can connect to openvpn server but cannot ping it
Posted: Wed Jun 03, 2015 4:34 am
hi, i'm install and configure openvpn on ubuntu and try to run the client on windows. the client succes to connect and get ip from server but somehow cannot ping it.
the current condition windows' firewall is off and i also already give server this
client config
server config
here client log
thanks
the current condition windows' firewall is off and i also already give server this
Code: Select all
iptables -A INPUT -i tun+ -j ACCEPTCode: Select all
#OpenVPN client conf
tls-client
client
dev tun
proto udp
nobind
tun-mtu 1400
remote 169.254.139.100 1194
pkcs12 te.p12
cipher RC2-CBC
comp-lzo
verb 3
ns-cert-type server
Code: Select all
port 1194
proto udp
dev tun
ca /usr/share/easy-rsa/keys/ca.crt
cert /usr/share/easy-rsa/keys/server1.crt
key /usr/share/easy-rsa/keys/server1.key
dh /usr/share/easy-rsa/keys/dh2048.pem
server 10.96.214.0 255.255.255.0
ifconfig-pool-persist ipp.txt
keepalive 10 120
comp-lzo
cipher RC2-CBC
persist-key
persist-tun
status openvpn-status.log
verb 3
Code: Select all
Tue Jun 02 20:16:21 2015 OpenVPN 2.3.6 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Mar 19 2015
Tue Jun 02 20:16:21 2015 library versions: OpenSSL 1.0.1m 19 Mar 2015, LZO 2.08
Enter Management Password:
Tue Jun 02 20:16:21 2015 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25344
Tue Jun 02 20:16:21 2015 Need hold release from management interface, waiting...
Tue Jun 02 20:16:21 2015 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25344
Tue Jun 02 20:16:21 2015 MANAGEMENT: CMD 'state on'
Tue Jun 02 20:16:21 2015 MANAGEMENT: CMD 'log all on'
Tue Jun 02 20:16:21 2015 MANAGEMENT: CMD 'hold off'
Tue Jun 02 20:16:21 2015 MANAGEMENT: CMD 'hold release'
Tue Jun 02 20:16:26 2015 MANAGEMENT: CMD 'password [...]'
Tue Jun 02 20:16:26 2015 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Tue Jun 02 20:16:26 2015 WARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 1400)
Tue Jun 02 20:16:26 2015 Socket Buffers: R=[8192->8192] S=[8192->8192]
Tue Jun 02 20:16:26 2015 UDPv4 link local: [undef]
Tue Jun 02 20:16:26 2015 UDPv4 link remote: [AF_INET]169.254.139.100:1194
Tue Jun 02 20:16:26 2015 MANAGEMENT: >STATE:1433301386,WAIT,,,
Tue Jun 02 20:16:26 2015 MANAGEMENT: >STATE:1433301386,AUTH,,,
Tue Jun 02 20:16:26 2015 TLS: Initial packet from [AF_INET]169.254.139.100:1194, sid=01a2c77a d20c146c
Tue Jun 02 20:16:26 2015 VERIFY OK: depth=1, C=DE, O=pa sandre, CN=pa sandre CA
Tue Jun 02 20:16:26 2015 VERIFY OK: nsCertType=SERVER
Tue Jun 02 20:16:26 2015 VERIFY OK: depth=0, C=DE, O=pa sandre, CN=192.168.1.100
Tue Jun 02 20:16:26 2015 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1442', remote='link-mtu 1441'
Tue Jun 02 20:16:26 2015 WARNING: 'comp-lzo' is present in local config but missing in remote config, local='comp-lzo'
Tue Jun 02 20:16:26 2015 Data Channel Encrypt: Cipher 'RC2-CBC' initialized with 128 bit key
Tue Jun 02 20:16:26 2015 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jun 02 20:16:26 2015 Data Channel Decrypt: Cipher 'RC2-CBC' initialized with 128 bit key
Tue Jun 02 20:16:26 2015 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jun 02 20:16:26 2015 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Tue Jun 02 20:16:26 2015 [192.168.1.100] Peer Connection Initiated with [AF_INET]169.254.139.100:1194
Tue Jun 02 20:16:27 2015 MANAGEMENT: >STATE:1433301387,GET_CONFIG,,,
Tue Jun 02 20:16:28 2015 SENT CONTROL [192.168.1.100]: 'PUSH_REQUEST' (status=1)
Tue Jun 02 20:16:28 2015 PUSH: Received control message: 'PUSH_REPLY,route 192.168.1.0 255.255.255.0,redirect-gateway def1,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route 10.96.214.0 255.255.255.0,topology net30,ping 10,ping-restart 60,ifconfig 10.96.214.6 10.96.214.5'
Tue Jun 02 20:16:28 2015 OPTIONS IMPORT: timers and/or timeouts modified
Tue Jun 02 20:16:28 2015 OPTIONS IMPORT: --ifconfig/up options modified
Tue Jun 02 20:16:28 2015 OPTIONS IMPORT: route options modified
Tue Jun 02 20:16:28 2015 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Tue Jun 02 20:16:28 2015 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Tue Jun 02 20:16:28 2015 MANAGEMENT: >STATE:1433301388,ASSIGN_IP,,10.96.214.6,
Tue Jun 02 20:16:28 2015 open_tun, tt->ipv6=0
Tue Jun 02 20:16:28 2015 TAP-WIN32 device [Local Area Connection 3] opened: \\.\Global\{B49819C7-1BBA-432B-9884-246FEA0FCFEC}.tap
Tue Jun 02 20:16:28 2015 TAP-Windows Driver Version 9.21
Tue Jun 02 20:16:28 2015 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.96.214.6/255.255.255.252 on interface {B49819C7-1BBA-432B-9884-246FEA0FCFEC} [DHCP-serv: 10.96.214.5, lease-time: 31536000]
Tue Jun 02 20:16:28 2015 Successful ARP Flush on interface [16] {B49819C7-1BBA-432B-9884-246FEA0FCFEC}
Tue Jun 02 20:16:33 2015 TEST ROUTES: 3/3 succeeded len=2 ret=1 a=0 u/d=up
Tue Jun 02 20:16:33 2015 NOTE: unable to redirect default gateway -- Cannot read current default gateway from system
Tue Jun 02 20:16:33 2015 MANAGEMENT: >STATE:1433301393,ADD_ROUTES,,,
Tue Jun 02 20:16:33 2015 C:\Windows\system32\route.exe ADD 192.168.1.0 MASK 255.255.255.0 10.96.214.5
Tue Jun 02 20:16:33 2015 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
Tue Jun 02 20:16:33 2015 Route addition via IPAPI succeeded [adaptive]
Tue Jun 02 20:16:33 2015 C:\Windows\system32\route.exe ADD 10.96.214.0 MASK 255.255.255.0 10.96.214.5
Tue Jun 02 20:16:33 2015 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
Tue Jun 02 20:16:33 2015 Route addition via IPAPI succeeded [adaptive]
Tue Jun 02 20:16:33 2015 Initialization Sequence Completed
Tue Jun 02 20:16:33 2015 MANAGEMENT: >STATE:1433301393,CONNECTED,SUCCESS,10.96.214.6,169.254.139.100
Tue Jun 02 20:17:28 2015 [192.168.1.100] Inactivity timeout (--ping-restart), restarting
Tue Jun 02 20:17:28 2015 C:\Windows\system32\route.exe DELETE 10.96.214.0 MASK 255.255.255.0 10.96.214.5
Tue Jun 02 20:17:28 2015 Route deletion via IPAPI succeeded [adaptive]
Tue Jun 02 20:17:28 2015 C:\Windows\system32\route.exe DELETE 192.168.1.0 MASK 255.255.255.0 10.96.214.5
Tue Jun 02 20:17:28 2015 Route deletion via IPAPI succeeded [adaptive]
Tue Jun 02 20:17:28 2015 Closing TUN/TAP interface
Tue Jun 02 20:17:28 2015 SIGUSR1[soft,ping-restart] received, process restarting
Tue Jun 02 20:17:28 2015 MANAGEMENT: >STATE:1433301448,RECONNECTING,ping-restart,,
Tue Jun 02 20:17:28 2015 Restart pause, 2 second(s)
Tue Jun 02 20:17:30 2015 WARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 1400)
Tue Jun 02 20:17:30 2015 Socket Buffers: R=[8192->8192] S=[8192->8192]
Tue Jun 02 20:17:30 2015 UDPv4 link local: [undef]
Tue Jun 02 20:17:30 2015 UDPv4 link remote: [AF_INET]169.254.139.100:1194
Tue Jun 02 20:17:30 2015 MANAGEMENT: >STATE:1433301450,WAIT,,,
Tue Jun 02 20:17:30 2015 MANAGEMENT: >STATE:1433301450,AUTH,,,
Tue Jun 02 20:17:30 2015 TLS: Initial packet from [AF_INET]169.254.139.100:1194, sid=a7ec56fb da8990d9
Tue Jun 02 20:17:30 2015 VERIFY OK: depth=1, C=DE, O=pa sandre, CN=pa sandre CA
Tue Jun 02 20:17:30 2015 VERIFY OK: nsCertType=SERVER
Tue Jun 02 20:17:30 2015 VERIFY OK: depth=0, C=DE, O=pa sandre, CN=192.168.1.100
Tue Jun 02 20:17:30 2015 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1442', remote='link-mtu 1441'
Tue Jun 02 20:17:30 2015 WARNING: 'comp-lzo' is present in local config but missing in remote config, local='comp-lzo'
Tue Jun 02 20:17:30 2015 Data Channel Encrypt: Cipher 'RC2-CBC' initialized with 128 bit key
Tue Jun 02 20:17:30 2015 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jun 02 20:17:30 2015 Data Channel Decrypt: Cipher 'RC2-CBC' initialized with 128 bit key
Tue Jun 02 20:17:30 2015 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jun 02 20:17:30 2015 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Tue Jun 02 20:17:30 2015 [192.168.1.100] Peer Connection Initiated with [AF_INET]169.254.139.100:1194
Tue Jun 02 20:17:32 2015 MANAGEMENT: >STATE:1433301452,GET_CONFIG,,,
Tue Jun 02 20:17:33 2015 SENT CONTROL [192.168.1.100]: 'PUSH_REQUEST' (status=1)
Tue Jun 02 20:17:33 2015 PUSH: Received control message: 'PUSH_REPLY,route 192.168.1.0 255.255.255.0,redirect-gateway def1,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route 10.96.214.0 255.255.255.0,topology net30,ping 10,ping-restart 60,ifconfig 10.96.214.6 10.96.214.5'
Tue Jun 02 20:17:33 2015 OPTIONS IMPORT: timers and/or timeouts modified
Tue Jun 02 20:17:33 2015 OPTIONS IMPORT: --ifconfig/up options modified
Tue Jun 02 20:17:33 2015 OPTIONS IMPORT: route options modified
Tue Jun 02 20:17:33 2015 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Tue Jun 02 20:17:33 2015 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Tue Jun 02 20:17:33 2015 MANAGEMENT: >STATE:1433301453,ASSIGN_IP,,10.96.214.6,
Tue Jun 02 20:17:33 2015 open_tun, tt->ipv6=0
Tue Jun 02 20:17:33 2015 TAP-WIN32 device [Local Area Connection 3] opened: \\.\Global\{B49819C7-1BBA-432B-9884-246FEA0FCFEC}.tap
Tue Jun 02 20:17:33 2015 TAP-Windows Driver Version 9.21
Tue Jun 02 20:17:33 2015 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.96.214.6/255.255.255.252 on interface {B49819C7-1BBA-432B-9884-246FEA0FCFEC} [DHCP-serv: 10.96.214.5, lease-time: 31536000]
Tue Jun 02 20:17:33 2015 Successful ARP Flush on interface [16] {B49819C7-1BBA-432B-9884-246FEA0FCFEC}
Tue Jun 02 20:17:38 2015 TEST ROUTES: 3/3 succeeded len=2 ret=1 a=0 u/d=up
Tue Jun 02 20:17:38 2015 NOTE: unable to redirect default gateway -- Cannot read current default gateway from system
Tue Jun 02 20:17:38 2015 MANAGEMENT: >STATE:1433301458,ADD_ROUTES,,,
Tue Jun 02 20:17:38 2015 C:\Windows\system32\route.exe ADD 192.168.1.0 MASK 255.255.255.0 10.96.214.5
Tue Jun 02 20:17:38 2015 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
Tue Jun 02 20:17:38 2015 Route addition via IPAPI succeeded [adaptive]
Tue Jun 02 20:17:38 2015 C:\Windows\system32\route.exe ADD 10.96.214.0 MASK 255.255.255.0 10.96.214.5
Tue Jun 02 20:17:38 2015 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
Tue Jun 02 20:17:38 2015 Route addition via IPAPI succeeded [adaptive]
Tue Jun 02 20:17:38 2015 Initialization Sequence Completed
Tue Jun 02 20:17:38 2015 MANAGEMENT: >STATE:1433301458,CONNECTED,SUCCESS,10.96.214.6,169.254.139.100
Tue Jun 02 20:18:33 2015 [192.168.1.100] Inactivity timeout (--ping-restart), restarting
Tue Jun 02 20:18:33 2015 C:\Windows\system32\route.exe DELETE 10.96.214.0 MASK 255.255.255.0 10.96.214.5
Tue Jun 02 20:18:33 2015 Route deletion via IPAPI succeeded [adaptive]
Tue Jun 02 20:18:33 2015 C:\Windows\system32\route.exe DELETE 192.168.1.0 MASK 255.255.255.0 10.96.214.5
Tue Jun 02 20:18:33 2015 Route deletion via IPAPI succeeded [adaptive]
Tue Jun 02 20:18:33 2015 Closing TUN/TAP interface
Tue Jun 02 20:18:33 2015 SIGUSR1[soft,ping-restart] received, process restarting
Tue Jun 02 20:18:33 2015 MANAGEMENT: >STATE:1433301513,RECONNECTING,ping-restart,,
Tue Jun 02 20:18:33 2015 Restart pause, 2 second(s)
Tue Jun 02 20:18:35 2015 WARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 1400)
Tue Jun 02 20:18:35 2015 Socket Buffers: R=[8192->8192] S=[8192->8192]
Tue Jun 02 20:18:35 2015 UDPv4 link local: [undef]
Tue Jun 02 20:18:35 2015 UDPv4 link remote: [AF_INET]169.254.139.100:1194
Tue Jun 02 20:18:35 2015 MANAGEMENT: >STATE:1433301515,WAIT,,,
Tue Jun 02 20:18:35 2015 MANAGEMENT: >STATE:1433301515,AUTH,,,
Tue Jun 02 20:18:35 2015 TLS: Initial packet from [AF_INET]169.254.139.100:1194, sid=29b0c4eb 31f60825
Tue Jun 02 20:18:35 2015 VERIFY OK: depth=1, C=DE, O=pa sandre, CN=pa sandre CA
Tue Jun 02 20:18:35 2015 VERIFY OK: nsCertType=SERVER
Tue Jun 02 20:18:35 2015 VERIFY OK: depth=0, C=DE, O=pa sandre, CN=192.168.1.100
Tue Jun 02 20:18:35 2015 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1442', remote='link-mtu 1441'
Tue Jun 02 20:18:35 2015 WARNING: 'comp-lzo' is present in local config but missing in remote config, local='comp-lzo'
Tue Jun 02 20:18:35 2015 Data Channel Encrypt: Cipher 'RC2-CBC' initialized with 128 bit key
Tue Jun 02 20:18:35 2015 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jun 02 20:18:35 2015 Data Channel Decrypt: Cipher 'RC2-CBC' initialized with 128 bit key
Tue Jun 02 20:18:35 2015 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jun 02 20:18:35 2015 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Tue Jun 02 20:18:35 2015 [192.168.1.100] Peer Connection Initiated with [AF_INET]169.254.139.100:1194
Tue Jun 02 20:18:36 2015 MANAGEMENT: >STATE:1433301516,GET_CONFIG,,,
Tue Jun 02 20:18:38 2015 SENT CONTROL [192.168.1.100]: 'PUSH_REQUEST' (status=1)
Tue Jun 02 20:18:38 2015 PUSH: Received control message: 'PUSH_REPLY,route 192.168.1.0 255.255.255.0,redirect-gateway def1,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route 10.96.214.0 255.255.255.0,topology net30,ping 10,ping-restart 60,ifconfig 10.96.214.6 10.96.214.5'
Tue Jun 02 20:18:38 2015 OPTIONS IMPORT: timers and/or timeouts modified
Tue Jun 02 20:18:38 2015 OPTIONS IMPORT: --ifconfig/up options modified
Tue Jun 02 20:18:38 2015 OPTIONS IMPORT: route options modified
Tue Jun 02 20:18:38 2015 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Tue Jun 02 20:18:38 2015 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Tue Jun 02 20:18:38 2015 MANAGEMENT: >STATE:1433301518,ASSIGN_IP,,10.96.214.6,