Need help on a Routing Problem with openvpn debian/windows

This forum is for all inquiries relating to the installation of OpenVPN from source and with binaries.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please visit (and READ) the OpenVPN HowTo http://openvpn.net/howto prior to asking any questions in here!
Post Reply
Tepoo
OpenVpn Newbie
Posts: 3
Joined: Sun Jul 27, 2014 9:40 am

Need help on a Routing Problem with openvpn debian/windows

Post by Tepoo » Sun Jul 27, 2014 10:41 am

Hello everyone,

so after two days os headache and crying i decided to ask here if someone knows how i can fix my problem.

i installed an openvpn on my debian wheezy 7.1 dedicated server. i used some informations from this website.
https://wiki.debian.org/OpenVPN

i modified the iptables a little bit different then in the website, but i did this on all important parts, so the ip is everwhere the same.
iptables -A FORWARD -i eth0 -o tun0 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -s 10.8.0.0/24 -o eth0 -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE[/code]

the server is starting fine and i am also able to connect to the openvpn via my certificate i generated.

this is what i get in the log when i connect to my openvpn

Code: Select all

Sun Jul 27 01:51:15 2014 OpenVPN 2.3.4 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Jun  5 2014
Sun Jul 27 01:51:15 2014 library versions: OpenSSL 1.0.1h 5 Jun 2014, LZO 2.05
Enter Management Password:
Sun Jul 27 01:51:15 2014 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Sun Jul 27 01:51:15 2014 Need hold release from management interface, waiting...
Sun Jul 27 01:51:15 2014 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Sun Jul 27 01:51:15 2014 MANAGEMENT: CMD 'state on'
Sun Jul 27 01:51:15 2014 MANAGEMENT: CMD 'log all on'
Sun Jul 27 01:51:15 2014 MANAGEMENT: CMD 'hold off'
Sun Jul 27 01:51:15 2014 MANAGEMENT: CMD 'hold release'
Sun Jul 27 01:51:15 2014 Socket Buffers: R=[8192->8192] S=[8192->8192]
Sun Jul 27 01:51:15 2014 UDPv4 link local: [undef]
Sun Jul 27 01:51:15 2014 UDPv4 link remote: [AF_INET]XX.XX.XX.XX:1194
Sun Jul 27 01:51:15 2014 MANAGEMENT: >STATE:1406451075,WAIT,,,
Sun Jul 27 01:51:15 2014 MANAGEMENT: >STATE:1406451075,AUTH,,,
Sun Jul 27 01:51:15 2014 TLS: Initial packet from [AF_INET]XX.XX.XX.XX:1194, sid=335ff2ac 9b901bff
Sun Jul 27 01:51:15 2014 VERIFY OK: depth=1, C=DE, ST=B, L=Berlin, O=, OU=VPN, CN=XXXXXXXX.ip-XX-XX-XX-XX.eu, name=Marco, emailAddress=XXXXXXX@XXXXX.com
Sun Jul 27 01:51:15 2014 VERIFY OK: nsCertType=SERVER
Sun Jul 27 01:51:15 2014 VERIFY OK: depth=0, C=DE, ST=B, L=Berlin, O=, OU=VPN, CN=XXXXXXXX.ip-XX-XX-XX-XX.eu, name=Marco, emailAddress=XXXXXXX@XXXXX.com
Sun Jul 27 01:51:16 2014 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Jul 27 01:51:16 2014 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Jul 27 01:51:16 2014 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Jul 27 01:51:16 2014 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Jul 27 01:51:16 2014 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Sun Jul 27 01:51:16 2014 [XXXXXXXXX.ip-XX-XX-XX-XX.eu] Peer Connection Initiated with [AF_INET]XX.XX.XX.XX:1194
Sun Jul 27 01:51:17 2014 MANAGEMENT: >STATE:1406451077,GET_CONFIG,,,
Sun Jul 27 01:51:18 2014 SENT CONTROL [XXXXXXXX.ip-XX-XX-XX-XX.eu]: 'PUSH_REQUEST' (status=1)
Sun Jul 27 01:51:18 2014 PUSH: Received control message: 'PUSH_REPLY,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5'
Sun Jul 27 01:51:18 2014 OPTIONS IMPORT: timers and/or timeouts modified
Sun Jul 27 01:51:18 2014 OPTIONS IMPORT: --ifconfig/up options modified
Sun Jul 27 01:51:18 2014 OPTIONS IMPORT: route options modified
Sun Jul 27 01:51:18 2014 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Sun Jul 27 01:51:18 2014 MANAGEMENT: >STATE:1406451078,ASSIGN_IP,,10.8.0.6,
Sun Jul 27 01:51:18 2014 open_tun, tt->ipv6=0
Sun Jul 27 01:51:18 2014 TAP-WIN32 device [Local Area Connection 2] opened: \\.\Global\{1330AA38-C065-45E8-8444-9006801CD81E}.tap
Sun Jul 27 01:51:18 2014 TAP-Windows Driver Version 9.9 
Sun Jul 27 01:51:18 2014 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.8.0.6/255.255.255.252 on interface {1330AA38-C065-45E8-8444-9006801CD81E} [DHCP-serv: 10.8.0.5, lease-time: 31536000]
Sun Jul 27 01:51:18 2014 Successful ARP Flush on interface [12] {1330AA38-C065-45E8-8444-9006801CD81E}
Sun Jul 27 01:51:23 2014 TEST ROUTES: 1/1 succeeded len=1 ret=1 a=0 u/d=up
Sun Jul 27 01:51:23 2014 MANAGEMENT: >STATE:1406451083,ADD_ROUTES,,,
Sun Jul 27 01:51:23 2014 C:\Windows\system32\route.exe ADD 10.8.0.1 MASK 255.255.255.255 10.8.0.5
Sun Jul 27 01:51:23 2014 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Sun Jul 27 01:51:23 2014 Route addition via IPAPI succeeded [adaptive]
Sun Jul 27 01:51:23 2014 Initialization Sequence Completed
Sun Jul 27 01:51:23 2014 MANAGEMENT: >STATE:1406451083,CONNECTED,SUCCESS,10.8.0.6,XX.XX.XX.XX
(Note: i replaced my server ip with XX.XX.XX.XX and some other private informations)

when i check the route list via cmd, i get the following

Code: Select all

Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1     192.168.0.12     10
         10.8.0.1  255.255.255.255         10.8.0.5         10.8.0.6      5
         10.8.0.4  255.255.255.252         On-link          10.8.0.6    261
         10.8.0.6  255.255.255.255         On-link          10.8.0.6    261
         10.8.0.7  255.255.255.255         On-link          10.8.0.6    261
i am 100% sure that in the first try, it seemed to work, because when i was visiting http://www.whatismyip.de, he showed me the ip of my server. but now, he doesnt route over the server anymore, when i make

tracert google.de or something like that, he goes directly to it, and not over the openvpn.

i hope someone can help me.
if you need more informations, i will provide them.

Greetings
Tepoo
Top
User avatar
maikcat
Forum Team
Posts: 4200
Joined: Wed Jan 12, 2011 9:23 am
Location: Athens,Greece
Contact:
Contact maikcat

Re: Need help on a Routing Problem with openvpn debian/windo

Post by maikcat » Mon Jul 28, 2014 6:41 am

post your server config please,

you probably missing the redirect-gateway in your config...

Michael.
Amiga 500 , Zx +2 owner
Long live Dino Dini (Kick off 2 Creator)

Inflammable means flammable? (Dr Nick Riviera,Simsons Season13)

"objects in mirror are losing"
Top
Tepoo
OpenVpn Newbie
Posts: 3
Joined: Sun Jul 27, 2014 9:40 am

Re: Need help on a Routing Problem with openvpn debian/windo

Post by Tepoo » Mon Jul 28, 2014 8:44 am

Hello,

thanks for the reply,
the redirect-gateway causes problems to me. when i uncomment the line

Code: Select all

;push "redirect-gateway def1 bypass-dhcp"
he is connecting, but then nothing happens anymore. no internet.

here is my server config file.

Code: Select all

port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key  # This file should be kept secret
dh dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
duplicate-cn
keepalive 10 120
comp-lzo
max-clients 10
persist-key
persist-tun
status openvpn-status.log
log         openvpn.log
verb 3
Greetings
Tepoo
Last edited by debbie10t on Mon Jul 28, 2014 11:02 am, edited 1 time in total.
Reason: Romved comments : As Per The Forum Rules
Top
Tepoo
OpenVpn Newbie
Posts: 3
Joined: Sun Jul 27, 2014 9:40 am

Re: Need help on a Routing Problem with openvpn debian/windo

Post by Tepoo » Mon Jul 28, 2014 11:44 am

debbie i think you very much :D

i accidently forgot to readd
echo 1 > /proc/sys/net/ipv4/ip_forward

to the system.
its not working perfectly.

ill added it now manually so the sys file that it will also stay on the setup.

thank you all very much :)

Greetings
Tepoo


ps.: Sorry for the big code snippet you edited.
Top
Post Reply

Return to “Installation Help”