Strange behavior: IP pushed as netmask?

sbrunthaler · Post by **sbrunthaler** » Fri Nov 24, 2023 8:01 pm

Hi,

my first post here, so please bear with me.

I am trying to configure a new OpenVPN server, copying an existing configuration.

Server: OpenVPN community edition from Open SuSE 15.4 distro, version 2.5.3, on OS 15.4
Client: Windows 10 and 11, OpenVPN community edition, version 2.6.8.

The connection cannot be established, neither from Win 10 nor 11, and I found this in the client log:

Code: Select all

2023-11-24 19:56:25 TAP-Windows Driver Version 9.26 
2023-11-24 19:56:25 Set TAP-Windows TUN subnet mode network/local/netmask = 10.42.24.4/10.42.24.5/10.42.24.6 [SUCCEEDED]
2023-11-24 19:56:25 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.42.24.5/10.42.24.6 on interface {9C9CF993-E31B-4A25-ADE2-B9BD8C0D7F38} [DHCP-serv: 10.42.24.4, lease-time: 31536000]
2023-11-24 19:56:25 Successful ARP Flush on interface [15] {9C9CF993-E31B-4A25-ADE2-B9BD8C0D7F38}
2023-11-24 19:56:25 MANAGEMENT: >STATE:1700852185,ASSIGN_IP,,10.42.24.5,,,,
2023-11-24 19:56:25 IPv4 MTU set to 1500 on interface 15 using service
2023-11-24 19:56:25 Data Channel: cipher 'AES-256-GCM', peer-id: 0, compression: 'lzo'
2023-11-24 19:56:25 Timers: ping 10, ping-restart 60
2023-11-24 19:56:30 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
2023-11-24 19:56:30 Route: Waiting for TUN/TAP interface to come up...

and later (a little lengthy, sorry), read to the end:

Code: Select all

2023-11-24 19:57:00 MANAGEMENT: >STATE:1700852220,ADD_ROUTES,,,,,,
2023-11-24 19:57:00 C:\windows\system32\route.exe ADD 194.31.92.0 MASK 255.255.255.0 10.42.24.1
2023-11-24 19:57:00 Warning: route gateway is not reachable on any active network adapters: 10.42.24.1
SYSTEM ROUTING TABLE
0.0.0.0 0.0.0.0 194.31.92.111 p=0 i=13 t=4 pr=3 a=119476 h=0 m=25/0/0/0/0
127.0.0.0 255.0.0.0 127.0.0.1 p=0 i=1 t=3 pr=2 a=174368 h=0 m=331/0/0/0/0
127.0.0.1 255.255.255.255 127.0.0.1 p=0 i=1 t=3 pr=2 a=174368 h=0 m=331/0/0/0/0
127.255.255.255 255.255.255.255 127.0.0.1 p=0 i=1 t=3 pr=2 a=174368 h=0 m=331/0/0/0/0
194.31.92.0 255.255.255.0 194.31.92.11 p=0 i=13 t=3 pr=2 a=8707 h=0 m=281/0/0/0/0
194.31.92.11 255.255.255.255 194.31.92.11 p=0 i=13 t=3 pr=2 a=8707 h=0 m=281/0/0/0/0
194.31.92.255 255.255.255.255 194.31.92.11 p=0 i=13 t=3 pr=2 a=8707 h=0 m=281/0/0/0/0
224.0.0.0 240.0.0.0 127.0.0.1 p=0 i=1 t=3 pr=2 a=174368 h=0 m=331/0/0/0/0
224.0.0.0 240.0.0.0 0.0.0.0 p=0 i=15 t=3 pr=2 a=174363 h=0 m=262/0/0/0/0
224.0.0.0 240.0.0.0 194.31.92.11 p=0 i=13 t=3 pr=2 a=174363 h=0 m=281/0/0/0/0
255.255.255.255 255.255.255.255 127.0.0.1 p=0 i=1 t=3 pr=2 a=174368 h=0 m=331/0/0/0/0
255.255.255.255 255.255.255.255 0.0.0.0 p=0 i=15 t=3 pr=2 a=174363 h=0 m=262/0/0/0/0
255.255.255.255 255.255.255.255 194.31.92.11 p=0 i=13 t=3 pr=2 a=174363 h=0 m=281/0/0/0/0
SYSTEM ADAPTER LIST
Realtek Gaming GbE Family Controller
  Index = 13
  GUID = {8F9BB747-82EC-4F36-8128-241F66AE26ED}
  IP = 194.31.92.11/255.255.255.0 
  MAC = e0:73:e7:cb:61:5d
  GATEWAY = 194.31.92.111/255.255.255.255 
  DHCP SERV = 194.31.92.111/255.255.255.255 
  DHCP LEASE OBTAINED = 2023-11-24 19:56:22
  DHCP LEASE EXPIRES  = 2023-11-24 20:06:22
  DNS SERV = 194.31.92.113/255.255.255.255 194.31.92.13/255.255.255.255 192.109.16.71/255.255.255.255 
Bluetooth Device (Personal Area Network)
  Index = 4
  GUID = {1E24633D-24B4-4BC5-AADB-47CA06D153A2}
  IP = 0.0.0.0/0.0.0.0 
  MAC = 2c:3b:70:fc:fe:86
  GATEWAY = 0.0.0.0/255.255.255.255 
  DHCP SERV =  
  DHCP LEASE OBTAINED = 2023-11-24 19:57:00
  DHCP LEASE EXPIRES  = 2023-11-24 19:57:00
  DNS SERV =  
ExpressVPN TUN Driver
  Index = 16
  GUID = {A00D4A87-CACB-43E2-93CC-01FE81B891EC}
  IP = 0.0.0.0/0.0.0.0 
  MAC = 
  GATEWAY = 0.0.0.0/255.255.255.255 
  DNS SERV =  
Wintun Userspace Tunnel
  Index = 6
  GUID = {30E123AF-F5F1-403F-BC82-7E75B96435AF}
  IP = 0.0.0.0/0.0.0.0 
  MAC = 
  GATEWAY = 0.0.0.0/255.255.255.255 
  DHCP SERV =  
  DHCP LEASE OBTAINED = 2023-11-24 19:57:00
  DHCP LEASE EXPIRES  = 2023-11-24 19:57:00
  DNS SERV =  
TAP-Windows Adapter V9
  Index = 15
  GUID = {9C9CF993-E31B-4A25-ADE2-B9BD8C0D7F38}
  IP = 169.254.152.180/255.255.0.0 
  MAC = 00:ff:9c:9c:f9:93
  GATEWAY = 0.0.0.0/255.255.255.255 
  DHCP SERV = 0.0.0.0/255.255.255.255 
  DHCP LEASE OBTAINED = 2023-11-24 19:57:00
  DHCP LEASE EXPIRES  = 2023-11-24 19:57:00
  DNS SERV =  
OpenVPN Data Channel Offload
  Index = 21
  GUID = {FD6A5852-B367-4B71-9675-353DF388C15A}
  IP = 0.0.0.0/0.0.0.0 
  MAC = 
  GATEWAY = 0.0.0.0/255.255.255.255 
  DHCP SERV =  
  DHCP LEASE OBTAINED = 2023-11-24 19:57:00
  DHCP LEASE EXPIRES  = 2023-11-24 19:57:00
  DNS SERV =  
MediaTek MT7921 Wi-Fi 6 802.11ax PCIe Adapter
  Index = 9
  GUID = {78603504-FB3E-401F-A425-371040FEE0D2}
  IP = 0.0.0.0/0.0.0.0 
  MAC = 2c:3b:70:fc:fe:87
  GATEWAY = 192.168.62.100/255.255.255.255 
  DHCP SERV =  
  DHCP LEASE OBTAINED = 2023-11-24 19:57:00
  DHCP LEASE EXPIRES  = 2023-11-24 19:57:00
  DNS SERV =  
Microsoft Wi-Fi Direct Virtual Adapter
  Index = 8
  GUID = {5372E132-6D31-4860-B2E7-C5F95B074364}
  IP = 0.0.0.0/0.0.0.0 
  MAC = 2e:3b:70:fc:fe:a7
  GATEWAY = 0.0.0.0/255.255.255.255 
  DHCP SERV =  
  DHCP LEASE OBTAINED = 2023-11-24 19:57:00
  DHCP LEASE EXPIRES  = 2023-11-24 19:57:00
  DNS SERV =  
Microsoft Wi-Fi Direct Virtual Adapter #2
  Index = 12
  GUID = {8488457A-F278-4B01-A275-6D74EFE67047}
  IP = 0.0.0.0/0.0.0.0 
  MAC = 2e:3b:70:fc:fe:b7
  GATEWAY = 0.0.0.0/255.255.255.255 
  DHCP SERV =  
  DHCP LEASE OBTAINED = 2023-11-24 19:57:00
  DHCP LEASE EXPIRES  = 2023-11-24 19:57:00
  DNS SERV =  
2023-11-24 19:57:00 Initialization Sequence Completed With Errors ( see http://openvpn.net/faq.html#dhcpclientserv )
2023-11-24 19:57:00 MANAGEMENT: >STATE:1700852220,CONNECTED,ERROR,10.42.24.5,192.109.16.72,1194,194.31.92.11,64575
2023-11-24 19:57:03 Closing TUN/TAP interface
[color=#0000FF]2023-11-24 19:57:04 NOTE: Release of DHCP-assigned IP address lease on TAP-Windows adapter failed: Falscher Parameter.   (code=87)[/color]

Server configuration

port 1194
proto tcp
dev tun0
pkcs12 inselb-ovpn-server.pfx
dh dh2048.pem
topology subnet
server 10.42.24.0 255.255.255.0
push "route 194.31.92.0 255.255.255.0"
client-config-dir ccd
ccd-exclusive
keepalive 10 60
push "explicit-exit-notify 2"
tls-auth ta.key 0 # This file is secret
tls-version-min 1.0
tls-version-max 1.2
cipher AES-128-CBC # AES
cipher AES-256-CBC # AES
comp-lzo
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
verb 6

Client configuration

client
dev tun

# using tcp because of connectivity problems
proto tcp

remote 192.109.16.72 1194
resolv-retry infinite
nobind
persist-key
persist-tun
pkcs12 client.p12
remote-cert-tls server
tls-auth ta.key 1
tls-version-min 1.0
tls-version-max 1.2
cipher AES-256-CBC
comp-lzo
verb 3

The IP addresses and routes on the server look strange as well:

Code: Select all

server2:/etc/openvpn # ip  addr
...
20: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 500
    link/none
    inet 10.42.24.1/24 scope global tun0
       valid_lft forever preferred_lft forever
    inet6 fe80::7931:f4b:1c01:81f3/64 scope link stable-privacy
       valid_lft forever preferred_lft forever

Code: Select all

server2:/etc/openvpn # ip route
default via 192.109.16.65 dev eth0
10.42.24.0/24 dev tun0 proto kernel scope link src 10.42.24.1
192.109.16.64/26 dev eth0 proto kernel scope link src 192.109.16.72

On the similar configured WORKING machine, things look different:

Code: Select all

server1:/etc/openvpn # ip addr
...
32: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 100
    link/[65534]
    inet 10.71.17.1 peer 10.71.17.2/32 scope global tun0

Code: Select all

server1:/etc/openvpn # ip route | grep '^10.71'
10.71.17.2 dev tun0  proto kernel  scope link  src 10.71.17.1
10.71.17.0/24 via 10.71.17.2 dev tun0

Any useful hints are very welcome. I can provide more info anytime if needed.

Thanks in advance!

Stefan