TAP setup lost internet connection

thisisliam · Post by **thisisliam** » Tue Nov 14, 2023 11:28 pm

Hi all

I am testing a bridged TAP connection between two OpenWRT routers in separate locations. Initially, the connection worked. I then went to configure a WireGuard tunnel on the server and when I selected 'Route Allowed IPs' and saved I lost internet connection. I have since deleted my WireGuard interfaces and firewall settings. I can still connect to the server over TAP. I can still ping devices on the servers LAN. I can still ping google.com and 8.8.8.8 - I just cannot access the internet. I figured this was a DNS issue but the fact I can still ping google over the TAP connection client side I'm guessing it's not. I'm at a loss. My logs aren't saying anything I can identify that's causing the issue (verb 5 enabled on both sides). Including my configs below. Please let me know if there's anything else that might help troubleshoot this. If not, next time I'm at the server location I am going to factory reset the router and build the server again.

Server

config openvpn ‘Tap_Server’
list push ‘dhcp-option DNS 192.168.1.1’
option data_ciphers ‘CHACHA20-POLY1305:AES-256-GCM:AES-128-GCM’
option auth ‘SHA256’
option tls_ciphersuites ‘TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384’
option tls_version_min ‘1.3’

option client_to_client ‘1’
option dev ‘tap’
option keepalive ’10 120’
option mssfix ‘1420’
option proto ‘udp’
option persist_key ‘1’
option persist_tun ‘1’
option port ‘1194’
option remote_cert_tls ‘client’

option server_bridge ‘192.168.50.1 255.255.255.0 192.168.50.35 192.168.50.45’
option verb ‘5’
option ifconfig_pool_persist ’/tmp/ipp.txt’
option enabled ‘1’

option ca ‘/etc/openvpn/ca.crt’
option cert ‘/etc/openvpn/Server_SiteA.crt’
option key ‘/etc/openvpn/Server_SiteA.key’
option dh ‘/etc/openvpn/dh.pem’

Client

config openvpn ‘VPN_Tap_Client’
option auth_nocache ‘1’
option data_ciphers ‘CHACHA20-POLY1305:AES-256-GCM:AES-128-GCM
option auth ‘SHA256’
option tls_ciphersuites ‘TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384’
option tls_version_min ‘1.3’
option client ‘1’
option tls_client ‘1’
option resolv_retry ‘infinite’

option dev ‘tap’
option proto ‘udp’
option port ‘1194’
option persist_key ‘1’
option persist_tun ‘1’
option remote_cert_tls ‘server’
option key_direction ‘1’

option verb ‘5’
option reneg_sec ‘0’
option key_direction ‘1’
list remote ‘xxxxxxxxxxxx’

option ca ‘/etc/openvpn/ca.cert’
option cert ‘/etc/openvpn/Client_SiteB_SiteA.crt’
option key ‘/etc/openvpn/Client_SiteB_SiteA.key’

Client Log

Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: Note: --cipher is not set. OpenVPN versions before 2.5 defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers-fallback BF-CBC' to your configuration and/or add BF-CBC to --data-ciphers.
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: Current Parameter Settings:
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: config = 'openvpn-VPN_Tap_Client.conf'
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: mode = 0
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: persist_config = DISABLED
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: persist_mode = 1
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: show_ciphers = DISABLED
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: show_digests = DISABLED
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: show_engines = DISABLED
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: genkey = DISABLED
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: genkey_filename = '[UNDEF]'
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: key_pass_file = '[UNDEF]'
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: show_tls_ciphers = DISABLED
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: connect_retry_max = 0
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: Connection profiles [0]:
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: proto = udp
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: local = '[UNDEF]'
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: local_port = '[UNDEF]'
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: remote = 'xxxxxxxxxxxxx'
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: remote_port = '1194'
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: remote_float = DISABLED
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: bind_defined = DISABLED
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: bind_local = DISABLED
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: bind_ipv6_only = DISABLED
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: connect_retry_seconds = 1
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: connect_timeout = 120
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: socks_proxy_server = '[UNDEF]'
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: socks_proxy_port = '[UNDEF]'
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: tun_mtu = 1500
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: tun_mtu_defined = ENABLED
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: link_mtu = 1500
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: link_mtu_defined = DISABLED
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: tun_mtu_extra = 32
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: tun_mtu_extra_defined = ENABLED
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: tls_mtu = 1250
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: mtu_discover_type = -1
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: fragment = 0
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: mssfix = 1492
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: mssfix_encap = ENABLED
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: mssfix_fixed = DISABLED
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: explicit_exit_notification = 0
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: tls_auth_file = '[UNDEF]'
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: key_direction = 1
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: tls_crypt_file = '[UNDEF]'
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: tls_crypt_v2_file = '[UNDEF]'
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: Connection profiles END
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: remote_random = DISABLED
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: ipchange = '/usr/libexec/openvpn-hotplug ipchange VPN_Tap_Client'
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: dev = 'tap'
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: dev_type = '[UNDEF]'
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: dev_node = '[UNDEF]'
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: lladdr = '[UNDEF]'
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: topology = 1
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: ifconfig_local = '[UNDEF]'
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: ifconfig_remote_netmask = '[UNDEF]'
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: ifconfig_noexec = DISABLED
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: ifconfig_nowarn = DISABLED
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: ifconfig_ipv6_local = '[UNDEF]'
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: ifconfig_ipv6_netbits = 0
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: ifconfig_ipv6_remote = '[UNDEF]'
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: shaper = 0
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: mtu_test = 0
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: mlock = DISABLED
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: keepalive_ping = 0
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: keepalive_timeout = 0
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: inactivity_timeout = 0
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: session_timeout = 0
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: inactivity_minimum_bytes = 0
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: ping_send_timeout = 0
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: ping_rec_timeout = 0
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: ping_rec_timeout_action = 0
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: ping_timer_remote = DISABLED
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: remap_sigusr1 = 0
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: persist_tun = ENABLED
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: persist_local_ip = DISABLED
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: persist_remote_ip = DISABLED
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: persist_key = ENABLED
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: passtos = DISABLED
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: resolve_retry_seconds = 1000000000
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: resolve_in_advance = DISABLED
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: username = '[UNDEF]'
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: groupname = '[UNDEF]'
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: chroot_dir = '[UNDEF]'
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: cd_dir = '/var/etc'
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: writepid = '[UNDEF]'
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: up_script = '/usr/libexec/openvpn-hotplug up VPN_Tap_Client'
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: down_script = '/usr/libexec/openvpn-hotplug down VPN_Tap_Client'
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: down_pre = DISABLED
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: up_restart = DISABLED
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: up_delay = DISABLED
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: daemon = DISABLED
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: log = DISABLED
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: suppress_timestamps = DISABLED
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: machine_readable_output = DISABLED
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: nice = 0
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: verbosity = 5
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: mute = 0
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: status_file = '/var/run/openvpn.VPN_Tap_Client.status'
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: status_file_version = 1
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: status_file_update_freq = 60
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: occ = ENABLED
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: rcvbuf = 0
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: sndbuf = 0
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: mark = 0
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: sockflags = 0
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: fast_io = DISABLED
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: comp.alg = 0
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: comp.flags = 24
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: route_script = '/usr/libexec/openvpn-hotplug route-up VPN_Tap_Client'
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: route_default_gateway = '[UNDEF]'
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: route_default_metric = 0
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: route_noexec = DISABLED
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: route_delay = 0
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: route_delay_window = 30
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: route_delay_defined = DISABLED
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: route_nopull = DISABLED
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: route_gateway_via_dhcp = DISABLED
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: allow_pull_fqdn = DISABLED
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: shared_secret_file = '[UNDEF]'
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: key_direction = 1
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: ciphername = 'BF-CBC'
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: ncp_ciphers = 'AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305'
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: authname = 'SHA256'
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: engine = DISABLED
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: replay = ENABLED
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: mute_replay_warnings = DISABLED
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: replay_window = 64
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: replay_time = 15
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: packet_id_file = '[UNDEF]'
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: test_crypto = DISABLED
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: tls_server = DISABLED
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: tls_client = ENABLED
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: ca_file = '/etc/openvpn/ca.crt'
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: ca_path = '[UNDEF]'
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: dh_file = '[UNDEF]'
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: cert_file = '/etc/openvpn/Client_SiteB_SiteA.crt'
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: extra_certs_file = '[UNDEF]'
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: priv_key_file = '/etc/openvpn/Client_SiteB_SiteA.key'
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: pkcs12_file = '[UNDEF]'
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: cipher_list = '[UNDEF]'
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: cipher_list_tls13 = 'TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384'
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: tls_cert_profile = '[UNDEF]'
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: tls_verify = '[UNDEF]'
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: tls_export_cert = '[UNDEF]'
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: verify_x509_type = 0
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: verify_x509_name = '[UNDEF]'
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: crl_file = '[UNDEF]'
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: ns_cert_type = 0
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: remote_cert_ku = 65535
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: remote_cert_ku = 0
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: remote_cert_ku = 0
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: remote_cert_ku = 0
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: remote_cert_ku = 0
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: remote_cert_ku = 0
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: remote_cert_ku = 0
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: remote_cert_ku = 0
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: remote_cert_ku = 0
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: remote_cert_ku = 0
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: remote_cert_ku[i] = 0
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: remote_cert_ku[i] = 0
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: remote_cert_ku[i] = 0
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: remote_cert_ku[i] = 0
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: remote_cert_ku[i] = 0
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: remote_cert_ku[i] = 0
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: remote_cert_eku = 'TLS Web Server Authentication'
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: ssl_flags = 256
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: tls_timeout = 2
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: renegotiate_bytes = -1
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: renegotiate_packets = 0
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: renegotiate_seconds = 0
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: handshake_window = 60
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: transition_window = 3600
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: single_session = DISABLED
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: push_peer_info = DISABLED
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: tls_exit = DISABLED
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: tls_crypt_v2_metadata = '[UNDEF]'
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: server_network = 0.0.0.0
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: server_netmask = 0.0.0.0
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: server_network_ipv6 = ::
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: server_netbits_ipv6 = 0
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: server_bridge_ip = 0.0.0.0
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: server_bridge_netmask = 0.0.0.0
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: server_bridge_pool_start = 0.0.0.0
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: server_bridge_pool_end = 0.0.0.0
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: ifconfig_pool_defined = DISABLED
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: ifconfig_pool_start = 0.0.0.0
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: ifconfig_pool_end = 0.0.0.0
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: ifconfig_pool_netmask = 0.0.0.0
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: ifconfig_pool_persist_filename = '[UNDEF]'
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: ifconfig_pool_persist_refresh_freq = 600
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: ifconfig_ipv6_pool_defined = DISABLED
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: ifconfig_ipv6_pool_base = ::
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: ifconfig_ipv6_pool_netbits = 0
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: n_bcast_buf = 256
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: tcp_queue_limit = 64
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: real_hash_size = 256
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: virtual_hash_size = 256
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: client_connect_script = '[UNDEF]'
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: learn_address_script = '[UNDEF]'
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: client_disconnect_script = '[UNDEF]'
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: client_crresponse_script = '[UNDEF]'
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: client_config_dir = '[UNDEF]'
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: ccd_exclusive = DISABLED
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: tmp_dir = '/tmp'
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: push_ifconfig_defined = DISABLED
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: push_ifconfig_local = 0.0.0.0
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: push_ifconfig_remote_netmask = 0.0.0.0
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: push_ifconfig_ipv6_defined = DISABLED
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: push_ifconfig_ipv6_local = ::/0
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: push_ifconfig_ipv6_remote = ::
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: enable_c2c = DISABLED
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: duplicate_cn = DISABLED
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: cf_max = 0
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: cf_per = 0
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: cf_initial_max = 100
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: cf_initial_per = 10
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: max_clients = 1024
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: max_routes_per_client = 256
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: auth_user_pass_verify_script = '[UNDEF]'
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: auth_user_pass_verify_script_via_file = DISABLED
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: auth_token_generate = DISABLED
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: auth_token_lifetime = 0
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: auth_token_secret_file = '[UNDEF]'
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: port_share_host = '[UNDEF]'
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: port_share_port = '[UNDEF]'
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: vlan_tagging = DISABLED
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: vlan_accept = all
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: vlan_pvid = 1
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: client = ENABLED
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: pull = ENABLED
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: auth_user_pass_file = '[UNDEF]'
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: OpenVPN 2.6.6 aarch64-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: library versions: OpenSSL 3.0.12 24 Oct 2023, LZO 2.10
Tue Nov 14 15:01:41 2023 daemon.warn openvpn(VPN_Tap_Client)[7904]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: Control Channel MTU parms [ mss_fix:0 max_frag:0 tun_mtu:1250 tun_max_mtu:0 headroom:126 payload:1600 tailroom:126 ET:0 ]
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: Data Channel MTU parms [ mss_fix:0 max_frag:0 tun_mtu:1500 tun_max_mtu:1600 headroom:136 payload:1800 tailroom:568 ET:32 ]
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: TCP/UDP: Preserving recently used remote address: [AF_INET]xxxxxxxxxxxxx
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: Socket Buffers: R=[16777216->16777216] S=[16777216->16777216]
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: UDPv4 link local: (not bound)
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: UDPv4 link remote: [AF_INET]xxxxxxxxxxxxxx
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: TLS: Initial packet from [AF_INET]xxxxxxx, sid=xxxxxxxxxx
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: VERIFY OK: depth=1, CN=SiteA
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: VERIFY KU OK
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: Validating certificate extended key usage
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: VERIFY EKU OK
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: VERIFY OK: depth=0, CN=Server_SiteA
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 521 bit ECsecp521r1, signature: ecdsa-with-SHA256
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: [Server_SiteA] Peer Connection Initiated with [AF_INET]xxxxxxxxxxxxx
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: TLS: tls_multi_process: initial untrusted session promoted to trusted
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 192.168.1.1,route-gateway 192.168.50.1,ping 10,ping-restart 120,ifconfig 192.168.50.35 255.255.255.0,peer-id 1,cipher AES-256-GCM,protocol-flags cc-exit tls-ekm dyn-tls-crypt,tun-mtu 1500'
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: OPTIONS IMPORT: --ifconfig/up options modified
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: OPTIONS IMPORT: route-related options modified
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: OPTIONS IMPORT: tun-mtu set to 1500
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: TUN/TAP device tap0 opened
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: do_ifconfig, ipv4=1, ipv6=0
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: /sbin/ip link set dev tap0 up mtu 1500
Tue Nov 14 15:01:41 2023 kern.info kernel: [60984.990392] tap_lan: port 2(tap0) entered blocking state
Tue Nov 14 15:01:41 2023 kern.info kernel: [60984.990865] tap_lan: port 2(tap0) entered disabled state
Tue Nov 14 15:01:41 2023 kern.info kernel: [60984.991339] tap0: entered allmulticast mode
Tue Nov 14 15:01:41 2023 kern.info kernel: [60984.991861] tap0: entered promiscuous mode
Tue Nov 14 15:01:41 2023 daemon.notice netifd: Network device 'tap0' link is up
Tue Nov 14 15:01:41 2023 daemon.notice netifd: bridge 'tap_lan' link is up
Tue Nov 14 15:01:41 2023 daemon.notice netifd: Interface 'lanvpn' has link connectivity
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: /sbin/ip link set dev tap0 up
Tue Nov 14 15:01:41 2023 kern.info kernel: [60984.992300] tap_lan: port 2(tap0) entered blocking state
Tue Nov 14 15:01:41 2023 kern.info kernel: [60984.992766] tap_lan: port 2(tap0) entered forwarding state
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: /sbin/ip addr add dev tap0 192.168.50.35/24
Tue Nov 14 15:01:41 2023 daemon.info avahi-daemon[3167]: Joining mDNS multicast group on interface tap0.IPv4 with address 192.168.50.35.
Tue Nov 14 15:01:41 2023 daemon.info avahi-daemon[3167]: New relevant interface tap0.IPv4 for mDNS.
Tue Nov 14 15:01:41 2023 daemon.info avahi-daemon[3167]: Registering new address record for 192.168.50.35 on tap0.IPv4.
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: /usr/libexec/openvpn-hotplug up VPN_Tap_Client tap0 1500 0 192.168.50.35 255.255.255.0 init
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: Data Channel MTU parms [ mss_fix:1368 max_frag:0 tun_mtu:1500 tun_max_mtu:1600 headroom:136 payload:1800 tailroom:568 ET:32 ]
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: Outgoing dynamic tls-crypt: Cipher 'AES-256-CTR' initialized with 256 bit key
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: Outgoing dynamic tls-crypt: Using 256 bit message hash 'SHA256' for HMAC authentication
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: Incoming dynamic tls-crypt: Cipher 'AES-256-CTR' initialized with 256 bit key
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: Incoming dynamic tls-crypt: Using 256 bit message hash 'SHA256' for HMAC authentication
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: Initialization Sequence Completed
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: Data Channel: cipher 'AES-256-GCM', peer-id: 1
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: Timers: ping 10, ping-restart 120
Tue Nov 14 15:01:41 2023 daemon.notice openvpn(VPN_Tap_Client)[7904]: Protocol options: protocol-flags cc-exit tls-ekm dyn-tls-crypt
Tue Nov 14 15:03:05 2023 daemon.notice netifd: Network device 'eth0' link is up
Tue Nov 14 15:03:05 2023 kern.info kernel: [61068.898029] rk_gmac-dwmac fe1c0000.ethernet eth0: Link is Up - 1Gbps/Full - flow control off
Tue Nov 14 15:03:05 2023 kern.info kernel: [61068.898802] tap_lan: port 1(eth0) entered blocking state
Tue Nov 14 15:03:05 2023 kern.info kernel: [61068.899269] tap_lan: port 1(eth0) entered forwarding state

thisisliam · Post by **thisisliam** » Wed Nov 15, 2023 7:03 am

Alright, I added the tap0 interface to my LAN > WAN firewall on my server router (Interfaces > Firewall > LAN >> WAN Zone > Advanced Settings > Covered Devices > Add tap0) -- oddly enough, the tap0 device is already bridged to the br-lan...

This additional change has allowed me internet access and I can still see devices on the server LAN. However, on my mac I have internet connection for a few moments and then the connection is lost and my browsers time out. Before I tried adding Wireguard yesterday I had a consistent connection on my mac, albeit slow. If I reboot into Windows/bootcamp, I get a consistent internet connection over the bridge. If I plug the bridged tap interface into an IoT, the device has internet access and speed tests show ~10mbps (which is lower than I would've expected, though I know TAP is going to affect performance.)

I'm wondering if there's something I need to reset in my mac browsers to get this to work. Either way, next time I'm at server location I'm tempted to do a full factory reset and re-configure.

OpenVPN Support Forum

TAP setup lost internet connection

TAP setup lost internet connection

Re: TAP setup lost internet connection