I have been struggling with an issue for days and I cannot find any other solution apart from asking for some help here !
Basically, I am building a tunnel in bridged mode between a Windows 10 client and a server I have no control over.
Almost everything works OK, but a default route is added no matter which options I put in the client's ovpn file (which is something I do not want)
I tried them alone or grouped, at various positions of the configuration file, with or without double quotes... Nothing works.
I always have a new default route added, going to the OpenVPN server's IP. Everything else is OK : I have access to the remote ressources without issues.
The client's log contains, among others, following lines :
which makes me think that all options I add in the configuration file are taken into account.
Of course, a "route delete 0.0.0.0 openvpn_server_ip" makes my system use the right gateway again. And if I don't want to bother changing the routing table each time I connect, changing the metric of the tunnel interface to a higher value makes it all functional even with this wrong 2nd default route.
Nevertheless, I would like the client to behave as (I think) I am instructing it to...
Am I missing something obvious or may this be a bug (or maybe an incompatibility between my OpenVPN client version and the server ?)
Thank you for your answer. Sorry, I thought that explaining it with words was enough.
Below are my routing tables (sorry for the formatting, I tried to use the preview to have it look as good as possible but, as you know, one gets kicked out almost as soon as the preview function is used...)
I do appreciate your taking the time to answer me.
I (think I) followed and started by reading the manual... I already tried the pull filter alone.
I only posted the last example of the dozens of variants I tried (the pull filters and the route-* : together or one by one, at the beginning or at the end of the config file, or both), which (as I explained in my first post) all gave the same result : Tunnel up, everything OK apart from this default gateway.
The default configuration file that the system I want to connect to is giving, is as follows. Tunnel up, the default route I don't want is added.
Default client config
client
remote <server_public_ip> <server_public_port>
proto udp
nobind
dev-type tap
pull
dev tap0
auth-user-pass
auth-retry interact
fragment 1452
mssfix 1452
explicit-exit-notify 3
cipher AES-256-CBC
remote-cert-tls server
verify-x509-name "C=FR, O=Freebox SA, CN=Freebox OpenVPN server <32 character long string>"
# use tls-remote instead of verify-x509-name for deprecated openssl
# tls-remote "/C=FR/O=Freebox_SA/CN=Freebox_OpenVPN_server_<32 character long string>"
<ca>
-----BEGIN CERTIFICATE-----
# certificate
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
# certificate
-----END CERTIFICATE-----
</cert>
<extra-certs>
-----BEGIN CERTIFICATE-----
# certificate
-----END CERTIFICATE-----
</extra-certs>
<key>
-----BEGIN PRIVATE KEY-----
# key
-----END PRIVATE KEY-----
</key>
Maybe this default configuration file is a nonsense and thus not a good starting point at all ? But since it's connecting, I didn't suppose this could be the reason for my gateway issues.
My first try was to use the pull filter, as it seems it is the solution in those cases :
Default client config with redirect-gateway ignored
client
pull-filter ignore "redirect-gateway"
remote <server_public_ip> <server_public_port>
proto udp
nobind
dev-type tap
pull
dev tap0
auth-user-pass
auth-retry interact
fragment 1452
mssfix 1452
explicit-exit-notify 3
cipher AES-256-CBC
remote-cert-tls server
verify-x509-name "C=FR, O=Freebox SA, CN=Freebox OpenVPN server <32 character long string>"
# use tls-remote instead of verify-x509-name for deprecated openssl
# tls-remote "/C=FR/O=Freebox_SA/CN=Freebox_OpenVPN_server_<32 character long string>"
<ca>
-----BEGIN CERTIFICATE-----
# certificate
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
# certificate
-----END CERTIFICATE-----
</cert>
<extra-certs>
-----BEGIN CERTIFICATE-----
# certificate
-----END CERTIFICATE-----
</extra-certs>
<key>
-----BEGIN PRIVATE KEY-----
# key
-----END PRIVATE KEY-----
</key>
The behavior is exactly the same when using both configurations (and all other variants...), and the logs are completely identical excepted :
- the us=xxxxxx values
- the management_port = 'xxxxx' line
- the MANAGEMENT: >STATE:xxxxxxxxxx values
- of course, in this example, the lines "Pull filters:" and " ignore "redirect-gateway"" appear in the second case.
(sorry for stating perhaps obvious things but it seems you have the feeling I am someone who doesn't know what he's doing, whereas I always seek deeply before asking for help - In fact it's only the second time I ask for help in a forum in 9 years of work as an IT specialist, as I normally always find answers myself...)
I apologize if I am being really stupid on this one, but for me, I tried all possibilities the manual gives, and I can't understand why the client program behaves each time in the same way (as far as routing is concerned).
(sorry for stating perhaps obvious things but it seems you have the feeling I am someone who doesn't know what he's doing, whereas I always seek deeply before asking for help - In fact it's only the second time I ask for help in a forum in 9 years of work as an IT specialist, as I normally always find answers myself...)
I only feel what I can read on the screen ..
I feel confident that, if you go back to a simple documented setup you will then be able to pick your way through the reeds by using only the pull filter.
I should probably have explained everything once more, from the start - I was pretty sure everything was clear, sorry again.
I am using OpenVPN 2.4.6 on Windows 10 to connect to a server I do not administer.
The goal is to have access to ressources located on the same local network as this server, without modifying the current default route/gateway to access Internet (i.e. I want to tunnelize only the communications between the client and the ressources on the remote LAN, not the Internet trafic).
The server generates a default configuration file, like the one below, which functions correctly, but which gives me an additional default route with the server's local IP (192.168.0.254) as gateway.
Default client config file
client
verb 4
remote <server_public_ip> <server_public_port>
proto udp
nobind
dev-type tap
pull
dev tap0
auth-user-pass
auth-retry interact
fragment 1452
mssfix 1452
explicit-exit-notify 3
cipher AES-256-CBC
remote-cert-tls server
verify-x509-name "C=FR, O=Freebox SA, CN=Freebox OpenVPN server <32 character long string>"
# use tls-remote instead of verify-x509-name for deprecated openssl
# tls-remote "/C=FR/O=Freebox_SA/CN=Freebox_OpenVPN_server_<32 character long string>"
<ca>
-----BEGIN CERTIFICATE-----
# certificate
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
# certificate
-----END CERTIFICATE-----
</cert>
<extra-certs>
-----BEGIN CERTIFICATE-----
# certificate
-----END CERTIFICATE-----
</extra-certs>
<key>
-----BEGIN PRIVATE KEY-----
# key
-----END PRIVATE KEY-----
</key>
Sat Jan 12 18:47:26 2019 us=830994 Current Parameter Settings:
Sat Jan 12 18:47:26 2019 us=831991 config = 'test_orig.ovpn'
Sat Jan 12 18:47:26 2019 us=831991 mode = 0
Sat Jan 12 18:47:26 2019 us=831991 show_ciphers = DISABLED
Sat Jan 12 18:47:26 2019 us=831991 show_digests = DISABLED
Sat Jan 12 18:47:26 2019 us=831991 show_engines = DISABLED
Sat Jan 12 18:47:26 2019 us=831991 genkey = DISABLED
Sat Jan 12 18:47:26 2019 us=831991 key_pass_file = '[UNDEF]'
Sat Jan 12 18:47:26 2019 us=831991 show_tls_ciphers = DISABLED
Sat Jan 12 18:47:26 2019 us=831991 connect_retry_max = 0
Sat Jan 12 18:47:26 2019 us=831991 Connection profiles [0]:
Sat Jan 12 18:47:26 2019 us=831991 proto = udp
Sat Jan 12 18:47:26 2019 us=831991 local = '[UNDEF]'
Sat Jan 12 18:47:26 2019 us=831991 local_port = '[UNDEF]'
Sat Jan 12 18:47:26 2019 us=831991 remote = '<server_public_ip>'
Sat Jan 12 18:47:26 2019 us=831991 remote_port = '<server_public_port>'
Sat Jan 12 18:47:26 2019 us=831991 remote_float = DISABLED
Sat Jan 12 18:47:26 2019 us=831991 bind_defined = DISABLED
Sat Jan 12 18:47:26 2019 us=831991 bind_local = DISABLED
Sat Jan 12 18:47:26 2019 us=831991 bind_ipv6_only = DISABLED
Sat Jan 12 18:47:26 2019 us=831991 connect_retry_seconds = 5
Sat Jan 12 18:47:26 2019 us=831991 connect_timeout = 120
Sat Jan 12 18:47:26 2019 us=831991 socks_proxy_server = '[UNDEF]'
Sat Jan 12 18:47:26 2019 us=831991 socks_proxy_port = '[UNDEF]'
Sat Jan 12 18:47:26 2019 us=831991 tun_mtu = 1500
Sat Jan 12 18:47:26 2019 us=832989 tun_mtu_defined = ENABLED
Sat Jan 12 18:47:26 2019 us=832989 link_mtu = 1500
Sat Jan 12 18:47:26 2019 us=832989 link_mtu_defined = DISABLED
Sat Jan 12 18:47:26 2019 us=832989 tun_mtu_extra = 32
Sat Jan 12 18:47:26 2019 us=832989 tun_mtu_extra_defined = ENABLED
Sat Jan 12 18:47:26 2019 us=832989 mtu_discover_type = -1
Sat Jan 12 18:47:26 2019 us=832989 fragment = 1452
Sat Jan 12 18:47:26 2019 us=832989 mssfix = 1452
Sat Jan 12 18:47:26 2019 us=832989 explicit_exit_notification = 3
Sat Jan 12 18:47:26 2019 us=832989 Connection profiles END
Sat Jan 12 18:47:26 2019 us=832989 remote_random = DISABLED
Sat Jan 12 18:47:26 2019 us=832989 ipchange = '[UNDEF]'
Sat Jan 12 18:47:26 2019 us=832989 dev = 'tap0'
Sat Jan 12 18:47:26 2019 us=832989 dev_type = 'tap'
Sat Jan 12 18:47:26 2019 us=832989 dev_node = '[UNDEF]'
Sat Jan 12 18:47:26 2019 us=832989 lladdr = '[UNDEF]'
Sat Jan 12 18:47:26 2019 us=832989 topology = 1
Sat Jan 12 18:47:26 2019 us=832989 ifconfig_local = '[UNDEF]'
Sat Jan 12 18:47:26 2019 us=832989 ifconfig_remote_netmask = '[UNDEF]'
Sat Jan 12 18:47:26 2019 us=832989 ifconfig_noexec = DISABLED
Sat Jan 12 18:47:26 2019 us=832989 ifconfig_nowarn = DISABLED
Sat Jan 12 18:47:26 2019 us=832989 ifconfig_ipv6_local = '[UNDEF]'
Sat Jan 12 18:47:26 2019 us=832989 ifconfig_ipv6_netbits = 0
Sat Jan 12 18:47:26 2019 us=832989 ifconfig_ipv6_remote = '[UNDEF]'
Sat Jan 12 18:47:26 2019 us=832989 shaper = 0
Sat Jan 12 18:47:26 2019 us=832989 mtu_test = 0
Sat Jan 12 18:47:26 2019 us=832989 mlock = DISABLED
Sat Jan 12 18:47:26 2019 us=832989 keepalive_ping = 0
Sat Jan 12 18:47:26 2019 us=832989 keepalive_timeout = 0
Sat Jan 12 18:47:26 2019 us=832989 inactivity_timeout = 0
Sat Jan 12 18:47:26 2019 us=832989 ping_send_timeout = 0
Sat Jan 12 18:47:26 2019 us=832989 ping_rec_timeout = 0
Sat Jan 12 18:47:26 2019 us=832989 ping_rec_timeout_action = 0
Sat Jan 12 18:47:26 2019 us=832989 ping_timer_remote = DISABLED
Sat Jan 12 18:47:26 2019 us=832989 remap_sigusr1 = 0
Sat Jan 12 18:47:26 2019 us=832989 persist_tun = DISABLED
Sat Jan 12 18:47:26 2019 us=832989 persist_local_ip = DISABLED
Sat Jan 12 18:47:26 2019 us=832989 persist_remote_ip = DISABLED
Sat Jan 12 18:47:26 2019 us=832989 persist_key = DISABLED
Sat Jan 12 18:47:26 2019 us=832989 passtos = DISABLED
Sat Jan 12 18:47:26 2019 us=832989 resolve_retry_seconds = 1000000000
Sat Jan 12 18:47:26 2019 us=832989 resolve_in_advance = DISABLED
Sat Jan 12 18:47:26 2019 us=832989 username = '[UNDEF]'
Sat Jan 12 18:47:26 2019 us=832989 groupname = '[UNDEF]'
Sat Jan 12 18:47:26 2019 us=832989 chroot_dir = '[UNDEF]'
Sat Jan 12 18:47:26 2019 us=832989 cd_dir = '[UNDEF]'
Sat Jan 12 18:47:26 2019 us=832989 writepid = '[UNDEF]'
Sat Jan 12 18:47:26 2019 us=832989 up_script = '[UNDEF]'
Sat Jan 12 18:47:26 2019 us=832989 down_script = '[UNDEF]'
Sat Jan 12 18:47:26 2019 us=832989 down_pre = DISABLED
Sat Jan 12 18:47:26 2019 us=832989 up_restart = DISABLED
Sat Jan 12 18:47:26 2019 us=832989 up_delay = DISABLED
Sat Jan 12 18:47:26 2019 us=832989 daemon = DISABLED
Sat Jan 12 18:47:26 2019 us=832989 inetd = 0
Sat Jan 12 18:47:26 2019 us=832989 log = ENABLED
Sat Jan 12 18:47:26 2019 us=832989 suppress_timestamps = DISABLED
Sat Jan 12 18:47:26 2019 us=832989 machine_readable_output = DISABLED
Sat Jan 12 18:47:26 2019 us=832989 nice = 0
Sat Jan 12 18:47:26 2019 us=832989 verbosity = 4
Sat Jan 12 18:47:26 2019 us=832989 mute = 0
Sat Jan 12 18:47:26 2019 us=832989 gremlin = 0
Sat Jan 12 18:47:26 2019 us=832989 status_file = '[UNDEF]'
Sat Jan 12 18:47:26 2019 us=832989 status_file_version = 1
Sat Jan 12 18:47:26 2019 us=832989 status_file_update_freq = 60
Sat Jan 12 18:47:26 2019 us=832989 occ = ENABLED
Sat Jan 12 18:47:26 2019 us=832989 rcvbuf = 0
Sat Jan 12 18:47:26 2019 us=832989 sndbuf = 0
Sat Jan 12 18:47:26 2019 us=832989 sockflags = 0
Sat Jan 12 18:47:26 2019 us=832989 fast_io = DISABLED
Sat Jan 12 18:47:26 2019 us=832989 comp.alg = 0
Sat Jan 12 18:47:26 2019 us=832989 comp.flags = 0
Sat Jan 12 18:47:26 2019 us=832989 route_script = '[UNDEF]'
Sat Jan 12 18:47:26 2019 us=832989 route_default_gateway = '[UNDEF]'
Sat Jan 12 18:47:26 2019 us=832989 route_default_metric = 0
Sat Jan 12 18:47:26 2019 us=832989 route_noexec = DISABLED
Sat Jan 12 18:47:26 2019 us=832989 route_delay = 5
Sat Jan 12 18:47:26 2019 us=832989 route_delay_window = 30
Sat Jan 12 18:47:26 2019 us=832989 route_delay_defined = ENABLED
Sat Jan 12 18:47:26 2019 us=832989 route_nopull = DISABLED
Sat Jan 12 18:47:26 2019 us=832989 route_gateway_via_dhcp = DISABLED
Sat Jan 12 18:47:26 2019 us=832989 allow_pull_fqdn = DISABLED
Sat Jan 12 18:47:26 2019 us=832989 management_addr = '127.0.0.1'
Sat Jan 12 18:47:26 2019 us=832989 management_port = '25341'
Sat Jan 12 18:47:26 2019 us=832989 management_user_pass = 'stdin'
Sat Jan 12 18:47:26 2019 us=832989 management_log_history_cache = 250
Sat Jan 12 18:47:26 2019 us=832989 management_echo_buffer_size = 100
Sat Jan 12 18:47:26 2019 us=832989 management_write_peer_info_file = '[UNDEF]'
Sat Jan 12 18:47:26 2019 us=832989 management_client_user = '[UNDEF]'
Sat Jan 12 18:47:26 2019 us=832989 management_client_group = '[UNDEF]'
Sat Jan 12 18:47:26 2019 us=832989 management_flags = 6
Sat Jan 12 18:47:26 2019 us=832989 shared_secret_file = '[UNDEF]'
Sat Jan 12 18:47:26 2019 us=832989 key_direction = not set
Sat Jan 12 18:47:26 2019 us=832989 ciphername = 'AES-256-CBC'
Sat Jan 12 18:47:26 2019 us=832989 ncp_enabled = ENABLED
Sat Jan 12 18:47:26 2019 us=832989 ncp_ciphers = 'AES-256-GCM:AES-128-GCM'
Sat Jan 12 18:47:26 2019 us=832989 authname = 'SHA1'
Sat Jan 12 18:47:26 2019 us=832989 prng_hash = 'SHA1'
Sat Jan 12 18:47:26 2019 us=832989 prng_nonce_secret_len = 16
Sat Jan 12 18:47:26 2019 us=832989 keysize = 0
Sat Jan 12 18:47:26 2019 us=832989 engine = DISABLED
Sat Jan 12 18:47:26 2019 us=832989 replay = ENABLED
Sat Jan 12 18:47:26 2019 us=832989 mute_replay_warnings = DISABLED
Sat Jan 12 18:47:26 2019 us=832989 replay_window = 64
Sat Jan 12 18:47:26 2019 us=832989 replay_time = 15
Sat Jan 12 18:47:26 2019 us=832989 packet_id_file = '[UNDEF]'
Sat Jan 12 18:47:26 2019 us=832989 use_iv = ENABLED
Sat Jan 12 18:47:26 2019 us=832989 test_crypto = DISABLED
Sat Jan 12 18:47:26 2019 us=832989 tls_server = DISABLED
Sat Jan 12 18:47:26 2019 us=832989 tls_client = ENABLED
Sat Jan 12 18:47:26 2019 us=832989 key_method = 2
Sat Jan 12 18:47:26 2019 us=832989 ca_file = '[[INLINE]]'
Sat Jan 12 18:47:26 2019 us=832989 ca_path = '[UNDEF]'
Sat Jan 12 18:47:26 2019 us=832989 dh_file = '[UNDEF]'
Sat Jan 12 18:47:26 2019 us=832989 cert_file = '[[INLINE]]'
Sat Jan 12 18:47:26 2019 us=832989 extra_certs_file = '[[INLINE]]'
Sat Jan 12 18:47:26 2019 us=832989 priv_key_file = '[[INLINE]]'
Sat Jan 12 18:47:26 2019 us=832989 pkcs12_file = '[UNDEF]'
Sat Jan 12 18:47:26 2019 us=832989 cryptoapi_cert = '[UNDEF]'
Sat Jan 12 18:47:26 2019 us=832989 cipher_list = '[UNDEF]'
Sat Jan 12 18:47:26 2019 us=832989 tls_cert_profile = '[UNDEF]'
Sat Jan 12 18:47:26 2019 us=832989 tls_verify = '[UNDEF]'
Sat Jan 12 18:47:26 2019 us=832989 tls_export_cert = '[UNDEF]'
Sat Jan 12 18:47:26 2019 us=832989 verify_x509_type = 1
Sat Jan 12 18:47:26 2019 us=832989 verify_x509_name = 'C=FR, O=Freebox SA, CN=Freebox OpenVPN server <32 character long string>'
Sat Jan 12 18:47:26 2019 us=832989 crl_file = '[UNDEF]'
Sat Jan 12 18:47:26 2019 us=832989 ns_cert_type = 0
Sat Jan 12 18:47:26 2019 us=832989 remote_cert_ku[i] = 65535
Sat Jan 12 18:47:26 2019 us=832989 remote_cert_ku[i] = 0
Sat Jan 12 18:47:26 2019 us=832989 remote_cert_ku[i] = 0
Sat Jan 12 18:47:26 2019 us=832989 remote_cert_ku[i] = 0
Sat Jan 12 18:47:26 2019 us=832989 remote_cert_ku[i] = 0
Sat Jan 12 18:47:26 2019 us=832989 remote_cert_ku[i] = 0
Sat Jan 12 18:47:26 2019 us=832989 remote_cert_ku[i] = 0
Sat Jan 12 18:47:26 2019 us=832989 remote_cert_ku[i] = 0
Sat Jan 12 18:47:26 2019 us=832989 remote_cert_ku[i] = 0
Sat Jan 12 18:47:26 2019 us=832989 remote_cert_ku[i] = 0
Sat Jan 12 18:47:26 2019 us=832989 remote_cert_ku[i] = 0
Sat Jan 12 18:47:26 2019 us=832989 remote_cert_ku[i] = 0
Sat Jan 12 18:47:26 2019 us=832989 remote_cert_ku[i] = 0
Sat Jan 12 18:47:26 2019 us=832989 remote_cert_ku[i] = 0
Sat Jan 12 18:47:26 2019 us=832989 remote_cert_ku[i] = 0
Sat Jan 12 18:47:26 2019 us=832989 remote_cert_ku[i] = 0
Sat Jan 12 18:47:26 2019 us=832989 remote_cert_eku = 'TLS Web Server Authentication'
Sat Jan 12 18:47:26 2019 us=832989 ssl_flags = 0
Sat Jan 12 18:47:26 2019 us=832989 tls_timeout = 2
Sat Jan 12 18:47:26 2019 us=832989 renegotiate_bytes = -1
Sat Jan 12 18:47:26 2019 us=832989 renegotiate_packets = 0
Sat Jan 12 18:47:26 2019 us=832989 renegotiate_seconds = 3600
Sat Jan 12 18:47:26 2019 us=832989 handshake_window = 60
Sat Jan 12 18:47:26 2019 us=832989 transition_window = 3600
Sat Jan 12 18:47:26 2019 us=832989 single_session = DISABLED
Sat Jan 12 18:47:26 2019 us=832989 push_peer_info = DISABLED
Sat Jan 12 18:47:26 2019 us=832989 tls_exit = DISABLED
Sat Jan 12 18:47:26 2019 us=832989 tls_auth_file = '[UNDEF]'
Sat Jan 12 18:47:26 2019 us=832989 tls_crypt_file = '[UNDEF]'
Sat Jan 12 18:47:26 2019 us=832989 pkcs11_protected_authentication = DISABLED
Sat Jan 12 18:47:26 2019 us=832989 pkcs11_protected_authentication = DISABLED
Sat Jan 12 18:47:26 2019 us=832989 pkcs11_protected_authentication = DISABLED
Sat Jan 12 18:47:26 2019 us=832989 pkcs11_protected_authentication = DISABLED
Sat Jan 12 18:47:26 2019 us=832989 pkcs11_protected_authentication = DISABLED
Sat Jan 12 18:47:26 2019 us=832989 pkcs11_protected_authentication = DISABLED
Sat Jan 12 18:47:26 2019 us=832989 pkcs11_protected_authentication = DISABLED
Sat Jan 12 18:47:26 2019 us=832989 pkcs11_protected_authentication = DISABLED
Sat Jan 12 18:47:26 2019 us=832989 pkcs11_protected_authentication = DISABLED
Sat Jan 12 18:47:26 2019 us=832989 pkcs11_protected_authentication = DISABLED
Sat Jan 12 18:47:26 2019 us=832989 pkcs11_protected_authentication = DISABLED
Sat Jan 12 18:47:26 2019 us=832989 pkcs11_protected_authentication = DISABLED
Sat Jan 12 18:47:26 2019 us=832989 pkcs11_protected_authentication = DISABLED
Sat Jan 12 18:47:26 2019 us=832989 pkcs11_protected_authentication = DISABLED
Sat Jan 12 18:47:26 2019 us=832989 pkcs11_protected_authentication = DISABLED
Sat Jan 12 18:47:26 2019 us=832989 pkcs11_protected_authentication = DISABLED
Sat Jan 12 18:47:26 2019 us=832989 pkcs11_private_mode = 00000000
Sat Jan 12 18:47:26 2019 us=832989 pkcs11_private_mode = 00000000
Sat Jan 12 18:47:26 2019 us=832989 pkcs11_private_mode = 00000000
Sat Jan 12 18:47:26 2019 us=832989 pkcs11_private_mode = 00000000
Sat Jan 12 18:47:26 2019 us=832989 pkcs11_private_mode = 00000000
Sat Jan 12 18:47:26 2019 us=832989 pkcs11_private_mode = 00000000
Sat Jan 12 18:47:26 2019 us=832989 pkcs11_private_mode = 00000000
Sat Jan 12 18:47:26 2019 us=832989 pkcs11_private_mode = 00000000
Sat Jan 12 18:47:26 2019 us=832989 pkcs11_private_mode = 00000000
Sat Jan 12 18:47:26 2019 us=832989 pkcs11_private_mode = 00000000
Sat Jan 12 18:47:26 2019 us=832989 pkcs11_private_mode = 00000000
Sat Jan 12 18:47:26 2019 us=832989 pkcs11_private_mode = 00000000
Sat Jan 12 18:47:26 2019 us=832989 pkcs11_private_mode = 00000000
Sat Jan 12 18:47:26 2019 us=832989 pkcs11_private_mode = 00000000
Sat Jan 12 18:47:26 2019 us=832989 pkcs11_private_mode = 00000000
Sat Jan 12 18:47:26 2019 us=832989 pkcs11_private_mode = 00000000
Sat Jan 12 18:47:26 2019 us=832989 pkcs11_cert_private = DISABLED
Sat Jan 12 18:47:26 2019 us=832989 pkcs11_cert_private = DISABLED
Sat Jan 12 18:47:26 2019 us=832989 pkcs11_cert_private = DISABLED
Sat Jan 12 18:47:26 2019 us=832989 pkcs11_cert_private = DISABLED
Sat Jan 12 18:47:26 2019 us=832989 pkcs11_cert_private = DISABLED
Sat Jan 12 18:47:26 2019 us=832989 pkcs11_cert_private = DISABLED
Sat Jan 12 18:47:26 2019 us=832989 pkcs11_cert_private = DISABLED
Sat Jan 12 18:47:26 2019 us=832989 pkcs11_cert_private = DISABLED
Sat Jan 12 18:47:26 2019 us=832989 pkcs11_cert_private = DISABLED
Sat Jan 12 18:47:26 2019 us=832989 pkcs11_cert_private = DISABLED
Sat Jan 12 18:47:26 2019 us=832989 pkcs11_cert_private = DISABLED
Sat Jan 12 18:47:26 2019 us=832989 pkcs11_cert_private = DISABLED
Sat Jan 12 18:47:26 2019 us=832989 pkcs11_cert_private = DISABLED
Sat Jan 12 18:47:26 2019 us=832989 pkcs11_cert_private = DISABLED
Sat Jan 12 18:47:26 2019 us=832989 pkcs11_cert_private = DISABLED
Sat Jan 12 18:47:26 2019 us=832989 pkcs11_cert_private = DISABLED
Sat Jan 12 18:47:26 2019 us=832989 pkcs11_pin_cache_period = -1
Sat Jan 12 18:47:26 2019 us=832989 pkcs11_id = '[UNDEF]'
Sat Jan 12 18:47:26 2019 us=832989 pkcs11_id_management = DISABLED
Sat Jan 12 18:47:26 2019 us=832989 server_network = 0.0.0.0
Sat Jan 12 18:47:26 2019 us=832989 server_netmask = 0.0.0.0
Sat Jan 12 18:47:26 2019 us=832989 server_network_ipv6 = ::
Sat Jan 12 18:47:26 2019 us=833986 server_netbits_ipv6 = 0
Sat Jan 12 18:47:26 2019 us=833986 server_bridge_ip = 0.0.0.0
Sat Jan 12 18:47:26 2019 us=833986 server_bridge_netmask = 0.0.0.0
Sat Jan 12 18:47:26 2019 us=833986 server_bridge_pool_start = 0.0.0.0
Sat Jan 12 18:47:26 2019 us=833986 server_bridge_pool_end = 0.0.0.0
Sat Jan 12 18:47:26 2019 us=833986 ifconfig_pool_defined = DISABLED
Sat Jan 12 18:47:26 2019 us=833986 ifconfig_pool_start = 0.0.0.0
Sat Jan 12 18:47:26 2019 us=833986 ifconfig_pool_end = 0.0.0.0
Sat Jan 12 18:47:26 2019 us=833986 ifconfig_pool_netmask = 0.0.0.0
Sat Jan 12 18:47:26 2019 us=833986 ifconfig_pool_persist_filename = '[UNDEF]'
Sat Jan 12 18:47:26 2019 us=833986 ifconfig_pool_persist_refresh_freq = 600
Sat Jan 12 18:47:26 2019 us=833986 ifconfig_ipv6_pool_defined = DISABLED
Sat Jan 12 18:47:26 2019 us=833986 ifconfig_ipv6_pool_base = ::
Sat Jan 12 18:47:26 2019 us=833986 ifconfig_ipv6_pool_netbits = 0
Sat Jan 12 18:47:26 2019 us=833986 n_bcast_buf = 256
Sat Jan 12 18:47:26 2019 us=833986 tcp_queue_limit = 64
Sat Jan 12 18:47:26 2019 us=833986 real_hash_size = 256
Sat Jan 12 18:47:26 2019 us=833986 virtual_hash_size = 256
Sat Jan 12 18:47:26 2019 us=833986 client_connect_script = '[UNDEF]'
Sat Jan 12 18:47:26 2019 us=833986 learn_address_script = '[UNDEF]'
Sat Jan 12 18:47:26 2019 us=833986 client_disconnect_script = '[UNDEF]'
Sat Jan 12 18:47:26 2019 us=833986 client_config_dir = '[UNDEF]'
Sat Jan 12 18:47:26 2019 us=833986 ccd_exclusive = DISABLED
Sat Jan 12 18:47:26 2019 us=833986 tmp_dir = 'C:\Users\Frederik\AppData\Local\Temp\'
Sat Jan 12 18:47:26 2019 us=833986 push_ifconfig_defined = DISABLED
Sat Jan 12 18:47:26 2019 us=833986 push_ifconfig_local = 0.0.0.0
Sat Jan 12 18:47:26 2019 us=833986 push_ifconfig_remote_netmask = 0.0.0.0
Sat Jan 12 18:47:26 2019 us=833986 push_ifconfig_ipv6_defined = DISABLED
Sat Jan 12 18:47:26 2019 us=833986 push_ifconfig_ipv6_local = ::/0
Sat Jan 12 18:47:26 2019 us=833986 push_ifconfig_ipv6_remote = ::
Sat Jan 12 18:47:26 2019 us=833986 enable_c2c = DISABLED
Sat Jan 12 18:47:26 2019 us=833986 duplicate_cn = DISABLED
Sat Jan 12 18:47:26 2019 us=833986 cf_max = 0
Sat Jan 12 18:47:26 2019 us=833986 cf_per = 0
Sat Jan 12 18:47:26 2019 us=833986 max_clients = 1024
Sat Jan 12 18:47:26 2019 us=833986 max_routes_per_client = 256
Sat Jan 12 18:47:26 2019 us=833986 auth_user_pass_verify_script = '[UNDEF]'
Sat Jan 12 18:47:26 2019 us=833986 auth_user_pass_verify_script_via_file = DISABLED
Sat Jan 12 18:47:26 2019 us=833986 auth_token_generate = DISABLED
Sat Jan 12 18:47:26 2019 us=833986 auth_token_lifetime = 0
Sat Jan 12 18:47:26 2019 us=833986 client = ENABLED
Sat Jan 12 18:47:26 2019 us=833986 pull = ENABLED
Sat Jan 12 18:47:26 2019 us=833986 auth_user_pass_file = 'stdin'
Sat Jan 12 18:47:26 2019 us=833986 show_net_up = DISABLED
Sat Jan 12 18:47:26 2019 us=833986 route_method = 0
Sat Jan 12 18:47:26 2019 us=833986 block_outside_dns = DISABLED
Sat Jan 12 18:47:26 2019 us=833986 ip_win32_defined = DISABLED
Sat Jan 12 18:47:26 2019 us=833986 ip_win32_type = 3
Sat Jan 12 18:47:26 2019 us=833986 dhcp_masq_offset = 0
Sat Jan 12 18:47:26 2019 us=833986 dhcp_lease_time = 31536000
Sat Jan 12 18:47:26 2019 us=833986 tap_sleep = 0
Sat Jan 12 18:47:26 2019 us=833986 dhcp_options = DISABLED
Sat Jan 12 18:47:26 2019 us=833986 dhcp_renew = DISABLED
Sat Jan 12 18:47:26 2019 us=833986 dhcp_pre_release = DISABLED
Sat Jan 12 18:47:26 2019 us=833986 domain = '[UNDEF]'
Sat Jan 12 18:47:26 2019 us=833986 netbios_scope = '[UNDEF]'
Sat Jan 12 18:47:26 2019 us=833986 netbios_node_type = 0
Sat Jan 12 18:47:26 2019 us=833986 disable_nbt = DISABLED
Sat Jan 12 18:47:26 2019 us=833986 OpenVPN 2.4.6 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Apr 26 2018
Sat Jan 12 18:47:26 2019 us=833986 Windows version 6.2 (Windows 8 or greater) 64bit
Sat Jan 12 18:47:26 2019 us=833986 library versions: OpenSSL 1.1.0h 27 Mar 2018, LZO 2.10
Enter Management Password:
Sat Jan 12 18:47:26 2019 us=834984 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25341
Sat Jan 12 18:47:26 2019 us=834984 Need hold release from management interface, waiting...
Sat Jan 12 18:47:27 2019 us=333808 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25341
Sat Jan 12 18:47:27 2019 us=435299 MANAGEMENT: CMD 'state on'
Sat Jan 12 18:47:27 2019 us=435299 MANAGEMENT: CMD 'log all on'
Sat Jan 12 18:47:27 2019 us=558939 MANAGEMENT: CMD 'echo all on'
Sat Jan 12 18:47:27 2019 us=558939 MANAGEMENT: CMD 'bytecount 5'
Sat Jan 12 18:47:27 2019 us=561366 MANAGEMENT: CMD 'hold off'
Sat Jan 12 18:47:27 2019 us=562365 MANAGEMENT: CMD 'hold release'
Sat Jan 12 18:47:30 2019 us=3105 MANAGEMENT: CMD 'username "Auth" "<login>"'
Sat Jan 12 18:47:30 2019 us=9528 MANAGEMENT: CMD 'password [...]'
Sat Jan 12 18:47:30 2019 us=11523 Control Channel MTU parms [ L:1657 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Sat Jan 12 18:47:30 2019 us=11523 Data Channel MTU parms [ L:1657 D:1452 EF:125 EB:412 ET:32 EL:3 ]
Sat Jan 12 18:47:30 2019 us=11523 Fragmentation MTU parms [ L:1657 D:1452 EF:125 EB:412 ET:32 EL:3 ]
Sat Jan 12 18:47:30 2019 us=11523 Local Options String (VER=V4): 'V4,dev-type tap,link-mtu 1593,tun-mtu 1532,proto UDPv4,mtu-dynamic,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-client'
Sat Jan 12 18:47:30 2019 us=11523 Expected Remote Options String (VER=V4): 'V4,dev-type tap,link-mtu 1593,tun-mtu 1532,proto UDPv4,mtu-dynamic,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-server'
Sat Jan 12 18:47:30 2019 us=11523 TCP/UDP: Preserving recently used remote address: [AF_INET]<server_public_ip>:<server_public_port>
Sat Jan 12 18:47:30 2019 us=11523 Socket Buffers: R=[65536->65536] S=[65536->65536]
Sat Jan 12 18:47:30 2019 us=11523 UDP link local: (not bound)
Sat Jan 12 18:47:30 2019 us=11523 UDP link remote: [AF_INET]<server_public_ip>:<server_public_port>
Sat Jan 12 18:47:30 2019 us=11523 MANAGEMENT: >STATE:1547315250,WAIT,,,,,,
Sat Jan 12 18:47:30 2019 us=122026 MANAGEMENT: >STATE:1547315250,AUTH,,,,,,
Sat Jan 12 18:47:30 2019 us=122026 TLS: Initial packet from [AF_INET]<server_public_ip>:<server_public_port>, sid=ed734c85 da5337d7
Sat Jan 12 18:47:30 2019 us=122838 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sat Jan 12 18:47:30 2019 us=398826 VERIFY OK: depth=1, C=FR, O=Freebox SA, CN=Freebox OpenVPN server CA for <32 character long string>
Sat Jan 12 18:47:30 2019 us=398826 VERIFY KU OK
Sat Jan 12 18:47:30 2019 us=398826 Validating certificate extended key usage
Sat Jan 12 18:47:30 2019 us=399817 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Sat Jan 12 18:47:30 2019 us=399817 VERIFY EKU OK
Sat Jan 12 18:47:30 2019 us=399817 VERIFY X509NAME OK: C=FR, O=Freebox SA, CN=Freebox OpenVPN server <32 character long string>
Sat Jan 12 18:47:30 2019 us=399817 VERIFY OK: depth=0, C=FR, O=Freebox SA, CN=Freebox OpenVPN server <32 character long string>
Sat Jan 12 18:47:30 2019 us=836154 Control Channel: TLSv1.2, cipher TLSv1.2 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Sat Jan 12 18:47:30 2019 us=836154 [Freebox OpenVPN server <32 character long string>] Peer Connection Initiated with [AF_INET]<server_public_ip>:<server_public_port>
Sat Jan 12 18:47:32 2019 us=8229 MANAGEMENT: >STATE:1547315252,GET_CONFIG,,,,,,
Sat Jan 12 18:47:32 2019 us=8367 SENT CONTROL [Freebox OpenVPN server <32 character long string>]: 'PUSH_REQUEST' (status=1)
Sat Jan 12 18:47:32 2019 us=236712 PUSH: Received control message: 'PUSH_REPLY,ping 30,ping-restart 120'
Sat Jan 12 18:47:32 2019 us=236712 OPTIONS IMPORT: timers and/or timeouts modified
Sat Jan 12 18:47:32 2019 us=236712 Data Channel MTU parms [ L:1593 D:1452 EF:61 EB:412 ET:32 EL:3 ]
Sat Jan 12 18:47:32 2019 us=236712 Outgoing Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
Sat Jan 12 18:47:32 2019 us=236712 Outgoing Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Jan 12 18:47:32 2019 us=236712 Incoming Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
Sat Jan 12 18:47:32 2019 us=237755 Incoming Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Jan 12 18:47:32 2019 us=237755 interactive service msg_channel=0
Sat Jan 12 18:47:32 2019 us=237755 open_tun
Sat Jan 12 18:47:32 2019 us=240767 TAP-WIN32 device [OpenVPN 1] opened: \\.\Global\{88968B2C-B770-4895-B154-E0B666E1500F}.tap
Sat Jan 12 18:47:32 2019 us=241747 TAP-Windows Driver Version 9.21
Sat Jan 12 18:47:32 2019 us=241747 TAP-Windows MTU=1500
Sat Jan 12 18:47:32 2019 us=241747 Successful ARP Flush on interface [11] {88968B2C-B770-4895-B154-E0B666E1500F}
Sat Jan 12 18:47:37 2019 us=123076 TEST ROUTES: 0/0 succeeded len=0 ret=1 a=0 u/d=up
Sat Jan 12 18:47:37 2019 us=124071 Initialization Sequence Completed
Sat Jan 12 18:47:37 2019 us=124071 MANAGEMENT: >STATE:1547315257,CONNECTED,SUCCESS,,<server_public_ip>,<server_public_port>,,
Everything functions, but as I said I don't want the Internet trafic to be redirected over the VPN.
I read the manual https://community.openvpn.net/openvpn/w ... ectGateway and understood that the pull-filter could be used to prevent the server from pushing this new route (Dest : 0.0.0.0, Mask : 0.0.0.0, Gateway : 192.168.0.254, Interface : 192.168.0.18) I don't want.
So I changed the configuration file and added " pull-filter ignore "redirect-gateway" " :
Default client config with redirect-gateway ignored
client
verb 4
pull-filter ignore "redirect-gateway"
remote <server_public_ip> <server_public_port>
proto udp
nobind
dev-type tap
pull
dev tap0
auth-user-pass
auth-retry interact
fragment 1452
mssfix 1452
explicit-exit-notify 3
cipher AES-256-CBC
remote-cert-tls server
verify-x509-name "C=FR, O=Freebox SA, CN=Freebox OpenVPN server <32 character long string>"
# use tls-remote instead of verify-x509-name for deprecated openssl
# tls-remote "/C=FR/O=Freebox_SA/CN=Freebox_OpenVPN_server_<32 character long string>"
<ca>
-----BEGIN CERTIFICATE-----
# certificate
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
# certificate
-----END CERTIFICATE-----
</cert>
<extra-certs>
-----BEGIN CERTIFICATE-----
# certificate
-----END CERTIFICATE-----
</extra-certs>
<key>
-----BEGIN PRIVATE KEY-----
# key
-----END PRIVATE KEY-----
</key>
And this pull-filter option does nothing : After connecting with this modified profile I have the exact same behavior. Access to all ressources is OK, but Internet traffic is still redirected. Same log file as without the "pull filter" option (excepted that we see that the option is read from the config file), and same routing table as well.
Sat Jan 12 19:05:46 2019 us=121620 Current Parameter Settings:
Sat Jan 12 19:05:46 2019 us=122618 config = 'test_pull_filter.ovpn'
Sat Jan 12 19:05:46 2019 us=122618 mode = 0
Sat Jan 12 19:05:46 2019 us=122618 show_ciphers = DISABLED
Sat Jan 12 19:05:46 2019 us=122618 show_digests = DISABLED
Sat Jan 12 19:05:46 2019 us=122618 show_engines = DISABLED
Sat Jan 12 19:05:46 2019 us=122618 genkey = DISABLED
Sat Jan 12 19:05:46 2019 us=122618 key_pass_file = '[UNDEF]'
Sat Jan 12 19:05:46 2019 us=122618 show_tls_ciphers = DISABLED
Sat Jan 12 19:05:46 2019 us=122618 connect_retry_max = 0
Sat Jan 12 19:05:46 2019 us=122618 Connection profiles [0]:
Sat Jan 12 19:05:46 2019 us=122618 proto = udp
Sat Jan 12 19:05:46 2019 us=122618 local = '[UNDEF]'
Sat Jan 12 19:05:46 2019 us=122618 local_port = '[UNDEF]'
Sat Jan 12 19:05:46 2019 us=122618 remote = '<server_public_ip>'
Sat Jan 12 19:05:46 2019 us=122618 remote_port = '<server_public_port>'
Sat Jan 12 19:05:46 2019 us=122618 remote_float = DISABLED
Sat Jan 12 19:05:46 2019 us=122618 bind_defined = DISABLED
Sat Jan 12 19:05:46 2019 us=122618 bind_local = DISABLED
Sat Jan 12 19:05:46 2019 us=122618 bind_ipv6_only = DISABLED
Sat Jan 12 19:05:46 2019 us=122618 connect_retry_seconds = 5
Sat Jan 12 19:05:46 2019 us=122618 connect_timeout = 120
Sat Jan 12 19:05:46 2019 us=122618 socks_proxy_server = '[UNDEF]'
Sat Jan 12 19:05:46 2019 us=122618 socks_proxy_port = '[UNDEF]'
Sat Jan 12 19:05:46 2019 us=122618 tun_mtu = 1500
Sat Jan 12 19:05:46 2019 us=122618 tun_mtu_defined = ENABLED
Sat Jan 12 19:05:46 2019 us=122618 link_mtu = 1500
Sat Jan 12 19:05:46 2019 us=122618 link_mtu_defined = DISABLED
Sat Jan 12 19:05:46 2019 us=122618 tun_mtu_extra = 32
Sat Jan 12 19:05:46 2019 us=122618 tun_mtu_extra_defined = ENABLED
Sat Jan 12 19:05:46 2019 us=122618 mtu_discover_type = -1
Sat Jan 12 19:05:46 2019 us=122618 fragment = 1452
Sat Jan 12 19:05:46 2019 us=122618 mssfix = 1452
Sat Jan 12 19:05:46 2019 us=122618 explicit_exit_notification = 3
Sat Jan 12 19:05:46 2019 us=122618 Connection profiles END
Sat Jan 12 19:05:46 2019 us=122618 remote_random = DISABLED
Sat Jan 12 19:05:46 2019 us=122618 ipchange = '[UNDEF]'
Sat Jan 12 19:05:46 2019 us=122618 dev = 'tap0'
Sat Jan 12 19:05:46 2019 us=122618 dev_type = 'tap'
Sat Jan 12 19:05:46 2019 us=122618 dev_node = '[UNDEF]'
Sat Jan 12 19:05:46 2019 us=122618 lladdr = '[UNDEF]'
Sat Jan 12 19:05:46 2019 us=122618 topology = 1
Sat Jan 12 19:05:46 2019 us=122618 ifconfig_local = '[UNDEF]'
Sat Jan 12 19:05:46 2019 us=122618 ifconfig_remote_netmask = '[UNDEF]'
Sat Jan 12 19:05:46 2019 us=122618 ifconfig_noexec = DISABLED
Sat Jan 12 19:05:46 2019 us=122618 ifconfig_nowarn = DISABLED
Sat Jan 12 19:05:46 2019 us=122618 ifconfig_ipv6_local = '[UNDEF]'
Sat Jan 12 19:05:46 2019 us=122618 ifconfig_ipv6_netbits = 0
Sat Jan 12 19:05:46 2019 us=122618 ifconfig_ipv6_remote = '[UNDEF]'
Sat Jan 12 19:05:46 2019 us=122618 shaper = 0
Sat Jan 12 19:05:46 2019 us=122618 mtu_test = 0
Sat Jan 12 19:05:46 2019 us=122618 mlock = DISABLED
Sat Jan 12 19:05:46 2019 us=122618 keepalive_ping = 0
Sat Jan 12 19:05:46 2019 us=122618 keepalive_timeout = 0
Sat Jan 12 19:05:46 2019 us=122618 inactivity_timeout = 0
Sat Jan 12 19:05:46 2019 us=122618 ping_send_timeout = 0
Sat Jan 12 19:05:46 2019 us=122618 ping_rec_timeout = 0
Sat Jan 12 19:05:46 2019 us=122618 ping_rec_timeout_action = 0
Sat Jan 12 19:05:46 2019 us=122618 ping_timer_remote = DISABLED
Sat Jan 12 19:05:46 2019 us=122618 remap_sigusr1 = 0
Sat Jan 12 19:05:46 2019 us=122618 persist_tun = DISABLED
Sat Jan 12 19:05:46 2019 us=122618 persist_local_ip = DISABLED
Sat Jan 12 19:05:46 2019 us=122618 persist_remote_ip = DISABLED
Sat Jan 12 19:05:46 2019 us=122618 persist_key = DISABLED
Sat Jan 12 19:05:46 2019 us=122618 passtos = DISABLED
Sat Jan 12 19:05:46 2019 us=122618 resolve_retry_seconds = 1000000000
Sat Jan 12 19:05:46 2019 us=122618 resolve_in_advance = DISABLED
Sat Jan 12 19:05:46 2019 us=122618 username = '[UNDEF]'
Sat Jan 12 19:05:46 2019 us=122618 groupname = '[UNDEF]'
Sat Jan 12 19:05:46 2019 us=122618 chroot_dir = '[UNDEF]'
Sat Jan 12 19:05:46 2019 us=122618 cd_dir = '[UNDEF]'
Sat Jan 12 19:05:46 2019 us=122618 writepid = '[UNDEF]'
Sat Jan 12 19:05:46 2019 us=122618 up_script = '[UNDEF]'
Sat Jan 12 19:05:46 2019 us=122618 down_script = '[UNDEF]'
Sat Jan 12 19:05:46 2019 us=122618 down_pre = DISABLED
Sat Jan 12 19:05:46 2019 us=122618 up_restart = DISABLED
Sat Jan 12 19:05:46 2019 us=122618 up_delay = DISABLED
Sat Jan 12 19:05:46 2019 us=122618 daemon = DISABLED
Sat Jan 12 19:05:46 2019 us=122618 inetd = 0
Sat Jan 12 19:05:46 2019 us=122618 log = ENABLED
Sat Jan 12 19:05:46 2019 us=122618 suppress_timestamps = DISABLED
Sat Jan 12 19:05:46 2019 us=122618 machine_readable_output = DISABLED
Sat Jan 12 19:05:46 2019 us=122618 nice = 0
Sat Jan 12 19:05:46 2019 us=122618 verbosity = 4
Sat Jan 12 19:05:46 2019 us=122618 mute = 0
Sat Jan 12 19:05:46 2019 us=122618 gremlin = 0
Sat Jan 12 19:05:46 2019 us=122618 status_file = '[UNDEF]'
Sat Jan 12 19:05:46 2019 us=122618 status_file_version = 1
Sat Jan 12 19:05:46 2019 us=122618 status_file_update_freq = 60
Sat Jan 12 19:05:46 2019 us=122618 occ = ENABLED
Sat Jan 12 19:05:46 2019 us=122618 rcvbuf = 0
Sat Jan 12 19:05:46 2019 us=122618 sndbuf = 0
Sat Jan 12 19:05:46 2019 us=122618 sockflags = 0
Sat Jan 12 19:05:46 2019 us=122618 fast_io = DISABLED
Sat Jan 12 19:05:46 2019 us=122618 comp.alg = 0
Sat Jan 12 19:05:46 2019 us=122618 comp.flags = 0
Sat Jan 12 19:05:46 2019 us=122618 route_script = '[UNDEF]'
Sat Jan 12 19:05:46 2019 us=122618 route_default_gateway = '[UNDEF]'
Sat Jan 12 19:05:46 2019 us=122618 route_default_metric = 0
Sat Jan 12 19:05:46 2019 us=122618 route_noexec = DISABLED
Sat Jan 12 19:05:46 2019 us=122618 route_delay = 5
Sat Jan 12 19:05:46 2019 us=122618 route_delay_window = 30
Sat Jan 12 19:05:46 2019 us=122618 route_delay_defined = ENABLED
Sat Jan 12 19:05:46 2019 us=122618 route_nopull = DISABLED
Sat Jan 12 19:05:46 2019 us=122618 route_gateway_via_dhcp = DISABLED
Sat Jan 12 19:05:46 2019 us=122618 allow_pull_fqdn = DISABLED
Sat Jan 12 19:05:46 2019 us=122618 Pull filters:
Sat Jan 12 19:05:46 2019 us=122618 ignore "redirect-gateway"
Sat Jan 12 19:05:46 2019 us=122618 management_addr = '127.0.0.1'
Sat Jan 12 19:05:46 2019 us=122618 management_port = '25342'
Sat Jan 12 19:05:46 2019 us=122618 management_user_pass = 'stdin'
Sat Jan 12 19:05:46 2019 us=122618 management_log_history_cache = 250
Sat Jan 12 19:05:46 2019 us=122618 management_echo_buffer_size = 100
Sat Jan 12 19:05:46 2019 us=122618 management_write_peer_info_file = '[UNDEF]'
Sat Jan 12 19:05:46 2019 us=122618 management_client_user = '[UNDEF]'
Sat Jan 12 19:05:46 2019 us=122618 management_client_group = '[UNDEF]'
Sat Jan 12 19:05:46 2019 us=122618 management_flags = 6
Sat Jan 12 19:05:46 2019 us=122618 shared_secret_file = '[UNDEF]'
Sat Jan 12 19:05:46 2019 us=122618 key_direction = not set
Sat Jan 12 19:05:46 2019 us=122618 ciphername = 'AES-256-CBC'
Sat Jan 12 19:05:46 2019 us=122618 ncp_enabled = ENABLED
Sat Jan 12 19:05:46 2019 us=122618 ncp_ciphers = 'AES-256-GCM:AES-128-GCM'
Sat Jan 12 19:05:46 2019 us=122618 authname = 'SHA1'
Sat Jan 12 19:05:46 2019 us=122618 prng_hash = 'SHA1'
Sat Jan 12 19:05:46 2019 us=122618 prng_nonce_secret_len = 16
Sat Jan 12 19:05:46 2019 us=122618 keysize = 0
Sat Jan 12 19:05:46 2019 us=122618 engine = DISABLED
Sat Jan 12 19:05:46 2019 us=122618 replay = ENABLED
Sat Jan 12 19:05:46 2019 us=122618 mute_replay_warnings = DISABLED
Sat Jan 12 19:05:46 2019 us=122618 replay_window = 64
Sat Jan 12 19:05:46 2019 us=122618 replay_time = 15
Sat Jan 12 19:05:46 2019 us=122618 packet_id_file = '[UNDEF]'
Sat Jan 12 19:05:46 2019 us=122618 use_iv = ENABLED
Sat Jan 12 19:05:46 2019 us=122618 test_crypto = DISABLED
Sat Jan 12 19:05:46 2019 us=122618 tls_server = DISABLED
Sat Jan 12 19:05:46 2019 us=122618 tls_client = ENABLED
Sat Jan 12 19:05:46 2019 us=122618 key_method = 2
Sat Jan 12 19:05:46 2019 us=122618 ca_file = '[[INLINE]]'
Sat Jan 12 19:05:46 2019 us=122618 ca_path = '[UNDEF]'
Sat Jan 12 19:05:46 2019 us=122618 dh_file = '[UNDEF]'
Sat Jan 12 19:05:46 2019 us=122618 cert_file = '[[INLINE]]'
Sat Jan 12 19:05:46 2019 us=122618 extra_certs_file = '[[INLINE]]'
Sat Jan 12 19:05:46 2019 us=122618 priv_key_file = '[[INLINE]]'
Sat Jan 12 19:05:46 2019 us=123617 pkcs12_file = '[UNDEF]'
Sat Jan 12 19:05:46 2019 us=123617 cryptoapi_cert = '[UNDEF]'
Sat Jan 12 19:05:46 2019 us=123617 cipher_list = '[UNDEF]'
Sat Jan 12 19:05:46 2019 us=123617 tls_cert_profile = '[UNDEF]'
Sat Jan 12 19:05:46 2019 us=123617 tls_verify = '[UNDEF]'
Sat Jan 12 19:05:46 2019 us=123617 tls_export_cert = '[UNDEF]'
Sat Jan 12 19:05:46 2019 us=123617 verify_x509_type = 1
Sat Jan 12 19:05:46 2019 us=123617 verify_x509_name = 'C=FR, O=Freebox SA, CN=Freebox OpenVPN server <32 character long string>'
Sat Jan 12 19:05:46 2019 us=123617 crl_file = '[UNDEF]'
Sat Jan 12 19:05:46 2019 us=123617 ns_cert_type = 0
Sat Jan 12 19:05:46 2019 us=123617 remote_cert_ku[i] = 65535
Sat Jan 12 19:05:46 2019 us=123617 remote_cert_ku[i] = 0
Sat Jan 12 19:05:46 2019 us=123617 remote_cert_ku[i] = 0
Sat Jan 12 19:05:46 2019 us=123617 remote_cert_ku[i] = 0
Sat Jan 12 19:05:46 2019 us=123617 remote_cert_ku[i] = 0
Sat Jan 12 19:05:46 2019 us=123617 remote_cert_ku[i] = 0
Sat Jan 12 19:05:46 2019 us=123617 remote_cert_ku[i] = 0
Sat Jan 12 19:05:46 2019 us=123617 remote_cert_ku[i] = 0
Sat Jan 12 19:05:46 2019 us=123617 remote_cert_ku[i] = 0
Sat Jan 12 19:05:46 2019 us=123617 remote_cert_ku[i] = 0
Sat Jan 12 19:05:46 2019 us=123617 remote_cert_ku[i] = 0
Sat Jan 12 19:05:46 2019 us=123617 remote_cert_ku[i] = 0
Sat Jan 12 19:05:46 2019 us=123617 remote_cert_ku[i] = 0
Sat Jan 12 19:05:46 2019 us=123617 remote_cert_ku[i] = 0
Sat Jan 12 19:05:46 2019 us=123617 remote_cert_ku[i] = 0
Sat Jan 12 19:05:46 2019 us=123617 remote_cert_ku[i] = 0
Sat Jan 12 19:05:46 2019 us=123617 remote_cert_eku = 'TLS Web Server Authentication'
Sat Jan 12 19:05:46 2019 us=123617 ssl_flags = 0
Sat Jan 12 19:05:46 2019 us=123617 tls_timeout = 2
Sat Jan 12 19:05:46 2019 us=123617 renegotiate_bytes = -1
Sat Jan 12 19:05:46 2019 us=123617 renegotiate_packets = 0
Sat Jan 12 19:05:46 2019 us=123617 renegotiate_seconds = 3600
Sat Jan 12 19:05:46 2019 us=123617 handshake_window = 60
Sat Jan 12 19:05:46 2019 us=123617 transition_window = 3600
Sat Jan 12 19:05:46 2019 us=123617 single_session = DISABLED
Sat Jan 12 19:05:46 2019 us=123617 push_peer_info = DISABLED
Sat Jan 12 19:05:46 2019 us=123617 tls_exit = DISABLED
Sat Jan 12 19:05:46 2019 us=123617 tls_auth_file = '[UNDEF]'
Sat Jan 12 19:05:46 2019 us=123617 tls_crypt_file = '[UNDEF]'
Sat Jan 12 19:05:46 2019 us=123617 pkcs11_protected_authentication = DISABLED
Sat Jan 12 19:05:46 2019 us=123617 pkcs11_protected_authentication = DISABLED
Sat Jan 12 19:05:46 2019 us=123617 pkcs11_protected_authentication = DISABLED
Sat Jan 12 19:05:46 2019 us=123617 pkcs11_protected_authentication = DISABLED
Sat Jan 12 19:05:46 2019 us=123617 pkcs11_protected_authentication = DISABLED
Sat Jan 12 19:05:46 2019 us=123617 pkcs11_protected_authentication = DISABLED
Sat Jan 12 19:05:46 2019 us=123617 pkcs11_protected_authentication = DISABLED
Sat Jan 12 19:05:46 2019 us=123617 pkcs11_protected_authentication = DISABLED
Sat Jan 12 19:05:46 2019 us=123617 pkcs11_protected_authentication = DISABLED
Sat Jan 12 19:05:46 2019 us=123617 pkcs11_protected_authentication = DISABLED
Sat Jan 12 19:05:46 2019 us=123617 pkcs11_protected_authentication = DISABLED
Sat Jan 12 19:05:46 2019 us=123617 pkcs11_protected_authentication = DISABLED
Sat Jan 12 19:05:46 2019 us=123617 pkcs11_protected_authentication = DISABLED
Sat Jan 12 19:05:46 2019 us=123617 pkcs11_protected_authentication = DISABLED
Sat Jan 12 19:05:46 2019 us=123617 pkcs11_protected_authentication = DISABLED
Sat Jan 12 19:05:46 2019 us=123617 pkcs11_protected_authentication = DISABLED
Sat Jan 12 19:05:46 2019 us=123617 pkcs11_private_mode = 00000000
Sat Jan 12 19:05:46 2019 us=123617 pkcs11_private_mode = 00000000
Sat Jan 12 19:05:46 2019 us=123617 pkcs11_private_mode = 00000000
Sat Jan 12 19:05:46 2019 us=123617 pkcs11_private_mode = 00000000
Sat Jan 12 19:05:46 2019 us=123617 pkcs11_private_mode = 00000000
Sat Jan 12 19:05:46 2019 us=123617 pkcs11_private_mode = 00000000
Sat Jan 12 19:05:46 2019 us=123617 pkcs11_private_mode = 00000000
Sat Jan 12 19:05:46 2019 us=123617 pkcs11_private_mode = 00000000
Sat Jan 12 19:05:46 2019 us=123617 pkcs11_private_mode = 00000000
Sat Jan 12 19:05:46 2019 us=123617 pkcs11_private_mode = 00000000
Sat Jan 12 19:05:46 2019 us=123617 pkcs11_private_mode = 00000000
Sat Jan 12 19:05:46 2019 us=123617 pkcs11_private_mode = 00000000
Sat Jan 12 19:05:46 2019 us=123617 pkcs11_private_mode = 00000000
Sat Jan 12 19:05:46 2019 us=123617 pkcs11_private_mode = 00000000
Sat Jan 12 19:05:46 2019 us=123617 pkcs11_private_mode = 00000000
Sat Jan 12 19:05:46 2019 us=123617 pkcs11_private_mode = 00000000
Sat Jan 12 19:05:46 2019 us=123617 pkcs11_cert_private = DISABLED
Sat Jan 12 19:05:46 2019 us=123617 pkcs11_cert_private = DISABLED
Sat Jan 12 19:05:46 2019 us=123617 pkcs11_cert_private = DISABLED
Sat Jan 12 19:05:46 2019 us=123617 pkcs11_cert_private = DISABLED
Sat Jan 12 19:05:46 2019 us=123617 pkcs11_cert_private = DISABLED
Sat Jan 12 19:05:46 2019 us=123617 pkcs11_cert_private = DISABLED
Sat Jan 12 19:05:46 2019 us=123617 pkcs11_cert_private = DISABLED
Sat Jan 12 19:05:46 2019 us=123617 pkcs11_cert_private = DISABLED
Sat Jan 12 19:05:46 2019 us=123617 pkcs11_cert_private = DISABLED
Sat Jan 12 19:05:46 2019 us=123617 pkcs11_cert_private = DISABLED
Sat Jan 12 19:05:46 2019 us=123617 pkcs11_cert_private = DISABLED
Sat Jan 12 19:05:46 2019 us=123617 pkcs11_cert_private = DISABLED
Sat Jan 12 19:05:46 2019 us=123617 pkcs11_cert_private = DISABLED
Sat Jan 12 19:05:46 2019 us=123617 pkcs11_cert_private = DISABLED
Sat Jan 12 19:05:46 2019 us=123617 pkcs11_cert_private = DISABLED
Sat Jan 12 19:05:46 2019 us=123617 pkcs11_cert_private = DISABLED
Sat Jan 12 19:05:46 2019 us=123617 pkcs11_pin_cache_period = -1
Sat Jan 12 19:05:46 2019 us=123617 pkcs11_id = '[UNDEF]'
Sat Jan 12 19:05:46 2019 us=123617 pkcs11_id_management = DISABLED
Sat Jan 12 19:05:46 2019 us=123617 server_network = 0.0.0.0
Sat Jan 12 19:05:46 2019 us=123617 server_netmask = 0.0.0.0
Sat Jan 12 19:05:46 2019 us=123617 server_network_ipv6 = ::
Sat Jan 12 19:05:46 2019 us=123617 server_netbits_ipv6 = 0
Sat Jan 12 19:05:46 2019 us=123617 server_bridge_ip = 0.0.0.0
Sat Jan 12 19:05:46 2019 us=123617 server_bridge_netmask = 0.0.0.0
Sat Jan 12 19:05:46 2019 us=123617 server_bridge_pool_start = 0.0.0.0
Sat Jan 12 19:05:46 2019 us=123617 server_bridge_pool_end = 0.0.0.0
Sat Jan 12 19:05:46 2019 us=123617 ifconfig_pool_defined = DISABLED
Sat Jan 12 19:05:46 2019 us=123617 ifconfig_pool_start = 0.0.0.0
Sat Jan 12 19:05:46 2019 us=123617 ifconfig_pool_end = 0.0.0.0
Sat Jan 12 19:05:46 2019 us=123617 ifconfig_pool_netmask = 0.0.0.0
Sat Jan 12 19:05:46 2019 us=123617 ifconfig_pool_persist_filename = '[UNDEF]'
Sat Jan 12 19:05:46 2019 us=123617 ifconfig_pool_persist_refresh_freq = 600
Sat Jan 12 19:05:46 2019 us=123617 ifconfig_ipv6_pool_defined = DISABLED
Sat Jan 12 19:05:46 2019 us=123617 ifconfig_ipv6_pool_base = ::
Sat Jan 12 19:05:46 2019 us=123617 ifconfig_ipv6_pool_netbits = 0
Sat Jan 12 19:05:46 2019 us=123617 n_bcast_buf = 256
Sat Jan 12 19:05:46 2019 us=123617 tcp_queue_limit = 64
Sat Jan 12 19:05:46 2019 us=123617 real_hash_size = 256
Sat Jan 12 19:05:46 2019 us=123617 virtual_hash_size = 256
Sat Jan 12 19:05:46 2019 us=123617 client_connect_script = '[UNDEF]'
Sat Jan 12 19:05:46 2019 us=123617 learn_address_script = '[UNDEF]'
Sat Jan 12 19:05:46 2019 us=123617 client_disconnect_script = '[UNDEF]'
Sat Jan 12 19:05:46 2019 us=123617 client_config_dir = '[UNDEF]'
Sat Jan 12 19:05:46 2019 us=123617 ccd_exclusive = DISABLED
Sat Jan 12 19:05:46 2019 us=123617 tmp_dir = 'C:\Users\Frederik\AppData\Local\Temp\'
Sat Jan 12 19:05:46 2019 us=123617 push_ifconfig_defined = DISABLED
Sat Jan 12 19:05:46 2019 us=123617 push_ifconfig_local = 0.0.0.0
Sat Jan 12 19:05:46 2019 us=123617 push_ifconfig_remote_netmask = 0.0.0.0
Sat Jan 12 19:05:46 2019 us=123617 push_ifconfig_ipv6_defined = DISABLED
Sat Jan 12 19:05:46 2019 us=123617 push_ifconfig_ipv6_local = ::/0
Sat Jan 12 19:05:46 2019 us=123617 push_ifconfig_ipv6_remote = ::
Sat Jan 12 19:05:46 2019 us=123617 enable_c2c = DISABLED
Sat Jan 12 19:05:46 2019 us=123617 duplicate_cn = DISABLED
Sat Jan 12 19:05:46 2019 us=123617 cf_max = 0
Sat Jan 12 19:05:46 2019 us=123617 cf_per = 0
Sat Jan 12 19:05:46 2019 us=123617 max_clients = 1024
Sat Jan 12 19:05:46 2019 us=123617 max_routes_per_client = 256
Sat Jan 12 19:05:46 2019 us=123617 auth_user_pass_verify_script = '[UNDEF]'
Sat Jan 12 19:05:46 2019 us=123617 auth_user_pass_verify_script_via_file = DISABLED
Sat Jan 12 19:05:46 2019 us=123617 auth_token_generate = DISABLED
Sat Jan 12 19:05:46 2019 us=123617 auth_token_lifetime = 0
Sat Jan 12 19:05:46 2019 us=123617 client = ENABLED
Sat Jan 12 19:05:46 2019 us=123617 pull = ENABLED
Sat Jan 12 19:05:46 2019 us=123617 auth_user_pass_file = 'stdin'
Sat Jan 12 19:05:46 2019 us=123617 show_net_up = DISABLED
Sat Jan 12 19:05:46 2019 us=123617 route_method = 0
Sat Jan 12 19:05:46 2019 us=123617 block_outside_dns = DISABLED
Sat Jan 12 19:05:46 2019 us=123617 ip_win32_defined = DISABLED
Sat Jan 12 19:05:46 2019 us=123617 ip_win32_type = 3
Sat Jan 12 19:05:46 2019 us=123617 dhcp_masq_offset = 0
Sat Jan 12 19:05:46 2019 us=123617 dhcp_lease_time = 31536000
Sat Jan 12 19:05:46 2019 us=123617 tap_sleep = 0
Sat Jan 12 19:05:46 2019 us=123617 dhcp_options = DISABLED
Sat Jan 12 19:05:46 2019 us=123617 dhcp_renew = DISABLED
Sat Jan 12 19:05:46 2019 us=123617 dhcp_pre_release = DISABLED
Sat Jan 12 19:05:46 2019 us=123617 domain = '[UNDEF]'
Sat Jan 12 19:05:46 2019 us=123617 netbios_scope = '[UNDEF]'
Sat Jan 12 19:05:46 2019 us=123617 netbios_node_type = 0
Sat Jan 12 19:05:46 2019 us=123617 disable_nbt = DISABLED
Sat Jan 12 19:05:46 2019 us=123617 OpenVPN 2.4.6 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Apr 26 2018
Sat Jan 12 19:05:46 2019 us=123617 Windows version 6.2 (Windows 8 or greater) 64bit
Sat Jan 12 19:05:46 2019 us=123617 library versions: OpenSSL 1.1.0h 27 Mar 2018, LZO 2.10
Enter Management Password:
Sat Jan 12 19:05:46 2019 us=124613 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25342
Sat Jan 12 19:05:46 2019 us=124613 Need hold release from management interface, waiting...
Sat Jan 12 19:05:46 2019 us=610857 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25342
Sat Jan 12 19:05:46 2019 us=712978 MANAGEMENT: CMD 'state on'
Sat Jan 12 19:05:46 2019 us=712978 MANAGEMENT: CMD 'log all on'
Sat Jan 12 19:05:46 2019 us=811519 MANAGEMENT: CMD 'echo all on'
Sat Jan 12 19:05:46 2019 us=812516 MANAGEMENT: CMD 'bytecount 5'
Sat Jan 12 19:05:46 2019 us=813515 MANAGEMENT: CMD 'hold off'
Sat Jan 12 19:05:46 2019 us=814592 MANAGEMENT: CMD 'hold release'
Sat Jan 12 19:05:48 2019 us=59691 MANAGEMENT: CMD 'username "Auth" "<login>"'
Sat Jan 12 19:05:48 2019 us=66907 MANAGEMENT: CMD 'password [...]'
Sat Jan 12 19:05:48 2019 us=68901 Control Channel MTU parms [ L:1657 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Sat Jan 12 19:05:48 2019 us=68901 Data Channel MTU parms [ L:1657 D:1452 EF:125 EB:412 ET:32 EL:3 ]
Sat Jan 12 19:05:48 2019 us=68901 Fragmentation MTU parms [ L:1657 D:1452 EF:125 EB:412 ET:32 EL:3 ]
Sat Jan 12 19:05:48 2019 us=68901 Local Options String (VER=V4): 'V4,dev-type tap,link-mtu 1593,tun-mtu 1532,proto UDPv4,mtu-dynamic,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-client'
Sat Jan 12 19:05:48 2019 us=68901 Expected Remote Options String (VER=V4): 'V4,dev-type tap,link-mtu 1593,tun-mtu 1532,proto UDPv4,mtu-dynamic,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-server'
Sat Jan 12 19:05:48 2019 us=68901 TCP/UDP: Preserving recently used remote address: [AF_INET]<server_public_ip>:<server_public_port>
Sat Jan 12 19:05:48 2019 us=68901 Socket Buffers: R=[65536->65536] S=[65536->65536]
Sat Jan 12 19:05:48 2019 us=68901 UDP link local: (not bound)
Sat Jan 12 19:05:48 2019 us=68901 UDP link remote: [AF_INET]<server_public_ip>:<server_public_port>
Sat Jan 12 19:05:48 2019 us=68901 MANAGEMENT: >STATE:1547316348,WAIT,,,,,,
Sat Jan 12 19:05:48 2019 us=270605 MANAGEMENT: >STATE:1547316348,AUTH,,,,,,
Sat Jan 12 19:05:48 2019 us=270605 TLS: Initial packet from [AF_INET]<server_public_ip>:<server_public_port>, sid=67eb63cb 7fedd297
Sat Jan 12 19:05:48 2019 us=270605 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sat Jan 12 19:05:51 2019 us=793335 VERIFY OK: depth=1, C=FR, O=Freebox SA, CN=Freebox OpenVPN server CA for <32 character long string>
Sat Jan 12 19:05:51 2019 us=793335 VERIFY KU OK
Sat Jan 12 19:05:51 2019 us=793335 Validating certificate extended key usage
Sat Jan 12 19:05:51 2019 us=793335 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Sat Jan 12 19:05:51 2019 us=793335 VERIFY EKU OK
Sat Jan 12 19:05:51 2019 us=793335 VERIFY X509NAME OK: C=FR, O=Freebox SA, CN=Freebox OpenVPN server <32 character long string>
Sat Jan 12 19:05:51 2019 us=793335 VERIFY OK: depth=0, C=FR, O=Freebox SA, CN=Freebox OpenVPN server <32 character long string>
Sat Jan 12 19:05:52 2019 us=198978 Control Channel: TLSv1.2, cipher TLSv1.2 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Sat Jan 12 19:05:52 2019 us=198978 [Freebox OpenVPN server <32 character long string>] Peer Connection Initiated with [AF_INET]<server_public_ip>:<server_public_port>
Sat Jan 12 19:05:53 2019 us=238415 MANAGEMENT: >STATE:1547316353,GET_CONFIG,,,,,,
Sat Jan 12 19:05:53 2019 us=238415 SENT CONTROL [Freebox OpenVPN server <32 character long string>]: 'PUSH_REQUEST' (status=1)
Sat Jan 12 19:05:53 2019 us=390964 PUSH: Received control message: 'PUSH_REPLY,ping 30,ping-restart 120'
Sat Jan 12 19:05:53 2019 us=390964 OPTIONS IMPORT: timers and/or timeouts modified
Sat Jan 12 19:05:53 2019 us=390964 Data Channel MTU parms [ L:1593 D:1452 EF:61 EB:412 ET:32 EL:3 ]
Sat Jan 12 19:05:53 2019 us=390964 Outgoing Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
Sat Jan 12 19:05:53 2019 us=390964 Outgoing Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Jan 12 19:05:53 2019 us=390964 Incoming Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
Sat Jan 12 19:05:53 2019 us=390964 Incoming Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Jan 12 19:05:53 2019 us=390964 interactive service msg_channel=0
Sat Jan 12 19:05:53 2019 us=390964 open_tun
Sat Jan 12 19:05:53 2019 us=394958 TAP-WIN32 device [OpenVPN 1] opened: \\.\Global\{88968B2C-B770-4895-B154-E0B666E1500F}.tap
Sat Jan 12 19:05:53 2019 us=394958 TAP-Windows Driver Version 9.21
Sat Jan 12 19:05:53 2019 us=394958 TAP-Windows MTU=1500
Sat Jan 12 19:05:53 2019 us=395956 Successful ARP Flush on interface [11] {88968B2C-B770-4895-B154-E0B666E1500F}
Sat Jan 12 19:05:58 2019 us=221772 TEST ROUTES: 0/0 succeeded len=0 ret=1 a=0 u/d=up
Sat Jan 12 19:05:58 2019 us=221772 Initialization Sequence Completed
Sat Jan 12 19:05:58 2019 us=221772 MANAGEMENT: >STATE:1547316358,CONNECTED,SUCCESS,,<server_public_ip>,<server_public_port>,,
This 0.0.0.0 - 0.0.0.0 - 192.168.0.254 - 192.168.0.18 entry is still here.
So, while a workaround can be used (setting the metric to 1998, so that in the end the right gateway is always preffered), the redirect-gateway should have produced some effect, am I wrong ?
And since I wanted to confirm that I wasn't able to resolve the issue using another option, I then tried all of this : pull-filter ignore "route" , pull-filter ignore "ifconfig" , route-nopull , route-noexec, grouped or individually, with or without double quotes (one never knows ?), at various places of the config files... Always the same result : identical log files excepted that they show the options are read in the config file, identical routing tables, access to remote LAN is always OK, and each time all Internet trafic redirected over the tunnel.
I have a working configuration, there is one particular behavior I want to modify, there is an option that is supposed to do precisely what I want to achieve, I use it and it's doing nothing.
Now I told you everything - Does nothing really jump out at anyone indicating what precisely I am not using correctly, or that, maybe, something does not work as it should within my installation of the OpenVPN client (the software itself, not the config) ?
Sat Jan 12 18:47:32 2019 us=8367 SENT CONTROL [Freebox OpenVPN server <32 character long string>]: 'PUSH_REQUEST' (status=1)
Sat Jan 12 18:47:32 2019 us=236712 PUSH: Received control message: 'PUSH_REPLY,ping 30,ping-restart 120' S
Anyway .. you will have to speak to your server admin.
Dear TinCanTech, I can't understand your latest post.
My first post lacked the output of a netstat -r and the content of log and config files - OK, thought my words were clear enough, they were not, you need raw facts and files to begin to investigate a bit and give help. I cannot disagree with that.
Since then I posted all possible information, I wrote a lengthy post to put everything together because, OK, I cannot expect that one reads 3 posts to find all elements and it's easier to find everything at the same place.
Now if someone bothers writing a reply to me after all the information I gave, I was expecting at least either "your config looks fine, the software logs look fine as well, your Windows 10 is probably buggy", or "This is weird, let's increase the verbosity of the logs because it's not functioning as it is supposed to"...
Or "Sorry, I cannot see the issue, try and ask X or Y".
Or even maybe "You did not read the manual, you can't expect it to work, your config file is still broken" - why not with a hint at were the problem is.
But why arguing about what I obscured and not in the log files, especially when there is absolutely nothing obscured in the PUSH_REPLY line you highlighted ??
Or maybe it was about the <32 character long string> : but is it an issue that makes my case more difficult to understand ? What if I just don't want to give away some ID that could potentially identify some server which is not public ? Seemed to me that it was just common sense...
For now, I am having an issue with OpenVPN client software, with something I think is an identified feature, which I am trying to use according to what is in the manual, and... "Talk to the server admin".
If for some reason you're fed up with this case, do not bother replying and please let others do if they want to.
If I am being a stupid user who can't read and understand what's in front of his eyes, then I suggest you close the topic and maybe turn it into something useful, like adding my question to "Read this first - exemples of what we don't want to read in this forum".
This whole conversation gives me the strange impression I ended up in the twilight zone - but at least you replied politely and now I understand why you don't go further on the analysis.
You think I have some kind of control on the server, settings and you also think I removed things from the PUSH_REPLY log line. Well, I don't (I can just choose username and password) and I didn't (these are really the unmodified PUSH_REPLY lines).
I was a bit surprised as I began to search by myself, since almost all posts of OpenVPN logs appearing on Google include some route commands, topology, or whatsoever. In my logs, there aren't any. I thought initially that maybe this was because I am connected to a bridged tunnel, but it seems that receiving such a PUSH_REPLY is almost impossible and this makes you think I hid something. Too bad for me.
In fact I googled "PUSH_REPLY,ping 30,ping-restart 120" and there are around 10 results including this thread - I can't blame you for not knowing everything about all improbable cases.
As far as I'm concerned, I'm done with this request and this forum as well, I will find other ways to build the connection I need.
One last word of advice (and I really say this in a friendly way, I imagine my English may sound ruder than what I mean) : while you are certainly proficient at troubleshooting issues, you don't know everything. So, it could be a good idea to not necessarily impute motives to people, because sometimes it just might be a combination of (tiny) lacks of knowledge and/or experience : on the side of the person asking for help, and on yours.
Hi Juspion,
I experience your problem as well. A default gateway route is added no matter what I try. Were you able to fix your problem in the end? And if yes, do you remember the solution?
By the way, I read the full discussion.... and I must say that the way how your problem, but even more you as a person, were treated by TinCanTech is crazy. This guy should be banned from the forum...
Hi Juspion,
I experience your problem as well. A default gateway route is added no matter what I try. Were you able to fix your problem in the end? And if yes, do you remember the solution?
By the way, I read the full discussion.... and I must say that the way how your problem, but even more you as a person, were treated by TinCanTech is crazy. This guy should be banned from the forum...
All he want to do is make it confuse to all people in here and then make a contact to him for pay to help . if you check all his 's post and you will know that point . yes we sometime need pay something to save time to deal with trouble but this way cause more trouble for people confuse and then ask to contact for help is the same trick use as scareware on internet and should avoid.
You can check all my posts and all his posts to see the trouble with people come here to ask .that will say all things
Let me help you to deal with your trouble just add this lines to your client config and connect it again , it should do the trick for you
All he want to do is make it confuse to all people
People cannot do what the OP here tried to do and you should know that .. but obviously you don't know either..
Your de-facto answer is off-topic and useless.
If you don't stop harassing me then I may have to take action ..
Edit:
I help people when they have problems with OpenVPN.
In general I point them to the relevant howto article.
When people screw with their network and/or somebody else's in ways they don't understand ..
If they want my help hacking their boss (or what-ever) then they can pay me .. or you, if you like ..
But if you want to know what "take action" means then you just carry on
spouting nonsense in very bad English
and bad mouthing me at the same time.
Old post but I figure I would share real quick how I fixed the same issue as this drove me crazy too yesterday.
What happens is that Windows adds a new default route (0.0.0.0/0) for any enabled connection/device. This is not OpenVPN-specific.
The issue is that the latest connection, say the TAP-adapter used by OpenVPN (NETGEAR-VPN for me), gets a lower metric than the LAN/Wifi one, so that one "wins" if there is no other route superseding.
You could add the routes as per @300000 or
go in the IPv4 TCP properties of the device used by the VPN
Advanced and set the Interface Metric to 999 (disabling "Automatic metric")
Also, to bypass the VPN by default, make sure to add (back)
as last line in the client config and add any VPN routes before the filter. That order is important or the filter will be ignored.
Reconnect and check your routes again. Windows will assign a much higher metric order to the VPN gateway so that the actual default gateway will remain the LAN/Wifi one.
EDIT:
Windows assigns metrics based on the connection speed - see https://docs.microsoft.com/en-us/troubl ... pv4-routes. My OpenVPN connection indicates (in network properties) a theoretical speed of 1 Gbps vs. Wifi of (measured ?) 270 Mps hence why one needs to set a higher metric on the former to be ignored.