OpenVPN Support Forum

Community Support Forum
https://forums.openvpn.net/

[Closed] Cannot redirect traffic with Riseup VPN

https://forums.openvpn.net/viewtopic.php?t=14245

Page 1 of 1

[Closed] Cannot redirect traffic with Riseup VPN

Posted: Thu Nov 07, 2013 2:45 am
by krikara
I followed all the steps here (https://help.riseup.net/en/openvpn-wind ... ll-openvpn), downloaded openvpn and then used their RiseupCA.pem and RiseupVpn.ovpn.

Openvpn is able to connect successfully to the Riseup address, however, my IP doesn't change, so I'm guessing the traffic isn't getting redirected.

The RiseupVpn.ovpn looks like this

Code: Select all

client
dev tap
remote seattle.vpn.riseup.net
auth-user-pass
ca RiseupCA.pem
redirect-gateway
verb 4
And I even tried adding in the

Code: Select all

push "redirect-gateway def1"
line, but that didn't change anything. How do I get my computer to actually use the Vpn instead of just connecting to it?

Currently, I am using win7 64 bit, version 2.2.2 openvpn with gui 1.0.3.

Re: Cannot redirect traffic with Riseup VPN

Posted: Fri Nov 08, 2013 2:42 am
by krikara
Yes I have set everything to run as Administrator. Also, you pasted the same link that I pasted earlier.

I have done everything it said in that link.

Re: Cannot redirect traffic with Riseup VPN

Posted: Fri Nov 08, 2013 2:50 am
by krikara
I don't know if my logs matter since I do successfully connect to the VPN, but it might explain why my traffic isn't getting redirected.

I don't know how to interpret it though.

http://pastebin.ca/2474690

Do I perhaps need to change some settings in my webbrowser to use this VPN? I didn't even look into this because Hotspot shield automatically did everything for me and all I had to do was run it.

Re: Cannot redirect traffic with Riseup VPN

Posted: Fri Nov 08, 2013 3:17 am
by krikara
Update : For some reason, the VPN is working on my spotify, but not my web browsers Firefox and Chrome....

Or atleast it appears to be working for spotify, but I can't really tell. When the VPN is connected, I can't load any radio stations. When the VPN isn't connected, the radio stations load. I can't tell if this is because of OpenVPn or Chinese internet.

Re: Cannot redirect traffic with Riseup VPN

Posted: Sat Nov 09, 2013 10:15 am
by krikara
By the way, in the Riseup vpn tutorial, there was no server and client ovpn files. All there was was the RiseupCA.pem and RiseuVpn.ovpn. I'm assuming that we only needed the RiseupVpn.ovpn which served as the connection client.

In any case, here is the log for RiseupVpn.ovpn

Code: Select all

Thu Nov 07 22:46:46 2013 us=852000 OpenVPN 2.2.2 Win32-MSVC++ [SSL] [LZO2] [PKCS11] built on Dec 15 2011
Thu Nov 07 22:46:51 2013 us=922000 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA.  OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Thu Nov 07 22:46:51 2013 us=922000 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Thu Nov 07 22:46:51 2013 us=922000 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Thu Nov 07 22:46:52 2013 us=156000 Control Channel MTU parms [ L:1573 D:138 EF:38 EB:0 ET:0 EL:0 ]
Thu Nov 07 22:46:52 2013 us=156000 Socket Buffers: R=[8192->8192] S=[8192->8192]
Thu Nov 07 22:46:53 2013 us=201000 Data Channel MTU parms [ L:1573 D:1450 EF:41 EB:4 ET:32 EL:0 ]
Thu Nov 07 22:46:53 2013 us=201000 Local Options String: 'V4,dev-type tap,link-mtu 1573,tun-mtu 1532,proto UDPv4,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Thu Nov 07 22:46:53 2013 us=201000 Expected Remote Options String: 'V4,dev-type tap,link-mtu 1573,tun-mtu 1532,proto UDPv4,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Thu Nov 07 22:46:53 2013 us=201000 Local Options hash (VER=V4): '2c50bd2c'
Thu Nov 07 22:46:53 2013 us=201000 Expected Remote Options hash (VER=V4): '0ddbb6e3'
Thu Nov 07 22:46:53 2013 us=201000 UDPv4 link local (bound): [undef]:1194
Thu Nov 07 22:46:53 2013 us=201000 UDPv4 link remote: 198.252.153.26:1194
Thu Nov 07 22:46:53 2013 us=435000 TLS: Initial packet from 198.252.153.26:1194, sid=49939a31 71a16e1f
Thu Nov 07 22:46:53 2013 us=435000 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Thu Nov 07 22:46:59 2013 us=301000 VERIFY OK: depth=1, /C=US/O=Riseup_Networks/L=Seattle/ST=WA/CN=Riseup_Networks/emailAddress=collective@riseup.net
Thu Nov 07 22:46:59 2013 us=301000 VERIFY OK: depth=0, /C=US/O=Riseup_Networks/L=Seattle/ST=WA/CN=vpn.riseup.net
Thu Nov 07 22:47:00 2013 us=81000 WARNING: 'dev-type' is used inconsistently, local='dev-type tap', remote='dev-type tun'
Thu Nov 07 22:47:00 2013 us=81000 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1573', remote='link-mtu 1541'
Thu Nov 07 22:47:00 2013 us=81000 WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1532', remote='tun-mtu 1500'
Thu Nov 07 22:47:00 2013 us=81000 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Nov 07 22:47:00 2013 us=81000 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Nov 07 22:47:00 2013 us=81000 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Nov 07 22:47:00 2013 us=81000 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Nov 07 22:47:00 2013 us=81000 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Thu Nov 07 22:47:00 2013 us=81000 [vpn.riseup.net] Peer Connection Initiated with 198.252.153.26:1194
Thu Nov 07 22:47:02 2013 us=421000 SENT CONTROL [vpn.riseup.net]: 'PUSH_REQUEST' (status=1)
Thu Nov 07 22:47:07 2013 us=366000 SENT CONTROL [vpn.riseup.net]: 'PUSH_REQUEST' (status=1)
Thu Nov 07 22:47:07 2013 us=522000 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 172.27.0.1,route-gateway 172.27.0.1,topology subnet,ping 7,ping-restart 35,ifconfig 172.27.0.61 255.255.252.0'
Thu Nov 07 22:47:07 2013 us=522000 OPTIONS IMPORT: timers and/or timeouts modified
Thu Nov 07 22:47:07 2013 us=522000 OPTIONS IMPORT: --ifconfig/up options modified
Thu Nov 07 22:47:07 2013 us=522000 OPTIONS IMPORT: route options modified
Thu Nov 07 22:47:07 2013 us=522000 OPTIONS IMPORT: route-related options modified
Thu Nov 07 22:47:07 2013 us=522000 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Thu Nov 07 22:47:07 2013 us=522000 ROUTE default_gateway=192.168.101.253
Thu Nov 07 22:47:07 2013 us=538000 TAP-WIN32 device [Local Area Connection 2] opened: \\.\Global\{0109BBA6-05FE-4647-8BC5-3283ED5C3090}.tap
Thu Nov 07 22:47:07 2013 us=538000 TAP-Win32 Driver Version 9.9 
Thu Nov 07 22:47:07 2013 us=538000 TAP-Win32 MTU=1500
Thu Nov 07 22:47:07 2013 us=538000 Notified TAP-Win32 driver to set a DHCP IP/netmask of 172.27.0.61/255.255.252.0 on interface {0109BBA6-05FE-4647-8BC5-3283ED5C3090} [DHCP-serv: 172.27.0.0, lease-time: 31536000]
Thu Nov 07 22:47:07 2013 us=538000 DHCP option string: 0604ac1b 0001
Thu Nov 07 22:47:07 2013 us=538000 Successful ARP Flush on interface [25] {0109BBA6-05FE-4647-8BC5-3283ED5C3090}
Thu Nov 07 22:47:07 2013 us=600000 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 172.27.0.1,route-gateway 172.27.0.1,topology subnet,ping 7,ping-restart 35,ifconfig 172.27.0.61 255.255.252.0'
Thu Nov 07 22:47:12 2013 TEST ROUTES: 1/1 succeeded len=0 ret=1 a=0 u/d=up
Thu Nov 07 22:47:12 2013 C:\WINDOWS\system32\route.exe ADD 198.252.153.26 MASK 255.255.255.255 192.168.101.253
Thu Nov 07 22:47:12 2013 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=10 and dwForwardType=4
Thu Nov 07 22:47:12 2013 Route addition via IPAPI succeeded [adaptive]
Thu Nov 07 22:47:12 2013 C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 172.27.0.1
Thu Nov 07 22:47:12 2013 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Thu Nov 07 22:47:12 2013 Route addition via IPAPI succeeded [adaptive]
Thu Nov 07 22:47:12 2013 C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 172.27.0.1
Thu Nov 07 22:47:12 2013 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Thu Nov 07 22:47:12 2013 Route addition via IPAPI succeeded [adaptive]
Thu Nov 07 22:47:12 2013 Initialization Sequence Completed

Re: Cannot redirect traffic with Riseup VPN

Posted: Sat Nov 09, 2013 1:57 pm
by krikara
Thank you for the fast replies. I am home for the weekend where I can only access wireless, and for some odd reason, now my AUTH keeps failing. I am not sure if this is due to wireless or not, but I have tried my old config file as well as the one you suggested (and tried everything inbetween).

It's weird because my password isn't wrong, as I am very able to log into the riseup.net website, so I think there is some problems with trying to connect to riseup wirelessly. I will wait until I get back to work on Monday and make another update then.

Again, thanks for all the assistance.

Re: Cannot redirect traffic with Riseup VPN

Posted: Mon Nov 11, 2013 1:19 am
by krikara
Interesting... I tried the new settings for the config that you told me about .... And it connected to the VPN like in my first post , but it didn't redirect the traffic through it. Instead, I still had my same China IP.

Also, I cannot edit link-mtu and tun-mtu at the same time. It says I can only alter one.

Once I click connect, it automatically prompts me for user name and pass. For some reason, it doesn't work wirelessly (auth denied), but on a wired connection, I can connect. The only problem is that with both dev tap and tun, the client still does not redir the traffic.

Code: Select all

client
dev tap
remote seattle.vpn.riseup.net
auth-user-pass
ca RiseupCA.pem
redirect-gateway
verb 4
##link-mtu 1541
tun-mtu 1500
push "redirect-gateway def1"

Code: Select all

Sun Nov 10 21:14:31 2013 us=348000 Current Parameter Settings:
Sun Nov 10 21:14:31 2013 us=348000   config = 'RiseupVpn.ovpn'
Sun Nov 10 21:14:31 2013 us=348000   mode = 0
Sun Nov 10 21:14:31 2013 us=348000   show_ciphers = DISABLED
Sun Nov 10 21:14:31 2013 us=348000   show_digests = DISABLED
Sun Nov 10 21:14:31 2013 us=348000   show_engines = DISABLED
Sun Nov 10 21:14:31 2013 us=348000   genkey = DISABLED
Sun Nov 10 21:14:31 2013 us=348000   key_pass_file = '[UNDEF]'
Sun Nov 10 21:14:31 2013 us=348000   show_tls_ciphers = DISABLED
Sun Nov 10 21:14:31 2013 us=348000 Connection profiles [default]:
Sun Nov 10 21:14:31 2013 us=348000   proto = udp
Sun Nov 10 21:14:31 2013 us=348000   local = '[UNDEF]'
Sun Nov 10 21:14:31 2013 us=348000   local_port = 1194
Sun Nov 10 21:14:31 2013 us=348000   remote = 'seattle.vpn.riseup.net'
Sun Nov 10 21:14:31 2013 us=348000   remote_port = 1194
Sun Nov 10 21:14:31 2013 us=348000   remote_float = DISABLED
Sun Nov 10 21:14:31 2013 us=348000   bind_defined = DISABLED
Sun Nov 10 21:14:31 2013 us=348000   bind_local = ENABLED
Sun Nov 10 21:14:31 2013 us=348000   connect_retry_seconds = 5
Sun Nov 10 21:14:31 2013 us=348000   connect_timeout = 10
Sun Nov 10 21:14:31 2013 us=348000   connect_retry_max = 0
Sun Nov 10 21:14:31 2013 us=348000   socks_proxy_server = '[UNDEF]'
Sun Nov 10 21:14:31 2013 us=348000   socks_proxy_port = 0
Sun Nov 10 21:14:31 2013 us=348000   socks_proxy_retry = DISABLED
Sun Nov 10 21:14:31 2013 us=348000 Connection profiles END
Sun Nov 10 21:14:31 2013 us=348000   remote_random = DISABLED
Sun Nov 10 21:14:31 2013 us=348000   ipchange = '[UNDEF]'
Sun Nov 10 21:14:31 2013 us=348000   dev = 'tap'
Sun Nov 10 21:14:31 2013 us=348000   dev_type = '[UNDEF]'
Sun Nov 10 21:14:31 2013 us=348000   dev_node = '[UNDEF]'
Sun Nov 10 21:14:31 2013 us=348000   lladdr = '[UNDEF]'
Sun Nov 10 21:14:31 2013 us=348000   topology = 1
Sun Nov 10 21:14:31 2013 us=348000   tun_ipv6 = DISABLED
Sun Nov 10 21:14:31 2013 us=348000   ifconfig_local = '[UNDEF]'
Sun Nov 10 21:14:31 2013 us=348000   ifconfig_remote_netmask = '[UNDEF]'
Sun Nov 10 21:14:31 2013 us=348000   ifconfig_noexec = DISABLED
Sun Nov 10 21:14:31 2013 us=348000   ifconfig_nowarn = DISABLED
Sun Nov 10 21:14:31 2013 us=348000   shaper = 0
Sun Nov 10 21:14:31 2013 us=348000   tun_mtu = 1500
Sun Nov 10 21:14:31 2013 us=348000   tun_mtu_defined = ENABLED
Sun Nov 10 21:14:31 2013 us=348000   link_mtu = 1500
Sun Nov 10 21:14:31 2013 us=348000   link_mtu_defined = DISABLED
Sun Nov 10 21:14:31 2013 us=348000   tun_mtu_extra = 32
Sun Nov 10 21:14:31 2013 us=348000   tun_mtu_extra_defined = ENABLED
Sun Nov 10 21:14:31 2013 us=348000   fragment = 0
Sun Nov 10 21:14:31 2013 us=348000   mtu_discover_type = -1
Sun Nov 10 21:14:31 2013 us=348000   mtu_test = 0
Sun Nov 10 21:14:31 2013 us=348000   mlock = DISABLED
Sun Nov 10 21:14:31 2013 us=348000   keepalive_ping = 0
Sun Nov 10 21:14:31 2013 us=348000   keepalive_timeout = 0
Sun Nov 10 21:14:31 2013 us=348000   inactivity_timeout = 0
Sun Nov 10 21:14:31 2013 us=348000   ping_send_timeout = 0
Sun Nov 10 21:14:31 2013 us=348000   ping_rec_timeout = 0
Sun Nov 10 21:14:31 2013 us=348000   ping_rec_timeout_action = 0
Sun Nov 10 21:14:31 2013 us=348000   ping_timer_remote = DISABLED
Sun Nov 10 21:14:31 2013 us=348000   remap_sigusr1 = 0
Sun Nov 10 21:14:31 2013 us=348000   explicit_exit_notification = 0
Sun Nov 10 21:14:31 2013 us=348000   persist_tun = DISABLED
Sun Nov 10 21:14:31 2013 us=348000   persist_local_ip = DISABLED
Sun Nov 10 21:14:31 2013 us=348000   persist_remote_ip = DISABLED
Sun Nov 10 21:14:31 2013 us=348000   persist_key = DISABLED
Sun Nov 10 21:14:31 2013 us=348000   mssfix = 1450
Sun Nov 10 21:14:31 2013 us=348000   resolve_retry_seconds = 1000000000
Sun Nov 10 21:14:31 2013 us=348000   username = '[UNDEF]'
Sun Nov 10 21:14:31 2013 us=348000   groupname = '[UNDEF]'
Sun Nov 10 21:14:31 2013 us=348000   chroot_dir = '[UNDEF]'
Sun Nov 10 21:14:31 2013 us=348000   cd_dir = '[UNDEF]'
Sun Nov 10 21:14:31 2013 us=348000   writepid = '[UNDEF]'
Sun Nov 10 21:14:31 2013 us=597000   up_script = '[UNDEF]'
Sun Nov 10 21:14:31 2013 us=597000   down_script = '[UNDEF]'
Sun Nov 10 21:14:31 2013 us=597000   down_pre = DISABLED
Sun Nov 10 21:14:31 2013 us=597000   up_restart = DISABLED
Sun Nov 10 21:14:31 2013 us=597000   up_delay = DISABLED
Sun Nov 10 21:14:31 2013 us=597000   daemon = DISABLED
Sun Nov 10 21:14:31 2013 us=597000   inetd = 0
Sun Nov 10 21:14:31 2013 us=597000   log = DISABLED
Sun Nov 10 21:14:31 2013 us=597000   suppress_timestamps = DISABLED
Sun Nov 10 21:14:31 2013 us=597000   nice = 0
Sun Nov 10 21:14:31 2013 us=597000   verbosity = 4
Sun Nov 10 21:14:31 2013 us=597000   mute = 0
Sun Nov 10 21:14:31 2013 us=597000   gremlin = 0
Sun Nov 10 21:14:31 2013 us=597000   status_file = '[UNDEF]'
Sun Nov 10 21:14:31 2013 us=597000   status_file_version = 1
Sun Nov 10 21:14:31 2013 us=597000   status_file_update_freq = 60
Sun Nov 10 21:14:31 2013 us=597000   occ = ENABLED
Sun Nov 10 21:14:31 2013 us=597000   rcvbuf = 0
Sun Nov 10 21:14:31 2013 us=597000   sndbuf = 0
Sun Nov 10 21:14:31 2013 us=597000   sockflags = 0
Sun Nov 10 21:14:31 2013 us=597000   fast_io = DISABLED
Sun Nov 10 21:14:31 2013 us=597000   lzo = 0
Sun Nov 10 21:14:31 2013 us=597000   route_script = '[UNDEF]'
Sun Nov 10 21:14:31 2013 us=597000   route_default_gateway = '[UNDEF]'
Sun Nov 10 21:14:31 2013 us=597000   route_default_metric = 0
Sun Nov 10 21:14:31 2013 us=597000   route_noexec = DISABLED
Sun Nov 10 21:14:31 2013 us=597000   route_delay = 5
Sun Nov 10 21:14:31 2013 us=597000   route_delay_window = 30
Sun Nov 10 21:14:31 2013 us=597000   route_delay_defined = ENABLED
Sun Nov 10 21:14:31 2013 us=597000   route_nopull = DISABLED
Sun Nov 10 21:14:31 2013 us=597000   route_gateway_via_dhcp = DISABLED
Sun Nov 10 21:14:31 2013 us=597000   max_routes = 100
Sun Nov 10 21:14:31 2013 us=597000   allow_pull_fqdn = DISABLED
Sun Nov 10 21:14:31 2013 us=597000   [redirect_default_gateway local=0]
Sun Nov 10 21:14:31 2013 us=613000   management_addr = '[UNDEF]'
Sun Nov 10 21:14:31 2013 us=613000   management_port = 0
Sun Nov 10 21:14:31 2013 us=613000   management_user_pass = '[UNDEF]'
Sun Nov 10 21:14:31 2013 us=613000   management_log_history_cache = 250
Sun Nov 10 21:14:31 2013 us=613000   management_echo_buffer_size = 100
Sun Nov 10 21:14:31 2013 us=613000   management_write_peer_info_file = '[UNDEF]'
Sun Nov 10 21:14:31 2013 us=613000   management_client_user = '[UNDEF]'
Sun Nov 10 21:14:31 2013 us=613000   management_client_group = '[UNDEF]'
Sun Nov 10 21:14:31 2013 us=613000   management_flags = 0
Sun Nov 10 21:14:31 2013 us=613000   shared_secret_file = '[UNDEF]'
Sun Nov 10 21:14:31 2013 us=613000   key_direction = 0
Sun Nov 10 21:14:31 2013 us=613000   ciphername_defined = ENABLED
Sun Nov 10 21:14:31 2013 us=613000   ciphername = 'BF-CBC'
Sun Nov 10 21:14:31 2013 us=613000   authname_defined = ENABLED
Sun Nov 10 21:14:31 2013 us=613000   authname = 'SHA1'
Sun Nov 10 21:14:31 2013 us=613000   prng_hash = 'SHA1'
Sun Nov 10 21:14:31 2013 us=628000   prng_nonce_secret_len = 16
Sun Nov 10 21:14:31 2013 us=628000   keysize = 0
Sun Nov 10 21:14:31 2013 us=628000   engine = DISABLED
Sun Nov 10 21:14:31 2013 us=628000   replay = ENABLED
Sun Nov 10 21:14:31 2013 us=628000   mute_replay_warnings = DISABLED
Sun Nov 10 21:14:31 2013 us=628000   replay_window = 64
Sun Nov 10 21:14:31 2013 us=628000   replay_time = 15
Sun Nov 10 21:14:31 2013 us=628000   packet_id_file = '[UNDEF]'
Sun Nov 10 21:14:31 2013 us=628000   use_iv = ENABLED
Sun Nov 10 21:14:31 2013 us=628000   test_crypto = DISABLED
Sun Nov 10 21:14:31 2013 us=628000   tls_server = DISABLED
Sun Nov 10 21:14:31 2013 us=628000   tls_client = ENABLED
Sun Nov 10 21:14:31 2013 us=628000   key_method = 2
Sun Nov 10 21:14:31 2013 us=628000   ca_file = 'RiseupCA.pem'
Sun Nov 10 21:14:31 2013 us=628000   ca_path = '[UNDEF]'
Sun Nov 10 21:14:31 2013 us=628000   dh_file = '[UNDEF]'
Sun Nov 10 21:14:31 2013 us=628000   cert_file = '[UNDEF]'
Sun Nov 10 21:14:31 2013 us=644000   priv_key_file = '[UNDEF]'
Sun Nov 10 21:14:31 2013 us=644000   pkcs12_file = '[UNDEF]'
Sun Nov 10 21:14:31 2013 us=644000   cryptoapi_cert = '[UNDEF]'
Sun Nov 10 21:14:31 2013 us=644000   cipher_list = '[UNDEF]'
Sun Nov 10 21:14:31 2013 us=644000   tls_verify = '[UNDEF]'
Sun Nov 10 21:14:31 2013 us=644000   tls_export_cert = '[UNDEF]'
Sun Nov 10 21:14:31 2013 us=644000   tls_remote = '[UNDEF]'
Sun Nov 10 21:14:31 2013 us=644000   crl_file = '[UNDEF]'
Sun Nov 10 21:14:31 2013 us=644000   ns_cert_type = 0
Sun Nov 10 21:14:31 2013 us=644000   remote_cert_ku[i] = 0
Sun Nov 10 21:14:31 2013 us=644000   remote_cert_ku[i] = 0
Sun Nov 10 21:14:31 2013 us=644000   remote_cert_ku[i] = 0
Sun Nov 10 21:14:31 2013 us=644000   remote_cert_ku[i] = 0
Sun Nov 10 21:14:31 2013 us=644000   remote_cert_ku[i] = 0
Sun Nov 10 21:14:31 2013 us=644000   remote_cert_ku[i] = 0
Sun Nov 10 21:14:31 2013 us=644000   remote_cert_ku[i] = 0
Sun Nov 10 21:14:31 2013 us=660000   remote_cert_ku[i] = 0
Sun Nov 10 21:14:31 2013 us=660000   remote_cert_ku[i] = 0
Sun Nov 10 21:14:31 2013 us=660000   remote_cert_ku[i] = 0
Sun Nov 10 21:14:31 2013 us=660000   remote_cert_ku[i] = 0
Sun Nov 10 21:14:31 2013 us=660000   remote_cert_ku[i] = 0
Sun Nov 10 21:14:31 2013 us=660000   remote_cert_ku[i] = 0
Sun Nov 10 21:14:31 2013 us=660000   remote_cert_ku[i] = 0
Sun Nov 10 21:14:31 2013 us=660000   remote_cert_ku[i] = 0
Sun Nov 10 21:14:31 2013 us=660000   remote_cert_ku[i] = 0
Sun Nov 10 21:14:31 2013 us=660000   remote_cert_eku = '[UNDEF]'
Sun Nov 10 21:14:31 2013 us=660000   tls_timeout = 2
Sun Nov 10 21:14:31 2013 us=660000   renegotiate_bytes = 0
Sun Nov 10 21:14:31 2013 us=660000   renegotiate_packets = 0
Sun Nov 10 21:14:31 2013 us=660000   renegotiate_seconds = 3600
Sun Nov 10 21:14:31 2013 us=660000   handshake_window = 60
Sun Nov 10 21:14:31 2013 us=660000   transition_window = 3600
Sun Nov 10 21:14:31 2013 us=660000   single_session = DISABLED
Sun Nov 10 21:14:31 2013 us=660000   push_peer_info = DISABLED
Sun Nov 10 21:14:31 2013 us=660000   tls_exit = DISABLED
Sun Nov 10 21:14:31 2013 us=660000   tls_auth_file = '[UNDEF]'
Sun Nov 10 21:14:31 2013 us=660000   pkcs11_protected_authentication = DISABLED
Sun Nov 10 21:14:31 2013 us=660000   pkcs11_protected_authentication = DISABLED
Sun Nov 10 21:14:31 2013 us=660000   pkcs11_protected_authentication = DISABLED
Sun Nov 10 21:14:31 2013 us=660000   pkcs11_protected_authentication = DISABLED
Sun Nov 10 21:14:31 2013 us=660000   pkcs11_protected_authentication = DISABLED
Sun Nov 10 21:14:31 2013 us=660000   pkcs11_protected_authentication = DISABLED
Sun Nov 10 21:14:31 2013 us=660000   pkcs11_protected_authentication = DISABLED
Sun Nov 10 21:14:31 2013 us=660000   pkcs11_protected_authentication = DISABLED
Sun Nov 10 21:14:31 2013 us=660000   pkcs11_protected_authentication = DISABLED
Sun Nov 10 21:14:31 2013 us=675000   pkcs11_protected_authentication = DISABLED
Sun Nov 10 21:14:31 2013 us=675000   pkcs11_protected_authentication = DISABLED
Sun Nov 10 21:14:31 2013 us=675000   pkcs11_protected_authentication = DISABLED
Sun Nov 10 21:14:31 2013 us=675000   pkcs11_protected_authentication = DISABLED
Sun Nov 10 21:14:31 2013 us=675000   pkcs11_protected_authentication = DISABLED
Sun Nov 10 21:14:31 2013 us=675000   pkcs11_protected_authentication = DISABLED
Sun Nov 10 21:14:31 2013 us=675000   pkcs11_protected_authentication = DISABLED
Sun Nov 10 21:14:31 2013 us=675000   pkcs11_private_mode = 00000000
Sun Nov 10 21:14:31 2013 us=675000   pkcs11_private_mode = 00000000
Sun Nov 10 21:14:31 2013 us=675000   pkcs11_private_mode = 00000000
Sun Nov 10 21:14:31 2013 us=675000   pkcs11_private_mode = 00000000
Sun Nov 10 21:14:31 2013 us=675000   pkcs11_private_mode = 00000000
Sun Nov 10 21:14:31 2013 us=675000   pkcs11_private_mode = 00000000
Sun Nov 10 21:14:31 2013 us=675000   pkcs11_private_mode = 00000000
Sun Nov 10 21:14:31 2013 us=691000   pkcs11_private_mode = 00000000
Sun Nov 10 21:14:31 2013 us=691000   pkcs11_private_mode = 00000000
Sun Nov 10 21:14:31 2013 us=691000   pkcs11_private_mode = 00000000
Sun Nov 10 21:14:31 2013 us=691000   pkcs11_private_mode = 00000000
Sun Nov 10 21:14:31 2013 us=691000   pkcs11_private_mode = 00000000
Sun Nov 10 21:14:31 2013 us=691000   pkcs11_private_mode = 00000000
Sun Nov 10 21:14:31 2013 us=691000   pkcs11_private_mode = 00000000
Sun Nov 10 21:14:31 2013 us=691000   pkcs11_private_mode = 00000000
Sun Nov 10 21:14:31 2013 us=691000   pkcs11_private_mode = 00000000
Sun Nov 10 21:14:31 2013 us=691000   pkcs11_cert_private = DISABLED
Sun Nov 10 21:14:31 2013 us=691000   pkcs11_cert_private = DISABLED
Sun Nov 10 21:14:31 2013 us=691000   pkcs11_cert_private = DISABLED
Sun Nov 10 21:14:31 2013 us=691000   pkcs11_cert_private = DISABLED
Sun Nov 10 21:14:31 2013 us=691000   pkcs11_cert_private = DISABLED
Sun Nov 10 21:14:31 2013 us=691000   pkcs11_cert_private = DISABLED
Sun Nov 10 21:14:31 2013 us=706000   pkcs11_cert_private = DISABLED
Sun Nov 10 21:14:31 2013 us=706000   pkcs11_cert_private = DISABLED
Sun Nov 10 21:14:31 2013 us=706000   pkcs11_cert_private = DISABLED
Sun Nov 10 21:14:31 2013 us=706000   pkcs11_cert_private = DISABLED
Sun Nov 10 21:14:31 2013 us=706000   pkcs11_cert_private = DISABLED
Sun Nov 10 21:14:31 2013 us=706000   pkcs11_cert_private = DISABLED
Sun Nov 10 21:14:31 2013 us=706000   pkcs11_cert_private = DISABLED
Sun Nov 10 21:14:31 2013 us=706000   pkcs11_cert_private = DISABLED
Sun Nov 10 21:14:31 2013 us=706000   pkcs11_cert_private = DISABLED
Sun Nov 10 21:14:31 2013 us=706000   pkcs11_cert_private = DISABLED
Sun Nov 10 21:14:31 2013 us=706000   pkcs11_pin_cache_period = -1
Sun Nov 10 21:14:31 2013 us=706000   pkcs11_id = '[UNDEF]'
Sun Nov 10 21:14:31 2013 us=706000   pkcs11_id_management = DISABLED
Sun Nov 10 21:14:31 2013 us=706000   server_network = 0.0.0.0
Sun Nov 10 21:14:31 2013 us=722000   server_netmask = 0.0.0.0
Sun Nov 10 21:14:31 2013 us=722000   server_bridge_ip = 0.0.0.0
Sun Nov 10 21:14:31 2013 us=722000   server_bridge_netmask = 0.0.0.0
Sun Nov 10 21:14:31 2013 us=722000   server_bridge_pool_start = 0.0.0.0
Sun Nov 10 21:14:31 2013 us=722000   server_bridge_pool_end = 0.0.0.0
Sun Nov 10 21:14:31 2013 us=722000   push_entry = 'redirect-gateway def1'
Sun Nov 10 21:14:31 2013 us=722000   ifconfig_pool_defined = DISABLED
Sun Nov 10 21:14:31 2013 us=722000   ifconfig_pool_start = 0.0.0.0
Sun Nov 10 21:14:31 2013 us=722000   ifconfig_pool_end = 0.0.0.0
Sun Nov 10 21:14:31 2013 us=722000   ifconfig_pool_netmask = 0.0.0.0
Sun Nov 10 21:14:31 2013 us=722000   ifconfig_pool_persist_filename = '[UNDEF]'
Sun Nov 10 21:14:31 2013 us=722000   ifconfig_pool_persist_refresh_freq = 600
Sun Nov 10 21:14:31 2013 us=722000   n_bcast_buf = 256
Sun Nov 10 21:14:31 2013 us=722000   tcp_queue_limit = 64
Sun Nov 10 21:14:31 2013 us=722000   real_hash_size = 256
Sun Nov 10 21:14:31 2013 us=722000   virtual_hash_size = 256
Sun Nov 10 21:14:31 2013 us=722000   client_connect_script = '[UNDEF]'
Sun Nov 10 21:14:31 2013 us=722000   learn_address_script = '[UNDEF]'
Sun Nov 10 21:14:31 2013 us=722000   client_disconnect_script = '[UNDEF]'
Sun Nov 10 21:14:31 2013 us=722000   client_config_dir = '[UNDEF]'
Sun Nov 10 21:14:31 2013 us=722000   ccd_exclusive = DISABLED
Sun Nov 10 21:14:31 2013 us=722000   tmp_dir = 'C:\Users\Nick\AppData\Local\Temp\'
Sun Nov 10 21:14:31 2013 us=722000   push_ifconfig_defined = DISABLED
Sun Nov 10 21:14:31 2013 us=722000   push_ifconfig_local = 0.0.0.0
Sun Nov 10 21:14:31 2013 us=722000   push_ifconfig_remote_netmask = 0.0.0.0
Sun Nov 10 21:14:31 2013 us=722000   enable_c2c = DISABLED
Sun Nov 10 21:14:31 2013 us=722000   duplicate_cn = DISABLED
Sun Nov 10 21:14:31 2013 us=722000   cf_max = 0
Sun Nov 10 21:14:31 2013 us=722000   cf_per = 0
Sun Nov 10 21:14:31 2013 us=738000   max_clients = 1024
Sun Nov 10 21:14:31 2013 us=738000   max_routes_per_client = 256
Sun Nov 10 21:14:31 2013 us=738000   auth_user_pass_verify_script = '[UNDEF]'
Sun Nov 10 21:14:31 2013 us=738000   auth_user_pass_verify_script_via_file = DISABLED
Sun Nov 10 21:14:31 2013 us=738000   ssl_flags = 0
Sun Nov 10 21:14:31 2013 us=738000   client = ENABLED
Sun Nov 10 21:14:31 2013 us=738000   pull = ENABLED
Sun Nov 10 21:14:31 2013 us=738000   auth_user_pass_file = 'stdin'
Sun Nov 10 21:14:31 2013 us=738000   show_net_up = DISABLED
Sun Nov 10 21:14:31 2013 us=738000   route_method = 0
Sun Nov 10 21:14:31 2013 us=738000   ip_win32_defined = DISABLED
Sun Nov 10 21:14:31 2013 us=738000   ip_win32_type = 3
Sun Nov 10 21:14:31 2013 us=738000   dhcp_masq_offset = 0
Sun Nov 10 21:14:31 2013 us=738000   dhcp_lease_time = 31536000
Sun Nov 10 21:14:31 2013 us=738000   tap_sleep = 0
Sun Nov 10 21:14:31 2013 us=738000   dhcp_options = DISABLED
Sun Nov 10 21:14:31 2013 us=753000   dhcp_renew = DISABLED
Sun Nov 10 21:14:31 2013 us=753000   dhcp_pre_release = DISABLED
Sun Nov 10 21:14:31 2013 us=753000   dhcp_release = DISABLED
Sun Nov 10 21:14:31 2013 us=753000   domain = '[UNDEF]'
Sun Nov 10 21:14:31 2013 us=753000   netbios_scope = '[UNDEF]'
Sun Nov 10 21:14:31 2013 us=753000   netbios_node_type = 0
Sun Nov 10 21:14:31 2013 us=753000   disable_nbt = DISABLED
Sun Nov 10 21:14:31 2013 us=753000 OpenVPN 2.2.2 Win32-MSVC++ [SSL] [LZO2] [PKCS11] built on Dec 15 2011
Sun Nov 10 21:14:38 2013 us=773000 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA.  OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Sun Nov 10 21:14:38 2013 us=773000 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Sun Nov 10 21:14:38 2013 us=773000 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Sun Nov 10 21:14:38 2013 us=945000 Control Channel MTU parms [ L:1573 D:138 EF:38 EB:0 ET:0 EL:0 ]
Sun Nov 10 21:14:38 2013 us=945000 Socket Buffers: R=[8192->8192] S=[8192->8192]
Sun Nov 10 21:14:38 2013 us=960000 Data Channel MTU parms [ L:1573 D:1450 EF:41 EB:4 ET:32 EL:0 ]
Sun Nov 10 21:14:38 2013 us=960000 Local Options String: 'V4,dev-type tap,link-mtu 1573,tun-mtu 1532,proto UDPv4,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Sun Nov 10 21:14:38 2013 us=960000 Expected Remote Options String: 'V4,dev-type tap,link-mtu 1573,tun-mtu 1532,proto UDPv4,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Sun Nov 10 21:14:38 2013 us=960000 Local Options hash (VER=V4): '2c50bd2c'
Sun Nov 10 21:14:38 2013 us=960000 Expected Remote Options hash (VER=V4): '0ddbb6e3'
Sun Nov 10 21:14:38 2013 us=960000 UDPv4 link local (bound): [undef]:1194
Sun Nov 10 21:14:38 2013 us=960000 UDPv4 link remote: 198.252.153.26:1194
Sun Nov 10 21:14:39 2013 us=210000 TLS: Initial packet from 198.252.153.26:1194, sid=7fe47c1d 9ba5b2f5
Sun Nov 10 21:14:39 2013 us=210000 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sun Nov 10 21:14:57 2013 us=197000 VERIFY OK: depth=1, /C=US/O=Riseup_Networks/L=Seattle/ST=WA/CN=Riseup_Networks/emailAddress=collective@riseup.net
Sun Nov 10 21:14:57 2013 us=197000 VERIFY OK: depth=0, /C=US/O=Riseup_Networks/L=Seattle/ST=WA/CN=vpn.riseup.net
Sun Nov 10 21:14:57 2013 us=961000 WARNING: 'dev-type' is used inconsistently, local='dev-type tap', remote='dev-type tun'
Sun Nov 10 21:14:57 2013 us=961000 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1573', remote='link-mtu 1541'
Sun Nov 10 21:14:57 2013 us=961000 WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1532', remote='tun-mtu 1500'
Sun Nov 10 21:14:57 2013 us=977000 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Nov 10 21:14:57 2013 us=977000 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Nov 10 21:14:57 2013 us=977000 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Nov 10 21:14:57 2013 us=977000 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Nov 10 21:14:57 2013 us=977000 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Sun Nov 10 21:14:57 2013 us=977000 [vpn.riseup.net] Peer Connection Initiated with 198.252.153.26:1194
Sun Nov 10 21:15:00 2013 us=707000 SENT CONTROL [vpn.riseup.net]: 'PUSH_REQUEST' (status=1)
Sun Nov 10 21:15:00 2013 us=988000 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 172.27.0.1,route-gateway 172.27.0.1,topology subnet,ping 7,ping-restart 35,ifconfig 172.27.0.42 255.255.252.0'
Sun Nov 10 21:15:00 2013 us=988000 OPTIONS IMPORT: timers and/or timeouts modified
Sun Nov 10 21:15:00 2013 us=988000 OPTIONS IMPORT: --ifconfig/up options modified
Sun Nov 10 21:15:00 2013 us=988000 OPTIONS IMPORT: route options modified
Sun Nov 10 21:15:00 2013 us=988000 OPTIONS IMPORT: route-related options modified
Sun Nov 10 21:15:00 2013 us=988000 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sun Nov 10 21:15:00 2013 us=988000 ROUTE default_gateway=192.168.101.253
Sun Nov 10 21:15:01 2013 us=3000 TAP-WIN32 device [Local Area Connection 2] opened: \\.\Global\{0109BBA6-05FE-4647-8BC5-3283ED5C3090}.tap
Sun Nov 10 21:15:01 2013 us=3000 TAP-Win32 Driver Version 9.9 
Sun Nov 10 21:15:01 2013 us=3000 TAP-Win32 MTU=1500
Sun Nov 10 21:15:01 2013 us=3000 Notified TAP-Win32 driver to set a DHCP IP/netmask of 172.27.0.42/255.255.252.0 on interface {0109BBA6-05FE-4647-8BC5-3283ED5C3090} [DHCP-serv: 172.27.0.0, lease-time: 31536000]
Sun Nov 10 21:15:01 2013 us=3000 DHCP option string: 0604ac1b 0001
Sun Nov 10 21:15:01 2013 us=3000 Successful ARP Flush on interface [22] {0109BBA6-05FE-4647-8BC5-3283ED5C3090}
Sun Nov 10 21:15:06 2013 us=58000 TEST ROUTES: 1/1 succeeded len=0 ret=1 a=0 u/d=up
Sun Nov 10 21:15:06 2013 us=58000 C:\WINDOWS\system32\route.exe ADD 198.252.153.26 MASK 255.255.255.255 192.168.101.253
Sun Nov 10 21:15:06 2013 us=58000 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=10 and dwForwardType=4
Sun Nov 10 21:15:06 2013 us=58000 Route addition via IPAPI succeeded [adaptive]
Sun Nov 10 21:15:06 2013 us=58000 C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 172.27.0.1
Sun Nov 10 21:15:06 2013 us=58000 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Sun Nov 10 21:15:06 2013 us=58000 Route addition via IPAPI succeeded [adaptive]
Sun Nov 10 21:15:06 2013 us=58000 C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 172.27.0.1
Sun Nov 10 21:15:06 2013 us=73000 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Sun Nov 10 21:15:06 2013 us=73000 Route addition via IPAPI succeeded [adaptive]
Sun Nov 10 21:15:06 2013 us=73000 Initialization Sequence Completed

Re: Cannot redirect traffic with Riseup VPN

Posted: Mon Nov 11, 2013 2:00 am
by krikara
Sorry, I posted the wrong one. I will post the dev tun config now with log.

Although when I do use dev tun , my client has a problem with staying connected to the VPN .

Code: Select all

client
dev tun
remote seattle.vpn.riseup.net
auth-user-pass
ca RiseupCA.pem
redirect-gateway
verb 4
##link-mtu 1541
tun-mtu 1500
push "redirect-gateway def1"

Code: Select all

Sun Nov 10 21:56:35 2013 us=272000 OpenVPN 2.2.2 Win32-MSVC++ [SSL] [LZO2] [PKCS11] built on Dec 15 2011
Sun Nov 10 21:56:43 2013 us=852000 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA.  OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Sun Nov 10 21:56:43 2013 us=852000 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Sun Nov 10 21:56:43 2013 us=852000 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Sun Nov 10 21:56:44 2013 us=39000 Control Channel MTU parms [ L:1541 D:138 EF:38 EB:0 ET:0 EL:0 ]
Sun Nov 10 21:56:44 2013 us=39000 Socket Buffers: R=[8192->8192] S=[8192->8192]
Sun Nov 10 21:56:44 2013 us=39000 Data Channel MTU parms [ L:1541 D:1450 EF:41 EB:4 ET:0 EL:0 ]
Sun Nov 10 21:56:44 2013 us=39000 Local Options String: 'V4,dev-type tun,link-mtu 1541,tun-mtu 1500,proto UDPv4,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Sun Nov 10 21:56:44 2013 us=39000 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1541,tun-mtu 1500,proto UDPv4,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Sun Nov 10 21:56:44 2013 us=39000 Local Options hash (VER=V4): '3514370b'
Sun Nov 10 21:56:44 2013 us=39000 Expected Remote Options hash (VER=V4): '239669a8'
Sun Nov 10 21:56:44 2013 us=39000 UDPv4 link local (bound): [undef]:1194
Sun Nov 10 21:56:44 2013 us=39000 UDPv4 link remote: 198.252.153.26:1194
Sun Nov 10 21:56:44 2013 us=273000 TLS: Initial packet from 198.252.153.26:1194, sid=56c95fea a4e344de
Sun Nov 10 21:56:44 2013 us=273000 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sun Nov 10 21:56:49 2013 us=655000 VERIFY OK: depth=1, /C=US/O=Riseup_Networks/L=Seattle/ST=WA/CN=Riseup_Networks/emailAddress=collective@riseup.net
Sun Nov 10 21:56:49 2013 us=655000 VERIFY OK: depth=0, /C=US/O=Riseup_Networks/L=Seattle/ST=WA/CN=vpn.riseup.net
Sun Nov 10 21:56:50 2013 us=404000 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Nov 10 21:56:50 2013 us=404000 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Nov 10 21:56:50 2013 us=404000 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Nov 10 21:56:50 2013 us=404000 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Nov 10 21:56:50 2013 us=404000 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Sun Nov 10 21:56:50 2013 us=404000 [vpn.riseup.net] Peer Connection Initiated with 198.252.153.26:1194
Sun Nov 10 21:56:52 2013 us=651000 SENT CONTROL [vpn.riseup.net]: 'PUSH_REQUEST' (status=1)
Sun Nov 10 21:56:57 2013 us=159000 SENT CONTROL [vpn.riseup.net]: 'PUSH_REQUEST' (status=1)
Sun Nov 10 21:56:57 2013 us=393000 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 172.27.0.1,route-gateway 172.27.0.1,topology subnet,ping 7,ping-restart 35,ifconfig 172.27.0.59 255.255.252.0'
Sun Nov 10 21:56:57 2013 us=393000 OPTIONS IMPORT: timers and/or timeouts modified
Sun Nov 10 21:56:57 2013 us=393000 OPTIONS IMPORT: --ifconfig/up options modified
Sun Nov 10 21:56:57 2013 us=393000 OPTIONS IMPORT: route options modified
Sun Nov 10 21:56:57 2013 us=393000 OPTIONS IMPORT: route-related options modified
Sun Nov 10 21:56:57 2013 us=393000 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sun Nov 10 21:56:57 2013 us=393000 ROUTE default_gateway=192.168.101.253
Sun Nov 10 21:56:57 2013 us=409000 TAP-WIN32 device [Local Area Connection 2] opened: \\.\Global\{0109BBA6-05FE-4647-8BC5-3283ED5C3090}.tap
Sun Nov 10 21:56:57 2013 us=409000 TAP-Win32 Driver Version 9.9 
Sun Nov 10 21:56:57 2013 us=409000 TAP-Win32 MTU=1500
Sun Nov 10 21:56:57 2013 us=409000 Set TAP-Win32 TUN subnet mode network/local/netmask = 172.27.0.0/172.27.0.59/255.255.252.0 [SUCCEEDED]
Sun Nov 10 21:56:57 2013 us=409000 Notified TAP-Win32 driver to set a DHCP IP/netmask of 172.27.0.59/255.255.252.0 on interface {0109BBA6-05FE-4647-8BC5-3283ED5C3090} [DHCP-serv: 172.27.3.254, lease-time: 31536000]
Sun Nov 10 21:56:57 2013 us=409000 DHCP option string: 0604ac1b 0001
Sun Nov 10 21:56:57 2013 us=409000 Successful ARP Flush on interface [22] {0109BBA6-05FE-4647-8BC5-3283ED5C3090}
Sun Nov 10 21:56:57 2013 us=409000 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 172.27.0.1,route-gateway 172.27.0.1,topology subnet,ping 7,ping-restart 35,ifconfig 172.27.0.59 255.255.252.0'
Sun Nov 10 21:57:02 2013 us=214000 TEST ROUTES: 1/1 succeeded len=0 ret=1 a=0 u/d=up
Sun Nov 10 21:57:02 2013 us=214000 C:\WINDOWS\system32\route.exe ADD 198.252.153.26 MASK 255.255.255.255 192.168.101.253
Sun Nov 10 21:57:02 2013 us=214000 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=10 and dwForwardType=4
Sun Nov 10 21:57:02 2013 us=214000 Route addition via IPAPI succeeded [adaptive]
Sun Nov 10 21:57:02 2013 us=214000 C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 172.27.0.1
Sun Nov 10 21:57:02 2013 us=214000 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Sun Nov 10 21:57:02 2013 us=214000 Route addition via IPAPI succeeded [adaptive]
Sun Nov 10 21:57:02 2013 us=214000 C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 172.27.0.1
Sun Nov 10 21:57:02 2013 us=214000 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Sun Nov 10 21:57:02 2013 us=214000 Route addition via IPAPI succeeded [adaptive]
Sun Nov 10 21:57:02 2013 us=214000 Initialization Sequence Completed

Re: Cannot redirect traffic with Riseup VPN

Posted: Mon Nov 11, 2013 2:08 am
by krikara
Here is the logs when it keeps disconnecting from the VPN using dev tun.
When I am connected to the VPN however, I cannot actually use the internet. Nothing loads. And then it disconnects and I can load webpages again. It's weird.

Code: Select all

Sun Nov 10 22:03:56 2013 us=802000 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Sun Nov 10 22:03:56 2013 us=802000 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Sun Nov 10 22:03:56 2013 us=973000 Control Channel MTU parms [ L:1541 D:138 EF:38 EB:0 ET:0 EL:0 ]
Sun Nov 10 22:03:56 2013 us=973000 Socket Buffers: R=[8192->8192] S=[8192->8192]
Sun Nov 10 22:03:56 2013 us=973000 Data Channel MTU parms [ L:1541 D:1450 EF:41 EB:4 ET:0 EL:0 ]
Sun Nov 10 22:03:56 2013 us=973000 Local Options String: 'V4,dev-type tun,link-mtu 1541,tun-mtu 1500,proto UDPv4,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Sun Nov 10 22:03:56 2013 us=973000 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1541,tun-mtu 1500,proto UDPv4,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Sun Nov 10 22:03:56 2013 us=973000 Local Options hash (VER=V4): '3514370b'
Sun Nov 10 22:03:56 2013 us=973000 Expected Remote Options hash (VER=V4): '239669a8'
Sun Nov 10 22:03:56 2013 us=973000 UDPv4 link local (bound): [undef]:1194
Sun Nov 10 22:03:56 2013 us=973000 UDPv4 link remote: 198.252.153.26:1194
Sun Nov 10 22:04:56 2013 us=347000 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Sun Nov 10 22:04:56 2013 us=347000 TLS Error: TLS handshake failed
Sun Nov 10 22:04:56 2013 us=347000 TCP/UDP: Closing socket
Sun Nov 10 22:04:56 2013 us=347000 SIGUSR1[soft,tls-error] received, process restarting
Sun Nov 10 22:04:56 2013 us=347000 Restart pause, 2 second(s)
Sun Nov 10 22:04:58 2013 us=344000 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA.  OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Sun Nov 10 22:04:58 2013 us=344000 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Sun Nov 10 22:04:58 2013 us=344000 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Sun Nov 10 22:04:58 2013 us=344000 Control Channel MTU parms [ L:1541 D:138 EF:38 EB:0 ET:0 EL:0 ]
Sun Nov 10 22:04:58 2013 us=344000 Socket Buffers: R=[8192->8192] S=[8192->8192]
Sun Nov 10 22:04:58 2013 us=344000 Data Channel MTU parms [ L:1541 D:1450 EF:41 EB:4 ET:0 EL:0 ]
Sun Nov 10 22:04:58 2013 us=344000 Local Options String: 'V4,dev-type tun,link-mtu 1541,tun-mtu 1500,proto UDPv4,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Sun Nov 10 22:04:58 2013 us=344000 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1541,tun-mtu 1500,proto UDPv4,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Sun Nov 10 22:04:58 2013 us=344000 Local Options hash (VER=V4): '3514370b'
Sun Nov 10 22:04:58 2013 us=344000 Expected Remote Options hash (VER=V4): '239669a8'
Sun Nov 10 22:04:58 2013 us=344000 UDPv4 link local (bound): [undef]:1194
Sun Nov 10 22:04:58 2013 us=344000 UDPv4 link remote: 198.252.153.26:1194

Re: Cannot redirect traffic with Riseup VPN

Posted: Tue Nov 12, 2013 2:25 am
by krikara
Alright, let me begin by saying I always run these things with administrator ever since vista. It is the worst feeling in the world when you spend countless hours trying to get something to work and the problem was just running as administrator.

With that said, let me post some results.

I can't use redirect-gateway defl ; it posts this error

Code: Select all

Options error: unknown --redirect-gateway flag: defl
ns-cert-type server causes infinitely many errors in the following

Code: Select all

Mon Nov 11 22:18:23 2013 us=921000 TLS Error: Unroutable control packet received from 198.252.153.26:1194 (si=3 op=P_CONTROL_V1)
So I went back to using this config

Code: Select all

client
dev tun
remote seattle.vpn.riseup.net
auth-user-pass
ca RiseupCA.pem
redirect-gateway
verb 4
tun-mtu 1500
Again, tap connects, but doesn't redirect traffic. Tun connects, but often disconnects and reconnects as well. And Tun doesn't redir the traffic either.

To me, I think this is either one of two problems. Either the great firewall of china is completely blocking the use of vpn (which I doubt since I am connected), or I need to configure my browser to use the VPN (which the tutorial never said). I think it is the latter of the two, but I will have to figure out how to configure my browser now to run some tests.
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/