[Closed] Client can access LAN but no internet Tunnelblick

This forum is for all inquiries relating to the installation of OpenVPN from source and with binaries.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please visit (and READ) the OpenVPN HowTo http://openvpn.net/howto prior to asking any questions in here!
Locked
jjd
OpenVpn Newbie
Posts: 5
Joined: Fri Sep 20, 2013 11:26 pm

[Closed] Client can access LAN but no internet Tunnelblick

Post by jjd » Fri Sep 20, 2013 11:43 pm

Im sure this is something simple I missed but can't seem to figure it out, I have searched the forum and google but no answer seems to work.

I decided its time to upgrade my pptp server so I built a new ubuntu server running Ubuntu 12.04.3 LTS it serves a dev website for my local LAN as well as the openvpn server.

I have got it working in that my Clients can connect remotely and access local LAN resources however I would like them to use the VPN for all data when connected so I require internet as well.

My setup:

LAN 10.10.147.0/24
Router 10.10.147.1
Ubuntu Server 10.10.147.5

OpenVPN 10.8.0.0

I have set a static route on my router to 10.8.0.0/24 to 10.10.147.5
I do have IP Forwarding enabled on my server.

I can ping from my LAN to any VPN Client with no issue

my server.conf file

Code: Select all

port 1194
proto udp
dev tun
ca ca.crt
cert ubuntu.crt
key ubuntu.key
dh dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 10.10.147.0 255.255.255.0"
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3

My client config

Code: Select all

client
dev tun
proto udp
remote vpn.server.com 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client1.crt
key client1.key
comp-lzo
verb 3
redirect-gateway
any help would be greatly appreciated!
Thanks!
Last edited by debbie10t on Tue Feb 18, 2014 11:23 pm, edited 1 time in total.
Reason: [Closed]
Top
jjd
OpenVpn Newbie
Posts: 5
Joined: Fri Sep 20, 2013 11:26 pm

Re: Client can access LAN but no internet

Post by jjd » Thu Sep 26, 2013 1:18 am

ok logs i can do!

when generating the logs all I did was connect to the server and try to navigate to google.com then disconected

client side log

Code: Select all

Tunnelblick Log:

2013-09-25 18:36:16 *Tunnelblick: OS X 10.8.4; Tunnelblick 3.3.0 (build 3518)
2013-09-25 18:36:16 *Tunnelblick: Attempting connection with ubuntu using shadow copy; Set nameserver = 1; monitoring connection
2013-09-25 18:36:16 *Tunnelblick: openvpnstart start ubuntu.tblk 1337 1 0 1 0 305 -atADGNWradsgnw 
2013-09-25 18:36:17 *Tunnelblick: openvpnstart log:
     Loading tun.kext
     
     OpenVPN started successfully. Command used to start OpenVPN (one argument per displayed line):
     
          /Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.2.1/openvpn
          --cd
          /Library/Application Support/Tunnelblick/Users/jdetmold/ubuntu.tblk/Contents/Resources
          --daemon
          --management
          127.0.0.1
          1337
          --config
          /Library/Application Support/Tunnelblick/Users/jdetmold/ubuntu.tblk/Contents/Resources/config.ovpn
          --log
          /Library/Application Support/Tunnelblick/Logs/-SUsers-Sjdetmold-SLibrary-SApplication Support-STunnelblick-SConfigurations-Subuntu.tblk-SContents-SResources-Sconfig.ovpn.1_0_1_0_305.1337.openvpn.log
          --management-query-passwords
          --management-hold
          --script-security
          2
          --up
          /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -m -w -d -f -atADGNWradsgnw
          --down
          /Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -m -w -d -f -atADGNWradsgnw
          --up-restart

2013-09-25 18:36:16 OpenVPN 2.2.1 i386-apple-darwin10.8.0 [SSL] [LZO2] [PKCS11] [eurephia] built on Jul 22 2013
2013-09-25 18:36:16 MANAGEMENT: TCP Socket listening on 127.0.0.1:1337
2013-09-25 18:36:16 Need hold release from management interface, waiting...
2013-09-25 18:36:16 *Tunnelblick: openvpnstart starting OpenVPN:
                    *                    /Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.2.1/openvpn --cd /Library/Application Support/Tunnelblick/Users/jdetmold/ubuntu.tblk/Contents/Resources --daemon --management 127.0.0.1 1337 --config /Library/Application Support/Tunnelblick/Users/jdetmold/ubuntu.tblk/Contents/Resources/config.ovpn --log /Library/Application Support/Tunnelblick/Logs/-SUsers-Sjdetmold-SLibrary-SApplication Support-STunnelblick-SConfigurations-Subuntu.tblk-SContents-SResources-Sconfig.ovpn.1_0_1_0_305.1337.openvpn.log --management-query-passwords --management-hold --script-security 2 --up /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -m -w -d -f -atADGNWradsgnw --down /Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -m -w -d -f -atADGNWradsgnw --up-restart
2013-09-25 18:36:17 *Tunnelblick: Established communication with OpenVPN
2013-09-25 18:36:17 MANAGEMENT: Client connected from 127.0.0.1:1337
2013-09-25 18:36:17 MANAGEMENT: CMD 'pid'
2013-09-25 18:36:17 MANAGEMENT: CMD 'state on'
2013-09-25 18:36:17 MANAGEMENT: CMD 'state'
2013-09-25 18:36:17 MANAGEMENT: CMD 'bytecount 1'
2013-09-25 18:36:17 MANAGEMENT: CMD 'hold release'
2013-09-25 18:36:17 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
2013-09-25 18:36:17 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2013-09-25 18:36:17 LZO compression initialized
2013-09-25 18:36:17 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
2013-09-25 18:36:17 Socket Buffers: R=[196724->65536] S=[9216->65536]
2013-09-25 18:36:17 MANAGEMENT: >STATE:1380155777,RESOLVE,,,
2013-09-25 18:36:17 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
2013-09-25 18:36:17 Local Options hash (VER=V4): '41690919'
2013-09-25 18:36:17 Expected Remote Options hash (VER=V4): '530fdded'
2013-09-25 18:36:17 UDPv4 link local: [undef]
2013-09-25 18:36:17 UDPv4 link remote: server.com:1194
2013-09-25 18:36:17 MANAGEMENT: >STATE:1380155777,WAIT,,,
2013-09-25 18:36:19 MANAGEMENT: >STATE:1380155779,AUTH,,,
2013-09-25 18:36:19 TLS: Initial packet from server.com:1194, sid=c2d23f12 debce756
2013-09-25 18:36:20 VERIFY OK: depth=1, /C=CA/ST=AB/L=Calgary/O=Is-Home.ca/OU=is-home.ca/CN=ubunrtu.is-home.ca/name=ubuntu.is-home.ca/emailAddress=jdetmold@is-home.ca
2013-09-25 18:36:20 VERIFY OK: depth=0, /C=CA/ST=AB/L=Calgary/O=Is-Home.ca/OU=changeme/CN=ubuntu/name=changeme/emailAddress=mail@host.domain
2013-09-25 18:36:24 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
2013-09-25 18:36:24 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
2013-09-25 18:36:24 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
2013-09-25 18:36:24 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
2013-09-25 18:36:24 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
2013-09-25 18:36:24 [ubuntu] Peer Connection Initiated with server.com:1194
2013-09-25 18:36:25 MANAGEMENT: >STATE:1380155785,GET_CONFIG,,,
2013-09-25 18:36:26 SENT CONTROL [ubuntu]: 'PUSH_REQUEST' (status=1)
2013-09-25 18:36:27 PUSH: Received control message: 'PUSH_REPLY,route 10.10.147.0 255.255.255.0,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5'
2013-09-25 18:36:27 OPTIONS IMPORT: timers and/or timeouts modified
2013-09-25 18:36:27 OPTIONS IMPORT: --ifconfig/up options modified
2013-09-25 18:36:27 OPTIONS IMPORT: route options modified
2013-09-25 18:36:27 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2013-09-25 18:36:27 ROUTE default_gateway=172.20.10.1
2013-09-25 18:36:27 TUN/TAP device /dev/tun0 opened
2013-09-25 18:36:27 MANAGEMENT: >STATE:1380155787,ASSIGN_IP,,10.8.0.6,
2013-09-25 18:36:27 /sbin/ifconfig tun0 delete
                                        ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address
2013-09-25 18:36:27 NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure
2013-09-25 18:36:27 /sbin/ifconfig tun0 10.8.0.6 10.8.0.5 mtu 1500 netmask 255.255.255.255 up
2013-09-25 18:36:27 /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -m -w -d -f -atADGNWradsgnw tun0 1500 1542 10.8.0.6 10.8.0.5 init
2013-09-25 18:36:29 *Tunnelblick client.up.tunnelblick.sh: Retrieved from OpenVPN: name server(s) [ 8.8.8.8 8.8.4.4 ], search domain(s) [ ] and SMB server(s) [ ] and using default domain name [ openvpn ]
2013-09-25 18:36:29 *Tunnelblick client.up.tunnelblick.sh: DEBUG:
2013-09-25 18:36:29 *Tunnelblick client.up.tunnelblick.sh: DEBUG: MAN_DNS_CONFIG = No such key
2013-09-25 18:36:29 *Tunnelblick client.up.tunnelblick.sh: DEBUG: MAN_SMB_CONFIG = No such key
2013-09-25 18:36:29 *Tunnelblick client.up.tunnelblick.sh: DEBUG:
2013-09-25 18:36:29 *Tunnelblick client.up.tunnelblick.sh: DEBUG: CUR_DNS_CONFIG = <dictionary> { ServerAddresses : <array> { 172.20.10.1 } }
2013-09-25 18:36:29 *Tunnelblick client.up.tunnelblick.sh: DEBUG: CUR_SMB_CONFIG = No such key
2013-09-25 18:36:29 *Tunnelblick client.up.tunnelblick.sh: DEBUG:
2013-09-25 18:36:29 *Tunnelblick client.up.tunnelblick.sh: DEBUG:
2013-09-25 18:36:29 *Tunnelblick client.up.tunnelblick.sh: DEBUG: DYN_DNS_DN = openvpn; DYN_DNS_SA = 8.8.8.8 8.8.4.4; DYN_DNS_SD =
2013-09-25 18:36:29 *Tunnelblick client.up.tunnelblick.sh: DEBUG: DYN_SMB_NN = ; DYN_SMB_WG = ; DYN_SMB_WA =
2013-09-25 18:36:29 *Tunnelblick client.up.tunnelblick.sh: DEBUG:
2013-09-25 18:36:29 *Tunnelblick client.up.tunnelblick.sh: DEBUG: MAN_DNS_DN = ; MAN_DNS_SA = ; MAN_DNS_SD =
2013-09-25 18:36:29 *Tunnelblick client.up.tunnelblick.sh: DEBUG: MAN_SMB_NN = ; MAN_SMB_WG = ; MAN_SMB_WA =
2013-09-25 18:36:29 *Tunnelblick client.up.tunnelblick.sh: DEBUG:
2013-09-25 18:36:29 *Tunnelblick client.up.tunnelblick.sh: DEBUG: CUR_DNS_DN = ; CUR_DNS_SA = 172.20.10.1; CUR_DNS_SD =
2013-09-25 18:36:29 *Tunnelblick client.up.tunnelblick.sh: DEBUG: CUR_SMB_NN = ; CUR_SMB_WG = ; CUR_SMB_WA =
2013-09-25 18:36:29 *Tunnelblick client.up.tunnelblick.sh: ServerAddresses were not aggregated because running on OS X 10.6 or higher
2013-09-25 18:36:29 *Tunnelblick client.up.tunnelblick.sh: Setting search domains to 'openvpn' because running under OS X 10.6 or higher and the search domains were not set manually and 'Prepend domain name to search domains' was not selected
2013-09-25 18:36:29 *Tunnelblick client.up.tunnelblick.sh: DEBUG:
2013-09-25 18:36:29 *Tunnelblick client.up.tunnelblick.sh: DEBUG: FIN_DNS_DN = openvpn; FIN_DNS_SA = 8.8.8.8 8.8.4.4; FIN_DNS_SD = openvpn
2013-09-25 18:36:29 *Tunnelblick client.up.tunnelblick.sh: DEBUG: FIN_SMB_NN = ; FIN_SMB_WG = ; FIN_SMB_WA =
2013-09-25 18:36:29 *Tunnelblick client.up.tunnelblick.sh: DEBUG: OS X 10.8 or higher, so will modify DNS settings using Setup: in addition to State:
2013-09-25 18:36:29 *Tunnelblick client.up.tunnelblick.sh: DEBUG:
2013-09-25 18:36:29 *Tunnelblick client.up.tunnelblick.sh: DEBUG: SKP_DNS = ; SKP_DNS_SA = ; SKP_DNS_SD = ; SKP_DNS_DN =
2013-09-25 18:36:29 *Tunnelblick client.up.tunnelblick.sh: DEBUG: SKP_SETUP_DNS =
2013-09-25 18:36:29 *Tunnelblick client.up.tunnelblick.sh: DEBUG: SKP_SMB = #; SKP_SMB_NN = #; SKP_SMB_WG = #; SKP_SMB_WA = #
2013-09-25 18:36:29 *Tunnelblick client.up.tunnelblick.sh: DEBUG:
2013-09-25 18:36:29 *Tunnelblick client.up.tunnelblick.sh: DEBUG: /etc/resolve = nameserver 172.20.10.1
2013-09-25 18:36:29 *Tunnelblick client.up.tunnelblick.sh: DEBUG:
2013-09-25 18:36:29 *Tunnelblick client.up.tunnelblick.sh: DEBUG:
2013-09-25 18:36:29 *Tunnelblick client.up.tunnelblick.sh: DEBUG: scutil --dns BEFORE CHANGES = DNS configuration resolver #1 nameserver[0] : 172.20.10.1 if_index : 4 (en0) reach : Reachable,Directly Reachable Address resolver #2 domain : local options : mdns timeout : 5 order : 300000 resolver #3 domain : 254.169.in-addr.arpa options : mdns timeout : 5 order : 300200 resolver #4 domain : 8.e.f.ip6.arpa options : mdns timeout : 5 order : 300400 resolver #5 domain : 9.e.f.ip6.arpa options : mdns timeout : 5 order : 300600 resolver #6 domain : a.e.f.ip6.arpa options : mdns timeout : 5 order : 300800 resolver #7 domain : b.e.f.ip6.arpa options : mdns timeout : 5 order : 301000 DNS configuration (for scoped queries) resolver #1 nameserver[0] : 172.20.10.1 if_index : 4 (en0) flags : Scoped reach : Reachable,Directly Reachable Address
2013-09-25 18:36:29 *Tunnelblick client.up.tunnelblick.sh: DEBUG:
2013-09-25 18:36:29 *Tunnelblick client.up.tunnelblick.sh: DEBUG:
2013-09-25 18:36:29 *Tunnelblick client.up.tunnelblick.sh: DEBUG: Configuration changes:
2013-09-25 18:36:29 *Tunnelblick client.up.tunnelblick.sh: DEBUG: ADD State: ServerAddresses 8.8.8.8 8.8.4.4
2013-09-25 18:36:29 *Tunnelblick client.up.tunnelblick.sh: DEBUG: ADD State: SearchDomains openvpn
2013-09-25 18:36:29 *Tunnelblick client.up.tunnelblick.sh: DEBUG: ADD State: DomainName openvpn
2013-09-25 18:36:29 *Tunnelblick client.up.tunnelblick.sh: DEBUG:
2013-09-25 18:36:29 *Tunnelblick client.up.tunnelblick.sh: DEBUG: ADD Setup: ServerAddresses 8.8.8.8 8.8.4.4
2013-09-25 18:36:29 *Tunnelblick client.up.tunnelblick.sh: DEBUG: ADD Setup: SearchDomains openvpn
2013-09-25 18:36:29 *Tunnelblick client.up.tunnelblick.sh: DEBUG: ADD Setup: DomainName openvpn
2013-09-25 18:36:29 *Tunnelblick client.up.tunnelblick.sh: DEBUG:
2013-09-25 18:36:29 *Tunnelblick client.up.tunnelblick.sh: DEBUG: ##ADD State: NetBIOSName
2013-09-25 18:36:29 *Tunnelblick client.up.tunnelblick.sh: DEBUG: ##ADD State: Workgroup
2013-09-25 18:36:29 *Tunnelblick client.up.tunnelblick.sh: DEBUG: ##ADD State: WINSAddresses
2013-09-25 18:36:29 *Tunnelblick client.up.tunnelblick.sh: DEBUG:
2013-09-25 18:36:29 *Tunnelblick client.up.tunnelblick.sh: DEBUG: Pause for configuration changes to be propagated to State:/Network/Global/DNS and .../SMB
2013-09-25 18:36:30 *Tunnelblick client.up.tunnelblick.sh: DEBUG:
2013-09-25 18:36:30 *Tunnelblick client.up.tunnelblick.sh: DEBUG: Configurations as read back after changes:
2013-09-25 18:36:30 *Tunnelblick client.up.tunnelblick.sh: DEBUG: State:/.../DNS = <dictionary> { DomainName : openvpn SearchDomains : <array> { openvpn } ServerAddresses : <array> { 8.8.8.8 8.8.4.4 } }
2013-09-25 18:36:30 *Tunnelblick client.up.tunnelblick.sh: DEBUG: State:/.../SMB = No such key
2013-09-25 18:36:30 *Tunnelblick client.up.tunnelblick.sh: DEBUG:
2013-09-25 18:36:30 *Tunnelblick client.up.tunnelblick.sh: DEBUG: Setup:/.../DNS = <dictionary> { DomainName : openvpn SearchDomains : <array> { openvpn } ServerAddresses : <array> { 8.8.8.8 8.8.4.4 } }
2013-09-25 18:36:30 *Tunnelblick client.up.tunnelblick.sh: DEBUG: Setup:/.../SMB = No such key
2013-09-25 18:36:30 *Tunnelblick client.up.tunnelblick.sh: DEBUG:
2013-09-25 18:36:30 *Tunnelblick client.up.tunnelblick.sh: DEBUG: State:/Network/Global/DNS = <dictionary> { DomainName : openvpn SearchDomains : <array> { openvpn } ServerAddresses : <array> { 8.8.8.8 8.8.4.4 } }
2013-09-25 18:36:30 *Tunnelblick client.up.tunnelblick.sh: DEBUG: State:/Network/Global/SMB = No such key
2013-09-25 18:36:30 *Tunnelblick client.up.tunnelblick.sh: DEBUG:
2013-09-25 18:36:30 *Tunnelblick client.up.tunnelblick.sh: DEBUG: Expected by process-network-changes:
2013-09-25 18:36:30 *Tunnelblick client.up.tunnelblick.sh: DEBUG: State:/Network/OpenVPN/DNS = <dictionary> { DomainName : openvpn SearchDomains : <array> { openvpn } ServerAddresses : <array> { 8.8.8.8 8.8.4.4 } }
2013-09-25 18:36:30 *Tunnelblick client.up.tunnelblick.sh: DEBUG: State:/Network/OpenVPN/SMB = <dictionary> { TunnelblickNoSuchKey : true }
2013-09-25 18:36:30 *Tunnelblick client.up.tunnelblick.sh: DEBUG:
2013-09-25 18:36:30 *Tunnelblick client.up.tunnelblick.sh: DEBUG: /etc/resolve = search openvpn nameserver 8.8.8.8 nameserver 8.8.4.4
2013-09-25 18:36:30 *Tunnelblick: No 'connected.sh' script to execute
2013-09-25 18:36:30 *Tunnelblick client.up.tunnelblick.sh: DEBUG:
2013-09-25 18:36:30 *Tunnelblick client.up.tunnelblick.sh: DEBUG:
2013-09-25 18:36:30 *Tunnelblick client.up.tunnelblick.sh: DEBUG: scutil --dns AFTER CHANGES = DNS configuration resolver #1 search domain[0] : openvpn nameserver[0] : 8.8.8.8 nameserver[1] : 8.8.4.4 reach : Reachable resolver #2 domain : local options : mdns timeout : 5 order : 300000 resolver #3 domain : 254.169.in-addr.arpa options : mdns timeout : 5 order : 300200 resolver #4 domain : 8.e.f.ip6.arpa options : mdns timeout : 5 order : 300400 resolver #5 domain : 9.e.f.ip6.arpa options : mdns timeout : 5 order : 300600 resolver #6 domain : a.e.f.ip6.arpa options : mdns timeout : 5 order : 300800 resolver #7 domain : b.e.f.ip6.arpa options : mdns timeout : 5 order : 301000 DNS configuration (for scoped queries) resolver #1 search domain[0] : openvpn nameserver[0] : 8.8.8.8 nameserver[1] : 8.8.4.4 if_index : 4 (en0) flags : Scoped reach : Reachable
2013-09-25 18:36:30 *Tunnelblick client.up.tunnelblick.sh: DEBUG:
2013-09-25 18:36:30 *Tunnelblick client.up.tunnelblick.sh: Saved the DNS and SMB configurations for later use
2013-09-25 18:36:30 *Tunnelblick client.up.tunnelblick.sh: Flushed the DNS Cache
2013-09-25 18:36:30 *Tunnelblick client.up.tunnelblick.sh: Set up to monitor system configuration with leasewatch
Server side log:

Code: Select all

Wed Sep 25 18:30:55 2013 OpenVPN 2.2.1 x86_64-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Feb 27 2013
Wed Sep 25 18:30:55 2013 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Wed Sep 25 18:30:55 2013 Diffie-Hellman initialized with 1024 bit key
Wed Sep 25 18:30:55 2013 TLS-Auth MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Wed Sep 25 18:30:55 2013 Socket Buffers: R=[212992->131072] S=[212992->131072]
Wed Sep 25 18:30:55 2013 ROUTE default_gateway=10.10.147.1
Wed Sep 25 18:30:55 2013 TUN/TAP device tun0 opened
Wed Sep 25 18:30:55 2013 TUN/TAP TX queue length set to 100
Wed Sep 25 18:30:55 2013 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Wed Sep 25 18:30:55 2013 /sbin/ifconfig tun0 10.8.0.1 pointopoint 10.8.0.2 mtu 1500
Wed Sep 25 18:30:55 2013 /sbin/route add -net 10.8.0.0 netmask 255.255.255.0 gw 10.8.0.2
Wed Sep 25 18:30:55 2013 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Wed Sep 25 18:30:55 2013 UDPv4 link local (bound): [undef]
Wed Sep 25 18:30:55 2013 UDPv4 link remote: [undef]
Wed Sep 25 18:30:55 2013 MULTI: multi_init called, r=256 v=256
Wed Sep 25 18:30:55 2013 IFCONFIG POOL: base=10.8.0.4 size=62, ipv6=0
Wed Sep 25 18:30:55 2013 ifconfig_pool_read(), in='client1,10.8.0.4', TODO: IPv6
Wed Sep 25 18:30:55 2013 succeeded -> ifconfig_pool_set()
Wed Sep 25 18:30:55 2013 ifconfig_pool_read(), in='Username,10.8.0.8', TODO: IPv6
Wed Sep 25 18:30:55 2013 succeeded -> ifconfig_pool_set()
Wed Sep 25 18:30:55 2013 IFCONFIG POOL LIST
Wed Sep 25 18:30:55 2013 client1,10.8.0.4
Wed Sep 25 18:30:55 2013 Username,10.8.0.8
Wed Sep 25 18:30:55 2013 Initialization Sequence Completed
Wed Sep 25 18:33:10 2013 MULTI: multi_create_instance called
Wed Sep 25 18:33:10 2013 10.10.147.1:59700 Re-using SSL/TLS context
Wed Sep 25 18:33:10 2013 10.10.147.1:59700 LZO compression initialized
Wed Sep 25 18:33:10 2013 10.10.147.1:59700 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Wed Sep 25 18:33:10 2013 10.10.147.1:59700 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Wed Sep 25 18:33:10 2013 10.10.147.1:59700 Local Options hash (VER=V4): '530fdded'
Wed Sep 25 18:33:10 2013 10.10.147.1:59700 Expected Remote Options hash (VER=V4): '41690919'
Wed Sep 25 18:33:10 2013 10.10.147.1:59700 TLS: Initial packet from [AF_INET]10.10.147.1:59700, sid=9759c92f f4b2b80a
Wed Sep 25 18:33:10 2013 10.10.147.1:59700 VERIFY OK: depth=1, /C=CA/ST=AB/L=Calgary/O=domain.com/OU=domain.com/CN=ubunrtu.domain.com/name=ubuntu.domain.com/emailAddress=email@email.com
Wed Sep 25 18:33:10 2013 10.10.147.1:59700 VERIFY OK: depth=0, /C=CA/ST=AB/L=Calgary/O=domain.com/OU=changeme/CN=client1/name=changeme/emailAddress=mail@host.domain
Wed Sep 25 18:33:10 2013 10.10.147.1:59700 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Sep 25 18:33:10 2013 10.10.147.1:59700 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Sep 25 18:33:10 2013 10.10.147.1:59700 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Sep 25 18:33:10 2013 10.10.147.1:59700 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Sep 25 18:33:10 2013 10.10.147.1:59700 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Wed Sep 25 18:33:10 2013 10.10.147.1:59700 [client1] Peer Connection Initiated with [AF_INET]10.10.147.1:59700
Wed Sep 25 18:33:10 2013 client1/10.10.147.1:59700 MULTI_sva: pool returned IPv4=10.8.0.6, IPv6=1::1900:0:6c7f:0
Wed Sep 25 18:33:10 2013 client1/10.10.147.1:59700 MULTI: Learn: 10.8.0.6 -> client1/10.10.147.1:59700
Wed Sep 25 18:33:10 2013 client1/10.10.147.1:59700 MULTI: primary virtual IP for client1/10.10.147.1:59700: 10.8.0.6
Wed Sep 25 18:33:13 2013 client1/10.10.147.1:59700 PUSH: Received control message: 'PUSH_REQUEST'
Wed Sep 25 18:33:13 2013 client1/10.10.147.1:59700 send_push_reply(): safe_cap=960
Wed Sep 25 18:33:13 2013 client1/10.10.147.1:59700 SENT CONTROL [client1]: 'PUSH_REPLY,route 10.10.147.0 255.255.255.0,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5' (status=1)
Wed Sep 25 18:33:49 2013 MULTI: multi_create_instance called
Wed Sep 25 18:33:49 2013 ClientIP:11323 Re-using SSL/TLS context
Wed Sep 25 18:33:49 2013 ClientIP:11323 LZO compression initialized
Wed Sep 25 18:33:49 2013 ClientIP:11323 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Wed Sep 25 18:33:49 2013 ClientIP:11323 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Wed Sep 25 18:33:49 2013 ClientIP:11323 Local Options hash (VER=V4): '530fdded'
Wed Sep 25 18:33:49 2013 ClientIP:11323 Expected Remote Options hash (VER=V4): '41690919'
Wed Sep 25 18:33:49 2013 ClientIP:11323 TLS: Initial packet from [AF_INET]ClientIP:11323, sid=a4205a5b 5368469f
Wed Sep 25 18:33:52 2013 ClientIP:11323 VERIFY OK: depth=1, /C=CA/ST=AB/L=Calgary/O=domain.com/OU=domain.com/CN=ubunrtu.domain.com/name=ubuntu.domain.com/emailAddress=email@email.com
Wed Sep 25 18:33:52 2013 ClientIP:11323 VERIFY OK: depth=0, /C=CA/ST=AB/L=Calgary/O=domain.com/OU=changeme/CN=client1/name=changeme/emailAddress=mail@host.domain
Wed Sep 25 18:33:52 2013 ClientIP:11323 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Sep 25 18:33:52 2013 ClientIP:11323 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Sep 25 18:33:52 2013 ClientIP:11323 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Sep 25 18:33:52 2013 ClientIP:11323 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Sep 25 18:33:52 2013 ClientIP:11323 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Wed Sep 25 18:33:52 2013 ClientIP:11323 [client1] Peer Connection Initiated with [AF_INET]ClientIP:11323
Wed Sep 25 18:33:52 2013 MULTI: new connection by client 'client1' will cause previous active sessions by this client to be dropped.  Remember to use the --duplicate-cn option if you want multiple clients using the same certificate or username to concurrently connect.
Wed Sep 25 18:33:52 2013 MULTI_sva: pool returned IPv4=10.8.0.6, IPv6=::c00e:d659:6c7f:0
Wed Sep 25 18:33:52 2013 MULTI: Learn: 10.8.0.6 -> client1/ClientIP:11323
Wed Sep 25 18:33:52 2013 MULTI: primary virtual IP for client1/ClientIP:11323: 10.8.0.6
Wed Sep 25 18:33:58 2013 client1/ClientIP:11323 PUSH: Received control message: 'PUSH_REQUEST'
Wed Sep 25 18:33:58 2013 client1/ClientIP:11323 send_push_reply(): safe_cap=960
Wed Sep 25 18:33:58 2013 client1/ClientIP:11323 SENT CONTROL [client1]: 'PUSH_REPLY,route 10.10.147.0 255.255.255.0,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5' (status=1)
Wed Sep 25 18:35:54 2013 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Wed Sep 25 18:36:04 2013 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Wed Sep 25 18:36:15 2013 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Wed Sep 25 18:36:17 2013 MULTI: multi_create_instance called
Wed Sep 25 18:36:17 2013 ClientIP:13307 Re-using SSL/TLS context
Wed Sep 25 18:36:17 2013 ClientIP:13307 LZO compression initialized
Wed Sep 25 18:36:17 2013 ClientIP:13307 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Wed Sep 25 18:36:17 2013 ClientIP:13307 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Wed Sep 25 18:36:17 2013 ClientIP:13307 Local Options hash (VER=V4): '530fdded'
Wed Sep 25 18:36:17 2013 ClientIP:13307 Expected Remote Options hash (VER=V4): '41690919'
Wed Sep 25 18:36:17 2013 ClientIP:13307 TLS: Initial packet from [AF_INET]ClientIP:13307, sid=6be4a4b8 4670ddac
Wed Sep 25 18:36:23 2013 ClientIP:13307 VERIFY OK: depth=1, /C=CA/ST=AB/L=Calgary/O=domain.com/OU=domain.com/CN=ubunrtu.domain.com/name=ubuntu.domain.com/emailAddress=email@email.com
Wed Sep 25 18:36:23 2013 ClientIP:13307 VERIFY OK: depth=0, /C=CA/ST=AB/L=Calgary/O=domain.com/OU=changeme/CN=client1/name=changeme/emailAddress=mail@host.domain
Wed Sep 25 18:36:24 2013 ClientIP:13307 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Sep 25 18:36:24 2013 ClientIP:13307 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Sep 25 18:36:24 2013 ClientIP:13307 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Sep 25 18:36:24 2013 ClientIP:13307 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Sep 25 18:36:24 2013 ClientIP:13307 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Wed Sep 25 18:36:24 2013 ClientIP:13307 [client1] Peer Connection Initiated with [AF_INET]ClientIP:13307
Wed Sep 25 18:36:24 2013 MULTI: new connection by client 'client1' will cause previous active sessions by this client to be dropped.  Remember to use the --duplicate-cn option if you want multiple clients using the same certificate or username to concurrently connect.
Wed Sep 25 18:36:24 2013 MULTI_sva: pool returned IPv4=10.8.0.6, IPv6=::c00e:d659:6c7f:0
Wed Sep 25 18:36:24 2013 MULTI: Learn: 10.8.0.6 -> client1/ClientIP:13307
Wed Sep 25 18:36:24 2013 MULTI: primary virtual IP for client1/ClientIP:13307: 10.8.0.6
Wed Sep 25 18:36:26 2013 client1/ClientIP:13307 PUSH: Received control message: 'PUSH_REQUEST'
Wed Sep 25 18:36:26 2013 client1/ClientIP:13307 send_push_reply(): safe_cap=960
Wed Sep 25 18:36:26 2013 client1/ClientIP:13307 SENT CONTROL [client1]: 'PUSH_REPLY,route 10.10.147.0 255.255.255.0,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5' (status=1)
Wed Sep 25 18:41:25 2013 client1/ClientIP:13307 [client1] Inactivity timeout (--ping-restart), restarting
Wed Sep 25 18:41:25 2013 client1/ClientIP:13307 SIGUSR1[soft,ping-restart] received, client-instance restarting
Top
jjd
OpenVpn Newbie
Posts: 5
Joined: Fri Sep 20, 2013 11:26 pm

Re: Client can access LAN but no internet

Post by jjd » Thu Sep 26, 2013 2:29 pm

Thanks for the help!
I am using two clients however there's a chance I disconnected and tried again when making the log but only using one client with one certificate.
I have multiple clients with different usernames none with the same.
I added the redirect-gateway when trying to figure out why I couldn't seem to rout internet. Tried removing it from the client config and then my client used their local internet not the VPN Internet.
Funny last time I tried open VPN bout a year ago all I could get it to rout was internet no LAN.
Top
jjd
OpenVpn Newbie
Posts: 5
Joined: Fri Sep 20, 2013 11:26 pm

Re: Client can access LAN but no internet

Post by jjd » Thu Sep 26, 2013 4:30 pm

nope
when i removed redirect-gateway it used the clients local internet i want to always use the vpn internet. this however is still not routing through the vpn. i can still access vpn lan services but no wan
Top
jjd
OpenVpn Newbie
Posts: 5
Joined: Fri Sep 20, 2013 11:26 pm

Re: Client can access LAN but no internet

Post by jjd » Mon Sep 30, 2013 5:08 am

well i keep playing but for the life of me i cant figure this out. if anyone has any ideas i would love to hear them
Top
Locked

Return to “Installation Help”