The service is running and its listening on port 10011
When i put my .opvn file onto my phone it connects and shows upstream traffic but i get nothing downstream
i am unable to access the internet or devices on the network
See below for configs and outputs from shell(SSH)
[oconf=root@openvpn:# ps aux]
USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND
root 23286 0.0 0.0 14656 1904 - IsJ 3:10AM 0:00.00 dhclient: epair2b [priv] (dhclient)
_dhcp 23351 0.0 0.0 14656 2020 - IsJ 3:10AM 0:00.00 dhclient: epair2b (dhclient)
root 23783 0.0 0.0 14528 1812 - IsJ 3:10AM 0:00.00 /usr/sbin/syslogd -s
nobody 23817 0.0 0.0 23948 4732 - SsJ 3:10AM 0:00.02 /usr/local/sbin/openvpn --cd /mnt/keys --daemon openvpn --config /usr/local/share/easy-rsa/openvpn.conf --wr
root 23849 0.0 0.0 16624 1988 - SsJ 3:10AM 0:00.00 /usr/sbin/cron -s
root 25576 0.0 0.0 23600 2932 0 SJ 3:15AM 0:00.01 /bin/csh -i
root 25581 0.0 0.0 18768 1788 0 R+J 3:16AM 0:00.00 ps aux
[/oconf]
[oconf=root@openvpn: # sockstat]USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS
root cron 23849 4 dgram -> /var/run/logpriv
nobody openvpn 23817 4 dgram -> /var/run/logpriv
nobody openvpn 23817 7 udp4 6 *:10011 *:*
root syslogd 23783 4 dgram /var/run/log
root syslogd 23783 5 dgram /var/run/logpriv
root syslogd 23783 6 udp6 *:514 *:*
root syslogd 23783 7 udp4 *:514 *:*[/oconf]
client
dev tun
proto udp
remote myddns 10011
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert mycert.crt
key mykey.key
remote-cert-tls server
cipher AES-256-CBC
auth SHA256
tls-auth ta.key 1
dhcp-option DNS 192.168.1.1
redirect-gateway def1
comp-lzo
verb 3
proto udp
dev tun
ca /usr/local/share/easy-rsa/pki/ca.crt
cert /usr/local/share/easy-rsa/pki/issued/openvpn-server.crt
key /usr/local/share/easy-rsa/pki/private/openvpn-server.key
dh /usr/local/share/easy-rsa/pki/dh.pem
server 172.16.8.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 10.8.0.0 255.255.255.0"
tls-auth /usr/local/share/easy-rsa/pki/ta.key 0
#crl-verify crl.pem
keepalive 10 120
cipher AES-256-CBC
auth SHA256
group nobody
user nobody
comp-lzo
persist-key
persist-tun
verb 3
[oconf=root@openvpn:/usr/local/share/easy-rsa/pki # openvpn --config /usr/local/share/easy-rsa/openvpn.conf]Fri Dec 28 03:24:18 2018 OpenVPN 2.4.6 amd64-portbld-freebsd10.4 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Sep 29 2018
Fri Dec 28 03:24:18 2018 library versions: OpenSSL 1.0.1s-freebsd 1 Mar 2016, LZO 2.10
Fri Dec 28 03:24:18 2018 NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x. Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
Fri Dec 28 03:24:18 2018 Diffie-Hellman initialized with 2048 bit key
Fri Dec 28 03:24:18 2018 Failed to extract curve from certificate (UNDEF), using secp384r1 instead.
Fri Dec 28 03:24:18 2018 ECDH curve secp384r1 added
Fri Dec 28 03:24:18 2018 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Fri Dec 28 03:24:18 2018 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Fri Dec 28 03:24:18 2018 ROUTE_GATEWAY 192.168.1.1/255.255.255.0 IFACE=epair2b HWADDR=ba:07:c6:7f:65:e9
Fri Dec 28 03:24:18 2018 TUN/TAP device /dev/tun0 opened
Fri Dec 28 03:24:18 2018 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Fri Dec 28 03:24:18 2018 /sbin/ifconfig tun0 172.16.8.1 172.16.8.2 mtu 1500 netmask 255.255.255.255 up
Fri Dec 28 03:24:18 2018 /sbin/route add -net 172.16.8.0 172.16.8.2 255.255.255.0 add net 172.16.8.0: gateway 172.16.8.2
Fri Dec 28 03:24:18 2018 Could not determine IPv4/IPv6 protocol. Using AF_INET6
Fri Dec 28 03:24:18 2018 Socket Buffers: R=[42080->42080] S=[9216->9216]
Fri Dec 28 03:24:18 2018 setsockopt(IPV6_V6ONLY=0)
Fri Dec 28 03:24:18 2018 UDPv6 link local (bound): [AF_INET6][undef]:10011
Fri Dec 28 03:24:18 2018 UDPv6 link remote: [AF_UNSPEC]
Fri Dec 28 03:24:18 2018 GID set to nobody
Fri Dec 28 03:24:18 2018 UID set to nobody
Fri Dec 28 03:24:18 2018 MULTI: multi_init called, r=256 v=256
Fri Dec 28 03:24:18 2018 IFCONFIG POOL: base=172.16.8.4 size=62, ipv6=0
Fri Dec 28 03:24:18 2018 ifconfig_pool_read(), in='nas ca,172.16.8.4', TODO: IPv6
Fri Dec 28 03:24:18 2018 succeeded -> ifconfig_pool_set()
Fri Dec 28 03:24:18 2018 IFCONFIG POOL LIST
Fri Dec 28 03:24:18 2018 nas ca,172.16.8.4
Fri Dec 28 03:24:18 2018 Initialization Sequence Completed
[/oconf]
My LAN uses a 192.168.x.x address, don't know if this is important
If there is any commands you need me to post results of or files to help diagnose let me know