Windows Server 2016 try to launch OpenVPN

VPNwbie · Post by **VPNwbie** » Sat Apr 09, 2022 2:08 pm

Hello world.
My first try to using OpenVPN and my first disappointment.

I bought a server based on Windows Server 2016.
HOME PC Windows 10
I want to use this server like VPN (proxy) for change my IP in the internet.

Version SERVER: OpenVPN-2.5.6-I601-amd64.msi
Version CLIENT: SAME

I have read more than 5 step by step guides and repeated them completely, but the result is the same every time. I manage to establish a client-server connection, but there is no Internet on the client.
The last thing I tried was an example from the forum: viewtopic.php?f=7&t=7806

As far as I understand, there are no problems with certificates either.

server.ovpn:

Code: Select all

port 1194
proto udp
dev tun
server 10.0.0.0 255.255.255.0   #you may choose any subnet. 10.0.0.x is used for this example.

ca ca.crt
cert server.crt
key server.key
dh dh.pem

push "redirect-gateway def1"

push "dhcp-option DNS 8.8.8.8"      

#the following commands are optional
keepalive 10 120         
comp-lzo                   
persist-key                
persist-tun                
verb 3                      
log "C:\\Program Files\\OpenVPN\\log\\openvpn.log"
status "C:\\Program Files\\OpenVPN\\log\\status.log"
#last updated May 29, 2011

client.ovpn

Code: Select all

client
dev tun
proto udp
remote MY_SERVER_IP_ADDRESS 1194   

resolv-retry infinite
nobind
persist-key
persist-tun

ca ca.crt
cert client01.crt
key client01.key
ns-cert-type server

comp-lzo
verb 3
explicit-exit-notify 2
ping 10
ping-restart 60

route-method exe
route-delay 2

#last updated June 04, 2011

Windows Firewall rule UDP 1194 on the server and client is ENABLED (Allow).

Routing and Remote Access service automatic and starting.

Network connection is sharing to OpenVPN TAP connection.

IPEnableRouter key in regedit is 0x00000001 (1)

Server log:

Code: Select all

2022-04-09 06:34:33 WARNING: --topology net30 support for server configs with IPv4 pools will be removed in a future release. Please migrate to --topology subnet as soon as possible.
2022-04-09 06:34:33 --cipher is not set. Previous OpenVPN version defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers-fallback BF-CBC' to your configuration and/or add BF-CBC to --data-ciphers.
2022-04-09 06:34:33 OpenVPN 2.5.6 Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Mar 16 2022
2022-04-09 06:34:33 Windows version 10.0 (Windows 10 or greater) 64bit
2022-04-09 06:34:33 library versions: OpenSSL 1.1.1n  15 Mar 2022, LZO 2.10
2022-04-09 06:34:33 Diffie-Hellman initialized with 2048 bit key
2022-04-09 06:34:33 interactive service msg_channel=0
2022-04-09 06:34:33 open_tun
2022-04-09 06:34:33 tap-windows6 device [OpenVPN TAP-Windows6] opened
2022-04-09 06:34:33 TAP-Windows Driver Version 9.24 
2022-04-09 06:34:33 NETSH: C:\Windows\system32\netsh.exe interface ip set address 27 dhcp
2022-04-09 06:34:33 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.0.0.1/255.255.255.252 on interface {D570B78F-672B-4928-BB97-84B3DF95E10B} [DHCP-serv: 10.0.0.2, lease-time: 31536000]
2022-04-09 06:34:33 Sleeping for 10 seconds...
2022-04-09 06:34:43 Successful ARP Flush on interface [27] {D570B78F-672B-4928-BB97-84B3DF95E10B}
2022-04-09 06:34:43 IPv4 MTU set to 1500 on interface 27 using SetIpInterfaceEntry()
2022-04-09 06:34:43 C:\Windows\system32\route.exe ADD 10.0.0.0 MASK 255.255.255.0 10.0.0.2
2022-04-09 06:34:43 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=25 and dwForwardType=4
2022-04-09 06:34:43 Route addition via IPAPI succeeded [adaptive]
2022-04-09 06:34:43 Could not determine IPv4/IPv6 protocol. Using AF_INET6
2022-04-09 06:34:43 Socket Buffers: R=[65536->65536] S=[65536->65536]
2022-04-09 06:34:43 setsockopt(IPV6_V6ONLY=0)
2022-04-09 06:34:43 UDPv6 link local (bound): [AF_INET6][undef]:1194
2022-04-09 06:34:43 UDPv6 link remote: [AF_UNSPEC]
2022-04-09 06:34:43 MULTI: multi_init called, r=256 v=256
2022-04-09 06:34:43 IFCONFIG POOL IPv4: base=10.0.0.4 size=62
2022-04-09 06:34:43 Initialization Sequence Completed
2022-04-09 06:36:12 MY_CLIENT_IP_ADDRESS:50680 TLS: Initial packet from [AF_INET6]::ffff:MY_CLIENT_IP_ADDRESS:50680, sid=142a13b7 dd3a6493
2022-04-09 06:36:12 MY_CLIENT_IP_ADDRESS:50680 VERIFY OK: depth=1, CN=netvn
2022-04-09 06:36:12 MY_CLIENT_IP_ADDRESS:50680 VERIFY OK: depth=0, CN=client01
2022-04-09 06:36:12 MY_CLIENT_IP_ADDRESS:50680 peer info: IV_VER=2.5.6
2022-04-09 06:36:12 MY_CLIENT_IP_ADDRESS:50680 peer info: IV_PLAT=win
2022-04-09 06:36:12 MY_CLIENT_IP_ADDRESS:50680 peer info: IV_PROTO=6
2022-04-09 06:36:12 MY_CLIENT_IP_ADDRESS:50680 peer info: IV_NCP=2
2022-04-09 06:36:12 MY_CLIENT_IP_ADDRESS:50680 peer info: IV_CIPHERS=AES-256-GCM:AES-128-GCM
2022-04-09 06:36:12 MY_CLIENT_IP_ADDRESS:50680 peer info: IV_LZ4=1
2022-04-09 06:36:12 MY_CLIENT_IP_ADDRESS:50680 peer info: IV_LZ4v2=1
2022-04-09 06:36:12 MY_CLIENT_IP_ADDRESS:50680 peer info: IV_LZO=1
2022-04-09 06:36:12 MY_CLIENT_IP_ADDRESS:50680 peer info: IV_COMP_STUB=1
2022-04-09 06:36:12 MY_CLIENT_IP_ADDRESS:50680 peer info: IV_COMP_STUBv2=1
2022-04-09 06:36:12 MY_CLIENT_IP_ADDRESS:50680 peer info: IV_TCPNL=1
2022-04-09 06:36:12 MY_CLIENT_IP_ADDRESS:50680 peer info: IV_GUI_VER=OpenVPN_GUI_11
2022-04-09 06:36:12 MY_CLIENT_IP_ADDRESS:50680 peer info: IV_SSO=openurl,crtext
2022-04-09 06:36:12 MY_CLIENT_IP_ADDRESS:50680 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256
2022-04-09 06:36:12 MY_CLIENT_IP_ADDRESS:50680 [client01] Peer Connection Initiated with [AF_INET6]::ffff:MY_CLIENT_IP_ADDRESS:50680
2022-04-09 06:36:12 client01/MY_CLIENT_IP_ADDRESS:50680 MULTI_sva: pool returned IPv4=10.0.0.6, IPv6=(Not enabled)
2022-04-09 06:36:12 client01/MY_CLIENT_IP_ADDRESS:50680 MULTI: Learn: 10.0.0.6 -> client01/MY_CLIENT_IP_ADDRESS:50680
2022-04-09 06:36:12 client01/MY_CLIENT_IP_ADDRESS:50680 MULTI: primary virtual IP for client01/MY_CLIENT_IP_ADDRESS:50680: 10.0.0.6
2022-04-09 06:36:12 client01/MY_CLIENT_IP_ADDRESS:50680 Data Channel: using negotiated cipher 'AES-256-GCM'
2022-04-09 06:36:12 client01/MY_CLIENT_IP_ADDRESS:50680 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2022-04-09 06:36:12 client01/MY_CLIENT_IP_ADDRESS:50680 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2022-04-09 06:36:12 client01/MY_CLIENT_IP_ADDRESS:50680 SENT CONTROL [client01]: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 8.8.8.8,route 10.0.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.0.0.6 10.0.0.5,peer-id 0,cipher AES-256-GCM' (status=1)
2022-04-09 06:37:44 client01/MY_CLIENT_IP_ADDRESS:50680 SIGTERM[soft,remote-exit] received, client-instance exiting
2022-04-09 06:59:38 MY_CLIENT_IP_ADDRESS:58888 TLS: Initial packet from [AF_INET6]::ffff:MY_CLIENT_IP_ADDRESS:58888, sid=7bad7ae8 e359591c
2022-04-09 06:59:38 MY_CLIENT_IP_ADDRESS:58888 VERIFY OK: depth=1, CN=netvn
2022-04-09 06:59:38 MY_CLIENT_IP_ADDRESS:58888 VERIFY OK: depth=0, CN=client01
2022-04-09 06:59:38 MY_CLIENT_IP_ADDRESS:58888 peer info: IV_VER=2.5.6
2022-04-09 06:59:38 MY_CLIENT_IP_ADDRESS:58888 peer info: IV_PLAT=win
2022-04-09 06:59:38 MY_CLIENT_IP_ADDRESS:58888 peer info: IV_PROTO=6
2022-04-09 06:59:38 MY_CLIENT_IP_ADDRESS:58888 peer info: IV_NCP=2
2022-04-09 06:59:38 MY_CLIENT_IP_ADDRESS:58888 peer info: IV_CIPHERS=AES-256-GCM:AES-128-GCM
2022-04-09 06:59:38 MY_CLIENT_IP_ADDRESS:58888 peer info: IV_LZ4=1
2022-04-09 06:59:38 MY_CLIENT_IP_ADDRESS:58888 peer info: IV_LZ4v2=1
2022-04-09 06:59:38 MY_CLIENT_IP_ADDRESS:58888 peer info: IV_LZO=1
2022-04-09 06:59:38 MY_CLIENT_IP_ADDRESS:58888 peer info: IV_COMP_STUB=1
2022-04-09 06:59:38 MY_CLIENT_IP_ADDRESS:58888 peer info: IV_COMP_STUBv2=1
2022-04-09 06:59:38 MY_CLIENT_IP_ADDRESS:58888 peer info: IV_TCPNL=1
2022-04-09 06:59:38 MY_CLIENT_IP_ADDRESS:58888 peer info: IV_GUI_VER=OpenVPN_GUI_11
2022-04-09 06:59:38 MY_CLIENT_IP_ADDRESS:58888 peer info: IV_SSO=openurl,crtext
2022-04-09 06:59:38 MY_CLIENT_IP_ADDRESS:58888 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256
2022-04-09 06:59:38 MY_CLIENT_IP_ADDRESS:58888 [client01] Peer Connection Initiated with [AF_INET6]::ffff:MY_CLIENT_IP_ADDRESS:58888
2022-04-09 06:59:38 client01/MY_CLIENT_IP_ADDRESS:58888 MULTI_sva: pool returned IPv4=10.0.0.6, IPv6=(Not enabled)
2022-04-09 06:59:38 client01/MY_CLIENT_IP_ADDRESS:58888 MULTI: Learn: 10.0.0.6 -> client01/MY_CLIENT_IP_ADDRESS:58888
2022-04-09 06:59:38 client01/MY_CLIENT_IP_ADDRESS:58888 MULTI: primary virtual IP for client01/MY_CLIENT_IP_ADDRESS:58888: 10.0.0.6
2022-04-09 06:59:38 client01/MY_CLIENT_IP_ADDRESS:58888 Data Channel: using negotiated cipher 'AES-256-GCM'
2022-04-09 06:59:38 client01/MY_CLIENT_IP_ADDRESS:58888 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2022-04-09 06:59:38 client01/MY_CLIENT_IP_ADDRESS:58888 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2022-04-09 06:59:38 client01/MY_CLIENT_IP_ADDRESS:58888 SENT CONTROL [client01]: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 8.8.8.8,route 10.0.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.0.0.6 10.0.0.5,peer-id 0,cipher AES-256-GCM' (status=1)
2022-04-09 06:59:49 client01/MY_CLIENT_IP_ADDRESS:58888 SIGTERM[soft,remote-exit] received, client-instance exiting

client.log

Code: Select all

2022-04-09 16:59:36 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
2022-04-09 16:59:36 --cipher is not set. Previous OpenVPN version defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers-fallback BF-CBC' to your configuration and/or add BF-CBC to --data-ciphers.
2022-04-09 16:59:36 OpenVPN 2.5.6 Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Mar 16 2022
2022-04-09 16:59:36 Windows version 10.0 (Windows 10 or greater) 64bit
2022-04-09 16:59:36 library versions: OpenSSL 1.1.1n  15 Mar 2022, LZO 2.10
2022-04-09 16:59:36 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
2022-04-09 16:59:36 Need hold release from management interface, waiting...
2022-04-09 16:59:36 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
2022-04-09 16:59:36 MANAGEMENT: CMD 'state on'
2022-04-09 16:59:36 MANAGEMENT: CMD 'log all on'
2022-04-09 16:59:37 MANAGEMENT: CMD 'echo all on'
2022-04-09 16:59:37 MANAGEMENT: CMD 'bytecount 5'
2022-04-09 16:59:37 MANAGEMENT: CMD 'hold off'
2022-04-09 16:59:37 MANAGEMENT: CMD 'hold release'
2022-04-09 16:59:37 WARNING: --ns-cert-type is DEPRECATED.  Use --remote-cert-tls instead.
2022-04-09 16:59:37 TCP/UDP: Preserving recently used remote address: [AF_INET]MY_SERVER_IP_ADDRESS:1194
2022-04-09 16:59:37 Socket Buffers: R=[65536->65536] S=[65536->65536]
2022-04-09 16:59:37 UDP link local: (not bound)
2022-04-09 16:59:37 UDP link remote: [AF_INET]MY_SERVER_IP_ADDRESS:1194
2022-04-09 16:59:37 MANAGEMENT: >STATE:1649512777,WAIT,,,,,,
2022-04-09 16:59:37 MANAGEMENT: >STATE:1649512777,AUTH,,,,,,
2022-04-09 16:59:37 TLS: Initial packet from [AF_INET]MY_SERVER_IP_ADDRESS:1194, sid=4a49e546 abb3d769
2022-04-09 16:59:37 VERIFY OK: depth=1, CN=netvn
2022-04-09 16:59:37 VERIFY OK: nsCertType=SERVER
2022-04-09 16:59:37 VERIFY OK: depth=0, CN=server
2022-04-09 16:59:37 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256
2022-04-09 16:59:37 [server] Peer Connection Initiated with [AF_INET]MY_SERVER_IP_ADDRESS:1194
2022-04-09 16:59:37 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 8.8.8.8,route 10.0.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.0.0.6 10.0.0.5,peer-id 0,cipher AES-256-GCM'
2022-04-09 16:59:37 OPTIONS IMPORT: timers and/or timeouts modified
2022-04-09 16:59:37 OPTIONS IMPORT: --ifconfig/up options modified
2022-04-09 16:59:37 OPTIONS IMPORT: route options modified
2022-04-09 16:59:37 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2022-04-09 16:59:37 OPTIONS IMPORT: peer-id set
2022-04-09 16:59:37 OPTIONS IMPORT: adjusting link_mtu to 1625
2022-04-09 16:59:37 OPTIONS IMPORT: data channel crypto options modified
2022-04-09 16:59:37 Data Channel: using negotiated cipher 'AES-256-GCM'
2022-04-09 16:59:37 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2022-04-09 16:59:37 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2022-04-09 16:59:37 interactive service msg_channel=760
2022-04-09 16:59:37 open_tun
2022-04-09 16:59:37 tap-windows6 device [OpenVPN TAP-Windows6] opened
2022-04-09 16:59:37 TAP-Windows Driver Version 9.24 
2022-04-09 16:59:37 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.0.0.6/255.255.255.252 on interface {E3416DB4-4822-4176-A326-908773080E58} [DHCP-serv: 10.0.0.5, lease-time: 31536000]
2022-04-09 16:59:37 Successful ARP Flush on interface [52] {E3416DB4-4822-4176-A326-908773080E58}
2022-04-09 16:59:37 MANAGEMENT: >STATE:1649512777,ASSIGN_IP,,10.0.0.6,,,,
2022-04-09 16:59:37 IPv4 MTU set to 1500 on interface 52 using service
2022-04-09 16:59:39 TEST ROUTES: 2/2 succeeded len=1 ret=1 a=0 u/d=up
2022-04-09 16:59:39 C:\WINDOWS\system32\route.exe ADD MY_SERVER_IP_ADDRESS MASK 255.255.255.255 192.168.0.1
2022-04-09 16:59:39 Route addition via service succeeded
2022-04-09 16:59:39 C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.0.0.5
2022-04-09 16:59:39 Route addition via service succeeded
2022-04-09 16:59:39 C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.0.0.5
2022-04-09 16:59:39 Route addition via service succeeded
2022-04-09 16:59:39 MANAGEMENT: >STATE:1649512779,ADD_ROUTES,,,,,,
2022-04-09 16:59:39 C:\WINDOWS\system32\route.exe ADD 10.0.0.1 MASK 255.255.255.255 10.0.0.5
2022-04-09 16:59:39 Route addition via service succeeded
2022-04-09 16:59:39 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2022-04-09 16:59:39 Initialization Sequence Completed
2022-04-09 16:59:39 MANAGEMENT: >STATE:1649512779,CONNECTED,SUCCESS,10.0.0.6,MY_SERVER_IP_ADDRESS,1194,,
2022-04-09 16:59:48 SIGTERM received, sending exit notification to peer
2022-04-09 16:59:50 C:\WINDOWS\system32\route.exe DELETE 10.0.0.1 MASK 255.255.255.255 10.0.0.5
2022-04-09 16:59:50 Route deletion via service succeeded
2022-04-09 16:59:50 C:\WINDOWS\system32\route.exe DELETE MY_SERVER_IP_ADDRESS MASK 255.255.255.255 192.168.0.1
2022-04-09 16:59:50 Route deletion via service succeeded
2022-04-09 16:59:50 C:\WINDOWS\system32\route.exe DELETE 0.0.0.0 MASK 128.0.0.0 10.0.0.5
2022-04-09 16:59:50 Route deletion via service succeeded
2022-04-09 16:59:50 C:\WINDOWS\system32\route.exe DELETE 128.0.0.0 MASK 128.0.0.0 10.0.0.5
2022-04-09 16:59:50 Route deletion via service succeeded
2022-04-09 16:59:50 Closing TUN/TAP interface
2022-04-09 16:59:50 TAP: DHCP address released
2022-04-09 16:59:50 SIGTERM[soft,exit-with-notification] received, process exiting
2022-04-09 16:59:50 MANAGEMENT: >STATE:1649512790,EXITING,exit-with-notification,,,,,

OpenVPN icon is green, but still have not internet.
I just don't understand what to do anymore.
Any help please...

TinCanTech · Post by **TinCanTech** » Sat Apr 09, 2022 3:33 pm

Using Windows for your VPN server is a bad idea, use Linux.

OpenVPN Support Forum

Windows Server 2016 try to launch OpenVPN

Windows Server 2016 try to launch OpenVPN

Re: Windows Server 2016 try to launch OpenVPN