openvpn windows server service doesn't work after reboot

[simonhang]

Hi guys,

I have a strange issue. I have openvpn server setup and running as windows services and it is working fine.

Then I set the service to auto start, but after every windows reboot, openvpn is behaving strangely. I can still connect to openvpn server, and client gets ip address. But the looks like something is messed up on server side, client cannot even ping openvpn server ip address.

But a simple stop/start openvpn service, and everything just works.

Does anybody know what is wrong with my setup? I tried to use windows delayed start for openvpn service, doesn't help. I added remote access, dhcp, dns .. as depending service, doesn't help too.

Anything I can do to let openvpn works after reboot?


Thanks,
Simon

[maikcat]

you dont post enough info about your setup,

which windows are you using on your server?
post logs when openvpn works and after reboot,
post the output of netstat -nr again in both cases.

Michael.

[simonhang]

Thanks, I found this is nothing to do auto start. After reboot, first start of openvpn service either by automatic or manual will run into the same situation. Restart the service will solve the problem.

Here is the output of netstat -nr. Before and after looks the same.

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.20 266
10.8.0.0 255.255.255.0 10.8.0.2 192.168.1.20 11
10.8.0.0 255.255.255.252 On-link 10.8.0.1 286
10.8.0.1 255.255.255.255 On-link 10.8.0.1 286
10.8.0.3 255.255.255.255 On-link 10.8.0.1 286
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.20 266
192.168.1.20 255.255.255.255 On-link 192.168.1.20 266
192.168.1.255 255.255.255.255 On-link 192.168.1.20 266
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 10.8.0.1 286
224.0.0.0 240.0.0.0 On-link 192.168.1.20 266
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 10.8.0.1 286
255.255.255.255 255.255.255.255 On-link 192.168.1.20 266
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 192.168.1.254 Default
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
1 306 ff00::/8 On-link
===========================================================================
Persistent Routes:
None


IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.20 266
10.8.0.0 255.255.255.0 10.8.0.2 10.8.0.1 30
10.8.0.0 255.255.255.252 On-link 10.8.0.1 286
10.8.0.1 255.255.255.255 On-link 10.8.0.1 286
10.8.0.3 255.255.255.255 On-link 10.8.0.1 286
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.20 266
192.168.1.20 255.255.255.255 On-link 192.168.1.20 266
192.168.1.255 255.255.255.255 On-link 192.168.1.20 266
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 10.8.0.1 286
224.0.0.0 240.0.0.0 On-link 192.168.1.20 266
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 10.8.0.1 286
255.255.255.255 255.255.255.255 On-link 192.168.1.20 266
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 192.168.1.254 Default
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
1 306 ff00::/8 On-link
===========================================================================
Persistent Routes:
None



Here is the openvpn log with issue:
Thu Dec 25 18:24:24 2014 OpenVPN 2.3.4 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Jun 5 2014
Thu Dec 25 18:24:24 2014 library versions: OpenSSL 1.0.1h 5 Jun 2014, LZO 2.05
Thu Dec 25 18:24:24 2014 NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x. Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
Thu Dec 25 18:24:25 2014 Diffie-Hellman initialized with 1024 bit key
Thu Dec 25 18:24:25 2014 Socket Buffers: R=[8192->8192] S=[8192->8192]
Thu Dec 25 18:24:25 2014 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Thu Dec 25 18:24:25 2014 open_tun, tt->ipv6=0
Thu Dec 25 18:24:25 2014 TAP-WIN32 device [Local Area Connection 2] opened: \\.\Global\{4C4A97A9-63BA-4260-BF82-9C7F742B7408}.tap
Thu Dec 25 18:24:25 2014 TAP-Windows Driver Version 9.9
Thu Dec 25 18:24:25 2014 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.8.0.1/255.255.255.252 on interface {4C4A97A9-63BA-4260-BF82-9C7F742B7408} [DHCP-serv: 10.8.0.2, lease-time: 31536000]
Thu Dec 25 18:24:25 2014 Sleeping for 10 seconds...
Thu Dec 25 18:24:35 2014 Successful ARP Flush on interface [14] {4C4A97A9-63BA-4260-BF82-9C7F742B7408}
Thu Dec 25 18:24:35 2014 C:\Windows\system32\route.exe ADD 10.8.0.0 MASK 255.255.255.0 10.8.0.2
Thu Dec 25 18:24:35 2014 Warning: route gateway is not reachable on any active network adapters: 10.8.0.2
Thu Dec 25 18:24:35 2014 Route addition via IPAPI failed [adaptive]
Thu Dec 25 18:24:35 2014 Route addition fallback to route.exe
Thu Dec 25 18:24:35 2014 env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
Thu Dec 25 18:24:35 2014 Listening for incoming TCP connection on [undef]
Thu Dec 25 18:24:35 2014 TCPv4_SERVER link local (bound): [undef]
Thu Dec 25 18:24:35 2014 TCPv4_SERVER link remote: [undef]
Thu Dec 25 18:24:35 2014 MULTI: multi_init called, r=256 v=256
Thu Dec 25 18:24:35 2014 IFCONFIG POOL: base=10.8.0.4 size=62, ipv6=0
Thu Dec 25 18:24:35 2014 ifconfig_pool_read(), in='simon-phone,10.8.0.4', TODO: IPv6
Thu Dec 25 18:24:35 2014 succeeded -> ifconfig_pool_set()
Thu Dec 25 18:24:35 2014 ifconfig_pool_read(), in='simon-laptop,10.8.0.8', TODO: IPv6
Thu Dec 25 18:24:35 2014 succeeded -> ifconfig_pool_set()
Thu Dec 25 18:24:35 2014 ifconfig_pool_read(), in='SimonPhone,10.8.0.12', TODO: IPv6
Thu Dec 25 18:24:35 2014 succeeded -> ifconfig_pool_set()
Thu Dec 25 18:24:35 2014 ifconfig_pool_read(), in='SimonTablet,10.8.0.16', TODO: IPv6
Thu Dec 25 18:24:35 2014 succeeded -> ifconfig_pool_set()
Thu Dec 25 18:24:35 2014 ifconfig_pool_read(), in='SimoniPad,10.8.0.20', TODO: IPv6
Thu Dec 25 18:24:35 2014 succeeded -> ifconfig_pool_set()
Thu Dec 25 18:24:35 2014 ifconfig_pool_read(), in='SimonLaptop,10.8.0.24', TODO: IPv6
Thu Dec 25 18:24:35 2014 succeeded -> ifconfig_pool_set()
Thu Dec 25 18:24:35 2014 IFCONFIG POOL LIST
Thu Dec 25 18:24:35 2014 simon-phone,10.8.0.4
Thu Dec 25 18:24:35 2014 simon-laptop,10.8.0.8
Thu Dec 25 18:24:35 2014 SimonPhone,10.8.0.12
Thu Dec 25 18:24:35 2014 SimonTablet,10.8.0.16
Thu Dec 25 18:24:35 2014 SimoniPad,10.8.0.20
Thu Dec 25 18:24:35 2014 SimonLaptop,10.8.0.24
Thu Dec 25 18:24:35 2014 MULTI: TCP INIT maxclients=60 maxevents=64
Thu Dec 25 18:24:35 2014 Initialization Sequence Completed
Thu Dec 25 18:24:44 2014 TCP connection established with [AF_INET]101.171.42.163:9333
Thu Dec 25 18:24:44 2014 101.171.42.163:9333 TLS: Initial packet from [AF_INET]101.171.42.163:9333, sid=f4121e4a 001b1ed7
Thu Dec 25 18:24:46 2014 101.171.42.163:9333 VERIFY OK: depth=1, C=AU, xxx
Thu Dec 25 18:24:46 2014 101.171.42.163:9333 VERIFY OK: depth=0, C=AU, xxx
Thu Dec 25 18:24:47 2014 101.171.42.163:9333 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Dec 25 18:24:47 2014 101.171.42.163:9333 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Dec 25 18:24:47 2014 101.171.42.163:9333 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Dec 25 18:24:47 2014 101.171.42.163:9333 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Dec 25 18:24:47 2014 101.171.42.163:9333 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Thu Dec 25 18:24:47 2014 101.171.42.163:9333 [SimonPhone] Peer Connection Initiated with [AF_INET]101.171.42.163:9333
Thu Dec 25 18:24:47 2014 SimonPhone/101.171.42.163:9333 MULTI_sva: pool returned IPv4=10.8.0.14, IPv6=(Not enabled)
Thu Dec 25 18:24:47 2014 SimonPhone/101.171.42.163:9333 MULTI: Learn: 10.8.0.14 -> SimonPhone/101.171.42.163:9333
Thu Dec 25 18:24:47 2014 SimonPhone/101.171.42.163:9333 MULTI: primary virtual IP for SimonPhone/101.171.42.163:9333: 10.8.0.14
Thu Dec 25 18:24:48 2014 SimonPhone/101.171.42.163:9333 PUSH: Received control message: 'PUSH_REQUEST'
Thu Dec 25 18:24:48 2014 SimonPhone/101.171.42.163:9333 send_push_reply(): safe_cap=940
Thu Dec 25 18:24:48 2014 SimonPhone/101.171.42.163:9333 SENT CONTROL [SimonPhone]: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.14 10.8.0.13' (status=1)
Thu Dec 25 18:26:53 2014 TCP connection established with [AF_INET]192.168.1.254:60996
Thu Dec 25 18:26:53 2014 192.168.1.254:60996 TLS: Initial packet from [AF_INET]192.168.1.254:60996, sid=5431591e fa492482
Thu Dec 25 18:26:54 2014 192.168.1.254:60996 VERIFY OK: depth=1, C=AU, xxxx
Thu Dec 25 18:26:54 2014 192.168.1.254:60996 VERIFY OK: depth=0, C=AU, xxxx
Thu Dec 25 18:26:54 2014 192.168.1.254:60996 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Dec 25 18:26:54 2014 192.168.1.254:60996 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Dec 25 18:26:54 2014 192.168.1.254:60996 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Dec 25 18:26:54 2014 192.168.1.254:60996 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Dec 25 18:26:54 2014 192.168.1.254:60996 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Thu Dec 25 18:26:54 2014 192.168.1.254:60996 [SimonLaptop] Peer Connection Initiated with [AF_INET]192.168.1.254:60996
Thu Dec 25 18:26:54 2014 SimonLaptop/192.168.1.254:60996 MULTI_sva: pool returned IPv4=10.8.0.26, IPv6=(Not enabled)
Thu Dec 25 18:26:54 2014 SimonLaptop/192.168.1.254:60996 MULTI: Learn: 10.8.0.26 -> SimonLaptop/192.168.1.254:60996
Thu Dec 25 18:26:54 2014 SimonLaptop/192.168.1.254:60996 MULTI: primary virtual IP for SimonLaptop/192.168.1.254:60996: 10.8.0.26
Thu Dec 25 18:26:56 2014 SimonLaptop/192.168.1.254:60996 PUSH: Received control message: 'PUSH_REQUEST'
Thu Dec 25 18:26:56 2014 SimonLaptop/192.168.1.254:60996 send_push_reply(): safe_cap=940
Thu Dec 25 18:26:56 2014 SimonLaptop/192.168.1.254:60996 SENT CONTROL [SimonLaptop]: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.26 10.8.0.25' (status=1)
Thu Dec 25 18:27:37 2014 SimonLaptop/192.168.1.254:60996 Connection reset, restarting [-1]
Thu Dec 25 18:27:37 2014 SimonLaptop/192.168.1.254:60996 SIGUSR1[soft,connection-reset] received, client-instance restarting
Thu Dec 25 18:28:37 2014 SimonPhone/101.171.42.163:9333 read TCPv4_SERVER: Connection timed out (WSAETIMEDOUT) (code=10060)
Thu Dec 25 18:28:37 2014 SimonPhone/101.171.42.163:9333 Connection reset, restarting [-1]
Thu Dec 25 18:28:37 2014 SimonPhone/101.171.42.163:9333 SIGUSR1[soft,connection-reset] received, client-instance restarting


Here is the log without issue:


Thu Dec 25 18:32:26 2014 OpenVPN 2.3.4 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Jun 5 2014
Thu Dec 25 18:32:26 2014 library versions: OpenSSL 1.0.1h 5 Jun 2014, LZO 2.05
Thu Dec 25 18:32:26 2014 NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x. Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
Thu Dec 25 18:32:26 2014 Diffie-Hellman initialized with 1024 bit key
Thu Dec 25 18:32:26 2014 Socket Buffers: R=[8192->8192] S=[8192->8192]
Thu Dec 25 18:32:26 2014 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Thu Dec 25 18:32:26 2014 open_tun, tt->ipv6=0
Thu Dec 25 18:32:26 2014 TAP-WIN32 device [Local Area Connection 2] opened: \\.\Global\{4C4A97A9-63BA-4260-BF82-9C7F742B7408}.tap
Thu Dec 25 18:32:26 2014 TAP-Windows Driver Version 9.9
Thu Dec 25 18:32:26 2014 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.8.0.1/255.255.255.252 on interface {4C4A97A9-63BA-4260-BF82-9C7F742B7408} [DHCP-serv: 10.8.0.2, lease-time: 31536000]
Thu Dec 25 18:32:26 2014 Sleeping for 10 seconds...
Thu Dec 25 18:32:36 2014 Successful ARP Flush on interface [14] {4C4A97A9-63BA-4260-BF82-9C7F742B7408}
Thu Dec 25 18:32:36 2014 C:\Windows\system32\route.exe ADD 10.8.0.0 MASK 255.255.255.0 10.8.0.2
Thu Dec 25 18:32:36 2014 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Thu Dec 25 18:32:36 2014 Route addition via IPAPI succeeded [adaptive]
Thu Dec 25 18:32:36 2014 Listening for incoming TCP connection on [undef]
Thu Dec 25 18:32:36 2014 TCPv4_SERVER link local (bound): [undef]
Thu Dec 25 18:32:36 2014 TCPv4_SERVER link remote: [undef]
Thu Dec 25 18:32:36 2014 MULTI: multi_init called, r=256 v=256
Thu Dec 25 18:32:36 2014 IFCONFIG POOL: base=10.8.0.4 size=62, ipv6=0
Thu Dec 25 18:32:36 2014 ifconfig_pool_read(), in='simon-phone,10.8.0.4', TODO: IPv6
Thu Dec 25 18:32:36 2014 succeeded -> ifconfig_pool_set()
Thu Dec 25 18:32:36 2014 ifconfig_pool_read(), in='simon-laptop,10.8.0.8', TODO: IPv6
Thu Dec 25 18:32:36 2014 succeeded -> ifconfig_pool_set()
Thu Dec 25 18:32:36 2014 ifconfig_pool_read(), in='SimonPhone,10.8.0.12', TODO: IPv6
Thu Dec 25 18:32:36 2014 succeeded -> ifconfig_pool_set()
Thu Dec 25 18:32:36 2014 ifconfig_pool_read(), in='SimonTablet,10.8.0.16', TODO: IPv6
Thu Dec 25 18:32:36 2014 succeeded -> ifconfig_pool_set()
Thu Dec 25 18:32:36 2014 ifconfig_pool_read(), in='SimoniPad,10.8.0.20', TODO: IPv6
Thu Dec 25 18:32:36 2014 succeeded -> ifconfig_pool_set()
Thu Dec 25 18:32:36 2014 ifconfig_pool_read(), in='SimonLaptop,10.8.0.24', TODO: IPv6
Thu Dec 25 18:32:36 2014 succeeded -> ifconfig_pool_set()
Thu Dec 25 18:32:36 2014 IFCONFIG POOL LIST
Thu Dec 25 18:32:36 2014 simon-phone,10.8.0.4
Thu Dec 25 18:32:36 2014 simon-laptop,10.8.0.8
Thu Dec 25 18:32:36 2014 SimonPhone,10.8.0.12
Thu Dec 25 18:32:36 2014 SimonTablet,10.8.0.16
Thu Dec 25 18:32:36 2014 SimoniPad,10.8.0.20
Thu Dec 25 18:32:36 2014 SimonLaptop,10.8.0.24
Thu Dec 25 18:32:36 2014 MULTI: TCP INIT maxclients=60 maxevents=64
Thu Dec 25 18:32:36 2014 Initialization Sequence Completed
Thu Dec 25 18:32:46 2014 TCP connection established with [AF_INET]192.168.1.254:61100
Thu Dec 25 18:32:46 2014 192.168.1.254:61100 TLS: Initial packet from [AF_INET]192.168.1.254:61100, sid=6307d4fd 9fc53e33
Thu Dec 25 18:32:47 2014 192.168.1.254:61100 VERIFY OK: depth=1, xxx
Thu Dec 25 18:32:47 2014 192.168.1.254:61100 VERIFY OK: depth=0, xxx
Thu Dec 25 18:32:47 2014 192.168.1.254:61100 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Dec 25 18:32:47 2014 192.168.1.254:61100 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Dec 25 18:32:47 2014 192.168.1.254:61100 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Dec 25 18:32:47 2014 192.168.1.254:61100 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Dec 25 18:32:48 2014 192.168.1.254:61100 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Thu Dec 25 18:32:48 2014 192.168.1.254:61100 [SimonLaptop] Peer Connection Initiated with [AF_INET]192.168.1.254:61100
Thu Dec 25 18:32:48 2014 SimonLaptop/192.168.1.254:61100 MULTI_sva: pool returned IPv4=10.8.0.26, IPv6=(Not enabled)
Thu Dec 25 18:32:48 2014 SimonLaptop/192.168.1.254:61100 MULTI: Learn: 10.8.0.26 -> SimonLaptop/192.168.1.254:61100
Thu Dec 25 18:32:48 2014 SimonLaptop/192.168.1.254:61100 MULTI: primary virtual IP for SimonLaptop/192.168.1.254:61100: 10.8.0.26
Thu Dec 25 18:32:49 2014 SimonLaptop/192.168.1.254:61100 PUSH: Received control message: 'PUSH_REQUEST'
Thu Dec 25 18:32:49 2014 SimonLaptop/192.168.1.254:61100 send_push_reply(): safe_cap=940
Thu Dec 25 18:32:49 2014 SimonLaptop/192.168.1.254:61100 SENT CONTROL [SimonLaptop]: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.26 10.8.0.25' (status=1)

[maikcat]

please post your configs,

also which windows version are you using for your server?

Michael.

[simonhang]

Thanks,

I'm running openvpn on windows server 2008 SP2

openvpn config:

Code: Select all

port 443
proto tcp
dev tun
ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\config\\server.crt"
key "C:\\Program Files\\OpenVPN\\config\\server.key"
dh "C:\\Program Files\\OpenVPN\\config\\dh1024.pem"
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3

[maikcat]

please comment out ifconfig-pool-persist and tell us if the problem remains..

Michael.

[simonhang]

Still same problem after comment out.

Code: Select all

Sat Jan 03 10:45:02 2015 OpenVPN 2.3.4 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Jun  5 2014
Sat Jan 03 10:45:02 2015 library versions: OpenSSL 1.0.1h 5 Jun 2014, LZO 2.05
Sat Jan 03 10:45:02 2015 NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x.  Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
Sat Jan 03 10:45:03 2015 Diffie-Hellman initialized with 1024 bit key
Sat Jan 03 10:45:03 2015 Socket Buffers: R=[8192->8192] S=[8192->8192]
Sat Jan 03 10:45:03 2015 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Sat Jan 03 10:45:03 2015 open_tun, tt->ipv6=0
Sat Jan 03 10:45:03 2015 TAP-WIN32 device [Local Area Connection 2] opened: \\.\Global\{4C4A97A9-63BA-4260-BF82-9C7F742B7408}.tap
Sat Jan 03 10:45:03 2015 TAP-Windows Driver Version 9.9 
Sat Jan 03 10:45:03 2015 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.8.0.1/255.255.255.252 on interface {4C4A97A9-63BA-4260-BF82-9C7F742B7408} [DHCP-serv: 10.8.0.2, lease-time: 31536000]
Sat Jan 03 10:45:03 2015 Sleeping for 10 seconds...
Sat Jan 03 10:45:13 2015 Successful ARP Flush on interface [14] {4C4A97A9-63BA-4260-BF82-9C7F742B7408}
Sat Jan 03 10:45:13 2015 C:\Windows\system32\route.exe ADD 10.8.0.0 MASK 255.255.255.0 10.8.0.2
Sat Jan 03 10:45:13 2015 Warning: route gateway is not reachable on any active network adapters: 10.8.0.2
Sat Jan 03 10:45:13 2015 Route addition via IPAPI failed [adaptive]
Sat Jan 03 10:45:13 2015 Route addition fallback to route.exe
Sat Jan 03 10:45:13 2015 env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
Sat Jan 03 10:45:14 2015 Listening for incoming TCP connection on [undef]
Sat Jan 03 10:45:14 2015 TCPv4_SERVER link local (bound): [undef]
Sat Jan 03 10:45:14 2015 TCPv4_SERVER link remote: [undef]
Sat Jan 03 10:45:14 2015 MULTI: multi_init called, r=256 v=256
Sat Jan 03 10:45:14 2015 IFCONFIG POOL: base=10.8.0.4 size=62, ipv6=0
Sat Jan 03 10:45:14 2015 MULTI: TCP INIT maxclients=60 maxevents=64
Sat Jan 03 10:45:14 2015 Initialization Sequence Completed
Sat Jan 03 11:01:33 2015 TCP connection established with [AF_INET]192.168.1.254:63110
Sat Jan 03 11:01:33 2015 192.168.1.254:63110 TLS: Initial packet from [AF_INET]192.168.1.254:63110, sid=24031f7e d9a83b07
Sat Jan 03 11:01:34 2015 192.168.1.254:63110 VERIFY OK: depth=1, xxx
Sat Jan 03 11:01:34 2015 192.168.1.254:63110 VERIFY OK: depth=0, xxx
Sat Jan 03 11:01:35 2015 192.168.1.254:63110 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Jan 03 11:01:35 2015 192.168.1.254:63110 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Jan 03 11:01:35 2015 192.168.1.254:63110 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Jan 03 11:01:35 2015 192.168.1.254:63110 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Jan 03 11:01:35 2015 192.168.1.254:63110 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Sat Jan 03 11:01:35 2015 192.168.1.254:63110 [SimonLaptop] Peer Connection Initiated with [AF_INET]192.168.1.254:63110
Sat Jan 03 11:01:35 2015 SimonLaptop/192.168.1.254:63110 MULTI_sva: pool returned IPv4=10.8.0.6, IPv6=(Not enabled)
Sat Jan 03 11:01:35 2015 SimonLaptop/192.168.1.254:63110 MULTI: Learn: 10.8.0.6 -> SimonLaptop/192.168.1.254:63110
Sat Jan 03 11:01:35 2015 SimonLaptop/192.168.1.254:63110 MULTI: primary virtual IP for SimonLaptop/192.168.1.254:63110: 10.8.0.6
Sat Jan 03 11:01:37 2015 SimonLaptop/192.168.1.254:63110 PUSH: Received control message: 'PUSH_REQUEST'
Sat Jan 03 11:01:37 2015 SimonLaptop/192.168.1.254:63110 send_push_reply(): safe_cap=940
Sat Jan 03 11:01:37 2015 SimonLaptop/192.168.1.254:63110 SENT CONTROL [SimonLaptop]: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5' (status=1)

[simonhang]

I reboot again. And found this time, network connection of openvpn tap adapter didn't get 10.8.0.1 address, instead it has 169.x.x.x address. Looks like the DHCP is not working properly?

I cannot ping 10.8.0.2 which is suppose to be DHCP server address. Anything I can do about these?

Thanks,
Simon

[Traffic]

DHCP is not working properly?

Is the DHCP service running ?

I cannot ping 10.8.0.2 which is suppose to be DHCP server address

The OpenVPN DHCP server will not respond to ping (by design).

[simonhang]

Not sure about the DHCP service. Openvpn shouldn't use windows dhcp service, right?
Is there a DHCP service for openvpn?

[Traffic]

Openvpn shouldn't use windows dhcp service, right?

wrong .. the dhcp service is required to do dhcp ...

[maikcat]

openvpn uses its internal dhcp to assign ips to clients unless if configured otherwise.

dont forget that --server directive when expands also presents the ifconfig-pool directive too.

Michael.

[Traffic]

You get the error message: Initialization Sequence Completed with errors-- This error can occur on Windows if (a) You don't have the DHCP client service running,

http://openvpn.net/index.php/open-sourc ... html#start

[maikcat]

You don't have the DHCP client service running

this is reffering to client service

I reboot again. And found this time, network connection of openvpn tap adapter didn't get 10.8.0.1 address, instead it has 169.x.x.x address. Looks like the DHCP is not working properly?

10.8.0.1? i assume it refers to server side, am i wrong?

to op: are you reffering to windows dhcp server service,correct?

btw the troubleshooting section reffers to client connecting problems , we are talking about server side probs,no?

Michael.

[Traffic]

Quote:
You don't have the DHCP client service running


this is reffering to client service

Refering to the Windows DHCP client service .. required by both openvpn server and client to successfully assign IP address to TAP device (or tun).

Server log snippet:

Code: Select all

Sun Jan 04 14:59:58 2015 us=937500 OpenVPN 2.3.4 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Aug  7 2014
Sun Jan 04 14:59:58 2015 us=937500 library versions: OpenSSL 1.0.1i 6 Aug 2014, LZO 2.05
...
Sun Jan 04 14:59:59 2015 us=843750 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Sun Jan 04 14:59:59 2015 us=843750 MANAGEMENT: >STATE:1420383599,ASSIGN_IP,,10.37.111.1,
Sun Jan 04 14:59:59 2015 us=859375 open_tun, tt->ipv6=0
Sun Jan 04 14:59:59 2015 us=890625 TAP-WIN32 device [tun0] opened: \\.\Global\{06A59D3A-19BC-4387-AA95-7BD31C4DE7F5}.tap
Sun Jan 04 14:59:59 2015 us=890625 TAP-Windows Driver Version 9.9 
Sun Jan 04 14:59:59 2015 us=890625 TAP-Windows MTU=1500
Sun Jan 04 14:59:59 2015 us=906250 Set TAP-Windows TUN subnet mode network/local/netmask = 10.37.111.0/10.37.111.1/255.255.255.0 [SUCCEEDED]
Sun Jan 04 14:59:59 2015 us=906250 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.37.111.1/255.255.255.0 on interface {06A59D3A-19BC-4387-AA95-7BD31C4DE7F5} [DHCP-serv: 10.37.111.254, lease-time: 31536000]
Sun Jan 04 14:59:59 2015 us=906250 Sleeping for 10 seconds...
Sun Jan 04 15:00:09 2015 us=906250 NOTE: FlushIpNetTable failed on interface [6] {06A59D3A-19BC-4387-AA95-7BD31C4DE7F5} (status=259) : No more data is available.  
Sun Jan 04 15:00:09 2015 us=906250 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Sun Jan 04 15:00:09 2015 us=906250 UDPv4 link local (bound): [AF_INET]10.1.101.101:37111
Sun Jan 04 15:00:09 2015 us=906250 UDPv4 link remote: [undef]
Sun Jan 04 15:00:09 2015 us=906250 MULTI: multi_init called, r=256 v=256
Sun Jan 04 15:00:09 2015 us=906250 IFCONFIG POOL: base=10.37.111.2 size=252, ipv6=0
Sun Jan 04 15:00:09 2015 us=906250 Initialization Sequence Completed
Sun Jan 04 15:00:09 2015 us=906250 MANAGEMENT: >STATE:1420383609,CONNECTED,SUCCESS,10.37.111.1,

ipconfig /all (tun0):

Code: Select all

Ethernet adapter tun0:

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : TAP-Windows Adapter V9
        Physical Address. . . . . . . . . : 00-FF-06-A5-9D-3A
        Dhcp Enabled. . . . . . . . . . . : Yes
        Autoconfiguration Enabled . . . . : Yes
        IP Address. . . . . . . . . . . . : 0.0.0.0
        Subnet Mask . . . . . . . . . . . : 0.0.0.0
        Default Gateway . . . . . . . . . :
        DHCP Server . . . . . . . . . . . : 10.245.0.254
        NetBIOS over Tcpip. . . . . . . . : Disabled

Start Windows DHCP client service:

Code: Select all

net start dhcp

ipconfig /all (tun0):

Code: Select all

Ethernet adapter tun0:

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : TAP-Windows Adapter V9
        Physical Address. . . . . . . . . : 00-FF-06-A5-9D-3A
        Dhcp Enabled. . . . . . . . . . . : Yes
        Autoconfiguration Enabled . . . . : Yes
        IP Address. . . . . . . . . . . . : 10.37.111.1
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . :
        DHCP Server . . . . . . . . . . . : 10.37.111.254
        NetBIOS over Tcpip. . . . . . . . : Disabled
        Lease Obtained. . . . . . . . . . : 04 January 2015 15:07:28
        Lease Expires . . . . . . . . . . : 04 January 2016 15:07:28

I hope this clarifies it for you

[simonhang]

Thanks for the help.

Server tap device can get dynamic assigned IP when I restart the service. It just some time doens't work when I start the openvpn service first time after every reboot.

10.8.0.1 is the ip address suppose to assign to server tap device.

My clients can always get the right IP address, even when they are not able to ping 10.8.0.1

I noticed I have a route to 10.8.0.2 like follows.

Code: Select all

Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
     10.8.0.0          255.255.255.0      10.8.0.2       192.168.1.20 11 

Is this normal?

Thanks,
Simon