[Solved] Cant connect to Subnet behind VPN Server

Samples of working configurations.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Locked
jawr
OpenVpn Newbie
Posts: 3
Joined: Wed Mar 08, 2017 12:23 pm

[Solved] Cant connect to Subnet behind VPN Server

Post by jawr » Wed Mar 08, 2017 12:32 pm

Hi everyone,

i got following problem, i can connect to the server without any problems. When i try to connect or ping a host in my "normal" subnet at home it doenst work.

My subnet at home is : 192.168.178.0

My server.conf:
server
port 1386
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key # This file should be kept secret
dh dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 192.168.178.1"
client-to-client
keepalive 10 120
cipher AES-256-CBC # AES
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
log /var/log/openvpn.log
verb 5
Output from ifconfig on server:

Code: Select all

sudo ifconfig
[sudo] password for odroid: 
eth0      Link encap:Ethernet  HWaddr 00:1e:06:33:f8:6b  
          inet addr:192.168.178.40  Bcast:192.168.178.255  Mask:255.255.255.0
          inet6 addr: fe80::21e:6ff:fe33:f86b/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:13255 errors:0 dropped:0 overruns:0 frame:0
          TX packets:11743 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:2541077 (2.4 MiB)  TX bytes:2942882 (2.8 MiB)
          Interrupt:40 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:4096  Metric:1
          RX packets:29 errors:0 dropped:0 overruns:0 frame:0
          TX packets:29 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:3216 (3.1 KiB)  TX bytes:3216 (3.1 KiB)

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          inet addr:10.8.0.1  P-t-P:10.8.0.2  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:1198 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1222 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100 
          RX bytes:89338 (87.2 KiB)  TX bytes:812077 (793.0 KiB)
ifconfig on client:

Code: Select all

ifconfig 
enp0s11u1 Link encap:Ethernet  HWaddr 02:64:05:09:63:7a  
          inet addr:192.168.42.82  Bcast:192.168.42.255  Mask:255.255.255.0
          inet6 addr: fe80::64:5ff:fe09:637a/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:320 errors:0 dropped:0 overruns:0 frame:0
          TX packets:480 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:44369 (44.3 KB)  TX bytes:94196 (94.1 KB)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:5488 errors:0 dropped:0 overruns:0 frame:0
          TX packets:5488 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1 
          RX bytes:1273608 (1.2 MB)  TX bytes:1273608 (1.2 MB)

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          inet addr:10.8.0.10  P-t-P:10.8.0.9  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:63 errors:0 dropped:0 overruns:0 frame:0
          TX packets:106 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100 
          RX bytes:9351 (9.3 KB)  TX bytes:10780 (10.7 KB)
Output from route -n on client

Code: Select all

route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.8.0.9        0.0.0.0         UG    50     0        0 tun0
0.0.0.0         192.168.42.129  0.0.0.0         UG    100    0        0 enp0s11u1
10.8.0.0        10.8.0.9        255.255.255.0   UG    50     0        0 tun0
10.8.0.9        0.0.0.0         255.255.255.255 UH    50     0        0 tun0
89.245.167.130  192.168.42.129  255.255.255.255 UGH   100    0        0 enp0s11u1
169.254.0.0     0.0.0.0         255.255.0.0     U     1000   0        0 enp0s11u1
192.168.42.0    0.0.0.0         255.255.255.0   U     100    0        0 enp0s11u1
I can only guess what is causing the problem, i think the ip P-t-P:10.8.0.9 isn't correct or something with the routing table isn't ok. Could anyone help or any further informations needed?

Regards, jawr

jawr
OpenVpn Newbie
Posts: 3
Joined: Wed Mar 08, 2017 12:23 pm

Re: Cant connect to Subnet behind VPN Server

Post by jawr » Wed Mar 08, 2017 1:09 pm

Here is the output from server.log

Code: Select all

Wed Mar  8 13:42:14 2017 us=297238 Current Parameter Settings:
Wed Mar  8 13:42:14 2017 us=297416   config = '/etc/openvpn/server.conf'
Wed Mar  8 13:42:14 2017 us=297441   mode = 1
Wed Mar  8 13:42:14 2017 us=297468   persist_config = DISABLED
Wed Mar  8 13:42:14 2017 us=297489   persist_mode = 1
Wed Mar  8 13:42:14 2017 us=297511   show_ciphers = DISABLED
Wed Mar  8 13:42:14 2017 us=297532   show_digests = DISABLED
Wed Mar  8 13:42:14 2017 us=297552   show_engines = DISABLED
Wed Mar  8 13:42:14 2017 us=297573   genkey = DISABLED
Wed Mar  8 13:42:14 2017 us=297599   key_pass_file = '[UNDEF]'
Wed Mar  8 13:42:14 2017 us=297619   show_tls_ciphers = DISABLED
Wed Mar  8 13:42:14 2017 us=297640 Connection profiles [default]:
Wed Mar  8 13:42:14 2017 us=297661   proto = udp
Wed Mar  8 13:42:14 2017 us=297682   local = '[UNDEF]'
Wed Mar  8 13:42:14 2017 us=297702   local_port = 1386
Wed Mar  8 13:42:14 2017 us=297727   remote = '[UNDEF]'
Wed Mar  8 13:42:14 2017 us=297748   remote_port = 1386
Wed Mar  8 13:42:14 2017 us=297769   remote_float = DISABLED
Wed Mar  8 13:42:14 2017 us=297789   bind_defined = DISABLED
Wed Mar  8 13:42:14 2017 us=297809   bind_local = ENABLED
Wed Mar  8 13:42:14 2017 us=297830   connect_retry_seconds = 5
Wed Mar  8 13:42:14 2017 us=297854   connect_timeout = 10
Wed Mar  8 13:42:14 2017 us=297875   connect_retry_max = 0
Wed Mar  8 13:42:14 2017 us=297896   socks_proxy_server = '[UNDEF]'
Wed Mar  8 13:42:14 2017 us=297916   socks_proxy_port = 0
Wed Mar  8 13:42:14 2017 us=297937   socks_proxy_retry = DISABLED
Wed Mar  8 13:42:14 2017 us=297957   tun_mtu = 1500
Wed Mar  8 13:42:14 2017 us=297981   tun_mtu_defined = ENABLED
Wed Mar  8 13:42:14 2017 us=298002   link_mtu = 1500
Wed Mar  8 13:42:14 2017 us=298022   link_mtu_defined = DISABLED
Wed Mar  8 13:42:14 2017 us=298042   tun_mtu_extra = 0
Wed Mar  8 13:42:14 2017 us=298062   tun_mtu_extra_defined = DISABLED
Wed Mar  8 13:42:14 2017 us=298082   mtu_discover_type = -1
Wed Mar  8 13:42:14 2017 us=298109   fragment = 0
Wed Mar  8 13:42:14 2017 us=298129   mssfix = 1450
Wed Mar  8 13:42:14 2017 us=298150   explicit_exit_notification = 0
Wed Mar  8 13:42:14 2017 us=298174 Connection profiles END
Wed Mar  8 13:42:14 2017 us=298194   remote_random = DISABLED
Wed Mar  8 13:42:14 2017 us=298218   ipchange = '[UNDEF]'
Wed Mar  8 13:42:14 2017 us=298240   dev = 'tun'
Wed Mar  8 13:42:14 2017 us=298260   dev_type = '[UNDEF]'
Wed Mar  8 13:42:14 2017 us=298284   dev_node = '[UNDEF]'
Wed Mar  8 13:42:14 2017 us=298305   lladdr = '[UNDEF]'
Wed Mar  8 13:42:14 2017 us=298325   topology = 1
Wed Mar  8 13:42:14 2017 us=298350   tun_ipv6 = DISABLED
Wed Mar  8 13:42:14 2017 us=298370   ifconfig_local = '10.8.0.1'
Wed Mar  8 13:42:14 2017 us=298391   ifconfig_remote_netmask = '10.8.0.2'
Wed Mar  8 13:42:14 2017 us=298412   ifconfig_noexec = DISABLED
Wed Mar  8 13:42:14 2017 us=298432   ifconfig_nowarn = DISABLED
Wed Mar  8 13:42:14 2017 us=298452   ifconfig_ipv6_local = '[UNDEF]'
Wed Mar  8 13:42:14 2017 us=298477   ifconfig_ipv6_netbits = 0
Wed Mar  8 13:42:14 2017 us=298498   ifconfig_ipv6_remote = '[UNDEF]'
Wed Mar  8 13:42:14 2017 us=298519   shaper = 0
Wed Mar  8 13:42:14 2017 us=298539   mtu_test = 0
Wed Mar  8 13:42:14 2017 us=298564   mlock = DISABLED
Wed Mar  8 13:42:14 2017 us=298586   keepalive_ping = 10
Wed Mar  8 13:42:14 2017 us=298611   keepalive_timeout = 120
Wed Mar  8 13:42:14 2017 us=298631   inactivity_timeout = 0
Wed Mar  8 13:42:14 2017 us=298651   ping_send_timeout = 10
Wed Mar  8 13:42:14 2017 us=298672   ping_rec_timeout = 240
Wed Mar  8 13:42:14 2017 us=298692   ping_rec_timeout_action = 2
Wed Mar  8 13:42:14 2017 us=298713   ping_timer_remote = DISABLED
Wed Mar  8 13:42:14 2017 us=298737   remap_sigusr1 = 0
Wed Mar  8 13:42:14 2017 us=298758   persist_tun = ENABLED
Wed Mar  8 13:42:14 2017 us=298778   persist_local_ip = DISABLED
Wed Mar  8 13:42:14 2017 us=298798   persist_remote_ip = DISABLED
Wed Mar  8 13:42:14 2017 us=298818   persist_key = ENABLED
Wed Mar  8 13:42:14 2017 us=298838   passtos = DISABLED
Wed Mar  8 13:42:14 2017 us=298863   resolve_retry_seconds = 1000000000
Wed Mar  8 13:42:14 2017 us=298897   username = 'nobody'
Wed Mar  8 13:42:14 2017 us=298919   groupname = 'nogroup'
Wed Mar  8 13:42:14 2017 us=298939   chroot_dir = '[UNDEF]'
Wed Mar  8 13:42:14 2017 us=298959   cd_dir = '/etc/openvpn'
Wed Mar  8 13:42:14 2017 us=298984   writepid = '[UNDEF]'
Wed Mar  8 13:42:14 2017 us=299004   up_script = '[UNDEF]'
Wed Mar  8 13:42:14 2017 us=299024   down_script = '[UNDEF]'
Wed Mar  8 13:42:14 2017 us=299045   down_pre = DISABLED
Wed Mar  8 13:42:14 2017 us=299065   up_restart = DISABLED
Wed Mar  8 13:42:14 2017 us=299085   up_delay = DISABLED
Wed Mar  8 13:42:14 2017 us=299109   daemon = ENABLED
Wed Mar  8 13:42:14 2017 us=299129   inetd = 0
Wed Mar  8 13:42:14 2017 us=299149   log = ENABLED
Wed Mar  8 13:42:14 2017 us=299169   suppress_timestamps = DISABLED
Wed Mar  8 13:42:14 2017 us=299189   nice = 0
Wed Mar  8 13:42:14 2017 us=299209   verbosity = 5
Wed Mar  8 13:42:14 2017 us=299233   mute = 0
Wed Mar  8 13:42:14 2017 us=299254   gremlin = 0
Wed Mar  8 13:42:14 2017 us=299274   status_file = 'openvpn-status.log'
Wed Mar  8 13:42:14 2017 us=299295   status_file_version = 1
Wed Mar  8 13:42:14 2017 us=299316   status_file_update_freq = 10
Wed Mar  8 13:42:14 2017 us=299336   occ = ENABLED
Wed Mar  8 13:42:14 2017 us=299360   rcvbuf = 65536
Wed Mar  8 13:42:14 2017 us=299381   sndbuf = 65536
Wed Mar  8 13:42:14 2017 us=299400   mark = 0
Wed Mar  8 13:42:14 2017 us=299421   sockflags = 0
Wed Mar  8 13:42:14 2017 us=299441   fast_io = DISABLED
Wed Mar  8 13:42:14 2017 us=299461   lzo = 7
Wed Mar  8 13:42:14 2017 us=299485   route_script = '[UNDEF]'
Wed Mar  8 13:42:14 2017 us=299506   route_default_gateway = '[UNDEF]'
Wed Mar  8 13:42:14 2017 us=299526   route_default_metric = 0
Wed Mar  8 13:42:14 2017 us=299547   route_noexec = DISABLED
Wed Mar  8 13:42:14 2017 us=299567   route_delay = 0
Wed Mar  8 13:42:14 2017 us=299587   route_delay_window = 30
Wed Mar  8 13:42:14 2017 us=299611   route_delay_defined = DISABLED
Wed Mar  8 13:42:14 2017 us=299632   route_nopull = DISABLED
Wed Mar  8 13:42:14 2017 us=299652   route_gateway_via_dhcp = DISABLED
Wed Mar  8 13:42:14 2017 us=299673   max_routes = 100
Wed Mar  8 13:42:14 2017 us=299693   allow_pull_fqdn = DISABLED
Wed Mar  8 13:42:14 2017 us=299724   route 10.8.0.0/255.255.255.0/nil/nil
Wed Mar  8 13:42:14 2017 us=299746   management_addr = '[UNDEF]'
Wed Mar  8 13:42:14 2017 us=299767   management_port = 0
Wed Mar  8 13:42:14 2017 us=299787   management_user_pass = '[UNDEF]'
Wed Mar  8 13:42:14 2017 us=299807   management_log_history_cache = 250
Wed Mar  8 13:42:14 2017 us=299828   management_echo_buffer_size = 100
Wed Mar  8 13:42:14 2017 us=299852   management_write_peer_info_file = '[UNDEF]'
Wed Mar  8 13:42:14 2017 us=299874   management_client_user = '[UNDEF]'
Wed Mar  8 13:42:14 2017 us=299894   management_client_group = '[UNDEF]'
Wed Mar  8 13:42:14 2017 us=299915   management_flags = 0
Wed Mar  8 13:42:14 2017 us=299935   shared_secret_file = '[UNDEF]'
Wed Mar  8 13:42:14 2017 us=299956   key_direction = 0
Wed Mar  8 13:42:14 2017 us=299981   ciphername_defined = ENABLED
Wed Mar  8 13:42:14 2017 us=300002   ciphername = 'AES-256-CBC'
Wed Mar  8 13:42:14 2017 us=300022   authname_defined = ENABLED
Wed Mar  8 13:42:14 2017 us=300043   authname = 'SHA1'
Wed Mar  8 13:42:14 2017 us=300063   prng_hash = 'SHA1'
Wed Mar  8 13:42:14 2017 us=300083   prng_nonce_secret_len = 16
Wed Mar  8 13:42:14 2017 us=300108   keysize = 0
Wed Mar  8 13:42:14 2017 us=300129   engine = DISABLED
Wed Mar  8 13:42:14 2017 us=300150   replay = ENABLED
Wed Mar  8 13:42:14 2017 us=300170   mute_replay_warnings = DISABLED
Wed Mar  8 13:42:14 2017 us=300190   replay_window = 64
Wed Mar  8 13:42:14 2017 us=300210   replay_time = 15
Wed Mar  8 13:42:14 2017 us=300235   packet_id_file = '[UNDEF]'
Wed Mar  8 13:42:14 2017 us=300256   use_iv = ENABLED
Wed Mar  8 13:42:14 2017 us=300276   test_crypto = DISABLED
Wed Mar  8 13:42:14 2017 us=300297   tls_server = ENABLED
Wed Mar  8 13:42:14 2017 us=300317   tls_client = DISABLED
Wed Mar  8 13:42:14 2017 us=300337   key_method = 2
Wed Mar  8 13:42:14 2017 us=300376   ca_file = 'ca.crt'
Wed Mar  8 13:42:14 2017 us=300397   ca_path = '[UNDEF]'
Wed Mar  8 13:42:14 2017 us=300418   dh_file = 'dh2048.pem'
Wed Mar  8 13:42:14 2017 us=300438   cert_file = 'server.crt'
Wed Mar  8 13:42:14 2017 us=300459   priv_key_file = 'server.key'
Wed Mar  8 13:42:14 2017 us=300485   pkcs12_file = '[UNDEF]'
Wed Mar  8 13:42:14 2017 us=300506   cipher_list = '[UNDEF]'
Wed Mar  8 13:42:14 2017 us=300526   tls_verify = '[UNDEF]'
Wed Mar  8 13:42:14 2017 us=300547   tls_export_cert = '[UNDEF]'
Wed Mar  8 13:42:14 2017 us=300568   verify_x509_type = 0
Wed Mar  8 13:42:14 2017 us=300588   verify_x509_name = '[UNDEF]'
Wed Mar  8 13:42:14 2017 us=300613   crl_file = '[UNDEF]'
Wed Mar  8 13:42:14 2017 us=300633   ns_cert_type = 0
Wed Mar  8 13:42:14 2017 us=300654   remote_cert_ku[i] = 0
Wed Mar  8 13:42:14 2017 us=300674   remote_cert_ku[i] = 0
Wed Mar  8 13:42:14 2017 us=300694   remote_cert_ku[i] = 0
Wed Mar  8 13:42:14 2017 us=300714   remote_cert_ku[i] = 0
Wed Mar  8 13:42:14 2017 us=300739   remote_cert_ku[i] = 0
Wed Mar  8 13:42:14 2017 us=300759   remote_cert_ku[i] = 0
Wed Mar  8 13:42:14 2017 us=300779   remote_cert_ku[i] = 0
Wed Mar  8 13:42:14 2017 us=300800   remote_cert_ku[i] = 0
Wed Mar  8 13:42:14 2017 us=300820   remote_cert_ku[i] = 0
Wed Mar  8 13:42:14 2017 us=300840   remote_cert_ku[i] = 0
Wed Mar  8 13:42:14 2017 us=300865   remote_cert_ku[i] = 0
Wed Mar  8 13:42:14 2017 us=300885   remote_cert_ku[i] = 0
Wed Mar  8 13:42:14 2017 us=300905   remote_cert_ku[i] = 0
Wed Mar  8 13:42:14 2017 us=300925   remote_cert_ku[i] = 0
Wed Mar  8 13:42:14 2017 us=300945   remote_cert_ku[i] = 0
Wed Mar  8 13:42:14 2017 us=300969   remote_cert_ku[i] = 0
Wed Mar  8 13:42:14 2017 us=300990   remote_cert_eku = '[UNDEF]'
Wed Mar  8 13:42:14 2017 us=301011   ssl_flags = 0
Wed Mar  8 13:42:14 2017 us=301031   tls_timeout = 2
Wed Mar  8 13:42:14 2017 us=301052   renegotiate_bytes = 0
Wed Mar  8 13:42:14 2017 us=301072   renegotiate_packets = 0
Wed Mar  8 13:42:14 2017 us=301096   renegotiate_seconds = 3600
Wed Mar  8 13:42:14 2017 us=301117   handshake_window = 60
Wed Mar  8 13:42:14 2017 us=301137   transition_window = 3600
Wed Mar  8 13:42:14 2017 us=301157   single_session = DISABLED
Wed Mar  8 13:42:14 2017 us=301178   push_peer_info = DISABLED
Wed Mar  8 13:42:14 2017 us=301198   tls_exit = DISABLED
Wed Mar  8 13:42:14 2017 us=301222   tls_auth_file = '[UNDEF]'
Wed Mar  8 13:42:14 2017 us=301243   pkcs11_protected_authentication = DISABLED
Wed Mar  8 13:42:14 2017 us=301264   pkcs11_protected_authentication = DISABLED
Wed Mar  8 13:42:14 2017 us=301284   pkcs11_protected_authentication = DISABLED
Wed Mar  8 13:42:14 2017 us=301304   pkcs11_protected_authentication = DISABLED
Wed Mar  8 13:42:14 2017 us=301325   pkcs11_protected_authentication = DISABLED
Wed Mar  8 13:42:14 2017 us=301349   pkcs11_protected_authentication = DISABLED
Wed Mar  8 13:42:14 2017 us=301370   pkcs11_protected_authentication = DISABLED
Wed Mar  8 13:42:14 2017 us=301390   pkcs11_protected_authentication = DISABLED
Wed Mar  8 13:42:14 2017 us=301410   pkcs11_protected_authentication = DISABLED
Wed Mar  8 13:42:14 2017 us=301431   pkcs11_protected_authentication = DISABLED
Wed Mar  8 13:42:14 2017 us=301451   pkcs11_protected_authentication = DISABLED
Wed Mar  8 13:42:14 2017 us=301475   pkcs11_protected_authentication = DISABLED
Wed Mar  8 13:42:14 2017 us=301496   pkcs11_protected_authentication = DISABLED
Wed Mar  8 13:42:14 2017 us=301516   pkcs11_protected_authentication = DISABLED
Wed Mar  8 13:42:14 2017 us=301536   pkcs11_protected_authentication = DISABLED
Wed Mar  8 13:42:14 2017 us=301557   pkcs11_protected_authentication = DISABLED
Wed Mar  8 13:42:14 2017 us=301578   pkcs11_private_mode = 00000000
Wed Mar  8 13:42:14 2017 us=301604   pkcs11_private_mode = 00000000
Wed Mar  8 13:42:14 2017 us=301625   pkcs11_private_mode = 00000000
Wed Mar  8 13:42:14 2017 us=301646   pkcs11_private_mode = 00000000
Wed Mar  8 13:42:14 2017 us=301666   pkcs11_private_mode = 00000000
Wed Mar  8 13:42:14 2017 us=301700   pkcs11_private_mode = 00000000
Wed Mar  8 13:42:14 2017 us=301725   pkcs11_private_mode = 00000000
Wed Mar  8 13:42:14 2017 us=301746   pkcs11_private_mode = 00000000
Wed Mar  8 13:42:14 2017 us=301767   pkcs11_private_mode = 00000000
Wed Mar  8 13:42:14 2017 us=301787   pkcs11_private_mode = 00000000
Wed Mar  8 13:42:14 2017 us=301808   pkcs11_private_mode = 00000000
Wed Mar  8 13:42:14 2017 us=301829   pkcs11_private_mode = 00000000
Wed Mar  8 13:42:14 2017 us=301854   pkcs11_private_mode = 00000000
Wed Mar  8 13:42:14 2017 us=301875   pkcs11_private_mode = 00000000
Wed Mar  8 13:42:14 2017 us=301896   pkcs11_private_mode = 00000000
Wed Mar  8 13:42:14 2017 us=301916   pkcs11_private_mode = 00000000
Wed Mar  8 13:42:14 2017 us=301936   pkcs11_cert_private = DISABLED
Wed Mar  8 13:42:14 2017 us=301957   pkcs11_cert_private = DISABLED
Wed Mar  8 13:42:14 2017 us=301981   pkcs11_cert_private = DISABLED
Wed Mar  8 13:42:14 2017 us=302001   pkcs11_cert_private = DISABLED
Wed Mar  8 13:42:14 2017 us=302021   pkcs11_cert_private = DISABLED
Wed Mar  8 13:42:14 2017 us=302042   pkcs11_cert_private = DISABLED
Wed Mar  8 13:42:14 2017 us=302061   pkcs11_cert_private = DISABLED
Wed Mar  8 13:42:14 2017 us=302082   pkcs11_cert_private = DISABLED
Wed Mar  8 13:42:14 2017 us=302106   pkcs11_cert_private = DISABLED
Wed Mar  8 13:42:14 2017 us=302126   pkcs11_cert_private = DISABLED
Wed Mar  8 13:42:14 2017 us=302146   pkcs11_cert_private = DISABLED
Wed Mar  8 13:42:14 2017 us=302166   pkcs11_cert_private = DISABLED
Wed Mar  8 13:42:14 2017 us=302186   pkcs11_cert_private = DISABLED
Wed Mar  8 13:42:14 2017 us=302206   pkcs11_cert_private = DISABLED
Wed Mar  8 13:42:14 2017 us=302230   pkcs11_cert_private = DISABLED
Wed Mar  8 13:42:14 2017 us=302251   pkcs11_cert_private = DISABLED
Wed Mar  8 13:42:14 2017 us=302272   pkcs11_pin_cache_period = -1
Wed Mar  8 13:42:14 2017 us=302292   pkcs11_id = '[UNDEF]'
Wed Mar  8 13:42:14 2017 us=302313   pkcs11_id_management = DISABLED
Wed Mar  8 13:42:14 2017 us=302337   server_network = 10.8.0.0
Wed Mar  8 13:42:14 2017 us=302364   server_netmask = 255.255.255.0
Wed Mar  8 13:42:14 2017 us=302388   server_network_ipv6 = ::
Wed Mar  8 13:42:14 2017 us=302409   server_netbits_ipv6 = 0
Wed Mar  8 13:42:14 2017 us=302431   server_bridge_ip = 0.0.0.0
Wed Mar  8 13:42:14 2017 us=302454   server_bridge_netmask = 0.0.0.0
Wed Mar  8 13:42:14 2017 us=302480   server_bridge_pool_start = 0.0.0.0
Wed Mar  8 13:42:14 2017 us=302503   server_bridge_pool_end = 0.0.0.0
Wed Mar  8 13:42:14 2017 us=302523   push_entry = 'redirect-gateway def1 bypass-dhcp'
Wed Mar  8 13:42:14 2017 us=302544   push_entry = 'dhcp-option DNS 192.168.178.1'
Wed Mar  8 13:42:14 2017 us=302564   push_entry = 'route 10.8.0.0 255.255.255.0'
Wed Mar  8 13:42:14 2017 us=302584   push_entry = 'topology net30'
Wed Mar  8 13:42:14 2017 us=302609   push_entry = 'ping 10'
Wed Mar  8 13:42:14 2017 us=302630   push_entry = 'ping-restart 120'
Wed Mar  8 13:42:14 2017 us=302651   ifconfig_pool_defined = ENABLED
Wed Mar  8 13:42:14 2017 us=302674   ifconfig_pool_start = 10.8.0.4
Wed Mar  8 13:42:14 2017 us=302696   ifconfig_pool_end = 10.8.0.251
Wed Mar  8 13:42:14 2017 us=302722   ifconfig_pool_netmask = 0.0.0.0
Wed Mar  8 13:42:14 2017 us=302748   ifconfig_pool_persist_filename = 'ipp.txt'
Wed Mar  8 13:42:14 2017 us=302771   ifconfig_pool_persist_refresh_freq = 600
Wed Mar  8 13:42:14 2017 us=302791   ifconfig_ipv6_pool_defined = DISABLED
Wed Mar  8 13:42:14 2017 us=302819   ifconfig_ipv6_pool_base = ::
Wed Mar  8 13:42:14 2017 us=302841   ifconfig_ipv6_pool_netbits = 0
Wed Mar  8 13:42:14 2017 us=302866   n_bcast_buf = 256
Wed Mar  8 13:42:14 2017 us=302887   tcp_queue_limit = 64
Wed Mar  8 13:42:14 2017 us=302908   real_hash_size = 256
Wed Mar  8 13:42:14 2017 us=302928   virtual_hash_size = 256
Wed Mar  8 13:42:14 2017 us=302949   client_connect_script = '[UNDEF]'
Wed Mar  8 13:42:14 2017 us=302973   learn_address_script = '[UNDEF]'
Wed Mar  8 13:42:14 2017 us=302995   client_disconnect_script = '[UNDEF]'
Wed Mar  8 13:42:14 2017 us=303028   client_config_dir = '[UNDEF]'
Wed Mar  8 13:42:14 2017 us=303050   ccd_exclusive = DISABLED
Wed Mar  8 13:42:14 2017 us=303070   tmp_dir = '/tmp'
Wed Mar  8 13:42:14 2017 us=303091   push_ifconfig_defined = DISABLED
Wed Mar  8 13:42:14 2017 us=303118   push_ifconfig_local = 0.0.0.0
Wed Mar  8 13:42:14 2017 us=303142   push_ifconfig_remote_netmask = 0.0.0.0
Wed Mar  8 13:42:14 2017 us=303162   push_ifconfig_ipv6_defined = DISABLED
Wed Mar  8 13:42:14 2017 us=303186   push_ifconfig_ipv6_local = ::/0
Wed Mar  8 13:42:14 2017 us=303208   push_ifconfig_ipv6_remote = ::
Wed Mar  8 13:42:14 2017 us=303234   enable_c2c = ENABLED
Wed Mar  8 13:42:14 2017 us=303255   duplicate_cn = DISABLED
Wed Mar  8 13:42:14 2017 us=303275   cf_max = 0
Wed Mar  8 13:42:14 2017 us=303296   cf_per = 0
Wed Mar  8 13:42:14 2017 us=303316   max_clients = 1024
Wed Mar  8 13:42:14 2017 us=303337   max_routes_per_client = 256
Wed Mar  8 13:42:14 2017 us=303361   auth_user_pass_verify_script = '[UNDEF]'
Wed Mar  8 13:42:14 2017 us=303382   auth_user_pass_verify_script_via_file = DISABLED
Wed Mar  8 13:42:14 2017 us=303403   port_share_host = '[UNDEF]'
Wed Mar  8 13:42:14 2017 us=303423   port_share_port = 0
Wed Mar  8 13:42:14 2017 us=303443   client = DISABLED
Wed Mar  8 13:42:14 2017 us=303463   pull = DISABLED
Wed Mar  8 13:42:14 2017 us=303487   auth_user_pass_file = '[UNDEF]'
Wed Mar  8 13:42:14 2017 us=303510 OpenVPN 2.3.4 aarch64-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Nov 20 2015
Wed Mar  8 13:42:14 2017 us=303544 library versions: OpenSSL 1.0.1t  3 May 2016, LZO 2.08
Wed Mar  8 13:42:14 2017 us=305526 Diffie-Hellman initialized with 2048 bit key
Wed Mar  8 13:42:14 2017 us=306914 TLS-Auth MTU parms [ L:1558 D:138 EF:38 EB:0 ET:0 EL:0 ]
Wed Mar  8 13:42:14 2017 us=306996 Socket Buffers: R=[229376->131072] S=[229376->131072]
Wed Mar  8 13:42:14 2017 us=307309 ROUTE_GATEWAY 192.168.178.1/255.255.255.0 IFACE=eth0 HWADDR=00:1e:06:33:f8:6b
Wed Mar  8 13:42:14 2017 us=308200 TUN/TAP device tun0 opened
Wed Mar  8 13:42:14 2017 us=308298 TUN/TAP TX queue length set to 100
Wed Mar  8 13:42:14 2017 us=308355 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Wed Mar  8 13:42:14 2017 us=308407 /sbin/ip link set dev tun0 up mtu 1500
Wed Mar  8 13:42:14 2017 us=311212 /sbin/ip addr add dev tun0 local 10.8.0.1 peer 10.8.0.2
Wed Mar  8 13:42:14 2017 us=314397 /sbin/ip route add 10.8.0.0/24 via 10.8.0.2
Wed Mar  8 13:42:14 2017 us=330677 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ]
Wed Mar  8 13:42:14 2017 us=332467 GID set to nogroup
Wed Mar  8 13:42:14 2017 us=332608 UID set to nobody
Wed Mar  8 13:42:14 2017 us=332656 UDPv4 link local (bound): [undef]
Wed Mar  8 13:42:14 2017 us=332692 UDPv4 link remote: [undef]
Wed Mar  8 13:42:14 2017 us=332726 MULTI: multi_init called, r=256 v=256
Wed Mar  8 13:42:14 2017 us=332904 IFCONFIG POOL: base=10.8.0.4 size=62, ipv6=0
Wed Mar  8 13:42:14 2017 us=332948 ifconfig_pool_read(), in='client1,10.8.0.4', TODO: IPv6
Wed Mar  8 13:42:14 2017 us=332999 succeeded -> ifconfig_pool_set()
Wed Mar  8 13:42:14 2017 us=333023 ifconfig_pool_read(), in='client-kubuntu,10.8.0.8', TODO: IPv6
Wed Mar  8 13:42:14 2017 us=333044 succeeded -> ifconfig_pool_set()
Wed Mar  8 13:42:14 2017 us=333068 IFCONFIG POOL LIST
Wed Mar  8 13:42:14 2017 us=333091 client1,10.8.0.4
Wed Mar  8 13:42:14 2017 us=333112 client-kubuntu,10.8.0.8
Wed Mar  8 13:42:14 2017 us=333212 Initialization Sequence Completed
Wed Mar  8 13:42:23 2017 us=715399 MULTI: multi_create_instance called
Wed Mar  8 13:42:23 2017 us=715597 217.70.170.190:47003 Re-using SSL/TLS context
Wed Mar  8 13:42:23 2017 us=715703 217.70.170.190:47003 LZO compression initialized
Wed Mar  8 13:42:23 2017 us=716140 217.70.170.190:47003 Control Channel MTU parms [ L:1558 D:138 EF:38 EB:0 ET:0 EL:0 ]
Wed Mar  8 13:42:23 2017 us=716175 217.70.170.190:47003 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ]
Wed Mar  8 13:42:23 2017 us=716272 217.70.170.190:47003 Local Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-server'
Wed Mar  8 13:42:23 2017 us=716337 217.70.170.190:47003 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-client'
Wed Mar  8 13:42:23 2017 us=716425 217.70.170.190:47003 Local Options hash (VER=V4): 'a8f55717'
Wed Mar  8 13:42:23 2017 us=716463 217.70.170.190:47003 Expected Remote Options hash (VER=V4): '22188c5b'
RWed Mar  8 13:42:23 2017 us=716579 217.70.170.190:47003 TLS: Initial packet from [AF_INET]217.70.170.190:47003, sid=51551a21 0a487068
WRRWWWWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRRRRWRWRWed Mar  8 13:42:24 2017 us=76475 217.70.170.190:47003 VERIFY OK: depth=1, C=DE, ST=NRW, L=Gelsenkirchen, O=privat, OU=MyOrganizationalUnit, CN=privat CA, name=server, emailAddress=me@myhost.mydomain
Wed Mar  8 13:42:24 2017 us=77405 217.70.170.190:47003 VERIFY OK: depth=0, C=DE, ST=NRW, L=Gelsenkirchen, O=privat, OU=MyOrganizationalUnit, CN=client-kubuntu, name=server, emailAddress=me@myhost.mydomain
WRWed Mar  8 13:42:24 2017 us=163933 217.70.170.190:47003 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Wed Mar  8 13:42:24 2017 us=164057 217.70.170.190:47003 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Mar  8 13:42:24 2017 us=164094 217.70.170.190:47003 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Wed Mar  8 13:42:24 2017 us=164123 217.70.170.190:47003 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
WWWRRRWed Mar  8 13:42:24 2017 us=189490 217.70.170.190:47003 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Wed Mar  8 13:42:24 2017 us=189751 217.70.170.190:47003 [client-kubuntu] Peer Connection Initiated with [AF_INET]217.70.170.190:47003
Wed Mar  8 13:42:24 2017 us=190012 client-kubuntu/217.70.170.190:47003 MULTI_sva: pool returned IPv4=10.8.0.10, IPv6=(Not enabled)
Wed Mar  8 13:42:24 2017 us=190189 client-kubuntu/217.70.170.190:47003 MULTI: Learn: 10.8.0.10 -> client-kubuntu/217.70.170.190:47003
Wed Mar  8 13:42:24 2017 us=190224 client-kubuntu/217.70.170.190:47003 MULTI: primary virtual IP for client-kubuntu/217.70.170.190:47003: 10.8.0.10
RWed Mar  8 13:42:26 2017 us=386531 client-kubuntu/217.70.170.190:47003 PUSH: Received control message: 'PUSH_REQUEST'
Wed Mar  8 13:42:26 2017 us=386638 client-kubuntu/217.70.170.190:47003 send_push_reply(): safe_cap=940
Wed Mar  8 13:42:26 2017 us=386755 client-kubuntu/217.70.170.190:47003 SENT CONTROL [client-kubuntu]: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 192.168.178.1,route 10.8.0.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.10 10.8.0.9' (status=1)
WWWWRRRRwRwRwrWRwrWrWRwrWRwRwRwRwRwrWrWRwRwrWRwRwrWrWrWRwRwRwrWrWrWRwrWRwrWrWRwRwrWrWRwRwrWrWRwRwrWrWRwRwrWrWRwrWrWrWrWRwrWrWRwrWrWRwrWrWRwrWRwRwRwrWrWrWrWRwRwRwRwRwrWRwRwrWrWrWrWrWRwRwRwRwRwRwRwRwRwrWRwRwrWRwRwrWRwRwrWRwRwrWRwRwrWRwrWRwrWRwrWRwrWRwrWRwrWRwrWRwrWRwrWRwrWrWrWrWrWrWRwRwRwRwrWRwRwrWRwRwrWRwRwrWRwrWRwRwrWRwRwrWrWrWRwRwRwRwRwRwRwrWRwRwrWRwRwrWRwRwrWRwRwRwrWrWRwrWRwrWRwRwrWRwRwRwrWrWRwrWRwRwrWRwrWrWrWRwRwRwrWrWrWRwrWrWrWRwRwrWrWRwRwRwRwRwRwRwRwrWrWrWRwRwRwrWrWrWrWrW

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Cant connect to Subnet behind VPN Server

Post by TinCanTech » Wed Mar 08, 2017 1:10 pm


jawr
OpenVpn Newbie
Posts: 3
Joined: Wed Mar 08, 2017 12:23 pm

Re: Cant connect to Subnet behind VPN Server

Post by jawr » Wed Mar 08, 2017 1:19 pm

Thanks for your reply.

I dont really understand why i must do this:

Code: Select all

Next, you must set up a route on the server-side LAN gateway to route the VPN client subnet (10.8.0.0/24) to the OpenVPN server (this is only necessary if the OpenVPN server and the LAN gateway are different machines).
but i've done it and now it works. Thanks for your help.

Regards,

jawr

Locked