server-bridge settings ignored by client

Need help configuring your VPN? Just post here and you'll get that help.
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
MrMysteryGuest
OpenVpn Newbie
Posts: 2
Joined: Mon Jan 11, 2021 11:57 pm

server-bridge settings ignored by client

Post by MrMysteryGuest » Tue Jan 12, 2021 12:32 am

Hi, hoping you can help, I feel like I've made a basic mistake somewhere :(

When I connect to my OpenVPN server, my client is not receiving an IP within the pool range specified in server-bridge. My client is issued the IP 10.8.0.2. I've tried connecting with the openvpn-gui client on both Windows 7 and Windows 10 (same PC, dual booting) with the same result, so assume it to be a server side mis-configuration.

I've attempted removing the server-bridge command and using ifconfig-pool instead, no luck there either.

Server config

# IP and Topology
dev tap
proto udp
port 1194
server-bridge 10.8.8.1 255.255.255.0 10.8.8.10 10.8.8.30
topology subnet
client-to-client

# TLS
ca /etc/openvpn/easy-rsa/pki/ca.crt
cert /etc/openvpn/easy-rsa/pki/issued/roshi_326f096b-ac6b-4bc4-a990-9c7aea1d340c.crt
key /etc/openvpn/easy-rsa/pki/private/roshi_326f096b-ac6b-4bc4-a990-9c7aea1d340c.key
tls-crypt /etc/openvpn/easy-rsa/pki/ta.key
crl-verify /etc/openvpn/crl.pem
dh none
ecdh-curve prime256v1
tls-version-min 1.2
cipher AES-256-CBC
auth SHA256
remote-cert-tls client
remote-cert-tls client

# Commands to replace server-bridge
;server-bridge nogw
;mode server
;tls-server
;push "topology subnet"
;ifconfig 10.8.8.1 255.255.255.224
;ifconfig-pool 10.8.8.10 10.8.8.30 255.255.255.224

# Misc
client-config-dir /etc/openvpn/ccd
keepalive 15 120
user openvpn
group openvpn
persist-key
persist-tun

# Logging
status /var/log/openvpn-status.log 20
status-version 3
syslog
verb 4



Client config

## find settings using man on the server: man openvpn | grep auth-nocache --context 10
client
dev tap
proto udp
remote ****************** 1194
resolv-retry infinite
nobind
remote-cert-tls server
tls-version-min 1.2
verify-x509-name roshi_326f096b-ac6b-4bc4-a990-9c7aea1d340c name
cipher AES-256-CBC
auth SHA256
auth-nocache
verb 3

<ca>
-----BEGIN CERTIFICATE-----
!redacted!
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
!redacted!
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN ENCRYPTED PRIVATE KEY-----
!redacted!
-----END ENCRYPTED PRIVATE KEY-----
</key>
<tls-crypt>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
!redacted!
-----END OpenVPN Static key V1-----
</tls-crypt>



Server Log

Code: Select all

Jan 12 00:00:36 roshi ovpn-server[4358]: Current Parameter Settings:
Jan 12 00:00:36 roshi ovpn-server[4358]:   config = '/etc/openvpn/server.conf'
Jan 12 00:00:36 roshi ovpn-server[4358]:   mode = 1
Jan 12 00:00:36 roshi ovpn-server[4358]:   persist_config = DISABLED
Jan 12 00:00:36 roshi ovpn-server[4358]:   persist_mode = 1
Jan 12 00:00:36 roshi ovpn-server[4358]:   show_ciphers = DISABLED
Jan 12 00:00:36 roshi ovpn-server[4358]:   show_digests = DISABLED
Jan 12 00:00:36 roshi ovpn-server[4358]:   show_engines = DISABLED
Jan 12 00:00:36 roshi ovpn-server[4358]:   genkey = DISABLED
Jan 12 00:00:36 roshi ovpn-server[4358]:   key_pass_file = '[UNDEF]'
Jan 12 00:00:36 roshi ovpn-server[4358]:   show_tls_ciphers = DISABLED
Jan 12 00:00:36 roshi ovpn-server[4358]:   connect_retry_max = 0
Jan 12 00:00:36 roshi ovpn-server[4358]: Connection profiles [0]:
Jan 12 00:00:36 roshi ovpn-server[4358]:   proto = udp
Jan 12 00:00:36 roshi ovpn-server[4358]:   local = '[UNDEF]'
Jan 12 00:00:36 roshi ovpn-server[4358]:   local_port = '1194'
Jan 12 00:00:36 roshi ovpn-server[4358]:   remote = '[UNDEF]'
Jan 12 00:00:36 roshi ovpn-server[4358]:   remote_port = '1194'
Jan 12 00:00:36 roshi ovpn-server[4358]:   remote_float = DISABLED
Jan 12 00:00:36 roshi ovpn-server[4358]:   bind_defined = DISABLED
Jan 12 00:00:36 roshi ovpn-server[4358]:   bind_local = ENABLED
Jan 12 00:00:36 roshi ovpn-server[4358]:   bind_ipv6_only = DISABLED
Jan 12 00:00:36 roshi ovpn-server[4358]:   connect_retry_seconds = 5
Jan 12 00:00:36 roshi ovpn-server[4358]:   connect_timeout = 120
Jan 12 00:00:36 roshi ovpn-server[4358]:   socks_proxy_server = '[UNDEF]'
Jan 12 00:00:36 roshi ovpn-server[4358]:   socks_proxy_port = '[UNDEF]'
Jan 12 00:00:36 roshi ovpn-server[4358]:   tun_mtu = 1500
Jan 12 00:00:36 roshi ovpn-server[4358]:   tun_mtu_defined = ENABLED
Jan 12 00:00:36 roshi ovpn-server[4358]:   link_mtu = 1500
Jan 12 00:00:36 roshi ovpn-server[4358]:   link_mtu_defined = DISABLED
Jan 12 00:00:36 roshi ovpn-server[4358]:   tun_mtu_extra = 32
Jan 12 00:00:36 roshi ovpn-server[4358]:   tun_mtu_extra_defined = ENABLED
Jan 12 00:00:36 roshi ovpn-server[4358]:   mtu_discover_type = -1
Jan 12 00:00:36 roshi ovpn-server[4358]:   fragment = 0
Jan 12 00:00:36 roshi ovpn-server[4358]:   mssfix = 1450
Jan 12 00:00:36 roshi ovpn-server[4358]:   explicit_exit_notification = 0
Jan 12 00:00:36 roshi ovpn-server[4358]: Connection profiles END
Jan 12 00:00:36 roshi ovpn-server[4358]:   remote_random = DISABLED
Jan 12 00:00:36 roshi ovpn-server[4358]:   ipchange = '[UNDEF]'
Jan 12 00:00:36 roshi ovpn-server[4358]:   dev = 'tap'
Jan 12 00:00:36 roshi ovpn-server[4358]:   dev_type = '[UNDEF]'
Jan 12 00:00:36 roshi ovpn-server[4358]:   dev_node = '[UNDEF]'
Jan 12 00:00:36 roshi ovpn-server[4358]:   lladdr = '[UNDEF]'
Jan 12 00:00:36 roshi ovpn-server[4358]:   topology = 3
Jan 12 00:00:36 roshi ovpn-server[4358]:   ifconfig_local = '[UNDEF]'
Jan 12 00:00:36 roshi ovpn-server[4358]:   ifconfig_remote_netmask = '[UNDEF]'
Jan 12 00:00:36 roshi ovpn-server[4358]:   ifconfig_noexec = DISABLED
Jan 12 00:00:36 roshi ovpn-server[4358]:   ifconfig_nowarn = DISABLED
Jan 12 00:00:36 roshi ovpn-server[4358]:   ifconfig_ipv6_local = '[UNDEF]'
Jan 12 00:00:36 roshi ovpn-server[4358]:   ifconfig_ipv6_netbits = 0
Jan 12 00:00:36 roshi ovpn-server[4358]:   ifconfig_ipv6_remote = '[UNDEF]'
Jan 12 00:00:36 roshi ovpn-server[4358]:   shaper = 0
Jan 12 00:00:36 roshi ovpn-server[4358]:   mtu_test = 0
Jan 12 00:00:36 roshi ovpn-server[4358]:   mlock = DISABLED
Jan 12 00:00:36 roshi ovpn-server[4358]:   keepalive_ping = 15
Jan 12 00:00:36 roshi ovpn-server[4358]:   keepalive_timeout = 120
Jan 12 00:00:36 roshi ovpn-server[4358]:   inactivity_timeout = 0
Jan 12 00:00:36 roshi ovpn-server[4358]:   ping_send_timeout = 15
Jan 12 00:00:36 roshi ovpn-server[4358]:   ping_rec_timeout = 240
Jan 12 00:00:36 roshi ovpn-server[4358]:   ping_rec_timeout_action = 2
Jan 12 00:00:36 roshi ovpn-server[4358]:   ping_timer_remote = DISABLED
Jan 12 00:00:36 roshi ovpn-server[4358]:   remap_sigusr1 = 0
Jan 12 00:00:36 roshi ovpn-server[4358]:   persist_tun = ENABLED
Jan 12 00:00:36 roshi ovpn-server[4358]:   persist_local_ip = DISABLED
Jan 12 00:00:36 roshi ovpn-server[4358]:   persist_remote_ip = DISABLED
Jan 12 00:00:36 roshi ovpn-server[4358]:   persist_key = ENABLED
Jan 12 00:00:36 roshi ovpn-server[4358]:   passtos = DISABLED
Jan 12 00:00:36 roshi ovpn-server[4358]:   resolve_retry_seconds = 1000000000
Jan 12 00:00:36 roshi ovpn-server[4358]:   resolve_in_advance = DISABLED
Jan 12 00:00:36 roshi ovpn-server[4358]:   username = 'openvpn'
Jan 12 00:00:36 roshi ovpn-server[4358]:   groupname = 'openvpn'
Jan 12 00:00:36 roshi ovpn-server[4358]:   chroot_dir = '[UNDEF]'
Jan 12 00:00:36 roshi ovpn-server[4358]:   cd_dir = '/etc/openvpn'
Jan 12 00:00:36 roshi ovpn-server[4358]:   writepid = '/run/openvpn/server.pid'
Jan 12 00:00:36 roshi ovpn-server[4358]:   up_script = '[UNDEF]'
Jan 12 00:00:36 roshi ovpn-server[4358]:   down_script = '[UNDEF]'
Jan 12 00:00:36 roshi ovpn-server[4358]:   down_pre = DISABLED
Jan 12 00:00:36 roshi ovpn-server[4358]:   up_restart = DISABLED
Jan 12 00:00:36 roshi ovpn-server[4358]:   up_delay = DISABLED
Jan 12 00:00:36 roshi ovpn-server[4358]:   daemon = ENABLED
Jan 12 00:00:36 roshi ovpn-server[4358]:   inetd = 0
Jan 12 00:00:36 roshi ovpn-server[4358]:   log = DISABLED
Jan 12 00:00:36 roshi ovpn-server[4358]:   suppress_timestamps = DISABLED
Jan 12 00:00:36 roshi ovpn-server[4358]:   machine_readable_output = DISABLED
Jan 12 00:00:36 roshi ovpn-server[4358]:   nice = 0
Jan 12 00:00:36 roshi ovpn-server[4358]:   verbosity = 4
Jan 12 00:00:36 roshi ovpn-server[4358]:   mute = 0
Jan 12 00:00:36 roshi ovpn-server[4358]:   gremlin = 0
Jan 12 00:00:36 roshi ovpn-server[4358]:   status_file = '/var/log/openvpn-status.log'
Jan 12 00:00:36 roshi ovpn-server[4358]:   status_file_version = 3
Jan 12 00:00:36 roshi ovpn-server[4358]:   status_file_update_freq = 20
Jan 12 00:00:36 roshi ovpn-server[4358]:   occ = ENABLED
Jan 12 00:00:36 roshi ovpn-server[4358]:   rcvbuf = 0
Jan 12 00:00:36 roshi ovpn-server[4358]:   sndbuf = 0
Jan 12 00:00:36 roshi ovpn-server[4358]:   mark = 0
Jan 12 00:00:36 roshi ovpn-server[4358]:   sockflags = 0
Jan 12 00:00:36 roshi ovpn-server[4358]:   fast_io = DISABLED
Jan 12 00:00:36 roshi ovpn-server[4358]:   comp.alg = 0
Jan 12 00:00:36 roshi ovpn-server[4358]:   comp.flags = 0
Jan 12 00:00:36 roshi ovpn-server[4358]:   route_script = '[UNDEF]'
Jan 12 00:00:36 roshi ovpn-server[4358]:   route_default_gateway = '[UNDEF]'
Jan 12 00:00:36 roshi ovpn-server[4358]:   route_default_metric = 0
Jan 12 00:00:36 roshi ovpn-server[4358]:   route_noexec = DISABLED
Jan 12 00:00:36 roshi ovpn-server[4358]:   route_delay = 0
Jan 12 00:00:36 roshi ovpn-server[4358]:   route_delay_window = 30
Jan 12 00:00:36 roshi ovpn-server[4358]:   route_delay_defined = DISABLED
Jan 12 00:00:36 roshi ovpn-server[4358]:   route_nopull = DISABLED
Jan 12 00:00:36 roshi ovpn-server[4358]:   route_gateway_via_dhcp = DISABLED
Jan 12 00:00:36 roshi ovpn-server[4358]:   allow_pull_fqdn = DISABLED
Jan 12 00:00:36 roshi ovpn-server[4358]:   management_addr = '[UNDEF]'
Jan 12 00:00:36 roshi ovpn-server[4358]:   management_port = '[UNDEF]'
Jan 12 00:00:36 roshi ovpn-server[4358]:   management_user_pass = '[UNDEF]'
Jan 12 00:00:36 roshi ovpn-server[4358]:   management_log_history_cache = 250
Jan 12 00:00:36 roshi ovpn-server[4358]:   management_echo_buffer_size = 100
Jan 12 00:00:36 roshi ovpn-server[4358]:   management_write_peer_info_file = '[UNDEF]'
Jan 12 00:00:36 roshi ovpn-server[4358]:   management_client_user = '[UNDEF]'
Jan 12 00:00:36 roshi ovpn-server[4358]:   management_client_group = '[UNDEF]'
Jan 12 00:00:36 roshi ovpn-server[4358]:   management_flags = 0
Jan 12 00:00:36 roshi ovpn-server[4358]:   shared_secret_file = '[UNDEF]'
Jan 12 00:00:36 roshi ovpn-server[4358]:   key_direction = not set
Jan 12 00:00:36 roshi ovpn-server[4358]:   ciphername = 'AES-256-CBC'
Jan 12 00:00:36 roshi ovpn-server[4358]:   ncp_enabled = ENABLED
Jan 12 00:00:36 roshi ovpn-server[4358]:   ncp_ciphers = 'AES-256-GCM:AES-128-GCM'
Jan 12 00:00:36 roshi ovpn-server[4358]:   authname = 'SHA256'
Jan 12 00:00:36 roshi ovpn-server[4358]:   prng_hash = 'SHA1'
Jan 12 00:00:36 roshi ovpn-server[4358]:   prng_nonce_secret_len = 16
Jan 12 00:00:36 roshi ovpn-server[4358]:   keysize = 0
Jan 12 00:00:36 roshi ovpn-server[4358]:   engine = DISABLED
Jan 12 00:00:36 roshi ovpn-server[4358]:   replay = ENABLED
Jan 12 00:00:36 roshi ovpn-server[4358]:   mute_replay_warnings = DISABLED
Jan 12 00:00:36 roshi ovpn-server[4358]:   replay_window = 64
Jan 12 00:00:36 roshi ovpn-server[4358]:   replay_time = 15
Jan 12 00:00:36 roshi ovpn-server[4358]:   packet_id_file = '[UNDEF]'
Jan 12 00:00:36 roshi ovpn-server[4358]:   use_iv = ENABLED
Jan 12 00:00:36 roshi ovpn-server[4358]:   test_crypto = DISABLED
Jan 12 00:00:36 roshi ovpn-server[4358]:   tls_server = ENABLED
Jan 12 00:00:36 roshi ovpn-server[4358]:   tls_client = DISABLED
Jan 12 00:00:36 roshi ovpn-server[4358]:   key_method = 2
Jan 12 00:00:36 roshi ovpn-server[4358]:   ca_file = '/etc/openvpn/easy-rsa/pki/ca.crt'
Jan 12 00:00:36 roshi ovpn-server[4358]:   ca_path = '[UNDEF]'
Jan 12 00:00:36 roshi ovpn-server[4358]:   dh_file = '[UNDEF]'
Jan 12 00:00:36 roshi ovpn-server[4358]:   cert_file = '/etc/openvpn/easy-rsa/pki/issued/roshi_326f096b-ac6b-4bc4-a990-9c7aea1d340c.crt'
Jan 12 00:00:36 roshi ovpn-server[4358]:   extra_certs_file = '[UNDEF]'
Jan 12 00:00:36 roshi ovpn-server[4358]:   priv_key_file = '/etc/openvpn/easy-rsa/pki/private/roshi_326f096b-ac6b-4bc4-a990-9c7aea1d340c.key'
Jan 12 00:00:36 roshi ovpn-server[4358]:   pkcs12_file = '[UNDEF]'
Jan 12 00:00:36 roshi ovpn-server[4358]:   cipher_list = '[UNDEF]'
Jan 12 00:00:36 roshi ovpn-server[4358]:   cipher_list_tls13 = '[UNDEF]'
Jan 12 00:00:36 roshi ovpn-server[4358]:   tls_cert_profile = '[UNDEF]'
Jan 12 00:00:36 roshi ovpn-server[4358]:   tls_verify = '[UNDEF]'
Jan 12 00:00:36 roshi ovpn-server[4358]:   tls_export_cert = '[UNDEF]'
Jan 12 00:00:36 roshi ovpn-server[4358]:   verify_x509_type = 0
Jan 12 00:00:36 roshi ovpn-server[4358]:   verify_x509_name = '[UNDEF]'
Jan 12 00:00:36 roshi ovpn-server[4358]:   crl_file = '/etc/openvpn/crl.pem'
Jan 12 00:00:36 roshi ovpn-server[4358]:   ns_cert_type = 0
Jan 12 00:00:36 roshi ovpn-server[4358]:   remote_cert_ku[i] = 65535
Jan 12 00:00:36 roshi ovpn-server[4358]:   remote_cert_ku[i] = 0
Jan 12 00:00:36 roshi ovpn-server[4358]:   remote_cert_ku[i] = 0
Jan 12 00:00:36 roshi ovpn-server[4358]:   remote_cert_ku[i] = 0
Jan 12 00:00:36 roshi ovpn-server[4358]:   remote_cert_ku[i] = 0
Jan 12 00:00:36 roshi ovpn-server[4358]:   remote_cert_ku[i] = 0
Jan 12 00:00:36 roshi ovpn-server[4358]:   remote_cert_ku[i] = 0
Jan 12 00:00:36 roshi ovpn-server[4358]:   remote_cert_ku[i] = 0
Jan 12 00:00:36 roshi ovpn-server[4358]:   remote_cert_ku[i] = 0
Jan 12 00:00:36 roshi ovpn-server[4358]:   remote_cert_ku[i] = 0
Jan 12 00:00:36 roshi ovpn-server[4358]:   remote_cert_ku[i] = 0
Jan 12 00:00:36 roshi ovpn-server[4358]:   remote_cert_ku[i] = 0
Jan 12 00:00:36 roshi ovpn-server[4358]:   remote_cert_ku[i] = 0
Jan 12 00:00:36 roshi ovpn-server[4358]:   remote_cert_ku[i] = 0
Jan 12 00:00:36 roshi ovpn-server[4358]:   remote_cert_ku[i] = 0
Jan 12 00:00:36 roshi ovpn-server[4358]:   remote_cert_ku[i] = 0
Jan 12 00:00:36 roshi ovpn-server[4358]:   remote_cert_eku = 'TLS Web Client Authentication'
Jan 12 00:00:36 roshi ovpn-server[4358]:   ssl_flags = 192
Jan 12 00:00:36 roshi ovpn-server[4358]:   tls_timeout = 2
Jan 12 00:00:36 roshi ovpn-server[4358]:   renegotiate_bytes = -1
Jan 12 00:00:36 roshi ovpn-server[4358]:   renegotiate_packets = 0
Jan 12 00:00:36 roshi ovpn-server[4358]:   renegotiate_seconds = 3600
Jan 12 00:00:36 roshi ovpn-server[4358]:   handshake_window = 60
Jan 12 00:00:36 roshi ovpn-server[4358]:   transition_window = 3600
Jan 12 00:00:36 roshi ovpn-server[4358]:   single_session = DISABLED
Jan 12 00:00:36 roshi ovpn-server[4358]:   push_peer_info = DISABLED
Jan 12 00:00:36 roshi ovpn-server[4358]:   tls_exit = DISABLED
Jan 12 00:00:36 roshi ovpn-server[4358]:   tls_auth_file = '[UNDEF]'
Jan 12 00:00:36 roshi ovpn-server[4358]:   tls_crypt_file = '/etc/openvpn/easy-rsa/pki/ta.key'
Jan 12 00:00:36 roshi ovpn-server[4358]:   pkcs11_protected_authentication = DISABLED
Jan 12 00:00:36 roshi ovpn-server[4358]:   pkcs11_protected_authentication = DISABLED
Jan 12 00:00:36 roshi ovpn-server[4358]:   pkcs11_protected_authentication = DISABLED
Jan 12 00:00:36 roshi ovpn-server[4358]:   pkcs11_protected_authentication = DISABLED
Jan 12 00:00:36 roshi ovpn-server[4358]:   pkcs11_protected_authentication = DISABLED
Jan 12 00:00:36 roshi ovpn-server[4358]:   pkcs11_protected_authentication = DISABLED
Jan 12 00:00:36 roshi ovpn-server[4358]:   pkcs11_protected_authentication = DISABLED
Jan 12 00:00:36 roshi ovpn-server[4358]:   pkcs11_protected_authentication = DISABLED
Jan 12 00:00:36 roshi ovpn-server[4358]:   pkcs11_protected_authentication = DISABLED
Jan 12 00:00:36 roshi ovpn-server[4358]:   pkcs11_protected_authentication = DISABLED
Jan 12 00:00:36 roshi ovpn-server[4358]:   pkcs11_protected_authentication = DISABLED
Jan 12 00:00:36 roshi ovpn-server[4358]:   pkcs11_protected_authentication = DISABLED
Jan 12 00:00:36 roshi ovpn-server[4358]:   pkcs11_protected_authentication = DISABLED
Jan 12 00:00:36 roshi ovpn-server[4358]:   pkcs11_protected_authentication = DISABLED
Jan 12 00:00:36 roshi ovpn-server[4358]:   pkcs11_protected_authentication = DISABLED
Jan 12 00:00:36 roshi ovpn-server[4358]:   pkcs11_protected_authentication = DISABLED
Jan 12 00:00:36 roshi ovpn-server[4358]:   pkcs11_private_mode = 00000000
Jan 12 00:00:36 roshi ovpn-server[4358]:   pkcs11_private_mode = 00000000
Jan 12 00:00:36 roshi ovpn-server[4358]:   pkcs11_private_mode = 00000000
Jan 12 00:00:36 roshi ovpn-server[4358]:   pkcs11_private_mode = 00000000
Jan 12 00:00:36 roshi ovpn-server[4358]:   pkcs11_private_mode = 00000000
Jan 12 00:00:36 roshi ovpn-server[4358]:   pkcs11_private_mode = 00000000
Jan 12 00:00:36 roshi ovpn-server[4358]:   pkcs11_private_mode = 00000000
Jan 12 00:00:36 roshi ovpn-server[4358]:   pkcs11_private_mode = 00000000
Jan 12 00:00:36 roshi ovpn-server[4358]:   pkcs11_private_mode = 00000000
Jan 12 00:00:36 roshi ovpn-server[4358]:   pkcs11_private_mode = 00000000
Jan 12 00:00:36 roshi ovpn-server[4358]:   pkcs11_private_mode = 00000000
Jan 12 00:00:36 roshi ovpn-server[4358]:   pkcs11_private_mode = 00000000
Jan 12 00:00:36 roshi ovpn-server[4358]:   pkcs11_private_mode = 00000000
Jan 12 00:00:36 roshi ovpn-server[4358]:   pkcs11_private_mode = 00000000
Jan 12 00:00:36 roshi ovpn-server[4358]:   pkcs11_private_mode = 00000000
Jan 12 00:00:36 roshi ovpn-server[4358]:   pkcs11_private_mode = 00000000
Jan 12 00:00:36 roshi ovpn-server[4358]:   pkcs11_cert_private = DISABLED
Jan 12 00:00:36 roshi ovpn-server[4358]:   pkcs11_cert_private = DISABLED
Jan 12 00:00:36 roshi ovpn-server[4358]:   pkcs11_cert_private = DISABLED
Jan 12 00:00:36 roshi ovpn-server[4358]:   pkcs11_cert_private = DISABLED
Jan 12 00:00:36 roshi ovpn-server[4358]:   pkcs11_cert_private = DISABLED
Jan 12 00:00:36 roshi ovpn-server[4358]:   pkcs11_cert_private = DISABLED
Jan 12 00:00:36 roshi ovpn-server[4358]:   pkcs11_cert_private = DISABLED
Jan 12 00:00:36 roshi ovpn-server[4358]:   pkcs11_cert_private = DISABLED
Jan 12 00:00:36 roshi ovpn-server[4358]:   pkcs11_cert_private = DISABLED
Jan 12 00:00:36 roshi ovpn-server[4358]:   pkcs11_cert_private = DISABLED
Jan 12 00:00:36 roshi ovpn-server[4358]:   pkcs11_cert_private = DISABLED
Jan 12 00:00:36 roshi ovpn-server[4358]:   pkcs11_cert_private = DISABLED
Jan 12 00:00:36 roshi ovpn-server[4358]:   pkcs11_cert_private = DISABLED
Jan 12 00:00:36 roshi ovpn-server[4358]:   pkcs11_cert_private = DISABLED
Jan 12 00:00:36 roshi ovpn-server[4358]:   pkcs11_cert_private = DISABLED
Jan 12 00:00:36 roshi ovpn-server[4358]:   pkcs11_cert_private = DISABLED
Jan 12 00:00:36 roshi ovpn-server[4358]:   pkcs11_pin_cache_period = -1
Jan 12 00:00:36 roshi ovpn-server[4358]:   pkcs11_id = '[UNDEF]'
Jan 12 00:00:36 roshi ovpn-server[4358]:   pkcs11_id_management = DISABLED
Jan 12 00:00:36 roshi ovpn-server[4358]:   server_network = 0.0.0.0
Jan 12 00:00:36 roshi ovpn-server[4358]:   server_netmask = 0.0.0.0
Jan 12 00:00:36 roshi ovpn-server[4358]:   server_network_ipv6 = ::
Jan 12 00:00:36 roshi ovpn-server[4358]:   server_netbits_ipv6 = 0
Jan 12 00:00:36 roshi ovpn-server[4358]:   server_bridge_ip = 10.8.8.1
Jan 12 00:00:36 roshi ovpn-server[4358]:   server_bridge_netmask = 255.255.255.0
Jan 12 00:00:36 roshi ovpn-server[4358]:   server_bridge_pool_start = 10.8.8.10
Jan 12 00:00:36 roshi ovpn-server[4358]:   server_bridge_pool_end = 10.8.8.30
Jan 12 00:00:36 roshi ovpn-server[4358]:   push_entry = 'route-gateway 10.8.8.1'
Jan 12 00:00:36 roshi ovpn-server[4358]:   push_entry = 'ping 15'
Jan 12 00:00:36 roshi ovpn-server[4358]:   push_entry = 'ping-restart 120'
Jan 12 00:00:36 roshi ovpn-server[4358]:   ifconfig_pool_defined = ENABLED
Jan 12 00:00:36 roshi ovpn-server[4358]:   ifconfig_pool_start = 10.8.8.10
Jan 12 00:00:36 roshi ovpn-server[4358]:   ifconfig_pool_end = 10.8.8.30
Jan 12 00:00:36 roshi ovpn-server[4358]:   ifconfig_pool_netmask = 255.255.255.0
Jan 12 00:00:36 roshi ovpn-server[4358]:   ifconfig_pool_persist_filename = '[UNDEF]'
Jan 12 00:00:36 roshi ovpn-server[4358]:   ifconfig_pool_persist_refresh_freq = 600
Jan 12 00:00:36 roshi ovpn-server[4358]:   ifconfig_ipv6_pool_defined = DISABLED
Jan 12 00:00:36 roshi ovpn-server[4358]:   ifconfig_ipv6_pool_base = ::
Jan 12 00:00:36 roshi ovpn-server[4358]:   ifconfig_ipv6_pool_netbits = 0
Jan 12 00:00:36 roshi ovpn-server[4358]:   n_bcast_buf = 256
Jan 12 00:00:36 roshi ovpn-server[4358]:   tcp_queue_limit = 64
Jan 12 00:00:36 roshi ovpn-server[4358]:   real_hash_size = 256
Jan 12 00:00:36 roshi ovpn-server[4358]:   virtual_hash_size = 256
Jan 12 00:00:36 roshi ovpn-server[4358]:   client_connect_script = '[UNDEF]'
Jan 12 00:00:36 roshi ovpn-server[4358]:   learn_address_script = '[UNDEF]'
Jan 12 00:00:36 roshi ovpn-server[4358]:   client_disconnect_script = '[UNDEF]'
Jan 12 00:00:36 roshi ovpn-server[4358]:   client_config_dir = '/etc/openvpn/ccd'
Jan 12 00:00:36 roshi ovpn-server[4358]:   ccd_exclusive = DISABLED
Jan 12 00:00:36 roshi ovpn-server[4358]:   tmp_dir = '/tmp'
Jan 12 00:00:36 roshi ovpn-server[4358]:   push_ifconfig_defined = DISABLED
Jan 12 00:00:36 roshi ovpn-server[4358]:   push_ifconfig_local = 0.0.0.0
Jan 12 00:00:36 roshi ovpn-server[4358]:   push_ifconfig_remote_netmask = 0.0.0.0
Jan 12 00:00:36 roshi ovpn-server[4358]:   push_ifconfig_ipv6_defined = DISABLED
Jan 12 00:00:36 roshi ovpn-server[4358]:   push_ifconfig_ipv6_local = ::/0
Jan 12 00:00:36 roshi ovpn-server[4358]:   push_ifconfig_ipv6_remote = ::
Jan 12 00:00:36 roshi ovpn-server[4358]:   enable_c2c = ENABLED
Jan 12 00:00:36 roshi ovpn-server[4358]:   duplicate_cn = DISABLED
Jan 12 00:00:36 roshi ovpn-server[4358]:   cf_max = 0
Jan 12 00:00:36 roshi ovpn-server[4358]:   cf_per = 0
Jan 12 00:00:36 roshi ovpn-server[4358]:   max_clients = 1024
Jan 12 00:00:36 roshi ovpn-server[4358]:   max_routes_per_client = 256
Jan 12 00:00:36 roshi ovpn-server[4358]:   auth_user_pass_verify_script = '[UNDEF]'
Jan 12 00:00:36 roshi ovpn-server[4358]:   auth_user_pass_verify_script_via_file = DISABLED
Jan 12 00:00:36 roshi ovpn-server[4358]:   auth_token_generate = DISABLED
Jan 12 00:00:36 roshi ovpn-server[4358]:   auth_token_lifetime = 0
Jan 12 00:00:36 roshi ovpn-server[4358]:   port_share_host = '[UNDEF]'
Jan 12 00:00:36 roshi ovpn-server[4358]:   port_share_port = '[UNDEF]'
Jan 12 00:00:36 roshi ovpn-server[4358]:   client = DISABLED
Jan 12 00:00:36 roshi ovpn-server[4358]:   pull = DISABLED
Jan 12 00:00:36 roshi ovpn-server[4358]:   auth_user_pass_file = '[UNDEF]'
Jan 12 00:00:36 roshi ovpn-server[4358]: OpenVPN 2.4.7 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 20 2019
Jan 12 00:00:36 roshi ovpn-server[4358]: library versions: OpenSSL 1.1.1d  10 Sep 2019, LZO 2.10
Jan 12 00:00:36 roshi ovpn-server[4358]: NOTE: when bridging your LAN adapter with the TAP adapter, note that the new bridge adapter will often take on its own IP address that is different from what the LAN adapter was previously set to
Jan 12 00:00:36 roshi ovpn-server[4358]: ECDH curve prime256v1 added
Jan 12 00:00:36 roshi ovpn-server[4358]: Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Jan 12 00:00:36 roshi ovpn-server[4358]: Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Jan 12 00:00:36 roshi ovpn-server[4358]: Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Jan 12 00:00:36 roshi ovpn-server[4358]: Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Jan 12 00:00:36 roshi ovpn-server[4358]: TLS-Auth MTU parms [ L:1653 D:1156 EF:94 EB:0 ET:0 EL:3 ]
Jan 12 00:00:36 roshi ovpn-server[4358]: TUN/TAP device tap0 opened
Jan 12 00:00:36 roshi ovpn-server[4358]: TUN/TAP TX queue length set to 100
Jan 12 00:00:36 roshi ovpn-server[4358]: Data Channel MTU parms [ L:1653 D:1450 EF:121 EB:411 ET:32 EL:3 ]
Jan 12 00:00:36 roshi ovpn-server[4358]: Could not determine IPv4/IPv6 protocol. Using AF_INET
Jan 12 00:00:36 roshi ovpn-server[4358]: Socket Buffers: R=[180224->180224] S=[180224->180224]
Jan 12 00:00:36 roshi ovpn-server[4358]: UDPv4 link local (bound): [AF_INET][undef]:1194
Jan 12 00:00:36 roshi ovpn-server[4358]: UDPv4 link remote: [AF_UNSPEC]
Jan 12 00:00:36 roshi ovpn-server[4358]: GID set to openvpn
Jan 12 00:00:36 roshi ovpn-server[4358]: UID set to openvpn
Jan 12 00:00:36 roshi ovpn-server[4358]: MULTI: multi_init called, r=256 v=256
Jan 12 00:00:36 roshi ovpn-server[4358]: IFCONFIG POOL: base=10.8.8.10 size=21, ipv6=0
Jan 12 00:00:36 roshi ovpn-server[4358]: Initialization Sequence Completed
Jan 12 00:00:41 roshi ovpn-server[4358]: MULTI: multi_create_instance called
Jan 12 00:00:41 roshi ovpn-server[4358]: 192.168.1.100:60930 Re-using SSL/TLS context
Jan 12 00:00:41 roshi ovpn-server[4358]: 192.168.1.100:60930 Control Channel MTU parms [ L:1653 D:1156 EF:94 EB:0 ET:0 EL:3 ]
Jan 12 00:00:41 roshi ovpn-server[4358]: 192.168.1.100:60930 Data Channel MTU parms [ L:1653 D:1450 EF:121 EB:411 ET:32 EL:3 ]
Jan 12 00:00:41 roshi ovpn-server[4358]: 192.168.1.100:60930 Local Options String (VER=V4): 'V4,dev-type tap,link-mtu 1601,tun-mtu 1532,proto UDPv4,cipher AES-256-CBC,auth SHA256,keysize 256,key-method 2,tls-server'
Jan 12 00:00:41 roshi ovpn-server[4358]: 192.168.1.100:60930 Expected Remote Options String (VER=V4): 'V4,dev-type tap,link-mtu 1601,tun-mtu 1532,proto UDPv4,cipher AES-256-CBC,auth SHA256,keysize 256,key-method 2,tls-client'
Jan 12 00:00:41 roshi ovpn-server[4358]: 192.168.1.100:60930 TLS: Initial packet from [AF_INET]192.168.1.100:60930, sid=0a41ce2b 17b0bed7
Jan 12 00:00:41 roshi ovpn-server[4358]: 192.168.1.100:60930 VERIFY OK: depth=1, CN=ChangeMe
Jan 12 00:00:41 roshi ovpn-server[4358]: 192.168.1.100:60930 VERIFY KU OK
Jan 12 00:00:41 roshi ovpn-server[4358]: 192.168.1.100:60930 Validating certificate extended key usage
Jan 12 00:00:41 roshi ovpn-server[4358]: 192.168.1.100:60930 ++ Certificate has EKU (str) TLS Web Client Authentication, expects TLS Web Client Authentication
Jan 12 00:00:41 roshi ovpn-server[4358]: 192.168.1.100:60930 VERIFY EKU OK
Jan 12 00:00:41 roshi ovpn-server[4358]: 192.168.1.100:60930 VERIFY OK: depth=0, CN=user1
Jan 12 00:00:41 roshi ovpn-server[4358]: 192.168.1.100:60930 peer info: IV_VER=2.5.0
Jan 12 00:00:41 roshi ovpn-server[4358]: 192.168.1.100:60930 peer info: IV_PLAT=win
Jan 12 00:00:41 roshi ovpn-server[4358]: 192.168.1.100:60930 peer info: IV_PROTO=6
Jan 12 00:00:41 roshi ovpn-server[4358]: 192.168.1.100:60930 peer info: IV_NCP=2
Jan 12 00:00:41 roshi ovpn-server[4358]: 192.168.1.100:60930 peer info: IV_CIPHERS=AES-256-GCM:AES-128-GCM:AES-256-CBC
Jan 12 00:00:41 roshi ovpn-server[4358]: 192.168.1.100:60930 peer info: IV_LZ4=1
Jan 12 00:00:41 roshi ovpn-server[4358]: 192.168.1.100:60930 peer info: IV_LZ4v2=1
Jan 12 00:00:41 roshi ovpn-server[4358]: 192.168.1.100:60930 peer info: IV_LZO=1
Jan 12 00:00:41 roshi ovpn-server[4358]: 192.168.1.100:60930 peer info: IV_COMP_STUB=1
Jan 12 00:00:41 roshi ovpn-server[4358]: 192.168.1.100:60930 peer info: IV_COMP_STUBv2=1
Jan 12 00:00:41 roshi ovpn-server[4358]: 192.168.1.100:60930 peer info: IV_TCPNL=1
Jan 12 00:00:41 roshi ovpn-server[4358]: 192.168.1.100:60930 peer info: IV_GUI_VER=OpenVPN_GUI_11
Jan 12 00:00:41 roshi ovpn-server[4358]: 192.168.1.100:60930 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 256 bit EC, curve: prime256v1
Jan 12 00:00:41 roshi ovpn-server[4358]: 192.168.1.100:60930 [user1] Peer Connection Initiated with [AF_INET]192.168.1.100:60930
Jan 12 00:00:41 roshi ovpn-server[4358]: user1/192.168.1.100:60930 OPTIONS IMPORT: reading client specific options from: /etc/openvpn/ccd/user1
Jan 12 00:00:42 roshi ovpn-server[4358]: user1/192.168.1.100:60930 PUSH: Received control message: 'PUSH_REQUEST'
Jan 12 00:00:42 roshi ovpn-server[4358]: user1/192.168.1.100:60930 SENT CONTROL [user1]: 'PUSH_REPLY,route-gateway 10.8.8.1,ping 15,ping-restart 120,ifconfig 10.8.0.2 255.255.255.0,peer-id 0,cipher AES-256-GCM' (status=1)
Jan 12 00:00:42 roshi ovpn-server[4358]: user1/192.168.1.100:60930 Data Channel: using negotiated cipher 'AES-256-GCM'
Jan 12 00:00:42 roshi ovpn-server[4358]: user1/192.168.1.100:60930 Data Channel MTU parms [ L:1581 D:1450 EF:49 EB:411 ET:32 EL:3 ]
Jan 12 00:00:42 roshi ovpn-server[4358]: user1/192.168.1.100:60930 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Jan 12 00:00:42 roshi ovpn-server[4358]: user1/192.168.1.100:60930 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Jan 12 00:00:42 roshi ovpn-server[4358]: user1/192.168.1.100:60930 MULTI: Learn: 00:ff:56:c9:57:68 -> user1/192.168.1.100:60930

Client Log

Code: Select all

Tue Jan 12 00:00:40 2021 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
Tue Jan 12 00:00:40 2021 OpenVPN 2.5.0 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Oct 28 2020
Tue Jan 12 00:00:40 2021 Windows version 6.1 (Windows 7) 64bit
Tue Jan 12 00:00:40 2021 library versions: OpenSSL 1.1.1h  22 Sep 2020, LZO 2.10
Tue Jan 12 00:00:40 2021 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Tue Jan 12 00:00:40 2021 Need hold release from management interface, waiting...
Tue Jan 12 00:00:40 2021 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Tue Jan 12 00:00:40 2021 MANAGEMENT: CMD 'state on'
Tue Jan 12 00:00:40 2021 MANAGEMENT: CMD 'log all on'
Tue Jan 12 00:00:40 2021 MANAGEMENT: CMD 'echo all on'
Tue Jan 12 00:00:40 2021 MANAGEMENT: CMD 'bytecount 5'
Tue Jan 12 00:00:40 2021 MANAGEMENT: CMD 'hold off'
Tue Jan 12 00:00:40 2021 MANAGEMENT: CMD 'hold release'
Tue Jan 12 00:00:40 2021 MANAGEMENT: CMD 'password [...]'
Tue Jan 12 00:00:40 2021 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Tue Jan 12 00:00:40 2021 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Tue Jan 12 00:00:40 2021 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Tue Jan 12 00:00:40 2021 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Tue Jan 12 00:00:40 2021 MANAGEMENT: >STATE:1610409640,RESOLVE,,,,,,
Tue Jan 12 00:00:40 2021 TCP/UDP: Preserving recently used remote address: [AF_INET]192.168.9.9:1194
Tue Jan 12 00:00:40 2021 Socket Buffers: R=[8192->8192] S=[8192->8192]
Tue Jan 12 00:00:40 2021 UDP link local: (not bound)
Tue Jan 12 00:00:40 2021 UDP link remote: [AF_INET]192.168.9.9:1194
Tue Jan 12 00:00:40 2021 MANAGEMENT: >STATE:1610409640,WAIT,,,,,,
Tue Jan 12 00:00:40 2021 MANAGEMENT: >STATE:1610409640,AUTH,,,,,,
Tue Jan 12 00:00:40 2021 TLS: Initial packet from [AF_INET]192.168.9.9:1194, sid=8068dbdd 2dc7389e
Tue Jan 12 00:00:40 2021 VERIFY KU OK
Tue Jan 12 00:00:40 2021 Validating certificate extended key usage
Tue Jan 12 00:00:40 2021 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Tue Jan 12 00:00:40 2021 VERIFY EKU OK
Tue Jan 12 00:00:40 2021 VERIFY X509NAME OK: CN=roshi_326f096b-ac6b-4bc4-a990-9c7aea1d340c
Tue Jan 12 00:00:40 2021 VERIFY OK: depth=0, CN=roshi_326f096b-ac6b-4bc4-a990-9c7aea1d340c
Tue Jan 12 00:00:41 2021 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 256 bit EC, curve: prime256v1
Tue Jan 12 00:00:41 2021 [roshi_326f096b-ac6b-4bc4-a990-9c7aea1d340c] Peer Connection Initiated with [AF_INET]192.168.9.9:1194
Tue Jan 12 00:00:42 2021 MANAGEMENT: >STATE:1610409642,GET_CONFIG,,,,,,
Tue Jan 12 00:00:42 2021 SENT CONTROL [roshi_326f096b-ac6b-4bc4-a990-9c7aea1d340c]: 'PUSH_REQUEST' (status=1)
Tue Jan 12 00:00:42 2021 PUSH: Received control message: 'PUSH_REPLY,route-gateway 10.8.8.1,ping 15,ping-restart 120,ifconfig 10.8.0.2 255.255.255.0,peer-id 0,cipher AES-256-GCM'
Tue Jan 12 00:00:42 2021 OPTIONS IMPORT: timers and/or timeouts modified
Tue Jan 12 00:00:42 2021 OPTIONS IMPORT: --ifconfig/up options modified
Tue Jan 12 00:00:42 2021 OPTIONS IMPORT: route-related options modified
Tue Jan 12 00:00:42 2021 OPTIONS IMPORT: peer-id set
Tue Jan 12 00:00:42 2021 OPTIONS IMPORT: adjusting link_mtu to 1656
Tue Jan 12 00:00:42 2021 OPTIONS IMPORT: data channel crypto options modified
Tue Jan 12 00:00:42 2021 Data Channel: using negotiated cipher 'AES-256-GCM'
Tue Jan 12 00:00:42 2021 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Tue Jan 12 00:00:42 2021 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Tue Jan 12 00:00:42 2021 interactive service msg_channel=208
Tue Jan 12 00:00:42 2021 open_tun
Tue Jan 12 00:00:42 2021 CreateFile failed on tap-windows6 device: \\.\Global\{BB60CFB3-FF97-434B-AEC3-B9EF963CA1CC}.tap
Tue Jan 12 00:00:42 2021 tap-windows6 device [OpenVPN Wintap] opened
Tue Jan 12 00:00:42 2021 TAP-Windows Driver Version 9.24 
Tue Jan 12 00:00:42 2021 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.8.0.2/255.255.255.0 on interface {56C95768-6C37-453D-A52D-9207E312B31E} [DHCP-serv: 10.8.0.0, lease-time: 31536000]
Tue Jan 12 00:00:42 2021 Successful ARP Flush on interface [28] {56C95768-6C37-453D-A52D-9207E312B31E}
Tue Jan 12 00:00:42 2021 MANAGEMENT: >STATE:1610409642,ASSIGN_IP,,10.8.0.2,,,,
Tue Jan 12 00:00:42 2021 IPv4 MTU set to 1500 on interface 28 using service
Tue Jan 12 00:00:47 2021 TEST ROUTES: 0/0 succeeded len=0 ret=1 a=0 u/d=up
Tue Jan 12 00:00:47 2021 Initialization Sequence Completed
Tue Jan 12 00:00:47 2021 MANAGEMENT: >STATE:1610409647,CONNECTED,SUCCESS,10.8.0.2,192.168.9.9,1194,,
Last edited by Pippin on Tue Jan 12, 2021 12:59 pm, edited 1 time in total.
Reason: Formatting

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 8385
Joined: Fri Jun 03, 2016 1:17 pm

Re: server-bridge settings ignored by client

Post by TinCanTech » Tue Jan 12, 2021 12:56 am

See your --client-config-dir

MrMysteryGuest
OpenVpn Newbie
Posts: 2
Joined: Mon Jan 11, 2021 11:57 pm

Re: server-bridge settings ignored by client

Post by MrMysteryGuest » Tue Jan 12, 2021 7:11 pm

TinCanTech wrote:
Tue Jan 12, 2021 12:56 am
See your --client-config-dir
:lol: how did that get in there! That directory was empty last time I checked!

I've renamed the file and it's working as expected now.

Thanks TinCanTech 8-)

Post Reply