Windows OpenVPN client TUN/TAP timeout with static IP, but Linux client works

This forum is for admins who are looking to build or expand their OpenVPN setup.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
tracyj
OpenVpn Newbie
Posts: 3
Joined: Fri Jun 08, 2018 8:40 pm

Windows OpenVPN client TUN/TAP timeout with static IP, but Linux client works

Post by tracyj » Fri Jun 08, 2018 11:06 pm

I have one Linux server running openvpn, and two clients. One client is a Windows client, and the other one is a Linux client. Both were working just fine. I then decided that I wanted to set them up to use a static IP address. So, I set client-config-dir to point to a ccd directory containing my client configuration. My Openvpn windows client works perfectly when I don't have the client configuration file in the ccd directory on the server, but it fails as soon as the client configuration file is in the ccd directory on the server.

I then tried the Linux client with the client configuration file in the ccd directory on the server, and it works perfectly. I assigns the given IP address that I set up in the client configuration file as expected. My question is, why does it work with Linux, but not for windows when I am setting a static IP address. I have included my Linux Openvpn server configuration file and both the Windows and Linux Openvpn client configurations files. I have also attached the client configuration file that goes in the ccd directory.

I also provided both the client and server logs for three test cases. The first test case is when windows fails to connect. It times out with a TUN/TAP timeout. The second test case was when windows succeeds. In this case, I removed the client configuration from the ccd directory. The third case is when the Linux client succeeds, and the client configuration is in the ccd directory.

Linux Openvpn Server Configuration

local 10.1.10.2
port 1194
proto udp
dev tap0
ca /etc/openvpn/ca.crt
cert /etc/openvpn/server.crt
key /etc/openvpn/server.key
dh /etc/openvpn/dh1024.pem
ifconfig-pool-persist ipp.txt
server-bridge 10.1.10.1 255.255.255.0 10.1.10.105 10.1.10.115
client-to-client
keepalive 10 120
tls-auth /etc/openvpn/ta.key 0
cipher AES-256-CBC
comp-lzo
max-clients 10
user nobody
group nogroup
persist-key
persist-tun
status /etc/openvpn/openvpn-status.log
log-append /etc/openvpn/openvpn_server.log
verb 3
client-config-dir /etc/openvpn/ccd


Windows Openvpn Client Configuration

client
dev tap
ifconfig 10.1.10.1 255.255.255.0
proto udp
remote 77.77.77.77 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca "c:\\Users\\tracy\\OpenVPN\\config\\client\\ca.crt"
cert "c:\\Users\\tracy\\OpenVPN\\config\\client\\client7.crt"
key "c:\\Users\\tracy\\OpenVPN\\config\\client\\client7.key"
remote-cert-tls server
tls-auth "c:\\Users\\tracy\\OpenVPN\\config\\client\\ta.key" 1
cipher AES-256-CBC
keysize 256
comp-lzo
tun-mtu 1532
auth-nocache
verb 3


Linux Openvpn Client Configuration

client
dev tap0
proto udp
remote 77.77.77.77 1194
resolv-retry infinite
nobind
persist-key
persist-tun
log-append openvpn_client.log
ca /etc/openvpn/ca.crt
cert /etc/openvpn/client7.crt
key /etc/openvpn/client7.key
ns-cert-type server
tls-auth /etc/openvpn/ta.key 1
cipher AES-256-CBC
keysize 256
comp-lzo
link-mtu 1590
verb 3


Client Configuration File in ccd Directory

ifconfig-push 10.1.10.200 10.1.10.2


Log of Windows Client Failure Using Static IP

Thu Jun 07 16:17:54 2018 WARNING: --keysize is DEPRECATED and will be removed in OpenVPN 2.6
Thu Jun 07 16:17:54 2018 OpenVPN 2.4.4 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Sep 26 2017
Thu Jun 07 16:17:54 2018 Windows version 6.2 (Windows 8 or greater) 64bit
Thu Jun 07 16:17:54 2018 library versions: OpenSSL 1.0.2l 25 May 2017, LZO 2.10
Enter Management Password:
Thu Jun 07 16:17:54 2018 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Thu Jun 07 16:17:54 2018 Need hold release from management interface, waiting...
Thu Jun 07 16:17:55 2018 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Thu Jun 07 16:17:55 2018 MANAGEMENT: CMD 'state on'
Thu Jun 07 16:17:55 2018 MANAGEMENT: CMD 'log all on'
Thu Jun 07 16:17:55 2018 MANAGEMENT: CMD 'echo all on'
Thu Jun 07 16:17:55 2018 MANAGEMENT: CMD 'hold off'
Thu Jun 07 16:17:55 2018 MANAGEMENT: CMD 'hold release'
Thu Jun 07 16:17:55 2018 WARNING: using --pull/--client and --ifconfig together is probably not what you want
Thu Jun 07 16:17:55 2018 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Jun 07 16:17:55 2018 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Jun 07 16:17:55 2018 WARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 1532)
Thu Jun 07 16:17:55 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]77.77.77.77:1194
Thu Jun 07 16:17:55 2018 Socket Buffers: R=[65536->65536] S=[65536->65536]
Thu Jun 07 16:17:55 2018 UDP link local: (not bound)
Thu Jun 07 16:17:55 2018 UDP link remote: [AF_INET]77.77.77.77:1194
Thu Jun 07 16:17:55 2018 MANAGEMENT: >STATE:1528413475,WAIT,,,,,,
Thu Jun 07 16:17:55 2018 MANAGEMENT: >STATE:1528413475,AUTH,,,,,,
Thu Jun 07 16:17:55 2018 TLS: Initial packet from [AF_INET]77.77.77.77:1194, sid=6952f734 6a007cda
Thu Jun 07 16:17:56 2018 VERIFY OK: depth=1, C=US, ST=UT, L=Salt Lake, O=xxxxxxx, OU=stiserver1, CN=stiserver1, name=stiserver1, emailAddress=xxxxxxxxxx
Thu Jun 07 16:17:56 2018 VERIFY KU OK
Thu Jun 07 16:17:56 2018 Validating certificate extended key usage
Thu Jun 07 16:17:56 2018 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Thu Jun 07 16:17:56 2018 VERIFY EKU OK
Thu Jun 07 16:17:56 2018 VERIFY OK: depth=0, C=US, ST=UT, L=Salt Lake, O=xxxxxxx, OU=stiserver1, CN=server, name=stiserver1, emailAddress=xxxxxxxxxx
Thu Jun 07 16:17:56 2018 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1622', remote='link-mtu 1590'
Thu Jun 07 16:17:56 2018 WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1564', remote='tun-mtu 1532'
Thu Jun 07 16:17:56 2018 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Thu Jun 07 16:17:56 2018 [server] Peer Connection Initiated with [AF_INET]77.77.77.77:1194
Thu Jun 07 16:17:57 2018 MANAGEMENT: >STATE:1528413477,GET_CONFIG,,,,,,
Thu Jun 07 16:17:57 2018 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Thu Jun 07 16:17:57 2018 PUSH: Received control message: 'PUSH_REPLY,route-gateway 10.1.10.1,ping 10,ping-restart 120,ifconfig 10.1.10.200 10.1.10.2'
Thu Jun 07 16:17:57 2018 OPTIONS IMPORT: timers and/or timeouts modified
Thu Jun 07 16:17:57 2018 OPTIONS IMPORT: --ifconfig/up options modified
Thu Jun 07 16:17:57 2018 OPTIONS IMPORT: route-related options modified
Thu Jun 07 16:17:57 2018 Outgoing Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
Thu Jun 07 16:17:57 2018 Outgoing Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Jun 07 16:17:57 2018 Incoming Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
Thu Jun 07 16:17:57 2018 Incoming Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Jun 07 16:17:57 2018 WARNING: Since you are using --dev tap, the second argument to --ifconfig must be a netmask, for example something like 255.255.255.0. (silence this warning with --ifconfig-nowarn)
Thu Jun 07 16:17:57 2018 interactive service msg_channel=752
Thu Jun 07 16:17:57 2018 open_tun
Thu Jun 07 16:17:57 2018 TAP-WIN32 device [Ethernet 2] opened: \\.\Global\{CF32B125-8AC7-4053-B4FC-0231B5B02A7D}.tap
Thu Jun 07 16:17:57 2018 TAP-Windows Driver Version 9.21
Thu Jun 07 16:17:57 2018 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.1.10.200/10.1.10.2 on interface {CF32B125-8AC7-4053-B4FC-0231B5B02A7D} [DHCP-serv: 10.1.10.0, lease-time: 31536000]
Thu Jun 07 16:17:57 2018 Successful ARP Flush on interface [18] {CF32B125-8AC7-4053-B4FC-0231B5B02A7D}
Thu Jun 07 16:17:57 2018 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Thu Jun 07 16:17:57 2018 MANAGEMENT: >STATE:1528413477,ASSIGN_IP,,10.1.10.200,,,,
Thu Jun 07 16:18:02 2018 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
Thu Jun 07 16:18:02 2018 Route: Waiting for TUN/TAP interface to come up...
Thu Jun 07 16:18:07 2018 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
Thu Jun 07 16:18:07 2018 Route: Waiting for TUN/TAP interface to come up...
Thu Jun 07 16:18:08 2018 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
Thu Jun 07 16:18:08 2018 Route: Waiting for TUN/TAP interface to come up...
Thu Jun 07 16:18:09 2018 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
Thu Jun 07 16:18:09 2018 Route: Waiting for TUN/TAP interface to come up...
Thu Jun 07 16:18:10 2018 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
Thu Jun 07 16:18:10 2018 Route: Waiting for TUN/TAP interface to come up...
Thu Jun 07 16:18:11 2018 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
Thu Jun 07 16:18:11 2018 Route: Waiting for TUN/TAP interface to come up...
Thu Jun 07 16:18:12 2018 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
Thu Jun 07 16:18:12 2018 Route: Waiting for TUN/TAP interface to come up...
Thu Jun 07 16:18:13 2018 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
Thu Jun 07 16:18:13 2018 Route: Waiting for TUN/TAP interface to come up...
Thu Jun 07 16:18:14 2018 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
Thu Jun 07 16:18:14 2018 Route: Waiting for TUN/TAP interface to come up...
Thu Jun 07 16:18:15 2018 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
Thu Jun 07 16:18:15 2018 Route: Waiting for TUN/TAP interface to come up...
Thu Jun 07 16:18:16 2018 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
Thu Jun 07 16:18:16 2018 Route: Waiting for TUN/TAP interface to come up...
Thu Jun 07 16:18:17 2018 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
Thu Jun 07 16:18:17 2018 Route: Waiting for TUN/TAP interface to come up...
Thu Jun 07 16:18:18 2018 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
Thu Jun 07 16:18:18 2018 Route: Waiting for TUN/TAP interface to come up...
Thu Jun 07 16:18:19 2018 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
Thu Jun 07 16:18:19 2018 Route: Waiting for TUN/TAP interface to come up...
Thu Jun 07 16:18:20 2018 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
Thu Jun 07 16:18:20 2018 Route: Waiting for TUN/TAP interface to come up...
Thu Jun 07 16:18:21 2018 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
Thu Jun 07 16:18:21 2018 Route: Waiting for TUN/TAP interface to come up...
Thu Jun 07 16:18:22 2018 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
Thu Jun 07 16:18:22 2018 Route: Waiting for TUN/TAP interface to come up...
Thu Jun 07 16:18:23 2018 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
Thu Jun 07 16:18:23 2018 Route: Waiting for TUN/TAP interface to come up...
Thu Jun 07 16:18:24 2018 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
Thu Jun 07 16:18:24 2018 Route: Waiting for TUN/TAP interface to come up...
Thu Jun 07 16:18:25 2018 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
Thu Jun 07 16:18:25 2018 Route: Waiting for TUN/TAP interface to come up...
Thu Jun 07 16:18:26 2018 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
Thu Jun 07 16:18:26 2018 Route: Waiting for TUN/TAP interface to come up...
Thu Jun 07 16:18:27 2018 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
Thu Jun 07 16:18:27 2018 Route: Waiting for TUN/TAP interface to come up...
Thu Jun 07 16:18:28 2018 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
Thu Jun 07 16:18:28 2018 Route: Waiting for TUN/TAP interface to come up...
Thu Jun 07 16:18:29 2018 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
Thu Jun 07 16:18:29 2018 Route: Waiting for TUN/TAP interface to come up...
Thu Jun 07 16:18:30 2018 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
Thu Jun 07 16:18:30 2018 Route: Waiting for TUN/TAP interface to come up...
Thu Jun 07 16:18:31 2018 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
Thu Jun 07 16:18:31 2018 Route: Waiting for TUN/TAP interface to come up...
Thu Jun 07 16:18:32 2018 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
SYSTEM ROUTING TABLE
0.0.0.0 0.0.0.0 192.168.43.1 p=0 i=2 t=4 pr=3 a=2000 h=0 m=55/0/0/0/0
127.0.0.0 255.0.0.0 127.0.0.1 p=0 i=1 t=3 pr=2 a=301384 h=0 m=331/0/0/0/0
127.0.0.1 255.255.255.255 127.0.0.1 p=0 i=1 t=3 pr=2 a=301384 h=0 m=331/0/0/0/0
127.255.255.255 255.255.255.255 127.0.0.1 p=0 i=1 t=3 pr=2 a=301384 h=0 m=331/0/0/0/0
192.168.43.0 255.255.255.0 192.168.43.192 p=0 i=2 t=3 pr=2 a=2000 h=0 m=311/0/0/0/0
192.168.43.192 255.255.255.255 192.168.43.192 p=0 i=2 t=3 pr=2 a=2000 h=0 m=311/0/0/0/0
192.168.43.255 255.255.255.255 192.168.43.192 p=0 i=2 t=3 pr=2 a=2000 h=0 m=311/0/0/0/0
192.168.56.0 255.255.255.0 192.168.56.1 p=0 i=16 t=3 pr=2 a=301379 h=0 m=281/0/0/0/0
192.168.56.1 255.255.255.255 192.168.56.1 p=0 i=16 t=3 pr=2 a=301379 h=0 m=281/0/0/0/0
192.168.56.255 255.255.255.255 192.168.56.1 p=0 i=16 t=3 pr=2 a=301379 h=0 m=281/0/0/0/0
224.0.0.0 240.0.0.0 127.0.0.1 p=0 i=1 t=3 pr=2 a=301384 h=0 m=331/0/0/0/0
224.0.0.0 240.0.0.0 192.168.56.1 p=0 i=16 t=3 pr=2 a=301382 h=0 m=281/0/0/0/0
224.0.0.0 240.0.0.0 192.168.43.192 p=0 i=2 t=3 pr=2 a=301365 h=0 m=311/0/0/0/0
224.0.0.0 240.0.0.0 0.0.0.0 p=0 i=18 t=3 pr=2 a=17418 h=0 m=291/0/0/0/0
255.255.255.255 255.255.255.255 127.0.0.1 p=0 i=1 t=3 pr=2 a=301384 h=0 m=331/0/0/0/0
255.255.255.255 255.255.255.255 192.168.56.1 p=0 i=16 t=3 pr=2 a=301382 h=0 m=281/0/0/0/0
255.255.255.255 255.255.255.255 192.168.43.192 p=0 i=2 t=3 pr=2 a=301365 h=0 m=311/0/0/0/0
255.255.255.255 255.255.255.255 0.0.0.0 p=0 i=18 t=3 pr=2 a=17418 h=0 m=291/0/0/0/0
SYSTEM ADAPTER LIST
Killer e2400 Gigabit Ethernet Controller
Index = 24
GUID = {FC2BBEC5-8E14-45EB-81AE-B5AE332B58FD}
IP = 0.0.0.0/0.0.0.0
MAC = dd:dd:dd:dd:dd:dd
GATEWAY = 10.1.10.1/255.255.255.255
DHCP SERV =
DHCP LEASE OBTAINED = Thu Jun 07 16:18:32 2018
DHCP LEASE EXPIRES = Thu Jun 07 16:18:32 2018
DNS SERV =
TAP-Windows Adapter V9
Index = 18
GUID = {CF32B125-8AC7-4053-B4FC-0231B5B02A7D}
IP = 0.0.0.0/0.0.0.0
MAC = bb:bb:bb:bb:bb:bb
GATEWAY = 0.0.0.0/255.255.255.255
DHCP SERV = 0.0.0.0/255.255.255.255
DHCP LEASE OBTAINED = Thu Jun 07 16:18:32 2018
DHCP LEASE EXPIRES = Thu Jun 07 16:18:32 2018
DNS SERV =
VirtualBox Host-Only Ethernet Adapter #3
Index = 16
GUID = {9B72ABAE-447D-4C0E-B9AB-D50B7576B8B6}
IP = 192.168.56.1/255.255.255.0
MAC = aa:aa:aa:aa:aa:aa
GATEWAY = 0.0.0.0/255.255.255.255
DNS SERV =
Bluetooth Device (Personal Area Network) #2
Index = 6
GUID = {20776B1A-121F-4915-9968-15454CB2F904}
IP = 0.0.0.0/0.0.0.0
MAC = cc:cc:cc:cc:cc:cc
GATEWAY = 0.0.0.0/255.255.255.255
DHCP SERV =
DHCP LEASE OBTAINED = Thu Jun 07 16:18:32 2018
DHCP LEASE EXPIRES = Thu Jun 07 16:18:32 2018
DNS SERV =
Intel(R) Dual Band Wireless-AC 3165
Index = 2
GUID = {06E118C8-CF07-4B2C-BBEF-C77BF4986E03}
IP = 192.168.43.192/255.255.255.0
MAC = ff:ff:ff:ff:ff:ff
GATEWAY = 192.168.43.1/255.255.255.255
DHCP SERV = 192.168.43.1/255.255.255.255
DHCP LEASE OBTAINED = Thu Jun 07 15:50:10 2018
DHCP LEASE EXPIRES = Thu Jun 07 16:50:10 2018
DNS SERV = 192.168.43.1/255.255.255.255
Microsoft Wi-Fi Direct Virtual Adapter
Index = 23
GUID = {F7E46CEB-C121-45DE-AEF5-1C3554E6D024}
IP = 0.0.0.0/0.0.0.0
MAC = ee:ee:ee:ee:ee:ee
GATEWAY = 0.0.0.0/255.255.255.255
DHCP SERV =
DHCP LEASE OBTAINED = Thu Jun 07 16:18:32 2018
DHCP LEASE EXPIRES = Thu Jun 07 16:18:32 2018
DNS SERV =
Thu Jun 07 16:18:32 2018 Initialization Sequence Completed With Errors ( see http://openvpn.net/faq.html#dhcpclientserv )
Thu Jun 07 16:18:32 2018 MANAGEMENT: >STATE:1528413512,CONNECTED,ERROR,10.1.10.200,77.77.77.77,1194,,
Thu Jun 07 16:18:36 2018 Closing TUN/TAP interface
Thu Jun 07 16:18:36 2018 NOTE: Release of DHCP-assigned IP address lease on TAP-Windows adapter failed: The parameter is incorrect. (code=87)
Thu Jun 07 16:18:36 2018 SIGTERM[hard,] received, process exiting
Thu Jun 07 16:18:36 2018 MANAGEMENT: >STATE:1528413516,EXITING,SIGTERM,,,,,


Log of Linux Server Failure with Windows Client Using Static IP

Thu Jun 7 17:17:46 2018 OpenVPN 2.1.4 x86_64-unknown-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] built on Nov 4 2010
Thu Jun 7 17:17:46 2018 NOTE: when bridging your LAN adapter with the TAP adapter, note that the new bridge adapter will often take on its own IP address that is different from what the LAN adapter was previously set to
Thu Jun 7 17:17:46 2018 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Thu Jun 7 17:17:46 2018 Diffie-Hellman initialized with 1024 bit key
Thu Jun 7 17:17:46 2018 Control Channel Authentication: using '/etc/openvpn/ta.key' as a OpenVPN static key file
Thu Jun 7 17:17:46 2018 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Jun 7 17:17:46 2018 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Jun 7 17:17:46 2018 TLS-Auth MTU parms [ L:1590 D:166 EF:66 EB:0 ET:0 EL:0 ]
Thu Jun 7 17:17:46 2018 Socket Buffers: R=[126976->131072] S=[126976->131072]
Thu Jun 7 17:17:46 2018 TUN/TAP device tap0 opened
Thu Jun 7 17:17:46 2018 TUN/TAP TX queue length set to 100
Thu Jun 7 17:17:46 2018 Data Channel MTU parms [ L:1590 D:1450 EF:58 EB:135 ET:32 EL:0 AF:3/1 ]
Thu Jun 7 17:17:46 2018 GID set to nogroup
Thu Jun 7 17:17:46 2018 UID set to nobody
Thu Jun 7 17:17:46 2018 UDPv4 link local (bound): 10.1.10.2:1194
Thu Jun 7 17:17:46 2018 UDPv4 link remote: [undef]
Thu Jun 7 17:17:46 2018 MULTI: multi_init called, r=256 v=256
Thu Jun 7 17:17:46 2018 IFCONFIG POOL: base=10.1.10.105 size=11
Thu Jun 7 17:17:46 2018 IFCONFIG POOL LIST
Thu Jun 7 17:17:46 2018 client7,10.1.10.105
Thu Jun 7 17:17:46 2018 client9,10.1.10.108
Thu Jun 7 17:17:46 2018 client2,10.1.10.112
Thu Jun 7 17:17:46 2018 Initialization Sequence Completed
Thu Jun 7 17:17:55 2018 MULTI: multi_create_instance called
Thu Jun 7 17:17:55 2018 174.208.11.157:9070 Re-using SSL/TLS context
Thu Jun 7 17:17:55 2018 174.208.11.157:9070 LZO compression initialized
Thu Jun 7 17:17:55 2018 174.208.11.157:9070 Control Channel MTU parms [ L:1590 D:166 EF:66 EB:0 ET:0 EL:0 ]
Thu Jun 7 17:17:55 2018 174.208.11.157:9070 Data Channel MTU parms [ L:1590 D:1450 EF:58 EB:135 ET:32 EL:0 AF:3/1 ]
Thu Jun 7 17:17:55 2018 174.208.11.157:9070 Local Options hash (VER=V4): '44bd8b5e'
Thu Jun 7 17:17:55 2018 174.208.11.157:9070 Expected Remote Options hash (VER=V4): '48527533'
Thu Jun 7 17:17:55 2018 174.208.11.157:9070 TLS: Initial packet from 174.208.11.157:9070, sid=25e29502 6dbc4264
Thu Jun 7 17:17:56 2018 174.208.11.157:9070 VERIFY OK: depth=1, /C=US/ST=UT/L=Salt_Lake/O=xxxxxxx/OU=stiserver1/CN=stiserver1/name=stiserver1/emailAddress=xxxxxxxxxx
Thu Jun 7 17:17:56 2018 174.208.11.157:9070 VERIFY OK: depth=0, /C=US/ST=UT/L=Salt_Lake/O=xxxxxxx/OU=stiserver1/CN=client7/name=stiserver1/emailAddress=xxxxxxxxxx
Thu Jun 7 17:17:56 2018 174.208.11.157:9070 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1590', remote='link-mtu 1622'
Thu Jun 7 17:17:56 2018 174.208.11.157:9070 WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1532', remote='tun-mtu 1564'
Thu Jun 7 17:17:56 2018 174.208.11.157:9070 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Thu Jun 7 17:17:56 2018 174.208.11.157:9070 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Jun 7 17:17:56 2018 174.208.11.157:9070 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Thu Jun 7 17:17:56 2018 174.208.11.157:9070 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Jun 7 17:17:56 2018 174.208.11.157:9070 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Thu Jun 7 17:17:56 2018 174.208.11.157:9070 [client7] Peer Connection Initiated with 174.208.11.157:9070
Thu Jun 7 17:17:56 2018 client7/174.208.11.157:9070 OPTIONS IMPORT: reading client specific options from: /etc/openvpn/ccd/client7
Thu Jun 7 17:17:57 2018 client7/174.208.11.157:9070 PUSH: Received control message: 'PUSH_REQUEST'
Thu Jun 7 17:17:57 2018 client7/174.208.11.157:9070 SENT CONTROL [client7]: 'PUSH_REPLY,route-gateway 10.1.10.1,ping 10,ping-restart 120,ifconfig 10.1.10.200 10.1.10.2' (status=1)
Thu Jun 7 17:17:57 2018 client7/174.208.11.157:9070 MULTI: Learn: 00:ff:cf:32:b1:25 -> client7/174.208.11.157:9070
Thu Jun 7 17:22:11 2018 event_wait : Interrupted system call (code=4)
Thu Jun 7 17:22:11 2018 TCP/UDP: Closing socket
Thu Jun 7 17:22:11 2018 Closing TUN/TAP interface
Thu Jun 7 17:22:11 2018 SIGTERM[hard,] received, process exiting


Log of Windows Client Success Not Using Static IP

Thu Jun 07 16:22:29 2018 WARNING: --keysize is DEPRECATED and will be removed in OpenVPN 2.6
Thu Jun 07 16:22:29 2018 OpenVPN 2.4.4 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Sep 26 2017
Thu Jun 07 16:22:29 2018 Windows version 6.2 (Windows 8 or greater) 64bit
Thu Jun 07 16:22:29 2018 library versions: OpenSSL 1.0.2l 25 May 2017, LZO 2.10
Enter Management Password:
Thu Jun 07 16:22:29 2018 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Thu Jun 07 16:22:29 2018 Need hold release from management interface, waiting...
Thu Jun 07 16:22:30 2018 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Thu Jun 07 16:22:30 2018 MANAGEMENT: CMD 'state on'
Thu Jun 07 16:22:30 2018 MANAGEMENT: CMD 'log all on'
Thu Jun 07 16:22:30 2018 MANAGEMENT: CMD 'echo all on'
Thu Jun 07 16:22:30 2018 MANAGEMENT: CMD 'hold off'
Thu Jun 07 16:22:30 2018 MANAGEMENT: CMD 'hold release'
Thu Jun 07 16:22:30 2018 WARNING: using --pull/--client and --ifconfig together is probably not what you want
Thu Jun 07 16:22:30 2018 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Jun 07 16:22:30 2018 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Jun 07 16:22:30 2018 WARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 1532)
Thu Jun 07 16:22:30 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]77.77.77.77:1194
Thu Jun 07 16:22:30 2018 Socket Buffers: R=[65536->65536] S=[65536->65536]
Thu Jun 07 16:22:30 2018 UDP link local: (not bound)
Thu Jun 07 16:22:30 2018 UDP link remote: [AF_INET]77.77.77.77:1194
Thu Jun 07 16:22:30 2018 MANAGEMENT: >STATE:1528413750,WAIT,,,,,,
Thu Jun 07 16:22:30 2018 MANAGEMENT: >STATE:1528413750,AUTH,,,,,,
Thu Jun 07 16:22:30 2018 TLS: Initial packet from [AF_INET]77.77.77.77:1194, sid=95d7edae f40fea23
Thu Jun 07 16:22:31 2018 VERIFY OK: depth=1, C=US, ST=UT, L=Salt Lake, O=xxxxxxx, OU=stiserver1, CN=stiserver1, name=stiserver1, emailAddress=xxxxxxxxxx
Thu Jun 07 16:22:31 2018 VERIFY KU OK
Thu Jun 07 16:22:31 2018 Validating certificate extended key usage
Thu Jun 07 16:22:31 2018 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Thu Jun 07 16:22:31 2018 VERIFY EKU OK
Thu Jun 07 16:22:31 2018 VERIFY OK: depth=0, C=US, ST=UT, L=Salt Lake, O=xxxxxxx, OU=stiserver1, CN=server, name=stiserver1, emailAddress=xxxxxxxxxx
Thu Jun 07 16:22:31 2018 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1622', remote='link-mtu 1590'
Thu Jun 07 16:22:31 2018 WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1564', remote='tun-mtu 1532'
Thu Jun 07 16:22:31 2018 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Thu Jun 07 16:22:31 2018 [server] Peer Connection Initiated with [AF_INET]77.77.77.77:1194
Thu Jun 07 16:22:32 2018 MANAGEMENT: >STATE:1528413752,GET_CONFIG,,,,,,
Thu Jun 07 16:22:32 2018 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Thu Jun 07 16:22:32 2018 PUSH: Received control message: 'PUSH_REPLY,route-gateway 10.1.10.1,ping 10,ping-restart 120,ifconfig 10.1.10.105 255.255.255.0'
Thu Jun 07 16:22:32 2018 OPTIONS IMPORT: timers and/or timeouts modified
Thu Jun 07 16:22:32 2018 OPTIONS IMPORT: --ifconfig/up options modified
Thu Jun 07 16:22:32 2018 OPTIONS IMPORT: route-related options modified
Thu Jun 07 16:22:32 2018 Outgoing Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
Thu Jun 07 16:22:32 2018 Outgoing Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Jun 07 16:22:32 2018 Incoming Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
Thu Jun 07 16:22:32 2018 Incoming Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Jun 07 16:22:32 2018 interactive service msg_channel=916
Thu Jun 07 16:22:32 2018 open_tun
Thu Jun 07 16:22:32 2018 TAP-WIN32 device [Ethernet 2] opened: \\.\Global\{CF32B125-8AC7-4053-B4FC-0231B5B02A7D}.tap
Thu Jun 07 16:22:32 2018 TAP-Windows Driver Version 9.21
Thu Jun 07 16:22:32 2018 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.1.10.105/255.255.255.0 on interface {CF32B125-8AC7-4053-B4FC-0231B5B02A7D} [DHCP-serv: 10.1.10.0, lease-time: 31536000]
Thu Jun 07 16:22:32 2018 Successful ARP Flush on interface [18] {CF32B125-8AC7-4053-B4FC-0231B5B02A7D}
Thu Jun 07 16:22:32 2018 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Thu Jun 07 16:22:32 2018 MANAGEMENT: >STATE:1528413752,ASSIGN_IP,,10.1.10.105,,,,
Thu Jun 07 16:22:37 2018 TEST ROUTES: 0/0 succeeded len=0 ret=1 a=0 u/d=up
Thu Jun 07 16:22:37 2018 Initialization Sequence Completed
Thu Jun 07 16:22:37 2018 MANAGEMENT: >STATE:1528413757,CONNECTED,SUCCESS,10.1.10.105,77.77.77.77,1194,,


Log of Linux Server Success with Windows Client Not Using Static IP

Thu Jun 7 17:22:16 2018 OpenVPN 2.1.4 x86_64-unknown-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] built on Nov 4 2010
Thu Jun 7 17:22:16 2018 NOTE: when bridging your LAN adapter with the TAP adapter, note that the new bridge adapter will often take on its own IP address that is different from what the LAN adapter was previously set to
Thu Jun 7 17:22:16 2018 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Thu Jun 7 17:22:16 2018 Diffie-Hellman initialized with 1024 bit key
Thu Jun 7 17:22:16 2018 Control Channel Authentication: using '/etc/openvpn/ta.key' as a OpenVPN static key file
Thu Jun 7 17:22:16 2018 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Jun 7 17:22:16 2018 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Jun 7 17:22:16 2018 TLS-Auth MTU parms [ L:1590 D:166 EF:66 EB:0 ET:0 EL:0 ]
Thu Jun 7 17:22:16 2018 Socket Buffers: R=[126976->131072] S=[126976->131072]
Thu Jun 7 17:22:16 2018 TUN/TAP device tap0 opened
Thu Jun 7 17:22:16 2018 TUN/TAP TX queue length set to 100
Thu Jun 7 17:22:16 2018 Data Channel MTU parms [ L:1590 D:1450 EF:58 EB:135 ET:32 EL:0 AF:3/1 ]
Thu Jun 7 17:22:16 2018 GID set to nogroup
Thu Jun 7 17:22:16 2018 UID set to nobody
Thu Jun 7 17:22:16 2018 UDPv4 link local (bound): 10.1.10.2:1194
Thu Jun 7 17:22:16 2018 UDPv4 link remote: [undef]
Thu Jun 7 17:22:16 2018 MULTI: multi_init called, r=256 v=256
Thu Jun 7 17:22:16 2018 IFCONFIG POOL: base=10.1.10.105 size=11
Thu Jun 7 17:22:16 2018 IFCONFIG POOL LIST
Thu Jun 7 17:22:16 2018 client7,10.1.10.105
Thu Jun 7 17:22:16 2018 client9,10.1.10.108
Thu Jun 7 17:22:16 2018 client2,10.1.10.112
Thu Jun 7 17:22:16 2018 Initialization Sequence Completed
Thu Jun 7 17:22:30 2018 MULTI: multi_create_instance called
Thu Jun 7 17:22:30 2018 174.208.11.157:9061 Re-using SSL/TLS context
Thu Jun 7 17:22:30 2018 174.208.11.157:9061 LZO compression initialized
Thu Jun 7 17:22:30 2018 174.208.11.157:9061 Control Channel MTU parms [ L:1590 D:166 EF:66 EB:0 ET:0 EL:0 ]
Thu Jun 7 17:22:30 2018 174.208.11.157:9061 Data Channel MTU parms [ L:1590 D:1450 EF:58 EB:135 ET:32 EL:0 AF:3/1 ]
Thu Jun 7 17:22:30 2018 174.208.11.157:9061 Local Options hash (VER=V4): '44bd8b5e'
Thu Jun 7 17:22:30 2018 174.208.11.157:9061 Expected Remote Options hash (VER=V4): '48527533'
Thu Jun 7 17:22:30 2018 174.208.11.157:9061 TLS: Initial packet from 174.208.11.157:9061, sid=af99a151 782c1617
Thu Jun 7 17:22:31 2018 174.208.11.157:9061 VERIFY OK: depth=1, /C=US/ST=UT/L=Salt_Lake/O=xxxxxxx/OU=stiserver1/CN=stiserver1/name=stiserver1/emailAddress=xxxxxxxxxx
Thu Jun 7 17:22:31 2018 174.208.11.157:9061 VERIFY OK: depth=0, /C=US/ST=UT/L=Salt_Lake/O=xxxxxxx/OU=stiserver1/CN=client7/name=stiserver1/emailAddress=xxxxxxxxxx
Thu Jun 7 17:22:31 2018 174.208.11.157:9061 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1590', remote='link-mtu 1622'
Thu Jun 7 17:22:31 2018 174.208.11.157:9061 WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1532', remote='tun-mtu 1564'
Thu Jun 7 17:22:31 2018 174.208.11.157:9061 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Thu Jun 7 17:22:31 2018 174.208.11.157:9061 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Jun 7 17:22:31 2018 174.208.11.157:9061 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Thu Jun 7 17:22:31 2018 174.208.11.157:9061 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Jun 7 17:22:31 2018 174.208.11.157:9061 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Thu Jun 7 17:22:31 2018 174.208.11.157:9061 [client7] Peer Connection Initiated with 174.208.11.157:9061
Thu Jun 7 17:22:32 2018 client7/174.208.11.157:9061 PUSH: Received control message: 'PUSH_REQUEST'
Thu Jun 7 17:22:32 2018 client7/174.208.11.157:9061 SENT CONTROL [client7]: 'PUSH_REPLY,route-gateway 10.1.10.1,ping 10,ping-restart 120,ifconfig 10.1.10.105 255.255.255.0' (status=1)
Thu Jun 7 17:22:32 2018 client7/174.208.11.157:9061 MULTI: Learn: 00:ff:cf:32:b1:25 -> client7/174.208.11.157:9061
Thu Jun 7 17:23:04 2018 client7/174.208.11.157:9061 Replay-window backtrack occurred [1]
Thu Jun 7 17:23:33 2018 client7/174.208.11.157:9061 Replay-window backtrack occurred [4]
Thu Jun 7 17:29:53 2018 read UDPv4 [EHOSTUNREACH]: No route to host (code=113)
Thu Jun 7 17:30:05 2018 client7/174.208.11.157:9061 [client7] Inactivity timeout (--ping-restart), restarting
Thu Jun 7 17:30:05 2018 client7/174.208.11.157:9061 SIGUSR1[soft,ping-restart] received, client-instance restarting
Thu Jun 7 17:31:13 2018 MULTI: multi_create_instance called
Thu Jun 7 17:31:13 2018 174.208.11.157:9059 Re-using SSL/TLS context
Thu Jun 7 17:31:13 2018 174.208.11.157:9059 LZO compression initialized
Thu Jun 7 17:31:13 2018 174.208.11.157:9059 Control Channel MTU parms [ L:1590 D:166 EF:66 EB:0 ET:0 EL:0 ]
Thu Jun 7 17:31:13 2018 174.208.11.157:9059 Data Channel MTU parms [ L:1590 D:1450 EF:58 EB:135 ET:32 EL:0 AF:3/1 ]
Thu Jun 7 17:31:13 2018 174.208.11.157:9059 Local Options hash (VER=V4): '44bd8b5e'
Thu Jun 7 17:31:13 2018 174.208.11.157:9059 Expected Remote Options hash (VER=V4): '48527533'
Thu Jun 7 17:31:13 2018 174.208.11.157:9059 TLS: Initial packet from 174.208.11.157:9059, sid=3acdb55f 9ff5eb38
Thu Jun 7 17:31:14 2018 174.208.11.157:9059 VERIFY OK: depth=1, /C=US/ST=UT/L=Salt_Lake/O=xxxxxxx/OU=stiserver1/CN=stiserver1/name=stiserver1/emailAddress=xxxxxxxxxx
Thu Jun 7 17:31:14 2018 174.208.11.157:9059 VERIFY OK: depth=0, /C=US/ST=UT/L=Salt_Lake/O=xxxxxxx/OU=stiserver1/CN=client7/name=stiserver1/emailAddress=xxxxxxxxxx
Thu Jun 7 17:31:14 2018 174.208.11.157:9059 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Thu Jun 7 17:31:14 2018 174.208.11.157:9059 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Jun 7 17:31:14 2018 174.208.11.157:9059 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Thu Jun 7 17:31:14 2018 174.208.11.157:9059 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Jun 7 17:31:14 2018 174.208.11.157:9059 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Thu Jun 7 17:31:14 2018 174.208.11.157:9059 [client7] Peer Connection Initiated with 174.208.11.157:9059
Thu Jun 7 17:31:16 2018 client7/174.208.11.157:9059 PUSH: Received control message: 'PUSH_REQUEST'
Thu Jun 7 17:31:16 2018 client7/174.208.11.157:9059 SENT CONTROL [client7]: 'PUSH_REPLY,route-gateway 10.1.10.1,ping 10,ping-restart 120,ifconfig 10.1.10.105 255.255.255.0' (status=1)
Thu Jun 7 17:31:16 2018 client7/174.208.11.157:9059 MULTI: Learn: 0e:77:4c:8f:95:04 -> client7/174.208.11.157:9059
Thu Jun 7 17:31:19 2018 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Thu Jun 7 17:31:28 2018 event_wait : Interrupted system call (code=4)
Thu Jun 7 17:31:28 2018 TCP/UDP: Closing socket
Thu Jun 7 17:31:28 2018 Closing TUN/TAP interface
Thu Jun 7 17:31:28 2018 SIGTERM[hard,] received, process exiting


Log of Linux Client Success Using Static IP

Thu Jun 7 17:33:31 2018 OpenVPN 2.3.2 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [IPv6] built on Jun 22 2017
Thu Jun 7 17:33:31 2018 Control Channel Authentication: using '/etc/openvpn/ta.key' as a OpenVPN static key file
Thu Jun 7 17:33:31 2018 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Jun 7 17:33:31 2018 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Jun 7 17:33:31 2018 Socket Buffers: R=[212992->131072] S=[212992->131072]
Thu Jun 7 17:33:31 2018 UDPv4 link local: [undef]
Thu Jun 7 17:33:31 2018 UDPv4 link remote: [AF_INET]77.77.77.77:1194
Thu Jun 7 17:33:31 2018 TLS: Initial packet from [AF_INET]77.77.77.77:1194, sid=005fef5b 2b6dd21d
Thu Jun 7 17:33:32 2018 VERIFY OK: depth=1, C=US, ST=UT, L=Salt Lake, O=xxxxxxx, OU=stiserver1, CN=stiserver1, name=stiserver1, emailAddress=xxxxxxxxxx
Thu Jun 7 17:33:32 2018 VERIFY OK: nsCertType=SERVER
Thu Jun 7 17:33:32 2018 VERIFY OK: depth=0, C=US, ST=UT, L=Salt Lake, O=xxxxxxx, OU=stiserver1, CN=server, name=stiserver1, emailAddress=xxxxxxxxxx
Thu Jun 7 17:33:33 2018 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Thu Jun 7 17:33:33 2018 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Jun 7 17:33:33 2018 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Thu Jun 7 17:33:33 2018 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Jun 7 17:33:33 2018 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Thu Jun 7 17:33:33 2018 [server] Peer Connection Initiated with [AF_INET]77.77.77.77:1194
Thu Jun 7 17:33:35 2018 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Thu Jun 7 17:33:35 2018 PUSH: Received control message: 'PUSH_REPLY,route-gateway 10.1.10.1,ping 10,ping-restart 120,ifconfig 10.1.10.200 10.1.10.2'
Thu Jun 7 17:33:35 2018 OPTIONS IMPORT: timers and/or timeouts modified
Thu Jun 7 17:33:35 2018 OPTIONS IMPORT: --ifconfig/up options modified
Thu Jun 7 17:33:35 2018 OPTIONS IMPORT: route-related options modified
Thu Jun 7 17:33:35 2018 WARNING: Since you are using --dev tap, the second argument to --ifconfig must be a netmask, for example something like 255.255.255.0. (silence this warning with --ifconfig-nowarn)
Thu Jun 7 17:33:35 2018 TUN/TAP device tap0 opened
Thu Jun 7 17:33:35 2018 TUN/TAP TX queue length set to 100
Thu Jun 7 17:33:35 2018 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Thu Jun 7 17:33:35 2018 /sbin/ip link set dev tap0 up mtu 1500
Thu Jun 7 17:33:35 2018 /sbin/ip addr add dev tap0 10.1.10.200/6 broadcast 255.255.255.253
Thu Jun 7 17:33:35 2018 Initialization Sequence Completed


Log of Linux Server Success with Linux Client Using Static IP

Thu Jun 7 17:33:22 2018 OpenVPN 2.1.4 x86_64-unknown-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] built on Nov 4 2010
Thu Jun 7 17:33:22 2018 NOTE: when bridging your LAN adapter with the TAP adapter, note that the new bridge adapter will often take on its own IP address that is different from what the LAN adapter was previously set to
Thu Jun 7 17:33:22 2018 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Thu Jun 7 17:33:22 2018 Diffie-Hellman initialized with 1024 bit key
Thu Jun 7 17:33:22 2018 Control Channel Authentication: using '/etc/openvpn/ta.key' as a OpenVPN static key file
Thu Jun 7 17:33:22 2018 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Jun 7 17:33:22 2018 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Jun 7 17:33:22 2018 TLS-Auth MTU parms [ L:1590 D:166 EF:66 EB:0 ET:0 EL:0 ]
Thu Jun 7 17:33:22 2018 Socket Buffers: R=[126976->131072] S=[126976->131072]
Thu Jun 7 17:33:22 2018 TUN/TAP device tap0 opened
Thu Jun 7 17:33:22 2018 TUN/TAP TX queue length set to 100
Thu Jun 7 17:33:22 2018 Data Channel MTU parms [ L:1590 D:1450 EF:58 EB:135 ET:32 EL:0 AF:3/1 ]
Thu Jun 7 17:33:22 2018 GID set to nogroup
Thu Jun 7 17:33:22 2018 UID set to nobody
Thu Jun 7 17:33:22 2018 UDPv4 link local (bound): 10.1.10.2:1194
Thu Jun 7 17:33:22 2018 UDPv4 link remote: [undef]
Thu Jun 7 17:33:22 2018 MULTI: multi_init called, r=256 v=256
Thu Jun 7 17:33:22 2018 IFCONFIG POOL: base=10.1.10.105 size=11
Thu Jun 7 17:33:22 2018 IFCONFIG POOL LIST
Thu Jun 7 17:33:22 2018 client7,10.1.10.105
Thu Jun 7 17:33:22 2018 client9,10.1.10.108
Thu Jun 7 17:33:22 2018 client2,10.1.10.112
Thu Jun 7 17:33:22 2018 Initialization Sequence Completed
Thu Jun 7 17:33:31 2018 MULTI: multi_create_instance called
Thu Jun 7 17:33:31 2018 174.208.11.157:9071 Re-using SSL/TLS context
Thu Jun 7 17:33:31 2018 174.208.11.157:9071 LZO compression initialized
Thu Jun 7 17:33:31 2018 174.208.11.157:9071 Control Channel MTU parms [ L:1590 D:166 EF:66 EB:0 ET:0 EL:0 ]
Thu Jun 7 17:33:31 2018 174.208.11.157:9071 Data Channel MTU parms [ L:1590 D:1450 EF:58 EB:135 ET:32 EL:0 AF:3/1 ]
Thu Jun 7 17:33:31 2018 174.208.11.157:9071 Local Options hash (VER=V4): '44bd8b5e'
Thu Jun 7 17:33:31 2018 174.208.11.157:9071 Expected Remote Options hash (VER=V4): '48527533'
Thu Jun 7 17:33:31 2018 174.208.11.157:9071 TLS: Initial packet from 174.208.11.157:9071, sid=db154f71 5bfb521f
Thu Jun 7 17:33:32 2018 174.208.11.157:9071 VERIFY OK: depth=1, /C=US/ST=UT/L=Salt_Lake/O=xxxxxxx/OU=stiserver1/CN=stiserver1/name=stiserver1/emailAddress=xxxxxxxxxx
Thu Jun 7 17:33:32 2018 174.208.11.157:9071 VERIFY OK: depth=0, /C=US/ST=UT/L=Salt_Lake/O=xxxxxxx/OU=stiserver1/CN=client7/name=stiserver1/emailAddress=xxxxxxxxxx
Thu Jun 7 17:33:33 2018 174.208.11.157:9071 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Thu Jun 7 17:33:33 2018 174.208.11.157:9071 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Jun 7 17:33:33 2018 174.208.11.157:9071 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Thu Jun 7 17:33:33 2018 174.208.11.157:9071 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Jun 7 17:33:33 2018 174.208.11.157:9071 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Thu Jun 7 17:33:33 2018 174.208.11.157:9071 [client7] Peer Connection Initiated with 174.208.11.157:9071
Thu Jun 7 17:33:33 2018 client7/174.208.11.157:9071 OPTIONS IMPORT: reading client specific options from: /etc/openvpn/ccd/client7
Thu Jun 7 17:33:35 2018 client7/174.208.11.157:9071 PUSH: Received control message: 'PUSH_REQUEST'
Thu Jun 7 17:33:35 2018 client7/174.208.11.157:9071 SENT CONTROL [client7]: 'PUSH_REPLY,route-gateway 10.1.10.1,ping 10,ping-restart 120,ifconfig 10.1.10.200 10.1.10.2' (status=1)
Thu Jun 7 17:33:35 2018 client7/174.208.11.157:9071 MULTI: Learn: b2:42:e2:1c:93:b9 -> client7/174.208.11.157:9071

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Windows OpenVPN client TUN/TAP timeout with static IP, but Linux client works

Post by TinCanTech » Sat Jun 09, 2018 10:38 am

Because you have posted all the necessary details finding your problem is quite simple:
tracyj wrote:
Fri Jun 08, 2018 11:06 pm
WARNING: Since you are using --dev tap, the second argument to --ifconfig must be a netmask, for example something like 255.255.255.0. (silence this warning with --ifconfig-nowarn)
So change the second argument in your ccd file to your desired netmask.

Also, do not use --ifconfig or --keysize in your client config file.

tracyj
OpenVpn Newbie
Posts: 3
Joined: Fri Jun 08, 2018 8:40 pm

Re: Windows OpenVPN client TUN/TAP timeout with static IP, but Linux client works

Post by tracyj » Sat Jun 09, 2018 5:50 pm

I had previously tried the configuration that you suggested. I decided to try it again just to be sure, and it still failed. I have attached the client and server log files from the new configuration. I did as you suggested, and removed the ifconfig and keysize lines from the client.ovpn file, and I changed the second argument in the ifconfig-push line to read 255.255.255.0 the netmask.

Thank you for your response.

Client Log File

Sat Jun 09 11:00:07 2018 OpenVPN 2.4.4 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Sep 26 2017
Sat Jun 09 11:00:07 2018 Windows version 6.2 (Windows 8 or greater) 64bit
Sat Jun 09 11:00:07 2018 library versions: OpenSSL 1.0.2l 25 May 2017, LZO 2.10
Enter Management Password:
Sat Jun 09 11:00:07 2018 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Sat Jun 09 11:00:07 2018 Need hold release from management interface, waiting...
Sat Jun 09 11:00:08 2018 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Sat Jun 09 11:00:08 2018 MANAGEMENT: CMD 'state on'
Sat Jun 09 11:00:08 2018 MANAGEMENT: CMD 'log all on'
Sat Jun 09 11:00:08 2018 MANAGEMENT: CMD 'echo all on'
Sat Jun 09 11:00:08 2018 MANAGEMENT: CMD 'hold off'
Sat Jun 09 11:00:08 2018 MANAGEMENT: CMD 'hold release'
Sat Jun 09 11:00:08 2018 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Jun 09 11:00:08 2018 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Jun 09 11:00:08 2018 WARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 1532)
Sat Jun 09 11:00:08 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]77.77.77.77:1194
Sat Jun 09 11:00:08 2018 Socket Buffers: R=[65536->65536] S=[65536->65536]
Sat Jun 09 11:00:08 2018 UDP link local: (not bound)
Sat Jun 09 11:00:08 2018 UDP link remote: [AF_INET]77.77.77.77:1194
Sat Jun 09 11:00:08 2018 MANAGEMENT: >STATE:1528567208,WAIT,,,,,,
Sat Jun 09 11:00:08 2018 MANAGEMENT: >STATE:1528567208,AUTH,,,,,,
Sat Jun 09 11:00:08 2018 TLS: Initial packet from [AF_INET]77.77.77.77:1194, sid=bfc66d75 7978ffc8
Sat Jun 09 11:00:08 2018 VERIFY OK: depth=1, C=US, ST=UT, L=Salt Lake, O=xxxxxxxx, OU=stiserver1, CN=stiserver1, name=stiserver1, emailAddress=xxxxxxxxxxx
Sat Jun 09 11:00:08 2018 VERIFY KU OK
Sat Jun 09 11:00:08 2018 Validating certificate extended key usage
Sat Jun 09 11:00:08 2018 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Sat Jun 09 11:00:08 2018 VERIFY EKU OK
Sat Jun 09 11:00:08 2018 VERIFY OK: depth=0, C=US, ST=UT, L=Salt Lake, O=xxxxxxxxx, OU=stiserver1, CN=server, name=stiserver1, emailAddress=xxxxxxxxxxx
Sat Jun 09 11:00:08 2018 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1622', remote='link-mtu 1590'
Sat Jun 09 11:00:08 2018 WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1564', remote='tun-mtu 1532'
Sat Jun 09 11:00:08 2018 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Sat Jun 09 11:00:08 2018 [server] Peer Connection Initiated with [AF_INET]77.77.77.77:1194
Sat Jun 09 11:00:09 2018 MANAGEMENT: >STATE:1528567209,GET_CONFIG,,,,,,
Sat Jun 09 11:00:09 2018 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Sat Jun 09 11:00:09 2018 PUSH: Received control message: 'PUSH_REPLY,route-gateway 10.1.10.1,ping 10,ping-restart 120,ifconfig 10.1.10.200 255.255.255.0'
Sat Jun 09 11:00:09 2018 OPTIONS IMPORT: timers and/or timeouts modified
Sat Jun 09 11:00:09 2018 OPTIONS IMPORT: --ifconfig/up options modified
Sat Jun 09 11:00:09 2018 OPTIONS IMPORT: route-related options modified
Sat Jun 09 11:00:09 2018 Outgoing Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
Sat Jun 09 11:00:09 2018 Outgoing Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Jun 09 11:00:09 2018 Incoming Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
Sat Jun 09 11:00:09 2018 Incoming Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Jun 09 11:00:09 2018 interactive service msg_channel=692
Sat Jun 09 11:00:09 2018 open_tun
Sat Jun 09 11:00:09 2018 TAP-WIN32 device [Ethernet 2] opened: \\.\Global\{CF32B125-8AC7-4053-B4FC-0231B5B02A7D}.tap
Sat Jun 09 11:00:09 2018 TAP-Windows Driver Version 9.21
Sat Jun 09 11:00:09 2018 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.1.10.200/255.255.255.0 on interface {CF32B125-8AC7-4053-B4FC-0231B5B02A7D} [DHCP-serv: 10.1.10.0, lease-time: 31536000]
Sat Jun 09 11:00:09 2018 Successful ARP Flush on interface [18] {CF32B125-8AC7-4053-B4FC-0231B5B02A7D}
Sat Jun 09 11:00:09 2018 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Sat Jun 09 11:00:09 2018 MANAGEMENT: >STATE:1528567209,ASSIGN_IP,,10.1.10.200,,,,
Sat Jun 09 11:00:14 2018 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
Sat Jun 09 11:00:14 2018 Route: Waiting for TUN/TAP interface to come up...
Sat Jun 09 11:00:19 2018 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
Sat Jun 09 11:00:19 2018 Route: Waiting for TUN/TAP interface to come up...
Sat Jun 09 11:00:20 2018 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
Sat Jun 09 11:00:20 2018 Route: Waiting for TUN/TAP interface to come up...
Sat Jun 09 11:00:21 2018 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
Sat Jun 09 11:00:21 2018 Route: Waiting for TUN/TAP interface to come up...
Sat Jun 09 11:00:22 2018 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
Sat Jun 09 11:00:22 2018 Route: Waiting for TUN/TAP interface to come up...
Sat Jun 09 11:00:23 2018 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
Sat Jun 09 11:00:23 2018 Route: Waiting for TUN/TAP interface to come up...
Sat Jun 09 11:00:24 2018 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
Sat Jun 09 11:00:24 2018 Route: Waiting for TUN/TAP interface to come up...
Sat Jun 09 11:00:25 2018 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
Sat Jun 09 11:00:25 2018 Route: Waiting for TUN/TAP interface to come up...
Sat Jun 09 11:00:26 2018 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
Sat Jun 09 11:00:26 2018 Route: Waiting for TUN/TAP interface to come up...
Sat Jun 09 11:00:27 2018 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
Sat Jun 09 11:00:27 2018 Route: Waiting for TUN/TAP interface to come up...
Sat Jun 09 11:00:28 2018 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
Sat Jun 09 11:00:28 2018 Route: Waiting for TUN/TAP interface to come up...
Sat Jun 09 11:00:29 2018 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
Sat Jun 09 11:00:29 2018 Route: Waiting for TUN/TAP interface to come up...
Sat Jun 09 11:00:30 2018 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
Sat Jun 09 11:00:30 2018 Route: Waiting for TUN/TAP interface to come up...
Sat Jun 09 11:00:31 2018 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
Sat Jun 09 11:00:31 2018 Route: Waiting for TUN/TAP interface to come up...
Sat Jun 09 11:00:32 2018 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
Sat Jun 09 11:00:32 2018 Route: Waiting for TUN/TAP interface to come up...
Sat Jun 09 11:00:33 2018 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
Sat Jun 09 11:00:33 2018 Route: Waiting for TUN/TAP interface to come up...
Sat Jun 09 11:00:34 2018 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
Sat Jun 09 11:00:34 2018 Route: Waiting for TUN/TAP interface to come up...
Sat Jun 09 11:00:35 2018 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
Sat Jun 09 11:00:35 2018 Route: Waiting for TUN/TAP interface to come up...
Sat Jun 09 11:00:36 2018 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
Sat Jun 09 11:00:36 2018 Route: Waiting for TUN/TAP interface to come up...
Sat Jun 09 11:00:37 2018 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
Sat Jun 09 11:00:37 2018 Route: Waiting for TUN/TAP interface to come up...
Sat Jun 09 11:00:38 2018 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
Sat Jun 09 11:00:38 2018 Route: Waiting for TUN/TAP interface to come up...
Sat Jun 09 11:00:39 2018 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
Sat Jun 09 11:00:39 2018 Route: Waiting for TUN/TAP interface to come up...
Sat Jun 09 11:00:40 2018 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
Sat Jun 09 11:00:40 2018 Route: Waiting for TUN/TAP interface to come up...
Sat Jun 09 11:00:41 2018 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
Sat Jun 09 11:00:41 2018 Route: Waiting for TUN/TAP interface to come up...
Sat Jun 09 11:00:42 2018 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
Sat Jun 09 11:00:42 2018 Route: Waiting for TUN/TAP interface to come up...
Sat Jun 09 11:00:43 2018 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
Sat Jun 09 11:00:43 2018 Route: Waiting for TUN/TAP interface to come up...
Sat Jun 09 11:00:44 2018 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
SYSTEM ROUTING TABLE
0.0.0.0 0.0.0.0 10.0.2.1 p=0 i=2 t=4 pr=3 a=1624 h=0 m=55/0/0/0/0
10.0.2.0 255.255.255.0 10.0.2.238 p=0 i=2 t=3 pr=2 a=1624 h=0 m=311/0/0/0/0
10.0.2.238 255.255.255.255 10.0.2.238 p=0 i=2 t=3 pr=2 a=1624 h=0 m=311/0/0/0/0
10.0.2.255 255.255.255.255 10.0.2.238 p=0 i=2 t=3 pr=2 a=1624 h=0 m=311/0/0/0/0
127.0.0.0 255.0.0.0 127.0.0.1 p=0 i=1 t=3 pr=2 a=455116 h=0 m=331/0/0/0/0
127.0.0.1 255.255.255.255 127.0.0.1 p=0 i=1 t=3 pr=2 a=455116 h=0 m=331/0/0/0/0
127.255.255.255 255.255.255.255 127.0.0.1 p=0 i=1 t=3 pr=2 a=455116 h=0 m=331/0/0/0/0
169.254.0.0 255.255.0.0 169.254.153.61 p=0 i=18 t=3 pr=2 a=24 h=0 m=291/0/0/0/0
169.254.153.61 255.255.255.255 169.254.153.61 p=0 i=18 t=3 pr=2 a=24 h=0 m=291/0/0/0/0
169.254.255.255 255.255.255.255 169.254.153.61 p=0 i=18 t=3 pr=2 a=24 h=0 m=291/0/0/0/0
192.168.56.0 255.255.255.0 192.168.56.1 p=0 i=16 t=3 pr=2 a=455111 h=0 m=281/0/0/0/0
192.168.56.1 255.255.255.255 192.168.56.1 p=0 i=16 t=3 pr=2 a=455111 h=0 m=281/0/0/0/0
192.168.56.255 255.255.255.255 192.168.56.1 p=0 i=16 t=3 pr=2 a=455111 h=0 m=281/0/0/0/0
224.0.0.0 240.0.0.0 127.0.0.1 p=0 i=1 t=3 pr=2 a=455116 h=0 m=331/0/0/0/0
224.0.0.0 240.0.0.0 192.168.56.1 p=0 i=16 t=3 pr=2 a=455114 h=0 m=281/0/0/0/0
224.0.0.0 240.0.0.0 10.0.2.238 p=0 i=2 t=3 pr=2 a=455097 h=0 m=311/0/0/0/0
224.0.0.0 240.0.0.0 169.254.153.61 p=0 i=18 t=3 pr=2 a=1630 h=0 m=291/0/0/0/0
255.255.255.255 255.255.255.255 127.0.0.1 p=0 i=1 t=3 pr=2 a=455116 h=0 m=331/0/0/0/0
255.255.255.255 255.255.255.255 192.168.56.1 p=0 i=16 t=3 pr=2 a=455114 h=0 m=281/0/0/0/0
255.255.255.255 255.255.255.255 10.0.2.238 p=0 i=2 t=3 pr=2 a=455097 h=0 m=311/0/0/0/0
255.255.255.255 255.255.255.255 169.254.153.61 p=0 i=18 t=3 pr=2 a=1630 h=0 m=291/0/0/0/0
SYSTEM ADAPTER LIST
Killer e2400 Gigabit Ethernet Controller
Index = 24
GUID = {FC2BBEC5-8E14-45EB-81AE-B5AE332B58FD}
IP = 0.0.0.0/0.0.0.0
MAC = aa:aa:aa:aa:aa:aa
GATEWAY = 10.1.10.1/255.255.255.255
DHCP SERV =
DHCP LEASE OBTAINED = Sat Jun 09 11:00:44 2018
DHCP LEASE EXPIRES = Sat Jun 09 11:00:44 2018
DNS SERV =
TAP-Windows Adapter V9
Index = 18
GUID = {CF32B125-8AC7-4053-B4FC-0231B5B02A7D}
IP = 169.254.153.61/255.255.0.0
MAC = bb:bb:bb:bb:bb:bb
GATEWAY = 0.0.0.0/255.255.255.255
DHCP SERV = 0.0.0.0/255.255.255.255
DHCP LEASE OBTAINED = Sat Jun 09 11:00:44 2018
DHCP LEASE EXPIRES = Sat Jun 09 11:00:44 2018
DNS SERV =
VirtualBox Host-Only Ethernet Adapter #3
Index = 16
GUID = {9B72ABAE-447D-4C0E-B9AB-D50B7576B8B6}
IP = 192.168.56.1/255.255.255.0
MAC = cc:cc:cc:cc:cc:cc
GATEWAY = 0.0.0.0/255.255.255.255
DNS SERV =
Bluetooth Device (Personal Area Network) #2
Index = 6
GUID = {20776B1A-121F-4915-9968-15454CB2F904}
IP = 0.0.0.0/0.0.0.0
MAC = dd:dd:dd:dd:dd:dd
GATEWAY = 0.0.0.0/255.255.255.255
DHCP SERV =
DHCP LEASE OBTAINED = Sat Jun 09 11:00:44 2018
DHCP LEASE EXPIRES = Sat Jun 09 11:00:44 2018
DNS SERV =
Intel(R) Dual Band Wireless-AC 3165
Index = 2
GUID = {06E118C8-CF07-4B2C-BBEF-C77BF4986E03}
IP = 10.0.2.238/255.255.255.0
MAC = ee:ee:ee:ee:ee:ee
GATEWAY = 10.0.2.1/255.255.255.255
DHCP SERV = 10.0.2.1/255.255.255.255
DHCP LEASE OBTAINED = Sat Jun 09 10:33:40 2018
DHCP LEASE EXPIRES = Sat Jun 16 10:33:40 2018
DNS SERV = 75.75.75.75/255.255.255.255 75.75.76.76/255.255.255.255
Microsoft Wi-Fi Direct Virtual Adapter
Index = 23
GUID = {F7E46CEB-C121-45DE-AEF5-1C3554E6D024}
IP = 0.0.0.0/0.0.0.0
MAC = ff:ff:ff:ff:ff:ff
GATEWAY = 0.0.0.0/255.255.255.255
DHCP SERV =
DHCP LEASE OBTAINED = Sat Jun 09 11:00:44 2018
DHCP LEASE EXPIRES = Sat Jun 09 11:00:44 2018
DNS SERV =
Sat Jun 09 11:00:44 2018 Initialization Sequence Completed With Errors ( see http://openvpn.net/faq.html#dhcpclientserv )
Sat Jun 09 11:00:44 2018 MANAGEMENT: >STATE:1528567244,CONNECTED,ERROR,10.1.10.200,77.77.77.77,1194,,
Sat Jun 09 11:00:52 2018 Closing TUN/TAP interface
Sat Jun 09 11:00:52 2018 NOTE: Release of DHCP-assigned IP address lease on TAP-Windows adapter failed: The parameter is incorrect. (code=87)
Sat Jun 09 11:00:52 2018 SIGTERM[hard,] received, process exiting
Sat Jun 09 11:00:52 2018 MANAGEMENT: >STATE:1528567252,EXITING,SIGTERM,,,,,


Server Log File

Sat Jun 9 10:59:54 2018 OpenVPN 2.1.4 x86_64-unknown-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] built on Nov 4 2010
Sat Jun 9 10:59:54 2018 NOTE: when bridging your LAN adapter with the TAP adapter, note that the new bridge adapter will often take on its own IP address that is different from what the LAN adapter was previously set to
Sat Jun 9 10:59:54 2018 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Sat Jun 9 10:59:54 2018 Diffie-Hellman initialized with 1024 bit key
Sat Jun 9 10:59:54 2018 Control Channel Authentication: using '/etc/openvpn/ta.key' as a OpenVPN static key file
Sat Jun 9 10:59:54 2018 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Jun 9 10:59:54 2018 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Jun 9 10:59:54 2018 TLS-Auth MTU parms [ L:1590 D:166 EF:66 EB:0 ET:0 EL:0 ]
Sat Jun 9 10:59:54 2018 Socket Buffers: R=[126976->131072] S=[126976->131072]
Sat Jun 9 10:59:54 2018 TUN/TAP device tap0 opened
Sat Jun 9 10:59:54 2018 TUN/TAP TX queue length set to 100
Sat Jun 9 10:59:54 2018 Data Channel MTU parms [ L:1590 D:1450 EF:58 EB:135 ET:32 EL:0 AF:3/1 ]
Sat Jun 9 10:59:54 2018 GID set to nogroup
Sat Jun 9 10:59:54 2018 UID set to nobody
Sat Jun 9 10:59:54 2018 UDPv4 link local (bound): 10.1.10.2:1194
Sat Jun 9 10:59:54 2018 UDPv4 link remote: [undef]
Sat Jun 9 10:59:54 2018 MULTI: multi_init called, r=256 v=256
Sat Jun 9 10:59:54 2018 IFCONFIG POOL: base=10.1.10.105 size=11
Sat Jun 9 10:59:54 2018 IFCONFIG POOL LIST
Sat Jun 9 10:59:54 2018 client7,10.1.10.105
Sat Jun 9 10:59:54 2018 client9,10.1.10.108
Sat Jun 9 10:59:54 2018 client2,10.1.10.112
Sat Jun 9 10:59:54 2018 Initialization Sequence Completed
Sat Jun 9 11:00:04 2018 MULTI: multi_create_instance called
Sat Jun 9 11:00:04 2018 67.186.241.167:53836 Re-using SSL/TLS context
Sat Jun 9 11:00:04 2018 67.186.241.167:53836 LZO compression initialized
Sat Jun 9 11:00:04 2018 67.186.241.167:53836 Control Channel MTU parms [ L:1590 D:166 EF:66 EB:0 ET:0 EL:0 ]
Sat Jun 9 11:00:04 2018 67.186.241.167:53836 Data Channel MTU parms [ L:1590 D:1450 EF:58 EB:135 ET:32 EL:0 AF:3/1 ]
Sat Jun 9 11:00:04 2018 67.186.241.167:53836 Local Options hash (VER=V4): '44bd8b5e'
Sat Jun 9 11:00:04 2018 67.186.241.167:53836 Expected Remote Options hash (VER=V4): '48527533'
Sat Jun 9 11:00:04 2018 67.186.241.167:53836 TLS: Initial packet from 67.186.241.167:53836, sid=cfaf19cf 8c3dcd32
Sat Jun 9 11:00:05 2018 67.186.241.167:53836 Replay-window backtrack occurred [1]
Sat Jun 9 11:00:05 2018 67.186.241.167:53836 VERIFY OK: depth=1, /C=US/ST=UT/L=Salt_Lake/O=xxxxxxxxxxxxxxx/OU=stiserver1/CN=stiserver1/name=stiserver1/emailAddress=xxxxxxxxxxxxxx
Sat Jun 9 11:00:05 2018 67.186.241.167:53836 VERIFY OK: depth=0, /C=US/ST=UT/L=Salt_Lake/O=xxxxxxxxxxxxxxx/OU=stiserver1/CN=client7/name=stiserver1/emailAddress=xxxxxxxxxxxxxx
Sat Jun 9 11:00:05 2018 67.186.241.167:53836 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1590', remote='link-mtu 1622'
Sat Jun 9 11:00:05 2018 67.186.241.167:53836 WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1532', remote='tun-mtu 1564'
Sat Jun 9 11:00:05 2018 67.186.241.167:53836 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Sat Jun 9 11:00:05 2018 67.186.241.167:53836 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Jun 9 11:00:05 2018 67.186.241.167:53836 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Sat Jun 9 11:00:05 2018 67.186.241.167:53836 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Jun 9 11:00:05 2018 67.186.241.167:53836 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Sat Jun 9 11:00:05 2018 67.186.241.167:53836 [client7] Peer Connection Initiated with 67.186.241.167:53836
Sat Jun 9 11:00:05 2018 client7/67.186.241.167:53836 OPTIONS IMPORT: reading client specific options from: /etc/openvpn/ccd/client7
Sat Jun 9 11:00:06 2018 client7/67.186.241.167:53836 PUSH: Received control message: 'PUSH_REQUEST'
Sat Jun 9 11:00:06 2018 client7/67.186.241.167:53836 SENT CONTROL [client7]: 'PUSH_REPLY,route-gateway 10.1.10.1,ping 10,ping-restart 120,ifconfig 10.1.10.200 255.255.255.0' (status=1)
Sat Jun 9 11:00:06 2018 client7/67.186.241.167:53836 MULTI: Learn: 00:ff:cf:32:b1:25 -> client7/67.186.241.167:53836

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Windows OpenVPN client TUN/TAP timeout with static IP, but Linux client works

Post by TinCanTech » Sat Jun 09, 2018 7:18 pm

Please ensure you have started the Windows DHCP Client service.

tracyj
OpenVpn Newbie
Posts: 3
Joined: Fri Jun 08, 2018 8:40 pm

Re: Windows OpenVPN client TUN/TAP timeout with static IP, but Linux client works

Post by tracyj » Sat Jun 09, 2018 11:28 pm

DHCP Client service appears to be running.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Windows OpenVPN client TUN/TAP timeout with static IP, but Linux client works

Post by TinCanTech » Sun Jun 10, 2018 1:29 pm

Have you created your linux server bridge correctly ?
https://openvpn.net/index.php/open-sour ... dging.html

johancsi
OpenVpn Newbie
Posts: 10
Joined: Sat Nov 23, 2013 4:57 pm

Re: Windows OpenVPN client TUN/TAP timeout with static IP, but Linux client works

Post by johancsi » Thu Jun 14, 2018 4:04 pm

Sorry it took me so long to get back to you. I believe that I have created the server bridge correctly. I have attached my service init script for the linux server bridge below. The reason that I think it is correct is that it has been working great with multiple linux clients as well as windows clients. The trouble started when I tried to create a static IP address, and created a client entry in the ccd directory for that. After doing that, it works perfectly for the linux client, but not for the windows client. Please refer back to my original post where I attached client and server logs for the following three cases.

1. Windows client failure using static IP
2. Windows client success not using static IP
3. Linux client success using static IP

Service Init Script for the Linux Server Bridge

/etc/init.d> more bridge.sh
#bridge.sh
#!/bin/bash
# Create global variables
# Define Bridge Interface
br="br0"
# Define list of TAP interfaces to be bridged,
# for example tap="tap0 tap1 tap2".
tap="tap0"
# Define physical ethernet interface to be bridged
# with TAP interface(s) above.
eth="eth0"
eth_ip="10.1.10.2"
eth_netmask="255.255.255.0"
eth_broadcast="10.1.10.255"
gw="10.1.10.1"
start_bridge () {
#################################
# Set up Ethernet bridge on Linux
#################################
for t in $tap; do
openvpn --mktun --dev $t
done
for t in $tap; do
ifconfig $t 0.0.0.0 promisc up
done
ifconfig $eth 0.0.0.0 promisc up
brctl addbr $br
brctl addif $br $eth
for t in $tap; do
brctl addif $br $t
done
ifconfig $br $eth_ip netmask $eth_netmask broadcast $eth_broadcast up
route add default gw $gw $br

iptables -A INPUT -i tap0 -j ACCEPT
iptables -A INPUT -i br0 -j ACCEPT
iptables -A FORWARD -i br0 -j ACCEPT
}
stop_bridge () {
####################################
# Pull Down Ethernet bridge on Linux
####################################
ifconfig $br down
brctl delbr $br
for t in $tap; do
openvpn --rmtun --dev $t
done
ifconfig $eth $eth_ip netmask $eth_netmask broadcast $eth_broadcast up
route add default gw $gw $eth
}
case "$1" in
start)
echo -n "Starting Bridge"
start_bridge
;;
stop)
echo -n "Stopping Bridge"
stop_bridge
;;
restart)
stop_bridge
sleep 2
start_bridge
;;
*)
echo "Usage: $0 {start|stop|restart}" >&2
exit 1
;;
esac

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Windows OpenVPN client TUN/TAP timeout with static IP, but Linux client works

Post by TinCanTech » Thu Jun 14, 2018 5:24 pm

johancsi wrote:
Thu Jun 14, 2018 4:04 pm
Sorry it took me so long to get back to you.
I presume you are the same person ..
johancsi wrote:
Thu Jun 14, 2018 4:04 pm
I believe that I have created the server bridge correctly. I have attached my service init script for the linux server bridge below. The reason that I think it is correct is that it has been working great with multiple linux clients as well as windows clients. The trouble started when I tried to create a static IP address
We have corrected the CCD file and can see the pushed ifconfig parameters are correct.

What happens if you do not use a CCD file / fixed ip for this particular client ?
(Please post the client log)

johancsi
OpenVpn Newbie
Posts: 10
Joined: Sat Nov 23, 2013 4:57 pm

Re: Windows OpenVPN client TUN/TAP timeout with static IP, but Linux client works

Post by johancsi » Thu Jun 14, 2018 8:10 pm

I have included the Windows client file. I have also included the Windows client log both without, and with the static IP set up in the ccd directory. The second one fails to connect when I have the static IP set up in the ccd directory.

Windows Client Configuration

client
dev tap
proto udp
remote 77.77.77.77 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca "c:\\Users\\tracy\\OpenVPN\\config\\client\\ca.crt"
cert "c:\\Users\\tracy\\OpenVPN\\config\\client\\client7.crt"
key "c:\\Users\\tracy\\OpenVPN\\config\\client\\client7.key"
remote-cert-tls server
tls-auth "c:\\Users\\tracy\\OpenVPN\\config\\client\\ta.key" 1
cipher AES-256-CBC
comp-lzo
tun-mtu 1532
auth-nocache
verb 3


Windows Client Log without Static IP

Thu Jun 14 12:26:57 2018 OpenVPN 2.4.4 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Sep 26 2017
Thu Jun 14 12:26:57 2018 Windows version 6.2 (Windows 8 or greater) 64bit
Thu Jun 14 12:26:57 2018 library versions: OpenSSL 1.0.2l 25 May 2017, LZO 2.10
Enter Management Password:
Thu Jun 14 12:26:57 2018 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Thu Jun 14 12:26:57 2018 Need hold release from management interface, waiting...
Thu Jun 14 12:26:57 2018 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Thu Jun 14 12:26:57 2018 MANAGEMENT: CMD 'state on'
Thu Jun 14 12:26:57 2018 MANAGEMENT: CMD 'log all on'
Thu Jun 14 12:26:57 2018 MANAGEMENT: CMD 'echo all on'
Thu Jun 14 12:26:57 2018 MANAGEMENT: CMD 'hold off'
Thu Jun 14 12:26:57 2018 MANAGEMENT: CMD 'hold release'
Thu Jun 14 12:26:57 2018 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Jun 14 12:26:57 2018 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Jun 14 12:26:57 2018 WARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 1532)
Thu Jun 14 12:26:57 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]77.77.77.77:1194
Thu Jun 14 12:26:57 2018 Socket Buffers: R=[65536->65536] S=[65536->65536]
Thu Jun 14 12:26:57 2018 UDP link local: (not bound)
Thu Jun 14 12:26:57 2018 UDP link remote: [AF_INET]77.77.77.77:1194
Thu Jun 14 12:26:57 2018 MANAGEMENT: >STATE:1529004417,WAIT,,,,,,
Thu Jun 14 12:26:58 2018 MANAGEMENT: >STATE:1529004418,AUTH,,,,,,
Thu Jun 14 12:26:58 2018 TLS: Initial packet from [AF_INET]77.77.77.77:1194, sid=ce608f2d cca34a58
Thu Jun 14 12:26:58 2018 VERIFY OK: depth=1, C=US, ST=UT, L=Salt Lake, O=xxxxxxxxxxxxxxxxxxx, OU=stiserver1, CN=stiserver1, name=stiserver1, emailAddress=xxxxxxxxxxxxxxxxxxx
Thu Jun 14 12:26:58 2018 VERIFY KU OK
Thu Jun 14 12:26:58 2018 Validating certificate extended key usage
Thu Jun 14 12:26:58 2018 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Thu Jun 14 12:26:58 2018 VERIFY EKU OK
Thu Jun 14 12:26:58 2018 VERIFY OK: depth=0, C=US, ST=UT, L=Salt Lake, O=xxxxxxxxxxxxxxxxxxx, OU=stiserver1, CN=server, name=stiserver1, emailAddress=xxxxxxxxxxxxxxxxxxx
Thu Jun 14 12:26:58 2018 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1622', remote='link-mtu 1590'
Thu Jun 14 12:26:58 2018 WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1564', remote='tun-mtu 1532'
Thu Jun 14 12:26:58 2018 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Thu Jun 14 12:26:58 2018 [server] Peer Connection Initiated with [AF_INET]77.77.77.77:1194
Thu Jun 14 12:26:59 2018 Key [AF_INET]77.77.77.77:1194 [0] not initialized (yet), dropping packet.
Thu Jun 14 12:26:59 2018 MANAGEMENT: >STATE:1529004419,GET_CONFIG,,,,,,
Thu Jun 14 12:26:59 2018 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Thu Jun 14 12:26:59 2018 Key [AF_INET]77.77.77.77:1194 [0] not initialized (yet), dropping packet.
Thu Jun 14 12:26:59 2018 PUSH: Received control message: 'PUSH_REPLY,route-gateway 10.1.10.1,ping 10,ping-restart 120,ifconfig 10.1.10.105 255.255.255.0'
Thu Jun 14 12:26:59 2018 OPTIONS IMPORT: timers and/or timeouts modified
Thu Jun 14 12:26:59 2018 OPTIONS IMPORT: --ifconfig/up options modified
Thu Jun 14 12:26:59 2018 OPTIONS IMPORT: route-related options modified
Thu Jun 14 12:26:59 2018 Outgoing Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
Thu Jun 14 12:26:59 2018 Outgoing Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Jun 14 12:26:59 2018 Incoming Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
Thu Jun 14 12:26:59 2018 Incoming Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Jun 14 12:26:59 2018 interactive service msg_channel=764
Thu Jun 14 12:26:59 2018 open_tun
Thu Jun 14 12:26:59 2018 TAP-WIN32 device [Ethernet 2] opened: \\.\Global\{CF32B125-8AC7-4053-B4FC-0231B5B02A7D}.tap
Thu Jun 14 12:26:59 2018 TAP-Windows Driver Version 9.21
Thu Jun 14 12:26:59 2018 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.1.10.105/255.255.255.0 on interface {CF32B125-8AC7-4053-B4FC-0231B5B02A7D} [DHCP-serv: 10.1.10.0, lease-time: 31536000]
Thu Jun 14 12:26:59 2018 Successful ARP Flush on interface [21] {CF32B125-8AC7-4053-B4FC-0231B5B02A7D}
Thu Jun 14 12:26:59 2018 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Thu Jun 14 12:26:59 2018 MANAGEMENT: >STATE:1529004419,ASSIGN_IP,,10.1.10.105,,,,
Thu Jun 14 12:27:04 2018 TEST ROUTES: 0/0 succeeded len=0 ret=1 a=0 u/d=up
Thu Jun 14 12:27:04 2018 Initialization Sequence Completed
Thu Jun 14 12:27:04 2018 MANAGEMENT: >STATE:1529004424,CONNECTED,SUCCESS,10.1.10.105,77.77.77.77,1194,,


Windows Client Log With Static IP

Thu Jun 14 12:23:59 2018 OpenVPN 2.4.4 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Sep 26 2017
Thu Jun 14 12:23:59 2018 Windows version 6.2 (Windows 8 or greater) 64bit
Thu Jun 14 12:23:59 2018 library versions: OpenSSL 1.0.2l 25 May 2017, LZO 2.10
Enter Management Password:
Thu Jun 14 12:23:59 2018 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Thu Jun 14 12:23:59 2018 Need hold release from management interface, waiting...
Thu Jun 14 12:23:59 2018 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Thu Jun 14 12:23:59 2018 MANAGEMENT: CMD 'state on'
Thu Jun 14 12:23:59 2018 MANAGEMENT: CMD 'log all on'
Thu Jun 14 12:23:59 2018 MANAGEMENT: CMD 'echo all on'
Thu Jun 14 12:23:59 2018 MANAGEMENT: CMD 'hold off'
Thu Jun 14 12:23:59 2018 MANAGEMENT: CMD 'hold release'
Thu Jun 14 12:24:00 2018 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Jun 14 12:24:00 2018 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Jun 14 12:24:00 2018 WARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 1532)
Thu Jun 14 12:24:00 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]77.77.77.77:1194
Thu Jun 14 12:24:00 2018 Socket Buffers: R=[65536->65536] S=[65536->65536]
Thu Jun 14 12:24:00 2018 UDP link local: (not bound)
Thu Jun 14 12:24:00 2018 UDP link remote: [AF_INET]77.77.77.77:1194
Thu Jun 14 12:24:00 2018 MANAGEMENT: >STATE:1529004240,WAIT,,,,,,
Thu Jun 14 12:24:00 2018 MANAGEMENT: >STATE:1529004240,AUTH,,,,,,
Thu Jun 14 12:24:00 2018 TLS: Initial packet from [AF_INET]77.77.77.77:1194, sid=4f0569d5 f7c94b24
Thu Jun 14 12:24:00 2018 VERIFY OK: depth=1, C=US, ST=UT, L=Salt Lake, O=xxxxxxxxxxxxxxx, OU=stiserver1, CN=stiserver1, name=stiserver1, emailAddress=xxxxxxxxxxxxx
Thu Jun 14 12:24:00 2018 VERIFY KU OK
Thu Jun 14 12:24:00 2018 Validating certificate extended key usage
Thu Jun 14 12:24:00 2018 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Thu Jun 14 12:24:00 2018 VERIFY EKU OK
Thu Jun 14 12:24:00 2018 VERIFY OK: depth=0, C=US, ST=UT, L=Salt Lake, O=xxxxxxxxxxxxxxx, OU=stiserver1, CN=server, name=stiserver1, emailAddress=xxxxxxxxxxxxx
Thu Jun 14 12:24:00 2018 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1622', remote='link-mtu 1590'
Thu Jun 14 12:24:00 2018 WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1564', remote='tun-mtu 1532'
Thu Jun 14 12:24:00 2018 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Thu Jun 14 12:24:00 2018 [server] Peer Connection Initiated with [AF_INET]77.77.77.77:1194
Thu Jun 14 12:24:01 2018 Key [AF_INET]77.77.77.77:1194 [0] not initialized (yet), dropping packet.
Thu Jun 14 12:24:01 2018 MANAGEMENT: >STATE:1529004241,GET_CONFIG,,,,,,
Thu Jun 14 12:24:01 2018 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Thu Jun 14 12:24:01 2018 PUSH: Received control message: 'PUSH_REPLY,route-gateway 10.1.10.1,ping 10,ping-restart 120,ifconfig 10.1.10.200 255.255.255.0'
Thu Jun 14 12:24:01 2018 OPTIONS IMPORT: timers and/or timeouts modified
Thu Jun 14 12:24:01 2018 OPTIONS IMPORT: --ifconfig/up options modified
Thu Jun 14 12:24:01 2018 OPTIONS IMPORT: route-related options modified
Thu Jun 14 12:24:01 2018 Outgoing Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
Thu Jun 14 12:24:01 2018 Outgoing Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Jun 14 12:24:01 2018 Incoming Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
Thu Jun 14 12:24:01 2018 Incoming Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Jun 14 12:24:01 2018 interactive service msg_channel=728
Thu Jun 14 12:24:01 2018 open_tun
Thu Jun 14 12:24:01 2018 TAP-WIN32 device [Ethernet 2] opened: \\.\Global\{CF32B125-8AC7-4053-B4FC-0231B5B02A7D}.tap
Thu Jun 14 12:24:01 2018 TAP-Windows Driver Version 9.21
Thu Jun 14 12:24:01 2018 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.1.10.200/255.255.255.0 on interface {CF32B125-8AC7-4053-B4FC-0231B5B02A7D} [DHCP-serv: 10.1.10.0, lease-time: 31536000]
Thu Jun 14 12:24:01 2018 Successful ARP Flush on interface [21] {CF32B125-8AC7-4053-B4FC-0231B5B02A7D}
Thu Jun 14 12:24:01 2018 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Thu Jun 14 12:24:01 2018 MANAGEMENT: >STATE:1529004241,ASSIGN_IP,,10.1.10.200,,,,
Thu Jun 14 12:24:06 2018 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
Thu Jun 14 12:24:06 2018 Route: Waiting for TUN/TAP interface to come up...
Thu Jun 14 12:24:11 2018 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
Thu Jun 14 12:24:11 2018 Route: Waiting for TUN/TAP interface to come up...
Thu Jun 14 12:24:12 2018 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
Thu Jun 14 12:24:12 2018 Route: Waiting for TUN/TAP interface to come up...
Thu Jun 14 12:24:13 2018 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
Thu Jun 14 12:24:13 2018 Route: Waiting for TUN/TAP interface to come up...
Thu Jun 14 12:24:14 2018 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
Thu Jun 14 12:24:14 2018 Route: Waiting for TUN/TAP interface to come up...
Thu Jun 14 12:24:15 2018 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
Thu Jun 14 12:24:15 2018 Route: Waiting for TUN/TAP interface to come up...
Thu Jun 14 12:24:16 2018 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
Thu Jun 14 12:24:16 2018 Route: Waiting for TUN/TAP interface to come up...
Thu Jun 14 12:24:17 2018 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
Thu Jun 14 12:24:17 2018 Route: Waiting for TUN/TAP interface to come up...
Thu Jun 14 12:24:18 2018 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
Thu Jun 14 12:24:18 2018 Route: Waiting for TUN/TAP interface to come up...
Thu Jun 14 12:24:19 2018 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
Thu Jun 14 12:24:19 2018 Route: Waiting for TUN/TAP interface to come up...
Thu Jun 14 12:24:20 2018 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
Thu Jun 14 12:24:20 2018 Route: Waiting for TUN/TAP interface to come up...
Thu Jun 14 12:24:21 2018 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
Thu Jun 14 12:24:21 2018 Route: Waiting for TUN/TAP interface to come up...
Thu Jun 14 12:24:22 2018 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
Thu Jun 14 12:24:22 2018 Route: Waiting for TUN/TAP interface to come up...
Thu Jun 14 12:24:23 2018 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
Thu Jun 14 12:24:23 2018 Route: Waiting for TUN/TAP interface to come up...
Thu Jun 14 12:24:24 2018 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
Thu Jun 14 12:24:24 2018 Route: Waiting for TUN/TAP interface to come up...
Thu Jun 14 12:24:25 2018 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
Thu Jun 14 12:24:25 2018 Route: Waiting for TUN/TAP interface to come up...
Thu Jun 14 12:24:26 2018 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
Thu Jun 14 12:24:26 2018 Route: Waiting for TUN/TAP interface to come up...
Thu Jun 14 12:24:27 2018 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
Thu Jun 14 12:24:27 2018 Route: Waiting for TUN/TAP interface to come up...
Thu Jun 14 12:24:28 2018 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
Thu Jun 14 12:24:28 2018 Route: Waiting for TUN/TAP interface to come up...
Thu Jun 14 12:24:29 2018 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
Thu Jun 14 12:24:29 2018 Route: Waiting for TUN/TAP interface to come up...
Thu Jun 14 12:24:30 2018 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
Thu Jun 14 12:24:30 2018 Route: Waiting for TUN/TAP interface to come up...
Thu Jun 14 12:24:31 2018 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
Thu Jun 14 12:24:31 2018 Route: Waiting for TUN/TAP interface to come up...
Thu Jun 14 12:24:32 2018 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
Thu Jun 14 12:24:32 2018 Route: Waiting for TUN/TAP interface to come up...
Thu Jun 14 12:24:33 2018 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
Thu Jun 14 12:24:33 2018 Route: Waiting for TUN/TAP interface to come up...
Thu Jun 14 12:24:34 2018 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
Thu Jun 14 12:24:34 2018 Route: Waiting for TUN/TAP interface to come up...
Thu Jun 14 12:24:35 2018 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
Thu Jun 14 12:24:35 2018 Route: Waiting for TUN/TAP interface to come up...
Thu Jun 14 12:24:36 2018 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
SYSTEM ROUTING TABLE
0.0.0.0 0.0.0.0 192.168.43.1 p=0 i=2 t=4 pr=3 a=53 h=0 m=55/0/0/0/0
127.0.0.0 255.0.0.0 127.0.0.1 p=0 i=1 t=3 pr=2 a=15413 h=0 m=331/0/0/0/0
127.0.0.1 255.255.255.255 127.0.0.1 p=0 i=1 t=3 pr=2 a=15413 h=0 m=331/0/0/0/0
127.255.255.255 255.255.255.255 127.0.0.1 p=0 i=1 t=3 pr=2 a=15413 h=0 m=331/0/0/0/0
169.254.0.0 255.255.0.0 169.254.153.61 p=0 i=21 t=3 pr=2 a=25 h=0 m=291/0/0/0/0
169.254.153.61 255.255.255.255 169.254.153.61 p=0 i=21 t=3 pr=2 a=25 h=0 m=291/0/0/0/0
169.254.255.255 255.255.255.255 169.254.153.61 p=0 i=21 t=3 pr=2 a=25 h=0 m=291/0/0/0/0
192.168.43.0 255.255.255.0 192.168.43.192 p=0 i=2 t=3 pr=2 a=53 h=0 m=311/0/0/0/0
192.168.43.192 255.255.255.255 192.168.43.192 p=0 i=2 t=3 pr=2 a=53 h=0 m=311/0/0/0/0
192.168.43.255 255.255.255.255 192.168.43.192 p=0 i=2 t=3 pr=2 a=53 h=0 m=311/0/0/0/0
224.0.0.0 240.0.0.0 127.0.0.1 p=0 i=1 t=3 pr=2 a=15413 h=0 m=331/0/0/0/0
224.0.0.0 240.0.0.0 192.168.43.192 p=0 i=2 t=3 pr=2 a=15403 h=0 m=311/0/0/0/0
224.0.0.0 240.0.0.0 169.254.153.61 p=0 i=21 t=3 pr=2 a=14004 h=0 m=291/0/0/0/0
255.255.255.255 255.255.255.255 127.0.0.1 p=0 i=1 t=3 pr=2 a=15413 h=0 m=331/0/0/0/0
255.255.255.255 255.255.255.255 192.168.43.192 p=0 i=2 t=3 pr=2 a=15403 h=0 m=311/0/0/0/0
255.255.255.255 255.255.255.255 169.254.153.61 p=0 i=21 t=3 pr=2 a=14004 h=0 m=291/0/0/0/0
SYSTEM ADAPTER LIST
Killer e2400 Gigabit Ethernet Controller
Index = 26
GUID = {FC2BBEC5-8E14-45EB-81AE-B5AE332B58FD}
IP = 0.0.0.0/0.0.0.0
MAC = aa:aa:aa:aa:aa:aa
GATEWAY = 10.1.10.1/255.255.255.255
DHCP SERV =
DHCP LEASE OBTAINED = Thu Jun 14 12:24:36 2018
DHCP LEASE EXPIRES = Thu Jun 14 12:24:36 2018
DNS SERV =
TAP-Windows Adapter V9
Index = 21
GUID = {CF32B125-8AC7-4053-B4FC-0231B5B02A7D}
IP = 169.254.153.61/255.255.0.0
MAC = bb:bb:bb:bb:bb:bb
GATEWAY = 0.0.0.0/255.255.255.255
DHCP SERV = 0.0.0.0/255.255.255.255
DHCP LEASE OBTAINED = Thu Jun 14 12:24:36 2018
DHCP LEASE EXPIRES = Thu Jun 14 12:24:36 2018
DNS SERV =
Bluetooth Device (Personal Area Network) #2
Index = 7
GUID = {20776B1A-121F-4915-9968-15454CB2F904}
IP = 0.0.0.0/0.0.0.0
MAC = cc:cc:cc:cc:cc:cc
GATEWAY = 0.0.0.0/255.255.255.255
DHCP SERV =
DHCP LEASE OBTAINED = Thu Jun 14 12:24:36 2018
DHCP LEASE EXPIRES = Thu Jun 14 12:24:36 2018
DNS SERV =
Intel(R) Dual Band Wireless-AC 3165
Index = 2
GUID = {06E118C8-CF07-4B2C-BBEF-C77BF4986E03}
IP = 192.168.43.192/255.255.255.0
MAC = dd:dd:dd:dd:dd:dd
GATEWAY = 192.168.43.1/255.255.255.255
DHCP SERV = 192.168.43.1/255.255.255.255
DHCP LEASE OBTAINED = Thu Jun 14 12:23:43 2018
DHCP LEASE EXPIRES = Thu Jun 14 13:23:43 2018
DNS SERV = 192.168.43.1/255.255.255.255
Microsoft Wi-Fi Direct Virtual Adapter #2
Index = 12
GUID = {5106473A-0417-4A4C-8671-D00563569589}
IP = 0.0.0.0/0.0.0.0
MAC = ee:ee:ee:ee:ee:ee
GATEWAY = 0.0.0.0/255.255.255.255
DHCP SERV =
DHCP LEASE OBTAINED = Thu Jun 14 12:24:36 2018
DHCP LEASE EXPIRES = Thu Jun 14 12:24:36 2018
DNS SERV =
Microsoft Wi-Fi Direct Virtual Adapter #4
Index = 19
GUID = {C0AEA606-9F19-46AF-BFC9-80273898298B}
IP = 0.0.0.0/0.0.0.0
MAC = ff:ff:ff:ff:ff:ff
GATEWAY = 0.0.0.0/255.255.255.255
DHCP SERV =
DHCP LEASE OBTAINED = Thu Jun 14 12:24:36 2018
DHCP LEASE EXPIRES = Thu Jun 14 12:24:36 2018
DNS SERV =
Thu Jun 14 12:24:36 2018 Initialization Sequence Completed With Errors ( see http://openvpn.net/faq.html#dhcpclientserv )
Thu Jun 14 12:24:36 2018 MANAGEMENT: >STATE:1529004276,CONNECTED,ERROR,10.1.10.200,77.77.77.77,1194,,

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Windows OpenVPN client TUN/TAP timeout with static IP, but Linux client works

Post by TinCanTech » Thu Jun 14, 2018 8:39 pm

Do you understand that a server bridge creates an OSI-Layer 2 connection to your physical network ?

johancsi
OpenVpn Newbie
Posts: 10
Joined: Sat Nov 23, 2013 4:57 pm

Re: Windows OpenVPN client TUN/TAP timeout with static IP, but Linux client works

Post by johancsi » Thu Jun 14, 2018 9:47 pm

No, I do not understand that. What I do know is that I have been using this same openvpn configuration for over four years now, and it has worked flawlessly until I tried to create a static IP for the client. After creating the static IP, my openvpn connection quit working with a Windows client, but still works flawlessly with a Linux client. The two logs are pretty much identical down to the lines where it says

TEST ROUTES: 0/0 succeeded len=0 ret=1 a=0 u/d=up
Initialization Sequence Completed

for the client when no static IP is assigned, and it says

TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
Route: Waiting for TUN/TAP interface to come up...

for the client when a static IP is assigned, and then it keeps waiting for TUN/TAP interface to come up until it times out.


I don't remember how I figured out the initial setup four years ago, but if you think I have something set up incorrectly, and there is a better configuration, then please let me know.


Thanks for any input

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Windows OpenVPN client TUN/TAP timeout with static IP, but Linux client works

Post by TinCanTech » Fri Jun 15, 2018 10:43 am

Openvpn is working as exp[ected, now you have some kind of network problem.

If you want my help with that then please contact me privately tincanteksup <at> gmail

johancsi
OpenVpn Newbie
Posts: 10
Joined: Sat Nov 23, 2013 4:57 pm

Re: Windows OpenVPN client TUN/TAP timeout with static IP, but Linux client works

Post by johancsi » Fri Jun 15, 2018 6:56 pm

I attempted to send you an email, and it bounced back with Unrouteable address.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Windows OpenVPN client TUN/TAP timeout with static IP, but Linux client works

Post by TinCanTech » Sat Jun 16, 2018 6:35 pm

Did figure it out yet :?:

johancsi
OpenVpn Newbie
Posts: 10
Joined: Sat Nov 23, 2013 4:57 pm

Re: Windows OpenVPN client TUN/TAP timeout with static IP, but Linux client works

Post by johancsi » Tue Jun 19, 2018 8:41 pm

No, I didn't figure it out yet, and I tried to send you an email as you requested, and it bounced back with Unrouteable address.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Windows OpenVPN client TUN/TAP timeout with static IP, but Linux client works

Post by TinCanTech » Tue Jun 19, 2018 11:07 pm

You must have the wrong address ..

johancsi
OpenVpn Newbie
Posts: 10
Joined: Sat Nov 23, 2013 4:57 pm

Re: Windows OpenVPN client TUN/TAP timeout with static IP, but Linux client works

Post by johancsi » Wed Jun 20, 2018 11:02 pm

I tried it again, and it worked this time. Go figure. You should have an email from me now.

Post Reply