my first post here, so please bear with me.
I am trying to configure a new OpenVPN server, copying an existing configuration.
Server: OpenVPN community edition from Open SuSE 15.4 distro, version 2.5.3, on OS 15.4
Client: Windows 10 and 11, OpenVPN community edition, version 2.6.8.
The connection cannot be established, neither from Win 10 nor 11, and I found this in the client log:
Code: Select all
2023-11-24 19:56:25 TAP-Windows Driver Version 9.26
2023-11-24 19:56:25 Set TAP-Windows TUN subnet mode network/local/netmask = 10.42.24.4/10.42.24.5/10.42.24.6 [SUCCEEDED]
2023-11-24 19:56:25 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.42.24.5/10.42.24.6 on interface {9C9CF993-E31B-4A25-ADE2-B9BD8C0D7F38} [DHCP-serv: 10.42.24.4, lease-time: 31536000]
2023-11-24 19:56:25 Successful ARP Flush on interface [15] {9C9CF993-E31B-4A25-ADE2-B9BD8C0D7F38}
2023-11-24 19:56:25 MANAGEMENT: >STATE:1700852185,ASSIGN_IP,,10.42.24.5,,,,
2023-11-24 19:56:25 IPv4 MTU set to 1500 on interface 15 using service
2023-11-24 19:56:25 Data Channel: cipher 'AES-256-GCM', peer-id: 0, compression: 'lzo'
2023-11-24 19:56:25 Timers: ping 10, ping-restart 60
2023-11-24 19:56:30 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
2023-11-24 19:56:30 Route: Waiting for TUN/TAP interface to come up...
Code: Select all
2023-11-24 19:57:00 MANAGEMENT: >STATE:1700852220,ADD_ROUTES,,,,,,
2023-11-24 19:57:00 C:\windows\system32\route.exe ADD 194.31.92.0 MASK 255.255.255.0 10.42.24.1
2023-11-24 19:57:00 Warning: route gateway is not reachable on any active network adapters: 10.42.24.1
SYSTEM ROUTING TABLE
0.0.0.0 0.0.0.0 194.31.92.111 p=0 i=13 t=4 pr=3 a=119476 h=0 m=25/0/0/0/0
127.0.0.0 255.0.0.0 127.0.0.1 p=0 i=1 t=3 pr=2 a=174368 h=0 m=331/0/0/0/0
127.0.0.1 255.255.255.255 127.0.0.1 p=0 i=1 t=3 pr=2 a=174368 h=0 m=331/0/0/0/0
127.255.255.255 255.255.255.255 127.0.0.1 p=0 i=1 t=3 pr=2 a=174368 h=0 m=331/0/0/0/0
194.31.92.0 255.255.255.0 194.31.92.11 p=0 i=13 t=3 pr=2 a=8707 h=0 m=281/0/0/0/0
194.31.92.11 255.255.255.255 194.31.92.11 p=0 i=13 t=3 pr=2 a=8707 h=0 m=281/0/0/0/0
194.31.92.255 255.255.255.255 194.31.92.11 p=0 i=13 t=3 pr=2 a=8707 h=0 m=281/0/0/0/0
224.0.0.0 240.0.0.0 127.0.0.1 p=0 i=1 t=3 pr=2 a=174368 h=0 m=331/0/0/0/0
224.0.0.0 240.0.0.0 0.0.0.0 p=0 i=15 t=3 pr=2 a=174363 h=0 m=262/0/0/0/0
224.0.0.0 240.0.0.0 194.31.92.11 p=0 i=13 t=3 pr=2 a=174363 h=0 m=281/0/0/0/0
255.255.255.255 255.255.255.255 127.0.0.1 p=0 i=1 t=3 pr=2 a=174368 h=0 m=331/0/0/0/0
255.255.255.255 255.255.255.255 0.0.0.0 p=0 i=15 t=3 pr=2 a=174363 h=0 m=262/0/0/0/0
255.255.255.255 255.255.255.255 194.31.92.11 p=0 i=13 t=3 pr=2 a=174363 h=0 m=281/0/0/0/0
SYSTEM ADAPTER LIST
Realtek Gaming GbE Family Controller
Index = 13
GUID = {8F9BB747-82EC-4F36-8128-241F66AE26ED}
IP = 194.31.92.11/255.255.255.0
MAC = e0:73:e7:cb:61:5d
GATEWAY = 194.31.92.111/255.255.255.255
DHCP SERV = 194.31.92.111/255.255.255.255
DHCP LEASE OBTAINED = 2023-11-24 19:56:22
DHCP LEASE EXPIRES = 2023-11-24 20:06:22
DNS SERV = 194.31.92.113/255.255.255.255 194.31.92.13/255.255.255.255 192.109.16.71/255.255.255.255
Bluetooth Device (Personal Area Network)
Index = 4
GUID = {1E24633D-24B4-4BC5-AADB-47CA06D153A2}
IP = 0.0.0.0/0.0.0.0
MAC = 2c:3b:70:fc:fe:86
GATEWAY = 0.0.0.0/255.255.255.255
DHCP SERV =
DHCP LEASE OBTAINED = 2023-11-24 19:57:00
DHCP LEASE EXPIRES = 2023-11-24 19:57:00
DNS SERV =
ExpressVPN TUN Driver
Index = 16
GUID = {A00D4A87-CACB-43E2-93CC-01FE81B891EC}
IP = 0.0.0.0/0.0.0.0
MAC =
GATEWAY = 0.0.0.0/255.255.255.255
DNS SERV =
Wintun Userspace Tunnel
Index = 6
GUID = {30E123AF-F5F1-403F-BC82-7E75B96435AF}
IP = 0.0.0.0/0.0.0.0
MAC =
GATEWAY = 0.0.0.0/255.255.255.255
DHCP SERV =
DHCP LEASE OBTAINED = 2023-11-24 19:57:00
DHCP LEASE EXPIRES = 2023-11-24 19:57:00
DNS SERV =
TAP-Windows Adapter V9
Index = 15
GUID = {9C9CF993-E31B-4A25-ADE2-B9BD8C0D7F38}
IP = 169.254.152.180/255.255.0.0
MAC = 00:ff:9c:9c:f9:93
GATEWAY = 0.0.0.0/255.255.255.255
DHCP SERV = 0.0.0.0/255.255.255.255
DHCP LEASE OBTAINED = 2023-11-24 19:57:00
DHCP LEASE EXPIRES = 2023-11-24 19:57:00
DNS SERV =
OpenVPN Data Channel Offload
Index = 21
GUID = {FD6A5852-B367-4B71-9675-353DF388C15A}
IP = 0.0.0.0/0.0.0.0
MAC =
GATEWAY = 0.0.0.0/255.255.255.255
DHCP SERV =
DHCP LEASE OBTAINED = 2023-11-24 19:57:00
DHCP LEASE EXPIRES = 2023-11-24 19:57:00
DNS SERV =
MediaTek MT7921 Wi-Fi 6 802.11ax PCIe Adapter
Index = 9
GUID = {78603504-FB3E-401F-A425-371040FEE0D2}
IP = 0.0.0.0/0.0.0.0
MAC = 2c:3b:70:fc:fe:87
GATEWAY = 192.168.62.100/255.255.255.255
DHCP SERV =
DHCP LEASE OBTAINED = 2023-11-24 19:57:00
DHCP LEASE EXPIRES = 2023-11-24 19:57:00
DNS SERV =
Microsoft Wi-Fi Direct Virtual Adapter
Index = 8
GUID = {5372E132-6D31-4860-B2E7-C5F95B074364}
IP = 0.0.0.0/0.0.0.0
MAC = 2e:3b:70:fc:fe:a7
GATEWAY = 0.0.0.0/255.255.255.255
DHCP SERV =
DHCP LEASE OBTAINED = 2023-11-24 19:57:00
DHCP LEASE EXPIRES = 2023-11-24 19:57:00
DNS SERV =
Microsoft Wi-Fi Direct Virtual Adapter #2
Index = 12
GUID = {8488457A-F278-4B01-A275-6D74EFE67047}
IP = 0.0.0.0/0.0.0.0
MAC = 2e:3b:70:fc:fe:b7
GATEWAY = 0.0.0.0/255.255.255.255
DHCP SERV =
DHCP LEASE OBTAINED = 2023-11-24 19:57:00
DHCP LEASE EXPIRES = 2023-11-24 19:57:00
DNS SERV =
2023-11-24 19:57:00 Initialization Sequence Completed With Errors ( see http://openvpn.net/faq.html#dhcpclientserv )
2023-11-24 19:57:00 MANAGEMENT: >STATE:1700852220,CONNECTED,ERROR,10.42.24.5,192.109.16.72,1194,194.31.92.11,64575
2023-11-24 19:57:03 Closing TUN/TAP interface
[color=#0000FF]2023-11-24 19:57:04 NOTE: Release of DHCP-assigned IP address lease on TAP-Windows adapter failed: Falscher Parameter. (code=87)[/color]
Server configuration
port 1194
proto tcp
dev tun0
pkcs12 inselb-ovpn-server.pfx
dh dh2048.pem
topology subnet
server 10.42.24.0 255.255.255.0
push "route 194.31.92.0 255.255.255.0"
client-config-dir ccd
ccd-exclusive
keepalive 10 60
push "explicit-exit-notify 2"
tls-auth ta.key 0 # This file is secret
tls-version-min 1.0
tls-version-max 1.2
cipher AES-128-CBC # AES
cipher AES-256-CBC # AES
comp-lzo
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
verb 6
Client configuration
client
dev tun
# using tcp because of connectivity problems
proto tcp
remote 192.109.16.72 1194
resolv-retry infinite
nobind
persist-key
persist-tun
pkcs12 client.p12
remote-cert-tls server
tls-auth ta.key 1
tls-version-min 1.0
tls-version-max 1.2
cipher AES-256-CBC
comp-lzo
verb 3
The IP addresses and routes on the server look strange as well:
Code: Select all
server2:/etc/openvpn # ip addr
...
20: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 500
link/none
inet 10.42.24.1/24 scope global tun0
valid_lft forever preferred_lft forever
inet6 fe80::7931:f4b:1c01:81f3/64 scope link stable-privacy
valid_lft forever preferred_lft forever
Code: Select all
server2:/etc/openvpn # ip route
default via 192.109.16.65 dev eth0
10.42.24.0/24 dev tun0 proto kernel scope link src 10.42.24.1
192.109.16.64/26 dev eth0 proto kernel scope link src 192.109.16.72
Code: Select all
server1:/etc/openvpn # ip addr
...
32: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 100
link/[65534]
inet 10.71.17.1 peer 10.71.17.2/32 scope global tun0
Code: Select all
server1:/etc/openvpn # ip route | grep '^10.71'
10.71.17.2 dev tun0 proto kernel scope link src 10.71.17.1
10.71.17.0/24 via 10.71.17.2 dev tun0
Any useful hints are very welcome. I can provide more info anytime if needed.
Thanks in advance!
Stefan