OpenVPN connection established but IP unchanged

This forum is for admins who are looking to build or expand their OpenVPN setup.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
tlskr
OpenVpn Newbie
Posts: 1
Joined: Tue Sep 10, 2019 2:58 pm

OpenVPN connection established but IP unchanged

Post by tlskr » Tue Sep 10, 2019 3:31 pm

Hi,

I've setup a raspberry pi as an openvpn server and I'm trying to connect to it with a Windows 10 client. The connection is established and I can connect to the net but the ip is unchanged. I've had a look at the documentation but it seems i've misunderstood some of it because the problrm persists. If anyone can spot something awry in the configuration or the logs i'd really appreciate it:

Server Config
dev tun
proto udp4
port 1194
ca /etc/openvpn/easy-rsa/pki/ca.crt
cert /etc/openvpn/easy-rsa/pki/issued/raspberrypi_dcb16f16-4b1a-43ae-95ea-1af1630bc477.crt
key /etc/openvpn/easy-rsa/pki/private/raspberrypi_dcb16f16-4b1a-43ae-95ea-1af1630bc477.key
dh /etc/openvpn/easy-rsa/pki/dh2048.pem
topology subnet
server 10.8.0.0 255.255.255.0
push "dhcp-option DNS 208.67.220.220"
push "dhcp-option DNS 208.67.222.222"
push "block-outside-dns"
push "redirect-gateway def1"
client-to-client
keepalive 1800 3600
remote-cert-tls client
tls-version-min 1.2
tls-auth /etc/openvpn/easy-rsa/pki/ta.key 0
cipher AES-256-CBC
auth SHA256
user nobody
group nogroup
persist-key
persist-tun
crl-verify /etc/openvpn/crl.pem
status /var/log/openvpn-status.log 20
status-version 3
syslog
verb 3


Client config

client
dev tun
proto udp4
remote my.ddns.net
resolv-retry infinite
nobind
persist-key
persist-tun
key-direction 1
remote-cert-tls server
tls-version-min 1.2
verify-x509-name raspberrypi_dcb16f16-4b1a-43ae-95ea-1af1630bc477 name
cipher AES-256-CBC
auth SHA256
auth-nocache
tls-auth ta.key 1
verb 3
... certificates ...


client log:

Code: Select all

Tue Sep 10 16:11:09 2019 OpenVPN 2.4.7 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Feb 21 2019
Tue Sep 10 16:11:09 2019 Windows version 6.2 (Windows 8 or greater) 64bit
Tue Sep 10 16:11:09 2019 library versions: OpenSSL 1.1.0j  20 Nov 2018, LZO 2.10
Enter Management Password:
Tue Sep 10 16:11:09 2019 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Tue Sep 10 16:11:09 2019 Need hold release from management interface, waiting...
Tue Sep 10 16:11:10 2019 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Tue Sep 10 16:11:10 2019 MANAGEMENT: CMD 'state on'
Tue Sep 10 16:11:10 2019 MANAGEMENT: CMD 'log all on'
Tue Sep 10 16:11:10 2019 MANAGEMENT: CMD 'echo all on'
Tue Sep 10 16:11:10 2019 MANAGEMENT: CMD 'bytecount 5'
Tue Sep 10 16:11:10 2019 MANAGEMENT: CMD 'hold off'
Tue Sep 10 16:11:10 2019 MANAGEMENT: CMD 'hold release'
Tue Sep 10 16:11:10 2019 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Tue Sep 10 16:11:10 2019 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Tue Sep 10 16:11:10 2019 MANAGEMENT: >STATE:1568128270,RESOLVE,,,,,,
Tue Sep 10 16:11:10 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]91.125.218.48:1194
Tue Sep 10 16:11:10 2019 Socket Buffers: R=[65536->65536] S=[65536->65536]
Tue Sep 10 16:11:10 2019 UDPv4 link local: (not bound)
Tue Sep 10 16:11:10 2019 UDPv4 link remote: [AF_INET]91.125.218.48:1194
Tue Sep 10 16:11:10 2019 MANAGEMENT: >STATE:1568128270,WAIT,,,,,,
Tue Sep 10 16:11:10 2019 MANAGEMENT: >STATE:1568128270,AUTH,,,,,,
Tue Sep 10 16:11:10 2019 TLS: Initial packet from [AF_INET]91.125.218.48:1194, sid=3f5fd842 3d76eaef
Tue Sep 10 16:11:10 2019 VERIFY OK: depth=1, CN=ChangeMe
Tue Sep 10 16:11:10 2019 VERIFY KU OK
Tue Sep 10 16:11:10 2019 Validating certificate extended key usage
Tue Sep 10 16:11:10 2019 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Tue Sep 10 16:11:10 2019 VERIFY EKU OK
Tue Sep 10 16:11:10 2019 VERIFY X509NAME OK: CN=raspberrypi_dcb16f16-4b1a-43ae-95ea-1af1630bc477
Tue Sep 10 16:11:10 2019 VERIFY OK: depth=0, CN=raspberrypi_dcb16f16-4b1a-43ae-95ea-1af1630bc477
Tue Sep 10 16:11:10 2019 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Tue Sep 10 16:11:10 2019 [raspberrypi_dcb16f16-4b1a-43ae-95ea-1af1630bc477] Peer Connection Initiated with [AF_INET]91.125.218.48:1194
Tue Sep 10 16:11:11 2019 MANAGEMENT: >STATE:1568128271,GET_CONFIG,,,,,,
Tue Sep 10 16:11:11 2019 SENT CONTROL [raspberrypi_dcb16f16-4b1a-43ae-95ea-1af1630bc477]: 'PUSH_REQUEST' (status=1)
Tue Sep 10 16:11:11 2019 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 208.67.220.220,dhcp-option DNS 208.67.222.222,block-outside-dns,redirect-gateway def1,route-gateway 10.8.0.1,topology subnet,ping 1800,ping-restart 3600,ifconfig 10.8.0.2 255.255.255.0,peer-id 0,cipher AES-256-GCM'
Tue Sep 10 16:11:11 2019 OPTIONS IMPORT: timers and/or timeouts modified
Tue Sep 10 16:11:11 2019 OPTIONS IMPORT: --ifconfig/up options modified
Tue Sep 10 16:11:11 2019 OPTIONS IMPORT: route options modified
Tue Sep 10 16:11:11 2019 OPTIONS IMPORT: route-related options modified
Tue Sep 10 16:11:11 2019 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Tue Sep 10 16:11:11 2019 OPTIONS IMPORT: peer-id set
Tue Sep 10 16:11:11 2019 OPTIONS IMPORT: adjusting link_mtu to 1624
Tue Sep 10 16:11:11 2019 OPTIONS IMPORT: data channel crypto options modified
Tue Sep 10 16:11:11 2019 Data Channel: using negotiated cipher 'AES-256-GCM'
Tue Sep 10 16:11:11 2019 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Tue Sep 10 16:11:11 2019 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Tue Sep 10 16:11:11 2019 interactive service msg_channel=0
Tue Sep 10 16:11:11 2019 ROUTE_GATEWAY 192.168.1.1/255.255.255.0 I=3 HWADDR=70:8b:cd:59:49:ed
Tue Sep 10 16:11:11 2019 open_tun
Tue Sep 10 16:11:11 2019 TAP-WIN32 device [Ethernet 2] opened: \\.\Global\{78F8832D-221F-40FE-AAED-45A95DA12BD1}.tap
Tue Sep 10 16:11:11 2019 TAP-Windows Driver Version 9.21 
Tue Sep 10 16:11:11 2019 Set TAP-Windows TUN subnet mode network/local/netmask = 10.8.0.0/10.8.0.2/255.255.255.0 [SUCCEEDED]
Tue Sep 10 16:11:11 2019 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.8.0.2/255.255.255.0 on interface {78F8832D-221F-40FE-AAED-45A95DA12BD1} [DHCP-serv: 10.8.0.254, lease-time: 31536000]
Tue Sep 10 16:11:11 2019 Successful ARP Flush on interface [13] {78F8832D-221F-40FE-AAED-45A95DA12BD1}
Tue Sep 10 16:11:11 2019 MANAGEMENT: >STATE:1568128271,ASSIGN_IP,,10.8.0.2,,,,
Tue Sep 10 16:11:11 2019 Block_DNS: WFP engine opened
Tue Sep 10 16:11:11 2019 Block_DNS: Using existing sublayer
Tue Sep 10 16:11:11 2019 Block_DNS: Added permit filters for exe_path
Tue Sep 10 16:11:11 2019 Block_DNS: Added block filters for all interfaces
Tue Sep 10 16:11:11 2019 Block_DNS: Added permit filters for TAP interface
Tue Sep 10 16:11:16 2019 TEST ROUTES: 1/1 succeeded len=0 ret=1 a=0 u/d=up
Tue Sep 10 16:11:16 2019 C:\WINDOWS\system32\route.exe ADD 91.125.218.48 MASK 255.255.255.255 192.168.1.1
Tue Sep 10 16:11:16 2019 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=35 and dwForwardType=4
Tue Sep 10 16:11:16 2019 Route addition via IPAPI succeeded [adaptive]
Tue Sep 10 16:11:16 2019 C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.8.0.1
Tue Sep 10 16:11:16 2019 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=3 and dwForwardType=4
Tue Sep 10 16:11:16 2019 Route addition via IPAPI succeeded [adaptive]
Tue Sep 10 16:11:16 2019 C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.8.0.1
Tue Sep 10 16:11:16 2019 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=3 and dwForwardType=4
Tue Sep 10 16:11:16 2019 Route addition via IPAPI succeeded [adaptive]
Tue Sep 10 16:11:16 2019 Initialization Sequence Completed
Tue Sep 10 16:11:16 2019 MANAGEMENT: >STATE:1568128276,CONNECTED,SUCCESS,10.8.0.2,91.125.218.48,1194,,
server log

Code: Select all

Sep 10 16:18:11 raspberrypi ovpn-server[2874]: OpenVPN 2.4.0 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Oct 14 2018
Sep 10 16:18:11 raspberrypi ovpn-server[2874]: library versions: OpenSSL 1.0.2s  28 May 2019, LZO 2.08
Sep 10 16:18:11 raspberrypi ovpn-server[2875]: NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x.  Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
Sep 10 16:18:11 raspberrypi ovpn-server[2875]: Diffie-Hellman initialized with 2048 bit key
Sep 10 16:18:11 raspberrypi ovpn-server[2875]: Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Sep 10 16:18:11 raspberrypi ovpn-server[2875]: Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Sep 10 16:18:11 raspberrypi ovpn-server[2875]: TUN/TAP device tun0 opened
Sep 10 16:18:11 raspberrypi ovpn-server[2875]: TUN/TAP TX queue length set to 100
Sep 10 16:18:11 raspberrypi ovpn-server[2875]: do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Sep 10 16:18:11 raspberrypi ovpn-server[2875]: /sbin/ip link set dev tun0 up mtu 1500
Sep 10 16:18:11 raspberrypi ovpn-server[2875]: /sbin/ip addr add dev tun0 10.8.0.1/24 broadcast 10.8.0.255
Sep 10 16:18:12 raspberrypi ovpn-server[2875]: Socket Buffers: R=[163840->163840] S=[163840->163840]
Sep 10 16:18:12 raspberrypi ovpn-server[2875]: UDPv4 link local (bound): [AF_INET][undef]:1194
Sep 10 16:18:12 raspberrypi ovpn-server[2875]: UDPv4 link remote: [AF_UNSPEC]
Sep 10 16:18:12 raspberrypi ovpn-server[2875]: GID set to nogroup
Sep 10 16:18:12 raspberrypi ovpn-server[2875]: UID set to nobody
Sep 10 16:18:12 raspberrypi ovpn-server[2875]: MULTI: multi_init called, r=256 v=256
Sep 10 16:18:12 raspberrypi ovpn-server[2875]: IFCONFIG POOL: base=10.8.0.2 size=252, ipv6=0
Sep 10 16:18:12 raspberrypi ovpn-server[2875]: Initialization Sequence Completed
Sep 10 16:20:19 raspberrypi ovpn-server[2875]: 91.125.218.43:54167 TLS: Initial packet from [AF_INET]91.125.218.43:54167, sid=b762c111 72ac087e
Sep 10 16:20:19 raspberrypi ovpn-server[2875]: 91.125.218.43:54167 VERIFY OK: depth=1, CN=ChangeMe
Sep 10 16:20:19 raspberrypi ovpn-server[2875]: 91.125.218.43:54167 Validating certificate key usage
Sep 10 16:20:19 raspberrypi ovpn-server[2875]: 91.125.218.43:54167 ++ Certificate has key usage  0080, expects 0080
Sep 10 16:20:19 raspberrypi ovpn-server[2875]: 91.125.218.43:54167 VERIFY KU OK
Sep 10 16:20:19 raspberrypi ovpn-server[2875]: 91.125.218.43:54167 Validating certificate extended key usage
Sep 10 16:20:19 raspberrypi ovpn-server[2875]: 91.125.218.43:54167 ++ Certificate has EKU (str) TLS Web Client Authentication, expects TLS Web Client Authentication
Sep 10 16:20:19 raspberrypi ovpn-server[2875]: 91.125.218.43:54167 VERIFY EKU OK
Sep 10 16:20:19 raspberrypi ovpn-server[2875]: 91.125.218.43:54167 VERIFY OK: depth=0, CN=pc
Sep 10 16:20:19 raspberrypi ovpn-server[2875]: 91.125.218.43:54167 peer info: IV_VER=2.4.7
Sep 10 16:20:19 raspberrypi ovpn-server[2875]: 91.125.218.43:54167 peer info: IV_PLAT=win
Sep 10 16:20:19 raspberrypi ovpn-server[2875]: 91.125.218.43:54167 peer info: IV_PROTO=2
Sep 10 16:20:19 raspberrypi ovpn-server[2875]: 91.125.218.43:54167 peer info: IV_NCP=2
Sep 10 16:20:19 raspberrypi ovpn-server[2875]: 91.125.218.43:54167 peer info: IV_LZ4=1
Sep 10 16:20:19 raspberrypi ovpn-server[2875]: 91.125.218.43:54167 peer info: IV_LZ4v2=1
Sep 10 16:20:19 raspberrypi ovpn-server[2875]: 91.125.218.43:54167 peer info: IV_LZO=1
Sep 10 16:20:19 raspberrypi ovpn-server[2875]: 91.125.218.43:54167 peer info: IV_COMP_STUB=1
Sep 10 16:20:19 raspberrypi ovpn-server[2875]: 91.125.218.43:54167 peer info: IV_COMP_STUBv2=1
Sep 10 16:20:19 raspberrypi ovpn-server[2875]: 91.125.218.43:54167 peer info: IV_TCPNL=1
Sep 10 16:20:19 raspberrypi ovpn-server[2875]: 91.125.218.43:54167 peer info: IV_GUI_VER=OpenVPN_GUI_11
Sep 10 16:20:19 raspberrypi ovpn-server[2875]: 91.125.218.43:54167 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Sep 10 16:20:19 raspberrypi ovpn-server[2875]: 91.125.218.43:54167 [pc] Peer Connection Initiated with [AF_INET]91.125.218.43:54167
Sep 10 16:20:19 raspberrypi ovpn-server[2875]: pc/91.125.218.43:54167 MULTI_sva: pool returned IPv4=10.8.0.2, IPv6=(Not enabled)
Sep 10 16:20:19 raspberrypi ovpn-server[2875]: pc/91.125.218.43:54167 MULTI: Learn: 10.8.0.2 -> pc/91.125.218.43:54167
Sep 10 16:20:19 raspberrypi ovpn-server[2875]: pc/91.125.218.43:54167 MULTI: primary virtual IP for pc/91.125.218.43:54167: 10.8.0.2
Sep 10 16:20:20 raspberrypi ovpn-server[2875]: pc/91.125.218.43:54167 PUSH: Received control message: 'PUSH_REQUEST'
Sep 10 16:20:20 raspberrypi ovpn-server[2875]: pc/91.125.218.43:54167 SENT CONTROL [pc]: 'PUSH_REPLY,dhcp-option DNS 208.67.220.220,dhcp-option DNS 208.67.222.222,block-outside-dns,redirect-gateway def1,route-gateway 10.8.0.1,topology subnet,ping 1800,ping-restart 3600,ifconfig 10.8.0.2 255.255.255.0,peer-id 0,cipher AES-256-GCM' (status=1)
Sep 10 16:20:20 raspberrypi ovpn-server[2875]: pc/91.125.218.43:54167 Data Channel Encrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
Sep 10 16:20:20 raspberrypi ovpn-server[2875]: pc/91.125.218.43:54167 Data Channel Decrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
If someone could give me a couple of pointers that would be great.

Thanks.
Top
TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: OpenVPN connection established but IP unchanged

Post by TinCanTech » Tue Sep 10, 2019 4:53 pm

Please see:
viewtopic.php?f=7&t=7806
Top
Post Reply

Return to “Server Administration”