Defautl GW on client not set

This forum is for general conversation and user-user networking.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
DirkLaurenz
OpenVpn Newbie
Posts: 1
Joined: Wed Oct 02, 2019 10:24 pm

Defautl GW on client not set

Post by DirkLaurenz » Wed Oct 02, 2019 10:36 pm

On the client the default gw is not set, i'm stuck...please help

on the client:

ipconfig /all

[...]
Ethernet-Adapter Ethernet 2:

Verbindungsspezifisches DNS-Suffix: laurenz.ws
Beschreibung. . . . . . . . . . . : TAP-Windows Adapter V9
Physische Adresse . . . . . . . . : 00-FF-D2-FB-ED-AE
DHCP aktiviert. . . . . . . . . . : Ja
Autokonfiguration aktiviert . . . : Ja
Verbindungslokale IPv6-Adresse . : fe80::596f:3600:fdd5:c4cf%11(Bevorzugt)
IPv4-Adresse . . . . . . . . . . : 10.8.0.3(Bevorzugt)
Subnetzmaske . . . . . . . . . . : 255.255.255.0
Lease erhalten. . . . . . . . . . : Donnerstag, 3. Oktober 2019 00:29:11
Lease läuft ab. . . . . . . . . . : Freitag, 2. Oktober 2020 00:29:11
Standardgateway . . . . . . . . . :
DHCP-Server . . . . . . . . . . . : 10.8.0.254
DHCPv6-IAID . . . . . . . . . . . : 184614866
DHCPv6-Client-DUID. . . . . . . . : 00-01-00-01-24-65-76-03-E4-7F-B2-19-94-FD
DNS-Server . . . . . . . . . . . : 192.168.2.231
192.168.2.232
NetBIOS über TCP/IP . . . . . . . : Aktiviert

[...]

route print:

C:\WINDOWS\system32>route print
===========================================================================
Schnittstellenliste
11...00 ff d2 fb ed ae ......TAP-Windows Adapter V9
7...e4 7f b2 19 94 fd ......Intel(R) Ethernet Connection I217-LM
19...48 51 b7 87 c1 3a ......Microsoft Wi-Fi Direct Virtual Adapter
8...4a 51 b7 87 c1 39 ......Microsoft Wi-Fi Direct Virtual Adapter #2
17...48 51 b7 87 c1 3d ......Bluetooth Device (Personal Area Network)
6...48 51 b7 87 c1 39 ......Intel(R) Dual Band Wireless-N 7260
1...........................Software Loopback Interface 1
4...9c 93 8d 5c 40 46 ......EM8805
===========================================================================

IPv4-Routentabelle
===========================================================================
Aktive Routen:
Netzwerkziel Netzwerkmaske Gateway Schnittstelle Metrik
0.0.0.0 128.0.0.0 10.8.0.1 10.8.0.3 259
10.8.0.0 255.255.255.0 Auf Verbindung 10.8.0.3 259
10.8.0.3 255.255.255.255 Auf Verbindung 10.8.0.3 259
10.8.0.255 255.255.255.255 Auf Verbindung 10.8.0.3 259
127.0.0.0 255.0.0.0 Auf Verbindung 127.0.0.1 331
127.0.0.1 255.255.255.255 Auf Verbindung 127.0.0.1 331
127.255.255.255 255.255.255.255 Auf Verbindung 127.0.0.1 331
128.0.0.0 128.0.0.0 10.8.0.1 10.8.0.3 259
224.0.0.0 240.0.0.0 Auf Verbindung 127.0.0.1 331
224.0.0.0 240.0.0.0 Auf Verbindung 10.8.0.3 259
255.255.255.255 255.255.255.255 Auf Verbindung 127.0.0.1 331
255.255.255.255 255.255.255.255 Auf Verbindung 10.8.0.3 259
===========================================================================
Ständige Routen:
Keine

IPv6-Routentabelle
===========================================================================
Aktive Routen:
If Metrik Netzwerkziel Gateway
1 331 ::1/128 Auf Verbindung
11 259 fe80::/64 Auf Verbindung
11 259 fe80::596f:3600:fdd5:c4cf/128
Auf Verbindung
1 331 ff00::/8 Auf Verbindung
11 259 ff00::/8 Auf Verbindung
===========================================================================
Ständige Routen:
Keine


Thu Oct 03 00:29:08 2019 OpenVPN 2.4.7 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Apr 25 2019
Thu Oct 03 00:29:08 2019 Windows version 6.2 (Windows 8 or greater) 64bit
Thu Oct 03 00:29:08 2019 library versions: OpenSSL 1.1.0j 20 Nov 2018, LZO 2.10
Enter Management Password:
Thu Oct 03 00:29:08 2019 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Thu Oct 03 00:29:08 2019 Need hold release from management interface, waiting...
Thu Oct 03 00:29:08 2019 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Thu Oct 03 00:29:08 2019 MANAGEMENT: CMD 'state on'
Thu Oct 03 00:29:08 2019 MANAGEMENT: CMD 'log all on'
Thu Oct 03 00:29:08 2019 MANAGEMENT: CMD 'echo all on'
Thu Oct 03 00:29:08 2019 MANAGEMENT: CMD 'bytecount 5'
Thu Oct 03 00:29:08 2019 MANAGEMENT: CMD 'hold off'
Thu Oct 03 00:29:08 2019 MANAGEMENT: CMD 'hold release'
Thu Oct 03 00:29:08 2019 MANAGEMENT: CMD 'proxy NONE '
Thu Oct 03 00:29:09 2019 MANAGEMENT: CMD 'password [...]'
Thu Oct 03 00:29:09 2019 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Thu Oct 03 00:29:09 2019 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Thu Oct 03 00:29:09 2019 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Thu Oct 03 00:29:09 2019 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Thu Oct 03 00:29:09 2019 MANAGEMENT: >STATE:1570055349,RESOLVE,,,,,,
Thu Oct 03 00:29:10 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]84.165.51.68:1194
Thu Oct 03 00:29:10 2019 Socket Buffers: R=[65536->65536] S=[65536->65536]
Thu Oct 03 00:29:10 2019 UDP link local: (not bound)
Thu Oct 03 00:29:10 2019 UDP link remote: [AF_INET]84.165.51.68:1194
Thu Oct 03 00:29:10 2019 MANAGEMENT: >STATE:1570055350,WAIT,,,,,,
Thu Oct 03 00:29:10 2019 MANAGEMENT: >STATE:1570055350,AUTH,,,,,,
Thu Oct 03 00:29:10 2019 TLS: Initial packet from [AF_INET]84.165.51.68:1194, sid=70e1013b adbc6063
Thu Oct 03 00:29:10 2019 VERIFY OK: depth=1, CN=ChangeMe
Thu Oct 03 00:29:10 2019 VERIFY KU OK
Thu Oct 03 00:29:10 2019 Validating certificate extended key usage
Thu Oct 03 00:29:10 2019 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Thu Oct 03 00:29:10 2019 VERIFY EKU OK
Thu Oct 03 00:29:10 2019 VERIFY X509NAME OK: CN=vpn01_2b92828d-40ce-4bd8-b306-83d95e7667d4
Thu Oct 03 00:29:10 2019 VERIFY OK: depth=0, CN=vpn01_2b92828d-40ce-4bd8-b306-83d95e7667d4
Thu Oct 03 00:29:10 2019 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384, 256 bit EC, curve: prime256v1
Thu Oct 03 00:29:10 2019 [vpn01_2b92828d-40ce-4bd8-b306-83d95e7667d4] Peer Connection Initiated with [AF_INET]84.165.51.68:1194
Thu Oct 03 00:29:11 2019 MANAGEMENT: >STATE:1570055351,GET_CONFIG,,,,,,
Thu Oct 03 00:29:11 2019 SENT CONTROL [vpn01_2b92828d-40ce-4bd8-b306-83d95e7667d4]: 'PUSH_REQUEST' (status=1)
Thu Oct 03 00:29:11 2019 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DOMAIN laurenz.ws,dhcp-option DNS 192.168.2.231,dhcp-option DNS 192.168.2.232,block-outside-dns,redirect-gateway def1,route-gateway 10.8.0.1,topology subnet,ping 1800,ping-restart 3600,ifconfig 10.8.0.3 255.255.255.0,peer-id 2,cipher AES-256-GCM'
Thu Oct 03 00:29:11 2019 OPTIONS IMPORT: timers and/or timeouts modified
Thu Oct 03 00:29:11 2019 OPTIONS IMPORT: --ifconfig/up options modified
Thu Oct 03 00:29:11 2019 OPTIONS IMPORT: route options modified
Thu Oct 03 00:29:11 2019 OPTIONS IMPORT: route-related options modified
Thu Oct 03 00:29:11 2019 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Thu Oct 03 00:29:11 2019 OPTIONS IMPORT: peer-id set
Thu Oct 03 00:29:11 2019 OPTIONS IMPORT: adjusting link_mtu to 1624
Thu Oct 03 00:29:11 2019 OPTIONS IMPORT: data channel crypto options modified
Thu Oct 03 00:29:11 2019 Data Channel: using negotiated cipher 'AES-256-GCM'
Thu Oct 03 00:29:11 2019 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Thu Oct 03 00:29:11 2019 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Thu Oct 03 00:29:11 2019 interactive service msg_channel=520
Thu Oct 03 00:29:11 2019 ROUTE_GATEWAY 192.168.2.1/255.255.255.0 I=6 HWADDR=48:51:b7:87:c1:39
Thu Oct 03 00:29:11 2019 open_tun
Thu Oct 03 00:29:11 2019 TAP-WIN32 device [Ethernet 2] opened: \\.\Global\{D2FBEDAE-4CD1-4DFF-8C8A-E97E358F722B}.tap
Thu Oct 03 00:29:11 2019 TAP-Windows Driver Version 9.23
Thu Oct 03 00:29:11 2019 Set TAP-Windows TUN subnet mode network/local/netmask = 10.8.0.0/10.8.0.3/255.255.255.0 [SUCCEEDED]
Thu Oct 03 00:29:11 2019 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.8.0.3/255.255.255.0 on interface {D2FBEDAE-4CD1-4DFF-8C8A-E97E358F722B} [DHCP-serv: 10.8.0.254, lease-time: 31536000]
Thu Oct 03 00:29:11 2019 Successful ARP Flush on interface [11] {D2FBEDAE-4CD1-4DFF-8C8A-E97E358F722B}
Thu Oct 03 00:29:11 2019 MANAGEMENT: >STATE:1570055351,ASSIGN_IP,,10.8.0.3,,,,
Thu Oct 03 00:29:11 2019 Blocking outside dns using service succeeded.
Thu Oct 03 00:29:16 2019 TEST ROUTES: 1/1 succeeded len=0 ret=1 a=0 u/d=up
Thu Oct 03 00:29:16 2019 C:\WINDOWS\system32\route.exe ADD 84.165.51.68 MASK 255.255.255.255 192.168.2.1
Thu Oct 03 00:29:16 2019 Route addition via service succeeded
Thu Oct 03 00:29:16 2019 C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.8.0.1
Thu Oct 03 00:29:16 2019 Route addition via service succeeded
Thu Oct 03 00:29:16 2019 C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.8.0.1
Thu Oct 03 00:29:16 2019 Route addition via service succeeded
Thu Oct 03 00:29:16 2019 Initialization Sequence Completed
Thu Oct 03 00:29:16 2019 MANAGEMENT: >STATE:1570055356,CONNECTED,SUCCESS,10.8.0.3,84.165.51.68,1194,,

here's the server.conf
dev tun
proto udp
port 1194
ca /etc/openvpn/easy-rsa/pki/ca.crt
cert /etc/openvpn/easy-rsa/pki/issued/vpn01_2b92828d-40ce-4bd8-b306-83d95e7667d4.crt
key /etc/openvpn/easy-rsa/pki/private/vpn01_2b92828d-40ce-4bd8-b306-83d95e7667d4.key
dh none
topology subnet
server 10.8.0.0 255.255.255.0
# Set your primary domain name server address for clients
push "dhcp-option DOMAIN laurenz.ws"
push "dhcp-option DNS 192.168.2.231"
push "dhcp-option DNS 192.168.2.232"
# Prevent DNS leaks on Windows
push "block-outside-dns"
# Override the Client default gateway by using 0.0.0.0/1 and
# 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of
# overriding but not wiping out the original default gateway.
push "redirect-gateway def1"
client-to-client
keepalive 1800 3600
remote-cert-tls client
tls-version-min 1.2
tls-crypt /etc/openvpn/easy-rsa/pki/ta.key
cipher AES-256-CBC
auth SHA256
user nobody
group nogroup
persist-key
persist-tun
crl-verify /etc/openvpn/crl.pem
status /var/log/openvpn-status.log 20
status-version 3
syslog
verb 3
#DuplicateCNs allow access control on a less-granular, per user basis.
#Remove # if you will manage access by user instead of device.
#duplicate-cn
# Generated for use by PiVPN.io

Post Reply