Destination Host Unreachable

[danbo]

i'm trying to connect to a company net with a client.ovpn that works on Windows systems but not in Ubuntu (12.04).
I normally use Windows to connect the company VPN, but now I need to use Ubuntu

note: i can just operate client side (and i don't know server side settings), i've just the client.ovpn (with certificates) to connect

after running the "sudo openvpn client.ovpn"
- the client connect ("Initialization Sequence Complete")
- the traffic (on tun0) flows
- whatismyip gives me the right IP (IP of the server)

BUT when i try to ping the address I need through the tunnel i have this (example):
PING 192.168.1.251 (192.168.1.251) 56(84) bytes of data.
From 192.168.1.17 icmp_seq=1 Destination Host Unreachable
From 192.168.1.17 icmp_seq=2 Destination Host Unreachable
From 192.168.1.17 icmp_seq=3 Destination Host Unreachable

with Windows this is just fine, and I can reach to the address I need, with the same client.ovpn

trying to solve this i looked into the forum and man for:
- iptables (disabling it)
- ip forwarding (enabling it)
- dns with update-resolv.conf (messing it:)

before posting pages and pages of verbose terminal lines...
I'm missing something?
does someone have any idea?

thank you in advance

[Traffic]

I normally use Windows to connect the company VPN, but now I need to use Ubuntu

You would be better off asking the network admins at the Company ..

BUT when i try to ping the address I need through the tunnel i have this (example):
PING 192.168.1.251 (192.168.1.251) 56(84) bytes of data.
From 192.168.1.17 icmp_seq=1 Destination Host Unreachable

This suggests 192.168.1.251 has been turned off.

[danbo]

thank you for your reply

I've asked the adimns too, indeed, but we can't sort it out.
It seems to be a Linux related problem, because we tried to connect with a Windows notebook from the same place (and same router), and the connection works, so I'm sure 192.168.1.251 is not turned off.
the company solution is to use Windows, but it's a problem to me.

I spent hours googling about this issue, but I can't find a solution...

[danbo]

thank you for your reply

we assume it's a Linux related problem because I can connect with a Windows notebook from the same place (and same router), so the host is surely not turned off.
I spent hours googlin' trying to find a solution, but no way to make it work...

I can post some log if useful.

thank you!

[Traffic]

I can post some log if useful

You could .. but server config is more important.

Please see the Forum rules (top of page)

[danbo]

Code: Select all

sudo openvpn client.ovpn
[sudo] password for danilo: 
Tue Sep 22 22:07:56 2015 us=759793 Current Parameter Settings:
Tue Sep 22 22:07:56 2015 us=759990   config = 'client.ovpn'
Tue Sep 22 22:07:56 2015 us=760093   mode = 0
Tue Sep 22 22:07:56 2015 us=760130   persist_config = DISABLED
Tue Sep 22 22:07:56 2015 us=760168   persist_mode = 1
Tue Sep 22 22:07:56 2015 us=760222   show_ciphers = DISABLED
Tue Sep 22 22:07:56 2015 us=760277   show_digests = DISABLED
Tue Sep 22 22:07:56 2015 us=760328   show_engines = DISABLED
Tue Sep 22 22:07:56 2015 us=760365   genkey = DISABLED
Tue Sep 22 22:07:56 2015 us=760418   key_pass_file = '[UNDEF]'
Tue Sep 22 22:07:56 2015 us=760471   show_tls_ciphers = DISABLED
Tue Sep 22 22:07:56 2015 us=760519 Connection profiles [default]:
Tue Sep 22 22:07:56 2015 us=760561   proto = udp
Tue Sep 22 22:07:56 2015 us=760601   local = '[UNDEF]'
Tue Sep 22 22:07:56 2015 us=760641   local_port = 0
Tue Sep 22 22:07:56 2015 us=760680   remote = '188.15.62.196'
Tue Sep 22 22:07:56 2015 us=760723   remote_port = 1194
Tue Sep 22 22:07:56 2015 us=760761   remote_float = DISABLED
Tue Sep 22 22:07:56 2015 us=760796   bind_defined = DISABLED
Tue Sep 22 22:07:56 2015 us=760835   bind_local = DISABLED
Tue Sep 22 22:07:56 2015 us=760876   connect_retry_seconds = 5
Tue Sep 22 22:07:56 2015 us=760917   connect_timeout = 10
Tue Sep 22 22:07:56 2015 us=760957   connect_retry_max = 0
Tue Sep 22 22:07:56 2015 us=761000   socks_proxy_server = '[UNDEF]'
Tue Sep 22 22:07:56 2015 us=761037   socks_proxy_port = 0
Tue Sep 22 22:07:56 2015 us=761072   socks_proxy_retry = DISABLED
Tue Sep 22 22:07:56 2015 us=761113 Connection profiles END
Tue Sep 22 22:07:56 2015 us=761157   remote_random = DISABLED
Tue Sep 22 22:07:56 2015 us=761195   ipchange = '[UNDEF]'
Tue Sep 22 22:07:56 2015 us=761238   dev = 'tun'
Tue Sep 22 22:07:56 2015 us=761274   dev_type = 'tun'
Tue Sep 22 22:07:56 2015 us=761313   dev_node = '[UNDEF]'
Tue Sep 22 22:07:56 2015 us=761354   lladdr = '[UNDEF]'
Tue Sep 22 22:07:56 2015 us=761393   topology = 1
Tue Sep 22 22:07:56 2015 us=761435   tun_ipv6 = DISABLED
Tue Sep 22 22:07:56 2015 us=761476   ifconfig_local = '[UNDEF]'
Tue Sep 22 22:07:56 2015 us=761519   ifconfig_remote_netmask = '[UNDEF]'
Tue Sep 22 22:07:56 2015 us=761558   ifconfig_noexec = DISABLED
Tue Sep 22 22:07:56 2015 us=761600   ifconfig_nowarn = DISABLED
Tue Sep 22 22:07:56 2015 us=761640   ifconfig_ipv6_local = '[UNDEF]'
Tue Sep 22 22:07:56 2015 us=761682   ifconfig_ipv6_netbits = 0
Tue Sep 22 22:07:56 2015 us=761719   ifconfig_ipv6_remote = '[UNDEF]'
Tue Sep 22 22:07:56 2015 us=761758   shaper = 0
Tue Sep 22 22:07:56 2015 us=761800   tun_mtu = 1500
Tue Sep 22 22:07:56 2015 us=761838   tun_mtu_defined = ENABLED
Tue Sep 22 22:07:56 2015 us=761880   link_mtu = 1500
Tue Sep 22 22:07:56 2015 us=761916   link_mtu_defined = DISABLED
Tue Sep 22 22:07:56 2015 us=761955   tun_mtu_extra = 0
Tue Sep 22 22:07:56 2015 us=761990   tun_mtu_extra_defined = DISABLED
Tue Sep 22 22:07:56 2015 us=762029   fragment = 0
Tue Sep 22 22:07:56 2015 us=762071   mtu_discover_type = -1
Tue Sep 22 22:07:56 2015 us=762114   mtu_test = 0
Tue Sep 22 22:07:56 2015 us=762153   mlock = DISABLED
Tue Sep 22 22:07:56 2015 us=762194   keepalive_ping = 0
Tue Sep 22 22:07:56 2015 us=762233   keepalive_timeout = 0
Tue Sep 22 22:07:56 2015 us=762275   inactivity_timeout = 0
Tue Sep 22 22:07:56 2015 us=762313   ping_send_timeout = 0
Tue Sep 22 22:07:56 2015 us=762351   ping_rec_timeout = 0
Tue Sep 22 22:07:56 2015 us=762397   ping_rec_timeout_action = 0
Tue Sep 22 22:07:56 2015 us=762439   ping_timer_remote = DISABLED
Tue Sep 22 22:07:56 2015 us=762482   remap_sigusr1 = 0
Tue Sep 22 22:07:56 2015 us=762520   explicit_exit_notification = 0
Tue Sep 22 22:07:56 2015 us=762564   persist_tun = DISABLED
Tue Sep 22 22:07:56 2015 us=762605   persist_local_ip = DISABLED
Tue Sep 22 22:07:56 2015 us=762643   persist_remote_ip = DISABLED
Tue Sep 22 22:07:56 2015 us=762685   persist_key = DISABLED
Tue Sep 22 22:07:56 2015 us=762724   mssfix = 1450
Tue Sep 22 22:07:56 2015 us=762766   passtos = DISABLED
Tue Sep 22 22:07:56 2015 us=762805   resolve_retry_seconds = 1000000000
Tue Sep 22 22:07:56 2015 us=762840   username = '[UNDEF]'
Tue Sep 22 22:07:56 2015 us=762872   groupname = '[UNDEF]'
Tue Sep 22 22:07:56 2015 us=762905   chroot_dir = '[UNDEF]'
Tue Sep 22 22:07:56 2015 us=762938   cd_dir = '[UNDEF]'
Tue Sep 22 22:07:56 2015 us=762971   writepid = '[UNDEF]'
Tue Sep 22 22:07:56 2015 us=763005   up_script = '/etc/openvpn/update-resolv-conf'
Tue Sep 22 22:07:56 2015 us=763039   down_script = '/etc/openvpn/update-resolv-conf'
Tue Sep 22 22:07:56 2015 us=763073   down_pre = DISABLED
Tue Sep 22 22:07:56 2015 us=763105   up_restart = DISABLED
Tue Sep 22 22:07:56 2015 us=763138   up_delay = DISABLED
Tue Sep 22 22:07:56 2015 us=763171   daemon = DISABLED
Tue Sep 22 22:07:56 2015 us=763204   inetd = 0
Tue Sep 22 22:07:56 2015 us=763237   log = DISABLED
Tue Sep 22 22:07:56 2015 us=763271   suppress_timestamps = DISABLED
Tue Sep 22 22:07:56 2015 us=763307   nice = 0
Tue Sep 22 22:07:56 2015 us=763340   verbosity = 5
Tue Sep 22 22:07:56 2015 us=763373   mute = 0
Tue Sep 22 22:07:56 2015 us=763405   gremlin = 0
Tue Sep 22 22:07:56 2015 us=763438   status_file = '[UNDEF]'
Tue Sep 22 22:07:56 2015 us=763471   status_file_version = 1
Tue Sep 22 22:07:56 2015 us=763505   status_file_update_freq = 60
Tue Sep 22 22:07:56 2015 us=763560   occ = ENABLED
Tue Sep 22 22:07:56 2015 us=763596   rcvbuf = 100000
Tue Sep 22 22:07:56 2015 us=763629   sndbuf = 100000
Tue Sep 22 22:07:56 2015 us=763661   sockflags = 0
Tue Sep 22 22:07:56 2015 us=763694   fast_io = DISABLED
Tue Sep 22 22:07:56 2015 us=763728   lzo = 1
Tue Sep 22 22:07:56 2015 us=763760   route_script = '[UNDEF]'
Tue Sep 22 22:07:56 2015 us=763794   route_default_gateway = '[UNDEF]'
Tue Sep 22 22:07:56 2015 us=763827   route_default_metric = 0
Tue Sep 22 22:07:56 2015 us=763860   route_noexec = DISABLED
Tue Sep 22 22:07:56 2015 us=763893   route_delay = 0
Tue Sep 22 22:07:56 2015 us=763926   route_delay_window = 30
Tue Sep 22 22:07:56 2015 us=763959   route_delay_defined = DISABLED
Tue Sep 22 22:07:56 2015 us=763993   route_nopull = DISABLED
Tue Sep 22 22:07:56 2015 us=764026   route_gateway_via_dhcp = DISABLED
Tue Sep 22 22:07:56 2015 us=764060   max_routes = 100
Tue Sep 22 22:07:56 2015 us=764093   allow_pull_fqdn = DISABLED
Tue Sep 22 22:07:56 2015 us=764127   management_addr = '[UNDEF]'
Tue Sep 22 22:07:56 2015 us=764160   management_port = 0
Tue Sep 22 22:07:56 2015 us=764193   management_user_pass = '[UNDEF]'
Tue Sep 22 22:07:56 2015 us=764227   management_log_history_cache = 250
Tue Sep 22 22:07:56 2015 us=764260   management_echo_buffer_size = 100
Tue Sep 22 22:07:56 2015 us=764294   management_write_peer_info_file = '[UNDEF]'
Tue Sep 22 22:07:56 2015 us=764328   management_client_user = '[UNDEF]'
Tue Sep 22 22:07:56 2015 us=764362   management_client_group = '[UNDEF]'
Tue Sep 22 22:07:56 2015 us=764395   management_flags = 0
Tue Sep 22 22:07:56 2015 us=764429   shared_secret_file = '[UNDEF]'
Tue Sep 22 22:07:56 2015 us=764463   key_direction = 2
Tue Sep 22 22:07:56 2015 us=764496   ciphername_defined = ENABLED
Tue Sep 22 22:07:56 2015 us=764529   ciphername = 'BF-CBC'
Tue Sep 22 22:07:56 2015 us=764562   authname_defined = ENABLED
Tue Sep 22 22:07:56 2015 us=764596   authname = 'SHA1'
Tue Sep 22 22:07:56 2015 us=764629   prng_hash = 'SHA1'
Tue Sep 22 22:07:56 2015 us=764662   prng_nonce_secret_len = 16
Tue Sep 22 22:07:56 2015 us=764695   keysize = 0
Tue Sep 22 22:07:56 2015 us=764728   engine = DISABLED
Tue Sep 22 22:07:56 2015 us=764761   replay = ENABLED
Tue Sep 22 22:07:56 2015 us=764795   mute_replay_warnings = DISABLED
Tue Sep 22 22:07:56 2015 us=764828   replay_window = 64
Tue Sep 22 22:07:56 2015 us=764861   replay_time = 15
Tue Sep 22 22:07:56 2015 us=764893   packet_id_file = '[UNDEF]'
Tue Sep 22 22:07:56 2015 us=764926   use_iv = ENABLED
Tue Sep 22 22:07:56 2015 us=764959   test_crypto = DISABLED
Tue Sep 22 22:07:56 2015 us=764994   tls_server = DISABLED
Tue Sep 22 22:07:56 2015 us=765027   tls_client = ENABLED
Tue Sep 22 22:07:56 2015 us=765061   key_method = 2
Tue Sep 22 22:07:56 2015 us=765093   ca_file = '[[INLINE]]'
Tue Sep 22 22:07:56 2015 us=765125   ca_path = '[UNDEF]'
Tue Sep 22 22:07:56 2015 us=765157   dh_file = '[UNDEF]'
Tue Sep 22 22:07:56 2015 us=765189   cert_file = '[[INLINE]]'
Tue Sep 22 22:07:56 2015 us=765223   priv_key_file = '[[INLINE]]'
Tue Sep 22 22:07:56 2015 us=765255   pkcs12_file = '[UNDEF]'
Tue Sep 22 22:07:56 2015 us=765287   cipher_list = '[UNDEF]'
Tue Sep 22 22:07:56 2015 us=765319   tls_verify = '[UNDEF]'
Tue Sep 22 22:07:56 2015 us=765352   tls_export_cert = '[UNDEF]'
Tue Sep 22 22:07:56 2015 us=765384   tls_remote = '[UNDEF]'
Tue Sep 22 22:07:56 2015 us=765416   crl_file = '[UNDEF]'
Tue Sep 22 22:07:56 2015 us=765449   ns_cert_type = 64
Tue Sep 22 22:07:56 2015 us=765481   remote_cert_ku[i] = 0
Tue Sep 22 22:07:56 2015 us=765513   remote_cert_ku[i] = 0
Tue Sep 22 22:07:56 2015 us=765545   remote_cert_ku[i] = 0
Tue Sep 22 22:07:56 2015 us=765577   remote_cert_ku[i] = 0
Tue Sep 22 22:07:56 2015 us=765609   remote_cert_ku[i] = 0
Tue Sep 22 22:07:56 2015 us=765641   remote_cert_ku[i] = 0
Tue Sep 22 22:07:56 2015 us=765673   remote_cert_ku[i] = 0
Tue Sep 22 22:07:56 2015 us=765704   remote_cert_ku[i] = 0
Tue Sep 22 22:07:56 2015 us=765737   remote_cert_ku[i] = 0
Tue Sep 22 22:07:56 2015 us=765768   remote_cert_ku[i] = 0
Tue Sep 22 22:07:56 2015 us=765800   remote_cert_ku[i] = 0
Tue Sep 22 22:07:56 2015 us=765832   remote_cert_ku[i] = 0
Tue Sep 22 22:07:56 2015 us=765865   remote_cert_ku[i] = 0
Tue Sep 22 22:07:56 2015 us=765897   remote_cert_ku[i] = 0
Tue Sep 22 22:07:56 2015 us=765929   remote_cert_ku[i] = 0
Tue Sep 22 22:07:56 2015 us=765961   remote_cert_ku[i] = 0
Tue Sep 22 22:07:56 2015 us=765993   remote_cert_eku = '[UNDEF]'
Tue Sep 22 22:07:56 2015 us=766026   tls_timeout = 2
Tue Sep 22 22:07:56 2015 us=766058   renegotiate_bytes = 0
Tue Sep 22 22:07:56 2015 us=766089   renegotiate_packets = 0
Tue Sep 22 22:07:56 2015 us=766122   renegotiate_seconds = 604800
Tue Sep 22 22:07:56 2015 us=766154   handshake_window = 60
Tue Sep 22 22:07:56 2015 us=766187   transition_window = 3600
Tue Sep 22 22:07:56 2015 us=766219   single_session = DISABLED
Tue Sep 22 22:07:56 2015 us=766251   push_peer_info = DISABLED
Tue Sep 22 22:07:56 2015 us=766284   tls_exit = DISABLED
Tue Sep 22 22:07:56 2015 us=766316   tls_auth_file = '[[INLINE]]'
Tue Sep 22 22:07:56 2015 us=766349   pkcs11_protected_authentication = DISABLED
Tue Sep 22 22:07:56 2015 us=766383   pkcs11_protected_authentication = DISABLED
Tue Sep 22 22:07:56 2015 us=766417   pkcs11_protected_authentication = DISABLED
Tue Sep 22 22:07:56 2015 us=766449   pkcs11_protected_authentication = DISABLED
Tue Sep 22 22:07:56 2015 us=766482   pkcs11_protected_authentication = DISABLED
Tue Sep 22 22:07:56 2015 us=766515   pkcs11_protected_authentication = DISABLED
Tue Sep 22 22:07:56 2015 us=766548   pkcs11_protected_authentication = DISABLED
Tue Sep 22 22:07:56 2015 us=766581   pkcs11_protected_authentication = DISABLED
Tue Sep 22 22:07:56 2015 us=766614   pkcs11_protected_authentication = DISABLED
Tue Sep 22 22:07:56 2015 us=766647   pkcs11_protected_authentication = DISABLED
Tue Sep 22 22:07:56 2015 us=766682   pkcs11_protected_authentication = DISABLED
Tue Sep 22 22:07:56 2015 us=766715   pkcs11_protected_authentication = DISABLED
Tue Sep 22 22:07:56 2015 us=766747   pkcs11_protected_authentication = DISABLED
Tue Sep 22 22:07:56 2015 us=766781   pkcs11_protected_authentication = DISABLED
Tue Sep 22 22:07:56 2015 us=766814   pkcs11_protected_authentication = DISABLED
Tue Sep 22 22:07:56 2015 us=766846   pkcs11_protected_authentication = DISABLED
Tue Sep 22 22:07:56 2015 us=766881   pkcs11_private_mode = 00000000
Tue Sep 22 22:07:56 2015 us=766915   pkcs11_private_mode = 00000000
Tue Sep 22 22:07:56 2015 us=766948   pkcs11_private_mode = 00000000
Tue Sep 22 22:07:56 2015 us=766981   pkcs11_private_mode = 00000000
Tue Sep 22 22:07:56 2015 us=767014   pkcs11_private_mode = 00000000
Tue Sep 22 22:07:56 2015 us=767046   pkcs11_private_mode = 00000000
Tue Sep 22 22:07:56 2015 us=767079   pkcs11_private_mode = 00000000
Tue Sep 22 22:07:56 2015 us=767112   pkcs11_private_mode = 00000000
Tue Sep 22 22:07:56 2015 us=767144   pkcs11_private_mode = 00000000
Tue Sep 22 22:07:56 2015 us=767177   pkcs11_private_mode = 00000000
Tue Sep 22 22:07:56 2015 us=767210   pkcs11_private_mode = 00000000
Tue Sep 22 22:07:56 2015 us=767242   pkcs11_private_mode = 00000000
Tue Sep 22 22:07:56 2015 us=767275   pkcs11_private_mode = 00000000
Tue Sep 22 22:07:56 2015 us=767308   pkcs11_private_mode = 00000000
Tue Sep 22 22:07:56 2015 us=767340   pkcs11_private_mode = 00000000
Tue Sep 22 22:07:56 2015 us=767373   pkcs11_private_mode = 00000000
Tue Sep 22 22:07:56 2015 us=767406   pkcs11_cert_private = DISABLED
Tue Sep 22 22:07:56 2015 us=767438   pkcs11_cert_private = DISABLED
Tue Sep 22 22:07:56 2015 us=767471   pkcs11_cert_private = DISABLED
Tue Sep 22 22:07:56 2015 us=767504   pkcs11_cert_private = DISABLED
Tue Sep 22 22:07:56 2015 us=767563   pkcs11_cert_private = DISABLED
Tue Sep 22 22:07:56 2015 us=767599   pkcs11_cert_private = DISABLED
Tue Sep 22 22:07:56 2015 us=767632   pkcs11_cert_private = DISABLED
Tue Sep 22 22:07:56 2015 us=767664   pkcs11_cert_private = DISABLED
Tue Sep 22 22:07:56 2015 us=767697   pkcs11_cert_private = DISABLED
Tue Sep 22 22:07:56 2015 us=767730   pkcs11_cert_private = DISABLED
Tue Sep 22 22:07:56 2015 us=767763   pkcs11_cert_private = DISABLED
Tue Sep 22 22:07:56 2015 us=767797   pkcs11_cert_private = DISABLED
Tue Sep 22 22:07:56 2015 us=767830   pkcs11_cert_private = DISABLED
Tue Sep 22 22:07:56 2015 us=767863   pkcs11_cert_private = DISABLED
Tue Sep 22 22:07:56 2015 us=767898   pkcs11_cert_private = DISABLED
Tue Sep 22 22:07:56 2015 us=767932   pkcs11_cert_private = DISABLED
Tue Sep 22 22:07:56 2015 us=767965   pkcs11_pin_cache_period = -1
Tue Sep 22 22:07:56 2015 us=767999   pkcs11_id = '[UNDEF]'
Tue Sep 22 22:07:56 2015 us=768032   pkcs11_id_management = DISABLED
Tue Sep 22 22:07:56 2015 us=768084   server_network = 0.0.0.0
Tue Sep 22 22:07:56 2015 us=768123   server_netmask = 0.0.0.0
Tue Sep 22 22:07:56 2015 us=768163   server_network_ipv6 = ::
Tue Sep 22 22:07:56 2015 us=768197   server_netbits_ipv6 = 0
Tue Sep 22 22:07:56 2015 us=768232   server_bridge_ip = 0.0.0.0
Tue Sep 22 22:07:56 2015 us=768269   server_bridge_netmask = 0.0.0.0
Tue Sep 22 22:07:56 2015 us=768304   server_bridge_pool_start = 0.0.0.0
Tue Sep 22 22:07:56 2015 us=768340   server_bridge_pool_end = 0.0.0.0
Tue Sep 22 22:07:56 2015 us=768374   ifconfig_pool_defined = DISABLED
Tue Sep 22 22:07:56 2015 us=768411   ifconfig_pool_start = 0.0.0.0
Tue Sep 22 22:07:56 2015 us=768447   ifconfig_pool_end = 0.0.0.0
Tue Sep 22 22:07:56 2015 us=771123   ifconfig_pool_netmask = 0.0.0.0
Tue Sep 22 22:07:56 2015 us=771190   ifconfig_pool_persist_filename = '[UNDEF]'
Tue Sep 22 22:07:56 2015 us=771227   ifconfig_pool_persist_refresh_freq = 600
Tue Sep 22 22:07:56 2015 us=771262   ifconfig_ipv6_pool_defined = DISABLED
Tue Sep 22 22:07:56 2015 us=771299   ifconfig_ipv6_pool_base = ::
Tue Sep 22 22:07:56 2015 us=771332   ifconfig_ipv6_pool_netbits = 0
Tue Sep 22 22:07:56 2015 us=771365   n_bcast_buf = 256
Tue Sep 22 22:07:56 2015 us=771399   tcp_queue_limit = 64
Tue Sep 22 22:07:56 2015 us=771431   real_hash_size = 256
Tue Sep 22 22:07:56 2015 us=771463   virtual_hash_size = 256
Tue Sep 22 22:07:56 2015 us=771496   client_connect_script = '[UNDEF]'
Tue Sep 22 22:07:56 2015 us=771574   learn_address_script = '[UNDEF]'
Tue Sep 22 22:07:56 2015 us=771611   client_disconnect_script = '[UNDEF]'
Tue Sep 22 22:07:56 2015 us=771644   client_config_dir = '[UNDEF]'
Tue Sep 22 22:07:56 2015 us=771677   ccd_exclusive = DISABLED
Tue Sep 22 22:07:56 2015 us=771710   tmp_dir = '/tmp'
Tue Sep 22 22:07:56 2015 us=771742   push_ifconfig_defined = DISABLED
Tue Sep 22 22:07:56 2015 us=771778   push_ifconfig_local = 0.0.0.0
Tue Sep 22 22:07:56 2015 us=771813   push_ifconfig_remote_netmask = 0.0.0.0
Tue Sep 22 22:07:56 2015 us=771846   push_ifconfig_ipv6_defined = DISABLED
Tue Sep 22 22:07:56 2015 us=771881   push_ifconfig_ipv6_local = ::/0
Tue Sep 22 22:07:56 2015 us=771916   push_ifconfig_ipv6_remote = ::
Tue Sep 22 22:07:56 2015 us=771950   enable_c2c = DISABLED
Tue Sep 22 22:07:56 2015 us=771983   duplicate_cn = DISABLED
Tue Sep 22 22:07:56 2015 us=772015   cf_max = 0
Tue Sep 22 22:07:56 2015 us=772047   cf_per = 0
Tue Sep 22 22:07:56 2015 us=772080   max_clients = 1024
Tue Sep 22 22:07:56 2015 us=772113   max_routes_per_client = 256
Tue Sep 22 22:07:56 2015 us=772146   auth_user_pass_verify_script = '[UNDEF]'
Tue Sep 22 22:07:56 2015 us=772180   auth_user_pass_verify_script_via_file = DISABLED
Tue Sep 22 22:07:56 2015 us=772214   ssl_flags = 0
Tue Sep 22 22:07:56 2015 us=772246   port_share_host = '[UNDEF]'
Tue Sep 22 22:07:56 2015 us=772279   port_share_port = 0
Tue Sep 22 22:07:56 2015 us=772312   client = ENABLED
Tue Sep 22 22:07:56 2015 us=772344   pull = ENABLED
Tue Sep 22 22:07:56 2015 us=772377   auth_user_pass_file = 'stdin'
Tue Sep 22 22:07:56 2015 us=772415 OpenVPN 2.2.1 x86_64-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Dec  1 2014
Enter Auth Username:xxxxxxxxxxxx
Enter Auth Password:
Tue Sep 22 22:08:17 2015 us=720705 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Tue Sep 22 22:08:17 2015 us=755618 Control Channel Authentication: tls-auth using INLINE static key file
Tue Sep 22 22:08:17 2015 us=764662 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Sep 22 22:08:17 2015 us=764737 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Sep 22 22:08:17 2015 us=764801 LZO compression initialized
Tue Sep 22 22:08:17 2015 us=764977 Control Channel MTU parms [ L:1542 D:166 EF:66 EB:0 ET:0 EL:0 ]
Tue Sep 22 22:08:17 2015 us=765067 Socket Buffers: R=[229376->200000] S=[229376->200000]
Tue Sep 22 22:08:17 2015 us=765117 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Tue Sep 22 22:08:17 2015 us=765181 Local Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client'
Tue Sep 22 22:08:17 2015 us=765204 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server'
Tue Sep 22 22:08:17 2015 us=765254 Local Options hash (VER=V4): '504e774e'
Tue Sep 22 22:08:17 2015 us=765291 Expected Remote Options hash (VER=V4): '14168603'
Tue Sep 22 22:08:17 2015 us=765326 UDPv4 link local: [undef]
Tue Sep 22 22:08:17 2015 us=765353 UDPv4 link remote: [AF_INET]xxx.xx.xx.xxx:1194
WRTue Sep 22 22:08:17 2015 us=815128 TLS: Initial packet from [AF_INET]xxx.xx.xx.xxx:1194, sid=cb10e1cd 1571780d
WTue Sep 22 22:08:17 2015 us=815337 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
WWWRRRWRWRWRWRWRWRWRWRWRTue Sep 22 22:08:17 2015 us=988108 VERIFY OK: depth=1, /CN=OpenVPN_CA
Tue Sep 22 22:08:17 2015 us=988468 VERIFY OK: nsCertType=SERVER
Tue Sep 22 22:08:17 2015 us=988495 VERIFY OK: depth=0, /CN=OpenVPN_Server
WRWRWRWRWRWWWWRWRWRWRWRWRWRWRWRWRRRRWRWRWRWRWRWRWWWWRRRRWRWRTue Sep 22 22:08:18 2015 us=371360 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Sep 22 22:08:18 2015 us=371417 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Sep 22 22:08:18 2015 us=371592 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Sep 22 22:08:18 2015 us=371626 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
WTue Sep 22 22:08:18 2015 us=371699 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Tue Sep 22 22:08:18 2015 us=371755 [OpenVPN_Server] Peer Connection Initiated with [AF_INET][i]xxx.xx.xx.xxx[/i]:1194
Tue Sep 22 22:08:20 2015 us=842471 SENT CONTROL [OpenVPN_Server]: 'PUSH_REQUEST' (status=1)
WRRWRWRWRWRTue Sep 22 22:08:20 2015 us=945169 PUSH: Received control message: 'PUSH_REPLY,explicit-exit-notify,topology subnet,route-delay 5 30,dhcp-pre-release,dhcp-renew,dhcp-release,route-metric 101,ping 5,ping-restart 40,redirect-gateway def1,redirect-gateway bypass-dhcp,redirect-gateway autolocal,route-gateway 5.5.0.1,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,register-dns,comp-lzo yes,ifconfig 5.5.2.123 255.255.240.0'
Tue Sep 22 22:08:20 2015 us=945307 Options error: Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:4: dhcp-pre-release (2.2.1)
Tue Sep 22 22:08:20 2015 us=945349 Options error: Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:5: dhcp-renew (2.2.1)
Tue Sep 22 22:08:20 2015 us=945395 Options error: Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:6: dhcp-release (2.2.1)
Tue Sep 22 22:08:20 2015 us=945550 Options error: Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:16: register-dns (2.2.1)
Tue Sep 22 22:08:20 2015 us=945605 OPTIONS IMPORT: timers and/or timeouts modified
Tue Sep 22 22:08:20 2015 us=945627 OPTIONS IMPORT: explicit notify parm(s) modified
Tue Sep 22 22:08:20 2015 us=945644 OPTIONS IMPORT: LZO parms modified
Tue Sep 22 22:08:20 2015 us=945661 OPTIONS IMPORT: --ifconfig/up options modified
Tue Sep 22 22:08:20 2015 us=945678 OPTIONS IMPORT: route options modified
Tue Sep 22 22:08:20 2015 us=945695 OPTIONS IMPORT: route-related options modified
Tue Sep 22 22:08:20 2015 us=945711 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Tue Sep 22 22:08:20 2015 us=946054 ROUTE default_gateway=192.168.1.1
Tue Sep 22 22:08:20 2015 us=947692 TUN/TAP device tun0 opened
Tue Sep 22 22:08:20 2015 us=947748 TUN/TAP TX queue length set to 100
Tue Sep 22 22:08:20 2015 us=947790 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Tue Sep 22 22:08:20 2015 us=947883 /sbin/ifconfig tun0 5.5.2.123 netmask 255.255.240.0 mtu 1500 broadcast 5.5.15.255
Tue Sep 22 22:08:21 2015 us=18092 /etc/openvpn/update-resolv-conf tun0 1500 1542 5.5.2.123 255.255.240.0 init
dhcp-option DNS 8.8.8.8
dhcp-option DNS 8.8.4.4
WRTue Sep 22 22:08:26 2015 us=26331 /sbin/route add -net 188.15.62.196 netmask 255.255.255.255 gw 192.168.1.1
Tue Sep 22 22:08:26 2015 us=79634 /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 5.5.0.1
Tue Sep 22 22:08:26 2015 us=82058 /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 5.5.0.1
Tue Sep 22 22:08:26 2015 us=84528 Initialization Sequence Completed

ifconfig

Code: Select all

eth0      Link encap:Ethernet  IndirizzoHW f4:6d:04:61:46:9e  
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisioni:0 txqueuelen:1000 
          Byte RX:0 (0.0 B)  Byte TX:0 (0.0 B)
          Interrupt:41 

lo        Link encap:Loopback locale  
          indirizzo inet:127.0.0.1  Maschera:255.0.0.0
          indirizzo inet6: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:25031 errors:0 dropped:0 overruns:0 frame:0
          TX packets:25031 errors:0 dropped:0 overruns:0 carrier:0
          collisioni:0 txqueuelen:0 
          Byte RX:2625401 (2.6 MB)  Byte TX:2625401 (2.6 MB)

tun0      Link encap:UNSPEC  IndirizzoHW 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          indirizzo inet:5.5.2.123  P-t-P:5.5.2.123  Maschera:255.255.240.0
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:58 errors:0 dropped:0 overruns:0 frame:0
          TX packets:79 errors:0 dropped:0 overruns:0 carrier:0
          collisioni:0 txqueuelen:100 
          Byte RX:34360 (34.3 KB)  Byte TX:17417 (17.4 KB)

wlan0     Link encap:Ethernet  IndirizzoHW 74:d0:2b:cf:82:22  
          indirizzo inet:192.168.1.17  Bcast:192.168.1.255  Maschera:255.255.255.0
          indirizzo inet6: fe80::76d0:2bff:fecf:8222/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:777346 errors:0 dropped:98773 overruns:0 frame:0
          TX packets:548499 errors:0 dropped:24 overruns:0 carrier:0
          collisioni:0 txqueuelen:1000 
          Byte RX:922716339 (922.7 MB)  Byte TX:92108866 (92.1 MB)

tcpdump -i tun0

Code: Select all

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on tun0, link-type RAW (Raw IP), capture size 65535 bytes
22:10:23.131626 IP PCAsus.local.33280 > wi-in-f189.1e100.net.https: Flags [P.], seq 53564589:53564658, ack 848517041, win 524, options [nop,nop,TS val 56274656 ecr 1314138861], length 69
22:10:23.134954 IP 5.5.2.123.60523 > google-public-dns-a.google.com.domain: 8506+ PTR? 189.67.194.173.in-addr.arpa. (45)
22:10:23.217037 IP google-public-dns-a.google.com.domain > 5.5.2.123.60523: 8506 1/0/0 PTR wi-in-f189.1e100.net. (79)
22:10:23.217501 IP 5.5.2.123.44893 > google-public-dns-a.google.com.domain: 9283+ PTR? 17.1.168.192.in-addr.arpa. (43)
22:10:23.279777 IP google-public-dns-a.google.com.domain > 5.5.2.123.44893: 9283 NXDomain 0/0/0 (43)
22:10:23.432123 IP 5.5.2.123.41087 > google-public-dns-a.google.com.domain: 12066+ PTR? 8.8.8.8.in-addr.arpa. (38)
22:10:23.515370 IP google-public-dns-a.google.com.domain > 5.5.2.123.41087: 12066 1/0/0 PTR google-public-dns-a.google.com. (82)
22:10:23.515817 IP 5.5.2.123.35715 > google-public-dns-a.google.com.domain: 61355+ PTR? 123.2.5.5.in-addr.arpa. (40)
22:10:23.594474 IP google-public-dns-a.google.com.domain > 5.5.2.123.35715: 61355 NXDomain 0/1/0 (100)
22:10:24.433407 IP 5.5.2.123.36767 > google-public-dns-a.google.com.domain: 57051+ A? daisy.ubuntu.com. (34)
22:10:24.500106 IP google-public-dns-a.google.com.domain > 5.5.2.123.36767: 57051 2/0/0 A 91.189.92.57, A 91.189.92.55 (66)
22:10:34.039604 IP 5.5.2.123.57112 > mil02s05-in-f13.1e100.net.https: Flags [.], ack 586921280, win 873, options [nop,nop,TS val 56277383 ecr 2861425520], length 0
22:10:34.039976 IP 5.5.2.123.45440 > google-public-dns-a.google.com.domain: 14137+ PTR? 141.232.125.74.in-addr.arpa. (45)
22:10:34.103755 IP mil02s05-in-f13.1e100.net.https > 5.5.2.123.57112: Flags [.], ack 1, win 358, options [nop,nop,TS val 2861470587 ecr 56266133], length 0
22:10:34.124424 IP google-public-dns-a.google.com.domain > 5.5.2.123.45440: 14137 1/0/0 PTR mil02s05-in-f13.1e100.net. (84)

ping 192.168.1.251

Code: Select all

PING 192.168.1.251 (192.168.1.251) 56(84) bytes of data.
From 192.168.1.17 icmp_seq=1 Destination Host Unreachable
From 192.168.1.17 icmp_seq=2 Destination Host Unreachable
From 192.168.1.17 icmp_seq=3 Destination Host Unreachable

[Traffic]

What happens if you ping 192.168.1.251 when your VPN is down ?

[danbo]

same thing

Code: Select all

ping 192.168.1.251
PING 192.168.1.251 (192.168.1.251) 56(84) bytes of data.
From 192.168.1.17 icmp_seq=1 Destination Host Unreachable
From 192.168.1.17 icmp_seq=2 Destination Host Unreachable
From 192.168.1.17 icmp_seq=3 Destination Host Unreachable
From 192.168.1.17 icmp_seq=4 Destination Host Unreachable
From 192.168.1.17 icmp_seq=5 Destination Host Unreachable
From 192.168.1.17 icmp_seq=6 Destination Host Unreachable

[Traffic]

I've asked the adimns too, indeed, but we can't sort it out

so the guys that run your VPN don't want to fix it ?

[danbo]

are you saying it's a server configuration problem?
why do it works on Windows systems and not on Ubuntu?

[danbo]

fixed it.
thank you for your time

[Traffic]

Thanks for sharing your experience ...

[danbo]

http://askubuntu.com/questions/554679/c ... vpn-client

we changed the IP class of my home router from 192.168.1.1 to 192.168.0.1

[Traffic]

FYI: 192.168.0.0/24 is probably worse than 192.168.1.0/24 ..

A more suitable change would be to select a rarely used subnet such as 192.168.157.0/24