Problems with redirect-gateway def1 Windows 10
Posted: Tue Apr 12, 2016 4:54 am
by jschlis82
For starters I have very limited experience with OpenVPN or networking so I'll do my best to explain what I've done and hopefully if anyone has a solution to my problem they can explain it in a way which even a layman can figure out. I did have this working on a windows 7 server, but now have a windows 10 machine and can not get it to work.
The client will connect to the server, but when I go to access the internet nothing comes up. The internet works fine if I comment out redirect-gateway def1 out but than I don't think it's tunneling my internet connection through the server because when I check my ip address it does not show the home servers public ip address.
I checked the firewall and port 1194 is open. I also completely disabled my firewall in order to verify that it was not a firewall problem and I ran into the same problem of the client connecting to the server but no internet access. My goal is to be able to tunnel all my internet traffic through my server at home.
I initially installed the 64 bit version, than the 32 bit version... Same problems. I think I was only able to get the 32 bit version to work with windows 7 for whatever reason. I even took the old config files from the working windows 7 server and imported them into the windows 10 server and had the same problem. I did the following tweaks:
Code: Select all
Start -> Right-click My Computer -> Manage
Services
Right-click Routing and Remote Access -> Properties -> Automatic
Right-click Routing and Remote Access -> Start
Next:
Control Panel
Network and Sharing Center
Local Area Connection
Properties
Sharing
Tick the box "Allow other network users to connect through this computer's Internet connection"
From the drop-down list select "Local Area Connection 2", or whatever is the connection name of your TAP server connection.
regedit
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
Value: IPEnableRouter
Type: REG_DWORD
Data: 0x00000001 (1)
My server .ovpn file is as follows:
Code: Select all
port 1194
proto udp
dev tun
ca "C:\\Program Files (x86)\\OpenVPN\\config\\ca.crt"
cert "C:\\Program Files (x86)\\OpenVPN\\config\\server.crt"
key "C:\\Program Files (x86)\\OpenVPN\\config\\server.key"
dh "C:\\Program Files (x86)\\OpenVPN\\config\\dh1024.pem"
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3
push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"
Client ovpn file is as follow:
Code: Select all
client
dev tun
proto udp
remote myserver 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca "ca.crt"
cert "john-laptop.crt"
key "john-laptop.key"
ns-cert-type server
comp-lzo
verb 3
I'm at a loss and have been looking at different forums for hours now. If anyway one has any idea on how to get this to work I'd be grateful.
Thank you in Advance!
John
Re: Problems with redirect-gateway def1 Windows 10
Posted: Tue Apr 12, 2016 4:25 pm
by jschlis82
Hello,
Thank you for your response.
I tried the solution with the widows 10 tweaks the original poster recommended in that post which didn't work. I tried to create a static route with my router (NetGear wndr3700). I'm not sure if this is right but this is what I put in:
<code>
Destination IP : 10.8.0.0
IP Submask: 255.255.255.0
IP Gateway: 192.168.1.18 (This is the computer the server is running on)
Metric 3
</code>
The router software would not allow me to put in the VPN assigned VPN server IP address of 10.8.0.1 saying that "gateway should be on the same subnet as the WAN or the LAN interface"
Here is the log from the client:
<code>
Tue Apr 12 09:08:25 2016 OpenVPN 2.3.10 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Mar 10 2016
Tue Apr 12 09:08:25 2016 Windows version 6.2 (Windows 8 or greater)
Tue Apr 12 09:08:25 2016 library versions: OpenSSL 1.0.1s 1 Mar 2016, LZO 2.09
Enter Management Password:
Tue Apr 12 09:08:25 2016 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Tue Apr 12 09:08:25 2016 Need hold release from management interface, waiting...
Tue Apr 12 09:08:26 2016 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Tue Apr 12 09:08:26 2016 MANAGEMENT: CMD 'state on'
Tue Apr 12 09:08:26 2016 MANAGEMENT: CMD 'log all on'
Tue Apr 12 09:08:26 2016 MANAGEMENT: CMD 'hold off'
Tue Apr 12 09:08:26 2016 MANAGEMENT: CMD 'hold release'
Tue Apr 12 09:08:26 2016 Socket Buffers: R=[65536->65536] S=[65536->65536]
Tue Apr 12 09:08:26 2016 MANAGEMENT: >STATE:1460477306,RESOLVE,,,
Tue Apr 12 09:08:27 2016 UDPv4 link local: [undef]
Tue Apr 12 09:08:27 2016 UDPv4 link remote: [AF_INET]xx.xx.xx.xxx:1194
Tue Apr 12 09:08:27 2016 MANAGEMENT: >STATE:1460477307,WAIT,,,
Tue Apr 12 09:08:27 2016 MANAGEMENT: >STATE:1460477307,AUTH,,,
Tue Apr 12 09:08:27 2016 TLS: Initial packet from [AF_INET]xx.xx.xx.xxx:1194, sid=57775a0b f9021b23
Tue Apr 12 09:08:27 2016 VERIFY OK: depth=1, C=US, ST=IL, L=Chicago, O=, CN=server, emailAddress=
Tue Apr 12 09:08:27 2016 VERIFY OK: nsCertType=SERVER
Tue Apr 12 09:08:27 2016 VERIFY OK: depth=0, C=US, ST=IL, O=, CN=server, emailAddress=
Tue Apr 12 09:08:27 2016 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Apr 12 09:08:27 2016 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Apr 12 09:08:27 2016 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Apr 12 09:08:27 2016 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Apr 12 09:08:27 2016 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 1024 bit RSA
Tue Apr 12 09:08:27 2016 [server] Peer Connection Initiated with [AF_INET]xx.xx.xx.xxx:1194
Tue Apr 12 09:08:28 2016 MANAGEMENT: >STATE:1460477308,GET_CONFIG,,,
Tue Apr 12 09:08:29 2016 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Tue Apr 12 09:08:29 2016 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,redirect-gateway local def1,dhcp-option DNS 8.8.8.8,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.22 10.8.0.21'
Tue Apr 12 09:08:29 2016 OPTIONS IMPORT: timers and/or timeouts modified
Tue Apr 12 09:08:29 2016 OPTIONS IMPORT: --ifconfig/up options modified
Tue Apr 12 09:08:29 2016 OPTIONS IMPORT: route options modified
Tue Apr 12 09:08:29 2016 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Tue Apr 12 09:08:29 2016 ROUTE_GATEWAY 192.168.1.1/255.255.255.0 I=17 HWADDR=24:77:03:41:b9:48
Tue Apr 12 09:08:29 2016 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Tue Apr 12 09:08:29 2016 MANAGEMENT: >STATE:1460477309,ASSIGN_IP,,10.8.0.22,
Tue Apr 12 09:08:29 2016 open_tun, tt->ipv6=0
Tue Apr 12 09:08:29 2016 TAP-WIN32 device [Ethernet 2] opened: \\.\Global\{662BF6C6-D948-4C1C-A853-FDEAC308320B}.tap
Tue Apr 12 09:08:29 2016 TAP-Windows Driver Version 9.21
Tue Apr 12 09:08:29 2016 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.8.0.22/255.255.255.252 on interface {662BF6C6-D948-4C1C-A853-FDEAC308320B} [DHCP-serv: 10.8.0.21, lease-time: 31536000]
Tue Apr 12 09:08:29 2016 Successful ARP Flush on interface [18] {662BF6C6-D948-4C1C-A853-FDEAC308320B}
Tue Apr 12 09:08:34 2016 TEST ROUTES: 2/2 succeeded len=1 ret=1 a=0 u/d=up
Tue Apr 12 09:08:34 2016 C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.8.0.21
Tue Apr 12 09:08:34 2016 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
Tue Apr 12 09:08:34 2016 Route addition via IPAPI succeeded [adaptive]
Tue Apr 12 09:08:34 2016 C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.8.0.21
Tue Apr 12 09:08:34 2016 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
Tue Apr 12 09:08:34 2016 Route addition via IPAPI succeeded [adaptive]
Tue Apr 12 09:08:34 2016 MANAGEMENT: >STATE:1460477314,ADD_ROUTES,,,
Tue Apr 12 09:08:34 2016 C:\WINDOWS\system32\route.exe ADD 10.8.0.1 MASK 255.255.255.255 10.8.0.21
Tue Apr 12 09:08:34 2016 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
Tue Apr 12 09:08:34 2016 Route addition via IPAPI succeeded [adaptive]
Tue Apr 12 09:08:34 2016 Initialization Sequence Completed
Tue Apr 12 09:08:34 2016 MANAGEMENT: >STATE:1460477314,CONNECTED,SUCCESS,10.8.0.22,xx.xx.xx.xxx
</code>
and the log from the server:
<code>
Tue Apr 12 11:00:31 2016 OpenVPN 2.3.10 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Mar 10 2016
Tue Apr 12 11:00:31 2016 Windows version 6.2 (Windows 8 or greater)
Tue Apr 12 11:00:31 2016 library versions: OpenSSL 1.0.1s 1 Mar 2016, LZO 2.09
Enter Management Password:
Tue Apr 12 11:00:31 2016 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Tue Apr 12 11:00:31 2016 Need hold release from management interface, waiting...
Tue Apr 12 11:00:32 2016 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Tue Apr 12 11:00:32 2016 MANAGEMENT: CMD 'state on'
Tue Apr 12 11:00:32 2016 MANAGEMENT: CMD 'log all on'
Tue Apr 12 11:00:32 2016 MANAGEMENT: CMD 'hold off'
Tue Apr 12 11:00:32 2016 MANAGEMENT: CMD 'hold release'
Tue Apr 12 11:00:32 2016 NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x. Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
Tue Apr 12 11:00:32 2016 Diffie-Hellman initialized with 1024 bit key
Tue Apr 12 11:00:32 2016 Socket Buffers: R=[65536->65536] S=[65536->65536]
Tue Apr 12 11:00:32 2016 ROUTE_GATEWAY 192.168.1.1/255.255.255.0 I=13 HWADDR=f0:4d:a2:fb:58:26
Tue Apr 12 11:00:32 2016 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Tue Apr 12 11:00:32 2016 MANAGEMENT: >STATE:1460476832,ASSIGN_IP,,10.8.0.1,
Tue Apr 12 11:00:32 2016 open_tun, tt->ipv6=0
Tue Apr 12 11:00:32 2016 TAP-WIN32 device [Ethernet] opened: \\.\Global\{6BB6E50C-0F3C-4757-B635-67C7928FB3EC}.tap
Tue Apr 12 11:00:32 2016 TAP-Windows Driver Version 9.21
Tue Apr 12 11:00:32 2016 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.8.0.1/255.255.255.252 on interface {6BB6E50C-0F3C-4757-B635-67C7928FB3EC} [DHCP-serv: 10.8.0.2, lease-time: 31536000]
Tue Apr 12 11:00:32 2016 Sleeping for 10 seconds...
Tue Apr 12 11:00:42 2016 Successful ARP Flush on interface [10] {6BB6E50C-0F3C-4757-B635-67C7928FB3EC}
Tue Apr 12 11:00:42 2016 MANAGEMENT: >STATE:1460476842,ADD_ROUTES,,,
Tue Apr 12 11:00:42 2016 C:\WINDOWS\system32\route.exe ADD 10.8.0.0 MASK 255.255.255.0 10.8.0.2
Tue Apr 12 11:00:42 2016 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
Tue Apr 12 11:00:42 2016 Route addition via IPAPI succeeded [adaptive]
Tue Apr 12 11:00:42 2016 UDPv4 link local (bound): [undef]
Tue Apr 12 11:00:42 2016 UDPv4 link remote: [undef]
Tue Apr 12 11:00:42 2016 MULTI: multi_init called, r=256 v=256
Tue Apr 12 11:00:42 2016 IFCONFIG POOL: base=10.8.0.4 size=62, ipv6=0
Tue Apr 12 11:00:42 2016 ifconfig_pool_read(), in='sara-iphone,10.8.0.4', TODO: IPv6
Tue Apr 12 11:00:42 2016 succeeded -> ifconfig_pool_set()
Tue Apr 12 11:00:42 2016 ifconfig_pool_read(), in='john-ipad,10.8.0.8', TODO: IPv6
Tue Apr 12 11:00:42 2016 succeeded -> ifconfig_pool_set()
Tue Apr 12 11:00:42 2016 ifconfig_pool_read(), in='sara-ipad,10.8.0.12', TODO: IPv6
Tue Apr 12 11:00:42 2016 succeeded -> ifconfig_pool_set()
Tue Apr 12 11:00:42 2016 ifconfig_pool_read(), in='john-iphone,10.8.0.16', TODO: IPv6
Tue Apr 12 11:00:42 2016 succeeded -> ifconfig_pool_set()
Tue Apr 12 11:00:42 2016 ifconfig_pool_read(), in='john-laptop,10.8.0.20', TODO: IPv6
Tue Apr 12 11:00:42 2016 succeeded -> ifconfig_pool_set()
Tue Apr 12 11:00:42 2016 IFCONFIG POOL LIST
Tue Apr 12 11:00:42 2016 sara-iphone,10.8.0.4
Tue Apr 12 11:00:42 2016 john-ipad,10.8.0.8
Tue Apr 12 11:00:42 2016 sara-ipad,10.8.0.12
Tue Apr 12 11:00:42 2016 john-iphone,10.8.0.16
Tue Apr 12 11:00:42 2016 john-laptop,10.8.0.20
Tue Apr 12 11:00:42 2016 Initialization Sequence Completed
Tue Apr 12 11:00:42 2016 MANAGEMENT: >STATE:1460476842,CONNECTED,SUCCESS,10.8.0.1,
Tue Apr 12 11:08:24 2016 xx.xx.xx.xxx:64827 TLS: Initial packet from [AF_INET]xx.xx.xx.xxx:64827, sid=6392c47c 10f232a4
Tue Apr 12 11:08:24 2016 xx.xx.xx.xxx:64827 VERIFY OK: depth=1, C=US, ST=IL, L=Chicago, O=, CN=server, emailAddress=
Tue Apr 12 11:08:24 2016 xx.xx.xx.xxx:64827 VERIFY OK: depth=0, C=US, ST=IL, O=, CN=john-laptop
Tue Apr 12 11:08:24 2016 xx.xx.xx.xxx:64827 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Apr 12 11:08:24 2016 xx.xx.xx.xxx:64827 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Apr 12 11:08:24 2016 xx.xx.xx.xxx:64827 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Apr 12 11:08:24 2016 xx.xx.xx.xxx:64827 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Apr 12 11:08:24 2016 xx.xx.xx.xxx:64827 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 1024 bit RSA
Tue Apr 12 11:08:24 2016 xx.xx.xx.xxx:64827 [john-laptop] Peer Connection Initiated with [AF_INET]24.15.65.138:64827
Tue Apr 12 11:08:24 2016 john-laptop/xx.xx.xx.xxx:64827 MULTI_sva: pool returned IPv4=10.8.0.22, IPv6=(Not enabled)
Tue Apr 12 11:08:24 2016 john-laptop/xx.xx.xx.xxx:64827 MULTI: Learn: 10.8.0.22 -> john-laptop/xx.xx.xx.xxx:64827
Tue Apr 12 11:08:24 2016 john-laptop/xx.xx.xx.xxx:64827 MULTI: primary virtual IP for john-laptop/xx.xx.xx.xxx:64827: 10.8.0.22
Tue Apr 12 11:08:26 2016 john-laptop/xx.xx.xx.xxx:64827 PUSH: Received control message: 'PUSH_REQUEST'
Tue Apr 12 11:08:26 2016 john-laptop/xx.xx.xx.xxx:64827 send_push_reply(): safe_cap=940
Tue Apr 12 11:08:26 2016 john-laptop/xx.xx.xx.xxx:64827 SENT CONTROL [john-laptop]: 'PUSH_REPLY,redirect-gateway def1,redirect-gateway local def1,dhcp-option DNS 8.8.8.8,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.22 10.8.0.21' (status=1)
Tue Apr 12 11:12:31 2016 john-laptop/xx.xx.xx.xxx:64827 [john-laptop] Inactivity timeout (--ping-restart), restarting
Tue Apr 12 11:12:31 2016 john-laptop/xx.xx.xx.xxx:64827 SIGUSR1[soft,ping-restart] received, client-instance restarting
Tue Apr 12 11:17:54 2016 C:\WINDOWS\system32\route.exe DELETE 10.8.0.0 MASK 255.255.255.0 10.8.0.2
Tue Apr 12 11:17:54 2016 Route deletion via IPAPI succeeded [adaptive]
Tue Apr 12 11:17:54 2016 Closing TUN/TAP interface
Tue Apr 12 11:17:54 2016 SIGTERM[hard,] received, process exiting
Tue Apr 12 11:17:54 2016 MANAGEMENT: >STATE:1460477874,EXITING,SIGTERM,,
</code>
the xx.xx.xx.xxx is my public ip address. Do you have anymore ideas on this?
Thank You!
Re: Problems with redirect-gateway def1 Windows 10
Posted: Tue Apr 12, 2016 6:34 pm
by jschlis82
Thank you for your response.
I added push "route 10.66.0.0 255.255.255.0"
Giving me a new server config file which looks like this:
Code: Select all
port 1194
proto udp
dev tun
ca "C:\\Program Files (x86)\\OpenVPN\\config\\ca.crt"
cert "C:\\Program Files (x86)\\OpenVPN\\config\\server.crt"
key "C:\\Program Files (x86)\\OpenVPN\\config\\server.key"
dh "C:\\Program Files (x86)\\OpenVPN\\config\\dh1024.pem"
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3
push "redirect-gateway def1"
push "redirect-gateway local def1"
push "dhcp-option DNS 8.8.8.8"
push "route 10.66.0.0 255.255.255.0"
When I turn connect to the VPN server on the local network I get the following from the cmd (still no internet, this is how the it was set up with the last log files I sent):
Code: Select all
Microsoft Windows [Version 10.0.10586]
(c) 2015 Microsoft Corporation. All rights reserved.
C:\WINDOWS\system32>ping 192.168.1.18
Pinging 192.168.1.18 with 32 bytes of data:
Reply from 192.168.1.18: bytes=32 time=3ms TTL=128
Reply from 192.168.1.18: bytes=32 time=1ms TTL=128
Reply from 192.168.1.18: bytes=32 time=2ms TTL=128
Reply from 192.168.1.18: bytes=32 time=3ms TTL=128
Ping statistics for 192.168.1.18:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 3ms, Average = 2ms
C:\WINDOWS\system32>route print
===========================================================================
Interface List
19...e4 11 5b 32 ee 02 ......Intel(R) 82579LM Gigabit Network Connection
7...24 77 03 41 b9 49 ......Microsoft Wi-Fi Direct Virtual Adapter
12...26 77 03 41 b9 48 ......Microsoft Hosted Network Virtual Adapter
18...00 ff 66 2b f6 c6 ......TAP-Windows Adapter V9
17...24 77 03 41 b9 48 ......Intel(R) Centrino(R) Ultimate-N 6300 AGN
21...40 2c f4 86 b5 ca ......Bluetooth Device (Personal Area Network)
1...........................Software Loopback Interface 1
22...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
10...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
56...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #5
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.10 20
0.0.0.0 128.0.0.0 10.8.0.21 10.8.0.22 20
10.8.0.1 255.255.255.255 10.8.0.21 10.8.0.22 20
10.8.0.20 255.255.255.252 On-link 10.8.0.22 276
10.8.0.22 255.255.255.255 On-link 10.8.0.22 276
10.8.0.23 255.255.255.255 On-link 10.8.0.22 276
10.66.0.0 255.255.255.0 10.8.0.21 10.8.0.22 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
128.0.0.0 128.0.0.0 10.8.0.21 10.8.0.22 20
192.168.1.0 255.255.255.0 On-link 192.168.1.10 276
192.168.1.10 255.255.255.255 On-link 192.168.1.10 276
192.168.1.255 255.255.255.255 On-link 192.168.1.10 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.10 276
224.0.0.0 240.0.0.0 On-link 10.8.0.22 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.10 276
255.255.255.255 255.255.255.255 On-link 10.8.0.22 276
===========================================================================
Persistent Routes:
None
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
17 276 fe80::/64 On-link
18 276 fe80::/64 On-link
18 276 fe80::29f1:d7ce:20f6:8a0b/128
On-link
17 276 fe80::4503:bfa5:ab9e:71af/128
On-link
1 306 ff00::/8 On-link
17 276 ff00::/8 On-link
18 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
C:\WINDOWS\system32>
If I connect my phone and try to connect to the VPN from outside the local network, it still shows me as connected but again no internet. Here is the results from the cmd in this scenario:
Code: Select all
Microsoft Windows [Version 10.0.10586]
(c) 2015 Microsoft Corporation. All rights reserved.
C:\WINDOWS\system32>ping 192.168.1.18
Pinging 192.168.1.18 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 192.168.1.18:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
C:\WINDOWS\system32>route print
===========================================================================
Interface List
19...e4 11 5b 32 ee 02 ......Intel(R) 82579LM Gigabit Network Connection
7...24 77 03 41 b9 49 ......Microsoft Wi-Fi Direct Virtual Adapter
12...26 77 03 41 b9 48 ......Microsoft Hosted Network Virtual Adapter
23...7a a3 e4 23 dd 37 ......Apple Mobile Device Ethernet
18...00 ff 66 2b f6 c6 ......TAP-Windows Adapter V9
17...24 77 03 41 b9 48 ......Intel(R) Centrino(R) Ultimate-N 6300 AGN
21...40 2c f4 86 b5 ca ......Bluetooth Device (Personal Area Network)
1...........................Software Loopback Interface 1
22...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
10...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
56...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #5
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 172.20.10.1 172.20.10.4 20
0.0.0.0 128.0.0.0 10.8.0.21 10.8.0.22 20
10.8.0.1 255.255.255.255 10.8.0.21 10.8.0.22 20
10.8.0.20 255.255.255.252 On-link 10.8.0.22 276
10.8.0.22 255.255.255.255 On-link 10.8.0.22 276
10.8.0.23 255.255.255.255 On-link 10.8.0.22 276
10.66.0.0 255.255.255.0 10.8.0.21 10.8.0.22 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
128.0.0.0 128.0.0.0 10.8.0.21 10.8.0.22 20
172.20.10.0 255.255.255.240 On-link 172.20.10.4 276
172.20.10.4 255.255.255.255 On-link 172.20.10.4 276
172.20.10.15 255.255.255.255 On-link 172.20.10.4 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 10.8.0.22 276
224.0.0.0 240.0.0.0 On-link 172.20.10.4 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 10.8.0.22 276
255.255.255.255 255.255.255.255 On-link 172.20.10.4 276
===========================================================================
Persistent Routes:
None
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
22 306 ::/0 On-link
1 306 ::1/128 On-link
22 306 2001::/32 On-link
22 306 2001:0:9d38:6ab8:c3d:1724:f5f7:ffe9/128
On-link
18 276 fe80::/64 On-link
23 276 fe80::/64 On-link
22 306 fe80::/64 On-link
22 306 fe80::c3d:1724:f5f7:ffe9/128
On-link
18 276 fe80::29f1:d7ce:20f6:8a0b/128
On-link
23 276 fe80::9dd9:61ce:d068:7080/128
On-link
1 306 ff00::/8 On-link
22 306 ff00::/8 On-link
18 276 ff00::/8 On-link
23 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
C:\WINDOWS\system32>
I don't know much about networking, so I may be missing something really obvious here. Thank you for your help.
Re: Problems with redirect-gateway def1 Windows 10
Posted: Tue Apr 12, 2016 7:51 pm
by jschlis82
Just because that's what it references in the doc... Sorry I changed that line in the server config file to:
Code: Select all
push "route 192.168.1.0 255.255.255.0
Here are the new results from the cmd line, not sure if you want both or nor here they are anyway:
Connected from client to server on vpn over local network:
Code: Select all
Microsoft Windows [Version 10.0.10586]
(c) 2015 Microsoft Corporation. All rights reserved.
C:\WINDOWS\system32>ping 192.168.1.18
Pinging 192.168.1.18 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 192.168.1.18:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
C:\WINDOWS\system32>route print
===========================================================================
Interface List
19...e4 11 5b 32 ee 02 ......Intel(R) 82579LM Gigabit Network Connection
7...24 77 03 41 b9 49 ......Microsoft Wi-Fi Direct Virtual Adapter
12...26 77 03 41 b9 48 ......Microsoft Hosted Network Virtual Adapter
18...00 ff 66 2b f6 c6 ......TAP-Windows Adapter V9
17...24 77 03 41 b9 48 ......Intel(R) Centrino(R) Ultimate-N 6300 AGN
21...40 2c f4 86 b5 ca ......Bluetooth Device (Personal Area Network)
1...........................Software Loopback Interface 1
22...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
10...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
56...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #5
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.10 20
0.0.0.0 128.0.0.0 10.8.0.21 10.8.0.22 20
10.8.0.1 255.255.255.255 10.8.0.21 10.8.0.22 20
10.8.0.20 255.255.255.252 On-link 10.8.0.22 276
10.8.0.22 255.255.255.255 On-link 10.8.0.22 276
10.8.0.23 255.255.255.255 On-link 10.8.0.22 276
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
128.0.0.0 128.0.0.0 10.8.0.21 10.8.0.22 20
192.168.1.0 255.255.255.0 On-link 192.168.1.10 276
192.168.1.0 255.255.255.0 10.8.0.21 10.8.0.22 20
192.168.1.10 255.255.255.255 On-link 192.168.1.10 276
192.168.1.255 255.255.255.255 On-link 192.168.1.10 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.10 276
224.0.0.0 240.0.0.0 On-link 10.8.0.22 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.10 276
255.255.255.255 255.255.255.255 On-link 10.8.0.22 276
===========================================================================
Persistent Routes:
None
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
17 276 fe80::/64 On-link
18 276 fe80::/64 On-link
18 276 fe80::29f1:d7ce:20f6:8a0b/128
On-link
17 276 fe80::4503:bfa5:ab9e:71af/128
On-link
1 306 ff00::/8 On-link
17 276 ff00::/8 On-link
18 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
C:\WINDOWS\system32>
Connected client with vpn server over cell phone:
Code: Select all
Microsoft Windows [Version 10.0.10586]
(c) 2015 Microsoft Corporation. All rights reserved.
C:\WINDOWS\system32>cell phone
'cell' is not recognized as an internal or external command,
operable program or batch file.
C:\WINDOWS\system32>ping 192.168.1.18
Pinging 192.168.1.18 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 192.168.1.18:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
C:\WINDOWS\system32>route print
===========================================================================
Interface List
19...e4 11 5b 32 ee 02 ......Intel(R) 82579LM Gigabit Network Connection
7...24 77 03 41 b9 49 ......Microsoft Wi-Fi Direct Virtual Adapter
12...26 77 03 41 b9 48 ......Microsoft Hosted Network Virtual Adapter
23...7a a3 e4 23 dd 37 ......Apple Mobile Device Ethernet
18...00 ff 66 2b f6 c6 ......TAP-Windows Adapter V9
17...24 77 03 41 b9 48 ......Intel(R) Centrino(R) Ultimate-N 6300 AGN
21...40 2c f4 86 b5 ca ......Bluetooth Device (Personal Area Network)
1...........................Software Loopback Interface 1
22...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
10...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
56...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #5
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 172.20.10.1 172.20.10.4 20
0.0.0.0 128.0.0.0 10.8.0.21 10.8.0.22 20
10.8.0.1 255.255.255.255 10.8.0.21 10.8.0.22 20
10.8.0.20 255.255.255.252 On-link 10.8.0.22 276
10.8.0.22 255.255.255.255 On-link 10.8.0.22 276
10.8.0.23 255.255.255.255 On-link 10.8.0.22 276
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
128.0.0.0 128.0.0.0 10.8.0.21 10.8.0.22 20
172.20.10.0 255.255.255.240 On-link 172.20.10.4 276
172.20.10.4 255.255.255.255 On-link 172.20.10.4 276
172.20.10.15 255.255.255.255 On-link 172.20.10.4 276
192.168.1.0 255.255.255.0 10.8.0.21 10.8.0.22 20
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 10.8.0.22 276
224.0.0.0 240.0.0.0 On-link 172.20.10.4 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 10.8.0.22 276
255.255.255.255 255.255.255.255 On-link 172.20.10.4 276
===========================================================================
Persistent Routes:
None
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
18 276 fe80::/64 On-link
23 276 fe80::/64 On-link
18 276 fe80::29f1:d7ce:20f6:8a0b/128
On-link
23 276 fe80::9dd9:61ce:d068:7080/128
On-link
1 306 ff00::/8 On-link
18 276 ff00::/8 On-link
23 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
C:\WINDOWS\system32>
Thank You for your help
Re: Problems with redirect-gateway def1 Windows 10
Posted: Tue Apr 12, 2016 8:23 pm
by Traffic
jschlis82 wrote:Just because that's what it references in the doc
Always read the docs carefully and apply the priciples discussed to your personal setup.
jschlis82 wrote:I changed that line in the server config file to:
Code:
push "route 192.168.1.0 255.255.255.0
Good.
Ping fails:
jschlis82 wrote:Pinging 192.168.1.18 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 192.168.1.18:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
Route on client exists over VPN:
jschlis82 wrote:Code: Select all
192.168.1.0 255.255.255.0 10.8.0.21 10.8.0.22 20
this probably means that this:
jschlis82 wrote:Code: Select all
regedit
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
Value: IPEnableRouter
Type: REG_DWORD
Data: 0x00000001 (1)
Has not been applied or you have not rebooted ..
Re: Problems with redirect-gateway def1 Windows 10
Posted: Tue Apr 12, 2016 10:04 pm
by jschlis82
Still no go, I restarted the computer to make sure the regedit had taken effect and it still the same problem. I also verified that numerical value had been changed from a 0 to 1. Which it had. I decided to basically start over, uninstalled OpenVPN and installed a fresh 64 bit version I didn't change the static route created in the router and left the 1194 port open on the firewall. Port forwarding is on. My server config is:
Code: Select all
port 1194
proto udp
dev tun
ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\config\\server.crt"
key "C:\\Program Files\\OpenVPN\\config\\server.key" # This file should be kept secret
dh "C:\\Program Files\\OpenVPN\\config\\dh1024.pem"
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3
push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"
push "route 192.168.1.0 255.255.255.0"
Client Config File is:
Code: Select all
client
dev tun
proto udp
remote myserver 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\config\\js-laptop2.crt"
key "C:\\Program Files\\OpenVPN\\config\\js-laptop2.key"
remote-cert-tls server
comp-lzo
verb 3
I hook my iPhone to my laptop and try to connect to the VPN, this is the log I get on the client side:
Code: Select all
Tue Apr 12 14:48:39 2016 OpenVPN 2.3.10 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Mar 10 2016
Tue Apr 12 14:48:39 2016 Windows version 6.2 (Windows 8 or greater)
Tue Apr 12 14:48:39 2016 library versions: OpenSSL 1.0.1s 1 Mar 2016, LZO 2.09
Enter Management Password:
Tue Apr 12 14:48:39 2016 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Tue Apr 12 14:48:39 2016 Need hold release from management interface, waiting...
Tue Apr 12 14:48:40 2016 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Tue Apr 12 14:48:40 2016 MANAGEMENT: CMD 'state on'
Tue Apr 12 14:48:40 2016 MANAGEMENT: CMD 'log all on'
Tue Apr 12 14:48:40 2016 MANAGEMENT: CMD 'hold off'
Tue Apr 12 14:48:40 2016 MANAGEMENT: CMD 'hold release'
Tue Apr 12 14:48:40 2016 Socket Buffers: R=[65536->65536] S=[65536->65536]
Tue Apr 12 14:48:40 2016 MANAGEMENT: >STATE:1460497720,RESOLVE,,,
Tue Apr 12 14:48:41 2016 UDPv4 link local: [undef]
Tue Apr 12 14:48:41 2016 UDPv4 link remote: [AF_INET]xx.xx.xx.xxx:1194
Tue Apr 12 14:48:41 2016 MANAGEMENT: >STATE:1460497721,WAIT,,,
Tue Apr 12 14:48:41 2016 MANAGEMENT: >STATE:1460497721,AUTH,,,
Tue Apr 12 14:48:41 2016 TLS: Initial packet from [AF_INET]xx.xx.xx.xxx:1194, sid=57e10fec 9fe6ed0b
Tue Apr 12 14:48:41 2016 VERIFY OK: depth=1, C=US, ST=IL, L=Chicago, O=jsvpn, OU=jsvpn, CN=server, name=changeme, emailAddress=mail@host.domain
Tue Apr 12 14:48:41 2016 Validating certificate key usage
Tue Apr 12 14:48:41 2016 ++ Certificate has key usage 00a0, expects 00a0
Tue Apr 12 14:48:41 2016 VERIFY KU OK
Tue Apr 12 14:48:41 2016 Validating certificate extended key usage
Tue Apr 12 14:48:41 2016 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Tue Apr 12 14:48:41 2016 VERIFY EKU OK
Tue Apr 12 14:48:41 2016 VERIFY OK: depth=0, C=US, ST=IL, L=Chicago, O=jsvpn, OU=jsvpn, CN=server, name=changeme, emailAddress=mail@host.domain
Tue Apr 12 14:48:42 2016 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Apr 12 14:48:42 2016 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Apr 12 14:48:42 2016 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Apr 12 14:48:42 2016 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Apr 12 14:48:42 2016 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 1024 bit RSA
Tue Apr 12 14:48:42 2016 [server] Peer Connection Initiated with [AF_INET]24.15.65.138:1194
Tue Apr 12 14:48:43 2016 MANAGEMENT: >STATE:1460497723,GET_CONFIG,,,
Tue Apr 12 14:48:44 2016 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Tue Apr 12 14:48:44 2016 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 8.8.8.8,route 192.168.1.0 255.255.255.0,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5'
Tue Apr 12 14:48:44 2016 OPTIONS IMPORT: timers and/or timeouts modified
Tue Apr 12 14:48:44 2016 OPTIONS IMPORT: --ifconfig/up options modified
Tue Apr 12 14:48:44 2016 OPTIONS IMPORT: route options modified
Tue Apr 12 14:48:44 2016 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Tue Apr 12 14:48:44 2016 ROUTE_GATEWAY 172.20.10.1/255.255.255.240 I=23 HWADDR=7a:a3:e4:23:dd:37
Tue Apr 12 14:48:44 2016 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Tue Apr 12 14:48:44 2016 MANAGEMENT: >STATE:1460497724,ASSIGN_IP,,10.8.0.6,
Tue Apr 12 14:48:44 2016 open_tun, tt->ipv6=0
Tue Apr 12 14:48:44 2016 TAP-WIN32 device [Ethernet 2] opened: \\.\Global\{9A90D61E-8319-4F6F-B610-8B37F0DE652F}.tap
Tue Apr 12 14:48:44 2016 TAP-Windows Driver Version 9.21
Tue Apr 12 14:48:44 2016 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.8.0.6/255.255.255.252 on interface {9A90D61E-8319-4F6F-B610-8B37F0DE652F} [DHCP-serv: 10.8.0.5, lease-time: 31536000]
Tue Apr 12 14:48:44 2016 Successful ARP Flush on interface [18] {9A90D61E-8319-4F6F-B610-8B37F0DE652F}
Tue Apr 12 14:48:49 2016 TEST ROUTES: 3/3 succeeded len=2 ret=1 a=0 u/d=up
Tue Apr 12 14:48:49 2016 C:\WINDOWS\system32\route.exe ADD xx.xx.xx.xxxx MASK 255.255.255.255 172.20.10.1
Tue Apr 12 14:48:49 2016 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
Tue Apr 12 14:48:49 2016 Route addition via IPAPI succeeded [adaptive]
Tue Apr 12 14:48:49 2016 C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.8.0.5
Tue Apr 12 14:48:49 2016 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
Tue Apr 12 14:48:49 2016 Route addition via IPAPI succeeded [adaptive]
Tue Apr 12 14:48:49 2016 C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.8.0.5
Tue Apr 12 14:48:49 2016 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
Tue Apr 12 14:48:49 2016 Route addition via IPAPI succeeded [adaptive]
Tue Apr 12 14:48:49 2016 MANAGEMENT: >STATE:1460497729,ADD_ROUTES,,,
Tue Apr 12 14:48:49 2016 C:\WINDOWS\system32\route.exe ADD 192.168.1.0 MASK 255.255.255.0 10.8.0.5
Tue Apr 12 14:48:49 2016 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
Tue Apr 12 14:48:49 2016 Route addition via IPAPI succeeded [adaptive]
Tue Apr 12 14:48:49 2016 C:\WINDOWS\system32\route.exe ADD 10.8.0.1 MASK 255.255.255.255 10.8.0.5
Tue Apr 12 14:48:49 2016 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
Tue Apr 12 14:48:49 2016 Route addition via IPAPI succeeded [adaptive]
Tue Apr 12 14:48:49 2016 Initialization Sequence Completed
Tue Apr 12 14:48:49 2016 MANAGEMENT: >STATE:1460497729,CONNECTED,SUCCESS,10.8.0.6,xx.xx.xx.xxx
If I ping on the client side and run route print I get:
Code: Select all
Microsoft Windows [Version 10.0.10586]
(c) 2015 Microsoft Corporation. All rights reserved.
C:\WINDOWS\system32>ping 192.168.1.18
Pinging 192.168.1.18 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 192.168.1.18:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
C:\WINDOWS\system32>route print
===========================================================================
Interface List
19...e4 11 5b 32 ee 02 ......Intel(R) 82579LM Gigabit Network Connection
7...24 77 03 41 b9 49 ......Microsoft Wi-Fi Direct Virtual Adapter
12...26 77 03 41 b9 48 ......Microsoft Hosted Network Virtual Adapter
23...7a a3 e4 23 dd 37 ......Apple Mobile Device Ethernet
18...00 ff 9a 90 d6 1e ......TAP-Windows Adapter V9
17...24 77 03 41 b9 48 ......Intel(R) Centrino(R) Ultimate-N 6300 AGN
21...40 2c f4 86 b5 ca ......Bluetooth Device (Personal Area Network)
1...........................Software Loopback Interface 1
22...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
56...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #5
63...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #6
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 172.20.10.1 172.20.10.4 20
0.0.0.0 128.0.0.0 10.8.0.5 10.8.0.6 20
10.8.0.1 255.255.255.255 10.8.0.5 10.8.0.6 20
10.8.0.4 255.255.255.252 On-link 10.8.0.6 276
10.8.0.6 255.255.255.255 On-link 10.8.0.6 276
10.8.0.7 255.255.255.255 On-link 10.8.0.6 276
24.15.65.138 255.255.255.255 172.20.10.1 172.20.10.4 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
128.0.0.0 128.0.0.0 10.8.0.5 10.8.0.6 20
172.20.10.0 255.255.255.240 On-link 172.20.10.4 276
172.20.10.4 255.255.255.255 On-link 172.20.10.4 276
172.20.10.15 255.255.255.255 On-link 172.20.10.4 276
192.168.1.0 255.255.255.0 10.8.0.5 10.8.0.6 20
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 10.8.0.6 276
224.0.0.0 240.0.0.0 On-link 172.20.10.4 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 10.8.0.6 276
255.255.255.255 255.255.255.255 On-link 172.20.10.4 276
===========================================================================
Persistent Routes:
None
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
18 276 fe80::/64 On-link
23 276 fe80::/64 On-link
18 276 fe80::78:dc0c:e84b:4f23/128
On-link
23 276 fe80::9dd9:61ce:d068:7080/128
On-link
1 306 ff00::/8 On-link
18 276 ff00::/8 On-link
23 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
C:\WINDOWS\system32>
Log on the server side is:
Code: Select all
Tue Apr 12 16:47:56 2016 OpenVPN 2.3.10 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Mar 10 2016
Tue Apr 12 16:47:56 2016 Windows version 6.2 (Windows 8 or greater)
Tue Apr 12 16:47:56 2016 library versions: OpenSSL 1.0.1s 1 Mar 2016, LZO 2.09
Enter Management Password:
Tue Apr 12 16:47:56 2016 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Tue Apr 12 16:47:56 2016 Need hold release from management interface, waiting...
Tue Apr 12 16:47:56 2016 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Tue Apr 12 16:47:57 2016 MANAGEMENT: CMD 'state on'
Tue Apr 12 16:47:57 2016 MANAGEMENT: CMD 'log all on'
Tue Apr 12 16:47:57 2016 MANAGEMENT: CMD 'hold off'
Tue Apr 12 16:47:57 2016 MANAGEMENT: CMD 'hold release'
Tue Apr 12 16:47:57 2016 NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x. Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
Tue Apr 12 16:47:57 2016 Diffie-Hellman initialized with 1024 bit key
Tue Apr 12 16:47:57 2016 Socket Buffers: R=[65536->65536] S=[65536->65536]
Tue Apr 12 16:47:57 2016 ROUTE_GATEWAY 192.168.1.1/255.255.255.0 I=14 HWADDR=f0:4d:a2:fb:58:26
Tue Apr 12 16:47:57 2016 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Tue Apr 12 16:47:57 2016 MANAGEMENT: >STATE:1460497677,ASSIGN_IP,,10.8.0.1,
Tue Apr 12 16:47:57 2016 open_tun, tt->ipv6=0
Tue Apr 12 16:47:57 2016 TAP-WIN32 device [Ethernet] opened: \\.\Global\{BE311346-74AC-404B-95F8-1D30C4CF3043}.tap
Tue Apr 12 16:47:57 2016 TAP-Windows Driver Version 9.21
Tue Apr 12 16:47:57 2016 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.8.0.1/255.255.255.252 on interface {BE311346-74AC-404B-95F8-1D30C4CF3043} [DHCP-serv: 10.8.0.2, lease-time: 31536000]
Tue Apr 12 16:47:57 2016 Sleeping for 10 seconds...
Tue Apr 12 16:48:07 2016 Successful ARP Flush on interface [11] {BE311346-74AC-404B-95F8-1D30C4CF3043}
Tue Apr 12 16:48:07 2016 MANAGEMENT: >STATE:1460497687,ADD_ROUTES,,,
Tue Apr 12 16:48:07 2016 C:\WINDOWS\system32\route.exe ADD 10.8.0.0 MASK 255.255.255.0 10.8.0.2
Tue Apr 12 16:48:07 2016 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
Tue Apr 12 16:48:07 2016 Route addition via IPAPI succeeded [adaptive]
Tue Apr 12 16:48:07 2016 UDPv4 link local (bound): [undef]
Tue Apr 12 16:48:07 2016 UDPv4 link remote: [undef]
Tue Apr 12 16:48:07 2016 MULTI: multi_init called, r=256 v=256
Tue Apr 12 16:48:07 2016 IFCONFIG POOL: base=10.8.0.4 size=62, ipv6=0
Tue Apr 12 16:48:07 2016 ifconfig_pool_read(), in='js-laptop2,10.8.0.4', TODO: IPv6
Tue Apr 12 16:48:07 2016 succeeded -> ifconfig_pool_set()
Tue Apr 12 16:48:07 2016 IFCONFIG POOL LIST
Tue Apr 12 16:48:07 2016 js-laptop2,10.8.0.4
Tue Apr 12 16:48:07 2016 Initialization Sequence Completed
Tue Apr 12 16:48:07 2016 MANAGEMENT: >STATE:1460497687,CONNECTED,SUCCESS,10.8.0.1,
Tue Apr 12 16:48:42 2016 97.46.1.30:7462 TLS: Initial packet from [AF_INET]97.46.1.30:7462, sid=352517fd 17e4dfac
Tue Apr 12 16:48:43 2016 97.46.1.30:7462 VERIFY OK: depth=1, C=US, ST=IL, L=Chicago, O=jsvpn, OU=jsvpn, CN=server, name=changeme, emailAddress=mail@host.domain
Tue Apr 12 16:48:43 2016 97.46.1.30:7462 VERIFY OK: depth=0, C=US, ST=IL, L=Chicago, O=jsvpn, OU=jsvpn, CN=js-laptop2, name=changeme, emailAddress=mail@host.domain
Tue Apr 12 16:48:43 2016 97.46.1.30:7462 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Apr 12 16:48:43 2016 97.46.1.30:7462 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Apr 12 16:48:43 2016 97.46.1.30:7462 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Apr 12 16:48:43 2016 97.46.1.30:7462 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Apr 12 16:48:43 2016 97.46.1.30:7462 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 1024 bit RSA
Tue Apr 12 16:48:43 2016 97.46.1.30:7462 [js-laptop2] Peer Connection Initiated with [AF_INET]97.46.1.30:7462
Tue Apr 12 16:48:43 2016 js-laptop2/97.46.1.30:7462 MULTI_sva: pool returned IPv4=10.8.0.6, IPv6=(Not enabled)
Tue Apr 12 16:48:43 2016 js-laptop2/97.46.1.30:7462 MULTI: Learn: 10.8.0.6 -> js-laptop2/97.46.1.30:7462
Tue Apr 12 16:48:43 2016 js-laptop2/97.46.1.30:7462 MULTI: primary virtual IP for js-laptop2/97.46.1.30:7462: 10.8.0.6
Tue Apr 12 16:48:45 2016 js-laptop2/97.46.1.30:7462 PUSH: Received control message: 'PUSH_REQUEST'
Tue Apr 12 16:48:45 2016 js-laptop2/97.46.1.30:7462 send_push_reply(): safe_cap=940
Tue Apr 12 16:48:45 2016 js-laptop2/97.46.1.30:7462 SENT CONTROL [js-laptop2]: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 8.8.8.8,route 192.168.1.0 255.255.255.0,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5' (status=1)
Running ping and route print on server side is:
Code: Select all
C:\WINDOWS\system32>ping 192.168.1.18
Pinging 192.168.1.18 with 32 bytes of data:
Reply from 192.168.1.18: bytes=32 time<1ms TTL=128
Reply from 192.168.1.18: bytes=32 time<1ms TTL=128
Reply from 192.168.1.18: bytes=32 time<1ms TTL=128
Reply from 192.168.1.18: bytes=32 time<1ms TTL=128
Ping statistics for 192.168.1.18:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
C:\WINDOWS\system32>print route
Unable to initialize device PRN
C:\WINDOWS\system32>route print
===========================================================================
Interface List
18...38 59 f9 41 1a 15 ......Dell Wireless 1502 802.11b|g|n
9...1a 59 f9 41 1a 15 ......Microsoft Wi-Fi Direct Virtual Adapter
14...f0 4d a2 fb 58 26 ......Realtek PCIe GBE Family Controller
11...00 ff be 31 13 46 ......TAP-Windows Adapter V9
1...........................Software Loopback Interface 1
8...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
4...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
7...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.18 11
10.8.0.0 255.255.255.0 10.8.0.2 10.8.0.1 20
10.8.0.0 255.255.255.252 On-link 10.8.0.1 276
10.8.0.1 255.255.255.255 On-link 10.8.0.1 276
10.8.0.3 255.255.255.255 On-link 10.8.0.1 276
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.18 266
192.168.1.18 255.255.255.255 On-link 192.168.1.18 266
192.168.1.255 255.255.255.255 On-link 192.168.1.18 266
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.18 266
224.0.0.0 240.0.0.0 On-link 10.8.0.1 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.18 266
255.255.255.255 255.255.255.255 On-link 10.8.0.1 276
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 192.168.1.1 1
===========================================================================
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
14 266 fe80::/64 On-link
11 276 fe80::/64 On-link
11 276 fe80::25da:1926:245e:25f4/128
On-link
14 266 fe80::3c93:b8de:34f3:46b5/128
On-link
1 306 ff00::/8 On-link
14 266 ff00::/8 On-link
11 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
C:\WINDOWS\system32>
Do you have any other ideas on what could be keeping this from working? It could be something obvious that I'm missing. Thank You.
Re: Problems with redirect-gateway def1 Windows 10
Posted: Tue Apr 12, 2016 10:36 pm
by Traffic
jschlis82 wrote:I hook my iPhone to my laptop and try to connect to the VPN
The connection to the VPN is successful .. OK
I would recommend you add
to the server config but that should not effect this problem.
(See
--topology in
The Manual v23x)
Essentially, IP_Forward does not appear to be working for you .. sorry I don't have much experience of W10.
I presume you can ping the server on 10.8.0.1 from the client
Re: Problems with redirect-gateway def1 Windows 10
Posted: Tue Apr 12, 2016 10:50 pm
by jschlis82
I added topology subnet to the bottom of my server config making it look like this:
Code: Select all
port 1194
proto udp
dev tun
ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\config\\server.crt"
key "C:\\Program Files\\OpenVPN\\config\\server.key" # This file should be kept secret
dh "C:\\Program Files\\OpenVPN\\config\\dh1024.pem"
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3
push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"
push "route 192.168.1.0 255.255.255.0"
topology subnet
I pinged 10.8.0.1 from the client both on the local network and connected to the cell phone and came up with:
Code: Select all
C:\WINDOWS\system32>ping 10.8.0.1
Pinging 10.8.0.1 with 32 bytes of data:
Reply from 10.8.0.1: bytes=32 time=4ms TTL=128
Reply from 10.8.0.1: bytes=32 time=3ms TTL=128
Reply from 10.8.0.1: bytes=32 time=3ms TTL=128
Reply from 10.8.0.1: bytes=32 time=3ms TTL=128
Ping statistics for 10.8.0.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 3ms, Maximum = 4ms, Average = 3ms
C:\WINDOWS\system32>ping 10.8.0.1
Pinging 10.8.0.1 with 32 bytes of data:
Reply from 10.8.0.1: bytes=32 time=106ms TTL=128
Reply from 10.8.0.1: bytes=32 time=87ms TTL=128
Reply from 10.8.0.1: bytes=32 time=151ms TTL=128
Reply from 10.8.0.1: bytes=32 time=165ms TTL=128
Ping statistics for 10.8.0.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 87ms, Maximum = 165ms, Average = 127ms
Unfortunately it looks like I'm having the same problem. Thank you for all the help you've given me so far on this, if you can think of anything else please let me know. I'll continue to work on it and let you know if I can figure anything out.
Re: Problems with redirect-gateway def1 Windows 10
Posted: Tue Apr 12, 2016 10:57 pm
by Traffic
There are two points to note:
- Connecting to a server on the same lan is inherently tricky ..
But as your PC/phone connection works you can disable your other network cards for testing.
- Using 192.168.1.0/24 as your server side LAN is not recommended as it will probably cause routing conflicts.
You should change it if possible (probably at your router)
Any other RFC1918 compliant subnet is suitable. f.e 192.168.143.0/24
And you really should be able to ping the server LAN IP 192.168.x.18 by pushing the route 192.168.x.0 to the client ..
That is if IP_Forwarding is working and you have disabled your server and client Firewall !
IP_Forward is the Linux equivalent to the Windows Registry:IPEnableRouter=1
Re: Problems with redirect-gateway def1 Windows 10
Posted: Wed Apr 13, 2016 12:08 am
by Traffic
I would make sure this is done right:
jschlis82 wrote:Next:
Control Panel
Network and Sharing Center
Local Area Connection # Make sure you select the right connection: Your active LAN adaptor
Properties
Sharing
Tick the box "Allow other network users to connect through this computer's Internet connection"
From the drop-down list select "Local Area Connection 2", or whatever is the connection name of your TAP server connection.
You
may also need to disable
either your ethernet or wifi .. which ever you are
not using.
Re: Problems with redirect-gateway def1 Windows 10
Posted: Sun Jan 29, 2017 8:26 pm
by bpevrancken@gmail.com
Hi,
I had a comparable problem on my VPN client. My goal was to route all internet traffic through my VPN server at home in order to channel all traffic through the default gateway of the router which routes and filters traffic on the basis of my opendns settings. On the client side of a windows PC, it is not sufficient to enable "redirect-gateway def1" in the config file. When I checked my IP address as well as the welcome opendns page, it turned out that the client routed the internet traffic directly, so outside the VPN server, which is not what I intended. What I learned, is that windows allocates a certain priority to each network adapter automatically. In the menu network connections, this priority order can be changed. In windows, type View network connections, and then select View network connections at the top of the list, then select Properties and select either Internet Protocol Version 4 (TCP/IPv4), select Advanced and uncheck the interface metric from automatic to manual. Choose a higher number for the Wifi adapter (e.g. 15) and a lower number for the VPN adapter (e.g. 10). This will ensure that all traffic first goes to the 'fastest' connection, which is marked with the lowest number, in this case the VPN adapter. Furthermore, for those who want the opendns filter settings to work, make sure that a specified opendns address is used instead of automatic DNS address allocation; enable the option 'use following DNS addresses' in the properties menu of Internet Protocol Version 4 (TCP/IPv4).
Regards,
bart
Re: Problems with redirect-gateway def1 Windows 10
Posted: Mon Jan 30, 2017 1:59 am
by disqualified
You should documents this properly.