I'm a noob with tcpip. I'm sure its something as simple as missing a route, but the problem is that I don't even know how to search for this information because I'm not knowledgeable enough on the terminology. My searches have come up with nothing but irrelevant topics. If anyone can point me in the right direction, I'd greatly appreciate it.
Environment: modem -> TP-Link router -> Win 10 box with OpenVPN + xampp
Static route on router: 10.8.8.1 > 255.255.255.0 > 192.168.99.2 (win 10 IP)
server.ovpn - OpenVPN 2.5.2 x86_64-w64-mingw32
port 1194
proto udp4
dev tun
topology subnet
server 10.8.8.0 255.255.255.0
ifconfig-pool-persist "C:\\Program Files\\OpenVPN\\ipp.txt"
keepalive 10 120
cipher AES-256-CBC
persist-key
persist-tun
status "C:\\Program Files\\OpenVPN\\log\\openvpn-status.log"
verb 4
explicit-exit-notify 1
dhcp-renew
auth-nocache
client-config-dir C:\\Users\\android\\OpenVPN\\ccd
ca "C:\\scripts\\easy-rsa\\pki\\ca.crt"
cert "C:\\scripts\\easy-rsa\\pki\\issued\\server.crt"
key "C:\\scripts\\easy-rsa\\pki\\private\\server.key"
dh "C:\\scripts\\easy-rsa\\pki\\dh.pem"
client_android.ovpn - OpenVPN Connect Android 3.2.4-5891
client
dev tun
proto udp4
remote mydomain.tld 1194
resolv-retry infinite
nobind
persist-key
persist-tun
cipher AES-256-CBC
verb 3
<ca>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN ENCRYPTED PRIVATE KEY-----
-----END ENCRYPTED PRIVATE KEY-----
</key>
client_android (ccd)
push "redirect-gateway def1"
push "dhcp-option DNS 208.67.220.220"
push "dhcp-option DNS 208.67.222.222"
Commenting push "dhcp-option DNS..." did not work.
I'm also getting PID_ERR replay-window backtrack occurred errors. I don't know if that's related to my problem or not.
[olog]
2021-06-09 19:54:57 us=711032 MULTI: multi_create_instance called
2021-06-09 19:54:57 us=711032 173.59.201.193:59695 Re-using SSL/TLS context
2021-06-09 19:54:57 us=711032 173.59.201.193:59695 Control Channel MTU parms [ L:1621 D:1212 EF:38 EB:0 ET:0 EL:3 ]
2021-06-09 19:54:57 us=711032 173.59.201.193:59695 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
2021-06-09 19:54:57 us=711032 173.59.201.193:59695 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-server'
2021-06-09 19:54:57 us=711032 173.59.201.193:59695 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-client'
2021-06-09 19:54:57 us=711032 173.59.201.193:59695 TLS: Initial packet from [AF_INET]173.59.201.193:59695, sid=1e4a6ba6 ddec6a46
2021-06-09 19:54:57 us=855995 173.59.201.193:59695 VERIFY OK: depth=1, CN=win10
2021-06-09 19:54:57 us=855995 173.59.201.193:59695 VERIFY OK: depth=0, CN=client_android
2021-06-09 19:54:57 us=855995 173.59.201.193:59695 peer info: IV_VER=3.git:released:662eae9a:Release
2021-06-09 19:54:57 us=855995 173.59.201.193:59695 peer info: IV_PLAT=android
2021-06-09 19:54:57 us=855995 173.59.201.193:59695 peer info: IV_NCP=2
2021-06-09 19:54:57 us=855995 173.59.201.193:59695 peer info: IV_TCPNL=1
2021-06-09 19:54:57 us=855995 173.59.201.193:59695 peer info: IV_PROTO=2
2021-06-09 19:54:57 us=855995 173.59.201.193:59695 peer info: IV_IPv6=0
2021-06-09 19:54:57 us=855995 173.59.201.193:59695 peer info: IV_AUTO_SESS=1
2021-06-09 19:54:57 us=855995 173.59.201.193:59695 peer info: IV_GUI_VER=net.openvpn.connect.android_3.2.4-5891
2021-06-09 19:54:57 us=855995 173.59.201.193:59695 peer info: IV_SSO=openurl
2021-06-09 19:54:57 us=918784 173.59.201.193:59695 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256
2021-06-09 19:54:57 us=918784 173.59.201.193:59695 [client_android] Peer Connection Initiated with [AF_INET]173.59.201.193:59695
2021-06-09 19:54:57 us=918784 client_android/173.59.201.193:59695 MULTI_sva: pool returned IPv4=10.8.8.2, IPv6=(Not enabled)
2021-06-09 19:54:57 us=918784 client_android/173.59.201.193:59695 OPTIONS IMPORT: reading client specific options from: C:\Users\android\OpenVPN\ccd\client_android
2021-06-09 19:54:57 us=918784 client_android/173.59.201.193:59695 MULTI: Learn: 10.8.8.2 -> client_android/173.59.201.193:59695
2021-06-09 19:54:57 us=918784 client_android/173.59.201.193:59695 MULTI: primary virtual IP for client_android/173.59.201.193:59695: 10.8.8.2
2021-06-09 19:54:57 us=918784 client_android/173.59.201.193:59695 Data Channel: using negotiated cipher 'AES-256-GCM'
2021-06-09 19:54:57 us=918784 client_android/173.59.201.193:59695 Data Channel MTU parms [ L:1549 D:1450 EF:49 EB:406 ET:0 EL:3 ]
2021-06-09 19:54:57 us=918784 client_android/173.59.201.193:59695 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2021-06-09 19:54:57 us=918784 client_android/173.59.201.193:59695 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2021-06-09 19:54:57 us=918784 client_android/173.59.201.193:59695 PUSH: Received control message: 'PUSH_REQUEST'
2021-06-09 19:54:57 us=918784 client_android/173.59.201.193:59695 SENT CONTROL [client_android]: 'PUSH_REPLY,route-gateway 10.8.8.1,topology subnet,ping 10,ping-restart 120,redirect-gateway def1,dhcp-option DNS 208.67.220.220,dhcp-option DNS 208.67.222.222,ifconfig 10.8.8.2 255.255.255.0,peer-id 0,cipher AES-256-GCM' (status=1)
2021-06-09 19:55:12 us=402788 client_android/173.59.201.193:59695 PID_ERR replay-window backtrack occurred [3] [SSL-0] [000_000000000000000000000000000000000000000000000000000000000000] 0:569 0:566 t=1623282912[0] r=[-4,64,15,3,1] sl=[7,64,64,528]
2021-06-09 19:55:12 us=528053 client_android/173.59.201.193:59695 PID_ERR replay-window backtrack occurred [4] [SSL-0] [0000_00000000000000000000000000000000000000000000000000000000000] 0:597 0:593 t=1623282912[0] r=[-4,64,15,4,1] sl=[43,64,64,528]
2021-06-09 20:16:10 us=108203 client_android/173.59.201.193:59695 PID_ERR replay-window backtrack occurred [5] [SSL-0] [0_____00001111111111111111111111111111111111111111111111111116>E] 0:2095 0:2090 t=1623284170[0] r=[-1,64,15,5,1] sl=[17,64,64,528]
2021-06-09 20:53:21 us=59323 client_android/173.59.201.193:59695 TLS: soft reset sec=3504/3504 bytes=4505563/-1 pkts=9151/0
2021-06-09 20:53:21 us=419141 client_android/173.59.201.193:59695 VERIFY OK: depth=1, CN=win10
2021-06-09 20:53:21 us=419141 client_android/173.59.201.193:59695 VERIFY OK: depth=0, CN=client_android
2021-06-09 20:53:21 us=419141 client_android/173.59.201.193:59695 peer info: IV_VER=3.git:released:662eae9a:Release
2021-06-09 20:53:21 us=419141 client_android/173.59.201.193:59695 peer info: IV_PLAT=android
2021-06-09 20:53:21 us=419141 client_android/173.59.201.193:59695 peer info: IV_NCP=2
2021-06-09 20:53:21 us=419141 client_android/173.59.201.193:59695 peer info: IV_TCPNL=1
2021-06-09 20:53:21 us=419141 client_android/173.59.201.193:59695 peer info: IV_PROTO=2
2021-06-09 20:53:21 us=419141 client_android/173.59.201.193:59695 peer info: IV_IPv6=0
2021-06-09 20:53:21 us=419141 client_android/173.59.201.193:59695 peer info: IV_AUTO_SESS=1
2021-06-09 20:53:21 us=419141 client_android/173.59.201.193:59695 peer info: IV_GUI_VER=net.openvpn.connect.android_3.2.4-5891
2021-06-09 20:53:21 us=419141 client_android/173.59.201.193:59695 peer info: IV_SSO=openurl
2021-06-09 20:53:21 us=419141 client_android/173.59.201.193:59695 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2021-06-09 20:53:21 us=419141 client_android/173.59.201.193:59695 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2021-06-09 20:53:21 us=496529 client_android/173.59.201.193:59695 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256
2021-06-09 20:59:09 us=434082 client_android/173.59.201.193:59695 PID_ERR replay-window backtrack occurred [2] [SSL-1] [0__4444444444444455555556666>EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE] 0:114 0:112 t=1623286749[0] r=[0,64,15,2,1] sl=[14,64,64,528]
2021-06-09 21:07:09 us=358117 client_android/173.59.201.193:59695 PID_ERR replay-window backtrack occurred [3] [SSL-1] [0___000000000000011111>EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE] 0:698 0:695 t=1623287229[0] r=[-1,64,15,3,1] sl=[6,64,64,528]
[/olog]