Why can't I ping the local address of my OpenVPN gateway ?

cousinhub · Post by **cousinhub** » Mon Feb 14, 2022 7:53 am

Hello,
I recently setup a OpenVPN (to replace a far too slow Softether VPN) between Office , Home and Internet rented dedicated servers. I have one question which puzzle me.
Office Server : Old reliable NAS DLink DNS320 with Alt-F (Linux kernel 4.4.86), OpenVPN server 2.4.8 (Package exists and so far, I have not been to compile Linux-pam for this distribution to be able to compile the latest 2.5.5). Network 192.168.5.x
Home Gateway: Old reliable NAS Synology DS213 (DSM 6.2.4 Linux kernel 2.6.32.12), OpenVPN client 2.5.5 (Compiled from sources). Network 192.18.5.x
Vpn tunnels : tun , proto udp4 , topology subnet, created with network 192.168.253.x (3 servers on Internet + Gateway) to server 192.168.253.1
All the routes and ip forwarding seem to be correctly configured as I can copy any file to any machine of the VPN
From all machine at home (192.168.5.x) included the gateway, I can ping any address 192.168.253.x (included the OpenVpn server) and any address 192.168.5.x (included the OpenVpn server)
From all machine at office or tunnelled (192.168.5.x and 192.168.253.x) included the OpenVPN server, I can ping any address 192.168.253.x (included the OpenVpn server and gateway) , any address 192.168.5.x (included the OpenVpn server) , any address 192.168.6.x APART FROM THE OpenVPN gateway.
It works ok because I can use the OpenVpn gateway address 192.168.253.x from anywhere to reach the Synology and the files it is holding, but as I am not a Linux specialist at all , I wonder and I would not like to have something wrong in my settings:
Is it a normal behaviour for a gateway ?
Is it because of the old kernel of the Synology ?
Am I missing something ?

TinCanTech · Post by **TinCanTech** » Mon Feb 14, 2022 1:34 pm

cousinhub wrote: ↑
Mon Feb 14, 2022 7:53 am
Am I missing something ?

viewtopic.php?f=30&t=22603

cousinhub · Post by **cousinhub** » Tue Feb 22, 2022 8:01 am

Sorry about it. Took some time to retest a few thing and gather the correct information
Server config

server

port xxxx
proto udp4
topology subnet

dev tun

ca XX.crt
cert XX.crt
key XX.key # This file should be kept secret

dh dh2048.pem

server 192.168.253.0 255.255.255.0

ifconfig-pool-persist ipp.txt
push "route 192.168.5.0 255.255.255.0"
push "route 192.168.6.0 255.255.255.0"
route 192.168.6.0 255.255.255.0

tun-mtu 1400
fragment 0
mssfix 0

cipher AES-256-CBC
data-ciphers AES-256-CBC

client-config-dir ccd

client-to-client

keepalive 10 60

persist-key
persist-tun

status log/status.log

log log/vpn.log

verb 4

explicit-exit-notify

Client/Gateway config

client

client

dev tun

proto udp4

remote xx.xx.xx.xx xxxx

resolv-retry infinite

persist-key
persist-tun

ca XX.crt
cert XX.crt
key XX.key

remote-cert-tls server

tun-mtu 1400
fragment 0
mssfix 0

cipher AES-256-CBC
data-ciphers AES-256-CBC
auth-nocache
verb 4

status /xxxxx/status.log
log /xxxxx/client.log

Log server side

server

2022-02-15 18:45:04 us=988694 Current Parameter Settings:
2022-02-15 18:45:04 us=989108 config = 'openvpn.conf'
2022-02-15 18:45:04 us=989340 mode = 1
2022-02-15 18:45:04 us=989546 persist_config = DISABLED
2022-02-15 18:45:04 us=989751 persist_mode = 1
2022-02-15 18:45:04 us=989952 show_ciphers = DISABLED
2022-02-15 18:45:04 us=990151 show_digests = DISABLED
2022-02-15 18:45:04 us=990350 show_engines = DISABLED
2022-02-15 18:45:04 us=990549 genkey = DISABLED
2022-02-15 18:45:04 us=990749 genkey_filename = '[UNDEF]'
2022-02-15 18:45:04 us=990949 key_pass_file = '[UNDEF]'
2022-02-15 18:45:04 us=991147 show_tls_ciphers = DISABLED
2022-02-15 18:45:04 us=991347 connect_retry_max = 0
2022-02-15 18:45:04 us=991549 Connection profiles [0]:
2022-02-15 18:45:04 us=991751 proto = udp4
2022-02-15 18:45:04 us=991952 local = '[UNDEF]'
2022-02-15 18:45:04 us=992151 local_port = 'xxxx'
2022-02-15 18:45:04 us=992350 remote = '[UNDEF]'
2022-02-15 18:45:04 us=992743 remote_port = 'xxxx'
2022-02-15 18:45:04 us=992960 remote_float = DISABLED
2022-02-15 18:45:04 us=993160 bind_defined = DISABLED
2022-02-15 18:45:04 us=993360 bind_local = ENABLED
2022-02-15 18:45:04 us=993557 bind_ipv6_only = DISABLED
2022-02-15 18:45:04 us=993756 connect_retry_seconds = 5
2022-02-15 18:45:04 us=993955 connect_timeout = 120
2022-02-15 18:45:04 us=994153 socks_proxy_server = '[UNDEF]'
2022-02-15 18:45:04 us=994352 socks_proxy_port = '[UNDEF]'
2022-02-15 18:45:04 us=994553 tun_mtu = 1400
2022-02-15 18:45:04 us=994751 tun_mtu_defined = ENABLED
2022-02-15 18:45:04 us=994952 link_mtu = 1500
2022-02-15 18:45:04 us=995150 link_mtu_defined = DISABLED
2022-02-15 18:45:04 us=995349 tun_mtu_extra = 0
2022-02-15 18:45:04 us=995547 tun_mtu_extra_defined = DISABLED
2022-02-15 18:45:04 us=995748 mtu_discover_type = -1
2022-02-15 18:45:04 us=995946 fragment = 0
2022-02-15 18:45:04 us=996144 mssfix = 0
2022-02-15 18:45:04 us=996342 explicit_exit_notification = 1
2022-02-15 18:45:04 us=996541 tls_auth_file = '[UNDEF]'
2022-02-15 18:45:04 us=996740 key_direction = not set
2022-02-15 18:45:04 us=996940 tls_crypt_file = '[UNDEF]'
2022-02-15 18:45:04 us=997140 tls_crypt_v2_file = '[UNDEF]'
2022-02-15 18:45:04 us=997335 Connection profiles END
2022-02-15 18:45:04 us=997534 remote_random = DISABLED
2022-02-15 18:45:04 us=997733 ipchange = '[UNDEF]'
2022-02-15 18:45:04 us=997931 dev = 'tun'
2022-02-15 18:45:04 us=998129 dev_type = '[UNDEF]'
2022-02-15 18:45:04 us=998329 dev_node = '[UNDEF]'
2022-02-15 18:45:04 us=998530 lladdr = '[UNDEF]'
2022-02-15 18:45:04 us=998728 topology = 3
2022-02-15 18:45:04 us=998927 ifconfig_local = '192.168.253.1'
2022-02-15 18:45:04 us=999127 ifconfig_remote_netmask = '255.255.255.0'
2022-02-15 18:45:04 us=999338 ifconfig_noexec = DISABLED
2022-02-15 18:45:04 us=999538 ifconfig_nowarn = DISABLED
2022-02-15 18:45:04 us=999737 ifconfig_ipv6_local = '[UNDEF]'
2022-02-15 18:45:04 us=999938 ifconfig_ipv6_netbits = 0
2022-02-15 18:45:05 us=138 ifconfig_ipv6_remote = '[UNDEF]'
2022-02-15 18:45:05 us=337 shaper = 0
2022-02-15 18:45:05 us=537 mtu_test = 0
2022-02-15 18:45:05 us=733 mlock = DISABLED
2022-02-15 18:45:05 us=933 keepalive_ping = 10
2022-02-15 18:45:05 us=1132 keepalive_timeout = 60
2022-02-15 18:45:05 us=1332 inactivity_timeout = 0
2022-02-15 18:45:05 us=1532 ping_send_timeout = 10
2022-02-15 18:45:05 us=1733 ping_rec_timeout = 120
2022-02-15 18:45:05 us=1933 ping_rec_timeout_action = 2
2022-02-15 18:45:05 us=2132 ping_timer_remote = DISABLED
2022-02-15 18:45:05 us=2336 remap_sigusr1 = 0
2022-02-15 18:45:05 us=2702 persist_tun = ENABLED
2022-02-15 18:45:05 us=2917 persist_local_ip = DISABLED
2022-02-15 18:45:05 us=3118 persist_remote_ip = DISABLED
2022-02-15 18:45:05 us=3318 persist_key = ENABLED
2022-02-15 18:45:05 us=3517 passtos = DISABLED
2022-02-15 18:45:05 us=3719 resolve_retry_seconds = 1000000000
2022-02-15 18:45:05 us=3919 resolve_in_advance = DISABLED
2022-02-15 18:45:05 us=4116 username = '[UNDEF]'
2022-02-15 18:45:05 us=4359 groupname = '[UNDEF]'
2022-02-15 18:45:05 us=4565 chroot_dir = '[UNDEF]'
2022-02-15 18:45:05 us=4763 cd_dir = '/xxxxx/openvpn'
2022-02-15 18:45:05 us=4959 writepid = '[UNDEF]'
2022-02-15 18:45:05 us=5157 up_script = '[UNDEF]'
2022-02-15 18:45:05 us=5354 down_script = '[UNDEF]'
2022-02-15 18:45:05 us=5551 down_pre = DISABLED
2022-02-15 18:45:05 us=5748 up_restart = DISABLED
2022-02-15 18:45:05 us=5944 up_delay = DISABLED
2022-02-15 18:45:05 us=6141 daemon = ENABLED
2022-02-15 18:45:05 us=6339 inetd = 0
2022-02-15 18:45:05 us=6534 log = ENABLED
2022-02-15 18:45:05 us=6731 suppress_timestamps = DISABLED
2022-02-15 18:45:05 us=6928 machine_readable_output = DISABLED
2022-02-15 18:45:05 us=7126 nice = 0
2022-02-15 18:45:05 us=7323 verbosity = 4
2022-02-15 18:45:05 us=7520 mute = 0
2022-02-15 18:45:05 us=7718 gremlin = 0
2022-02-15 18:45:05 us=7914 status_file = 'log/status.log'
2022-02-15 18:45:05 us=8113 status_file_version = 1
2022-02-15 18:45:05 us=8311 status_file_update_freq = 60
2022-02-15 18:45:05 us=8508 occ = ENABLED
2022-02-15 18:45:05 us=8705 rcvbuf = 0
2022-02-15 18:45:05 us=8902 sndbuf = 0
2022-02-15 18:45:05 us=9098 mark = 0
2022-02-15 18:45:05 us=9308 sockflags = 0
2022-02-15 18:45:05 us=9507 fast_io = DISABLED
2022-02-15 18:45:05 us=9709 comp.alg = 0
2022-02-15 18:45:05 us=9909 comp.flags = 0
2022-02-15 18:45:05 us=10109 route_script = '[UNDEF]'
2022-02-15 18:45:05 us=10309 route_default_gateway = '192.168.253.2'
2022-02-15 18:45:05 us=10509 route_default_metric = 0
2022-02-15 18:45:05 us=10707 route_noexec = DISABLED
2022-02-15 18:45:05 us=10905 route_delay = 0
2022-02-15 18:45:05 us=11105 route_delay_window = 30
2022-02-15 18:45:05 us=11307 route_delay_defined = DISABLED
2022-02-15 18:45:05 us=11507 route_nopull = DISABLED
2022-02-15 18:45:05 us=11707 route_gateway_via_dhcp = DISABLED
2022-02-15 18:45:05 us=11907 allow_pull_fqdn = DISABLED
2022-02-15 18:45:05 us=12116 route 192.168.6.0/255.255.255.0/default (not set)/default (not set)
2022-02-15 18:45:05 us=12319 management_addr = '[UNDEF]'
2022-02-15 18:45:05 us=12668 management_port = '[UNDEF]'
2022-02-15 18:45:05 us=12885 management_user_pass = '[UNDEF]'
2022-02-15 18:45:05 us=13092 management_log_history_cache = 250
2022-02-15 18:45:05 us=13294 management_echo_buffer_size = 100
2022-02-15 18:45:05 us=13496 management_write_peer_info_file = '[UNDEF]'
2022-02-15 18:45:05 us=13696 management_client_user = '[UNDEF]'
2022-02-15 18:45:05 us=13896 management_client_group = '[UNDEF]'
2022-02-15 18:45:05 us=14097 management_flags = 0
2022-02-15 18:45:05 us=14296 shared_secret_file = '[UNDEF]'
2022-02-15 18:45:05 us=14497 key_direction = not set
2022-02-15 18:45:05 us=14696 ciphername = 'AES-256-CBC'
2022-02-15 18:45:05 us=14898 ncp_enabled = ENABLED
2022-02-15 18:45:05 us=15097 ncp_ciphers = 'AES-256-CBC'
2022-02-15 18:45:05 us=15296 authname = 'SHA1'
2022-02-15 18:45:05 us=15497 prng_hash = 'SHA1'
2022-02-15 18:45:05 us=15697 prng_nonce_secret_len = 16
2022-02-15 18:45:05 us=15898 keysize = 0
2022-02-15 18:45:05 us=16096 engine = DISABLED
2022-02-15 18:45:05 us=16294 replay = ENABLED
2022-02-15 18:45:05 us=16493 mute_replay_warnings = DISABLED
2022-02-15 18:45:05 us=16694 replay_window = 64
2022-02-15 18:45:05 us=16896 replay_time = 15
2022-02-15 18:45:05 us=17097 packet_id_file = '[UNDEF]'
2022-02-15 18:45:05 us=17298 test_crypto = DISABLED
2022-02-15 18:45:05 us=17498 tls_server = ENABLED
2022-02-15 18:45:05 us=17696 tls_client = DISABLED
2022-02-15 18:45:05 us=17895 ca_file = 'XX.crt'
2022-02-15 18:45:05 us=18091 ca_path = '[UNDEF]'
2022-02-15 18:45:05 us=18290 dh_file = 'dh2048.pem'
2022-02-15 18:45:05 us=18490 cert_file = 'openserver.crt'
2022-02-15 18:45:05 us=18692 extra_certs_file = '[UNDEF]'
2022-02-15 18:45:05 us=18892 priv_key_file = 'XX.key'
2022-02-15 18:45:05 us=19090 pkcs12_file = '[UNDEF]'
2022-02-15 18:45:05 us=19288 cipher_list = '[UNDEF]'
2022-02-15 18:45:05 us=19499 cipher_list_tls13 = '[UNDEF]'
2022-02-15 18:45:05 us=19739 tls_cert_profile = '[UNDEF]'
2022-02-15 18:45:05 us=19944 tls_verify = '[UNDEF]'
2022-02-15 18:45:05 us=20145 tls_export_cert = '[UNDEF]'
2022-02-15 18:45:05 us=20346 verify_x509_type = 0
2022-02-15 18:45:05 us=20545 verify_x509_name = '[UNDEF]'
2022-02-15 18:45:05 us=20746 crl_file = '[UNDEF]'
2022-02-15 18:45:05 us=20946 ns_cert_type = 0
2022-02-15 18:45:05 us=21146 remote_cert_ku = 0
2022-02-15 18:45:05 us=21346 remote_cert_ku = 0
2022-02-15 18:45:05 us=21546 remote_cert_ku = 0
2022-02-15 18:45:05 us=21746 remote_cert_ku = 0
2022-02-15 18:45:05 us=21945 remote_cert_ku = 0
2022-02-15 18:45:05 us=22144 remote_cert_ku = 0
2022-02-15 18:45:05 us=22345 remote_cert_ku = 0
2022-02-15 18:45:05 us=22689 remote_cert_ku = 0
2022-02-15 18:45:05 us=22901 remote_cert_ku = 0
2022-02-15 18:45:05 us=23105 remote_cert_ku = 0
2022-02-15 18:45:05 us=23305 remote_cert_ku[i] = 0
2022-02-15 18:45:05 us=23507 remote_cert_ku[i] = 0
2022-02-15 18:45:05 us=23705 remote_cert_ku[i] = 0
2022-02-15 18:45:05 us=23904 remote_cert_ku[i] = 0
2022-02-15 18:45:05 us=24103 remote_cert_ku[i] = 0
2022-02-15 18:45:05 us=24301 remote_cert_ku[i] = 0
2022-02-15 18:45:05 us=24502 remote_cert_eku = '[UNDEF]'
2022-02-15 18:45:05 us=24702 ssl_flags = 0
2022-02-15 18:45:05 us=24903 tls_timeout = 2
2022-02-15 18:45:05 us=25104 renegotiate_bytes = -1
2022-02-15 18:45:05 us=25305 renegotiate_packets = 0
2022-02-15 18:45:05 us=25506 renegotiate_seconds = 3600
2022-02-15 18:45:05 us=25708 handshake_window = 60
2022-02-15 18:45:05 us=25908 transition_window = 3600
2022-02-15 18:45:05 us=26107 single_session = DISABLED
2022-02-15 18:45:05 us=26305 push_peer_info = DISABLED
2022-02-15 18:45:05 us=26505 tls_exit = DISABLED
2022-02-15 18:45:05 us=26705 tls_crypt_v2_metadata = '[UNDEF]'
2022-02-15 18:45:05 us=26921 server_network = 192.168.253.0
2022-02-15 18:45:05 us=27136 server_netmask = 255.255.255.0
2022-02-15 18:45:05 us=27382 server_network_ipv6 = ::
2022-02-15 18:45:05 us=27588 server_netbits_ipv6 = 0
2022-02-15 18:45:05 us=27801 server_bridge_ip = 0.0.0.0
2022-02-15 18:45:05 us=28014 server_bridge_netmask = 0.0.0.0
2022-02-15 18:45:05 us=28229 server_bridge_pool_start = 0.0.0.0
2022-02-15 18:45:05 us=28487 server_bridge_pool_end = 0.0.0.0
2022-02-15 18:45:05 us=28700 push_entry = 'route 192.168.5.0 255.255.255.0'
2022-02-15 18:45:05 us=28905 push_entry = 'route 192.168.6.0 255.255.255.0'
2022-02-15 18:45:05 us=29108 push_entry = 'route-gateway 192.168.253.1'
2022-02-15 18:45:05 us=29308 push_entry = 'topology subnet'
2022-02-15 18:45:05 us=29518 push_entry = 'ping 10'
2022-02-15 18:45:05 us=29717 push_entry = 'ping-restart 60'
2022-02-15 18:45:05 us=29919 ifconfig_pool_defined = ENABLED
2022-02-15 18:45:05 us=30134 ifconfig_pool_start = 192.168.253.2
2022-02-15 18:45:05 us=30355 ifconfig_pool_end = 192.168.253.254
2022-02-15 18:45:05 us=30576 ifconfig_pool_netmask = 255.255.255.0
2022-02-15 18:45:05 us=30777 ifconfig_pool_persist_filename = 'ipp.txt'
2022-02-15 18:45:05 us=30982 ifconfig_pool_persist_refresh_freq = 600
2022-02-15 18:45:05 us=31183 ifconfig_ipv6_pool_defined = DISABLED
2022-02-15 18:45:05 us=31393 ifconfig_ipv6_pool_base = ::
2022-02-15 18:45:05 us=31597 ifconfig_ipv6_pool_netbits = 0
2022-02-15 18:45:05 us=31799 n_bcast_buf = 256
2022-02-15 18:45:05 us=32000 tcp_queue_limit = 64
2022-02-15 18:45:05 us=32203 real_hash_size = 256
2022-02-15 18:45:05 us=32527 virtual_hash_size = 256
2022-02-15 18:45:05 us=32759 client_connect_script = '[UNDEF]'
2022-02-15 18:45:05 us=32968 learn_address_script = '[UNDEF]'
2022-02-15 18:45:05 us=33173 client_disconnect_script = '[UNDEF]'
2022-02-15 18:45:05 us=33374 client_config_dir = 'ccd'
2022-02-15 18:45:05 us=33575 ccd_exclusive = DISABLED
2022-02-15 18:45:05 us=33773 tmp_dir = '/tmp'
2022-02-15 18:45:05 us=33975 push_ifconfig_defined = DISABLED
2022-02-15 18:45:05 us=34190 push_ifconfig_local = 0.0.0.0
2022-02-15 18:45:05 us=34443 push_ifconfig_remote_netmask = 0.0.0.0
2022-02-15 18:45:05 us=34652 push_ifconfig_ipv6_defined = DISABLED
2022-02-15 18:45:05 us=34869 push_ifconfig_ipv6_local = ::/0
2022-02-15 18:45:05 us=35085 push_ifconfig_ipv6_remote = ::
2022-02-15 18:45:05 us=35285 enable_c2c = ENABLED
2022-02-15 18:45:05 us=35487 duplicate_cn = DISABLED
2022-02-15 18:45:05 us=35687 cf_max = 0
2022-02-15 18:45:05 us=35887 cf_per = 0
2022-02-15 18:45:05 us=36087 max_clients = 1024
2022-02-15 18:45:05 us=36291 max_routes_per_client = 256
2022-02-15 18:45:05 us=36491 auth_user_pass_verify_script = '[UNDEF]'
2022-02-15 18:45:05 us=36693 auth_user_pass_verify_script_via_file = DISABLED
2022-02-15 18:45:05 us=36893 auth_token_generate = DISABLED
2022-02-15 18:45:05 us=37095 auth_token_lifetime = 0
2022-02-15 18:45:05 us=37295 auth_token_secret_file = '[UNDEF]'
2022-02-15 18:45:05 us=37497 port_share_host = '[UNDEF]'
2022-02-15 18:45:05 us=37696 port_share_port = '[UNDEF]'
2022-02-15 18:45:05 us=37900 vlan_tagging = DISABLED
2022-02-15 18:45:05 us=38097 vlan_accept = all
2022-02-15 18:45:05 us=38300 vlan_pvid = 1
2022-02-15 18:45:05 us=38501 client = DISABLED
2022-02-15 18:45:05 us=38701 pull = DISABLED
2022-02-15 18:45:05 us=38902 auth_user_pass_file = '[UNDEF]'
2022-02-15 18:45:05 us=39126 OpenVPN 2.5.5 armv5tel-unknown-linux-uclibceabi [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Feb 14 2022
2022-02-15 18:45:05 us=39386 library versions: OpenSSL 1.1.1k 25 Mar 2021, LZO 2.10
2022-02-15 18:45:05 us=44129 net_route_v4_best_gw query: dst 0.0.0.0
2022-02-15 18:45:05 us=101254 net_route_v4_best_gw result: via 192.168.5.1 dev eth0
2022-02-15 18:45:05 us=107760 Diffie-Hellman initialized with 2048 bit key
2022-02-15 18:45:05 us=114495 TLS-Auth MTU parms [ L:1521 D:1212 EF:38 EB:0 ET:0 EL:3 ]
2022-02-15 18:45:05 us=115728 net_route_v4_best_gw query: dst 0.0.0.0
2022-02-15 18:45:05 us=172361 net_route_v4_best_gw result: via 192.168.5.1 dev eth0
2022-02-15 18:45:05 us=172976 ROUTE_GATEWAY 192.168.5.1/255.255.255.0 IFACE=eth0 HWADDR=28:10:7b:45:a4:11
2022-02-15 18:45:05 us=175383 TUN/TAP device tun0 opened
2022-02-15 18:45:05 us=175670 do_ifconfig, ipv4=1, ipv6=0
2022-02-15 18:45:05 us=244474 net_iface_mtu_set: mtu 1400 for tun0
2022-02-15 18:45:05 us=301017 net_iface_up: set tun0 up
2022-02-15 18:45:05 us=301611 net_addr_v4_add: 192.168.253.1/24 dev tun0
2022-02-15 18:45:05 us=358499 net_route_v4_add: 192.168.6.0/24 via 192.168.253.2 dev [NULL] table 0 metric -1
2022-02-15 18:45:05 us=359108 Data Channel MTU parms [ L:1521 D:1521 EF:121 EB:389 ET:0 EL:3 ]
2022-02-15 18:45:05 us=359428 Socket Buffers: R=[163840->163840] S=[163840->163840]
2022-02-15 18:45:05 us=359708 UDPv4 link local (bound): [AF_INET][undef]:19635
2022-02-15 18:45:05 us=359928 UDPv4 link remote: [AF_UNSPEC]
2022-02-15 18:45:05 us=360155 MULTI: multi_init called, r=256 v=256
2022-02-15 18:45:05 us=360488 IFCONFIG POOL IPv4: base=192.168.253.2 size=253
2022-02-15 18:45:05 us=360789 IFCONFIG POOL LIST
2022-02-15 18:45:05 us=361315 Initialization Sequence Completed
2022-02-15 18:45:05 us=996604 MULTI: multi_create_instance called
2022-02-15 18:45:05 us=998253 aa.aa.aa.aa:1194 Re-using SSL/TLS context
2022-02-15 18:45:06 us=3218 aa.aa.aa.aa:1194 Control Channel MTU parms [ L:1521 D:1212 EF:38 EB:0 ET:0 EL:3 ]
2022-02-15 18:45:06 us=4078 aa.aa.aa.aa:1194 Data Channel MTU parms [ L:1521 D:1521 EF:121 EB:389 ET:0 EL:3 ]
2022-02-15 18:45:06 us=9170 aa.aa.aa.aa:1194 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1457,tun-mtu 1400,proto UDPv4,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-server'
2022-02-15 18:45:06 us=9886 aa.aa.aa.aa:1194 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1457,tun-mtu 1400,proto UDPv4,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-client'
2022-02-15 18:45:06 us=11124 aa.aa.aa.aa:1194 TLS: Initial packet from [AF_INET]aa.aa.aa.aa:1194, sid=d399b521 8e4c78f1
2022-02-15 18:45:06 us=194944 MULTI: multi_create_instance called
2022-02-15 18:45:06 us=195616 xx.xx.xx.xx:1194 Re-using SSL/TLS context
2022-02-15 18:45:06 us=196864 xx.xx.xx.xx:1194 Control Channel MTU parms [ L:1521 D:1212 EF:38 EB:0 ET:0 EL:3 ]
2022-02-15 18:45:06 us=197141 xx.xx.xx.xx:1194 Data Channel MTU parms [ L:1521 D:1521 EF:121 EB:389 ET:0 EL:3 ]
2022-02-15 18:45:06 us=198853 xx.xx.xx.xx:1194 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1457,tun-mtu 1400,proto UDPv4,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-server'
2022-02-15 18:45:06 us=199102 xx.xx.xx.xx:1194 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1457,tun-mtu 1400,proto UDPv4,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-client'
2022-02-15 18:45:06 us=199504 xx.xx.xx.xx:1194 TLS: Initial packet from [AF_INET]xx.xx.xx.xx:1194, sid=c6046dcf e27af85d
2022-02-15 18:45:06 us=229360 aa.aa.aa.aa:1194 VERIFY OK: depth=1, C=XX, ST=XX, L=XX, O=XX, CN=XX, emailAddress=XX
2022-02-15 18:45:06 us=237020 aa.aa.aa.aa:1194 VERIFY OK: depth=0, C=XX, ST=XX, L=XX, O=XX, OU=XX, emailAddress=XX, CN=XX.XX
2022-02-15 18:45:06 us=245193 aa.aa.aa.aa:1194 peer info: IV_VER=2.5.5
2022-02-15 18:45:06 us=245516 aa.aa.aa.aa:1194 peer info: IV_PLAT=win
2022-02-15 18:45:06 us=245737 aa.aa.aa.aa:1194 peer info: IV_PROTO=6
2022-02-15 18:45:06 us=245950 aa.aa.aa.aa:1194 peer info: IV_CIPHERS=AES-256-CBC
2022-02-15 18:45:06 us=246153 aa.aa.aa.aa:1194 peer info: IV_LZ4=1
2022-02-15 18:45:06 us=246359 aa.aa.aa.aa:1194 peer info: IV_LZ4v2=1
2022-02-15 18:45:06 us=246560 aa.aa.aa.aa:1194 peer info: IV_LZO=1
2022-02-15 18:45:06 us=246765 aa.aa.aa.aa:1194 peer info: IV_COMP_STUB=1
2022-02-15 18:45:06 us=246965 aa.aa.aa.aa:1194 peer info: IV_COMP_STUBv2=1
2022-02-15 18:45:06 us=247169 aa.aa.aa.aa:1194 peer info: IV_TCPNL=1
2022-02-15 18:45:06 us=387592 aa.aa.aa.aa:1194 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256
2022-02-15 18:45:06 us=388073 aa.aa.aa.aa:1194 [one.vpn] Peer Connection Initiated with [AF_INET]aa.aa.aa.aa:1194
2022-02-15 18:45:06 us=388525 one.vpn/aa.aa.aa.aa:1194 MULTI_sva: pool returned IPv4=192.168.253.2, IPv6=(Not enabled)
2022-02-15 18:45:06 us=389297 one.vpn/aa.aa.aa.aa:1194 OPTIONS IMPORT: reading client specific options from: ccd/one.vpn
2022-02-15 18:45:06 us=390834 one.vpn/aa.aa.aa.aa:1194 MULTI: Learn: 192.168.253.253 -> xx.xx.xx.xx/xx.xx
2022-02-15 18:45:06 us=391111 one.vpn/aa.aa.aa.aa:1194 MULTI: primary virtual IP for xx.xx/xx.xx.xx.xx 192.168.253.253
2022-02-15 18:45:06 us=393120 one.vpn/aa.aa.aa.aa:1194 Outgoing Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
2022-02-15 18:45:06 us=393462 one.vpn/aa.aa.aa.aa:1194 Outgoing Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
2022-02-15 18:45:06 us=393733 one.vpn/aa.aa.aa.aa:1194 Incoming Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
2022-02-15 18:45:06 us=394017 one.vpn/aa.aa.aa.aa:1194 Incoming Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
2022-02-15 18:45:06 us=394645 one.vpn/aa.aa.aa.aa:1194 SENT CONTROL [one.vpn]: 'PUSH_REPLY,route 192.168.5.0 255.255.255.0,route 192.168.6.0 255.255.255.0,route-gateway 192.168.253.1,topology subnet,ping 10,ping-restart 60,ifconfig 192.168.253.253 255.255.255.0,peer-id 0,cipher AES-256-CBC' (status=1)
2022-02-15 18:45:06 us=463713 xx.xx.xx.xx:1194 VERIFY OK: depth=1, C=XX, ST=XX, L=XX, O=XX, OU=XX, emailAddress=XX
2022-02-15 18:45:06 us=469055 xx.xx.xx.xx:1194 VERIFY OK: depth=0, C=XX, ST=XX, L=XX, O=XX, OU=XX, emailAddress=XX, CN=XX.XX
2022-02-15 18:45:06 us=476893 xx.xx.xx.xx:1194 peer info: IV_VER=2.5.1
2022-02-15 18:45:06 us=477214 xx.xx.xx.xx:1194 peer info: IV_PLAT=linux
2022-02-15 18:45:06 us=477434 xx.xx.xx.xx:1194 peer info: IV_PROTO=6
2022-02-15 18:45:06 us=477643 xx.xx.xx.xx:1194 peer info: IV_CIPHERS=AES-256-CBC
2022-02-15 18:45:06 us=477849 xx.xx.xx.xx:1194 peer info: IV_LZ4=1
2022-02-15 18:45:06 us=478112 xx.xx.xx.xx:1194 peer info: IV_LZ4v2=1
2022-02-15 18:45:06 us=478326 xx.xx.xx.xx:1194 peer info: IV_LZO=1
2022-02-15 18:45:06 us=478534 xx.xx.xx.xx:1194 peer info: IV_COMP_STUB=1
2022-02-15 18:45:06 us=478740 xx.xx.xx.xx:1194 peer info: IV_COMP_STUBv2=1
2022-02-15 18:45:06 us=478947 xx.xx.xx.xx:1194 peer info: IV_TCPNL=1
2022-02-15 18:45:06 us=499827 xx.xx.xx.xx:1194 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256
2022-02-15 18:45:06 us=500259 xx.xx.xx.xx:1194 [sdns2.vpn] Peer Connection Initiated with [AF_INET]xx.xx.xx.xx:1194
2022-02-15 18:45:06 us=500707 sdns2.vpn/xx.xx.xx.xx:1194 MULTI_sva: pool returned IPv4=192.168.253.2, IPv6=(Not enabled)
2022-02-15 18:45:06 us=501478 sdns2.vpn/xx.xx.xx.xx:1194 OPTIONS IMPORT: reading client specific options from: ccd/sdns2.vpn
2022-02-15 18:45:06 us=504657 sdns2.vpn/xx.xx.xx.xx:1194 MULTI: Learn: 192.168.253.252 -> xx.xx/xx.xx.xx.xx:1194
2022-02-15 18:45:06 us=505552 sdns2.vpn/xx.xx.xx.xx:1194 MULTI: primary virtual IP for xx.xx/xx.xx.xx.xx 192.168.253.252
2022-02-15 18:45:06 us=511367 sdns2.vpn/xx.xx.xx.xx:1194 Outgoing Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
2022-02-15 18:45:06 us=512291 sdns2.vpn/xx.xx.xx.xx:1194 Outgoing Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
2022-02-15 18:45:06 us=512919 sdns2.vpn/xx.xx.xx.xx:1194 Incoming Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
2022-02-15 18:45:06 us=513218 sdns2.vpn/xx.xx.xx.xx:1194 Incoming Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
2022-02-15 18:45:06 us=513833 sdns2.vpn/xx.xx.xx.xx:1194 SENT CONTROL [sdns2.vpn]: 'PUSH_REPLY,route 192.168.5.0 255.255.255.0,route 192.168.6.0 255.255.255.0,route-gateway 192.168.253.1,topology subnet,ping 10,ping-restart 60,ifconfig 192.168.253.252 255.255.255.0,peer-id 1,cipher AES-256-CBC' (status=1)
2022-02-15 18:45:07 us=287602 MULTI: multi_create_instance called
2022-02-15 18:45:07 us=289202 bb.bb.bb.bb:1194 Re-using SSL/TLS context
2022-02-15 18:45:07 us=292026 bb.bb.bb.bb:1194 Control Channel MTU parms [ L:1521 D:1212 EF:38 EB:0 ET:0 EL:3 ]
2022-02-15 18:45:07 us=293093 bb.bb.bb.bb:1194 Data Channel MTU parms [ L:1521 D:1521 EF:121 EB:389 ET:0 EL:3 ]
2022-02-15 18:45:07 us=298074 bb.bb.bb.bb:1194 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1457,tun-mtu 1400,proto UDPv4,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-server'
2022-02-15 18:45:07 us=298792 bb.bb.bb.bb:1194 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1457,tun-mtu 1400,proto UDPv4,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-client'
2022-02-15 18:45:07 us=299982 bb.bb.bb.bb:1194 TLS: Initial packet from [AF_INET]xx.xx/xx.xx.xx.xx:1194, sid=08733ad1 6a822622
2022-02-15 18:45:07 us=496813 bb.bb.bb.bb:1194 VERIFY OK: depth=1, C=XX, ST=XX, L=XX, O=XX, OU=XX, emailAddress=XX
2022-02-15 18:45:07 us=502154 bb.bb.bb.bb:1194 VERIFY OK: depth=0, C=XX, ST=XX, L=XX, O=XX, OU=XX, emailAddress=XX, CN=XX.XX
2022-02-15 18:45:07 us=510060 bb.bb.bb.bb:1194 peer info: IV_VER=2.5.5
2022-02-15 18:45:07 us=510380 bb.bb.bb.bb:1194 peer info: IV_PLAT=win
2022-02-15 18:45:07 us=510602 bb.bb.bb.bb:1194 peer info: IV_PROTO=6
2022-02-15 18:45:07 us=510815 bb.bb.bb.bb:1194 peer info: IV_CIPHERS=AES-256-CBC
2022-02-15 18:45:07 us=511023 bb.bb.bb.bb:1194 peer info: IV_LZ4=1
2022-02-15 18:45:07 us=511230 bb.bb.bb.bb:1194 peer info: IV_LZ4v2=1
2022-02-15 18:45:07 us=511436 bb.bb.bb.bb:1194 peer info: IV_LZO=1
2022-02-15 18:45:07 us=511639 bb.bb.bb.bb:1194 peer info: IV_COMP_STUB=1
2022-02-15 18:45:07 us=511841 bb.bb.bb.bb:1194 peer info: IV_COMP_STUBv2=1
2022-02-15 18:45:07 us=512045 bb.bb.bb.bb:1194 peer info: IV_TCPNL=1
2022-02-15 18:45:07 us=531984 bb.bb.bb.bb:1194 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256
2022-02-15 18:45:07 us=532787 bb.bb.bb.bb:1194 [two.vpn] Peer Connection Initiated with [AF_INET]xx.xx.xx.xx:xxxx
2022-02-15 18:45:07 us=534156 two.vpn/bb.bb.bb.bb:1194 MULTI_sva: pool returned IPv4=192.168.253.2, IPv6=(Not enabled)
2022-02-15 18:45:07 us=536729 two.vpn/bb.bb.bb.bb:1194 OPTIONS IMPORT: reading client specific options from: ccd/two.vpn
2022-02-15 18:45:07 us=541327 two.vpn/bb.bb.bb.bb:1194 MULTI: Learn: 192.168.253.251 -> xx.xx/xx.xx.xx.xx:1194
2022-02-15 18:45:07 us=542221 two.vpn/bb.bb.bb.bb:1194 MULTI: primary virtual IP for xx.xx/xx.xx.xx.xx 192.168.253.251
2022-02-15 18:45:07 us=544250 two.vpn/bb.bb.bb.bb:1194 Outgoing Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
2022-02-15 18:45:07 us=544573 two.vpn/bb.bb.bb.bb:1194 Outgoing Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
2022-02-15 18:45:07 us=544844 two.vpn/bb.bb.bb.bb:1194 Incoming Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
2022-02-15 18:45:07 us=545127 two.vpn/bb.bb.bb.bb:1194 Incoming Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
2022-02-15 18:45:07 us=545743 two.vpn/bb.bb.bb.bb:1194 SENT CONTROL [two.vpn]: 'PUSH_REPLY,route 192.168.5.0 255.255.255.0,route 192.168.6.0 255.255.255.0,route-gateway 192.168.253.1,topology subnet,ping 10,ping-restart 60,ifconfig 192.168.253.251 255.255.255.0,peer-id 2,cipher AES-256-CBC' (status=1)
2022-02-15 18:48:29 us=234733 MULTI: multi_create_instance called
2022-02-15 18:48:29 us=236436 cc.cc.cc.cc:1194 Re-using SSL/TLS context
2022-02-15 18:48:29 us=239562 cc.cc.cc.cc:1194 Control Channel MTU parms [ L:1521 D:1212 EF:38 EB:0 ET:0 EL:3 ]
2022-02-15 18:48:29 us=240413 cc.cc.cc.cc:1194 Data Channel MTU parms [ L:1521 D:1521 EF:121 EB:389 ET:0 EL:3 ]
2022-02-15 18:48:29 us=245679 cc.cc.cc.cc:1194 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1457,tun-mtu 1400,proto UDPv4,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-server'
2022-02-15 18:48:29 us=246422 cc.cc.cc.cc:1194 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1457,tun-mtu 1400,proto UDPv4,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-client'
2022-02-15 18:48:29 us=247621 cc.cc.cc.cc:1194 TLS: Initial packet from [AF_INET]cc.cc.cc.cc:1194, sid=fd973417 a6d9fc94
2022-02-15 18:48:29 us=713162 cc.cc.cc.cc:1194 VERIFY OK: depth=1, C=XX, ST=XX, L=XX, O=XX, OU=XX, emailAddress=XX
2022-02-15 18:48:29 us=718534 cc.cc.cc.cc:1194 VERIFY OK: depth=0, C=XX, ST=XX, L=XX, O=XX, OU=XX, emailAddress=XX, CN=XX.XX
2022-02-15 18:48:29 us=726379 cc.cc.cc.cc:1194 peer info: IV_VER=2.5.5
2022-02-15 18:48:29 us=726702 cc.cc.cc.cc:1194 peer info: IV_PLAT=linux
2022-02-15 18:48:29 us=726927 cc.cc.cc.cc:1194 peer info: IV_PROTO=6
2022-02-15 18:48:29 us=727144 cc.cc.cc.cc:1194 peer info: IV_CIPHERS=AES-256-CBC
2022-02-15 18:48:29 us=727355 cc.cc.cc.cc:1194 peer info: IV_LZ4=1
2022-02-15 18:48:29 us=727568 cc.cc.cc.cc:1194 peer info: IV_LZ4v2=1
2022-02-15 18:48:29 us=727777 cc.cc.cc.cc:1194 peer info: IV_LZO=1
2022-02-15 18:48:29 us=727986 cc.cc.cc.cc:1194 peer info: IV_COMP_STUB=1
2022-02-15 18:48:29 us=728196 cc.cc.cc.cc:1194 peer info: IV_COMP_STUBv2=1
2022-02-15 18:48:29 us=728404 cc.cc.cc.cc:1194 peer info: IV_TCPNL=1
2022-02-15 18:48:29 us=737642 cc.cc.cc.cc:1194 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256
2022-02-15 18:48:29 us=738070 cc.cc.cc.cc:1194 [home.vpn] Peer Connection Initiated with [AF_INET]xx.xx.xx.xx:1194
2022-02-15 18:48:29 us=738525 home.vpn/cc.cc.cc.cc:1194 MULTI_sva: pool returned IPv4=192.168.253.2, IPv6=(Not enabled)
2022-02-15 18:48:29 us=739296 home.vpn/cc.cc.cc.cc:1194 OPTIONS IMPORT: reading client specific options from: ccd/home.vpn
2022-02-15 18:48:29 us=741367 home.vpn/cc.cc.cc.cc:1194 MULTI: Learn: 192.168.253.202 -> xx.xx/xx.xx.xx.xx
2022-02-15 18:48:29 us=741652 home.vpn/cc.cc.cc.cc:1194 MULTI: primary virtual IP for xx.xx/xx.xx.xx.xx 192.168.253.202
2022-02-15 18:48:29 us=741954 home.vpn/cc.cc.cc.cc:1194 MULTI: internal route 192.168.6.0/24 -> xx.xx/xx.xx.xx.xx:1194
2022-02-15 18:48:29 us=742241 home.vpn/cc.cc.cc.cc:1194 MULTI: Learn: 192.168.6.0/24 -> home.vpn/cc.cc.cc.cc:1194
2022-02-15 18:48:29 us=743594 home.vpn/cc.cc.cc.cc:1194 REMOVE PUSH ROUTE: 'route 192.168.6.0 255.255.255.0'
2022-02-15 18:48:29 us=745316 home.vpn/cc.cc.cc.cc:1194 Outgoing Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
2022-02-15 18:48:29 us=745627 home.vpn/cc.cc.cc.cc:1194 Outgoing Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
2022-02-15 18:48:29 us=745895 home.vpn/cc.cc.cc.cc:1194 Incoming Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
2022-02-15 18:48:29 us=746176 home.vpn/cc.cc.cc.cc:1194 Incoming Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
2022-02-15 18:48:29 us=746771 home.vpn/cc.cc.cc.cc:1194 SENT CONTROL [home.vpn]: 'PUSH_REPLY,route 192.168.5.0 255.255.255.0,route-gateway 192.168.253.1,topology subnet,ping 10,ping-restart 60,ifconfig 192.168.253.202 255.255.255.0,peer-id 3,cipher AES-256-CBC' (status=1)
2022-02-15 18:48:34 us=381595 home.vpn/cc.cc.cc.cc:1194 MULTI: Learn: 192.168.6.29 -> xx.xx/xx.xx.xx.xx

Log Client side

client

2022-02-15 18:48:29 us=205208 Current Parameter Settings:
2022-02-15 18:48:29 us=205458 config = 'home.ovpn'
2022-02-15 18:48:29 us=205522 mode = 0
2022-02-15 18:48:29 us=205576 persist_config = DISABLED
2022-02-15 18:48:29 us=205628 persist_mode = 1
2022-02-15 18:48:29 us=205678 show_ciphers = DISABLED
2022-02-15 18:48:29 us=205729 show_digests = DISABLED
2022-02-15 18:48:29 us=205780 show_engines = DISABLED
2022-02-15 18:48:29 us=205831 genkey = DISABLED
2022-02-15 18:48:29 us=205882 genkey_filename = '[UNDEF]'
2022-02-15 18:48:29 us=205933 key_pass_file = '[UNDEF]'
2022-02-15 18:48:29 us=205985 show_tls_ciphers = DISABLED
2022-02-15 18:48:29 us=206047 connect_retry_max = 0
2022-02-15 18:48:29 us=206101 Connection profiles [0]:
2022-02-15 18:48:29 us=206153 proto = udp4
2022-02-15 18:48:29 us=206204 local = '[UNDEF]'
2022-02-15 18:48:29 us=206255 local_port = '1194'
2022-02-15 18:48:29 us=206306 remote = 'xxxxxxx'
2022-02-15 18:48:29 us=206357 remote_port = 'xxxxxxx'
2022-02-15 18:48:29 us=206408 remote_float = DISABLED
2022-02-15 18:48:29 us=206458 bind_defined = DISABLED
2022-02-15 18:48:29 us=206509 bind_local = ENABLED
2022-02-15 18:48:29 us=206559 bind_ipv6_only = DISABLED
2022-02-15 18:48:29 us=206611 connect_retry_seconds = 5
2022-02-15 18:48:29 us=206663 connect_timeout = 120
2022-02-15 18:48:29 us=206714 socks_proxy_server = '[UNDEF]'
2022-02-15 18:48:29 us=206765 socks_proxy_port = '[UNDEF]'
2022-02-15 18:48:29 us=206817 tun_mtu = 1400
2022-02-15 18:48:29 us=206868 tun_mtu_defined = ENABLED
2022-02-15 18:48:29 us=206919 link_mtu = 1500
2022-02-15 18:48:29 us=206970 link_mtu_defined = DISABLED
2022-02-15 18:48:29 us=207021 tun_mtu_extra = 0
2022-02-15 18:48:29 us=207072 tun_mtu_extra_defined = DISABLED
2022-02-15 18:48:29 us=207124 mtu_discover_type = -1
2022-02-15 18:48:29 us=207176 fragment = 0
2022-02-15 18:48:29 us=207227 mssfix = 0
2022-02-15 18:48:29 us=207278 explicit_exit_notification = 0
2022-02-15 18:48:29 us=207329 tls_auth_file = '[UNDEF]'
2022-02-15 18:48:29 us=207381 key_direction = not set
2022-02-15 18:48:29 us=207432 tls_crypt_file = '[UNDEF]'
2022-02-15 18:48:29 us=207483 tls_crypt_v2_file = '[UNDEF]'
2022-02-15 18:48:29 us=207534 Connection profiles END
2022-02-15 18:48:29 us=207585 remote_random = DISABLED
2022-02-15 18:48:29 us=207635 ipchange = '[UNDEF]'
2022-02-15 18:48:29 us=207686 dev = 'tun'
2022-02-15 18:48:29 us=207737 dev_type = '[UNDEF]'
2022-02-15 18:48:29 us=207787 dev_node = '[UNDEF]'
2022-02-15 18:48:29 us=207846 lladdr = '[UNDEF]'
2022-02-15 18:48:29 us=207900 topology = 1
2022-02-15 18:48:29 us=207952 ifconfig_local = '[UNDEF]'
2022-02-15 18:48:29 us=208004 ifconfig_remote_netmask = '[UNDEF]'
2022-02-15 18:48:29 us=208055 ifconfig_noexec = DISABLED
2022-02-15 18:48:29 us=208106 ifconfig_nowarn = DISABLED
2022-02-15 18:48:29 us=208157 ifconfig_ipv6_local = '[UNDEF]'
2022-02-15 18:48:29 us=208209 ifconfig_ipv6_netbits = 0
2022-02-15 18:48:29 us=208260 ifconfig_ipv6_remote = '[UNDEF]'
2022-02-15 18:48:29 us=208312 shaper = 0
2022-02-15 18:48:29 us=208363 mtu_test = 0
2022-02-15 18:48:29 us=208414 mlock = DISABLED
2022-02-15 18:48:29 us=208465 keepalive_ping = 0
2022-02-15 18:48:29 us=208606 keepalive_timeout = 0
2022-02-15 18:48:29 us=208671 inactivity_timeout = 0
2022-02-15 18:48:29 us=208723 ping_send_timeout = 0
2022-02-15 18:48:29 us=208775 ping_rec_timeout = 0
2022-02-15 18:48:29 us=208828 ping_rec_timeout_action = 0
2022-02-15 18:48:29 us=208879 ping_timer_remote = DISABLED
2022-02-15 18:48:29 us=208931 remap_sigusr1 = 0
2022-02-15 18:48:29 us=208981 persist_tun = ENABLED
2022-02-15 18:48:29 us=209033 persist_local_ip = DISABLED
2022-02-15 18:48:29 us=209083 persist_remote_ip = DISABLED
2022-02-15 18:48:29 us=209134 persist_key = ENABLED
2022-02-15 18:48:29 us=209185 passtos = DISABLED
2022-02-15 18:48:29 us=209237 resolve_retry_seconds = 1000000000
2022-02-15 18:48:29 us=209287 resolve_in_advance = DISABLED
2022-02-15 18:48:29 us=209338 username = '[UNDEF]'
2022-02-15 18:48:29 us=209408 groupname = '[UNDEF]'
2022-02-15 18:48:29 us=209461 chroot_dir = '[UNDEF]'
2022-02-15 18:48:29 us=209513 cd_dir = '/xxxx/config'
2022-02-15 18:48:29 us=209565 writepid = '[UNDEF]'
2022-02-15 18:48:29 us=209616 up_script = '[UNDEF]'
2022-02-15 18:48:29 us=209667 down_script = '[UNDEF]'
2022-02-15 18:48:29 us=209719 down_pre = DISABLED
2022-02-15 18:48:29 us=209770 up_restart = DISABLED
2022-02-15 18:48:29 us=209820 up_delay = DISABLED
2022-02-15 18:48:29 us=209871 daemon = ENABLED
2022-02-15 18:48:29 us=209922 inetd = 0
2022-02-15 18:48:29 us=209972 log = ENABLED
2022-02-15 18:48:29 us=210023 suppress_timestamps = DISABLED
2022-02-15 18:48:29 us=210074 machine_readable_output = DISABLED
2022-02-15 18:48:29 us=210125 nice = 0
2022-02-15 18:48:29 us=210176 verbosity = 4
2022-02-15 18:48:29 us=210227 mute = 0
2022-02-15 18:48:29 us=210279 status_file = '/xxxx/status.log'
2022-02-15 18:48:29 us=210331 status_file_version = 1
2022-02-15 18:48:29 us=210383 status_file_update_freq = 60
2022-02-15 18:48:29 us=210434 occ = ENABLED
2022-02-15 18:48:29 us=210486 rcvbuf = 0
2022-02-15 18:48:29 us=210537 sndbuf = 0
2022-02-15 18:48:29 us=210589 mark = 0
2022-02-15 18:48:29 us=210640 sockflags = 0
2022-02-15 18:48:29 us=210692 fast_io = DISABLED
2022-02-15 18:48:29 us=210743 comp.alg = 0
2022-02-15 18:48:29 us=210806 comp.flags = 0
2022-02-15 18:48:29 us=210859 route_script = '[UNDEF]'
2022-02-15 18:48:29 us=210911 route_default_gateway = '[UNDEF]'
2022-02-15 18:48:29 us=210962 route_default_metric = 0
2022-02-15 18:48:29 us=211014 route_noexec = DISABLED
2022-02-15 18:48:29 us=211065 route_delay = 0
2022-02-15 18:48:29 us=211118 route_delay_window = 30
2022-02-15 18:48:29 us=211169 route_delay_defined = DISABLED
2022-02-15 18:48:29 us=211221 route_nopull = DISABLED
2022-02-15 18:48:29 us=211273 route_gateway_via_dhcp = DISABLED
2022-02-15 18:48:29 us=211324 allow_pull_fqdn = DISABLED
2022-02-15 18:48:29 us=211376 management_addr = '[UNDEF]'
2022-02-15 18:48:29 us=211428 management_port = '[UNDEF]'
2022-02-15 18:48:29 us=211481 management_user_pass = '[UNDEF]'
2022-02-15 18:48:29 us=211533 management_log_history_cache = 250
2022-02-15 18:48:29 us=211585 management_echo_buffer_size = 100
2022-02-15 18:48:29 us=211637 management_write_peer_info_file = '[UNDEF]'
2022-02-15 18:48:29 us=211688 management_client_user = '[UNDEF]'
2022-02-15 18:48:29 us=211740 management_client_group = '[UNDEF]'
2022-02-15 18:48:29 us=211793 management_flags = 0
2022-02-15 18:48:29 us=211844 shared_secret_file = '[UNDEF]'
2022-02-15 18:48:29 us=211897 key_direction = not set
2022-02-15 18:48:29 us=211948 ciphername = 'AES-256-CBC'
2022-02-15 18:48:29 us=212000 ncp_enabled = ENABLED
2022-02-15 18:48:29 us=212052 ncp_ciphers = 'AES-256-CBC'
2022-02-15 18:48:29 us=212103 authname = 'SHA1'
2022-02-15 18:48:29 us=212154 prng_hash = 'SHA1'
2022-02-15 18:48:29 us=212206 prng_nonce_secret_len = 16
2022-02-15 18:48:29 us=212258 keysize = 0
2022-02-15 18:48:29 us=212309 engine = DISABLED
2022-02-15 18:48:29 us=212361 replay = ENABLED
2022-02-15 18:48:29 us=212412 mute_replay_warnings = DISABLED
2022-02-15 18:48:29 us=212465 replay_window = 64
2022-02-15 18:48:29 us=212517 replay_time = 15
2022-02-15 18:48:29 us=212568 packet_id_file = '[UNDEF]'
2022-02-15 18:48:29 us=212619 test_crypto = DISABLED
2022-02-15 18:48:29 us=212670 tls_server = DISABLED
2022-02-15 18:48:29 us=212721 tls_client = ENABLED
2022-02-15 18:48:29 us=212773 ca_file = 'XX.crt'
2022-02-15 18:48:29 us=212825 ca_path = '[UNDEF]'
2022-02-15 18:48:29 us=212876 dh_file = '[UNDEF]'
2022-02-15 18:48:29 us=212928 cert_file = 'XX.crt'
2022-02-15 18:48:29 us=212980 extra_certs_file = '[UNDEF]'
2022-02-15 18:48:29 us=213032 priv_key_file = 'XX.key'
2022-02-15 18:48:29 us=213084 pkcs12_file = '[UNDEF]'
2022-02-15 18:48:29 us=213136 cipher_list = '[UNDEF]'
2022-02-15 18:48:29 us=213204 cipher_list_tls13 = '[UNDEF]'
2022-02-15 18:48:29 us=213258 tls_cert_profile = '[UNDEF]'
2022-02-15 18:48:29 us=213310 tls_verify = '[UNDEF]'
2022-02-15 18:48:29 us=213363 tls_export_cert = '[UNDEF]'
2022-02-15 18:48:29 us=213416 verify_x509_type = 0
2022-02-15 18:48:29 us=213468 verify_x509_name = '[UNDEF]'
2022-02-15 18:48:29 us=213520 crl_file = '[UNDEF]'
2022-02-15 18:48:29 us=213572 ns_cert_type = 0
2022-02-15 18:48:29 us=213624 remote_cert_ku[i] = 65535
2022-02-15 18:48:29 us=213677 remote_cert_ku[i] = 0
2022-02-15 18:48:29 us=213730 remote_cert_ku[i] = 0
2022-02-15 18:48:29 us=213782 remote_cert_ku[i] = 0
2022-02-15 18:48:29 us=213835 remote_cert_ku[i] = 0
2022-02-15 18:48:29 us=213887 remote_cert_ku[i] = 0
2022-02-15 18:48:29 us=213940 remote_cert_ku[i] = 0
2022-02-15 18:48:29 us=213992 remote_cert_ku[i] = 0
2022-02-15 18:48:29 us=214045 remote_cert_ku[i] = 0
2022-02-15 18:48:29 us=214098 remote_cert_ku[i] = 0
2022-02-15 18:48:29 us=214150 remote_cert_ku[i] = 0
2022-02-15 18:48:29 us=214203 remote_cert_ku[i] = 0
2022-02-15 18:48:29 us=214255 remote_cert_ku[i] = 0
2022-02-15 18:48:29 us=214308 remote_cert_ku[i] = 0
2022-02-15 18:48:29 us=214361 remote_cert_ku[i] = 0
2022-02-15 18:48:29 us=214412 remote_cert_ku[i] = 0
2022-02-15 18:48:29 us=214464 remote_cert_eku = 'TLS Web Server Authentication'
2022-02-15 18:48:29 us=214517 ssl_flags = 0
2022-02-15 18:48:29 us=214569 tls_timeout = 2
2022-02-15 18:48:29 us=214621 renegotiate_bytes = -1
2022-02-15 18:48:29 us=214673 renegotiate_packets = 0
2022-02-15 18:48:29 us=214726 renegotiate_seconds = 3600
2022-02-15 18:48:29 us=214779 handshake_window = 60
2022-02-15 18:48:29 us=214831 transition_window = 3600
2022-02-15 18:48:29 us=214883 single_session = DISABLED
2022-02-15 18:48:29 us=214935 push_peer_info = DISABLED
2022-02-15 18:48:29 us=214986 tls_exit = DISABLED
2022-02-15 18:48:29 us=215038 tls_crypt_v2_metadata = '[UNDEF]'
2022-02-15 18:48:29 us=215118 server_network = 0.0.0.0
2022-02-15 18:48:29 us=215180 server_netmask = 0.0.0.0
2022-02-15 18:48:29 us=215239 server_network_ipv6 = ::
2022-02-15 18:48:29 us=215293 server_netbits_ipv6 = 0
2022-02-15 18:48:29 us=215353 server_bridge_ip = 0.0.0.0
2022-02-15 18:48:29 us=215413 server_bridge_netmask = 0.0.0.0
2022-02-15 18:48:29 us=215473 server_bridge_pool_start = 0.0.0.0
2022-02-15 18:48:29 us=215533 server_bridge_pool_end = 0.0.0.0
2022-02-15 18:48:29 us=215586 ifconfig_pool_defined = DISABLED
2022-02-15 18:48:29 us=215646 ifconfig_pool_start = 0.0.0.0
2022-02-15 18:48:29 us=215705 ifconfig_pool_end = 0.0.0.0
2022-02-15 18:48:29 us=215765 ifconfig_pool_netmask = 0.0.0.0
2022-02-15 18:48:29 us=215818 ifconfig_pool_persist_filename = '[UNDEF]'
2022-02-15 18:48:29 us=215871 ifconfig_pool_persist_refresh_freq = 600
2022-02-15 18:48:29 us=215923 ifconfig_ipv6_pool_defined = DISABLED
2022-02-15 18:48:29 us=215980 ifconfig_ipv6_pool_base = ::
2022-02-15 18:48:29 us=216034 ifconfig_ipv6_pool_netbits = 0
2022-02-15 18:48:29 us=216086 n_bcast_buf = 256
2022-02-15 18:48:29 us=216138 tcp_queue_limit = 64
2022-02-15 18:48:29 us=216189 real_hash_size = 256
2022-02-15 18:48:29 us=216242 virtual_hash_size = 256
2022-02-15 18:48:29 us=216293 client_connect_script = '[UNDEF]'
2022-02-15 18:48:29 us=216345 learn_address_script = '[UNDEF]'
2022-02-15 18:48:29 us=216397 client_disconnect_script = '[UNDEF]'
2022-02-15 18:48:29 us=216448 client_config_dir = '[UNDEF]'
2022-02-15 18:48:29 us=216500 ccd_exclusive = DISABLED
2022-02-15 18:48:29 us=216551 tmp_dir = '/tmp'
2022-02-15 18:48:29 us=216603 push_ifconfig_defined = DISABLED
2022-02-15 18:48:29 us=216662 push_ifconfig_local = 0.0.0.0
2022-02-15 18:48:29 us=216720 push_ifconfig_remote_netmask = 0.0.0.0
2022-02-15 18:48:29 us=216774 push_ifconfig_ipv6_defined = DISABLED
2022-02-15 18:48:29 us=216832 push_ifconfig_ipv6_local = ::/0
2022-02-15 18:48:29 us=216890 push_ifconfig_ipv6_remote = ::
2022-02-15 18:48:29 us=216942 enable_c2c = DISABLED
2022-02-15 18:48:29 us=217009 duplicate_cn = DISABLED
2022-02-15 18:48:29 us=217062 cf_max = 0
2022-02-15 18:48:29 us=217114 cf_per = 0
2022-02-15 18:48:29 us=217167 max_clients = 1024
2022-02-15 18:48:29 us=217220 max_routes_per_client = 256
2022-02-15 18:48:29 us=217271 auth_user_pass_verify_script = '[UNDEF]'
2022-02-15 18:48:29 us=217323 auth_user_pass_verify_script_via_file = DISABLED
2022-02-15 18:48:29 us=217376 auth_token_generate = DISABLED
2022-02-15 18:48:29 us=217429 auth_token_lifetime = 0
2022-02-15 18:48:29 us=217481 auth_token_secret_file = '[UNDEF]'
2022-02-15 18:48:29 us=217533 port_share_host = '[UNDEF]'
2022-02-15 18:48:29 us=217585 port_share_port = '[UNDEF]'
2022-02-15 18:48:29 us=217637 vlan_tagging = DISABLED
2022-02-15 18:48:29 us=217688 vlan_accept = all
2022-02-15 18:48:29 us=217740 vlan_pvid = 1
2022-02-15 18:48:29 us=217791 client = ENABLED
2022-02-15 18:48:29 us=217843 pull = ENABLED
2022-02-15 18:48:29 us=217895 auth_user_pass_file = '[UNDEF]'
2022-02-15 18:48:29 us=217959 OpenVPN 2.5.5 arm-unknown-linux-gnueabi [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Feb 10 2022
2022-02-15 18:48:29 us=218029 library versions: OpenSSL 1.1.1m 14 Dec 2021, LZO 2.10
2022-02-15 18:48:29 us=226783 Control Channel MTU parms [ L:1521 D:1212 EF:38 EB:0 ET:0 EL:3 ]
2022-02-15 18:48:29 us=232891 Data Channel MTU parms [ L:1521 D:1521 EF:121 EB:389 ET:0 EL:3 ]
2022-02-15 18:48:29 us=233191 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1457,tun-mtu 1400,proto UDPv4,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-client'
2022-02-15 18:48:29 us=233255 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1457,tun-mtu 1400,proto UDPv4,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-server'
2022-02-15 18:48:29 us=233350 TCP/UDP: Preserving recently used remote address: [AF_INET]xx.xx.xx.xx:xxxx
2022-02-15 18:48:29 us=233432 Socket Buffers: R=[114688->114688] S=[114688->114688]
2022-02-15 18:48:29 us=233508 UDPv4 link local (bound): [AF_INET][undef]:1194
2022-02-15 18:48:29 us=233572 UDPv4 link remote: [AF_INET]xx.xx.xx.xx:xxxx
2022-02-15 18:48:29 us=260280 TLS: Initial packet from [AF_INET]xx.xx.xx.xx:xxxx, sid=e52b669d f19dae3d
2022-02-15 18:48:29 us=432031 VERIFY OK: C=XX, ST=XX, L=XX, O=XX, OU=XX, emailAddress=XX, CN=XX
2022-02-15 18:48:29 us=439087 VERIFY KU OK
2022-02-15 18:48:29 us=439198 Validating certificate extended key usage
2022-02-15 18:48:29 us=439261 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2022-02-15 18:48:29 us=439315 VERIFY EKU OK
2022-02-15 18:48:29 us=439367 VERIFY OK: depth=0, C=XX, ST=XX, L=XX, O=XX, OU=XX, emailAddress=XX, CN=XX
2022-02-15 18:48:29 us=740417 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256
2022-02-15 18:48:29 us=740591 [xxx.xxx] Peer Connection Initiated with [AF_INET]xx.xx.xx.xx:xxxx
2022-02-15 18:48:29 us=758198 PUSH: Received control message: 'PUSH_REPLY,route 192.168.5.0 255.255.255.0,route-gateway 192.168.253.1,topology subnet,ping 10,ping-restart 60,ifconfig 192.168.253.202 255.255.255.0,peer-id 3,cipher AES-256-CBC'
2022-02-15 18:48:29 us=758858 OPTIONS IMPORT: timers and/or timeouts modified
2022-02-15 18:48:29 us=758936 OPTIONS IMPORT: --ifconfig/up options modified
2022-02-15 18:48:29 us=758988 OPTIONS IMPORT: route options modified
2022-02-15 18:48:29 us=759036 OPTIONS IMPORT: route-related options modified
2022-02-15 18:48:29 us=759083 OPTIONS IMPORT: peer-id set
2022-02-15 18:48:29 us=759133 OPTIONS IMPORT: adjusting link_mtu to 1524
2022-02-15 18:48:29 us=759179 OPTIONS IMPORT: data channel crypto options modified
2022-02-15 18:48:29 us=759917 Outgoing Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
2022-02-15 18:48:29 us=760025 Outgoing Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
2022-02-15 18:48:29 us=760110 Incoming Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
2022-02-15 18:48:29 us=760233 Incoming Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
2022-02-15 18:48:29 us=760412 net_route_v4_best_gw query: dst 0.0.0.0
2022-02-15 18:48:29 us=760729 net_route_v4_best_gw result: via 192.168.6.1 dev eth0
2022-02-15 18:48:29 us=768636 TUN/TAP device tun0 opened
2022-02-15 18:48:29 us=768747 do_ifconfig, ipv4=1, ipv6=0
2022-02-15 18:48:29 us=768838 net_iface_mtu_set: mtu 1400 for tun0
2022-02-15 18:48:29 us=768990 net_iface_up: set tun0 up
2022-02-15 18:48:29 us=772429 net_addr_v4_add: 192.168.253.202/24 dev tun0
2022-02-15 18:48:29 us=773237 net_route_v4_add: 192.168.5.0/24 via 192.168.253.1 dev [NULL] table 0 metric -1
2022-02-15 18:48:29 us=773523 Initialization Sequence Completed

Now comes what is surprising to me, I have done a tcpdump on the client gateway icmp packets when pinging from the server network. denon.home (mac 00:054e:22:05) is a appliance on the network, photos.home (mac 00:11:32:15:4b:d7) is the client gateway machine, box (mac : e4:5d:51:38:fd:00) is the fiber/router.
This is the routing table of the client gateway

Code: Select all

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.6.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
192.168.5.0     192.168.253.1   255.255.255.0   UG    0      0        0 tun0
192.168.253.0   0.0.0.0         255.255.255.0   U     0      0        0 tun0
default         box             0.0.0.0         UG    0      0        0 eth0

These are the results :

Code: Select all

18:26:29.408294  In ethertype IPv4 (0x0800), length 76: hubert.xx > denon.home: ICMP echo request, id 1, seq 85, length 40
18:26:29.408348 Out 00:11:32:15:4b:d7 (oui Unknown) ethertype IPv4 (0x0800), length 76: hubert.xx > denon.home: ICMP echo request, id 1, seq 85, length 40
18:26:29.409983  In 00:05:cd:4e:22:05 (oui Unknown) ethertype IPv4 (0x0800), length 76: denon.home > hubert.xx: ICMP echo reply, id 1, seq 85, length 40
18:26:29.410028 Out ethertype IPv4 (0x0800), length 76: denon.home > hubert.xx: ICMP echo reply, id 1, seq 85, length 40

18:26:35.632910  In ethertype IPv4 (0x0800), length 76: hubert.xx > photos.home: ICMP echo request, id 1, seq 86, length 40
18:26:35.632985 Out 00:11:32:15:4b:d7 (oui Unknown) ethertype IPv4 (0x0800), length 76: photos.home > hubert.xx: ICMP echo reply, id 1, seq 86, length 40
18:26:35.633271  In e4:5d:51:38:fd:00 (oui Unknown) ethertype IPv4 (0x0800), length 104: box > photos.home: ICMP redirect hubert.xx to host photos.home, length 68
18:26:35.633468  In e4:5d:51:38:fd:00 (oui Unknown) ethertype IPv4 (0x0800), length 76: photos.home > hubert.xx: ICMP echo reply, id 1, seq 86, length 40

ICMP request to others machines are normally transfered to and answered by the machines
ICMP request to the ethernet address of directly answered AND transfered to the gateway. Therefore lost in space.
I personally do not see anything wrong in my configuration but I am not very knowledgeable on OpenVPN.
Anybody can help ?

TinCanTech · Post by **TinCanTech** » Tue Feb 22, 2022 12:36 pm

Run tcpdump on the server and client and try the ping which fails.

I expect you have a firewall issue.

cousinhub · Post by **cousinhub** » Wed Feb 23, 2022 8:00 am

It cannot be firewall, test has been made firewalls disabled everywhere.

tcpdump server side does not indicate anything but that ping to client-gateway local network interface (192.168.6.202) does not return anything, that ping to any other local network address works
Please see :

Code: Select all

08:54:14.529382 IP 192.168.5.109 > 192.168.6.120: ICMP echo request, id 1, seq 36, length 40
08:54:14.541646 IP 192.168.6.120 > 192.168.5.109: ICMP echo reply, id 1, seq 36, length 40
08:54:15.546402 IP 192.168.5.109 > 192.168.6.120: ICMP echo request, id 1, seq 37, length 40
08:54:15.561338 IP 192.168.6.120 > 192.168.5.109: ICMP echo reply, id 1, seq 37, length 40
08:54:16.576261 IP 192.168.5.109 > 192.168.6.120: ICMP echo request, id 1, seq 38, length 40
08:54:16.589784 IP 192.168.6.120 > 192.168.5.109: ICMP echo reply, id 1, seq 38, length 40
08:54:17.601082 IP 192.168.5.109 > 192.168.6.120: ICMP echo request, id 1, seq 39, length 40
08:54:17.613875 IP 192.168.6.120 > 192.168.5.109: ICMP echo reply, id 1, seq 39, length 40

08:54:22.866606 IP 192.168.5.109 > 192.168.6.202: ICMP echo request, id 1, seq 40, length 40
08:54:27.878093 IP 192.168.5.109 > 192.168.6.202: ICMP echo request, id 1, seq 41, length 40
08:54:32.898184 IP 192.168.5.109 > 192.168.6.202: ICMP echo request, id 1, seq 42, length 40
08:54:37.899076 IP 192.168.5.109 > 192.168.6.202: ICMP echo request, id 1, seq 43, length 40

TinCanTech · Post by **TinCanTech** » Wed Feb 23, 2022 2:35 pm

You have not read this: https://community.openvpn.net/openvpn/w ... rversubnet

cousinhub · Post by **cousinhub** » Wed Feb 23, 2022 5:15 pm

Why do you think I have not read it ? I have, of course, before asking if there is a problem.
My setup looks like it respect everything said in this document. Of course I might have done a error.
But don't you think that these lines are very strange ?

Code: Select all

18:26:35.632910  In ethertype IPv4 (0x0800), length 76: hubert.xx > photos.home: ICMP echo request, id 1, seq 86, length 40
18:26:35.632985 Out 00:11:32:15:4b:d7 (oui Unknown) ethertype IPv4 (0x0800), length 76: photos.home > hubert.xx: ICMP echo reply, id 1, seq 86, length 40
18:26:35.633271  In e4:5d:51:38:fd:00 (oui Unknown) ethertype IPv4 (0x0800), length 104: box > photos.home: ICMP redirect hubert.xx to host photos.home, length 68
18:26:35.633468  In e4:5d:51:38:fd:00 (oui Unknown) ethertype IPv4 (0x0800), length 76: photos.home > hubert.xx: ICMP echo reply, id 1, seq 86, length 40

If you look a little bit at the time frame, the ICMP is transmitted somehow to the box (network gateway) when it should not be, it has already been answered.
How come the box received the redirect ICMP packet when the IP address is on the OpenVPN gateway ?
What I am doing wrong ?

Hamilleton · Post by **Hamilleton** » Thu Feb 24, 2022 8:39 am

Maybe try drawing a network topology diagram first? It kinda difficult to follow the network setup and problem just by glances at the texts.

cousinhub · Post by **cousinhub** » Thu Feb 24, 2022 9:41 am

So my problem is
All machines on the VPN can ping anything (including 192.168.5.201) apart from 192.168.6.202 which can only be pinged from its own local network.
All others 192.168.6.x can be pinged from anywhere.
The only way to reach the OpenVPN client-gateway is to use 192.168.253.202. To my guess, it means that there is something wrong somewhere and I do not want to leave it like that.
Here is the diagram

cousinhub · Post by **cousinhub** » Wed Mar 02, 2022 9:49 am

Nobody has an idea ?
I have done a little more detailed tcpdump on the NAS client gateway, it is very surprising : it is the answer from 192.168.6.202 to 192.168.5.109 which is redirected to gateway 192.168.6.1 dev eth0 (id 24879). But I have clearly a route to 192.168.5.0/24 via 192.168.253.1 dev tun0.
Is it possible that there is a bug somewhere in OpenVPN Client ?
It does not happen in the OpenVPN server.
I carry on trying to solve it but any help will be more than welcomed.

Code: Select all

tcpdump
07:59:01.731479 IP (tos 0x0, ttl 126, id 10264, offset 0, flags [none], proto ICMP (1), length 60)
    192.168.5.109 > 192.168.6.202: ICMP echo request, id 1, seq 108, length 40
07:59:01.731566 IP (tos 0x0, ttl 64, id 24879, offset 0, flags [none], proto ICMP (1), length 60)
    192.168.6.202 > 192.168.5.109: ICMP echo reply, id 1, seq 108, length 40
07:59:01.731926 IP (tos 0xc0, ttl 64, id 9697, offset 0, flags [none], proto ICMP (1), length 88)
    192.168.6.1 > 192.168.6.202: ICMP redirect 192.168.5.109 to host 192.168.6.202, length 68
	IP (tos 0x0, ttl 63, id 24879, offset 0, flags [none], proto ICMP (1), length 60)
    192.168.6.202 > 192.168.5.109: ICMP echo reply, id 1, seq 108, length 40
07:59:01.732125 IP (tos 0x0, ttl 63, id 24879, offset 0, flags [none], proto ICMP (1), length 60)
    192.168.6.202 > 192.168.5.109: ICMP echo reply, id 1, seq 108, length 40

Code: Select all

ip route show
192.168.6.0/24 dev eth0  proto kernel  scope link  src 192.168.6.202
192.168.5.0/24 via 192.168.253.1 dev tun0
192.168.253.0/24 dev tun0  proto kernel  scope link  src 192.168.253.202
default via 192.168.6.1 dev eth0  src 192.168.6.202

TinCanTech · Post by **TinCanTech** » Wed Mar 02, 2022 3:46 pm

cousinhub wrote: ↑
Mon Feb 14, 2022 7:53 am
between Office , Home and Internet rented dedicated servers

If all else fails then you can contact me privately tincantech at protonmail dot com (Fees will apply)

cousinhub · Post by **cousinhub** » Wed Mar 02, 2022 4:55 pm

To TinCanTech;
Sorry, you told me that I have not read such and such, when I had done, made me work quite a long time to supply information you ask for.
You have not answered one single question I asked so far.
The only suggestion you made was 100% wrong that it was due to a firewall when it was clear with the information that I had already supplied that no firewall could have done this.
And now you are telling me you want to get paid. What for ?
I thought I was speaking with a community. Quite disappointed.

TinCanTech · Post by **TinCanTech** » Wed Mar 02, 2022 5:00 pm

You have a complicated network issue, if you want help solving that then hire somebody who knows how a network works.

As for your VPNs, OpenVPN is doing what you asked it to.

Your question has been up for over two weeks, I am simply offering you an alternate route to a solution.

cousinhub · Post by **cousinhub** » Thu Mar 03, 2022 8:45 am

Found it, I took the time to invert server and client and the problem was still on the same Synology machine which was now acting as a server.
On Synology : in DSM Control Panels -> Network -> Lan interface -> Advanced parameters, there is a parameter "Enable multiple gateways" which add a default route to the Lan Gateway in a specific routing table. In my case, this "hidden" route which you can only see with "ip route show table all" was causing the problem.
Unchecking it solved my problem and seemed to accelerate my pings by a few ms.
Maybe that will help someone one day.

cousinhub · Post by **cousinhub** » Thu Mar 03, 2022 8:52 am

One last comment before closing the subject, I have nothing against you, TinCanTech, but I find very strange that a moderator of support forum of a community software edition offers payed support. I really think that if you want to offer these kind of services, there is nothing wrong about that but you should not be member of the "Forum Team".

300000 · Post by **300000** » Thu Mar 03, 2022 12:31 pm

You need create a folder name CCD and inside that folder create a file name as name of certificate of client NAS openvpn client.

Open that file name then plase in into it

iroute 192.168.6.9 255.255.255.0

At the moment your server dont have any infor how to route back to client network so you cant ping back any machine on client side. After this you can ping all machine and it shoul work for you.

You should research on how to use iroute as it will make and open pn point of connect become node so it is very quickly to deal and simple to correct it

Please make ipforward and NAT routing as you do in server on client side . You must do it in order to make it work for you

cousinhub · Post by **cousinhub** » Thu Mar 03, 2022 1:34 pm

What ? Out of subject, you did not even read all of it before answering. Of course all that was done before even posting my first message.
How could I have ping the other machines if that was not the case ?
I said that I found the solution...

TinCanTech · Post by **TinCanTech** » Thu Mar 03, 2022 2:41 pm

cousinhub wrote: ↑
Thu Mar 03, 2022 8:52 am
One last comment before closing the subject, I have nothing against you, TinCanTech, but I find very strange that a moderator of support forum of a community software edition offers payed support. I really think that if you want to offer these kind of services, there is nothing wrong about that but you should not be member of the "Forum Team".

You run a company and you come here for free help with your network.

I find it very strange that people who run companies are so naive as to think they can get technical support for free.

cousinhub · Post by **cousinhub** » Thu Mar 03, 2022 3:45 pm

I am not naïve at all. You juge people without knowing anything.
I run such a big company. I am alone !
I am obliged to sometimes buy a few software but I can hardly live on what I earn.
Please forgive to have dare asking a few questions on a public support forum (at least that's what the header says) which you have not answered but only kept being judgmental.
I am going now to juge you as well, you really look like taking advantage of your position as a forum moderator to gain contracts.
I wonder if that is the rule for this forum.

At last please note my last post :
I shared the solution adding "Maybe that will help someone one day".

TinCanTech · Post by **TinCanTech** » Thu Mar 03, 2022 4:06 pm

You simply do not understand, your problem was complex and not even related to openvpn.

I volunteer to help with openvpn where I can and if I want to..

I helped you and then it became clear that this was not a problem with openvpn.

So I offered you the choice to hire me to help, just like in the real world.

OpenVPN Support Forum

Why can't I ping the local address of my OpenVPN gateway ?

Why can't I ping the local address of my OpenVPN gateway ?

Re: Why can't I ping the local address of my OpenVPN gateway ?

Re: Why can't I ping the local address of my OpenVPN gateway ?

Re: Why can't I ping the local address of my OpenVPN gateway ?

Re: Why can't I ping the local address of my OpenVPN gateway ?

Re: Why can't I ping the local address of my OpenVPN gateway ?

Re: Why can't I ping the local address of my OpenVPN gateway ?

Re: Why can't I ping the local address of my OpenVPN gateway ?

Re: Why can't I ping the local address of my OpenVPN gateway ?

Re: Why can't I ping the local address of my OpenVPN gateway ?

Re: Why can't I ping the local address of my OpenVPN gateway ?

Re: Why can't I ping the local address of my OpenVPN gateway ?

Re: Why can't I ping the local address of my OpenVPN gateway ?

Re: Why can't I ping the local address of my OpenVPN gateway ?

Re: Why can't I ping the local address of my OpenVPN gateway ?

Re: Why can't I ping the local address of my OpenVPN gateway ?

Re: Why can't I ping the local address of my OpenVPN gateway ?

Re: Why can't I ping the local address of my OpenVPN gateway ?

Re: Why can't I ping the local address of my OpenVPN gateway ?

Re: Why can't I ping the local address of my OpenVPN gateway ?