Routing loop on TAP interface

haveagr8day · Post by **haveagr8day** » Fri Aug 19, 2016 12:01 am

I have been having an issue using OpenVPN on my laptop running Windows 10 Education 64-bit.

When I connect to a VPN server, it will work correctly for a period of time before suddenly getting into some kind of routing loop. During this time the TAP interface shows a send rate of a few hundred Mbps and no network access is possible. After a minute or two this typically resolves itself and network communications resume as normal.

This also occurs on my tablet running Windows 10 Education 32-bit. I have tried using different VPN servers, including one that I set up myself on DigitalOcean, but they all experience this problem.

Here is the results of running 'ipconfig /all' and 'route print' on this system, my OpenVPN log (it doesn't seem to show any issue, at least at verbosity 3), as well as a few screenshots from a Wireshark capture I took while trying to diagnose the problem.

ipconfig /all:

Code: Select all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : Luna
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wi-Fi:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) Dual Band Wireless-AC 3160
   Physical Address. . . . . . . . . : A0-D3-7A-29-60-71
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::c90f:3f71:edce:82fe%18(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.5(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : August 14, 2016 7:02:45 PM
   Lease Expires . . . . . . . . . . : August 19, 2016 6:51:48 PM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 94425978
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1F-34-32-07-28-F1-0E-01-32-C5
   DNS Servers . . . . . . . . . . . : 8.8.8.8
                                       8.8.4.4
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Ethernet 2:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : TAP-Windows Adapter V9
   Physical Address. . . . . . . . . : 00-FF-EB-1E-7E-78
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::4c8:8d32:15bd:7b72%20(Preferred)
   IPv4 Address. . . . . . . . . . . : 10.8.0.6(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.252
   Lease Obtained. . . . . . . . . . : August 18, 2016 6:09:04 PM
   Lease Expires . . . . . . . . . . : August 18, 2017 6:09:04 PM
   Default Gateway . . . . . . . . . :
   DHCP Server . . . . . . . . . . . : 10.8.0.5
   DHCPv6 IAID . . . . . . . . . . . : 335609835
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1F-34-32-07-28-F1-0E-01-32-C5
   DNS Servers . . . . . . . . . . . : 8.8.8.8
                                       8.8.4.4
   NetBIOS over Tcpip. . . . . . . . : Enabled

Wireless LAN adapter Local Area Connection* 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : A0-D3-7A-29-60-72
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Teredo Tunneling Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{E89B5C04-D74D-43F9-B8E6-13498507C07B}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{EB1E7E78-0EDA-40B6-BC79-22714AE2CC43}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

route print:

Code: Select all

===========================================================================
Interface List
 18...a0 d3 7a 29 60 71 ......Intel(R) Dual Band Wireless-AC 3160
 20...00 ff eb 1e 7e 78 ......TAP-Windows Adapter V9
 14...a0 d3 7a 29 60 72 ......Microsoft Wi-Fi Direct Virtual Adapter
  1...........................Software Loopback Interface 1
 10...00 00 00 00 00 00 00 e0 Microsoft Teredo Tunneling Adapter
 19...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
  8...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1      192.168.1.5     10
          0.0.0.0        128.0.0.0         10.8.0.5         10.8.0.6     20
         10.8.0.1  255.255.255.255         10.8.0.5         10.8.0.6     20
         10.8.0.4  255.255.255.252         On-link          10.8.0.6    276
         10.8.0.6  255.255.255.255         On-link          10.8.0.6    276
         10.8.0.7  255.255.255.255         On-link          10.8.0.6    276
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
        128.0.0.0        128.0.0.0         10.8.0.5         10.8.0.6     20
    159.203.95.14  255.255.255.255      192.168.1.1      192.168.1.5     10
      192.168.0.1  255.255.255.255      192.168.1.1      192.168.1.5     11
      192.168.1.0    255.255.255.0         On-link       192.168.1.5    266
      192.168.1.5  255.255.255.255         On-link       192.168.1.5    266
    192.168.1.255  255.255.255.255         On-link       192.168.1.5    266
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link       192.168.1.5    266
        224.0.0.0        240.0.0.0         On-link          10.8.0.6    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link       192.168.1.5    266
  255.255.255.255  255.255.255.255         On-link          10.8.0.6    276
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
      192.168.0.1  255.255.255.255      192.168.1.1       1
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    331 ::1/128                  On-link
 18    311 fe80::/64                On-link
 20    291 fe80::/64                On-link
 20    291 fe80::4c8:8d32:15bd:7b72/128
                                    On-link
 18    311 fe80::c90f:3f71:edce:82fe/128
                                    On-link
  1    331 ff00::/8                 On-link
 18    311 ff00::/8                 On-link
 20    291 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None

OpenVPN log:

Code: Select all

Thu Aug 18 18:08:55 2016 OpenVPN 2.3.11 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on May 10 2016
Thu Aug 18 18:08:55 2016 Windows version 6.2 (Windows 8 or greater) 64bit
Thu Aug 18 18:08:55 2016 library versions: OpenSSL 1.0.1t  3 May 2016, LZO 2.09
Enter Management Password:
Thu Aug 18 18:08:55 2016 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25342
Thu Aug 18 18:08:55 2016 Need hold release from management interface, waiting...
Thu Aug 18 18:08:55 2016 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25342
Thu Aug 18 18:08:56 2016 MANAGEMENT: CMD 'state on'
Thu Aug 18 18:08:56 2016 MANAGEMENT: CMD 'log all on'
Thu Aug 18 18:08:56 2016 MANAGEMENT: CMD 'hold off'
Thu Aug 18 18:08:56 2016 MANAGEMENT: CMD 'hold release'
Thu Aug 18 18:08:56 2016 Control Channel Authentication: tls-auth using INLINE static key file
Thu Aug 18 18:08:56 2016 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Aug 18 18:08:56 2016 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Aug 18 18:08:56 2016 Socket Buffers: R=[65536->65536] S=[65536->65536]
Thu Aug 18 18:08:56 2016 UDPv4 link local: [undef]
Thu Aug 18 18:08:56 2016 UDPv4 link remote: [AF_INET]159.203.95.14:443
Thu Aug 18 18:08:56 2016 MANAGEMENT: >STATE:1471558136,WAIT,,,
Thu Aug 18 18:08:56 2016 MANAGEMENT: >STATE:1471558136,AUTH,,,
Thu Aug 18 18:08:56 2016 TLS: Initial packet from [AF_INET]159.203.95.14:443, sid=466688d3 ae87871f
Thu Aug 18 18:08:57 2016 VERIFY OK: depth=1, C=US, ST=NY, L=New York City, O=DigitalOcean, OU=Community, CN=DigitalOcean CA, name=server, emailAddress=ryan.baxter@domain.com
Thu Aug 18 18:08:57 2016 Validating certificate key usage
Thu Aug 18 18:08:57 2016 ++ Certificate has key usage  00a0, expects 00a0
Thu Aug 18 18:08:57 2016 VERIFY KU OK
Thu Aug 18 18:08:57 2016 Validating certificate extended key usage
Thu Aug 18 18:08:57 2016 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Thu Aug 18 18:08:57 2016 VERIFY EKU OK
Thu Aug 18 18:08:57 2016 VERIFY OK: depth=0, C=US, ST=NY, L=New York City, O=DigitalOcean, OU=Community, CN=server, name=server, emailAddress=ryan.baxter@domain.com
Thu Aug 18 18:09:00 2016 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Aug 18 18:09:00 2016 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Aug 18 18:09:00 2016 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Aug 18 18:09:00 2016 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Aug 18 18:09:01 2016 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Thu Aug 18 18:09:01 2016 [server] Peer Connection Initiated with [AF_INET]159.203.95.14:443
Thu Aug 18 18:09:02 2016 MANAGEMENT: >STATE:1471558142,GET_CONFIG,,,
Thu Aug 18 18:09:03 2016 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Thu Aug 18 18:09:04 2016 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5'
Thu Aug 18 18:09:04 2016 OPTIONS IMPORT: timers and/or timeouts modified
Thu Aug 18 18:09:04 2016 OPTIONS IMPORT: --ifconfig/up options modified
Thu Aug 18 18:09:04 2016 OPTIONS IMPORT: route options modified
Thu Aug 18 18:09:04 2016 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Thu Aug 18 18:09:04 2016 ROUTE_GATEWAY 192.168.1.1/255.255.255.0 I=18 HWADDR=a0:d3:7a:29:60:71
Thu Aug 18 18:09:04 2016 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Thu Aug 18 18:09:04 2016 MANAGEMENT: >STATE:1471558144,ASSIGN_IP,,10.8.0.6,
Thu Aug 18 18:09:04 2016 open_tun, tt->ipv6=0
Thu Aug 18 18:09:04 2016 TAP-WIN32 device [Ethernet 2] opened: \\.\Global\{EB1E7E78-0EDA-40B6-BC79-22714AE2CC43}.tap
Thu Aug 18 18:09:04 2016 TAP-Windows Driver Version 9.21 
Thu Aug 18 18:09:04 2016 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.8.0.6/255.255.255.252 on interface {EB1E7E78-0EDA-40B6-BC79-22714AE2CC43} [DHCP-serv: 10.8.0.5, lease-time: 31536000]
Thu Aug 18 18:09:04 2016 Successful ARP Flush on interface [20] {EB1E7E78-0EDA-40B6-BC79-22714AE2CC43}
Thu Aug 18 18:09:09 2016 TEST ROUTES: 2/2 succeeded len=1 ret=1 a=0 u/d=up
Thu Aug 18 18:09:09 2016 C:\Windows\system32\route.exe ADD 159.203.95.14 MASK 255.255.255.255 192.168.1.1
Thu Aug 18 18:09:09 2016 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=55 and dwForwardType=4
Thu Aug 18 18:09:09 2016 Route addition via IPAPI succeeded [adaptive]
Thu Aug 18 18:09:09 2016 C:\Windows\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.8.0.5
Thu Aug 18 18:09:09 2016 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=35 and dwForwardType=4
Thu Aug 18 18:09:09 2016 Route addition via IPAPI succeeded [adaptive]
Thu Aug 18 18:09:09 2016 C:\Windows\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.8.0.5
Thu Aug 18 18:09:09 2016 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=35 and dwForwardType=4
Thu Aug 18 18:09:09 2016 Route addition via IPAPI succeeded [adaptive]
Thu Aug 18 18:09:09 2016 MANAGEMENT: >STATE:1471558149,ADD_ROUTES,,,
Thu Aug 18 18:09:09 2016 C:\Windows\system32\route.exe ADD 10.8.0.1 MASK 255.255.255.255 10.8.0.5
Thu Aug 18 18:09:09 2016 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=35 and dwForwardType=4
Thu Aug 18 18:09:09 2016 Route addition via IPAPI succeeded [adaptive]
Thu Aug 18 18:09:09 2016 Initialization Sequence Completed
Thu Aug 18 18:09:09 2016 MANAGEMENT: >STATE:1471558149,CONNECTED,SUCCESS,10.8.0.6,159.203.95.14
Thu Aug 18 18:55:44 2016 C:\Windows\system32\route.exe DELETE 10.8.0.1 MASK 255.255.255.255 10.8.0.5
Thu Aug 18 18:55:44 2016 Route deletion via IPAPI succeeded [adaptive]
Thu Aug 18 18:55:44 2016 C:\Windows\system32\route.exe DELETE 159.203.95.14 MASK 255.255.255.255 192.168.1.1
Thu Aug 18 18:55:44 2016 Route deletion via IPAPI succeeded [adaptive]
Thu Aug 18 18:55:44 2016 C:\Windows\system32\route.exe DELETE 0.0.0.0 MASK 128.0.0.0 10.8.0.5
Thu Aug 18 18:55:44 2016 Route deletion via IPAPI succeeded [adaptive]
Thu Aug 18 18:55:44 2016 C:\Windows\system32\route.exe DELETE 128.0.0.0 MASK 128.0.0.0 10.8.0.5
Thu Aug 18 18:55:44 2016 Route deletion via IPAPI succeeded [adaptive]
Thu Aug 18 18:55:44 2016 Closing TUN/TAP interface
Thu Aug 18 18:55:44 2016 SIGTERM[hard,] received, process exiting
Thu Aug 18 18:55:44 2016 MANAGEMENT: >STATE:1471560944,EXITING,SIGTERM,,

Packet rate shown in Wireshark during the issue:

Traffic during routing loop (Note source IP):

Traffic after loop resolves itself:

If anyone has any ideas of how to resolve this, I would appreciate the help as I have been trying to figure it out myself for a few days now without success. Please let me know if there is any other logs/information that would be useful.

TinCanTech · Post by **TinCanTech** » Fri Aug 19, 2016 12:53 am

The problem is Microsoft Windows ..

TinCanTech · Post by **TinCanTech** » Fri Aug 19, 2016 1:22 pm

haveagr8day wrote:This also occurs on my tablet running Windows 10 Education 32-bit. I have tried using different VPN servers, including one that I set up myself on DigitalOcean, but they all experience this problem.

Something you could try only for testing .. setup a cleartext VPN on digitalocean with the same routing, specifically --redirect-gateway and then use wireshark to determine the process generating the packets. My guess is it is windows update hogging your VPN.

haveagr8day · Post by **haveagr8day** » Sun Aug 21, 2016 6:45 pm

TinCanTech wrote:
haveagr8day wrote:This also occurs on my tablet running Windows 10 Education 32-bit. I have tried using different VPN servers, including one that I set up myself on DigitalOcean, but they all experience this problem.
Something you could try only for testing .. setup a cleartext VPN on digitalocean with the same routing, specifically --redirect-gateway and then use wireshark to determine the process generating the packets. My guess is it is windows update hogging your VPN.

I tried this a couple times, but couldn't get things to work correctly with a plain-text configuration. I only would have access to the DigitalOcean server, but couldn't connect to the web (probably something to do with the firewall/iptables config).

I did figure out that it seems to have something to do with my satellite connection (high latency?) as I cannot reproduce the problem on either my laptop or tablet when connected over DSL this past weekend, but it resumed as soon as I returned home.

TinCanTech · Post by **TinCanTech** » Sun Aug 21, 2016 7:27 pm

So where is the routing loop ?

haveagr8day · Post by **haveagr8day** » Sun Aug 21, 2016 8:53 pm

TinCanTech wrote:So where is the routing loop ?

To the best that I can tell, when I am connected using OpenVPN and an outbound packet is sent, it is first routed to the TAP Adapter (ip address 10.8.0.6 in images) so that OpenVPN can encrypt it and route it to the VPN server (ip address 159.203.95.14 in images). However when OpenVPN attempts to send this to the VPN server, instead of it being sent out over the wifi connection (ip address 192.168.1.5) it is sent over the TAP adapter again and again and again.

Basically for some reason the routing entry for the VPN server (copied from route print below as #1) isn't being followed and it is instead repeatedly matching against the entries that route all other traffic into OpenVPN's TAP Adapter (copied from route print below as #2 and #3).

Routing Table Entries mentioned above:

Code: Select all

  Destination        Netmask               Gateway              Interface       Metric
#1. 159.203.95.14   255.255.255.255       192.168.1.1          192.168.1.5        10
#2. 0.0.0.0         128.0.0.0             10.8.0.5               10.8.0.6         20
#3. 128.0.0.0       128.0.0.0             10.8.0.5               10.8.0.6         20

TinCanTech · Post by **TinCanTech** » Sun Aug 21, 2016 9:34 pm

How does that indicate a routing loop ?

See --redirect-gateway in The Manual v23x

haveagr8day · Post by **haveagr8day** » Sun Aug 21, 2016 11:23 pm

TinCanTech wrote:How does that indicate a routing loop ?

See --redirect-gateway in The Manual v23x

I know that those 3 entries are correct as per the --redirect-gateway option, the issue seems to be that Windows might be ignoring the first one under some conditions (it seems to only happen on my satellite internet connection) causing OpenVPN to keep sending traffic back to itself.

That's what seems to be happening anyways as far as I can tell, I definitely know that this isn't right:

Upon connecting to OpenVPN, the TAP Adapter goes to ~200 Mbps send rate and all traffic on the wifi interface stops, and I am unable to load or ping any website/IP.
My upload rate maxes out at or below 1 Mbps on this connection so something is clearly going wrong.

TinCanTech · Post by **TinCanTech** » Mon Aug 22, 2016 12:27 am

I have been running W10 for about 6 months .. I get no such problem.

Also, I cannot see any routing loop.

haveagr8day · Post by **haveagr8day** » Mon Aug 22, 2016 1:29 am

TinCanTech wrote:I have been running W10 for about 6 months .. I get no such problem.

I only seem to have the issue on my home satellite-based internet connection. I haven't had the same issue on other connections, I will probably try to see if it still occurs if I connect directly to the modem or if it is possibly an issue with my wifi.

TinCanTech wrote:Also, I cannot see any routing loop.

I'm not certain that is what is happening, but it is the only thing I can think of that would make the traffic rate spike so rapidly. Also it appears identical to what happens if I disconnect from wifi before disconnecting OpenVPN (causing route #1 from above to disappear and there to be no where to route the traffic to the VPN server).

TinCanTech · Post by **TinCanTech** » Mon Aug 22, 2016 11:54 am

haveagr8day wrote:Also it appears identical to what happens if I disconnect from wifi before disconnecting OpenVPN (causing route #1 from above to disappear and there to be no where to route the traffic to the VPN server).

That would be expected behaviour.

Some things to check:

Only use one network connection at a time; If wireless then disable ethernet and vice-versa
Make sure you don't have a network conflict; IE do not use common subnet 192.168.1.0 or 0.0 on your server LAN.

haveagr8day wrote:it seems to only happen on my satellite internet connection

Please describe this connection in detail and post full server/client configs and logs at verb 4 when connected and the problem occurs.

haveagr8day · Post by **haveagr8day** » Mon Aug 22, 2016 11:22 pm

TinCanTech wrote:Some things to check:
Only use one network connection at a time; If wireless then disable ethernet and vice-versa

Make sure you don't have a network conflict; IE do not use common subnet 192.168.1.0 or 0.0 on your server LAN.

TinCanTech wrote:Please describe this connection in detail and post full server/client configs and logs at verb 4 when connected and the problem occurs.

I have all interfaces disabled except the Wi-Fi and TAP adapter.

Connection Details:
ISP - Xplornet
Type - Satellite (High Throughput Jupiter)
Speed (Advertised) - 10 Mbps Down / 1 Mbps Up, limited to 300 Kbps Down / 100 Kbps Up if traffic classified as non time-sensitive (This connection throttling is the main reason I'm trying to set up a VPN)
Speedtest.net results (No VPN) - 688 ms ping, 7.18 Mbps Down, 0.32 Mbps Up

My connection/network are setup as follows:
192.168.1.5 - Laptop on Wi-Fi connection
192.168.1.1 - Netgear MBR1210 Wi-Fi Router, DHCP enabled subnet 255.255.255.0
192.168.0.1 - HT1100 Modem, connected to WAN port of Wi-Fi Router
10.146.151.130 - Assigned IP by Xplornet
10.146.151.129 - Xplornet Gateway Address, subnet 255.255.255.248
96.44.x.y - Xplornet External IP
159.203.95.14 - DigitalOcean server External IP
10.8.0.0 subnet 255.255.255.0 - OpenVPN configured IP range

Client configuration:

Code: Select all

client
dev tun
proto udp
remote 159.203.95.14 443
resolv-retry infinite
nobind
persist-key
persist-tun
key-direction 1
remote-cert-tls server
comp-lzo
verb 4
# Keys and Certificates removed
<ca>
</ca>
<cert>
</cert>
<key>
</key>
<tls-auth>
</tls-auth>

Server configuration:

Code: Select all

port 443
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 10 120
tls-auth ta.key 0
key-direction 0
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
log openvpn-server.log
verb 4

Timestamps for reference (EDT):

Code: Select all

17:35 - Started VPN Server.
17:40 - Started VPN Client, connected and working normally.
17:44 - Problem begins TAP Adapter shows ~230 Mbps send rate, Wifi interface shows 0 send/receive, no access to internet.
17:47 - TAP Adapter drops to 0 send/receive, Wifi interface send rate jumps up to between 5 and 35 Mbps, still no internet access.
17:52 - Traffic rates on both interfaces return to normal ranges, internet access restored (still connected through VPN).
17:53 - Closed connection from client.
17:54 - Stopped VPN Server.

Client OpenVPN Log (Verbosity 4):

Code: Select all

Mon Aug 22 17:40:02 2016 us=162925 Current Parameter Settings:
Mon Aug 22 17:40:02 2016 us=162925   config = 'Flashverb4.ovpn'
Mon Aug 22 17:40:02 2016 us=162925   mode = 0
Mon Aug 22 17:40:02 2016 us=162925   show_ciphers = DISABLED
Mon Aug 22 17:40:02 2016 us=162925   show_digests = DISABLED
Mon Aug 22 17:40:02 2016 us=162925   show_engines = DISABLED
Mon Aug 22 17:40:02 2016 us=162925   genkey = DISABLED
Mon Aug 22 17:40:02 2016 us=162925   key_pass_file = '[UNDEF]'
Mon Aug 22 17:40:02 2016 us=162925   show_tls_ciphers = DISABLED
Mon Aug 22 17:40:02 2016 us=162925 Connection profiles [default]:
Mon Aug 22 17:40:02 2016 us=162925   proto = udp
Mon Aug 22 17:40:02 2016 us=162925   local = '[UNDEF]'
Mon Aug 22 17:40:02 2016 us=162925   local_port = 0
Mon Aug 22 17:40:02 2016 us=162925   remote = '159.203.95.14'
Mon Aug 22 17:40:02 2016 us=162925   remote_port = 443
Mon Aug 22 17:40:02 2016 us=162925   remote_float = DISABLED
Mon Aug 22 17:40:02 2016 us=162925   bind_defined = DISABLED
Mon Aug 22 17:40:02 2016 us=162925   bind_local = DISABLED
Mon Aug 22 17:40:02 2016 us=162925   connect_retry_seconds = 5
Mon Aug 22 17:40:02 2016 us=162925   connect_timeout = 10
Mon Aug 22 17:40:02 2016 us=162925   connect_retry_max = 0
Mon Aug 22 17:40:02 2016 us=162925   socks_proxy_server = '[UNDEF]'
Mon Aug 22 17:40:02 2016 us=162925   socks_proxy_port = 0
Mon Aug 22 17:40:02 2016 us=162925   socks_proxy_retry = DISABLED
Mon Aug 22 17:40:02 2016 us=162925   tun_mtu = 1500
Mon Aug 22 17:40:02 2016 us=162925   tun_mtu_defined = ENABLED
Mon Aug 22 17:40:02 2016 us=162925   link_mtu = 1500
Mon Aug 22 17:40:02 2016 us=162925   link_mtu_defined = DISABLED
Mon Aug 22 17:40:02 2016 us=162925   tun_mtu_extra = 0
Mon Aug 22 17:40:02 2016 us=162925   tun_mtu_extra_defined = DISABLED
Mon Aug 22 17:40:02 2016 us=162925   mtu_discover_type = -1
Mon Aug 22 17:40:02 2016 us=162925   fragment = 0
Mon Aug 22 17:40:02 2016 us=162925   mssfix = 1450
Mon Aug 22 17:40:02 2016 us=162925   explicit_exit_notification = 0
Mon Aug 22 17:40:02 2016 us=162925 Connection profiles END
Mon Aug 22 17:40:02 2016 us=162925   remote_random = DISABLED
Mon Aug 22 17:40:02 2016 us=162925   ipchange = '[UNDEF]'
Mon Aug 22 17:40:02 2016 us=162925   dev = 'tun'
Mon Aug 22 17:40:02 2016 us=162925   dev_type = '[UNDEF]'
Mon Aug 22 17:40:02 2016 us=162925   dev_node = '[UNDEF]'
Mon Aug 22 17:40:02 2016 us=162925   lladdr = '[UNDEF]'
Mon Aug 22 17:40:02 2016 us=162925   topology = 1
Mon Aug 22 17:40:02 2016 us=162925   tun_ipv6 = DISABLED
Mon Aug 22 17:40:02 2016 us=162925   ifconfig_local = '[UNDEF]'
Mon Aug 22 17:40:02 2016 us=162925   ifconfig_remote_netmask = '[UNDEF]'
Mon Aug 22 17:40:02 2016 us=162925   ifconfig_noexec = DISABLED
Mon Aug 22 17:40:02 2016 us=162925   ifconfig_nowarn = DISABLED
Mon Aug 22 17:40:02 2016 us=162925   ifconfig_ipv6_local = '[UNDEF]'
Mon Aug 22 17:40:02 2016 us=162925   ifconfig_ipv6_netbits = 0
Mon Aug 22 17:40:02 2016 us=162925   ifconfig_ipv6_remote = '[UNDEF]'
Mon Aug 22 17:40:02 2016 us=162925   shaper = 0
Mon Aug 22 17:40:02 2016 us=162925   mtu_test = 0
Mon Aug 22 17:40:02 2016 us=162925   mlock = DISABLED
Mon Aug 22 17:40:02 2016 us=162925   keepalive_ping = 0
Mon Aug 22 17:40:02 2016 us=162925   keepalive_timeout = 0
Mon Aug 22 17:40:02 2016 us=162925   inactivity_timeout = 0
Mon Aug 22 17:40:02 2016 us=162925   ping_send_timeout = 0
Mon Aug 22 17:40:02 2016 us=162925   ping_rec_timeout = 0
Mon Aug 22 17:40:02 2016 us=162925   ping_rec_timeout_action = 0
Mon Aug 22 17:40:02 2016 us=162925   ping_timer_remote = DISABLED
Mon Aug 22 17:40:02 2016 us=162925   remap_sigusr1 = 0
Mon Aug 22 17:40:02 2016 us=162925   persist_tun = ENABLED
Mon Aug 22 17:40:02 2016 us=162925   persist_local_ip = DISABLED
Mon Aug 22 17:40:02 2016 us=162925   persist_remote_ip = DISABLED
Mon Aug 22 17:40:02 2016 us=162925   persist_key = ENABLED
Mon Aug 22 17:40:02 2016 us=162925   passtos = DISABLED
Mon Aug 22 17:40:02 2016 us=162925   resolve_retry_seconds = 1000000000
Mon Aug 22 17:40:02 2016 us=162925   username = '[UNDEF]'
Mon Aug 22 17:40:02 2016 us=162925   groupname = '[UNDEF]'
Mon Aug 22 17:40:02 2016 us=162925   chroot_dir = '[UNDEF]'
Mon Aug 22 17:40:02 2016 us=162925   cd_dir = '[UNDEF]'
Mon Aug 22 17:40:02 2016 us=162925   writepid = '[UNDEF]'
Mon Aug 22 17:40:02 2016 us=162925   up_script = '[UNDEF]'
Mon Aug 22 17:40:02 2016 us=162925   down_script = '[UNDEF]'
Mon Aug 22 17:40:02 2016 us=162925   down_pre = DISABLED
Mon Aug 22 17:40:02 2016 us=162925   up_restart = DISABLED
Mon Aug 22 17:40:02 2016 us=162925   up_delay = DISABLED
Mon Aug 22 17:40:02 2016 us=162925   daemon = DISABLED
Mon Aug 22 17:40:02 2016 us=162925   inetd = 0
Mon Aug 22 17:40:02 2016 us=162925   log = ENABLED
Mon Aug 22 17:40:02 2016 us=162925   suppress_timestamps = DISABLED
Mon Aug 22 17:40:02 2016 us=162925   nice = 0
Mon Aug 22 17:40:02 2016 us=162925   verbosity = 4
Mon Aug 22 17:40:02 2016 us=162925   mute = 0
Mon Aug 22 17:40:02 2016 us=162925   gremlin = 0
Mon Aug 22 17:40:02 2016 us=162925   status_file = '[UNDEF]'
Mon Aug 22 17:40:02 2016 us=162925   status_file_version = 1
Mon Aug 22 17:40:02 2016 us=162925   status_file_update_freq = 60
Mon Aug 22 17:40:02 2016 us=162925   occ = ENABLED
Mon Aug 22 17:40:02 2016 us=162925   rcvbuf = 0
Mon Aug 22 17:40:02 2016 us=162925   sndbuf = 0
Mon Aug 22 17:40:02 2016 us=162925   sockflags = 0
Mon Aug 22 17:40:02 2016 us=162925   fast_io = DISABLED
Mon Aug 22 17:40:02 2016 us=162925   lzo = 7
Mon Aug 22 17:40:02 2016 us=162925   route_script = '[UNDEF]'
Mon Aug 22 17:40:02 2016 us=162925   route_default_gateway = '[UNDEF]'
Mon Aug 22 17:40:02 2016 us=162925   route_default_metric = 0
Mon Aug 22 17:40:02 2016 us=162925   route_noexec = DISABLED
Mon Aug 22 17:40:02 2016 us=162925   route_delay = 5
Mon Aug 22 17:40:02 2016 us=162925   route_delay_window = 30
Mon Aug 22 17:40:02 2016 us=162925   route_delay_defined = ENABLED
Mon Aug 22 17:40:02 2016 us=162925   route_nopull = DISABLED
Mon Aug 22 17:40:02 2016 us=162925   route_gateway_via_dhcp = DISABLED
Mon Aug 22 17:40:02 2016 us=162925   max_routes = 100
Mon Aug 22 17:40:02 2016 us=162925   allow_pull_fqdn = DISABLED
Mon Aug 22 17:40:02 2016 us=162925   management_addr = '127.0.0.1'
Mon Aug 22 17:40:02 2016 us=162925   management_port = 25342
Mon Aug 22 17:40:02 2016 us=162925   management_user_pass = 'stdin'
Mon Aug 22 17:40:02 2016 us=162925   management_log_history_cache = 250
Mon Aug 22 17:40:02 2016 us=162925   management_echo_buffer_size = 100
Mon Aug 22 17:40:02 2016 us=162925   management_write_peer_info_file = '[UNDEF]'
Mon Aug 22 17:40:02 2016 us=162925   management_client_user = '[UNDEF]'
Mon Aug 22 17:40:02 2016 us=162925   management_client_group = '[UNDEF]'
Mon Aug 22 17:40:02 2016 us=162925   management_flags = 6
Mon Aug 22 17:40:02 2016 us=162925   shared_secret_file = '[UNDEF]'
Mon Aug 22 17:40:02 2016 us=162925   key_direction = 2
Mon Aug 22 17:40:02 2016 us=162925   ciphername_defined = ENABLED
Mon Aug 22 17:40:02 2016 us=162925   ciphername = 'BF-CBC'
Mon Aug 22 17:40:02 2016 us=162925   authname_defined = ENABLED
Mon Aug 22 17:40:02 2016 us=162925   authname = 'SHA1'
Mon Aug 22 17:40:02 2016 us=162925   prng_hash = 'SHA1'
Mon Aug 22 17:40:02 2016 us=162925   prng_nonce_secret_len = 16
Mon Aug 22 17:40:02 2016 us=162925   keysize = 0
Mon Aug 22 17:40:02 2016 us=162925   engine = DISABLED
Mon Aug 22 17:40:02 2016 us=162925   replay = ENABLED
Mon Aug 22 17:40:02 2016 us=162925   mute_replay_warnings = DISABLED
Mon Aug 22 17:40:02 2016 us=162925   replay_window = 64
Mon Aug 22 17:40:02 2016 us=162925   replay_time = 15
Mon Aug 22 17:40:02 2016 us=162925   packet_id_file = '[UNDEF]'
Mon Aug 22 17:40:02 2016 us=162925   use_iv = ENABLED
Mon Aug 22 17:40:02 2016 us=162925   test_crypto = DISABLED
Mon Aug 22 17:40:02 2016 us=162925   tls_server = DISABLED
Mon Aug 22 17:40:02 2016 us=162925   tls_client = ENABLED
Mon Aug 22 17:40:02 2016 us=162925   key_method = 2
Mon Aug 22 17:40:02 2016 us=162925   ca_file = '[[INLINE]]'
Mon Aug 22 17:40:02 2016 us=162925   ca_path = '[UNDEF]'
Mon Aug 22 17:40:02 2016 us=162925   dh_file = '[UNDEF]'
Mon Aug 22 17:40:02 2016 us=162925   cert_file = '[[INLINE]]'
Mon Aug 22 17:40:02 2016 us=162925   extra_certs_file = '[UNDEF]'
Mon Aug 22 17:40:02 2016 us=162925   priv_key_file = '[[INLINE]]'
Mon Aug 22 17:40:02 2016 us=162925   pkcs12_file = '[UNDEF]'
Mon Aug 22 17:40:02 2016 us=162925   cryptoapi_cert = '[UNDEF]'
Mon Aug 22 17:40:02 2016 us=162925   cipher_list = '[UNDEF]'
Mon Aug 22 17:40:02 2016 us=162925   tls_verify = '[UNDEF]'
Mon Aug 22 17:40:02 2016 us=162925   tls_export_cert = '[UNDEF]'
Mon Aug 22 17:40:02 2016 us=162925   verify_x509_type = 0
Mon Aug 22 17:40:02 2016 us=162925   verify_x509_name = '[UNDEF]'
Mon Aug 22 17:40:02 2016 us=162925   crl_file = '[UNDEF]'
Mon Aug 22 17:40:02 2016 us=162925   ns_cert_type = 0
Mon Aug 22 17:40:02 2016 us=162925   remote_cert_ku[i] = 160
Mon Aug 22 17:40:02 2016 us=162925   remote_cert_ku[i] = 136
Mon Aug 22 17:40:02 2016 us=162925   remote_cert_ku[i] = 0
Mon Aug 22 17:40:02 2016 us=162925   remote_cert_ku[i] = 0
Mon Aug 22 17:40:02 2016 us=162925   remote_cert_ku[i] = 0
Mon Aug 22 17:40:02 2016 us=162925   remote_cert_ku[i] = 0
Mon Aug 22 17:40:02 2016 us=162925   remote_cert_ku[i] = 0
Mon Aug 22 17:40:02 2016 us=162925   remote_cert_ku[i] = 0
Mon Aug 22 17:40:02 2016 us=162925   remote_cert_ku[i] = 0
Mon Aug 22 17:40:02 2016 us=162925   remote_cert_ku[i] = 0
Mon Aug 22 17:40:02 2016 us=162925   remote_cert_ku[i] = 0
Mon Aug 22 17:40:02 2016 us=162925   remote_cert_ku[i] = 0
Mon Aug 22 17:40:02 2016 us=162925   remote_cert_ku[i] = 0
Mon Aug 22 17:40:02 2016 us=162925   remote_cert_ku[i] = 0
Mon Aug 22 17:40:02 2016 us=162925   remote_cert_ku[i] = 0
Mon Aug 22 17:40:02 2016 us=162925   remote_cert_ku[i] = 0
Mon Aug 22 17:40:02 2016 us=162925   remote_cert_eku = 'TLS Web Server Authentication'
Mon Aug 22 17:40:02 2016 us=162925   ssl_flags = 0
Mon Aug 22 17:40:02 2016 us=162925   tls_timeout = 2
Mon Aug 22 17:40:02 2016 us=162925   renegotiate_bytes = 0
Mon Aug 22 17:40:02 2016 us=162925   renegotiate_packets = 0
Mon Aug 22 17:40:02 2016 us=162925   renegotiate_seconds = 3600
Mon Aug 22 17:40:02 2016 us=162925   handshake_window = 60
Mon Aug 22 17:40:02 2016 us=162925   transition_window = 3600
Mon Aug 22 17:40:02 2016 us=162925   single_session = DISABLED
Mon Aug 22 17:40:02 2016 us=162925   push_peer_info = DISABLED
Mon Aug 22 17:40:02 2016 us=162925   tls_exit = DISABLED
Mon Aug 22 17:40:02 2016 us=162925   tls_auth_file = '[[INLINE]]'
Mon Aug 22 17:40:02 2016 us=162925   pkcs11_protected_authentication = DISABLED
Mon Aug 22 17:40:02 2016 us=162925   pkcs11_protected_authentication = DISABLED
Mon Aug 22 17:40:02 2016 us=162925   pkcs11_protected_authentication = DISABLED
Mon Aug 22 17:40:02 2016 us=162925   pkcs11_protected_authentication = DISABLED
Mon Aug 22 17:40:02 2016 us=162925   pkcs11_protected_authentication = DISABLED
Mon Aug 22 17:40:02 2016 us=162925   pkcs11_protected_authentication = DISABLED
Mon Aug 22 17:40:02 2016 us=162925   pkcs11_protected_authentication = DISABLED
Mon Aug 22 17:40:02 2016 us=162925   pkcs11_protected_authentication = DISABLED
Mon Aug 22 17:40:02 2016 us=162925   pkcs11_protected_authentication = DISABLED
Mon Aug 22 17:40:02 2016 us=162925   pkcs11_protected_authentication = DISABLED
Mon Aug 22 17:40:02 2016 us=162925   pkcs11_protected_authentication = DISABLED
Mon Aug 22 17:40:02 2016 us=162925   pkcs11_protected_authentication = DISABLED
Mon Aug 22 17:40:02 2016 us=162925   pkcs11_protected_authentication = DISABLED
Mon Aug 22 17:40:02 2016 us=162925   pkcs11_protected_authentication = DISABLED
Mon Aug 22 17:40:02 2016 us=162925   pkcs11_protected_authentication = DISABLED
Mon Aug 22 17:40:02 2016 us=162925   pkcs11_protected_authentication = DISABLED
Mon Aug 22 17:40:02 2016 us=162925   pkcs11_private_mode = 00000000
Mon Aug 22 17:40:02 2016 us=162925   pkcs11_private_mode = 00000000
Mon Aug 22 17:40:02 2016 us=162925   pkcs11_private_mode = 00000000
Mon Aug 22 17:40:02 2016 us=162925   pkcs11_private_mode = 00000000
Mon Aug 22 17:40:02 2016 us=162925   pkcs11_private_mode = 00000000
Mon Aug 22 17:40:02 2016 us=162925   pkcs11_private_mode = 00000000
Mon Aug 22 17:40:02 2016 us=162925   pkcs11_private_mode = 00000000
Mon Aug 22 17:40:02 2016 us=162925   pkcs11_private_mode = 00000000
Mon Aug 22 17:40:02 2016 us=162925   pkcs11_private_mode = 00000000
Mon Aug 22 17:40:02 2016 us=162925   pkcs11_private_mode = 00000000
Mon Aug 22 17:40:02 2016 us=162925   pkcs11_private_mode = 00000000
Mon Aug 22 17:40:02 2016 us=162925   pkcs11_private_mode = 00000000
Mon Aug 22 17:40:02 2016 us=162925   pkcs11_private_mode = 00000000
Mon Aug 22 17:40:02 2016 us=162925   pkcs11_private_mode = 00000000
Mon Aug 22 17:40:02 2016 us=162925   pkcs11_private_mode = 00000000
Mon Aug 22 17:40:02 2016 us=162925   pkcs11_private_mode = 00000000
Mon Aug 22 17:40:02 2016 us=162925   pkcs11_cert_private = DISABLED
Mon Aug 22 17:40:02 2016 us=162925   pkcs11_cert_private = DISABLED
Mon Aug 22 17:40:02 2016 us=162925   pkcs11_cert_private = DISABLED
Mon Aug 22 17:40:02 2016 us=162925   pkcs11_cert_private = DISABLED
Mon Aug 22 17:40:02 2016 us=162925   pkcs11_cert_private = DISABLED
Mon Aug 22 17:40:02 2016 us=162925   pkcs11_cert_private = DISABLED
Mon Aug 22 17:40:02 2016 us=162925   pkcs11_cert_private = DISABLED
Mon Aug 22 17:40:02 2016 us=162925   pkcs11_cert_private = DISABLED
Mon Aug 22 17:40:02 2016 us=162925   pkcs11_cert_private = DISABLED
Mon Aug 22 17:40:02 2016 us=162925   pkcs11_cert_private = DISABLED
Mon Aug 22 17:40:02 2016 us=162925   pkcs11_cert_private = DISABLED
Mon Aug 22 17:40:02 2016 us=162925   pkcs11_cert_private = DISABLED
Mon Aug 22 17:40:02 2016 us=162925   pkcs11_cert_private = DISABLED
Mon Aug 22 17:40:02 2016 us=162925   pkcs11_cert_private = DISABLED
Mon Aug 22 17:40:02 2016 us=162925   pkcs11_cert_private = DISABLED
Mon Aug 22 17:40:02 2016 us=162925   pkcs11_cert_private = DISABLED
Mon Aug 22 17:40:02 2016 us=162925   pkcs11_pin_cache_period = -1
Mon Aug 22 17:40:02 2016 us=162925   pkcs11_id = '[UNDEF]'
Mon Aug 22 17:40:02 2016 us=162925   pkcs11_id_management = DISABLED
Mon Aug 22 17:40:02 2016 us=162925   server_network = 0.0.0.0
Mon Aug 22 17:40:02 2016 us=162925   server_netmask = 0.0.0.0
Mon Aug 22 17:40:02 2016 us=178559   server_network_ipv6 = ::
Mon Aug 22 17:40:02 2016 us=178559   server_netbits_ipv6 = 0
Mon Aug 22 17:40:02 2016 us=178559   server_bridge_ip = 0.0.0.0
Mon Aug 22 17:40:02 2016 us=178559   server_bridge_netmask = 0.0.0.0
Mon Aug 22 17:40:02 2016 us=178559   server_bridge_pool_start = 0.0.0.0
Mon Aug 22 17:40:02 2016 us=178559   server_bridge_pool_end = 0.0.0.0
Mon Aug 22 17:40:02 2016 us=178559   ifconfig_pool_defined = DISABLED
Mon Aug 22 17:40:02 2016 us=178559   ifconfig_pool_start = 0.0.0.0
Mon Aug 22 17:40:02 2016 us=178559   ifconfig_pool_end = 0.0.0.0
Mon Aug 22 17:40:02 2016 us=178559   ifconfig_pool_netmask = 0.0.0.0
Mon Aug 22 17:40:02 2016 us=178559   ifconfig_pool_persist_filename = '[UNDEF]'
Mon Aug 22 17:40:02 2016 us=178559   ifconfig_pool_persist_refresh_freq = 600
Mon Aug 22 17:40:02 2016 us=178559   ifconfig_ipv6_pool_defined = DISABLED
Mon Aug 22 17:40:02 2016 us=178559   ifconfig_ipv6_pool_base = ::
Mon Aug 22 17:40:02 2016 us=178559   ifconfig_ipv6_pool_netbits = 0
Mon Aug 22 17:40:02 2016 us=178559   n_bcast_buf = 256
Mon Aug 22 17:40:02 2016 us=178559   tcp_queue_limit = 64
Mon Aug 22 17:40:02 2016 us=178559   real_hash_size = 256
Mon Aug 22 17:40:02 2016 us=178559   virtual_hash_size = 256
Mon Aug 22 17:40:02 2016 us=178559   client_connect_script = '[UNDEF]'
Mon Aug 22 17:40:02 2016 us=178559   learn_address_script = '[UNDEF]'
Mon Aug 22 17:40:02 2016 us=178559   client_disconnect_script = '[UNDEF]'
Mon Aug 22 17:40:02 2016 us=178559   client_config_dir = '[UNDEF]'
Mon Aug 22 17:40:02 2016 us=178559   ccd_exclusive = DISABLED
Mon Aug 22 17:40:02 2016 us=178559   tmp_dir = 'D:\Ryan Baxter\Temp\'
Mon Aug 22 17:40:02 2016 us=178559   push_ifconfig_defined = DISABLED
Mon Aug 22 17:40:02 2016 us=178559   push_ifconfig_local = 0.0.0.0
Mon Aug 22 17:40:02 2016 us=178559   push_ifconfig_remote_netmask = 0.0.0.0
Mon Aug 22 17:40:02 2016 us=178559   push_ifconfig_ipv6_defined = DISABLED
Mon Aug 22 17:40:02 2016 us=178559   push_ifconfig_ipv6_local = ::/0
Mon Aug 22 17:40:02 2016 us=178559   push_ifconfig_ipv6_remote = ::
Mon Aug 22 17:40:02 2016 us=178559   enable_c2c = DISABLED
Mon Aug 22 17:40:02 2016 us=178559   duplicate_cn = DISABLED
Mon Aug 22 17:40:02 2016 us=178559   cf_max = 0
Mon Aug 22 17:40:02 2016 us=178559   cf_per = 0
Mon Aug 22 17:40:02 2016 us=178559   max_clients = 1024
Mon Aug 22 17:40:02 2016 us=178559   max_routes_per_client = 256
Mon Aug 22 17:40:02 2016 us=178559   auth_user_pass_verify_script = '[UNDEF]'
Mon Aug 22 17:40:02 2016 us=178559   auth_user_pass_verify_script_via_file = DISABLED
Mon Aug 22 17:40:02 2016 us=178559   client = ENABLED
Mon Aug 22 17:40:02 2016 us=178559   pull = ENABLED
Mon Aug 22 17:40:02 2016 us=178559   auth_user_pass_file = '[UNDEF]'
Mon Aug 22 17:40:02 2016 us=178559   show_net_up = DISABLED
Mon Aug 22 17:40:02 2016 us=178559   route_method = 0
Mon Aug 22 17:40:02 2016 us=178559   block_outside_dns = DISABLED
Mon Aug 22 17:40:02 2016 us=178559   ip_win32_defined = DISABLED
Mon Aug 22 17:40:02 2016 us=178559   ip_win32_type = 3
Mon Aug 22 17:40:02 2016 us=178559   dhcp_masq_offset = 0
Mon Aug 22 17:40:02 2016 us=178559   dhcp_lease_time = 31536000
Mon Aug 22 17:40:02 2016 us=178559   tap_sleep = 0
Mon Aug 22 17:40:02 2016 us=178559   dhcp_options = DISABLED
Mon Aug 22 17:40:02 2016 us=178559   dhcp_renew = DISABLED
Mon Aug 22 17:40:02 2016 us=178559   dhcp_pre_release = DISABLED
Mon Aug 22 17:40:02 2016 us=178559   dhcp_release = DISABLED
Mon Aug 22 17:40:02 2016 us=178559   domain = '[UNDEF]'
Mon Aug 22 17:40:02 2016 us=178559   netbios_scope = '[UNDEF]'
Mon Aug 22 17:40:02 2016 us=178559   netbios_node_type = 0
Mon Aug 22 17:40:02 2016 us=178559   disable_nbt = DISABLED
Mon Aug 22 17:40:02 2016 us=178559 OpenVPN 2.3.11 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on May 10 2016
Mon Aug 22 17:40:02 2016 us=178559 Windows version 6.2 (Windows 8 or greater) 64bit
Mon Aug 22 17:40:02 2016 us=178559 library versions: OpenSSL 1.0.1t  3 May 2016, LZO 2.09
Enter Management Password:
Mon Aug 22 17:40:02 2016 us=178559 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25342
Mon Aug 22 17:40:02 2016 us=178559 Need hold release from management interface, waiting...
Mon Aug 22 17:40:02 2016 us=662978 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25342
Mon Aug 22 17:40:02 2016 us=772402 MANAGEMENT: CMD 'state on'
Mon Aug 22 17:40:02 2016 us=772402 MANAGEMENT: CMD 'log all on'
Mon Aug 22 17:40:02 2016 us=913005 MANAGEMENT: CMD 'hold off'
Mon Aug 22 17:40:02 2016 us=913005 MANAGEMENT: CMD 'hold release'
Mon Aug 22 17:40:03 2016 us=6794 Control Channel Authentication: tls-auth using INLINE static key file
Mon Aug 22 17:40:03 2016 us=6794 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Aug 22 17:40:03 2016 us=6794 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Aug 22 17:40:03 2016 us=6794 LZO compression initialized
Mon Aug 22 17:40:03 2016 us=6794 Control Channel MTU parms [ L:1542 D:1184 EF:66 EB:0 ET:0 EL:3 ]
Mon Aug 22 17:40:03 2016 us=6794 Socket Buffers: R=[65536->65536] S=[65536->65536]
Mon Aug 22 17:40:03 2016 us=6794 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:143 ET:0 EL:3 AF:3/1 ]
Mon Aug 22 17:40:03 2016 us=6794 Local Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client'
Mon Aug 22 17:40:03 2016 us=6794 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server'
Mon Aug 22 17:40:03 2016 us=6794 Local Options hash (VER=V4): '504e774e'
Mon Aug 22 17:40:03 2016 us=6794 Expected Remote Options hash (VER=V4): '14168603'
Mon Aug 22 17:40:03 2016 us=6794 UDPv4 link local: [undef]
Mon Aug 22 17:40:03 2016 us=6794 UDPv4 link remote: [AF_INET]159.203.95.14:443
Mon Aug 22 17:40:03 2016 us=6794 MANAGEMENT: >STATE:1471902003,WAIT,,,
Mon Aug 22 17:40:03 2016 us=756922 MANAGEMENT: >STATE:1471902003,AUTH,,,
Mon Aug 22 17:40:03 2016 us=756922 TLS: Initial packet from [AF_INET]159.203.95.14:443, sid=6ec55378 b3bc0ed9
Mon Aug 22 17:40:05 2016 us=272717 VERIFY OK: depth=1, C=US, ST=NY, L=New York City, O=DigitalOcean, OU=Community, CN=DigitalOcean CA, name=server, emailAddress=ryan.baxter@domain.com
Mon Aug 22 17:40:05 2016 us=272717 Validating certificate key usage
Mon Aug 22 17:40:05 2016 us=272717 ++ Certificate has key usage  00a0, expects 00a0
Mon Aug 22 17:40:05 2016 us=272717 VERIFY KU OK
Mon Aug 22 17:40:05 2016 us=272717 Validating certificate extended key usage
Mon Aug 22 17:40:05 2016 us=272717 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Mon Aug 22 17:40:05 2016 us=272717 VERIFY EKU OK
Mon Aug 22 17:40:05 2016 us=272717 VERIFY OK: depth=0, C=US, ST=NY, L=New York City, O=DigitalOcean, OU=Community, CN=server, name=server, emailAddress=ryan.baxter@domain.com
Mon Aug 22 17:40:08 2016 us=117026 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Aug 22 17:40:08 2016 us=117026 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Aug 22 17:40:08 2016 us=117026 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Aug 22 17:40:08 2016 us=117026 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Aug 22 17:40:08 2016 us=117026 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Mon Aug 22 17:40:08 2016 us=117026 [server] Peer Connection Initiated with [AF_INET]159.203.95.14:443
Mon Aug 22 17:40:09 2016 us=70240 MANAGEMENT: >STATE:1471902009,GET_CONFIG,,,
Mon Aug 22 17:40:10 2016 us=195879 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Mon Aug 22 17:40:11 2016 us=39855 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5'
Mon Aug 22 17:40:11 2016 us=39855 OPTIONS IMPORT: timers and/or timeouts modified
Mon Aug 22 17:40:11 2016 us=39855 OPTIONS IMPORT: --ifconfig/up options modified
Mon Aug 22 17:40:11 2016 us=39855 OPTIONS IMPORT: route options modified
Mon Aug 22 17:40:11 2016 us=39855 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Mon Aug 22 17:40:11 2016 us=39855 ROUTE_GATEWAY 192.168.1.1/255.255.255.0 I=18 HWADDR=a0:d3:7a:29:60:71
Mon Aug 22 17:40:11 2016 us=86672 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Mon Aug 22 17:40:11 2016 us=86672 MANAGEMENT: >STATE:1471902011,ASSIGN_IP,,10.8.0.6,
Mon Aug 22 17:40:11 2016 us=86672 open_tun, tt->ipv6=0
Mon Aug 22 17:40:11 2016 us=86672 TAP-WIN32 device [Ethernet 2] opened: \\.\Global\{EB1E7E78-0EDA-40B6-BC79-22714AE2CC43}.tap
Mon Aug 22 17:40:11 2016 us=86672 TAP-Windows Driver Version 9.21 
Mon Aug 22 17:40:11 2016 us=86672 TAP-Windows MTU=1500
Mon Aug 22 17:40:11 2016 us=86672 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.8.0.6/255.255.255.252 on interface {EB1E7E78-0EDA-40B6-BC79-22714AE2CC43} [DHCP-serv: 10.8.0.5, lease-time: 31536000]
Mon Aug 22 17:40:11 2016 us=86672 DHCP option string: 06080808 08080808 0404
Mon Aug 22 17:40:11 2016 us=86672 Successful ARP Flush on interface [20] {EB1E7E78-0EDA-40B6-BC79-22714AE2CC43}
Mon Aug 22 17:40:16 2016 us=63178 TEST ROUTES: 2/2 succeeded len=1 ret=1 a=0 u/d=up
Mon Aug 22 17:40:16 2016 us=63178 C:\Windows\system32\route.exe ADD 159.203.95.14 MASK 255.255.255.255 192.168.1.1
Mon Aug 22 17:40:16 2016 us=63178 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=55 and dwForwardType=4
Mon Aug 22 17:40:16 2016 us=63178 Route addition via IPAPI succeeded [adaptive]
Mon Aug 22 17:40:16 2016 us=63178 C:\Windows\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.8.0.5
Mon Aug 22 17:40:16 2016 us=63178 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=35 and dwForwardType=4
Mon Aug 22 17:40:16 2016 us=63178 Route addition via IPAPI succeeded [adaptive]
Mon Aug 22 17:40:16 2016 us=63178 C:\Windows\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.8.0.5
Mon Aug 22 17:40:16 2016 us=63178 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=35 and dwForwardType=4
Mon Aug 22 17:40:16 2016 us=63178 Route addition via IPAPI succeeded [adaptive]
Mon Aug 22 17:40:16 2016 us=63178 MANAGEMENT: >STATE:1471902016,ADD_ROUTES,,,
Mon Aug 22 17:40:16 2016 us=63178 C:\Windows\system32\route.exe ADD 10.8.0.1 MASK 255.255.255.255 10.8.0.5
Mon Aug 22 17:40:16 2016 us=313204 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=35 and dwForwardType=4
Mon Aug 22 17:40:16 2016 us=313204 Route addition via IPAPI succeeded [adaptive]
Mon Aug 22 17:40:16 2016 us=313204 Initialization Sequence Completed
Mon Aug 22 17:40:16 2016 us=313204 MANAGEMENT: >STATE:1471902016,CONNECTED,SUCCESS,10.8.0.6,159.203.95.14
Mon Aug 22 17:48:19 2016 us=171535 PID_ERR replay-window backtrack occurred [1] [SSL-0] [0_006789>>>>>>>>>EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE] 0:1953 0:1952 t=1471902499[0] r=[0,64,15,1,1] sl=[31,64,64,528]
Mon Aug 22 17:53:18 2016 us=943659 TCP/UDP: Closing socket
Mon Aug 22 17:53:18 2016 us=943659 C:\Windows\system32\route.exe DELETE 10.8.0.1 MASK 255.255.255.255 10.8.0.5
Mon Aug 22 17:53:18 2016 us=943659 Route deletion via IPAPI succeeded [adaptive]
Mon Aug 22 17:53:18 2016 us=943659 C:\Windows\system32\route.exe DELETE 159.203.95.14 MASK 255.255.255.255 192.168.1.1
Mon Aug 22 17:53:18 2016 us=943659 Route deletion via IPAPI succeeded [adaptive]
Mon Aug 22 17:53:18 2016 us=943659 C:\Windows\system32\route.exe DELETE 0.0.0.0 MASK 128.0.0.0 10.8.0.5
Mon Aug 22 17:53:18 2016 us=959288 Route deletion via IPAPI succeeded [adaptive]
Mon Aug 22 17:53:18 2016 us=959288 C:\Windows\system32\route.exe DELETE 128.0.0.0 MASK 128.0.0.0 10.8.0.5
Mon Aug 22 17:53:18 2016 us=959288 Route deletion via IPAPI succeeded [adaptive]
Mon Aug 22 17:53:18 2016 us=959288 Closing TUN/TAP interface
Mon Aug 22 17:53:18 2016 us=959288 SIGTERM[hard,] received, process exiting
Mon Aug 22 17:53:18 2016 us=959288 MANAGEMENT: >STATE:1471902798,EXITING,SIGTERM,,

Server OpenVPN Log (Verbosity 4), posted to pastebin due to post character restriction:
http://pastebin.com/tawBcrju

OpenVPN Support Forum

Routing loop on TAP interface

Routing loop on TAP interface

Re: Routing loop on TAP interface

Re: Routing loop on TAP interface

Re: Routing loop on TAP interface

Re: Routing loop on TAP interface

Re: Routing loop on TAP interface

Re: Routing loop on TAP interface

Re: Routing loop on TAP interface

Re: Routing loop on TAP interface

Re: Routing loop on TAP interface

Re: Routing loop on TAP interface

Re: Routing loop on TAP interface