i have the following configuration:
- ubuntu 18.04 server
- ios iphone client
connection works, but routing don't. when connected, ios client is unable to access to server and the internet (tunneled).
Maybe i oversaw something and that's why i ask for kind help.
;local a.b.c.d
port 1194
;proto tcp
proto udp
;dev tap
dev tun
;dev-node MyTap
ca /etc/openvpn/server/ca.crt
cert /etc/openvpn/server/server.crt
key /etc/openvpn/server/server.key
dh /etc/openvpn/server/dh.pem
crl-verify /etc/openvpn/server/crl.pem
tls-crypt /etc/openvpn/server/tc.key
topology subnet
server 10.10.30.0 255.255.255.0
ifconfig-pool-persist ipp.txt
;server-bridge 10.10.30.4 255.255.255.0 10.10.30.50 10.10.30.100
;server-bridge
push "route 192.168.80.0 255.255.255.0"
;push "route 192.168.20.0 255.255.255.0"
;client-config-dir ccd
;route 192.168.40.128 255.255.255.248
;client-config-dir ccd
;route 10.9.0.0 255.255.255.252
;learn-address ./script
push "redirect-gateway local def1 bypass-dhcp"
;push "redirect-gateway local def1"
push "dhcp-option DNS 192.168.80.4"
;push "dhcp-option DNS 208.67.220.220"
;client-to-client
;duplicate-cn
keepalive 10 120
cipher AES-256-CBC
;compress lz4-v2
;push "compress lz4-v2"
;comp-lzo
;max-clients 100
;user nobody
;group nobody
persist-key
persist-tun
status openvpn-status.log
;log openvpn.log
;log-append openvpn.log
# 0 is silent, except for fatal errors
# 4 is reasonable for general usage
# 5 and 6 can help to debug connection problems
# 9 is extremely verbose
;mute 20
explicit-exit-notify 1
verb 5
auth SHA512
client
dev tun
proto udp
remote wolke.myserver.com 1194
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
auth SHA512
cipher AES-256-CBC
ignore-unknown-option block-outside-dns
block-outside-dns
verb 3
<ca>
...........
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
...........
-----END PRIVATE KEY-----
</key>
<tls-crypt>
-----BEGIN OpenVPN Static key V1-----
...........
-----END OpenVPN Static key V1-----
</tls-crypt>
Log (server)
Code: Select all
Wed May 20 15:16:35 2020 us=743877 OpenVPN 2.4.9 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on May 20 2020
Wed May 20 15:16:35 2020 us=743887 library versions: OpenSSL 1.1.1g 21 Apr 2020, LZO 2.08
Wed May 20 15:16:35 2020 us=745241 Diffie-Hellman initialized with 2048 bit key
Wed May 20 15:16:35 2020 us=745657 CRL: loaded 1 CRLs from file /etc/openvpn/server/crl.pem
Wed May 20 15:16:35 2020 us=745726 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Wed May 20 15:16:35 2020 us=745741 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Wed May 20 15:16:35 2020 us=745749 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Wed May 20 15:16:35 2020 us=745759 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Wed May 20 15:16:35 2020 us=745769 TLS-Auth MTU parms [ L:1621 D:1156 EF:94 EB:0 ET:0 EL:3 ]
Wed May 20 15:16:35 2020 us=746047 TUN/TAP device tun0 opened
Wed May 20 15:16:35 2020 us=746073 TUN/TAP TX queue length set to 100
Wed May 20 15:16:35 2020 us=746088 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Wed May 20 15:16:35 2020 us=746102 /sbin/ifconfig tun0 10.10.30.1 netmask 255.255.255.0 mtu 1500 broadcast 10.10.30.255
Wed May 20 15:16:35 2020 us=746928 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
Wed May 20 15:16:35 2020 us=746952 Could not determine IPv4/IPv6 protocol. Using AF_INET
Wed May 20 15:16:35 2020 us=746969 Socket Buffers: R=[212992->212992] S=[212992->212992]
Wed May 20 15:16:35 2020 us=746985 UDPv4 link local (bound): [AF_INET][undef]:1194
Wed May 20 15:16:35 2020 us=746993 UDPv4 link remote: [AF_UNSPEC]
Wed May 20 15:16:35 2020 us=747003 MULTI: multi_init called, r=256 v=256
Wed May 20 15:16:35 2020 us=747022 IFCONFIG POOL: base=10.10.30.2 size=252, ipv6=0
Wed May 20 15:16:35 2020 us=747042 ifconfig_pool_read(), in='iPH6PW,10.10.30.48', TODO: IPv6
Wed May 20 15:16:35 2020 us=747050 succeeded -> ifconfig_pool_set()
Wed May 20 15:16:35 2020 us=747058 IFCONFIG POOL LIST
Wed May 20 15:16:35 2020 us=747066 iPH6PW,10.10.30.48
Wed May 20 15:16:35 2020 us=747092 Initialization Sequence Completed
Wed May 20 15:17:26 2020 us=375947 MULTI: multi_create_instance called
Wed May 20 15:17:26 2020 us=375990 201.5.167.225:12879 Re-using SSL/TLS context
Wed May 20 15:17:26 2020 us=376092 201.5.167.225:12879 Control Channel MTU parms [ L:1621 D:1156 EF:94 EB:0 ET:0 EL:3 ]
Wed May 20 15:17:26 2020 us=376102 201.5.167.225:12879 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
Wed May 20 15:17:26 2020 us=376149 201.5.167.225:12879 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1601,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA512,keysize 256,key-method 2,tls-server'
Wed May 20 15:17:26 2020 us=376157 201.5.167.225:12879 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1601,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA512,keysize 256,key-method 2,tls-client'
RWed May 20 15:17:26 2020 us=376190 201.5.167.225:12879 TLS: Initial packet from [AF_INET]201.5.167.225:12879, sid=ff5e13c2 9b496347
WRWWWWWRRRRWRWed May 20 15:17:28 2020 us=75732 201.5.167.225:12879 VERIFY OK: depth=1, C=BR, ST=RJ, L=Rio de Janeiro, O=PjW ISS, OU=VPN PW, CN=vpn.myserver.com, emailAddress=webmaster@myserver.com
Wed May 20 15:17:28 2020 us=75880 201.5.167.225:12879 VERIFY OK: depth=0, C=BR, ST=RJ, L=Rio de Janeiro, O=PjW ISS, OU=VPN PW, CN=iPH6PW, emailAddress=webmaster@myserver.com
WRWed May 20 15:17:28 2020 us=184672 201.5.167.225:12879 peer info: IV_GUI_VER=net.openvpn.connect.ios_3.1.2-3096
Wed May 20 15:17:28 2020 us=184698 201.5.167.225:12879 peer info: IV_VER=3.git::f225fcd0
Wed May 20 15:17:28 2020 us=184706 201.5.167.225:12879 peer info: IV_PLAT=ios
Wed May 20 15:17:28 2020 us=184712 201.5.167.225:12879 peer info: IV_AUTO_SESS=1
Wed May 20 15:17:28 2020 us=184797 201.5.167.225:12879 Outgoing Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
Wed May 20 15:17:28 2020 us=184811 201.5.167.225:12879 Outgoing Data Channel: Using 512 bit message hash 'SHA512' for HMAC authentication
Wed May 20 15:17:28 2020 us=184827 201.5.167.225:12879 Incoming Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
Wed May 20 15:17:28 2020 us=184836 201.5.167.225:12879 Incoming Data Channel: Using 512 bit message hash 'SHA512' for HMAC authentication
WRWed May 20 15:17:28 2020 us=254842 201.5.167.225:12879 Control Channel: TLSv1.2, cipher SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Wed May 20 15:17:28 2020 us=254873 201.5.167.225:12879 [iPH6PW] Peer Connection Initiated with [AF_INET]201.5.167.225:12879
Wed May 20 15:17:28 2020 us=254895 iPH6PW/201.5.167.225:12879 MULTI_sva: pool returned IPv4=10.10.30.48, IPv6=(Not enabled)
Wed May 20 15:17:28 2020 us=254940 iPH6PW/201.5.167.225:12879 MULTI: Learn: 10.10.30.48 -> iPH6PW/201.5.167.225:12879
Wed May 20 15:17:28 2020 us=254949 iPH6PW/201.5.167.225:12879 MULTI: primary virtual IP for iPH6PW/201.5.167.225:12879: 10.10.30.48
RWed May 20 15:17:28 2020 us=255013 iPH6PW/201.5.167.225:12879 PUSH: Received control message: 'PUSH_REQUEST'
Wed May 20 15:17:28 2020 us=255062 iPH6PW/201.5.167.225:12879 SENT CONTROL [iPH6PW]: 'PUSH_REPLY,route 192.168.80.0 255.255.255.0,redirect-gateway local def1 bypass-dhcp,dhcp-option DNS 192.168.80.4,route-gateway 10.10.30.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.10.30.48 255.255.255.0' (status=1)
WWRRwRwRwrWrWrWRwWRRwRWwrWRwrWRwrWRwRwRwRwRwRwRwRwRwRwRwrWrWRwRwRwrWrWrWrWrWrWrWRwRwrWrWrWrWrWRwRwrWRwRwRwRwRwRwrWRwRwRwRwRwRwRwRwRwRwRwRwRwrWRwRwRwRwRwRwRwRwRwRwRwRwRwRwRwRwRwRwRwRwrWRwRwRwRwRwRwRwRwRwRwRwRwRwRwRwWRWed May 20 15:18:08 2020 us=580902 iPH6PW/201.5.167.225:12879 SIGTERM[soft,remote-exit] received, client-instance exiting
Code: Select all
2020-05-20 15:17:25 1
2020-05-20 15:17:25 ----- OpenVPN Start -----
OpenVPN core 3.git::f225fcd0 ios arm64 64-bit PT_PROXY built on Mar 5 2020 13:46:31
2020-05-20 15:17:25 OpenVPN core 3.git::f225fcd0 ios arm64 64-bit PT_PROXY built on Mar 5 2020 13:46:31
2020-05-20 15:17:25 Frame=512/2048/512 mssfix-ctrl=1250
2020-05-20 15:17:25 UNUSED OPTIONS
4 [resolv-retry] [infinite]
5 [nobind]
6 [persist-key]
7 [persist-tun]
11 [ignore-unknown-option] [block-outside-dns]
12 [block-outside-dns]
13 [verb] [3]
2020-05-20 15:17:25 EVENT: RESOLVE
2020-05-20 15:17:26 Contacting [201.19.181.221]:1194/UDP via UDP
2020-05-20 15:17:26 EVENT: WAIT
2020-05-20 15:17:26 Connecting to [wolke.myserver.com]:1194 (201.19.181.221) via UDPv4
2020-05-20 15:17:26 EVENT: CONNECTING
2020-05-20 15:17:26 Tunnel Options:V4,dev-type tun,link-mtu 1601,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA512,keysize 256,key-method 2,tls-client
2020-05-20 15:17:26 Creds: UsernameEmpty/PasswordEmpty
2020-05-20 15:17:26 Peer Info:
IV_GUI_VER=net.openvpn.connect.ios 3.1.2-3096
IV_VER=3.git::f225fcd0
IV_PLAT=ios
IV_AUTO_SESS=1
2020-05-20 15:17:27 VERIFY OK : depth=1
cert. version : 3
serial number : 72:4D:9B:78:52:15:9B:C0:CE:CF:B1:4E:91:7B:A6:5A:3E:1D:79:03
issuer name : C=BR, ST=RJ, L=Rio de Janeiro, O=PjW ISS, OU=VPN PW, CN=vpn.myserver.com, emailAddress=webmaster@myserver.com
subject name : C=BR, ST=RJ, L=Rio de Janeiro, O=PjW ISS, OU=VPN PW, CN=vpn.myserver.com, emailAddress=webmaster@myserver.com
issued on : 2020-05-10 15:40:14
expires on : 2030-05-08 15:40:14
signed using : RSA with SHA-256
RSA key size : 2048 bits
basic constraints : CA=true
key usage : Key Cert Sign, CRL Sign
2020-05-20 15:17:27 VERIFY OK : depth=0
cert. version : 3
serial number : 71:FA:EC:8B:1F:FD:60:6C:A3:74:10:EC:D3:FA:0E:81
issuer name : C=BR, ST=RJ, L=Rio de Janeiro, O=PjW ISS, OU=VPN PW, CN=vpn.myserver.com, emailAddress=webmaster@myserver.com
subject name : C=BR, ST=RJ, L=Rio de Janeiro, O=PjW ISS, OU=VPN PW, CN=server, emailAddress=webmaster@myserver.com
issued on : 2020-05-10 15:40:14
expires on : 2030-05-08 15:40:14
signed using : RSA with SHA-256
RSA key size : 2048 bits
basic constraints : CA=false
subject alt name : server
key usage : Digital Signature, Key Encipherment
ext key usage : TLS Web Server Authentication
2020-05-20 15:17:28 SSL Handshake: TLSv1.2/TLS-DHE-RSA-WITH-AES-256-CBC-SHA
2020-05-20 15:17:28 Session is ACTIVE
2020-05-20 15:17:28 EVENT: GET_CONFIG
2020-05-20 15:17:28 Sending PUSH_REQUEST to server...
2020-05-20 15:17:28 OPTIONS:
0 [route] [192.168.80.0] [255.255.255.0]
1 [redirect-gateway] [local] [def1] [bypass-dhcp]
2 [dhcp-option] [DNS] [192.168.80.4]
3 [route-gateway] [10.10.30.1]
4 [topology] [subnet]
5 [ping] [10]
6 [ping-restart] [120]
7 [ifconfig] [10.10.30.48] [255.255.255.0]
2020-05-20 15:17:28 PROTOCOL OPTIONS:
cipher: AES-256-CBC
digest: SHA512
compress: NONE
peer ID: -1
2020-05-20 15:17:28 EVENT: ASSIGN_IP
2020-05-20 15:17:28 NIP: preparing TUN network settings
2020-05-20 15:17:28 NIP: init TUN network settings with endpoint: 201.19.181.221
2020-05-20 15:17:28 NIP: adding IPv4 address to network settings 10.10.30.48/255.255.255.0
2020-05-20 15:17:28 NIP: adding (included) IPv4 route 10.10.30.0/24
2020-05-20 15:17:28 NIP: adding (included) IPv4 route 192.168.80.0/24
2020-05-20 15:17:28 NIP: redirecting all IPv4 traffic to TUN interface
2020-05-20 15:17:28 NIP: adding DNS 192.168.80.4
2020-05-20 15:17:28 Connected via NetworkExtensionTUN
2020-05-20 15:17:28 EVENT: CONNECTED wolke.myserver.com:1194 (201.19.181.221) via /UDPv4 on NetworkExtensionTUN/10.10.30.48/ gw=[/]
2020-05-20 15:18:08 EVENT: DISCONNECTED
2020-05-20 15:18:08 Raw stats on disconnect:
BYTES_IN : 7351
BYTES_OUT : 16847
PACKETS_IN : 24
PACKETS_OUT : 93
TUN_BYTES_IN : 5803
TUN_BYTES_OUT : 1194
TUN_PACKETS_IN : 80
TUN_PACKETS_OUT : 10
2020-05-20 15:18:08 Performance stats on disconnect:
CPU usage (microseconds): 443690
Tunnel compression ratio (uplink): 2.90315
Tunnel compression ratio (downlink): 6.15662
Network bytes per CPU second: 54538
Tunnel bytes per CPU second: 15770
Thx in advance.