these things never work: default gateway, dns, win

[ovpn000019]

everytime i try to add a push route to my server config(other than the rerouting all internet traffic) i get error messages.

i'm running a ddwrt router with openvpn server, and a windows 7 client.

my regular LAN is on 10.22.1.1, openvpn is giving addresses on 10.22.2.0

if i connect with only the reroute traffic, like normal, i have to go into my networking settings and set DNS server's manually to 8.8.8.8 8.8.4.4, and everything works like it should. if i type ipconfig /all it shows no default gateway, i can access the router at 10.22.2.1 though.

so i try to get it to show my default gateway by adding route-gateway 10.22.2.1 and everything stops working, i cannot access router anymore at any address. i cannot browse web.

so how do i add a default gateway, dns, and win is my question? here is my server config.

dh /tmp/openvpn/dh.pem
ca /tmp/openvpn/ca.crt
cert /tmp/openvpn/cert.pem
key /tmp/openvpn/key.pem
proto tcp-server
keepalive 10 120
server 10.22.2.0 255.255.255.0
port 443
dev tun0
mssfix 1400
cipher AES-128-CBC
auth MD5
comp-lzo no
key-method 2
ifconfig-pool-persist /tmp/openvpn/ip-pool 86400
push "redirect-gateway def1"
tun-mtu 1500
persist-tun
persist-key

log-append /var/log/openvpn
management 127.0.0.1 5002
management-log-cache 50

verb 5
mute 5

[janjust]

did you try

Code: Select all

push "dhcp-option DNS x.x.x.x"
push "dhcp-option WINS x.x.x.x"
push "route-gateway x.x.x.x"

what does the *client* report when these settings are pushed by the server? You can also add then directly to the client config using

Code: Select all

dhcp-option DNS x.x.x.x
dhcp-option WINS x.x.x.x
route-gateway x.x.x.x

[ovpn000019]

ya, here's my log.
and my config.
route-delay
ca ca.crt
cert client1.crt
key client1.key
remote *******.selfip.com 443
proto tcp-client
client
connect-retry 1
connect-retry-max 1
resolv-retry 10
dev tun0
comp-lzo no
auth MD5
cipher AES-128-CBC
key-method 2
ns-cert-type server
tun-mtu 1500
mssfix 1400
verb 5
mute 5
dhcp-option DNS 8.8.8.8
dhcp-option DNS 8.8.4.4
route-gateway 10.22.2.1




WRwRwRwrWRwrWRwrWRwRwRwrWRwRwRwrWRwRwRwRwrWRwrWrWrWRwRwRwRwrWRwRwrWRwRwrWRwRwRwrWRwrWRwrWRwrWRwRwRwRwrWrWRwRwrWRwRwRwrWRwrWRwRwrWRwrWRwRwrWRwrWRwrWrWrWRwRwrWRwrWRwRwRwrWRwRwRwrWRwRwRwrWRwrWRwRwrWRwRwrWRwRwrWRwRwrWrWRwRwrWRwrWRwRwrWRwRwRwrWRwRwrWRwRwrWRwRwrWRwRwrWRwrWRwRwrWrWRwrWRwRwRwrWRwRwrWRwrWrWRwRwrWRwRwrWRwrWrWRwrWRwrWRwRwThu May 19 07:51:59 2011 us=73000 Current Parameter Settings:
Thu May 19 07:51:59 2011 us=73000 config = 'client.ovpn'
Thu May 19 07:51:59 2011 us=73000 mode = 0
Thu May 19 07:51:59 2011 us=73000 show_ciphers = DISABLED
Thu May 19 07:51:59 2011 us=73000 show_digests = DISABLED
Thu May 19 07:51:59 2011 us=73000 NOTE: --mute triggered...
Thu May 19 07:51:59 2011 us=73000 219 variation(s) on previous 5 message(s) suppressed by --mute
Thu May 19 07:51:59 2011 us=73000 OpenVPN 2.2.0 Win32-MSVC++ [SSL] [LZO2] built on Apr 26 2011
Thu May 19 07:51:59 2011 us=73000 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Thu May 19 07:51:59 2011 us=338000 LZO compression initialized
Thu May 19 07:51:59 2011 us=338000 Control Channel MTU parms [ L:1556 D:140 EF:40 EB:0 ET:0 EL:0 ]
Thu May 19 07:51:59 2011 us=338000 Socket Buffers: R=[8192->8192] S=[8192->8192]
Thu May 19 07:51:59 2011 us=369000 Data Channel MTU parms [ L:1556 D:1400 EF:56 EB:135 ET:0 EL:0 AF:3/1 ]
Thu May 19 07:51:59 2011 us=369000 Local Options String: 'V4,dev-type tun,link-mtu 1556,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,cipher AES-128-CBC,auth MD5,keysize 128,key-method 2,tls-client'
Thu May 19 07:51:59 2011 us=369000 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1556,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,cipher AES-128-CBC,auth MD5,keysize 128,key-method 2,tls-server'
Thu May 19 07:51:59 2011 us=369000 Local Options hash (VER=V4): '619088b2'
Thu May 19 07:51:59 2011 us=369000 Expected Remote Options hash (VER=V4): 'a4f12474'
Thu May 19 07:51:59 2011 us=369000 Attempting to establish TCP connection with ********
Thu May 19 07:51:59 2011 us=416000 TCP connection established with ************
Thu May 19 07:51:59 2011 us=416000 TCPv4_CLIENT link local: [undef]
Thu May 19 07:51:59 2011 us=416000 TCPv4_CLIENT link remote:
Thu May 19 07:51:59 2011 us=478000 TLS: Initial packet from ,
Thu May 19 07:52:00 2011 us=399000 VERIFY OK: depth=1, /C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/CN=SD-CA/emailAddress=me@myhost.mydomain
Thu May 19 07:52:00 2011 us=399000 VERIFY OK: nsCertType=SERVER
Thu May 19 07:52:00 2011 us=399000 VERIFY OK: depth=0, /C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/CN=server/emailAddress=me@myhost.mydomain
Thu May 19 07:52:02 2011 us=255000 NOTE: Options consistency check may be skewed by version differences
Thu May 19 07:52:02 2011 us=255000 WARNING: 'version' is used inconsistently, local='version V4', remote='version V0 UNDEF'
Thu May 19 07:52:02 2011 us=255000 WARNING: 'dev-type' is present in local config but missing in remote config, local='dev-type tun'
Thu May 19 07:52:02 2011 us=255000 WARNING: 'link-mtu' is present in local config but missing in remote config, local='link-mtu 1556'
Thu May 19 07:52:02 2011 us=255000 WARNING: 'tun-mtu' is present in local config but missing in remote config, local='tun-mtu 1500'
Thu May 19 07:52:02 2011 us=255000 NOTE: --mute triggered...
Thu May 19 07:52:02 2011 us=255000 7 variation(s) on previous 5 message(s) suppressed by --mute
Thu May 19 07:52:02 2011 us=255000 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Thu May 19 07:52:02 2011 us=255000 Data Channel Encrypt: Using 128 bit message hash 'MD5' for HMAC authentication
Thu May 19 07:52:02 2011 us=255000 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Thu May 19 07:52:02 2011 us=255000 Data Channel Decrypt: Using 128 bit message hash 'MD5' for HMAC authentication
Thu May 19 07:52:02 2011 us=255000 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Thu May 19 07:52:02 2011 us=255000 [server] Peer Connection Initiated with **********
Thu May 19 07:52:04 2011 us=34000 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Thu May 19 07:52:04 2011 us=330000 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,route 10.22.2.1,topology net30,ping 10,ping-restart 120,ifconfig 10.22.2.6 10.22.2.5'
Thu May 19 07:52:04 2011 us=330000 OPTIONS IMPORT: timers and/or timeouts modified
Thu May 19 07:52:04 2011 us=330000 OPTIONS IMPORT: --ifconfig/up options modified
Thu May 19 07:52:04 2011 us=330000 OPTIONS IMPORT: route options modified
Thu May 19 07:52:04 2011 us=330000 ROUTE default_gateway=192.168.21.254
Thu May 19 07:52:04 2011 us=393000 TAP-WIN32 device [Local Area Connection 2] opened: \\.\Global\{FBBBA293-51DA-47F8-9470-F6977EB45D51}.tap
Thu May 19 07:52:04 2011 us=393000 TAP-Win32 Driver Version 9.8
Thu May 19 07:52:04 2011 us=393000 TAP-Win32 MTU=1500
Thu May 19 07:52:04 2011 us=408000 Notified TAP-Win32 driver to set a DHCP IP/netmask of 10.22.2.6/255.255.255.252 on interface {FBBBA293-51DA-47F8-9470-F6977EB45D51} [DHCP-serv: 10.22.2.5, lease-time: 31536000]
Thu May 19 07:52:04 2011 us=408000 DHCP option string: 06080808 08080808 0404
Thu May 19 07:52:04 2011 us=408000 Successful ARP Flush on interface [19] {FBBBA293-51DA-47F8-9470-F6977EB45D51}
Thu May 19 07:52:04 2011 us=439000 TEST ROUTES: 0/2 succeeded len=1 ret=0 a=0 u/d=up
Thu May 19 07:52:04 2011 us=439000 Route: Waiting for TUN/TAP interface to come up...
Thu May 19 07:52:05 2011 us=141000 TEST ROUTES: 0/2 succeeded len=1 ret=0 a=0 u/d=up
Thu May 19 07:52:05 2011 us=141000 Route: Waiting for TUN/TAP interface to come up...
Thu May 19 07:52:06 2011 us=187000 TEST ROUTES: 0/2 succeeded len=1 ret=0 a=0 u/d=up
Thu May 19 07:52:06 2011 us=187000 Route: Waiting for TUN/TAP interface to come up...
Thu May 19 07:52:07 2011 us=60000 TEST ROUTES: 0/2 succeeded len=1 ret=0 a=0 u/d=up
Thu May 19 07:52:07 2011 us=60000 Route: Waiting for TUN/TAP interface to come up...
Thu May 19 07:52:08 2011 us=27000 TEST ROUTES: 0/2 succeeded len=1 ret=0 a=0 u/d=up
Thu May 19 07:52:08 2011 us=27000 Route: Waiting for TUN/TAP interface to come up...
Thu May 19 07:52:09 2011 us=182000 TEST ROUTES: 0/2 succeeded len=1 ret=0 a=0 u/d=up
Thu May 19 07:52:09 2011 us=182000 Route: Waiting for TUN/TAP interface to come up...
Thu May 19 07:52:10 2011 us=87000 TEST ROUTES: 0/2 succeeded len=1 ret=0 a=0 u/d=up
Thu May 19 07:52:10 2011 us=87000 Route: Waiting for TUN/TAP interface to come up...
Thu May 19 07:52:11 2011 us=147000 TEST ROUTES: 0/2 succeeded len=1 ret=0 a=0 u/d=up
Thu May 19 07:52:11 2011 us=147000 Route: Waiting for TUN/TAP interface to come up...
Thu May 19 07:52:12 2011 us=68000 TEST ROUTES: 0/2 succeeded len=1 ret=0 a=0 u/d=up
Thu May 19 07:52:12 2011 us=68000 Route: Waiting for TUN/TAP interface to come up...
Thu May 19 07:52:13 2011 us=82000 TEST ROUTES: 0/2 succeeded len=1 ret=0 a=0 u/d=up
Thu May 19 07:52:13 2011 us=82000 Route: Waiting for TUN/TAP interface to come up...
Thu May 19 07:52:14 2011 us=439000 TEST ROUTES: 0/2 succeeded len=1 ret=0 a=0 u/d=up
Thu May 19 07:52:14 2011 us=439000 Route: Waiting for TUN/TAP interface to come up...
Thu May 19 07:52:15 2011 us=1000 TEST ROUTES: 0/2 succeeded len=1 ret=0 a=0 u/d=up
Thu May 19 07:52:15 2011 us=1000 Route: Waiting for TUN/TAP interface to come up...
Thu May 19 07:52:16 2011 us=389000 TEST ROUTES: 0/2 succeeded len=1 ret=0 a=0 u/d=up
Thu May 19 07:52:16 2011 us=389000 Route: Waiting for TUN/TAP interface to come up...
Thu May 19 07:52:17 2011 us=169000 TEST ROUTES: 0/2 succeeded len=1 ret=0 a=0 u/d=up
Thu May 19 07:52:17 2011 us=169000 Route: Waiting for TUN/TAP interface to come up...
Thu May 19 07:52:18 2011 us=27000 TEST ROUTES: 0/2 succeeded len=1 ret=0 a=0 u/d=up
Thu May 19 07:52:18 2011 us=27000 Route: Waiting for TUN/TAP interface to come up...
Thu May 19 07:52:19 2011 us=525000 TEST ROUTES: 0/2 succeeded len=1 ret=0 a=0 u/d=up
Thu May 19 07:52:19 2011 us=525000 Route: Waiting for TUN/TAP interface to come up...
Thu May 19 07:52:20 2011 us=273000 TEST ROUTES: 0/2 succeeded len=1 ret=0 a=0 u/d=up
Thu May 19 07:52:20 2011 us=273000 Route: Waiting for TUN/TAP interface to come up...
Thu May 19 07:52:21 2011 us=53000 TEST ROUTES: 0/2 succeeded len=1 ret=0 a=0 u/d=up
Thu May 19 07:52:21 2011 us=53000 Route: Waiting for TUN/TAP interface to come up...
Thu May 19 07:52:22 2011 us=5000 TEST ROUTES: 0/2 succeeded len=1 ret=0 a=0 u/d=up
Thu May 19 07:52:22 2011 us=5000 Route: Waiting for TUN/TAP interface to come up...
Thu May 19 07:52:23 2011 us=113000 TEST ROUTES: 0/2 succeeded len=1 ret=0 a=0 u/d=up
Thu May 19 07:52:23 2011 us=113000 Route: Waiting for TUN/TAP interface to come up...
Thu May 19 07:52:24 2011 us=95000 TEST ROUTES: 0/2 succeeded len=1 ret=0 a=0 u/d=up
Thu May 19 07:52:24 2011 us=95000 Route: Waiting for TUN/TAP interface to come up...
Thu May 19 07:52:25 2011 us=47000 TEST ROUTES: 0/2 succeeded len=1 ret=0 a=0 u/d=up
Thu May 19 07:52:25 2011 us=47000 Route: Waiting for TUN/TAP interface to come up...
Thu May 19 07:52:26 2011 us=170000 TEST ROUTES: 0/2 succeeded len=1 ret=0 a=0 u/d=up
Thu May 19 07:52:26 2011 us=170000 Route: Waiting for TUN/TAP interface to come up...
Thu May 19 07:52:27 2011 us=371000 TEST ROUTES: 0/2 succeeded len=1 ret=0 a=0 u/d=up
Thu May 19 07:52:27 2011 us=371000 Route: Waiting for TUN/TAP interface to come up...
Thu May 19 07:52:28 2011 us=245000 TEST ROUTES: 0/2 succeeded len=1 ret=0 a=0 u/d=up
Thu May 19 07:52:28 2011 us=245000 Route: Waiting for TUN/TAP interface to come up...
Thu May 19 07:52:29 2011 us=540000 TEST ROUTES: 0/2 succeeded len=1 ret=0 a=0 u/d=up
Thu May 19 07:52:29 2011 us=540000 Route: Waiting for TUN/TAP interface to come up...
Thu May 19 07:52:30 2011 us=23000 TEST ROUTES: 0/2 succeeded len=1 ret=0 a=0 u/d=up
Thu May 19 07:52:30 2011 us=23000 Route: Waiting for TUN/TAP interface to come up...
Thu May 19 07:52:31 2011 us=6000 TEST ROUTES: 0/2 succeeded len=1 ret=0 a=0 u/d=up
Thu May 19 07:52:31 2011 us=6000 Route: Waiting for TUN/TAP interface to come up...
Thu May 19 07:52:32 2011 us=67000 TEST ROUTES: 0/2 succeeded len=1 ret=0 a=0 u/d=up
Thu May 19 07:52:32 2011 us=67000 Route: Waiting for TUN/TAP interface to come up...
Thu May 19 07:52:33 2011 us=487000 TEST ROUTES: 0/2 succeeded len=1 ret=0 a=0 u/d=up
Thu May 19 07:52:33 2011 us=487000 Route: Waiting for TUN/TAP interface to come up...
Thu May 19 07:52:34 2011 us=111000 TEST ROUTES: 0/2 succeeded len=1 ret=0 a=0 u/d=up
Thu May 19 07:52:34 2011 us=111000 C:\WINDOWS\system32\route.exe ADD ******** MASK 255.255.255.255 192.168.21.254
Thu May 19 07:52:34 2011 us=111000 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=25 and dwForwardType=4
Thu May 19 07:52:34 2011 us=111000 Route addition via IPAPI succeeded [adaptive]
Thu May 19 07:52:34 2011 us=111000 C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.22.2.1
Thu May 19 07:52:34 2011 us=126000 Warning: route gateway is not reachable on any active network adapters: 10.22.2.1
Thu May 19 07:52:34 2011 us=126000 Route addition via IPAPI failed [adaptive]
Thu May 19 07:52:34 2011 us=126000 Route addition fallback to route.exe
OK!
Thu May 19 07:52:34 2011 us=158000 C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.22.2.1
Thu May 19 07:52:34 2011 us=189000 Warning: route gateway is not reachable on any active network adapters: 10.22.2.1
Thu May 19 07:52:34 2011 us=189000 Route addition via IPAPI failed [adaptive]
Thu May 19 07:52:34 2011 us=189000 Route addition fallback to route.exe
OK!
Thu May 19 07:52:34 2011 us=236000 OpenVPN ROUTE: omitted no-op route: 10.22.2.1/255.255.255.255 -> 10.22.2.1
SYSTEM ROUTING TABLE
0.0.0.0 0.0.0.0 192.168.21.254 p=0 i=11 t=4 pr=3 a=3086 h=0 m=25/0/0/0/0
0.0.0.0 128.0.0.0 10.22.2.1 p=0 i=11 t=4 pr=3 a=0 h=0 m=26/0/0/0/0
10.22.2.4 255.255.255.252 10.22.2.6 p=0 i=19 t=3 pr=3 a=29 h=0 m=286/0/0/0/0
10.22.2.6 255.255.255.255 10.22.2.6 p=0 i=19 t=3 pr=3 a=29 h=0 m=286/0/0/0/0
10.22.2.7 255.255.255.255 10.22.2.6 p=0 i=19 t=3 pr=3 a=29 h=0 m=286/0/0/0/0
********** 255.255.255.255 192.168.21.254 p=0 i=11 t=4 pr=3 a=0 h=0 m=25/0/0/0/0
127.0.0.0 255.0.0.0 127.0.0.1 p=0 i=1 t=3 pr=3 a=39507 h=0 m=306/0/0/0/0
127.0.0.1 255.255.255.255 127.0.0.1 p=0 i=1 t=3 pr=3 a=39507 h=0 m=306/0/0/0/0
127.255.255.255 255.255.255.255 127.0.0.1 p=0 i=1 t=3 pr=3 a=39507 h=0 m=306/0/0/0/0
128.0.0.0 128.0.0.0 10.22.2.1 p=0 i=11 t=4 pr=3 a=0 h=0 m=26/0/0/0/0
192.168.21.0 255.255.255.0 192.168.21.128 p=0 i=11 t=3 pr=3 a=3086 h=0 m=281/0/0/0/0
192.168.21.128 255.255.255.255 192.168.21.128 p=0 i=11 t=3 pr=3 a=3086 h=0 m=281/0/0/0/0
192.168.21.255 255.255.255.255 192.168.21.128 p=0 i=11 t=3 pr=3 a=3086 h=0 m=281/0/0/0/0
224.0.0.0 240.0.0.0 127.0.0.1 p=0 i=1 t=3 pr=3 a=39507 h=0 m=306/0/0/0/0
224.0.0.0 240.0.0.0 10.22.2.6 p=0 i=19 t=3 pr=3 a=39486 h=0 m=286/0/0/0/0
224.0.0.0 240.0.0.0 192.168.21.128 p=0 i=11 t=3 pr=3 a=6090 h=0 m=281/0/0/0/0
255.255.255.255 255.255.255.255 127.0.0.1 p=0 i=1 t=3 pr=3 a=39507 h=0 m=306/0/0/0/0
255.255.255.255 255.255.255.255 10.22.2.6 p=0 i=19 t=3 pr=3 a=39486 h=0 m=286/0/0/0/0
255.255.255.255 255.255.255.255 192.168.21.128 p=0 i=11 t=3 pr=3 a=6090 h=0 m=281/0/0/0/0
SYSTEM ADAPTER LIST
TAP-Win32 Adapter V9
Index = 19
GUID = {FBBBA293-51DA-47F8-9470-F6977EB45D51}
IP = 10.22.2.6/255.255.255.252
MAC = 00:ff:fb:bb:a2:93
GATEWAY = 0.0.0.0/255.255.255.255
DHCP SERV = 10.22.2.5/255.255.255.255
DHCP LEASE OBTAINED = Thu May 19 07:52:05 2011
DHCP LEASE EXPIRES = Fri Mar 20 16:20:44 1970
DNS SERV = 8.8.8.8/255.255.255.255 8.8.4.4/255.255.255.255
Microsoft Virtual WiFi Miniport Adapter
Index = 16
GUID = {2ABF0053-B0CD-4F4C-A1DD-EAFF7527DC73}
IP = 0.0.0.0/0.0.0.0
MAC = 1c:4b:d6:5f:33:ab
GATEWAY = 0.0.0.0/255.255.255.255
DHCP SERV =
DHCP LEASE OBTAINED = Thu May 19 07:52:34 2011
DHCP LEASE EXPIRES = Wed Dec 31 16:00:00 1969
DNS SERV =
Realtek RTL8191SE Wireless LAN 802.11n PCI-E NIC
Index = 11
GUID = {7545FB42-2389-45F0-8593-292075E0D39A}
IP = 192.168.21.128/255.255.255.0
MAC = 1c:4b:d6:5f:33:ab
GATEWAY = 192.168.21.254/255.255.255.255
DHCP SERV = 192.168.253.99/255.255.255.255
DHCP LEASE OBTAINED = Thu May 19 07:46:07 2011
DHCP LEASE EXPIRES = Wed Sep 04 19:04:37 1996
DNS SERV = 192.168.253.50/255.255.255.255 192.168.253.51/255.255.255.255
Thu May 19 07:52:34 2011 us=516000 Initialization Sequence Completed With Errors ( see http://openvpn.net/faq.html#dhcpclientserv )

[janjust]

remove

Code: Select all

route-gateway 10.22.2.1

from your client config - this is causing the routing errors. Reconnect and post the client log file again.

[ovpn000019]

i already knew that :O that was the original complaint! i just don't know WHY it messes it up. guess i'd have to be a linux administrator networking specialist and take classes and stuff

ok back to the real world.

removing the route-gateway worked great, however, i was still having the "unknown network" error in windows, and couldn't see any of my home computers in networking(i still can't btw even after applying this small fix)

adding

route-metric 512
route 0.0.0.0 0.0.0.0

magically made the network recognized; and i could still browse internet, connect to router, and do all my original stuff.

only thing left to do is figure out how to see my home LAN computers through the DD-WRT router/openvpnserver.

in this setup there is only my laptop with windows openvpn-gui, my router with DD-WRT, and my home LAN desktop computer.

[janjust]

adding

route 0.0.0.0 0.0.0.0

is equivalent to specifying

Code: Select all

redirect-gateway

on the client , while the server is pushing out 'push "redirect-gateway def1" '

after the vpn client connects it will send packets with source IP 10.22.2.6 ; this network range needs to be known to the default GW on the server side LAN (which I assume is the dd-wrt box). You can try reaching other machines on the server side lan , first by pinging an IP on your server LAN - if that works then IP connectivity works.