can connect to openvpn server but cannot ping it

This forum is for all inquiries relating to the installation of OpenVPN from source and with binaries.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please visit (and READ) the OpenVPN HowTo http://openvpn.net/howto prior to asking any questions in here!
Post Reply
dodenkoda
OpenVpn Newbie
Posts: 1
Joined: Wed Jun 03, 2015 4:07 am

can connect to openvpn server but cannot ping it

Post by dodenkoda » Wed Jun 03, 2015 4:34 am

hi, i'm install and configure openvpn on ubuntu and try to run the client on windows. the client succes to connect and get ip from server but somehow cannot ping it.
the current condition windows' firewall is off and i also already give server this

Code: Select all

iptables -A INPUT -i tun+ -j ACCEPT
client config

Code: Select all

#OpenVPN client conf
tls-client
client
dev tun
proto udp
nobind
tun-mtu 1400
remote 169.254.139.100 1194
pkcs12 te.p12
cipher RC2-CBC
comp-lzo
verb 3
ns-cert-type server
server config

Code: Select all

port 1194
proto udp
dev tun
ca /usr/share/easy-rsa/keys/ca.crt
cert /usr/share/easy-rsa/keys/server1.crt
key /usr/share/easy-rsa/keys/server1.key
dh /usr/share/easy-rsa/keys/dh2048.pem
server 10.96.214.0 255.255.255.0
ifconfig-pool-persist ipp.txt
keepalive 10 120
comp-lzo
cipher RC2-CBC
persist-key
persist-tun
status openvpn-status.log
verb 3
here client log

Code: Select all

Tue Jun 02 20:16:21 2015 OpenVPN 2.3.6 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Mar 19 2015
Tue Jun 02 20:16:21 2015 library versions: OpenSSL 1.0.1m 19 Mar 2015, LZO 2.08
Enter Management Password:
Tue Jun 02 20:16:21 2015 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25344
Tue Jun 02 20:16:21 2015 Need hold release from management interface, waiting...
Tue Jun 02 20:16:21 2015 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25344
Tue Jun 02 20:16:21 2015 MANAGEMENT: CMD 'state on'
Tue Jun 02 20:16:21 2015 MANAGEMENT: CMD 'log all on'
Tue Jun 02 20:16:21 2015 MANAGEMENT: CMD 'hold off'
Tue Jun 02 20:16:21 2015 MANAGEMENT: CMD 'hold release'
Tue Jun 02 20:16:26 2015 MANAGEMENT: CMD 'password [...]'
Tue Jun 02 20:16:26 2015 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Tue Jun 02 20:16:26 2015 WARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 1400)
Tue Jun 02 20:16:26 2015 Socket Buffers: R=[8192->8192] S=[8192->8192]
Tue Jun 02 20:16:26 2015 UDPv4 link local: [undef]
Tue Jun 02 20:16:26 2015 UDPv4 link remote: [AF_INET]169.254.139.100:1194
Tue Jun 02 20:16:26 2015 MANAGEMENT: >STATE:1433301386,WAIT,,,
Tue Jun 02 20:16:26 2015 MANAGEMENT: >STATE:1433301386,AUTH,,,
Tue Jun 02 20:16:26 2015 TLS: Initial packet from [AF_INET]169.254.139.100:1194, sid=01a2c77a d20c146c
Tue Jun 02 20:16:26 2015 VERIFY OK: depth=1, C=DE, O=pa sandre, CN=pa sandre CA
Tue Jun 02 20:16:26 2015 VERIFY OK: nsCertType=SERVER
Tue Jun 02 20:16:26 2015 VERIFY OK: depth=0, C=DE, O=pa sandre, CN=192.168.1.100
Tue Jun 02 20:16:26 2015 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1442', remote='link-mtu 1441'
Tue Jun 02 20:16:26 2015 WARNING: 'comp-lzo' is present in local config but missing in remote config, local='comp-lzo'
Tue Jun 02 20:16:26 2015 Data Channel Encrypt: Cipher 'RC2-CBC' initialized with 128 bit key
Tue Jun 02 20:16:26 2015 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jun 02 20:16:26 2015 Data Channel Decrypt: Cipher 'RC2-CBC' initialized with 128 bit key
Tue Jun 02 20:16:26 2015 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jun 02 20:16:26 2015 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Tue Jun 02 20:16:26 2015 [192.168.1.100] Peer Connection Initiated with [AF_INET]169.254.139.100:1194
Tue Jun 02 20:16:27 2015 MANAGEMENT: >STATE:1433301387,GET_CONFIG,,,
Tue Jun 02 20:16:28 2015 SENT CONTROL [192.168.1.100]: 'PUSH_REQUEST' (status=1)
Tue Jun 02 20:16:28 2015 PUSH: Received control message: 'PUSH_REPLY,route 192.168.1.0 255.255.255.0,redirect-gateway def1,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route 10.96.214.0 255.255.255.0,topology net30,ping 10,ping-restart 60,ifconfig 10.96.214.6 10.96.214.5'
Tue Jun 02 20:16:28 2015 OPTIONS IMPORT: timers and/or timeouts modified
Tue Jun 02 20:16:28 2015 OPTIONS IMPORT: --ifconfig/up options modified
Tue Jun 02 20:16:28 2015 OPTIONS IMPORT: route options modified
Tue Jun 02 20:16:28 2015 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Tue Jun 02 20:16:28 2015 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Tue Jun 02 20:16:28 2015 MANAGEMENT: >STATE:1433301388,ASSIGN_IP,,10.96.214.6,
Tue Jun 02 20:16:28 2015 open_tun, tt->ipv6=0
Tue Jun 02 20:16:28 2015 TAP-WIN32 device [Local Area Connection 3] opened: \\.\Global\{B49819C7-1BBA-432B-9884-246FEA0FCFEC}.tap
Tue Jun 02 20:16:28 2015 TAP-Windows Driver Version 9.21 
Tue Jun 02 20:16:28 2015 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.96.214.6/255.255.255.252 on interface {B49819C7-1BBA-432B-9884-246FEA0FCFEC} [DHCP-serv: 10.96.214.5, lease-time: 31536000]
Tue Jun 02 20:16:28 2015 Successful ARP Flush on interface [16] {B49819C7-1BBA-432B-9884-246FEA0FCFEC}
Tue Jun 02 20:16:33 2015 TEST ROUTES: 3/3 succeeded len=2 ret=1 a=0 u/d=up
Tue Jun 02 20:16:33 2015 NOTE: unable to redirect default gateway -- Cannot read current default gateway from system
Tue Jun 02 20:16:33 2015 MANAGEMENT: >STATE:1433301393,ADD_ROUTES,,,
Tue Jun 02 20:16:33 2015 C:\Windows\system32\route.exe ADD 192.168.1.0 MASK 255.255.255.0 10.96.214.5
Tue Jun 02 20:16:33 2015 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
Tue Jun 02 20:16:33 2015 Route addition via IPAPI succeeded [adaptive]
Tue Jun 02 20:16:33 2015 C:\Windows\system32\route.exe ADD 10.96.214.0 MASK 255.255.255.0 10.96.214.5
Tue Jun 02 20:16:33 2015 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
Tue Jun 02 20:16:33 2015 Route addition via IPAPI succeeded [adaptive]
Tue Jun 02 20:16:33 2015 Initialization Sequence Completed
Tue Jun 02 20:16:33 2015 MANAGEMENT: >STATE:1433301393,CONNECTED,SUCCESS,10.96.214.6,169.254.139.100
Tue Jun 02 20:17:28 2015 [192.168.1.100] Inactivity timeout (--ping-restart), restarting
Tue Jun 02 20:17:28 2015 C:\Windows\system32\route.exe DELETE 10.96.214.0 MASK 255.255.255.0 10.96.214.5
Tue Jun 02 20:17:28 2015 Route deletion via IPAPI succeeded [adaptive]
Tue Jun 02 20:17:28 2015 C:\Windows\system32\route.exe DELETE 192.168.1.0 MASK 255.255.255.0 10.96.214.5
Tue Jun 02 20:17:28 2015 Route deletion via IPAPI succeeded [adaptive]
Tue Jun 02 20:17:28 2015 Closing TUN/TAP interface
Tue Jun 02 20:17:28 2015 SIGUSR1[soft,ping-restart] received, process restarting
Tue Jun 02 20:17:28 2015 MANAGEMENT: >STATE:1433301448,RECONNECTING,ping-restart,,
Tue Jun 02 20:17:28 2015 Restart pause, 2 second(s)
Tue Jun 02 20:17:30 2015 WARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 1400)
Tue Jun 02 20:17:30 2015 Socket Buffers: R=[8192->8192] S=[8192->8192]
Tue Jun 02 20:17:30 2015 UDPv4 link local: [undef]
Tue Jun 02 20:17:30 2015 UDPv4 link remote: [AF_INET]169.254.139.100:1194
Tue Jun 02 20:17:30 2015 MANAGEMENT: >STATE:1433301450,WAIT,,,
Tue Jun 02 20:17:30 2015 MANAGEMENT: >STATE:1433301450,AUTH,,,
Tue Jun 02 20:17:30 2015 TLS: Initial packet from [AF_INET]169.254.139.100:1194, sid=a7ec56fb da8990d9
Tue Jun 02 20:17:30 2015 VERIFY OK: depth=1, C=DE, O=pa sandre, CN=pa sandre CA
Tue Jun 02 20:17:30 2015 VERIFY OK: nsCertType=SERVER
Tue Jun 02 20:17:30 2015 VERIFY OK: depth=0, C=DE, O=pa sandre, CN=192.168.1.100
Tue Jun 02 20:17:30 2015 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1442', remote='link-mtu 1441'
Tue Jun 02 20:17:30 2015 WARNING: 'comp-lzo' is present in local config but missing in remote config, local='comp-lzo'
Tue Jun 02 20:17:30 2015 Data Channel Encrypt: Cipher 'RC2-CBC' initialized with 128 bit key
Tue Jun 02 20:17:30 2015 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jun 02 20:17:30 2015 Data Channel Decrypt: Cipher 'RC2-CBC' initialized with 128 bit key
Tue Jun 02 20:17:30 2015 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jun 02 20:17:30 2015 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Tue Jun 02 20:17:30 2015 [192.168.1.100] Peer Connection Initiated with [AF_INET]169.254.139.100:1194
Tue Jun 02 20:17:32 2015 MANAGEMENT: >STATE:1433301452,GET_CONFIG,,,
Tue Jun 02 20:17:33 2015 SENT CONTROL [192.168.1.100]: 'PUSH_REQUEST' (status=1)
Tue Jun 02 20:17:33 2015 PUSH: Received control message: 'PUSH_REPLY,route 192.168.1.0 255.255.255.0,redirect-gateway def1,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route 10.96.214.0 255.255.255.0,topology net30,ping 10,ping-restart 60,ifconfig 10.96.214.6 10.96.214.5'
Tue Jun 02 20:17:33 2015 OPTIONS IMPORT: timers and/or timeouts modified
Tue Jun 02 20:17:33 2015 OPTIONS IMPORT: --ifconfig/up options modified
Tue Jun 02 20:17:33 2015 OPTIONS IMPORT: route options modified
Tue Jun 02 20:17:33 2015 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Tue Jun 02 20:17:33 2015 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Tue Jun 02 20:17:33 2015 MANAGEMENT: >STATE:1433301453,ASSIGN_IP,,10.96.214.6,
Tue Jun 02 20:17:33 2015 open_tun, tt->ipv6=0
Tue Jun 02 20:17:33 2015 TAP-WIN32 device [Local Area Connection 3] opened: \\.\Global\{B49819C7-1BBA-432B-9884-246FEA0FCFEC}.tap
Tue Jun 02 20:17:33 2015 TAP-Windows Driver Version 9.21 
Tue Jun 02 20:17:33 2015 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.96.214.6/255.255.255.252 on interface {B49819C7-1BBA-432B-9884-246FEA0FCFEC} [DHCP-serv: 10.96.214.5, lease-time: 31536000]
Tue Jun 02 20:17:33 2015 Successful ARP Flush on interface [16] {B49819C7-1BBA-432B-9884-246FEA0FCFEC}
Tue Jun 02 20:17:38 2015 TEST ROUTES: 3/3 succeeded len=2 ret=1 a=0 u/d=up
Tue Jun 02 20:17:38 2015 NOTE: unable to redirect default gateway -- Cannot read current default gateway from system
Tue Jun 02 20:17:38 2015 MANAGEMENT: >STATE:1433301458,ADD_ROUTES,,,
Tue Jun 02 20:17:38 2015 C:\Windows\system32\route.exe ADD 192.168.1.0 MASK 255.255.255.0 10.96.214.5
Tue Jun 02 20:17:38 2015 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
Tue Jun 02 20:17:38 2015 Route addition via IPAPI succeeded [adaptive]
Tue Jun 02 20:17:38 2015 C:\Windows\system32\route.exe ADD 10.96.214.0 MASK 255.255.255.0 10.96.214.5
Tue Jun 02 20:17:38 2015 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
Tue Jun 02 20:17:38 2015 Route addition via IPAPI succeeded [adaptive]
Tue Jun 02 20:17:38 2015 Initialization Sequence Completed
Tue Jun 02 20:17:38 2015 MANAGEMENT: >STATE:1433301458,CONNECTED,SUCCESS,10.96.214.6,169.254.139.100
Tue Jun 02 20:18:33 2015 [192.168.1.100] Inactivity timeout (--ping-restart), restarting
Tue Jun 02 20:18:33 2015 C:\Windows\system32\route.exe DELETE 10.96.214.0 MASK 255.255.255.0 10.96.214.5
Tue Jun 02 20:18:33 2015 Route deletion via IPAPI succeeded [adaptive]
Tue Jun 02 20:18:33 2015 C:\Windows\system32\route.exe DELETE 192.168.1.0 MASK 255.255.255.0 10.96.214.5
Tue Jun 02 20:18:33 2015 Route deletion via IPAPI succeeded [adaptive]
Tue Jun 02 20:18:33 2015 Closing TUN/TAP interface
Tue Jun 02 20:18:33 2015 SIGUSR1[soft,ping-restart] received, process restarting
Tue Jun 02 20:18:33 2015 MANAGEMENT: >STATE:1433301513,RECONNECTING,ping-restart,,
Tue Jun 02 20:18:33 2015 Restart pause, 2 second(s)
Tue Jun 02 20:18:35 2015 WARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 1400)
Tue Jun 02 20:18:35 2015 Socket Buffers: R=[8192->8192] S=[8192->8192]
Tue Jun 02 20:18:35 2015 UDPv4 link local: [undef]
Tue Jun 02 20:18:35 2015 UDPv4 link remote: [AF_INET]169.254.139.100:1194
Tue Jun 02 20:18:35 2015 MANAGEMENT: >STATE:1433301515,WAIT,,,
Tue Jun 02 20:18:35 2015 MANAGEMENT: >STATE:1433301515,AUTH,,,
Tue Jun 02 20:18:35 2015 TLS: Initial packet from [AF_INET]169.254.139.100:1194, sid=29b0c4eb 31f60825
Tue Jun 02 20:18:35 2015 VERIFY OK: depth=1, C=DE, O=pa sandre, CN=pa sandre CA
Tue Jun 02 20:18:35 2015 VERIFY OK: nsCertType=SERVER
Tue Jun 02 20:18:35 2015 VERIFY OK: depth=0, C=DE, O=pa sandre, CN=192.168.1.100
Tue Jun 02 20:18:35 2015 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1442', remote='link-mtu 1441'
Tue Jun 02 20:18:35 2015 WARNING: 'comp-lzo' is present in local config but missing in remote config, local='comp-lzo'
Tue Jun 02 20:18:35 2015 Data Channel Encrypt: Cipher 'RC2-CBC' initialized with 128 bit key
Tue Jun 02 20:18:35 2015 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jun 02 20:18:35 2015 Data Channel Decrypt: Cipher 'RC2-CBC' initialized with 128 bit key
Tue Jun 02 20:18:35 2015 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jun 02 20:18:35 2015 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Tue Jun 02 20:18:35 2015 [192.168.1.100] Peer Connection Initiated with [AF_INET]169.254.139.100:1194
Tue Jun 02 20:18:36 2015 MANAGEMENT: >STATE:1433301516,GET_CONFIG,,,
Tue Jun 02 20:18:38 2015 SENT CONTROL [192.168.1.100]: 'PUSH_REQUEST' (status=1)
Tue Jun 02 20:18:38 2015 PUSH: Received control message: 'PUSH_REPLY,route 192.168.1.0 255.255.255.0,redirect-gateway def1,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route 10.96.214.0 255.255.255.0,topology net30,ping 10,ping-restart 60,ifconfig 10.96.214.6 10.96.214.5'
Tue Jun 02 20:18:38 2015 OPTIONS IMPORT: timers and/or timeouts modified
Tue Jun 02 20:18:38 2015 OPTIONS IMPORT: --ifconfig/up options modified
Tue Jun 02 20:18:38 2015 OPTIONS IMPORT: route options modified
Tue Jun 02 20:18:38 2015 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Tue Jun 02 20:18:38 2015 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Tue Jun 02 20:18:38 2015 MANAGEMENT: >STATE:1433301518,ASSIGN_IP,,10.96.214.6,
thanks
Top
User avatar
Traffic
OpenVPN Protagonist
Posts: 4066
Joined: Sat Aug 09, 2014 11:24 am

Re: can connect to openvpn server but cannot ping it

Post by Traffic » Fri Jun 12, 2015 11:41 am

dodenkoda wrote:client config
Code:
#OpenVPN client conf

tun-mtu 1400 ### Remove this

remote 169.254.139.100 1194
169.254.x.x indicates that your server does not have DHCP setup correctly .. Make sure your server gets a proper IP address from DHCP server.

Also:
  • NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x. Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
Top
Post Reply

Return to “Installation Help”