[Solved]OpenVPN connection failed

[hansgso]

Today I installed a new VPN server, and got some problems in connecting to the server from a windows client.

I got this output from the windows client:

Fri Feb 13 15:37:23 2015 OpenVPN 2.3.6 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO][PKCS11] [IPv6] built on Dec 1 2014
Fri Feb 13 15:37:23 2015 library versions: OpenSSL 1.0.1j 15 Oct 2014, LZO 2.08
Fri Feb 13 15:37:24 2015 Socket Buffers: R=[8192->8192] S=[8192->8192]
Fri Feb 13 15:37:24 2015 UDPv4 link local: [undef]
Fri Feb 13 15:37:24 2015 UDPv4 link remote: [AF_INET]192.168.3.80:1194
Fri Feb 13 15:37:24 2015 TLS: Initial packet from [AF_INET]192.168.3.80:1194, sid=fb3a86d3 8d2e7e19
Fri Feb 13 15:37:24 2015 VERIFY OK: depth=1, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=Fort-Funston CA, name=EasyRSA, emailAddress=me@myhost.mydomain
Fri Feb 13 15:37:24 2015 VERIFY OK: nsCertType=SERVER
Fri Feb 13 15:37:24 2015 VERIFY OK: depth=0, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=server, name=EasyRSA, emailAddress=me@myhost.mydomain
Fri Feb 13 15:37:24 2015 Data Channel Encrypt: Cipher 'BF-CBC' initialized with128 bit key
Fri Feb 13 15:37:24 2015 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Feb 13 15:37:24 2015 Data Channel Decrypt: Cipher 'BF-CBC' initialized with128 bit key
Fri Feb 13 15:37:24 2015 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Feb 13 15:37:24 2015 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Fri Feb 13 15:37:24 2015 [server] Peer Connection Initiated with [AF_INET]192.168.3.80:1194
Fri Feb 13 15:37:26 2015 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Fri Feb 13 15:37:26 2015 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 8.8.8.8,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5'
Fri Feb 13 15:37:26 2015 OPTIONS IMPORT: timers and/or timeouts modified
Fri Feb 13 15:37:26 2015 OPTIONS IMPORT: --ifconfig/up options modified
Fri Feb 13 15:37:26 2015 OPTIONS IMPORT: route options modified
Fri Feb 13 15:37:26 2015 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Fri Feb 13 15:37:26 2015 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Fri Feb 13 15:37:26 2015 open_tun, tt->ipv6=0
Fri Feb 13 15:37:26 2015 TAP-WIN32 device [Local Area Connection 3] opened: \\.\Global\{AACDE402-454D-43F2-979E-CDBF437671AE}.tap
Fri Feb 13 15:37:26 2015 TAP-Windows Driver Version 9.21
Fri Feb 13 15:37:26 2015 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.8.0.6/255.255.255.252 on interface {AACDE402-454D-43F2-979E-CDBF437671AE} [DHCP-serv: 10.8.0.5, lease-time: 31536000]
Fri Feb 13 15:37:26 2015 NOTE: FlushIpNetTable failed on interface [20] {AACDE402-454D-43F2-979E-CDBF437671AE} (status=5) : Access is denied.
Fri Feb 13 15:37:31 2015 TEST ROUTES: 2/2 succeeded len=1 ret=1 a=0 u/d=up
Fri Feb 13 15:37:31 2015 C:\Windows\system32\route.exe ADD 192.168.3.80 MASK 255.255.255.255 192.168.3.1 IF 13
Fri Feb 13 15:37:31 2015 ROUTE: route addition failed using CreateIpForwardEntry: Access is denied. [status=5 if_index=13]
Fri Feb 13 15:37:31 2015 Route addition via IPAPI failed [adaptive]
Fri Feb 13 15:37:31 2015 Route addition fallback to route.exe
Fri Feb 13 15:37:31 2015 env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
Fri Feb 13 15:37:32 2015 ERROR: Windows route add command failed [adaptive]: returned error code 1
Fri Feb 13 15:37:32 2015 C:\Windows\system32\route.exe ADD 192.168.3.1 MASK 255.255.255.255 192.168.3.1 IF 13
Fri Feb 13 15:37:32 2015 ROUTE: route addition failed using CreateIpForwardEntry: Access is denied. [status=5 if_index=13]
Fri Feb 13 15:37:32 2015 Route addition via IPAPI failed [adaptive]
Fri Feb 13 15:37:32 2015 Route addition fallback to route.exe
Fri Feb 13 15:37:32 2015 env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
Fri Feb 13 15:37:32 2015 ERROR: Windows route add command failed [adaptive]: returned error code 1
Fri Feb 13 15:37:32 2015 C:\Windows\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.8.0.5
Fri Feb 13 15:37:32 2015 ROUTE: route addition failed using CreateIpForwardEntry: Access is denied. [status=5 if_index=20]
Fri Feb 13 15:37:32 2015 Route addition via IPAPI failed [adaptive]
Fri Feb 13 15:37:32 2015 Route addition fallback to route.exe
Fri Feb 13 15:37:32 2015 env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
Fri Feb 13 15:37:32 2015 ERROR: Windows route add command failed [adaptive]: returned error code 1
Fri Feb 13 15:37:32 2015 C:\Windows\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.8.0.5
Fri Feb 13 15:37:32 2015 ROUTE: route addition failed using CreateIpForwardEntry: Access is denied. [status=5 if_index=20]
Fri Feb 13 15:37:32 2015 Route addition via IPAPI failed [adaptive]
Fri Feb 13 15:37:32 2015 Route addition fallback to route.exe
Fri Feb 13 15:37:32 2015 env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
Fri Feb 13 15:37:32 2015 ERROR: Windows route add command failed [adaptive]: returned error code 1
Fri Feb 13 15:37:32 2015 C:\Windows\system32\route.exe ADD 10.8.0.1 MASK 255.255.255.255 10.8.0.5
Fri Feb 13 15:37:32 2015 ROUTE: route addition failed using CreateIpForwardEntry: Access is denied. [status=5 if_index=20]
Fri Feb 13 15:37:32 2015 Route addition via IPAPI failed [adaptive]
Fri Feb 13 15:37:32 2015 Route addition fallback to route.exe
Fri Feb 13 15:37:32 2015 env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
Fri Feb 13 15:37:32 2015 ERROR: Windows route add command failed [adaptive]: returned error code 1
Fri Feb 13 15:37:32 2015 Initialization Sequence Completed

I see an error when adding a route but beside that U see a strange ip-address in the route command, because 10.8.0.5 is not used by me or the remote network. It should be something like 192.168.168.x.

Why does the route add fail and how can I set the right ip-address?

Hans

[maikcat]

are you running openvpn with admin rights?

also post your configs used.

Michael.

[hansgso]

OK, I see.

When running as administrator this works.

Hans