Help! I'm a newbie to OpenVPN, want to make a routed server

This forum is for all inquiries relating to the installation of OpenVPN from source and with binaries.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please visit (and READ) the OpenVPN HowTo http://openvpn.net/howto prior to asking any questions in here!
Post Reply
Kezarious
OpenVpn Newbie
Posts: 4
Joined: Fri Apr 24, 2015 10:42 pm

Help! I'm a newbie to OpenVPN, want to make a routed server

Post by Kezarious » Fri Apr 24, 2015 11:01 pm

So, I need help. I've tried following the HOW-TO guide to set up a routed server between myself(server/client) and two friends(clients), but it's awfully unhelpful to newcomers to all of this. Regardless, I picked through the guide managed to get everything created, to the best of my limited knowledge, as well as config files for each of us, and the server.

The current situation is I start the server.ovpn on my friend's PC(the server for purposes of testing), it seems to start successfully. I then started up my client server on my laptop, hooked up to his PC via a router with ethernet cables, to get around our university's annoying proxy interfering, and get a direct connection between us two.

To test, I'm unable to ping the server's default address of 10.8.0.1 without my client loaded, so I'm reasonably sure the ethernet cable won't be an issue. Loading up my client, I come to the first problem. The client, if loaded successfully, should show the 'Initialization Sequence Completed' but it isn't, and also, when attempting to ping the server address, it failed and timed out.

I would really appreciate if someone could help us out with this, and explain things in layman's terms if possible. If we need to get technical, I'll try to follow along, but as I mentioned above, the three of us are newbies. We know a little bit about port forwarding, but haven't always been successful. And of course the university's proxy gets in the way of that.

This is important to us because we're attempting to make a company in the near future, and having a secure VPN would be essential..

Many thanks,

Kezarious

User avatar
Traffic
OpenVPN Protagonist
Posts: 4066
Joined: Sat Aug 09, 2014 11:24 am

Re: Help! I'm a newbie to OpenVPN, want to make a routed ser

Post by Traffic » Mon Apr 27, 2015 10:55 am

Please post configs and logs ..

Kezarious
OpenVpn Newbie
Posts: 4
Joined: Fri Apr 24, 2015 10:42 pm

Re: Help! I'm a newbie to OpenVPN, want to make a routed ser

Post by Kezarious » Fri May 08, 2015 8:50 pm

Hi, I should have done that in the first instance... sorry.

The config for my laptop(client) is

Code: Select all

client

;dev tap
dev tun

;dev-node MyTap

;proto tcp
proto udp

remote 10.8.0.0 1194
;remote my-server-2 1194

;remote-random

resolv-retry infinite

nobind

;user nobody
;group nobody

persist-key
persist-tun

;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]

;mute-replay-warnings

ca "c:\\openvpnkeys\\ca.crt"
cert "c:\\openvpnkeys\\kez-laptop.crt"
key "c:\\openvpnkeys\\kez-laptop.key"

remote-cert-tls server

;tls-auth ta.key 1

;cipher x

comp-lzo

verb 4

mute 20
The server config is

Code: Select all

;local a.b.c.d

port 1194

;proto tcp
proto udp


;dev tap
dev tun

;dev-node MyTap

ca "C:\\VPN\\server\\ca.crt"
cert "C:\\VPN\\server\\server.crt"
key "C:\\VPN\\server\\server.key"  # This file should be kept secret

dh "C:\\VPN\\server\\dh1024.pem"

topology subnet

server 10.8.0.0 255.255.255.0

;ifconfig-pool-persist "c:\\openvpnkeys\\ipp.txt"

;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100

;server-bridge

;push "route 192.168.10.0 255.255.255.0"
;push "route 192.168.20.0 255.255.255.0"

;learn-address ./script

;push "redirect-gateway def1 bypass-dhcp"

;push "dhcp-option DNS 208.67.222.222"
;push "dhcp-option DNS 208.67.220.220"

client-to-client

;duplicate-cn

keepalive 10 120

;tls-auth ta.key 0 # This file is secret

;cipher BF-CBC        # Blowfish (default)
;cipher AES-128-CBC   # AES
;cipher DES-EDE3-CBC  # Triple-DES

comp-lzo

;max-clients 100

;user nobody
;group nobody

persist-key
persist-tun

status "C:\\VPN\\server\\openvpn-status.log"

log         "C:\\VPN\\server\\openvpn.log"
;log-append  "c:\\openvpnkeys\\openvpn.log"

verb 6

mute 20
The openvpn log file is:

Code: Select all

Fri May 08 21:24:49 2015 us=721408 Current Parameter Settings:
Fri May 08 21:24:49 2015 us=722408   config = 'C:\VPN\server\server.ovpn'
Fri May 08 21:24:49 2015 us=722408   mode = 1
Fri May 08 21:24:49 2015 us=722408   show_ciphers = DISABLED
Fri May 08 21:24:49 2015 us=722408   show_digests = DISABLED
Fri May 08 21:24:49 2015 us=722408   show_engines = DISABLED
Fri May 08 21:24:49 2015 us=722408   genkey = DISABLED
Fri May 08 21:24:49 2015 us=722408   key_pass_file = '[UNDEF]'
Fri May 08 21:24:49 2015 us=722408   show_tls_ciphers = DISABLED
Fri May 08 21:24:49 2015 us=722408 Connection profiles [default]:
Fri May 08 21:24:49 2015 us=723408   proto = udp
Fri May 08 21:24:49 2015 us=723408   local = '[UNDEF]'
Fri May 08 21:24:49 2015 us=723408   local_port = 1194
Fri May 08 21:24:49 2015 us=723408   remote = '[UNDEF]'
Fri May 08 21:24:49 2015 us=723408   remote_port = 1194
Fri May 08 21:24:49 2015 us=723408   remote_float = DISABLED
Fri May 08 21:24:49 2015 us=723408   bind_defined = DISABLED
Fri May 08 21:24:49 2015 us=723408   bind_local = ENABLED
Fri May 08 21:24:49 2015 us=723408   connect_retry_seconds = 5
Fri May 08 21:24:49 2015 us=723408   connect_timeout = 10
Fri May 08 21:24:49 2015 us=723408 NOTE: --mute triggered...
Fri May 08 21:24:49 2015 us=723408 269 variation(s) on previous 20 message(s) suppressed by --mute
Fri May 08 21:24:49 2015 us=723408 OpenVPN 2.3.6 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Mar 19 2015
Fri May 08 21:24:49 2015 us=723408 library versions: OpenSSL 1.0.1m 19 Mar 2015, LZO 2.08
Fri May 08 21:24:49 2015 us=840415 Diffie-Hellman initialized with 1024 bit key
Fri May 08 21:24:49 2015 us=864417 TLS-Auth MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Fri May 08 21:24:49 2015 us=865417 Socket Buffers: R=[8192->8192] S=[8192->8192]
Fri May 08 21:24:49 2015 us=866417 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Fri May 08 21:24:49 2015 us=866417 open_tun, tt->ipv6=0
Fri May 08 21:24:49 2015 us=868417 TAP-WIN32 device [Local Area Connection 2] opened: \\.\Global\{D62E16F0-D5DC-4BBE-856F-BAE4FCB8A3F0}.tap
Fri May 08 21:24:49 2015 us=868417 TAP-Windows Driver Version 9.21 
Fri May 08 21:24:49 2015 us=868417 TAP-Windows MTU=1500
Fri May 08 21:24:49 2015 us=870417 Set TAP-Windows TUN subnet mode network/local/netmask = 10.8.0.0/10.8.0.1/255.255.255.0 [SUCCEEDED]
Fri May 08 21:24:49 2015 us=870417 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.8.0.1/255.255.255.0 on interface {D62E16F0-D5DC-4BBE-856F-BAE4FCB8A3F0} [DHCP-serv: 10.8.0.254, lease-time: 31536000]
Fri May 08 21:24:49 2015 us=870417 Sleeping for 10 seconds...
Fri May 08 21:24:59 2015 us=870989 NOTE: FlushIpNetTable failed on interface [22] {D62E16F0-D5DC-4BBE-856F-BAE4FCB8A3F0} (status=5) : Access is denied.  
Fri May 08 21:24:59 2015 us=872989 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Fri May 08 21:24:59 2015 us=872989 UDPv4 link local (bound): [undef]
Fri May 08 21:24:59 2015 us=872989 UDPv4 link remote: [undef]
Fri May 08 21:24:59 2015 us=872989 MULTI: multi_init called, r=256 v=256
Fri May 08 21:24:59 2015 us=872989 IFCONFIG POOL: base=10.8.0.2 size=252, ipv6=0
Fri May 08 21:24:59 2015 us=872989 Initialization Sequence Completed
The openvpn-status file is:

Code: Select all

OpenVPN CLIENT LIST
Updated,Fri May 08 21:36:16 2015
Common Name,Real Address,Bytes Received,Bytes Sent,Connected Since
ROUTING TABLE
Virtual Address,Common Name,Real Address,Last Ref
GLOBAL STATS
Max bcast/mcast queue length,0
END
These are all of the log files I have, since I can't find a way to get log files for the clients. Hope this helps you guys figure out what's going wrong.

Kezarious
OpenVpn Newbie
Posts: 4
Joined: Fri Apr 24, 2015 10:42 pm

Re: Help! I'm a newbie to OpenVPN, want to make a routed ser

Post by Kezarious » Fri May 15, 2015 3:39 pm

Hi, I should have done that in the first instance... sorry.

The config for my laptop(client) is

Code: Select all

client

;dev tap
dev tun

;dev-node MyTap

;proto tcp
proto udp

remote 10.8.0.0 1194
;remote my-server-2 1194

;remote-random

resolv-retry infinite

nobind

;user nobody
;group nobody

persist-key
persist-tun

;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]

;mute-replay-warnings

ca "c:\\openvpnkeys\\ca.crt"
cert "c:\\openvpnkeys\\kez-laptop.crt"
key "c:\\openvpnkeys\\kez-laptop.key"

remote-cert-tls server

;tls-auth ta.key 1

;cipher x

comp-lzo

verb 4

mute 20
The server config is

Code: Select all

;local a.b.c.d

port 1194

;proto tcp
proto udp


;dev tap
dev tun

;dev-node MyTap

ca "C:\\VPN\\server\\ca.crt"
cert "C:\\VPN\\server\\server.crt"
key "C:\\VPN\\server\\server.key"  # This file should be kept secret

dh "C:\\VPN\\server\\dh1024.pem"

topology subnet

server 10.8.0.0 255.255.255.0

;ifconfig-pool-persist "c:\\openvpnkeys\\ipp.txt"

;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100

;server-bridge

;push "route 192.168.10.0 255.255.255.0"
;push "route 192.168.20.0 255.255.255.0"

;learn-address ./script

;push "redirect-gateway def1 bypass-dhcp"

;push "dhcp-option DNS 208.67.222.222"
;push "dhcp-option DNS 208.67.220.220"

client-to-client

;duplicate-cn

keepalive 10 120

;tls-auth ta.key 0 # This file is secret

;cipher BF-CBC        # Blowfish (default)
;cipher AES-128-CBC   # AES
;cipher DES-EDE3-CBC  # Triple-DES

comp-lzo

;max-clients 100

;user nobody
;group nobody

persist-key
persist-tun

status "C:\\VPN\\server\\openvpn-status.log"

log         "C:\\VPN\\server\\openvpn.log"
;log-append  "c:\\openvpnkeys\\openvpn.log"

verb 6

mute 20
The openvpn log file is:

Code: Select all

Fri May 08 21:24:49 2015 us=721408 Current Parameter Settings:
Fri May 08 21:24:49 2015 us=722408   config = 'C:\VPN\server\server.ovpn'
Fri May 08 21:24:49 2015 us=722408   mode = 1
Fri May 08 21:24:49 2015 us=722408   show_ciphers = DISABLED
Fri May 08 21:24:49 2015 us=722408   show_digests = DISABLED
Fri May 08 21:24:49 2015 us=722408   show_engines = DISABLED
Fri May 08 21:24:49 2015 us=722408   genkey = DISABLED
Fri May 08 21:24:49 2015 us=722408   key_pass_file = '[UNDEF]'
Fri May 08 21:24:49 2015 us=722408   show_tls_ciphers = DISABLED
Fri May 08 21:24:49 2015 us=722408 Connection profiles [default]:
Fri May 08 21:24:49 2015 us=723408   proto = udp
Fri May 08 21:24:49 2015 us=723408   local = '[UNDEF]'
Fri May 08 21:24:49 2015 us=723408   local_port = 1194
Fri May 08 21:24:49 2015 us=723408   remote = '[UNDEF]'
Fri May 08 21:24:49 2015 us=723408   remote_port = 1194
Fri May 08 21:24:49 2015 us=723408   remote_float = DISABLED
Fri May 08 21:24:49 2015 us=723408   bind_defined = DISABLED
Fri May 08 21:24:49 2015 us=723408   bind_local = ENABLED
Fri May 08 21:24:49 2015 us=723408   connect_retry_seconds = 5
Fri May 08 21:24:49 2015 us=723408   connect_timeout = 10
Fri May 08 21:24:49 2015 us=723408 NOTE: --mute triggered...
Fri May 08 21:24:49 2015 us=723408 269 variation(s) on previous 20 message(s) suppressed by --mute
Fri May 08 21:24:49 2015 us=723408 OpenVPN 2.3.6 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Mar 19 2015
Fri May 08 21:24:49 2015 us=723408 library versions: OpenSSL 1.0.1m 19 Mar 2015, LZO 2.08
Fri May 08 21:24:49 2015 us=840415 Diffie-Hellman initialized with 1024 bit key
Fri May 08 21:24:49 2015 us=864417 TLS-Auth MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Fri May 08 21:24:49 2015 us=865417 Socket Buffers: R=[8192->8192] S=[8192->8192]
Fri May 08 21:24:49 2015 us=866417 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Fri May 08 21:24:49 2015 us=866417 open_tun, tt->ipv6=0
Fri May 08 21:24:49 2015 us=868417 TAP-WIN32 device [Local Area Connection 2] opened: \\.\Global\{D62E16F0-D5DC-4BBE-856F-BAE4FCB8A3F0}.tap
Fri May 08 21:24:49 2015 us=868417 TAP-Windows Driver Version 9.21 
Fri May 08 21:24:49 2015 us=868417 TAP-Windows MTU=1500
Fri May 08 21:24:49 2015 us=870417 Set TAP-Windows TUN subnet mode network/local/netmask = 10.8.0.0/10.8.0.1/255.255.255.0 [SUCCEEDED]
Fri May 08 21:24:49 2015 us=870417 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.8.0.1/255.255.255.0 on interface {D62E16F0-D5DC-4BBE-856F-BAE4FCB8A3F0} [DHCP-serv: 10.8.0.254, lease-time: 31536000]
Fri May 08 21:24:49 2015 us=870417 Sleeping for 10 seconds...
Fri May 08 21:24:59 2015 us=870989 NOTE: FlushIpNetTable failed on interface [22] {D62E16F0-D5DC-4BBE-856F-BAE4FCB8A3F0} (status=5) : Access is denied.  
Fri May 08 21:24:59 2015 us=872989 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Fri May 08 21:24:59 2015 us=872989 UDPv4 link local (bound): [undef]
Fri May 08 21:24:59 2015 us=872989 UDPv4 link remote: [undef]
Fri May 08 21:24:59 2015 us=872989 MULTI: multi_init called, r=256 v=256
Fri May 08 21:24:59 2015 us=872989 IFCONFIG POOL: base=10.8.0.2 size=252, ipv6=0
Fri May 08 21:24:59 2015 us=872989 Initialization Sequence Completed
The openvpn-status file is:

Code: Select all

OpenVPN CLIENT LIST
Updated,Fri May 08 21:36:16 2015
Common Name,Real Address,Bytes Received,Bytes Sent,Connected Since
ROUTING TABLE
Virtual Address,Common Name,Real Address,Last Ref
GLOBAL STATS
Max bcast/mcast queue length,0
END
These are all of the log files I have, since I can't find a way to get log files for the clients. Hope this helps you guys figure out what's going wrong.

Kezarious
OpenVpn Newbie
Posts: 4
Joined: Fri Apr 24, 2015 10:42 pm

Re: Help! I'm a newbie to OpenVPN, want to make a routed ser

Post by Kezarious » Mon May 18, 2015 1:05 pm

This is really weird. I've posted a reply twice now, with the logs in code sections, but it's not showing my post, even though it's been around two weeks.

User avatar
Traffic
OpenVPN Protagonist
Posts: 4066
Joined: Sat Aug 09, 2014 11:24 am

Re: Help! I'm a newbie to OpenVPN, want to make a routed ser

Post by Traffic » Mon Nov 23, 2015 9:12 pm

Kezarious wrote:The openvpn log file is: (which log file server or client .. see below)
Code:
Fri May 08 21:24:49 2015 us=721408 Current Parameter Settings:
Fri May 08 21:24:49 2015 us=722408 config = 'C:\VPN\server\server.ovpn'
<..>
Fri May 08 21:24:49 2015 us=723408 NOTE: --mute triggered...

### Disable --mute in server.ovpn for better results ...

Fri May 08 21:24:49 2015 us=723408 269 variation(s) on previous 20 message(s) suppressed by --mute
Fri May 08 21:24:49 2015 us=723408 OpenVPN 2.3.6 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Mar 19 2015
Fri May 08 21:24:49 2015 us=723408 library versions: OpenSSL 1.0.1m 19 Mar 2015, LZO 2.08

Fri May 08 21:24:49 2015 us=870417 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.8.0.1/255.255.255.0 on interface {D62E16F0-D5DC-4BBE-856F-BAE4FCB8A3F0} [DHCP-serv: 10.8.0.254, lease-time: 31536000]
Fri May 08 21:24:49 2015 us=870417 Sleeping for 10 seconds...
Fri May 08 21:24:59 2015 us=870989 NOTE: FlushIpNetTable failed on interface [22] {D62E16F0-D5DC-4BBE-856F-BAE4FCB8A3F0} (status=5) : Access is denied.

Fri May 08 21:24:59 2015 us=872989 Initialization Sequence Completed
Access is denied .. You must Run-As Administrator .. please check that.

Post Reply