OpenVPN Support Forum

Community Support Forum
https://forums.openvpn.net/

Split tunneling restricted to traffic from access-point

https://forums.openvpn.net/viewtopic.php?t=31236

Page 1 of 1

Split tunneling restricted to traffic from access-point

Posted: Fri Nov 06, 2020 11:47 am
by MikeS
Hi, I'm attempting split-tunelling on a Pi with an ethernet internet connection (enxb827ebba588a) running an OpenVPN client and a hostapd access-point on wlan0.

Setup
OpenVPN server: commercial VPN host, I have no access to logs or config.
OpenVPN client: OpenVPN 2.4.7 Community Edition on Raspberry Pi Model 3B+ (Raspbian Buster lite, headless, predictable naming of interfaces) - full access to logs & config.

There's an abundance of guides online to walk you through setting up an access-point on a Pi (with dnsmasq & hostapd et al) and sending all traffic through an OpenVPN tunnel.
They roughly boil down to:
  • Install and configure OpenVPN, hostapd, dnsmasq
  • set net.ipv4.ip_forward=1 in /etc/sysctl.conf
  • set up forwarding/masquerade

    Code: Select all

    iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
iptables -A FORWARD -i tun0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i wlan0 -o tun0 -j ACCEPT
  • start openvpn
  • start hostapd
  • connect to new access-point and test
As a starting-point, I have done this and it works correctly with my device connected to the access-point having full access to internet and DNS. I'll refer to this as RUN 1, see logs and settings below. At this point:
  • Device connected to the Pi's access-point is issued IP 192.168.10.35
  • Device connected to the Pi's access-point successfully runs the following with no loss of packets

    Code: Select all

    ping -C 3 192.168.10.1
ping -C 3 8.8.8.8
ping -C 3 www.yahoo.com

    and

    Code: Select all

    curl ipinfo.io
    returns the expected destination of the VPN tunnel.
So far, so good, however I also have a requirement to only send traffic from the access-point through the VPN tunnel, i.e. split-tunneling.
As I understand it, this is achieved by adding

Code: Select all

pull-filter ignore redirect-gateway
to the OpenVPN client config. I do this, reboot the Pi, start OpenVPN & hostapd - I'll refer to this as RUN 2. Now I connect a device to the Pi's access-point - it is issued 192.168.10.35 again.
  • Device connected to the Pi's access-point successfully runs

    Code: Select all

    ping -C 3 192.168.10.1
    with no loss of packets however the following both fail.

    Code: Select all

    ping -C 3 8.8.8.8
ping -C 3 www.yahoo.com
I can see that adding the pull-filter ignore redirect-gateway stops OpenVPN reconfiguring the default gateway on the Pi, presumably now that redirection needs to be replaced with something more specific that will only capture traffic from wlan0.
I've googled this for a day and not found anything that relates exactly to this situation and tried a number of experimental settings which have all failed.
I understand that I can use OpenVPN's route options to divert traffic to a destination via the tunnel, but I need to filter traffic from an interface (wlan0).
My questions are:
  • Can this split-tunneling from one interface be done?
  • Can it be done within the OpenVPN config?
  • Failing that, can it be done outside the OpenVPN config?
  • Which is more efficient?

I've seen several suggestions of setting up a bridge between wlan0 and tun0 but I'd like to avoid using a bridge unless this absolutely can't be achieved with iptables/routing/OpenVPN.
Thanks for getting this far, all help appreciated.

Further details:
OpenVPN-server conf: no access
OpenVPN-server log: no access
OpenVPN-client conf:
  • RUN 1
    client

    client
    dev tun
    proto udp
    remote ZZZ.ZZZ.ZZZ.ZZZ ZZZZZ
    resolv-retry infinite
    remote-random
    nobind
    tun-mtu 1500
    tun-mtu-extra 32
    mssfix 1450
    persist-key
    persist-tun
    ping 15
    ping-restart 0
    ping-timer-rem
    reneg-sec 0
    comp-lzo no
    remote-cert-tls server
    auth-user-pass /etc/openvpn/client/auth
    verb 4
    pull
    fast-io
    cipher AES-256-CBC
    auth SHA512
    log /home/pi/openvpn.log

    RUN 2 unchanged from RUN 1 except the addition of:
    client

    pull-filter ignore redirect-gateway
OpenVPN-client log:
  • RUN 1

    Code: Select all

    Fri Nov  6 11:10:23 2020 us=269310 Current Parameter Settings:
Fri Nov  6 11:10:23 2020 us=269566   config = 'ovpn.conf'
Fri Nov  6 11:10:23 2020 us=269621   mode = 0
Fri Nov  6 11:10:23 2020 us=269670   persist_config = DISABLED
Fri Nov  6 11:10:23 2020 us=269719   persist_mode = 1
Fri Nov  6 11:10:23 2020 us=269767   show_ciphers = DISABLED
Fri Nov  6 11:10:23 2020 us=269815   show_digests = DISABLED
Fri Nov  6 11:10:23 2020 us=269863   show_engines = DISABLED
Fri Nov  6 11:10:23 2020 us=269911   genkey = DISABLED
Fri Nov  6 11:10:23 2020 us=269958   key_pass_file = '[UNDEF]'
Fri Nov  6 11:10:23 2020 us=270006   show_tls_ciphers = DISABLED
Fri Nov  6 11:10:23 2020 us=270054   connect_retry_max = 0
Fri Nov  6 11:10:23 2020 us=270102 Connection profiles [0]:
Fri Nov  6 11:10:23 2020 us=270151   proto = udp
Fri Nov  6 11:10:23 2020 us=270199   local = '[UNDEF]'
Fri Nov  6 11:10:23 2020 us=270247   local_port = '[UNDEF]'
Fri Nov  6 11:10:23 2020 us=270294   remote = 'ZZZ.ZZZ.ZZZ.ZZZ'
Fri Nov  6 11:10:23 2020 us=270342   remote_port = 'ZZZZZ'
Fri Nov  6 11:10:23 2020 us=270389   remote_float = DISABLED
Fri Nov  6 11:10:23 2020 us=270436   bind_defined = DISABLED
Fri Nov  6 11:10:23 2020 us=270484   bind_local = DISABLED
Fri Nov  6 11:10:23 2020 us=270531   bind_ipv6_only = DISABLED
Fri Nov  6 11:10:23 2020 us=270579   connect_retry_seconds = 5
Fri Nov  6 11:10:23 2020 us=270627   connect_timeout = 120
Fri Nov  6 11:10:23 2020 us=270674   socks_proxy_server = '[UNDEF]'
Fri Nov  6 11:10:23 2020 us=270721   socks_proxy_port = '[UNDEF]'
Fri Nov  6 11:10:23 2020 us=270769   tun_mtu = 1500
Fri Nov  6 11:10:23 2020 us=270817   tun_mtu_defined = ENABLED
Fri Nov  6 11:10:23 2020 us=270864   link_mtu = 1500
Fri Nov  6 11:10:23 2020 us=270911   link_mtu_defined = DISABLED
Fri Nov  6 11:10:23 2020 us=270960   tun_mtu_extra = 32
Fri Nov  6 11:10:23 2020 us=271008   tun_mtu_extra_defined = ENABLED
Fri Nov  6 11:10:23 2020 us=271055   mtu_discover_type = -1
Fri Nov  6 11:10:23 2020 us=271103   fragment = 0
Fri Nov  6 11:10:23 2020 us=271151   mssfix = 1450
Fri Nov  6 11:10:23 2020 us=271198   explicit_exit_notification = 0
Fri Nov  6 11:10:23 2020 us=271246 Connection profiles END
Fri Nov  6 11:10:23 2020 us=271293   remote_random = ENABLED
Fri Nov  6 11:10:23 2020 us=271340   ipchange = '[UNDEF]'
Fri Nov  6 11:10:23 2020 us=271387   dev = 'tun'
Fri Nov  6 11:10:23 2020 us=271435   dev_type = '[UNDEF]'
Fri Nov  6 11:10:23 2020 us=271482   dev_node = '[UNDEF]'
Fri Nov  6 11:10:23 2020 us=271529   lladdr = '[UNDEF]'
Fri Nov  6 11:10:23 2020 us=271577   topology = 1
Fri Nov  6 11:10:23 2020 us=271624   ifconfig_local = '[UNDEF]'
Fri Nov  6 11:10:23 2020 us=271672   ifconfig_remote_netmask = '[UNDEF]'
Fri Nov  6 11:10:23 2020 us=271719   ifconfig_noexec = DISABLED
Fri Nov  6 11:10:23 2020 us=271766   ifconfig_nowarn = DISABLED
Fri Nov  6 11:10:23 2020 us=271815   ifconfig_ipv6_local = '[UNDEF]'
Fri Nov  6 11:10:23 2020 us=271863   ifconfig_ipv6_netbits = 0
Fri Nov  6 11:10:23 2020 us=271910   ifconfig_ipv6_remote = '[UNDEF]'
Fri Nov  6 11:10:23 2020 us=271958   shaper = 0
Fri Nov  6 11:10:23 2020 us=272005   mtu_test = 0
Fri Nov  6 11:10:23 2020 us=272052   mlock = DISABLED
Fri Nov  6 11:10:23 2020 us=272100   keepalive_ping = 0
Fri Nov  6 11:10:23 2020 us=272147   keepalive_timeout = 0
Fri Nov  6 11:10:23 2020 us=272195   inactivity_timeout = 0
Fri Nov  6 11:10:23 2020 us=272242   ping_send_timeout = 15
Fri Nov  6 11:10:23 2020 us=272290   ping_rec_timeout = 0
Fri Nov  6 11:10:23 2020 us=272337   ping_rec_timeout_action = 2
Fri Nov  6 11:10:23 2020 us=272384   ping_timer_remote = ENABLED
Fri Nov  6 11:10:23 2020 us=272432   remap_sigusr1 = 0
Fri Nov  6 11:10:23 2020 us=272479   persist_tun = ENABLED
Fri Nov  6 11:10:23 2020 us=272526   persist_local_ip = DISABLED
Fri Nov  6 11:10:23 2020 us=272573   persist_remote_ip = DISABLED
Fri Nov  6 11:10:23 2020 us=272620   persist_key = ENABLED
Fri Nov  6 11:10:23 2020 us=272666   passtos = DISABLED
Fri Nov  6 11:10:23 2020 us=272714   resolve_retry_seconds = 1000000000
Fri Nov  6 11:10:23 2020 us=272761   resolve_in_advance = DISABLED
Fri Nov  6 11:10:23 2020 us=272834   username = '[UNDEF]'
Fri Nov  6 11:10:23 2020 us=272882   groupname = '[UNDEF]'
Fri Nov  6 11:10:23 2020 us=272930   chroot_dir = '[UNDEF]'
Fri Nov  6 11:10:23 2020 us=272977   cd_dir = '[UNDEF]'
Fri Nov  6 11:10:23 2020 us=273024   writepid = '[UNDEF]'
Fri Nov  6 11:10:23 2020 us=273072   up_script = '[UNDEF]'
Fri Nov  6 11:10:23 2020 us=273119   down_script = '[UNDEF]'
Fri Nov  6 11:10:23 2020 us=273165   down_pre = DISABLED
Fri Nov  6 11:10:23 2020 us=273212   up_restart = DISABLED
Fri Nov  6 11:10:23 2020 us=273259   up_delay = DISABLED
Fri Nov  6 11:10:23 2020 us=273306   daemon = DISABLED
Fri Nov  6 11:10:23 2020 us=273353   inetd = 0
Fri Nov  6 11:10:23 2020 us=273400   log = ENABLED
Fri Nov  6 11:10:23 2020 us=273448   suppress_timestamps = DISABLED
Fri Nov  6 11:10:23 2020 us=273495   machine_readable_output = DISABLED
Fri Nov  6 11:10:23 2020 us=273542   nice = 0
Fri Nov  6 11:10:23 2020 us=273589   verbosity = 4
Fri Nov  6 11:10:23 2020 us=273637   mute = 0
Fri Nov  6 11:10:23 2020 us=273684   gremlin = 0
Fri Nov  6 11:10:23 2020 us=273731   status_file = '[UNDEF]'
Fri Nov  6 11:10:23 2020 us=273779   status_file_version = 1
Fri Nov  6 11:10:23 2020 us=273826   status_file_update_freq = 60
Fri Nov  6 11:10:23 2020 us=273873   occ = ENABLED
Fri Nov  6 11:10:23 2020 us=273920   rcvbuf = 0
Fri Nov  6 11:10:23 2020 us=273968   sndbuf = 0
Fri Nov  6 11:10:23 2020 us=274015   mark = 0
Fri Nov  6 11:10:23 2020 us=274062   sockflags = 0
Fri Nov  6 11:10:23 2020 us=274109   fast_io = ENABLED
Fri Nov  6 11:10:23 2020 us=274156   comp.alg = 1
Fri Nov  6 11:10:23 2020 us=274203   comp.flags = 0
Fri Nov  6 11:10:23 2020 us=274257   route_script = '[UNDEF]'
Fri Nov  6 11:10:23 2020 us=274306   route_default_gateway = '[UNDEF]'
Fri Nov  6 11:10:23 2020 us=274355   route_default_metric = 0
Fri Nov  6 11:10:23 2020 us=274403   route_noexec = DISABLED
Fri Nov  6 11:10:23 2020 us=274451   route_delay = 0
Fri Nov  6 11:10:23 2020 us=274499   route_delay_window = 30
Fri Nov  6 11:10:23 2020 us=274547   route_delay_defined = DISABLED
Fri Nov  6 11:10:23 2020 us=274595   route_nopull = DISABLED
Fri Nov  6 11:10:23 2020 us=274642   route_gateway_via_dhcp = DISABLED
Fri Nov  6 11:10:23 2020 us=274690   allow_pull_fqdn = DISABLED
Fri Nov  6 11:10:23 2020 us=274738   management_addr = '[UNDEF]'
Fri Nov  6 11:10:23 2020 us=274786   management_port = '[UNDEF]'
Fri Nov  6 11:10:23 2020 us=274834   management_user_pass = '[UNDEF]'
Fri Nov  6 11:10:23 2020 us=274883   management_log_history_cache = 250
Fri Nov  6 11:10:23 2020 us=274931   management_echo_buffer_size = 100
Fri Nov  6 11:10:23 2020 us=274980   management_write_peer_info_file = '[UNDEF]'
Fri Nov  6 11:10:23 2020 us=275028   management_client_user = '[UNDEF]'
Fri Nov  6 11:10:23 2020 us=275076   management_client_group = '[UNDEF]'
Fri Nov  6 11:10:23 2020 us=275124   management_flags = 0
Fri Nov  6 11:10:23 2020 us=275173   shared_secret_file = '[UNDEF]'
Fri Nov  6 11:10:23 2020 us=275222   key_direction = 1
Fri Nov  6 11:10:23 2020 us=275270   ciphername = 'AES-256-CBC'
Fri Nov  6 11:10:23 2020 us=275318   ncp_enabled = ENABLED
Fri Nov  6 11:10:23 2020 us=275367   ncp_ciphers = 'AES-256-GCM:AES-128-GCM'
Fri Nov  6 11:10:23 2020 us=275415   authname = 'SHA512'
Fri Nov  6 11:10:23 2020 us=275462   prng_hash = 'SHA1'
Fri Nov  6 11:10:23 2020 us=275511   prng_nonce_secret_len = 16
Fri Nov  6 11:10:23 2020 us=275560   keysize = 0
Fri Nov  6 11:10:23 2020 us=275607   engine = DISABLED
Fri Nov  6 11:10:23 2020 us=275655   replay = ENABLED
Fri Nov  6 11:10:23 2020 us=275704   mute_replay_warnings = DISABLED
Fri Nov  6 11:10:23 2020 us=275751   replay_window = 64
Fri Nov  6 11:10:23 2020 us=275799   replay_time = 15
Fri Nov  6 11:10:23 2020 us=275847   packet_id_file = '[UNDEF]'
Fri Nov  6 11:10:23 2020 us=275895   use_iv = ENABLED
Fri Nov  6 11:10:23 2020 us=275943   test_crypto = DISABLED
Fri Nov  6 11:10:23 2020 us=275991   tls_server = DISABLED
Fri Nov  6 11:10:23 2020 us=276039   tls_client = ENABLED
Fri Nov  6 11:10:23 2020 us=276087   key_method = 2
Fri Nov  6 11:10:23 2020 us=276158   ca_file = '[[INLINE]]'
Fri Nov  6 11:10:23 2020 us=276207   ca_path = '[UNDEF]'
Fri Nov  6 11:10:23 2020 us=276255   dh_file = '[UNDEF]'
Fri Nov  6 11:10:23 2020 us=276303   cert_file = '[UNDEF]'
Fri Nov  6 11:10:23 2020 us=276351   extra_certs_file = '[UNDEF]'
Fri Nov  6 11:10:23 2020 us=276399   priv_key_file = '[UNDEF]'
Fri Nov  6 11:10:23 2020 us=276448   pkcs12_file = '[UNDEF]'
Fri Nov  6 11:10:23 2020 us=276496   cipher_list = '[UNDEF]'
Fri Nov  6 11:10:23 2020 us=276543   cipher_list_tls13 = '[UNDEF]'
Fri Nov  6 11:10:23 2020 us=276591   tls_cert_profile = '[UNDEF]'
Fri Nov  6 11:10:23 2020 us=276639   tls_verify = '[UNDEF]'
Fri Nov  6 11:10:23 2020 us=276687   tls_export_cert = '[UNDEF]'
Fri Nov  6 11:10:23 2020 us=276736   verify_x509_type = 0
Fri Nov  6 11:10:23 2020 us=276784   verify_x509_name = '[UNDEF]'
Fri Nov  6 11:10:23 2020 us=276833   crl_file = '[UNDEF]'
Fri Nov  6 11:10:23 2020 us=276881   ns_cert_type = 0
Fri Nov  6 11:10:23 2020 us=276929   remote_cert_ku[i] = 65535
Fri Nov  6 11:10:23 2020 us=276977   remote_cert_ku[i] = 0
Fri Nov  6 11:10:23 2020 us=277025   remote_cert_ku[i] = 0
Fri Nov  6 11:10:23 2020 us=277073   remote_cert_ku[i] = 0
Fri Nov  6 11:10:23 2020 us=277120   remote_cert_ku[i] = 0
Fri Nov  6 11:10:23 2020 us=277168   remote_cert_ku[i] = 0
Fri Nov  6 11:10:23 2020 us=277216   remote_cert_ku[i] = 0
Fri Nov  6 11:10:23 2020 us=277265   remote_cert_ku[i] = 0
Fri Nov  6 11:10:23 2020 us=277313   remote_cert_ku[i] = 0
Fri Nov  6 11:10:23 2020 us=277361   remote_cert_ku[i] = 0
Fri Nov  6 11:10:23 2020 us=277451   remote_cert_ku[i] = 0
Fri Nov  6 11:10:23 2020 us=277509   remote_cert_ku[i] = 0
Fri Nov  6 11:10:23 2020 us=277557   remote_cert_ku[i] = 0
Fri Nov  6 11:10:23 2020 us=277605   remote_cert_ku[i] = 0
Fri Nov  6 11:10:23 2020 us=277653   remote_cert_ku[i] = 0
Fri Nov  6 11:10:23 2020 us=277701   remote_cert_ku[i] = 0
Fri Nov  6 11:10:23 2020 us=277750   remote_cert_eku = 'TLS Web Server Authentication'
Fri Nov  6 11:10:23 2020 us=277799   ssl_flags = 0
Fri Nov  6 11:10:23 2020 us=277848   tls_timeout = 2
Fri Nov  6 11:10:23 2020 us=277896   renegotiate_bytes = -1
Fri Nov  6 11:10:23 2020 us=277944   renegotiate_packets = 0
Fri Nov  6 11:10:23 2020 us=277992   renegotiate_seconds = 0
Fri Nov  6 11:10:23 2020 us=278039   handshake_window = 60
Fri Nov  6 11:10:23 2020 us=278087   transition_window = 3600
Fri Nov  6 11:10:23 2020 us=278135   single_session = DISABLED
Fri Nov  6 11:10:23 2020 us=278182   push_peer_info = DISABLED
Fri Nov  6 11:10:23 2020 us=278230   tls_exit = DISABLED
Fri Nov  6 11:10:23 2020 us=278278   tls_auth_file = '[[INLINE]]'
Fri Nov  6 11:10:23 2020 us=278326   tls_crypt_file = '[UNDEF]'
Fri Nov  6 11:10:23 2020 us=278374   pkcs11_protected_authentication = DISABLED
Fri Nov  6 11:10:23 2020 us=278422   pkcs11_protected_authentication = DISABLED
Fri Nov  6 11:10:23 2020 us=278469   pkcs11_protected_authentication = DISABLED
Fri Nov  6 11:10:23 2020 us=278517   pkcs11_protected_authentication = DISABLED
Fri Nov  6 11:10:23 2020 us=278565   pkcs11_protected_authentication = DISABLED
Fri Nov  6 11:10:23 2020 us=278613   pkcs11_protected_authentication = DISABLED
Fri Nov  6 11:10:23 2020 us=278661   pkcs11_protected_authentication = DISABLED
Fri Nov  6 11:10:23 2020 us=278710   pkcs11_protected_authentication = DISABLED
Fri Nov  6 11:10:23 2020 us=278758   pkcs11_protected_authentication = DISABLED
Fri Nov  6 11:10:23 2020 us=278806   pkcs11_protected_authentication = DISABLED
Fri Nov  6 11:10:23 2020 us=278854   pkcs11_protected_authentication = DISABLED
Fri Nov  6 11:10:23 2020 us=278902   pkcs11_protected_authentication = DISABLED
Fri Nov  6 11:10:23 2020 us=278950   pkcs11_protected_authentication = DISABLED
Fri Nov  6 11:10:23 2020 us=278998   pkcs11_protected_authentication = DISABLED
Fri Nov  6 11:10:23 2020 us=279046   pkcs11_protected_authentication = DISABLED
Fri Nov  6 11:10:23 2020 us=279094   pkcs11_protected_authentication = DISABLED
Fri Nov  6 11:10:23 2020 us=279144   pkcs11_private_mode = 00000000
Fri Nov  6 11:10:23 2020 us=279217   pkcs11_private_mode = 00000000
Fri Nov  6 11:10:23 2020 us=279266   pkcs11_private_mode = 00000000
Fri Nov  6 11:10:23 2020 us=279315   pkcs11_private_mode = 00000000
Fri Nov  6 11:10:23 2020 us=279365   pkcs11_private_mode = 00000000
Fri Nov  6 11:10:23 2020 us=279414   pkcs11_private_mode = 00000000
Fri Nov  6 11:10:23 2020 us=279462   pkcs11_private_mode = 00000000
Fri Nov  6 11:10:23 2020 us=279511   pkcs11_private_mode = 00000000
Fri Nov  6 11:10:23 2020 us=279560   pkcs11_private_mode = 00000000
Fri Nov  6 11:10:23 2020 us=279608   pkcs11_private_mode = 00000000
Fri Nov  6 11:10:23 2020 us=279656   pkcs11_private_mode = 00000000
Fri Nov  6 11:10:23 2020 us=279704   pkcs11_private_mode = 00000000
Fri Nov  6 11:10:23 2020 us=279752   pkcs11_private_mode = 00000000
Fri Nov  6 11:10:23 2020 us=279801   pkcs11_private_mode = 00000000
Fri Nov  6 11:10:23 2020 us=279850   pkcs11_private_mode = 00000000
Fri Nov  6 11:10:23 2020 us=279899   pkcs11_private_mode = 00000000
Fri Nov  6 11:10:23 2020 us=279946   pkcs11_cert_private = DISABLED
Fri Nov  6 11:10:23 2020 us=279994   pkcs11_cert_private = DISABLED
Fri Nov  6 11:10:23 2020 us=280042   pkcs11_cert_private = DISABLED
Fri Nov  6 11:10:23 2020 us=280090   pkcs11_cert_private = DISABLED
Fri Nov  6 11:10:23 2020 us=280138   pkcs11_cert_private = DISABLED
Fri Nov  6 11:10:23 2020 us=280185   pkcs11_cert_private = DISABLED
Fri Nov  6 11:10:23 2020 us=280234   pkcs11_cert_private = DISABLED
Fri Nov  6 11:10:23 2020 us=280281   pkcs11_cert_private = DISABLED
Fri Nov  6 11:10:23 2020 us=280329   pkcs11_cert_private = DISABLED
Fri Nov  6 11:10:23 2020 us=280377   pkcs11_cert_private = DISABLED
Fri Nov  6 11:10:23 2020 us=280425   pkcs11_cert_private = DISABLED
Fri Nov  6 11:10:23 2020 us=280473   pkcs11_cert_private = DISABLED
Fri Nov  6 11:10:23 2020 us=280521   pkcs11_cert_private = DISABLED
Fri Nov  6 11:10:23 2020 us=280569   pkcs11_cert_private = DISABLED
Fri Nov  6 11:10:23 2020 us=280617   pkcs11_cert_private = DISABLED
Fri Nov  6 11:10:23 2020 us=280664   pkcs11_cert_private = DISABLED
Fri Nov  6 11:10:23 2020 us=280713   pkcs11_pin_cache_period = -1
Fri Nov  6 11:10:23 2020 us=280760   pkcs11_id = '[UNDEF]'
Fri Nov  6 11:10:23 2020 us=280808   pkcs11_id_management = DISABLED
Fri Nov  6 11:10:23 2020 us=280862   server_network = 0.0.0.0
Fri Nov  6 11:10:23 2020 us=280914   server_netmask = 0.0.0.0
Fri Nov  6 11:10:23 2020 us=281000   server_network_ipv6 = ::
Fri Nov  6 11:10:23 2020 us=281051   server_netbits_ipv6 = 0
Fri Nov  6 11:10:23 2020 us=281103   server_bridge_ip = 0.0.0.0
Fri Nov  6 11:10:23 2020 us=281155   server_bridge_netmask = 0.0.0.0
Fri Nov  6 11:10:23 2020 us=281208   server_bridge_pool_start = 0.0.0.0
Fri Nov  6 11:10:23 2020 us=281260   server_bridge_pool_end = 0.0.0.0
Fri Nov  6 11:10:23 2020 us=281308   ifconfig_pool_defined = DISABLED
Fri Nov  6 11:10:23 2020 us=281361   ifconfig_pool_start = 0.0.0.0
Fri Nov  6 11:10:23 2020 us=281413   ifconfig_pool_end = 0.0.0.0
Fri Nov  6 11:10:23 2020 us=281465   ifconfig_pool_netmask = 0.0.0.0
Fri Nov  6 11:10:23 2020 us=281513   ifconfig_pool_persist_filename = '[UNDEF]'
Fri Nov  6 11:10:23 2020 us=281562   ifconfig_pool_persist_refresh_freq = 600
Fri Nov  6 11:10:23 2020 us=281611   ifconfig_ipv6_pool_defined = DISABLED
Fri Nov  6 11:10:23 2020 us=281661   ifconfig_ipv6_pool_base = ::
Fri Nov  6 11:10:23 2020 us=281710   ifconfig_ipv6_pool_netbits = 0
Fri Nov  6 11:10:23 2020 us=281758   n_bcast_buf = 256
Fri Nov  6 11:10:23 2020 us=281807   tcp_queue_limit = 64
Fri Nov  6 11:10:23 2020 us=281855   real_hash_size = 256
Fri Nov  6 11:10:23 2020 us=281903   virtual_hash_size = 256
Fri Nov  6 11:10:23 2020 us=281950   client_connect_script = '[UNDEF]'
Fri Nov  6 11:10:23 2020 us=281998   learn_address_script = '[UNDEF]'
Fri Nov  6 11:10:23 2020 us=282046   client_disconnect_script = '[UNDEF]'
Fri Nov  6 11:10:23 2020 us=282095   client_config_dir = '[UNDEF]'
Fri Nov  6 11:10:23 2020 us=282143   ccd_exclusive = DISABLED
Fri Nov  6 11:10:23 2020 us=282190   tmp_dir = '/tmp'
Fri Nov  6 11:10:23 2020 us=282262   push_ifconfig_defined = DISABLED
Fri Nov  6 11:10:23 2020 us=282315   push_ifconfig_local = 0.0.0.0
Fri Nov  6 11:10:23 2020 us=282368   push_ifconfig_remote_netmask = 0.0.0.0
Fri Nov  6 11:10:23 2020 us=282416   push_ifconfig_ipv6_defined = DISABLED
Fri Nov  6 11:10:23 2020 us=282468   push_ifconfig_ipv6_local = ::/0
Fri Nov  6 11:10:23 2020 us=282519   push_ifconfig_ipv6_remote = ::
Fri Nov  6 11:10:23 2020 us=282568   enable_c2c = DISABLED
Fri Nov  6 11:10:23 2020 us=282615   duplicate_cn = DISABLED
Fri Nov  6 11:10:23 2020 us=282663   cf_max = 0
Fri Nov  6 11:10:23 2020 us=282712   cf_per = 0
Fri Nov  6 11:10:23 2020 us=282760   max_clients = 1024
Fri Nov  6 11:10:23 2020 us=282808   max_routes_per_client = 256
Fri Nov  6 11:10:23 2020 us=282857   auth_user_pass_verify_script = '[UNDEF]'
Fri Nov  6 11:10:23 2020 us=282905   auth_user_pass_verify_script_via_file = DISABLED
Fri Nov  6 11:10:23 2020 us=282954   auth_token_generate = DISABLED
Fri Nov  6 11:10:23 2020 us=283001   auth_token_lifetime = 0
Fri Nov  6 11:10:23 2020 us=283049   port_share_host = '[UNDEF]'
Fri Nov  6 11:10:23 2020 us=283098   port_share_port = '[UNDEF]'
Fri Nov  6 11:10:23 2020 us=283145   client = ENABLED
Fri Nov  6 11:10:23 2020 us=283193   pull = ENABLED
Fri Nov  6 11:10:23 2020 us=283242   auth_user_pass_file = '/etc/openvpn/client/auth'
Fri Nov  6 11:10:23 2020 us=283295 OpenVPN 2.4.7 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 20 2019
Fri Nov  6 11:10:23 2020 us=283377 library versions: OpenSSL 1.1.1d  10 Sep 2019, LZO 2.10
Fri Nov  6 11:10:23 2020 us=285330 WARNING: --ping should normally be used with --ping-restart or --ping-exit
Fri Nov  6 11:10:23 2020 us=296425 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Fri Nov  6 11:10:23 2020 us=296557 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Fri Nov  6 11:10:23 2020 us=298687 Control Channel MTU parms [ L:1654 D:1140 EF:110 EB:0 ET:0 EL:3 ]
Fri Nov  6 11:10:23 2020 us=298867 Data Channel MTU parms [ L:1654 D:1450 EF:122 EB:411 ET:32 EL:3 ]
Fri Nov  6 11:10:23 2020 us=299008 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1634,tun-mtu 1532,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-client'
Fri Nov  6 11:10:23 2020 us=299059 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1634,tun-mtu 1532,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-server'
Fri Nov  6 11:10:23 2020 us=299123 TCP/UDP: Preserving recently used remote address: [AF_INET]178.239.172.91:1194
Fri Nov  6 11:10:23 2020 us=299218 Socket Buffers: R=[180224->180224] S=[180224->180224]
Fri Nov  6 11:10:23 2020 us=299268 UDP link local: (not bound)
Fri Nov  6 11:10:23 2020 us=299320 UDP link remote: [AF_INET]178.239.172.91:1194
Fri Nov  6 11:10:23 2020 us=331499 TLS: Initial packet from [AF_INET]178.239.172.91:1194, sid=2772c026 95e9c6e7
Fri Nov  6 11:10:23 2020 us=331935 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Fri Nov  6 11:10:23 2020 us=409187 VERIFY OK: depth=2, C=PA, O=ZZZZZZZZ, CN=ZZZZZZZZ Root CA
Fri Nov  6 11:10:23 2020 us=412022 VERIFY OK: depth=1, C=PA, O=ZZZZZZZZ, CN=ZZZZZZZZ CA5
Fri Nov  6 11:10:23 2020 us=414782 VERIFY KU OK
Fri Nov  6 11:10:23 2020 us=414854 Validating certificate extended key usage
Fri Nov  6 11:10:23 2020 us=414912 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Fri Nov  6 11:10:23 2020 us=414965 VERIFY EKU OK
Fri Nov  6 11:10:23 2020 us=415016 VERIFY OK: depth=0, CN=ZZZ
Fri Nov  6 11:10:23 2020 us=506378 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 4096 bit RSA
Fri Nov  6 11:10:23 2020 us=506618 [uk2155.nordvpn.com] Peer Connection Initiated with [AF_INET]ZZZ.ZZZ.ZZZ.ZZZ:ZZZZZ
Fri Nov  6 11:10:24 2020 us=530846 SENT CONTROL [ZZZ]: 'PUSH_REQUEST' (status=1)
Fri Nov  6 11:10:24 2020 us=562774 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS ZZZ.ZZZ.ZZZ.ZZZ,dhcp-option DNS 103.86.99.100,sndbuf 524288,rcvbuf 524288,explicit-exit-notify,comp-lzo no,route-gateway 10.8.3.1,topology subnet,ping 60,ping-restart 180,ifconfig 10.8.3.6 255.255.255.0,peer-id 5,cipher AES-256-GCM'
Fri Nov  6 11:10:24 2020 us=563278 OPTIONS IMPORT: timers and/or timeouts modified
Fri Nov  6 11:10:24 2020 us=563361 OPTIONS IMPORT: explicit notify parm(s) modified
Fri Nov  6 11:10:24 2020 us=563432 OPTIONS IMPORT: compression parms modified
Fri Nov  6 11:10:24 2020 us=563502 OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
Fri Nov  6 11:10:24 2020 us=563600 Socket Buffers: R=[180224->360448] S=[180224->360448]
Fri Nov  6 11:10:24 2020 us=563668 OPTIONS IMPORT: --ifconfig/up options modified
Fri Nov  6 11:10:24 2020 us=563734 OPTIONS IMPORT: route options modified
Fri Nov  6 11:10:24 2020 us=563802 OPTIONS IMPORT: route-related options modified
Fri Nov  6 11:10:24 2020 us=563868 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Fri Nov  6 11:10:24 2020 us=563933 OPTIONS IMPORT: peer-id set
Fri Nov  6 11:10:24 2020 us=564001 OPTIONS IMPORT: adjusting link_mtu to 1657
Fri Nov  6 11:10:24 2020 us=564066 OPTIONS IMPORT: data channel crypto options modified
Fri Nov  6 11:10:24 2020 us=564142 Data Channel: using negotiated cipher 'AES-256-GCM'
Fri Nov  6 11:10:24 2020 us=564256 Data Channel MTU parms [ L:1585 D:1450 EF:53 EB:411 ET:32 EL:3 ]
Fri Nov  6 11:10:24 2020 us=564961 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Fri Nov  6 11:10:24 2020 us=565059 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Fri Nov  6 11:10:24 2020 us=565683 ROUTE_GATEWAY 10.0.0.1/255.255.255.0 IFACE=enxb827ebba588a HWADDR=b8:27:eb:ba:58:8a
Fri Nov  6 11:10:24 2020 us=594707 TUN/TAP device tun0 opened
Fri Nov  6 11:10:24 2020 us=595332 TUN/TAP TX queue length set to 100
Fri Nov  6 11:10:24 2020 us=595582 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Fri Nov  6 11:10:24 2020 us=595743 /sbin/ip link set dev tun0 up mtu 1500
Fri Nov  6 11:10:24 2020 us=608900 /sbin/ip addr add dev tun0 10.8.3.6/24 broadcast 10.8.3.255
Fri Nov  6 11:10:24 2020 us=621031 /sbin/ip route add 178.239.172.91/32 via 10.0.0.1
Fri Nov  6 11:10:24 2020 us=631721 /sbin/ip route add 0.0.0.0/1 via 10.8.3.1
Fri Nov  6 11:10:24 2020 us=638902 /sbin/ip route add 128.0.0.0/1 via 10.8.3.1
Fri Nov  6 11:10:24 2020 us=645804 Initialization Sequence Completed
    RUN 2:

    Code: Select all

    Fri Nov  6 10:46:43 2020 us=677833 Current Parameter Settings:
Fri Nov  6 10:46:43 2020 us=678069   config = 'ovpn.conf'
Fri Nov  6 10:46:43 2020 us=678119   mode = 0
Fri Nov  6 10:46:43 2020 us=678164   persist_config = DISABLED
Fri Nov  6 10:46:43 2020 us=678207   persist_mode = 1
Fri Nov  6 10:46:43 2020 us=678251   show_ciphers = DISABLED
Fri Nov  6 10:46:43 2020 us=678295   show_digests = DISABLED
Fri Nov  6 10:46:43 2020 us=678338   show_engines = DISABLED
Fri Nov  6 10:46:43 2020 us=678380   genkey = DISABLED
Fri Nov  6 10:46:43 2020 us=678423   key_pass_file = '[UNDEF]'
Fri Nov  6 10:46:43 2020 us=678466   show_tls_ciphers = DISABLED
Fri Nov  6 10:46:43 2020 us=678508   connect_retry_max = 0
Fri Nov  6 10:46:43 2020 us=678552 Connection profiles [0]:
Fri Nov  6 10:46:43 2020 us=678598   proto = udp
Fri Nov  6 10:46:43 2020 us=678641   local = '[UNDEF]'
Fri Nov  6 10:46:43 2020 us=678684   local_port = '[UNDEF]'
Fri Nov  6 10:46:43 2020 us=678727   remote = 'ZZZ.ZZZ.ZZZ.ZZZ'
Fri Nov  6 10:46:43 2020 us=678770   remote_port = 'ZZZZZ'
Fri Nov  6 10:46:43 2020 us=678812   remote_float = DISABLED
Fri Nov  6 10:46:43 2020 us=678855   bind_defined = DISABLED
Fri Nov  6 10:46:43 2020 us=678897   bind_local = DISABLED
Fri Nov  6 10:46:43 2020 us=678940   bind_ipv6_only = DISABLED
Fri Nov  6 10:46:43 2020 us=678984   connect_retry_seconds = 5
Fri Nov  6 10:46:43 2020 us=679026   connect_timeout = 120
Fri Nov  6 10:46:43 2020 us=679069   socks_proxy_server = '[UNDEF]'
Fri Nov  6 10:46:43 2020 us=679111   socks_proxy_port = '[UNDEF]'
Fri Nov  6 10:46:43 2020 us=679154   tun_mtu = 1500
Fri Nov  6 10:46:43 2020 us=679198   tun_mtu_defined = ENABLED
Fri Nov  6 10:46:43 2020 us=679241   link_mtu = 1500
Fri Nov  6 10:46:43 2020 us=679284   link_mtu_defined = DISABLED
Fri Nov  6 10:46:43 2020 us=679327   tun_mtu_extra = 32
Fri Nov  6 10:46:43 2020 us=679370   tun_mtu_extra_defined = ENABLED
Fri Nov  6 10:46:43 2020 us=679413   mtu_discover_type = -1
Fri Nov  6 10:46:43 2020 us=679455   fragment = 0
Fri Nov  6 10:46:43 2020 us=679498   mssfix = 1450
Fri Nov  6 10:46:43 2020 us=679541   explicit_exit_notification = 0
Fri Nov  6 10:46:43 2020 us=679584 Connection profiles END
Fri Nov  6 10:46:43 2020 us=679626   remote_random = ENABLED
Fri Nov  6 10:46:43 2020 us=679668   ipchange = '[UNDEF]'
Fri Nov  6 10:46:43 2020 us=679709   dev = 'tun'
Fri Nov  6 10:46:43 2020 us=679752   dev_type = '[UNDEF]'
Fri Nov  6 10:46:43 2020 us=679794   dev_node = '[UNDEF]'
Fri Nov  6 10:46:43 2020 us=679836   lladdr = '[UNDEF]'
Fri Nov  6 10:46:43 2020 us=679878   topology = 1
Fri Nov  6 10:46:43 2020 us=679920   ifconfig_local = '[UNDEF]'
Fri Nov  6 10:46:43 2020 us=679963   ifconfig_remote_netmask = '[UNDEF]'
Fri Nov  6 10:46:43 2020 us=680005   ifconfig_noexec = DISABLED
Fri Nov  6 10:46:43 2020 us=680047   ifconfig_nowarn = DISABLED
Fri Nov  6 10:46:43 2020 us=680090   ifconfig_ipv6_local = '[UNDEF]'
Fri Nov  6 10:46:43 2020 us=680132   ifconfig_ipv6_netbits = 0
Fri Nov  6 10:46:43 2020 us=680175   ifconfig_ipv6_remote = '[UNDEF]'
Fri Nov  6 10:46:43 2020 us=680217   shaper = 0
Fri Nov  6 10:46:43 2020 us=680259   mtu_test = 0
Fri Nov  6 10:46:43 2020 us=680301   mlock = DISABLED
Fri Nov  6 10:46:43 2020 us=680344   keepalive_ping = 0
Fri Nov  6 10:46:43 2020 us=680387   keepalive_timeout = 0
Fri Nov  6 10:46:43 2020 us=680429   inactivity_timeout = 0
Fri Nov  6 10:46:43 2020 us=680472   ping_send_timeout = 15
Fri Nov  6 10:46:43 2020 us=680514   ping_rec_timeout = 0
Fri Nov  6 10:46:43 2020 us=680557   ping_rec_timeout_action = 2
Fri Nov  6 10:46:43 2020 us=680599   ping_timer_remote = ENABLED
Fri Nov  6 10:46:43 2020 us=680642   remap_sigusr1 = 0
Fri Nov  6 10:46:43 2020 us=680685   persist_tun = ENABLED
Fri Nov  6 10:46:43 2020 us=680727   persist_local_ip = DISABLED
Fri Nov  6 10:46:43 2020 us=680770   persist_remote_ip = DISABLED
Fri Nov  6 10:46:43 2020 us=680812   persist_key = ENABLED
Fri Nov  6 10:46:43 2020 us=680854   passtos = DISABLED
Fri Nov  6 10:46:43 2020 us=680897   resolve_retry_seconds = 1000000000
Fri Nov  6 10:46:43 2020 us=680939   resolve_in_advance = DISABLED
Fri Nov  6 10:46:43 2020 us=681018   username = '[UNDEF]'
Fri Nov  6 10:46:43 2020 us=681062   groupname = '[UNDEF]'
Fri Nov  6 10:46:43 2020 us=681105   chroot_dir = '[UNDEF]'
Fri Nov  6 10:46:43 2020 us=681147   cd_dir = '[UNDEF]'
Fri Nov  6 10:46:43 2020 us=681189   writepid = '[UNDEF]'
Fri Nov  6 10:46:43 2020 us=681231   up_script = '[UNDEF]'
Fri Nov  6 10:46:43 2020 us=681274   down_script = '[UNDEF]'
Fri Nov  6 10:46:43 2020 us=681316   down_pre = DISABLED
Fri Nov  6 10:46:43 2020 us=681358   up_restart = DISABLED
Fri Nov  6 10:46:43 2020 us=681400   up_delay = DISABLED
Fri Nov  6 10:46:43 2020 us=681443   daemon = DISABLED
Fri Nov  6 10:46:43 2020 us=681485   inetd = 0
Fri Nov  6 10:46:43 2020 us=681528   log = ENABLED
Fri Nov  6 10:46:43 2020 us=681570   suppress_timestamps = DISABLED
Fri Nov  6 10:46:43 2020 us=681613   machine_readable_output = DISABLED
Fri Nov  6 10:46:43 2020 us=681655   nice = 0
Fri Nov  6 10:46:43 2020 us=681698   verbosity = 4
Fri Nov  6 10:46:43 2020 us=681740   mute = 0
Fri Nov  6 10:46:43 2020 us=681782   gremlin = 0
Fri Nov  6 10:46:43 2020 us=681825   status_file = '[UNDEF]'
Fri Nov  6 10:46:43 2020 us=681868   status_file_version = 1
Fri Nov  6 10:46:43 2020 us=681910   status_file_update_freq = 60
Fri Nov  6 10:46:43 2020 us=681952   occ = ENABLED
Fri Nov  6 10:46:43 2020 us=681995   rcvbuf = 0
Fri Nov  6 10:46:43 2020 us=682037   sndbuf = 0
Fri Nov  6 10:46:43 2020 us=682080   mark = 0
Fri Nov  6 10:46:43 2020 us=682129   sockflags = 0
Fri Nov  6 10:46:43 2020 us=682172   fast_io = ENABLED
Fri Nov  6 10:46:43 2020 us=682215   comp.alg = 1
Fri Nov  6 10:46:43 2020 us=682258   comp.flags = 0
Fri Nov  6 10:46:43 2020 us=682300   route_script = '[UNDEF]'
Fri Nov  6 10:46:43 2020 us=682343   route_default_gateway = '[UNDEF]'
Fri Nov  6 10:46:43 2020 us=682386   route_default_metric = 0
Fri Nov  6 10:46:43 2020 us=682430   route_noexec = DISABLED
Fri Nov  6 10:46:43 2020 us=682472   route_delay = 0
Fri Nov  6 10:46:43 2020 us=682516   route_delay_window = 30
Fri Nov  6 10:46:43 2020 us=682559   route_delay_defined = DISABLED
Fri Nov  6 10:46:43 2020 us=682602   route_nopull = DISABLED
Fri Nov  6 10:46:43 2020 us=682645   route_gateway_via_dhcp = DISABLED
Fri Nov  6 10:46:43 2020 us=682688   allow_pull_fqdn = DISABLED
Fri Nov  6 10:46:43 2020 us=682731   Pull filters:
Fri Nov  6 10:46:43 2020 us=682775     ignore "redirect-gateway"
Fri Nov  6 10:46:43 2020 us=682819   management_addr = '[UNDEF]'
Fri Nov  6 10:46:43 2020 us=682862   management_port = '[UNDEF]'
Fri Nov  6 10:46:43 2020 us=682906   management_user_pass = '[UNDEF]'
Fri Nov  6 10:46:43 2020 us=682949   management_log_history_cache = 250
Fri Nov  6 10:46:43 2020 us=682992   management_echo_buffer_size = 100
Fri Nov  6 10:46:43 2020 us=683036   management_write_peer_info_file = '[UNDEF]'
Fri Nov  6 10:46:43 2020 us=683080   management_client_user = '[UNDEF]'
Fri Nov  6 10:46:43 2020 us=683123   management_client_group = '[UNDEF]'
Fri Nov  6 10:46:43 2020 us=683167   management_flags = 0
Fri Nov  6 10:46:43 2020 us=683210   shared_secret_file = '[UNDEF]'
Fri Nov  6 10:46:43 2020 us=683254   key_direction = 1
Fri Nov  6 10:46:43 2020 us=683297   ciphername = 'AES-256-CBC'
Fri Nov  6 10:46:43 2020 us=683340   ncp_enabled = ENABLED
Fri Nov  6 10:46:43 2020 us=683384   ncp_ciphers = 'AES-256-GCM:AES-128-GCM'
Fri Nov  6 10:46:43 2020 us=683428   authname = 'SHA512'
Fri Nov  6 10:46:43 2020 us=683471   prng_hash = 'SHA1'
Fri Nov  6 10:46:43 2020 us=683514   prng_nonce_secret_len = 16
Fri Nov  6 10:46:43 2020 us=683557   keysize = 0
Fri Nov  6 10:46:43 2020 us=683600   engine = DISABLED
Fri Nov  6 10:46:43 2020 us=683643   replay = ENABLED
Fri Nov  6 10:46:43 2020 us=683686   mute_replay_warnings = DISABLED
Fri Nov  6 10:46:43 2020 us=683729   replay_window = 64
Fri Nov  6 10:46:43 2020 us=683772   replay_time = 15
Fri Nov  6 10:46:43 2020 us=683816   packet_id_file = '[UNDEF]'
Fri Nov  6 10:46:43 2020 us=683859   use_iv = ENABLED
Fri Nov  6 10:46:43 2020 us=683902   test_crypto = DISABLED
Fri Nov  6 10:46:43 2020 us=683944   tls_server = DISABLED
Fri Nov  6 10:46:43 2020 us=684007   tls_client = ENABLED
Fri Nov  6 10:46:43 2020 us=684051   key_method = 2
Fri Nov  6 10:46:43 2020 us=684095   ca_file = '[[INLINE]]'
Fri Nov  6 10:46:43 2020 us=684181   ca_path = '[UNDEF]'
Fri Nov  6 10:46:43 2020 us=684226   dh_file = '[UNDEF]'
Fri Nov  6 10:46:43 2020 us=684269   cert_file = '[UNDEF]'
Fri Nov  6 10:46:43 2020 us=684313   extra_certs_file = '[UNDEF]'
Fri Nov  6 10:46:43 2020 us=684356   priv_key_file = '[UNDEF]'
Fri Nov  6 10:46:43 2020 us=684399   pkcs12_file = '[UNDEF]'
Fri Nov  6 10:46:43 2020 us=684442   cipher_list = '[UNDEF]'
Fri Nov  6 10:46:43 2020 us=684485   cipher_list_tls13 = '[UNDEF]'
Fri Nov  6 10:46:43 2020 us=684528   tls_cert_profile = '[UNDEF]'
Fri Nov  6 10:46:43 2020 us=684571   tls_verify = '[UNDEF]'
Fri Nov  6 10:46:43 2020 us=684614   tls_export_cert = '[UNDEF]'
Fri Nov  6 10:46:43 2020 us=684657   verify_x509_type = 0
Fri Nov  6 10:46:43 2020 us=684701   verify_x509_name = '[UNDEF]'
Fri Nov  6 10:46:43 2020 us=684744   crl_file = '[UNDEF]'
Fri Nov  6 10:46:43 2020 us=684786   ns_cert_type = 0
Fri Nov  6 10:46:43 2020 us=684830   remote_cert_ku[i] = 65535
Fri Nov  6 10:46:43 2020 us=684873   remote_cert_ku[i] = 0
Fri Nov  6 10:46:43 2020 us=684916   remote_cert_ku[i] = 0
Fri Nov  6 10:46:43 2020 us=684959   remote_cert_ku[i] = 0
Fri Nov  6 10:46:43 2020 us=685001   remote_cert_ku[i] = 0
Fri Nov  6 10:46:43 2020 us=685044   remote_cert_ku[i] = 0
Fri Nov  6 10:46:43 2020 us=685087   remote_cert_ku[i] = 0
Fri Nov  6 10:46:43 2020 us=685130   remote_cert_ku[i] = 0
Fri Nov  6 10:46:43 2020 us=685174   remote_cert_ku[i] = 0
Fri Nov  6 10:46:43 2020 us=685217   remote_cert_ku[i] = 0
Fri Nov  6 10:46:43 2020 us=685260   remote_cert_ku[i] = 0
Fri Nov  6 10:46:43 2020 us=685303   remote_cert_ku[i] = 0
Fri Nov  6 10:46:43 2020 us=685345   remote_cert_ku[i] = 0
Fri Nov  6 10:46:43 2020 us=685389   remote_cert_ku[i] = 0
Fri Nov  6 10:46:43 2020 us=685431   remote_cert_ku[i] = 0
Fri Nov  6 10:46:43 2020 us=685474   remote_cert_ku[i] = 0
Fri Nov  6 10:46:43 2020 us=685518   remote_cert_eku = 'TLS Web Server Authentication'
Fri Nov  6 10:46:43 2020 us=685561   ssl_flags = 0
Fri Nov  6 10:46:43 2020 us=685605   tls_timeout = 2
Fri Nov  6 10:46:43 2020 us=685648   renegotiate_bytes = -1
Fri Nov  6 10:46:43 2020 us=685691   renegotiate_packets = 0
Fri Nov  6 10:46:43 2020 us=685734   renegotiate_seconds = 0
Fri Nov  6 10:46:43 2020 us=685776   handshake_window = 60
Fri Nov  6 10:46:43 2020 us=685819   transition_window = 3600
Fri Nov  6 10:46:43 2020 us=685862   single_session = DISABLED
Fri Nov  6 10:46:43 2020 us=685906   push_peer_info = DISABLED
Fri Nov  6 10:46:43 2020 us=685949   tls_exit = DISABLED
Fri Nov  6 10:46:43 2020 us=685993   tls_auth_file = '[[INLINE]]'
Fri Nov  6 10:46:43 2020 us=686036   tls_crypt_file = '[UNDEF]'
Fri Nov  6 10:46:43 2020 us=686079   pkcs11_protected_authentication = DISABLED
Fri Nov  6 10:46:43 2020 us=686123   pkcs11_protected_authentication = DISABLED
Fri Nov  6 10:46:43 2020 us=686166   pkcs11_protected_authentication = DISABLED
Fri Nov  6 10:46:43 2020 us=686209   pkcs11_protected_authentication = DISABLED
Fri Nov  6 10:46:43 2020 us=686252   pkcs11_protected_authentication = DISABLED
Fri Nov  6 10:46:43 2020 us=686296   pkcs11_protected_authentication = DISABLED
Fri Nov  6 10:46:43 2020 us=686339   pkcs11_protected_authentication = DISABLED
Fri Nov  6 10:46:43 2020 us=686383   pkcs11_protected_authentication = DISABLED
Fri Nov  6 10:46:43 2020 us=686426   pkcs11_protected_authentication = DISABLED
Fri Nov  6 10:46:43 2020 us=686470   pkcs11_protected_authentication = DISABLED
Fri Nov  6 10:46:43 2020 us=686513   pkcs11_protected_authentication = DISABLED
Fri Nov  6 10:46:43 2020 us=686557   pkcs11_protected_authentication = DISABLED
Fri Nov  6 10:46:43 2020 us=686600   pkcs11_protected_authentication = DISABLED
Fri Nov  6 10:46:43 2020 us=686644   pkcs11_protected_authentication = DISABLED
Fri Nov  6 10:46:43 2020 us=686688   pkcs11_protected_authentication = DISABLED
Fri Nov  6 10:46:43 2020 us=686731   pkcs11_protected_authentication = DISABLED
Fri Nov  6 10:46:43 2020 us=686797   pkcs11_private_mode = 00000000
Fri Nov  6 10:46:43 2020 us=686841   pkcs11_private_mode = 00000000
Fri Nov  6 10:46:43 2020 us=686885   pkcs11_private_mode = 00000000
Fri Nov  6 10:46:43 2020 us=686929   pkcs11_private_mode = 00000000
Fri Nov  6 10:46:43 2020 us=686973   pkcs11_private_mode = 00000000
Fri Nov  6 10:46:43 2020 us=687016   pkcs11_private_mode = 00000000
Fri Nov  6 10:46:43 2020 us=687060   pkcs11_private_mode = 00000000
Fri Nov  6 10:46:43 2020 us=687103   pkcs11_private_mode = 00000000
Fri Nov  6 10:46:43 2020 us=687147   pkcs11_private_mode = 00000000
Fri Nov  6 10:46:43 2020 us=687190   pkcs11_private_mode = 00000000
Fri Nov  6 10:46:43 2020 us=687234   pkcs11_private_mode = 00000000
Fri Nov  6 10:46:43 2020 us=687277   pkcs11_private_mode = 00000000
Fri Nov  6 10:46:43 2020 us=687320   pkcs11_private_mode = 00000000
Fri Nov  6 10:46:43 2020 us=687364   pkcs11_private_mode = 00000000
Fri Nov  6 10:46:43 2020 us=687407   pkcs11_private_mode = 00000000
Fri Nov  6 10:46:43 2020 us=687451   pkcs11_private_mode = 00000000
Fri Nov  6 10:46:43 2020 us=687494   pkcs11_cert_private = DISABLED
Fri Nov  6 10:46:43 2020 us=687537   pkcs11_cert_private = DISABLED
Fri Nov  6 10:46:43 2020 us=687580   pkcs11_cert_private = DISABLED
Fri Nov  6 10:46:43 2020 us=687623   pkcs11_cert_private = DISABLED
Fri Nov  6 10:46:43 2020 us=687666   pkcs11_cert_private = DISABLED
Fri Nov  6 10:46:43 2020 us=687709   pkcs11_cert_private = DISABLED
Fri Nov  6 10:46:43 2020 us=687752   pkcs11_cert_private = DISABLED
Fri Nov  6 10:46:43 2020 us=687795   pkcs11_cert_private = DISABLED
Fri Nov  6 10:46:43 2020 us=687837   pkcs11_cert_private = DISABLED
Fri Nov  6 10:46:43 2020 us=687880   pkcs11_cert_private = DISABLED
Fri Nov  6 10:46:43 2020 us=687923   pkcs11_cert_private = DISABLED
Fri Nov  6 10:46:43 2020 us=687965   pkcs11_cert_private = DISABLED
Fri Nov  6 10:46:43 2020 us=688008   pkcs11_cert_private = DISABLED
Fri Nov  6 10:46:43 2020 us=688052   pkcs11_cert_private = DISABLED
Fri Nov  6 10:46:43 2020 us=688094   pkcs11_cert_private = DISABLED
Fri Nov  6 10:46:43 2020 us=688137   pkcs11_cert_private = DISABLED
Fri Nov  6 10:46:43 2020 us=688180   pkcs11_pin_cache_period = -1
Fri Nov  6 10:46:43 2020 us=688223   pkcs11_id = '[UNDEF]'
Fri Nov  6 10:46:43 2020 us=688266   pkcs11_id_management = DISABLED
Fri Nov  6 10:46:43 2020 us=688314   server_network = 0.0.0.0
Fri Nov  6 10:46:43 2020 us=688360   server_netmask = 0.0.0.0
Fri Nov  6 10:46:43 2020 us=688435   server_network_ipv6 = ::
Fri Nov  6 10:46:43 2020 us=688481   server_netbits_ipv6 = 0
Fri Nov  6 10:46:43 2020 us=688528   server_bridge_ip = 0.0.0.0
Fri Nov  6 10:46:43 2020 us=688575   server_bridge_netmask = 0.0.0.0
Fri Nov  6 10:46:43 2020 us=688622   server_bridge_pool_start = 0.0.0.0
Fri Nov  6 10:46:43 2020 us=688669   server_bridge_pool_end = 0.0.0.0
Fri Nov  6 10:46:43 2020 us=688712   ifconfig_pool_defined = DISABLED
Fri Nov  6 10:46:43 2020 us=688759   ifconfig_pool_start = 0.0.0.0
Fri Nov  6 10:46:43 2020 us=688806   ifconfig_pool_end = 0.0.0.0
Fri Nov  6 10:46:43 2020 us=688853   ifconfig_pool_netmask = 0.0.0.0
Fri Nov  6 10:46:43 2020 us=688896   ifconfig_pool_persist_filename = '[UNDEF]'
Fri Nov  6 10:46:43 2020 us=688940   ifconfig_pool_persist_refresh_freq = 600
Fri Nov  6 10:46:43 2020 us=688984   ifconfig_ipv6_pool_defined = DISABLED
Fri Nov  6 10:46:43 2020 us=689029   ifconfig_ipv6_pool_base = ::
Fri Nov  6 10:46:43 2020 us=689073   ifconfig_ipv6_pool_netbits = 0
Fri Nov  6 10:46:43 2020 us=689117   n_bcast_buf = 256
Fri Nov  6 10:46:43 2020 us=689160   tcp_queue_limit = 64
Fri Nov  6 10:46:43 2020 us=689204   real_hash_size = 256
Fri Nov  6 10:46:43 2020 us=689248   virtual_hash_size = 256
Fri Nov  6 10:46:43 2020 us=689291   client_connect_script = '[UNDEF]'
Fri Nov  6 10:46:43 2020 us=689335   learn_address_script = '[UNDEF]'
Fri Nov  6 10:46:43 2020 us=689378   client_disconnect_script = '[UNDEF]'
Fri Nov  6 10:46:43 2020 us=689422   client_config_dir = '[UNDEF]'
Fri Nov  6 10:46:43 2020 us=689495   ccd_exclusive = DISABLED
Fri Nov  6 10:46:43 2020 us=689540   tmp_dir = '/tmp'
Fri Nov  6 10:46:43 2020 us=689584   push_ifconfig_defined = DISABLED
Fri Nov  6 10:46:43 2020 us=689631   push_ifconfig_local = 0.0.0.0
Fri Nov  6 10:46:43 2020 us=689686   push_ifconfig_remote_netmask = 0.0.0.0
Fri Nov  6 10:46:43 2020 us=689730   push_ifconfig_ipv6_defined = DISABLED
Fri Nov  6 10:46:43 2020 us=689777   push_ifconfig_ipv6_local = ::/0
Fri Nov  6 10:46:43 2020 us=689823   push_ifconfig_ipv6_remote = ::
Fri Nov  6 10:46:43 2020 us=689867   enable_c2c = DISABLED
Fri Nov  6 10:46:43 2020 us=689910   duplicate_cn = DISABLED
Fri Nov  6 10:46:43 2020 us=689953   cf_max = 0
Fri Nov  6 10:46:43 2020 us=689997   cf_per = 0
Fri Nov  6 10:46:43 2020 us=690039   max_clients = 1024
Fri Nov  6 10:46:43 2020 us=690083   max_routes_per_client = 256
Fri Nov  6 10:46:43 2020 us=690127   auth_user_pass_verify_script = '[UNDEF]'
Fri Nov  6 10:46:43 2020 us=690177   auth_user_pass_verify_script_via_file = DISABLED
Fri Nov  6 10:46:43 2020 us=690222   auth_token_generate = DISABLED
Fri Nov  6 10:46:43 2020 us=690265   auth_token_lifetime = 0
Fri Nov  6 10:46:43 2020 us=690307   port_share_host = '[UNDEF]'
Fri Nov  6 10:46:43 2020 us=690350   port_share_port = '[UNDEF]'
Fri Nov  6 10:46:43 2020 us=690393   client = ENABLED
Fri Nov  6 10:46:43 2020 us=690436   pull = ENABLED
Fri Nov  6 10:46:43 2020 us=690480   auth_user_pass_file = '/etc/openvpn/client/auth'
Fri Nov  6 10:46:43 2020 us=690528 OpenVPN 2.4.7 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 20 2019
Fri Nov  6 10:46:43 2020 us=690593 library versions: OpenSSL 1.1.1d  10 Sep 2019, LZO 2.10
Fri Nov  6 10:46:43 2020 us=692310 WARNING: --ping should normally be used with --ping-restart or --ping-exit
Fri Nov  6 10:46:43 2020 us=702482 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Fri Nov  6 10:46:43 2020 us=702616 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Fri Nov  6 10:46:43 2020 us=704477 Control Channel MTU parms [ L:1654 D:1140 EF:110 EB:0 ET:0 EL:3 ]
Fri Nov  6 10:46:43 2020 us=704614 Data Channel MTU parms [ L:1654 D:1450 EF:122 EB:411 ET:32 EL:3 ]
Fri Nov  6 10:46:43 2020 us=704739 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1634,tun-mtu 1532,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-client'
Fri Nov  6 10:46:43 2020 us=704784 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1634,tun-mtu 1532,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-server'
Fri Nov  6 10:46:43 2020 us=704844 TCP/UDP: Preserving recently used remote address: [AF_INET]ZZZ.ZZZ.ZZZ.ZZZ:ZZZZZ
Fri Nov  6 10:46:43 2020 us=704936 Socket Buffers: R=[180224->180224] S=[180224->180224]
Fri Nov  6 10:46:43 2020 us=704981 UDP link local: (not bound)
Fri Nov  6 10:46:43 2020 us=705029 UDP link remote: [AF_INET]ZZZ.ZZZ.ZZZ.ZZZ:ZZZZZ
Fri Nov  6 10:46:43 2020 us=737235 TLS: Initial packet from [AF_INET]ZZZ.ZZZ.ZZZ.ZZZ:ZZZZZ, sid=350a78a7 0dcfcd9e
Fri Nov  6 10:46:43 2020 us=737682 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Fri Nov  6 10:46:43 2020 us=808432 VERIFY OK: depth=2, C=PA, O=ZZZZZZZZ, CN=ZZZZZZZZ Root CA
Fri Nov  6 10:46:43 2020 us=810962 VERIFY OK: depth=1, C=PA, O=ZZZZZZZZ, CN=ZZZZZZZZ CA5
Fri Nov  6 10:46:43 2020 us=813418 VERIFY KU OK
Fri Nov  6 10:46:43 2020 us=813483 Validating certificate extended key usage
Fri Nov  6 10:46:43 2020 us=813534 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Fri Nov  6 10:46:43 2020 us=813581 VERIFY EKU OK
Fri Nov  6 10:46:43 2020 us=813626 VERIFY OK: depth=0, CN=ZZZZZ
Fri Nov  6 10:46:43 2020 us=903370 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 4096 bit RSA
Fri Nov  6 10:46:43 2020 us=903619 [ZZZZZ] Peer Connection Initiated with [AF_INET]ZZZ.ZZZ.ZZZ.ZZZ:ZZZZZ
Fri Nov  6 10:46:45 2020 us=13054 SENT CONTROL [ZZZZZ]: 'PUSH_REQUEST' (status=1)
Fri Nov  6 10:46:45 2020 us=44770 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS ZZZ.ZZZ.ZZZ.ZZZ,dhcp-option DNS ZZZ.ZZZ.ZZZ.ZZZ,sndbuf 524288,rcvbuf 524288,explicit-exit-notify,comp-lzo no,route-gateway 10.8.3.1,topology subnet,ping 60,ping-restart 180,ifconfig 10.8.3.6 255.255.255.0,peer-id 1,cipher AES-256-GCM'
Fri Nov  6 10:46:45 2020 us=44926 Pushed option removed by filter: 'redirect-gateway def1'
Fri Nov  6 10:46:45 2020 us=45344 OPTIONS IMPORT: timers and/or timeouts modified
Fri Nov  6 10:46:45 2020 us=45423 OPTIONS IMPORT: explicit notify parm(s) modified
Fri Nov  6 10:46:45 2020 us=45492 OPTIONS IMPORT: compression parms modified
Fri Nov  6 10:46:45 2020 us=45561 OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
Fri Nov  6 10:46:45 2020 us=45659 Socket Buffers: R=[180224->360448] S=[180224->360448]
Fri Nov  6 10:46:45 2020 us=45727 OPTIONS IMPORT: --ifconfig/up options modified
Fri Nov  6 10:46:45 2020 us=45794 OPTIONS IMPORT: route-related options modified
Fri Nov  6 10:46:45 2020 us=45860 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Fri Nov  6 10:46:45 2020 us=45928 OPTIONS IMPORT: peer-id set
Fri Nov  6 10:46:45 2020 us=45995 OPTIONS IMPORT: adjusting link_mtu to 1657
Fri Nov  6 10:46:45 2020 us=46061 OPTIONS IMPORT: data channel crypto options modified
Fri Nov  6 10:46:45 2020 us=46134 Data Channel: using negotiated cipher 'AES-256-GCM'
Fri Nov  6 10:46:45 2020 us=46248 Data Channel MTU parms [ L:1585 D:1450 EF:53 EB:411 ET:32 EL:3 ]
Fri Nov  6 10:46:45 2020 us=46960 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Fri Nov  6 10:46:45 2020 us=47055 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Fri Nov  6 10:46:45 2020 us=79646 TUN/TAP device tun0 opened
Fri Nov  6 10:46:45 2020 us=80086 TUN/TAP TX queue length set to 100
Fri Nov  6 10:46:45 2020 us=80247 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Fri Nov  6 10:46:45 2020 us=80382 /sbin/ip link set dev tun0 up mtu 1500
Fri Nov  6 10:46:45 2020 us=92955 /sbin/ip addr add dev tun0 10.8.3.6/24 broadcast 10.8.3.255
Fri Nov  6 10:46:45 2020 us=105180 Initialization Sequence Completed
dnsmasq.conf
  • RUN 1:

    Code: Select all

    interface=wlan0
dhcp-range=192.168.10.10,192.168.10.50,255.255.255.0,24h
    RUN 2 unchanged from RUN 1
ifconfig:
  • RUN 1

    Code: Select all

    enxb827ebba588a: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.0.0.30  netmask 255.255.255.0  broadcast 10.0.0.255
        inet6 fe80::f64e:59d5:5521:3542  prefixlen 64  scopeid 0x20<link>
        ether b8:27:eb:ba:58:8a  txqueuelen 1000  (Ethernet)
        RX packets 1118  bytes 247946 (242.1 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 908  bytes 152871 (149.2 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 4  bytes 444 (444.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 4  bytes 444 (444.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1500
        inet 10.8.3.6  netmask 255.255.255.0  destination 10.8.3.6
        inet6 fe80::2244:785b:480d:8063  prefixlen 64  scopeid 0x20<link>
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 100  (UNSPEC)
        RX packets 440  bytes 134842 (131.6 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 510  bytes 76465 (74.6 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

wlan0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.10.1  netmask 255.255.255.0  broadcast 192.168.10.255
        inet6 fe80::cc4b:220:9306:7b4c  prefixlen 64  scopeid 0x20<link>
        ether b8:27:eb:ef:0d:df  txqueuelen 1000  (Ethernet)
        RX packets 562  bytes 90935 (88.8 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 480  bytes 156890 (153.2 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
    RUN 2

    Code: Select all

    enxb827ebba588a: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.0.0.30  netmask 255.255.255.0  broadcast 10.0.0.255
        inet6 fe80::f64e:59d5:5521:3542  prefixlen 64  scopeid 0x20<link>
        ether b8:27:eb:ba:58:8a  txqueuelen 1000  (Ethernet)
        RX packets 975  bytes 120652 (117.8 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 747  bytes 65145 (63.6 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 4  bytes 444 (444.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 4  bytes 444 (444.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1500
        inet 10.8.3.6  netmask 255.255.255.0  destination 10.8.3.6
        inet6 fe80::c54a:2de9:5684:d6b3  prefixlen 64  scopeid 0x20<link>
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 100  (UNSPEC)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 5  bytes 240 (240.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

wlan0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.10.1  netmask 255.255.255.0  broadcast 192.168.10.255
        inet6 fe80::cc4b:220:9306:7b4c  prefixlen 64  scopeid 0x20<link>
        ether b8:27:eb:ef:0d:df  txqueuelen 1000  (Ethernet)
        RX packets 326  bytes 33640 (32.8 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 62  bytes 7410 (7.2 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
route -n
  • RUN 1

    Code: Select all

    Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.8.3.1        128.0.0.0       UG    0      0        0 tun0
0.0.0.0         10.0.0.1        0.0.0.0         UG    202    0        0 enxb827ebba588a
0.0.0.0         192.168.10.1    0.0.0.0         UG    303    0        0 wlan0
10.0.0.0        0.0.0.0         255.255.255.0   U     202    0        0 enxb827ebba588a
10.8.3.0        0.0.0.0         255.255.255.0   U     0      0        0 tun0
128.0.0.0       10.8.3.1        128.0.0.0       UG    0      0        0 tun0
178.239.172.91  10.0.0.1        255.255.255.255 UGH   0      0        0 enxb827ebba588a
192.168.10.0    0.0.0.0         255.255.255.0   U     303    0        0 wlan0
    RUN 2

    Code: Select all

    Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.0.0.1        0.0.0.0         UG    202    0        0 enxb827ebba588a
0.0.0.0         192.168.10.1    0.0.0.0         UG    303    0        0 wlan0
10.0.0.0        0.0.0.0         255.255.255.0   U     202    0        0 enxb827ebba588a
10.8.3.0        0.0.0.0         255.255.255.0   U     0      0        0 tun0
192.168.10.0    0.0.0.0         255.255.255.0   U     303    0        0 wlan0
ip route show
  • RUN 1

    Code: Select all

    0.0.0.0/1 via 10.8.3.1 dev tun0
default via 10.0.0.1 dev enxb827ebba588a proto dhcp src 10.0.0.30 metric 202
default via 192.168.10.1 dev wlan0 src 192.168.10.1 metric 303
10.0.0.0/24 dev enxb827ebba588a proto dhcp scope link src 10.0.0.30 metric 202
10.8.3.0/24 dev tun0 proto kernel scope link src 10.8.3.6
128.0.0.0/1 via 10.8.3.1 dev tun0
178.239.172.91 via 10.0.0.1 dev enxb827ebba588a
192.168.10.0/24 dev wlan0 proto dhcp scope link src 192.168.10.1 metric 303
    RUN 2

    Code: Select all

    default via 10.0.0.1 dev enxb827ebba588a proto dhcp src 10.0.0.30 metric 202
default via 192.168.10.1 dev wlan0 src 192.168.10.1 metric 303
10.0.0.0/24 dev enxb827ebba588a proto dhcp scope link src 10.0.0.30 metric 202
10.8.3.0/24 dev tun0 proto kernel scope link src 10.8.3.6
192.168.10.0/24 dev wlan0 proto dhcp scope link src 192.168.10.1 metric 303
iptables -L -n
  • RUN 1

    Code: Select all

    Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
    RUN 2: unchanged from RUN 1
iptables -t nat -L -n
  • RUN 1:

    Code: Select all

    Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
MASQUERADE  all  --  0.0.0.0/0            0.0.0.0/0

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
    RUN 2: unchanged from RUN 1

Re: Split tunneling restricted to traffic from access-point

Posted: Fri Nov 06, 2020 3:32 pm
by TinCanTech
MikeS wrote:
Fri Nov 06, 2020 11:47 am
 I also have a requirement to only send traffic from the access-point through the VPN tunnel, i.e. split-tunneling.
This is not a "split tunnel" this is a network partition.

Openvpn has no configuration options for your requirements, it is all down to networking.
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/