[SOLVED] How to access to network peripherals of Server LAN?

[Alucard86]

I've read various tutorial and faq, but I can't find a solution. If you can give me an "head" I'll be you very grateful.

I have a functional routed vpn between server/client, but can't reach peripherals on the server lan (for example a network printer or a nas) .

I'm able to ping the server from a client, trough the vpn, the "virtual" ip "10.5.0.1/24" and the server real ip "192.168.10.1/24", but I can't ping other addresses.

I have enabled the IP forwarding to the server on the Firewall/Router.
Enabled also the Windows IP routing on the server.

These are my server/client config (I'm using X.X.X.X instead of my public IP for privacy):

* Windows Server:

Code: Select all

port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
server 10.5.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 192.168.10.0 255.255.255.0"
keepalive 10 120
tls-auth key.txt 0
comp-lzo
max-clients 10
persist-key
persist-tun
status openvpn-status.log
verb 3

* Server log:

Code: Select all

Thu Apr 04 18:05:00 2013 OpenVPN 2.3.1 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [eurephia] [IPv6] built on Mar 28 2013
Thu Apr 04 18:05:00 2013 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Thu Apr 04 18:05:00 2013 Need hold release from management interface, waiting...
Thu Apr 04 18:05:00 2013 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Thu Apr 04 18:05:01 2013 MANAGEMENT: CMD 'state on'
Thu Apr 04 18:05:01 2013 MANAGEMENT: CMD 'log all on'
Thu Apr 04 18:05:01 2013 MANAGEMENT: CMD 'hold off'
Thu Apr 04 18:05:01 2013 MANAGEMENT: CMD 'hold release'
Thu Apr 04 18:05:01 2013 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Thu Apr 04 18:05:01 2013 Diffie-Hellman initialized with 1024 bit key
Thu Apr 04 18:05:01 2013 Control Channel Authentication: using 'key.txt' as a OpenVPN static key file
Thu Apr 04 18:05:01 2013 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Apr 04 18:05:01 2013 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Apr 04 18:05:01 2013 Socket Buffers: R=[8192->8192] S=[8192->8192]
Thu Apr 04 18:05:01 2013 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Thu Apr 04 18:05:01 2013 MANAGEMENT: >STATE:1365091501,ASSIGN_IP,,10.5.0.1,
Thu Apr 04 18:05:01 2013 open_tun, tt->ipv6=0
Thu Apr 04 18:05:01 2013 TAP-WIN32 device [OpenVPN] opened: \\.\Global\{DCBF8EB9-A5B9-4094-AF58-716302C0FCED}.tap
Thu Apr 04 18:05:01 2013 TAP-Windows Driver Version 9.9 
Thu Apr 04 18:05:01 2013 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.5.0.1/255.255.255.252 on interface {DCBF8EB9-A5B9-4094-AF58-716302C0FCED} [DHCP-serv: 10.5.0.2, lease-time: 31536000]
Thu Apr 04 18:05:01 2013 Sleeping for 10 seconds...
Thu Apr 04 18:05:11 2013 Successful ARP Flush on interface [131074] {DCBF8EB9-A5B9-4094-AF58-716302C0FCED}
Thu Apr 04 18:05:11 2013 MANAGEMENT: >STATE:1365091511,ADD_ROUTES,,,
Thu Apr 04 18:05:11 2013 C:\WINDOWS\system32\route.exe ADD 10.5.0.0 MASK 255.255.255.0 10.5.0.2
Thu Apr 04 18:05:11 2013 Route addition via IPAPI succeeded [adaptive]
Thu Apr 04 18:05:11 2013 UDPv4 link local (bound): [undef]
Thu Apr 04 18:05:11 2013 UDPv4 link remote: [undef]
Thu Apr 04 18:05:11 2013 MULTI: multi_init called, r=256 v=256
Thu Apr 04 18:05:11 2013 IFCONFIG POOL: base=10.5.0.4 size=62, ipv6=0
Thu Apr 04 18:05:11 2013 ifconfig_pool_read(), in='client,10.5.0.4', TODO: IPv6
Thu Apr 04 18:05:11 2013 succeeded -> ifconfig_pool_set()
Thu Apr 04 18:05:11 2013 IFCONFIG POOL LIST
Thu Apr 04 18:05:11 2013 client,10.5.0.4
Thu Apr 04 18:05:11 2013 Initialization Sequence Completed
Thu Apr 04 18:05:11 2013 MANAGEMENT: >STATE:1365091511,CONNECTED,SUCCESS,10.5.0.1,
Thu Apr 04 18:05:24 2013 192.168.10.5:1084 TLS: Initial packet from [AF_INET]192.168.10.5:1084, sid=dcb4abc2 25791e57
Thu Apr 04 18:05:24 2013 192.168.10.5:1084 VERIFY OK: depth=1, C=IT, ST=Italy, L=changeme, O=changeme, OU=changeme, CN=changeme, name=changeme, emailAddress=mail@host.domain
Thu Apr 04 18:05:24 2013 192.168.10.5:1084 VERIFY OK: depth=0, C=IT, ST=Italy, L=changeme, O=changeme, OU=changeme, CN=client, name=changeme, emailAddress=mail@host.domain
Thu Apr 04 18:05:24 2013 192.168.10.5:1084 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Apr 04 18:05:24 2013 192.168.10.5:1084 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Apr 04 18:05:24 2013 192.168.10.5:1084 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Apr 04 18:05:24 2013 192.168.10.5:1084 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Apr 04 18:05:24 2013 192.168.10.5:1084 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Thu Apr 04 18:05:24 2013 192.168.10.5:1084 [client] Peer Connection Initiated with [AF_INET]192.168.10.5:1084
Thu Apr 04 18:05:24 2013 client/192.168.10.5:1084 MULTI_sva: pool returned IPv4=10.5.0.6, IPv6=(Not enabled)
Thu Apr 04 18:05:24 2013 client/192.168.10.5:1084 MULTI: Learn: 10.5.0.6 -> client/192.168.10.5:1084
Thu Apr 04 18:05:24 2013 client/192.168.10.5:1084 MULTI: primary virtual IP for client/192.168.10.5:1084: 10.5.0.6
Thu Apr 04 18:05:26 2013 client/192.168.10.5:1084 PUSH: Received control message: 'PUSH_REQUEST'
Thu Apr 04 18:05:26 2013 client/192.168.10.5:1084 send_push_reply(): safe_cap=940
Thu Apr 04 18:05:26 2013 client/192.168.10.5:1084 SENT CONTROL [client]: 'PUSH_REPLY,route 192.168.10.0 255.255.255.0,route 10.5.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.5.0.6 10.5.0.5' (status=1)

* Windows Client:

Code: Select all

client
dev tun
proto udp
remote x.x.x.x 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
ns-cert-type server
tls-auth key.txt 1
comp-lzo
verb 3

* Client log:

Code: Select all

Thu Apr 04 18:05:25 2013 OpenVPN 2.3.1 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [eurephia] [IPv6] built on Mar 28 2013
Enter Management Password:
Thu Apr 04 18:05:25 2013 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Thu Apr 04 18:05:25 2013 Need hold release from management interface, waiting...
Thu Apr 04 18:05:25 2013 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Thu Apr 04 18:05:25 2013 MANAGEMENT: CMD 'state on'
Thu Apr 04 18:05:25 2013 MANAGEMENT: CMD 'log all on'
Thu Apr 04 18:05:25 2013 MANAGEMENT: CMD 'hold off'
Thu Apr 04 18:05:25 2013 MANAGEMENT: CMD 'hold release'
Thu Apr 04 18:05:25 2013 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Thu Apr 04 18:05:26 2013 Control Channel Authentication: using 'key.txt' as a OpenVPN static key file
Thu Apr 04 18:05:26 2013 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Apr 04 18:05:26 2013 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Apr 04 18:05:26 2013 Socket Buffers: R=[8192->8192] S=[8192->8192]
Thu Apr 04 18:05:26 2013 UDPv4 link local: [undef]
Thu Apr 04 18:05:26 2013 UDPv4 link remote: [AF_INET]X.X.X.X:1194
Thu Apr 04 18:05:26 2013 MANAGEMENT: >STATE:1365091526,WAIT,,,
Thu Apr 04 18:05:26 2013 MANAGEMENT: >STATE:1365091526,AUTH,,,
Thu Apr 04 18:05:26 2013 TLS: Initial packet from [AF_INET]X.X.X.X:1194, sid=523e8642 63966c51
Thu Apr 04 18:05:26 2013 VERIFY OK: depth=1, C=IT, ST=Italy, L=changeme, O=changeme, OU=changeme, CN=changeme, name=changeme, emailAddress=mail@host.domain
Thu Apr 04 18:05:26 2013 VERIFY OK: nsCertType=SERVER
Thu Apr 04 18:05:26 2013 VERIFY OK: depth=0, C=IT, ST=Italy, L=changeme, O=changeme, OU=changeme, CN=server, name=changeme, emailAddress=mail@host.domain
Thu Apr 04 18:05:26 2013 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Apr 04 18:05:26 2013 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Apr 04 18:05:26 2013 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Apr 04 18:05:26 2013 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Apr 04 18:05:26 2013 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Thu Apr 04 18:05:26 2013 [server] Peer Connection Initiated with [AF_INET]X.X.X.X:1194
Thu Apr 04 18:05:27 2013 MANAGEMENT: >STATE:1365091527,GET_CONFIG,,,
Thu Apr 04 18:05:28 2013 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Thu Apr 04 18:05:28 2013 PUSH: Received control message: 'PUSH_REPLY,route 192.168.10.0 255.255.255.0,route 10.5.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.5.0.6 10.5.0.5'
Thu Apr 04 18:05:28 2013 OPTIONS IMPORT: timers and/or timeouts modified
Thu Apr 04 18:05:28 2013 OPTIONS IMPORT: --ifconfig/up options modified
Thu Apr 04 18:05:28 2013 OPTIONS IMPORT: route options modified
Thu Apr 04 18:05:28 2013 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Thu Apr 04 18:05:28 2013 MANAGEMENT: >STATE:1365091528,ASSIGN_IP,,10.5.0.6,
Thu Apr 04 18:05:28 2013 open_tun, tt->ipv6=0
Thu Apr 04 18:05:28 2013 TAP-WIN32 device [OpenVPN] opened: \\.\Global\{C1611BBC-0165-4E00-9FE6-6847324D2220}.tap
Thu Apr 04 18:05:28 2013 TAP-Windows Driver Version 9.9 
Thu Apr 04 18:05:28 2013 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.5.0.6/255.255.255.252 on interface {C1611BBC-0165-4E00-9FE6-6847324D2220} [DHCP-serv: 10.5.0.5, lease-time: 31536000]
Thu Apr 04 18:05:28 2013 Successful ARP Flush on interface [4] {C1611BBC-0165-4E00-9FE6-6847324D2220}
Thu Apr 04 18:05:33 2013 TEST ROUTES: 2/2 succeeded len=2 ret=1 a=0 u/d=up
Thu Apr 04 18:05:33 2013 MANAGEMENT: >STATE:1365091533,ADD_ROUTES,,,
Thu Apr 04 18:05:33 2013 C:\WINDOWS\system32\route.exe ADD 192.168.10.0 MASK 255.255.255.0 10.5.0.5
Thu Apr 04 18:05:33 2013 Route addition via IPAPI succeeded [adaptive]
Thu Apr 04 18:05:33 2013 C:\WINDOWS\system32\route.exe ADD 10.5.0.1 MASK 255.255.255.255 10.5.0.5
Thu Apr 04 18:05:33 2013 Route addition via IPAPI succeeded [adaptive]
Thu Apr 04 18:05:33 2013 Initialization Sequence Completed
Thu Apr 04 18:05:33 2013 MANAGEMENT: >STATE:1365091533,CONNECTED,SUCCESS,10.5.0.6,X.X.X.X

[Douglas]

You have a return route? The devices have to know how to talk back to your client.

[Alucard86]

I see, no I haven't a return route. I must add it in the configuration of the dhcp server? Or I can add a parameter in the vpn config file?

[Alucard86]

I understand, I've to add manually a route with promt of command windows console.
Like this:

Code: Select all

route add 10.5.0.1 mask 255.255.255.0 192.168.10.0

It's correct?

[Alucard86]

Resolved! I've forgotten to add a static route in the router configuration!
With the same vpn configuration Now I can access to the server lan network devices.

Thanks for the support!

[Douglas]

Sorry i did not get back to you but yup you hit nail on head. You could get packets there but they needed a way back!

[Alucard86]

Ok, I don't understand, can you give me a pratical example for set a return route?

[Douglas]

Ok, I don't understand, can you give me a pratical example for set a return route?

So say your home LAN is X, office LAN is Y (vpn server is here), VPN subnet is Z. VPN when you connect pushes a route saying 'hi X, to access Y, send traffic through Z' automatically with a route push directive. On the other hand, clients in Y dont have anything pushed how to access X, so you must set that route to go through Z or you cant communicate as it's one way.

Make sense?

[Alucard86]

I've already set Y (server) to push a route in Z with this parameter:
push "route 192.168.10.0 255.255.255.0"

With this one X (home) it can communicate with Y, or I've done a mistake?

I followed this guide line, at paragraph: Including multiple machines on the server side when using a routed VPN (dev tun):
http://openvpn.net/index.php/open-sourc ... html#scope

[Douglas]

VPN can get packets to that network but that is not enough unless your gateway runs the VPN server. So you have to tell the packets how to get back with a route entry.

[Alucard86]

Ok, so I've to say at Y (server) to route the traffic to X (home).

I can use this parameter on the server config?
push "route client-ip-class netmask"
for example:
push "route 192.168.1.0 255.255.255.0"

[Alucard86]

VPN can get packets to that network but that is not enough unless your gateway runs the VPN server. So you have to tell the packets how to get back with a route entry.

I am confusing.
In summary, at the beginning I was trying to access the network behind the server from vpn. I did it by adding to the gateway (router) this route:
10.5.0.0 255.255.255.0 192.168.10.1
But you tell me that this system needs a route back to the clients.
I do not understand what task I have to do, and whether it should be made for each client.

In my case the client does not have a fixed ip class because they are notebooks connected to different wireless networks according to the place.

[janjust]

with the route you added (on the server side gateway) the client should be able to reach the machines on the server LAN... make sure you added a

Code: Select all

push "route 192.168.10.0 255.255.255.0"

to the server config (NOT the 10.5. one!), reconnect the client and look at the routing tables on both sides. if possible, run something like wireshark or tcpdump to watch the flow of packets when pinging a machine on the server-side LAN from the VPN client.

[Alucard86]

Yes, "push route 192.168.10.0 255.255.225.0" it's already set in the vpn server config.
I've connected a client with a modem 3g mobile connection and here the route table and the wireshark log (I've recorded the client virtual TAP lan when pinging a network printer in the server lan):

Routle table withouth VPN:

Code: Select all

IPv4 Tabella route
===========================================================================
Route attive:
     Indirizzo rete             Mask          Gateway     Interfaccia Metrica
          0.0.0.0          0.0.0.0         On-link    176.201.91.112     31
        127.0.0.0        255.0.0.0         On-link         127.0.0.1   4531
        127.0.0.1  255.255.255.255         On-link         127.0.0.1   4531
  127.255.255.255  255.255.255.255         On-link         127.0.0.1   4531
   176.201.91.112  255.255.255.255         On-link    176.201.91.112    286
        224.0.0.0        240.0.0.0         On-link         127.0.0.1   4531
        224.0.0.0        240.0.0.0         On-link    176.201.91.112     31
  255.255.255.255  255.255.255.255         On-link         127.0.0.1   4531
  255.255.255.255  255.255.255.255         On-link    176.201.91.112    286
===========================================================================
Route permanenti:
  Nessuna

Routle table with VPN active:

Code: Select all

IPv4 Tabella route
===========================================================================
Route attive:
     Indirizzo rete             Mask          Gateway     Interfaccia Metrica
          0.0.0.0          0.0.0.0         On-link    176.201.91.112     31
         10.5.0.4  255.255.255.252         On-link          10.5.0.6   4511
         10.5.0.6  255.255.255.255         On-link          10.5.0.6   4511
         10.5.0.7  255.255.255.255         On-link          10.5.0.6   4511
        127.0.0.0        255.0.0.0         On-link         127.0.0.1   4531
        127.0.0.1  255.255.255.255         On-link         127.0.0.1   4531
  127.255.255.255  255.255.255.255         On-link         127.0.0.1   4531
   176.201.91.112  255.255.255.255         On-link    176.201.91.112    286
        224.0.0.0        240.0.0.0         On-link         127.0.0.1   4531
        224.0.0.0        240.0.0.0         On-link          10.5.0.6   4511
        224.0.0.0        240.0.0.0         On-link    176.201.91.112     31
  255.255.255.255  255.255.255.255         On-link         127.0.0.1   4531
  255.255.255.255  255.255.255.255         On-link          10.5.0.6   4511
  255.255.255.255  255.255.255.255         On-link    176.201.91.112    286
===========================================================================
Route permanenti:
  Nessuna

Wireshark log (recorded client virtual TAP lan when pinging network printer on the server lan):

Code: Select all

"No.","Time","Source","Destination","Protocol","Length","Info"
"1","0.000000000","10.5.0.6","192.168.10.9","ICMP","74","Echo (ping) request  id=0x0001, seq=386/33281, ttl=128"
"2","0.127731000","192.168.10.9","10.5.0.6","ICMP","74","Echo (ping) reply    id=0x0001, seq=386/33281, ttl=62"
"3","1.007821000","10.5.0.6","192.168.10.9","ICMP","74","Echo (ping) request  id=0x0001, seq=387/33537, ttl=128"
"4","1.177889000","192.168.10.9","10.5.0.6","ICMP","74","Echo (ping) reply    id=0x0001, seq=387/33537, ttl=62"
"5","2.017665000","10.5.0.6","192.168.10.9","ICMP","74","Echo (ping) request  id=0x0001, seq=388/33793, ttl=128"
"6","2.148218000","192.168.10.9","10.5.0.6","ICMP","74","Echo (ping) reply    id=0x0001, seq=388/33793, ttl=62"
"7","3.025427000","10.5.0.6","192.168.10.9","ICMP","74","Echo (ping) request  id=0x0001, seq=389/34049, ttl=128"
"8","3.028838000","10.5.0.6","239.255.255.250","UDP","694","Source port: 62287  Destination port: ws-discovery"
"9","3.029760000","fe80::a16b:dc17:b42a:f7e3","ff02::c","UDP","714","Source port: 62288  Destination port: ws-discovery"
"10","3.093025000","10.5.0.6","239.255.255.250","UDP","694","Source port: 62287  Destination port: ws-discovery"
"11","3.137846000","192.168.10.9","10.5.0.6","ICMP","74","Echo (ping) reply    id=0x0001, seq=389/34049, ttl=62"
"12","3.140783000","fe80::a16b:dc17:b42a:f7e3","ff02::c","UDP","714","Source port: 62288  Destination port: ws-discovery"
"13","4.034241000","10.5.0.6","192.168.10.9","ICMP","74","Echo (ping) request  id=0x0001, seq=390/34305, ttl=128"
"14","4.158167000","192.168.10.9","10.5.0.6","ICMP","74","Echo (ping) reply    id=0x0001, seq=390/34305, ttl=62"
"15","5.051783000","10.5.0.6","192.168.10.9","ICMP","74","Echo (ping) request  id=0x0001, seq=391/34561, ttl=128"
"16","5.177851000","192.168.10.9","10.5.0.6","ICMP","74","Echo (ping) reply    id=0x0001, seq=391/34561, ttl=62"
"17","6.059701000","10.5.0.6","192.168.10.9","ICMP","74","Echo (ping) request  id=0x0001, seq=392/34817, ttl=128"
"18","6.187918000","192.168.10.9","10.5.0.6","ICMP","74","Echo (ping) reply    id=0x0001, seq=392/34817, ttl=62"
"19","7.067443000","10.5.0.6","192.168.10.9","ICMP","74","Echo (ping) request  id=0x0001, seq=393/35073, ttl=128"
"20","7.177974000","192.168.10.9","10.5.0.6","ICMP","74","Echo (ping) reply    id=0x0001, seq=393/35073, ttl=62"
"21","8.075354000","10.5.0.6","192.168.10.9","ICMP","74","Echo (ping) request  id=0x0001, seq=394/35329, ttl=128"
"22","8.197841000","192.168.10.9","10.5.0.6","ICMP","74","Echo (ping) reply    id=0x0001, seq=394/35329, ttl=62"
"23","9.086984000","10.5.0.6","192.168.10.9","ICMP","74","Echo (ping) request  id=0x0001, seq=395/35585, ttl=128"
"24","9.207976000","192.168.10.9","10.5.0.6","ICMP","74","Echo (ping) reply    id=0x0001, seq=395/35585, ttl=62"
"25","10.093829000","10.5.0.6","192.168.10.9","ICMP","74","Echo (ping) request  id=0x0001, seq=396/35841, ttl=128"
"26","10.207978000","192.168.10.9","10.5.0.6","ICMP","74","Echo (ping) reply    id=0x0001, seq=396/35841, ttl=62"
"27","11.100680000","10.5.0.6","192.168.10.9","ICMP","74","Echo (ping) request  id=0x0001, seq=397/36097, ttl=128"
"28","11.218100000","192.168.10.9","10.5.0.6","ICMP","74","Echo (ping) reply    id=0x0001, seq=397/36097, ttl=62"
"29","11.458526000","10.5.0.6","192.168.10.9","SNMP","160","get-request 1.3.6.1.2.1.43.8.2.1.18.1.1 1.3.6.1.2.1.43.8.2.1.18.1.2 1.3.6.1.2.1.43.8.2.1.18.1.3 1.3.6.1.2.1.43.8.2.1.18.1.4 1.3.6.1.2.1.43.8.2.1.18.1.5"
"30","11.878136000","192.168.10.9","10.5.0.6","SNMP","160","get-response 1.3.6.1.2.1.43.8.2.1.18.1.1 1.3.6.1.2.1.43.8.2.1.18.1.2 1.3.6.1.2.1.43.8.2.1.18.1.3 1.3.6.1.2.1.43.8.2.1.18.1.4 1.3.6.1.2.1.43.8.2.1.18.1.5"
"31","11.878431000","10.5.0.6","192.168.10.9","SNMP","142","get-request 1.3.6.1.2.1.43.8.2.1.18.1.1 1.3.6.1.2.1.43.8.2.1.18.1.2 1.3.6.1.2.1.43.8.2.1.18.1.3 1.3.6.1.2.1.43.8.2.1.18.1.4"
"32","12.007969000","192.168.10.9","10.5.0.6","SNMP","142","get-response 1.3.6.1.2.1.43.8.2.1.18.1.1 1.3.6.1.2.1.43.8.2.1.18.1.2 1.3.6.1.2.1.43.8.2.1.18.1.3 1.3.6.1.2.1.43.8.2.1.18.1.4"
"33","12.008224000","10.5.0.6","192.168.10.9","SNMP","124","get-request 1.3.6.1.2.1.43.8.2.1.18.1.1 1.3.6.1.2.1.43.8.2.1.18.1.2 1.3.6.1.2.1.43.8.2.1.18.1.3"
"34","12.109474000","10.5.0.6","192.168.10.9","ICMP","74","Echo (ping) request  id=0x0001, seq=398/36353, ttl=128"
"35","12.138098000","192.168.10.9","10.5.0.6","SNMP","151","get-response 1.3.6.1.2.1.43.8.2.1.18.1.1 1.3.6.1.2.1.43.8.2.1.18.1.2 1.3.6.1.2.1.43.8.2.1.18.1.3"
"36","12.477961000","192.168.10.9","10.5.0.6","ICMP","74","Echo (ping) reply    id=0x0001, seq=398/36353, ttl=62"
"37","13.117310000","10.5.0.6","192.168.10.9","ICMP","74","Echo (ping) request  id=0x0001, seq=399/36609, ttl=128"
"38","13.228221000","192.168.10.9","10.5.0.6","ICMP","74","Echo (ping) reply    id=0x0001, seq=399/36609, ttl=62"
"39","14.125116000","10.5.0.6","192.168.10.9","ICMP","74","Echo (ping) request  id=0x0001, seq=400/36865, ttl=128"
"40","14.238085000","192.168.10.9","10.5.0.6","ICMP","74","Echo (ping) reply    id=0x0001, seq=400/36865, ttl=62"
"41","15.131953000","10.5.0.6","192.168.10.9","ICMP","74","Echo (ping) request  id=0x0001, seq=401/37121, ttl=128"
"42","15.268093000","192.168.10.9","10.5.0.6","ICMP","74","Echo (ping) reply    id=0x0001, seq=401/37121, ttl=62"
"43","16.138809000","10.5.0.6","192.168.10.9","ICMP","74","Echo (ping) request  id=0x0001, seq=402/37377, ttl=128"
"44","16.268080000","192.168.10.9","10.5.0.6","ICMP","74","Echo (ping) reply    id=0x0001, seq=402/37377, ttl=62"
"45","17.146627000","10.5.0.6","192.168.10.9","ICMP","74","Echo (ping) request  id=0x0001, seq=403/37633, ttl=128"
"46","17.298685000","192.168.10.9","10.5.0.6","ICMP","74","Echo (ping) reply    id=0x0001, seq=403/37633, ttl=62"
"47","18.157451000","10.5.0.6","192.168.10.9","ICMP","74","Echo (ping) request  id=0x0001, seq=404/37889, ttl=128"
"48","18.268327000","192.168.10.9","10.5.0.6","ICMP","74","Echo (ping) reply    id=0x0001, seq=404/37889, ttl=62"
"49","19.167215000","10.5.0.6","192.168.10.9","ICMP","74","Echo (ping) request  id=0x0001, seq=405/38145, ttl=128"
"50","19.408527000","192.168.10.9","10.5.0.6","ICMP","74","Echo (ping) reply    id=0x0001, seq=405/38145, ttl=62"
"51","20.175945000","10.5.0.6","192.168.10.9","ICMP","74","Echo (ping) request  id=0x0001, seq=406/38401, ttl=128"
"52","20.578489000","192.168.10.9","10.5.0.6","ICMP","74","Echo (ping) reply    id=0x0001, seq=406/38401, ttl=62"
"53","21.192613000","10.5.0.6","192.168.10.9","ICMP","74","Echo (ping) request  id=0x0001, seq=407/38657, ttl=128"
"54","21.778221000","192.168.10.9","10.5.0.6","ICMP","74","Echo (ping) reply    id=0x0001, seq=407/38657, ttl=62"

I can't read clearly wireshark log, but seems that's no errors in communication?

[janjust]

the 'icmp' trace looks OK, but I do not see the route 192.168.10 added after the VPN starts - add "verb 5" to the client config file and reconnect; post the (sanitized) output here so we can tell what is going wrong.

[Alucard86]

I've modified verb 5 in client log and I noticed an error about the pushed routes:

Code: Select all

Mon Apr 15 17:32:13 2013 us=57605 MANAGEMENT: >STATE:1366039933,ADD_ROUTES,,,
Mon Apr 15 17:32:13 2013 us=57605 C:\Windows\system32\route.exe ADD 192.168.10.0 MASK 255.255.255.0 10.5.0.5
Mon Apr 15 17:32:13 2013 us=291981 ROUTE: route addition failed using CreateIpForwardEntry: Uno o più argomenti non validi.   [status=160 if_index=26]
Mon Apr 15 17:32:13 2013 us=291981 Route addition via IPAPI failed [adaptive]
Mon Apr 15 17:32:13 2013 us=291981 Route addition fallback to route.exe
Mon Apr 15 17:32:13 2013 us=291981 env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
 OK
Mon Apr 15 17:32:13 2013 us=385732 C:\Windows\system32\route.exe ADD 10.5.0.1 MASK 255.255.255.255 10.5.0.5
Mon Apr 15 17:32:13 2013 us=729485 ROUTE: route addition failed using CreateIpForwardEntry: Uno o più argomenti non validi.   [status=160 if_index=26]
Mon Apr 15 17:32:13 2013 us=729485 Route addition via IPAPI failed [adaptive]
Mon Apr 15 17:32:13 2013 us=729485 Route addition fallback to route.exe
Mon Apr 15 17:32:13 2013 us=729485 env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
 OK
Mon Apr 15 17:32:13 2013 us=791987 Initialization Sequence Completed
Mon Apr 15 17:32:13 2013 us=791987 MANAGEMENT: >STATE:1366039933,CONNECTED,SUCCESS,10.5.0.6,my-public-ip

I've add this parameter to the client config:

Code: Select all

route-method exe
route-delay

I didn't see no more errors about pushed routes in the client log. Here the full log (I've replaced my public ip address with x.x.x.x):

Code: Select all

Mon Apr 15 17:43:41 2013 us=416712 Current Parameter Settings:
Mon Apr 15 17:43:41 2013 us=420616   config = 'client-prova.ovpn'
Mon Apr 15 17:43:41 2013 us=420616   mode = 0
Mon Apr 15 17:43:41 2013 us=420616   show_ciphers = DISABLED
Mon Apr 15 17:43:41 2013 us=420616   show_digests = DISABLED
Mon Apr 15 17:43:41 2013 us=420616   show_engines = DISABLED
Mon Apr 15 17:43:41 2013 us=420616   genkey = DISABLED
Mon Apr 15 17:43:41 2013 us=420616   key_pass_file = '[UNDEF]'
Mon Apr 15 17:43:41 2013 us=420616   show_tls_ciphers = DISABLED
Mon Apr 15 17:43:41 2013 us=420616 Connection profiles [default]:
Mon Apr 15 17:43:41 2013 us=420616   proto = udp
Mon Apr 15 17:43:41 2013 us=420616   local = '[UNDEF]'
Mon Apr 15 17:43:41 2013 us=420616   local_port = 0
Mon Apr 15 17:43:41 2013 us=420616   remote = 'X.X.X.X'
Mon Apr 15 17:43:41 2013 us=421592   remote_port = 1194
Mon Apr 15 17:43:41 2013 us=421592   remote_float = DISABLED
Mon Apr 15 17:43:41 2013 us=421592   bind_defined = DISABLED
Mon Apr 15 17:43:41 2013 us=421592   bind_local = DISABLED
Mon Apr 15 17:43:41 2013 us=421592   connect_retry_seconds = 5
Mon Apr 15 17:43:41 2013 us=421592   connect_timeout = 10
Mon Apr 15 17:43:41 2013 us=421592   connect_retry_max = 0
Mon Apr 15 17:43:41 2013 us=421592   socks_proxy_server = '[UNDEF]'
Mon Apr 15 17:43:41 2013 us=421592   socks_proxy_port = 0
Mon Apr 15 17:43:41 2013 us=421592   socks_proxy_retry = DISABLED
Mon Apr 15 17:43:41 2013 us=421592   tun_mtu = 1500
Mon Apr 15 17:43:41 2013 us=421592   tun_mtu_defined = ENABLED
Mon Apr 15 17:43:41 2013 us=421592   link_mtu = 1500
Mon Apr 15 17:43:41 2013 us=421592   link_mtu_defined = DISABLED
Mon Apr 15 17:43:41 2013 us=421592   tun_mtu_extra = 0
Mon Apr 15 17:43:41 2013 us=421592   tun_mtu_extra_defined = DISABLED
Mon Apr 15 17:43:41 2013 us=421592   mtu_discover_type = -1
Mon Apr 15 17:43:41 2013 us=421592   fragment = 0
Mon Apr 15 17:43:41 2013 us=421592   mssfix = 1450
Mon Apr 15 17:43:41 2013 us=421592   explicit_exit_notification = 0
Mon Apr 15 17:43:41 2013 us=421592 Connection profiles END
Mon Apr 15 17:43:41 2013 us=421592   remote_random = DISABLED
Mon Apr 15 17:43:41 2013 us=421592   ipchange = '[UNDEF]'
Mon Apr 15 17:43:41 2013 us=421592   dev = 'tun'
Mon Apr 15 17:43:41 2013 us=421592   dev_type = '[UNDEF]'
Mon Apr 15 17:43:41 2013 us=421592   dev_node = '[UNDEF]'
Mon Apr 15 17:43:41 2013 us=421592   lladdr = '[UNDEF]'
Mon Apr 15 17:43:41 2013 us=421592   topology = 1
Mon Apr 15 17:43:41 2013 us=421592   tun_ipv6 = DISABLED
Mon Apr 15 17:43:41 2013 us=421592   ifconfig_local = '[UNDEF]'
Mon Apr 15 17:43:41 2013 us=421592   ifconfig_remote_netmask = '[UNDEF]'
Mon Apr 15 17:43:41 2013 us=421592   ifconfig_noexec = DISABLED
Mon Apr 15 17:43:41 2013 us=421592   ifconfig_nowarn = DISABLED
Mon Apr 15 17:43:41 2013 us=421592   ifconfig_ipv6_local = '[UNDEF]'
Mon Apr 15 17:43:41 2013 us=421592   ifconfig_ipv6_netbits = 0
Mon Apr 15 17:43:41 2013 us=421592   ifconfig_ipv6_remote = '[UNDEF]'
Mon Apr 15 17:43:41 2013 us=421592   shaper = 0
Mon Apr 15 17:43:41 2013 us=421592   mtu_test = 0
Mon Apr 15 17:43:41 2013 us=421592   mlock = DISABLED
Mon Apr 15 17:43:41 2013 us=421592   keepalive_ping = 0
Mon Apr 15 17:43:41 2013 us=422568   keepalive_timeout = 0
Mon Apr 15 17:43:41 2013 us=422568   inactivity_timeout = 0
Mon Apr 15 17:43:41 2013 us=422568   ping_send_timeout = 0
Mon Apr 15 17:43:41 2013 us=422568   ping_rec_timeout = 0
Mon Apr 15 17:43:41 2013 us=422568   ping_rec_timeout_action = 0
Mon Apr 15 17:43:41 2013 us=422568   ping_timer_remote = DISABLED
Mon Apr 15 17:43:41 2013 us=422568   remap_sigusr1 = 0
Mon Apr 15 17:43:41 2013 us=422568   persist_tun = ENABLED
Mon Apr 15 17:43:41 2013 us=422568   persist_local_ip = DISABLED
Mon Apr 15 17:43:41 2013 us=422568   persist_remote_ip = DISABLED
Mon Apr 15 17:43:41 2013 us=422568   persist_key = ENABLED
Mon Apr 15 17:43:41 2013 us=422568   passtos = DISABLED
Mon Apr 15 17:43:41 2013 us=422568   resolve_retry_seconds = 1000000000
Mon Apr 15 17:43:41 2013 us=422568   username = '[UNDEF]'
Mon Apr 15 17:43:41 2013 us=422568   groupname = '[UNDEF]'
Mon Apr 15 17:43:41 2013 us=422568   chroot_dir = '[UNDEF]'
Mon Apr 15 17:43:41 2013 us=422568   cd_dir = '[UNDEF]'
Mon Apr 15 17:43:41 2013 us=422568   writepid = '[UNDEF]'
Mon Apr 15 17:43:41 2013 us=422568   up_script = '[UNDEF]'
Mon Apr 15 17:43:41 2013 us=422568   down_script = '[UNDEF]'
Mon Apr 15 17:43:41 2013 us=422568   down_pre = DISABLED
Mon Apr 15 17:43:41 2013 us=422568   up_restart = DISABLED
Mon Apr 15 17:43:41 2013 us=422568   up_delay = DISABLED
Mon Apr 15 17:43:41 2013 us=422568   daemon = DISABLED
Mon Apr 15 17:43:41 2013 us=422568   inetd = 0
Mon Apr 15 17:43:41 2013 us=423546   log = ENABLED
Mon Apr 15 17:43:41 2013 us=423546   suppress_timestamps = DISABLED
Mon Apr 15 17:43:41 2013 us=423546   nice = 0
Mon Apr 15 17:43:41 2013 us=423546   verbosity = 5
Mon Apr 15 17:43:41 2013 us=423546   mute = 0
Mon Apr 15 17:43:41 2013 us=423546   status_file = '[UNDEF]'
Mon Apr 15 17:43:41 2013 us=423546   status_file_version = 1
Mon Apr 15 17:43:41 2013 us=423546   status_file_update_freq = 60
Mon Apr 15 17:43:41 2013 us=423546   occ = ENABLED
Mon Apr 15 17:43:41 2013 us=423546   rcvbuf = 0
Mon Apr 15 17:43:41 2013 us=423546   sndbuf = 0
Mon Apr 15 17:43:41 2013 us=423546   sockflags = 0
Mon Apr 15 17:43:41 2013 us=423546   fast_io = DISABLED
Mon Apr 15 17:43:41 2013 us=423546   lzo = 7
Mon Apr 15 17:43:41 2013 us=423546   route_script = '[UNDEF]'
Mon Apr 15 17:43:41 2013 us=423546   route_default_gateway = '[UNDEF]'
Mon Apr 15 17:43:41 2013 us=423546   route_default_metric = 0
Mon Apr 15 17:43:41 2013 us=423546   route_noexec = DISABLED
Mon Apr 15 17:43:41 2013 us=423546   route_delay = 0
Mon Apr 15 17:43:41 2013 us=423546   route_delay_window = 30
Mon Apr 15 17:43:41 2013 us=423546   route_delay_defined = ENABLED
Mon Apr 15 17:43:41 2013 us=423546   route_nopull = DISABLED
Mon Apr 15 17:43:41 2013 us=423546   route_gateway_via_dhcp = DISABLED
Mon Apr 15 17:43:41 2013 us=423546   max_routes = 100
Mon Apr 15 17:43:41 2013 us=423546   allow_pull_fqdn = DISABLED
Mon Apr 15 17:43:41 2013 us=423546   management_addr = '127.0.0.1'
Mon Apr 15 17:43:41 2013 us=423546   management_port = 25340
Mon Apr 15 17:43:41 2013 us=424521   management_user_pass = 'stdin'
Mon Apr 15 17:43:41 2013 us=424521   management_log_history_cache = 250
Mon Apr 15 17:43:41 2013 us=424521   management_echo_buffer_size = 100
Mon Apr 15 17:43:41 2013 us=424521   management_write_peer_info_file = '[UNDEF]'
Mon Apr 15 17:43:41 2013 us=424521   management_client_user = '[UNDEF]'
Mon Apr 15 17:43:41 2013 us=424521   management_client_group = '[UNDEF]'
Mon Apr 15 17:43:41 2013 us=424521   management_flags = 6
Mon Apr 15 17:43:41 2013 us=424521   shared_secret_file = '[UNDEF]'
Mon Apr 15 17:43:41 2013 us=424521   key_direction = 2
Mon Apr 15 17:43:41 2013 us=424521   ciphername_defined = ENABLED
Mon Apr 15 17:43:41 2013 us=424521   ciphername = 'BF-CBC'
Mon Apr 15 17:43:41 2013 us=424521   authname_defined = ENABLED
Mon Apr 15 17:43:41 2013 us=424521   authname = 'SHA1'
Mon Apr 15 17:43:41 2013 us=424521   prng_hash = 'SHA1'
Mon Apr 15 17:43:41 2013 us=424521   prng_nonce_secret_len = 16
Mon Apr 15 17:43:41 2013 us=424521   keysize = 0
Mon Apr 15 17:43:41 2013 us=424521   engine = DISABLED
Mon Apr 15 17:43:41 2013 us=424521   replay = ENABLED
Mon Apr 15 17:43:41 2013 us=424521   mute_replay_warnings = DISABLED
Mon Apr 15 17:43:41 2013 us=424521   replay_window = 64
Mon Apr 15 17:43:41 2013 us=424521   replay_time = 15
Mon Apr 15 17:43:41 2013 us=424521   packet_id_file = '[UNDEF]'
Mon Apr 15 17:43:41 2013 us=424521   use_iv = ENABLED
Mon Apr 15 17:43:41 2013 us=424521   test_crypto = DISABLED
Mon Apr 15 17:43:41 2013 us=424521   tls_server = DISABLED
Mon Apr 15 17:43:41 2013 us=424521   tls_client = ENABLED
Mon Apr 15 17:43:41 2013 us=424521   key_method = 2
Mon Apr 15 17:43:41 2013 us=425498   ca_file = 'ca.crt'
Mon Apr 15 17:43:41 2013 us=425498   ca_path = '[UNDEF]'
Mon Apr 15 17:43:41 2013 us=425498   dh_file = '[UNDEF]'
Mon Apr 15 17:43:41 2013 us=425498   cert_file = 'client-prova.crt'
Mon Apr 15 17:43:41 2013 us=425498   priv_key_file = 'client-prova.key'
Mon Apr 15 17:43:41 2013 us=425498   pkcs12_file = '[UNDEF]'
Mon Apr 15 17:43:41 2013 us=425498   cryptoapi_cert = '[UNDEF]'
Mon Apr 15 17:43:41 2013 us=425498   cipher_list = '[UNDEF]'
Mon Apr 15 17:43:41 2013 us=425498   tls_verify = '[UNDEF]'
Mon Apr 15 17:43:41 2013 us=425498   tls_export_cert = '[UNDEF]'
Mon Apr 15 17:43:41 2013 us=425498   verify_x509_type = 0
Mon Apr 15 17:43:41 2013 us=425498   verify_x509_name = '[UNDEF]'
Mon Apr 15 17:43:41 2013 us=425498   crl_file = '[UNDEF]'
Mon Apr 15 17:43:41 2013 us=425498   ns_cert_type = 1
Mon Apr 15 17:43:41 2013 us=425498   remote_cert_ku[i] = 0
Mon Apr 15 17:43:41 2013 us=425498   remote_cert_ku[i] = 0
Mon Apr 15 17:43:41 2013 us=425498   remote_cert_ku[i] = 0
Mon Apr 15 17:43:41 2013 us=425498   remote_cert_ku[i] = 0
Mon Apr 15 17:43:41 2013 us=425498   remote_cert_ku[i] = 0
Mon Apr 15 17:43:41 2013 us=425498   remote_cert_ku[i] = 0
Mon Apr 15 17:43:41 2013 us=425498   remote_cert_ku[i] = 0
Mon Apr 15 17:43:41 2013 us=425498   remote_cert_ku[i] = 0
Mon Apr 15 17:43:41 2013 us=425498   remote_cert_ku[i] = 0
Mon Apr 15 17:43:41 2013 us=425498   remote_cert_ku[i] = 0
Mon Apr 15 17:43:41 2013 us=425498   remote_cert_ku[i] = 0
Mon Apr 15 17:43:41 2013 us=425498   remote_cert_ku[i] = 0
Mon Apr 15 17:43:41 2013 us=425498   remote_cert_ku[i] = 0
Mon Apr 15 17:43:41 2013 us=425498   remote_cert_ku[i] = 0
Mon Apr 15 17:43:41 2013 us=425498   remote_cert_ku[i] = 0
Mon Apr 15 17:43:41 2013 us=425498   remote_cert_ku[i] = 0
Mon Apr 15 17:43:41 2013 us=425498   remote_cert_eku = '[UNDEF]'
Mon Apr 15 17:43:41 2013 us=425498   ssl_flags = 0
Mon Apr 15 17:43:41 2013 us=425498   tls_timeout = 2
Mon Apr 15 17:43:41 2013 us=425498   renegotiate_bytes = 0
Mon Apr 15 17:43:41 2013 us=425498   renegotiate_packets = 0
Mon Apr 15 17:43:41 2013 us=425498   renegotiate_seconds = 3600
Mon Apr 15 17:43:41 2013 us=425498   handshake_window = 60
Mon Apr 15 17:43:41 2013 us=425498   transition_window = 3600
Mon Apr 15 17:43:41 2013 us=425498   single_session = DISABLED
Mon Apr 15 17:43:41 2013 us=425498   push_peer_info = DISABLED
Mon Apr 15 17:43:41 2013 us=425498   tls_exit = DISABLED
Mon Apr 15 17:43:41 2013 us=425498   tls_auth_file = 'key.txt'
Mon Apr 15 17:43:41 2013 us=426473   pkcs11_protected_authentication = DISABLED
Mon Apr 15 17:43:41 2013 us=426473   pkcs11_protected_authentication = DISABLED
Mon Apr 15 17:43:41 2013 us=426473   pkcs11_protected_authentication = DISABLED
Mon Apr 15 17:43:41 2013 us=426473   pkcs11_protected_authentication = DISABLED
Mon Apr 15 17:43:41 2013 us=426473   pkcs11_protected_authentication = DISABLED
Mon Apr 15 17:43:41 2013 us=426473   pkcs11_protected_authentication = DISABLED
Mon Apr 15 17:43:41 2013 us=426473   pkcs11_protected_authentication = DISABLED
Mon Apr 15 17:43:41 2013 us=426473   pkcs11_protected_authentication = DISABLED
Mon Apr 15 17:43:41 2013 us=426473   pkcs11_protected_authentication = DISABLED
Mon Apr 15 17:43:41 2013 us=426473   pkcs11_protected_authentication = DISABLED
Mon Apr 15 17:43:41 2013 us=426473   pkcs11_protected_authentication = DISABLED
Mon Apr 15 17:43:41 2013 us=426473   pkcs11_protected_authentication = DISABLED
Mon Apr 15 17:43:41 2013 us=426473   pkcs11_protected_authentication = DISABLED
Mon Apr 15 17:43:41 2013 us=426473   pkcs11_protected_authentication = DISABLED
Mon Apr 15 17:43:41 2013 us=426473   pkcs11_protected_authentication = DISABLED
Mon Apr 15 17:43:41 2013 us=426473   pkcs11_protected_authentication = DISABLED
Mon Apr 15 17:43:41 2013 us=426473   pkcs11_private_mode = 00000000
Mon Apr 15 17:43:41 2013 us=426473   pkcs11_private_mode = 00000000
Mon Apr 15 17:43:41 2013 us=426473   pkcs11_private_mode = 00000000
Mon Apr 15 17:43:41 2013 us=426473   pkcs11_private_mode = 00000000
Mon Apr 15 17:43:41 2013 us=426473   pkcs11_private_mode = 00000000
Mon Apr 15 17:43:41 2013 us=426473   pkcs11_private_mode = 00000000
Mon Apr 15 17:43:41 2013 us=426473   pkcs11_private_mode = 00000000
Mon Apr 15 17:43:41 2013 us=426473   pkcs11_private_mode = 00000000
Mon Apr 15 17:43:41 2013 us=426473   pkcs11_private_mode = 00000000
Mon Apr 15 17:43:41 2013 us=426473   pkcs11_private_mode = 00000000
Mon Apr 15 17:43:41 2013 us=426473   pkcs11_private_mode = 00000000
Mon Apr 15 17:43:41 2013 us=426473   pkcs11_private_mode = 00000000
Mon Apr 15 17:43:41 2013 us=426473   pkcs11_private_mode = 00000000
Mon Apr 15 17:43:41 2013 us=426473   pkcs11_private_mode = 00000000
Mon Apr 15 17:43:41 2013 us=426473   pkcs11_private_mode = 00000000
Mon Apr 15 17:43:41 2013 us=426473   pkcs11_private_mode = 00000000
Mon Apr 15 17:43:41 2013 us=426473   pkcs11_cert_private = DISABLED
Mon Apr 15 17:43:41 2013 us=426473   pkcs11_cert_private = DISABLED
Mon Apr 15 17:43:41 2013 us=426473   pkcs11_cert_private = DISABLED
Mon Apr 15 17:43:41 2013 us=426473   pkcs11_cert_private = DISABLED
Mon Apr 15 17:43:41 2013 us=426473   pkcs11_cert_private = DISABLED
Mon Apr 15 17:43:41 2013 us=426473   pkcs11_cert_private = DISABLED
Mon Apr 15 17:43:41 2013 us=426473   pkcs11_cert_private = DISABLED
Mon Apr 15 17:43:41 2013 us=426473   pkcs11_cert_private = DISABLED
Mon Apr 15 17:43:41 2013 us=426473   pkcs11_cert_private = DISABLED
Mon Apr 15 17:43:41 2013 us=426473   pkcs11_cert_private = DISABLED
Mon Apr 15 17:43:41 2013 us=427450   pkcs11_cert_private = DISABLED
Mon Apr 15 17:43:41 2013 us=427450   pkcs11_cert_private = DISABLED
Mon Apr 15 17:43:41 2013 us=427450   pkcs11_cert_private = DISABLED
Mon Apr 15 17:43:41 2013 us=427450   pkcs11_cert_private = DISABLED
Mon Apr 15 17:43:41 2013 us=427450   pkcs11_cert_private = DISABLED
Mon Apr 15 17:43:41 2013 us=427450   pkcs11_cert_private = DISABLED
Mon Apr 15 17:43:41 2013 us=427450   pkcs11_pin_cache_period = -1
Mon Apr 15 17:43:41 2013 us=427450   pkcs11_id = '[UNDEF]'
Mon Apr 15 17:43:41 2013 us=427450   pkcs11_id_management = DISABLED
Mon Apr 15 17:43:41 2013 us=427450   server_network = 0.0.0.0
Mon Apr 15 17:43:41 2013 us=427450   server_netmask = 0.0.0.0
Mon Apr 15 17:43:41 2013 us=428428   server_network_ipv6 = ::
Mon Apr 15 17:43:41 2013 us=428428   server_netbits_ipv6 = 0
Mon Apr 15 17:43:41 2013 us=428428   server_bridge_ip = 0.0.0.0
Mon Apr 15 17:43:41 2013 us=428428   server_bridge_netmask = 0.0.0.0
Mon Apr 15 17:43:41 2013 us=428428   server_bridge_pool_start = 0.0.0.0
Mon Apr 15 17:43:41 2013 us=428428   server_bridge_pool_end = 0.0.0.0
Mon Apr 15 17:43:41 2013 us=428428   ifconfig_pool_defined = DISABLED
Mon Apr 15 17:43:41 2013 us=428428   ifconfig_pool_start = 0.0.0.0
Mon Apr 15 17:43:41 2013 us=429404   ifconfig_pool_end = 0.0.0.0
Mon Apr 15 17:43:41 2013 us=429404   ifconfig_pool_netmask = 0.0.0.0
Mon Apr 15 17:43:41 2013 us=429404   ifconfig_pool_persist_filename = '[UNDEF]'
Mon Apr 15 17:43:41 2013 us=429404   ifconfig_pool_persist_refresh_freq = 600
Mon Apr 15 17:43:41 2013 us=429404   ifconfig_ipv6_pool_defined = DISABLED
Mon Apr 15 17:43:41 2013 us=429404   ifconfig_ipv6_pool_base = ::
Mon Apr 15 17:43:41 2013 us=429404   ifconfig_ipv6_pool_netbits = 0
Mon Apr 15 17:43:41 2013 us=429404   n_bcast_buf = 256
Mon Apr 15 17:43:41 2013 us=429404   tcp_queue_limit = 64
Mon Apr 15 17:43:41 2013 us=429404   real_hash_size = 256
Mon Apr 15 17:43:41 2013 us=429404   virtual_hash_size = 256
Mon Apr 15 17:43:41 2013 us=429404   client_connect_script = '[UNDEF]'
Mon Apr 15 17:43:41 2013 us=429404   learn_address_script = '[UNDEF]'
Mon Apr 15 17:43:41 2013 us=429404   client_disconnect_script = '[UNDEF]'
Mon Apr 15 17:43:41 2013 us=429404   client_config_dir = '[UNDEF]'
Mon Apr 15 17:43:41 2013 us=429404   ccd_exclusive = DISABLED
Mon Apr 15 17:43:41 2013 us=429404   tmp_dir = 'C:\Users\andrea\AppData\Local\Temp\'
Mon Apr 15 17:43:41 2013 us=429404   push_ifconfig_defined = DISABLED
Mon Apr 15 17:43:41 2013 us=429404   push_ifconfig_local = 0.0.0.0
Mon Apr 15 17:43:41 2013 us=429404   push_ifconfig_remote_netmask = 0.0.0.0
Mon Apr 15 17:43:41 2013 us=429404   push_ifconfig_ipv6_defined = DISABLED
Mon Apr 15 17:43:41 2013 us=430383   push_ifconfig_ipv6_local = ::/0
Mon Apr 15 17:43:41 2013 us=430383   push_ifconfig_ipv6_remote = ::
Mon Apr 15 17:43:41 2013 us=430383   enable_c2c = DISABLED
Mon Apr 15 17:43:41 2013 us=430383   duplicate_cn = DISABLED
Mon Apr 15 17:43:41 2013 us=430383   cf_max = 0
Mon Apr 15 17:43:41 2013 us=430383   cf_per = 0
Mon Apr 15 17:43:41 2013 us=430383   max_clients = 1024
Mon Apr 15 17:43:41 2013 us=430383   max_routes_per_client = 256
Mon Apr 15 17:43:41 2013 us=430383   auth_user_pass_verify_script = '[UNDEF]'
Mon Apr 15 17:43:41 2013 us=430383   auth_user_pass_verify_script_via_file = DISABLED
Mon Apr 15 17:43:41 2013 us=430383   client = ENABLED
Mon Apr 15 17:43:41 2013 us=430383   pull = ENABLED
Mon Apr 15 17:43:41 2013 us=430383   auth_user_pass_file = '[UNDEF]'
Mon Apr 15 17:43:41 2013 us=430383   show_net_up = DISABLED
Mon Apr 15 17:43:41 2013 us=430383   route_method = 2
Mon Apr 15 17:43:41 2013 us=430383   ip_win32_defined = DISABLED
Mon Apr 15 17:43:41 2013 us=430383   ip_win32_type = 3
Mon Apr 15 17:43:41 2013 us=430383   dhcp_masq_offset = 0
Mon Apr 15 17:43:41 2013 us=430383   dhcp_lease_time = 31536000
Mon Apr 15 17:43:41 2013 us=430383   tap_sleep = 0
Mon Apr 15 17:43:41 2013 us=430383   dhcp_options = DISABLED
Mon Apr 15 17:43:41 2013 us=430383   dhcp_renew = DISABLED
Mon Apr 15 17:43:41 2013 us=430383   dhcp_pre_release = DISABLED
Mon Apr 15 17:43:41 2013 us=430383   dhcp_release = DISABLED
Mon Apr 15 17:43:41 2013 us=430383   domain = '[UNDEF]'
Mon Apr 15 17:43:41 2013 us=430383   netbios_scope = '[UNDEF]'
Mon Apr 15 17:43:41 2013 us=430383   netbios_node_type = 0
Mon Apr 15 17:43:41 2013 us=430383   disable_nbt = DISABLED
Mon Apr 15 17:43:41 2013 us=431359 OpenVPN 2.3.1 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [eurephia] [IPv6] built on Mar 28 2013
Enter Management Password:
Mon Apr 15 17:43:41 2013 us=442102 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Mon Apr 15 17:43:41 2013 us=442102 Need hold release from management interface, waiting...
Mon Apr 15 17:43:41 2013 us=653040 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Mon Apr 15 17:43:41 2013 us=757533 MANAGEMENT: CMD 'state on'
Mon Apr 15 17:43:41 2013 us=758511 MANAGEMENT: CMD 'log all on'
Mon Apr 15 17:43:42 2013 us=201879 MANAGEMENT: CMD 'hold off'
Mon Apr 15 17:43:42 2013 us=207734 MANAGEMENT: CMD 'hold release'
Mon Apr 15 17:43:42 2013 us=208712 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Mon Apr 15 17:43:42 2013 us=617892 Control Channel Authentication: using 'key.txt' as a OpenVPN static key file
Mon Apr 15 17:43:42 2013 us=617892 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Apr 15 17:43:42 2013 us=617892 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Apr 15 17:43:42 2013 us=617892 LZO compression initialized
Mon Apr 15 17:43:42 2013 us=617892 Control Channel MTU parms [ L:1542 D:166 EF:66 EB:0 ET:0 EL:0 ]
Mon Apr 15 17:43:42 2013 us=618870 Socket Buffers: R=[65536->65536] S=[65536->65536]
Mon Apr 15 17:43:42 2013 us=618870 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Mon Apr 15 17:43:42 2013 us=618870 Local Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client'
Mon Apr 15 17:43:42 2013 us=618870 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server'
Mon Apr 15 17:43:42 2013 us=618870 Local Options hash (VER=V4): '504e774e'
Mon Apr 15 17:43:42 2013 us=618870 Expected Remote Options hash (VER=V4): '14168603'
Mon Apr 15 17:43:42 2013 us=618870 UDPv4 link local: [undef]
Mon Apr 15 17:43:42 2013 us=618870 UDPv4 link remote: [AF_INET]X.X.X.X:1194
Mon Apr 15 17:43:42 2013 us=618870 MANAGEMENT: >STATE:1366040622,WAIT,,,
Mon Apr 15 17:43:42 2013 us=794651 MANAGEMENT: >STATE:1366040622,AUTH,,,
Mon Apr 15 17:43:42 2013 us=794651 TLS: Initial packet from [AF_INET]X.X.X.X:1194, sid=8cff5617 ea79102f
Mon Apr 15 17:43:43 2013 us=586654 VERIFY OK: depth=1, C=IT, ST=Italy, L=changeme, O=changeme, OU=changeme, CN=changeme, name=changeme, emailAddress=changeme
Mon Apr 15 17:43:43 2013 us=587630 VERIFY OK: nsCertType=SERVER
Mon Apr 15 17:43:43 2013 us=587630 VERIFY OK: depth=0, C=IT, ST=Italy, L=changeme, O=changeme, OU=changeme, CN=server, name=changeme, emailAddress=changeme
Mon Apr 15 17:43:46 2013 us=446057 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Apr 15 17:43:46 2013 us=446057 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Apr 15 17:43:46 2013 us=446057 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Apr 15 17:43:46 2013 us=446057 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Apr 15 17:43:46 2013 us=446057 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Mon Apr 15 17:43:46 2013 us=447035 [server] Peer Connection Initiated with [AF_INET]X.X.X.X:1194
Mon Apr 15 17:43:47 2013 us=543723 MANAGEMENT: >STATE:1366040627,GET_CONFIG,,,
Mon Apr 15 17:43:48 2013 us=640414 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Mon Apr 15 17:43:48 2013 us=856238 PUSH: Received control message: 'PUSH_REPLY,route 192.168.10.0 255.255.255.0,route 10.5.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.5.0.6 10.5.0.5'
Mon Apr 15 17:43:48 2013 us=856238 OPTIONS IMPORT: timers and/or timeouts modified
Mon Apr 15 17:43:48 2013 us=856238 OPTIONS IMPORT: --ifconfig/up options modified
Mon Apr 15 17:43:48 2013 us=856238 OPTIONS IMPORT: route options modified
Mon Apr 15 17:43:48 2013 us=870886 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Mon Apr 15 17:43:48 2013 us=870886 MANAGEMENT: >STATE:1366040628,ASSIGN_IP,,10.5.0.6,
Mon Apr 15 17:43:48 2013 us=870886 open_tun, tt->ipv6=0
Mon Apr 15 17:43:48 2013 us=875770 TAP-WIN32 device [OpenVPN] opened: \\.\Global\{351C917C-A1A0-48FA-82DC-38B387FA10D5}.tap
Mon Apr 15 17:43:48 2013 us=875770 TAP-Windows Driver Version 9.9 
Mon Apr 15 17:43:48 2013 us=875770 TAP-Windows MTU=1500
Mon Apr 15 17:43:48 2013 us=882606 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.5.0.6/255.255.255.252 on interface {351C917C-A1A0-48FA-82DC-38B387FA10D5} [DHCP-serv: 10.5.0.5, lease-time: 31536000]
Mon Apr 15 17:43:48 2013 us=882606 Successful ARP Flush on interface [26] {351C917C-A1A0-48FA-82DC-38B387FA10D5}
Mon Apr 15 17:43:49 2013 us=197064 TEST ROUTES: 0/0 succeeded len=2 ret=0 a=0 u/d=down
Mon Apr 15 17:43:49 2013 us=198040 Route: Waiting for TUN/TAP interface to come up...
Mon Apr 15 17:43:50 2013 us=20313 TEST ROUTES: 2/2 succeeded len=2 ret=1 a=0 u/d=up
Mon Apr 15 17:43:50 2013 us=20313 MANAGEMENT: >STATE:1366040630,ADD_ROUTES,,,
Mon Apr 15 17:43:50 2013 us=21290 C:\Windows\system32\route.exe ADD 192.168.10.0 MASK 255.255.255.0 10.5.0.5
Mon Apr 15 17:43:50 2013 us=21290 env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
 OK
Mon Apr 15 17:43:50 2013 us=51565 C:\Windows\system32\route.exe ADD 10.5.0.1 MASK 255.255.255.255 10.5.0.5
Mon Apr 15 17:43:50 2013 us=51565 env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
 OK
Mon Apr 15 17:43:50 2013 us=88676 Initialization Sequence Completed
Mon Apr 15 17:43:50 2013 us=88676 MANAGEMENT: >STATE:1366040630,CONNECTED,SUCCESS,10.5.0.6,X.X.X.X

And the client route table:

Code: Select all

IPv4 Tabella route
===========================================================================
Route attive:
     Indirizzo rete             Mask          Gateway     Interfaccia Metrica
          0.0.0.0          0.0.0.0         On-link   176.200.247.202     31
         10.5.0.1  255.255.255.255         10.5.0.5         10.5.0.6   4256
         10.5.0.4  255.255.255.252         On-link          10.5.0.6   4511
         10.5.0.6  255.255.255.255         On-link          10.5.0.6   4511
         10.5.0.7  255.255.255.255         On-link          10.5.0.6   4511
        127.0.0.0        255.0.0.0         On-link         127.0.0.1   4531
        127.0.0.1  255.255.255.255         On-link         127.0.0.1   4531
  127.255.255.255  255.255.255.255         On-link         127.0.0.1   4531
  176.200.247.202  255.255.255.255         On-link   176.200.247.202    286
     192.168.10.0    255.255.255.0         10.5.0.5         10.5.0.6   4256
        224.0.0.0        240.0.0.0         On-link         127.0.0.1   4531
        224.0.0.0        240.0.0.0         On-link          10.5.0.6   4511
        224.0.0.0        240.0.0.0         On-link   176.200.247.202     31
  255.255.255.255  255.255.255.255         On-link         127.0.0.1   4531
  255.255.255.255  255.255.255.255         On-link          10.5.0.6   4511
  255.255.255.255  255.255.255.255         On-link   176.200.247.202    286
===========================================================================
Route permanenti:
  Nessuna

I can see the route 192.168.10.0 then I think now the configuration it's correct.

[janjust]

so everything now works (including ping) ? if so,then I'll close this thread.

[Alucard86]

Yes, seems alright.
Thanks to Douglas and janjust for your help and your patience.