Ok.
My server config and my client logs are given below.
I'm using OpenVPN Connect 3.3.3 on Windows 11 for the client. Please note that I have the DNS cache (the DNS client service) disabled on the client machine.
Code: Select all
[Jan 20, 2022, 19:58:35] OpenVPN core 3.git::d3f8b18b win x86_64 64-bit built on Nov 12 2021 10:45:12
⏎[Jan 20, 2022, 19:58:35] Frame=512/2048/512 mssfix-ctrl=1250
⏎[Jan 20, 2022, 19:58:35] UNUSED OPTIONS
1 [persist-tun]
2 [persist-key]
3 [data-ciphers] [AES-256-GCM:AES-128-GCM:AES-128-CBC:AES-256-CBC]
4 [data-ciphers-fallback] [AES-128-CBC]
6 [tls-client]
8 [resolv-retry] [infinite]
13 [explicit-exit-notify]
⏎[Jan 20, 2022, 19:58:35] EVENT: RESOLVE ⏎[Jan 20, 2022, 19:58:35] Contacting <ROUTER_PUBLIC_IP>:1194 via UDP
⏎[Jan 20, 2022, 19:58:35] EVENT: WAIT ⏎[Jan 20, 2022, 19:58:35] WinCommandAgent: transmitting bypass route to <ROUTER_PUBLIC_IP>
{
"host" : "<ROUTER_PUBLIC_IP>",
"ipv6" : false
}
⏎[Jan 20, 2022, 19:58:35] Connecting to [<ROUTER_PUBLIC_IP>]:1194 (<ROUTER_PUBLIC_IP>) via UDPv4
⏎[Jan 20, 2022, 19:58:35] EVENT: CONNECTING ⏎[Jan 20, 2022, 19:58:35] Tunnel Options:V4,dev-type tun,link-mtu 1541,tun-mtu 1500,proto UDPv4,keydir 1,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client
⏎[Jan 20, 2022, 19:58:35] Creds: Username/Password
⏎[Jan 20, 2022, 19:58:35] Peer Info:
IV_VER=3.git::d3f8b18b
IV_PLAT=win
IV_NCP=2
IV_TCPNL=1
IV_PROTO=30
IV_CIPHERS=AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:BF-CBC
IV_GUI_VER=OCWindows_3.3.3-2562
IV_SSO=webauth,openurl,crtext
IV_BS64DL=1
⏎[Jan 20, 2022, 19:58:36] SSL Handshake: peer certificate: CN=router.pl.acme.com, 2048 bit RSA, cipher: TLS_AES_256_GCM_SHA384 TLSv1.3 Kx=any Au=any Enc=AESGCM(256) Mac=AEAD
⏎[Jan 20, 2022, 19:58:36] Session is ACTIVE
⏎[Jan 20, 2022, 19:58:36] EVENT: WARN TLS: received certificate signed with SHA1. Please inform your admin to upgrade to a stronger algorithm. Support for SHA1 signatures will be dropped in the future⏎[Jan 20, 2022, 19:58:36] EVENT: GET_CONFIG ⏎[Jan 20, 2022, 19:58:36] Sending PUSH_REQUEST to server...
⏎[Jan 20, 2022, 19:58:36] Options continuation...
⏎[Jan 20, 2022, 19:58:36] Options continuation...
⏎[Jan 20, 2022, 19:58:36] OPTIONS:
0 [route] [10.0.0.0] [255.255.0.0]
1 [route] [10.1.0.0] [255.255.0.0]
2 [route] [10.10.0.0] [255.255.255.0]
....
<ROUTES_PUSHED_REDACTED>
....
49 [dhcp-option] [DOMAIN] [pl.acme.com]
50 [dhcp-option] [DNS] [10.1.0.1]
51 [dhcp-option] [NTP] [10.1.0.1]
52 [route] [172.16.122.1]
53 [topology] [net30]
54 [ping] [10]
55 [ping-restart] [60]
56 [push-continuation] [2]
57 [ifconfig] [172.16.122.42] [172.16.122.41]
58 [peer-id] [9]
59 [cipher] [AES-256-GCM]
60 [push-continuation] [1]
⏎[Jan 20, 2022, 19:58:36] PROTOCOL OPTIONS:
cipher: AES-256-GCM
digest: NONE
key-derivation: OpenVPN PRF
compress: NONE
peer ID: 9
control channel: tls-auth enabled
⏎[Jan 20, 2022, 19:58:36] EVENT: ASSIGN_IP ⏎[Jan 20, 2022, 19:58:36] Unknown pushed DHCP option: [dhcp-option] [NTP] [10.1.0.1]
⏎[Jan 20, 2022, 19:58:36] CAPTURED OPTIONS:
Session Name: <ROUTER_PUBLIC_IP>
Layer: OSI_LAYER_3
Remote Address: <ROUTER_PUBLIC_IP>
Tunnel Addresses:
172.16.122.42/30 -> 172.16.122.41 [net30]
Reroute Gateway: IPv4=0 IPv6=0 flags=[ IPv4 ]
Block IPv6: no
Add Routes:
10.0.0.0/16
10.1.0.0/16
10.10.0.0/24
....
ROUTES_REDACTED>
....
172.16.122.1/32
Exclude Routes:
DNS Servers:
10.1.0.1
Search Domains:
pl.acme.com
⏎[Jan 20, 2022, 19:58:37] SetupClient: transmitting tun setup list to \\.\pipe\agent_ovpnconnect
{
"allow_local_dns_resolvers" : false,
"confirm_event" : "4c12000000000000",
"destroy_event" : "6c0d000000000000",
"tun" :
{
"adapter_domain_suffix" : "",
"add_routes" :
[
{
"address" : "10.0.0.0",
"gateway" : "",
"ipv6" : false,
"metric" : -1,
"net30" : false,
"prefix_length" : 16
},
{
"address" : "10.1.0.0",
"gateway" : "",
"ipv6" : false,
"metric" : -1,
"net30" : false,
"prefix_length" : 16
},
{
"address" : "10.10.0.0",
"gateway" : "",
"ipv6" : false,
"metric" : -1,
"net30" : false,
"prefix_length" : 24
},
....
<ADDRESES_REDACTED>
....
],
"block_ipv6" : false,
"dns_servers" :
[
{
"address" : "10.1.0.1",
"ipv6" : false
}
],
"layer" : 3,
"mtu" : 0,
"remote_address" :
{
"address" : "<ROUTER_PUBLIC_IP>",
"ipv6" : false
},
"reroute_gw" :
{
"flags" : 256,
"ipv4" : false,
"ipv6" : false
},
"route_metric_default" : -1,
"search_domains" :
[
{
"domain" : "pl.acme.com"
}
],
"session_name" : "<ROUTER_PUBLIC_IP>",
"tunnel_address_index_ipv4" : 0,
"tunnel_address_index_ipv6" : -1,
"tunnel_addresses" :
[
{
"address" : "172.16.122.42",
"gateway" : "172.16.122.41",
"ipv6" : false,
"metric" : -1,
"net30" : true,
"prefix_length" : 30
}
]
},
"wintun" : false
}
POST np://[\\.\pipe\agent_ovpnconnect]/tun-setup : 200 OK
TAP ADAPTERS:
guid='{92153C18-52CC-4B8D-B54E-A3738D97B3C6}' index=24 name='Local Area Connection'
Open TAP device "Local Area Connection" PATH="\\.\Global\{92153C18-52CC-4B8D-B54E-A3738D97B3C6}.tap" SUCCEEDED
TAP-Windows Driver Version 9.24
ActionDeleteAllRoutesOnInterface iface_index=24
netsh interface ip set interface 24 metric=1
Ok.
netsh interface ip set address 24 static 172.16.122.42 255.255.255.252 gateway=172.16.122.41 store=active
IPHelper: add route 10.0.0.0/16 24 172.16.122.41 metric=-1
IPHelper: add route 10.1.0.0/16 24 172.16.122.41 metric=-1
IPHelper: add route 10.10.0.0/24 24 172.16.122.41 metric=-1
IPHelper: <REDACTED>
IPHelper: <REDACTED>
IPHelper: <REDACTED>
IPHelper: <REDACTED>
cannot modify route: error 5010
IPHelper: <REDACTED>
IPHelper: <REDACTED>
IPHelper: <REDACTED>
IPHelper: <REDACTED>
IPHelper: <REDACTED>
IPHelper: <REDACTED>
IPHelper: <REDACTED>
IPHelper: <REDACTED>
IPHelper: <REDACTED>
IPHelper: <REDACTED>
IPHelper: <REDACTED>
IPHelper: <REDACTED>
IPHelper: <REDACTED>
IPHelper: <REDACTED>
IPHelper: <REDACTED>
IPHelper: <REDACTED>
IPHelper: <REDACTED>
IPHelper: <REDACTED>
IPHelper: <REDACTED>
IPHelper: <REDACTED>
IPHelper: <REDACTED>
IPHelper: <REDACTED>
IPHelper: <REDACTED>
cannot modify route: error 5010
IPHelper: <REDACTED>
IPHelper: <REDACTED>
IPHelper: <REDACTED>
IPHelper: <REDACTED>
IPHelper: <REDACTED>
IPHelper: <REDACTED>
IPHelper: <REDACTED>
IPHelper: <REDACTED>
IPHelper: <REDACTED>
IPHelper: <REDACTED>
IPHelper: <REDACTED>
IPHelper: <REDACTED>
IPHelper: <REDACTED>
IPHelper: <REDACTED>
IPHelper: <REDACTED>
IPHelper: <REDACTED>
IPHelper: <REDACTED>
IPHelper: <REDACTED>
IPHelper: add route 172.16.122.1/32 24 172.16.122.41 metric=-1
NRPT::ActionCreate names=[.pl.acme.com] dns_servers=[10.1.0.1]
ipconfig /flushdns
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
TAP: ARP flush succeeded
TAP handle: 340f000000000000
⏎[Jan 20, 2022, 19:58:37] Connected via TUN_WIN
⏎[Jan 20, 2022, 19:58:37] EVENT: CONNECTED james.pedersen@<ROUTER_PUBLIC_IP>:1194 (<ROUTER_PUBLIC_IP>) via /UDPv4 on TUN_WIN/172.16.122.42/ gw=[172.16.122.41/]⏎
) about letting --net 30 die in peace. It was an ugly kludge to work with Windows in the early days of openvpn Windows support.