Losing the will to live - Please help!!

Need help configuring your VPN? Just post here and you'll get that help.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
DanH
OpenVpn Newbie
Posts: 2
Joined: Wed Jun 01, 2011 11:31 pm

Losing the will to live - Please help!!

Post by DanH » Thu Jun 02, 2011 12:16 am

Hi,

I've been trying to get my configuration to work for about a fortnight now, and I've finally come to the conclusion that I definitely need help!!!

My Goal

To configure a router to act as a OpenVPN server on my work network so that I can connect from a PC at home and route all internet traffic through the tunnel and the server connection.

My Problem

The VPN connection seems to work fine; I can ping across the tunnel and if I do a trace route to a domain name from the client it reports that it is going through the tunnel and out of the server connection.

The problem is that I can't get the internet to work when my client machine is behind my home internet router; It works fine if I connect the client to the internet directly with a mobile dongle, and I can browse sites no problem, but if I try to connect my PC to my home network and connect to the internet through my ADSL modem / router, it still appears to connect fine, but I can't surf the internet any more.

Server

I've flashed a Linksys WRT54GL router with DD-WRT Linux firmware. The DD-WRT has OpenVPN 2.1.1 software embedded which I have enabled and configured as my server. This router has been installed on my work network behind the existing internet router. This is the server config;
push "route 192.168.54.0 255.255.255.0"
server 192.168.66.0 255.255.255.0

port 1194
dev tun0
proto udp
keepalive 10 120

dh /tmp/openvpn/dh.pem
ca /tmp/openvpn/ca.crt
cert /tmp/openvpn/cert.pem
key /tmp/openvpn/key.pem

management localhost 5001
The router has this firewall script;
iptables -I INPUT 1 -p udp --dport 1194 -j ACCEPT
iptables -I FORWARD 1 --source 192.168.66.0/24 -j ACCEPT
iptables -t nat -A POSTROUTING -o vlan1 -j MASQUERADE
Client

I have tried both Windows XP & Windows 7 machines and both OpenVPN versions 2.1.4 & 2.2.0 with this config;
remote myhost.dyndns.org 1194

port 1194
client
remote-cert-tls server
dev tun0
proto udp
resolv-retry infinite
nobind
persist-key
persist-tun
float

redirect-gateway def1
dhcp-option DNS 208.67.222.222
dhcp-option DNS 208.67.220.220

ca ca.crt
cert client1.crt
key client1.key
I think it's got to be some sort of NAT issue, but I can't get to the bottom of it.

Please help before my head explodes!!! :-(

Thanks,

Dan
Top
User avatar
janjust
Forum Team
Posts: 2703
Joined: Fri Aug 20, 2010 2:57 pm
Location: Amsterdam
Contact:
Contact janjust

Re: Losing the will to live - Please help!!

Post by janjust » Thu Jun 02, 2011 9:04 pm

can you post the (sanitized) client log when your client connects via your home router, esp with

Code: Select all

verb 5
set in the client config; also, try finding exactly what breaks in this setup : can you ping the VPN server at all? is DNS broken? is there a routing loop?
Top
DanH
OpenVpn Newbie
Posts: 2
Joined: Wed Jun 01, 2011 11:31 pm

Re: Losing the will to live - Please help!!

Post by DanH » Thu Jun 02, 2011 11:14 pm

Hi janjust,

To try and narrow down the problem, I did the following;
  • ping 192.168.54.1 - Successfully pinged the VPN server LAN IP
    ping 192.168.66.1 - Successfully pinged the VPN server virtual subnet IP
    Ping bbc.co.uk - Successfully resolved name and replied to ping
    tracert bbc.co.uk - Successful as first step was the VPN server virtual subnet IP then out through the server connection
So, the basic stuff is all good, what doesn't work is surfing through a browser (on Win 7 & XP with IE or Firefox)

To try to further narrow that down, I did the following;
  • Browse a site on my local LAN - Success
    Browse the remote management interface of the router running the VPN server using an external IP - Success
    Browse any other internet site - FAIL (Just sits there 'Waiting for response from domain.com')
So, still looks like some sort of NAT issue to me, but I can't see what I'm doing wrong.

Here's the client log;
Thu Jun 02 23:22:20 2011 us=232000 management_port = 0
Thu Jun 02 23:22:20 2011 us=247000 management_user_pass = '[UNDEF]'
Thu Jun 02 23:22:20 2011 us=247000 management_log_history_cache = 250
Thu Jun 02 23:22:20 2011 us=263000 management_echo_buffer_size = 100
Thu Jun 02 23:22:20 2011 us=263000 management_write_peer_info_file = '[UNDEF]'
Thu Jun 02 23:22:20 2011 us=278000 management_client_user = '[UNDEF]'
Thu Jun 02 23:22:20 2011 us=278000 management_client_group = '[UNDEF]'
Thu Jun 02 23:22:20 2011 us=278000 management_flags = 0
Thu Jun 02 23:22:20 2011 us=294000 shared_secret_file = '[UNDEF]'
Thu Jun 02 23:22:20 2011 us=294000 key_direction = 0
Thu Jun 02 23:22:20 2011 us=310000 ciphername_defined = ENABLED
Thu Jun 02 23:22:20 2011 us=310000 ciphername = 'BF-CBC'
Thu Jun 02 23:22:20 2011 us=310000 authname_defined = ENABLED
Thu Jun 02 23:22:20 2011 us=325000 authname = 'SHA1'
Thu Jun 02 23:22:20 2011 us=325000 prng_hash = 'SHA1'
Thu Jun 02 23:22:20 2011 us=325000 prng_nonce_secret_len = 16
Thu Jun 02 23:22:20 2011 us=341000 keysize = 0
Thu Jun 02 23:22:20 2011 us=341000 engine = DISABLED
Thu Jun 02 23:22:20 2011 us=341000 replay = ENABLED
Thu Jun 02 23:22:20 2011 us=356000 mute_replay_warnings = DISABLED
Thu Jun 02 23:22:20 2011 us=356000 replay_window = 64
Thu Jun 02 23:22:20 2011 us=372000 replay_time = 15
Thu Jun 02 23:22:20 2011 us=372000 packet_id_file = '[UNDEF]'
Thu Jun 02 23:22:20 2011 us=372000 use_iv = ENABLED
Thu Jun 02 23:22:20 2011 us=388000 test_crypto = DISABLED
Thu Jun 02 23:22:20 2011 us=388000 tls_server = DISABLED
Thu Jun 02 23:22:20 2011 us=388000 tls_client = ENABLED
Thu Jun 02 23:22:20 2011 us=403000 key_method = 2
Thu Jun 02 23:22:20 2011 us=403000 ca_file = 'ca.crt'
Thu Jun 02 23:22:20 2011 us=403000 ca_path = '[UNDEF]'
Thu Jun 02 23:22:20 2011 us=419000 dh_file = '[UNDEF]'
Thu Jun 02 23:22:20 2011 us=419000 cert_file = 'client1.crt'
Thu Jun 02 23:22:20 2011 us=434000 priv_key_file = 'client1.key'
Thu Jun 02 23:22:20 2011 us=434000 pkcs12_file = '[UNDEF]'
Thu Jun 02 23:22:20 2011 us=434000 cryptoapi_cert = '[UNDEF]'
Thu Jun 02 23:22:20 2011 us=450000 cipher_list = '[UNDEF]'
Thu Jun 02 23:22:20 2011 us=450000 tls_verify = '[UNDEF]'
Thu Jun 02 23:22:20 2011 us=466000 tls_remote = '[UNDEF]'
Thu Jun 02 23:22:20 2011 us=466000 crl_file = '[UNDEF]'
Thu Jun 02 23:22:20 2011 us=466000 ns_cert_type = 0
Thu Jun 02 23:22:20 2011 us=481000 remote_cert_ku = 160
Thu Jun 02 23:22:20 2011 us=481000 remote_cert_ku = 136
Thu Jun 02 23:22:20 2011 us=481000 remote_cert_ku = 0
Thu Jun 02 23:22:20 2011 us=497000 remote_cert_ku = 0
Thu Jun 02 23:22:20 2011 us=497000 remote_cert_ku = 0
Thu Jun 02 23:22:20 2011 us=497000 remote_cert_ku = 0
Thu Jun 02 23:22:20 2011 us=512000 remote_cert_ku = 0
Thu Jun 02 23:22:20 2011 us=512000 remote_cert_ku = 0
Thu Jun 02 23:22:20 2011 us=512000 remote_cert_ku = 0
Thu Jun 02 23:22:20 2011 us=528000 remote_cert_ku = 0
Thu Jun 02 23:22:20 2011 us=528000 remote_cert_ku[i] = 0
Thu Jun 02 23:22:20 2011 us=544000 remote_cert_ku[i] = 0
Thu Jun 02 23:22:20 2011 us=544000 remote_cert_ku[i] = 0
Thu Jun 02 23:22:20 2011 us=544000 remote_cert_ku[i] = 0
Thu Jun 02 23:22:20 2011 us=559000 remote_cert_ku[i] = 0
Thu Jun 02 23:22:20 2011 us=559000 remote_cert_ku[i] = 0
Thu Jun 02 23:22:20 2011 us=559000 remote_cert_eku = 'TLS Web Server Authentication'
Thu Jun 02 23:22:20 2011 us=575000 tls_timeout = 2
Thu Jun 02 23:22:20 2011 us=575000 renegotiate_bytes = 0
Thu Jun 02 23:22:20 2011 us=590000 renegotiate_packets = 0
Thu Jun 02 23:22:20 2011 us=590000 renegotiate_seconds = 3600
Thu Jun 02 23:22:20 2011 us=590000 handshake_window = 60
Thu Jun 02 23:22:20 2011 us=606000 transition_window = 3600
Thu Jun 02 23:22:20 2011 us=606000 single_session = DISABLED
Thu Jun 02 23:22:20 2011 us=606000 push_peer_info = DISABLED
Thu Jun 02 23:22:20 2011 us=622000 tls_exit = DISABLED
Thu Jun 02 23:22:20 2011 us=622000 tls_auth_file = '[UNDEF]'
Thu Jun 02 23:22:20 2011 us=637000 pkcs11_protected_authentication = DISABLED
Thu Jun 02 23:22:20 2011 us=637000 pkcs11_protected_authentication = DISABLED
Thu Jun 02 23:22:20 2011 us=637000 pkcs11_protected_authentication = DISABLED
Thu Jun 02 23:22:20 2011 us=653000 pkcs11_protected_authentication = DISABLED
Thu Jun 02 23:22:20 2011 us=653000 pkcs11_protected_authentication = DISABLED
Thu Jun 02 23:22:20 2011 us=668000 pkcs11_protected_authentication = DISABLED
Thu Jun 02 23:22:20 2011 us=668000 pkcs11_protected_authentication = DISABLED
Thu Jun 02 23:22:20 2011 us=684000 pkcs11_protected_authentication = DISABLED
Thu Jun 02 23:22:20 2011 us=684000 pkcs11_protected_authentication = DISABLED
Thu Jun 02 23:22:20 2011 us=700000 pkcs11_protected_authentication = DISABLED
Thu Jun 02 23:22:20 2011 us=700000 pkcs11_protected_authentication = DISABLED
Thu Jun 02 23:22:20 2011 us=715000 pkcs11_protected_authentication = DISABLED
Thu Jun 02 23:22:20 2011 us=715000 pkcs11_protected_authentication = DISABLED
Thu Jun 02 23:22:20 2011 us=731000 pkcs11_protected_authentication = DISABLED
Thu Jun 02 23:22:20 2011 us=746000 pkcs11_protected_authentication = DISABLED
Thu Jun 02 23:22:20 2011 us=746000 pkcs11_protected_authentication = DISABLED
Thu Jun 02 23:22:20 2011 us=762000 pkcs11_private_mode = 00000000
Thu Jun 02 23:22:20 2011 us=778000 pkcs11_private_mode = 00000000
Thu Jun 02 23:22:20 2011 us=778000 pkcs11_private_mode = 00000000
Thu Jun 02 23:22:20 2011 us=793000 pkcs11_private_mode = 00000000
Thu Jun 02 23:22:20 2011 us=793000 pkcs11_private_mode = 00000000
Thu Jun 02 23:22:20 2011 us=809000 pkcs11_private_mode = 00000000
Thu Jun 02 23:22:20 2011 us=809000 pkcs11_private_mode = 00000000
Thu Jun 02 23:22:20 2011 us=809000 pkcs11_private_mode = 00000000
Thu Jun 02 23:22:20 2011 us=825000 pkcs11_private_mode = 00000000
Thu Jun 02 23:22:20 2011 us=825000 pkcs11_private_mode = 00000000
Thu Jun 02 23:22:20 2011 us=840000 pkcs11_private_mode = 00000000
Thu Jun 02 23:22:20 2011 us=840000 pkcs11_private_mode = 00000000
Thu Jun 02 23:22:20 2011 us=840000 pkcs11_private_mode = 00000000
Thu Jun 02 23:22:20 2011 us=856000 pkcs11_private_mode = 00000000
Thu Jun 02 23:22:20 2011 us=856000 pkcs11_private_mode = 00000000
Thu Jun 02 23:22:20 2011 us=871000 pkcs11_private_mode = 00000000
Thu Jun 02 23:22:20 2011 us=871000 pkcs11_cert_private = DISABLED
Thu Jun 02 23:22:20 2011 us=887000 pkcs11_cert_private = DISABLED
Thu Jun 02 23:22:20 2011 us=887000 pkcs11_cert_private = DISABLED
Thu Jun 02 23:22:20 2011 us=887000 pkcs11_cert_private = DISABLED
Thu Jun 02 23:22:20 2011 us=903000 pkcs11_cert_private = DISABLED
Thu Jun 02 23:22:20 2011 us=903000 pkcs11_cert_private = DISABLED
Thu Jun 02 23:22:20 2011 us=918000 pkcs11_cert_private = DISABLED
Thu Jun 02 23:22:20 2011 us=918000 pkcs11_cert_private = DISABLED
Thu Jun 02 23:22:20 2011 us=918000 pkcs11_cert_private = DISABLED
Thu Jun 02 23:22:20 2011 us=934000 pkcs11_cert_private = DISABLED
Thu Jun 02 23:22:20 2011 us=934000 pkcs11_cert_private = DISABLED
Thu Jun 02 23:22:20 2011 us=949000 pkcs11_cert_private = DISABLED
Thu Jun 02 23:22:20 2011 us=949000 pkcs11_cert_private = DISABLED
Thu Jun 02 23:22:20 2011 us=965000 pkcs11_cert_private = DISABLED
Thu Jun 02 23:22:20 2011 us=965000 pkcs11_cert_private = DISABLED
Thu Jun 02 23:22:20 2011 us=981000 pkcs11_cert_private = DISABLED
Thu Jun 02 23:22:20 2011 us=981000 pkcs11_pin_cache_period = -1
Thu Jun 02 23:22:20 2011 us=981000 pkcs11_id = '[UNDEF]'
Thu Jun 02 23:22:20 2011 us=996000 pkcs11_id_management = DISABLED
Thu Jun 02 23:22:21 2011 us=12000 server_network = 0.0.0.0
Thu Jun 02 23:22:21 2011 us=12000 server_netmask = 0.0.0.0
Thu Jun 02 23:22:21 2011 us=27000 server_bridge_ip = 0.0.0.0
Thu Jun 02 23:22:21 2011 us=27000 server_bridge_netmask = 0.0.0.0
Thu Jun 02 23:22:21 2011 us=27000 server_bridge_pool_start = 0.0.0.0
Thu Jun 02 23:22:21 2011 us=43000 server_bridge_pool_end = 0.0.0.0
Thu Jun 02 23:22:21 2011 us=43000 ifconfig_pool_defined = DISABLED
Thu Jun 02 23:22:21 2011 us=59000 ifconfig_pool_start = 0.0.0.0
Thu Jun 02 23:22:21 2011 us=59000 ifconfig_pool_end = 0.0.0.0
Thu Jun 02 23:22:21 2011 us=74000 ifconfig_pool_netmask = 0.0.0.0
Thu Jun 02 23:22:21 2011 us=74000 ifconfig_pool_persist_filename = '[UNDEF]'
Thu Jun 02 23:22:21 2011 us=90000 ifconfig_pool_persist_refresh_freq = 600
Thu Jun 02 23:22:21 2011 us=90000 n_bcast_buf = 256
Thu Jun 02 23:22:21 2011 us=105000 tcp_queue_limit = 64
Thu Jun 02 23:22:21 2011 us=105000 real_hash_size = 256
Thu Jun 02 23:22:21 2011 us=105000 virtual_hash_size = 256
Thu Jun 02 23:22:21 2011 us=121000 client_connect_script = '[UNDEF]'
Thu Jun 02 23:22:21 2011 us=121000 learn_address_script = '[UNDEF]'
Thu Jun 02 23:22:21 2011 us=137000 client_disconnect_script = '[UNDEF]'
Thu Jun 02 23:22:21 2011 us=137000 client_config_dir = '[UNDEF]'
Thu Jun 02 23:22:21 2011 us=152000 ccd_exclusive = DISABLED
Thu Jun 02 23:22:21 2011 us=152000 tmp_dir = '[UNDEF]'
Thu Jun 02 23:22:21 2011 us=152000 push_ifconfig_defined = DISABLED
Thu Jun 02 23:22:21 2011 us=168000 push_ifconfig_local = 0.0.0.0
Thu Jun 02 23:22:21 2011 us=168000 push_ifconfig_remote_netmask = 0.0.0.0
Thu Jun 02 23:22:21 2011 us=183000 enable_c2c = DISABLED
Thu Jun 02 23:22:21 2011 us=183000 duplicate_cn = DISABLED
Thu Jun 02 23:22:21 2011 us=183000 cf_max = 0
Thu Jun 02 23:22:21 2011 us=199000 cf_per = 0
Thu Jun 02 23:22:21 2011 us=199000 max_clients = 1024
Thu Jun 02 23:22:21 2011 us=199000 max_routes_per_client = 256
Thu Jun 02 23:22:21 2011 us=215000 auth_user_pass_verify_script = '[UNDEF]'
Thu Jun 02 23:22:21 2011 us=215000 auth_user_pass_verify_script_via_file = DISABLED
Thu Jun 02 23:22:21 2011 us=230000 ssl_flags = 0
Thu Jun 02 23:22:21 2011 us=230000 client = ENABLED
Thu Jun 02 23:22:21 2011 us=230000 pull = ENABLED
Thu Jun 02 23:22:21 2011 us=246000 auth_user_pass_file = '[UNDEF]'
Thu Jun 02 23:22:21 2011 us=246000 show_net_up = DISABLED
Thu Jun 02 23:22:21 2011 us=261000 route_method = 0
Thu Jun 02 23:22:21 2011 us=261000 ip_win32_defined = DISABLED
Thu Jun 02 23:22:21 2011 us=261000 ip_win32_type = 3
Thu Jun 02 23:22:21 2011 us=277000 dhcp_masq_offset = 0
Thu Jun 02 23:22:21 2011 us=277000 dhcp_lease_time = 31536000
Thu Jun 02 23:22:21 2011 us=277000 tap_sleep = 0
Thu Jun 02 23:22:21 2011 us=293000 dhcp_options = ENABLED
Thu Jun 02 23:22:21 2011 us=293000 dhcp_renew = DISABLED
Thu Jun 02 23:22:21 2011 us=293000 dhcp_pre_release = DISABLED
Thu Jun 02 23:22:21 2011 us=308000 dhcp_release = DISABLED
Thu Jun 02 23:22:21 2011 us=308000 domain = '[UNDEF]'
Thu Jun 02 23:22:21 2011 us=324000 netbios_scope = '[UNDEF]'
Thu Jun 02 23:22:21 2011 us=324000 netbios_node_type = 0
Thu Jun 02 23:22:21 2011 us=324000 disable_nbt = DISABLED
Thu Jun 02 23:22:21 2011 us=339000 DNS[0] = 208.67.222.222
Thu Jun 02 23:22:21 2011 us=339000 DNS[1] = 208.67.220.220
Thu Jun 02 23:22:21 2011 us=355000 OpenVPN 2.1.4 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Nov 8 2010
Thu Jun 02 23:22:21 2011 us=433000 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Thu Jun 02 23:22:21 2011 us=917000 Control Channel MTU parms [ L:1541 D:138 EF:38 EB:0 ET:0 EL:0 ]
Thu Jun 02 23:22:21 2011 us=917000 Socket Buffers: R=[8192->8192] S=[8192->8192]
Thu Jun 02 23:22:21 2011 us=932000 Data Channel MTU parms [ L:1541 D:1450 EF:41EB:4 ET:0 EL:0 ]
Thu Jun 02 23:22:21 2011 us=948000 Local Options String: 'V4,dev-type tun,link-mtu 1541,tun-mtu 1500,proto UDPv4,cipher BF-CBC,auth SHA1,keysize 128,key-method2,tls-client'
Thu Jun 02 23:22:21 2011 us=963000 Expected Remote Options String: 'V4,dev-typetun,link-mtu 1541,tun-mtu 1500,proto UDPv4,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Thu Jun 02 23:22:21 2011 us=979000 Local Options hash (VER=V4): '3514370b'
Thu Jun 02 23:22:21 2011 us=995000 Expected Remote Options hash (VER=V4): '239669a8'
Thu Jun 02 23:22:21 2011 us=995000 UDPv4 link local: [undef]
Thu Jun 02 23:22:22 2011 us=10000 UDPv4 link remote: xxx.xxx.xxx.xxx:1194
Thu Jun 02 23:22:22 2011 us=104000 TLS: Initial packet from xxx.xxx.xxx.xxx:1194, sid=a08bd15e 30ea0d06
Thu Jun 02 23:22:22 2011 us=884000 VERIFY OK: depth=1, /C=UK/ST=UK/L=UK/O=OpenVPN/CN=OpenVPN-CA/emailAddress=mail@host.domain
Thu Jun 02 23:22:22 2011 us=899000 Validating certificate key usage
Thu Jun 02 23:22:22 2011 us=899000 ++ Certificate has key usage 00a0, expects 00a0
Thu Jun 02 23:22:22 2011 us=915000 VERIFY KU OK
Thu Jun 02 23:22:22 2011 us=915000 Validating certificate extended key usage
Thu Jun 02 23:22:22 2011 us=915000 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Thu Jun 02 23:22:22 2011 us=931000 VERIFY EKU OK
Thu Jun 02 23:22:22 2011 us=931000 VERIFY OK: depth=0, /C=UK/ST=UK/O=OpenVPN/CN=server/emailAddress=mail@host.domain
Thu Jun 02 23:22:23 2011 us=820000 NOTE: Options consistency check may be skewed by version differences
Thu Jun 02 23:22:23 2011 us=851000 WARNING: 'version' is used inconsistently, local='version V4', remote='version V0 UNDEF'
Thu Jun 02 23:22:23 2011 us=898000 WARNING: 'dev-type' is present in local config but missing in remote config, local='dev-type tun'
Thu Jun 02 23:22:23 2011 us=929000 WARNING: 'link-mtu' is present in local config but missing in remote config, local='link-mtu 1541'
Thu Jun 02 23:22:23 2011 us=960000 WARNING: 'tun-mtu' is present in local config but missing in remote config, local='tun-mtu 1500'
Thu Jun 02 23:22:23 2011 us=976000 WARNING: 'proto' is present in local config but missing in remote config, local='proto UDPv4'
Thu Jun 02 23:22:23 2011 us=991000 WARNING: 'cipher' is present in local configbut missing in remote config, local='cipher BF-CBC'
Thu Jun 02 23:22:24 2011 us=7000 WARNING: 'auth' is present in local config butmissing in remote config, local='auth SHA1'
Thu Jun 02 23:22:24 2011 us=23000 WARNING: 'keysize' is present in local configbut missing in remote config, local='keysize 128'
Thu Jun 02 23:22:24 2011 us=23000 WARNING: 'key-method' is present in local config but missing in remote config, local='key-method 2'
Thu Jun 02 23:22:24 2011 us=38000 WARNING: 'tls-server' is present in local config but missing in remote config, local='tls-server'
Thu Jun 02 23:22:24 2011 us=54000 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Jun 02 23:22:24 2011 us=54000 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Jun 02 23:22:24 2011 us=69000 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Jun 02 23:22:24 2011 us=85000 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Jun 02 23:22:24 2011 us=85000 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Thu Jun 02 23:22:24 2011 us=101000 [server] Peer Connection Initiated with xxx.xxx.xxx.xxx:1194
Thu Jun 02 23:22:26 2011 us=316000 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Thu Jun 02 23:22:26 2011 us=378000 PUSH: Received control message: 'PUSH_REPLY,route 192.168.54.0 255.255.255.0,route 192.168.66.1,topology net30,ping 10,ping-restart 120,ifconfig 192.168.66.6 192.168.66.5'
Thu Jun 02 23:22:26 2011 us=441000 OPTIONS IMPORT: timers and/or timeouts modified
Thu Jun 02 23:22:26 2011 us=472000 OPTIONS IMPORT: --ifconfig/up options modified
Thu Jun 02 23:22:26 2011 us=487000 OPTIONS IMPORT: route options modified
Thu Jun 02 23:22:26 2011 us=534000 ROUTE default_gateway=192.168.0.1
Thu Jun 02 23:22:26 2011 us=597000 TAP-WIN32 device [Local Area Connection 2] opened: \\.\Global\{EA8C5F88-F5ED-49E7-AE58-297A1B5118D3}.tap
Thu Jun 02 23:22:26 2011 us=628000 TAP-Win32 Driver Version 9.7
Thu Jun 02 23:22:26 2011 us=643000 TAP-Win32 MTU=1500
Thu Jun 02 23:22:26 2011 us=659000 Notified TAP-Win32 driver to set a DHCP IP/netmask of 192.168.66.6/255.255.255.252 on interface {EA8C5F88-F5ED-49E7-AE58-297A1B5118D3} [DHCP-serv: 192.168.66.5, lease-time: 31536000]
Thu Jun 02 23:22:26 2011 us=706000 DHCP option string: 0608d043 deded043 dcdc
Thu Jun 02 23:22:26 2011 us=706000 Successful ARP Flush on interface [19] {EA8C5F88-F5ED-49E7-AE58-297A1B5118D3}
Thu Jun 02 23:22:31 2011 us=854000 TEST ROUTES: 3/3 succeeded len=2 ret=1 a=0 u/d=up
Thu Jun 02 23:22:31 2011 us=869000 C:\WINDOWS\system32\route.exe ADD xxx.xxx.xxx.xxx MASK 255.255.255.255 192.168.0.1
Thu Jun 02 23:22:31 2011 us=885000 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
Thu Jun 02 23:22:31 2011 us=901000 Route addition via IPAPI succeeded [adaptive]
Thu Jun 02 23:22:31 2011 us=916000 C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 192.168.66.5
Thu Jun 02 23:22:31 2011 us=932000 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Thu Jun 02 23:22:31 2011 us=947000 Route addition via IPAPI succeeded [adaptive]
Thu Jun 02 23:22:31 2011 us=947000 C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 192.168.66.5
Thu Jun 02 23:22:31 2011 us=963000 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Thu Jun 02 23:22:31 2011 us=979000 Route addition via IPAPI succeeded [adaptive]
Thu Jun 02 23:22:32 2011 us=10000 C:\WINDOWS\system32\route.exe ADD 192.168.54.0 MASK 255.255.255.0 192.168.66.5
Thu Jun 02 23:22:32 2011 us=25000 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Thu Jun 02 23:22:32 2011 us=41000 Route addition via IPAPI succeeded [adaptive]
Thu Jun 02 23:22:32 2011 us=57000 C:\WINDOWS\system32\route.exe ADD 192.168.66.1 MASK 255.255.255.255 192.168.66.5
Thu Jun 02 23:22:32 2011 us=88000 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Thu Jun 02 23:22:32 2011 us=103000 Route addition via IPAPI succeeded [adaptive]
Thu Jun 02 23:22:32 2011 us=119000 Initialization Sequence Completed


Thanks,

Dan
Top
User avatar
janjust
Forum Team
Posts: 2703
Joined: Fri Aug 20, 2010 2:57 pm
Location: Amsterdam
Contact:
Contact janjust

Re: Losing the will to live - Please help!!

Post by janjust » Sat Jun 04, 2011 9:13 pm

if 'tracert' to a remote site is working then OpenVPN's job is basically done - everything beyond that is a browser configuration issue. Check the internet settings in your browsers - do they automatically pick up a proxy host?

However, the client log shows
Thu Jun 02 23:22:23 2011 us=820000 NOTE: Options consistency check may be skewed by version differences
Thu Jun 02 23:22:23 2011 us=851000 WARNING: 'version' is used inconsistently, local='version V4', remote='version V0 UNDEF'
Thu Jun 02 23:22:23 2011 us=898000 WARNING: 'dev-type' is present in local config but missing in remote config, local='dev-type tun'
this is worrisome , as it suggests that traffic between client and server is getting garbled. Make sure there is no firewall blocking access and also check the server log for similar messages.
Top
Post Reply

Return to “Configuration”