VPN connects, Ping works but nothing else

LaUs3r · Post by **LaUs3r** » Thu Mar 31, 2011 10:46 pm

Hey people,

I found some posts regarding this problem, but no solutions helped me so far. So here's the thing:
I have a server running at home providing an openvpn-server and want to establish a remote-desktop connection via vpn. The OpenVPN-server is running just fine, I can connect from my girlfriend's laptop and remotely log on to the server. SO the connection works, BUT I want also to be able to connect from work to my server. My company uses a proxy which only allows ports 80 and 443 - at least these ports I used and I know they work.

I'd really appreciate it if you would take a look at the following configs.

IPs:
Gateway: 192.168.178.1
Main IP: 192.168.178.101
VPN Server IP: 10.16.0.1
Dyndns: something.dyndns.org

Client IP: whatever
Client VPN IP: 10.16.0.2

#1 - Server @ Home:

Code: Select all

server 10.16.0.0 255.255.255.0
port 443
proto tcp
dev tap

ca "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\gameServerCa.crt"
cert "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\gameServerUSH.crt"
key "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\gameServerUSH.key"
dh "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\dh1024.pem"

ping-timer-rem
keepalive 10 180
verb 6
route-method exe
route-delay 2

#2 - Client @ Work WITH proxy-file:

Code: Select all

client
remote something.dyndns.org 443
proto tcp
dev tap

ca c:\\programme\\openvpn\\easy-rsa\\keys\\caFlo.crt
cert c:\\programme\\openvpn\\easy-rsa\\keys\\clientFlo.crt
key c:\\programme\\openvpn\\easy-rsa\\keys\\clientFlo.key
ns-cert-type server

verb 6
route-method exe
route-delay 2

So, again, everything works perfectly (remote desktop, etc.) when I use any PC but my work's PC.
Finally I can connect from work's PC to my server and I can ping each way: server --> client, client --> server, BUT no other application like remote desktop, web server, etc. works.

Any ideas? Routing tables?

cheers

Post by **gladiatr72** » Fri Apr 01, 2011 5:48 pm

Hello, person:

When you get a chance, set "verb 4" in your client config and post the log file that's left after you connect.

-S

LaUs3r · Post by **LaUs3r** » Sat Apr 02, 2011 6:31 am

sure, here u go:

Code: Select all

Sat Apr 02 08:22:13 2011 us=281000 Current Parameter Settings:
Sat Apr 02 08:22:13 2011 us=281000   config = 'clientFlo.ovpn'
Sat Apr 02 08:22:13 2011 us=281000   mode = 0
Sat Apr 02 08:22:13 2011 us=281000   show_ciphers = DISABLED
Sat Apr 02 08:22:13 2011 us=281000   show_digests = DISABLED
Sat Apr 02 08:22:13 2011 us=296000   show_engines = DISABLED
Sat Apr 02 08:22:13 2011 us=296000   genkey = DISABLED
Sat Apr 02 08:22:13 2011 us=296000   key_pass_file = '[UNDEF]'
Sat Apr 02 08:22:13 2011 us=296000   show_tls_ciphers = DISABLED
Sat Apr 02 08:22:13 2011 us=296000 Connection profiles [default]:
Sat Apr 02 08:22:13 2011 us=296000   proto = tcp-client
Sat Apr 02 08:22:13 2011 us=296000   local = '[UNDEF]'
Sat Apr 02 08:22:13 2011 us=296000   local_port = 0
Sat Apr 02 08:22:13 2011 us=296000   remote = 'something.dyndns.org'
Sat Apr 02 08:22:13 2011 us=296000   remote_port = 443
Sat Apr 02 08:22:13 2011 us=296000   remote_float = DISABLED
Sat Apr 02 08:22:13 2011 us=296000   bind_defined = DISABLED
Sat Apr 02 08:22:13 2011 us=296000   bind_local = DISABLED
Sat Apr 02 08:22:13 2011 us=296000   connect_retry_seconds = 5
Sat Apr 02 08:22:13 2011 us=296000   connect_timeout = 10
Sat Apr 02 08:22:13 2011 us=296000   connect_retry_max = 0
Sat Apr 02 08:22:13 2011 us=296000 BEGIN http_proxy
Sat Apr 02 08:22:13 2011 us=296000   server = 'proxy.my.office'
Sat Apr 02 08:22:13 2011 us=296000   port = 80
Sat Apr 02 08:22:13 2011 us=296000   auth_method_string = 'ntlm'
Sat Apr 02 08:22:13 2011 us=296000   auth_file = 'c:\Program Files\openvpn\auth'
Sat Apr 02 08:22:13 2011 us=296000   retry = DISABLED
Sat Apr 02 08:22:13 2011 us=296000   timeout = 5
Sat Apr 02 08:22:13 2011 us=296000   http_version = '1.0'
Sat Apr 02 08:22:13 2011 us=296000   user_agent = '[UNDEF]'
Sat Apr 02 08:22:13 2011 us=296000 END http_proxy
Sat Apr 02 08:22:13 2011 us=296000   socks_proxy_server = '[UNDEF]'
Sat Apr 02 08:22:13 2011 us=296000   socks_proxy_port = 0
Sat Apr 02 08:22:13 2011 us=296000   socks_proxy_retry = DISABLED
Sat Apr 02 08:22:13 2011 us=296000 Connection profiles END
Sat Apr 02 08:22:13 2011 us=296000   remote_random = DISABLED
Sat Apr 02 08:22:13 2011 us=296000   ipchange = '[UNDEF]'
Sat Apr 02 08:22:13 2011 us=296000   dev = 'tap'
Sat Apr 02 08:22:13 2011 us=296000   dev_type = '[UNDEF]'
Sat Apr 02 08:22:13 2011 us=296000   dev_node = '[UNDEF]'
Sat Apr 02 08:22:13 2011 us=296000   lladdr = '[UNDEF]'
Sat Apr 02 08:22:13 2011 us=296000   topology = 1
Sat Apr 02 08:22:13 2011 us=296000   tun_ipv6 = DISABLED
Sat Apr 02 08:22:13 2011 us=296000   ifconfig_local = '[UNDEF]'
Sat Apr 02 08:22:13 2011 us=296000   ifconfig_remote_netmask = '[UNDEF]'
Sat Apr 02 08:22:13 2011 us=296000   ifconfig_noexec = DISABLED
Sat Apr 02 08:22:13 2011 us=296000   ifconfig_nowarn = DISABLED
Sat Apr 02 08:22:13 2011 us=296000   shaper = 0
Sat Apr 02 08:22:13 2011 us=296000   tun_mtu = 1500
Sat Apr 02 08:22:13 2011 us=296000   tun_mtu_defined = ENABLED
Sat Apr 02 08:22:13 2011 us=296000   link_mtu = 1500
Sat Apr 02 08:22:13 2011 us=296000   link_mtu_defined = DISABLED
Sat Apr 02 08:22:13 2011 us=296000   tun_mtu_extra = 32
Sat Apr 02 08:22:13 2011 us=296000   tun_mtu_extra_defined = ENABLED
Sat Apr 02 08:22:13 2011 us=296000   fragment = 0
Sat Apr 02 08:22:13 2011 us=296000   mtu_discover_type = -1
Sat Apr 02 08:22:13 2011 us=296000   mtu_test = 0
Sat Apr 02 08:22:13 2011 us=296000   mlock = DISABLED
Sat Apr 02 08:22:13 2011 us=296000   keepalive_ping = 0
Sat Apr 02 08:22:13 2011 us=296000   keepalive_timeout = 0
Sat Apr 02 08:22:13 2011 us=296000   inactivity_timeout = 0
Sat Apr 02 08:22:13 2011 us=296000   ping_send_timeout = 0
Sat Apr 02 08:22:13 2011 us=296000   ping_rec_timeout = 0
Sat Apr 02 08:22:13 2011 us=296000   ping_rec_timeout_action = 0
Sat Apr 02 08:22:13 2011 us=296000   ping_timer_remote = DISABLED
Sat Apr 02 08:22:13 2011 us=296000   remap_sigusr1 = 0
Sat Apr 02 08:22:13 2011 us=296000   explicit_exit_notification = 0
Sat Apr 02 08:22:13 2011 us=296000   persist_tun = DISABLED
Sat Apr 02 08:22:13 2011 us=296000   persist_local_ip = DISABLED
Sat Apr 02 08:22:13 2011 us=296000   persist_remote_ip = DISABLED
Sat Apr 02 08:22:13 2011 us=296000   persist_key = DISABLED
Sat Apr 02 08:22:13 2011 us=296000   mssfix = 1450
Sat Apr 02 08:22:13 2011 us=296000   resolve_retry_seconds = 1000000000
Sat Apr 02 08:22:13 2011 us=296000   username = '[UNDEF]'
Sat Apr 02 08:22:13 2011 us=296000   groupname = '[UNDEF]'
Sat Apr 02 08:22:13 2011 us=296000   chroot_dir = '[UNDEF]'
Sat Apr 02 08:22:13 2011 us=296000   cd_dir = '[UNDEF]'
Sat Apr 02 08:22:13 2011 us=296000   writepid = '[UNDEF]'
Sat Apr 02 08:22:13 2011 us=296000   up_script = '[UNDEF]'
Sat Apr 02 08:22:13 2011 us=296000   down_script = '[UNDEF]'
Sat Apr 02 08:22:13 2011 us=296000   down_pre = DISABLED
Sat Apr 02 08:22:13 2011 us=296000   up_restart = DISABLED
Sat Apr 02 08:22:13 2011 us=296000   up_delay = DISABLED
Sat Apr 02 08:22:13 2011 us=296000   daemon = DISABLED
Sat Apr 02 08:22:13 2011 us=296000   inetd = 0
Sat Apr 02 08:22:13 2011 us=296000   log = DISABLED
Sat Apr 02 08:22:13 2011 us=296000   suppress_timestamps = DISABLED
Sat Apr 02 08:22:13 2011 us=296000   nice = 0
Sat Apr 02 08:22:13 2011 us=296000   verbosity = 4
Sat Apr 02 08:22:13 2011 us=296000   mute = 0
Sat Apr 02 08:22:13 2011 us=296000   gremlin = 0
Sat Apr 02 08:22:13 2011 us=296000   status_file = '[UNDEF]'
Sat Apr 02 08:22:13 2011 us=296000   status_file_version = 1
Sat Apr 02 08:22:13 2011 us=296000   status_file_update_freq = 60
Sat Apr 02 08:22:13 2011 us=296000   occ = ENABLED
Sat Apr 02 08:22:13 2011 us=296000   rcvbuf = 0
Sat Apr 02 08:22:13 2011 us=296000   sndbuf = 0
Sat Apr 02 08:22:13 2011 us=296000   sockflags = 0
Sat Apr 02 08:22:13 2011 us=296000   fast_io = DISABLED
Sat Apr 02 08:22:13 2011 us=296000   lzo = 0
Sat Apr 02 08:22:13 2011 us=296000   route_script = '[UNDEF]'
Sat Apr 02 08:22:13 2011 us=296000   route_default_gateway = '[UNDEF]'
Sat Apr 02 08:22:13 2011 us=296000   route_default_metric = 0
Sat Apr 02 08:22:13 2011 us=296000   route_noexec = DISABLED
Sat Apr 02 08:22:13 2011 us=296000   route_delay = 5
Sat Apr 02 08:22:13 2011 us=296000   route_delay_window = 30
Sat Apr 02 08:22:13 2011 us=296000   route_delay_defined = ENABLED
Sat Apr 02 08:22:13 2011 us=296000   route_nopull = DISABLED
Sat Apr 02 08:22:13 2011 us=296000   route_gateway_via_dhcp = DISABLED
Sat Apr 02 08:22:13 2011 us=296000   max_routes = 100
Sat Apr 02 08:22:13 2011 us=296000   allow_pull_fqdn = DISABLED
Sat Apr 02 08:22:13 2011 us=296000   management_addr = '[UNDEF]'
Sat Apr 02 08:22:13 2011 us=296000   management_port = 0
Sat Apr 02 08:22:13 2011 us=296000   management_user_pass = '[UNDEF]'
Sat Apr 02 08:22:13 2011 us=296000   management_log_history_cache = 250
Sat Apr 02 08:22:13 2011 us=296000   management_echo_buffer_size = 100
Sat Apr 02 08:22:13 2011 us=296000   management_write_peer_info_file = '[UNDEF]'
Sat Apr 02 08:22:13 2011 us=296000   management_client_user = '[UNDEF]'
Sat Apr 02 08:22:13 2011 us=296000   management_client_group = '[UNDEF]'
Sat Apr 02 08:22:13 2011 us=312000   management_flags = 0
Sat Apr 02 08:22:13 2011 us=312000   shared_secret_file = '[UNDEF]'
Sat Apr 02 08:22:13 2011 us=312000   key_direction = 0
Sat Apr 02 08:22:13 2011 us=312000   ciphername_defined = ENABLED
Sat Apr 02 08:22:13 2011 us=312000   ciphername = 'BF-CBC'
Sat Apr 02 08:22:13 2011 us=312000   authname_defined = ENABLED
Sat Apr 02 08:22:13 2011 us=312000   authname = 'SHA1'
Sat Apr 02 08:22:13 2011 us=312000   prng_hash = 'SHA1'
Sat Apr 02 08:22:13 2011 us=312000   prng_nonce_secret_len = 16
Sat Apr 02 08:22:13 2011 us=312000   keysize = 0
Sat Apr 02 08:22:13 2011 us=312000   engine = DISABLED
Sat Apr 02 08:22:13 2011 us=312000   replay = ENABLED
Sat Apr 02 08:22:13 2011 us=312000   mute_replay_warnings = DISABLED
Sat Apr 02 08:22:13 2011 us=312000   replay_window = 64
Sat Apr 02 08:22:13 2011 us=312000   replay_time = 15
Sat Apr 02 08:22:13 2011 us=312000   packet_id_file = '[UNDEF]'
Sat Apr 02 08:22:13 2011 us=312000   use_iv = ENABLED
Sat Apr 02 08:22:13 2011 us=312000   test_crypto = DISABLED
Sat Apr 02 08:22:13 2011 us=312000   tls_server = DISABLED
Sat Apr 02 08:22:13 2011 us=312000   tls_client = ENABLED
Sat Apr 02 08:22:13 2011 us=312000   key_method = 2
Sat Apr 02 08:22:13 2011 us=312000   ca_file = 'c:\Program Files\openvpn\easy-rsa\keys\caFlo.crt'
Sat Apr 02 08:22:13 2011 us=312000   ca_path = '[UNDEF]'
Sat Apr 02 08:22:13 2011 us=312000   dh_file = '[UNDEF]'
Sat Apr 02 08:22:13 2011 us=312000   cert_file = 'c:\Program Files\openvpn\easy-rsa\keys\clientFlo.crt'
Sat Apr 02 08:22:13 2011 us=312000   priv_key_file = 'c:\Program Files\openvpn\easy-rsa\keys\clientFlo.key'
Sat Apr 02 08:22:13 2011 us=312000   pkcs12_file = '[UNDEF]'
Sat Apr 02 08:22:13 2011 us=312000   cryptoapi_cert = '[UNDEF]'
Sat Apr 02 08:22:13 2011 us=312000   cipher_list = '[UNDEF]'
Sat Apr 02 08:22:13 2011 us=312000   tls_verify = '[UNDEF]'
Sat Apr 02 08:22:13 2011 us=312000   tls_remote = '[UNDEF]'
Sat Apr 02 08:22:13 2011 us=312000   crl_file = '[UNDEF]'
Sat Apr 02 08:22:13 2011 us=312000   ns_cert_type = 64
Sat Apr 02 08:22:13 2011 us=312000   remote_cert_ku[i] = 0
Sat Apr 02 08:22:13 2011 us=312000   remote_cert_ku[i] = 0
Sat Apr 02 08:22:13 2011 us=312000   remote_cert_ku[i] = 0
Sat Apr 02 08:22:13 2011 us=312000   remote_cert_ku[i] = 0
Sat Apr 02 08:22:13 2011 us=312000   remote_cert_ku[i] = 0
Sat Apr 02 08:22:13 2011 us=312000   remote_cert_ku[i] = 0
Sat Apr 02 08:22:13 2011 us=312000   remote_cert_ku[i] = 0
Sat Apr 02 08:22:13 2011 us=312000   remote_cert_ku[i] = 0
Sat Apr 02 08:22:13 2011 us=312000   remote_cert_ku[i] = 0
Sat Apr 02 08:22:13 2011 us=312000   remote_cert_ku[i] = 0
Sat Apr 02 08:22:13 2011 us=312000   remote_cert_ku[i] = 0
Sat Apr 02 08:22:13 2011 us=312000   remote_cert_ku[i] = 0
Sat Apr 02 08:22:13 2011 us=312000   remote_cert_ku[i] = 0
Sat Apr 02 08:22:13 2011 us=312000   remote_cert_ku[i] = 0
Sat Apr 02 08:22:13 2011 us=328000   remote_cert_ku[i] = 0
Sat Apr 02 08:22:13 2011 us=328000   remote_cert_ku[i] = 0
Sat Apr 02 08:22:13 2011 us=328000   remote_cert_eku = '[UNDEF]'
Sat Apr 02 08:22:13 2011 us=328000   tls_timeout = 2
Sat Apr 02 08:22:13 2011 us=328000   renegotiate_bytes = 0
Sat Apr 02 08:22:13 2011 us=328000   renegotiate_packets = 0
Sat Apr 02 08:22:13 2011 us=328000   renegotiate_seconds = 3600
Sat Apr 02 08:22:13 2011 us=328000   handshake_window = 60
Sat Apr 02 08:22:13 2011 us=328000   transition_window = 3600
Sat Apr 02 08:22:13 2011 us=328000   single_session = DISABLED
Sat Apr 02 08:22:13 2011 us=328000   push_peer_info = DISABLED
Sat Apr 02 08:22:13 2011 us=328000   tls_exit = DISABLED
Sat Apr 02 08:22:13 2011 us=328000   tls_auth_file = '[UNDEF]'
Sat Apr 02 08:22:13 2011 us=328000   pkcs11_protected_authentication = DISABLED
Sat Apr 02 08:22:13 2011 us=328000   pkcs11_protected_authentication = DISABLED
Sat Apr 02 08:22:13 2011 us=328000   pkcs11_protected_authentication = DISABLED
Sat Apr 02 08:22:13 2011 us=328000   pkcs11_protected_authentication = DISABLED
Sat Apr 02 08:22:13 2011 us=328000   pkcs11_protected_authentication = DISABLED
Sat Apr 02 08:22:13 2011 us=328000   pkcs11_protected_authentication = DISABLED
Sat Apr 02 08:22:13 2011 us=328000   pkcs11_protected_authentication = DISABLED
Sat Apr 02 08:22:13 2011 us=328000   pkcs11_protected_authentication = DISABLED
Sat Apr 02 08:22:13 2011 us=328000   pkcs11_protected_authentication = DISABLED
Sat Apr 02 08:22:13 2011 us=328000   pkcs11_protected_authentication = DISABLED
Sat Apr 02 08:22:13 2011 us=328000   pkcs11_protected_authentication = DISABLED
Sat Apr 02 08:22:13 2011 us=328000   pkcs11_protected_authentication = DISABLED
Sat Apr 02 08:22:13 2011 us=328000   pkcs11_protected_authentication = DISABLED
Sat Apr 02 08:22:13 2011 us=328000   pkcs11_protected_authentication = DISABLED
Sat Apr 02 08:22:13 2011 us=328000   pkcs11_protected_authentication = DISABLED
Sat Apr 02 08:22:13 2011 us=343000   pkcs11_protected_authentication = DISABLED
Sat Apr 02 08:22:13 2011 us=343000   pkcs11_private_mode = 00000000
Sat Apr 02 08:22:13 2011 us=343000   pkcs11_private_mode = 00000000
Sat Apr 02 08:22:13 2011 us=343000   pkcs11_private_mode = 00000000
Sat Apr 02 08:22:13 2011 us=343000   pkcs11_private_mode = 00000000
Sat Apr 02 08:22:13 2011 us=343000   pkcs11_private_mode = 00000000
Sat Apr 02 08:22:13 2011 us=343000   pkcs11_private_mode = 00000000
Sat Apr 02 08:22:13 2011 us=343000   pkcs11_private_mode = 00000000
Sat Apr 02 08:22:13 2011 us=343000   pkcs11_private_mode = 00000000
Sat Apr 02 08:22:13 2011 us=343000   pkcs11_private_mode = 00000000
Sat Apr 02 08:22:13 2011 us=343000   pkcs11_private_mode = 00000000
Sat Apr 02 08:22:13 2011 us=343000   pkcs11_private_mode = 00000000
Sat Apr 02 08:22:13 2011 us=343000   pkcs11_private_mode = 00000000
Sat Apr 02 08:22:13 2011 us=343000   pkcs11_private_mode = 00000000
Sat Apr 02 08:22:13 2011 us=343000   pkcs11_private_mode = 00000000
Sat Apr 02 08:22:13 2011 us=343000   pkcs11_private_mode = 00000000
Sat Apr 02 08:22:13 2011 us=343000   pkcs11_private_mode = 00000000
Sat Apr 02 08:22:13 2011 us=343000   pkcs11_cert_private = DISABLED
Sat Apr 02 08:22:13 2011 us=343000   pkcs11_cert_private = DISABLED
Sat Apr 02 08:22:13 2011 us=343000   pkcs11_cert_private = DISABLED
Sat Apr 02 08:22:13 2011 us=343000   pkcs11_cert_private = DISABLED
Sat Apr 02 08:22:13 2011 us=343000   pkcs11_cert_private = DISABLED
Sat Apr 02 08:22:13 2011 us=343000   pkcs11_cert_private = DISABLED
Sat Apr 02 08:22:13 2011 us=343000   pkcs11_cert_private = DISABLED
Sat Apr 02 08:22:13 2011 us=343000   pkcs11_cert_private = DISABLED
Sat Apr 02 08:22:13 2011 us=343000   pkcs11_cert_private = DISABLED
Sat Apr 02 08:22:13 2011 us=343000   pkcs11_cert_private = DISABLED
Sat Apr 02 08:22:13 2011 us=343000   pkcs11_cert_private = DISABLED
Sat Apr 02 08:22:13 2011 us=343000   pkcs11_cert_private = DISABLED
Sat Apr 02 08:22:13 2011 us=343000   pkcs11_cert_private = DISABLED
Sat Apr 02 08:22:13 2011 us=343000   pkcs11_cert_private = DISABLED
Sat Apr 02 08:22:13 2011 us=343000   pkcs11_cert_private = DISABLED
Sat Apr 02 08:22:13 2011 us=343000   pkcs11_cert_private = DISABLED
Sat Apr 02 08:22:13 2011 us=343000   pkcs11_pin_cache_period = -1
Sat Apr 02 08:22:13 2011 us=343000   pkcs11_id = '[UNDEF]'
Sat Apr 02 08:22:13 2011 us=343000   pkcs11_id_management = DISABLED
Sat Apr 02 08:22:13 2011 us=343000   server_network = 0.0.0.0
Sat Apr 02 08:22:13 2011 us=343000   server_netmask = 0.0.0.0
Sat Apr 02 08:22:13 2011 us=343000   server_bridge_ip = 0.0.0.0
Sat Apr 02 08:22:13 2011 us=343000   server_bridge_netmask = 0.0.0.0
Sat Apr 02 08:22:13 2011 us=343000   server_bridge_pool_start = 0.0.0.0
Sat Apr 02 08:22:13 2011 us=343000   server_bridge_pool_end = 0.0.0.0
Sat Apr 02 08:22:13 2011 us=343000   ifconfig_pool_defined = DISABLED
Sat Apr 02 08:22:13 2011 us=343000   ifconfig_pool_start = 0.0.0.0
Sat Apr 02 08:22:13 2011 us=359000   ifconfig_pool_end = 0.0.0.0
Sat Apr 02 08:22:13 2011 us=359000   ifconfig_pool_netmask = 0.0.0.0
Sat Apr 02 08:22:13 2011 us=359000   ifconfig_pool_persist_filename = '[UNDEF]'
Sat Apr 02 08:22:13 2011 us=359000   ifconfig_pool_persist_refresh_freq = 600
Sat Apr 02 08:22:13 2011 us=359000   n_bcast_buf = 256
Sat Apr 02 08:22:13 2011 us=359000   tcp_queue_limit = 64
Sat Apr 02 08:22:13 2011 us=359000   real_hash_size = 256
Sat Apr 02 08:22:13 2011 us=359000   virtual_hash_size = 256
Sat Apr 02 08:22:13 2011 us=359000   client_connect_script = '[UNDEF]'
Sat Apr 02 08:22:13 2011 us=359000   learn_address_script = '[UNDEF]'
Sat Apr 02 08:22:13 2011 us=359000   client_disconnect_script = '[UNDEF]'
Sat Apr 02 08:22:13 2011 us=359000   client_config_dir = '[UNDEF]'
Sat Apr 02 08:22:13 2011 us=359000   ccd_exclusive = DISABLED
Sat Apr 02 08:22:13 2011 us=359000   tmp_dir = '[UNDEF]'
Sat Apr 02 08:22:13 2011 us=359000   push_ifconfig_defined = DISABLED
Sat Apr 02 08:22:13 2011 us=359000   push_ifconfig_local = 0.0.0.0
Sat Apr 02 08:22:13 2011 us=359000   push_ifconfig_remote_netmask = 0.0.0.0
Sat Apr 02 08:22:13 2011 us=359000   enable_c2c = DISABLED
Sat Apr 02 08:22:13 2011 us=359000   duplicate_cn = DISABLED
Sat Apr 02 08:22:13 2011 us=359000   cf_max = 0
Sat Apr 02 08:22:13 2011 us=359000   cf_per = 0
Sat Apr 02 08:22:13 2011 us=359000   max_clients = 1024
Sat Apr 02 08:22:13 2011 us=359000   max_routes_per_client = 256
Sat Apr 02 08:22:13 2011 us=359000   auth_user_pass_verify_script = '[UNDEF]'
Sat Apr 02 08:22:13 2011 us=359000   auth_user_pass_verify_script_via_file = DISABLED
Sat Apr 02 08:22:13 2011 us=359000   ssl_flags = 0
Sat Apr 02 08:22:13 2011 us=359000   client = ENABLED
Sat Apr 02 08:22:13 2011 us=359000   pull = ENABLED
Sat Apr 02 08:22:13 2011 us=359000   auth_user_pass_file = '[UNDEF]'
Sat Apr 02 08:22:13 2011 us=359000   show_net_up = DISABLED
Sat Apr 02 08:22:13 2011 us=375000   route_method = 0
Sat Apr 02 08:22:13 2011 us=375000   ip_win32_defined = DISABLED
Sat Apr 02 08:22:13 2011 us=375000   ip_win32_type = 3
Sat Apr 02 08:22:13 2011 us=375000   dhcp_masq_offset = 0
Sat Apr 02 08:22:13 2011 us=375000   dhcp_lease_time = 31536000
Sat Apr 02 08:22:13 2011 us=375000   tap_sleep = 0
Sat Apr 02 08:22:13 2011 us=375000   dhcp_options = DISABLED
Sat Apr 02 08:22:13 2011 us=375000   dhcp_renew = DISABLED
Sat Apr 02 08:22:13 2011 us=375000   dhcp_pre_release = DISABLED
Sat Apr 02 08:22:13 2011 us=375000   dhcp_release = DISABLED
Sat Apr 02 08:22:13 2011 us=375000   domain = '[UNDEF]'
Sat Apr 02 08:22:13 2011 us=375000   netbios_scope = '[UNDEF]'
Sat Apr 02 08:22:13 2011 us=375000   netbios_node_type = 0
Sat Apr 02 08:22:13 2011 us=375000   disable_nbt = DISABLED
Sat Apr 02 08:22:13 2011 us=375000 OpenVPN 2.1.4 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Nov  8 2010
Sat Apr 02 08:22:13 2011 us=734000 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Sat Apr 02 08:22:15 2011 us=328000 Control Channel MTU parms [ L:1575 D:140 EF:40 EB:0 ET:0 EL:0 ]
Sat Apr 02 08:22:15 2011 us=328000 Socket Buffers: R=[8192->8192] S=[64512->64512]
Sat Apr 02 08:22:15 2011 us=328000 Data Channel MTU parms [ L:1575 D:1450 EF:43 EB:4 ET:32 EL:0 ]
Sat Apr 02 08:22:15 2011 us=328000 Local Options String: 'V4,dev-type tap,link-mtu 1575,tun-mtu 1532,proto TCPv4_CLIENT,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Sat Apr 02 08:22:15 2011 us=328000 Expected Remote Options String: 'V4,dev-type tap,link-mtu 1575,tun-mtu 1532,proto TCPv4_SERVER,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Sat Apr 02 08:22:15 2011 us=328000 Local Options hash (VER=V4): '10f35004'
Sat Apr 02 08:22:15 2011 us=328000 Expected Remote Options hash (VER=V4): 'a917298a'
Sat Apr 02 08:22:15 2011 us=328000 Attempting to establish TCP connection with 53.147.208.100:80
Sat Apr 02 08:22:15 2011 us=390000 TCP connection established with 53.147.208.100:80
Sat Apr 02 08:22:15 2011 us=390000 Send to HTTP proxy: 'CONNECT something.dyndns.org:443 HTTP/1.0'
Sat Apr 02 08:22:15 2011 us=390000 Attempting NTLM Proxy-Authorization phase 1
Sat Apr 02 08:22:15 2011 us=687000 HTTP proxy returned: 'HTTP/1.1 407 Proxy Authentication Required ( Access is denied.  )'
Sat Apr 02 08:22:15 2011 us=687000 Proxy requires authentication
Sat Apr 02 08:22:15 2011 us=687000 HTTP proxy returned: 'Via: 1.1 DEIPROXY21'
Sat Apr 02 08:22:15 2011 us=687000 HTTP proxy returned: 'Proxy-Authenticate: NTLM TlRMTVNTUAACAAAAAAAAADgAAAACAgAC8ltTfmRL0yUAAAAAAAAAAAAAAAA4AAAABQLODgAAAA8='
Sat Apr 02 08:22:15 2011 us=687000 auth string: 'TlRMTVNTUAACAAAAAAAAADgAAAACAgAC8ltTfmRL0yUAAAAAAAAAAAAAAAA4AAAABQLODgAAAA8='
Sat Apr 02 08:22:15 2011 us=687000 Received NTLM Proxy-Authorization phase 2 response
Sat Apr 02 08:22:17 2011 us=687000 recv_line: TCP port read timeout expired
Sat Apr 02 08:22:17 2011 us=687000 Send to HTTP proxy: 'CONNECT something.dyndns.org:443 HTTP/1.0'
Sat Apr 02 08:22:17 2011 us=687000 Send to HTTP proxy: 'Host: something.dyndns.org'
Sat Apr 02 08:22:17 2011 us=687000 Attempting NTLM Proxy-Authorization phase 3
Sat Apr 02 08:22:17 2011 us=765000 Send to HTTP proxy: 'Proxy-Authorization: NTLM TlRMTVNTUAADAAAAAAAAAGEAAAAYABgAQAAAAAIAAgBfAAAABwAHAFgAAAAAAAAAYQAAAAAAAABhAAAAAgIAAJ+Jh1OzQZsbUf74dL9m8uN5VFmMd1ZFQWdvc2ExMDBERQ=='
Sat Apr 02 08:22:18 2011 us=390000 HTTP proxy returned: 'HTTP/1.1 200 Connection established'
Sat Apr 02 08:22:20 2011 us=390000 TCPv4_CLIENT link local: [undef]
Sat Apr 02 08:22:20 2011 us=390000 TCPv4_CLIENT link remote: 53.147.208.100:80
Sat Apr 02 08:22:20 2011 us=500000 TLS: Initial packet from 53.147.208.100:80, sid=70b3f105 1ea4a307
Sat Apr 02 08:22:22 2011 us=296000 VERIFY OK: depth=1, /C=US/ST=CA/L=SanFrancisco/O=FortFunston/CN=OpenVPN-CA/emailAddress=mail@host.domain
Sat Apr 02 08:22:22 2011 us=296000 VERIFY OK: nsCertType=SERVER
Sat Apr 02 08:22:22 2011 us=296000 VERIFY OK: depth=0, /C=US/ST=CA/O=FortFunston/CN=serverUrb/emailAddress=mail@host.domain
Sat Apr 02 08:22:25 2011 us=484000 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Apr 02 08:22:25 2011 us=484000 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Apr 02 08:22:25 2011 us=484000 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Apr 02 08:22:25 2011 us=484000 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Apr 02 08:22:25 2011 us=484000 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Sat Apr 02 08:22:25 2011 us=484000 [serverUrb] Peer Connection Initiated with 53.147.208.100:80
Sat Apr 02 08:22:28 2011 SENT CONTROL [serverUrb]: 'PUSH_REQUEST' (status=1)
Sat Apr 02 08:22:28 2011 us=312000 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway,route-gateway 10.16.0.1,ping 10,ping-restart 180,ifconfig 10.16.0.2 255.255.255.0'
Sat Apr 02 08:22:28 2011 us=312000 OPTIONS IMPORT: timers and/or timeouts modified
Sat Apr 02 08:22:28 2011 us=312000 OPTIONS IMPORT: --ifconfig/up options modified
Sat Apr 02 08:22:28 2011 us=312000 OPTIONS IMPORT: route options modified
Sat Apr 02 08:22:28 2011 us=312000 OPTIONS IMPORT: route-related options modified
Sat Apr 02 08:22:29 2011 us=234000 ROUTE default_gateway=10.99.240.223
Sat Apr 02 08:22:29 2011 us=265000 TAP-WIN32 device [LAN-Verbindung 29] opened: \\.\Global\{860B5236-91E1-47BC-8BE2-65535FC7B559}.tap
Sat Apr 02 08:22:29 2011 us=265000 TAP-Win32 Driver Version 9.7 
Sat Apr 02 08:22:29 2011 us=265000 TAP-Win32 MTU=1500
Sat Apr 02 08:22:29 2011 us=265000 Notified TAP-Win32 driver to set a DHCP IP/netmask of 10.16.0.2/255.255.255.0 on interface {860B5236-91E1-47BC-8BE2-65535FC7B559} [DHCP-serv: 10.16.0.0, lease-time: 31536000]
Sat Apr 02 08:22:29 2011 us=281000 Successful ARP Flush on interface [5] {860B5236-91E1-47BC-8BE2-65535FC7B559}
Sat Apr 02 08:22:34 2011 us=562000 TEST ROUTES: 0/0 succeeded len=0 ret=0 a=0 u/d=down
Sat Apr 02 08:22:34 2011 us=562000 Route: Waiting for TUN/TAP interface to come up...
Sat Apr 02 08:22:39 2011 us=734000 TEST ROUTES: 1/1 succeeded len=0 ret=1 a=0 u/d=up
Sat Apr 02 08:22:39 2011 us=734000 C:\WINDOWS\system32\route.exe ADD 53.147.208.100 MASK 255.255.255.255 10.99.240.223
Sat Apr 02 08:22:39 2011 us=734000 Route addition via IPAPI succeeded [adaptive]
Sat Apr 02 08:22:39 2011 us=734000 C:\WINDOWS\system32\route.exe DELETE 0.0.0.0 MASK 0.0.0.0 10.99.240.223
Sat Apr 02 08:22:39 2011 us=734000 Route deletion via IPAPI succeeded [adaptive]
Sat Apr 02 08:22:39 2011 us=734000 C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 0.0.0.0 10.16.0.1
Sat Apr 02 08:22:39 2011 us=750000 Route addition via IPAPI succeeded [adaptive]
Sat Apr 02 08:22:39 2011 us=750000 Initialization Sequence Completed

Post by **janjust** » Sun Apr 03, 2011 8:47 pm

seems like you left out part of your server config; if I read the client log

C:\WINDOWS\system32\route.exe DELETE 0.0.0.0 MASK 0.0.0.0 10.99.240.223

this suggests that your server is using

Code: Select all

push "redirect-gateway"

try changing this to

Code: Select all

push "redirect-gateway def1"

or add an explicit route to the company's HTTP proxy server.

LaUs3r · Post by **LaUs3r** » Wed Apr 06, 2011 5:31 am

seems like you left out part of your server config; if I read the client log

u r right. trying different params I forgot to paste the line

Code: Select all

push "redirect-gateway"

As u suggested I tried

Code: Select all

push "redirect-gateway def1"

unfortunately with no luck.

by adding a route to the proxy, u mean in the server-config file like?

Code: Select all

push "route ip-of-proxy"

The OpenVPN-server is set up on a virtual machine, but that shouldn't make a difference right?

Post by **janjust** » Wed Apr 06, 2011 7:21 am

yes, to add a direct route to the HTTP proxy use something like

Code: Select all

route <ip of proxy> 255.255.255.255 net_gateway

(where 'net_gateway' is a special openvpn keyword).

OpenVPN Support Forum

VPN connects, Ping works but nothing else

VPN connects, Ping works but nothing else

Re: VPN connects, Ping works but nothing else

Re: VPN connects, Ping works but nothing else

Re: VPN connects, Ping works but nothing else

Re: VPN connects, Ping works but nothing else

Re: VPN connects, Ping works but nothing else