Bridge mode, cannot connect to hosts on vpn network

This forum is for all inquiries relating to the installation of OpenVPN from source and with binaries.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please visit (and READ) the OpenVPN HowTo http://openvpn.net/howto prior to asking any questions in here!
Locked
dx2
OpenVpn Newbie
Posts: 14
Joined: Thu Jul 17, 2014 5:52 pm

Bridge mode, cannot connect to hosts on vpn network

Post by dx2 » Thu Jul 17, 2014 8:50 pm

Hello,
I am quite new at setting up openVPNs. I came quite far but now I hit a wall and I can't find out where to look next. So I try to describe my problem as good as possible. Just say if you need further data.

Goal:
  • -openvpn on home server in bridge mode.
    -dhcp assigned addreses for vpn clients.
    -access to hosts on local (vpn server-side) subnet.
Sidenote: I will increase harden tunnel encryption [1] and change local subnet to something else than 192.168.0.0/24 after I haev managed to pin down this problem.

Status quo:
  • - vpn client to vpn server connections complete successfully.
    - Client gets an dhcp-server-assigned ipv4 address (dhcp, dns, etc servers running on same host as openvpn server).
    - no connection possible between <vpn-client> and <hosts on subnet> except <vpn-server> itself
    - connections between <vpn-client> to <vpn-server> work fine
    - connections between <vpn-server> to <vpn-client> work fine
    - connections between <vpn-server> and <hosts on subnet> work fine
    - ping from vpn-client to host on subnet: 'Destination host unreachable', 'Request timed out'
What I have tried so far:
  • - OpenVPN HowTo and the recommended iptable rules
    - tcpdump on tap0 and br0 to sniff for packets from the vpn-connected client. On connections between vpn-client and vpn-server there were packets. On connections between vpn-client and another host on the subnet there were no packets.
    - trying out different mtu related settings without a positive result
    - no restricting iptables rules
    - I found this post <topic10486.html> which is quite similar (except address assignment) to my problem but no solution so far.
Please correct me if I am wrong: I think that I do not need to push any routes from vpn-server to vpn-clients since the clients' route table automatically sets up the correct route after they get their dhcp-assigned ip in the 192.168.0.0/24 subnet.


Setup:

logical network connection layout:

Code: Select all

[my vpn-client host] <--- udp-openvpn via internet ---> [ISP-modem-router 192.168.0.1/24 NATing, port-map udp/1194 to 192.128.0.4/24] <--- network switch ---> [openvpn-server host 192.168.0.4/24], [and all the remaining hosts 192.168.0.100-200/24]



$cat /proc/sys/net/ipv4/ip_forward

Code: Select all

1

$iptables -L

Code: Select all

Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

$brctl show

Code: Select all

bridge name     bridge id               STP enabled     interfaces
br0             8000.aabbccddeeff       no              eth0
                                                        tap0



$cat /etc/network/interfaces

Code: Select all

auto lo
iface lo inet loopback

auto eth0
iface eth0 inet manual
        up ip link set dev $IFACE up promisc on
        up ip address change 0.0.0.0 dev $IFACE
        down ip link set dev $IFACE down promisc off

auto tap0
iface tap0 inet manual
        pre-up ip tuntap add dev $IFACE mode tap
        up ip link set dev $IFACE up promisc on
        up ip address change 0.0.0.0 dev $IFACE
        down ip link set dev $IFACE down promisc off
        down ip tuntap del dev $IFACE mode tap

auto br0
iface br0 inet static
        bridge_ports eth0 tap0
        bridge_hw aa:bb:cc:dd:ee:ff
        address 192.168.0.4
        netmask 255.255.255.0
        broadcast 192.168.0.255
        dns-nameservers 127.0.0.1
        gateway 192.168.0.1
$ip address

Code: Select all

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP qlen 1000
    link/ether aa:bb:cc:dd:ee:ff brd ff:ff:ff:ff:ff:ff
3: tunl0: <NOARP> mtu 1480 qdisc noop state DOWN
    link/ipip 0.0.0.0 brd 0.0.0.0
4: tap0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP qlen 100
    link/ether ee:46:0e:72:31:98 brd ff:ff:ff:ff:ff:ff
5: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
    link/ether aa:bb:cc:dd:ee:ff brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.4/24 brd 192.168.0.255 scope global br0
    inet6 2003:7a:8d15:4899:c2b0:7fff:fe01:abbe/64 scope global dynamic
       valid_lft 14384sec preferred_lft 1784sec
    inet6 fe80::c2b0:7fff:fe01:abbe/64 scope link
       valid_lft forever preferred_lft forever

I set bridge_hw manually because br0 sometimes had the randomly assigned mac of tap0 and some other time the correct mac of eth0. This was quite confusing at first when it sometimes worked and sometimes not and I had no clue what was going on but finally found that after comparing ip address output.

Ideally I would rewrite this to something like
bridge_hw eth0
if possible.



$netstat -nau

Code: Select all

udp        0      0 0.0.0.0:1194            0.0.0.0:*


$grep -vE '^#|^;|^$' server.conf

Code: Select all

port 1194
proto udp
dev tap0
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
server-bridge
keepalive 10 120
comp-lzo
max-clients 8
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 4

$openvpn --config server.conf

Code: Select all

Thu Jul 17 18:59:16 2014 us=311686 Current Parameter Settings:
Thu Jul 17 18:59:16 2014 us=312553   config = 'server.conf'
Thu Jul 17 18:59:16 2014 us=312965   mode = 1
Thu Jul 17 18:59:16 2014 us=313310   persist_config = DISABLED
Thu Jul 17 18:59:16 2014 us=313645   persist_mode = 1
Thu Jul 17 18:59:16 2014 us=313963   show_ciphers = DISABLED
Thu Jul 17 18:59:16 2014 us=314274   show_digests = DISABLED
Thu Jul 17 18:59:16 2014 us=314584   show_engines = DISABLED
Thu Jul 17 18:59:16 2014 us=314888   genkey = DISABLED
Thu Jul 17 18:59:16 2014 us=315193   key_pass_file = '[UNDEF]'
Thu Jul 17 18:59:16 2014 us=315506   show_tls_ciphers = DISABLED
Thu Jul 17 18:59:16 2014 us=315817 Connection profiles [default]:
Thu Jul 17 18:59:16 2014 us=316129   proto = udp
Thu Jul 17 18:59:16 2014 us=316492   local = '[UNDEF]'
Thu Jul 17 18:59:16 2014 us=316828   local_port = 1194
Thu Jul 17 18:59:16 2014 us=317144   remote = '[UNDEF]'
Thu Jul 17 18:59:16 2014 us=317458   remote_port = 1194
Thu Jul 17 18:59:16 2014 us=317768   remote_float = DISABLED
Thu Jul 17 18:59:16 2014 us=318076   bind_defined = DISABLED
Thu Jul 17 18:59:16 2014 us=318383   bind_local = ENABLED
Thu Jul 17 18:59:16 2014 us=318686   connect_retry_seconds = 5
Thu Jul 17 18:59:16 2014 us=318789   connect_timeout = 10
Thu Jul 17 18:59:16 2014 us=319024   connect_retry_max = 0
Thu Jul 17 18:59:16 2014 us=319213   socks_proxy_server = '[UNDEF]'
Thu Jul 17 18:59:16 2014 us=319489   socks_proxy_port = 0
Thu Jul 17 18:59:16 2014 us=319776   socks_proxy_retry = DISABLED
Thu Jul 17 18:59:16 2014 us=319847   tun_mtu = 1500
Thu Jul 17 18:59:16 2014 us=320073   tun_mtu_defined = ENABLED
Thu Jul 17 18:59:16 2014 us=320268   link_mtu = 1500
Thu Jul 17 18:59:16 2014 us=320486   link_mtu_defined = DISABLED
Thu Jul 17 18:59:16 2014 us=320668   tun_mtu_extra = 32
Thu Jul 17 18:59:16 2014 us=320884   tun_mtu_extra_defined = ENABLED
Thu Jul 17 18:59:16 2014 us=321071   mtu_discover_type = -1
Thu Jul 17 18:59:16 2014 us=321292   fragment = 0
Thu Jul 17 18:59:16 2014 us=321468   mssfix = 1450
Thu Jul 17 18:59:16 2014 us=321679   explicit_exit_notification = 0
Thu Jul 17 18:59:16 2014 us=321878 Connection profiles END
Thu Jul 17 18:59:16 2014 us=322104   remote_random = DISABLED
Thu Jul 17 18:59:16 2014 us=322289   ipchange = '[UNDEF]'
Thu Jul 17 18:59:16 2014 us=322502   dev = 'tap0'
Thu Jul 17 18:59:16 2014 us=322685   dev_type = '[UNDEF]'
Thu Jul 17 18:59:16 2014 us=322902   dev_node = '[UNDEF]'
Thu Jul 17 18:59:16 2014 us=323083   lladdr = '[UNDEF]'
Thu Jul 17 18:59:16 2014 us=323149   topology = 1
Thu Jul 17 18:59:16 2014 us=323360   tun_ipv6 = DISABLED
Thu Jul 17 18:59:16 2014 us=323545   ifconfig_local = '[UNDEF]'
Thu Jul 17 18:59:16 2014 us=323760   ifconfig_remote_netmask = '[UNDEF]'
Thu Jul 17 18:59:16 2014 us=323950   ifconfig_noexec = DISABLED
Thu Jul 17 18:59:16 2014 us=324166   ifconfig_nowarn = DISABLED
Thu Jul 17 18:59:16 2014 us=325485   ifconfig_ipv6_local = '[UNDEF]'
Thu Jul 17 18:59:16 2014 us=325884   ifconfig_ipv6_netbits = 0
Thu Jul 17 18:59:16 2014 us=325980   ifconfig_ipv6_remote = '[UNDEF]'
Thu Jul 17 18:59:16 2014 us=326211   shaper = 0
Thu Jul 17 18:59:16 2014 us=326283   mtu_test = 0
Thu Jul 17 18:59:16 2014 us=326508   mlock = DISABLED
Thu Jul 17 18:59:16 2014 us=326654   keepalive_ping = 10
Thu Jul 17 18:59:16 2014 us=326855   keepalive_timeout = 120
Thu Jul 17 18:59:16 2014 us=326924   inactivity_timeout = 0
Thu Jul 17 18:59:16 2014 us=327154   ping_send_timeout = 10
Thu Jul 17 18:59:16 2014 us=327348   ping_rec_timeout = 240
Thu Jul 17 18:59:16 2014 us=327567   ping_rec_timeout_action = 2
Thu Jul 17 18:59:16 2014 us=327749   ping_timer_remote = DISABLED
Thu Jul 17 18:59:16 2014 us=327972   remap_sigusr1 = 0
Thu Jul 17 18:59:16 2014 us=328152   persist_tun = ENABLED
Thu Jul 17 18:59:16 2014 us=328361   persist_local_ip = DISABLED
Thu Jul 17 18:59:16 2014 us=328543   persist_remote_ip = DISABLED
Thu Jul 17 18:59:16 2014 us=328760   persist_key = ENABLED
Thu Jul 17 18:59:16 2014 us=328939   passtos = DISABLED
Thu Jul 17 18:59:16 2014 us=329155   resolve_retry_seconds = 1000000000
Thu Jul 17 18:59:16 2014 us=329333   username = 'nobody'
Thu Jul 17 18:59:16 2014 us=329512   groupname = 'nogroup'
Thu Jul 17 18:59:16 2014 us=329576   chroot_dir = '[UNDEF]'
Thu Jul 17 18:59:16 2014 us=329748   cd_dir = '[UNDEF]'
Thu Jul 17 18:59:16 2014 us=329916   writepid = '[UNDEF]'
Thu Jul 17 18:59:16 2014 us=329981   up_script = '[UNDEF]'
Thu Jul 17 18:59:16 2014 us=330150   down_script = '[UNDEF]'
Thu Jul 17 18:59:16 2014 us=330320   down_pre = DISABLED
Thu Jul 17 18:59:16 2014 us=330385   up_restart = DISABLED
Thu Jul 17 18:59:16 2014 us=330559   up_delay = DISABLED
Thu Jul 17 18:59:16 2014 us=330723   daemon = DISABLED
Thu Jul 17 18:59:16 2014 us=330787   inetd = 0
Thu Jul 17 18:59:16 2014 us=330948   log = DISABLED
Thu Jul 17 18:59:16 2014 us=331010   suppress_timestamps = DISABLED
Thu Jul 17 18:59:16 2014 us=331234   nice = 0
Thu Jul 17 18:59:16 2014 us=331467   verbosity = 4
Thu Jul 17 18:59:16 2014 us=331734   mute = 0
Thu Jul 17 18:59:16 2014 us=331959   gremlin = 0
Thu Jul 17 18:59:16 2014 us=332170   status_file = 'openvpn-status.log'
Thu Jul 17 18:59:16 2014 us=332349   status_file_version = 1
Thu Jul 17 18:59:16 2014 us=332563   status_file_update_freq = 60
Thu Jul 17 18:59:16 2014 us=332742   occ = ENABLED
Thu Jul 17 18:59:16 2014 us=332907   rcvbuf = 65536
Thu Jul 17 18:59:16 2014 us=333123   sndbuf = 65536
Thu Jul 17 18:59:16 2014 us=333191   mark = 0
Thu Jul 17 18:59:16 2014 us=333399   sockflags = 0
Thu Jul 17 18:59:16 2014 us=333576   fast_io = DISABLED
Thu Jul 17 18:59:16 2014 us=333785   lzo = 7
Thu Jul 17 18:59:16 2014 us=333955   route_script = '[UNDEF]'
Thu Jul 17 18:59:16 2014 us=334167   route_default_gateway = '[UNDEF]'
Thu Jul 17 18:59:16 2014 us=334349   route_default_metric = 0
Thu Jul 17 18:59:16 2014 us=334559   route_noexec = DISABLED
Thu Jul 17 18:59:16 2014 us=334739   route_delay = 0
Thu Jul 17 18:59:16 2014 us=334953   route_delay_window = 30
Thu Jul 17 18:59:16 2014 us=335130   route_delay_defined = DISABLED
Thu Jul 17 18:59:16 2014 us=335345   route_nopull = DISABLED
Thu Jul 17 18:59:16 2014 us=335524   route_gateway_via_dhcp = DISABLED
Thu Jul 17 18:59:16 2014 us=335734   max_routes = 100
Thu Jul 17 18:59:16 2014 us=335911   allow_pull_fqdn = DISABLED
Thu Jul 17 18:59:16 2014 us=335980   management_addr = '[UNDEF]'
Thu Jul 17 18:59:16 2014 us=336190   management_port = 0
Thu Jul 17 18:59:16 2014 us=336369   management_user_pass = '[UNDEF]'
Thu Jul 17 18:59:16 2014 us=336632   management_log_history_cache = 250
Thu Jul 17 18:59:16 2014 us=336913   management_echo_buffer_size = 100
Thu Jul 17 18:59:16 2014 us=337035   management_write_peer_info_file = '[UNDEF]'
Thu Jul 17 18:59:16 2014 us=337221   management_client_user = '[UNDEF]'
Thu Jul 17 18:59:16 2014 us=337443   management_client_group = '[UNDEF]'
Thu Jul 17 18:59:16 2014 us=337629   management_flags = 0
Thu Jul 17 18:59:16 2014 us=337844   shared_secret_file = '[UNDEF]'
Thu Jul 17 18:59:16 2014 us=338027   key_direction = 0
Thu Jul 17 18:59:16 2014 us=338239   ciphername_defined = ENABLED
Thu Jul 17 18:59:16 2014 us=338417   ciphername = 'BF-CBC'
Thu Jul 17 18:59:16 2014 us=338629   authname_defined = ENABLED
Thu Jul 17 18:59:16 2014 us=338810   authname = 'SHA1'
Thu Jul 17 18:59:16 2014 us=339021   prng_hash = 'SHA1'
Thu Jul 17 18:59:16 2014 us=339204   prng_nonce_secret_len = 16
Thu Jul 17 18:59:16 2014 us=339417   keysize = 0
Thu Jul 17 18:59:16 2014 us=339595   engine = DISABLED
Thu Jul 17 18:59:16 2014 us=339808   replay = ENABLED
Thu Jul 17 18:59:16 2014 us=339986   mute_replay_warnings = DISABLED
Thu Jul 17 18:59:16 2014 us=340202   replay_window = 64
Thu Jul 17 18:59:16 2014 us=340380   replay_time = 15
Thu Jul 17 18:59:16 2014 us=340558   packet_id_file = '[UNDEF]'
Thu Jul 17 18:59:16 2014 us=340784   use_iv = ENABLED
Thu Jul 17 18:59:16 2014 us=340851   test_crypto = DISABLED
Thu Jul 17 18:59:16 2014 us=341073   tls_server = ENABLED
Thu Jul 17 18:59:16 2014 us=341253   tls_client = DISABLED
Thu Jul 17 18:59:16 2014 us=341468   key_method = 2
Thu Jul 17 18:59:16 2014 us=341652   ca_file = 'ca.crt'
Thu Jul 17 18:59:16 2014 us=341811   ca_path = '[UNDEF]'
Thu Jul 17 18:59:16 2014 us=342031   dh_file = 'dh1024.pem'
Thu Jul 17 18:59:16 2014 us=342241   cert_file = 'server.crt'
Thu Jul 17 18:59:16 2014 us=342423   priv_key_file = 'server.key'
Thu Jul 17 18:59:16 2014 us=342589   pkcs12_file = '[UNDEF]'
Thu Jul 17 18:59:16 2014 us=342810   cipher_list = '[UNDEF]'
Thu Jul 17 18:59:16 2014 us=342873   tls_verify = '[UNDEF]'
Thu Jul 17 18:59:16 2014 us=343082   tls_export_cert = '[UNDEF]'
Thu Jul 17 18:59:16 2014 us=343264   verify_x509_type = 0
Thu Jul 17 18:59:16 2014 us=343475   verify_x509_name = '[UNDEF]'
Thu Jul 17 18:59:16 2014 us=343650   crl_file = '[UNDEF]'
Thu Jul 17 18:59:16 2014 us=343860   ns_cert_type = 0
Thu Jul 17 18:59:16 2014 us=344035   remote_cert_ku[i] = 0
Thu Jul 17 18:59:16 2014 us=344203   remote_cert_ku[i] = 0
Thu Jul 17 18:59:16 2014 us=344419   remote_cert_ku[i] = 0
Thu Jul 17 18:59:16 2014 us=344580   remote_cert_ku[i] = 0
Thu Jul 17 18:59:16 2014 us=344802   remote_cert_ku[i] = 0
Thu Jul 17 18:59:16 2014 us=345014   remote_cert_ku[i] = 0
Thu Jul 17 18:59:16 2014 us=345190   remote_cert_ku[i] = 0
Thu Jul 17 18:59:16 2014 us=345254   remote_cert_ku[i] = 0
Thu Jul 17 18:59:16 2014 us=345419   remote_cert_ku[i] = 0
Thu Jul 17 18:59:16 2014 us=345640   remote_cert_ku[i] = 0
Thu Jul 17 18:59:16 2014 us=345905   remote_cert_ku[i] = 0
Thu Jul 17 18:59:16 2014 us=346183   remote_cert_ku[i] = 0
Thu Jul 17 18:59:16 2014 us=346254   remote_cert_ku[i] = 0
Thu Jul 17 18:59:16 2014 us=346547   remote_cert_ku[i] = 0
Thu Jul 17 18:59:16 2014 us=346748   remote_cert_ku[i] = 0
Thu Jul 17 18:59:16 2014 us=346923   remote_cert_ku[i] = 0
Thu Jul 17 18:59:16 2014 us=347165   remote_cert_eku = '[UNDEF]'
Thu Jul 17 18:59:16 2014 us=347387   ssl_flags = 0
Thu Jul 17 18:59:16 2014 us=347570   tls_timeout = 2
Thu Jul 17 18:59:16 2014 us=347639   renegotiate_bytes = 0
Thu Jul 17 18:59:16 2014 us=347853   renegotiate_packets = 0
Thu Jul 17 18:59:16 2014 us=348036   renegotiate_seconds = 3600
Thu Jul 17 18:59:16 2014 us=348252   handshake_window = 60
Thu Jul 17 18:59:16 2014 us=348430   transition_window = 3600
Thu Jul 17 18:59:16 2014 us=348643   single_session = DISABLED
Thu Jul 17 18:59:16 2014 us=348822   push_peer_info = DISABLED
Thu Jul 17 18:59:16 2014 us=349033   tls_exit = DISABLED
Thu Jul 17 18:59:16 2014 us=349213   tls_auth_file = '[UNDEF]'
Thu Jul 17 18:59:16 2014 us=349472   server_network = 0.0.0.0
Thu Jul 17 18:59:16 2014 us=349686   server_netmask = 0.0.0.0
Thu Jul 17 18:59:16 2014 us=349939   server_network_ipv6 = ::
Thu Jul 17 18:59:16 2014 us=350229   server_netbits_ipv6 = 0
Thu Jul 17 18:59:16 2014 us=350467   server_bridge_ip = 0.0.0.0
Thu Jul 17 18:59:16 2014 us=350694   server_bridge_netmask = 0.0.0.0
Thu Jul 17 18:59:16 2014 us=350883   server_bridge_pool_start = 0.0.0.0
Thu Jul 17 18:59:16 2014 us=351105   server_bridge_pool_end = 0.0.0.0
Thu Jul 17 18:59:16 2014 us=351290   push_entry = 'route-gateway dhcp'
Thu Jul 17 18:59:16 2014 us=351505   push_entry = 'ping 10'
Thu Jul 17 18:59:16 2014 us=351686   push_entry = 'ping-restart 120'
Thu Jul 17 18:59:16 2014 us=351906   ifconfig_pool_defined = DISABLED
Thu Jul 17 18:59:16 2014 us=352090   ifconfig_pool_start = 0.0.0.0
Thu Jul 17 18:59:16 2014 us=352311   ifconfig_pool_end = 0.0.0.0
Thu Jul 17 18:59:16 2014 us=352501   ifconfig_pool_netmask = 0.0.0.0
Thu Jul 17 18:59:16 2014 us=352718   ifconfig_pool_persist_filename = '[UNDEF]'
Thu Jul 17 18:59:16 2014 us=352896   ifconfig_pool_persist_refresh_freq = 600
Thu Jul 17 18:59:16 2014 us=353112   ifconfig_ipv6_pool_defined = DISABLED
Thu Jul 17 18:59:16 2014 us=353297   ifconfig_ipv6_pool_base = ::
Thu Jul 17 18:59:16 2014 us=353511   ifconfig_ipv6_pool_netbits = 0
Thu Jul 17 18:59:16 2014 us=353692   n_bcast_buf = 256
Thu Jul 17 18:59:16 2014 us=353904   tcp_queue_limit = 64
Thu Jul 17 18:59:16 2014 us=354081   real_hash_size = 256
Thu Jul 17 18:59:16 2014 us=354292   virtual_hash_size = 256
Thu Jul 17 18:59:16 2014 us=354472   client_connect_script = '[UNDEF]'
Thu Jul 17 18:59:16 2014 us=354642   learn_address_script = '[UNDEF]'
Thu Jul 17 18:59:16 2014 us=354863   client_disconnect_script = '[UNDEF]'
Thu Jul 17 18:59:16 2014 us=355081   client_config_dir = '[UNDEF]'
Thu Jul 17 18:59:16 2014 us=355263   ccd_exclusive = DISABLED
Thu Jul 17 18:59:16 2014 us=355331   tmp_dir = '/tmp'
Thu Jul 17 18:59:16 2014 us=355548   push_ifconfig_defined = DISABLED
Thu Jul 17 18:59:16 2014 us=355738   push_ifconfig_local = 0.0.0.0
Thu Jul 17 18:59:16 2014 us=355986   push_ifconfig_remote_netmask = 0.0.0.0
Thu Jul 17 18:59:16 2014 us=356263   push_ifconfig_ipv6_defined = DISABLED
Thu Jul 17 18:59:16 2014 us=356554   push_ifconfig_ipv6_local = ::/0
Thu Jul 17 18:59:16 2014 us=356626   push_ifconfig_ipv6_remote = ::
Thu Jul 17 18:59:16 2014 us=356858   enable_c2c = DISABLED
Thu Jul 17 18:59:16 2014 us=357045   duplicate_cn = DISABLED
Thu Jul 17 18:59:16 2014 us=357115   cf_max = 0
Thu Jul 17 18:59:16 2014 us=357342   cf_per = 0
Thu Jul 17 18:59:16 2014 us=357526   max_clients = 5
Thu Jul 17 18:59:16 2014 us=357752   max_routes_per_client = 256
Thu Jul 17 18:59:16 2014 us=357937   auth_user_pass_verify_script = '[UNDEF]'
Thu Jul 17 18:59:16 2014 us=358160   auth_user_pass_verify_script_via_file = DISABLED
Thu Jul 17 18:59:16 2014 us=358339   port_share_host = '[UNDEF]'
Thu Jul 17 18:59:16 2014 us=358550   port_share_port = 0
Thu Jul 17 18:59:16 2014 us=358729   client = DISABLED
Thu Jul 17 18:59:16 2014 us=358938   pull = DISABLED
Thu Jul 17 18:59:16 2014 us=359119   auth_user_pass_file = '[UNDEF]'
Thu Jul 17 18:59:16 2014 us=359339 OpenVPN 2.3.4 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Jul 17 2014
Thu Jul 17 18:59:16 2014 us=359564 library versions: OpenSSL 1.0.1h 5 Jun 2014, LZO 2.06
Thu Jul 17 18:59:16 2014 us=360016 NOTE: when bridging your LAN adapter with the TAP adapter, note that the new bridge adapter will often take on its own IP address that is different from what the LAN adapter was previously set to
Thu Jul 17 18:59:16 2014 us=360876 NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x.  Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
Thu Jul 17 18:59:16 2014 us=382059 Diffie-Hellman initialized with 1024 bit key
Thu Jul 17 18:59:16 2014 us=384748 TLS-Auth MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
Thu Jul 17 18:59:16 2014 us=385408 Socket Buffers: R=[163840->131072] S=[163840->131072]
Thu Jul 17 18:59:16 2014 us=395048 TUN/TAP device tap0 opened
Thu Jul 17 18:59:16 2014 us=395179 TUN/TAP TX queue length set to 100
Thu Jul 17 18:59:16 2014 us=395344 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
Thu Jul 17 18:59:16 2014 us=397439 GID set to nogroup
Thu Jul 17 18:59:16 2014 us=397541 UID set to nobody
Thu Jul 17 18:59:16 2014 us=397592 UDPv4 link local (bound): [undef]
Thu Jul 17 18:59:16 2014 us=397633 UDPv4 link remote: [undef]
Thu Jul 17 18:59:16 2014 us=397683 MULTI: multi_init called, r=256 v=256
Thu Jul 17 18:59:16 2014 us=397856 Initialization Sequence Completed


VPN Server - After client initiates connection:

Code: Select all

Thu Jul 17 19:00:17 2014 us=981168 MULTI: multi_create_instance called
Thu Jul 17 19:00:17 2014 us=981376 <external_ip_of_vpn_client>:20629 Re-using SSL/TLS context
Thu Jul 17 19:00:17 2014 us=981493 <external_ip_of_vpn_client>:20629 LZO compression initialized
Thu Jul 17 19:00:17 2014 us=982045 <external_ip_of_vpn_client>:20629 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
Thu Jul 17 19:00:17 2014 us=982120 <external_ip_of_vpn_client>:20629 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
Thu Jul 17 19:00:17 2014 us=982213 <external_ip_of_vpn_client>:20629 Local Options String: 'V4,dev-type tap,link-mtu 1574,tun-mtu 1532,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Thu Jul 17 19:00:17 2014 us=982255 <external_ip_of_vpn_client>:20629 Expected Remote Options String: 'V4,dev-type tap,link-mtu 1574,tun-mtu 1532,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Thu Jul 17 19:00:17 2014 us=982349 <external_ip_of_vpn_client>:20629 Local Options hash (VER=V4): 'f7df56b8'
Thu Jul 17 19:00:17 2014 us=982411 <external_ip_of_vpn_client>:20629 Expected Remote Options hash (VER=V4): 'd79ca330'
Thu Jul 17 19:00:17 2014 us=982566 <external_ip_of_vpn_client>:20629 TLS: Initial packet from [AF_INET]<external_ip_of_vpn_client>:20629, sid=41d15984 941a67d8
Thu Jul 17 19:00:18 2014 us=549526 <external_ip_of_vpn_client>:20629 VERIFY OK: depth=1, C=<Country>, ST=<State>, L=<City>, O=<Org>, OU=<OrgUnit>, CN=<CommonName>, name=<name>, emailAddress=<emailAddress>
Thu Jul 17 19:00:18 2014 us=550934 <external_ip_of_vpn_client>:20629 VERIFY OK: depth=0, C=<Country>, ST=<State>, L=<City>, O=<Org>, OU=<OrgUnit>, CN=<ClientCommonName>, name=<name>, emailAddress=<emailAddress>
Thu Jul 17 19:00:18 2014 us=631839 <external_ip_of_vpn_client>:20629 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Jul 17 19:00:18 2014 us=632451 <external_ip_of_vpn_client>:20629 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Jul 17 19:00:18 2014 us=632987 <external_ip_of_vpn_client>:20629 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Jul 17 19:00:18 2014 us=633370 <external_ip_of_vpn_client>:20629 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Jul 17 19:00:18 2014 us=688076 <external_ip_of_vpn_client>:20629 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Thu Jul 17 19:00:18 2014 us=688950 <external_ip_of_vpn_client>:20629 [<ClientCommonName>] Peer Connection Initiated with [AF_INET]<external_ip_of_vpn_client>:20629
Thu Jul 17 19:00:18 2014 us=689516 <ClientCommonName>/<external_ip_of_vpn_client>:20629 MULTI: no dynamic or static remote --ifconfig address is available for <ClientCommonName>/<external_ip_of_vpn_client>:20629
Thu Jul 17 19:00:21 2014 us=140297 <ClientCommonName>/<external_ip_of_vpn_client>:20629 PUSH: Received control message: 'PUSH_REQUEST'
Thu Jul 17 19:00:21 2014 us=140416 <ClientCommonName>/<external_ip_of_vpn_client>:20629 send_push_reply(): safe_cap=940
Thu Jul 17 19:00:21 2014 us=140543 <ClientCommonName>/<external_ip_of_vpn_client>:20629 SENT CONTROL [<ClientCommonName>]: 'PUSH_REPLY,route-gateway dhcp,ping 10,ping-restart 120' (status=1)
Thu Jul 17 19:00:21 2014 us=195279 <ClientCommonName>/<external_ip_of_vpn_client>:20629 MULTI: Learn: <ClientMAC> -> <ClientCommonName>/<external_ip_of_vpn_client>:20629





Client - vpn configuration file:

Code: Select all

client
dev tap
proto udp
remote vpn-server-ip 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert icarus-notebook.crt
key icarus-notebook.key
ns-cert-type server
comp-lzo
verb 4






Client - C:\ipconfig /all after vpn connection established

Code: Select all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : Host Name
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : DNSSuffix1
                                       DNSSuffix2

Ethernet adapter TAP-Windows Adapter V9:

   Connection-specific DNS Suffix  . : DNSSuffix1
   Description . . . . . . . . . . . : TAP-Windows Adapter V9
   Physical Address. . . . . . . . . : 00-FF-E4-8A-1C-92
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 192.168.0.112(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Thursday, July 17, 2014 9:44:40 PM
   Lease Expires . . . . . . . . . . : Thursday, August 07, 2014 9:58:03 PM
   Default Gateway . . . . . . . . . : 
   DHCP Server . . . . . . . . . . . : 192.168.0.4
   DNS Servers . . . . . . . . . . . : 192.168.0.4
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Realtek PCIe FE Family Controller:

   Connection-specific DNS Suffix  . : DNSSuffix2
   Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
   Physical Address. . . . . . . . . : xy-xy-xy-xy-xy-xy
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 192.168.1.10(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Thursday, July 17, 2014 9:44:35 PM
   Lease Expires . . . . . . . . . . : Thursday, July 24, 2014 9:44:34 PM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
   Connection-specific DNS Suffix Search List :
                                       DNSSuffix2




Client - C:\netstat -rn

Code: Select all

===========================================================================
Interface List
 38...00 ff e4 8a 1c ff ......TAP-Windows Adapter V9
 32...ff f9 dd ff 72 42 ......Realtek PCIe FE Family Controller
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1     192.168.1.10     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.0.0    255.255.255.0         On-link     192.168.0.112    286
    192.168.0.112  255.255.255.255         On-link     192.168.0.112    286
    192.168.0.255  255.255.255.255         On-link     192.168.0.112    286
      192.168.1.0    255.255.255.0         On-link      192.168.1.10    276
     192.168.1.10  255.255.255.255         On-link      192.168.1.10    276
    192.168.1.255  255.255.255.255         On-link      192.168.1.10    276
     192.168.56.0    255.255.255.0         On-link      192.168.56.1    276
     192.168.56.1  255.255.255.255         On-link      192.168.56.1    276
   192.168.56.255  255.255.255.255         On-link      192.168.56.1    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.56.1    276
        224.0.0.0        240.0.0.0         On-link      192.168.1.10    276
        224.0.0.0        240.0.0.0         On-link     192.168.0.112    286
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.56.1    276
  255.255.255.255  255.255.255.255         On-link      192.168.1.10    276
  255.255.255.255  255.255.255.255         On-link     192.168.0.112    286
===========================================================================
Persistent Routes:
  None



Client vpn connection log:

Code: Select all

Thu Jul 17 21:45:29 2014   pkcs11_protected_authentication = DISABLED
Thu Jul 17 21:45:29 2014   pkcs11_protected_authentication = DISABLED
Thu Jul 17 21:45:29 2014   pkcs11_protected_authentication = DISABLED
Thu Jul 17 21:45:29 2014   pkcs11_protected_authentication = DISABLED
Thu Jul 17 21:45:29 2014   pkcs11_private_mode = 00000000
Thu Jul 17 21:45:29 2014   pkcs11_private_mode = 00000000
Thu Jul 17 21:45:29 2014   pkcs11_private_mode = 00000000
Thu Jul 17 21:45:29 2014   pkcs11_private_mode = 00000000
Thu Jul 17 21:45:29 2014   pkcs11_private_mode = 00000000
Thu Jul 17 21:45:29 2014   pkcs11_private_mode = 00000000
Thu Jul 17 21:45:29 2014   pkcs11_private_mode = 00000000
Thu Jul 17 21:45:29 2014   pkcs11_private_mode = 00000000
Thu Jul 17 21:45:29 2014   pkcs11_private_mode = 00000000
Thu Jul 17 21:45:29 2014   pkcs11_private_mode = 00000000
Thu Jul 17 21:45:29 2014   pkcs11_private_mode = 00000000
Thu Jul 17 21:45:29 2014   pkcs11_private_mode = 00000000
Thu Jul 17 21:45:29 2014   pkcs11_private_mode = 00000000
Thu Jul 17 21:45:29 2014   pkcs11_private_mode = 00000000
Thu Jul 17 21:45:29 2014   pkcs11_private_mode = 00000000
Thu Jul 17 21:45:29 2014   pkcs11_private_mode = 00000000
Thu Jul 17 21:45:29 2014   pkcs11_cert_private = DISABLED
Thu Jul 17 21:45:29 2014   pkcs11_cert_private = DISABLED
Thu Jul 17 21:45:29 2014   pkcs11_cert_private = DISABLED
Thu Jul 17 21:45:29 2014   pkcs11_cert_private = DISABLED
Thu Jul 17 21:45:29 2014   pkcs11_cert_private = DISABLED
Thu Jul 17 21:45:29 2014   pkcs11_cert_private = DISABLED
Thu Jul 17 21:45:29 2014   pkcs11_cert_private = DISABLED
Thu Jul 17 21:45:29 2014   pkcs11_cert_private = DISABLED
Thu Jul 17 21:45:29 2014   pkcs11_cert_private = DISABLED
Thu Jul 17 21:45:29 2014   pkcs11_cert_private = DISABLED
Thu Jul 17 21:45:29 2014   pkcs11_cert_private = DISABLED
Thu Jul 17 21:45:29 2014   pkcs11_cert_private = DISABLED
Thu Jul 17 21:45:29 2014   pkcs11_cert_private = DISABLED
Thu Jul 17 21:45:29 2014   pkcs11_cert_private = DISABLED
Thu Jul 17 21:45:29 2014   pkcs11_cert_private = DISABLED
Thu Jul 17 21:45:29 2014   pkcs11_cert_private = DISABLED
Thu Jul 17 21:45:29 2014   pkcs11_pin_cache_period = -1
Thu Jul 17 21:45:29 2014   pkcs11_id = '[UNDEF]'
Thu Jul 17 21:45:29 2014   pkcs11_id_management = DISABLED
Thu Jul 17 21:45:29 2014   server_network = 0.0.0.0
Thu Jul 17 21:45:29 2014   server_netmask = 0.0.0.0
Thu Jul 17 21:45:29 2014   server_network_ipv6 = ::
Thu Jul 17 21:45:29 2014   server_netbits_ipv6 = 0
Thu Jul 17 21:45:29 2014   server_bridge_ip = 0.0.0.0
Thu Jul 17 21:45:29 2014   server_bridge_netmask = 0.0.0.0
Thu Jul 17 21:45:29 2014   server_bridge_pool_start = 0.0.0.0
Thu Jul 17 21:45:29 2014   server_bridge_pool_end = 0.0.0.0
Thu Jul 17 21:45:29 2014   ifconfig_pool_defined = DISABLED
Thu Jul 17 21:45:29 2014   ifconfig_pool_start = 0.0.0.0
Thu Jul 17 21:45:29 2014   ifconfig_pool_end = 0.0.0.0
Thu Jul 17 21:45:29 2014   ifconfig_pool_netmask = 0.0.0.0
Thu Jul 17 21:45:29 2014   ifconfig_pool_persist_filename = '[UNDEF]'
Thu Jul 17 21:45:29 2014   ifconfig_pool_persist_refresh_freq = 600
Thu Jul 17 21:45:29 2014   ifconfig_ipv6_pool_defined = DISABLED
Thu Jul 17 21:45:29 2014   ifconfig_ipv6_pool_base = ::
Thu Jul 17 21:45:29 2014   ifconfig_ipv6_pool_netbits = 0
Thu Jul 17 21:45:29 2014   n_bcast_buf = 256
Thu Jul 17 21:45:29 2014   tcp_queue_limit = 64
Thu Jul 17 21:45:29 2014   real_hash_size = 256
Thu Jul 17 21:45:29 2014   virtual_hash_size = 256
Thu Jul 17 21:45:29 2014   client_connect_script = '[UNDEF]'
Thu Jul 17 21:45:29 2014   learn_address_script = '[UNDEF]'
Thu Jul 17 21:45:29 2014   client_disconnect_script = '[UNDEF]'
Thu Jul 17 21:45:29 2014   client_config_dir = '[UNDEF]'
Thu Jul 17 21:45:29 2014   ccd_exclusive = DISABLED
Thu Jul 17 21:45:29 2014   tmp_dir = 'C:\tmp\'
Thu Jul 17 21:45:29 2014   push_ifconfig_defined = DISABLED
Thu Jul 17 21:45:29 2014   push_ifconfig_local = 0.0.0.0
Thu Jul 17 21:45:29 2014   push_ifconfig_remote_netmask = 0.0.0.0
Thu Jul 17 21:45:29 2014   push_ifconfig_ipv6_defined = DISABLED
Thu Jul 17 21:45:29 2014   push_ifconfig_ipv6_local = ::/0
Thu Jul 17 21:45:29 2014   push_ifconfig_ipv6_remote = ::
Thu Jul 17 21:45:29 2014   enable_c2c = DISABLED
Thu Jul 17 21:45:29 2014   duplicate_cn = DISABLED
Thu Jul 17 21:45:29 2014   cf_max = 0
Thu Jul 17 21:45:29 2014   cf_per = 0
Thu Jul 17 21:45:29 2014   max_clients = 1024
Thu Jul 17 21:45:29 2014   max_routes_per_client = 256
Thu Jul 17 21:45:29 2014   auth_user_pass_verify_script = '[UNDEF]'
Thu Jul 17 21:45:29 2014   auth_user_pass_verify_script_via_file = DISABLED
Thu Jul 17 21:45:29 2014   client = ENABLED
Thu Jul 17 21:45:29 2014   pull = ENABLED
Thu Jul 17 21:45:29 2014   auth_user_pass_file = '[UNDEF]'
Thu Jul 17 21:45:29 2014   show_net_up = DISABLED
Thu Jul 17 21:45:29 2014   route_method = 0
Thu Jul 17 21:45:29 2014   ip_win32_defined = DISABLED
Thu Jul 17 21:45:29 2014   ip_win32_type = 3
Thu Jul 17 21:45:29 2014   dhcp_masq_offset = 0
Thu Jul 17 21:45:29 2014   dhcp_lease_time = 31536000
Thu Jul 17 21:45:29 2014   tap_sleep = 0
Thu Jul 17 21:45:29 2014   dhcp_options = DISABLED
Thu Jul 17 21:45:29 2014   dhcp_renew = DISABLED
Thu Jul 17 21:45:29 2014   dhcp_pre_release = DISABLED
Thu Jul 17 21:45:29 2014   dhcp_release = DISABLED
Thu Jul 17 21:45:29 2014   domain = '[UNDEF]'
Thu Jul 17 21:45:29 2014   netbios_scope = '[UNDEF]'
Thu Jul 17 21:45:29 2014   netbios_node_type = 0
Thu Jul 17 21:45:29 2014   disable_nbt = DISABLED
Thu Jul 17 21:45:29 2014 OpenVPN 2.3.4 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Jun  5 2014
Thu Jul 17 21:45:29 2014 library versions: OpenSSL 1.0.1h 5 Jun 2014, LZO 2.05
Thu Jul 17 21:45:29 2014 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25341
Thu Jul 17 21:45:29 2014 Need hold release from management interface, waiting...
Thu Jul 17 21:45:30 2014 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25341
Thu Jul 17 21:45:30 2014 MANAGEMENT: CMD 'state on'
Thu Jul 17 21:45:30 2014 MANAGEMENT: CMD 'log all on'
Thu Jul 17 21:45:30 2014 MANAGEMENT: CMD 'hold off'
Thu Jul 17 21:45:30 2014 MANAGEMENT: CMD 'hold release'
Thu Jul 17 21:45:30 2014 LZO compression initialized
Thu Jul 17 21:45:30 2014 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
Thu Jul 17 21:45:30 2014 Socket Buffers: R=[8192->8192] S=[8192->8192]
Thu Jul 17 21:45:30 2014 MANAGEMENT: >STATE:1405626330,RESOLVE,,,
Thu Jul 17 21:45:30 2014 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
Thu Jul 17 21:45:30 2014 Local Options String: 'V4,dev-type tap,link-mtu 1574,tun-mtu 1532,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Thu Jul 17 21:45:30 2014 Expected Remote Options String: 'V4,dev-type tap,link-mtu 1574,tun-mtu 1532,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Thu Jul 17 21:45:30 2014 Local Options hash (VER=V4): 'd79ca330'
Thu Jul 17 21:45:30 2014 Expected Remote Options hash (VER=V4): 'f7df56b8'
Thu Jul 17 21:45:30 2014 UDPv4 link local: [undef]
Thu Jul 17 21:45:30 2014 UDPv4 link remote: [AF_INET]<isp-modem-router-ip>:1194
Thu Jul 17 21:45:30 2014 MANAGEMENT: >STATE:1405626330,WAIT,,,
Thu Jul 17 21:45:30 2014 MANAGEMENT: >STATE:1405626330,AUTH,,,
Thu Jul 17 21:45:30 2014 TLS: Initial packet from [AF_INET]<isp-modem-router-ip>:1194, sid=bbfbd4d3 dae7a5ee
Thu Jul 17 21:45:30 2014 VERIFY OK: depth=1, C=<Country>, ST=<State>, L=<City>, O=<Org>, OU=<OrgUnit>, CN=<CommonName>, name=<name>, emailAddress=<emailAddress>
Thu Jul 17 21:45:30 2014 VERIFY OK: nsCertType=SERVER
Thu Jul 17 21:45:30 2014 VERIFY OK: depth=0, C=<Country>, ST=<State>, L=<City>, O=<Org>, OU=<OrgUnit>, CN=<VPNServerCommonName>, name=<name>, emailAddress=<emailAddress>
Thu Jul 17 21:45:31 2014 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Jul 17 21:45:31 2014 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Jul 17 21:45:31 2014 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Jul 17 21:45:31 2014 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Jul 17 21:45:31 2014 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Thu Jul 17 21:45:31 2014 [server] Peer Connection Initiated with [AF_INET]<isp-modem-router-ip>:1194
Thu Jul 17 21:45:32 2014 MANAGEMENT: >STATE:1405626332,GET_CONFIG,,,
Thu Jul 17 21:45:33 2014 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Thu Jul 17 21:45:33 2014 PUSH: Received control message: 'PUSH_REPLY,route-gateway dhcp,ping 10,ping-restart 120'
Thu Jul 17 21:45:33 2014 OPTIONS IMPORT: timers and/or timeouts modified
Thu Jul 17 21:45:33 2014 OPTIONS IMPORT: route-related options modified
Thu Jul 17 21:45:33 2014 open_tun, tt->ipv6=0
Thu Jul 17 21:45:33 2014 TAP-WIN32 device [TAP-Windows Adapter V9] opened: \\.\Global\{E48A1C92-CA3F-4AD3-B1B4-3352CBE1FCD6}.tap
Thu Jul 17 21:45:33 2014 TAP-Windows Driver Version 9.9 
Thu Jul 17 21:45:33 2014 TAP-Windows MTU=1500
Thu Jul 17 21:45:33 2014 Successful ARP Flush on interface [38] {E48A1C92-CA3F-4AD3-B1B4-3352CBE1FCD6}
Thu Jul 17 21:45:33 2014 Extracted DHCP router address: 192.168.0.1
Thu Jul 17 21:45:38 2014 TEST ROUTES: 0/0 succeeded len=0 ret=1 a=0 u/d=up
Thu Jul 17 21:45:38 2014 Initialization Sequence Completed
Thu Jul 17 21:45:38 2014 MANAGEMENT: >STATE:1405626338,CONNECTED,SUCCESS,,<isp-modem-router-ip>


I am a bit confused about this line
Thu Jul 17 21:45:33 2014 Extracted DHCP router address: 192.168.0.1
The dhcp server is running on 192.168.0.4 (also the host which runs the openvpn server is running). 192.168.0.1 is the isp-modem-router which has dhcp capability but which is disabled.



[1] https://community.openvpn.net/openvpn/wiki/Hardening
Top
dx2
OpenVpn Newbie
Posts: 14
Joined: Thu Jul 17, 2014 5:52 pm

Re: Bridge mode, cannot connect to hosts on vpn network

Post by dx2 » Thu Jul 17, 2014 9:54 pm

Sorry, just noticed I accidentally posted in wrong forum, please delete.
Right thread here: topic16409.html
Top
Locked

Return to “Installation Help”