Mysterious IP
Posted: Sun Feb 11, 2018 7:48 pm
I have 2 clients connecting to a VPS running Openvpn 2.3. Both clients run Ubuntu 16.04, one wired one wireless. The wired client runs perfectly. The wireless client does not.
The wireless client successfully connects to the server, but a tcpdump reveals that all outbound traffic comes from an ip 172.31.99.252 that isn't bound to any interface, and isn't configured in any file.
I am unsure how to proceed. Here are my configs and logs.
Edit:
*** Also, there are no iptables rules in place on the client.
port 1194
proto udp
dev tun
sndbuf 0
rcvbuf 0
ca ca.crt
cert server.crt
key server.key
dh dh.pem
auth SHA512
tls-auth ta.key 0
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
keepalive 10 120
cipher AES-256-CBC
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3
crl-verify crl.pem
client
dev tun
proto udp
sndbuf 0
rcvbuf 0
remote 138.68.183.251 1194
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
auth SHA512
cipher AES-256-CBC
comp-lzo
setenv opt block-outside-dns
key-direction 1
verb 3
<ca></ca>
<cert></cert>
<key></key>
<tls-auth></tls-auth>
Sun Feb 11 11:44:46 2018 Unrecognized option or missing parameter(s) in josh@inconspicuous.ovpn:15: block-outside-dns (2.3.10)
Sun Feb 11 11:44:46 2018 OpenVPN 2.3.10 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jun 22 2017
Sun Feb 11 11:44:46 2018 library versions: OpenSSL 1.0.2g 1 Mar 2016, LZO 2.08
Sun Feb 11 11:44:46 2018 Control Channel Authentication: tls-auth using INLINE static key file
Sun Feb 11 11:44:46 2018 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Sun Feb 11 11:44:46 2018 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Sun Feb 11 11:44:46 2018 Socket Buffers: R=[212992->212992] S=[212992->212992]
Sun Feb 11 11:44:46 2018 UDPv4 link local: [undef]
Sun Feb 11 11:44:46 2018 UDPv4 link remote: [AF_INET]138.68.183.251:1194
Sun Feb 11 11:44:47 2018 TLS: Initial packet from [AF_INET]138.68.183.251:1194, sid=e3210c25 c73100d8
Sun Feb 11 11:44:47 2018 VERIFY OK: depth=1, CN=ChangeMe
Sun Feb 11 11:44:47 2018 Validating certificate key usage
Sun Feb 11 11:44:47 2018 ++ Certificate has key usage 00a0, expects 00a0
Sun Feb 11 11:44:47 2018 VERIFY KU OK
Sun Feb 11 11:44:47 2018 Validating certificate extended key usage
Sun Feb 11 11:44:47 2018 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Sun Feb 11 11:44:47 2018 VERIFY EKU OK
Sun Feb 11 11:44:47 2018 VERIFY OK: depth=0, CN=server
Sun Feb 11 11:44:47 2018 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Sun Feb 11 11:44:47 2018 Data Channel Encrypt: Using 512 bit message hash 'SHA512' for HMAC authentication
Sun Feb 11 11:44:47 2018 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Sun Feb 11 11:44:47 2018 Data Channel Decrypt: Using 512 bit message hash 'SHA512' for HMAC authentication
Sun Feb 11 11:44:47 2018 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Sun Feb 11 11:44:47 2018 [server] Peer Connection Initiated with [AF_INET]138.68.183.251:1194
Sun Feb 11 11:44:50 2018 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Sun Feb 11 11:44:50 2018 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 8.8.8.8,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.8.0.4 255.255.255.0'
Sun Feb 11 11:44:50 2018 OPTIONS IMPORT: timers and/or timeouts modified
Sun Feb 11 11:44:50 2018 OPTIONS IMPORT: --ifconfig/up options modified
Sun Feb 11 11:44:50 2018 OPTIONS IMPORT: route options modified
Sun Feb 11 11:44:50 2018 OPTIONS IMPORT: route-related options modified
Sun Feb 11 11:44:50 2018 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sun Feb 11 11:44:50 2018 ROUTE_GATEWAY 192.168.0.1/255.255.255.0 IFACE=wlp8s0 HWADDR=f0:d5:bf:ad:82:d9
Sun Feb 11 11:44:50 2018 TUN/TAP device tun0 opened
Sun Feb 11 11:44:50 2018 TUN/TAP TX queue length set to 100
Sun Feb 11 11:44:50 2018 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Sun Feb 11 11:44:50 2018 /sbin/ip link set dev tun0 up mtu 1500
Sun Feb 11 11:44:50 2018 /sbin/ip addr add dev tun0 10.8.0.4/24 broadcast 10.8.0.255
Sun Feb 11 11:44:50 2018 /sbin/ip route add 138.68.183.251/32 via 192.168.0.1
Sun Feb 11 11:44:50 2018 /sbin/ip route add 0.0.0.0/1 via 10.8.0.1
Sun Feb 11 11:44:50 2018 /sbin/ip route add 128.0.0.0/1 via 10.8.0.1
Sun Feb 11 11:44:50 2018 Initialization Sequence Completed
listening on tun0, link-type RAW (Raw IP), capture size 262144 bytes
11:46:03.508407 IP 172.31.99.252.46390 > 54.165.192.198.443: Flags [S], seq 1756514146, win 29200, options [mss 1460,sackOK,TS val 4003311696 ecr 0,nop,wscale 7], length 0
11:46:03.568703 IP 172.31.99.252.44604 > 38.127.167.13.443: Flags [S], seq 120227118, win 29200, options [mss 1460,sackOK,TS val 610668249 ecr 0,nop,wscale 7], length 0
The wireless client successfully connects to the server, but a tcpdump reveals that all outbound traffic comes from an ip 172.31.99.252 that isn't bound to any interface, and isn't configured in any file.
I am unsure how to proceed. Here are my configs and logs.
Edit:
*** Also, there are no iptables rules in place on the client.
server.conf
port 1194
proto udp
dev tun
sndbuf 0
rcvbuf 0
ca ca.crt
cert server.crt
key server.key
dh dh.pem
auth SHA512
tls-auth ta.key 0
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
keepalive 10 120
cipher AES-256-CBC
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3
crl-verify crl.pem
client.ovpn
client
dev tun
proto udp
sndbuf 0
rcvbuf 0
remote 138.68.183.251 1194
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
auth SHA512
cipher AES-256-CBC
comp-lzo
setenv opt block-outside-dns
key-direction 1
verb 3
<ca></ca>
<cert></cert>
<key></key>
<tls-auth></tls-auth>
client logs
Sun Feb 11 11:44:46 2018 Unrecognized option or missing parameter(s) in josh@inconspicuous.ovpn:15: block-outside-dns (2.3.10)
Sun Feb 11 11:44:46 2018 OpenVPN 2.3.10 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jun 22 2017
Sun Feb 11 11:44:46 2018 library versions: OpenSSL 1.0.2g 1 Mar 2016, LZO 2.08
Sun Feb 11 11:44:46 2018 Control Channel Authentication: tls-auth using INLINE static key file
Sun Feb 11 11:44:46 2018 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Sun Feb 11 11:44:46 2018 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Sun Feb 11 11:44:46 2018 Socket Buffers: R=[212992->212992] S=[212992->212992]
Sun Feb 11 11:44:46 2018 UDPv4 link local: [undef]
Sun Feb 11 11:44:46 2018 UDPv4 link remote: [AF_INET]138.68.183.251:1194
Sun Feb 11 11:44:47 2018 TLS: Initial packet from [AF_INET]138.68.183.251:1194, sid=e3210c25 c73100d8
Sun Feb 11 11:44:47 2018 VERIFY OK: depth=1, CN=ChangeMe
Sun Feb 11 11:44:47 2018 Validating certificate key usage
Sun Feb 11 11:44:47 2018 ++ Certificate has key usage 00a0, expects 00a0
Sun Feb 11 11:44:47 2018 VERIFY KU OK
Sun Feb 11 11:44:47 2018 Validating certificate extended key usage
Sun Feb 11 11:44:47 2018 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Sun Feb 11 11:44:47 2018 VERIFY EKU OK
Sun Feb 11 11:44:47 2018 VERIFY OK: depth=0, CN=server
Sun Feb 11 11:44:47 2018 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Sun Feb 11 11:44:47 2018 Data Channel Encrypt: Using 512 bit message hash 'SHA512' for HMAC authentication
Sun Feb 11 11:44:47 2018 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Sun Feb 11 11:44:47 2018 Data Channel Decrypt: Using 512 bit message hash 'SHA512' for HMAC authentication
Sun Feb 11 11:44:47 2018 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Sun Feb 11 11:44:47 2018 [server] Peer Connection Initiated with [AF_INET]138.68.183.251:1194
Sun Feb 11 11:44:50 2018 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Sun Feb 11 11:44:50 2018 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 8.8.8.8,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.8.0.4 255.255.255.0'
Sun Feb 11 11:44:50 2018 OPTIONS IMPORT: timers and/or timeouts modified
Sun Feb 11 11:44:50 2018 OPTIONS IMPORT: --ifconfig/up options modified
Sun Feb 11 11:44:50 2018 OPTIONS IMPORT: route options modified
Sun Feb 11 11:44:50 2018 OPTIONS IMPORT: route-related options modified
Sun Feb 11 11:44:50 2018 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sun Feb 11 11:44:50 2018 ROUTE_GATEWAY 192.168.0.1/255.255.255.0 IFACE=wlp8s0 HWADDR=f0:d5:bf:ad:82:d9
Sun Feb 11 11:44:50 2018 TUN/TAP device tun0 opened
Sun Feb 11 11:44:50 2018 TUN/TAP TX queue length set to 100
Sun Feb 11 11:44:50 2018 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Sun Feb 11 11:44:50 2018 /sbin/ip link set dev tun0 up mtu 1500
Sun Feb 11 11:44:50 2018 /sbin/ip addr add dev tun0 10.8.0.4/24 broadcast 10.8.0.255
Sun Feb 11 11:44:50 2018 /sbin/ip route add 138.68.183.251/32 via 192.168.0.1
Sun Feb 11 11:44:50 2018 /sbin/ip route add 0.0.0.0/1 via 10.8.0.1
Sun Feb 11 11:44:50 2018 /sbin/ip route add 128.0.0.0/1 via 10.8.0.1
Sun Feb 11 11:44:50 2018 Initialization Sequence Completed
tcpdump
listening on tun0, link-type RAW (Raw IP), capture size 262144 bytes
11:46:03.508407 IP 172.31.99.252.46390 > 54.165.192.198.443: Flags [S], seq 1756514146, win 29200, options [mss 1460,sackOK,TS val 4003311696 ecr 0,nop,wscale 7], length 0
11:46:03.568703 IP 172.31.99.252.44604 > 38.127.167.13.443: Flags [S], seq 120227118, win 29200, options [mss 1460,sackOK,TS val 610668249 ecr 0,nop,wscale 7], length 0