Page 1 of 1
Openvpn with a nat 4 or 5 clicks and no internet
Posted: Wed Jan 12, 2011 12:43 pm
by jonplanetveo
Hello everybody,
I have a dedicated server used as a web vpn.
So on it, I installed openvpn and a nat to redirect the subnet to eth0
I can access to pages, pretty fastly, but after 4 or 5 clicks the page doesn't load anymore.
When I try to ping the vpn gateway, it responds so I guess it's coming form the nat.
I will post later my configuration, but If someone can already help me, it will be great
Re: Openvpn with a nat 4 or 5 clicks and no internet
Posted: Wed Jan 12, 2011 1:43 pm
by gladiatr72
Hello,
Also post your client and server logs (verb 4 preferred).
-Stephen
Re: Openvpn with a nat 4 or 5 clicks and no internet
Posted: Thu Jan 13, 2011 6:57 am
by jonplanetveo
I configured my openvpn like that :
Serveur config file :
Code: Select all
port 1194
proto udp
dev tun
ca serverkeys/ca.crt
cert serverkeys/servervpn.crt
key serverkeys/servervpn.key
dh serverkeys/dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway"
push "dhcp-option DNS 8.8.8.8 8.8.4.4"
client-to-client
duplicate-cn
keepalive 5 120
cipher AES-256-CBC
comp-lzo
max-clients 10
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
verb 5
Client config file :
Code: Select all
client
dev tun
proto udp
remote <SERVER_IP> 11194
resolv-retry infinite
nobind
keepalive 10 120
ping-timer-rem
persist-key
persist-tun
mute-replay-warnings
tls-client
ca ca.crt
cert clientvpn.crt
key clientvpn.key
cipher AES-256-CBC
comp-lzo
verb 3
pull
Client log :
Code: Select all
Thu Jan 13 11:44:47 2011 us=359000 Current Parameter Settings:
Thu Jan 13 11:44:47 2011 us=359000 config = 'client.ovpn'
Thu Jan 13 11:44:47 2011 us=359000 mode = 0
Thu Jan 13 11:44:47 2011 us=359000 show_ciphers = DISABLED
Thu Jan 13 11:44:47 2011 us=359000 show_digests = DISABLED
Thu Jan 13 11:44:47 2011 us=359000 show_engines = DISABLED
Thu Jan 13 11:44:47 2011 us=359000 genkey = DISABLED
Thu Jan 13 11:44:47 2011 us=359000 key_pass_file = '[UNDEF]'
Thu Jan 13 11:44:47 2011 us=359000 show_tls_ciphers = DISABLED
Thu Jan 13 11:44:47 2011 us=359000 Connection profiles [default]:
Thu Jan 13 11:44:47 2011 us=359000 proto = udp
Thu Jan 13 11:44:47 2011 us=359000 local = '[UNDEF]'
Thu Jan 13 11:44:47 2011 us=359000 local_port = 0
Thu Jan 13 11:44:47 2011 us=359000 remote = '<SERVER IP>'
Thu Jan 13 11:44:47 2011 us=359000 remote_port = 1194
Thu Jan 13 11:44:47 2011 us=359000 remote_float = DISABLED
Thu Jan 13 11:44:47 2011 us=359000 bind_defined = DISABLED
Thu Jan 13 11:44:47 2011 us=359000 bind_local = DISABLED
Thu Jan 13 11:44:47 2011 us=359000 connect_retry_seconds = 5
Thu Jan 13 11:44:47 2011 us=359000 connect_timeout = 10
Thu Jan 13 11:44:47 2011 us=359000 connect_retry_max = 0
Thu Jan 13 11:44:47 2011 us=359000 socks_proxy_server = '[UNDEF]'
Thu Jan 13 11:44:47 2011 us=359000 socks_proxy_port = 0
Thu Jan 13 11:44:47 2011 us=359000 socks_proxy_retry = DISABLED
Thu Jan 13 11:44:47 2011 us=359000 Connection profiles END
Thu Jan 13 11:44:47 2011 us=359000 remote_random = DISABLED
Thu Jan 13 11:44:47 2011 us=359000 ipchange = '[UNDEF]'
Thu Jan 13 11:44:47 2011 us=359000 dev = 'tun'
Thu Jan 13 11:44:47 2011 us=359000 dev_type = '[UNDEF]'
Thu Jan 13 11:44:47 2011 us=359000 dev_node = '[UNDEF]'
Thu Jan 13 11:44:47 2011 us=359000 lladdr = '[UNDEF]'
Thu Jan 13 11:44:47 2011 us=359000 topology = 1
Thu Jan 13 11:44:47 2011 us=359000 tun_ipv6 = DISABLED
Thu Jan 13 11:44:47 2011 us=359000 ifconfig_local = '[UNDEF]'
Thu Jan 13 11:44:47 2011 us=359000 ifconfig_remote_netmask = '[UNDEF]'
Thu Jan 13 11:44:47 2011 us=359000 ifconfig_noexec = DISABLED
Thu Jan 13 11:44:47 2011 us=359000 ifconfig_nowarn = DISABLED
Thu Jan 13 11:44:47 2011 us=359000 shaper = 0
Thu Jan 13 11:44:47 2011 us=359000 tun_mtu = 1500
Thu Jan 13 11:44:47 2011 us=359000 tun_mtu_defined = ENABLED
Thu Jan 13 11:44:47 2011 us=359000 link_mtu = 1500
Thu Jan 13 11:44:47 2011 us=359000 link_mtu_defined = DISABLED
Thu Jan 13 11:44:47 2011 us=359000 tun_mtu_extra = 0
Thu Jan 13 11:44:47 2011 us=359000 tun_mtu_extra_defined = DISABLED
Thu Jan 13 11:44:47 2011 us=359000 fragment = 0
Thu Jan 13 11:44:47 2011 us=359000 mtu_discover_type = -1
Thu Jan 13 11:44:47 2011 us=359000 mtu_test = 0
Thu Jan 13 11:44:47 2011 us=359000 mlock = DISABLED
Thu Jan 13 11:44:47 2011 us=359000 keepalive_ping = 0
Thu Jan 13 11:44:47 2011 us=359000 keepalive_timeout = 0
Thu Jan 13 11:44:47 2011 us=359000 inactivity_timeout = 0
Thu Jan 13 11:44:47 2011 us=359000 ping_send_timeout = 0
Thu Jan 13 11:44:47 2011 us=359000 ping_rec_timeout = 0
Thu Jan 13 11:44:47 2011 us=359000 ping_rec_timeout_action = 0
Thu Jan 13 11:44:47 2011 us=359000 ping_timer_remote = DISABLED
Thu Jan 13 11:44:47 2011 us=359000 remap_sigusr1 = 0
Thu Jan 13 11:44:47 2011 us=359000 explicit_exit_notification = 0
Thu Jan 13 11:44:47 2011 us=359000 persist_tun = ENABLED
Thu Jan 13 11:44:47 2011 us=359000 persist_local_ip = DISABLED
Thu Jan 13 11:44:47 2011 us=359000 persist_remote_ip = DISABLED
Thu Jan 13 11:44:47 2011 us=359000 persist_key = ENABLED
Thu Jan 13 11:44:47 2011 us=359000 mssfix = 1450
Thu Jan 13 11:44:47 2011 us=359000 resolve_retry_seconds = 1000000000
Thu Jan 13 11:44:47 2011 us=359000 username = '[UNDEF]'
Thu Jan 13 11:44:47 2011 us=359000 groupname = '[UNDEF]'
Thu Jan 13 11:44:47 2011 us=359000 chroot_dir = '[UNDEF]'
Thu Jan 13 11:44:47 2011 us=359000 cd_dir = '[UNDEF]'
Thu Jan 13 11:44:47 2011 us=359000 writepid = '[UNDEF]'
Thu Jan 13 11:44:47 2011 us=577000 up_script = '[UNDEF]'
Thu Jan 13 11:44:47 2011 us=577000 down_script = '[UNDEF]'
Thu Jan 13 11:44:47 2011 us=577000 down_pre = DISABLED
Thu Jan 13 11:44:47 2011 us=577000 up_restart = DISABLED
Thu Jan 13 11:44:47 2011 us=577000 up_delay = DISABLED
Thu Jan 13 11:44:47 2011 us=577000 daemon = DISABLED
Thu Jan 13 11:44:47 2011 us=577000 inetd = 0
Thu Jan 13 11:44:47 2011 us=577000 log = DISABLED
Thu Jan 13 11:44:47 2011 us=577000 suppress_timestamps = DISABLED
Thu Jan 13 11:44:47 2011 us=577000 nice = 0
Thu Jan 13 11:44:47 2011 us=577000 verbosity = 4
Thu Jan 13 11:44:47 2011 us=577000 mute = 0
Thu Jan 13 11:44:47 2011 us=577000 gremlin = 0
Thu Jan 13 11:44:47 2011 us=577000 status_file = '[UNDEF]'
Thu Jan 13 11:44:47 2011 us=577000 status_file_version = 1
Thu Jan 13 11:44:47 2011 us=577000 status_file_update_freq = 60
Thu Jan 13 11:44:47 2011 us=577000 occ = ENABLED
Thu Jan 13 11:44:47 2011 us=577000 rcvbuf = 0
Thu Jan 13 11:44:47 2011 us=577000 sndbuf = 0
Thu Jan 13 11:44:47 2011 us=593000 sockflags = 0
Thu Jan 13 11:44:47 2011 us=593000 fast_io = DISABLED
Thu Jan 13 11:44:47 2011 us=593000 lzo = 7
Thu Jan 13 11:44:47 2011 us=593000 route_script = '[UNDEF]'
Thu Jan 13 11:44:47 2011 us=593000 route_default_gateway = '[UNDEF]'
Thu Jan 13 11:44:47 2011 us=593000 route_default_metric = 0
Thu Jan 13 11:44:47 2011 us=593000 route_noexec = DISABLED
Thu Jan 13 11:44:47 2011 us=593000 route_delay = 5
Thu Jan 13 11:44:47 2011 us=593000 route_delay_window = 30
Thu Jan 13 11:44:47 2011 us=593000 route_delay_defined = ENABLED
Thu Jan 13 11:44:47 2011 us=593000 route_nopull = DISABLED
Thu Jan 13 11:44:47 2011 us=593000 route_gateway_via_dhcp = DISABLED
Thu Jan 13 11:44:47 2011 us=593000 max_routes = 100
Thu Jan 13 11:44:47 2011 us=593000 allow_pull_fqdn = DISABLED
Thu Jan 13 11:44:47 2011 us=593000 management_addr = '[UNDEF]'
Thu Jan 13 11:44:47 2011 us=593000 management_port = 0
Thu Jan 13 11:44:47 2011 us=609000 management_user_pass = '[UNDEF]'
Thu Jan 13 11:44:47 2011 us=609000 management_log_history_cache = 250
Thu Jan 13 11:44:47 2011 us=609000 management_echo_buffer_size = 100
Thu Jan 13 11:44:47 2011 us=609000 management_write_peer_info_file = '[UNDEF]'
Thu Jan 13 11:44:47 2011 us=609000 management_client_user = '[UNDEF]'
Thu Jan 13 11:44:47 2011 us=609000 management_client_group = '[UNDEF]'
Thu Jan 13 11:44:47 2011 us=609000 management_flags = 0
Thu Jan 13 11:44:47 2011 us=609000 shared_secret_file = '[UNDEF]'
Thu Jan 13 11:44:47 2011 us=609000 key_direction = 0
Thu Jan 13 11:44:47 2011 us=609000 ciphername_defined = ENABLED
Thu Jan 13 11:44:47 2011 us=609000 ciphername = 'AES-256-CBC'
Thu Jan 13 11:44:47 2011 us=609000 authname_defined = ENABLED
Thu Jan 13 11:44:47 2011 us=609000 authname = 'SHA1'
Thu Jan 13 11:44:47 2011 us=609000 prng_hash = 'SHA1'
Thu Jan 13 11:44:47 2011 us=609000 prng_nonce_secret_len = 16
Thu Jan 13 11:44:47 2011 us=609000 keysize = 0
Thu Jan 13 11:44:47 2011 us=624000 engine = DISABLED
Thu Jan 13 11:44:47 2011 us=624000 replay = ENABLED
Thu Jan 13 11:44:47 2011 us=624000 mute_replay_warnings = DISABLED
Thu Jan 13 11:44:47 2011 us=624000 replay_window = 64
Thu Jan 13 11:44:47 2011 us=624000 replay_time = 15
Thu Jan 13 11:44:47 2011 us=624000 packet_id_file = '[UNDEF]'
Thu Jan 13 11:44:47 2011 us=624000 use_iv = ENABLED
Thu Jan 13 11:44:47 2011 us=624000 test_crypto = DISABLED
Thu Jan 13 11:44:47 2011 us=624000 tls_server = DISABLED
Thu Jan 13 11:44:47 2011 us=624000 tls_client = ENABLED
Thu Jan 13 11:44:47 2011 us=624000 key_method = 2
Thu Jan 13 11:44:47 2011 us=624000 ca_file = 'ca.crt'
Thu Jan 13 11:44:47 2011 us=624000 ca_path = '[UNDEF]'
Thu Jan 13 11:44:47 2011 us=624000 dh_file = '[UNDEF]'
Thu Jan 13 11:44:47 2011 us=624000 cert_file = 'planetclient.crt'
Thu Jan 13 11:44:47 2011 us=624000 priv_key_file = 'planetclient.key'
Thu Jan 13 11:44:47 2011 us=624000 pkcs12_file = '[UNDEF]'
Thu Jan 13 11:44:47 2011 us=624000 cryptoapi_cert = '[UNDEF]'
Thu Jan 13 11:44:47 2011 us=624000 cipher_list = '[UNDEF]'
Thu Jan 13 11:44:47 2011 us=624000 tls_verify = '[UNDEF]'
Thu Jan 13 11:44:47 2011 us=624000 tls_remote = '[UNDEF]'
Thu Jan 13 11:44:47 2011 us=624000 crl_file = '[UNDEF]'
Thu Jan 13 11:44:47 2011 us=624000 ns_cert_type = 0
Thu Jan 13 11:44:47 2011 us=624000 remote_cert_ku[i] = 0
Thu Jan 13 11:44:47 2011 us=624000 remote_cert_ku[i] = 0
Thu Jan 13 11:44:47 2011 us=624000 remote_cert_ku[i] = 0
Thu Jan 13 11:44:47 2011 us=624000 remote_cert_ku[i] = 0
Thu Jan 13 11:44:47 2011 us=624000 remote_cert_ku[i] = 0
Thu Jan 13 11:44:47 2011 us=624000 remote_cert_ku[i] = 0
Thu Jan 13 11:44:47 2011 us=624000 remote_cert_ku[i] = 0
Thu Jan 13 11:44:47 2011 us=624000 remote_cert_ku[i] = 0
Thu Jan 13 11:44:47 2011 us=624000 remote_cert_ku[i] = 0
Thu Jan 13 11:44:47 2011 us=624000 remote_cert_ku[i] = 0
Thu Jan 13 11:44:47 2011 us=655000 remote_cert_ku[i] = 0
Thu Jan 13 11:44:47 2011 us=655000 remote_cert_ku[i] = 0
Thu Jan 13 11:44:47 2011 us=655000 remote_cert_ku[i] = 0
Thu Jan 13 11:44:47 2011 us=655000 remote_cert_ku[i] = 0
Thu Jan 13 11:44:47 2011 us=655000 remote_cert_ku[i] = 0
Thu Jan 13 11:44:47 2011 us=655000 remote_cert_ku[i] = 0
Thu Jan 13 11:44:47 2011 us=655000 remote_cert_eku = '[UNDEF]'
Thu Jan 13 11:44:47 2011 us=655000 tls_timeout = 2
Thu Jan 13 11:44:47 2011 us=655000 renegotiate_bytes = 0
Thu Jan 13 11:44:47 2011 us=655000 renegotiate_packets = 0
Thu Jan 13 11:44:47 2011 us=655000 renegotiate_seconds = 3600
Thu Jan 13 11:44:47 2011 us=655000 handshake_window = 60
Thu Jan 13 11:44:47 2011 us=655000 transition_window = 3600
Thu Jan 13 11:44:47 2011 us=655000 single_session = DISABLED
Thu Jan 13 11:44:47 2011 us=655000 tls_exit = DISABLED
Thu Jan 13 11:44:47 2011 us=655000 tls_auth_file = '[UNDEF]'
Thu Jan 13 11:44:47 2011 us=655000 pkcs11_protected_authentication = DISABLED
Thu Jan 13 11:44:47 2011 us=655000 pkcs11_protected_authentication = DISABLED
Thu Jan 13 11:44:47 2011 us=655000 pkcs11_protected_authentication = DISABLED
Thu Jan 13 11:44:47 2011 us=655000 pkcs11_protected_authentication = DISABLED
Thu Jan 13 11:44:47 2011 us=655000 pkcs11_protected_authentication = DISABLED
Thu Jan 13 11:44:47 2011 us=655000 pkcs11_protected_authentication = DISABLED
Thu Jan 13 11:44:47 2011 us=655000 pkcs11_protected_authentication = DISABLED
Thu Jan 13 11:44:47 2011 us=655000 pkcs11_protected_authentication = DISABLED
Thu Jan 13 11:44:47 2011 us=655000 pkcs11_protected_authentication = DISABLED
Thu Jan 13 11:44:47 2011 us=655000 pkcs11_protected_authentication = DISABLED
Thu Jan 13 11:44:47 2011 us=655000 pkcs11_protected_authentication = DISABLED
Thu Jan 13 11:44:47 2011 us=655000 pkcs11_protected_authentication = DISABLED
Thu Jan 13 11:44:47 2011 us=655000 pkcs11_protected_authentication = DISABLED
Thu Jan 13 11:44:47 2011 us=671000 pkcs11_protected_authentication = DISABLED
Thu Jan 13 11:44:47 2011 us=671000 pkcs11_protected_authentication = DISABLED
Thu Jan 13 11:44:47 2011 us=671000 pkcs11_protected_authentication = DISABLED
Thu Jan 13 11:44:47 2011 us=671000 pkcs11_private_mode = 00000000
Thu Jan 13 11:44:47 2011 us=671000 pkcs11_private_mode = 00000000
Thu Jan 13 11:44:47 2011 us=671000 pkcs11_private_mode = 00000000
Thu Jan 13 11:44:47 2011 us=671000 pkcs11_private_mode = 00000000
Thu Jan 13 11:44:47 2011 us=671000 pkcs11_private_mode = 00000000
Thu Jan 13 11:44:47 2011 us=671000 pkcs11_private_mode = 00000000
Thu Jan 13 11:44:47 2011 us=671000 pkcs11_private_mode = 00000000
Thu Jan 13 11:44:47 2011 us=671000 pkcs11_private_mode = 00000000
Thu Jan 13 11:44:47 2011 us=671000 pkcs11_private_mode = 00000000
Thu Jan 13 11:44:47 2011 us=671000 pkcs11_private_mode = 00000000
Thu Jan 13 11:44:47 2011 us=671000 pkcs11_private_mode = 00000000
Thu Jan 13 11:44:47 2011 us=687000 pkcs11_private_mode = 00000000
Thu Jan 13 11:44:47 2011 us=687000 pkcs11_private_mode = 00000000
Thu Jan 13 11:44:47 2011 us=687000 pkcs11_private_mode = 00000000
Thu Jan 13 11:44:47 2011 us=687000 pkcs11_private_mode = 00000000
Thu Jan 13 11:44:47 2011 us=687000 pkcs11_private_mode = 00000000
Thu Jan 13 11:44:47 2011 us=687000 pkcs11_cert_private = DISABLED
Thu Jan 13 11:44:47 2011 us=687000 pkcs11_cert_private = DISABLED
Thu Jan 13 11:44:47 2011 us=687000 pkcs11_cert_private = DISABLED
Thu Jan 13 11:44:47 2011 us=687000 pkcs11_cert_private = DISABLED
Thu Jan 13 11:44:47 2011 us=687000 pkcs11_cert_private = DISABLED
Thu Jan 13 11:44:47 2011 us=687000 pkcs11_cert_private = DISABLED
Thu Jan 13 11:44:47 2011 us=687000 pkcs11_cert_private = DISABLED
Thu Jan 13 11:44:47 2011 us=687000 pkcs11_cert_private = DISABLED
Thu Jan 13 11:44:47 2011 us=687000 pkcs11_cert_private = DISABLED
Thu Jan 13 11:44:47 2011 us=687000 pkcs11_cert_private = DISABLED
Thu Jan 13 11:44:47 2011 us=702000 pkcs11_cert_private = DISABLED
Thu Jan 13 11:44:47 2011 us=702000 pkcs11_cert_private = DISABLED
Thu Jan 13 11:44:47 2011 us=702000 pkcs11_cert_private = DISABLED
Thu Jan 13 11:44:47 2011 us=702000 pkcs11_cert_private = DISABLED
Thu Jan 13 11:44:47 2011 us=702000 pkcs11_cert_private = DISABLED
Thu Jan 13 11:44:47 2011 us=702000 pkcs11_cert_private = DISABLED
Thu Jan 13 11:44:47 2011 us=702000 pkcs11_pin_cache_period = -1
Thu Jan 13 11:44:47 2011 us=702000 pkcs11_id = '[UNDEF]'
Thu Jan 13 11:44:47 2011 us=702000 pkcs11_id_management = DISABLED
Thu Jan 13 11:44:47 2011 us=702000 server_network = 0.0.0.0
Thu Jan 13 11:44:47 2011 us=702000 server_netmask = 0.0.0.0
Thu Jan 13 11:44:47 2011 us=702000 server_bridge_ip = 0.0.0.0
Thu Jan 13 11:44:47 2011 us=702000 server_bridge_netmask = 0.0.0.0
Thu Jan 13 11:44:47 2011 us=702000 server_bridge_pool_start = 0.0.0.0
Thu Jan 13 11:44:47 2011 us=702000 server_bridge_pool_end = 0.0.0.0
Thu Jan 13 11:44:47 2011 us=702000 ifconfig_pool_defined = DISABLED
Thu Jan 13 11:44:47 2011 us=702000 ifconfig_pool_start = 0.0.0.0
Thu Jan 13 11:44:47 2011 us=702000 ifconfig_pool_end = 0.0.0.0
Thu Jan 13 11:44:47 2011 us=702000 ifconfig_pool_netmask = 0.0.0.0
Thu Jan 13 11:44:47 2011 us=702000 ifconfig_pool_persist_filename = '[UNDEF]'
Thu Jan 13 11:44:47 2011 us=702000 ifconfig_pool_persist_refresh_freq = 600
Thu Jan 13 11:44:47 2011 us=702000 n_bcast_buf = 256
Thu Jan 13 11:44:47 2011 us=702000 tcp_queue_limit = 64
Thu Jan 13 11:44:47 2011 us=702000 real_hash_size = 256
Thu Jan 13 11:44:47 2011 us=702000 virtual_hash_size = 256
Thu Jan 13 11:44:47 2011 us=702000 client_connect_script = '[UNDEF]'
Thu Jan 13 11:44:47 2011 us=702000 learn_address_script = '[UNDEF]'
Thu Jan 13 11:44:47 2011 us=702000 client_disconnect_script = '[UNDEF]'
Thu Jan 13 11:44:47 2011 us=702000 client_config_dir = '[UNDEF]'
Thu Jan 13 11:44:47 2011 us=718000 ccd_exclusive = DISABLED
Thu Jan 13 11:44:47 2011 us=718000 tmp_dir = '[UNDEF]'
Thu Jan 13 11:44:47 2011 us=718000 push_ifconfig_defined = DISABLED
Thu Jan 13 11:44:47 2011 us=718000 push_ifconfig_local = 0.0.0.0
Thu Jan 13 11:44:47 2011 us=718000 push_ifconfig_remote_netmask = 0.0.0.0
Thu Jan 13 11:44:47 2011 us=718000 enable_c2c = DISABLED
Thu Jan 13 11:44:47 2011 us=718000 duplicate_cn = DISABLED
Thu Jan 13 11:44:47 2011 us=718000 cf_max = 0
Thu Jan 13 11:44:47 2011 us=718000 cf_per = 0
Thu Jan 13 11:44:47 2011 us=718000 max_clients = 1024
Thu Jan 13 11:44:47 2011 us=718000 max_routes_per_client = 256
Thu Jan 13 11:44:47 2011 us=718000 auth_user_pass_verify_script = '[UNDEF]'
Thu Jan 13 11:44:47 2011 us=718000 auth_user_pass_verify_script_via_file = DISABLED
Thu Jan 13 11:44:47 2011 us=718000 ssl_flags = 0
Thu Jan 13 11:44:47 2011 us=718000 client = ENABLED
Thu Jan 13 11:44:47 2011 us=733000 pull = ENABLED
Thu Jan 13 11:44:47 2011 us=733000 auth_user_pass_file = '[UNDEF]'
Thu Jan 13 11:44:47 2011 us=733000 show_net_up = DISABLED
Thu Jan 13 11:44:47 2011 us=733000 route_method = 0
Thu Jan 13 11:44:47 2011 us=733000 ip_win32_defined = DISABLED
Thu Jan 13 11:44:47 2011 us=733000 ip_win32_type = 3
Thu Jan 13 11:44:47 2011 us=733000 dhcp_masq_offset = 0
Thu Jan 13 11:44:47 2011 us=733000 dhcp_lease_time = 31536000
Thu Jan 13 11:44:47 2011 us=733000 tap_sleep = 0
Thu Jan 13 11:44:47 2011 us=733000 dhcp_options = DISABLED
Thu Jan 13 11:44:47 2011 us=733000 dhcp_renew = DISABLED
Thu Jan 13 11:44:47 2011 us=733000 dhcp_pre_release = DISABLED
Thu Jan 13 11:44:47 2011 us=733000 dhcp_release = DISABLED
Thu Jan 13 11:44:47 2011 us=733000 domain = '[UNDEF]'
Thu Jan 13 11:44:47 2011 us=733000 netbios_scope = '[UNDEF]'
Thu Jan 13 11:44:47 2011 us=733000 netbios_node_type = 0
Thu Jan 13 11:44:47 2011 us=749000 disable_nbt = DISABLED
Thu Jan 13 11:44:47 2011 us=749000 OpenVPN 2.1.1 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Dec 11 2009
Thu Jan 13 11:44:47 2011 us=749000 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Thu Jan 13 11:44:47 2011 us=749000 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Thu Jan 13 11:44:48 2011 us=61000 LZO compression initialized
Thu Jan 13 11:44:48 2011 us=61000 Control Channel MTU parms [ L:1558 D:138 EF:38 EB:0 ET:0 EL:0 ]
Thu Jan 13 11:44:48 2011 us=61000 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ]
Thu Jan 13 11:44:48 2011 us=77000 Local Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-client'
Thu Jan 13 11:44:48 2011 us=77000 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-server'
Thu Jan 13 11:44:48 2011 us=77000 Local Options hash (VER=V4): '22188c5b'
Thu Jan 13 11:44:48 2011 us=77000 Expected Remote Options hash (VER=V4): 'a8f55717'
Thu Jan 13 11:44:48 2011 us=77000 Socket Buffers: R=[8192->8192] S=[8192->8192]
Thu Jan 13 11:44:48 2011 us=77000 UDPv4 link local: [undef]
Thu Jan 13 11:44:48 2011 us=77000 UDPv4 link remote: <SERVER IP>:1194
Thu Jan 13 11:44:48 2011 us=108000 TLS: Initial packet from <SERVER IP>:1194, sid=4ec9be13 3df10220
Thu Jan 13 11:44:48 2011 us=357000 VERIFY OK: depth=1, <KEY SSL SIGNATURE>
Thu Jan 13 11:44:48 2011 us=357000 VERIFY OK: depth=0, <KEY SSL SIGNATURE>
Thu Jan 13 11:44:52 2011 us=211000 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Thu Jan 13 11:44:52 2011 us=211000 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Jan 13 11:44:52 2011 us=211000 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Thu Jan 13 11:44:52 2011 us=211000 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Jan 13 11:44:52 2011 us=211000 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Thu Jan 13 11:44:52 2011 us=211000 [servervpn] Peer Connection Initiated with <SERVER IP>:1194
Thu Jan 13 11:44:54 2011 us=488000 SENT CONTROL [servervpn]: 'PUSH_REQUEST' (status=1)
Thu Jan 13 11:44:54 2011 us=520000 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway,dhcp-option DNS 8.8.8.8 8.8.4.4,route 10.8.0.0 255.255.255.0,ping 5,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5'
Thu Jan 13 11:44:54 2011 us=520000 OPTIONS IMPORT: timers and/or timeouts modified
Thu Jan 13 11:44:54 2011 us=520000 OPTIONS IMPORT: --ifconfig/up options modified
Thu Jan 13 11:44:54 2011 us=520000 OPTIONS IMPORT: route options modified
Thu Jan 13 11:44:54 2011 us=520000 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Thu Jan 13 11:44:54 2011 us=535000 ROUTE default_gateway=192.168.5.1
Thu Jan 13 11:44:54 2011 us=551000 TAP-WIN32 device [Local Area Connection 3] opened: \\.\Global\{1BE1DB53-7543-404F-94F2-65FC1770ED5A}.tap
Thu Jan 13 11:44:54 2011 us=551000 TAP-Win32 Driver Version 9.6
Thu Jan 13 11:44:54 2011 us=551000 TAP-Win32 MTU=1500
Thu Jan 13 11:44:54 2011 us=551000 Notified TAP-Win32 driver to set a DHCP IP/netmask of 10.8.0.6/255.255.255.252 on interface {1BE1DB53-7543-404F-94F2-65FC1770ED5A} [DHCP-serv: 10.8.0.5, lease-time: 31536000]
Thu Jan 13 11:44:54 2011 us=551000 DHCP option string: 06040808 0808
Thu Jan 13 11:44:54 2011 us=551000 Successful ARP Flush on interface [36] {1BE1DB53-7543-404F-94F2-65FC1770ED5A}
Thu Jan 13 11:44:59 2011 us=699000 TEST ROUTES: 2/2 succeeded len=1 ret=1 a=0 u/d=up
Thu Jan 13 11:44:59 2011 us=699000 C:\WINDOWS\system32\route.exe ADD <SERVER IP> MASK 255.255.255.255 192.168.5.1
Thu Jan 13 11:44:59 2011 us=699000 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
Thu Jan 13 11:44:59 2011 us=699000 Route addition via IPAPI succeeded [adaptive]
Thu Jan 13 11:44:59 2011 us=699000 C:\WINDOWS\system32\route.exe DELETE 0.0.0.0 MASK 0.0.0.0 192.168.5.1
Thu Jan 13 11:44:59 2011 us=699000 Route deletion via IPAPI succeeded [adaptive]
Thu Jan 13 11:44:59 2011 us=699000 C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 0.0.0.0 10.8.0.5
Thu Jan 13 11:44:59 2011 us=699000 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Thu Jan 13 11:44:59 2011 us=699000 Route addition via IPAPI succeeded [adaptive]
Thu Jan 13 11:44:59 2011 us=714000 WARNING: potential route subnet conflict between local LAN [10.8.0.4/255.255.255.252] and remote VPN [10.8.0.0/255.255.255.0]
Thu Jan 13 11:44:59 2011 us=714000 C:\WINDOWS\system32\route.exe ADD 10.8.0.0 MASK 255.255.255.0 10.8.0.5
Thu Jan 13 11:44:59 2011 us=714000 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Thu Jan 13 11:44:59 2011 us=714000 Route addition via IPAPI succeeded [adaptive]
Thu Jan 13 11:44:59 2011 us=714000 Initialization Sequence Completed
Thu Jan 13 11:45:14 2011 us=644000 Replay-window backtrack occurred [1]
Thu Jan 13 11:45:49 2011 us=650000 TCP/UDP: Closing socket
Thu Jan 13 11:45:49 2011 us=650000 C:\WINDOWS\system32\route.exe DELETE 10.8.0.0 MASK 255.255.255.0 10.8.0.5
Thu Jan 13 11:45:49 2011 us=650000 Route deletion via IPAPI succeeded [adaptive]
Thu Jan 13 11:45:49 2011 us=650000 C:\WINDOWS\system32\route.exe DELETE <SERVER IP> MASK 255.255.255.255 192.168.5.1
Thu Jan 13 11:45:49 2011 us=650000 Route deletion via IPAPI succeeded [adaptive]
Thu Jan 13 11:45:49 2011 us=650000 C:\WINDOWS\system32\route.exe DELETE 0.0.0.0 MASK 0.0.0.0 10.8.0.5
Thu Jan 13 11:45:49 2011 us=650000 Route deletion via IPAPI succeeded [adaptive]
Thu Jan 13 11:45:49 2011 us=650000 C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 0.0.0.0 192.168.5.1
Thu Jan 13 11:45:49 2011 us=666000 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
Thu Jan 13 11:45:49 2011 us=666000 Route addition via IPAPI succeeded [adaptive]
Thu Jan 13 11:45:49 2011 us=666000 Closing TUN/TAP interface
Thu Jan 13 11:45:49 2011 us=666000 SIGTERM[hard,] received, process exiting
At the end, I disconnected manually but the web was not available since the line :
Code: Select all
Thu Jan 13 11:45:14 2011 us=644000 Replay-window backtrack occurred [1]
By adding in the client log :
it's a bit longer but cut after
Code: Select all
Replay-window backtrack occurred [1]
Replay-window backtrack occurred [2]
Re: Openvpn with a nat 4 or 5 clicks and no internet
Posted: Thu Jan 13, 2011 7:20 am
by krzee
Thu Jan 13 11:44:59 2011 us=714000 WARNING: potential route subnet conflict between local LAN [10.8.0.4/255.255.255.252] and remote VPN [10.8.0.0/255.255.255.0]
what is the client's LAN ip?
your client config says its connecting to port 11194
Re: Openvpn with a nat 4 or 5 clicks and no internet
Posted: Thu Jan 13, 2011 7:33 am
by jonplanetveo
sorry, my mistake, the port is 1194 and the connection between the server and the client is working.
But after a 1 or 2 mins I'm still connected on the vpn but no more Internet.
My local network ip address is 192.168.5.X
Re: Openvpn with a nat 4 or 5 clicks and no internet
Posted: Thu Jan 13, 2011 8:52 am
by krzee
during those 1-2 minutes, if you go to
http://secure-computing.net/ip.php does it show the vpn server ip?
if so, try adding bypass-dhcp after you redirect-gateway
also, when the vpn goes down do you want to stay connected to the internet without the vpn? if so add def1 after redirect-gateway
see the full list of options in the manual:
http://openvpn.net/man-beta
Re: Openvpn with a nat 4 or 5 clicks and no internet
Posted: Thu Jan 13, 2011 9:12 am
by jonplanetveo
I add
Code: Select all
push "redirect-gateway bypass-dhcp def1"
and the result is the same.
During this 1 or 2 mins my public ip becomes the VPN ip and I can access to websites normally blocked.
This is my iptable configuration
Code: Select all
iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain RH-Firewall-1-INPUT (0 references)
target prot opt source
Code: Select all
iptables -L -t nat
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Re: Openvpn with a nat 4 or 5 clicks and no internet
Posted: Thu Jan 13, 2011 9:26 am
by krzee
pls post the server log with verb 5