Problems with redirect-gateway def1 Windows 10

Need help configuring your VPN? Just post here and you'll get that help.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Locked
jschlis82
OpenVpn Newbie
Posts: 6
Joined: Tue Apr 12, 2016 4:30 am

Problems with redirect-gateway def1 Windows 10

Post by jschlis82 » Tue Apr 12, 2016 4:54 am

For starters I have very limited experience with OpenVPN or networking so I'll do my best to explain what I've done and hopefully if anyone has a solution to my problem they can explain it in a way which even a layman can figure out. I did have this working on a windows 7 server, but now have a windows 10 machine and can not get it to work.

The client will connect to the server, but when I go to access the internet nothing comes up. The internet works fine if I comment out redirect-gateway def1 out but than I don't think it's tunneling my internet connection through the server because when I check my ip address it does not show the home servers public ip address.

I checked the firewall and port 1194 is open. I also completely disabled my firewall in order to verify that it was not a firewall problem and I ran into the same problem of the client connecting to the server but no internet access. My goal is to be able to tunnel all my internet traffic through my server at home.

I initially installed the 64 bit version, than the 32 bit version... Same problems. I think I was only able to get the 32 bit version to work with windows 7 for whatever reason. I even took the old config files from the working windows 7 server and imported them into the windows 10 server and had the same problem. I did the following tweaks:

Code: Select all

Start -> Right-click My Computer -> Manage
Services
Right-click Routing and Remote Access -> Properties -> Automatic
Right-click Routing and Remote Access -> Start

Next:

Control Panel
Network and Sharing Center
Local Area Connection
Properties
Sharing
Tick the box "Allow other network users to connect through this computer's Internet connection"
From the drop-down list select "Local Area Connection 2", or whatever is the connection name of your TAP server connection.

regedit

Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
Value: IPEnableRouter
Type: REG_DWORD
Data: 0x00000001 (1)

My server .ovpn file is as follows:

Code: Select all

port 1194
proto udp
dev tun
ca "C:\\Program Files (x86)\\OpenVPN\\config\\ca.crt"
cert "C:\\Program Files (x86)\\OpenVPN\\config\\server.crt"
key "C:\\Program Files (x86)\\OpenVPN\\config\\server.key"
dh "C:\\Program Files (x86)\\OpenVPN\\config\\dh1024.pem"
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3
push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"
Client ovpn file is as follow:

Code: Select all

client
dev tun
proto udp
remote myserver 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca "ca.crt"
cert "john-laptop.crt"
key "john-laptop.key"
ns-cert-type server
comp-lzo
verb 3

I'm at a loss and have been looking at different forums for hours now. If anyway one has any idea on how to get this to work I'd be grateful.

Thank you in Advance!

John
Top
User avatar
Traffic
OpenVPN Protagonist
Posts: 4066
Joined: Sat Aug 09, 2014 11:24 am

Re: Problems with redirect-gateway def1 Windows 10

Post by Traffic » Tue Apr 12, 2016 11:46 am

Here is an example solution for your problem:
topic20765.html

You may find other help in this Forum:
examples-f7.html
Top
jschlis82
OpenVpn Newbie
Posts: 6
Joined: Tue Apr 12, 2016 4:30 am

Re: Problems with redirect-gateway def1 Windows 10

Post by jschlis82 » Tue Apr 12, 2016 4:25 pm

Hello,

Thank you for your response.

I tried the solution with the widows 10 tweaks the original poster recommended in that post which didn't work. I tried to create a static route with my router (NetGear wndr3700). I'm not sure if this is right but this is what I put in:

<code>
Destination IP : 10.8.0.0
IP Submask: 255.255.255.0
IP Gateway: 192.168.1.18 (This is the computer the server is running on)
Metric 3
</code>

The router software would not allow me to put in the VPN assigned VPN server IP address of 10.8.0.1 saying that "gateway should be on the same subnet as the WAN or the LAN interface"

Here is the log from the client:

<code>
Tue Apr 12 09:08:25 2016 OpenVPN 2.3.10 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Mar 10 2016
Tue Apr 12 09:08:25 2016 Windows version 6.2 (Windows 8 or greater)
Tue Apr 12 09:08:25 2016 library versions: OpenSSL 1.0.1s 1 Mar 2016, LZO 2.09
Enter Management Password:
Tue Apr 12 09:08:25 2016 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Tue Apr 12 09:08:25 2016 Need hold release from management interface, waiting...
Tue Apr 12 09:08:26 2016 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Tue Apr 12 09:08:26 2016 MANAGEMENT: CMD 'state on'
Tue Apr 12 09:08:26 2016 MANAGEMENT: CMD 'log all on'
Tue Apr 12 09:08:26 2016 MANAGEMENT: CMD 'hold off'
Tue Apr 12 09:08:26 2016 MANAGEMENT: CMD 'hold release'
Tue Apr 12 09:08:26 2016 Socket Buffers: R=[65536->65536] S=[65536->65536]
Tue Apr 12 09:08:26 2016 MANAGEMENT: >STATE:1460477306,RESOLVE,,,
Tue Apr 12 09:08:27 2016 UDPv4 link local: [undef]
Tue Apr 12 09:08:27 2016 UDPv4 link remote: [AF_INET]xx.xx.xx.xxx:1194
Tue Apr 12 09:08:27 2016 MANAGEMENT: >STATE:1460477307,WAIT,,,
Tue Apr 12 09:08:27 2016 MANAGEMENT: >STATE:1460477307,AUTH,,,
Tue Apr 12 09:08:27 2016 TLS: Initial packet from [AF_INET]xx.xx.xx.xxx:1194, sid=57775a0b f9021b23
Tue Apr 12 09:08:27 2016 VERIFY OK: depth=1, C=US, ST=IL, L=Chicago, O=, CN=server, emailAddress=
Tue Apr 12 09:08:27 2016 VERIFY OK: nsCertType=SERVER
Tue Apr 12 09:08:27 2016 VERIFY OK: depth=0, C=US, ST=IL, O=, CN=server, emailAddress=
Tue Apr 12 09:08:27 2016 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Apr 12 09:08:27 2016 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Apr 12 09:08:27 2016 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Apr 12 09:08:27 2016 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Apr 12 09:08:27 2016 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 1024 bit RSA
Tue Apr 12 09:08:27 2016 [server] Peer Connection Initiated with [AF_INET]xx.xx.xx.xxx:1194
Tue Apr 12 09:08:28 2016 MANAGEMENT: >STATE:1460477308,GET_CONFIG,,,
Tue Apr 12 09:08:29 2016 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Tue Apr 12 09:08:29 2016 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,redirect-gateway local def1,dhcp-option DNS 8.8.8.8,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.22 10.8.0.21'
Tue Apr 12 09:08:29 2016 OPTIONS IMPORT: timers and/or timeouts modified
Tue Apr 12 09:08:29 2016 OPTIONS IMPORT: --ifconfig/up options modified
Tue Apr 12 09:08:29 2016 OPTIONS IMPORT: route options modified
Tue Apr 12 09:08:29 2016 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Tue Apr 12 09:08:29 2016 ROUTE_GATEWAY 192.168.1.1/255.255.255.0 I=17 HWADDR=24:77:03:41:b9:48
Tue Apr 12 09:08:29 2016 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Tue Apr 12 09:08:29 2016 MANAGEMENT: >STATE:1460477309,ASSIGN_IP,,10.8.0.22,
Tue Apr 12 09:08:29 2016 open_tun, tt->ipv6=0
Tue Apr 12 09:08:29 2016 TAP-WIN32 device [Ethernet 2] opened: \\.\Global\{662BF6C6-D948-4C1C-A853-FDEAC308320B}.tap
Tue Apr 12 09:08:29 2016 TAP-Windows Driver Version 9.21
Tue Apr 12 09:08:29 2016 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.8.0.22/255.255.255.252 on interface {662BF6C6-D948-4C1C-A853-FDEAC308320B} [DHCP-serv: 10.8.0.21, lease-time: 31536000]
Tue Apr 12 09:08:29 2016 Successful ARP Flush on interface [18] {662BF6C6-D948-4C1C-A853-FDEAC308320B}
Tue Apr 12 09:08:34 2016 TEST ROUTES: 2/2 succeeded len=1 ret=1 a=0 u/d=up
Tue Apr 12 09:08:34 2016 C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.8.0.21
Tue Apr 12 09:08:34 2016 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
Tue Apr 12 09:08:34 2016 Route addition via IPAPI succeeded [adaptive]
Tue Apr 12 09:08:34 2016 C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.8.0.21
Tue Apr 12 09:08:34 2016 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
Tue Apr 12 09:08:34 2016 Route addition via IPAPI succeeded [adaptive]
Tue Apr 12 09:08:34 2016 MANAGEMENT: >STATE:1460477314,ADD_ROUTES,,,
Tue Apr 12 09:08:34 2016 C:\WINDOWS\system32\route.exe ADD 10.8.0.1 MASK 255.255.255.255 10.8.0.21
Tue Apr 12 09:08:34 2016 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
Tue Apr 12 09:08:34 2016 Route addition via IPAPI succeeded [adaptive]
Tue Apr 12 09:08:34 2016 Initialization Sequence Completed
Tue Apr 12 09:08:34 2016 MANAGEMENT: >STATE:1460477314,CONNECTED,SUCCESS,10.8.0.22,xx.xx.xx.xxx


</code>

and the log from the server:

<code>
Tue Apr 12 11:00:31 2016 OpenVPN 2.3.10 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Mar 10 2016
Tue Apr 12 11:00:31 2016 Windows version 6.2 (Windows 8 or greater)
Tue Apr 12 11:00:31 2016 library versions: OpenSSL 1.0.1s 1 Mar 2016, LZO 2.09
Enter Management Password:
Tue Apr 12 11:00:31 2016 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Tue Apr 12 11:00:31 2016 Need hold release from management interface, waiting...
Tue Apr 12 11:00:32 2016 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Tue Apr 12 11:00:32 2016 MANAGEMENT: CMD 'state on'
Tue Apr 12 11:00:32 2016 MANAGEMENT: CMD 'log all on'
Tue Apr 12 11:00:32 2016 MANAGEMENT: CMD 'hold off'
Tue Apr 12 11:00:32 2016 MANAGEMENT: CMD 'hold release'
Tue Apr 12 11:00:32 2016 NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x. Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
Tue Apr 12 11:00:32 2016 Diffie-Hellman initialized with 1024 bit key
Tue Apr 12 11:00:32 2016 Socket Buffers: R=[65536->65536] S=[65536->65536]
Tue Apr 12 11:00:32 2016 ROUTE_GATEWAY 192.168.1.1/255.255.255.0 I=13 HWADDR=f0:4d:a2:fb:58:26
Tue Apr 12 11:00:32 2016 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Tue Apr 12 11:00:32 2016 MANAGEMENT: >STATE:1460476832,ASSIGN_IP,,10.8.0.1,
Tue Apr 12 11:00:32 2016 open_tun, tt->ipv6=0
Tue Apr 12 11:00:32 2016 TAP-WIN32 device [Ethernet] opened: \\.\Global\{6BB6E50C-0F3C-4757-B635-67C7928FB3EC}.tap
Tue Apr 12 11:00:32 2016 TAP-Windows Driver Version 9.21
Tue Apr 12 11:00:32 2016 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.8.0.1/255.255.255.252 on interface {6BB6E50C-0F3C-4757-B635-67C7928FB3EC} [DHCP-serv: 10.8.0.2, lease-time: 31536000]
Tue Apr 12 11:00:32 2016 Sleeping for 10 seconds...
Tue Apr 12 11:00:42 2016 Successful ARP Flush on interface [10] {6BB6E50C-0F3C-4757-B635-67C7928FB3EC}
Tue Apr 12 11:00:42 2016 MANAGEMENT: >STATE:1460476842,ADD_ROUTES,,,
Tue Apr 12 11:00:42 2016 C:\WINDOWS\system32\route.exe ADD 10.8.0.0 MASK 255.255.255.0 10.8.0.2
Tue Apr 12 11:00:42 2016 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
Tue Apr 12 11:00:42 2016 Route addition via IPAPI succeeded [adaptive]
Tue Apr 12 11:00:42 2016 UDPv4 link local (bound): [undef]
Tue Apr 12 11:00:42 2016 UDPv4 link remote: [undef]
Tue Apr 12 11:00:42 2016 MULTI: multi_init called, r=256 v=256
Tue Apr 12 11:00:42 2016 IFCONFIG POOL: base=10.8.0.4 size=62, ipv6=0
Tue Apr 12 11:00:42 2016 ifconfig_pool_read(), in='sara-iphone,10.8.0.4', TODO: IPv6
Tue Apr 12 11:00:42 2016 succeeded -> ifconfig_pool_set()
Tue Apr 12 11:00:42 2016 ifconfig_pool_read(), in='john-ipad,10.8.0.8', TODO: IPv6
Tue Apr 12 11:00:42 2016 succeeded -> ifconfig_pool_set()
Tue Apr 12 11:00:42 2016 ifconfig_pool_read(), in='sara-ipad,10.8.0.12', TODO: IPv6
Tue Apr 12 11:00:42 2016 succeeded -> ifconfig_pool_set()
Tue Apr 12 11:00:42 2016 ifconfig_pool_read(), in='john-iphone,10.8.0.16', TODO: IPv6
Tue Apr 12 11:00:42 2016 succeeded -> ifconfig_pool_set()
Tue Apr 12 11:00:42 2016 ifconfig_pool_read(), in='john-laptop,10.8.0.20', TODO: IPv6
Tue Apr 12 11:00:42 2016 succeeded -> ifconfig_pool_set()
Tue Apr 12 11:00:42 2016 IFCONFIG POOL LIST
Tue Apr 12 11:00:42 2016 sara-iphone,10.8.0.4
Tue Apr 12 11:00:42 2016 john-ipad,10.8.0.8
Tue Apr 12 11:00:42 2016 sara-ipad,10.8.0.12
Tue Apr 12 11:00:42 2016 john-iphone,10.8.0.16
Tue Apr 12 11:00:42 2016 john-laptop,10.8.0.20
Tue Apr 12 11:00:42 2016 Initialization Sequence Completed
Tue Apr 12 11:00:42 2016 MANAGEMENT: >STATE:1460476842,CONNECTED,SUCCESS,10.8.0.1,
Tue Apr 12 11:08:24 2016 xx.xx.xx.xxx:64827 TLS: Initial packet from [AF_INET]xx.xx.xx.xxx:64827, sid=6392c47c 10f232a4
Tue Apr 12 11:08:24 2016 xx.xx.xx.xxx:64827 VERIFY OK: depth=1, C=US, ST=IL, L=Chicago, O=, CN=server, emailAddress=
Tue Apr 12 11:08:24 2016 xx.xx.xx.xxx:64827 VERIFY OK: depth=0, C=US, ST=IL, O=, CN=john-laptop
Tue Apr 12 11:08:24 2016 xx.xx.xx.xxx:64827 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Apr 12 11:08:24 2016 xx.xx.xx.xxx:64827 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Apr 12 11:08:24 2016 xx.xx.xx.xxx:64827 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Apr 12 11:08:24 2016 xx.xx.xx.xxx:64827 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Apr 12 11:08:24 2016 xx.xx.xx.xxx:64827 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 1024 bit RSA
Tue Apr 12 11:08:24 2016 xx.xx.xx.xxx:64827 [john-laptop] Peer Connection Initiated with [AF_INET]24.15.65.138:64827
Tue Apr 12 11:08:24 2016 john-laptop/xx.xx.xx.xxx:64827 MULTI_sva: pool returned IPv4=10.8.0.22, IPv6=(Not enabled)
Tue Apr 12 11:08:24 2016 john-laptop/xx.xx.xx.xxx:64827 MULTI: Learn: 10.8.0.22 -> john-laptop/xx.xx.xx.xxx:64827
Tue Apr 12 11:08:24 2016 john-laptop/xx.xx.xx.xxx:64827 MULTI: primary virtual IP for john-laptop/xx.xx.xx.xxx:64827: 10.8.0.22
Tue Apr 12 11:08:26 2016 john-laptop/xx.xx.xx.xxx:64827 PUSH: Received control message: 'PUSH_REQUEST'
Tue Apr 12 11:08:26 2016 john-laptop/xx.xx.xx.xxx:64827 send_push_reply(): safe_cap=940
Tue Apr 12 11:08:26 2016 john-laptop/xx.xx.xx.xxx:64827 SENT CONTROL [john-laptop]: 'PUSH_REPLY,redirect-gateway def1,redirect-gateway local def1,dhcp-option DNS 8.8.8.8,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.22 10.8.0.21' (status=1)
Tue Apr 12 11:12:31 2016 john-laptop/xx.xx.xx.xxx:64827 [john-laptop] Inactivity timeout (--ping-restart), restarting
Tue Apr 12 11:12:31 2016 john-laptop/xx.xx.xx.xxx:64827 SIGUSR1[soft,ping-restart] received, client-instance restarting
Tue Apr 12 11:17:54 2016 C:\WINDOWS\system32\route.exe DELETE 10.8.0.0 MASK 255.255.255.0 10.8.0.2
Tue Apr 12 11:17:54 2016 Route deletion via IPAPI succeeded [adaptive]
Tue Apr 12 11:17:54 2016 Closing TUN/TAP interface
Tue Apr 12 11:17:54 2016 SIGTERM[hard,] received, process exiting
Tue Apr 12 11:17:54 2016 MANAGEMENT: >STATE:1460477874,EXITING,SIGTERM,,


</code>

the xx.xx.xx.xxx is my public ip address. Do you have anymore ideas on this?

Thank You!
Top
User avatar
Traffic
OpenVPN Protagonist
Posts: 4066
Joined: Sat Aug 09, 2014 11:24 am

Re: Problems with redirect-gateway def1 Windows 10

Post by Traffic » Tue Apr 12, 2016 5:32 pm

jschlis82 wrote:<code>
Destination IP : 10.8.0.0
IP Submask: 255.255.255.0
IP Gateway: 192.168.1.18 (This is the computer the server is running on)
Metric 3
</code>
The route looks ok ..

Try pushing the server LAN to the client See this HOWTO:
HOWTO: Expanding the scope of the VPN to include additional machines

Note: You only need to push the server LAN .. do not bother with the client LAN.

Then try ping 192.168.1.18 from the client.
And post route print from the client.
Top
jschlis82
OpenVpn Newbie
Posts: 6
Joined: Tue Apr 12, 2016 4:30 am

Re: Problems with redirect-gateway def1 Windows 10

Post by jschlis82 » Tue Apr 12, 2016 6:34 pm

Thank you for your response.

I added push "route 10.66.0.0 255.255.255.0"

Giving me a new server config file which looks like this:

Code: Select all

port 1194
proto udp
dev tun
ca "C:\\Program Files (x86)\\OpenVPN\\config\\ca.crt"
cert "C:\\Program Files (x86)\\OpenVPN\\config\\server.crt"
key "C:\\Program Files (x86)\\OpenVPN\\config\\server.key"
dh "C:\\Program Files (x86)\\OpenVPN\\config\\dh1024.pem"
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3
push "redirect-gateway def1"
push "redirect-gateway local def1"
push "dhcp-option DNS 8.8.8.8"
push "route 10.66.0.0 255.255.255.0"
When I turn connect to the VPN server on the local network I get the following from the cmd (still no internet, this is how the it was set up with the last log files I sent):

Code: Select all

Microsoft Windows [Version 10.0.10586]
(c) 2015 Microsoft Corporation. All rights reserved.

C:\WINDOWS\system32>ping 192.168.1.18

Pinging 192.168.1.18 with 32 bytes of data:
Reply from 192.168.1.18: bytes=32 time=3ms TTL=128
Reply from 192.168.1.18: bytes=32 time=1ms TTL=128
Reply from 192.168.1.18: bytes=32 time=2ms TTL=128
Reply from 192.168.1.18: bytes=32 time=3ms TTL=128

Ping statistics for 192.168.1.18:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 1ms, Maximum = 3ms, Average = 2ms

C:\WINDOWS\system32>route print
===========================================================================
Interface List
 19...e4 11 5b 32 ee 02 ......Intel(R) 82579LM Gigabit Network Connection
  7...24 77 03 41 b9 49 ......Microsoft Wi-Fi Direct Virtual Adapter
 12...26 77 03 41 b9 48 ......Microsoft Hosted Network Virtual Adapter
 18...00 ff 66 2b f6 c6 ......TAP-Windows Adapter V9
 17...24 77 03 41 b9 48 ......Intel(R) Centrino(R) Ultimate-N 6300 AGN
 21...40 2c f4 86 b5 ca ......Bluetooth Device (Personal Area Network)
  1...........................Software Loopback Interface 1
 22...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 10...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
 56...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #5
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1     192.168.1.10     20
          0.0.0.0        128.0.0.0        10.8.0.21        10.8.0.22     20
         10.8.0.1  255.255.255.255        10.8.0.21        10.8.0.22     20
        10.8.0.20  255.255.255.252         On-link         10.8.0.22    276
        10.8.0.22  255.255.255.255         On-link         10.8.0.22    276
        10.8.0.23  255.255.255.255         On-link         10.8.0.22    276
        10.66.0.0    255.255.255.0        10.8.0.21        10.8.0.22     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        128.0.0.0        128.0.0.0        10.8.0.21        10.8.0.22     20
      192.168.1.0    255.255.255.0         On-link      192.168.1.10    276
     192.168.1.10  255.255.255.255         On-link      192.168.1.10    276
    192.168.1.255  255.255.255.255         On-link      192.168.1.10    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.1.10    276
        224.0.0.0        240.0.0.0         On-link         10.8.0.22    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.1.10    276
  255.255.255.255  255.255.255.255         On-link         10.8.0.22    276
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 17    276 fe80::/64                On-link
 18    276 fe80::/64                On-link
 18    276 fe80::29f1:d7ce:20f6:8a0b/128
                                    On-link
 17    276 fe80::4503:bfa5:ab9e:71af/128
                                    On-link
  1    306 ff00::/8                 On-link
 17    276 ff00::/8                 On-link
 18    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None

C:\WINDOWS\system32>

If I connect my phone and try to connect to the VPN from outside the local network, it still shows me as connected but again no internet. Here is the results from the cmd in this scenario:

Code: Select all

Microsoft Windows [Version 10.0.10586]
(c) 2015 Microsoft Corporation. All rights reserved.

C:\WINDOWS\system32>ping 192.168.1.18

Pinging 192.168.1.18 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 192.168.1.18:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

C:\WINDOWS\system32>route print
===========================================================================
Interface List
 19...e4 11 5b 32 ee 02 ......Intel(R) 82579LM Gigabit Network Connection
  7...24 77 03 41 b9 49 ......Microsoft Wi-Fi Direct Virtual Adapter
 12...26 77 03 41 b9 48 ......Microsoft Hosted Network Virtual Adapter
 23...7a a3 e4 23 dd 37 ......Apple Mobile Device Ethernet
 18...00 ff 66 2b f6 c6 ......TAP-Windows Adapter V9
 17...24 77 03 41 b9 48 ......Intel(R) Centrino(R) Ultimate-N 6300 AGN
 21...40 2c f4 86 b5 ca ......Bluetooth Device (Personal Area Network)
  1...........................Software Loopback Interface 1
 22...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 10...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
 56...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #5
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      172.20.10.1      172.20.10.4     20
          0.0.0.0        128.0.0.0        10.8.0.21        10.8.0.22     20
         10.8.0.1  255.255.255.255        10.8.0.21        10.8.0.22     20
        10.8.0.20  255.255.255.252         On-link         10.8.0.22    276
        10.8.0.22  255.255.255.255         On-link         10.8.0.22    276
        10.8.0.23  255.255.255.255         On-link         10.8.0.22    276
        10.66.0.0    255.255.255.0        10.8.0.21        10.8.0.22     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        128.0.0.0        128.0.0.0        10.8.0.21        10.8.0.22     20
      172.20.10.0  255.255.255.240         On-link       172.20.10.4    276
      172.20.10.4  255.255.255.255         On-link       172.20.10.4    276
     172.20.10.15  255.255.255.255         On-link       172.20.10.4    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link         10.8.0.22    276
        224.0.0.0        240.0.0.0         On-link       172.20.10.4    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link         10.8.0.22    276
  255.255.255.255  255.255.255.255         On-link       172.20.10.4    276
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 22    306 ::/0                     On-link
  1    306 ::1/128                  On-link
 22    306 2001::/32                On-link
 22    306 2001:0:9d38:6ab8:c3d:1724:f5f7:ffe9/128
                                    On-link
 18    276 fe80::/64                On-link
 23    276 fe80::/64                On-link
 22    306 fe80::/64                On-link
 22    306 fe80::c3d:1724:f5f7:ffe9/128
                                    On-link
 18    276 fe80::29f1:d7ce:20f6:8a0b/128
                                    On-link
 23    276 fe80::9dd9:61ce:d068:7080/128
                                    On-link
  1    306 ff00::/8                 On-link
 22    306 ff00::/8                 On-link
 18    276 ff00::/8                 On-link
 23    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None

C:\WINDOWS\system32>
I don't know much about networking, so I may be missing something really obvious here. Thank you for your help.
Top
User avatar
Traffic
OpenVPN Protagonist
Posts: 4066
Joined: Sat Aug 09, 2014 11:24 am

Re: Problems with redirect-gateway def1 Windows 10

Post by Traffic » Tue Apr 12, 2016 7:33 pm

Traffic wrote:
jschlis82 wrote:<code>
Destination IP : 10.8.0.0
IP Submask: 255.255.255.0
IP Gateway: 192.168.1.18 (This is the computer the server is running on)
Metric 3
</code>
The route looks ok ..

Try pushing the server LAN to the client See this HOWTO:
HOWTO: Expanding the scope of the VPN to include additional machines

Note: You only need to push the server LAN .. do not bother with the client LAN.

Then try ping 192.168.1.18 from the client.
And post route print from the client.
jschlis82 wrote:I added push "route 10.66.0.0 255.255.255.0"
Why did you push the route 10.66.0.0 .. your Server LAN is 192.168.1.0 ...
Top
jschlis82
OpenVpn Newbie
Posts: 6
Joined: Tue Apr 12, 2016 4:30 am

Re: Problems with redirect-gateway def1 Windows 10

Post by jschlis82 » Tue Apr 12, 2016 7:51 pm

Just because that's what it references in the doc... Sorry I changed that line in the server config file to:

Code: Select all

push "route 192.168.1.0 255.255.255.0
Here are the new results from the cmd line, not sure if you want both or nor here they are anyway:

Connected from client to server on vpn over local network:

Code: Select all

Microsoft Windows [Version 10.0.10586]
(c) 2015 Microsoft Corporation. All rights reserved.

C:\WINDOWS\system32>ping 192.168.1.18

Pinging 192.168.1.18 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 192.168.1.18:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

C:\WINDOWS\system32>route print
===========================================================================
Interface List
 19...e4 11 5b 32 ee 02 ......Intel(R) 82579LM Gigabit Network Connection
  7...24 77 03 41 b9 49 ......Microsoft Wi-Fi Direct Virtual Adapter
 12...26 77 03 41 b9 48 ......Microsoft Hosted Network Virtual Adapter
 18...00 ff 66 2b f6 c6 ......TAP-Windows Adapter V9
 17...24 77 03 41 b9 48 ......Intel(R) Centrino(R) Ultimate-N 6300 AGN
 21...40 2c f4 86 b5 ca ......Bluetooth Device (Personal Area Network)
  1...........................Software Loopback Interface 1
 22...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 10...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
 56...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #5
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1     192.168.1.10     20
          0.0.0.0        128.0.0.0        10.8.0.21        10.8.0.22     20
         10.8.0.1  255.255.255.255        10.8.0.21        10.8.0.22     20
        10.8.0.20  255.255.255.252         On-link         10.8.0.22    276
        10.8.0.22  255.255.255.255         On-link         10.8.0.22    276
        10.8.0.23  255.255.255.255         On-link         10.8.0.22    276
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        128.0.0.0        128.0.0.0        10.8.0.21        10.8.0.22     20
      192.168.1.0    255.255.255.0         On-link      192.168.1.10    276
      192.168.1.0    255.255.255.0        10.8.0.21        10.8.0.22     20
     192.168.1.10  255.255.255.255         On-link      192.168.1.10    276
    192.168.1.255  255.255.255.255         On-link      192.168.1.10    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.1.10    276
        224.0.0.0        240.0.0.0         On-link         10.8.0.22    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.1.10    276
  255.255.255.255  255.255.255.255         On-link         10.8.0.22    276
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 17    276 fe80::/64                On-link
 18    276 fe80::/64                On-link
 18    276 fe80::29f1:d7ce:20f6:8a0b/128
                                    On-link
 17    276 fe80::4503:bfa5:ab9e:71af/128
                                    On-link
  1    306 ff00::/8                 On-link
 17    276 ff00::/8                 On-link
 18    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None

C:\WINDOWS\system32>
Connected client with vpn server over cell phone:

Code: Select all

Microsoft Windows [Version 10.0.10586]
(c) 2015 Microsoft Corporation. All rights reserved.

C:\WINDOWS\system32>cell phone
'cell' is not recognized as an internal or external command,
operable program or batch file.

C:\WINDOWS\system32>ping 192.168.1.18

Pinging 192.168.1.18 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 192.168.1.18:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

C:\WINDOWS\system32>route print
===========================================================================
Interface List
 19...e4 11 5b 32 ee 02 ......Intel(R) 82579LM Gigabit Network Connection
  7...24 77 03 41 b9 49 ......Microsoft Wi-Fi Direct Virtual Adapter
 12...26 77 03 41 b9 48 ......Microsoft Hosted Network Virtual Adapter
 23...7a a3 e4 23 dd 37 ......Apple Mobile Device Ethernet
 18...00 ff 66 2b f6 c6 ......TAP-Windows Adapter V9
 17...24 77 03 41 b9 48 ......Intel(R) Centrino(R) Ultimate-N 6300 AGN
 21...40 2c f4 86 b5 ca ......Bluetooth Device (Personal Area Network)
  1...........................Software Loopback Interface 1
 22...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 10...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
 56...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #5
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      172.20.10.1      172.20.10.4     20
          0.0.0.0        128.0.0.0        10.8.0.21        10.8.0.22     20
         10.8.0.1  255.255.255.255        10.8.0.21        10.8.0.22     20
        10.8.0.20  255.255.255.252         On-link         10.8.0.22    276
        10.8.0.22  255.255.255.255         On-link         10.8.0.22    276
        10.8.0.23  255.255.255.255         On-link         10.8.0.22    276
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        128.0.0.0        128.0.0.0        10.8.0.21        10.8.0.22     20
      172.20.10.0  255.255.255.240         On-link       172.20.10.4    276
      172.20.10.4  255.255.255.255         On-link       172.20.10.4    276
     172.20.10.15  255.255.255.255         On-link       172.20.10.4    276
      192.168.1.0    255.255.255.0        10.8.0.21        10.8.0.22     20
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link         10.8.0.22    276
        224.0.0.0        240.0.0.0         On-link       172.20.10.4    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link         10.8.0.22    276
  255.255.255.255  255.255.255.255         On-link       172.20.10.4    276
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 18    276 fe80::/64                On-link
 23    276 fe80::/64                On-link
 18    276 fe80::29f1:d7ce:20f6:8a0b/128
                                    On-link
 23    276 fe80::9dd9:61ce:d068:7080/128
                                    On-link
  1    306 ff00::/8                 On-link
 18    276 ff00::/8                 On-link
 23    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None

C:\WINDOWS\system32>
Thank You for your help
Top
User avatar
Traffic
OpenVPN Protagonist
Posts: 4066
Joined: Sat Aug 09, 2014 11:24 am

Re: Problems with redirect-gateway def1 Windows 10

Post by Traffic » Tue Apr 12, 2016 8:23 pm

jschlis82 wrote:Just because that's what it references in the doc
Always read the docs carefully and apply the priciples discussed to your personal setup.
jschlis82 wrote:I changed that line in the server config file to:

Code:
push "route 192.168.1.0 255.255.255.0
Good.

Ping fails:
jschlis82 wrote:Pinging 192.168.1.18 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 192.168.1.18:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
Route on client exists over VPN:
jschlis82 wrote:

Code: Select all

      192.168.1.0    255.255.255.0        10.8.0.21        10.8.0.22     20
this probably means that this:
jschlis82 wrote:

Code: Select all

regedit

Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
Value: IPEnableRouter
Type: REG_DWORD
Data: 0x00000001 (1)
Has not been applied or you have not rebooted .. :geek:
Top
jschlis82
OpenVpn Newbie
Posts: 6
Joined: Tue Apr 12, 2016 4:30 am

Re: Problems with redirect-gateway def1 Windows 10

Post by jschlis82 » Tue Apr 12, 2016 10:04 pm

Still no go, I restarted the computer to make sure the regedit had taken effect and it still the same problem. I also verified that numerical value had been changed from a 0 to 1. Which it had. I decided to basically start over, uninstalled OpenVPN and installed a fresh 64 bit version I didn't change the static route created in the router and left the 1194 port open on the firewall. Port forwarding is on. My server config is:

Code: Select all

port 1194
proto udp
dev tun
ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\config\\server.crt"
key "C:\\Program Files\\OpenVPN\\config\\server.key"  # This file should be kept secret
dh "C:\\Program Files\\OpenVPN\\config\\dh1024.pem"
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3

push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"
push "route 192.168.1.0 255.255.255.0"
Client Config File is:

Code: Select all


client
dev tun
proto udp
remote myserver 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\config\\js-laptop2.crt"
key "C:\\Program Files\\OpenVPN\\config\\js-laptop2.key" 
remote-cert-tls server
comp-lzo
verb 3


I hook my iPhone to my laptop and try to connect to the VPN, this is the log I get on the client side:

Code: Select all

Tue Apr 12 14:48:39 2016 OpenVPN 2.3.10 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Mar 10 2016
Tue Apr 12 14:48:39 2016 Windows version 6.2 (Windows 8 or greater)
Tue Apr 12 14:48:39 2016 library versions: OpenSSL 1.0.1s  1 Mar 2016, LZO 2.09
Enter Management Password:
Tue Apr 12 14:48:39 2016 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Tue Apr 12 14:48:39 2016 Need hold release from management interface, waiting...
Tue Apr 12 14:48:40 2016 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Tue Apr 12 14:48:40 2016 MANAGEMENT: CMD 'state on'
Tue Apr 12 14:48:40 2016 MANAGEMENT: CMD 'log all on'
Tue Apr 12 14:48:40 2016 MANAGEMENT: CMD 'hold off'
Tue Apr 12 14:48:40 2016 MANAGEMENT: CMD 'hold release'
Tue Apr 12 14:48:40 2016 Socket Buffers: R=[65536->65536] S=[65536->65536]
Tue Apr 12 14:48:40 2016 MANAGEMENT: >STATE:1460497720,RESOLVE,,,
Tue Apr 12 14:48:41 2016 UDPv4 link local: [undef]
Tue Apr 12 14:48:41 2016 UDPv4 link remote: [AF_INET]xx.xx.xx.xxx:1194
Tue Apr 12 14:48:41 2016 MANAGEMENT: >STATE:1460497721,WAIT,,,
Tue Apr 12 14:48:41 2016 MANAGEMENT: >STATE:1460497721,AUTH,,,
Tue Apr 12 14:48:41 2016 TLS: Initial packet from [AF_INET]xx.xx.xx.xxx:1194, sid=57e10fec 9fe6ed0b
Tue Apr 12 14:48:41 2016 VERIFY OK: depth=1, C=US, ST=IL, L=Chicago, O=jsvpn, OU=jsvpn, CN=server, name=changeme, emailAddress=mail@host.domain
Tue Apr 12 14:48:41 2016 Validating certificate key usage
Tue Apr 12 14:48:41 2016 ++ Certificate has key usage  00a0, expects 00a0
Tue Apr 12 14:48:41 2016 VERIFY KU OK
Tue Apr 12 14:48:41 2016 Validating certificate extended key usage
Tue Apr 12 14:48:41 2016 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Tue Apr 12 14:48:41 2016 VERIFY EKU OK
Tue Apr 12 14:48:41 2016 VERIFY OK: depth=0, C=US, ST=IL, L=Chicago, O=jsvpn, OU=jsvpn, CN=server, name=changeme, emailAddress=mail@host.domain
Tue Apr 12 14:48:42 2016 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Apr 12 14:48:42 2016 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Apr 12 14:48:42 2016 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Apr 12 14:48:42 2016 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Apr 12 14:48:42 2016 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 1024 bit RSA
Tue Apr 12 14:48:42 2016 [server] Peer Connection Initiated with [AF_INET]24.15.65.138:1194
Tue Apr 12 14:48:43 2016 MANAGEMENT: >STATE:1460497723,GET_CONFIG,,,
Tue Apr 12 14:48:44 2016 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Tue Apr 12 14:48:44 2016 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 8.8.8.8,route 192.168.1.0 255.255.255.0,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5'
Tue Apr 12 14:48:44 2016 OPTIONS IMPORT: timers and/or timeouts modified
Tue Apr 12 14:48:44 2016 OPTIONS IMPORT: --ifconfig/up options modified
Tue Apr 12 14:48:44 2016 OPTIONS IMPORT: route options modified
Tue Apr 12 14:48:44 2016 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Tue Apr 12 14:48:44 2016 ROUTE_GATEWAY 172.20.10.1/255.255.255.240 I=23 HWADDR=7a:a3:e4:23:dd:37
Tue Apr 12 14:48:44 2016 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Tue Apr 12 14:48:44 2016 MANAGEMENT: >STATE:1460497724,ASSIGN_IP,,10.8.0.6,
Tue Apr 12 14:48:44 2016 open_tun, tt->ipv6=0
Tue Apr 12 14:48:44 2016 TAP-WIN32 device [Ethernet 2] opened: \\.\Global\{9A90D61E-8319-4F6F-B610-8B37F0DE652F}.tap
Tue Apr 12 14:48:44 2016 TAP-Windows Driver Version 9.21 
Tue Apr 12 14:48:44 2016 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.8.0.6/255.255.255.252 on interface {9A90D61E-8319-4F6F-B610-8B37F0DE652F} [DHCP-serv: 10.8.0.5, lease-time: 31536000]
Tue Apr 12 14:48:44 2016 Successful ARP Flush on interface [18] {9A90D61E-8319-4F6F-B610-8B37F0DE652F}
Tue Apr 12 14:48:49 2016 TEST ROUTES: 3/3 succeeded len=2 ret=1 a=0 u/d=up
Tue Apr 12 14:48:49 2016 C:\WINDOWS\system32\route.exe ADD xx.xx.xx.xxxx MASK 255.255.255.255 172.20.10.1
Tue Apr 12 14:48:49 2016 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
Tue Apr 12 14:48:49 2016 Route addition via IPAPI succeeded [adaptive]
Tue Apr 12 14:48:49 2016 C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.8.0.5
Tue Apr 12 14:48:49 2016 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
Tue Apr 12 14:48:49 2016 Route addition via IPAPI succeeded [adaptive]
Tue Apr 12 14:48:49 2016 C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.8.0.5
Tue Apr 12 14:48:49 2016 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
Tue Apr 12 14:48:49 2016 Route addition via IPAPI succeeded [adaptive]
Tue Apr 12 14:48:49 2016 MANAGEMENT: >STATE:1460497729,ADD_ROUTES,,,
Tue Apr 12 14:48:49 2016 C:\WINDOWS\system32\route.exe ADD 192.168.1.0 MASK 255.255.255.0 10.8.0.5
Tue Apr 12 14:48:49 2016 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
Tue Apr 12 14:48:49 2016 Route addition via IPAPI succeeded [adaptive]
Tue Apr 12 14:48:49 2016 C:\WINDOWS\system32\route.exe ADD 10.8.0.1 MASK 255.255.255.255 10.8.0.5
Tue Apr 12 14:48:49 2016 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
Tue Apr 12 14:48:49 2016 Route addition via IPAPI succeeded [adaptive]
Tue Apr 12 14:48:49 2016 Initialization Sequence Completed
Tue Apr 12 14:48:49 2016 MANAGEMENT: >STATE:1460497729,CONNECTED,SUCCESS,10.8.0.6,xx.xx.xx.xxx
If I ping on the client side and run route print I get:

Code: Select all

Microsoft Windows [Version 10.0.10586]
(c) 2015 Microsoft Corporation. All rights reserved.

C:\WINDOWS\system32>ping 192.168.1.18

Pinging 192.168.1.18 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 192.168.1.18:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

C:\WINDOWS\system32>route print
===========================================================================
Interface List
 19...e4 11 5b 32 ee 02 ......Intel(R) 82579LM Gigabit Network Connection
  7...24 77 03 41 b9 49 ......Microsoft Wi-Fi Direct Virtual Adapter
 12...26 77 03 41 b9 48 ......Microsoft Hosted Network Virtual Adapter
 23...7a a3 e4 23 dd 37 ......Apple Mobile Device Ethernet
 18...00 ff 9a 90 d6 1e ......TAP-Windows Adapter V9
 17...24 77 03 41 b9 48 ......Intel(R) Centrino(R) Ultimate-N 6300 AGN
 21...40 2c f4 86 b5 ca ......Bluetooth Device (Personal Area Network)
  1...........................Software Loopback Interface 1
 22...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 56...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #5
 63...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #6
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      172.20.10.1      172.20.10.4     20
          0.0.0.0        128.0.0.0         10.8.0.5         10.8.0.6     20
         10.8.0.1  255.255.255.255         10.8.0.5         10.8.0.6     20
         10.8.0.4  255.255.255.252         On-link          10.8.0.6    276
         10.8.0.6  255.255.255.255         On-link          10.8.0.6    276
         10.8.0.7  255.255.255.255         On-link          10.8.0.6    276
     24.15.65.138  255.255.255.255      172.20.10.1      172.20.10.4     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        128.0.0.0        128.0.0.0         10.8.0.5         10.8.0.6     20
      172.20.10.0  255.255.255.240         On-link       172.20.10.4    276
      172.20.10.4  255.255.255.255         On-link       172.20.10.4    276
     172.20.10.15  255.255.255.255         On-link       172.20.10.4    276
      192.168.1.0    255.255.255.0         10.8.0.5         10.8.0.6     20
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link          10.8.0.6    276
        224.0.0.0        240.0.0.0         On-link       172.20.10.4    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link          10.8.0.6    276
  255.255.255.255  255.255.255.255         On-link       172.20.10.4    276
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 18    276 fe80::/64                On-link
 23    276 fe80::/64                On-link
 18    276 fe80::78:dc0c:e84b:4f23/128
                                    On-link
 23    276 fe80::9dd9:61ce:d068:7080/128
                                    On-link
  1    306 ff00::/8                 On-link
 18    276 ff00::/8                 On-link
 23    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None

C:\WINDOWS\system32>
Log on the server side is:

Code: Select all

Tue Apr 12 16:47:56 2016 OpenVPN 2.3.10 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Mar 10 2016
Tue Apr 12 16:47:56 2016 Windows version 6.2 (Windows 8 or greater)
Tue Apr 12 16:47:56 2016 library versions: OpenSSL 1.0.1s  1 Mar 2016, LZO 2.09
Enter Management Password:
Tue Apr 12 16:47:56 2016 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Tue Apr 12 16:47:56 2016 Need hold release from management interface, waiting...
Tue Apr 12 16:47:56 2016 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Tue Apr 12 16:47:57 2016 MANAGEMENT: CMD 'state on'
Tue Apr 12 16:47:57 2016 MANAGEMENT: CMD 'log all on'
Tue Apr 12 16:47:57 2016 MANAGEMENT: CMD 'hold off'
Tue Apr 12 16:47:57 2016 MANAGEMENT: CMD 'hold release'
Tue Apr 12 16:47:57 2016 NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x.  Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
Tue Apr 12 16:47:57 2016 Diffie-Hellman initialized with 1024 bit key
Tue Apr 12 16:47:57 2016 Socket Buffers: R=[65536->65536] S=[65536->65536]
Tue Apr 12 16:47:57 2016 ROUTE_GATEWAY 192.168.1.1/255.255.255.0 I=14 HWADDR=f0:4d:a2:fb:58:26
Tue Apr 12 16:47:57 2016 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Tue Apr 12 16:47:57 2016 MANAGEMENT: >STATE:1460497677,ASSIGN_IP,,10.8.0.1,
Tue Apr 12 16:47:57 2016 open_tun, tt->ipv6=0
Tue Apr 12 16:47:57 2016 TAP-WIN32 device [Ethernet] opened: \\.\Global\{BE311346-74AC-404B-95F8-1D30C4CF3043}.tap
Tue Apr 12 16:47:57 2016 TAP-Windows Driver Version 9.21 
Tue Apr 12 16:47:57 2016 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.8.0.1/255.255.255.252 on interface {BE311346-74AC-404B-95F8-1D30C4CF3043} [DHCP-serv: 10.8.0.2, lease-time: 31536000]
Tue Apr 12 16:47:57 2016 Sleeping for 10 seconds...
Tue Apr 12 16:48:07 2016 Successful ARP Flush on interface [11] {BE311346-74AC-404B-95F8-1D30C4CF3043}
Tue Apr 12 16:48:07 2016 MANAGEMENT: >STATE:1460497687,ADD_ROUTES,,,
Tue Apr 12 16:48:07 2016 C:\WINDOWS\system32\route.exe ADD 10.8.0.0 MASK 255.255.255.0 10.8.0.2
Tue Apr 12 16:48:07 2016 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
Tue Apr 12 16:48:07 2016 Route addition via IPAPI succeeded [adaptive]
Tue Apr 12 16:48:07 2016 UDPv4 link local (bound): [undef]
Tue Apr 12 16:48:07 2016 UDPv4 link remote: [undef]
Tue Apr 12 16:48:07 2016 MULTI: multi_init called, r=256 v=256
Tue Apr 12 16:48:07 2016 IFCONFIG POOL: base=10.8.0.4 size=62, ipv6=0
Tue Apr 12 16:48:07 2016 ifconfig_pool_read(), in='js-laptop2,10.8.0.4', TODO: IPv6
Tue Apr 12 16:48:07 2016 succeeded -> ifconfig_pool_set()
Tue Apr 12 16:48:07 2016 IFCONFIG POOL LIST
Tue Apr 12 16:48:07 2016 js-laptop2,10.8.0.4
Tue Apr 12 16:48:07 2016 Initialization Sequence Completed
Tue Apr 12 16:48:07 2016 MANAGEMENT: >STATE:1460497687,CONNECTED,SUCCESS,10.8.0.1,
Tue Apr 12 16:48:42 2016 97.46.1.30:7462 TLS: Initial packet from [AF_INET]97.46.1.30:7462, sid=352517fd 17e4dfac
Tue Apr 12 16:48:43 2016 97.46.1.30:7462 VERIFY OK: depth=1, C=US, ST=IL, L=Chicago, O=jsvpn, OU=jsvpn, CN=server, name=changeme, emailAddress=mail@host.domain
Tue Apr 12 16:48:43 2016 97.46.1.30:7462 VERIFY OK: depth=0, C=US, ST=IL, L=Chicago, O=jsvpn, OU=jsvpn, CN=js-laptop2, name=changeme, emailAddress=mail@host.domain
Tue Apr 12 16:48:43 2016 97.46.1.30:7462 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Apr 12 16:48:43 2016 97.46.1.30:7462 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Apr 12 16:48:43 2016 97.46.1.30:7462 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Apr 12 16:48:43 2016 97.46.1.30:7462 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Apr 12 16:48:43 2016 97.46.1.30:7462 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 1024 bit RSA
Tue Apr 12 16:48:43 2016 97.46.1.30:7462 [js-laptop2] Peer Connection Initiated with [AF_INET]97.46.1.30:7462
Tue Apr 12 16:48:43 2016 js-laptop2/97.46.1.30:7462 MULTI_sva: pool returned IPv4=10.8.0.6, IPv6=(Not enabled)
Tue Apr 12 16:48:43 2016 js-laptop2/97.46.1.30:7462 MULTI: Learn: 10.8.0.6 -> js-laptop2/97.46.1.30:7462
Tue Apr 12 16:48:43 2016 js-laptop2/97.46.1.30:7462 MULTI: primary virtual IP for js-laptop2/97.46.1.30:7462: 10.8.0.6
Tue Apr 12 16:48:45 2016 js-laptop2/97.46.1.30:7462 PUSH: Received control message: 'PUSH_REQUEST'
Tue Apr 12 16:48:45 2016 js-laptop2/97.46.1.30:7462 send_push_reply(): safe_cap=940
Tue Apr 12 16:48:45 2016 js-laptop2/97.46.1.30:7462 SENT CONTROL [js-laptop2]: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 8.8.8.8,route 192.168.1.0 255.255.255.0,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5' (status=1)
Running ping and route print on server side is:

Code: Select all

C:\WINDOWS\system32>ping 192.168.1.18

Pinging 192.168.1.18 with 32 bytes of data:
Reply from 192.168.1.18: bytes=32 time<1ms TTL=128
Reply from 192.168.1.18: bytes=32 time<1ms TTL=128
Reply from 192.168.1.18: bytes=32 time<1ms TTL=128
Reply from 192.168.1.18: bytes=32 time<1ms TTL=128

Ping statistics for 192.168.1.18:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms

C:\WINDOWS\system32>print route
Unable to initialize device PRN

C:\WINDOWS\system32>route print
===========================================================================
Interface List
 18...38 59 f9 41 1a 15 ......Dell Wireless 1502 802.11b|g|n
  9...1a 59 f9 41 1a 15 ......Microsoft Wi-Fi Direct Virtual Adapter
 14...f0 4d a2 fb 58 26 ......Realtek PCIe GBE Family Controller
 11...00 ff be 31 13 46 ......TAP-Windows Adapter V9
  1...........................Software Loopback Interface 1
  8...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
  4...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
  7...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1     192.168.1.18     11
         10.8.0.0    255.255.255.0         10.8.0.2         10.8.0.1     20
         10.8.0.0  255.255.255.252         On-link          10.8.0.1    276
         10.8.0.1  255.255.255.255         On-link          10.8.0.1    276
         10.8.0.3  255.255.255.255         On-link          10.8.0.1    276
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link      192.168.1.18    266
     192.168.1.18  255.255.255.255         On-link      192.168.1.18    266
    192.168.1.255  255.255.255.255         On-link      192.168.1.18    266
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.1.18    266
        224.0.0.0        240.0.0.0         On-link          10.8.0.1    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.1.18    266
  255.255.255.255  255.255.255.255         On-link          10.8.0.1    276
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
          0.0.0.0          0.0.0.0      192.168.1.1       1
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 14    266 fe80::/64                On-link
 11    276 fe80::/64                On-link
 11    276 fe80::25da:1926:245e:25f4/128
                                    On-link
 14    266 fe80::3c93:b8de:34f3:46b5/128
                                    On-link
  1    306 ff00::/8                 On-link
 14    266 ff00::/8                 On-link
 11    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None

C:\WINDOWS\system32>

Do you have any other ideas on what could be keeping this from working? It could be something obvious that I'm missing. Thank You.
Top
User avatar
Traffic
OpenVPN Protagonist
Posts: 4066
Joined: Sat Aug 09, 2014 11:24 am

Re: Problems with redirect-gateway def1 Windows 10

Post by Traffic » Tue Apr 12, 2016 10:36 pm

jschlis82 wrote:I hook my iPhone to my laptop and try to connect to the VPN
The connection to the VPN is successful .. OK

I would recommend you add

Code: Select all

topology subnet
to the server config but that should not effect this problem.
(See --topology in The Manual v23x)

Essentially, IP_Forward does not appear to be working for you .. sorry I don't have much experience of W10.

I presume you can ping the server on 10.8.0.1 from the client :?:
Top
jschlis82
OpenVpn Newbie
Posts: 6
Joined: Tue Apr 12, 2016 4:30 am

Re: Problems with redirect-gateway def1 Windows 10

Post by jschlis82 » Tue Apr 12, 2016 10:50 pm

I added topology subnet to the bottom of my server config making it look like this:

Code: Select all

port 1194
proto udp
dev tun
ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\config\\server.crt"
key "C:\\Program Files\\OpenVPN\\config\\server.key"  # This file should be kept secret
dh "C:\\Program Files\\OpenVPN\\config\\dh1024.pem"
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3

push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"
push "route 192.168.1.0 255.255.255.0"
topology subnet
I pinged 10.8.0.1 from the client both on the local network and connected to the cell phone and came up with:

Code: Select all

C:\WINDOWS\system32>ping 10.8.0.1

Pinging 10.8.0.1 with 32 bytes of data:
Reply from 10.8.0.1: bytes=32 time=4ms TTL=128
Reply from 10.8.0.1: bytes=32 time=3ms TTL=128
Reply from 10.8.0.1: bytes=32 time=3ms TTL=128
Reply from 10.8.0.1: bytes=32 time=3ms TTL=128

Ping statistics for 10.8.0.1:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 3ms, Maximum = 4ms, Average = 3ms

C:\WINDOWS\system32>ping 10.8.0.1

Pinging 10.8.0.1 with 32 bytes of data:
Reply from 10.8.0.1: bytes=32 time=106ms TTL=128
Reply from 10.8.0.1: bytes=32 time=87ms TTL=128
Reply from 10.8.0.1: bytes=32 time=151ms TTL=128
Reply from 10.8.0.1: bytes=32 time=165ms TTL=128

Ping statistics for 10.8.0.1:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 87ms, Maximum = 165ms, Average = 127ms
Unfortunately it looks like I'm having the same problem. Thank you for all the help you've given me so far on this, if you can think of anything else please let me know. I'll continue to work on it and let you know if I can figure anything out.
Top
User avatar
Traffic
OpenVPN Protagonist
Posts: 4066
Joined: Sat Aug 09, 2014 11:24 am

Re: Problems with redirect-gateway def1 Windows 10

Post by Traffic » Tue Apr 12, 2016 10:57 pm

There are two points to note:
  • Connecting to a server on the same lan is inherently tricky ..
    But as your PC/phone connection works you can disable your other network cards for testing.
  • Using 192.168.1.0/24 as your server side LAN is not recommended as it will probably cause routing conflicts.
    You should change it if possible (probably at your router)
    Any other RFC1918 compliant subnet is suitable. f.e 192.168.143.0/24
And you really should be able to ping the server LAN IP 192.168.x.18 by pushing the route 192.168.x.0 to the client ..
That is if IP_Forwarding is working and you have disabled your server and client Firewall !

IP_Forward is the Linux equivalent to the Windows Registry:IPEnableRouter=1
Top
User avatar
Traffic
OpenVPN Protagonist
Posts: 4066
Joined: Sat Aug 09, 2014 11:24 am

Re: Problems with redirect-gateway def1 Windows 10

Post by Traffic » Wed Apr 13, 2016 12:08 am

I would make sure this is done right:
jschlis82 wrote:Next:

Control Panel
Network and Sharing Center
Local Area Connection # Make sure you select the right connection: Your active LAN adaptor
Properties
Sharing
Tick the box "Allow other network users to connect through this computer's Internet connection"
From the drop-down list select "Local Area Connection 2", or whatever is the connection name of your TAP server connection.
You may also need to disable either your ethernet or wifi .. which ever you are not using.
Top
bpevrancken@gmail.com
OpenVpn Newbie
Posts: 1
Joined: Sun Jan 29, 2017 8:00 pm

Re: Problems with redirect-gateway def1 Windows 10

Post by bpevrancken@gmail.com » Sun Jan 29, 2017 8:26 pm

Hi,

I had a comparable problem on my VPN client. My goal was to route all internet traffic through my VPN server at home in order to channel all traffic through the default gateway of the router which routes and filters traffic on the basis of my opendns settings. On the client side of a windows PC, it is not sufficient to enable "redirect-gateway def1" in the config file. When I checked my IP address as well as the welcome opendns page, it turned out that the client routed the internet traffic directly, so outside the VPN server, which is not what I intended. What I learned, is that windows allocates a certain priority to each network adapter automatically. In the menu network connections, this priority order can be changed. In windows, type View network connections, and then select View network connections at the top of the list, then select Properties and select either Internet Protocol Version 4 (TCP/IPv4), select Advanced and uncheck the interface metric from automatic to manual. Choose a higher number for the Wifi adapter (e.g. 15) and a lower number for the VPN adapter (e.g. 10). This will ensure that all traffic first goes to the 'fastest' connection, which is marked with the lowest number, in this case the VPN adapter. Furthermore, for those who want the opendns filter settings to work, make sure that a specified opendns address is used instead of automatic DNS address allocation; enable the option 'use following DNS addresses' in the properties menu of Internet Protocol Version 4 (TCP/IPv4).

Regards,
bart
Top
User avatar
disqualified
OpenVPN User
Posts: 40
Joined: Fri Jun 03, 2016 7:13 pm

Re: Problems with redirect-gateway def1 Windows 10

Post by disqualified » Mon Jan 30, 2017 1:59 am

You should documents this properly.
Top
Locked

Return to “Configuration”