Client can't see server's LAN

[opapanik]

Hello everyone,

I recently setup an OpenVPN server (2.4.1) on a Windows 7 Ultimate laptop which is up 24/7, and a connecting client (Android Marschmallow phone, am trying both OpenVPN connect and OpenVPN for Android clients, same results).

The problem:
---------------
The VPN client cannot see the rest of the LAN (pings from the client to LAN machines other than the server are unsuccessful)

Everything else works as expected (client connects, sees the server using both its VPN or LAN IP, sees internet through VPN, LAN machines can see the client)

The problem occurs with or without firewalls enabled, and it doesn't matter how the client connects (WiFi or LTE).

Details of the situation:
----------------------------
Pings from the client to *both* the server's LAN and VPN IP, ok.
Pings from the client to other LAN machines, FAIL. <<< the problem
Pings from LAN machines to the client, ok.
Pings from LAN machines to LAN, ok.

The setup:
-------------
LAN subnet: 10.20.30.0/24
modem/router at 10.20.30.254
server at 10.20.30.10

VPN subnet: 10.20.31.0/24
server gets 10.20.31.1
client gets 10.20.31.2

Extra steps taken:
----------------------
Added route to the router for LAN > VPN. Works, because LAN machines successfully ping the VPN client.

I have enabled routing in server's (Windows 7) registry:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters]
"IPEnableRouter"=dword:00000001

Server configuration:
-------------------------
proto udp4
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh4096.pem
topology subnet
server 10.20.31.0 255.255.255.0
ifconfig-pool-persist ipp.txt
client-to-client
keepalive 10 120
cipher AES-256-CBC
persist-key
persist-tun
status openvpn-status.log
verb 6
explicit-exit-notify 1

;push "redirect-gateway def1 bypass-dhcp"
;push "route 10.20.30.0 255.255.255.0 10.20.31.1"
;push "dhcp-option DNS 10.20.31.1"
;push "dhcp-option DNS 10.20.30.254"
;route 10.20.30.0 255.255.255.0 10.20.30.254

The last 5 lines is what I have tried playing with. No results.

Whatever I do, I saw in some log that a vpn gateway is set up as 10.20.31.254 (which does not exist). I suppose its some virtual gateway that openvpn server automatically defines?

Client configuration:
------------------------
client
dev tun
proto udp
remote ---.ddns.net 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
cipher AES-256-CBC
verb 6

About Windows quirks:
---------------------------
Instructions for the windows server case, state that one should make that registry change (which I have done as I say above), and also enabling promiscuous mode on the adapter.
But after searching for that, it seems it only concerns bridged connections, which is not the case here, right? The command "netsh bridge show adapter" shows no adapters on my Windows box.

In any case it seems to me that the server is not able to route VPN > LAN. Could the TAP driver be the culprit? The OS? The NIC?

Any ideas on what might be wrong please?

Logs available on request.

Thank you

[TinCanTech]

Use --verb 4 and post your logs please.

[Pippin]

Looks like

Code: Select all

push "route 10.20.30.0 255.255.255.0"

is missing.
Restart after changes.

[opapanik]

Thanks for looking into it!

Started openvpn server on windows 7 (the gui edition) then after it was ready (green icon) I started the OpenVPN for Android client on the phone (which was connected to the mobile data provider).
Did some pings using LanDroid from the phone (but didn't register to the log because of the verbose level), then disconnected the client, disconnected the server. Here are the logs:

Server log:

Code: Select all

Sun May 07 20:31:55 2017 us=898120 Current Parameter Settings:
Sun May 07 20:31:55 2017 us=898120   config = 'server.ovpn'
Sun May 07 20:31:55 2017 us=898120   mode = 1
Sun May 07 20:31:55 2017 us=898120   show_ciphers = DISABLED
Sun May 07 20:31:55 2017 us=898120   show_digests = DISABLED
Sun May 07 20:31:55 2017 us=898120   show_engines = DISABLED
Sun May 07 20:31:55 2017 us=898120   genkey = DISABLED
Sun May 07 20:31:55 2017 us=898120   key_pass_file = '[UNDEF]'
Sun May 07 20:31:55 2017 us=898120   show_tls_ciphers = DISABLED
Sun May 07 20:31:55 2017 us=898120   connect_retry_max = 0
Sun May 07 20:31:55 2017 us=898120 Connection profiles [0]:
Sun May 07 20:31:55 2017 us=898120   proto = udp4
Sun May 07 20:31:55 2017 us=898120   local = '[UNDEF]'
Sun May 07 20:31:55 2017 us=898120   local_port = '1194'
Sun May 07 20:31:55 2017 us=898120   remote = '[UNDEF]'
Sun May 07 20:31:55 2017 us=898120   remote_port = '1194'
Sun May 07 20:31:55 2017 us=898120   remote_float = DISABLED
Sun May 07 20:31:55 2017 us=898120   bind_defined = DISABLED
Sun May 07 20:31:55 2017 us=898120   bind_local = ENABLED
Sun May 07 20:31:55 2017 us=898120   bind_ipv6_only = DISABLED
Sun May 07 20:31:55 2017 us=898120   connect_retry_seconds = 5
Sun May 07 20:31:55 2017 us=898120   connect_timeout = 120
Sun May 07 20:31:55 2017 us=898120   socks_proxy_server = '[UNDEF]'
Sun May 07 20:31:55 2017 us=898120   socks_proxy_port = '[UNDEF]'
Sun May 07 20:31:55 2017 us=898120   tun_mtu = 1500
Sun May 07 20:31:55 2017 us=898120   tun_mtu_defined = ENABLED
Sun May 07 20:31:55 2017 us=898120   link_mtu = 1500
Sun May 07 20:31:55 2017 us=898120   link_mtu_defined = DISABLED
Sun May 07 20:31:55 2017 us=898120   tun_mtu_extra = 0
Sun May 07 20:31:55 2017 us=898120   tun_mtu_extra_defined = DISABLED
Sun May 07 20:31:55 2017 us=898120   mtu_discover_type = -1
Sun May 07 20:31:55 2017 us=898120   fragment = 0
Sun May 07 20:31:55 2017 us=898120   mssfix = 1450
Sun May 07 20:31:55 2017 us=898120   explicit_exit_notification = 1
Sun May 07 20:31:55 2017 us=898120 Connection profiles END
Sun May 07 20:31:55 2017 us=898120   remote_random = DISABLED
Sun May 07 20:31:55 2017 us=898120   ipchange = '[UNDEF]'
Sun May 07 20:31:55 2017 us=898120   dev = 'tun'
Sun May 07 20:31:55 2017 us=898120   dev_type = '[UNDEF]'
Sun May 07 20:31:55 2017 us=898120   dev_node = 'OpenVPNTAP'
Sun May 07 20:31:55 2017 us=898120   lladdr = '[UNDEF]'
Sun May 07 20:31:55 2017 us=898120   topology = 3
Sun May 07 20:31:55 2017 us=898120   ifconfig_local = '10.20.31.1'
Sun May 07 20:31:55 2017 us=898120   ifconfig_remote_netmask = '255.255.255.0'
Sun May 07 20:31:55 2017 us=898120   ifconfig_noexec = DISABLED
Sun May 07 20:31:55 2017 us=898120   ifconfig_nowarn = DISABLED
Sun May 07 20:31:55 2017 us=898120   ifconfig_ipv6_local = '[UNDEF]'
Sun May 07 20:31:55 2017 us=898120   ifconfig_ipv6_netbits = 0
Sun May 07 20:31:55 2017 us=898120   ifconfig_ipv6_remote = '[UNDEF]'
Sun May 07 20:31:55 2017 us=898120   shaper = 0
Sun May 07 20:31:55 2017 us=898120   mtu_test = 0
Sun May 07 20:31:55 2017 us=898120   mlock = DISABLED
Sun May 07 20:31:55 2017 us=898120   keepalive_ping = 10
Sun May 07 20:31:55 2017 us=898120   keepalive_timeout = 120
Sun May 07 20:31:55 2017 us=898120   inactivity_timeout = 0
Sun May 07 20:31:55 2017 us=898120   ping_send_timeout = 10
Sun May 07 20:31:55 2017 us=898120   ping_rec_timeout = 240
Sun May 07 20:31:55 2017 us=898120   ping_rec_timeout_action = 2
Sun May 07 20:31:55 2017 us=898120   ping_timer_remote = DISABLED
Sun May 07 20:31:55 2017 us=898120   remap_sigusr1 = 0
Sun May 07 20:31:55 2017 us=898120   persist_tun = ENABLED
Sun May 07 20:31:55 2017 us=898120   persist_local_ip = DISABLED
Sun May 07 20:31:55 2017 us=898120   persist_remote_ip = DISABLED
Sun May 07 20:31:55 2017 us=898120   persist_key = ENABLED
Sun May 07 20:31:55 2017 us=898120   passtos = DISABLED
Sun May 07 20:31:55 2017 us=898120   resolve_retry_seconds = 1000000000
Sun May 07 20:31:55 2017 us=898120   resolve_in_advance = DISABLED
Sun May 07 20:31:55 2017 us=898120   username = '[UNDEF]'
Sun May 07 20:31:55 2017 us=898120   groupname = '[UNDEF]'
Sun May 07 20:31:55 2017 us=898120   chroot_dir = '[UNDEF]'
Sun May 07 20:31:55 2017 us=898120   cd_dir = '[UNDEF]'
Sun May 07 20:31:55 2017 us=898120   writepid = '[UNDEF]'
Sun May 07 20:31:55 2017 us=898120   up_script = '[UNDEF]'
Sun May 07 20:31:55 2017 us=898120   down_script = '[UNDEF]'
Sun May 07 20:31:55 2017 us=898120   down_pre = DISABLED
Sun May 07 20:31:55 2017 us=898120   up_restart = DISABLED
Sun May 07 20:31:55 2017 us=898120   up_delay = DISABLED
Sun May 07 20:31:55 2017 us=898120   daemon = DISABLED
Sun May 07 20:31:55 2017 us=898120   inetd = 0
Sun May 07 20:31:55 2017 us=898120   log = ENABLED
Sun May 07 20:31:55 2017 us=898120   suppress_timestamps = DISABLED
Sun May 07 20:31:55 2017 us=898120   machine_readable_output = DISABLED
Sun May 07 20:31:55 2017 us=898120   nice = 0
Sun May 07 20:31:55 2017 us=898120   verbosity = 4
Sun May 07 20:31:55 2017 us=898120   mute = 0
Sun May 07 20:31:55 2017 us=898120   gremlin = 0
Sun May 07 20:31:55 2017 us=898120   status_file = 'openvpn-status.log'
Sun May 07 20:31:55 2017 us=898120   status_file_version = 1
Sun May 07 20:31:55 2017 us=898120   status_file_update_freq = 60
Sun May 07 20:31:55 2017 us=898120   occ = ENABLED
Sun May 07 20:31:55 2017 us=898120   rcvbuf = 0
Sun May 07 20:31:55 2017 us=898120   sndbuf = 0
Sun May 07 20:31:55 2017 us=898120   sockflags = 0
Sun May 07 20:31:55 2017 us=898120   fast_io = DISABLED
Sun May 07 20:31:55 2017 us=898120   comp.alg = 0
Sun May 07 20:31:55 2017 us=898120   comp.flags = 0
Sun May 07 20:31:55 2017 us=898120   route_script = '[UNDEF]'
Sun May 07 20:31:55 2017 us=898120   route_default_gateway = '10.20.31.2'
Sun May 07 20:31:55 2017 us=898120   route_default_metric = 0
Sun May 07 20:31:55 2017 us=898120   route_noexec = DISABLED
Sun May 07 20:31:55 2017 us=898120   route_delay = 0
Sun May 07 20:31:55 2017 us=898120   route_delay_window = 30
Sun May 07 20:31:55 2017 us=898120   route_delay_defined = DISABLED
Sun May 07 20:31:55 2017 us=898120   route_nopull = DISABLED
Sun May 07 20:31:55 2017 us=898120   route_gateway_via_dhcp = DISABLED
Sun May 07 20:31:55 2017 us=898120   allow_pull_fqdn = DISABLED
Sun May 07 20:31:55 2017 us=898120   route 10.20.30.0/255.255.255.0/10.20.30.254/default (not set)
Sun May 07 20:31:55 2017 us=898120   management_addr = '127.0.0.1'
Sun May 07 20:31:55 2017 us=898120   management_port = '25340'
Sun May 07 20:31:55 2017 us=898120   management_user_pass = 'stdin'
Sun May 07 20:31:55 2017 us=898120   management_log_history_cache = 250
Sun May 07 20:31:55 2017 us=898120   management_echo_buffer_size = 100
Sun May 07 20:31:55 2017 us=898120   management_write_peer_info_file = '[UNDEF]'
Sun May 07 20:31:55 2017 us=898120   management_client_user = '[UNDEF]'
Sun May 07 20:31:55 2017 us=898120   management_client_group = '[UNDEF]'
Sun May 07 20:31:55 2017 us=898120   management_flags = 6
Sun May 07 20:31:55 2017 us=898120   shared_secret_file = '[UNDEF]'
Sun May 07 20:31:55 2017 us=898120   key_direction = 0
Sun May 07 20:31:55 2017 us=898120   ciphername = 'AES-256-CBC'
Sun May 07 20:31:55 2017 us=898120   ncp_enabled = ENABLED
Sun May 07 20:31:55 2017 us=898120   ncp_ciphers = 'AES-256-GCM:AES-128-GCM'
Sun May 07 20:31:55 2017 us=898120   authname = 'SHA1'
Sun May 07 20:31:55 2017 us=898120   prng_hash = 'SHA1'
Sun May 07 20:31:55 2017 us=898120   prng_nonce_secret_len = 16
Sun May 07 20:31:55 2017 us=898120   keysize = 0
Sun May 07 20:31:55 2017 us=898120   engine = DISABLED
Sun May 07 20:31:55 2017 us=898120   replay = ENABLED
Sun May 07 20:31:55 2017 us=898120   mute_replay_warnings = DISABLED
Sun May 07 20:31:55 2017 us=898120   replay_window = 64
Sun May 07 20:31:55 2017 us=898120   replay_time = 15
Sun May 07 20:31:55 2017 us=898120   packet_id_file = '[UNDEF]'
Sun May 07 20:31:55 2017 us=898120   use_iv = ENABLED
Sun May 07 20:31:55 2017 us=898120   test_crypto = DISABLED
Sun May 07 20:31:55 2017 us=898120   tls_server = ENABLED
Sun May 07 20:31:55 2017 us=898120   tls_client = DISABLED
Sun May 07 20:31:55 2017 us=898120   key_method = 2
Sun May 07 20:31:55 2017 us=898120   ca_file = 'ca.crt'
Sun May 07 20:31:55 2017 us=898120   ca_path = '[UNDEF]'
Sun May 07 20:31:55 2017 us=898120   dh_file = 'dh4096.pem'
Sun May 07 20:31:55 2017 us=898120   cert_file = 'server.crt'
Sun May 07 20:31:55 2017 us=898120   extra_certs_file = '[UNDEF]'
Sun May 07 20:31:55 2017 us=898120   priv_key_file = 'server.key'
Sun May 07 20:31:55 2017 us=898120   pkcs12_file = '[UNDEF]'
Sun May 07 20:31:55 2017 us=898120   cryptoapi_cert = '[UNDEF]'
Sun May 07 20:31:55 2017 us=898120   cipher_list = '[UNDEF]'
Sun May 07 20:31:55 2017 us=898120   tls_verify = '[UNDEF]'
Sun May 07 20:31:55 2017 us=898120   tls_export_cert = '[UNDEF]'
Sun May 07 20:31:55 2017 us=898120   verify_x509_type = 0
Sun May 07 20:31:55 2017 us=898120   verify_x509_name = '[UNDEF]'
Sun May 07 20:31:55 2017 us=898120   crl_file = '[UNDEF]'
Sun May 07 20:31:55 2017 us=898120   ns_cert_type = 0
Sun May 07 20:31:55 2017 us=898120   remote_cert_ku[i] = 0
Sun May 07 20:31:55 2017 us=898120   remote_cert_ku[i] = 0
Sun May 07 20:31:55 2017 us=898120   remote_cert_ku[i] = 0
Sun May 07 20:31:55 2017 us=898120   remote_cert_ku[i] = 0
Sun May 07 20:31:55 2017 us=898120   remote_cert_ku[i] = 0
Sun May 07 20:31:55 2017 us=898120   remote_cert_ku[i] = 0
Sun May 07 20:31:55 2017 us=898120   remote_cert_ku[i] = 0
Sun May 07 20:31:55 2017 us=898120   remote_cert_ku[i] = 0
Sun May 07 20:31:55 2017 us=898120   remote_cert_ku[i] = 0
Sun May 07 20:31:55 2017 us=898120   remote_cert_ku[i] = 0
Sun May 07 20:31:55 2017 us=898120   remote_cert_ku[i] = 0
Sun May 07 20:31:55 2017 us=898120   remote_cert_ku[i] = 0
Sun May 07 20:31:55 2017 us=898120   remote_cert_ku[i] = 0
Sun May 07 20:31:55 2017 us=898120   remote_cert_ku[i] = 0
Sun May 07 20:31:55 2017 us=898120   remote_cert_ku[i] = 0
Sun May 07 20:31:55 2017 us=898120   remote_cert_ku[i] = 0
Sun May 07 20:31:55 2017 us=898120   remote_cert_eku = '[UNDEF]'
Sun May 07 20:31:55 2017 us=898120   ssl_flags = 0
Sun May 07 20:31:55 2017 us=898120   tls_timeout = 2
Sun May 07 20:31:55 2017 us=898120   renegotiate_bytes = -1
Sun May 07 20:31:55 2017 us=898120   renegotiate_packets = 0
Sun May 07 20:31:55 2017 us=898120   renegotiate_seconds = 3600
Sun May 07 20:31:55 2017 us=898120   handshake_window = 60
Sun May 07 20:31:55 2017 us=898120   transition_window = 3600
Sun May 07 20:31:55 2017 us=898120   single_session = DISABLED
Sun May 07 20:31:55 2017 us=898120   push_peer_info = DISABLED
Sun May 07 20:31:55 2017 us=898120   tls_exit = DISABLED
Sun May 07 20:31:55 2017 us=898120   tls_auth_file = '[UNDEF]'
Sun May 07 20:31:55 2017 us=898120   tls_crypt_file = '[UNDEF]'
Sun May 07 20:31:55 2017 us=898120   pkcs11_protected_authentication = DISABLED
Sun May 07 20:31:55 2017 us=898120   pkcs11_protected_authentication = DISABLED
Sun May 07 20:31:55 2017 us=898120   pkcs11_protected_authentication = DISABLED
Sun May 07 20:31:55 2017 us=898120   pkcs11_protected_authentication = DISABLED
Sun May 07 20:31:55 2017 us=898120   pkcs11_protected_authentication = DISABLED
Sun May 07 20:31:55 2017 us=898120   pkcs11_protected_authentication = DISABLED
Sun May 07 20:31:55 2017 us=898120   pkcs11_protected_authentication = DISABLED
Sun May 07 20:31:55 2017 us=898120   pkcs11_protected_authentication = DISABLED
Sun May 07 20:31:55 2017 us=898120   pkcs11_protected_authentication = DISABLED
Sun May 07 20:31:55 2017 us=898120   pkcs11_protected_authentication = DISABLED
Sun May 07 20:31:55 2017 us=898120   pkcs11_protected_authentication = DISABLED
Sun May 07 20:31:55 2017 us=898120   pkcs11_protected_authentication = DISABLED
Sun May 07 20:31:55 2017 us=898120   pkcs11_protected_authentication = DISABLED
Sun May 07 20:31:55 2017 us=898120   pkcs11_protected_authentication = DISABLED
Sun May 07 20:31:55 2017 us=898120   pkcs11_protected_authentication = DISABLED
Sun May 07 20:31:55 2017 us=898120   pkcs11_protected_authentication = DISABLED
Sun May 07 20:31:55 2017 us=898120   pkcs11_private_mode = 00000000
Sun May 07 20:31:55 2017 us=898120   pkcs11_private_mode = 00000000
Sun May 07 20:31:55 2017 us=898120   pkcs11_private_mode = 00000000
Sun May 07 20:31:55 2017 us=898120   pkcs11_private_mode = 00000000
Sun May 07 20:31:55 2017 us=898120   pkcs11_private_mode = 00000000
Sun May 07 20:31:55 2017 us=898120   pkcs11_private_mode = 00000000
Sun May 07 20:31:55 2017 us=898120   pkcs11_private_mode = 00000000
Sun May 07 20:31:55 2017 us=898120   pkcs11_private_mode = 00000000
Sun May 07 20:31:55 2017 us=898120   pkcs11_private_mode = 00000000
Sun May 07 20:31:55 2017 us=898120   pkcs11_private_mode = 00000000
Sun May 07 20:31:55 2017 us=898120   pkcs11_private_mode = 00000000
Sun May 07 20:31:55 2017 us=898120   pkcs11_private_mode = 00000000
Sun May 07 20:31:55 2017 us=898120   pkcs11_private_mode = 00000000
Sun May 07 20:31:55 2017 us=898120   pkcs11_private_mode = 00000000
Sun May 07 20:31:55 2017 us=898120   pkcs11_private_mode = 00000000
Sun May 07 20:31:55 2017 us=898120   pkcs11_private_mode = 00000000
Sun May 07 20:31:55 2017 us=898120   pkcs11_cert_private = DISABLED
Sun May 07 20:31:55 2017 us=898120   pkcs11_cert_private = DISABLED
Sun May 07 20:31:55 2017 us=898120   pkcs11_cert_private = DISABLED
Sun May 07 20:31:55 2017 us=898120   pkcs11_cert_private = DISABLED
Sun May 07 20:31:55 2017 us=898120   pkcs11_cert_private = DISABLED
Sun May 07 20:31:55 2017 us=898120   pkcs11_cert_private = DISABLED
Sun May 07 20:31:55 2017 us=898120   pkcs11_cert_private = DISABLED
Sun May 07 20:31:55 2017 us=898120   pkcs11_cert_private = DISABLED
Sun May 07 20:31:55 2017 us=898120   pkcs11_cert_private = DISABLED
Sun May 07 20:31:55 2017 us=898120   pkcs11_cert_private = DISABLED
Sun May 07 20:31:55 2017 us=898120   pkcs11_cert_private = DISABLED
Sun May 07 20:31:55 2017 us=898120   pkcs11_cert_private = DISABLED
Sun May 07 20:31:55 2017 us=898120   pkcs11_cert_private = DISABLED
Sun May 07 20:31:55 2017 us=898120   pkcs11_cert_private = DISABLED
Sun May 07 20:31:55 2017 us=898120   pkcs11_cert_private = DISABLED
Sun May 07 20:31:55 2017 us=898120   pkcs11_cert_private = DISABLED
Sun May 07 20:31:55 2017 us=898120   pkcs11_pin_cache_period = -1
Sun May 07 20:31:55 2017 us=898120   pkcs11_id = '[UNDEF]'
Sun May 07 20:31:55 2017 us=898120   pkcs11_id_management = DISABLED
Sun May 07 20:31:55 2017 us=898120   server_network = 10.20.31.0
Sun May 07 20:31:55 2017 us=898120   server_netmask = 255.255.255.0
Sun May 07 20:31:55 2017 us=898120   server_network_ipv6 = ::
Sun May 07 20:31:55 2017 us=898120   server_netbits_ipv6 = 0
Sun May 07 20:31:55 2017 us=898120   server_bridge_ip = 0.0.0.0
Sun May 07 20:31:55 2017 us=898120   server_bridge_netmask = 0.0.0.0
Sun May 07 20:31:55 2017 us=898120   server_bridge_pool_start = 0.0.0.0
Sun May 07 20:31:55 2017 us=898120   server_bridge_pool_end = 0.0.0.0
Sun May 07 20:31:55 2017 us=898120   push_entry = 'route 10.20.30.0 255.255.255.0 10.20.31.1'
Sun May 07 20:31:55 2017 us=898120   push_entry = 'dhcp-option DNS 10.20.31.1'
Sun May 07 20:31:55 2017 us=898120   push_entry = 'dhcp-option DNS 10.20.30.254'
Sun May 07 20:31:55 2017 us=898120   push_entry = 'route-gateway 10.20.31.1'
Sun May 07 20:31:55 2017 us=898120   push_entry = 'topology subnet'
Sun May 07 20:31:55 2017 us=898120   push_entry = 'ping 10'
Sun May 07 20:31:55 2017 us=898120   push_entry = 'ping-restart 120'
Sun May 07 20:31:55 2017 us=898120   ifconfig_pool_defined = ENABLED
Sun May 07 20:31:55 2017 us=898120   ifconfig_pool_start = 10.20.31.2
Sun May 07 20:31:55 2017 us=898120   ifconfig_pool_end = 10.20.31.253
Sun May 07 20:31:55 2017 us=898120   ifconfig_pool_netmask = 255.255.255.0
Sun May 07 20:31:55 2017 us=898120   ifconfig_pool_persist_filename = 'ipp.txt'
Sun May 07 20:31:55 2017 us=898120   ifconfig_pool_persist_refresh_freq = 600
Sun May 07 20:31:55 2017 us=898120   ifconfig_ipv6_pool_defined = DISABLED
Sun May 07 20:31:55 2017 us=898120   ifconfig_ipv6_pool_base = ::
Sun May 07 20:31:55 2017 us=898120   ifconfig_ipv6_pool_netbits = 0
Sun May 07 20:31:55 2017 us=898120   n_bcast_buf = 256
Sun May 07 20:31:55 2017 us=898120   tcp_queue_limit = 64
Sun May 07 20:31:55 2017 us=898120   real_hash_size = 256
Sun May 07 20:31:55 2017 us=898120   virtual_hash_size = 256
Sun May 07 20:31:55 2017 us=898120   client_connect_script = '[UNDEF]'
Sun May 07 20:31:55 2017 us=898120   learn_address_script = '[UNDEF]'
Sun May 07 20:31:55 2017 us=898120   client_disconnect_script = '[UNDEF]'
Sun May 07 20:31:55 2017 us=898120   client_config_dir = '[UNDEF]'
Sun May 07 20:31:55 2017 us=898120   ccd_exclusive = DISABLED
Sun May 07 20:31:55 2017 us=898120   tmp_dir = 'C:\Users\user\AppData\Local\Temp\'
Sun May 07 20:31:55 2017 us=898120   push_ifconfig_defined = DISABLED
Sun May 07 20:31:55 2017 us=898120   push_ifconfig_local = 0.0.0.0
Sun May 07 20:31:55 2017 us=898120   push_ifconfig_remote_netmask = 0.0.0.0
Sun May 07 20:31:55 2017 us=898120   push_ifconfig_ipv6_defined = DISABLED
Sun May 07 20:31:55 2017 us=898120   push_ifconfig_ipv6_local = ::/0
Sun May 07 20:31:55 2017 us=898120   push_ifconfig_ipv6_remote = ::
Sun May 07 20:31:55 2017 us=898120   enable_c2c = ENABLED
Sun May 07 20:31:55 2017 us=898120   duplicate_cn = DISABLED
Sun May 07 20:31:55 2017 us=898120   cf_max = 0
Sun May 07 20:31:55 2017 us=898120   cf_per = 0
Sun May 07 20:31:55 2017 us=898120   max_clients = 1024
Sun May 07 20:31:55 2017 us=898120   max_routes_per_client = 256
Sun May 07 20:31:55 2017 us=898120   auth_user_pass_verify_script = '[UNDEF]'
Sun May 07 20:31:55 2017 us=898120   auth_user_pass_verify_script_via_file = DISABLED
Sun May 07 20:31:55 2017 us=898120   auth_token_generate = DISABLED
Sun May 07 20:31:55 2017 us=898120   auth_token_lifetime = 0
Sun May 07 20:31:55 2017 us=898120   client = DISABLED
Sun May 07 20:31:55 2017 us=898120   pull = DISABLED
Sun May 07 20:31:55 2017 us=898120   auth_user_pass_file = '[UNDEF]'
Sun May 07 20:31:55 2017 us=898120   show_net_up = DISABLED
Sun May 07 20:31:55 2017 us=898120   route_method = 3
Sun May 07 20:31:55 2017 us=898120   block_outside_dns = DISABLED
Sun May 07 20:31:55 2017 us=898120   ip_win32_defined = DISABLED
Sun May 07 20:31:55 2017 us=898120   ip_win32_type = 3
Sun May 07 20:31:55 2017 us=898120   dhcp_masq_offset = 0
Sun May 07 20:31:55 2017 us=898120   dhcp_lease_time = 31536000
Sun May 07 20:31:55 2017 us=898120   tap_sleep = 10
Sun May 07 20:31:55 2017 us=898120   dhcp_options = DISABLED
Sun May 07 20:31:55 2017 us=898120   dhcp_renew = DISABLED
Sun May 07 20:31:55 2017 us=898120   dhcp_pre_release = DISABLED
Sun May 07 20:31:55 2017 us=898120   domain = '[UNDEF]'
Sun May 07 20:31:55 2017 us=898120   netbios_scope = '[UNDEF]'
Sun May 07 20:31:55 2017 us=898120   netbios_node_type = 0
Sun May 07 20:31:55 2017 us=898120   disable_nbt = DISABLED
Sun May 07 20:31:55 2017 us=898120 OpenVPN 2.4.1 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Mar 22 2017
Sun May 07 20:31:55 2017 us=898120 Windows version 6.1 (Windows 7) 64bit
Sun May 07 20:31:55 2017 us=898120 library versions: OpenSSL 1.0.2k  26 Jan 2017, LZO 2.09
Enter Management Password:
Sun May 07 20:31:55 2017 us=913720 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Sun May 07 20:31:55 2017 us=913720 Need hold release from management interface, waiting...
Sun May 07 20:31:56 2017 us=366121 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Sun May 07 20:31:56 2017 us=475321 MANAGEMENT: CMD 'state on'
Sun May 07 20:31:56 2017 us=475321 MANAGEMENT: CMD 'log all on'
Sun May 07 20:31:56 2017 us=693722 MANAGEMENT: CMD 'echo all on'
Sun May 07 20:31:56 2017 us=693722 MANAGEMENT: CMD 'hold off'
Sun May 07 20:31:56 2017 us=693722 MANAGEMENT: CMD 'hold release'
Sun May 07 20:31:56 2017 us=693722 Note: cannot open openvpn-status.log for WRITE
Sun May 07 20:31:56 2017 us=693722 Note: cannot open ipp.txt for READ/WRITE
Sun May 07 20:31:56 2017 us=896522 Diffie-Hellman initialized with 4096 bit key
Sun May 07 20:31:56 2017 us=896522 TLS-Auth MTU parms [ L:1621 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Sun May 07 20:31:56 2017 us=896522 interactive service msg_channel=436
Sun May 07 20:31:56 2017 us=896522 ROUTE_GATEWAY 10.20.30.254/255.255.255.0 I=13 HWADDR=44:1e:a1:db:53:c1
Sun May 07 20:31:56 2017 us=896522 open_tun
Sun May 07 20:31:56 2017 us=896522 TAP-WIN32 device [OpenVPNTAP] opened: \\.\Global\{48E36609-E1A9-43B5-BBEE-8D1FBEEFA676}.tap
Sun May 07 20:31:56 2017 us=896522 TAP-Windows Driver Version 9.21 
Sun May 07 20:31:56 2017 us=896522 TAP-Windows MTU=1500
Sun May 07 20:31:56 2017 us=896522 Set TAP-Windows TUN subnet mode network/local/netmask = 10.20.31.0/10.20.31.1/255.255.255.0 [SUCCEEDED]
Sun May 07 20:31:56 2017 us=896522 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.20.31.1/255.255.255.0 on interface {48E36609-E1A9-43B5-BBEE-8D1FBEEFA676} [DHCP-serv: 10.20.31.254, lease-time: 31536000]
Sun May 07 20:31:56 2017 us=896522 Sleeping for 10 seconds...
Sun May 07 20:32:06 2017 us=998116 Successful ARP Flush on interface [16] {48E36609-E1A9-43B5-BBEE-8D1FBEEFA676}
Sun May 07 20:32:07 2017 us=8116 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Sun May 07 20:32:07 2017 us=8116 MANAGEMENT: >STATE:1494178327,ASSIGN_IP,,10.20.31.1,,,,
Sun May 07 20:32:07 2017 us=8116 MANAGEMENT: >STATE:1494178327,ADD_ROUTES,,,,,,
Sun May 07 20:32:07 2017 us=8116 C:\Windows\system32\route.exe ADD 10.20.30.0 MASK 255.255.255.0 10.20.30.254
Sun May 07 20:32:07 2017 us=8116 Route addition via service succeeded
Sun May 07 20:32:07 2017 us=8116 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
Sun May 07 20:32:07 2017 us=8116 Socket Buffers: R=[8192->8192] S=[8192->8192]
Sun May 07 20:32:07 2017 us=8116 UDPv4 link local (bound): [AF_INET][undef]:1194
Sun May 07 20:32:07 2017 us=8116 UDPv4 link remote: [AF_UNSPEC]
Sun May 07 20:32:07 2017 us=8116 MULTI: multi_init called, r=256 v=256
Sun May 07 20:32:07 2017 us=8116 IFCONFIG POOL: base=10.20.31.2 size=252, ipv6=0
Sun May 07 20:32:07 2017 us=8116 IFCONFIG POOL LIST
Sun May 07 20:32:07 2017 us=8116 Initialization Sequence Completed
Sun May 07 20:32:07 2017 us=8116 MANAGEMENT: >STATE:1494178327,CONNECTED,SUCCESS,10.20.31.1,,,,
Sun May 07 20:32:31 2017 us=735698 MULTI: multi_create_instance called
Sun May 07 20:32:31 2017 us=735698 188.73.194.136:46224 Re-using SSL/TLS context
Sun May 07 20:32:31 2017 us=735698 188.73.194.136:46224 Control Channel MTU parms [ L:1621 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Sun May 07 20:32:31 2017 us=735698 188.73.194.136:46224 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
Sun May 07 20:32:31 2017 us=735698 188.73.194.136:46224 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-server'
Sun May 07 20:32:31 2017 us=735698 188.73.194.136:46224 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-client'
Sun May 07 20:32:31 2017 us=735698 188.73.194.136:46224 TLS: Initial packet from [AF_INET]188.73.194.136:46224, sid=55c0b886 ec504679
Sun May 07 20:32:32 2017 us=78898 188.73.194.136:46224 VERIFY OK: depth=1, C=GR, ST=TH, L=LA, O=OpenVPN, OU=EPa, CN=EPa, name=EPa, emailAddress=opapanik@gmail.com
Sun May 07 20:32:32 2017 us=78898 188.73.194.136:46224 VERIFY OK: depth=0, C=GR, ST=TH, L=LA, O=OpenVPN, OU=EPa, CN=G4, name=EPa, emailAddress=opapanik@gmail.com
Sun May 07 20:32:32 2017 us=156899 188.73.194.136:46224 peer info: IV_VER=2.5_master
Sun May 07 20:32:32 2017 us=156899 188.73.194.136:46224 peer info: IV_PLAT=android
Sun May 07 20:32:32 2017 us=156899 188.73.194.136:46224 peer info: IV_PROTO=2
Sun May 07 20:32:32 2017 us=156899 188.73.194.136:46224 peer info: IV_NCP=2
Sun May 07 20:32:32 2017 us=156899 188.73.194.136:46224 peer info: IV_LZ4=1
Sun May 07 20:32:32 2017 us=156899 188.73.194.136:46224 peer info: IV_LZ4v2=1
Sun May 07 20:32:32 2017 us=156899 188.73.194.136:46224 peer info: IV_LZO=1
Sun May 07 20:32:32 2017 us=156899 188.73.194.136:46224 peer info: IV_COMP_STUB=1
Sun May 07 20:32:32 2017 us=156899 188.73.194.136:46224 peer info: IV_COMP_STUBv2=1
Sun May 07 20:32:32 2017 us=156899 188.73.194.136:46224 peer info: IV_TCPNL=1
Sun May 07 20:32:32 2017 us=156899 188.73.194.136:46224 peer info: IV_GUI_VER=de.blinkt.openvpn_0.6.65
Sun May 07 20:32:32 2017 us=234899 188.73.194.136:46224 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 4096 bit RSA
Sun May 07 20:32:32 2017 us=234899 188.73.194.136:46224 [G4] Peer Connection Initiated with [AF_INET]188.73.194.136:46224
Sun May 07 20:32:32 2017 us=234899 G4/188.73.194.136:46224 MULTI_sva: pool returned IPv4=10.20.31.2, IPv6=(Not enabled)
Sun May 07 20:32:32 2017 us=234899 G4/188.73.194.136:46224 MULTI: Learn: 10.20.31.2 -> G4/188.73.194.136:46224
Sun May 07 20:32:32 2017 us=234899 G4/188.73.194.136:46224 MULTI: primary virtual IP for G4/188.73.194.136:46224: 10.20.31.2
Sun May 07 20:32:33 2017 us=311301 G4/188.73.194.136:46224 PUSH: Received control message: 'PUSH_REQUEST'
Sun May 07 20:32:33 2017 us=311301 G4/188.73.194.136:46224 SENT CONTROL [G4]: 'PUSH_REPLY,route 10.20.30.0 255.255.255.0 10.20.31.1,dhcp-option DNS 10.20.31.1,dhcp-option DNS 10.20.30.254,route-gateway 10.20.31.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.20.31.2 255.255.255.0,peer-id 0,cipher AES-256-GCM' (status=1)
Sun May 07 20:32:33 2017 us=311301 G4/188.73.194.136:46224 Data Channel MTU parms [ L:1549 D:1450 EF:49 EB:406 ET:0 EL:3 ]
Sun May 07 20:32:33 2017 us=311301 G4/188.73.194.136:46224 Data Channel Encrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
Sun May 07 20:32:33 2017 us=311301 G4/188.73.194.136:46224 Data Channel Decrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
Sun May 07 20:32:33 2017 us=985302 G4/188.73.194.136:46224 MULTI: bad source address from client [10.160.104.18], packet dropped
Sun May 07 20:32:33 2017 us=985302 G4/188.73.194.136:46224 MULTI: bad source address from client [10.160.104.18], packet dropped
Sun May 07 20:32:33 2017 us=985302 G4/188.73.194.136:46224 MULTI: bad source address from client [10.160.104.18], packet dropped
Sun May 07 20:32:33 2017 us=985302 G4/188.73.194.136:46224 MULTI: bad source address from client [10.160.104.18], packet dropped
Sun May 07 20:32:33 2017 us=985302 G4/188.73.194.136:46224 MULTI: bad source address from client [10.160.104.18], packet dropped
Sun May 07 20:32:33 2017 us=985302 G4/188.73.194.136:46224 MULTI: bad source address from client [10.160.104.18], packet dropped
Sun May 07 20:32:33 2017 us=985302 G4/188.73.194.136:46224 MULTI: bad source address from client [10.160.104.18], packet dropped
Sun May 07 20:32:33 2017 us=985302 G4/188.73.194.136:46224 MULTI: bad source address from client [10.160.104.18], packet dropped
Sun May 07 20:32:33 2017 us=985302 G4/188.73.194.136:46224 MULTI: bad source address from client [10.160.104.18], packet dropped
Sun May 07 20:32:33 2017 us=985302 G4/188.73.194.136:46224 MULTI: bad source address from client [10.160.104.18], packet dropped
Sun May 07 20:32:33 2017 us=995302 G4/188.73.194.136:46224 MULTI: bad source address from client [10.160.104.18], packet dropped
Sun May 07 20:32:34 2017 us=15302 G4/188.73.194.136:46224 MULTI: bad source address from client [10.160.104.18], packet dropped
Sun May 07 20:32:34 2017 us=15302 G4/188.73.194.136:46224 MULTI: bad source address from client [10.160.104.18], packet dropped


                           >>>>>                 ..lots of these messages here, deleted because of size..               <<<<<



Sun May 07 20:32:34 2017 us=379305 G4/188.73.194.136:46224 MULTI: bad source address from client [10.160.104.18], packet dropped
Sun May 07 20:32:34 2017 us=399305 G4/188.73.194.136:46224 MULTI: bad source address from client [10.160.104.18], packet dropped
Sun May 07 20:32:34 2017 us=399305 G4/188.73.194.136:46224 MULTI: bad source address from client [10.160.104.18], packet dropped
Sun May 07 20:32:34 2017 us=399305 G4/188.73.194.136:46224 MULTI: bad source address from client [10.160.104.18], packet dropped
Sun May 07 20:32:34 2017 us=399305 G4/188.73.194.136:46224 MULTI: bad source address from client [10.160.104.18], packet dropped
Sun May 07 20:32:34 2017 us=399305 G4/188.73.194.136:46224 PID_ERR replay-window backtrack occurred [1] [SSL-0] [0_00000000000000000000000000000000000000000000000000000000000000] 0:93 0:92 t=1494178354[0] r=[-1,64,15,1,1] sl=[35,64,64,528]
Sun May 07 20:32:34 2017 us=399305 G4/188.73.194.136:46224 MULTI: bad source address from client [10.160.104.18], packet dropped
Sun May 07 20:32:34 2017 us=399305 G4/188.73.194.136:46224 MULTI: bad source address from client [10.160.104.18], packet dropped
Sun May 07 20:32:34 2017 us=399305 G4/188.73.194.136:46224 MULTI: bad source address from client [10.160.104.18], packet dropped
Sun May 07 20:32:34 2017 us=449305 G4/188.73.194.136:46224 MULTI: bad source address from client [10.160.104.18], packet dropped
Sun May 07 20:32:34 2017 us=474905 G4/188.73.194.136:46224 MULTI: bad source address from client [10.160.104.18], packet dropped
Sun May 07 20:32:34 2017 us=474905 G4/188.73.194.136:46224 MULTI: bad source address from client [10.160.104.18], packet dropped



                           >>>>>                 ..lots of these messages here, deleted because of size..               <<<<<



Sun May 07 20:32:45 2017 us=410525 G4/188.73.194.136:46224 MULTI: bad source address from client [10.160.104.18], packet dropped
Sun May 07 20:32:45 2017 us=753725 G4/188.73.194.136:46224 MULTI: bad source address from client [10.160.104.18], packet dropped
Sun May 07 20:32:46 2017 us=689727 G4/188.73.194.136:46224 MULTI: bad source address from client [10.160.104.18], packet dropped
Sun May 07 20:32:46 2017 us=689727 G4/188.73.194.136:46224 MULTI: bad source address from client [10.160.104.18], packet dropped
Sun May 07 20:35:09 2017 us=34376 SENT CONTROL [G4]: 'RESTART' (status=1)
Sun May 07 20:35:09 2017 us=34376 TCP/UDP: Closing socket
Sun May 07 20:35:09 2017 us=34376 C:\Windows\system32\route.exe DELETE 10.20.30.0 MASK 255.255.255.0 10.20.30.254
Sun May 07 20:35:09 2017 us=34376 Route deletion via service succeeded
Sun May 07 20:35:09 2017 us=34376 Closing TUN/TAP interface
Sun May 07 20:35:09 2017 us=96776 TAP: DHCP address released
Sun May 07 20:35:09 2017 us=96776 SIGTERM[hard,] received, process exiting
Sun May 07 20:35:09 2017 us=96776 MANAGEMENT: >STATE:1494178509,EXITING,SIGTERM,,,,,

At the same time the OpenVPN for Android client log:

Code: Select all

2017-05-07 20:32:30 official build 0.6.65 running on lge LG-H815 (msm8992), Android 6.0 (MRA58K) API 23, ABI arm64-v8a, (lge/p1_global_com/p1:6.0/MRA58K/1620215065b6f:user/release-keys)
2017-05-07 20:32:30 Used x 1 tries to get current version (12/12) of the profile
2017-05-07 20:32:30 Building configuration…
2017-05-07 20:32:30 New OpenVPN Status (VPN_GENERATE_CONFIG->LEVEL_START): 
2017-05-07 20:32:30 New OpenVPN Status (VPN_GENERATE_CONFIG->LEVEL_START): 
2017-05-07 20:32:30 started Socket Thread
2017-05-07 20:32:30 Network Status: CONNECTED LTE to MOBILE gint.b-online.gr
2017-05-07 20:32:30 Debug state info: CONNECTED LTE to MOBILE gint.b-online.gr, pause: userPause, shouldbeconnected: true, network: SHOULDBECONNECTED 
2017-05-07 20:32:30 Debug state info: CONNECTED LTE to MOBILE gint.b-online.gr, pause: userPause, shouldbeconnected: true, network: SHOULDBECONNECTED 
2017-05-07 20:32:30 P:Initializing Google Breakpad!
2017-05-07 20:32:30 Current Parameter Settings:
2017-05-07 20:32:30   config = '/data/user/0/de.blinkt.openvpn/cache/android.conf'
2017-05-07 20:32:30   mode = 0
2017-05-07 20:32:30   show_ciphers = DISABLED
2017-05-07 20:32:30 Waiting 0s seconds between connection attempt
2017-05-07 20:32:30   show_digests = DISABLED
2017-05-07 20:32:30   show_engines = DISABLED
2017-05-07 20:32:30   genkey = DISABLED
2017-05-07 20:32:30   key_pass_file = '[UNDEF]'
2017-05-07 20:32:30   show_tls_ciphers = DISABLED
2017-05-07 20:32:30   connect_retry_max = 0
2017-05-07 20:32:30 Connection profiles [0]:
2017-05-07 20:32:30   proto = udp
2017-05-07 20:32:30   local = '[UNDEF]'
2017-05-07 20:32:30   local_port = '[UNDEF]'
2017-05-07 20:32:30   remote = 'opapanik.ddns.net'
2017-05-07 20:32:30   remote_port = '1194'
2017-05-07 20:32:30   remote_float = DISABLED
2017-05-07 20:32:30   bind_defined = DISABLED
2017-05-07 20:32:30   bind_local = DISABLED
2017-05-07 20:32:30   bind_ipv6_only = DISABLED
2017-05-07 20:32:30   connect_retry_seconds = 2
2017-05-07 20:32:30   connect_timeout = 120
2017-05-07 20:32:30   socks_proxy_server = '[UNDEF]'
2017-05-07 20:32:30   socks_proxy_port = '[UNDEF]'
2017-05-07 20:32:30   tun_mtu = 1500
2017-05-07 20:32:30   tun_mtu_defined = ENABLED
2017-05-07 20:32:30   link_mtu = 1500
2017-05-07 20:32:30   link_mtu_defined = DISABLED
2017-05-07 20:32:30   tun_mtu_extra = 0
2017-05-07 20:32:30   tun_mtu_extra_defined = DISABLED
2017-05-07 20:32:30   mtu_discover_type = -1
2017-05-07 20:32:30   fragment = 0
2017-05-07 20:32:30   mssfix = 1450
2017-05-07 20:32:30   explicit_exit_notification = 0
2017-05-07 20:32:30 Connection profiles END
2017-05-07 20:32:30   remote_random = DISABLED
2017-05-07 20:32:30   ipchange = '[UNDEF]'
2017-05-07 20:32:30   dev = 'tun'
2017-05-07 20:32:30   dev_type = '[UNDEF]'
2017-05-07 20:32:30   dev_node = '[UNDEF]'
2017-05-07 20:32:30   lladdr = '[UNDEF]'
2017-05-07 20:32:30   topology = 1
2017-05-07 20:32:30   ifconfig_local = '[UNDEF]'
2017-05-07 20:32:30   ifconfig_remote_netmask = '[UNDEF]'
2017-05-07 20:32:30   ifconfig_noexec = DISABLED
2017-05-07 20:32:30   ifconfig_nowarn = ENABLED
2017-05-07 20:32:30   ifconfig_ipv6_local = '[UNDEF]'
2017-05-07 20:32:30   ifconfig_ipv6_netbits = 0
2017-05-07 20:32:30   ifconfig_ipv6_remote = '[UNDEF]'
2017-05-07 20:32:30   shaper = 0
2017-05-07 20:32:30   mtu_test = 0
2017-05-07 20:32:30   mlock = DISABLED
2017-05-07 20:32:30   keepalive_ping = 0
2017-05-07 20:32:30   keepalive_timeout = 0
2017-05-07 20:32:30   inactivity_timeout = 0
2017-05-07 20:32:30   ping_send_timeout = 0
2017-05-07 20:32:30   ping_rec_timeout = 0
2017-05-07 20:32:30   ping_rec_timeout_action = 0
2017-05-07 20:32:30   ping_timer_remote = DISABLED
2017-05-07 20:32:30   remap_sigusr1 = 0
2017-05-07 20:32:30   persist_tun = ENABLED
2017-05-07 20:32:30   persist_local_ip = DISABLED
2017-05-07 20:32:30   persist_remote_ip = DISABLED
2017-05-07 20:32:30   persist_key = DISABLED
2017-05-07 20:32:30   passtos = DISABLED
2017-05-07 20:32:30   resolve_retry_seconds = 60
2017-05-07 20:32:30   resolve_in_advance = ENABLED
2017-05-07 20:32:30   username = '[UNDEF]'
2017-05-07 20:32:30   groupname = '[UNDEF]'
2017-05-07 20:32:30   chroot_dir = '[UNDEF]'
2017-05-07 20:32:30   cd_dir = '[UNDEF]'
2017-05-07 20:32:30   writepid = '[UNDEF]'
2017-05-07 20:32:30   up_script = '[UNDEF]'
2017-05-07 20:32:30   down_script = '[UNDEF]'
2017-05-07 20:32:30   down_pre = DISABLED
2017-05-07 20:32:30   up_restart = DISABLED
2017-05-07 20:32:30   up_delay = DISABLED
2017-05-07 20:32:30   daemon = DISABLED
2017-05-07 20:32:30   inetd = 0
2017-05-07 20:32:30   log = DISABLED
2017-05-07 20:32:30   suppress_timestamps = DISABLED
2017-05-07 20:32:30   machine_readable_output = ENABLED
2017-05-07 20:32:30   nice = 0
2017-05-07 20:32:30   verbosity = 4
2017-05-07 20:32:30   mute = 0
2017-05-07 20:32:30   gremlin = 0
2017-05-07 20:32:30   status_file = '[UNDEF]'
2017-05-07 20:32:30   status_file_version = 1
2017-05-07 20:32:30   status_file_update_freq = 60
2017-05-07 20:32:30   occ = ENABLED
2017-05-07 20:32:30   rcvbuf = 0
2017-05-07 20:32:30   sndbuf = 0
2017-05-07 20:32:30   sockflags = 0
2017-05-07 20:32:30   fast_io = DISABLED
2017-05-07 20:32:30   comp.alg = 0
2017-05-07 20:32:30   comp.flags = 0
2017-05-07 20:32:30   route_script = '[UNDEF]'
2017-05-07 20:32:30   route_default_gateway = '[UNDEF]'
2017-05-07 20:32:30   route_default_metric = 0
2017-05-07 20:32:30   route_noexec = DISABLED
2017-05-07 20:32:30   route_delay = 0
2017-05-07 20:32:30   route_delay_window = 30
2017-05-07 20:32:30   route_delay_defined = DISABLED
2017-05-07 20:32:30   route_nopull = DISABLED
2017-05-07 20:32:30   route_gateway_via_dhcp = DISABLED
2017-05-07 20:32:30   allow_pull_fqdn = DISABLED
2017-05-07 20:32:30   route 0.0.0.0/0.0.0.0/vpn_gateway/default (not set)
2017-05-07 20:32:30   management_addr = '/data/user/0/de.blinkt.openvpn/cache/mgmtsocket'
2017-05-07 20:32:30   management_port = 'unix'
2017-05-07 20:32:30   management_user_pass = '[UNDEF]'
2017-05-07 20:32:30   management_log_history_cache = 250
2017-05-07 20:32:30   management_echo_buffer_size = 100
2017-05-07 20:32:30   management_write_peer_info_file = '[UNDEF]'
2017-05-07 20:32:30   management_client_user = '[UNDEF]'
2017-05-07 20:32:30   management_client_group = '[UNDEF]'
2017-05-07 20:32:30   management_flags = 4390
2017-05-07 20:32:30   shared_secret_file = '[UNDEF]'
2017-05-07 20:32:30   key_direction = (null)
2017-05-07 20:32:30   ciphername = 'AES-256-CBC'
2017-05-07 20:32:30   ncp_enabled = ENABLED
2017-05-07 20:32:30   ncp_ciphers = 'AES-256-GCM:AES-128-GCM'
2017-05-07 20:32:30   authname = 'SHA1'
2017-05-07 20:32:30   prng_hash = 'SHA1'
2017-05-07 20:32:30   prng_nonce_secret_len = 16
2017-05-07 20:32:30   keysize = 0
2017-05-07 20:32:30   engine = DISABLED
2017-05-07 20:32:30   replay = ENABLED
2017-05-07 20:32:30   mute_replay_warnings = DISABLED
2017-05-07 20:32:30   replay_window = 64
2017-05-07 20:32:30   replay_time = 15
2017-05-07 20:32:30   packet_id_file = '[UNDEF]'
2017-05-07 20:32:30   test_crypto = DISABLED
2017-05-07 20:32:30   tls_server = DISABLED
2017-05-07 20:32:30   tls_client = ENABLED
2017-05-07 20:32:30   key_method = 2
2017-05-07 20:32:30   ca_file = '[[INLINE]]'
2017-05-07 20:32:30   ca_path = '[UNDEF]'
2017-05-07 20:32:30   dh_file = '[UNDEF]'
2017-05-07 20:32:30   cert_file = '[[INLINE]]'
2017-05-07 20:32:30   extra_certs_file = '[UNDEF]'
2017-05-07 20:32:30   priv_key_file = '[[INLINE]]'
2017-05-07 20:32:30   pkcs12_file = '[UNDEF]'
2017-05-07 20:32:30   cipher_list = '[UNDEF]'
2017-05-07 20:32:30   tls_verify = '[UNDEF]'
2017-05-07 20:32:30   tls_export_cert = '[UNDEF]'
2017-05-07 20:32:30   verify_x509_type = 0
2017-05-07 20:32:30   verify_x509_name = '[UNDEF]'
2017-05-07 20:32:30   crl_file = '[UNDEF]'
2017-05-07 20:32:30   ns_cert_type = 0
2017-05-07 20:32:30   remote_cert_ku[i] = 0
2017-05-07 20:32:30   remote_cert_ku[i] = 0
2017-05-07 20:32:30   remote_cert_ku[i] = 0
2017-05-07 20:32:30   remote_cert_ku[i] = 0
2017-05-07 20:32:30   remote_cert_ku[i] = 0
2017-05-07 20:32:30   remote_cert_ku[i] = 0
2017-05-07 20:32:30   remote_cert_ku[i] = 0
2017-05-07 20:32:30   remote_cert_ku[i] = 0
2017-05-07 20:32:30   remote_cert_ku[i] = 0
2017-05-07 20:32:30   remote_cert_ku[i] = 0
2017-05-07 20:32:30   remote_cert_ku[i] = 0
2017-05-07 20:32:30   remote_cert_ku[i] = 0
2017-05-07 20:32:30   remote_cert_ku[i] = 0
2017-05-07 20:32:30   remote_cert_ku[i] = 0
2017-05-07 20:32:30   remote_cert_ku[i] = 0
2017-05-07 20:32:30   remote_cert_ku[i] = 0
2017-05-07 20:32:30   remote_cert_eku = '[UNDEF]'
2017-05-07 20:32:30   ssl_flags = 0
2017-05-07 20:32:30   tls_timeout = 2
2017-05-07 20:32:30   renegotiate_bytes = -1
2017-05-07 20:32:30   renegotiate_packets = 0
2017-05-07 20:32:30   renegotiate_seconds = 3600
2017-05-07 20:32:30   handshake_window = 60
2017-05-07 20:32:30   transition_window = 3600
2017-05-07 20:32:30   single_session = DISABLED
2017-05-07 20:32:30   push_peer_info = DISABLED
2017-05-07 20:32:30   tls_exit = DISABLED
2017-05-07 20:32:30   tls_auth_file = '[UNDEF]'
2017-05-07 20:32:30   tls_crypt_file = '[UNDEF]'
2017-05-07 20:32:30   client = ENABLED
2017-05-07 20:32:30   pull = ENABLED
2017-05-07 20:32:30   auth_user_pass_file = '[UNDEF]'
2017-05-07 20:32:30 OpenVPN 2.5-icsopenvpn [git:icsopenvpn-5711c5bd3a04f48b] android-21-arm64-v8a [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Feb  4 2017
2017-05-07 20:32:30 library versions: OpenSSL 1.0.2k  26 Jan 2017, LZO 2.09
2017-05-07 20:32:30 MANAGEMENT: Connected to management server at /data/user/0/de.blinkt.openvpn/cache/mgmtsocket
2017-05-07 20:32:30 MANAGEMENT: CMD 'hold release'
2017-05-07 20:32:30 MANAGEMENT: CMD 'bytecount 2'
2017-05-07 20:32:30 MANAGEMENT: CMD 'proxy NONE'
2017-05-07 20:32:30 MANAGEMENT: CMD 'state on'
2017-05-07 20:32:31 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
2017-05-07 20:32:31 Control Channel MTU parms [ L:1621 D:1212 EF:38 EB:0 ET:0 EL:3 ]
2017-05-07 20:32:31 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
2017-05-07 20:32:31 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-client'
2017-05-07 20:32:31 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-server'
2017-05-07 20:32:31 TCP/UDP: Preserving recently used remote address: [AF_INET]89.210.61.13:1194
2017-05-07 20:32:31 New OpenVPN Status (WAIT->LEVEL_CONNECTING_NO_SERVER_REPLY_YET): ,,,,,
2017-05-07 20:32:31 New OpenVPN Status (WAIT->LEVEL_CONNECTING_NO_SERVER_REPLY_YET): ,,,,,
2017-05-07 20:32:31 Socket Buffers: R=[212992->212992] S=[212992->212992]
2017-05-07 20:32:31 MANAGEMENT: CMD 'needok 'PROTECTFD' ok'
2017-05-07 20:32:31 UDP link local: (not bound)
2017-05-07 20:32:31 UDP link remote: [AF_INET]89.210.61.13:1194
2017-05-07 20:32:31 MANAGEMENT: >STATE:1494178351,WAIT,,,,,,
2017-05-07 20:32:31 New OpenVPN Status (AUTH->LEVEL_CONNECTING_SERVER_REPLIED): ,,,,,
2017-05-07 20:32:31 New OpenVPN Status (AUTH->LEVEL_CONNECTING_SERVER_REPLIED): ,,,,,
2017-05-07 20:32:31 MANAGEMENT: >STATE:1494178351,AUTH,,,,,,
2017-05-07 20:32:31 TLS: Initial packet from [AF_INET]89.210.61.13:1194, sid=e8e96b70 17fac357
2017-05-07 20:32:32 VERIFY OK: depth=1, C=GR, ST=TH, L=LA, O=OpenVPN, OU=EPa, CN=EPa, name=EPa, emailAddress=opapanik@gmail.com
2017-05-07 20:32:32 VERIFY OK: depth=0, C=GR, ST=TH, L=LA, O=OpenVPN, OU=EPa, CN=EPa, name=EPa, emailAddress=opapanik@gmail.com
2017-05-07 20:32:32 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 4096 bit RSA
2017-05-07 20:32:32 [EPa] Peer Connection Initiated with [AF_INET]89.210.61.13:1194
2017-05-07 20:32:33 New OpenVPN Status (GET_CONFIG->LEVEL_CONNECTING_SERVER_REPLIED): ,,,,,
2017-05-07 20:32:33 New OpenVPN Status (GET_CONFIG->LEVEL_CONNECTING_SERVER_REPLIED): ,,,,,
2017-05-07 20:32:33 MANAGEMENT: >STATE:1494178353,GET_CONFIG,,,,,,
2017-05-07 20:32:33 SENT CONTROL [EPa]: 'PUSH_REQUEST' (status=1)
2017-05-07 20:32:33 PUSH: Received control message: 'PUSH_REPLY,route 10.20.30.0 255.255.255.0 10.20.31.1,dhcp-option DNS 10.20.31.1,dhcp-option DNS 10.20.30.254,route-gateway 10.20.31.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.20.31.2 255.255.255.0,peer-id 0,cipher AES-256-GCM'
2017-05-07 20:32:33 OPTIONS IMPORT: timers and/or timeouts modified
2017-05-07 20:32:33 New OpenVPN Status (ASSIGN_IP->LEVEL_CONNECTING_SERVER_REPLIED): ,10.20.31.2,,,,
2017-05-07 20:32:33 New OpenVPN Status (ASSIGN_IP->LEVEL_CONNECTING_SERVER_REPLIED): ,10.20.31.2,,,,
2017-05-07 20:32:33 New OpenVPN Status (ADD_ROUTES->LEVEL_CONNECTING_SERVER_REPLIED): ,,,,,
2017-05-07 20:32:33 New OpenVPN Status (ADD_ROUTES->LEVEL_CONNECTING_SERVER_REPLIED): ,,,,,
2017-05-07 20:32:33 OPTIONS IMPORT: --ifconfig/up options modified
2017-05-07 20:32:33 OPTIONS IMPORT: route options modified
2017-05-07 20:32:33 OPTIONS IMPORT: route-related options modified
2017-05-07 20:32:33 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2017-05-07 20:32:33 OPTIONS IMPORT: peer-id set
2017-05-07 20:32:33 OPTIONS IMPORT: adjusting link_mtu to 1624
2017-05-07 20:32:33 OPTIONS IMPORT: data channel crypto options modified
2017-05-07 20:32:33 Data Channel MTU parms [ L:1552 D:1450 EF:52 EB:406 ET:0 EL:3 ]
2017-05-07 20:32:33 Opening tun interface:
2017-05-07 20:32:33 Data Channel Encrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
2017-05-07 20:32:33 Local IPv4: 10.20.31.2/24 IPv6: null MTU: 1500
2017-05-07 20:32:33 Data Channel Decrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
2017-05-07 20:32:33 DNS Server: 10.20.31.1, 10.20.30.254, Domain: null
2017-05-07 20:32:33 Routes: 0.0.0.0/0, 10.20.30.0/24, 10.20.31.0/24 
2017-05-07 20:32:33 Routes excluded:  
2017-05-07 20:32:33 VpnService routes installed: 0.0.0.0/0 
2017-05-07 20:32:33 GDG: SIOCGIFHWADDR(lo) failed
2017-05-07 20:32:33 ROUTE_GATEWAY 127.100.103.119/255.0.0.0 IFACE=lo
2017-05-07 20:32:33 GDG6: remote_host_ipv6=n/a
2017-05-07 20:32:33 ROUTE6: default_gateway=UNDEF
2017-05-07 20:32:33 OpenVPN ROUTE6: OpenVPN needs a gateway parameter for a --route-ipv6 option and no default was specified by either --route-ipv6-gateway or --ifconfig-ipv6 options
2017-05-07 20:32:33 OpenVPN ROUTE: failed to parse/resolve route for host/network: ::/0
2017-05-07 20:32:33 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
2017-05-07 20:32:33 MANAGEMENT: >STATE:1494178353,ASSIGN_IP,,10.20.31.2,,,,
2017-05-07 20:32:33 MANAGEMENT: CMD 'needok 'IFCONFIG' ok'
2017-05-07 20:32:33 MANAGEMENT: >STATE:1494178353,ADD_ROUTES,,,,,,
2017-05-07 20:32:33 Allowed VPN apps: uk.co.linn.kazoo, com.lge.smartsharepush, com.iiordanov.freebVNC, com.lge.smartshare, com.mxtech.videoplayer.ad, de.blinkt.openvpn, com.bubblesoft.android.bubbleupnp, com.lge.smartshare.dlna, com.overlook.android.fing, com.alexvas.dvr.pro, com.mxtech.ffmpeg.v7_neon, com.fsck.k9, com.lge.tv.remoteapps, uk.co.linn.kinsky, net.fidanov.landroid, net.openvpn.openvpn, com.lge.filemanager, com.ghisler.tcplugins.LAN, com.ghisler.android.TotalCommander
2017-05-07 20:32:33 MANAGEMENT: CMD 'needok 'ROUTE' ok'
2017-05-07 20:32:33 MANAGEMENT: CMD 'needok 'ROUTE' ok'
2017-05-07 20:32:33 MANAGEMENT: CMD 'needok 'DNSSERVER' ok'
2017-05-07 20:32:33 MANAGEMENT: CMD 'needok 'DNSSERVER' ok'
2017-05-07 20:32:33 MANAGEMENT: CMD 'needok 'PERSIST_TUN_ACTION' OPEN_BEFORE_CLOSE'
2017-05-07 20:32:33 New OpenVPN Status (CONNECTED->LEVEL_CONNECTED): SUCCESS,10.20.31.2,89.210.61.13,1194,,
2017-05-07 20:32:33 New OpenVPN Status (CONNECTED->LEVEL_CONNECTED): SUCCESS,10.20.31.2,89.210.61.13,1194,,
2017-05-07 20:32:33 MANAGEMENT: CMD 'needok 'OPENTUN' ok'
2017-05-07 20:32:33 Initialization Sequence Completed
2017-05-07 20:32:33 MANAGEMENT: >STATE:1494178353,CONNECTED,SUCCESS,10.20.31.2,89.210.61.13,1194,,
2017-05-07 20:32:33 Debug state info: CONNECTED LTE to MOBILE gint.b-online.gr, pause: userPause, shouldbeconnected: true, network: SHOULDBECONNECTED 
2017-05-07 20:34:53 MANAGEMENT: CMD 'signal SIGINT'
2017-05-07 20:34:53 TCP/UDP: Closing socket
2017-05-07 20:34:53 Closing TUN/TAP interface
2017-05-07 20:34:53 Unhandled exception: Bad file descriptor

java.io.IOException: Bad file descriptor
	at android.net.LocalSocketImpl.readba_native(Native Method)
	at android.net.LocalSocketImpl.access$400(LocalSocketImpl.java:33)
	at android.net.LocalSocketImpl$SocketInputStream.read(LocalSocketImpl.java:101)
	at android.net.LocalSocketImpl$SocketInputStream.read(LocalSocketImpl.java:87)
	at de.blinkt.openvpn.core.OpenVpnManagementThread.run(OpenVpnManagementThread.java:154)
	at java.lang.Thread.run(Thread.java:818)

2017-05-07 20:34:53 SIGINT[hard,] received, process exiting
2017-05-07 20:34:53 MANAGEMENT: >STATE:1494178493,EXITING,SIGINT,,,,,
2017-05-07 20:34:53 MANAGEMENT: TCP send error: Broken pipe
2017-05-07 20:34:53 MANAGEMENT: Client disconnected
2017-05-07 20:34:53 MANAGEMENT: Triggering management exit
2017-05-07 20:34:53 New OpenVPN Status (NOPROCESS->LEVEL_NOTCONNECTED): No process running.
2017-05-07 20:34:53 New OpenVPN Status (NOPROCESS->LEVEL_NOTCONNECTED): No process running.

[opapanik]

Looks like

Code: Select all

push "route 10.20.30.0 255.255.255.0"

is missing.
Restart after changes.

I did try

Code: Select all

push "route 10.20.30.0 255.255.255.0 10.20.31.1"

as I say in the OP (the last "commended out" lines in the server conf file).
Don't know if loosing the gateway 10.20.31.1 (which is the server VPN address) would make a difference?
When I tried, the client in its log indicated having accepted the route. But the problem was still there.

Edit: already posted the logs, the post is awaiting moderation..
Edit 2: was first post here sorry I didn't see the oconf= thing..

[opapanik]

Some suspect (to me) lines at my logs above:

Server:

Code: Select all

Sun May 07 20:31:55 2017 us=898120   route 10.20.30.0/255.255.255.0/10.20.30.254/default (not set)

maybe because its implied/reduntant/wrong (comes from the 'route 10.20.30.0 255.255.255.0 10.20.30.254' line I tried in server conf) ?

Code: Select all

Sun May 07 20:32:34 2017 us=399305 G4/188.73.194.136:46224 MULTI: bad source address from client [10.160.104.18], packet dropped

Although I guess these are the client's LAN (mobile data provider's) subnet trying to access the VPN.

Client:

Code: Select all

2017-05-07 20:32:30   route 0.0.0.0/0.0.0.0/vpn_gateway/default (not set)
2017-05-07 20:32:33 New OpenVPN Status (ADD_ROUTES->LEVEL_CONNECTING_SERVER_REPLIED): ,,,,,
2017-05-07 20:32:33 New OpenVPN Status (ADD_ROUTES->LEVEL_CONNECTING_SERVER_REPLIED): ,,,,,

I should say that I have disabled IPv6 on all PCs adapters. Tried with them enabled though, problem still there.

Note: the java exception in the client occured after I asked disconnection

[TiTex]

i've seen you enabled ip forwarding through registry editing , i think it wouldn't hurt double checking with netsh

Code: Select all

netsh interface ipv4 show global

check for each interface

Code: Select all

netsh interface ipv4 show interfaces
netsh interface ipv4 show interface Idx-number-from-above

are the other LAN computers windows or other OS ? do they allow icmp through local firewall settings ?

this has to be present in server configuration

Code: Select all

push "route 10.20.30.0 255.255.255.0"

also a route has to be added on your LAN router

Code: Select all

10.20.31.0/24 via windows7_ip

[TinCanTech]

Try this viewtopic.php?f=7&t=7806

[opapanik]

i've seen you enabled ip forwarding through registry editing , i think it wouldn't hurt double checking with netsh

Code: Select all

netsh interface ipv4 show global

check for each interface

Code: Select all

netsh interface ipv4 show interfaces
netsh interface ipv4 show interface Idx-number-from-above

are the other LAN computers windows or other OS ? do they allow icmp through local firewall settings ?

this has to be present in server configuration

Code: Select all

push "route 10.20.30.0 255.255.255.0"

also a route has to be added on your LAN router

Code: Select all

10.20.31.0/24 via windows7_ip

Ok, retried the push 10.20.30.0 255.255.255.0, no change. As for adding the route to the modem/router, I have already done so and this is the reason I can ping from any LAN machine to the VPN client, isn't it? It seems to me my problem is the opposite, namely routing TAP adapter > LAN. I think this would be taken care of in-house, meaning on the Windows machine (openvpn server) itself, no?

netsh output:

Code: Select all

PS C:\WINDOWS\system32> netsh interface ipv4 show global
Querying active state...

General Global Parameters
---------------------------------------------
Default Hop Limit                   : 128 hops
Neighbor Cache Limit                : 256 entries per interface
Route Cache Limit                   : 4096 entries per compartment
Reassembly Limit                    : 32230208 bytes
ICMP Redirects                      : enabled
Source Routing Behavior             : dontforward
Task Offload                        : enabled
Dhcp Media Sense                    : enabled
Media Sense Logging                 : disabled
MLD Level                           : all
MLD Version                         : version3
Multicast Forwarding                : disabled
Group Forwarded Fragments           : disabled
Randomize Identifiers               : enabled
Address Mask Reply                  : disabled
Minimum Mtu                         : 576
Locality Address Selection          : enabled

Current Global Statistics
---------------------------------------------
Number of Compartments              : 1
Number of NL clients                : 7
Number of FL providers              : 5

PS C:\WINDOWS\system32> netsh interface ipv4 show interfaces

Idx     Met         MTU          State                Name
---  ----------  ----------  ------------  ---------------------------
 19          20        1500  connected     WiFi
 18          30        1500  connected     OpenVPNTAP
 25          25        1500  disconnected  Local Area Connection* 3
  1          75  4294967295  connected     Loopback Pseudo-Interface 1
  6           5        1500  disconnected  Ethernet

Don't know what I should expect. Is it ok?

Note: the above netsh output comes from another machine I am now trying in order to rule out machine specific problems. It's a Windows 10 laptop connected to LAN via WiFi. But I am doing all changes also to the Windows 7 machine (connected via ethernet) and switching from one to the other to see if there any differences. No solution yet.

I also tried a different phone (Lollipop) as client, with the exact same results and problem.

[opapanik]

Try this viewtopic.php?f=7&t=7806

Thanks for the link, I should have searched better.
I read the whole thread, really had my hopes up when started reading. There is a very interesting post and suggestions near the end which I thought would make a difference, alas no joy..

Given that the stated goal in the above link is something I already had no problem with, I am now beginning to think that nobody has tried or accomplished to do the simple thing I am, with a windows based openvpn server, that is. In the link provided above someone states that he can see windows shares from the client but it's not clear whether the shares are on the VPN server or another LAN machine other than the VPN server. I too, have no problem seeing every service on the VPN server from the client. The problem is I would like the client to see other machines on the server's LAN. It is obvious that it's doable, I am just not sure anybody has done it with a windows server.

I will prepare a roundup of what I have done so far, and post again.

[TiTex]

i would expect

Code: Select all

Source Routing Behavior             : forward

instead of

Code: Select all

Source Routing Behavior             : dontforward

if that means what i think it means , but not sure
you can also check for the individual interfaces with

Code: Select all

netsh interface ipv4 show interface Idx-number-from-above

by the way , have you tried testing with a different client other then your android phone ?
like a laptop or other remote device , just to rule out that possibility

[TiTex]

is the Routing and Remote Access service running on your machine ?
can't see any information about that in the messages you've posted

[opapanik]

Yes I would expect that Routing Behavior to be forward too, so I searched on google and found

"SourceRoutingBehavior: Defines the source routing behavior for the host. The options are DontForward and Drop. The default value is DontForward."

and I was like "..ok, DontForward looks better than Drop!"

Yes Routing and Remote Access service is enabled (Automatic start) and running.

About the individual interfaces command (openvpn server running and connected):

Code: Select all

C:\>netsh interface ipv4 show interfaces

Idx     Met         MTU          State                Name
---  ----------  ----------  ------------  -------------------------
  1          50  4294967295  connected     Loopback Pseudo-Interface
 13          20        1500  connected     Ethernet
 16          20        1500  connected     OpenVPNTAP


C:\>netsh interface ipv4 show interface 13

Interface Ethernet Parameters
----------------------------------------------
IfLuid                             : ethernet_6
IfIndex                            : 13
State                              : connected
Metric                             : 20
Link MTU                           : 1500 bytes
Reachable Time                     : 39000 ms
Base Reachable Time                : 30000 ms
Retransmission Interval            : 1000 ms
DAD Transmits                      : 3
Site Prefix Length                 : 64
Site Id                            : 1
Forwarding                         : disabled
Advertising                        : disabled
Neighbor Discovery                 : enabled
Neighbor Unreachability Detection  : enabled
Router Discovery                   : dhcp
Managed Address Configuration      : enabled
Other Stateful Configuration       : enabled
Weak Host Sends                    : disabled
Weak Host Receives                 : disabled
Use Automatic Metric               : enabled
Ignore Default Routes              : disabled
Advertised Router Lifetime         : 1800 seconds
Advertise Default Route            : disabled
Current Hop Limit                  : 0
Force ARPND Wake up patterns       : disabled
Directed MAC Wake up patterns      : disabled


C:\>netsh interface ipv4 show interface 16

Interface OpenVPNTAP Parameters
----------------------------------------------
IfLuid                             : ethernet_13
IfIndex                            : 16
State                              : connected
Metric                             : 20
Link MTU                           : 1500 bytes
Reachable Time                     : 32000 ms
Base Reachable Time                : 30000 ms
Retransmission Interval            : 1000 ms
DAD Transmits                      : 3
Site Prefix Length                 : 64
Site Id                            : 1
Forwarding                         : disabled
Advertising                        : disabled
Neighbor Discovery                 : enabled
Neighbor Unreachability Detection  : enabled
Router Discovery                   : dhcp
Managed Address Configuration      : enabled
Other Stateful Configuration       : enabled
Weak Host Sends                    : disabled
Weak Host Receives                 : disabled
Use Automatic Metric               : enabled
Ignore Default Routes              : disabled
Advertised Router Lifetime         : 1800 seconds
Advertise Default Route            : disabled
Current Hop Limit                  : 0
Force ARPND Wake up patterns       : disabled
Directed MAC Wake up patterns      : disabled

Those disabled Forwarding and Advertising surely seem suspect but I don't know how to make them enabled, or if it is even relevant, since it seems they are the default values even in the normal ethernet adapter..

No I haven't tested other platforms as clients, not easy for me right now, will eventually have to do that too.

I am at point that I have doubts anyone has wanted that (with a windows server I mean) before. I would really like to know if there is any reference anywhere of someone using Windows as openvpn server and have clients see the server's LAN. So I can rule out trying for something that can't be done or has been maybe overlooked in the openvpnserver implementation for Windows.

[opapanik]

Ok amongst all this hunting between 2 windows servers and 2 android clients, it was the Remote Access Connection Manager service on the Windows 7 and not the Routing and Remote Access service that was enabled. So I enabled the latter too. The Forwarding field reported by netsh changed to enabled, but it didn't solve the problem.

(on the windows 10 machine the right service was enabled but the "netsh interface ipv4 show interface Idx-number-from-above"
command is no longer available on this OS, so the error of checking at the wrong service in Windows 7 machine slipped my attention)

Anyway, problem still stands.

I did a preliminary test setting up one (the windows 10) laptop as client and the problem was no more, BUT I cannot trust the result because both server and client are within my LAN. I will need to use a non-android client via an outside network. If everything goes fine, then it would be an android client(s) problem (it does happen with both OpenVPN connect and OpenVPN for Android).

[TiTex]

the netsh command is present in every windows OS , including windows 10
i'm on windows 10 and can run the command with no issues

[opapanik]

I am sure you are right about netsh. I'm at work and checking on a Windows 10 home machine and it's fine. At home it's windows 10 pro, and up until now I thought the specific show interface x option was not available (not the command in general) because when I tried I got a command not found error. Probably I mistyped something. It is obvious I haven't been using the command.. Will try again at home but I'm sure you're right.

On other news, I set up this Windows 10 home machine as client and connected from work. No joy.. No answer when pinging other than the server machines at home. So it is not android client related.

I think that means the problem is in the server:
- configuration
- OS quirks
- TAP adapter bug
- openvnc windows-specific bug

I think it's in the latter three, unless someone shows up that has no problem seeing a Windows server's lan from the VPN client..

[TinCanTech]

unless someone shows up that has no problem seeing a Windows server's lan from the VPN client

It works for me .. Registry: enable ip_forwarding (or enable_router, what ever M$ call it) and add required routing.

[opapanik]

Great! Thanks for chiming in!

I'm not at home right now so I can try, but can you please tell how you came to do that (did you read it somewhere, were you experimenting, something else?).

Maybe if it's absolutely necessary it should be added to the howto's for the windows case?

Edit: can you please elaborate? I take it you're not talking about the registry setting already discussed and adding a route to the configuration files which I already tried..

In any case if it works for you I would appreciate it if you watched this thread and we went checking step by step for differences in my configuration and yours.

[TinCanTech]

I followed the HOWTO ..

But these are the steps you need :

• A working VPN. (which you have)
• Push the server route to the client: push "route 10.20.30.0 255.255.255.0" (That is all you require)
• Enable IP_Forwarding on the server. (Reboot)
• Disable the server, client and target hosts firewall.
  (until you get it working, then configure the firewalls with necessary rules).
• Add routes to the target hosts for the VPN subnet.

Some more Examples :

• viewtopic.php?f=7&t=23588
• viewtopic.php?f=7&t=20765
• viewtopic.php?f=7&t=20590

[opapanik]

I'm sorry, I know this gets tiring.

I have tried everything you suggested here, I have followed the guides, have read the HOWTOs. It's been 4 days now that this has taken all my free time. I am now thinking of setting up a linux machine for the sole purpose of locating the problem.

With the below configuration my only problem is vpn client can't see server's LAN.
Please everybody review the following and comment if you will. Thank you to all who suggested things and to all who will take the time to have another look at it.

LAN: 10.20.30.0/24, modem/router/gateway at 10.20.30.254, VPN server Windows 7 ultimate at 10.20.30.10, various other machines on the LAN (Windows desktops and laptops, Androids, TV's, connected by both ethernet or WiFi)

View Originalserver config

port 1194
proto udp4
dev tun
dev-node OpenVPNTAP
ca ca.crt
cert server.crt
key server.key
dh dh4096.pem
topology subnet
server 10.20.31.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 10.20.30.0 255.255.255.0"
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
client-to-client
keepalive 10 120
cipher AES-256-CBC
persist-key
persist-tun
verb 6
explicit-exit-notify 1

View Originalclient config

client
dev tun
proto udp
remote xxx.xxx.xxx 1194
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
cipher AES-256-CBC
verb 6

Things I did:

On my modem router:
1. added routing from 10.20.31.0/24 (VPN addresses) to 10.20.30.10 (LAN IP of windows VPN server)

On the windows server:
2. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters] "IPEnableRouter"=dword:00000001
3. Enabled the Routing and Remote Access windows service

4. Turned off all firewalls (except the modem/router's built-in)

Things I tried suggested in various threads and guides, that actully made things worse (e.g. I lost features like internet for VPN, previously successful pings no more worked, etc.), so finally un-did them:

1. Manually added gateway to the TAP adapter
2. Enabled internet connection sharing on the TAP adapter

Questions:

1. The server's Network and Sharing center shows the TAP adapter's network as Public and does not allow me to do anything about it. Is it ok? (have read the threads about alleviating that, but following the instructions only made things worse, see above)

2. So far I have only tried to make the server-side LAN accessible to the VPN client. I have NOT also activated the configuration settings that would allow access to the client-side LAN. You think that could be a problem and I should try to enable them both at the same time?

3. Entry from the server's starting log:

Code: Select all

Tue May 09 20:27:28 2017 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.20.31.1/255.255.255.0 on interface {48E36609-E1A9-43B5-BBEE-8D1FBEEFA676} [DHCP-serv: 10.20.31.254, lease-time: 31536000]

That 10.20.31.254 assigned DHCP-server is in the created VPN subnetwork and does not really exist. Is it normal (is it some kind of virtual server assigned by openvpn)?

Finally, some ping related server logs (android VPN client connected via 4G):

1. server-side LAN machine > VPN client (successful):

Code: Select all

Tue May 09 20:04:36 2017 G4/188.73.246.132:34192 UDPv4 WRITE [81] to [AF_INET]188.73.246.132:34192: P_DATA_V1 kid=0 DATA len=80
Tue May 09 20:04:36 2017 G4/188.73.246.132:34192 UDPv4 READ [84] from [AF_INET]188.73.246.132:34192: P_DATA_V2 kid=0 DATA len=83
Tue May 09 20:04:36 2017 G4/188.73.246.132:34192 TUN WRITE [60]

- VPN client > VPN server's LAN IP (successful):

Code: Select all

Tue May 09 20:09:40 2017 G4/188.73.246.132:34192 UDPv4 READ [108] from [AF_INET]188.73.246.132:34192: P_DATA_V2 kid=0 DATA len=107
Tue May 09 20:09:40 2017 G4/188.73.246.132:34192 TUN WRITE [84]
Tue May 09 20:09:40 2017 G4/188.73.246.132:34192 TUN READ [84]
Tue May 09 20:09:40 2017 G4/188.73.246.132:34192 UDPv4 WRITE [105] to [AF_INET]188.73.246.132:34192: P_DATA_V1 kid=0 DATA len=104

- VPN client > server-side LAN machine (unsuccessful):

Code: Select all

Tue May 09 20:11:57 2017 G4/188.73.246.132:34192 UDPv4 READ [108] from [AF_INET]188.73.246.132:34192: P_DATA_V2 kid=0 DATA len=107
Tue May 09 20:11:57 2017 G4/188.73.246.132:34192 TUN WRITE [84]

Comparing this unsuccessful ping to the previous successful (both originate from the VPN client, aimed at LAN) there's no TUN READ and UDPv4 WRITE. Does this mean anything to anyone?

Thanks anyhow..