6, IPv6=(Not enabled)
Thu Oct 15 00:04:11 2020 us=908812 satori/XX.XX.XX.XX:36977 MULTI: Learn: 10.8.0.6 -> satori/XX.XX.XX.XX:36977
Thu Oct 15 00:04:11 2020 us=908821 satori/XX.XX.XX.XX:36977 MULTI: primary virtual IP for satori/XX.XX.XX.XX:36977: 10.8.0.6
Thu Oct 15 00:04:11 2020 us=908851 satori/XX.XX.XX.XX:36977 PUSH: Received control message: 'PUSH_REQUEST'
Thu Oct 15 00:04:11 2020 us=908861 satori/XX.XX.XX.XX:36977 send_push_reply(): safe_cap=940
Thu Oct 15 00:04:11 2020 us=908881 satori/XX.XX.XX.XX:36977 SENT CONTROL [satori]: 'PUSH_REPLY,route 10.8.0.6 255.255.255.255,route 10.8.0.5 255.255.255.255,route 192.168.0.191 255.255.255.255,redirect-gateway def1,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,dhcp-option DNS 10.8.0.1,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5' (status=1)
Thu Oct 15 00:04:16 2020 us=170461 satori/XX.XX.XX.XX:36977 Authenticate/Decrypt packet error: cipher final failed
Thu Oct 15 00:04:16 2020 us=174828 satori/XX.XX.XX.XX:36977 Authenticate/Decrypt packet error: cipher final failed
Thu Oct 15 00:04:16 2020 us=174863 satori/XX.XX.XX.XX:36977 Authenticate/Decrypt packet error: cipher final failed
Thu Oct 15 00:04:16 2020 us=174874 satori/XX.XX.XX.XX:36977 Authenticate/Decrypt packet error: cipher final failed
Thu Oct 15 00:04:16 2020 us=240690 satori/XX.XX.XX.XX:36977 Authenticate/Decrypt packet error: cipher final failed
Thu Oct 15 00:04:16 2020 us=240717 satori/XX.XX.XX.XX:36977 Authenticate/Decrypt packet error: cipher final failed
Thu Oct 15 00:04:16 2020 us=240730 satori/XX.XX.XX.XX:36977 Authenticate/Decrypt packet error: cipher final failed
Thu Oct 15 00:04:16 2020 us=661004 satori/XX.XX.XX.XX:36977 Authenticate/Decrypt packet error: cipher final failed
Thu Oct 15 00:04:16 2020 us=682536 satori/XX.XX.XX.XX:36977 Authenticate/Decrypt packet error: cipher final failed
Thu Oct 15 00:04:16 2020 us=688539 satori/XX.XX.XX.XX:36977 Authenticate/Decrypt packet error: cipher final failed
Thu Oct 15 00:04:16 2020 us=988793 satori/XX.XX.XX.XX:36977 Authenticate/Decrypt packet error: cipher final failed
Thu Oct 15 00:04:16 2020 us=994559 satori/XX.XX.XX.XX:36977 Authenticate/Decrypt packet error: cipher final failed
Thu Oct 15 00:04:16 2020 us=994602 satori/XX.XX.XX.XX:36977 Authenticate/Decrypt packet error: cipher final failed
Thu Oct 15 00:04:17 2020 us=276750 satori/XX.XX.XX.XX:36977 Authenticate/Decrypt packet error: cipher final failed
Thu Oct 15 00:04:17 2020 us=686504 satori/XX.XX.XX.XX:36977 Authenticate/Decrypt packet error: cipher final failed
Thu Oct 15 00:04:17 2020 us=690481 satori/XX.XX.XX.XX:36977 Authenticate/Decrypt packet error: cipher final failed
Thu Oct 15 00:04:17 2020 us=708525 satori/XX.XX.XX.XX:36977 Authenticate/Decrypt packet error: cipher final failed
Thu Oct 15 00:04:17 2020 us=748970 satori/XX.XX.XX.XX:36977 Authenticate/Decrypt packet error: cipher final failed
Thu Oct 15 00:04:17 2020 us=754821 satori/XX.XX.XX.XX:36977 Authenticate/Decrypt packet error: cipher final failed
Thu Oct 15 00:04:17 2020 us=754855 satori/XX.XX.XX.XX:36977 Authenticate/Decrypt packet error: cipher final failed
Thu Oct 15 00:04:17 2020 us=822900 satori/XX.XX.XX.XX:36977 Authenticate/Decrypt packet error: cipher final failed
Thu Oct 15 00:04:18 2020 us=174564 satori/XX.XX.XX.XX:36977 Authenticate/Decrypt packet error: cipher final failed
Thu Oct 15 00:04:18 2020 us=288558 satori/XX.XX.XX.XX:36977 Authenticate/Decrypt packet error: cipher final failed
Thu Oct 15 00:04:18 2020 us=499011 satori/XX.XX.XX.XX:36977 Authenticate/Decrypt packet error: cipher final failed
Thu Oct 15 00:04:18 2020 us=499044 satori/XX.XX.XX.XX:36977 Authenticate/Decrypt packet error: cipher final failed
Thu Oct 15 00:04:18 2020 us=499055 satori/XX.XX.XX.XX:36977 Authenticate/Decrypt packet error: cipher final failed
Thu Oct 15 00:04:18 2020 us=716640 satori/XX.XX.XX.XX:36977 Authenticate/Decrypt packet error: cipher final failed
Thu Oct 15 00:04:18 2020 us=825129 satori/XX.XX.XX.XX:36977 Authenticate/Decrypt packet error: cipher final failed
Thu Oct 15 00:04:19 2020 us=184488 satori/XX.XX.XX.XX:36977 Authenticate/Decrypt packet error: cipher final failed
Thu Oct 15 00:04:19 2020 us=306489 satori/XX.XX.XX.XX:36977 Authenticate/Decrypt packet error: cipher final failed
Thu Oct 15 00:04:19 2020 us=722573 satori/XX.XX.XX.XX:36977 Authenticate/Decrypt packet error: cipher final failed
Thu Oct 15 00:04:19 2020 us=832543 satori/XX.XX.XX.XX:36977 Authenticate/Decrypt packet error: cipher final failed
Thu Oct 15 00:04:20 2020 us=198503 satori/XX.XX.XX.XX:36977 Authenticate/Decrypt packet error: cipher final failed
Thu Oct 15 00:04:20 2020 us=718588 satori/XX.XX.XX.XX:36977 Authenticate/Decrypt packet error: cipher final failed
Thu Oct 15 00:04:20 2020 us=718620 satori/XX.XX.XX.XX:36977 Authenticate/Decrypt packet error: cipher final failed
Thu Oct 15 00:04:20 2020 us=722580 satori/XX.XX.XX.XX:36977 Authenticate/Decrypt packet error: cipher final failed
Thu Oct 15 00:04:21 2020 us=308591 satori/XX.XX.XX.XX:36977 Authenticate/Decrypt packet error: cipher final failed
Thu Oct 15 00:04:21 2020 us=314578 satori/XX.XX.XX.XX:36977 Authenticate/Decrypt packet error: cipher final failed
Thu Oct 15 00:04:21 2020 us=314602 satori/XX.XX.XX.XX:36977 Authenticate/Decrypt packet error: cipher final failed
Thu Oct 15 00:04:21 2020 us=728605 satori/XX.XX.XX.XX:36977 Authenticate/Decrypt packet error: cipher final failed
Thu Oct 15 00:04:21 2020 us=728635 satori/XX.XX.XX.XX:36977 Authenticate/Decrypt packet error: cipher final failed
Thu Oct 15 00:04:21 2020 us=841232 satori/XX.XX.XX.XX:36977 Authenticate/Decrypt packet error: cipher final failed
Thu Oct 15 00:04:21 2020 us=841264 satori/XX.XX.XX.XX:36977 Authenticate/Decrypt packet error: cipher final failed
Thu Oct 15 00:04:21 2020 us=841275 satori/XX.XX.XX.XX:36977 Authenticate/Decrypt packet error: cipher final failed
Thu Oct 15 00:04:22 2020 us=222607 satori/XX.XX.XX.XX:36977 Authenticate/Decrypt packet error: cipher final failed
Thu Oct 15 00:04:22 2020 us=226610 satori/XX.XX.XX.XX:36977 Authenticate/Decrypt packet error: cipher final failed
Thu Oct 15 00:04:22 2020 us=226644 satori/XX.XX.XX.XX:36977 Authenticate/Decrypt packet error: cipher final failed
Thu Oct 15 00:04:23 2020 us=744611 satori/XX.XX.XX.XX:36977 Authenticate/Decrypt packet error: cipher final failed
Thu Oct 15 00:04:23 2020 us=744643 satori/XX.XX.XX.XX:36977 Authenticate/Decrypt packet error: cipher final failed

And this is the client log after connecting to the server:

Code: Select all

15/10/2020, 01:28:58 OpenVPN core 3.git::3e56f9a6 win x86_64 64-bit built on Aug 21 2020 17:59:05
⏎15/10/2020, 01:28:58 Frame=512/2048/512 mssfix-ctrl=1250
⏎15/10/2020, 01:28:58 UNUSED OPTIONS
5 [resolv-retry] [infinite] 
7 [nobind] 
9 [verb] [3] 
⏎15/10/2020, 01:28:58 Contacting XXX via UDP
⏎15/10/2020, 01:28:58 WinCommandAgent: transmitting bypass route to XXX
{
	"host" : "XXX",
	"ipv6" : false
}

⏎15/10/2020, 01:28:58 EVENT: RESOLVE ⏎15/10/2020, 01:28:58 EVENT: WAIT ⏎15/10/2020, 01:28:58 Connecting to XXX via UDPv4
⏎15/10/2020, 01:28:58 EVENT: CONNECTING ⏎15/10/2020, 01:28:58 Tunnel Options:V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client
⏎15/10/2020, 01:28:58 Creds: UsernameEmpty/PasswordEmpty
⏎15/10/2020, 01:28:58 Peer Info:
IV_VER=3.git::3e56f9a6
IV_PLAT=win
IV_LZO_STUB=1
IV_COMP_STUB=1
IV_AUTO_SESS=1
IV_GUI_VER=OCWindows_3.2.1-1180
IV_SSO=openurl
IV_BS64DL=1

⏎15/10/2020, 01:28:59 SSL Handshake: CN=server, TLSv1, cipher SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
⏎15/10/2020, 01:28:59 Session is ACTIVE
⏎15/10/2020, 01:28:59 Sending PUSH_REQUEST to server...
⏎15/10/2020, 01:28:59 EVENT: GET_CONFIG ⏎15/10/2020, 01:28:59 EVENT: ASSIGN_IP ⏎15/10/2020, 01:28:59 OPTIONS:
0 [route] [10.8.0.6] [255.255.255.255] 
1 [route] [10.8.0.5] [255.255.255.255] 
2 [route] [192.168.0.191] [255.255.255.255] 
3 [redirect-gateway] [def1] 
4 [dhcp-option] [DNS] [8.8.8.8] 
5 [dhcp-option] [DNS] [8.8.4.4] 
6 [dhcp-option] [DNS] [10.8.0.1] 
7 [route] [10.8.0.1] 
8 [topology] [net30] 
9 [ping] [10] 
10 [ping-restart] [120] 
11 [ifconfig] [10.8.0.6] [10.8.0.5] 

⏎15/10/2020, 01:28:59 PROTOCOL OPTIONS:
  cipher: BF-CBC
  digest: SHA1
  compress: LZO_STUB
  peer ID: -1
⏎15/10/2020, 01:28:59 CAPTURED OPTIONS:
Session Name: XXX
Layer: OSI_LAYER_3
Remote Address: XXX
Tunnel Addresses:
  10.8.0.6/30 -> 10.8.0.5 [net30]
Reroute Gateway: IPv4=1 IPv6=0 flags=[ ENABLE REROUTE_GW DEF1 IPv4 ]
Block IPv6: no
Add Routes:
  10.8.0.6/32
  10.8.0.5/32
  192.168.0.191/32
  10.8.0.1/32
Exclude Routes:
DNS Servers:
  8.8.8.8
  8.8.4.4
  10.8.0.1
Search Domains:

⏎15/10/2020, 01:29:00 SetupClient: transmitting tun setup list to \\.\pipe\agent_ovpnconnect
{
	"confirm_event" : "a814000000000000",
	"destroy_event" : "a014000000000000",
	"receive_ring_hmem" : "b814000000000000",
	"receive_ring_tail_moved" : "ac14000000000000",
	"send_ring_hmem" : "b014000000000000",
	"send_ring_tail_moved" : "b414000000000000",
	"tun" : 
	{
		"adapter_domain_suffix" : "",
		"add_routes" : 
		[
			{
				"address" : "10.8.0.6",
				"gateway" : "",
				"ipv6" : false,
				"metric" : -1,
				"net30" : false,
				"prefix_length" : 32
			},
			{
				"address" : "10.8.0.5",
				"gateway" : "",
				"ipv6" : false,
				"metric" : -1,
				"net30" : false,
				"prefix_length" : 32
			},
			{
				"address" : "192.168.0.191",
				"gateway" : "",
				"ipv6" : false,
				"metric" : -1,
				"net30" : false,
				"prefix_length" : 32
			},
			{
				"address" : "10.8.0.1",
				"gateway" : "",
				"ipv6" : false,
				"metric" : -1,
				"net30" : false,
				"prefix_length" : 32
			}
		],
		"block_ipv6" : false,
		"dns_servers" : 
		[
			{
				"address" : "8.8.8.8",
				"ipv6" : false
			},
			{
				"address" : "8.8.4.4",
				"ipv6" : false
			},
			{
				"address" : "10.8.0.1",
				"ipv6" : false
			}
		],
		"layer" : 3,
		"mtu" : 0,
		"remote_address" : 
		{
			"address" : XXX",
			"ipv6" : false
		},
		"reroute_gw" : 
		{
			"flags" : 275,
			"ipv4" : true,
			"ipv6" : false
		},
		"route_metric_default" : -1,
		"session_name" : XXX,
		"tunnel_address_index_ipv4" : 0,
		"tunnel_address_index_ipv6" : -1,
		"tunnel_addresses" : 
		[
			{
				"address" : "10.8.0.6",
				"gateway" : "10.8.0.5",
				"ipv6" : false,
				"metric" : -1,
				"net30" : true,
				"prefix_length" : 30
			}
		]
	},
	"wintun" : true
}
POST np://[\\.\pipe\agent_ovpnconnect]/tun-setup : 200 OK
TAP ADAPTERS:
guid='{91F285F9-A111-481F-821F-18994311E58C}' index=12 name='Local Area Connection'
Open TAP device "Local Area Connection" PATH="\\?\ROOT#NET#0000#{cac88484-7515-4c03-82e6-71a87abac361}" SUCCEEDED
ActionDeleteAllRoutesOnInterface iface_index=12
netsh interface ip set interface 12 metric=1
Ok.
netsh interface ip set address 12 static 10.8.0.6 255.255.255.252 gateway=10.8.0.5 store=active
netsh interface ip add route 10.8.0.6/32 12 10.8.0.5 store=active
Ok.
netsh interface ip add route 10.8.0.5/32 12 10.8.0.5 store=active
Ok.
netsh interface ip add route 192.168.0.191/32 12 10.8.0.5 store=active
Ok.
netsh interface ip add route 10.8.0.1/32 12 10.8.0.5 store=active
Ok.
netsh interface ip add route XXXX/32 7 192.168.0.1 store=active
The object already exists.
netsh interface ip add route 0.0.0.0/1 12 10.8.0.5 store=active
Ok.
netsh interface ip add route 128.0.0.0/1 12 10.8.0.5 store=active
Ok.
netsh interface ip set dnsservers 12 static 8.8.8.8 register=primary validate=no
netsh interface ip add dnsservers 12 8.8.4.4 2 validate=no
netsh interface ip add dnsservers 12 10.8.0.1 3 validate=no
NRPT::ActionCreate names=[.] dns_servers=[8.8.8.8,8.8.4.4,10.8.0.1]
ActionWFP openvpn_app_path=C:\Program Files\OpenVPN Connect\OpenVPNConnect.exe tap_index=12 enable=1
permit IPv4 DNS requests from OpenVPN app
permit IPv6 DNS requests from OpenVPN app
block IPv4 DNS requests from other apps
block IPv6 DNS requests from other apps
allow IPv4 traffic from TAP
allow IPv6 traffic from TAP
ipconfig /flushdns
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
TAP handle: 840b000000000000
⏎15/10/2020, 01:29:00 Connected via wintun
⏎15/10/2020, 01:29:00 Per-Key Data Limit: 48000000/48000000
⏎15/10/2020, 01:29:00 LZO-ASYM init swap=0 asym=1
⏎15/10/2020, 01:29:00 Comp-stub init swap=0
⏎15/10/2020, 01:29:00 EVENT: CONNECTED XXXX via /UDPv4 on wintun/10.8.0.6/ gw=[10.8.0.5/]⏎

FInally,this is the result of ipconfic on the Windows 10 client

Code: Select all

Windows IP Configuration


Unknown adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   IPv4 Address. . . . . . . . . . . : 10.8.0.6
   Subnet Mask . . . . . . . . . . . : 255.255.255.252
   Default Gateway . . . . . . . . . :

Wireless LAN adapter Local Area Connection* 1:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Wireless LAN adapter Local Area Connection* 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Wireless LAN adapter WiFi:

   Connection-specific DNS Suffix  . :
   IPv4 Address. . . . . . . . . . . : 192.168.0.191
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.0.1

Ethernet adapter Bluetooth Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Things I've tried:
- Turning off all windows firewalls etc
- running openVPN as admin
- reinstalling openVPN with TAP adapter / wintun adapter options, respectively

TinCanTech · Post by **TinCanTech** » Thu Oct 15, 2020 12:28 am

Your client is missing --tls-auth, so, it cannot connect at all.

But this:

Stefab wrote: ↑
Wed Oct 14, 2020 11:53 pm
And this is the client log after connecting to the server:

Code: Select all

15/10/2020, 01:28:58 OpenVPN core 3.git::3e56f9a6 win x86_64 64-bit built on Aug 21 2020 17:59:05

No idea .. I presume it is something shipped by your supplier ..

300000 · Post by **300000** » Thu Oct 15, 2020 12:00 pm

you use ta but dont have key direction so it not going to connect and you dont give out full config client so help yourself your problem .

Stefab · Post by **Stefab** » Sat Oct 17, 2020 11:42 pm

Yes I just realized I didn't paste the whole client config

So tls auth is used, I am still looking for solutions to this, so far without success..

Code: Select all

remote XXXX
proto udp
ns-cert-type server

client
dev tun
resolv-retry infinite
keepalive 10 120
nobind
comp-lzo
verb 3
;user nobody
;group nogroup

<ca>
-----BEGIN CERTIFICATE-----
MIIE5TCCA82gAwIBAgIJAM+Zth6glrg+MA0GCSqGSIb3DQEBCwUAMIGnMQswCQYD
VQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28xFjAU
BgNVBAoTDVR1cm5LZXkgTGludXgxEDAOBgNVBAsTB09wZW5WUE4xDzANBgNVBAMT
BnNlcnZlcjEQMA4GA1UEKRMHb3BlbnZwbjEmMCQGCSqGSIb3DQEJARYXc3RlZmFu
dm9udWxhbkBnbWFpbC5jb20wHhcNMTkxMTExMjM1NjIwWhcNMjkxMTA4MjM1NjIw
WjCBpzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1TYW4gRnJh
bmNpc2NvMRYwFAYDVQQKEw1UdXJuS2V5IExpbnV4MRAwDgYDVQQLEwdPcGVuVlBO
MQ8wDQYDVQQDEwZzZXJ2ZXIxEDAOBgNVBCkTB29wZW52cG4xJjAkBgkqhkiG9w0B
CQEWF3N0ZWZhbnZvbnVsYW5AZ21haWwuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEApz7zhReVnecW3LhJ7OasAqRufFrwDfb+5acAFo7uEJCnROky
T6mDvGZ+GRcfy1FvKtVy/VPE2paxtgfvd5CWcsbAxgA0mwbSDM7YZHRZkAx0acVF
IVVQhauBs9OdAYh03mI6tyRj+kC9fTt0AIEN3Egr9sRYv+V2rxJwg52tPx0kiE7i
HcqcYWpOhSVuUn6BKnExDgCyhpbhgbICVHShThB33TPDyANXC8tAC+01BuYG4T+y
QYJ/VenOrSt9hTDQ80R7Mwy09bc8Y4axy3101+XAxVfUFt02ZWn2aXg4a+L9u9Re
TqLjuwAfPJ2aYxHhna7nuMc6wMJhv/pErmkP8QIDAQABo4IBEDCCAQwwHQYDVR0O
BBYEFEZxyEf5hmRFIMKJwZMQEvAwuR/9MIHcBgNVHSMEgdQwgdGAFEZxyEf5hmRF
IMKJwZMQEvAwuR/9oYGtpIGqMIGnMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0Ex
FjAUBgNVBAcTDVNhbiBGcmFuY2lzY28xFjAUBgNVBAoTDVR1cm5LZXkgTGludXgx
EDAOBgNVBAsTB09wZW5WUE4xDzANBgNVBAMTBnNlcnZlcjEQMA4GA1UEKRMHb3Bl
bnZwbjEmMCQGCSqGSIb3DQEJARYXc3RlZmFudm9udWxhbkBnbWFpbC5jb22CCQDP
mbYeoJa4PjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBPFEM+/T54
mmZxU2je5GBhnq7Ep/+nJqgdes3WF/VfJXjmKV6ErZD8M3lbxhz1HLiqc7RJG2Uw
lN4t0KYTOqd3jv6YXjzlWDMijlT8jnWepbaVIbsQvv3eoLL40xcDYcqMNyLaR/Dj
eH8OYuz4gFOxYD/oS6ZnsDHImrpLlZY9LKfW1hy50FPw8kY/Gu8znCJYATFnGeB/
25xZpkMD879PdKFtMByOeTfMuIs4Rg8pplr4OAI26XJKiZaw/lPY2BIGFP3y7ye9
WKFjbDR2v3QOEX4uQU9fXkR0tvkU6QKb0D+6nJYBfQvsQtBCCRwDdIUpHdsbGHHn
A60rHw5z89Jv
-----END CERTIFICATE-----
</ca>

key-direction 1
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
a5545182f8f8da8f29b09e5b034e7447
fffc6b1eca16f9d21453c082cb0e5b39
86c76eb471356b7ac8cb764412ce54af
768b09d1f36a09bd65bf0313e155bac9
d6aa83eb87d8b00d7d4d1f209d056ba7
c9d818ebf114672cd2fba84a68b2ea58
0e202679dd4800c6a99522a16cf444de
a5e89e2cd24a005013262052ba0d4b50
9f46fa93f1e8d33e3a565925eb7a7659
f73584582889c1761cf95ad18c74d228
6e016d05c291fd697a597b5fbcc495c2
fefb1264d908699a570f69d431e171a7
bfe334270e0344f5049dd0307c7e4187
f1d09b44582c7889bc8f13d6513d4ddc
cc87169118b31f9637651f0559f2e8e7
10d8f81e6361b4bbee3a4d64d6dc57e5
-----END OpenVPN Static key V1-----
</tls-auth>

<cert>
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2 (0x2)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, ST=CA, L=San Francisco, O=TurnKey Linux, OU=OpenVPN, CN=server/name=openvpn/emailAddress=XXX
        Validity
            Not Before: Nov 12 00:00:36 2019 GMT
            Not After : Nov  9 00:00:36 2029 GMT
        Subject: C=US, ST=CA, L=San Francisco, O=TurnKey Linux, OU=OpenVPN, CN=satori/name=openvpn/emailAddress=XXX
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:e4:cb:62:a2:7b:b2:74:4a:ef:14:1a:1d:4c:fc:
                    34:46:58:b7:2d:1c:6e:97:35:0b:4b:c7:fe:eb:b2:
                    17:db:1e:e0:85:14:7a:e0:3f:0e:7e:44:5d:7c:49:
                    f9:03:ac:03:e7:10:30:98:14:99:53:70:cc:33:6b:
                    56:25:04:15:60:f1:26:4e:73:39:4d:2f:8d:83:b5:
                    92:9f:a0:6d:20:27:e8:b7:76:e9:d0:a7:6c:28:01:
                    f9:7b:f3:26:37:ba:dc:b3:e6:04:69:36:60:21:a3:
                    69:6e:bf:0c:6c:06:06:29:8d:f4:67:16:b3:1c:bf:
                    06:cf:62:7c:e0:76:f9:ac:c7:fe:ce:c3:0d:21:9f:
                    23:99:7c:89:b7:f2:42:ee:a9:68:d9:5d:0a:6c:01:
                    ee:d0:65:e9:81:0c:9e:33:8c:68:56:a6:39:01:13:
                    f9:38:62:55:17:1e:3e:25:7f:80:70:6b:9d:d0:ca:
                    b3:39:6d:8e:82:c9:30:76:68:c7:23:14:72:3e:ad:
                    78:0a:55:f9:1b:72:95:d2:bf:a8:c8:eb:a1:27:d9:
                    5b:6b:99:b6:df:40:5a:34:7e:3d:7c:58:41:53:48:
                    9b:a0:28:36:a7:07:75:69:99:ff:60:ee:95:1d:61:
                    26:23:3e:85:f1:38:c5:51:36:66:de:9f:34:8c:43:
                    b3:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: 
                CA:FALSE
            Netscape Comment: 
                Easy-RSA Generated Certificate
            X509v3 Subject Key Identifier: 
                3A:A9:1E:88:91:75:4A:12:F2:01:07:4B:45:49:AC:B5:13:47:88:E0
            X509v3 Authority Key Identifier: 
                keyid:46:71:C8:47:F9:86:64:45:20:C2:89:C1:93:10:12:F0:30:B9:1F:FD
                DirName:/C=US/ST=CA/L=San Francisco/O=TurnKey Linux/OU=OpenVPN/CN=server/name=openvpn/emailAddress=XXXX
                serial:CF:99:B6:1E:A0:96:B8:3E

            X509v3 Extended Key Usage: 
                TLS Web Client Authentication
            X509v3 Key Usage: 
                Digital Signature
            X509v3 Subject Alternative Name: 
                DNS:XXX
    Signature Algorithm: sha256WithRSAEncryption
         6e:0f:bd:71:ea:76:6b:17:c8:e8:55:af:50:aa:3b:85:6d:1c:
         cf:c7:d0:cf:95:c4:1c:f9:2e:c5:49:6f:24:a6:b6:04:8f:bd:
         37:de:13:ae:c7:19:7f:90:18:df:78:82:ca:16:7f:1a:6f:f8:
         c6:c4:f4:e3:12:a3:cf:ef:27:e2:0e:45:9a:8f:31:cb:e2:1b:
         b0:d6:17:69:61:2b:80:1e:83:47:87:47:01:37:44:c7:fc:e4:
         02:36:23:f7:95:44:bc:34:2d:07:fd:4d:92:c7:fe:8d:fa:68:
         0a:73:1f:35:47:15:4a:b7:01:fd:37:95:8e:e8:3a:07:cb:0c:
         4c:30:11:18:38:ab:01:bb:1a:9f:68:6b:2d:2c:7d:44:cb:d5:
         1c:7b:bc:f0:e2:ca:01:a2:0f:92:81:d1:7a:6b:58:3d:93:9e:
         27:3a:f2:31:01:74:da:8f:f2:c0:fc:68:b4:82:ea:41:37:91:
         bf:aa:39:83:5f:0f:6c:f5:68:fc:79:b8:d0:46:5f:28:b8:cd:
         7f:7b:7f:68:24:70:72:01:29:11:37:d8:83:ca:0f:f7:b8:64:
         7b:6a:3a:35:16:aa:aa:55:62:14:5b:e7:2e:67:d4:c6:31:5e:
         86:54:01:d1:e1:7f:b2:db:52:f1:3b:3c:1c:92:91:97:f5:08:
         40:2c:a3:ff
-----BEGIN CERTIFICATE-----
XXX
-----END CERTIFICATE-----
</cert>

Stefab · Post by **Stefab** » Sun Oct 18, 2020 12:23 am

I found this thread, which seems to be exactly my problem but haven't solved it so far

viewtopic.php?t=29336
I'm pretty sure there's only a small detail missing - any hint or help towards what I got mixed up here would be so much appreciated!

TinCanTech · Post by **TinCanTech** » Sun Oct 18, 2020 1:56 am

Stefab wrote: ↑
Wed Oct 14, 2020 11:53 pm
I've been using openVPN with a server running on a VPS

Try stuffing this into your firewall:

Code: Select all

iptables -t nat -s 10.8.0.0/24 -o eth0 --snat <Your-VPS-server-public-IP>

Stefab · Post by **Stefab** » Tue Oct 20, 2020 8:59 pm

Hmmmm this doesnt seem to work, I get this error:

Code: Select all

                                                     
iptables v1.4.21: unknown option "--snat"                                                                                                                     
Try `iptables -h' or 'iptables --help' for more information.

I have a rule on the VPS already, saying
-A POSTROUTING -j SNAT --to-source <VPS Server IP>

TinCanTech · Post by **TinCanTech** » Tue Oct 20, 2020 9:50 pm

Stefab wrote: ↑
Tue Oct 20, 2020 8:59 pm
I have a rule on the VPS already, saying
-A POSTROUTING -j SNAT --to-source <VPS Server IP>

Yes, that is the one i meant. VPS do not support Masquerade, in general.

Stefab wrote: ↑
Wed Oct 14, 2020 11:53 pm
Today, I formatted my laptop and reinstalled the OS. After reinstalling, I reloaded the exact same openVPN profile into the openVPN client ( version: 3.2.1 (1180)) and tried to connect. I can successfully connect to the VPN server, however I don't have Internet access after connecting.

Sorry, we don't support that here.

bemipefe · Post by **bemipefe** » Mon Oct 25, 2021 7:32 pm

Same problem reported by Stefab

The VPN worked flawlessly for about one year and then suddenly I started experiencing the "no internet" problem once the VPN was established.
I use OpenVPN Connect client version 3.3.1 (upgraded to 3.3.2 but nothing changed).
The VPN server is running on CentOS 7 i don't have the precise version at the moment but it's the latest availalble for CentOS 7.

I suppose that something has been broke by either the server upgrade or the client upgrade.
Anyway I solved by replacing this line in the client configuration:

Code: Select all

pull-filter ignore redirect-gateway

with:

Code: Select all

route-nopull

And I was able to have internet access again while connected to the VPN.
I think this page may help:

https://community.openvpn.net/openvpn/w ... ectGateway

TinCanTech · Post by **TinCanTech** » Mon Oct 25, 2021 7:43 pm

bemipefe wrote: ↑
Mon Oct 25, 2021 7:32 pm
Same problem reported by Stefab

Your problem is not related to @Stefab 's issue, at all.

Your solution is to effectively DISABLE your own VPN.

OpenVPN Support Forum

Connected to openVPN, but no Internet access (VPS server, Win10 client)

Connected to openVPN, but no Internet access (VPS server, Win10 client)

Re: Connected to openVPN, but no Internet access (VPS server, Win10 client)

Re: Connected to openVPN, but no Internet access (VPS server, Win10 client)

Re: Connected to openVPN, but no Internet access (VPS server, Win10 client)

Re: Connected to openVPN, but no Internet access (VPS server, Win10 client)

Re: Connected to openVPN, but no Internet access (VPS server, Win10 client)

Re: Connected to openVPN, but no Internet access (VPS server, Win10 client)

Re: Connected to openVPN, but no Internet access (VPS server, Win10 client)

Re: Connected to openVPN, but no Internet access (VPS server, Win10 client)

Re: Connected to openVPN, but no Internet access (VPS server, Win10 client)