Default gateway added on OpenVPN client side no matter which option I add

This forum is for admins who are looking to build or expand their OpenVPN setup.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
Juspion
OpenVpn Newbie
Posts: 7
Joined: Fri Jan 04, 2019 6:49 pm

Default gateway added on OpenVPN client side no matter which option I add

Post by Juspion » Fri Jan 04, 2019 7:31 pm

Dear community members,

I have been struggling with an issue for days and I cannot find any other solution apart from asking for some help here !

Basically, I am building a tunnel in bridged mode between a Windows 10 client and a server I have no control over.
Almost everything works OK, but a default route is added no matter which options I put in the client's ovpn file (which is something I do not want)

I tried :

Code: Select all

pull-filter ignore "route " 
pull-filter ignore "redirect-gateway"
pull-filter ignore "ifconfig"
route-nopull
route-noexec
I tried them alone or grouped, at various positions of the configuration file, with or without double quotes... Nothing works.

I always have a new default route added, going to the OpenVPN server's IP. Everything else is OK : I have access to the remote ressources without issues.

The client's log contains, among others, following lines :

Code: Select all

route_noexec = ENABLED
route_nopull = ENABLED
Pull filters:
     ignore "route "
     ignore "redirect-gateway"
     ignore "ifconfig"
     ignore "route "
     ignore "redirect-gateway"
     ignore "ifconfig"
PUSH: Received control message: 'PUSH_REPLY,ping 30,ping-restart 120'
which makes me think that all options I add in the configuration file are taken into account.

Of course, a "route delete 0.0.0.0 openvpn_server_ip" makes my system use the right gateway again. And if I don't want to bother changing the routing table each time I connect, changing the metric of the tunnel interface to a higher value makes it all functional even with this wrong 2nd default route.

Nevertheless, I would like the client to behave as (I think) I am instructing it to...
Am I missing something obvious or may this be a bug (or maybe an incompatibility between my OpenVPN client version and the server ?)

Thanks a lot for your help.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Default gateway added on OpenVPN client side no matter which option I add

Post by TinCanTech » Fri Jan 04, 2019 7:53 pm

Juspion wrote:
Fri Jan 04, 2019 7:31 pm
I always have a new default route added, going to the OpenVPN server's IP
and you did not even show us your routing table ..

viewtopic.php?f=30&t=22603

Juspion
OpenVpn Newbie
Posts: 7
Joined: Fri Jan 04, 2019 6:49 pm

Re: Default gateway added on OpenVPN client side no matter which option I add

Post by Juspion » Wed Jan 09, 2019 12:54 pm

Hello,

Thank you for your answer. Sorry, I thought that explaining it with words was enough.
Below are my routing tables (sorry for the formatting, I tried to use the preview to have it look as good as possible but, as you know, one gets kicked out almost as soon as the preview function is used...)

Before the tunnel is connected :

Code: Select all

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination    	Netmask          	Gateway       	Interface  			Metric
          0.0.0.0		0.0.0.0     		192.168.43.1   	192.168.43.136     	55
        127.0.0.0     	255.0.0.0         	On-link         127.0.0.1    		331
        127.0.0.1  		255.255.255.255     On-link         127.0.0.1    		331
  127.255.255.255  		255.255.255.255     On-link         127.0.0.1    		331
     192.168.43.0    	255.255.255.0       On-link    		192.168.43.136    	311
   192.168.43.136  		255.255.255.255     On-link    		192.168.43.136    	311
   192.168.43.255  		255.255.255.255     On-link    		192.168.43.136    	311
        224.0.0.0      	240.0.0.0         	On-link         127.0.0.1    		331
        224.0.0.0      	240.0.0.0         	On-link    		192.168.43.136    	311
  255.255.255.255  		255.255.255.255     On-link         127.0.0.1    		331
  255.255.255.255  		255.255.255.255     On-link    		192.168.43.136    	311
===========================================================================
Persistent Routes:
  None
After the tunnel is up :

Code: Select all

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination		Netmask          	Gateway       	Interface  			Metric
          0.0.0.0       0.0.0.0     		192.168.43.1   	192.168.43.136     	55
          0.0.0.0       0.0.0.0    			192.168.0.254  	192.168.0.18   		1998
        127.0.0.0       255.0.0.0         	On-link         127.0.0.1    		331
        127.0.0.1  		255.255.255.255     On-link         127.0.0.1    		331
  127.255.255.255  		255.255.255.255     On-link         127.0.0.1    		331
      192.168.0.0    	255.255.255.0       On-link      	192.168.0.18   		1255
     192.168.0.18  		255.255.255.255     On-link      	192.168.0.18   		1255
    192.168.0.255  		255.255.255.255     On-link      	192.168.0.18   		1255
     192.168.43.0    	255.255.255.0       On-link    		192.168.43.136    	311
   192.168.43.136  		255.255.255.255     On-link    		192.168.43.136    	311
   192.168.43.255  		255.255.255.255     On-link    		192.168.43.136    	311
        224.0.0.0       240.0.0.0         	On-link         127.0.0.1    		331
        224.0.0.0       240.0.0.0         	On-link    		192.168.43.136    	311
        224.0.0.0       240.0.0.0         	On-link      	192.168.0.18   		1255
  255.255.255.255  		255.255.255.255     On-link         127.0.0.1    		331
  255.255.255.255  		255.255.255.255     On-link    		192.168.43.136    	311
  255.255.255.255  		255.255.255.255     On-link      	192.168.0.18   		1255
===========================================================================
Persistent Routes:
  None
This is functional since I manually put a high value for the tunnel interface metric. But I just don't want this :

Code: Select all

0.0.0.0          		0.0.0.0    			192.168.0.254  	192.168.0.18   		1998
to appear in the first place.

Thank you again for your help.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Default gateway added on OpenVPN client side no matter which option I add

Post by TinCanTech » Wed Jan 09, 2019 2:13 pm

So, please post your client config and log file (Log at verb 4)

Juspion
OpenVpn Newbie
Posts: 7
Joined: Fri Jan 04, 2019 6:49 pm

Re: Default gateway added on OpenVPN client side no matter which option I add

Post by Juspion » Thu Jan 10, 2019 5:32 pm

The log file is :

Code: Select all

Thu Jan 10 18:19:03 2019 us=932400 Current Parameter Settings:
Thu Jan 10 18:19:03 2019 us=932400   config = 'test.ovpn'
Thu Jan 10 18:19:03 2019 us=932400   mode = 0
Thu Jan 10 18:19:03 2019 us=932400   show_ciphers = DISABLED
Thu Jan 10 18:19:03 2019 us=932400   show_digests = DISABLED
Thu Jan 10 18:19:03 2019 us=932400   show_engines = DISABLED
Thu Jan 10 18:19:03 2019 us=932400   genkey = DISABLED
Thu Jan 10 18:19:03 2019 us=932400   key_pass_file = '[UNDEF]'
Thu Jan 10 18:19:03 2019 us=932400   show_tls_ciphers = DISABLED
Thu Jan 10 18:19:03 2019 us=932400   connect_retry_max = 0
Thu Jan 10 18:19:03 2019 us=932400 Connection profiles [0]:
Thu Jan 10 18:19:03 2019 us=932400   proto = udp
Thu Jan 10 18:19:03 2019 us=932400   local = '[UNDEF]'
Thu Jan 10 18:19:03 2019 us=932400   local_port = '[UNDEF]'
Thu Jan 10 18:19:03 2019 us=932400   remote = '<server_public_ip>'
Thu Jan 10 18:19:03 2019 us=932400   remote_port = '<server_public_port>'
Thu Jan 10 18:19:03 2019 us=932400   remote_float = DISABLED
Thu Jan 10 18:19:03 2019 us=932400   bind_defined = DISABLED
Thu Jan 10 18:19:03 2019 us=932400   bind_local = DISABLED
Thu Jan 10 18:19:03 2019 us=932400   bind_ipv6_only = DISABLED
Thu Jan 10 18:19:03 2019 us=932400   connect_retry_seconds = 5
Thu Jan 10 18:19:03 2019 us=932400   connect_timeout = 120
Thu Jan 10 18:19:03 2019 us=932400   socks_proxy_server = '[UNDEF]'
Thu Jan 10 18:19:03 2019 us=932400   socks_proxy_port = '[UNDEF]'
Thu Jan 10 18:19:03 2019 us=932400   tun_mtu = 1500
Thu Jan 10 18:19:03 2019 us=932400   tun_mtu_defined = ENABLED
Thu Jan 10 18:19:03 2019 us=932400   link_mtu = 1500
Thu Jan 10 18:19:03 2019 us=932400   link_mtu_defined = DISABLED
Thu Jan 10 18:19:03 2019 us=932400   tun_mtu_extra = 32
Thu Jan 10 18:19:03 2019 us=932400   tun_mtu_extra_defined = ENABLED
Thu Jan 10 18:19:03 2019 us=932400   mtu_discover_type = -1
Thu Jan 10 18:19:03 2019 us=932400   fragment = 1452
Thu Jan 10 18:19:03 2019 us=932400   mssfix = 1452
Thu Jan 10 18:19:03 2019 us=932400   explicit_exit_notification = 3
Thu Jan 10 18:19:03 2019 us=932400 Connection profiles END
Thu Jan 10 18:19:03 2019 us=932400   remote_random = DISABLED
Thu Jan 10 18:19:03 2019 us=932400   ipchange = '[UNDEF]'
Thu Jan 10 18:19:03 2019 us=932400   dev = 'tap0'
Thu Jan 10 18:19:03 2019 us=932400   dev_type = 'tap'
Thu Jan 10 18:19:03 2019 us=932400   dev_node = '[UNDEF]'
Thu Jan 10 18:19:03 2019 us=932400   lladdr = '[UNDEF]'
Thu Jan 10 18:19:03 2019 us=932400   topology = 1
Thu Jan 10 18:19:03 2019 us=932400   ifconfig_local = '[UNDEF]'
Thu Jan 10 18:19:03 2019 us=932400   ifconfig_remote_netmask = '[UNDEF]'
Thu Jan 10 18:19:03 2019 us=932400   ifconfig_noexec = DISABLED
Thu Jan 10 18:19:03 2019 us=932400   ifconfig_nowarn = DISABLED
Thu Jan 10 18:19:03 2019 us=932400   ifconfig_ipv6_local = '[UNDEF]'
Thu Jan 10 18:19:03 2019 us=932400   ifconfig_ipv6_netbits = 0
Thu Jan 10 18:19:03 2019 us=932400   ifconfig_ipv6_remote = '[UNDEF]'
Thu Jan 10 18:19:03 2019 us=932400   shaper = 0
Thu Jan 10 18:19:03 2019 us=932400   mtu_test = 0
Thu Jan 10 18:19:03 2019 us=932400   mlock = DISABLED
Thu Jan 10 18:19:03 2019 us=932400   keepalive_ping = 0
Thu Jan 10 18:19:03 2019 us=932400   keepalive_timeout = 0
Thu Jan 10 18:19:03 2019 us=932400   inactivity_timeout = 0
Thu Jan 10 18:19:03 2019 us=932400   ping_send_timeout = 0
Thu Jan 10 18:19:03 2019 us=932400   ping_rec_timeout = 0
Thu Jan 10 18:19:03 2019 us=932400   ping_rec_timeout_action = 0
Thu Jan 10 18:19:03 2019 us=932400   ping_timer_remote = DISABLED
Thu Jan 10 18:19:03 2019 us=932400   remap_sigusr1 = 0
Thu Jan 10 18:19:03 2019 us=932400   persist_tun = DISABLED
Thu Jan 10 18:19:03 2019 us=932400   persist_local_ip = DISABLED
Thu Jan 10 18:19:03 2019 us=932400   persist_remote_ip = DISABLED
Thu Jan 10 18:19:03 2019 us=932400   persist_key = DISABLED
Thu Jan 10 18:19:03 2019 us=932400   passtos = DISABLED
Thu Jan 10 18:19:03 2019 us=932400   resolve_retry_seconds = 1000000000
Thu Jan 10 18:19:03 2019 us=932400   resolve_in_advance = DISABLED
Thu Jan 10 18:19:03 2019 us=932400   username = '[UNDEF]'
Thu Jan 10 18:19:03 2019 us=932400   groupname = '[UNDEF]'
Thu Jan 10 18:19:03 2019 us=932400   chroot_dir = '[UNDEF]'
Thu Jan 10 18:19:03 2019 us=932400   cd_dir = '[UNDEF]'
Thu Jan 10 18:19:03 2019 us=932400   writepid = '[UNDEF]'
Thu Jan 10 18:19:03 2019 us=932400   up_script = '[UNDEF]'
Thu Jan 10 18:19:03 2019 us=932400   down_script = '[UNDEF]'
Thu Jan 10 18:19:03 2019 us=932400   down_pre = DISABLED
Thu Jan 10 18:19:03 2019 us=932400   up_restart = DISABLED
Thu Jan 10 18:19:03 2019 us=932400   up_delay = DISABLED
Thu Jan 10 18:19:03 2019 us=932400   daemon = DISABLED
Thu Jan 10 18:19:03 2019 us=932400   inetd = 0
Thu Jan 10 18:19:03 2019 us=932400   log = ENABLED
Thu Jan 10 18:19:03 2019 us=932400   suppress_timestamps = DISABLED
Thu Jan 10 18:19:03 2019 us=932400   machine_readable_output = DISABLED
Thu Jan 10 18:19:03 2019 us=932400   nice = 0
Thu Jan 10 18:19:03 2019 us=932400   verbosity = 4
Thu Jan 10 18:19:03 2019 us=932400   mute = 0
Thu Jan 10 18:19:03 2019 us=932400   gremlin = 0
Thu Jan 10 18:19:03 2019 us=932400   status_file = '[UNDEF]'
Thu Jan 10 18:19:03 2019 us=932400   status_file_version = 1
Thu Jan 10 18:19:03 2019 us=932400   status_file_update_freq = 60
Thu Jan 10 18:19:03 2019 us=932400   occ = ENABLED
Thu Jan 10 18:19:03 2019 us=932400   rcvbuf = 0
Thu Jan 10 18:19:03 2019 us=932400   sndbuf = 0
Thu Jan 10 18:19:03 2019 us=932400   sockflags = 0
Thu Jan 10 18:19:03 2019 us=932400   fast_io = DISABLED
Thu Jan 10 18:19:03 2019 us=932400   comp.alg = 0
Thu Jan 10 18:19:03 2019 us=932400   comp.flags = 0
Thu Jan 10 18:19:03 2019 us=932400   route_script = '[UNDEF]'
Thu Jan 10 18:19:03 2019 us=932400   route_default_gateway = '[UNDEF]'
Thu Jan 10 18:19:03 2019 us=932400   route_default_metric = 0
Thu Jan 10 18:19:03 2019 us=932400   route_noexec = ENABLED
Thu Jan 10 18:19:03 2019 us=932400   route_delay = 5
Thu Jan 10 18:19:03 2019 us=932400   route_delay_window = 30
Thu Jan 10 18:19:03 2019 us=932400   route_delay_defined = ENABLED
Thu Jan 10 18:19:03 2019 us=932400   route_nopull = ENABLED
Thu Jan 10 18:19:03 2019 us=932400   route_gateway_via_dhcp = DISABLED
Thu Jan 10 18:19:03 2019 us=932400   allow_pull_fqdn = DISABLED
Thu Jan 10 18:19:03 2019 us=932400   Pull filters:
Thu Jan 10 18:19:03 2019 us=932400     ignore "route "
Thu Jan 10 18:19:03 2019 us=932400     ignore "redirect-gateway"
Thu Jan 10 18:19:03 2019 us=932400     ignore "ifconfig"
Thu Jan 10 18:19:03 2019 us=932400     ignore "route "
Thu Jan 10 18:19:03 2019 us=932400     ignore "redirect-gateway"
Thu Jan 10 18:19:03 2019 us=932400     ignore "ifconfig"
Thu Jan 10 18:19:03 2019 us=932400   management_addr = '127.0.0.1'
Thu Jan 10 18:19:03 2019 us=932400   management_port = '25344'
Thu Jan 10 18:19:03 2019 us=932400   management_user_pass = 'stdin'
Thu Jan 10 18:19:03 2019 us=932400   management_log_history_cache = 250
Thu Jan 10 18:19:03 2019 us=932400   management_echo_buffer_size = 100
Thu Jan 10 18:19:03 2019 us=932400   management_write_peer_info_file = '[UNDEF]'
Thu Jan 10 18:19:03 2019 us=932400   management_client_user = '[UNDEF]'
Thu Jan 10 18:19:03 2019 us=932400   management_client_group = '[UNDEF]'
Thu Jan 10 18:19:03 2019 us=932400   management_flags = 6
Thu Jan 10 18:19:03 2019 us=932400   shared_secret_file = '[UNDEF]'
Thu Jan 10 18:19:03 2019 us=932400   key_direction = not set
Thu Jan 10 18:19:03 2019 us=932400   ciphername = 'AES-256-CBC'
Thu Jan 10 18:19:03 2019 us=932400   ncp_enabled = ENABLED
Thu Jan 10 18:19:03 2019 us=932400   ncp_ciphers = 'AES-256-GCM:AES-128-GCM'
Thu Jan 10 18:19:03 2019 us=932400   authname = 'SHA1'
Thu Jan 10 18:19:03 2019 us=932400   prng_hash = 'SHA1'
Thu Jan 10 18:19:03 2019 us=932400   prng_nonce_secret_len = 16
Thu Jan 10 18:19:03 2019 us=932400   keysize = 0
Thu Jan 10 18:19:03 2019 us=932400   engine = DISABLED
Thu Jan 10 18:19:03 2019 us=932400   replay = ENABLED
Thu Jan 10 18:19:03 2019 us=932400   mute_replay_warnings = DISABLED
Thu Jan 10 18:19:03 2019 us=932400   replay_window = 64
Thu Jan 10 18:19:03 2019 us=932400   replay_time = 15
Thu Jan 10 18:19:03 2019 us=932400   packet_id_file = '[UNDEF]'
Thu Jan 10 18:19:03 2019 us=932400   use_iv = ENABLED
Thu Jan 10 18:19:03 2019 us=932400   test_crypto = DISABLED
Thu Jan 10 18:19:03 2019 us=932400   tls_server = DISABLED
Thu Jan 10 18:19:03 2019 us=932400   tls_client = ENABLED
Thu Jan 10 18:19:03 2019 us=932400   key_method = 2
Thu Jan 10 18:19:03 2019 us=932400   ca_file = '[[INLINE]]'
Thu Jan 10 18:19:03 2019 us=932400   ca_path = '[UNDEF]'
Thu Jan 10 18:19:03 2019 us=932400   dh_file = '[UNDEF]'
Thu Jan 10 18:19:03 2019 us=932400   cert_file = '[[INLINE]]'
Thu Jan 10 18:19:03 2019 us=932400   extra_certs_file = '[[INLINE]]'
Thu Jan 10 18:19:03 2019 us=932400   priv_key_file = '[[INLINE]]'
Thu Jan 10 18:19:03 2019 us=932400   pkcs12_file = '[UNDEF]'
Thu Jan 10 18:19:03 2019 us=932400   cryptoapi_cert = '[UNDEF]'
Thu Jan 10 18:19:03 2019 us=932400   cipher_list = '[UNDEF]'
Thu Jan 10 18:19:03 2019 us=932400   tls_cert_profile = '[UNDEF]'
Thu Jan 10 18:19:03 2019 us=932400   tls_verify = '[UNDEF]'
Thu Jan 10 18:19:03 2019 us=932400   tls_export_cert = '[UNDEF]'
Thu Jan 10 18:19:03 2019 us=932400   verify_x509_type = 1
Thu Jan 10 18:19:03 2019 us=932400   verify_x509_name = 'C=FR, O=Freebox SA, CN=Freebox OpenVPN server <32 character long string>'
Thu Jan 10 18:19:03 2019 us=932400   crl_file = '[UNDEF]'
Thu Jan 10 18:19:03 2019 us=932400   ns_cert_type = 0
Thu Jan 10 18:19:03 2019 us=932400   remote_cert_ku[i] = 65535
Thu Jan 10 18:19:03 2019 us=932400   remote_cert_ku[i] = 0
Thu Jan 10 18:19:03 2019 us=932400   remote_cert_ku[i] = 0
Thu Jan 10 18:19:03 2019 us=932400   remote_cert_ku[i] = 0
Thu Jan 10 18:19:03 2019 us=932400   remote_cert_ku[i] = 0
Thu Jan 10 18:19:03 2019 us=932400   remote_cert_ku[i] = 0
Thu Jan 10 18:19:03 2019 us=932400   remote_cert_ku[i] = 0
Thu Jan 10 18:19:03 2019 us=932400   remote_cert_ku[i] = 0
Thu Jan 10 18:19:03 2019 us=932400   remote_cert_ku[i] = 0
Thu Jan 10 18:19:03 2019 us=932400   remote_cert_ku[i] = 0
Thu Jan 10 18:19:03 2019 us=932400   remote_cert_ku[i] = 0
Thu Jan 10 18:19:03 2019 us=932400   remote_cert_ku[i] = 0
Thu Jan 10 18:19:03 2019 us=932400   remote_cert_ku[i] = 0
Thu Jan 10 18:19:03 2019 us=932400   remote_cert_ku[i] = 0
Thu Jan 10 18:19:03 2019 us=932400   remote_cert_ku[i] = 0
Thu Jan 10 18:19:03 2019 us=932400   remote_cert_ku[i] = 0
Thu Jan 10 18:19:03 2019 us=932400   remote_cert_eku = 'TLS Web Server Authentication'
Thu Jan 10 18:19:03 2019 us=932400   ssl_flags = 0
Thu Jan 10 18:19:03 2019 us=932400   tls_timeout = 2
Thu Jan 10 18:19:03 2019 us=932400   renegotiate_bytes = -1
Thu Jan 10 18:19:03 2019 us=932400   renegotiate_packets = 0
Thu Jan 10 18:19:03 2019 us=932400   renegotiate_seconds = 3600
Thu Jan 10 18:19:03 2019 us=932400   handshake_window = 60
Thu Jan 10 18:19:03 2019 us=932400   transition_window = 3600
Thu Jan 10 18:19:03 2019 us=932400   single_session = DISABLED
Thu Jan 10 18:19:03 2019 us=932400   push_peer_info = DISABLED
Thu Jan 10 18:19:03 2019 us=932400   tls_exit = DISABLED
Thu Jan 10 18:19:03 2019 us=932400   tls_auth_file = '[UNDEF]'
Thu Jan 10 18:19:03 2019 us=932400   tls_crypt_file = '[UNDEF]'
Thu Jan 10 18:19:03 2019 us=932400   pkcs11_protected_authentication = DISABLED
Thu Jan 10 18:19:03 2019 us=932400   pkcs11_protected_authentication = DISABLED
Thu Jan 10 18:19:03 2019 us=932400   pkcs11_protected_authentication = DISABLED
Thu Jan 10 18:19:03 2019 us=932400   pkcs11_protected_authentication = DISABLED
Thu Jan 10 18:19:03 2019 us=932400   pkcs11_protected_authentication = DISABLED
Thu Jan 10 18:19:03 2019 us=932400   pkcs11_protected_authentication = DISABLED
Thu Jan 10 18:19:03 2019 us=932400   pkcs11_protected_authentication = DISABLED
Thu Jan 10 18:19:03 2019 us=932400   pkcs11_protected_authentication = DISABLED
Thu Jan 10 18:19:03 2019 us=932400   pkcs11_protected_authentication = DISABLED
Thu Jan 10 18:19:03 2019 us=932400   pkcs11_protected_authentication = DISABLED
Thu Jan 10 18:19:03 2019 us=932400   pkcs11_protected_authentication = DISABLED
Thu Jan 10 18:19:03 2019 us=932400   pkcs11_protected_authentication = DISABLED
Thu Jan 10 18:19:03 2019 us=932400   pkcs11_protected_authentication = DISABLED
Thu Jan 10 18:19:03 2019 us=932400   pkcs11_protected_authentication = DISABLED
Thu Jan 10 18:19:03 2019 us=932400   pkcs11_protected_authentication = DISABLED
Thu Jan 10 18:19:03 2019 us=932400   pkcs11_protected_authentication = DISABLED
Thu Jan 10 18:19:03 2019 us=932400   pkcs11_private_mode = 00000000
Thu Jan 10 18:19:03 2019 us=932400   pkcs11_private_mode = 00000000
Thu Jan 10 18:19:03 2019 us=932400   pkcs11_private_mode = 00000000
Thu Jan 10 18:19:03 2019 us=932400   pkcs11_private_mode = 00000000
Thu Jan 10 18:19:03 2019 us=932400   pkcs11_private_mode = 00000000
Thu Jan 10 18:19:03 2019 us=932400   pkcs11_private_mode = 00000000
Thu Jan 10 18:19:03 2019 us=932400   pkcs11_private_mode = 00000000
Thu Jan 10 18:19:03 2019 us=932400   pkcs11_private_mode = 00000000
Thu Jan 10 18:19:03 2019 us=932400   pkcs11_private_mode = 00000000
Thu Jan 10 18:19:03 2019 us=932400   pkcs11_private_mode = 00000000
Thu Jan 10 18:19:03 2019 us=932400   pkcs11_private_mode = 00000000
Thu Jan 10 18:19:03 2019 us=932400   pkcs11_private_mode = 00000000
Thu Jan 10 18:19:03 2019 us=932400   pkcs11_private_mode = 00000000
Thu Jan 10 18:19:03 2019 us=932400   pkcs11_private_mode = 00000000
Thu Jan 10 18:19:03 2019 us=932400   pkcs11_private_mode = 00000000
Thu Jan 10 18:19:03 2019 us=932400   pkcs11_private_mode = 00000000
Thu Jan 10 18:19:03 2019 us=932400   pkcs11_cert_private = DISABLED
Thu Jan 10 18:19:03 2019 us=932400   pkcs11_cert_private = DISABLED
Thu Jan 10 18:19:03 2019 us=932400   pkcs11_cert_private = DISABLED
Thu Jan 10 18:19:03 2019 us=932400   pkcs11_cert_private = DISABLED
Thu Jan 10 18:19:03 2019 us=932400   pkcs11_cert_private = DISABLED
Thu Jan 10 18:19:03 2019 us=932400   pkcs11_cert_private = DISABLED
Thu Jan 10 18:19:03 2019 us=932400   pkcs11_cert_private = DISABLED
Thu Jan 10 18:19:03 2019 us=932400   pkcs11_cert_private = DISABLED
Thu Jan 10 18:19:03 2019 us=932400   pkcs11_cert_private = DISABLED
Thu Jan 10 18:19:03 2019 us=932400   pkcs11_cert_private = DISABLED
Thu Jan 10 18:19:03 2019 us=932400   pkcs11_cert_private = DISABLED
Thu Jan 10 18:19:03 2019 us=932400   pkcs11_cert_private = DISABLED
Thu Jan 10 18:19:03 2019 us=932400   pkcs11_cert_private = DISABLED
Thu Jan 10 18:19:03 2019 us=932400   pkcs11_cert_private = DISABLED
Thu Jan 10 18:19:03 2019 us=932400   pkcs11_cert_private = DISABLED
Thu Jan 10 18:19:03 2019 us=932400   pkcs11_cert_private = DISABLED
Thu Jan 10 18:19:03 2019 us=932400   pkcs11_pin_cache_period = -1
Thu Jan 10 18:19:03 2019 us=932400   pkcs11_id = '[UNDEF]'
Thu Jan 10 18:19:03 2019 us=932400   pkcs11_id_management = DISABLED
Thu Jan 10 18:19:03 2019 us=932400   server_network = 0.0.0.0
Thu Jan 10 18:19:03 2019 us=932400   server_netmask = 0.0.0.0
Thu Jan 10 18:19:03 2019 us=932400   server_network_ipv6 = ::
Thu Jan 10 18:19:03 2019 us=932400   server_netbits_ipv6 = 0
Thu Jan 10 18:19:03 2019 us=932400   server_bridge_ip = 0.0.0.0
Thu Jan 10 18:19:03 2019 us=932400   server_bridge_netmask = 0.0.0.0
Thu Jan 10 18:19:03 2019 us=932400   server_bridge_pool_start = 0.0.0.0
Thu Jan 10 18:19:03 2019 us=932400   server_bridge_pool_end = 0.0.0.0
Thu Jan 10 18:19:03 2019 us=932400   ifconfig_pool_defined = DISABLED
Thu Jan 10 18:19:03 2019 us=932400   ifconfig_pool_start = 0.0.0.0
Thu Jan 10 18:19:03 2019 us=932400   ifconfig_pool_end = 0.0.0.0
Thu Jan 10 18:19:03 2019 us=932400   ifconfig_pool_netmask = 0.0.0.0
Thu Jan 10 18:19:03 2019 us=932400   ifconfig_pool_persist_filename = '[UNDEF]'
Thu Jan 10 18:19:03 2019 us=932400   ifconfig_pool_persist_refresh_freq = 600
Thu Jan 10 18:19:03 2019 us=932400   ifconfig_ipv6_pool_defined = DISABLED
Thu Jan 10 18:19:03 2019 us=932400   ifconfig_ipv6_pool_base = ::
Thu Jan 10 18:19:03 2019 us=932400   ifconfig_ipv6_pool_netbits = 0
Thu Jan 10 18:19:03 2019 us=932400   n_bcast_buf = 256
Thu Jan 10 18:19:03 2019 us=932400   tcp_queue_limit = 64
Thu Jan 10 18:19:03 2019 us=932400   real_hash_size = 256
Thu Jan 10 18:19:03 2019 us=932400   virtual_hash_size = 256
Thu Jan 10 18:19:03 2019 us=932400   client_connect_script = '[UNDEF]'
Thu Jan 10 18:19:03 2019 us=932400   learn_address_script = '[UNDEF]'
Thu Jan 10 18:19:03 2019 us=932400   client_disconnect_script = '[UNDEF]'
Thu Jan 10 18:19:03 2019 us=932400   client_config_dir = '[UNDEF]'
Thu Jan 10 18:19:03 2019 us=932400   ccd_exclusive = DISABLED
Thu Jan 10 18:19:03 2019 us=932400   tmp_dir = 'C:\Users\Frederik\AppData\Local\Temp\'
Thu Jan 10 18:19:03 2019 us=932400   push_ifconfig_defined = DISABLED
Thu Jan 10 18:19:03 2019 us=932400   push_ifconfig_local = 0.0.0.0
Thu Jan 10 18:19:03 2019 us=932400   push_ifconfig_remote_netmask = 0.0.0.0
Thu Jan 10 18:19:03 2019 us=932400   push_ifconfig_ipv6_defined = DISABLED
Thu Jan 10 18:19:03 2019 us=932400   push_ifconfig_ipv6_local = ::/0
Thu Jan 10 18:19:03 2019 us=932400   push_ifconfig_ipv6_remote = ::
Thu Jan 10 18:19:03 2019 us=932400   enable_c2c = DISABLED
Thu Jan 10 18:19:03 2019 us=932400   duplicate_cn = DISABLED
Thu Jan 10 18:19:03 2019 us=932400   cf_max = 0
Thu Jan 10 18:19:03 2019 us=932400   cf_per = 0
Thu Jan 10 18:19:03 2019 us=932400   max_clients = 1024
Thu Jan 10 18:19:03 2019 us=932400   max_routes_per_client = 256
Thu Jan 10 18:19:03 2019 us=932400   auth_user_pass_verify_script = '[UNDEF]'
Thu Jan 10 18:19:03 2019 us=932400   auth_user_pass_verify_script_via_file = DISABLED
Thu Jan 10 18:19:03 2019 us=932400   auth_token_generate = DISABLED
Thu Jan 10 18:19:03 2019 us=932400   auth_token_lifetime = 0
Thu Jan 10 18:19:03 2019 us=932400   client = ENABLED
Thu Jan 10 18:19:03 2019 us=932400   pull = ENABLED
Thu Jan 10 18:19:03 2019 us=932400   auth_user_pass_file = 'stdin'
Thu Jan 10 18:19:03 2019 us=932400   show_net_up = DISABLED
Thu Jan 10 18:19:03 2019 us=932400   route_method = 0
Thu Jan 10 18:19:03 2019 us=932400   block_outside_dns = DISABLED
Thu Jan 10 18:19:03 2019 us=932400   ip_win32_defined = DISABLED
Thu Jan 10 18:19:03 2019 us=932400   ip_win32_type = 3
Thu Jan 10 18:19:03 2019 us=932400   dhcp_masq_offset = 0
Thu Jan 10 18:19:03 2019 us=932400   dhcp_lease_time = 31536000
Thu Jan 10 18:19:03 2019 us=932400   tap_sleep = 0
Thu Jan 10 18:19:03 2019 us=932400   dhcp_options = DISABLED
Thu Jan 10 18:19:03 2019 us=932400   dhcp_renew = DISABLED
Thu Jan 10 18:19:03 2019 us=932400   dhcp_pre_release = DISABLED
Thu Jan 10 18:19:03 2019 us=932400   domain = '[UNDEF]'
Thu Jan 10 18:19:03 2019 us=932400   netbios_scope = '[UNDEF]'
Thu Jan 10 18:19:03 2019 us=932400   netbios_node_type = 0
Thu Jan 10 18:19:03 2019 us=932400   disable_nbt = DISABLED
Thu Jan 10 18:19:03 2019 us=932400 OpenVPN 2.4.6 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Apr 26 2018
Thu Jan 10 18:19:03 2019 us=932400 Windows version 6.2 (Windows 8 or greater) 64bit
Thu Jan 10 18:19:03 2019 us=932400 library versions: OpenSSL 1.1.0h  27 Mar 2018, LZO 2.10
Enter Management Password:
Thu Jan 10 18:19:03 2019 us=932400 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25344
Thu Jan 10 18:19:03 2019 us=932400 Need hold release from management interface, waiting...
Thu Jan 10 18:19:04 2019 us=432317 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25344
Thu Jan 10 18:19:04 2019 us=541667 MANAGEMENT: CMD 'state on'
Thu Jan 10 18:19:04 2019 us=541667 MANAGEMENT: CMD 'log all on'
Thu Jan 10 18:19:04 2019 us=619769 MANAGEMENT: CMD 'echo all on'
Thu Jan 10 18:19:04 2019 us=619769 MANAGEMENT: CMD 'bytecount 5'
Thu Jan 10 18:19:04 2019 us=619769 MANAGEMENT: CMD 'hold off'
Thu Jan 10 18:19:04 2019 us=619769 MANAGEMENT: CMD 'hold release'
Thu Jan 10 18:19:08 2019 us=134570 MANAGEMENT: CMD 'username "Auth" "casa27"'
Thu Jan 10 18:19:08 2019 us=134570 MANAGEMENT: CMD 'password [...]'
Thu Jan 10 18:19:08 2019 us=134570 Control Channel MTU parms [ L:1657 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Thu Jan 10 18:19:08 2019 us=134570 Data Channel MTU parms [ L:1657 D:1452 EF:125 EB:412 ET:32 EL:3 ]
Thu Jan 10 18:19:08 2019 us=134570 Fragmentation MTU parms [ L:1657 D:1452 EF:125 EB:412 ET:32 EL:3 ]
Thu Jan 10 18:19:08 2019 us=134570 Local Options String (VER=V4): 'V4,dev-type tap,link-mtu 1593,tun-mtu 1532,proto UDPv4,mtu-dynamic,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-client'
Thu Jan 10 18:19:08 2019 us=134570 Expected Remote Options String (VER=V4): 'V4,dev-type tap,link-mtu 1593,tun-mtu 1532,proto UDPv4,mtu-dynamic,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-server'
Thu Jan 10 18:19:08 2019 us=134570 TCP/UDP: Preserving recently used remote address: [AF_INET]<server_public_ip>:<server_public_port>
Thu Jan 10 18:19:08 2019 us=134570 Socket Buffers: R=[65536->65536] S=[65536->65536]
Thu Jan 10 18:19:08 2019 us=134570 UDP link local: (not bound)
Thu Jan 10 18:19:08 2019 us=134570 UDP link remote: [AF_INET]<server_public_ip>:<server_public_port>
Thu Jan 10 18:19:08 2019 us=134570 MANAGEMENT: >STATE:1547140748,WAIT,,,,,,
Thu Jan 10 18:19:08 2019 us=212677 MANAGEMENT: >STATE:1547140748,AUTH,,,,,,
Thu Jan 10 18:19:08 2019 us=212677 TLS: Initial packet from [AF_INET]<server_public_ip>:<server_public_port>, sid=56eb33e0 cccc9e10
Thu Jan 10 18:19:08 2019 us=212677 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Thu Jan 10 18:19:08 2019 us=462617 VERIFY OK: depth=1, C=FR, O=Freebox SA, CN=Freebox OpenVPN server CA for <32 character long string>
Thu Jan 10 18:19:08 2019 us=462617 VERIFY KU OK
Thu Jan 10 18:19:08 2019 us=462617 Validating certificate extended key usage
Thu Jan 10 18:19:08 2019 us=462617 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Thu Jan 10 18:19:08 2019 us=462617 VERIFY EKU OK
Thu Jan 10 18:19:08 2019 us=462617 VERIFY X509NAME OK: C=FR, O=Freebox SA, CN=Freebox OpenVPN server <32 character long string>
Thu Jan 10 18:19:08 2019 us=462617 VERIFY OK: depth=0, C=FR, O=Freebox SA, CN=Freebox OpenVPN server <32 character long string>
Thu Jan 10 18:19:08 2019 us=759430 Control Channel: TLSv1.2, cipher TLSv1.2 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Thu Jan 10 18:19:08 2019 us=759430 [Freebox OpenVPN server <32 character long string>] Peer Connection Initiated with [AF_INET]<server_public_ip>:<server_public_port>
Thu Jan 10 18:19:10 2019 us=22818 MANAGEMENT: >STATE:1547140750,GET_CONFIG,,,,,,
Thu Jan 10 18:19:10 2019 us=22818 SENT CONTROL [Freebox OpenVPN server <32 character long string>]: 'PUSH_REQUEST' (status=1)
Thu Jan 10 18:19:10 2019 us=116560 PUSH: Received control message: 'PUSH_REPLY,ping 30,ping-restart 120'
Thu Jan 10 18:19:10 2019 us=116560 OPTIONS IMPORT: timers and/or timeouts modified
Thu Jan 10 18:19:10 2019 us=116560 Data Channel MTU parms [ L:1593 D:1452 EF:61 EB:412 ET:32 EL:3 ]
Thu Jan 10 18:19:10 2019 us=116560 Outgoing Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
Thu Jan 10 18:19:10 2019 us=116560 Outgoing Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Jan 10 18:19:10 2019 us=116560 Incoming Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
Thu Jan 10 18:19:10 2019 us=116560 Incoming Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Jan 10 18:19:10 2019 us=116560 interactive service msg_channel=0
Thu Jan 10 18:19:10 2019 us=116560 open_tun
Thu Jan 10 18:19:10 2019 us=116560 TAP-WIN32 device [OpenVPN 1] opened: \\.\Global\{88968B2C-B770-4895-B154-E0B666E1500F}.tap
Thu Jan 10 18:19:10 2019 us=116560 TAP-Windows Driver Version 9.21 
Thu Jan 10 18:19:10 2019 us=116560 TAP-Windows MTU=1500
Thu Jan 10 18:19:10 2019 us=116560 Successful ARP Flush on interface [11] {88968B2C-B770-4895-B154-E0B666E1500F}
Thu Jan 10 18:19:15 2019 us=5762 TEST ROUTES: 0/0 succeeded len=0 ret=1 a=0 u/d=up
Thu Jan 10 18:19:15 2019 us=5762 Initialization Sequence Completed
Thu Jan 10 18:19:15 2019 us=5762 MANAGEMENT: >STATE:1547140755,CONNECTED,SUCCESS,,<server_public_ip>,<server_public_port>,,
And the client config is :

client

client
verb 4
remote <server_public_ip> <server_public_port>
proto udp
nobind
dev-type tap

dev tap0
pull-filter ignore "route "
pull-filter ignore "redirect-gateway"
pull-filter ignore "ifconfig"
route-nopull
route-noexec
auth-user-pass
auth-retry interact
fragment 1452
mssfix 1452
explicit-exit-notify 3
cipher AES-256-CBC
remote-cert-tls server
verify-x509-name "C=FR, O=Freebox SA, CN=Freebox OpenVPN server <32 character long string>"
# use tls-remote instead of verify-x509-name for deprecated openssl
# tls-remote "/C=FR/O=Freebox_SA/CN=Freebox_OpenVPN_server_<32 character long string>"
<ca>
-----BEGIN CERTIFICATE-----
<some_certificate>
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
<some_certificate>
-----END CERTIFICATE-----
</cert>
<extra-certs>
-----BEGIN CERTIFICATE-----
<some_certificate>
-----END CERTIFICATE-----
</extra-certs>
<key>
-----BEGIN PRIVATE KEY-----
<private_key>
-----END PRIVATE KEY-----
</key>

pull-filter ignore "route "
pull-filter ignore "redirect-gateway"
pull-filter ignore "ifconfig"
route-nopull
route-noexec

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Default gateway added on OpenVPN client side no matter which option I add

Post by TinCanTech » Thu Jan 10, 2019 9:48 pm

Sorry, I am not going to debug a deliberately broken configuration ..

I advise you go back to the start and make yourself a working setup
Then customise it ..

When you do customise it use only the pull filter, do not use --route-nopull/noexec.

Juspion
OpenVpn Newbie
Posts: 7
Joined: Fri Jan 04, 2019 6:49 pm

Re: Default gateway added on OpenVPN client side no matter which option I add

Post by Juspion » Fri Jan 11, 2019 12:24 am

I do appreciate your taking the time to answer me.

I (think I) followed and started by reading the manual... I already tried the pull filter alone.
I only posted the last example of the dozens of variants I tried (the pull filters and the route-* : together or one by one, at the beginning or at the end of the config file, or both), which (as I explained in my first post) all gave the same result : Tunnel up, everything OK apart from this default gateway.

The default configuration file that the system I want to connect to is giving, is as follows. Tunnel up, the default route I don't want is added.

Default client config

client
remote <server_public_ip> <server_public_port>
proto udp
nobind
dev-type tap

pull
dev tap0
auth-user-pass
auth-retry interact
fragment 1452
mssfix 1452
explicit-exit-notify 3
cipher AES-256-CBC
remote-cert-tls server
verify-x509-name "C=FR, O=Freebox SA, CN=Freebox OpenVPN server <32 character long string>"
# use tls-remote instead of verify-x509-name for deprecated openssl
# tls-remote "/C=FR/O=Freebox_SA/CN=Freebox_OpenVPN_server_<32 character long string>"
<ca>
-----BEGIN CERTIFICATE-----
# certificate
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
# certificate
-----END CERTIFICATE-----
</cert>
<extra-certs>
-----BEGIN CERTIFICATE-----
# certificate
-----END CERTIFICATE-----
</extra-certs>
<key>
-----BEGIN PRIVATE KEY-----
# key
-----END PRIVATE KEY-----
</key>


Maybe this default configuration file is a nonsense and thus not a good starting point at all ? But since it's connecting, I didn't suppose this could be the reason for my gateway issues.

My first try was to use the pull filter, as it seems it is the solution in those cases :

Default client config with redirect-gateway ignored

client
pull-filter ignore "redirect-gateway"
remote <server_public_ip> <server_public_port>
proto udp
nobind
dev-type tap

pull
dev tap0
auth-user-pass
auth-retry interact
fragment 1452
mssfix 1452
explicit-exit-notify 3
cipher AES-256-CBC
remote-cert-tls server
verify-x509-name "C=FR, O=Freebox SA, CN=Freebox OpenVPN server <32 character long string>"
# use tls-remote instead of verify-x509-name for deprecated openssl
# tls-remote "/C=FR/O=Freebox_SA/CN=Freebox_OpenVPN_server_<32 character long string>"
<ca>
-----BEGIN CERTIFICATE-----
# certificate
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
# certificate
-----END CERTIFICATE-----
</cert>
<extra-certs>
-----BEGIN CERTIFICATE-----
# certificate
-----END CERTIFICATE-----
</extra-certs>
<key>
-----BEGIN PRIVATE KEY-----
# key
-----END PRIVATE KEY-----
</key>


The behavior is exactly the same when using both configurations (and all other variants...), and the logs are completely identical excepted :
- the us=xxxxxx values
- the management_port = 'xxxxx' line
- the MANAGEMENT: >STATE:xxxxxxxxxx values
- of course, in this example, the lines "Pull filters:" and " ignore "redirect-gateway"" appear in the second case.

(sorry for stating perhaps obvious things but it seems you have the feeling I am someone who doesn't know what he's doing, whereas I always seek deeply before asking for help - In fact it's only the second time I ask for help in a forum in 9 years of work as an IT specialist, as I normally always find answers myself...)

I apologize if I am being really stupid on this one, but for me, I tried all possibilities the manual gives, and I can't understand why the client program behaves each time in the same way (as far as routing is concerned).

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Default gateway added on OpenVPN client side no matter which option I add

Post by TinCanTech » Fri Jan 11, 2019 12:39 am

TinCanTech wrote:
Fri Jan 04, 2019 7:53 pm
Juspion wrote:
Fri Jan 04, 2019 7:31 pm
I always have a new default route added, going to the OpenVPN server's IP
and you did not even show us your routing table ..

viewtopic.php?f=30&t=22603
and yet again you did not show us your client routing table ..

Juspion wrote:
Fri Jan 11, 2019 12:24 am
(sorry for stating perhaps obvious things but it seems you have the feeling I am someone who doesn't know what he's doing, whereas I always seek deeply before asking for help - In fact it's only the second time I ask for help in a forum in 9 years of work as an IT specialist, as I normally always find answers myself...)
I only feel what I can read on the screen ..

I feel confident that, if you go back to a simple documented setup you will then be able to pick your way through the reeds by using only the pull filter.

Perhaps this will help:
https://github.com/OpenVPN/openvpn/tree ... nfig-files

Edit: (I don't usually edit) I do not really understand exactly what you are trying to achieve ..

Juspion
OpenVpn Newbie
Posts: 7
Joined: Fri Jan 04, 2019 6:49 pm

Re: Default gateway added on OpenVPN client side no matter which option I add

Post by Juspion » Sat Jan 12, 2019 10:00 pm

I should probably have explained everything once more, from the start - I was pretty sure everything was clear, sorry again.

I am using OpenVPN 2.4.6 on Windows 10 to connect to a server I do not administer.
The goal is to have access to ressources located on the same local network as this server, without modifying the current default route/gateway to access Internet (i.e. I want to tunnelize only the communications between the client and the ressources on the remote LAN, not the Internet trafic).

The server generates a default configuration file, like the one below, which functions correctly, but which gives me an additional default route with the server's local IP (192.168.0.254) as gateway.

Default client config file

client
verb 4
remote <server_public_ip> <server_public_port>
proto udp
nobind
dev-type tap

pull
dev tap0
auth-user-pass
auth-retry interact
fragment 1452
mssfix 1452
explicit-exit-notify 3
cipher AES-256-CBC
remote-cert-tls server
verify-x509-name "C=FR, O=Freebox SA, CN=Freebox OpenVPN server <32 character long string>"
# use tls-remote instead of verify-x509-name for deprecated openssl
# tls-remote "/C=FR/O=Freebox_SA/CN=Freebox_OpenVPN_server_<32 character long string>"
<ca>
-----BEGIN CERTIFICATE-----
# certificate
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
# certificate
-----END CERTIFICATE-----
</cert>
<extra-certs>
-----BEGIN CERTIFICATE-----
# certificate
-----END CERTIFICATE-----
</extra-certs>
<key>
-----BEGIN PRIVATE KEY-----
# key
-----END PRIVATE KEY-----
</key>



Routing table before connecting :

Code: Select all

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination    	Netmask          	Gateway       	Interface  			Metric
          0.0.0.0		0.0.0.0     		192.168.43.1   	192.168.43.136     	50
        127.0.0.0     	255.0.0.0         	On-link         127.0.0.1    		331
        127.0.0.1  		255.255.255.255     On-link         127.0.0.1    		331
  127.255.255.255  		255.255.255.255     On-link         127.0.0.1    		331
     192.168.43.0    	255.255.255.0       On-link    		192.168.43.136    	311
   192.168.43.136  		255.255.255.255     On-link    		192.168.43.136    	311
   192.168.43.255  		255.255.255.255     On-link    		192.168.43.136    	311
        224.0.0.0      	240.0.0.0         	On-link         127.0.0.1    		331
        224.0.0.0      	240.0.0.0         	On-link    		192.168.43.136    	311
  255.255.255.255  		255.255.255.255     On-link         127.0.0.1    		331
  255.255.255.255  		255.255.255.255     On-link    		192.168.43.136    	311
===========================================================================
Persistent Routes:
  None
Routing table after connecting with the default config file :

Code: Select all

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0     192.168.43.1   192.168.43.136     55
          0.0.0.0          0.0.0.0    192.168.0.254     192.168.0.18   1998
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
      192.168.0.0    255.255.255.0         On-link      192.168.0.18   1255
     192.168.0.18  255.255.255.255         On-link      192.168.0.18   1255
    192.168.0.255  255.255.255.255         On-link      192.168.0.18   1255
     192.168.43.0    255.255.255.0         On-link    192.168.43.136    311
   192.168.43.136  255.255.255.255         On-link    192.168.43.136    311
   192.168.43.255  255.255.255.255         On-link    192.168.43.136    311
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link    192.168.43.136    311
        224.0.0.0        240.0.0.0         On-link      192.168.0.18   1255
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link    192.168.43.136    311
  255.255.255.255  255.255.255.255         On-link      192.168.0.18   1255
===========================================================================
Persistent Routes:
  None
The log file is as follows :

Code: Select all

Sat Jan 12 18:47:26 2019 us=830994 Current Parameter Settings:
Sat Jan 12 18:47:26 2019 us=831991   config = 'test_orig.ovpn'
Sat Jan 12 18:47:26 2019 us=831991   mode = 0
Sat Jan 12 18:47:26 2019 us=831991   show_ciphers = DISABLED
Sat Jan 12 18:47:26 2019 us=831991   show_digests = DISABLED
Sat Jan 12 18:47:26 2019 us=831991   show_engines = DISABLED
Sat Jan 12 18:47:26 2019 us=831991   genkey = DISABLED
Sat Jan 12 18:47:26 2019 us=831991   key_pass_file = '[UNDEF]'
Sat Jan 12 18:47:26 2019 us=831991   show_tls_ciphers = DISABLED
Sat Jan 12 18:47:26 2019 us=831991   connect_retry_max = 0
Sat Jan 12 18:47:26 2019 us=831991 Connection profiles [0]:
Sat Jan 12 18:47:26 2019 us=831991   proto = udp
Sat Jan 12 18:47:26 2019 us=831991   local = '[UNDEF]'
Sat Jan 12 18:47:26 2019 us=831991   local_port = '[UNDEF]'
Sat Jan 12 18:47:26 2019 us=831991   remote = '<server_public_ip>'
Sat Jan 12 18:47:26 2019 us=831991   remote_port = '<server_public_port>'
Sat Jan 12 18:47:26 2019 us=831991   remote_float = DISABLED
Sat Jan 12 18:47:26 2019 us=831991   bind_defined = DISABLED
Sat Jan 12 18:47:26 2019 us=831991   bind_local = DISABLED
Sat Jan 12 18:47:26 2019 us=831991   bind_ipv6_only = DISABLED
Sat Jan 12 18:47:26 2019 us=831991   connect_retry_seconds = 5
Sat Jan 12 18:47:26 2019 us=831991   connect_timeout = 120
Sat Jan 12 18:47:26 2019 us=831991   socks_proxy_server = '[UNDEF]'
Sat Jan 12 18:47:26 2019 us=831991   socks_proxy_port = '[UNDEF]'
Sat Jan 12 18:47:26 2019 us=831991   tun_mtu = 1500
Sat Jan 12 18:47:26 2019 us=832989   tun_mtu_defined = ENABLED
Sat Jan 12 18:47:26 2019 us=832989   link_mtu = 1500
Sat Jan 12 18:47:26 2019 us=832989   link_mtu_defined = DISABLED
Sat Jan 12 18:47:26 2019 us=832989   tun_mtu_extra = 32
Sat Jan 12 18:47:26 2019 us=832989   tun_mtu_extra_defined = ENABLED
Sat Jan 12 18:47:26 2019 us=832989   mtu_discover_type = -1
Sat Jan 12 18:47:26 2019 us=832989   fragment = 1452
Sat Jan 12 18:47:26 2019 us=832989   mssfix = 1452
Sat Jan 12 18:47:26 2019 us=832989   explicit_exit_notification = 3
Sat Jan 12 18:47:26 2019 us=832989 Connection profiles END
Sat Jan 12 18:47:26 2019 us=832989   remote_random = DISABLED
Sat Jan 12 18:47:26 2019 us=832989   ipchange = '[UNDEF]'
Sat Jan 12 18:47:26 2019 us=832989   dev = 'tap0'
Sat Jan 12 18:47:26 2019 us=832989   dev_type = 'tap'
Sat Jan 12 18:47:26 2019 us=832989   dev_node = '[UNDEF]'
Sat Jan 12 18:47:26 2019 us=832989   lladdr = '[UNDEF]'
Sat Jan 12 18:47:26 2019 us=832989   topology = 1
Sat Jan 12 18:47:26 2019 us=832989   ifconfig_local = '[UNDEF]'
Sat Jan 12 18:47:26 2019 us=832989   ifconfig_remote_netmask = '[UNDEF]'
Sat Jan 12 18:47:26 2019 us=832989   ifconfig_noexec = DISABLED
Sat Jan 12 18:47:26 2019 us=832989   ifconfig_nowarn = DISABLED
Sat Jan 12 18:47:26 2019 us=832989   ifconfig_ipv6_local = '[UNDEF]'
Sat Jan 12 18:47:26 2019 us=832989   ifconfig_ipv6_netbits = 0
Sat Jan 12 18:47:26 2019 us=832989   ifconfig_ipv6_remote = '[UNDEF]'
Sat Jan 12 18:47:26 2019 us=832989   shaper = 0
Sat Jan 12 18:47:26 2019 us=832989   mtu_test = 0
Sat Jan 12 18:47:26 2019 us=832989   mlock = DISABLED
Sat Jan 12 18:47:26 2019 us=832989   keepalive_ping = 0
Sat Jan 12 18:47:26 2019 us=832989   keepalive_timeout = 0
Sat Jan 12 18:47:26 2019 us=832989   inactivity_timeout = 0
Sat Jan 12 18:47:26 2019 us=832989   ping_send_timeout = 0
Sat Jan 12 18:47:26 2019 us=832989   ping_rec_timeout = 0
Sat Jan 12 18:47:26 2019 us=832989   ping_rec_timeout_action = 0
Sat Jan 12 18:47:26 2019 us=832989   ping_timer_remote = DISABLED
Sat Jan 12 18:47:26 2019 us=832989   remap_sigusr1 = 0
Sat Jan 12 18:47:26 2019 us=832989   persist_tun = DISABLED
Sat Jan 12 18:47:26 2019 us=832989   persist_local_ip = DISABLED
Sat Jan 12 18:47:26 2019 us=832989   persist_remote_ip = DISABLED
Sat Jan 12 18:47:26 2019 us=832989   persist_key = DISABLED
Sat Jan 12 18:47:26 2019 us=832989   passtos = DISABLED
Sat Jan 12 18:47:26 2019 us=832989   resolve_retry_seconds = 1000000000
Sat Jan 12 18:47:26 2019 us=832989   resolve_in_advance = DISABLED
Sat Jan 12 18:47:26 2019 us=832989   username = '[UNDEF]'
Sat Jan 12 18:47:26 2019 us=832989   groupname = '[UNDEF]'
Sat Jan 12 18:47:26 2019 us=832989   chroot_dir = '[UNDEF]'
Sat Jan 12 18:47:26 2019 us=832989   cd_dir = '[UNDEF]'
Sat Jan 12 18:47:26 2019 us=832989   writepid = '[UNDEF]'
Sat Jan 12 18:47:26 2019 us=832989   up_script = '[UNDEF]'
Sat Jan 12 18:47:26 2019 us=832989   down_script = '[UNDEF]'
Sat Jan 12 18:47:26 2019 us=832989   down_pre = DISABLED
Sat Jan 12 18:47:26 2019 us=832989   up_restart = DISABLED
Sat Jan 12 18:47:26 2019 us=832989   up_delay = DISABLED
Sat Jan 12 18:47:26 2019 us=832989   daemon = DISABLED
Sat Jan 12 18:47:26 2019 us=832989   inetd = 0
Sat Jan 12 18:47:26 2019 us=832989   log = ENABLED
Sat Jan 12 18:47:26 2019 us=832989   suppress_timestamps = DISABLED
Sat Jan 12 18:47:26 2019 us=832989   machine_readable_output = DISABLED
Sat Jan 12 18:47:26 2019 us=832989   nice = 0
Sat Jan 12 18:47:26 2019 us=832989   verbosity = 4
Sat Jan 12 18:47:26 2019 us=832989   mute = 0
Sat Jan 12 18:47:26 2019 us=832989   gremlin = 0
Sat Jan 12 18:47:26 2019 us=832989   status_file = '[UNDEF]'
Sat Jan 12 18:47:26 2019 us=832989   status_file_version = 1
Sat Jan 12 18:47:26 2019 us=832989   status_file_update_freq = 60
Sat Jan 12 18:47:26 2019 us=832989   occ = ENABLED
Sat Jan 12 18:47:26 2019 us=832989   rcvbuf = 0
Sat Jan 12 18:47:26 2019 us=832989   sndbuf = 0
Sat Jan 12 18:47:26 2019 us=832989   sockflags = 0
Sat Jan 12 18:47:26 2019 us=832989   fast_io = DISABLED
Sat Jan 12 18:47:26 2019 us=832989   comp.alg = 0
Sat Jan 12 18:47:26 2019 us=832989   comp.flags = 0
Sat Jan 12 18:47:26 2019 us=832989   route_script = '[UNDEF]'
Sat Jan 12 18:47:26 2019 us=832989   route_default_gateway = '[UNDEF]'
Sat Jan 12 18:47:26 2019 us=832989   route_default_metric = 0
Sat Jan 12 18:47:26 2019 us=832989   route_noexec = DISABLED
Sat Jan 12 18:47:26 2019 us=832989   route_delay = 5
Sat Jan 12 18:47:26 2019 us=832989   route_delay_window = 30
Sat Jan 12 18:47:26 2019 us=832989   route_delay_defined = ENABLED
Sat Jan 12 18:47:26 2019 us=832989   route_nopull = DISABLED
Sat Jan 12 18:47:26 2019 us=832989   route_gateway_via_dhcp = DISABLED
Sat Jan 12 18:47:26 2019 us=832989   allow_pull_fqdn = DISABLED
Sat Jan 12 18:47:26 2019 us=832989   management_addr = '127.0.0.1'
Sat Jan 12 18:47:26 2019 us=832989   management_port = '25341'
Sat Jan 12 18:47:26 2019 us=832989   management_user_pass = 'stdin'
Sat Jan 12 18:47:26 2019 us=832989   management_log_history_cache = 250
Sat Jan 12 18:47:26 2019 us=832989   management_echo_buffer_size = 100
Sat Jan 12 18:47:26 2019 us=832989   management_write_peer_info_file = '[UNDEF]'
Sat Jan 12 18:47:26 2019 us=832989   management_client_user = '[UNDEF]'
Sat Jan 12 18:47:26 2019 us=832989   management_client_group = '[UNDEF]'
Sat Jan 12 18:47:26 2019 us=832989   management_flags = 6
Sat Jan 12 18:47:26 2019 us=832989   shared_secret_file = '[UNDEF]'
Sat Jan 12 18:47:26 2019 us=832989   key_direction = not set
Sat Jan 12 18:47:26 2019 us=832989   ciphername = 'AES-256-CBC'
Sat Jan 12 18:47:26 2019 us=832989   ncp_enabled = ENABLED
Sat Jan 12 18:47:26 2019 us=832989   ncp_ciphers = 'AES-256-GCM:AES-128-GCM'
Sat Jan 12 18:47:26 2019 us=832989   authname = 'SHA1'
Sat Jan 12 18:47:26 2019 us=832989   prng_hash = 'SHA1'
Sat Jan 12 18:47:26 2019 us=832989   prng_nonce_secret_len = 16
Sat Jan 12 18:47:26 2019 us=832989   keysize = 0
Sat Jan 12 18:47:26 2019 us=832989   engine = DISABLED
Sat Jan 12 18:47:26 2019 us=832989   replay = ENABLED
Sat Jan 12 18:47:26 2019 us=832989   mute_replay_warnings = DISABLED
Sat Jan 12 18:47:26 2019 us=832989   replay_window = 64
Sat Jan 12 18:47:26 2019 us=832989   replay_time = 15
Sat Jan 12 18:47:26 2019 us=832989   packet_id_file = '[UNDEF]'
Sat Jan 12 18:47:26 2019 us=832989   use_iv = ENABLED
Sat Jan 12 18:47:26 2019 us=832989   test_crypto = DISABLED
Sat Jan 12 18:47:26 2019 us=832989   tls_server = DISABLED
Sat Jan 12 18:47:26 2019 us=832989   tls_client = ENABLED
Sat Jan 12 18:47:26 2019 us=832989   key_method = 2
Sat Jan 12 18:47:26 2019 us=832989   ca_file = '[[INLINE]]'
Sat Jan 12 18:47:26 2019 us=832989   ca_path = '[UNDEF]'
Sat Jan 12 18:47:26 2019 us=832989   dh_file = '[UNDEF]'
Sat Jan 12 18:47:26 2019 us=832989   cert_file = '[[INLINE]]'
Sat Jan 12 18:47:26 2019 us=832989   extra_certs_file = '[[INLINE]]'
Sat Jan 12 18:47:26 2019 us=832989   priv_key_file = '[[INLINE]]'
Sat Jan 12 18:47:26 2019 us=832989   pkcs12_file = '[UNDEF]'
Sat Jan 12 18:47:26 2019 us=832989   cryptoapi_cert = '[UNDEF]'
Sat Jan 12 18:47:26 2019 us=832989   cipher_list = '[UNDEF]'
Sat Jan 12 18:47:26 2019 us=832989   tls_cert_profile = '[UNDEF]'
Sat Jan 12 18:47:26 2019 us=832989   tls_verify = '[UNDEF]'
Sat Jan 12 18:47:26 2019 us=832989   tls_export_cert = '[UNDEF]'
Sat Jan 12 18:47:26 2019 us=832989   verify_x509_type = 1
Sat Jan 12 18:47:26 2019 us=832989   verify_x509_name = 'C=FR, O=Freebox SA, CN=Freebox OpenVPN server <32 character long string>'
Sat Jan 12 18:47:26 2019 us=832989   crl_file = '[UNDEF]'
Sat Jan 12 18:47:26 2019 us=832989   ns_cert_type = 0
Sat Jan 12 18:47:26 2019 us=832989   remote_cert_ku[i] = 65535
Sat Jan 12 18:47:26 2019 us=832989   remote_cert_ku[i] = 0
Sat Jan 12 18:47:26 2019 us=832989   remote_cert_ku[i] = 0
Sat Jan 12 18:47:26 2019 us=832989   remote_cert_ku[i] = 0
Sat Jan 12 18:47:26 2019 us=832989   remote_cert_ku[i] = 0
Sat Jan 12 18:47:26 2019 us=832989   remote_cert_ku[i] = 0
Sat Jan 12 18:47:26 2019 us=832989   remote_cert_ku[i] = 0
Sat Jan 12 18:47:26 2019 us=832989   remote_cert_ku[i] = 0
Sat Jan 12 18:47:26 2019 us=832989   remote_cert_ku[i] = 0
Sat Jan 12 18:47:26 2019 us=832989   remote_cert_ku[i] = 0
Sat Jan 12 18:47:26 2019 us=832989   remote_cert_ku[i] = 0
Sat Jan 12 18:47:26 2019 us=832989   remote_cert_ku[i] = 0
Sat Jan 12 18:47:26 2019 us=832989   remote_cert_ku[i] = 0
Sat Jan 12 18:47:26 2019 us=832989   remote_cert_ku[i] = 0
Sat Jan 12 18:47:26 2019 us=832989   remote_cert_ku[i] = 0
Sat Jan 12 18:47:26 2019 us=832989   remote_cert_ku[i] = 0
Sat Jan 12 18:47:26 2019 us=832989   remote_cert_eku = 'TLS Web Server Authentication'
Sat Jan 12 18:47:26 2019 us=832989   ssl_flags = 0
Sat Jan 12 18:47:26 2019 us=832989   tls_timeout = 2
Sat Jan 12 18:47:26 2019 us=832989   renegotiate_bytes = -1
Sat Jan 12 18:47:26 2019 us=832989   renegotiate_packets = 0
Sat Jan 12 18:47:26 2019 us=832989   renegotiate_seconds = 3600
Sat Jan 12 18:47:26 2019 us=832989   handshake_window = 60
Sat Jan 12 18:47:26 2019 us=832989   transition_window = 3600
Sat Jan 12 18:47:26 2019 us=832989   single_session = DISABLED
Sat Jan 12 18:47:26 2019 us=832989   push_peer_info = DISABLED
Sat Jan 12 18:47:26 2019 us=832989   tls_exit = DISABLED
Sat Jan 12 18:47:26 2019 us=832989   tls_auth_file = '[UNDEF]'
Sat Jan 12 18:47:26 2019 us=832989   tls_crypt_file = '[UNDEF]'
Sat Jan 12 18:47:26 2019 us=832989   pkcs11_protected_authentication = DISABLED
Sat Jan 12 18:47:26 2019 us=832989   pkcs11_protected_authentication = DISABLED
Sat Jan 12 18:47:26 2019 us=832989   pkcs11_protected_authentication = DISABLED
Sat Jan 12 18:47:26 2019 us=832989   pkcs11_protected_authentication = DISABLED
Sat Jan 12 18:47:26 2019 us=832989   pkcs11_protected_authentication = DISABLED
Sat Jan 12 18:47:26 2019 us=832989   pkcs11_protected_authentication = DISABLED
Sat Jan 12 18:47:26 2019 us=832989   pkcs11_protected_authentication = DISABLED
Sat Jan 12 18:47:26 2019 us=832989   pkcs11_protected_authentication = DISABLED
Sat Jan 12 18:47:26 2019 us=832989   pkcs11_protected_authentication = DISABLED
Sat Jan 12 18:47:26 2019 us=832989   pkcs11_protected_authentication = DISABLED
Sat Jan 12 18:47:26 2019 us=832989   pkcs11_protected_authentication = DISABLED
Sat Jan 12 18:47:26 2019 us=832989   pkcs11_protected_authentication = DISABLED
Sat Jan 12 18:47:26 2019 us=832989   pkcs11_protected_authentication = DISABLED
Sat Jan 12 18:47:26 2019 us=832989   pkcs11_protected_authentication = DISABLED
Sat Jan 12 18:47:26 2019 us=832989   pkcs11_protected_authentication = DISABLED
Sat Jan 12 18:47:26 2019 us=832989   pkcs11_protected_authentication = DISABLED
Sat Jan 12 18:47:26 2019 us=832989   pkcs11_private_mode = 00000000
Sat Jan 12 18:47:26 2019 us=832989   pkcs11_private_mode = 00000000
Sat Jan 12 18:47:26 2019 us=832989   pkcs11_private_mode = 00000000
Sat Jan 12 18:47:26 2019 us=832989   pkcs11_private_mode = 00000000
Sat Jan 12 18:47:26 2019 us=832989   pkcs11_private_mode = 00000000
Sat Jan 12 18:47:26 2019 us=832989   pkcs11_private_mode = 00000000
Sat Jan 12 18:47:26 2019 us=832989   pkcs11_private_mode = 00000000
Sat Jan 12 18:47:26 2019 us=832989   pkcs11_private_mode = 00000000
Sat Jan 12 18:47:26 2019 us=832989   pkcs11_private_mode = 00000000
Sat Jan 12 18:47:26 2019 us=832989   pkcs11_private_mode = 00000000
Sat Jan 12 18:47:26 2019 us=832989   pkcs11_private_mode = 00000000
Sat Jan 12 18:47:26 2019 us=832989   pkcs11_private_mode = 00000000
Sat Jan 12 18:47:26 2019 us=832989   pkcs11_private_mode = 00000000
Sat Jan 12 18:47:26 2019 us=832989   pkcs11_private_mode = 00000000
Sat Jan 12 18:47:26 2019 us=832989   pkcs11_private_mode = 00000000
Sat Jan 12 18:47:26 2019 us=832989   pkcs11_private_mode = 00000000
Sat Jan 12 18:47:26 2019 us=832989   pkcs11_cert_private = DISABLED
Sat Jan 12 18:47:26 2019 us=832989   pkcs11_cert_private = DISABLED
Sat Jan 12 18:47:26 2019 us=832989   pkcs11_cert_private = DISABLED
Sat Jan 12 18:47:26 2019 us=832989   pkcs11_cert_private = DISABLED
Sat Jan 12 18:47:26 2019 us=832989   pkcs11_cert_private = DISABLED
Sat Jan 12 18:47:26 2019 us=832989   pkcs11_cert_private = DISABLED
Sat Jan 12 18:47:26 2019 us=832989   pkcs11_cert_private = DISABLED
Sat Jan 12 18:47:26 2019 us=832989   pkcs11_cert_private = DISABLED
Sat Jan 12 18:47:26 2019 us=832989   pkcs11_cert_private = DISABLED
Sat Jan 12 18:47:26 2019 us=832989   pkcs11_cert_private = DISABLED
Sat Jan 12 18:47:26 2019 us=832989   pkcs11_cert_private = DISABLED
Sat Jan 12 18:47:26 2019 us=832989   pkcs11_cert_private = DISABLED
Sat Jan 12 18:47:26 2019 us=832989   pkcs11_cert_private = DISABLED
Sat Jan 12 18:47:26 2019 us=832989   pkcs11_cert_private = DISABLED
Sat Jan 12 18:47:26 2019 us=832989   pkcs11_cert_private = DISABLED
Sat Jan 12 18:47:26 2019 us=832989   pkcs11_cert_private = DISABLED
Sat Jan 12 18:47:26 2019 us=832989   pkcs11_pin_cache_period = -1
Sat Jan 12 18:47:26 2019 us=832989   pkcs11_id = '[UNDEF]'
Sat Jan 12 18:47:26 2019 us=832989   pkcs11_id_management = DISABLED
Sat Jan 12 18:47:26 2019 us=832989   server_network = 0.0.0.0
Sat Jan 12 18:47:26 2019 us=832989   server_netmask = 0.0.0.0
Sat Jan 12 18:47:26 2019 us=832989   server_network_ipv6 = ::
Sat Jan 12 18:47:26 2019 us=833986   server_netbits_ipv6 = 0
Sat Jan 12 18:47:26 2019 us=833986   server_bridge_ip = 0.0.0.0
Sat Jan 12 18:47:26 2019 us=833986   server_bridge_netmask = 0.0.0.0
Sat Jan 12 18:47:26 2019 us=833986   server_bridge_pool_start = 0.0.0.0
Sat Jan 12 18:47:26 2019 us=833986   server_bridge_pool_end = 0.0.0.0
Sat Jan 12 18:47:26 2019 us=833986   ifconfig_pool_defined = DISABLED
Sat Jan 12 18:47:26 2019 us=833986   ifconfig_pool_start = 0.0.0.0
Sat Jan 12 18:47:26 2019 us=833986   ifconfig_pool_end = 0.0.0.0
Sat Jan 12 18:47:26 2019 us=833986   ifconfig_pool_netmask = 0.0.0.0
Sat Jan 12 18:47:26 2019 us=833986   ifconfig_pool_persist_filename = '[UNDEF]'
Sat Jan 12 18:47:26 2019 us=833986   ifconfig_pool_persist_refresh_freq = 600
Sat Jan 12 18:47:26 2019 us=833986   ifconfig_ipv6_pool_defined = DISABLED
Sat Jan 12 18:47:26 2019 us=833986   ifconfig_ipv6_pool_base = ::
Sat Jan 12 18:47:26 2019 us=833986   ifconfig_ipv6_pool_netbits = 0
Sat Jan 12 18:47:26 2019 us=833986   n_bcast_buf = 256
Sat Jan 12 18:47:26 2019 us=833986   tcp_queue_limit = 64
Sat Jan 12 18:47:26 2019 us=833986   real_hash_size = 256
Sat Jan 12 18:47:26 2019 us=833986   virtual_hash_size = 256
Sat Jan 12 18:47:26 2019 us=833986   client_connect_script = '[UNDEF]'
Sat Jan 12 18:47:26 2019 us=833986   learn_address_script = '[UNDEF]'
Sat Jan 12 18:47:26 2019 us=833986   client_disconnect_script = '[UNDEF]'
Sat Jan 12 18:47:26 2019 us=833986   client_config_dir = '[UNDEF]'
Sat Jan 12 18:47:26 2019 us=833986   ccd_exclusive = DISABLED
Sat Jan 12 18:47:26 2019 us=833986   tmp_dir = 'C:\Users\Frederik\AppData\Local\Temp\'
Sat Jan 12 18:47:26 2019 us=833986   push_ifconfig_defined = DISABLED
Sat Jan 12 18:47:26 2019 us=833986   push_ifconfig_local = 0.0.0.0
Sat Jan 12 18:47:26 2019 us=833986   push_ifconfig_remote_netmask = 0.0.0.0
Sat Jan 12 18:47:26 2019 us=833986   push_ifconfig_ipv6_defined = DISABLED
Sat Jan 12 18:47:26 2019 us=833986   push_ifconfig_ipv6_local = ::/0
Sat Jan 12 18:47:26 2019 us=833986   push_ifconfig_ipv6_remote = ::
Sat Jan 12 18:47:26 2019 us=833986   enable_c2c = DISABLED
Sat Jan 12 18:47:26 2019 us=833986   duplicate_cn = DISABLED
Sat Jan 12 18:47:26 2019 us=833986   cf_max = 0
Sat Jan 12 18:47:26 2019 us=833986   cf_per = 0
Sat Jan 12 18:47:26 2019 us=833986   max_clients = 1024
Sat Jan 12 18:47:26 2019 us=833986   max_routes_per_client = 256
Sat Jan 12 18:47:26 2019 us=833986   auth_user_pass_verify_script = '[UNDEF]'
Sat Jan 12 18:47:26 2019 us=833986   auth_user_pass_verify_script_via_file = DISABLED
Sat Jan 12 18:47:26 2019 us=833986   auth_token_generate = DISABLED
Sat Jan 12 18:47:26 2019 us=833986   auth_token_lifetime = 0
Sat Jan 12 18:47:26 2019 us=833986   client = ENABLED
Sat Jan 12 18:47:26 2019 us=833986   pull = ENABLED
Sat Jan 12 18:47:26 2019 us=833986   auth_user_pass_file = 'stdin'
Sat Jan 12 18:47:26 2019 us=833986   show_net_up = DISABLED
Sat Jan 12 18:47:26 2019 us=833986   route_method = 0
Sat Jan 12 18:47:26 2019 us=833986   block_outside_dns = DISABLED
Sat Jan 12 18:47:26 2019 us=833986   ip_win32_defined = DISABLED
Sat Jan 12 18:47:26 2019 us=833986   ip_win32_type = 3
Sat Jan 12 18:47:26 2019 us=833986   dhcp_masq_offset = 0
Sat Jan 12 18:47:26 2019 us=833986   dhcp_lease_time = 31536000
Sat Jan 12 18:47:26 2019 us=833986   tap_sleep = 0
Sat Jan 12 18:47:26 2019 us=833986   dhcp_options = DISABLED
Sat Jan 12 18:47:26 2019 us=833986   dhcp_renew = DISABLED
Sat Jan 12 18:47:26 2019 us=833986   dhcp_pre_release = DISABLED
Sat Jan 12 18:47:26 2019 us=833986   domain = '[UNDEF]'
Sat Jan 12 18:47:26 2019 us=833986   netbios_scope = '[UNDEF]'
Sat Jan 12 18:47:26 2019 us=833986   netbios_node_type = 0
Sat Jan 12 18:47:26 2019 us=833986   disable_nbt = DISABLED
Sat Jan 12 18:47:26 2019 us=833986 OpenVPN 2.4.6 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Apr 26 2018
Sat Jan 12 18:47:26 2019 us=833986 Windows version 6.2 (Windows 8 or greater) 64bit
Sat Jan 12 18:47:26 2019 us=833986 library versions: OpenSSL 1.1.0h  27 Mar 2018, LZO 2.10
Enter Management Password:
Sat Jan 12 18:47:26 2019 us=834984 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25341
Sat Jan 12 18:47:26 2019 us=834984 Need hold release from management interface, waiting...
Sat Jan 12 18:47:27 2019 us=333808 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25341
Sat Jan 12 18:47:27 2019 us=435299 MANAGEMENT: CMD 'state on'
Sat Jan 12 18:47:27 2019 us=435299 MANAGEMENT: CMD 'log all on'
Sat Jan 12 18:47:27 2019 us=558939 MANAGEMENT: CMD 'echo all on'
Sat Jan 12 18:47:27 2019 us=558939 MANAGEMENT: CMD 'bytecount 5'
Sat Jan 12 18:47:27 2019 us=561366 MANAGEMENT: CMD 'hold off'
Sat Jan 12 18:47:27 2019 us=562365 MANAGEMENT: CMD 'hold release'
Sat Jan 12 18:47:30 2019 us=3105 MANAGEMENT: CMD 'username "Auth" "<login>"'
Sat Jan 12 18:47:30 2019 us=9528 MANAGEMENT: CMD 'password [...]'
Sat Jan 12 18:47:30 2019 us=11523 Control Channel MTU parms [ L:1657 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Sat Jan 12 18:47:30 2019 us=11523 Data Channel MTU parms [ L:1657 D:1452 EF:125 EB:412 ET:32 EL:3 ]
Sat Jan 12 18:47:30 2019 us=11523 Fragmentation MTU parms [ L:1657 D:1452 EF:125 EB:412 ET:32 EL:3 ]
Sat Jan 12 18:47:30 2019 us=11523 Local Options String (VER=V4): 'V4,dev-type tap,link-mtu 1593,tun-mtu 1532,proto UDPv4,mtu-dynamic,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-client'
Sat Jan 12 18:47:30 2019 us=11523 Expected Remote Options String (VER=V4): 'V4,dev-type tap,link-mtu 1593,tun-mtu 1532,proto UDPv4,mtu-dynamic,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-server'
Sat Jan 12 18:47:30 2019 us=11523 TCP/UDP: Preserving recently used remote address: [AF_INET]<server_public_ip>:<server_public_port>
Sat Jan 12 18:47:30 2019 us=11523 Socket Buffers: R=[65536->65536] S=[65536->65536]
Sat Jan 12 18:47:30 2019 us=11523 UDP link local: (not bound)
Sat Jan 12 18:47:30 2019 us=11523 UDP link remote: [AF_INET]<server_public_ip>:<server_public_port>
Sat Jan 12 18:47:30 2019 us=11523 MANAGEMENT: >STATE:1547315250,WAIT,,,,,,
Sat Jan 12 18:47:30 2019 us=122026 MANAGEMENT: >STATE:1547315250,AUTH,,,,,,
Sat Jan 12 18:47:30 2019 us=122026 TLS: Initial packet from [AF_INET]<server_public_ip>:<server_public_port>, sid=ed734c85 da5337d7
Sat Jan 12 18:47:30 2019 us=122838 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sat Jan 12 18:47:30 2019 us=398826 VERIFY OK: depth=1, C=FR, O=Freebox SA, CN=Freebox OpenVPN server CA for <32 character long string>
Sat Jan 12 18:47:30 2019 us=398826 VERIFY KU OK
Sat Jan 12 18:47:30 2019 us=398826 Validating certificate extended key usage
Sat Jan 12 18:47:30 2019 us=399817 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Sat Jan 12 18:47:30 2019 us=399817 VERIFY EKU OK
Sat Jan 12 18:47:30 2019 us=399817 VERIFY X509NAME OK: C=FR, O=Freebox SA, CN=Freebox OpenVPN server <32 character long string>
Sat Jan 12 18:47:30 2019 us=399817 VERIFY OK: depth=0, C=FR, O=Freebox SA, CN=Freebox OpenVPN server <32 character long string>
Sat Jan 12 18:47:30 2019 us=836154 Control Channel: TLSv1.2, cipher TLSv1.2 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Sat Jan 12 18:47:30 2019 us=836154 [Freebox OpenVPN server <32 character long string>] Peer Connection Initiated with [AF_INET]<server_public_ip>:<server_public_port>
Sat Jan 12 18:47:32 2019 us=8229 MANAGEMENT: >STATE:1547315252,GET_CONFIG,,,,,,
Sat Jan 12 18:47:32 2019 us=8367 SENT CONTROL [Freebox OpenVPN server <32 character long string>]: 'PUSH_REQUEST' (status=1)
Sat Jan 12 18:47:32 2019 us=236712 PUSH: Received control message: 'PUSH_REPLY,ping 30,ping-restart 120'
Sat Jan 12 18:47:32 2019 us=236712 OPTIONS IMPORT: timers and/or timeouts modified
Sat Jan 12 18:47:32 2019 us=236712 Data Channel MTU parms [ L:1593 D:1452 EF:61 EB:412 ET:32 EL:3 ]
Sat Jan 12 18:47:32 2019 us=236712 Outgoing Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
Sat Jan 12 18:47:32 2019 us=236712 Outgoing Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Jan 12 18:47:32 2019 us=236712 Incoming Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
Sat Jan 12 18:47:32 2019 us=237755 Incoming Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Jan 12 18:47:32 2019 us=237755 interactive service msg_channel=0
Sat Jan 12 18:47:32 2019 us=237755 open_tun
Sat Jan 12 18:47:32 2019 us=240767 TAP-WIN32 device [OpenVPN 1] opened: \\.\Global\{88968B2C-B770-4895-B154-E0B666E1500F}.tap
Sat Jan 12 18:47:32 2019 us=241747 TAP-Windows Driver Version 9.21 
Sat Jan 12 18:47:32 2019 us=241747 TAP-Windows MTU=1500
Sat Jan 12 18:47:32 2019 us=241747 Successful ARP Flush on interface [11] {88968B2C-B770-4895-B154-E0B666E1500F}
Sat Jan 12 18:47:37 2019 us=123076 TEST ROUTES: 0/0 succeeded len=0 ret=1 a=0 u/d=up
Sat Jan 12 18:47:37 2019 us=124071 Initialization Sequence Completed
Sat Jan 12 18:47:37 2019 us=124071 MANAGEMENT: >STATE:1547315257,CONNECTED,SUCCESS,,<server_public_ip>,<server_public_port>,,
Everything functions, but as I said I don't want the Internet trafic to be redirected over the VPN.
I read the manual https://community.openvpn.net/openvpn/w ... ectGateway and understood that the pull-filter could be used to prevent the server from pushing this new route (Dest : 0.0.0.0, Mask : 0.0.0.0, Gateway : 192.168.0.254, Interface : 192.168.0.18) I don't want.
So I changed the configuration file and added " pull-filter ignore "redirect-gateway" " :

Default client config with redirect-gateway ignored

client
verb 4
pull-filter ignore "redirect-gateway"
remote <server_public_ip> <server_public_port>
proto udp
nobind
dev-type tap

pull
dev tap0
auth-user-pass
auth-retry interact
fragment 1452
mssfix 1452
explicit-exit-notify 3
cipher AES-256-CBC
remote-cert-tls server
verify-x509-name "C=FR, O=Freebox SA, CN=Freebox OpenVPN server <32 character long string>"
# use tls-remote instead of verify-x509-name for deprecated openssl
# tls-remote "/C=FR/O=Freebox_SA/CN=Freebox_OpenVPN_server_<32 character long string>"
<ca>
-----BEGIN CERTIFICATE-----
# certificate
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
# certificate
-----END CERTIFICATE-----
</cert>
<extra-certs>
-----BEGIN CERTIFICATE-----
# certificate
-----END CERTIFICATE-----
</extra-certs>
<key>
-----BEGIN PRIVATE KEY-----
# key
-----END PRIVATE KEY-----
</key>



And this pull-filter option does nothing : After connecting with this modified profile I have the exact same behavior. Access to all ressources is OK, but Internet traffic is still redirected. Same log file as without the "pull filter" option (excepted that we see that the option is read from the config file), and same routing table as well.

Log file :

Code: Select all

Sat Jan 12 19:05:46 2019 us=121620 Current Parameter Settings:
Sat Jan 12 19:05:46 2019 us=122618   config = 'test_pull_filter.ovpn'
Sat Jan 12 19:05:46 2019 us=122618   mode = 0
Sat Jan 12 19:05:46 2019 us=122618   show_ciphers = DISABLED
Sat Jan 12 19:05:46 2019 us=122618   show_digests = DISABLED
Sat Jan 12 19:05:46 2019 us=122618   show_engines = DISABLED
Sat Jan 12 19:05:46 2019 us=122618   genkey = DISABLED
Sat Jan 12 19:05:46 2019 us=122618   key_pass_file = '[UNDEF]'
Sat Jan 12 19:05:46 2019 us=122618   show_tls_ciphers = DISABLED
Sat Jan 12 19:05:46 2019 us=122618   connect_retry_max = 0
Sat Jan 12 19:05:46 2019 us=122618 Connection profiles [0]:
Sat Jan 12 19:05:46 2019 us=122618   proto = udp
Sat Jan 12 19:05:46 2019 us=122618   local = '[UNDEF]'
Sat Jan 12 19:05:46 2019 us=122618   local_port = '[UNDEF]'
Sat Jan 12 19:05:46 2019 us=122618   remote = '<server_public_ip>'
Sat Jan 12 19:05:46 2019 us=122618   remote_port = '<server_public_port>'
Sat Jan 12 19:05:46 2019 us=122618   remote_float = DISABLED
Sat Jan 12 19:05:46 2019 us=122618   bind_defined = DISABLED
Sat Jan 12 19:05:46 2019 us=122618   bind_local = DISABLED
Sat Jan 12 19:05:46 2019 us=122618   bind_ipv6_only = DISABLED
Sat Jan 12 19:05:46 2019 us=122618   connect_retry_seconds = 5
Sat Jan 12 19:05:46 2019 us=122618   connect_timeout = 120
Sat Jan 12 19:05:46 2019 us=122618   socks_proxy_server = '[UNDEF]'
Sat Jan 12 19:05:46 2019 us=122618   socks_proxy_port = '[UNDEF]'
Sat Jan 12 19:05:46 2019 us=122618   tun_mtu = 1500
Sat Jan 12 19:05:46 2019 us=122618   tun_mtu_defined = ENABLED
Sat Jan 12 19:05:46 2019 us=122618   link_mtu = 1500
Sat Jan 12 19:05:46 2019 us=122618   link_mtu_defined = DISABLED
Sat Jan 12 19:05:46 2019 us=122618   tun_mtu_extra = 32
Sat Jan 12 19:05:46 2019 us=122618   tun_mtu_extra_defined = ENABLED
Sat Jan 12 19:05:46 2019 us=122618   mtu_discover_type = -1
Sat Jan 12 19:05:46 2019 us=122618   fragment = 1452
Sat Jan 12 19:05:46 2019 us=122618   mssfix = 1452
Sat Jan 12 19:05:46 2019 us=122618   explicit_exit_notification = 3
Sat Jan 12 19:05:46 2019 us=122618 Connection profiles END
Sat Jan 12 19:05:46 2019 us=122618   remote_random = DISABLED
Sat Jan 12 19:05:46 2019 us=122618   ipchange = '[UNDEF]'
Sat Jan 12 19:05:46 2019 us=122618   dev = 'tap0'
Sat Jan 12 19:05:46 2019 us=122618   dev_type = 'tap'
Sat Jan 12 19:05:46 2019 us=122618   dev_node = '[UNDEF]'
Sat Jan 12 19:05:46 2019 us=122618   lladdr = '[UNDEF]'
Sat Jan 12 19:05:46 2019 us=122618   topology = 1
Sat Jan 12 19:05:46 2019 us=122618   ifconfig_local = '[UNDEF]'
Sat Jan 12 19:05:46 2019 us=122618   ifconfig_remote_netmask = '[UNDEF]'
Sat Jan 12 19:05:46 2019 us=122618   ifconfig_noexec = DISABLED
Sat Jan 12 19:05:46 2019 us=122618   ifconfig_nowarn = DISABLED
Sat Jan 12 19:05:46 2019 us=122618   ifconfig_ipv6_local = '[UNDEF]'
Sat Jan 12 19:05:46 2019 us=122618   ifconfig_ipv6_netbits = 0
Sat Jan 12 19:05:46 2019 us=122618   ifconfig_ipv6_remote = '[UNDEF]'
Sat Jan 12 19:05:46 2019 us=122618   shaper = 0
Sat Jan 12 19:05:46 2019 us=122618   mtu_test = 0
Sat Jan 12 19:05:46 2019 us=122618   mlock = DISABLED
Sat Jan 12 19:05:46 2019 us=122618   keepalive_ping = 0
Sat Jan 12 19:05:46 2019 us=122618   keepalive_timeout = 0
Sat Jan 12 19:05:46 2019 us=122618   inactivity_timeout = 0
Sat Jan 12 19:05:46 2019 us=122618   ping_send_timeout = 0
Sat Jan 12 19:05:46 2019 us=122618   ping_rec_timeout = 0
Sat Jan 12 19:05:46 2019 us=122618   ping_rec_timeout_action = 0
Sat Jan 12 19:05:46 2019 us=122618   ping_timer_remote = DISABLED
Sat Jan 12 19:05:46 2019 us=122618   remap_sigusr1 = 0
Sat Jan 12 19:05:46 2019 us=122618   persist_tun = DISABLED
Sat Jan 12 19:05:46 2019 us=122618   persist_local_ip = DISABLED
Sat Jan 12 19:05:46 2019 us=122618   persist_remote_ip = DISABLED
Sat Jan 12 19:05:46 2019 us=122618   persist_key = DISABLED
Sat Jan 12 19:05:46 2019 us=122618   passtos = DISABLED
Sat Jan 12 19:05:46 2019 us=122618   resolve_retry_seconds = 1000000000
Sat Jan 12 19:05:46 2019 us=122618   resolve_in_advance = DISABLED
Sat Jan 12 19:05:46 2019 us=122618   username = '[UNDEF]'
Sat Jan 12 19:05:46 2019 us=122618   groupname = '[UNDEF]'
Sat Jan 12 19:05:46 2019 us=122618   chroot_dir = '[UNDEF]'
Sat Jan 12 19:05:46 2019 us=122618   cd_dir = '[UNDEF]'
Sat Jan 12 19:05:46 2019 us=122618   writepid = '[UNDEF]'
Sat Jan 12 19:05:46 2019 us=122618   up_script = '[UNDEF]'
Sat Jan 12 19:05:46 2019 us=122618   down_script = '[UNDEF]'
Sat Jan 12 19:05:46 2019 us=122618   down_pre = DISABLED
Sat Jan 12 19:05:46 2019 us=122618   up_restart = DISABLED
Sat Jan 12 19:05:46 2019 us=122618   up_delay = DISABLED
Sat Jan 12 19:05:46 2019 us=122618   daemon = DISABLED
Sat Jan 12 19:05:46 2019 us=122618   inetd = 0
Sat Jan 12 19:05:46 2019 us=122618   log = ENABLED
Sat Jan 12 19:05:46 2019 us=122618   suppress_timestamps = DISABLED
Sat Jan 12 19:05:46 2019 us=122618   machine_readable_output = DISABLED
Sat Jan 12 19:05:46 2019 us=122618   nice = 0
Sat Jan 12 19:05:46 2019 us=122618   verbosity = 4
Sat Jan 12 19:05:46 2019 us=122618   mute = 0
Sat Jan 12 19:05:46 2019 us=122618   gremlin = 0
Sat Jan 12 19:05:46 2019 us=122618   status_file = '[UNDEF]'
Sat Jan 12 19:05:46 2019 us=122618   status_file_version = 1
Sat Jan 12 19:05:46 2019 us=122618   status_file_update_freq = 60
Sat Jan 12 19:05:46 2019 us=122618   occ = ENABLED
Sat Jan 12 19:05:46 2019 us=122618   rcvbuf = 0
Sat Jan 12 19:05:46 2019 us=122618   sndbuf = 0
Sat Jan 12 19:05:46 2019 us=122618   sockflags = 0
Sat Jan 12 19:05:46 2019 us=122618   fast_io = DISABLED
Sat Jan 12 19:05:46 2019 us=122618   comp.alg = 0
Sat Jan 12 19:05:46 2019 us=122618   comp.flags = 0
Sat Jan 12 19:05:46 2019 us=122618   route_script = '[UNDEF]'
Sat Jan 12 19:05:46 2019 us=122618   route_default_gateway = '[UNDEF]'
Sat Jan 12 19:05:46 2019 us=122618   route_default_metric = 0
Sat Jan 12 19:05:46 2019 us=122618   route_noexec = DISABLED
Sat Jan 12 19:05:46 2019 us=122618   route_delay = 5
Sat Jan 12 19:05:46 2019 us=122618   route_delay_window = 30
Sat Jan 12 19:05:46 2019 us=122618   route_delay_defined = ENABLED
Sat Jan 12 19:05:46 2019 us=122618   route_nopull = DISABLED
Sat Jan 12 19:05:46 2019 us=122618   route_gateway_via_dhcp = DISABLED
Sat Jan 12 19:05:46 2019 us=122618   allow_pull_fqdn = DISABLED
Sat Jan 12 19:05:46 2019 us=122618   Pull filters:
Sat Jan 12 19:05:46 2019 us=122618     ignore "redirect-gateway"
Sat Jan 12 19:05:46 2019 us=122618   management_addr = '127.0.0.1'
Sat Jan 12 19:05:46 2019 us=122618   management_port = '25342'
Sat Jan 12 19:05:46 2019 us=122618   management_user_pass = 'stdin'
Sat Jan 12 19:05:46 2019 us=122618   management_log_history_cache = 250
Sat Jan 12 19:05:46 2019 us=122618   management_echo_buffer_size = 100
Sat Jan 12 19:05:46 2019 us=122618   management_write_peer_info_file = '[UNDEF]'
Sat Jan 12 19:05:46 2019 us=122618   management_client_user = '[UNDEF]'
Sat Jan 12 19:05:46 2019 us=122618   management_client_group = '[UNDEF]'
Sat Jan 12 19:05:46 2019 us=122618   management_flags = 6
Sat Jan 12 19:05:46 2019 us=122618   shared_secret_file = '[UNDEF]'
Sat Jan 12 19:05:46 2019 us=122618   key_direction = not set
Sat Jan 12 19:05:46 2019 us=122618   ciphername = 'AES-256-CBC'
Sat Jan 12 19:05:46 2019 us=122618   ncp_enabled = ENABLED
Sat Jan 12 19:05:46 2019 us=122618   ncp_ciphers = 'AES-256-GCM:AES-128-GCM'
Sat Jan 12 19:05:46 2019 us=122618   authname = 'SHA1'
Sat Jan 12 19:05:46 2019 us=122618   prng_hash = 'SHA1'
Sat Jan 12 19:05:46 2019 us=122618   prng_nonce_secret_len = 16
Sat Jan 12 19:05:46 2019 us=122618   keysize = 0
Sat Jan 12 19:05:46 2019 us=122618   engine = DISABLED
Sat Jan 12 19:05:46 2019 us=122618   replay = ENABLED
Sat Jan 12 19:05:46 2019 us=122618   mute_replay_warnings = DISABLED
Sat Jan 12 19:05:46 2019 us=122618   replay_window = 64
Sat Jan 12 19:05:46 2019 us=122618   replay_time = 15
Sat Jan 12 19:05:46 2019 us=122618   packet_id_file = '[UNDEF]'
Sat Jan 12 19:05:46 2019 us=122618   use_iv = ENABLED
Sat Jan 12 19:05:46 2019 us=122618   test_crypto = DISABLED
Sat Jan 12 19:05:46 2019 us=122618   tls_server = DISABLED
Sat Jan 12 19:05:46 2019 us=122618   tls_client = ENABLED
Sat Jan 12 19:05:46 2019 us=122618   key_method = 2
Sat Jan 12 19:05:46 2019 us=122618   ca_file = '[[INLINE]]'
Sat Jan 12 19:05:46 2019 us=122618   ca_path = '[UNDEF]'
Sat Jan 12 19:05:46 2019 us=122618   dh_file = '[UNDEF]'
Sat Jan 12 19:05:46 2019 us=122618   cert_file = '[[INLINE]]'
Sat Jan 12 19:05:46 2019 us=122618   extra_certs_file = '[[INLINE]]'
Sat Jan 12 19:05:46 2019 us=122618   priv_key_file = '[[INLINE]]'
Sat Jan 12 19:05:46 2019 us=123617   pkcs12_file = '[UNDEF]'
Sat Jan 12 19:05:46 2019 us=123617   cryptoapi_cert = '[UNDEF]'
Sat Jan 12 19:05:46 2019 us=123617   cipher_list = '[UNDEF]'
Sat Jan 12 19:05:46 2019 us=123617   tls_cert_profile = '[UNDEF]'
Sat Jan 12 19:05:46 2019 us=123617   tls_verify = '[UNDEF]'
Sat Jan 12 19:05:46 2019 us=123617   tls_export_cert = '[UNDEF]'
Sat Jan 12 19:05:46 2019 us=123617   verify_x509_type = 1
Sat Jan 12 19:05:46 2019 us=123617   verify_x509_name = 'C=FR, O=Freebox SA, CN=Freebox OpenVPN server <32 character long string>'
Sat Jan 12 19:05:46 2019 us=123617   crl_file = '[UNDEF]'
Sat Jan 12 19:05:46 2019 us=123617   ns_cert_type = 0
Sat Jan 12 19:05:46 2019 us=123617   remote_cert_ku[i] = 65535
Sat Jan 12 19:05:46 2019 us=123617   remote_cert_ku[i] = 0
Sat Jan 12 19:05:46 2019 us=123617   remote_cert_ku[i] = 0
Sat Jan 12 19:05:46 2019 us=123617   remote_cert_ku[i] = 0
Sat Jan 12 19:05:46 2019 us=123617   remote_cert_ku[i] = 0
Sat Jan 12 19:05:46 2019 us=123617   remote_cert_ku[i] = 0
Sat Jan 12 19:05:46 2019 us=123617   remote_cert_ku[i] = 0
Sat Jan 12 19:05:46 2019 us=123617   remote_cert_ku[i] = 0
Sat Jan 12 19:05:46 2019 us=123617   remote_cert_ku[i] = 0
Sat Jan 12 19:05:46 2019 us=123617   remote_cert_ku[i] = 0
Sat Jan 12 19:05:46 2019 us=123617   remote_cert_ku[i] = 0
Sat Jan 12 19:05:46 2019 us=123617   remote_cert_ku[i] = 0
Sat Jan 12 19:05:46 2019 us=123617   remote_cert_ku[i] = 0
Sat Jan 12 19:05:46 2019 us=123617   remote_cert_ku[i] = 0
Sat Jan 12 19:05:46 2019 us=123617   remote_cert_ku[i] = 0
Sat Jan 12 19:05:46 2019 us=123617   remote_cert_ku[i] = 0
Sat Jan 12 19:05:46 2019 us=123617   remote_cert_eku = 'TLS Web Server Authentication'
Sat Jan 12 19:05:46 2019 us=123617   ssl_flags = 0
Sat Jan 12 19:05:46 2019 us=123617   tls_timeout = 2
Sat Jan 12 19:05:46 2019 us=123617   renegotiate_bytes = -1
Sat Jan 12 19:05:46 2019 us=123617   renegotiate_packets = 0
Sat Jan 12 19:05:46 2019 us=123617   renegotiate_seconds = 3600
Sat Jan 12 19:05:46 2019 us=123617   handshake_window = 60
Sat Jan 12 19:05:46 2019 us=123617   transition_window = 3600
Sat Jan 12 19:05:46 2019 us=123617   single_session = DISABLED
Sat Jan 12 19:05:46 2019 us=123617   push_peer_info = DISABLED
Sat Jan 12 19:05:46 2019 us=123617   tls_exit = DISABLED
Sat Jan 12 19:05:46 2019 us=123617   tls_auth_file = '[UNDEF]'
Sat Jan 12 19:05:46 2019 us=123617   tls_crypt_file = '[UNDEF]'
Sat Jan 12 19:05:46 2019 us=123617   pkcs11_protected_authentication = DISABLED
Sat Jan 12 19:05:46 2019 us=123617   pkcs11_protected_authentication = DISABLED
Sat Jan 12 19:05:46 2019 us=123617   pkcs11_protected_authentication = DISABLED
Sat Jan 12 19:05:46 2019 us=123617   pkcs11_protected_authentication = DISABLED
Sat Jan 12 19:05:46 2019 us=123617   pkcs11_protected_authentication = DISABLED
Sat Jan 12 19:05:46 2019 us=123617   pkcs11_protected_authentication = DISABLED
Sat Jan 12 19:05:46 2019 us=123617   pkcs11_protected_authentication = DISABLED
Sat Jan 12 19:05:46 2019 us=123617   pkcs11_protected_authentication = DISABLED
Sat Jan 12 19:05:46 2019 us=123617   pkcs11_protected_authentication = DISABLED
Sat Jan 12 19:05:46 2019 us=123617   pkcs11_protected_authentication = DISABLED
Sat Jan 12 19:05:46 2019 us=123617   pkcs11_protected_authentication = DISABLED
Sat Jan 12 19:05:46 2019 us=123617   pkcs11_protected_authentication = DISABLED
Sat Jan 12 19:05:46 2019 us=123617   pkcs11_protected_authentication = DISABLED
Sat Jan 12 19:05:46 2019 us=123617   pkcs11_protected_authentication = DISABLED
Sat Jan 12 19:05:46 2019 us=123617   pkcs11_protected_authentication = DISABLED
Sat Jan 12 19:05:46 2019 us=123617   pkcs11_protected_authentication = DISABLED
Sat Jan 12 19:05:46 2019 us=123617   pkcs11_private_mode = 00000000
Sat Jan 12 19:05:46 2019 us=123617   pkcs11_private_mode = 00000000
Sat Jan 12 19:05:46 2019 us=123617   pkcs11_private_mode = 00000000
Sat Jan 12 19:05:46 2019 us=123617   pkcs11_private_mode = 00000000
Sat Jan 12 19:05:46 2019 us=123617   pkcs11_private_mode = 00000000
Sat Jan 12 19:05:46 2019 us=123617   pkcs11_private_mode = 00000000
Sat Jan 12 19:05:46 2019 us=123617   pkcs11_private_mode = 00000000
Sat Jan 12 19:05:46 2019 us=123617   pkcs11_private_mode = 00000000
Sat Jan 12 19:05:46 2019 us=123617   pkcs11_private_mode = 00000000
Sat Jan 12 19:05:46 2019 us=123617   pkcs11_private_mode = 00000000
Sat Jan 12 19:05:46 2019 us=123617   pkcs11_private_mode = 00000000
Sat Jan 12 19:05:46 2019 us=123617   pkcs11_private_mode = 00000000
Sat Jan 12 19:05:46 2019 us=123617   pkcs11_private_mode = 00000000
Sat Jan 12 19:05:46 2019 us=123617   pkcs11_private_mode = 00000000
Sat Jan 12 19:05:46 2019 us=123617   pkcs11_private_mode = 00000000
Sat Jan 12 19:05:46 2019 us=123617   pkcs11_private_mode = 00000000
Sat Jan 12 19:05:46 2019 us=123617   pkcs11_cert_private = DISABLED
Sat Jan 12 19:05:46 2019 us=123617   pkcs11_cert_private = DISABLED
Sat Jan 12 19:05:46 2019 us=123617   pkcs11_cert_private = DISABLED
Sat Jan 12 19:05:46 2019 us=123617   pkcs11_cert_private = DISABLED
Sat Jan 12 19:05:46 2019 us=123617   pkcs11_cert_private = DISABLED
Sat Jan 12 19:05:46 2019 us=123617   pkcs11_cert_private = DISABLED
Sat Jan 12 19:05:46 2019 us=123617   pkcs11_cert_private = DISABLED
Sat Jan 12 19:05:46 2019 us=123617   pkcs11_cert_private = DISABLED
Sat Jan 12 19:05:46 2019 us=123617   pkcs11_cert_private = DISABLED
Sat Jan 12 19:05:46 2019 us=123617   pkcs11_cert_private = DISABLED
Sat Jan 12 19:05:46 2019 us=123617   pkcs11_cert_private = DISABLED
Sat Jan 12 19:05:46 2019 us=123617   pkcs11_cert_private = DISABLED
Sat Jan 12 19:05:46 2019 us=123617   pkcs11_cert_private = DISABLED
Sat Jan 12 19:05:46 2019 us=123617   pkcs11_cert_private = DISABLED
Sat Jan 12 19:05:46 2019 us=123617   pkcs11_cert_private = DISABLED
Sat Jan 12 19:05:46 2019 us=123617   pkcs11_cert_private = DISABLED
Sat Jan 12 19:05:46 2019 us=123617   pkcs11_pin_cache_period = -1
Sat Jan 12 19:05:46 2019 us=123617   pkcs11_id = '[UNDEF]'
Sat Jan 12 19:05:46 2019 us=123617   pkcs11_id_management = DISABLED
Sat Jan 12 19:05:46 2019 us=123617   server_network = 0.0.0.0
Sat Jan 12 19:05:46 2019 us=123617   server_netmask = 0.0.0.0
Sat Jan 12 19:05:46 2019 us=123617   server_network_ipv6 = ::
Sat Jan 12 19:05:46 2019 us=123617   server_netbits_ipv6 = 0
Sat Jan 12 19:05:46 2019 us=123617   server_bridge_ip = 0.0.0.0
Sat Jan 12 19:05:46 2019 us=123617   server_bridge_netmask = 0.0.0.0
Sat Jan 12 19:05:46 2019 us=123617   server_bridge_pool_start = 0.0.0.0
Sat Jan 12 19:05:46 2019 us=123617   server_bridge_pool_end = 0.0.0.0
Sat Jan 12 19:05:46 2019 us=123617   ifconfig_pool_defined = DISABLED
Sat Jan 12 19:05:46 2019 us=123617   ifconfig_pool_start = 0.0.0.0
Sat Jan 12 19:05:46 2019 us=123617   ifconfig_pool_end = 0.0.0.0
Sat Jan 12 19:05:46 2019 us=123617   ifconfig_pool_netmask = 0.0.0.0
Sat Jan 12 19:05:46 2019 us=123617   ifconfig_pool_persist_filename = '[UNDEF]'
Sat Jan 12 19:05:46 2019 us=123617   ifconfig_pool_persist_refresh_freq = 600
Sat Jan 12 19:05:46 2019 us=123617   ifconfig_ipv6_pool_defined = DISABLED
Sat Jan 12 19:05:46 2019 us=123617   ifconfig_ipv6_pool_base = ::
Sat Jan 12 19:05:46 2019 us=123617   ifconfig_ipv6_pool_netbits = 0
Sat Jan 12 19:05:46 2019 us=123617   n_bcast_buf = 256
Sat Jan 12 19:05:46 2019 us=123617   tcp_queue_limit = 64
Sat Jan 12 19:05:46 2019 us=123617   real_hash_size = 256
Sat Jan 12 19:05:46 2019 us=123617   virtual_hash_size = 256
Sat Jan 12 19:05:46 2019 us=123617   client_connect_script = '[UNDEF]'
Sat Jan 12 19:05:46 2019 us=123617   learn_address_script = '[UNDEF]'
Sat Jan 12 19:05:46 2019 us=123617   client_disconnect_script = '[UNDEF]'
Sat Jan 12 19:05:46 2019 us=123617   client_config_dir = '[UNDEF]'
Sat Jan 12 19:05:46 2019 us=123617   ccd_exclusive = DISABLED
Sat Jan 12 19:05:46 2019 us=123617   tmp_dir = 'C:\Users\Frederik\AppData\Local\Temp\'
Sat Jan 12 19:05:46 2019 us=123617   push_ifconfig_defined = DISABLED
Sat Jan 12 19:05:46 2019 us=123617   push_ifconfig_local = 0.0.0.0
Sat Jan 12 19:05:46 2019 us=123617   push_ifconfig_remote_netmask = 0.0.0.0
Sat Jan 12 19:05:46 2019 us=123617   push_ifconfig_ipv6_defined = DISABLED
Sat Jan 12 19:05:46 2019 us=123617   push_ifconfig_ipv6_local = ::/0
Sat Jan 12 19:05:46 2019 us=123617   push_ifconfig_ipv6_remote = ::
Sat Jan 12 19:05:46 2019 us=123617   enable_c2c = DISABLED
Sat Jan 12 19:05:46 2019 us=123617   duplicate_cn = DISABLED
Sat Jan 12 19:05:46 2019 us=123617   cf_max = 0
Sat Jan 12 19:05:46 2019 us=123617   cf_per = 0
Sat Jan 12 19:05:46 2019 us=123617   max_clients = 1024
Sat Jan 12 19:05:46 2019 us=123617   max_routes_per_client = 256
Sat Jan 12 19:05:46 2019 us=123617   auth_user_pass_verify_script = '[UNDEF]'
Sat Jan 12 19:05:46 2019 us=123617   auth_user_pass_verify_script_via_file = DISABLED
Sat Jan 12 19:05:46 2019 us=123617   auth_token_generate = DISABLED
Sat Jan 12 19:05:46 2019 us=123617   auth_token_lifetime = 0
Sat Jan 12 19:05:46 2019 us=123617   client = ENABLED
Sat Jan 12 19:05:46 2019 us=123617   pull = ENABLED
Sat Jan 12 19:05:46 2019 us=123617   auth_user_pass_file = 'stdin'
Sat Jan 12 19:05:46 2019 us=123617   show_net_up = DISABLED
Sat Jan 12 19:05:46 2019 us=123617   route_method = 0
Sat Jan 12 19:05:46 2019 us=123617   block_outside_dns = DISABLED
Sat Jan 12 19:05:46 2019 us=123617   ip_win32_defined = DISABLED
Sat Jan 12 19:05:46 2019 us=123617   ip_win32_type = 3
Sat Jan 12 19:05:46 2019 us=123617   dhcp_masq_offset = 0
Sat Jan 12 19:05:46 2019 us=123617   dhcp_lease_time = 31536000
Sat Jan 12 19:05:46 2019 us=123617   tap_sleep = 0
Sat Jan 12 19:05:46 2019 us=123617   dhcp_options = DISABLED
Sat Jan 12 19:05:46 2019 us=123617   dhcp_renew = DISABLED
Sat Jan 12 19:05:46 2019 us=123617   dhcp_pre_release = DISABLED
Sat Jan 12 19:05:46 2019 us=123617   domain = '[UNDEF]'
Sat Jan 12 19:05:46 2019 us=123617   netbios_scope = '[UNDEF]'
Sat Jan 12 19:05:46 2019 us=123617   netbios_node_type = 0
Sat Jan 12 19:05:46 2019 us=123617   disable_nbt = DISABLED
Sat Jan 12 19:05:46 2019 us=123617 OpenVPN 2.4.6 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Apr 26 2018
Sat Jan 12 19:05:46 2019 us=123617 Windows version 6.2 (Windows 8 or greater) 64bit
Sat Jan 12 19:05:46 2019 us=123617 library versions: OpenSSL 1.1.0h  27 Mar 2018, LZO 2.10
Enter Management Password:
Sat Jan 12 19:05:46 2019 us=124613 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25342
Sat Jan 12 19:05:46 2019 us=124613 Need hold release from management interface, waiting...
Sat Jan 12 19:05:46 2019 us=610857 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25342
Sat Jan 12 19:05:46 2019 us=712978 MANAGEMENT: CMD 'state on'
Sat Jan 12 19:05:46 2019 us=712978 MANAGEMENT: CMD 'log all on'
Sat Jan 12 19:05:46 2019 us=811519 MANAGEMENT: CMD 'echo all on'
Sat Jan 12 19:05:46 2019 us=812516 MANAGEMENT: CMD 'bytecount 5'
Sat Jan 12 19:05:46 2019 us=813515 MANAGEMENT: CMD 'hold off'
Sat Jan 12 19:05:46 2019 us=814592 MANAGEMENT: CMD 'hold release'
Sat Jan 12 19:05:48 2019 us=59691 MANAGEMENT: CMD 'username "Auth" "<login>"'
Sat Jan 12 19:05:48 2019 us=66907 MANAGEMENT: CMD 'password [...]'
Sat Jan 12 19:05:48 2019 us=68901 Control Channel MTU parms [ L:1657 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Sat Jan 12 19:05:48 2019 us=68901 Data Channel MTU parms [ L:1657 D:1452 EF:125 EB:412 ET:32 EL:3 ]
Sat Jan 12 19:05:48 2019 us=68901 Fragmentation MTU parms [ L:1657 D:1452 EF:125 EB:412 ET:32 EL:3 ]
Sat Jan 12 19:05:48 2019 us=68901 Local Options String (VER=V4): 'V4,dev-type tap,link-mtu 1593,tun-mtu 1532,proto UDPv4,mtu-dynamic,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-client'
Sat Jan 12 19:05:48 2019 us=68901 Expected Remote Options String (VER=V4): 'V4,dev-type tap,link-mtu 1593,tun-mtu 1532,proto UDPv4,mtu-dynamic,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-server'
Sat Jan 12 19:05:48 2019 us=68901 TCP/UDP: Preserving recently used remote address: [AF_INET]<server_public_ip>:<server_public_port>
Sat Jan 12 19:05:48 2019 us=68901 Socket Buffers: R=[65536->65536] S=[65536->65536]
Sat Jan 12 19:05:48 2019 us=68901 UDP link local: (not bound)
Sat Jan 12 19:05:48 2019 us=68901 UDP link remote: [AF_INET]<server_public_ip>:<server_public_port>
Sat Jan 12 19:05:48 2019 us=68901 MANAGEMENT: >STATE:1547316348,WAIT,,,,,,
Sat Jan 12 19:05:48 2019 us=270605 MANAGEMENT: >STATE:1547316348,AUTH,,,,,,
Sat Jan 12 19:05:48 2019 us=270605 TLS: Initial packet from [AF_INET]<server_public_ip>:<server_public_port>, sid=67eb63cb 7fedd297
Sat Jan 12 19:05:48 2019 us=270605 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sat Jan 12 19:05:51 2019 us=793335 VERIFY OK: depth=1, C=FR, O=Freebox SA, CN=Freebox OpenVPN server CA for <32 character long string>
Sat Jan 12 19:05:51 2019 us=793335 VERIFY KU OK
Sat Jan 12 19:05:51 2019 us=793335 Validating certificate extended key usage
Sat Jan 12 19:05:51 2019 us=793335 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Sat Jan 12 19:05:51 2019 us=793335 VERIFY EKU OK
Sat Jan 12 19:05:51 2019 us=793335 VERIFY X509NAME OK: C=FR, O=Freebox SA, CN=Freebox OpenVPN server <32 character long string>
Sat Jan 12 19:05:51 2019 us=793335 VERIFY OK: depth=0, C=FR, O=Freebox SA, CN=Freebox OpenVPN server <32 character long string>
Sat Jan 12 19:05:52 2019 us=198978 Control Channel: TLSv1.2, cipher TLSv1.2 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Sat Jan 12 19:05:52 2019 us=198978 [Freebox OpenVPN server <32 character long string>] Peer Connection Initiated with [AF_INET]<server_public_ip>:<server_public_port>
Sat Jan 12 19:05:53 2019 us=238415 MANAGEMENT: >STATE:1547316353,GET_CONFIG,,,,,,
Sat Jan 12 19:05:53 2019 us=238415 SENT CONTROL [Freebox OpenVPN server <32 character long string>]: 'PUSH_REQUEST' (status=1)
Sat Jan 12 19:05:53 2019 us=390964 PUSH: Received control message: 'PUSH_REPLY,ping 30,ping-restart 120'
Sat Jan 12 19:05:53 2019 us=390964 OPTIONS IMPORT: timers and/or timeouts modified
Sat Jan 12 19:05:53 2019 us=390964 Data Channel MTU parms [ L:1593 D:1452 EF:61 EB:412 ET:32 EL:3 ]
Sat Jan 12 19:05:53 2019 us=390964 Outgoing Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
Sat Jan 12 19:05:53 2019 us=390964 Outgoing Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Jan 12 19:05:53 2019 us=390964 Incoming Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
Sat Jan 12 19:05:53 2019 us=390964 Incoming Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Jan 12 19:05:53 2019 us=390964 interactive service msg_channel=0
Sat Jan 12 19:05:53 2019 us=390964 open_tun
Sat Jan 12 19:05:53 2019 us=394958 TAP-WIN32 device [OpenVPN 1] opened: \\.\Global\{88968B2C-B770-4895-B154-E0B666E1500F}.tap
Sat Jan 12 19:05:53 2019 us=394958 TAP-Windows Driver Version 9.21 
Sat Jan 12 19:05:53 2019 us=394958 TAP-Windows MTU=1500
Sat Jan 12 19:05:53 2019 us=395956 Successful ARP Flush on interface [11] {88968B2C-B770-4895-B154-E0B666E1500F}
Sat Jan 12 19:05:58 2019 us=221772 TEST ROUTES: 0/0 succeeded len=0 ret=1 a=0 u/d=up
Sat Jan 12 19:05:58 2019 us=221772 Initialization Sequence Completed
Sat Jan 12 19:05:58 2019 us=221772 MANAGEMENT: >STATE:1547316358,CONNECTED,SUCCESS,,<server_public_ip>,<server_public_port>,,
Routing table after connecting with pull-filter :

Code: Select all

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0     192.168.43.1   192.168.43.136     55
          0.0.0.0          0.0.0.0    192.168.0.254     192.168.0.18   1998
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
      192.168.0.0    255.255.255.0         On-link      192.168.0.18   1255
     192.168.0.18  255.255.255.255         On-link      192.168.0.18   1255
    192.168.0.255  255.255.255.255         On-link      192.168.0.18   1255
     192.168.43.0    255.255.255.0         On-link    192.168.43.136    311
   192.168.43.136  255.255.255.255         On-link    192.168.43.136    311
   192.168.43.255  255.255.255.255         On-link    192.168.43.136    311
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link    192.168.43.136    311
        224.0.0.0        240.0.0.0         On-link      192.168.0.18   1255
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link    192.168.43.136    311
  255.255.255.255  255.255.255.255         On-link      192.168.0.18   1255
===========================================================================
Persistent Routes:
  None
  
This 0.0.0.0 - 0.0.0.0 - 192.168.0.254 - 192.168.0.18 entry is still here.

So, while a workaround can be used (setting the metric to 1998, so that in the end the right gateway is always preffered), the redirect-gateway should have produced some effect, am I wrong ?

And since I wanted to confirm that I wasn't able to resolve the issue using another option, I then tried all of this : pull-filter ignore "route" , pull-filter ignore "ifconfig" , route-nopull , route-noexec, grouped or individually, with or without double quotes (one never knows ?), at various places of the config files... Always the same result : identical log files excepted that they show the options are read in the config file, identical routing tables, access to remote LAN is always OK, and each time all Internet trafic redirected over the tunnel.

I have a working configuration, there is one particular behavior I want to modify, there is an option that is supposed to do precisely what I want to achieve, I use it and it's doing nothing.

Now I told you everything - Does nothing really jump out at anyone indicating what precisely I am not using correctly, or that, maybe, something does not work as it should within my installation of the OpenVPN client (the software itself, not the config) ?

Thank you once more for your help...

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Default gateway added on OpenVPN client side no matter which option I add

Post by TinCanTech » Sat Jan 12, 2019 10:13 pm

Juspion wrote:
Sat Jan 12, 2019 10:00 pm
I am using OpenVPN 2.4.6 on Windows 10 to connect to a server I do not administer.
If it is not your server then why do you bother to obscure the following
Juspion wrote:
Sat Jan 12, 2019 10:00 pm
Sat Jan 12 18:47:32 2019 us=8367 SENT CONTROL [Freebox OpenVPN server <32 character long string>]: 'PUSH_REQUEST' (status=1)
Sat Jan 12 18:47:32 2019 us=236712 PUSH: Received control message: 'PUSH_REPLY,ping 30,ping-restart 120' S
:?:

Anyway .. you will have to speak to your server admin.

Juspion
OpenVpn Newbie
Posts: 7
Joined: Fri Jan 04, 2019 6:49 pm

Re: Default gateway added on OpenVPN client side no matter which option I add

Post by Juspion » Sat Jan 12, 2019 11:27 pm

Dear TinCanTech, I can't understand your latest post.

My first post lacked the output of a netstat -r and the content of log and config files - OK, thought my words were clear enough, they were not, you need raw facts and files to begin to investigate a bit and give help. I cannot disagree with that.

Since then I posted all possible information, I wrote a lengthy post to put everything together because, OK, I cannot expect that one reads 3 posts to find all elements and it's easier to find everything at the same place.

Now if someone bothers writing a reply to me after all the information I gave, I was expecting at least either "your config looks fine, the software logs look fine as well, your Windows 10 is probably buggy", or "This is weird, let's increase the verbosity of the logs because it's not functioning as it is supposed to"...

Or "Sorry, I cannot see the issue, try and ask X or Y".
Or even maybe "You did not read the manual, you can't expect it to work, your config file is still broken" - why not with a hint at were the problem is.

But why arguing about what I obscured and not in the log files, especially when there is absolutely nothing obscured in the PUSH_REPLY line you highlighted ??
Or maybe it was about the <32 character long string> : but is it an issue that makes my case more difficult to understand ? What if I just don't want to give away some ID that could potentially identify some server which is not public ? Seemed to me that it was just common sense...

For now, I am having an issue with OpenVPN client software, with something I think is an identified feature, which I am trying to use according to what is in the manual, and... "Talk to the server admin".

If for some reason you're fed up with this case, do not bother replying and please let others do if they want to.
If I am being a stupid user who can't read and understand what's in front of his eyes, then I suggest you close the topic and maybe turn it into something useful, like adding my question to "Read this first - exemples of what we don't want to read in this forum".

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Default gateway added on OpenVPN client side no matter which option I add

Post by TinCanTech » Sun Jan 13, 2019 12:09 am

Juspion wrote:
Sat Jan 12, 2019 11:27 pm
Dear TinCanTech, I can't understand your latest post.
I am absolutely positive you fully understand my post (due to your reply) but you choose not to ..

I will not bother to critique the details which you have strategically chosen to omit

I will simply say this:
Juspion wrote:
Sat Jan 12, 2019 10:00 pm
I am using OpenVPN 2.4.6 on Windows 10 to connect to a server I do not administer.
Juspion wrote:
Sat Jan 12, 2019 10:00 pm
dev tap0
Juspion wrote:
Sat Jan 12, 2019 10:00 pm
Sat Jan 12 18:47:32 2019 us=236712 PUSH: Received control message: 'PUSH_REPLY,ping 30,ping-restart 120'
Sorry, I cannot help.

Juspion
OpenVpn Newbie
Posts: 7
Joined: Fri Jan 04, 2019 6:49 pm

Re: Default gateway added on OpenVPN client side no matter which option I add

Post by Juspion » Mon Jan 14, 2019 2:11 pm

Hi,

This whole conversation gives me the strange impression I ended up in the twilight zone - but at least you replied politely and now I understand why you don't go further on the analysis.

You think I have some kind of control on the server, settings and you also think I removed things from the PUSH_REPLY log line. Well, I don't (I can just choose username and password) and I didn't (these are really the unmodified PUSH_REPLY lines).

I was a bit surprised as I began to search by myself, since almost all posts of OpenVPN logs appearing on Google include some route commands, topology, or whatsoever. In my logs, there aren't any. I thought initially that maybe this was because I am connected to a bridged tunnel, but it seems that receiving such a PUSH_REPLY is almost impossible and this makes you think I hid something. Too bad for me.

In fact I googled "PUSH_REPLY,ping 30,ping-restart 120" and there are around 10 results including this thread - I can't blame you for not knowing everything about all improbable cases.

As far as I'm concerned, I'm done with this request and this forum as well, I will find other ways to build the connection I need.

One last word of advice (and I really say this in a friendly way, I imagine my English may sound ruder than what I mean) : while you are certainly proficient at troubleshooting issues, you don't know everything. So, it could be a good idea to not necessarily impute motives to people, because sometimes it just might be a combination of (tiny) lacks of knowledge and/or experience : on the side of the person asking for help, and on yours.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Default gateway added on OpenVPN client side no matter which option I add

Post by TinCanTech » Tue Jan 15, 2019 6:04 pm

If all else fails, you can contact me privately: tincanteksup <at> gmail

Timvanoijen
OpenVpn Newbie
Posts: 1
Joined: Sun Mar 28, 2021 8:56 pm

Re: Default gateway added on OpenVPN client side no matter which option I add

Post by Timvanoijen » Sun Mar 28, 2021 9:05 pm

Hi Juspion,
I experience your problem as well. A default gateway route is added no matter what I try. Were you able to fix your problem in the end? And if yes, do you remember the solution?

By the way, I read the full discussion.... and I must say that the way how your problem, but even more you as a person, were treated by TinCanTech is crazy. This guy should be banned from the forum...

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Default gateway added on OpenVPN client side no matter which option I add

Post by TinCanTech » Sun Mar 28, 2021 9:14 pm

Timvanoijen wrote:
Sun Mar 28, 2021 9:05 pm
but even more you as a person, were treated by TinCanTech is crazy. This guy should be banned from the forum...
I tried to help up until the point where it became a waste of everybody's time.

Nobody else is going to need to do what the OP here is doing and nobody should ever try it either.

If you cannot see why then you simply do not understand enough about networking.

And I offered my help on a private line ....

300000
OpenVPN Expert
Posts: 685
Joined: Tue May 01, 2012 9:30 pm

Re: Default gateway added on OpenVPN client side no matter which option I add

Post by 300000 » Sun Mar 28, 2021 11:27 pm

Timvanoijen wrote:
Sun Mar 28, 2021 9:05 pm
Hi Juspion,
I experience your problem as well. A default gateway route is added no matter what I try. Were you able to fix your problem in the end? And if yes, do you remember the solution?

By the way, I read the full discussion.... and I must say that the way how your problem, but even more you as a person, were treated by TinCanTech is crazy. This guy should be banned from the forum...
All he want to do is make it confuse to all people in here and then make a contact to him for pay to help . if you check all his 's post and you will know that point . yes we sometime need pay something to save time to deal with trouble but this way cause more trouble for people confuse and then ask to contact for help is the same trick use as scareware on internet and should avoid.

You can check all my posts and all his posts to see the trouble with people come here to ask .that will say all things



Let me help you to deal with your trouble just add this lines to your client config and connect it again , it should do the trick for you

route 0.0.0.0 192.0.0.0 net_gateway
route 64.0.0.0 192.0.0.0 net_gateway
route 128.0.0.0 192.0.0.0 net_gateway
route 192.0.0.0 192.0.0.0 net_gateway

you dont need this lines anymore just remove it and all above route will make sure it will do what you like to do.

pull-filter ignore "route "
pull-filter ignore "redirect-gateway"
pull-filter ignore "ifconfig"
route-nopull
route-noexec

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Default gateway added on OpenVPN client side no matter which option I add

Post by TinCanTech » Mon Mar 29, 2021 1:24 am

300000 wrote:
Sun Mar 28, 2021 11:27 pm
All he want to do is make it confuse to all people
People cannot do what the OP here tried to do and you should know that .. but obviously you don't know either..

Your de-facto answer is off-topic and useless.

If you don't stop harassing me then I may have to take action ..

Edit:

I help people when they have problems with OpenVPN.
In general I point them to the relevant howto article.

When people screw with their network and/or somebody else's in ways they don't understand ..
If they want my help hacking their boss (or what-ever) then they can pay me .. or you, if you like ..

But if you want to know what "take action" means then you just carry on
spouting nonsense in very bad English
and bad mouthing me at the same time.

I will not go down for the like of you ..

yiga
OpenVpn Newbie
Posts: 1
Joined: Thu Aug 26, 2021 1:41 pm

Re: Default gateway added on OpenVPN client side no matter which option I add

Post by yiga » Thu Aug 26, 2021 3:03 pm

Old post but I figure I would share real quick how I fixed the same issue as this drove me crazy too yesterday.

What happens is that Windows adds a new default route (0.0.0.0/0) for any enabled connection/device. This is not OpenVPN-specific.

The issue is that the latest connection, say the TAP-adapter used by OpenVPN (NETGEAR-VPN for me), gets a lower metric than the LAN/Wifi one, so that one "wins" if there is no other route superseding.

You could add the routes as per @300000 or
  • go in the IPv4 TCP properties of the device used by the VPN
  • Advanced and set the Interface Metric to 999 (disabling "Automatic metric")
  • Also, to bypass the VPN by default, make sure to add (back)

    Code: Select all

    pull-filter ignore redirect-gateway
    as last line in the client config and add any VPN routes before the filter. That order is important or the filter will be ignored.
:arrow: Reconnect and check your routes again. Windows will assign a much higher metric order to the VPN gateway so that the actual default gateway will remain the LAN/Wifi one.

EDIT:
Windows assigns metrics based on the connection speed - see https://docs.microsoft.com/en-us/troubl ... pv4-routes. My OpenVPN connection indicates (in network properties) a theoretical speed of 1 Gbps vs. Wifi of (measured ?) 270 Mps :arrow: hence why one needs to set a higher metric on the former to be ignored.

Post Reply