[Solved] Windows 10 OpenVPN Server NAT with redirect-gateway
Posted: Sat Jan 16, 2016 1:27 pm
Hi,
I am trying to connect my computer to an OpenVPN in IPv4 on 1194.
First I am trying to have a tunnel configuration to watch the french TV from abroad.
The connection between the server and the computer is fine but when I am connected I do not have Internet anymore on the client.
The TAP and the Ethernet are bridged on the server (don't know if it is the right config).
The Server is on a 10.0.1.0 network gateway 10.0.1.11 DNS 10.0.1.11
Here is my Server config :
Here is my Client Config :
Server Log :
I am trying to connect my computer to an OpenVPN in IPv4 on 1194.
First I am trying to have a tunnel configuration to watch the french TV from abroad.
The connection between the server and the computer is fine but when I am connected I do not have Internet anymore on the client.
The TAP and the Ethernet are bridged on the server (don't know if it is the right config).
The Server is on a 10.0.1.0 network gateway 10.0.1.11 DNS 10.0.1.11
Here is my Server config :
Code: Select all
port 1194
proto udp
push "redirect-gateway def1"
dev tun
ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\config\\server.crt"
key "C:\\Program Files\\OpenVPN\\config\\server.key" # This file should be kept secret
dh "C:\\Program Files\\OpenVPN\\config\\dh1024.pem"
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3
Code: Select all
client
dev tun
proto udp
remote my-server 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca "c:\\openvpn\\config\\ca.crt"
cert "c:\\openvpn\\config\\MF.crt"
key "c:\\openvpn\\config\\MF.key" # This file should be kept secret
remote-cert-tls server
comp-lzo
verb 3
Code: Select all
Sat Jan 16 14:13:13 2016 OpenVPN 2.3.10 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Jan 4 2016
Sat Jan 16 14:13:13 2016 Windows version 6.2 (Windows 8 or greater)
Sat Jan 16 14:13:13 2016 library versions: OpenSSL 1.0.1q 3 Dec 2015, LZO 2.09
Sat Jan 16 14:13:13 2016 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Sat Jan 16 14:13:13 2016 Need hold release from management interface, waiting...
Sat Jan 16 14:13:13 2016 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Sat Jan 16 14:13:13 2016 MANAGEMENT: CMD 'state on'
Sat Jan 16 14:13:13 2016 MANAGEMENT: CMD 'log all on'
Sat Jan 16 14:13:13 2016 MANAGEMENT: CMD 'hold off'
Sat Jan 16 14:13:13 2016 MANAGEMENT: CMD 'hold release'
Sat Jan 16 14:13:14 2016 Diffie-Hellman initialized with 1024 bit key
Sat Jan 16 14:13:14 2016 Socket Buffers: R=[65536->65536] S=[65536->65536]
Sat Jan 16 14:13:14 2016 ROUTE_GATEWAY 10.0.1.11/255.255.255.0 I=25 HWADDR=10:6f:3f:d5:8e:88
Sat Jan 16 14:13:14 2016 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Sat Jan 16 14:13:14 2016 MANAGEMENT: >STATE:1452949994,ASSIGN_IP,,10.8.0.1,
Sat Jan 16 14:13:14 2016 open_tun, tt->ipv6=0
Sat Jan 16 14:13:14 2016 TAP-WIN32 device [Ethernet 3] opened: \\.\Global\{7CED3B95-5934-45D5-A883-A06DE83852DA}.tap
Sat Jan 16 14:13:14 2016 TAP-Windows Driver Version 9.21
Sat Jan 16 14:13:14 2016 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.8.0.1/255.255.255.252 on interface {7CED3B95-5934-45D5-A883-A06DE83852DA} [DHCP-serv: 10.8.0.2, lease-time: 31536000]
Sat Jan 16 14:13:14 2016 Sleeping for 10 seconds...
Sat Jan 16 14:13:24 2016 NOTE: FlushIpNetTable failed on interface [28] {7CED3B95-5934-45D5-A883-A06DE83852DA} (status=1168) : Élément introuvable.
Sat Jan 16 14:13:24 2016 MANAGEMENT: >STATE:1452950004,ADD_ROUTES,,,
Sat Jan 16 14:13:24 2016 C:\Windows\system32\route.exe ADD 10.8.0.0 MASK 255.255.255.0 10.8.0.2
Sat Jan 16 14:13:24 2016 Warning: route gateway is not reachable on any active network adapters: 10.8.0.2
Sat Jan 16 14:13:24 2016 Route addition via IPAPI failed [adaptive]
Sat Jan 16 14:13:24 2016 Route addition fallback to route.exe
Sat Jan 16 14:13:24 2016 env_block: add PATH=C:\Windows\System32;C:\Windows;C:\Windows\System32\Wbem
Sat Jan 16 14:13:24 2016 UDPv4 link local (bound): [undef]
Sat Jan 16 14:13:24 2016 UDPv4 link remote: [undef]
Sat Jan 16 14:13:24 2016 MULTI: multi_init called, r=256 v=256
Sat Jan 16 14:13:24 2016 IFCONFIG POOL: base=10.8.0.4 size=62, ipv6=0
Sat Jan 16 14:13:24 2016 ifconfig_pool_read(), in='MF,10.8.0.4', TODO: IPv6
Sat Jan 16 14:13:24 2016 succeeded -> ifconfig_pool_set()
Sat Jan 16 14:13:24 2016 ifconfig_pool_read(), in='intelnuc,10.8.0.8', TODO: IPv6
Sat Jan 16 14:13:24 2016 succeeded -> ifconfig_pool_set()
Sat Jan 16 14:13:24 2016 IFCONFIG POOL LIST
Sat Jan 16 14:13:24 2016 MF,10.8.0.4
Sat Jan 16 14:13:24 2016 intelnuc,10.8.0.8
Sat Jan 16 14:13:24 2016 Initialization Sequence Completed
Sat Jan 16 14:13:24 2016 MANAGEMENT: >STATE:1452950004,CONNECTED,SUCCESS,10.8.0.1,
Sat Jan 16 14:13:29 2016 x.x.x.x:62508 TLS: Initial packet from [AF_INET]X.X.X.X:62508, sid=34005547 095ab405
Sat Jan 16 14:13:29 2016 x.x.x.x:62508 VERIFY OK: depth=1, C=FR, ST=Rhone, L=Lyon, O=Company, CN=OpenVPN, emailAddress=x.xxxx@domain.com
Sat Jan 16 14:13:29 2016 x.x.x.x:62508 VERIFY OK: depth=0, C=FR, ST=Rhone, O=Company, CN=MF, emailAddress=x.xxxx@domain.com
Sat Jan 16 14:13:30 2016 x.x.x.x:62508 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Jan 16 14:13:30 2016 x.x.x.x:62508 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Jan 16 14:13:30 2016 x.x.x.x:62508 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Jan 16 14:13:30 2016 x.x.x.x:62508 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Jan 16 14:13:30 2016 x.x.x.x:62508 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 1024 bit RSA
Sat Jan 16 14:13:30 2016 x.x.x.x:62508 [MF] Peer Connection Initiated with [AF_INET]X.X.X.X:62508
Sat Jan 16 14:13:30 2016 MF/x.x.x.x:62508 MULTI_sva: pool returned IPv4=10.8.0.6, IPv6=(Not enabled)
Sat Jan 16 14:13:30 2016 MF/x.x.x.x:62508 MULTI: Learn: 10.8.0.6 -> MF/X.X.X.X:62508
Sat Jan 16 14:13:30 2016 MF/x.x.x.x:62508 MULTI: primary virtual IP for MF/X.X.X.X:62508: 10.8.0.6
Sat Jan 16 14:13:32 2016 MF/x.x.x.x:215:62508 PUSH: Received control message: 'PUSH_REQUEST'
Sat Jan 16 14:13:32 2016 MF/x.x.x.x:62508 send_push_reply(): safe_cap=940
Sat Jan 16 14:13:32 2016 MF/x.x.x.x:62508 SENT CONTROL [MF]: 'PUSH_REPLY,redirect-gateway def1,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5' (status=1)