Connection Made, No Data Passes

Need help configuring your VPN? Just post here and you'll get that help.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
eewiz
OpenVpn Newbie
Posts: 8
Joined: Thu Jul 06, 2023 1:34 am

Connection Made, No Data Passes

Post by eewiz » Sat Jul 08, 2023 11:42 pm

Hello All
I'm using OpenVPN v2.6.5 Community.
I spent too many days running between two sites trying to get a site-to-site link to work.
So I set up this environment to allow testing a client-server model in situ.
Following is a diagram of this network setup.
Image
I hope the URL works. I tried to paste the image here, but I surmise that can't be done.
Nope, img tags don't work.
My network diagram is here https://ibb.co/hR563zX.

I've included all of the pertinent information as follows.
The short story is that OpenVPN connects but nothing else works.
There are no functional pings over the tunnel link.

SERVER ROUTE TABLE with SERVER DOWN:

Code: Select all

C:\Windows\system32>route print -4
Interface List:
 11...........................Wintun Userspace Tunnel
  8...d8 bb c1 42 5f bf ......Intel(R) Ethernet Controller (3) I225-V
 20...0a 00 27 00 00 14 ......VirtualBox Host-Only Ethernet Adapter
 19...00 ff ee 5e 78 f6 ......TAP-Windows Adapter V9
 16...........................OpenVPN Data Channel Offload
  1...........................Software Loopback Interface 1
IPv4 Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.2.1      192.168.2.5     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
      192.168.2.0    255.255.255.0         On-link       192.168.2.5    281
      192.168.2.5  255.255.255.255         On-link       192.168.2.5    281
    192.168.2.255  255.255.255.255         On-link       192.168.2.5    281
     192.168.56.0    255.255.255.0         On-link      192.168.56.1    281
     192.168.56.1  255.255.255.255         On-link      192.168.56.1    281
   192.168.56.255  255.255.255.255         On-link      192.168.56.1    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link      192.168.56.1    281
        224.0.0.0        240.0.0.0         On-link       192.168.2.5    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link      192.168.56.1    281
  255.255.255.255  255.255.255.255         On-link       192.168.2.5    281
Persistent Routes:
  None
FROM SERVER SIDE - SERVER DOWN - CLIENT DOWN:

Code: Select all

Ping Google.com -> OK
Ping 192.168.2.any -> OK  (server side router can reach server side hosts)
Ping 192.168.3.any -> TimeOut (server side router can't reach client side hosts)
Ping 10.88.88.0 -> TimeOut
Ping 10.88.88.1 -> TimeOut
Ping 10.88.88.2 -> TimeOut

C:\Windows\system32>tracert 192.168.3.2
Tracing route to 192.168.3.2 over a maximum of 30 hops
  1    <1 ms    <1 ms    <1 ms  192.168.2.1 <-- hit on server side router
  2     *        *        *     Request timed out.
  3     *        *        *     Request timed out. (server side router can't reach client side hosts)
SERVER FIREWALL:

Code: Select all

PS C:\Windows\system32> Show-NetFirewallRule | where {$_.DisplayName -Like "OpenVPN"}  
Name                          : {A342248C-E54A-4CA2-8DB7-6A42ACAF6386}
DisplayName                   : OpenVPN
Description                   : Allow OpenVPN Inbound
DisplayGroup                  :
Group                         :
Enabled                       : True
Profile                       : Any
Platform                      :
Direction                     : Inbound
Action                        : Allow
EdgeTraversalPolicy           : Allow
LooseSourceMapping            : False
LocalOnlyMapping              : False
Owner                         :
PrimaryStatus                 : OK
Status                        : The rule was parsed successfully from the store. (65536)
EnforcementStatus             : NotApplicable
PolicyStoreSource             : PersistentStore
PolicyStoreSourceType         : Local
RemoteDynamicKeywordAddresses :
PolicyAppId                   :

C:\Windows\system32>netsh advfirewall firewall show rule name=OpenVPN
Rule Name:                            OpenVPN
Enabled:                              Yes
Direction:                            In
Profiles:                             Domain,Private,Public
Grouping:
LocalIP:                              Any
RemoteIP:                             Any
Protocol:                             UDP
LocalPort:                            1194
RemotePort:                           0-65535
Edge traversal:                       Yes
Action:                               Allow
Ok.
SERVER SETTINGS:

Code: Select all

[oconf]server 10.88.88.0 255.255.255.0
port 1194
topology subnet
proto udp4
dev tun
windows-driver wintun    [b]# Without this OpenVPN uses the Tap-v9 Adapter[/b]
route 192.168.3.0 255.255.255.0
push "route 192.168.2.0 255.255.255.0"
data-ciphers AES-128-GCM:AES-256-GCM    # Prefer 128, it's faster
ca ca.crt
cert server.crt
key server.key
dh dh.pem
tls-auth ta.key 0
persist-key
persist-tun
ifconfig-pool-persist ipp.txt
status openvpn-status.log
keepalive 10 120
verb 3
mute 20
explicit-exit-notify 1[/oconf]
START SERVER:
SERVER LOG:

Code: Select all

[olog]Sat Jul  8 15:18:59 2023 Note: --data-cipher-fallback with cipher 'AES-256-CBC' disables data channel offload.
Sat Jul  8 15:18:59 2023 --pull-filter ignored for --mode server
Sat Jul  8 15:18:59 2023 OpenVPN 2.6.5 [git:v2.6.5/cbc9e0ce412e7b42] Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] [DCO] built on Jun 13 2023
Sat Jul  8 15:18:59 2023 Windows version 10.0 (Windows 10 or greater), amd64 executable
Sat Jul  8 15:18:59 2023 library versions: OpenSSL 3.1.1 30 May 2023, LZO 2.10
Sat Jul  8 15:18:59 2023 DCO version: v0
Sat Jul  8 15:18:59 2023 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Sat Jul  8 15:18:59 2023 Need hold release from management interface, waiting...
Sat Jul  8 15:19:00 2023 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:15064
Sat Jul  8 15:19:00 2023 MANAGEMENT: CMD 'state on'
Sat Jul  8 15:19:00 2023 MANAGEMENT: CMD 'log on all'
Sat Jul  8 15:19:00 2023 MANAGEMENT: CMD 'echo on all'
Sat Jul  8 15:19:00 2023 MANAGEMENT: CMD 'bytecount 5'
Sat Jul  8 15:19:00 2023 MANAGEMENT: CMD 'state'
Sat Jul  8 15:19:00 2023 MANAGEMENT: CMD 'hold off'
Sat Jul  8 15:19:00 2023 NOTE: --mute triggered...
Sat Jul  8 15:19:00 2023 1 variation(s) on previous 20 message(s) suppressed by --mute
Sat Jul  8 15:19:00 2023 Note: cannot open openvpn-status.log for WRITE
Sat Jul  8 15:19:00 2023 Note: cannot open ipp.txt for READ/WRITE
Sat Jul  8 15:19:00 2023 Diffie-Hellman initialized with 2048 bit key
Sat Jul  8 15:19:00 2023 interactive service msg_channel=816
Sat Jul  8 15:19:00 2023 open_tun
Sat Jul  8 15:19:00 2023 Ring buffers registered via service
Sat Jul  8 15:19:00 2023 wintun device [OpenVPN Wintun] opened
Sat Jul  8 15:19:00 2023 MANAGEMENT: >STATE:1688843940,ASSIGN_IP,,10.88.88.1,,,,
Sat Jul  8 15:19:00 2023 INET address service: add 10.88.88.1/24
Sat Jul  8 15:19:00 2023 IPv4 MTU set to 1500 on interface 11 using service
Sat Jul  8 15:19:00 2023 MANAGEMENT: >STATE:1688843940,ADD_ROUTES,,,,,,
Sat Jul  8 15:19:00 2023 C:\Windows\system32\route.exe ADD 192.168.3.0 MASK 255.255.255.0 10.88.88.2
Sat Jul  8 15:19:00 2023 Route addition via service succeeded
Sat Jul  8 15:19:00 2023 Socket Buffers: R=[65536->65536] S=[65536->65536]
Sat Jul  8 15:19:00 2023 UDPv4 link local (bound): [AF_INET][undef]:1194
Sat Jul  8 15:19:00 2023 UDPv4 link remote: [AF_UNSPEC]
Sat Jul  8 15:19:00 2023 MULTI: multi_init called, r=256 v=256
Sat Jul  8 15:19:00 2023 IFCONFIG POOL IPv4: base=10.88.88.2 size=253
Sat Jul  8 15:19:00 2023 IFCONFIG POOL LIST
Sat Jul  8 15:19:00 2023 Initialization Sequence Completed
Sat Jul  8 15:19:00 2023 MANAGEMENT: >STATE:1688843940,CONNECTED,SUCCESS,10.88.88.1,,,,[/olog]
SERVER ROUTE TABLE with SERVER UP:

Code: Select all

C:\Windows\system32>route print -4
Interface List:
 11...........................Wintun Userspace Tunnel
  8...d8 bb c1 42 5f bf ......Intel(R) Ethernet Controller (3) I225-V
 20...0a 00 27 00 00 14 ......VirtualBox Host-Only Ethernet Adapter
 19...00 ff ee 5e 78 f6 ......TAP-Windows Adapter V9
 16...........................OpenVPN Data Channel Offload
  1...........................Software Loopback Interface 1
IPv4 Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.2.1      192.168.2.5     25
       10.88.88.0    255.255.255.0         On-link        10.88.88.1    261
       10.88.88.1  255.255.255.255         On-link        10.88.88.1    261
     10.88.88.255  255.255.255.255         On-link        10.88.88.1    261
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
      192.168.2.0    255.255.255.0         On-link       192.168.2.5    281
      192.168.2.5  255.255.255.255         On-link       192.168.2.5    281
    192.168.2.255  255.255.255.255         On-link       192.168.2.5    281
      192.168.3.0    255.255.255.0       10.88.88.2       10.88.88.1    261
     192.168.56.0    255.255.255.0         On-link      192.168.56.1    281
     192.168.56.1  255.255.255.255         On-link      192.168.56.1    281
   192.168.56.255  255.255.255.255         On-link      192.168.56.1    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link      192.168.56.1    281
        224.0.0.0        240.0.0.0         On-link       192.168.2.5    281
        224.0.0.0        240.0.0.0         On-link        10.88.88.1    261
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link      192.168.56.1    281
  255.255.255.255  255.255.255.255         On-link       192.168.2.5    281
  255.255.255.255  255.255.255.255         On-link        10.88.88.1    261
Persistent Routes:
  None
FROM SERVER SIDE - SERVER UP - CLIENT DOWN:

Code: Select all

Ping Google.com -> OK
Ping 192.168.2.any -> OK
Ping 192.168.3.any -> TimeOut
Ping 10.88.88.0 -> TimeOut
Ping 10.88.88.1 -> OK
Ping 10.88.88.2 -> TimeOut

C:\Windows\system32>tracert 192.168.3.2
Tracing route to 192.168.3.2 over a maximum of 30 hops
 (no hit on 10.88.88.1 OpenVPN virtual router)
  1     *        *        *     Request timed out.
  2     *        *        *     Request timed out.
CLIENT FIREWALL:

Code: Select all

PS C:\Users\eewiz> Show-NetFirewallRule | where {$_.DisplayName -Like "OpenVPN"}
RETURNS NOTHING ON WINDOWS 11

C:\Users\eewiz> netsh advfirewall firewall show rule name=OpenVPN
Rule Name:                            OpenVPN
Enabled:                              Yes
Direction:                            In
Profiles:                             Domain,Private,Public
Grouping:                             
LocalIP:                              Any
RemoteIP:                             Any
Protocol:                             UDP
LocalPort:                            1194
RemotePort:                           Any
Edge traversal:                       Yes
Action:                               Allow
Ok.
CLIENT SETTINGS:

Code: Select all

[oconf]client
remote 192.168.2.5 1194
# remote future.internet.server 1194
proto udp
dev tun
windows-driver wintun    # Without this OpenVPN uses the Tap-v9 Adapter
nobind
persist-key
persist-tun
ca ca.crt
cert butch.crt
key butch.key
remote-cert-tls server
tls-auth ta.key 1
data-ciphers AES-128-GCM:AES-256-GCM    # Prefer 128, it's faster
verb 3
mute 20[/oconf]
CLIENT ROUTE TABLE with CLIENT DOWN:

Code: Select all

C:\Users\eewiz>route print -4
Interface List
  9...68 1d ef 32 1a 33 ......Realtek PCIe GbE Family Controller
 11...........................Wintun Userspace Tunnel
 13...68 1d ef 32 1a 32 ......Realtek PCIe GbE Family Controller #2
  3...00 ff 25 d7 05 c1 ......TAP-Windows Adapter V9
 14...........................OpenVPN Data Channel Offload
  6...e0 75 26 89 96 93 ......Realtek 8821CE Wireless LAN 802.11ac PCI-E NIC
 10...e0 75 26 89 96 93 ......Microsoft Wi-Fi Direct Virtual Adapter
 12...f2 75 26 89 96 93 ......Microsoft Wi-Fi Direct Virtual Adapter #2
  5...e0 75 26 89 96 94 ......Bluetooth Device (Personal Area Network)
  1...........................Software Loopback Interface 1
IPv4 Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.3.1      192.168.3.2     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
      192.168.3.0    255.255.255.0         On-link       192.168.3.2    281
      192.168.3.2  255.255.255.255         On-link       192.168.3.2    281
    192.168.3.255  255.255.255.255         On-link       192.168.3.2    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link       192.168.3.2    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link       192.168.3.2    281
Persistent Routes:
  None
FROM CLIENT SIDE - SERVER UP - CLIENT DOWN:

Code: Select all

Ping Google.com -> OK
Ping 192.168.2.any -> OK (works because client router's WAN port connects to server router at 192.168.2.40)
Ping 192.168.3.any -> OK
Ping 10.88.88.0 -> TimeOut
Ping 10.88.88.1 -> TimeOut
Ping 10.88.88.2 -> TimeOut

C:\Users\eewiz>tracert 192.168.2.5
Tracing route to MUFF [192.168.2.5]
over a maximum of 30 hops:
  1    <1 ms    <1 ms    <1 ms  console.gl-inet.com [192.168.3.1]
  2     1 ms     1 ms     1 ms  MUFF [192.168.2.5]
Trace complete.
SERVER LOG AFTER CLIENT CONNECTS:

Code: Select all

[oconf]Sat Jul  8 15:28:47 2023 192.168.2.40:57991 VERIFY OK: depth=1, CN=muff
Sat Jul  8 15:28:47 2023 192.168.2.40:57991 VERIFY OK: depth=0, CN=butch
Sat Jul  8 15:28:47 2023 192.168.2.40:57991 peer info: IV_VER=2.6.5
Sat Jul  8 15:28:47 2023 192.168.2.40:57991 peer info: IV_PLAT=win
Sat Jul  8 15:28:47 2023 192.168.2.40:57991 peer info: IV_TCPNL=1
Sat Jul  8 15:28:47 2023 192.168.2.40:57991 peer info: IV_MTU=1600
Sat Jul  8 15:28:47 2023 192.168.2.40:57991 peer info: IV_NCP=2
Sat Jul  8 15:28:47 2023 192.168.2.40:57991 peer info: IV_CIPHERS=AES-128-GCM:AES-256-GCM
Sat Jul  8 15:28:47 2023 192.168.2.40:57991 peer info: IV_PROTO=990
Sat Jul  8 15:28:47 2023 192.168.2.40:57991 peer info: IV_LZO_STUB=1
Sat Jul  8 15:28:47 2023 192.168.2.40:57991 peer info: IV_COMP_STUB=1
Sat Jul  8 15:28:47 2023 192.168.2.40:57991 peer info: IV_COMP_STUBv2=1
Sat Jul  8 15:28:47 2023 192.168.2.40:57991 peer info: IV_GUI_VER=OpenVPN_GUI_11
Sat Jul  8 15:28:47 2023 192.168.2.40:57991 peer info: IV_SSO=openurl,webauth,crtext
Sat Jul  8 15:28:47 2023 192.168.2.40:57991 TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1
Sat Jul  8 15:28:47 2023 192.168.2.40:57991 TLS: tls_multi_process: initial untrusted session promoted to trusted
Sat Jul  8 15:28:47 2023 192.168.2.40:57991 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256
Sat Jul  8 15:28:47 2023 192.168.2.40:57991 [butch] Peer Connection Initiated with [AF_INET]192.168.2.40:57991
Sat Jul  8 15:28:47 2023 butch/192.168.2.40:57991 MULTI_sva: pool returned IPv4=10.88.88.2, IPv6=(Not enabled)
Sat Jul  8 15:28:47 2023 butch/192.168.2.40:57991 MULTI: Learn: 10.88.88.2 -> butch/192.168.2.40:57991
Sat Jul  8 15:28:47 2023 butch/192.168.2.40:57991 MULTI: primary virtual IP for butch/192.168.2.40:57991: 10.88.88.2
Sat Jul  8 15:28:47 2023 butch/192.168.2.40:57991 SENT CONTROL [butch]: 'PUSH_REPLY,route 192.168.2.0 255.255.255.0,route-gateway 10.88.88.1,topology subnet,ping 10,ping-restart 60,ifconfig 10.88.88.2 255.255.255.0,peer-id 0,cipher AES-128-GCM,protocol-flags cc-exit tls-ekm dyn-tls-crypt,tun-mtu 1500' (status=1)
Sat Jul  8 15:28:49 2023 butch/192.168.2.40:57991 Data Channel: cipher 'AES-128-GCM', peer-id: 0
Sat Jul  8 15:28:49 2023 butch/192.168.2.40:57991 Timers: ping 10, ping-restart 120
Sat Jul  8 15:28:49 2023 butch/192.168.2.40:57991 Protocol options: explicit-exit-notify 1, protocol-flags cc-exit tls-ekm dyn-tls-crypt[/oconf]
CLIENT LOG AFTER CLIENT CONNECTS:

Code: Select all

[olog]Sat Jul  8 15:54:45 2023 --windows-driver is set to 'wintun'. Disabling Data Channel Offload
Sat Jul  8 15:54:45 2023 OpenVPN 2.6.5 [git:v2.6.5/cbc9e0ce412e7b42] Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] [DCO] built on Jun 13 2023
Sat Jul  8 15:54:45 2023 Windows version 10.0 (Windows 10 or greater), amd64 executable
Sat Jul  8 15:54:45 2023 library versions: OpenSSL 3.1.1 30 May 2023, LZO 2.10
Sat Jul  8 15:54:45 2023 DCO version: v0
Sat Jul  8 15:54:45 2023 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Sat Jul  8 15:54:45 2023 Need hold release from management interface, waiting...
Sat Jul  8 15:54:45 2023 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:62039
Sat Jul  8 15:54:45 2023 MANAGEMENT: CMD 'state on'
Sat Jul  8 15:54:45 2023 MANAGEMENT: CMD 'log on all'
Sat Jul  8 15:54:45 2023 MANAGEMENT: CMD 'echo on all'
Sat Jul  8 15:54:45 2023 MANAGEMENT: CMD 'bytecount 5'
Sat Jul  8 15:54:45 2023 MANAGEMENT: CMD 'state'
Sat Jul  8 15:54:45 2023 MANAGEMENT: CMD 'hold off'
Sat Jul  8 15:54:45 2023 NOTE: --mute triggered...
Sat Jul  8 15:54:45 2023 1 variation(s) on previous 20 message(s) suppressed by --mute
Sat Jul  8 15:54:45 2023 TCP/UDP: Preserving recently used remote address: [AF_INET]192.168.2.5:1194
Sat Jul  8 15:54:45 2023 Socket Buffers: R=[65536->65536] S=[65536->65536]
Sat Jul  8 15:54:45 2023 UDPv4 link local: (not bound)
Sat Jul  8 15:54:45 2023 UDPv4 link remote: [AF_INET]192.168.2.5:1194
Sat Jul  8 15:54:45 2023 MANAGEMENT: >STATE:1688846085,WAIT,,,,,,
Sat Jul  8 15:54:45 2023 MANAGEMENT: >STATE:1688846085,AUTH,,,,,,
Sat Jul  8 15:54:45 2023 TLS: Initial packet from [AF_INET]192.168.2.5:1194, sid=46aa2caf c359e98f
Sat Jul  8 15:54:45 2023 VERIFY OK: depth=1, CN=muff
Sat Jul  8 15:54:45 2023 VERIFY KU OK
Sat Jul  8 15:54:45 2023 Validating certificate extended key usage
Sat Jul  8 15:54:45 2023 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Sat Jul  8 15:54:45 2023 VERIFY EKU OK
Sat Jul  8 15:54:45 2023 NOTE: --mute triggered...
Sat Jul  8 15:54:45 2023 2 variation(s) on previous 20 message(s) suppressed by --mute
Sat Jul  8 15:54:45 2023 [server] Peer Connection Initiated with [AF_INET]192.168.2.5:1194
Sat Jul  8 15:54:45 2023 TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1
Sat Jul  8 15:54:45 2023 TLS: tls_multi_process: initial untrusted session promoted to trusted
Sat Jul  8 15:54:45 2023 PUSH: Received control message: 'PUSH_REPLY,route 192.168.2.0 255.255.255.0,route-gateway 10.88.88.1,topology subnet,ping 10,ping-restart 60,ifconfig 10.88.88.2 255.255.255.0,peer-id 0,cipher AES-128-GCM,protocol-flags cc-exit tls-ekm dyn-tls-crypt,tun-mtu 1500'
Sat Jul  8 15:54:45 2023 OPTIONS IMPORT: --ifconfig/up options modified
Sat Jul  8 15:54:45 2023 OPTIONS IMPORT: route options modified
Sat Jul  8 15:54:45 2023 OPTIONS IMPORT: route-related options modified
Sat Jul  8 15:54:45 2023 OPTIONS IMPORT: tun-mtu set to 1500
Sat Jul  8 15:54:45 2023 interactive service msg_channel=640
Sat Jul  8 15:54:45 2023 open_tun
Sat Jul  8 15:54:45 2023 Ring buffers registered via service
Sat Jul  8 15:54:45 2023 wintun device [OpenVPN Wintun] opened
Sat Jul  8 15:54:45 2023 MANAGEMENT: >STATE:1688846085,ASSIGN_IP,,10.88.88.2,,,,
Sat Jul  8 15:54:45 2023 INET address service: add 10.88.88.2/24
Sat Jul  8 15:54:45 2023 IPv4 MTU set to 1500 on interface 11 using service
Sat Jul  8 15:54:45 2023 MANAGEMENT: >STATE:1688846085,ADD_ROUTES,,,,,,
Sat Jul  8 15:54:45 2023 C:\WINDOWS\system32\route.exe ADD 192.168.2.0 MASK 255.255.255.0 10.88.88.1
Sat Jul  8 15:54:45 2023 Route addition via service succeeded
Sat Jul  8 15:54:45 2023 Initialization Sequence Completed
Sat Jul  8 15:54:45 2023 MANAGEMENT: >STATE:1688846085,CONNECTED,SUCCESS,10.88.88.2,192.168.2.5,1194,,
Sat Jul  8 15:54:45 2023 Data Channel: cipher 'AES-128-GCM', peer-id: 0
Sat Jul  8 15:54:45 2023 Timers: ping 10, ping-restart 60
Sat Jul  8 15:54:45 2023 Protocol options: protocol-flags cc-exit tls-ekm dyn-tls-crypt[/olog]
CLIENT ROUTE TABLE with CLIENT UP:

Code: Select all

C:\Users\eewiz>route print -4
Interface List:
  9...68 1d ef 32 1a 33 ......Realtek PCIe GbE Family Controller
 11...........................Wintun Userspace Tunnel
 13...68 1d ef 32 1a 32 ......Realtek PCIe GbE Family Controller #2
  3...00 ff 25 d7 05 c1 ......TAP-Windows Adapter V9
 14...........................OpenVPN Data Channel Offload
  6...e0 75 26 89 96 93 ......Realtek 8821CE Wireless LAN 802.11ac PCI-E NIC
 10...e0 75 26 89 96 93 ......Microsoft Wi-Fi Direct Virtual Adapter
 12...f2 75 26 89 96 93 ......Microsoft Wi-Fi Direct Virtual Adapter #2
  5...e0 75 26 89 96 94 ......Bluetooth Device (Personal Area Network)
  1...........................Software Loopback Interface 1
IPv4 Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.3.1      192.168.3.2     25
       10.88.88.0    255.255.255.0         On-link        10.88.88.2    261
       10.88.88.2  255.255.255.255         On-link        10.88.88.2    261
     10.88.88.255  255.255.255.255         On-link        10.88.88.2    261
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
      192.168.2.0    255.255.255.0       10.88.88.1       10.88.88.2    261
      192.168.3.0    255.255.255.0         On-link       192.168.3.2    281
      192.168.3.2  255.255.255.255         On-link       192.168.3.2    281
    192.168.3.255  255.255.255.255         On-link       192.168.3.2    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link        10.88.88.2    261
        224.0.0.0        240.0.0.0         On-link       192.168.3.2    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link        10.88.88.2    261
  255.255.255.255  255.255.255.255         On-link       192.168.3.2    281
Persistent Routes:
  None
FROM CLIENT SIDE - SERVER UP - CLIENT UP:

Code: Select all

Ping Google.com -> OK
Ping 192.168.2.any -> TimeOut (THIS SHOULD WORK) [works OK if the tunnel is down (tunnel connection has broken this)]
Ping 192.168.3.any -> OK
Ping 10.88.88.0 -> TimeOut
Ping 10.88.88.1 -> TimeOut
Ping 10.88.88.2 -> OK

C:\Users\eewiz>tracert 192.168.2.5
Tracing route to 192.168.3.2 over a maximum of 30 hops
 (no hit on 10.88.88.2 OpenVPN virtual router)
  1     *        *        *     Request timed out.
  2     *        *        *     Request timed out.
FROM SERVER SIDE - SERVER UP - CLIENT UP:

Code: Select all

Ping Google.com -> OK
Ping 192.168.2.any -> OK
Ping 192.168.3.any -> TimeOut (THIS SHOULD WORK) [now that the tunnel is UP, this should work]
Ping 10.88.88.0 -> TimeOut
Ping 10.88.88.1 -> OK
Ping 10.88.88.2 -> TimeOut
SUMMARY:
IN ALL CASES:
All hosts can ping google.com

FROM SERVER SIDE - SERVER DOWN - CLIENT DOWN:
Server host can ping other server side hosts. <-OK
Server host cannot ping any client side hosts. <-OK
Server host cannot ping 10.88.88.1. <-OK

FROM SERVER SIDE - SERVER UP - CLIENT DOWN:
Server host can ping other server side hosts. <-OK
Server host cannot ping any client side hosts. <-OK - client is down
Server host can ping 10.88.88.1. <-OK
Tracert to client side fails to see 10.88.88.1. <-BAD - first hop should be 10.88.88.1 even though client is down

FROM CLIENT SIDE - SERVER UP - CLIENT DOWN:
Client host can ping server side hosts. <-OK - works because client router's WAN port connects to server router at 192.168.2.40.
Client host can ping other client side hosts. <-OK
Client host cannot ping 10.88.88.2. <-OK

FROM CLIENT SIDE - SERVER UP - CLIENT UP:
Client host cannot ping server side hosts. <-NORMAL - opening tunnel connection has rerouted this capability.
Client host can ping other client side hosts. <-OK
Client host cannot ping any server side hosts. <-BAD - now that the tunnel is UP, this should work.
Client host can ping 10.88.88.2. <-OK
Tracert to server side fails to see 10.88.88.2. <-BAD - first hop should be 10.88.88.2

FROM SERVER SIDE - SERVER UP - CLIENT UP:
Server host can ping other server side hosts. <-OK
Server host cannot ping any client side hosts. <-BAD - now that the tunnel is UP, this should work.
Server host can ping 10.88.88.1. <-OK
Tracert to client side fails to see 10.88.88.1. <-BAD - first hop should be 10.88.88.1.

I have been building networks since the days of IPX token ring and WFW v3.11.
But when I started this effort, I knew nothing about OpenVPN.
I have read dozens of articles and posts in order to get this far.
I am at my wits end. I have worked on this for more than a week now.
I pray that some kind soul knows the answer and will post a reply to point out my mistake.

Thank You

All for now
Last edited by eewiz on Sun Jul 09, 2023 3:15 am, edited 1 time in total.
Top
eewiz
OpenVpn Newbie
Posts: 8
Joined: Thu Jul 06, 2023 1:34 am

Re: Connection Made, No Data Passes

Post by eewiz » Sun Jul 09, 2023 3:11 am

Hello All

Now that my post has been made, I can see that the img tags did not work.
My image was not viewable.
I'm trying the img tags here again. Image
Nope, the preview shows only the word "Image", no URL.
In the insert image popup balloon it implies HTTP only.
There is no mention of HTTPS.
My picture URL is an HTTPS URL https://ibb.co/hR563zX.
Even though the URL popup balloon also details HTML only, I can still hope that others will be able to see the image from this HTTPS URL.
If it is true that HTTPS does not work then, I don't have a clue how to get viewers the ability to see my network layout diagram.
I tried the preview button and can see that a URL does appear between the url tags.
Fingers crossed!

All for now
Top
Post Reply

Return to “Configuration”