Connect home thru phone

This forum is for admins who are looking to build or expand their OpenVPN setup.
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
dolphs
OpenVPN User
Posts: 17
Joined: Thu May 11, 2017 11:53 am

Connect home thru phone

Post by dolphs » Wed May 16, 2018 3:36 pm

Hi,

I have an OpenVPN already up and running with private IP addresses (192.168.x.y).
But yet the OpenVPN Connect app on my android phone should be able to connect to my home server, so I can access all IPs at home (192.168.10.x).

Current oVPN server is located at 192.168.10.11, while clients connected have ".20.x,.30.x,.178.x" private addresses
This is working fine, but to allow my mobile to connect "server.conf" needs to be updated as well the client files on the server

On my server the "server.conf" shows:

Code: Select all

<snip snip>
server 10.8.0.0 255.255.255.0
topology subnet

route 192.168.20.0 255.255.255.0 10.8.0.2
route 192.168.30.0 255.255.255.0 10.8.0.3
route 192.168.178.0 255.255.255.0 10.8.0.4
push "route 192.168.10.0 255.255.255.0"
push "dhcp-option DNS "my-ISP-server-A"
push "dhcp-option DNS "my-ISP-server-B"
<snip snip>

tls-version-min 1.2
remote-cert-tls client
tls-auth /etc/openvpn/key/ta.key 0
cipher AES-128-CBC
ncp-disable
auth SHA256

client-config-dir /etc/openvpn/clients

ca /etc/openvpn/key/server_CA.crt
cert /etc/openvpn/key/server_SRV.crt
key /etc/openvpn/key/server_SRV.pem
dh /etc/openvpn/key/dh2048.pem

Example content from a client file ( in clients directory ) are these two lines:

Code: Select all

ifconfig-push 10.8.0.4 255.255.255.0
iroute 192.168.30.0 255.255.255.0
My question is how to create similar ccd for my mobile, please as I am struggling with the iroute entry:

Code: Select all

ifconfig-push 10.8.0.5 255.255.255.0
iroute ? 255.255.255.0

Looking forward to your response

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 4171
Joined: Fri Jun 03, 2016 1:17 pm

Re: Connect home thru phone

Post by TinCanTech » Wed May 16, 2018 4:52 pm

You don't need an --iroute for your phone because it does not have an associated LAN subnet.

dolphs
OpenVPN User
Posts: 17
Joined: Thu May 11, 2017 11:53 am

Re: Connect home thru phone

Post by dolphs » Wed May 16, 2018 5:31 pm

OK that is what I thought , thanks for confirming …
now the "server.conf" remaining - trying to find bits and pieces together but cannot put my finger on it (yet).
thanks

dolphs
OpenVPN User
Posts: 17
Joined: Thu May 11, 2017 11:53 am

Re: Connect home thru phone

Post by dolphs » Thu May 17, 2018 12:12 pm

Meanwhile also trying to connect from a fixed public IP (Enterprise LAN).
This client runs on a Windows10 PC and I am able to connect to my VPN server at home

I suppose similar set up is needed as my mobile phone, but yet the ccd should have an iroute, the specific IP - eg

Code: Select all

ifconfig-push 10.8.0.5 255.255.255.0
iroute 246.63.221.149 255.255.255.0
Also added on my Windows PC " route add 192.168.10.0 mask 255.255.255.0 246.63.221.1 " but still route seems to be incomplete as I cannot reach any IP addresses at home …

Code: Select all

Ethernet adapter Ethernet:

   Connection-specific DNS Suffix  . : org.wwc.ent.nl
   IPv4 Address. . . . . . . . . . . : 246.63.221.149
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 246.63.221.1

Ethernet adapter Ethernet 2:

   Connection-specific DNS Suffix  . :
   IPv4 Address. . . . . . . . . . . : 10.8.0.5
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . :
and:

Code: Select all

C:\WINDOWS\system32>ping 192.168.10.11
Pinging 192.168.10.11 with 32 bytes of data:
Reply from 246.63.221.253: Destination net unreachable.
Reply from 246.63.221.253: Destination net unreachable.
For convenience I added my client logs which shows I am connected to my VPN but I fail in creating a proper route atm....

Code: Select all

Thu May 17 13:23:35 2018 us=341198 Current Parameter Settings:
Thu May 17 13:23:35 2018 us=356823   config = 'mywin10pc.ovpn'
Thu May 17 13:23:35 2018 us=356823   mode = 0
Thu May 17 13:23:35 2018 us=356823   show_ciphers = DISABLED
Thu May 17 13:23:35 2018 us=356823   show_digests = DISABLED
Thu May 17 13:23:35 2018 us=356823   show_engines = DISABLED
Thu May 17 13:23:35 2018 us=356823   genkey = DISABLED
Thu May 17 13:23:35 2018 us=356823   key_pass_file = '[UNDEF]'
Thu May 17 13:23:35 2018 us=356823   show_tls_ciphers = DISABLED
Thu May 17 13:23:35 2018 us=356823   connect_retry_max = 0
Thu May 17 13:23:35 2018 us=356823 Connection profiles [0]:
Thu May 17 13:23:35 2018 us=356823   proto = udp4
Thu May 17 13:23:35 2018 us=356823   local = '[UNDEF]'
Thu May 17 13:23:35 2018 us=356823   local_port = '[UNDEF]'
Thu May 17 13:23:35 2018 us=356823   remote = 'myhome.dyndns.org'
Thu May 17 13:23:35 2018 us=356823   remote_port = '8802'
Thu May 17 13:23:35 2018 us=356823   remote_float = ENABLED
Thu May 17 13:23:35 2018 us=356823   bind_defined = DISABLED
Thu May 17 13:23:35 2018 us=356823   bind_local = DISABLED
Thu May 17 13:23:35 2018 us=356823   bind_ipv6_only = DISABLED
Thu May 17 13:23:35 2018 us=356823   connect_retry_seconds = 5
Thu May 17 13:23:35 2018 us=356823   connect_timeout = 120
Thu May 17 13:23:35 2018 us=356823   socks_proxy_server = '[UNDEF]'
Thu May 17 13:23:35 2018 us=356823   socks_proxy_port = '[UNDEF]'
Thu May 17 13:23:35 2018 us=356823   tun_mtu = 1500
Thu May 17 13:23:35 2018 us=356823   tun_mtu_defined = ENABLED
Thu May 17 13:23:35 2018 us=356823   link_mtu = 1500
Thu May 17 13:23:35 2018 us=356823   link_mtu_defined = DISABLED
Thu May 17 13:23:35 2018 us=356823   tun_mtu_extra = 0
Thu May 17 13:23:35 2018 us=356823   tun_mtu_extra_defined = DISABLED
Thu May 17 13:23:35 2018 us=356823   mtu_discover_type = -1
Thu May 17 13:23:35 2018 us=356823   fragment = 0
Thu May 17 13:23:35 2018 us=356823   mssfix = 1450
Thu May 17 13:23:35 2018 us=356823   explicit_exit_notification = 2
Thu May 17 13:23:35 2018 us=356823 Connection profiles END
Thu May 17 13:23:35 2018 us=356823   remote_random = DISABLED
Thu May 17 13:23:35 2018 us=356823   ipchange = '[UNDEF]'
Thu May 17 13:23:35 2018 us=356823   dev = 'tun'
Thu May 17 13:23:35 2018 us=356823   dev_type = '[UNDEF]'
Thu May 17 13:23:35 2018 us=356823   dev_node = '[UNDEF]'
Thu May 17 13:23:35 2018 us=356823   lladdr = '[UNDEF]'
Thu May 17 13:23:35 2018 us=356823   topology = 1
Thu May 17 13:23:35 2018 us=356823   ifconfig_local = '[UNDEF]'
Thu May 17 13:23:35 2018 us=356823   ifconfig_remote_netmask = '[UNDEF]'
Thu May 17 13:23:35 2018 us=356823   ifconfig_noexec = DISABLED
Thu May 17 13:23:35 2018 us=356823   ifconfig_nowarn = DISABLED
Thu May 17 13:23:35 2018 us=356823   ifconfig_ipv6_local = '[UNDEF]'
Thu May 17 13:23:35 2018 us=356823   ifconfig_ipv6_netbits = 0
Thu May 17 13:23:35 2018 us=356823   ifconfig_ipv6_remote = '[UNDEF]'
Thu May 17 13:23:35 2018 us=356823   shaper = 0
Thu May 17 13:23:35 2018 us=356823   mtu_test = 0
Thu May 17 13:23:35 2018 us=356823   mlock = DISABLED
Thu May 17 13:23:35 2018 us=356823   keepalive_ping = 10
Thu May 17 13:23:35 2018 us=356823   keepalive_timeout = 120
Thu May 17 13:23:35 2018 us=356823   inactivity_timeout = 0
Thu May 17 13:23:35 2018 us=356823   ping_send_timeout = 10
Thu May 17 13:23:35 2018 us=356823   ping_rec_timeout = 120
Thu May 17 13:23:35 2018 us=356823   ping_rec_timeout_action = 2
Thu May 17 13:23:35 2018 us=356823   ping_timer_remote = DISABLED
Thu May 17 13:23:35 2018 us=356823   remap_sigusr1 = 0
Thu May 17 13:23:35 2018 us=356823   persist_tun = ENABLED
Thu May 17 13:23:35 2018 us=356823   persist_local_ip = DISABLED
Thu May 17 13:23:35 2018 us=356823   persist_remote_ip = DISABLED
Thu May 17 13:23:35 2018 us=356823   persist_key = ENABLED
Thu May 17 13:23:35 2018 us=356823   passtos = DISABLED
Thu May 17 13:23:35 2018 us=356823   resolve_retry_seconds = 1000000000
Thu May 17 13:23:35 2018 us=356823   resolve_in_advance = DISABLED
Thu May 17 13:23:35 2018 us=356823   username = '[UNDEF]'
Thu May 17 13:23:35 2018 us=356823   groupname = '[UNDEF]'
Thu May 17 13:23:35 2018 us=356823   chroot_dir = '[UNDEF]'
Thu May 17 13:23:35 2018 us=356823   cd_dir = '[UNDEF]'
Thu May 17 13:23:35 2018 us=356823   writepid = '[UNDEF]'
Thu May 17 13:23:35 2018 us=356823   up_script = '[UNDEF]'
Thu May 17 13:23:35 2018 us=356823   down_script = '[UNDEF]'
Thu May 17 13:23:35 2018 us=356823   down_pre = DISABLED
Thu May 17 13:23:35 2018 us=356823   up_restart = DISABLED
Thu May 17 13:23:35 2018 us=356823   up_delay = DISABLED
Thu May 17 13:23:35 2018 us=356823   daemon = DISABLED
Thu May 17 13:23:35 2018 us=356823   inetd = 0
Thu May 17 13:23:35 2018 us=356823   log = ENABLED
Thu May 17 13:23:35 2018 us=356823   suppress_timestamps = DISABLED
Thu May 17 13:23:35 2018 us=356823   machine_readable_output = DISABLED
Thu May 17 13:23:35 2018 us=356823   nice = 0
Thu May 17 13:23:35 2018 us=356823   verbosity = 4
Thu May 17 13:23:35 2018 us=356823   mute = 0
Thu May 17 13:23:35 2018 us=356823   gremlin = 0
Thu May 17 13:23:35 2018 us=356823   status_file = '[UNDEF]'
Thu May 17 13:23:35 2018 us=356823   status_file_version = 1
Thu May 17 13:23:35 2018 us=356823   status_file_update_freq = 60
Thu May 17 13:23:35 2018 us=356823   occ = ENABLED
Thu May 17 13:23:35 2018 us=356823   rcvbuf = 0
Thu May 17 13:23:35 2018 us=356823   sndbuf = 0
Thu May 17 13:23:35 2018 us=356823   sockflags = 0
Thu May 17 13:23:35 2018 us=356823   fast_io = DISABLED
Thu May 17 13:23:35 2018 us=356823   comp.alg = 2
Thu May 17 13:23:35 2018 us=356823   comp.flags = 1
Thu May 17 13:23:35 2018 us=356823   route_script = '[UNDEF]'
Thu May 17 13:23:35 2018 us=356823   route_default_gateway = '[UNDEF]'
Thu May 17 13:23:35 2018 us=356823   route_default_metric = 0
Thu May 17 13:23:35 2018 us=356823   route_noexec = DISABLED
Thu May 17 13:23:35 2018 us=356823   route_delay = 5
Thu May 17 13:23:35 2018 us=356823   route_delay_window = 30
Thu May 17 13:23:35 2018 us=356823   route_delay_defined = ENABLED
Thu May 17 13:23:35 2018 us=356823   route_nopull = DISABLED
Thu May 17 13:23:35 2018 us=356823   route_gateway_via_dhcp = DISABLED
Thu May 17 13:23:35 2018 us=356823   allow_pull_fqdn = DISABLED
Thu May 17 13:23:35 2018 us=356823   management_addr = '127.0.0.1'
Thu May 17 13:23:35 2018 us=356823   management_port = '25340'
Thu May 17 13:23:35 2018 us=356823   management_user_pass = 'stdin'
Thu May 17 13:23:35 2018 us=356823   management_log_history_cache = 250
Thu May 17 13:23:35 2018 us=356823   management_echo_buffer_size = 100
Thu May 17 13:23:35 2018 us=356823   management_write_peer_info_file = '[UNDEF]'
Thu May 17 13:23:35 2018 us=356823   management_client_user = '[UNDEF]'
Thu May 17 13:23:35 2018 us=356823   management_client_group = '[UNDEF]'
Thu May 17 13:23:35 2018 us=356823   management_flags = 6
Thu May 17 13:23:35 2018 us=356823   shared_secret_file = '[UNDEF]'
Thu May 17 13:23:35 2018 us=356823   key_direction = 1
Thu May 17 13:23:35 2018 us=356823   ciphername = 'AES-128-CBC'
Thu May 17 13:23:35 2018 us=356823   ncp_enabled = ENABLED
Thu May 17 13:23:35 2018 us=356823   ncp_ciphers = 'AES-256-GCM:AES-128-GCM'
Thu May 17 13:23:35 2018 us=356823   authname = 'SHA256'
Thu May 17 13:23:35 2018 us=356823   prng_hash = 'SHA1'
Thu May 17 13:23:35 2018 us=356823   prng_nonce_secret_len = 16
Thu May 17 13:23:35 2018 us=356823   keysize = 0
Thu May 17 13:23:35 2018 us=356823   engine = DISABLED
Thu May 17 13:23:35 2018 us=356823   replay = ENABLED
Thu May 17 13:23:35 2018 us=356823   mute_replay_warnings = DISABLED
Thu May 17 13:23:35 2018 us=356823   replay_window = 64
Thu May 17 13:23:35 2018 us=356823   replay_time = 15
Thu May 17 13:23:35 2018 us=356823   packet_id_file = '[UNDEF]'
Thu May 17 13:23:35 2018 us=356823   use_iv = ENABLED
Thu May 17 13:23:35 2018 us=356823   test_crypto = DISABLED
Thu May 17 13:23:35 2018 us=356823   tls_server = DISABLED
Thu May 17 13:23:35 2018 us=356823   tls_client = ENABLED
Thu May 17 13:23:35 2018 us=356823   key_method = 2
Thu May 17 13:23:35 2018 us=356823   ca_file = 'C:\Program Files\OpenVPN\client\myhome_CA.crt'
Thu May 17 13:23:35 2018 us=356823   ca_path = '[UNDEF]'
Thu May 17 13:23:35 2018 us=356823   dh_file = '[UNDEF]'
Thu May 17 13:23:35 2018 us=356823   cert_file = 'C:\Program Files\OpenVPN\client\mywin10pc_CLT.crt'
Thu May 17 13:23:35 2018 us=356823   extra_certs_file = '[UNDEF]'
Thu May 17 13:23:35 2018 us=356823   priv_key_file = 'C:\Program Files\OpenVPN\client\mywin10pc_CLT.pem'
Thu May 17 13:23:35 2018 us=356823   pkcs12_file = '[UNDEF]'
Thu May 17 13:23:35 2018 us=356823   cryptoapi_cert = '[UNDEF]'
Thu May 17 13:23:35 2018 us=356823   cipher_list = '[UNDEF]'
Thu May 17 13:23:35 2018 us=356823   tls_cert_profile = '[UNDEF]'
Thu May 17 13:23:35 2018 us=356823   tls_verify = '[UNDEF]'
Thu May 17 13:23:35 2018 us=356823   tls_export_cert = '[UNDEF]'
Thu May 17 13:23:35 2018 us=356823   verify_x509_type = 2
Thu May 17 13:23:35 2018 us=356823   verify_x509_name = 'myhome_SRV'
Thu May 17 13:23:35 2018 us=356823   crl_file = '[UNDEF]'
Thu May 17 13:23:35 2018 us=356823   ns_cert_type = 0
Thu May 17 13:23:35 2018 us=356823   remote_cert_ku[i] = 65535
Thu May 17 13:23:35 2018 us=356823   remote_cert_ku[i] = 0
Thu May 17 13:23:35 2018 us=356823   remote_cert_ku[i] = 0
Thu May 17 13:23:35 2018 us=356823   remote_cert_ku[i] = 0
Thu May 17 13:23:35 2018 us=356823   remote_cert_ku[i] = 0
Thu May 17 13:23:35 2018 us=356823   remote_cert_ku[i] = 0
Thu May 17 13:23:35 2018 us=356823   remote_cert_ku[i] = 0
Thu May 17 13:23:35 2018 us=356823   remote_cert_ku[i] = 0
Thu May 17 13:23:35 2018 us=356823   remote_cert_ku[i] = 0
Thu May 17 13:23:35 2018 us=356823   remote_cert_ku[i] = 0
Thu May 17 13:23:35 2018 us=356823   remote_cert_ku[i] = 0
Thu May 17 13:23:35 2018 us=356823   remote_cert_ku[i] = 0
Thu May 17 13:23:35 2018 us=356823   remote_cert_ku[i] = 0
Thu May 17 13:23:35 2018 us=356823   remote_cert_ku[i] = 0
Thu May 17 13:23:35 2018 us=356823   remote_cert_ku[i] = 0
Thu May 17 13:23:35 2018 us=356823   remote_cert_ku[i] = 0
Thu May 17 13:23:35 2018 us=356823   remote_cert_eku = 'TLS Web Server Authentication'
Thu May 17 13:23:35 2018 us=356823   ssl_flags = 192
Thu May 17 13:23:35 2018 us=356823   tls_timeout = 2
Thu May 17 13:23:35 2018 us=356823   renegotiate_bytes = -1
Thu May 17 13:23:35 2018 us=356823   renegotiate_packets = 0
Thu May 17 13:23:35 2018 us=356823   renegotiate_seconds = 3600
Thu May 17 13:23:35 2018 us=356823   handshake_window = 60
Thu May 17 13:23:35 2018 us=356823   transition_window = 3600
Thu May 17 13:23:35 2018 us=356823   single_session = DISABLED
Thu May 17 13:23:35 2018 us=356823   push_peer_info = DISABLED
Thu May 17 13:23:35 2018 us=356823   tls_exit = DISABLED
Thu May 17 13:23:35 2018 us=356823   tls_auth_file = 'C:\Program Files\OpenVPN\client\ta.key'
Thu May 17 13:23:35 2018 us=356823   tls_crypt_file = '[UNDEF]'
Thu May 17 13:23:35 2018 us=356823   pkcs11_protected_authentication = DISABLED
Thu May 17 13:23:35 2018 us=356823   pkcs11_protected_authentication = DISABLED
Thu May 17 13:23:35 2018 us=356823   pkcs11_protected_authentication = DISABLED
Thu May 17 13:23:35 2018 us=356823   pkcs11_protected_authentication = DISABLED
Thu May 17 13:23:35 2018 us=356823   pkcs11_protected_authentication = DISABLED
Thu May 17 13:23:35 2018 us=356823   pkcs11_protected_authentication = DISABLED
Thu May 17 13:23:35 2018 us=356823   pkcs11_protected_authentication = DISABLED
Thu May 17 13:23:35 2018 us=356823   pkcs11_protected_authentication = DISABLED
Thu May 17 13:23:35 2018 us=356823   pkcs11_protected_authentication = DISABLED
Thu May 17 13:23:35 2018 us=356823   pkcs11_protected_authentication = DISABLED
Thu May 17 13:23:35 2018 us=356823   pkcs11_protected_authentication = DISABLED
Thu May 17 13:23:35 2018 us=356823   pkcs11_protected_authentication = DISABLED
Thu May 17 13:23:35 2018 us=356823   pkcs11_protected_authentication = DISABLED
Thu May 17 13:23:35 2018 us=356823   pkcs11_protected_authentication = DISABLED
Thu May 17 13:23:35 2018 us=356823   pkcs11_protected_authentication = DISABLED
Thu May 17 13:23:35 2018 us=356823   pkcs11_protected_authentication = DISABLED
Thu May 17 13:23:35 2018 us=356823   pkcs11_private_mode = 00000000
Thu May 17 13:23:35 2018 us=356823   pkcs11_private_mode = 00000000
Thu May 17 13:23:35 2018 us=356823   pkcs11_private_mode = 00000000
Thu May 17 13:23:35 2018 us=356823   pkcs11_private_mode = 00000000
Thu May 17 13:23:35 2018 us=356823   pkcs11_private_mode = 00000000
Thu May 17 13:23:35 2018 us=356823   pkcs11_private_mode = 00000000
Thu May 17 13:23:35 2018 us=356823   pkcs11_private_mode = 00000000
Thu May 17 13:23:35 2018 us=356823   pkcs11_private_mode = 00000000
Thu May 17 13:23:35 2018 us=356823   pkcs11_private_mode = 00000000
Thu May 17 13:23:35 2018 us=356823   pkcs11_private_mode = 00000000
Thu May 17 13:23:35 2018 us=356823   pkcs11_private_mode = 00000000
Thu May 17 13:23:35 2018 us=356823   pkcs11_private_mode = 00000000
Thu May 17 13:23:35 2018 us=356823   pkcs11_private_mode = 00000000
Thu May 17 13:23:35 2018 us=356823   pkcs11_private_mode = 00000000
Thu May 17 13:23:35 2018 us=356823   pkcs11_private_mode = 00000000
Thu May 17 13:23:35 2018 us=356823   pkcs11_private_mode = 00000000
Thu May 17 13:23:35 2018 us=356823   pkcs11_cert_private = DISABLED
Thu May 17 13:23:35 2018 us=356823   pkcs11_cert_private = DISABLED
Thu May 17 13:23:35 2018 us=356823   pkcs11_cert_private = DISABLED
Thu May 17 13:23:35 2018 us=356823   pkcs11_cert_private = DISABLED
Thu May 17 13:23:35 2018 us=356823   pkcs11_cert_private = DISABLED
Thu May 17 13:23:35 2018 us=356823   pkcs11_cert_private = DISABLED
Thu May 17 13:23:35 2018 us=356823   pkcs11_cert_private = DISABLED
Thu May 17 13:23:35 2018 us=356823   pkcs11_cert_private = DISABLED
Thu May 17 13:23:35 2018 us=356823   pkcs11_cert_private = DISABLED
Thu May 17 13:23:35 2018 us=356823   pkcs11_cert_private = DISABLED
Thu May 17 13:23:35 2018 us=356823   pkcs11_cert_private = DISABLED
Thu May 17 13:23:35 2018 us=356823   pkcs11_cert_private = DISABLED
Thu May 17 13:23:35 2018 us=356823   pkcs11_cert_private = DISABLED
Thu May 17 13:23:35 2018 us=356823   pkcs11_cert_private = DISABLED
Thu May 17 13:23:35 2018 us=356823   pkcs11_cert_private = DISABLED
Thu May 17 13:23:35 2018 us=356823   pkcs11_cert_private = DISABLED
Thu May 17 13:23:35 2018 us=356823   pkcs11_pin_cache_period = -1
Thu May 17 13:23:35 2018 us=356823   pkcs11_id = '[UNDEF]'
Thu May 17 13:23:35 2018 us=356823   pkcs11_id_management = DISABLED
Thu May 17 13:23:35 2018 us=356823   server_network = 0.0.0.0
Thu May 17 13:23:35 2018 us=356823   server_netmask = 0.0.0.0
Thu May 17 13:23:35 2018 us=356823   server_network_ipv6 = ::
Thu May 17 13:23:35 2018 us=356823   server_netbits_ipv6 = 0
Thu May 17 13:23:35 2018 us=356823   server_bridge_ip = 0.0.0.0
Thu May 17 13:23:35 2018 us=356823   server_bridge_netmask = 0.0.0.0
Thu May 17 13:23:35 2018 us=356823   server_bridge_pool_start = 0.0.0.0
Thu May 17 13:23:35 2018 us=356823   server_bridge_pool_end = 0.0.0.0
Thu May 17 13:23:35 2018 us=356823   ifconfig_pool_defined = DISABLED
Thu May 17 13:23:35 2018 us=356823   ifconfig_pool_start = 0.0.0.0
Thu May 17 13:23:35 2018 us=356823   ifconfig_pool_end = 0.0.0.0
Thu May 17 13:23:35 2018 us=356823   ifconfig_pool_netmask = 0.0.0.0
Thu May 17 13:23:35 2018 us=356823   ifconfig_pool_persist_filename = '[UNDEF]'
Thu May 17 13:23:35 2018 us=356823   ifconfig_pool_persist_refresh_freq = 600
Thu May 17 13:23:35 2018 us=356823   ifconfig_ipv6_pool_defined = DISABLED
Thu May 17 13:23:35 2018 us=356823   ifconfig_ipv6_pool_base = ::
Thu May 17 13:23:35 2018 us=356823   ifconfig_ipv6_pool_netbits = 0
Thu May 17 13:23:35 2018 us=356823   n_bcast_buf = 256
Thu May 17 13:23:35 2018 us=356823   tcp_queue_limit = 64
Thu May 17 13:23:35 2018 us=356823   real_hash_size = 256
Thu May 17 13:23:35 2018 us=356823   virtual_hash_size = 256
Thu May 17 13:23:35 2018 us=356823   client_connect_script = '[UNDEF]'
Thu May 17 13:23:35 2018 us=356823   learn_address_script = '[UNDEF]'
Thu May 17 13:23:35 2018 us=356823   client_disconnect_script = '[UNDEF]'
Thu May 17 13:23:35 2018 us=356823   client_config_dir = '[UNDEF]'
Thu May 17 13:23:35 2018 us=356823   ccd_exclusive = DISABLED
Thu May 17 13:23:35 2018 us=356823   tmp_dir = 'C:\Users\someone\AppData\Local\Temp\'
Thu May 17 13:23:35 2018 us=356823   push_ifconfig_defined = DISABLED
Thu May 17 13:23:35 2018 us=356823   push_ifconfig_local = 0.0.0.0
Thu May 17 13:23:35 2018 us=356823   push_ifconfig_remote_netmask = 0.0.0.0
Thu May 17 13:23:35 2018 us=356823   push_ifconfig_ipv6_defined = DISABLED
Thu May 17 13:23:35 2018 us=356823   push_ifconfig_ipv6_local = ::/0
Thu May 17 13:23:35 2018 us=356823   push_ifconfig_ipv6_remote = ::
Thu May 17 13:23:35 2018 us=356823   enable_c2c = DISABLED
Thu May 17 13:23:35 2018 us=356823   duplicate_cn = DISABLED
Thu May 17 13:23:35 2018 us=356823   cf_max = 0
Thu May 17 13:23:35 2018 us=356823   cf_per = 0
Thu May 17 13:23:35 2018 us=356823   max_clients = 1024
Thu May 17 13:23:35 2018 us=356823   max_routes_per_client = 256
Thu May 17 13:23:35 2018 us=356823   auth_user_pass_verify_script = '[UNDEF]'
Thu May 17 13:23:35 2018 us=356823   auth_user_pass_verify_script_via_file = DISABLED
Thu May 17 13:23:35 2018 us=356823   auth_token_generate = DISABLED
Thu May 17 13:23:35 2018 us=356823   auth_token_lifetime = 0
Thu May 17 13:23:35 2018 us=356823   client = ENABLED
Thu May 17 13:23:35 2018 us=356823   pull = ENABLED
Thu May 17 13:23:35 2018 us=356823   auth_user_pass_file = '[UNDEF]'
Thu May 17 13:23:35 2018 us=356823   show_net_up = DISABLED
Thu May 17 13:23:35 2018 us=356823   route_method = 0
Thu May 17 13:23:35 2018 us=356823   block_outside_dns = DISABLED
Thu May 17 13:23:35 2018 us=356823   ip_win32_defined = DISABLED
Thu May 17 13:23:35 2018 us=356823   ip_win32_type = 3
Thu May 17 13:23:35 2018 us=356823   dhcp_masq_offset = 0
Thu May 17 13:23:35 2018 us=356823   dhcp_lease_time = 31536000
Thu May 17 13:23:35 2018 us=356823   tap_sleep = 0
Thu May 17 13:23:35 2018 us=356823   dhcp_options = DISABLED
Thu May 17 13:23:35 2018 us=356823   dhcp_renew = DISABLED
Thu May 17 13:23:35 2018 us=356823   dhcp_pre_release = DISABLED
Thu May 17 13:23:35 2018 us=356823   domain = '[UNDEF]'
Thu May 17 13:23:35 2018 us=356823   netbios_scope = '[UNDEF]'
Thu May 17 13:23:35 2018 us=356823   netbios_node_type = 0
Thu May 17 13:23:35 2018 us=356823   disable_nbt = DISABLED
Thu May 17 13:23:35 2018 us=356823 OpenVPN 2.4.6 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Apr 26 2018
Thu May 17 13:23:35 2018 us=356823 Windows version 6.2 (Windows 8 or greater) 64bit
Thu May 17 13:23:35 2018 us=356823 library versions: OpenSSL 1.1.0h  27 Mar 2018, LZO 2.10
Enter Management Password:
Thu May 17 13:23:35 2018 us=356823 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Thu May 17 13:23:35 2018 us=356823 Need hold release from management interface, waiting...
Thu May 17 13:23:35 2018 us=843024 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Thu May 17 13:23:35 2018 us=959025 MANAGEMENT: CMD 'state on'
Thu May 17 13:23:35 2018 us=959025 MANAGEMENT: CMD 'log all on'
Thu May 17 13:23:36 2018 us=128280 MANAGEMENT: CMD 'echo all on'
Thu May 17 13:23:36 2018 us=128280 MANAGEMENT: CMD 'bytecount 5'
Thu May 17 13:23:36 2018 us=128280 MANAGEMENT: CMD 'hold off'
Thu May 17 13:23:36 2018 us=128280 MANAGEMENT: CMD 'hold release'
Thu May 17 13:23:36 2018 us=159531 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Thu May 17 13:23:36 2018 us=159531 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Thu May 17 13:23:36 2018 us=159531 LZO compression initializing
Thu May 17 13:23:36 2018 us=159531 Control Channel MTU parms [ L:1622 D:1172 EF:78 EB:0 ET:0 EL:3 ]
Thu May 17 13:23:36 2018 us=159531 MANAGEMENT: >STATE:1526556216,RESOLVE,,,,,,
Thu May 17 13:23:36 2018 us=259859 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 ]
Thu May 17 13:23:36 2018 us=259859 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1570,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-128-CBC,auth SHA256,keysize 128,tls-auth,key-method 2,tls-client'
Thu May 17 13:23:36 2018 us=259859 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1570,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-128-CBC,auth SHA256,keysize 128,tls-auth,key-method 2,tls-server'
Thu May 17 13:23:36 2018 us=259859 TCP/UDP: Preserving recently used remote address: [AF_INET]myhome-ip-address:8802
Thu May 17 13:23:36 2018 us=259859 Socket Buffers: R=[65536->65536] S=[65536->65536]
Thu May 17 13:23:36 2018 us=259859 UDPv4 link local: (not bound)
Thu May 17 13:23:36 2018 us=259859 UDPv4 link remote: [AF_INET]myhome-ip-address:8802
Thu May 17 13:23:36 2018 us=259859 MANAGEMENT: >STATE:1526556216,WAIT,,,,,,
Thu May 17 13:23:36 2018 us=275481 MANAGEMENT: >STATE:1526556216,AUTH,,,,,,
Thu May 17 13:23:36 2018 us=275481 TLS: Initial packet from [AF_INET]myhome-ip-address:8802, sid=d78ca114 8f1767ff
Thu May 17 13:23:36 2018 us=328882 VERIFY OK: depth=1, C=NL, L=somewhere, CN=myhomeserver_CA, emailAddress=dolphs13@yahoo.com
Thu May 17 13:23:36 2018 us=328882 VERIFY KU OK
Thu May 17 13:23:36 2018 us=328882 Validating certificate extended key usage
Thu May 17 13:23:36 2018 us=328882 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Thu May 17 13:23:36 2018 us=328882 VERIFY EKU OK
Thu May 17 13:23:36 2018 us=328882 VERIFY X509NAME OK: C=NL, L=somewhere, CN=myhomeserver_SRV, emailAddress=dolphs13@yahoo.com
Thu May 17 13:23:36 2018 us=328882 VERIFY OK: depth=0, C=NL, L=somewhere, CN=myhomeserver_SRV, emailAddress=dolphs13@yahoo.com
Thu May 17 13:23:36 2018 us=375775 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Thu May 17 13:23:36 2018 us=375775 [orange_SRV] Peer Connection Initiated with [AF_INET]217.104.108.219:6002
Thu May 17 13:23:37 2018 us=410582 MANAGEMENT: >STATE:1526556217,GET_CONFIG,,,,,,
Thu May 17 13:23:37 2018 us=410582 SENT CONTROL [myhomeserver_SRV]: 'PUSH_REQUEST' (status=1)
Thu May 17 13:23:37 2018 us=417118 PUSH: Received control message: 'PUSH_REPLY,route 192.168.10.0 255.255.255.0,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,sndbuf 393216,rcvbuf 393216,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.8.0.5 255.255.255.0,peer-id 0'
Thu May 17 13:23:37 2018 us=417118 OPTIONS IMPORT: timers and/or timeouts modified
Thu May 17 13:23:37 2018 us=417118 OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
Thu May 17 13:23:37 2018 us=417118 Socket Buffers: R=[65536->393216] S=[65536->393216]
Thu May 17 13:23:37 2018 us=417118 OPTIONS IMPORT: --ifconfig/up options modified
Thu May 17 13:23:37 2018 us=417118 OPTIONS IMPORT: route options modified
Thu May 17 13:23:37 2018 us=417118 OPTIONS IMPORT: route-related options modified
Thu May 17 13:23:37 2018 us=417118 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Thu May 17 13:23:37 2018 us=417118 OPTIONS IMPORT: peer-id set
Thu May 17 13:23:37 2018 us=417118 OPTIONS IMPORT: adjusting link_mtu to 1625
Thu May 17 13:23:37 2018 us=417118 Data Channel MTU parms [ L:1573 D:1450 EF:73 EB:406 ET:0 EL:3 ]
Thu May 17 13:23:37 2018 us=417118 Outgoing Data Channel: Cipher 'AES-128-CBC' initialized with 128 bit key
Thu May 17 13:23:37 2018 us=417118 Outgoing Data Channel: Using 256 bit message hash 'SHA256' for HMAC authentication
Thu May 17 13:23:37 2018 us=417118 Incoming Data Channel: Cipher 'AES-128-CBC' initialized with 128 bit key
Thu May 17 13:23:37 2018 us=417118 Incoming Data Channel: Using 256 bit message hash 'SHA256' for HMAC authentication
Thu May 17 13:23:37 2018 us=417118 interactive service msg_channel=0
Thu May 17 13:23:37 2018 us=417118 ROUTE_GATEWAY 246.63.221.1/255.255.255.0 I=12 HWADDR=a0:48:1c:7c:b2:28
Thu May 17 13:23:37 2018 us=417118 open_tun
Thu May 17 13:23:37 2018 us=432779 TAP-WIN32 device [Ethernet 2] opened: \\.\Global\{57BEA3D2-183A-4B39-AEB1-9D0F1CB48D12}.tap
Thu May 17 13:23:37 2018 us=432779 TAP-Windows Driver Version 9.21 
Thu May 17 13:23:37 2018 us=432779 TAP-Windows MTU=1500
Thu May 17 13:23:37 2018 us=432779 Set TAP-Windows TUN subnet mode network/local/netmask = 10.8.0.0/10.8.0.5/255.255.255.0 [SUCCEEDED]
Thu May 17 13:23:37 2018 us=432779 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.8.0.5/255.255.255.0 on interface {57BEA3D2-183A-4B39-AEB1-9D0F1CB48D12} [DHCP-serv: 10.8.0.254, lease-time: 31536000]
Thu May 17 13:23:37 2018 us=432779 DHCP option string: 06085474 2e155474 2e14
Thu May 17 13:23:37 2018 us=432779 Successful ARP Flush on interface [11] {57BEA3D2-183A-4B39-AEB1-9D0F1CB48D12}
Thu May 17 13:23:37 2018 us=448377 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Thu May 17 13:23:37 2018 us=448377 MANAGEMENT: >STATE:1526556217,ASSIGN_IP,,10.8.0.5,,,,
Thu May 17 13:23:42 2018 us=481726 TEST ROUTES: 1/1 succeeded len=1 ret=1 a=0 u/d=up
Thu May 17 13:23:42 2018 us=481726 MANAGEMENT: >STATE:1526556222,ADD_ROUTES,,,,,,
Thu May 17 13:23:42 2018 us=481726 C:\WINDOWS\system32\route.exe ADD 192.168.10.0 MASK 255.255.255.0 10.8.0.1
Thu May 17 13:23:42 2018 us=481726 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=35 and dwForwardType=4
Thu May 17 13:23:42 2018 us=481726 Route addition via IPAPI succeeded [adaptive]
Thu May 17 13:23:42 2018 us=481726 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Thu May 17 13:23:42 2018 us=481726 Initialization Sequence Completed
Thu May 17 13:23:42 2018 us=481726 MANAGEMENT: >STATE:1526556222,CONNECTED,SUCCESS,10.8.0.5,217.104.108.219,6002,,
Currently using private IP ranges ( 192.168.x.y ) but since the enterprise LAN has 246.63.221.x.
What is needed to add in my server.conf to get this going ? Also these steps have been executed on my windows 10 client pc.

Looking forward to your response.
TiA!

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 4171
Joined: Fri Jun 03, 2016 1:17 pm

Re: Connect home thru phone

Post by TinCanTech » Thu May 17, 2018 12:47 pm

dolphs wrote:
Thu May 17, 2018 12:12 pm
suppose similar set up is needed as my mobile phone, but yet the ccd should have an iroute, the specific IP - eg

Code: Select all

ifconfig-push 10.8.0.5 255.255.255.0
iroute 246.63.221.149 255.255.255.0
This is an invalid route and --iroute specification .. learn about routing.
dolphs wrote:
Thu May 17, 2018 12:12 pm
Also added on my Windows PC " route add 192.168.10.0 mask 255.255.255.0 246.63.221.1 " but still route seems to be incomplete as I cannot reach any IP addresses at home …

Code: Select all

Ethernet adapter Ethernet:

Connection-specific DNS Suffix . : org.wwc.ent.nl
IPv4 Address. . . . . . . . . . . : 246.63.221.149
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 246.63.221.1
This route is successfully added to your client by openvpn:

Code: Select all

Thu May 17 13:23:42 2018 us=481726 C:\WINDOWS\system32\route.exe ADD 192.168.10.0 MASK 255.255.255.0 10.8.0.1
Thu May 17 13:23:42 2018 us=481726 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=35 and dwForwardType=4
Thu May 17 13:23:42 2018 us=481726 Route addition via IPAPI succeeded [adaptive]
dolphs wrote:
Thu May 17, 2018 12:12 pm
For convenience I added my client logs which shows I am connected to my VPN but I fail in creating a proper route atm....
Your log shows no errors ..
dolphs wrote:
Wed May 16, 2018 5:31 pm
now the "server.conf" remaining - trying to find bits and pieces together but cannot put my finger on it (yet).
Due to the nature of your questions I am going to assume you have not read the HOWTO: For OpenVPN Community Edition

You should focus here:
HOWTO: Expanding the scope of the VPN to include additional machines

dolphs
OpenVPN User
Posts: 17
Joined: Thu May 11, 2017 11:53 am

Re: Connect home thru phone

Post by dolphs » Thu May 17, 2018 1:29 pm

@TinCanTech - thanks for proper routing which gave me an enormous brain wave ;-).

After overcoming the next hurdle " Bad compression stub decompression header byte: 102" ( comp-lzo no ) connection seems to be working now!
Apparently I was also overriding the route set while starting OpenVPN client, thus no need for manually adding the gateway once OpenVPN GUI is started....

eg:

Code: Select all

C:\Users\mywin10pc>ping 192.168.10.21
Pinging 192.168.10.21 with 32 bytes of data:
Reply from 192.168.10.21: bytes=32 time=12ms TTL=63
Reply from 192.168.10.21: bytes=32 time=11ms TTL=63
Reply from 192.168.10.21: bytes=32 time=12ms TTL=63
Reply from 192.168.10.21: bytes=32 time=12ms TTL=63
thanks, now back on topic getting my mobile to work ...

Post Reply