I cannot access the server even though the connection is made

Need help configuring your VPN? Just post here and you'll get that help.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
M82
OpenVpn Newbie
Posts: 1
Joined: Mon Oct 18, 2021 3:15 pm

I cannot access the server even though the connection is made

Post by M82 » Mon Oct 18, 2021 4:54 pm

Hi, sorry for the trivial questions, I'm trying to remotely connect to a windows 10 pc with shared folders, I can ping but I can't access either the remote desktop or the shared folders despite having configured the windows firewall so that are shared on 10.8.0.0.
The router is configured to forward port 1194 to the ip address of the pc (192.168.10.24).
This is the server configuration

Code: Select all

port 1194
proto udp
dev tun
ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\config\\PC001.crt"
key "C:\\Program Files\\OpenVPN\\config\\PC001.key"
dh "C:\\Program Files\\OpenVPN\\config\\dh2048.pem"
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
keepalive 10 120
tls-auth "C:\\Program Files\\OpenVPN\\config\\ta.key" 0 
cipher AES-256-GCM
persist-key
persist-tun
status openvpn-status.log
verb 3
explicit-exit-notify 1
This is the client configuration

Code: Select all

client
dev tun
proto udp
remote 213.226.x.x 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\config\\client.crt"
key "C:\\Program Files\\OpenVPN\\config\\client.key"
remote-cert-tls server
tls-auth "C:\\Program Files\\OpenVPN\\config\\ta.key" 1
cipher AES-256-CBC
verb 3
Server Log

Code: Select all

2021-10-18 18:45:41 WARNING: --topology net30 support for server configs with IPv4 pools will be removed in a future release. Please migrate to --topology subnet as soon as possible.
2021-10-18 18:45:41 --pull-filter ignored for --mode server
2021-10-18 18:45:41 OpenVPN 2.5.3 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Jun 17 2021
2021-10-18 18:45:41 Windows version 10.0 (Windows 10 or greater) 64bit
2021-10-18 18:45:41 library versions: OpenSSL 1.1.1k  25 Mar 2021, LZO 2.10
Enter Management Password:
2021-10-18 18:45:41 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
2021-10-18 18:45:41 Need hold release from management interface, waiting...
2021-10-18 18:45:42 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
2021-10-18 18:45:42 MANAGEMENT: CMD 'state on'
2021-10-18 18:45:42 MANAGEMENT: CMD 'log all on'
2021-10-18 18:45:42 MANAGEMENT: CMD 'echo all on'
2021-10-18 18:45:42 MANAGEMENT: CMD 'bytecount 5'
2021-10-18 18:45:42 MANAGEMENT: CMD 'hold off'
2021-10-18 18:45:42 MANAGEMENT: CMD 'hold release'
2021-10-18 18:45:42 Note: cannot open openvpn-status.log for WRITE
2021-10-18 18:45:42 Note: cannot open ipp.txt for READ/WRITE
2021-10-18 18:45:42 Diffie-Hellman initialized with 2048 bit key
2021-10-18 18:45:42 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2021-10-18 18:45:42 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2021-10-18 18:45:42 interactive service msg_channel=652
2021-10-18 18:45:42 ROUTE_GATEWAY 192.168.10.1/255.255.255.0 I=8 HWADDR=d0:50:99:87:2d:87
2021-10-18 18:45:42 open_tun
2021-10-18 18:45:42 tap-windows6 device [ServerVPN] opened
2021-10-18 18:45:42 TAP-Windows Driver Version 9.24 
2021-10-18 18:45:42 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.8.0.1/255.255.255.252 on interface {A8FCCE2D-BB77-4FC8-BC6E-310E79A86359} [DHCP-serv: 10.8.0.2, lease-time: 31536000]
2021-10-18 18:45:42 Sleeping for 10 seconds...
2021-10-18 18:45:52 Successful ARP Flush on interface [16] {A8FCCE2D-BB77-4FC8-BC6E-310E79A86359}
2021-10-18 18:45:52 MANAGEMENT: >STATE:1634575552,ASSIGN_IP,,10.8.0.1,,,,
2021-10-18 18:45:52 IPv4 MTU set to 1500 on interface 16 using service
2021-10-18 18:45:52 MANAGEMENT: >STATE:1634575552,ADD_ROUTES,,,,,,
2021-10-18 18:45:52 C:\WINDOWS\system32\route.exe ADD 10.8.0.0 MASK 255.255.255.0 10.8.0.2
2021-10-18 18:45:52 Route addition via service succeeded
2021-10-18 18:45:52 Could not determine IPv4/IPv6 protocol. Using AF_INET6
2021-10-18 18:45:52 Socket Buffers: R=[65536->65536] S=[65536->65536]
2021-10-18 18:45:52 setsockopt(IPV6_V6ONLY=0)
2021-10-18 18:45:52 UDPv6 link local (bound): [AF_INET6][undef]:1194
2021-10-18 18:45:52 UDPv6 link remote: [AF_UNSPEC]
2021-10-18 18:45:52 MULTI: multi_init called, r=256 v=256
2021-10-18 18:45:52 IFCONFIG POOL IPv4: base=10.8.0.4 size=62
2021-10-18 18:45:52 IFCONFIG POOL LIST
2021-10-18 18:45:52 Initialization Sequence Completed
2021-10-18 18:45:52 MANAGEMENT: >STATE:1634575552,CONNECTED,SUCCESS,10.8.0.1,,,,
2021-10-18 18:46:08 10.255.16.115:64475 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2021-10-18 18:46:08 10.255.16.115:64475 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2021-10-18 18:46:08 10.255.16.115:64475 TLS: Initial packet from [AF_INET6]::ffff:10.255.16.115:64475, sid=102fc802 1aa62673
2021-10-18 18:46:08 10.255.16.115:64475 VERIFY OK: depth=1, C=US, ST=CA, L=SanFrancisco, O=OpenVPN, OU=changeme, CN=changeme, name=changeme, emailAddress=mail@host.domain
2021-10-18 18:46:08 10.255.16.115:64475 VERIFY OK: depth=0, C=IT, ST=LI, L=FinaleLigure, O=Polisportiva, OU=Mauro, CN=M, name=M, emailAddress=mail@host.domain
2021-10-18 18:46:08 10.255.16.115:64475 peer info: IV_VER=2.5..4
2021-10-18 18:46:08 10.255.16.115:64475 peer info: IV_PLAT=win
2021-10-18 18:46:08 10.255.16.115:64475 peer info: IV_PROTO=6
2021-10-18 18:46:08 10.255.16.115:64475 peer info: IV_NCP=2
2021-10-18 18:46:08 10.255.16.115:64475 peer info: IV_CIPHERS=AES-256-GCM:AES-128-GCM:AES-256-CBC
2021-10-18 18:46:08 10.255.16.115:64475 peer info: IV_LZ4=1
2021-10-18 18:46:08 10.255.16.115:64475 peer info: IV_LZ4v2=1
2021-10-18 18:46:08 10.255.16.115:64475 peer info: IV_LZO=1
2021-10-18 18:46:08 10.255.16.115:64475 peer info: IV_COMP_STUB=1
2021-10-18 18:46:08 10.255.16.115:64475 peer info: IV_COMP_STUBv2=1
2021-10-18 18:46:08 10.255.16.115:64475 peer info: IV_TCPNL=1
2021-10-18 18:46:08 10.255.16.115:64475 peer info: IV_GUI_VER=OpenVPN_GUI_11
2021-10-18 18:46:08 10.255.16.115:64475 peer info: IV_SSO=openurl,crtext
2021-10-18 18:46:08 10.255.16.115:64475 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1549', remote='link-mtu 1557'
2021-10-18 18:46:08 10.255.16.115:64475 WARNING: 'auth' is used inconsistently, local='auth [null-digest]', remote='auth SHA1'
2021-10-18 18:46:08 10.255.16.115:64475 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 4096 bit RSA, signature: RSA-SHA256
2021-10-18 18:46:08 10.255.16.115:64475 [M] Peer Connection Initiated with [AF_INET6]::ffff:10.255.16.115:64475
2021-10-18 18:46:08 M/10.255.16.115:64475 MULTI_sva: pool returned IPv4=10.8.0.6, IPv6=(Not enabled)
2021-10-18 18:46:08 M/10.255.16.115:64475 MULTI: Learn: 10.8.0.6 -> M/10.255.16.115:64475
2021-10-18 18:46:08 M/10.255.16.115:64475 MULTI: primary virtual IP for M/10.255.16.115:64475: 10.8.0.6
2021-10-18 18:46:08 M/10.255.16.115:64475 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2021-10-18 18:46:08 M/10.255.16.115:64475 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2021-10-18 18:46:08 M/10.255.16.115:64475 SENT CONTROL [M]: 'PUSH_REPLY,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5,peer-id 0,cipher AES-256-GCM' (status=1)
2021-10-18 18:46:08 AEAD Decrypt error: cipher final failed
2021-10-18 18:46:18 AEAD Decrypt error: cipher final failed
2021-10-18 18:46:28 AEAD Decrypt error: cipher final failed
2021-10-18 18:46:39 AEAD Decrypt error: cipher final failed
2021-10-18 18:46:49 AEAD Decrypt error: cipher final failed
2021-10-18 18:47:02 192.168.10.1:53091 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2021-10-18 18:47:02 192.168.10.1:53091 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2021-10-18 18:47:02 192.168.10.1:53091 TLS: Initial packet from [AF_INET6]::ffff:192.168.10.1:53091, sid=8a833d63 a2bc7f14
2021-10-18 18:47:02 192.168.10.1:53091 VERIFY OK: depth=1, C=US, ST=CA, L=SanFrancisco, O=OpenVPN, OU=changeme, CN=changeme, name=changeme, emailAddress=mail@host.domain
2021-10-18 18:47:02 192.168.10.1:53091 VERIFY OK: depth=0, C=IT, ST=LI, L=FinaleLigure, O=Polisportiva, OU=Mauro, CN=M, name=M, emailAddress=mail@host.domain
2021-10-18 18:47:02 192.168.10.1:53091 peer info: IV_VER=2.5.3
2021-10-18 18:47:02 192.168.10.1:53091 peer info: IV_PLAT=win
2021-10-18 18:47:02 192.168.10.1:53091 peer info: IV_PROTO=6
2021-10-18 18:47:02 192.168.10.1:53091 peer info: IV_NCP=2
2021-10-18 18:47:02 192.168.10.1:53091 peer info: IV_CIPHERS=AES-256-GCM:AES-128-GCM:AES-256-CBC
2021-10-18 18:47:02 192.168.10.1:53091 peer info: IV_LZ4=1
2021-10-18 18:47:02 192.168.10.1:53091 peer info: IV_LZ4v2=1
2021-10-18 18:47:02 192.168.10.1:53091 peer info: IV_LZO=1
2021-10-18 18:47:02 192.168.10.1:53091 peer info: IV_COMP_STUB=1
2021-10-18 18:47:02 192.168.10.1:53091 peer info: IV_COMP_STUBv2=1
2021-10-18 18:47:02 192.168.10.1:53091 peer info: IV_TCPNL=1
2021-10-18 18:47:02 192.168.10.1:53091 peer info: IV_GUI_VER=OpenVPN_GUI_11
2021-10-18 18:47:02 192.168.10.1:53091 peer info: IV_SSO=openurl,crtext
2021-10-18 18:47:02 192.168.10.1:53091 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1549', remote='link-mtu 1557'
2021-10-18 18:47:02 192.168.10.1:53091 WARNING: 'auth' is used inconsistently, local='auth [null-digest]', remote='auth SHA1'
2021-10-18 18:47:02 192.168.10.1:53091 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 4096 bit RSA, signature: RSA-SHA256
2021-10-18 18:47:02 192.168.10.1:53091 [M] Peer Connection Initiated with [AF_INET6]::ffff:192.168.10.1:53091
2021-10-18 18:47:02 MULTI: new connection by client 'M' will cause previous active sessions by this client to be dropped.  Remember to use the --duplicate-cn option if you want multiple clients using the same certificate or username to concurrently connect.
2021-10-18 18:47:02 MULTI_sva: pool returned IPv4=10.8.0.6, IPv6=(Not enabled)
2021-10-18 18:47:02 MULTI: Learn: 10.8.0.6 -> M/192.168.10.1:53091
2021-10-18 18:47:02 MULTI: primary virtual IP for M/192.168.10.1:53091: 10.8.0.6
2021-10-18 18:47:02 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2021-10-18 18:47:02 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2021-10-18 18:47:02 SENT CONTROL [M]: 'PUSH_REPLY,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5,peer-id 1,cipher AES-256-GCM' (status=1)
Client log

Code: Select all

2021-10-18 18:38:41 VERIFY OK: depth=0, C=IT, ST=LI, L=FinaleLigure, O=Polisportiva, OU=changeme, CN=changeme, name=changeme, emailAddress=mail@host.domain
2021-10-18 18:38:41 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1557', remote='link-mtu 1549'
2021-10-18 18:38:41 WARNING: 'auth' is used inconsistently, local='auth SHA1', remote='auth [null-digest]'
2021-10-18 18:38:41 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 4096 bit RSA, signature: RSA-SHA256
2021-10-18 18:38:41 [changeme] Peer Connection Initiated with [AF_INET]213.x.x.x:1194
2021-10-18 18:38:41 PUSH: Received control message: 'PUSH_REPLY,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5,peer-id 1,cipher AES-256-GCM'
2021-10-18 18:38:41 OPTIONS IMPORT: timers and/or timeouts modified
2021-10-18 18:38:41 OPTIONS IMPORT: --ifconfig/up options modified
2021-10-18 18:38:41 OPTIONS IMPORT: route options modified
2021-10-18 18:38:41 OPTIONS IMPORT: peer-id set
2021-10-18 18:38:41 OPTIONS IMPORT: adjusting link_mtu to 1624
2021-10-18 18:38:41 OPTIONS IMPORT: data channel crypto options modified
2021-10-18 18:38:41 Data Channel: using negotiated cipher 'AES-256-GCM'
2021-10-18 18:38:41 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2021-10-18 18:38:41 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2021-10-18 18:38:41 interactive service msg_channel=564
2021-10-18 18:38:41 ROUTE_GATEWAY 10.255.16.1/255.255.240.0 I=37 HWADDR=84:3a:4b:35:a2:bc
2021-10-18 18:38:41 open_tun
2021-10-18 18:38:41 tap-windows6 device [OpenVPN TAP-Windows6] opened
2021-10-18 18:38:41 TAP-Windows Driver Version 9.24 
2021-10-18 18:38:41 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.8.0.6/255.255.255.252 on interface {9E9B783D-D564-4B89-8C9A-9A50BB56DC4B} [DHCP-serv: 10.8.0.5, lease-time: 31536000]
2021-10-18 18:38:41 Successful ARP Flush on interface [28] {9E9B783D-D564-4B89-8C9A-9A50BB56DC4B}
2021-10-18 18:38:41 MANAGEMENT: >STATE:1634575121,ASSIGN_IP,,10.8.0.6,,,,
2021-10-18 18:38:41 IPv4 MTU set to 1500 on interface 28 using service
2021-10-18 18:38:46 TEST ROUTES: 1/1 succeeded len=1 ret=1 a=0 u/d=up
2021-10-18 18:38:46 MANAGEMENT: >STATE:1634575126,ADD_ROUTES,,,,,,
2021-10-18 18:38:46 C:\WINDOWS\system32\route.exe ADD 10.8.0.1 MASK 255.255.255.255 10.8.0.5
2021-10-18 18:38:46 Route addition via service succeeded
2021-10-18 18:38:46 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2021-10-18 18:38:46 Initialization Sequence Completed
2021-10-18 18:38:46 MANAGEMENT: >STATE:1634575126,CONNECTED,SUCCESS,10.8.0.6,213.x.x.x,1194,,

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: I cannot access the server even though the connection is made

Post by TinCanTech » Mon Oct 18, 2021 5:02 pm

Please use --topology subnet in your server config.

Note: There is a bug in the version you are running. Status file and IPP file are created readonly.
A fix is being prepared.

As for the network problems, it is most likely your firewall.

Post Reply