Access to client local internet and vpn server local network

Need help configuring your VPN? Just post here and you'll get that help.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
bnmdmbrk
OpenVpn Newbie
Posts: 1
Joined: Tue Aug 22, 2023 11:53 am

Access to client local internet and vpn server local network

Post by bnmdmbrk » Tue Aug 22, 2023 12:27 pm

When I connect to openvpn, I want to be able to access the devices in the openvpn local network and use my local internet. But I can only access local internet and openvpn server machine. Can't access devices in local network of openvpn server. I couldn't find where the problem is.

Server.conf

local 13.131.31.36
port 35984
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh.pem
auth SHA512
tls-crypt tc.key
topology subnet
server 13.131.32.0 255.255.255.0
#push "redirect-gateway local"
#push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
ifconfig-pool-persist ipp.txt
keepalive 10 120
data-ciphers AES-256-GCM:AES-256-CBC
user nobody
group nogroup
persist-key
persist-tun
verb 3
crl-verify crl.pem
explicit-exit-notify
auth-nocache
push "route 13.131.31.0 255.255.255.0 13.131.32.1"
push "route 13.131.30.0 255.255.255.0 13.131.32.1"
push "client-to-client"


client.ovpn

client
dev tun
proto udp
remote 13.131.31.36 12345
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
auth SHA512
cipher AES-256-CBC
verb 3
push "route 13.131.30.0 255.255.255.0 13.131.32.1"
push "route 13.131.31.0 255.255.255.0 13.131.32.1"


server - ip route

default via 13.131.31.1 dev eth0 proto dhcp src 13.131.31.36 metric 100
default via 13.131.30.1 dev wlan0 proto dhcp src 13.131.30.11 metric 600
8.8.8.8 via 13.131.30.1 dev wlan0 proto dhcp src 13.131.30.11 metric 600
13.131.30.0/24 dev wlan0 proto kernel scope link src 13.131.30.11 metric 600
13.131.30.1 via 13.131.31.1 dev eth0 proto dhcp src 13.131.31.36 metric 100
13.131.30.1 dev wlan0 proto dhcp scope link src 13.131.30.11 metric 600
13.131.31.0/24 dev eth0 proto kernel scope link src 13.131.31.36 metric 100
13.131.31.1 dev eth0 proto dhcp scope link src 13.131.31.36 metric 100


Client.log

2023-08-22 14:19:09 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
2023-08-22 14:19:09 OpenVPN 2.5.5 Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Dec 15 2021
2023-08-22 14:19:09 Windows version 10.0 (Windows 10 or greater) 64bit
2023-08-22 14:19:09 library versions: OpenSSL 1.1.1l 24 Aug 2021, LZO 2.10
2023-08-22 14:19:09 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
2023-08-22 14:19:09 Need hold release from management interface, waiting...
2023-08-22 14:19:10 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
2023-08-22 14:19:10 MANAGEMENT: CMD 'state on'
2023-08-22 14:19:10 MANAGEMENT: CMD 'log all on'
2023-08-22 14:19:10 MANAGEMENT: CMD 'echo all on'
2023-08-22 14:19:10 MANAGEMENT: CMD 'bytecount 5'
2023-08-22 14:19:10 MANAGEMENT: CMD 'hold off'
2023-08-22 14:19:10 MANAGEMENT: CMD 'hold release'
2023-08-22 14:19:10 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2023-08-22 14:19:10 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2023-08-22 14:19:10 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2023-08-22 14:19:10 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2023-08-22 14:19:10 TCP/UDP: Preserving recently used remote address: [AF_INET]XXX.XXX.XXX.XXX:12345
2023-08-22 14:19:10 Socket Buffers: R=[65536->65536] S=[65536->65536]
2023-08-22 14:19:10 UDP link local: (not bound)
2023-08-22 14:19:10 UDP link remote: [AF_INET]XXX.XXX.XXX.XXX:12345
2023-08-22 14:19:10 MANAGEMENT: >STATE:1692703150,WAIT,,,,,,
2023-08-22 14:19:10 MANAGEMENT: >STATE:1692703150,AUTH,,,,,,
2023-08-22 14:19:10 TLS: Initial packet from [AF_INET]XXX.XXX.XXX.XXX:12345, sid=4f0124e2 f953d9c4
2023-08-22 14:19:10 VERIFY OK: depth=1, CN=Easy-RSA CA
2023-08-22 14:19:10 VERIFY KU OK
2023-08-22 14:19:10 Validating certificate extended key usage
2023-08-22 14:19:10 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2023-08-22 14:19:10 VERIFY EKU OK
2023-08-22 14:19:10 VERIFY OK: depth=0, CN=server
2023-08-22 14:19:10 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1601', remote='link-mtu 1585'
2023-08-22 14:19:10 WARNING: 'keysize' is used inconsistently, local='keysize 256', remote='keysize 128'
2023-08-22 14:19:10 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256
2023-08-22 14:19:10 [server] Peer Connection Initiated with [AF_INET]XXX.XXX.XXX.XXX:12345
2023-08-22 14:19:10 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route 13.131.31.0 255.255.255.0 13.131.32.1,route 13.131.30.0 255.255.255.0 13.131.32.1,client-to-client,route-gateway 13.131.32.1,topology subnet,ping 10,ping-restart 120,ifconfig 13.131.32.2 255.255.255.0,peer-id 1,cipher AES-256-GCM'
2023-08-22 14:19:10 Options error: option 'client-to-client' cannot be used in this context ([PUSH-OPTIONS])
2023-08-22 14:19:10 OPTIONS IMPORT: timers and/or timeouts modified
2023-08-22 14:19:10 OPTIONS IMPORT: --ifconfig/up options modified
2023-08-22 14:19:10 OPTIONS IMPORT: route options modified
2023-08-22 14:19:10 OPTIONS IMPORT: route-related options modified
2023-08-22 14:19:10 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2023-08-22 14:19:10 OPTIONS IMPORT: peer-id set
2023-08-22 14:19:10 OPTIONS IMPORT: adjusting link_mtu to 1624
2023-08-22 14:19:10 OPTIONS IMPORT: data channel crypto options modified
2023-08-22 14:19:10 Data Channel: using negotiated cipher 'AES-256-GCM'
2023-08-22 14:19:10 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2023-08-22 14:19:10 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2023-08-22 14:19:10 interactive service msg_channel=1008
2023-08-22 14:19:10 open_tun
2023-08-22 14:19:10 tap-windows6 device [Yerel Ağ Bağlantısı] opened
2023-08-22 14:19:10 TAP-Windows Driver Version 9.24
2023-08-22 14:19:10 Set TAP-Windows TUN subnet mode network/local/netmask = 13.131.32.0/13.131.32.2/255.255.255.0 [SUCCEEDED]
2023-08-22 14:19:10 Notified TAP-Windows driver to set a DHCP IP/netmask of 13.131.32.2/255.255.255.0 on interface {269323C2-CA34-4A09-A10B-3C465C1A9832} [DHCP-serv: 13.131.32.0, lease-time: 31536000]
2023-08-22 14:19:10 Successful ARP Flush on interface [4] {269323C2-CA34-4A09-A10B-3C465C1A9832}
2023-08-22 14:19:10 MANAGEMENT: >STATE:1692703150,ASSIGN_IP,,13.131.32.2,,,,
2023-08-22 14:19:10 IPv4 MTU set to 1500 on interface 4 using service
2023-08-22 14:19:15 TEST ROUTES: 2/2 succeeded len=2 ret=1 a=0 u/d=up
2023-08-22 14:19:15 MANAGEMENT: >STATE:1692703155,ADD_ROUTES,,,,,,
2023-08-22 14:19:15 C:\WINDOWS\system32\route.exe ADD 13.131.31.0 MASK 255.255.255.0 13.131.32.1
2023-08-22 14:19:15 Route addition via service succeeded
2023-08-22 14:19:15 C:\WINDOWS\system32\route.exe ADD 13.131.30.0 MASK 255.255.255.0 13.131.32.1
2023-08-22 14:19:15 Route addition via service succeeded
2023-08-22 14:19:15 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2023-08-22 14:19:15 Initialization Sequence Completed
2023-08-22 14:19:15 MANAGEMENT: >STATE:1692703155,CONNECTED,SUCCESS,13.131.32.2,XXX.XXX.XXX.XXX,12345,,
2023-08-22 14:19:22 C:\WINDOWS\system32\route.exe DELETE 13.131.31.0 MASK 255.255.255.0 13.131.32.1
2023-08-22 14:19:22 Route deletion via service succeeded
2023-08-22 14:19:22 C:\WINDOWS\system32\route.exe DELETE 13.131.30.0 MASK 255.255.255.0 13.131.32.1
2023-08-22 14:19:22 Route deletion via service succeeded
2023-08-22 14:19:22 Closing TUN/TAP interface
2023-08-22 14:19:22 TAP: DHCP address released
2023-08-22 14:19:22 SIGTERM[hard,] received, process exiting
2023-08-22 14:19:22 MANAGEMENT: >STATE:1692703162,EXITING,SIGTERM,,,,,
2023-08-22 14:30:45 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
2023-08-22 14:30:45 OpenVPN 2.5.5 Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Dec 15 2021
2023-08-22 14:30:45 Windows version 10.0 (Windows 10 or greater) 64bit
2023-08-22 14:30:45 library versions: OpenSSL 1.1.1l 24 Aug 2021, LZO 2.10
2023-08-22 14:30:45 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
2023-08-22 14:30:45 Need hold release from management interface, waiting...
2023-08-22 14:30:46 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
2023-08-22 14:30:46 MANAGEMENT: CMD 'state on'
2023-08-22 14:30:46 MANAGEMENT: CMD 'log all on'
2023-08-22 14:30:46 MANAGEMENT: CMD 'echo all on'
2023-08-22 14:30:46 MANAGEMENT: CMD 'bytecount 5'
2023-08-22 14:30:46 MANAGEMENT: CMD 'hold off'
2023-08-22 14:30:46 MANAGEMENT: CMD 'hold release'
2023-08-22 14:30:46 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2023-08-22 14:30:46 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2023-08-22 14:30:46 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2023-08-22 14:30:46 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2023-08-22 14:30:46 TCP/UDP: Preserving recently used remote address: [AF_INET]XXX.XXX.XXX.XXX:12345
2023-08-22 14:30:46 Socket Buffers: R=[65536->65536] S=[65536->65536]
2023-08-22 14:30:46 UDP link local: (not bound)
2023-08-22 14:30:46 UDP link remote: [AF_INET]XXX.XXX.XXX.XXX:12345
2023-08-22 14:30:46 MANAGEMENT: >STATE:1692703846,WAIT,,,,,,
2023-08-22 14:30:46 MANAGEMENT: >STATE:1692703846,AUTH,,,,,,
2023-08-22 14:30:46 TLS: Initial packet from [AF_INET]XXX.XXX.XXX.XXX:12345, sid=f8e69e29 22426885
2023-08-22 14:30:46 VERIFY OK: depth=1, CN=Easy-RSA CA
2023-08-22 14:30:46 VERIFY KU OK
2023-08-22 14:30:46 Validating certificate extended key usage
2023-08-22 14:30:46 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2023-08-22 14:30:46 VERIFY EKU OK
2023-08-22 14:30:46 VERIFY OK: depth=0, CN=server
2023-08-22 14:30:46 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1601', remote='link-mtu 1585'
2023-08-22 14:30:46 WARNING: 'keysize' is used inconsistently, local='keysize 256', remote='keysize 128'
2023-08-22 14:30:46 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256
2023-08-22 14:30:46 [server] Peer Connection Initiated with [AF_INET]XXX.XXX.XXX.XXX:12345
2023-08-22 14:30:46 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route 13.131.31.0 255.255.255.0 13.131.32.1,route 13.131.30.0 255.255.255.0 13.131.32.1,client-to-client,route-gateway 13.131.32.1,topology subnet,ping 10,ping-restart 120,ifconfig 13.131.32.2 255.255.255.0,peer-id 0,cipher AES-256-GCM'
2023-08-22 14:30:46 Options error: option 'client-to-client' cannot be used in this context ([PUSH-OPTIONS])
2023-08-22 14:30:46 OPTIONS IMPORT: timers and/or timeouts modified
2023-08-22 14:30:46 OPTIONS IMPORT: --ifconfig/up options modified
2023-08-22 14:30:46 OPTIONS IMPORT: route options modified
2023-08-22 14:30:46 OPTIONS IMPORT: route-related options modified
2023-08-22 14:30:46 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2023-08-22 14:30:46 OPTIONS IMPORT: peer-id set
2023-08-22 14:30:46 OPTIONS IMPORT: adjusting link_mtu to 1624
2023-08-22 14:30:46 OPTIONS IMPORT: data channel crypto options modified
2023-08-22 14:30:46 Data Channel: using negotiated cipher 'AES-256-GCM'
2023-08-22 14:30:46 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2023-08-22 14:30:46 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2023-08-22 14:30:46 interactive service msg_channel=664
2023-08-22 14:30:46 open_tun
2023-08-22 14:30:46 tap-windows6 device [Yerel Ağ Bağlantısı] opened
2023-08-22 14:30:46 TAP-Windows Driver Version 9.24
2023-08-22 14:30:46 Set TAP-Windows TUN subnet mode network/local/netmask = 13.131.32.0/13.131.32.2/255.255.255.0 [SUCCEEDED]
2023-08-22 14:30:46 Notified TAP-Windows driver to set a DHCP IP/netmask of 13.131.32.2/255.255.255.0 on interface {269323C2-CA34-4A09-A10B-3C465C1A9832} [DHCP-serv: 13.131.32.0, lease-time: 31536000]
2023-08-22 14:30:46 Successful ARP Flush on interface [4] {269323C2-CA34-4A09-A10B-3C465C1A9832}
2023-08-22 14:30:46 MANAGEMENT: >STATE:1692703846,ASSIGN_IP,,13.131.32.2,,,,
2023-08-22 14:30:46 IPv4 MTU set to 1500 on interface 4 using service
2023-08-22 14:30:51 TEST ROUTES: 2/2 succeeded len=2 ret=1 a=0 u/d=up
2023-08-22 14:30:51 MANAGEMENT: >STATE:1692703851,ADD_ROUTES,,,,,,
2023-08-22 14:30:51 C:\WINDOWS\system32\route.exe ADD 13.131.31.0 MASK 255.255.255.0 13.131.32.1
2023-08-22 14:30:51 Route addition via service succeeded
2023-08-22 14:30:51 C:\WINDOWS\system32\route.exe ADD 13.131.30.0 MASK 255.255.255.0 13.131.32.1
2023-08-22 14:30:51 Route addition via service succeeded
2023-08-22 14:30:51 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2023-08-22 14:30:51 Initialization Sequence Completed
2023-08-22 14:30:51 MANAGEMENT: >STATE:1692703851,CONNECTED,SUCCESS,13.131.32.2,XXX.XXX.XXX.XXX,12345,,
2023-08-22 14:36:00 C:\WINDOWS\system32\route.exe DELETE 13.131.31.0 MASK 255.255.255.0 13.131.32.1
2023-08-22 14:36:00 Route deletion via service succeeded
2023-08-22 14:36:00 C:\WINDOWS\system32\route.exe DELETE 13.131.30.0 MASK 255.255.255.0 13.131.32.1
2023-08-22 14:36:00 Route deletion via service succeeded
2023-08-22 14:36:00 Closing TUN/TAP interface
2023-08-22 14:36:00 TAP: DHCP address released
2023-08-22 14:36:00 SIGTERM[hard,] received, process exiting
2023-08-22 14:36:00 MANAGEMENT: >STATE:1692704160,EXITING,SIGTERM,,,,,
2023-08-22 14:46:30 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
2023-08-22 14:46:30 OpenVPN 2.5.5 Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Dec 15 2021
2023-08-22 14:46:30 Windows version 10.0 (Windows 10 or greater) 64bit
2023-08-22 14:46:30 library versions: OpenSSL 1.1.1l 24 Aug 2021, LZO 2.10
2023-08-22 14:46:30 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
2023-08-22 14:46:30 Need hold release from management interface, waiting...
2023-08-22 14:46:31 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
2023-08-22 14:46:31 MANAGEMENT: CMD 'state on'
2023-08-22 14:46:31 MANAGEMENT: CMD 'log all on'
2023-08-22 14:46:31 MANAGEMENT: CMD 'echo all on'
2023-08-22 14:46:31 MANAGEMENT: CMD 'bytecount 5'
2023-08-22 14:46:31 MANAGEMENT: CMD 'hold off'
2023-08-22 14:46:31 MANAGEMENT: CMD 'hold release'
2023-08-22 14:46:31 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2023-08-22 14:46:31 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2023-08-22 14:46:31 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2023-08-22 14:46:31 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2023-08-22 14:46:31 TCP/UDP: Preserving recently used remote address: [AF_INET]XXX.XXX.XXX.XXX:12345
2023-08-22 14:46:31 Socket Buffers: R=[65536->65536] S=[65536->65536]
2023-08-22 14:46:31 UDP link local: (not bound)
2023-08-22 14:46:31 UDP link remote: [AF_INET]XXX.XXX.XXX.XXX:12345
2023-08-22 14:46:31 MANAGEMENT: >STATE:1692704791,WAIT,,,,,,
2023-08-22 14:46:31 MANAGEMENT: >STATE:1692704791,AUTH,,,,,,
2023-08-22 14:46:31 TLS: Initial packet from [AF_INET]XXX.XXX.XXX.XXX:12345, sid=162ab77b 83006b9d
2023-08-22 14:46:31 VERIFY OK: depth=1, CN=Easy-RSA CA
2023-08-22 14:46:31 VERIFY KU OK
2023-08-22 14:46:31 Validating certificate extended key usage
2023-08-22 14:46:31 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2023-08-22 14:46:31 VERIFY EKU OK
2023-08-22 14:46:31 VERIFY OK: depth=0, CN=server
2023-08-22 14:46:31 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1601', remote='link-mtu 1585'
2023-08-22 14:46:31 WARNING: 'keysize' is used inconsistently, local='keysize 256', remote='keysize 128'
2023-08-22 14:46:31 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256
2023-08-22 14:46:31 [server] Peer Connection Initiated with [AF_INET]XXX.XXX.XXX.XXX:12345
2023-08-22 14:46:31 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route 13.131.31.0 255.255.255.0 13.131.32.1,route 13.131.30.0 255.255.255.0 13.131.32.1,client-to-client,route-gateway 13.131.32.1,topology subnet,ping 10,ping-restart 120,ifconfig 13.131.32.2 255.255.255.0,peer-id 0,cipher AES-256-GCM'
2023-08-22 14:46:31 Options error: option 'client-to-client' cannot be used in this context ([PUSH-OPTIONS])
2023-08-22 14:46:31 OPTIONS IMPORT: timers and/or timeouts modified
2023-08-22 14:46:31 OPTIONS IMPORT: --ifconfig/up options modified
2023-08-22 14:46:31 OPTIONS IMPORT: route options modified
2023-08-22 14:46:31 OPTIONS IMPORT: route-related options modified
2023-08-22 14:46:31 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2023-08-22 14:46:31 OPTIONS IMPORT: peer-id set
2023-08-22 14:46:31 OPTIONS IMPORT: adjusting link_mtu to 1624
2023-08-22 14:46:31 OPTIONS IMPORT: data channel crypto options modified
2023-08-22 14:46:31 Data Channel: using negotiated cipher 'AES-256-GCM'
2023-08-22 14:46:31 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2023-08-22 14:46:31 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2023-08-22 14:46:31 interactive service msg_channel=880
2023-08-22 14:46:31 open_tun
2023-08-22 14:46:31 tap-windows6 device [Yerel Ağ Bağlantısı] opened
2023-08-22 14:46:31 TAP-Windows Driver Version 9.24
2023-08-22 14:46:31 Set TAP-Windows TUN subnet mode network/local/netmask = 13.131.32.0/13.131.32.2/255.255.255.0 [SUCCEEDED]
2023-08-22 14:46:31 Notified TAP-Windows driver to set a DHCP IP/netmask of 13.131.32.2/255.255.255.0 on interface {269323C2-CA34-4A09-A10B-3C465C1A9832} [DHCP-serv: 13.131.32.0, lease-time: 31536000]
2023-08-22 14:46:31 Successful ARP Flush on interface [4] {269323C2-CA34-4A09-A10B-3C465C1A9832}
2023-08-22 14:46:31 MANAGEMENT: >STATE:1692704791,ASSIGN_IP,,13.131.32.2,,,,
2023-08-22 14:46:31 IPv4 MTU set to 1500 on interface 4 using service
2023-08-22 14:46:36 TEST ROUTES: 2/2 succeeded len=2 ret=1 a=0 u/d=up
2023-08-22 14:46:36 MANAGEMENT: >STATE:1692704796,ADD_ROUTES,,,,,,
2023-08-22 14:46:36 C:\WINDOWS\system32\route.exe ADD 13.131.31.0 MASK 255.255.255.0 13.131.32.1
2023-08-22 14:46:36 Route addition via service succeeded
2023-08-22 14:46:36 C:\WINDOWS\system32\route.exe ADD 13.131.30.0 MASK 255.255.255.0 13.131.32.1
2023-08-22 14:46:36 Route addition via service succeeded
2023-08-22 14:46:36 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2023-08-22 14:46:36 Initialization Sequence Completed
2023-08-22 14:46:36 MANAGEMENT: >STATE:1692704796,CONNECTED,SUCCESS,13.131.32.2,XXX.XXX.XXX.XXX,12345,,


Wireshark

15785 8350.782454 13.131.31.36 13.131.32.2 TCP 60 22 → 58156 [ACK] Seq=15218 Ack=5106 Win=64128 Len=0
15786 8360.176615 13.131.32.2 13.131.32.255 BROWSER 243 Host Announcement PC-NAME, Workstation, Server, NT Workstation
15787 8378.458183 13.131.32.2 13.131.32.255 NBNS 92 Name query NB PC-NAME<1c>
15788 8379.215539 13.131.32.2 13.131.32.255 NBNS 92 Name query NB PC-NAME<1c>
15789 8379.976102 13.131.32.2 13.131.32.255 NBNS 92 Name query NB PC-NAME<1c>
15790 8419.924142 13.131.32.2 13.131.31.35 TCP 66 58504 → 22 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 WS=256 SACK_PERM
15791 8420.937567 13.131.32.2 13.131.31.35 TCP 66 [TCP Retransmission] 58504 → 22 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 WS=256 SACK_PERM
15792 8422.949701 13.131.32.2 13.131.31.35 TCP 66 [TCP Retransmission] 58504 → 22 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 WS=256 SACK_PERM
15793 8424.541076 00:ff:26:93:23:c2 00:ff:27:93:23:c2 ARP 42 Who has 13.131.32.1? Tell 13.131.32.2
15794 8425.530942 00:ff:26:93:23:c2 00:ff:27:93:23:c2 ARP 42 Who has 13.131.32.1? Tell 13.131.32.2
15795 8426.534205 00:ff:26:93:23:c2 00:ff:27:93:23:c2 ARP 42 Who has 13.131.32.1? Tell 13.131.32.2
15796 8426.952267 13.131.32.2 13.131.31.35 TCP 66 [TCP Retransmission] 58504 → 22 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 WS=256 SACK_PERM
15797 8434.964341 00:ff:26:93:23:c2 Broadcast ARP 42 Who has 13.131.32.1? Tell 13.131.32.2
15798 8434.964397 00:ff:27:93:23:c2 00:ff:26:93:23:c2 ARP 60 13.131.32.1 is at 00:ff:27:93:23:c2
15799 8434.964508 13.131.32.2 13.131.31.35 TCP 66 [TCP Retransmission] 58504 → 22 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 WS=256 SACK_PERM
Top
pkkrusty
OpenVpn Newbie
Posts: 5
Joined: Thu Oct 27, 2022 7:59 pm

Re: Access to client local internet and vpn server local network

Post by pkkrusty » Sat Sep 02, 2023 8:11 am

Interested if you ever figure this out. I'm having a similar problem.
Top
pkkrusty
OpenVpn Newbie
Posts: 5
Joined: Thu Oct 27, 2022 7:59 pm

Re: Access to client local internet and vpn server local network

Post by pkkrusty » Sat Sep 02, 2023 9:45 am

Got it!

My trouble was in my iptables. Using a raspberry pi, but this might point you in the right direction. I had a working config, and a new 64-bit non-working config. I could connect to the OpenVPN server and access resources on the OpenVPN server itself, but not see the rest of the LAN that the server was on. So clearly a routing issue. In my iptables (/etc/iptables/rules.v4) I see the following key lines:
```
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -i eth0 -p tcp -m tcp --dport 1194 -m comment --comment openvpn-input-rule -j ACCEPT #note that my setup has to use TCP rather than the more common UDP
COMMIT

*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -s 10.12.243.0/24 -o eth0 -m comment --comment openvpn-nat-rule -j MASQUERADE #your IP will vary from mine obviously.
COMMIT
```
My problem was that I initially set up OpenVPN while the machine was on wifi. Then put it in its final place with ethernet cable plugged in. So the VPN tried to bridge traffic through wlan0, and didn't get anywhere. I needed to change `wlan0` to `eth0` in the -A POSTROUTING line.

Not sure if the OpenVPN *filter INPUT ACCEPT policy is necessary, since I already have ACCEPT as default. But I changed `wlan0` to `eth0` there too just in case.
Top
pkkrusty
OpenVpn Newbie
Posts: 5
Joined: Thu Oct 27, 2022 7:59 pm

Re: Access to client local internet and vpn server local network

Post by pkkrusty » Mon Nov 27, 2023 8:50 am

*update

I moved my system to Bookworm (Debian 12) which uses nftables instead of iptables for firewall. This required me to translate my iptable data to nftable. I used the following commands to do it, taken from https://www.server-world.info/en/note?o ... tables&f=1:

iptables-save > ufw-rules.dump
iptables-restore-translate -f ufw-rules.dump > ruleset.nft
nft flush ruleset
nft -f ruleset.nft
nft list ruleset > /etc/nftables.conf

May need to adjust permissions of nftables.conf file...
Top
Post Reply

Return to “Configuration”