Hello all,
I am a newbie at this. Please go easy on me. I heard about OpenVPN from this tech guy that came to my house to repair my laptop. He explained a little bit about VPN but I am not quite sure how it works.
My goal: Establish a OpenVPN server on my laptop and make my iphone 5 the client using the OpenVPN Connect app. This way I can securely browse the internet from anywhere since my phone is connected to VPN server on my laptop? Do i have that concept correct?
What I've done so far: I have made the ca.crt, dh1024.pem, server.crt, server.key, client.crt(for iphone), client.key(for iphone) through the command window. I made a server.ovpn file which I have put into the "config" folder. When I press connect on the OpenVPN GUI, It says connection established and it shows an IP address. That means my server is connected right? I have also made a client.ovpn file for the iphone. I put the ca.crt, client.crt, client.key and client.ovpn in the OpenVPN app through itunes. When I try to connect on the iphone, it shows the "VPN" symbol on the "taskbar" beside the clock. So it seems like my VPN on iphone is connected also.
But when I open safari and go to "whatismyip.org" it shows my internet ip assigned by my ISP and not the VPN server ip. I downloaded this app on the iphone called "Network pink lite." I tried pinging my VPN server ip but it didn't ping. What am i doing wrong? I'd really appreciate if you guys can help me.
By the way, I am testing all of this from my home. So maybe the website "whatismyip.org" is showing my internet ip because I am connected to home wifi? But if vpn is connected, it should show VPN server ip right?
Some more info:
server.ovpn:
port 443
proto tcp
dev tun
ca "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\server.crt"
key "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\server.key"
dh "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\dh1024.pem"
server 10.26.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
route 192.168.0.0 255.255.255.0
client-to-client
push "route 192.168.0.0 255.255.255.0"
push "dhcp-option DNS x.x.x.x" ---> this is the DNS at my home which i got from typing "ipconfig/all" in cmd.
push "dhcp-option DNS x.x.x.x" ---> this is the DNS at my home which i got from typing "ipconfig/all" in cmd.
keepalive 10 120
cipher BF-CBC
comp-lzo
max-clients 100
persist-key
persist-tun
status openvpn-status.log
verb 3
client.ovpn
client
dev tun
proto tcp
remote 174.x.x.x 443 ---> 174.x.x.x is the internet IP address from my ISP.
comp-lzo
ca ca.crt
cert client.crt
key client.key
nobind
persist-key
persist-tun
mute-replay-warnings
ns-cert-type server
cipher BF-CBC
resolv-retry infinite
If you guys require any more info, please let me know. Thank you.
VPN on iphone established (i think) but cant ping VPN server
-
darklord4real
- OpenVpn Newbie
- Posts: 7
- Joined: Sun Mar 31, 2013 6:51 pm
-
darklord4real
- OpenVpn Newbie
- Posts: 7
- Joined: Sun Mar 31, 2013 6:51 pm
Re: VPN on iphone established (i think) but cant ping VPN se
this is my log on the server side.
Sun Mar 31 17:52:48 2013 OpenVPN 2.3.1 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [eurephia] [IPv6] built on Mar 28 2013
Sun Mar 31 17:52:48 2013 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Sun Mar 31 17:52:48 2013 Need hold release from management interface, waiting...
Sun Mar 31 17:52:48 2013 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Sun Mar 31 17:52:48 2013 MANAGEMENT: CMD 'state on'
Sun Mar 31 17:52:48 2013 MANAGEMENT: CMD 'log all on'
Sun Mar 31 17:52:48 2013 MANAGEMENT: CMD 'hold off'
Sun Mar 31 17:52:48 2013 MANAGEMENT: CMD 'hold release'
Sun Mar 31 17:52:48 2013 NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x. Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
Sun Mar 31 17:52:48 2013 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Sun Mar 31 17:52:49 2013 Diffie-Hellman initialized with 1024 bit key
Sun Mar 31 17:52:49 2013 Socket Buffers: R=[8192->8192] S=[8192->8192]
Sun Mar 31 17:52:49 2013 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Sun Mar 31 17:52:49 2013 MANAGEMENT: >STATE:1364773969,ASSIGN_IP,,10.26.0.1,
Sun Mar 31 17:52:49 2013 open_tun, tt->ipv6=0
Sun Mar 31 17:52:49 2013 TAP-WIN32 device [Local Area Connection 6] opened: \\.\Global\{330FDBA7-0DD7-4825-A404-DEBEFD279DA2}.tap
Sun Mar 31 17:52:49 2013 TAP-Windows Driver Version 9.9
Sun Mar 31 17:52:49 2013 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.26.0.1/255.255.255.252 on interface {330FDBA7-0DD7-4825-A404-DEBEFD279DA2} [DHCP-serv: 10.26.0.2, lease-time: 31536000]
Sun Mar 31 17:52:49 2013 Sleeping for 10 seconds...
Sun Mar 31 17:52:59 2013 Successful ARP Flush on interface [33] {330FDBA7-0DD7-4825-A404-DEBEFD279DA2}
Sun Mar 31 17:52:59 2013 MANAGEMENT: >STATE:1364773979,ADD_ROUTES,,,
Sun Mar 31 17:52:59 2013 C:\Windows\system32\route.exe ADD 192.168.0.0 MASK 255.255.255.0 10.26.0.2
Sun Mar 31 17:52:59 2013 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Sun Mar 31 17:52:59 2013 Route addition via IPAPI succeeded [adaptive]
Sun Mar 31 17:52:59 2013 C:\Windows\system32\route.exe ADD 10.26.0.0 MASK 255.255.255.0 10.26.0.2
Sun Mar 31 17:52:59 2013 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Sun Mar 31 17:52:59 2013 Route addition via IPAPI succeeded [adaptive]
Sun Mar 31 17:52:59 2013 Listening for incoming TCP connection on [AF_INET]192.168.0.12:443
Sun Mar 31 17:52:59 2013 TCPv4_SERVER link local (bound): [AF_INET]192.168.0.12:443
Sun Mar 31 17:52:59 2013 TCPv4_SERVER link remote: [undef]
Sun Mar 31 17:52:59 2013 MULTI: multi_init called, r=256 v=256
Sun Mar 31 17:52:59 2013 IFCONFIG POOL: base=10.26.0.4 size=62, ipv6=0
Sun Mar 31 17:52:59 2013 IFCONFIG POOL LIST
Sun Mar 31 17:52:59 2013 MULTI: TCP INIT maxclients=60 maxevents=64
Sun Mar 31 17:52:59 2013 Initialization Sequence Completed
Sun Mar 31 17:52:59 2013 MANAGEMENT: >STATE:1364773979,CONNECTED,SUCCESS,10.26.0.1,
Sun Mar 31 17:53:15 2013 TCP connection established with [AF_INET]174.3.205.35:56434
Sun Mar 31 17:53:15 2013 174.x.x.x:56434 TLS: Initial packet from [AF_INET]174.x.x.x:56434, sid=f3f36e87 86534a8f
Sun Mar 31 17:53:15 2013 174.x.x.x:56434 VERIFY OK: depth=1, C=CA, ST=State, L=City, O=Name, OU=changeme, CN=Name, name=changeme, emailAddress=email@email.com
Sun Mar 31 17:53:15 2013 174.3.205.35:56434 VERIFY OK: depth=0, C=CA, ST=State, L=City, O=Name, OU=changeme, CN=client, name=changeme, emailAddress=email@email.com
Sun Mar 31 17:53:15 2013 174.x.x.x:56434 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Mar 31 17:53:15 2013 174.x.x.x:56434 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Mar 31 17:53:15 2013 174.x.x.x:56434 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Mar 31 17:53:15 2013 174.x.x.x:56434 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Mar 31 17:53:15 2013 174.x.x.x:56434 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Sun Mar 31 17:53:15 2013 174.x.x.x:56434 [client] Peer Connection Initiated with [AF_INET]174.x.x.x:56434
Sun Mar 31 17:53:15 2013 client/174.x.x.x:56434 MULTI_sva: pool returned IPv4=10.26.0.6, IPv6=(Not enabled)
Sun Mar 31 17:53:15 2013 client/174.x.x.x:56434 MULTI: Learn: 10.26.0.6 -> client/174.x.x.x:56434
Sun Mar 31 17:53:15 2013 client/174.x.x.x:56434 MULTI: primary virtual IP for client/174.x.x.x:56434: 10.26.0.6
Sun Mar 31 17:53:16 2013 client/174.x.x.x:56434 PUSH: Received control message: 'PUSH_REQUEST'
Sun Mar 31 17:53:16 2013 client/174.x.x.x:56434 send_push_reply(): safe_cap=940
Sun Mar 31 17:53:16 2013 client/174.x.x.x:56434 SENT CONTROL [client]: 'PUSH_REPLY,route 192.168.0.0 255.255.255.0,route 10.26.0.0 255.255.255.0,dhcp-option DNS x.x.x.x,dhcp-option DNS x.x.x.x,route 10.26.0.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 10.26.0.6 10.26.0.5' (status=1)
Sun Mar 31 17:53:56 2013 client/174.x.x.x:56434 Connection reset, restarting [0]
Sun Mar 31 17:53:56 2013 client/174.x.x.x:56434 SIGUSR1[soft,connection-reset] received, client-instance restarting
Sun Mar 31 17:53:58 2013 TCP connection established with [AF_INET]174.x.x.x:56435
Sun Mar 31 17:53:58 2013 174.x.x.x:56435 TLS: Initial packet from [AF_INET]174.3.205.35:56435, sid=75a4496e 5a90880e
Sun Mar 31 17:53:58 2013 174.x.x.x:56435 VERIFY OK: depth=1, C=CA, ST=State, L=City, O=Name, OU=changeme, CN=Name, name=changeme, emailAddress=email@email.com
Sun Mar 31 17:53:58 2013 174.x.x.x:56435 VERIFY OK: depth=0, C=CA, ST=State, L=City, O=Name, OU=changeme, CN=client, name=changeme, emailAddress=email@email.com
Sun Mar 31 17:53:58 2013 174.x.x.x:56435 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Mar 31 17:53:58 2013 174.x.x.x:56435 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Mar 31 17:53:58 2013 174.x.x.x:56435 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Mar 31 17:53:58 2013 174.x.x.x:56435 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Mar 31 17:53:58 2013 174.x.x.x:56435 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Sun Mar 31 17:53:58 2013 174.x.x.x:56435 [client] Peer Connection Initiated with [AF_INET]174.x.x.x:56435
Sun Mar 31 17:53:58 2013 client/174.x.x.x:56435 MULTI_sva: pool returned IPv4=10.26.0.6, IPv6=(Not enabled)
Sun Mar 31 17:53:58 2013 client/174.x.x.x:56435 MULTI: Learn: 10.26.0.6 -> client/174.x.x.x:56435
Sun Mar 31 17:53:58 2013 client/174.x.x.x:56435 MULTI: primary virtual IP for client/174.x.x.x:56435: 10.26.0.6
Sun Mar 31 17:53:59 2013 client/174.x.x.x:56435 PUSH: Received control message: 'PUSH_REQUEST'
Sun Mar 31 17:53:59 2013 client/174.x.x.x:56435 send_push_reply(): safe_cap=940
Sun Mar 31 17:53:59 2013 client/174.x.x.x:56435 SENT CONTROL [client]: 'PUSH_REPLY,route 192.168.0.0 255.255.255.0,route 10.26.0.0 255.255.255.0,dhcp-option DNS x.x.x.x,dhcp-option DNS x.x.x.x,route 10.26.0.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 10.26.0.6 10.26.0.5' (status=1)
it seems like this message is looping every "certain" minutes.
please help. thanks
Sun Mar 31 17:52:48 2013 OpenVPN 2.3.1 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [eurephia] [IPv6] built on Mar 28 2013
Sun Mar 31 17:52:48 2013 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Sun Mar 31 17:52:48 2013 Need hold release from management interface, waiting...
Sun Mar 31 17:52:48 2013 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Sun Mar 31 17:52:48 2013 MANAGEMENT: CMD 'state on'
Sun Mar 31 17:52:48 2013 MANAGEMENT: CMD 'log all on'
Sun Mar 31 17:52:48 2013 MANAGEMENT: CMD 'hold off'
Sun Mar 31 17:52:48 2013 MANAGEMENT: CMD 'hold release'
Sun Mar 31 17:52:48 2013 NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x. Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
Sun Mar 31 17:52:48 2013 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Sun Mar 31 17:52:49 2013 Diffie-Hellman initialized with 1024 bit key
Sun Mar 31 17:52:49 2013 Socket Buffers: R=[8192->8192] S=[8192->8192]
Sun Mar 31 17:52:49 2013 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Sun Mar 31 17:52:49 2013 MANAGEMENT: >STATE:1364773969,ASSIGN_IP,,10.26.0.1,
Sun Mar 31 17:52:49 2013 open_tun, tt->ipv6=0
Sun Mar 31 17:52:49 2013 TAP-WIN32 device [Local Area Connection 6] opened: \\.\Global\{330FDBA7-0DD7-4825-A404-DEBEFD279DA2}.tap
Sun Mar 31 17:52:49 2013 TAP-Windows Driver Version 9.9
Sun Mar 31 17:52:49 2013 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.26.0.1/255.255.255.252 on interface {330FDBA7-0DD7-4825-A404-DEBEFD279DA2} [DHCP-serv: 10.26.0.2, lease-time: 31536000]
Sun Mar 31 17:52:49 2013 Sleeping for 10 seconds...
Sun Mar 31 17:52:59 2013 Successful ARP Flush on interface [33] {330FDBA7-0DD7-4825-A404-DEBEFD279DA2}
Sun Mar 31 17:52:59 2013 MANAGEMENT: >STATE:1364773979,ADD_ROUTES,,,
Sun Mar 31 17:52:59 2013 C:\Windows\system32\route.exe ADD 192.168.0.0 MASK 255.255.255.0 10.26.0.2
Sun Mar 31 17:52:59 2013 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Sun Mar 31 17:52:59 2013 Route addition via IPAPI succeeded [adaptive]
Sun Mar 31 17:52:59 2013 C:\Windows\system32\route.exe ADD 10.26.0.0 MASK 255.255.255.0 10.26.0.2
Sun Mar 31 17:52:59 2013 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Sun Mar 31 17:52:59 2013 Route addition via IPAPI succeeded [adaptive]
Sun Mar 31 17:52:59 2013 Listening for incoming TCP connection on [AF_INET]192.168.0.12:443
Sun Mar 31 17:52:59 2013 TCPv4_SERVER link local (bound): [AF_INET]192.168.0.12:443
Sun Mar 31 17:52:59 2013 TCPv4_SERVER link remote: [undef]
Sun Mar 31 17:52:59 2013 MULTI: multi_init called, r=256 v=256
Sun Mar 31 17:52:59 2013 IFCONFIG POOL: base=10.26.0.4 size=62, ipv6=0
Sun Mar 31 17:52:59 2013 IFCONFIG POOL LIST
Sun Mar 31 17:52:59 2013 MULTI: TCP INIT maxclients=60 maxevents=64
Sun Mar 31 17:52:59 2013 Initialization Sequence Completed
Sun Mar 31 17:52:59 2013 MANAGEMENT: >STATE:1364773979,CONNECTED,SUCCESS,10.26.0.1,
Sun Mar 31 17:53:15 2013 TCP connection established with [AF_INET]174.3.205.35:56434
Sun Mar 31 17:53:15 2013 174.x.x.x:56434 TLS: Initial packet from [AF_INET]174.x.x.x:56434, sid=f3f36e87 86534a8f
Sun Mar 31 17:53:15 2013 174.x.x.x:56434 VERIFY OK: depth=1, C=CA, ST=State, L=City, O=Name, OU=changeme, CN=Name, name=changeme, emailAddress=email@email.com
Sun Mar 31 17:53:15 2013 174.3.205.35:56434 VERIFY OK: depth=0, C=CA, ST=State, L=City, O=Name, OU=changeme, CN=client, name=changeme, emailAddress=email@email.com
Sun Mar 31 17:53:15 2013 174.x.x.x:56434 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Mar 31 17:53:15 2013 174.x.x.x:56434 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Mar 31 17:53:15 2013 174.x.x.x:56434 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Mar 31 17:53:15 2013 174.x.x.x:56434 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Mar 31 17:53:15 2013 174.x.x.x:56434 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Sun Mar 31 17:53:15 2013 174.x.x.x:56434 [client] Peer Connection Initiated with [AF_INET]174.x.x.x:56434
Sun Mar 31 17:53:15 2013 client/174.x.x.x:56434 MULTI_sva: pool returned IPv4=10.26.0.6, IPv6=(Not enabled)
Sun Mar 31 17:53:15 2013 client/174.x.x.x:56434 MULTI: Learn: 10.26.0.6 -> client/174.x.x.x:56434
Sun Mar 31 17:53:15 2013 client/174.x.x.x:56434 MULTI: primary virtual IP for client/174.x.x.x:56434: 10.26.0.6
Sun Mar 31 17:53:16 2013 client/174.x.x.x:56434 PUSH: Received control message: 'PUSH_REQUEST'
Sun Mar 31 17:53:16 2013 client/174.x.x.x:56434 send_push_reply(): safe_cap=940
Sun Mar 31 17:53:16 2013 client/174.x.x.x:56434 SENT CONTROL [client]: 'PUSH_REPLY,route 192.168.0.0 255.255.255.0,route 10.26.0.0 255.255.255.0,dhcp-option DNS x.x.x.x,dhcp-option DNS x.x.x.x,route 10.26.0.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 10.26.0.6 10.26.0.5' (status=1)
Sun Mar 31 17:53:56 2013 client/174.x.x.x:56434 Connection reset, restarting [0]
Sun Mar 31 17:53:56 2013 client/174.x.x.x:56434 SIGUSR1[soft,connection-reset] received, client-instance restarting
Sun Mar 31 17:53:58 2013 TCP connection established with [AF_INET]174.x.x.x:56435
Sun Mar 31 17:53:58 2013 174.x.x.x:56435 TLS: Initial packet from [AF_INET]174.3.205.35:56435, sid=75a4496e 5a90880e
Sun Mar 31 17:53:58 2013 174.x.x.x:56435 VERIFY OK: depth=1, C=CA, ST=State, L=City, O=Name, OU=changeme, CN=Name, name=changeme, emailAddress=email@email.com
Sun Mar 31 17:53:58 2013 174.x.x.x:56435 VERIFY OK: depth=0, C=CA, ST=State, L=City, O=Name, OU=changeme, CN=client, name=changeme, emailAddress=email@email.com
Sun Mar 31 17:53:58 2013 174.x.x.x:56435 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Mar 31 17:53:58 2013 174.x.x.x:56435 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Mar 31 17:53:58 2013 174.x.x.x:56435 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Mar 31 17:53:58 2013 174.x.x.x:56435 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Mar 31 17:53:58 2013 174.x.x.x:56435 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Sun Mar 31 17:53:58 2013 174.x.x.x:56435 [client] Peer Connection Initiated with [AF_INET]174.x.x.x:56435
Sun Mar 31 17:53:58 2013 client/174.x.x.x:56435 MULTI_sva: pool returned IPv4=10.26.0.6, IPv6=(Not enabled)
Sun Mar 31 17:53:58 2013 client/174.x.x.x:56435 MULTI: Learn: 10.26.0.6 -> client/174.x.x.x:56435
Sun Mar 31 17:53:58 2013 client/174.x.x.x:56435 MULTI: primary virtual IP for client/174.x.x.x:56435: 10.26.0.6
Sun Mar 31 17:53:59 2013 client/174.x.x.x:56435 PUSH: Received control message: 'PUSH_REQUEST'
Sun Mar 31 17:53:59 2013 client/174.x.x.x:56435 send_push_reply(): safe_cap=940
Sun Mar 31 17:53:59 2013 client/174.x.x.x:56435 SENT CONTROL [client]: 'PUSH_REPLY,route 192.168.0.0 255.255.255.0,route 10.26.0.0 255.255.255.0,dhcp-option DNS x.x.x.x,dhcp-option DNS x.x.x.x,route 10.26.0.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 10.26.0.6 10.26.0.5' (status=1)
it seems like this message is looping every "certain" minutes.
please help. thanks