[SOLVED] redirect-gateway problem with Linux server & Windo

johny9 · Post by **johny9** » Mon Jun 06, 2011 1:51 am

Hello,
I am new to OpenVPN attracted to the secure web surfing at the public wireless network.
I do not have any idea about networking and might be asking some silly question, but I need your kind help.

Here is my problem :
Whenever I apply "redirect-gateway" option, my computer is disconnected from network.
To be specific, my computer cannot resolve domain names at all.
I disabled both iptables on the server side and Windows Firewall on the client side.
I applied push "dhcp-option DNS 8.8.8.8" option to set DNS server manually.
I followed Windows 7 OpenVPN server setting written by Bebop in this forum.
However, nothing helped me resolve this problem.

Here are my settings.

Server.conf

Code: Select all

port 1194
proto udp
dev tun

ca ca.crt
cert server.crt
key server.key  # This file should be kept secret
dh dh1024.pem

server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt

client-config-dir ccd

keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3

ccd/client

Code: Select all

ifconfig-push 10.8.0.2 10.8.0.1
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"

ipconfig /all

Code: Select all

Ethernet adapter OpenVPN:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : TAP-Win32 Adapter V9
   Physical Address. . . . . . . . . : 00-FF-8A-6B-64-DD
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::f8dc:32ed:d255:6393%28(Preferred)
   IPv4 Address. . . . . . . . . . . : 10.8.0.2(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.252
   Lease Obtained. . . . . . . . . . : 2011-6-6 Mon AM 10:46:43
   Lease Expires . . . . . . . . . . : 2012-6-5 Tue AM 10:46:43
   Default Gateway . . . . . . . . . :
   DHCP Server . . . . . . . . . . . : 10.8.0.1
   DHCPv6 IAID . . . . . . . . . . . : 469827466
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-0A-60-F4-00-13-77-F0-17-46

   DNS Servers . . . . . . . . . . . : 8.8.8.8
                                       8.8.4.4
   NetBIOS over Tcpip. . . . . . . . : Enabled

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) Wireless WiFi Link 4965AGN
   Physical Address. . . . . . . . . : 00-1D-E0-25-EF-35
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::d140:3c2c:a35a:a5a2%12(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.0.9(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : 2011-6-6 Mon AM 9:22:51
   Lease Expires . . . . . . . . . . : 2011-6-16 Thu AM 10:22:01
   Default Gateway . . . . . . . . . : 192.168.0.1
   DHCP Server . . . . . . . . . . . : 192.168.0.1
   DHCPv6 IAID . . . . . . . . . . . : 218111456
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-0A-60-F4-00-13-77-F0-17-46

   DNS Servers . . . . . . . . . . . : 168.126.63.1
                                       168.126.63.2
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Marvell Yukon 88E8055 PCI-E Gigabit Ether
net Controller
   Physical Address. . . . . . . . . : 00-13-77-F0-17-46
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

If there are any additional information that will help you resolve this issue, please inform me.
Thank you.

johny9 · Post by **johny9** » Mon Jun 06, 2011 2:13 am

additional info :
It might be a problem more than just DNS error.
I even cannot connect to any websites using IP addresses.

client.ovpn

Code: Select all

client

dev tun
proto udp
remote 66.29.158.178 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
ns-cert-type server
comp-lzo
verb 3

client.log

Code: Select all

Mon Jun 06 11:07:33 2011 OpenVPN 2.1.4 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Nov  8 2010
Mon Jun 06 11:07:33 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Mon Jun 06 11:07:36 2011 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Mon Jun 06 11:07:36 2011 LZO compression initialized
Mon Jun 06 11:07:36 2011 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Mon Jun 06 11:07:36 2011 Socket Buffers: R=[8192->8192] S=[8192->8192]
Mon Jun 06 11:07:36 2011 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Mon Jun 06 11:07:36 2011 Local Options hash (VER=V4): '41690919'
Mon Jun 06 11:07:36 2011 Expected Remote Options hash (VER=V4): '530fdded'
Mon Jun 06 11:07:36 2011 UDPv4 link local: [undef]
Mon Jun 06 11:07:36 2011 UDPv4 link remote: 66.29.158.178:1194
Mon Jun 06 11:07:36 2011 TLS: Initial packet from 66.29.158.178:1194, sid=fca17d27 50e4088a
Mon Jun 06 11:07:37 2011 VERIFY OK: depth=1, /C=US/ST=Illinois/L=Urbana/O=DreamyLab/CN=DreamyLab_CA/name=Jun/emailAddress=admin@dreamylab.com
Mon Jun 06 11:07:37 2011 VERIFY OK: nsCertType=SERVER
Mon Jun 06 11:07:37 2011 VERIFY OK: depth=0, /C=US/ST=Illinois/L=Urbana/O=DreamyLab/CN=server/emailAddress=admin@dreamylab.com
Mon Jun 06 11:07:39 2011 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Jun 06 11:07:39 2011 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Jun 06 11:07:39 2011 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Jun 06 11:07:39 2011 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Jun 06 11:07:39 2011 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Mon Jun 06 11:07:39 2011 [server] Peer Connection Initiated with 66.29.158.178:1194
Mon Jun 06 11:07:41 2011 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Mon Jun 06 11:07:41 2011 PUSH: Received control message: 'PUSH_REPLY,route 10.8.0.1,topology net30,ping 10,ping-restart 120,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 168.126.63.1,dhcp-option DNS 168.126.63.2,ifconfig 10.8.0.2 10.8.0.1'
Mon Jun 06 11:07:41 2011 OPTIONS IMPORT: timers and/or timeouts modified
Mon Jun 06 11:07:41 2011 OPTIONS IMPORT: --ifconfig/up options modified
Mon Jun 06 11:07:41 2011 OPTIONS IMPORT: route options modified
Mon Jun 06 11:07:41 2011 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Mon Jun 06 11:07:41 2011 ROUTE default_gateway=192.168.0.1
Mon Jun 06 11:07:41 2011 TAP-WIN32 device [OpenVPN] opened: \\.\Global\{8A6B64DD-47B7-4D9F-9276-59CEE1115087}.tap
Mon Jun 06 11:07:41 2011 TAP-Win32 Driver Version 9.7 
Mon Jun 06 11:07:41 2011 TAP-Win32 MTU=1500
Mon Jun 06 11:07:41 2011 Notified TAP-Win32 driver to set a DHCP IP/netmask of 10.8.0.2/255.255.255.252 on interface {8A6B64DD-47B7-4D9F-9276-59CEE1115087} [DHCP-serv: 10.8.0.1, lease-time: 31536000]
Mon Jun 06 11:07:41 2011 Successful ARP Flush on interface [28] {8A6B64DD-47B7-4D9F-9276-59CEE1115087}
Mon Jun 06 11:07:47 2011 TEST ROUTES: 2/2 succeeded len=1 ret=1 a=0 u/d=up
Mon Jun 06 11:07:47 2011 C:\WINDOWS\system32\route.exe ADD 66.29.158.178 MASK 255.255.255.255 192.168.0.1
Mon Jun 06 11:07:47 2011 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=25 and dwForwardType=4
Mon Jun 06 11:07:47 2011 Route addition via IPAPI succeeded [adaptive]
Mon Jun 06 11:07:47 2011 C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.8.0.1
Mon Jun 06 11:07:47 2011 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Mon Jun 06 11:07:47 2011 Route addition via IPAPI succeeded [adaptive]
Mon Jun 06 11:07:47 2011 C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.8.0.1
Mon Jun 06 11:07:47 2011 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Mon Jun 06 11:07:47 2011 Route addition via IPAPI succeeded [adaptive]
Mon Jun 06 11:07:47 2011 OpenVPN ROUTE: omitted no-op route: 10.8.0.1/255.255.255.255 -> 10.8.0.1
Mon Jun 06 11:07:47 2011 Initialization Sequence Completed
Mon Jun 06 11:08:23 2011 TCP/UDP: Closing socket
Mon Jun 06 11:08:23 2011 C:\WINDOWS\system32\route.exe DELETE 66.29.158.178 MASK 255.255.255.255 192.168.0.1
Mon Jun 06 11:08:23 2011 Route deletion via IPAPI succeeded [adaptive]
Mon Jun 06 11:08:23 2011 C:\WINDOWS\system32\route.exe DELETE 0.0.0.0 MASK 128.0.0.0 10.8.0.1
Mon Jun 06 11:08:23 2011 Route deletion via IPAPI succeeded [adaptive]
Mon Jun 06 11:08:23 2011 C:\WINDOWS\system32\route.exe DELETE 128.0.0.0 MASK 128.0.0.0 10.8.0.1
Mon Jun 06 11:08:23 2011 Route deletion via IPAPI succeeded [adaptive]
Mon Jun 06 11:08:23 2011 Closing TUN/TAP interface
Mon Jun 06 11:08:23 2011 SIGTERM[hard,] received, process exiting

Post by **janjust** » Mon Jun 06, 2011 6:23 am

your CCD file is incorrect; either don't use 'ifconfig-push' or using something like

Code: Select all

ifconfig-push 10.8.0.6 10.8.0.5

the numbers hare are important

johny9 · Post by **johny9** » Mon Jun 06, 2011 12:47 pm

Thank you.
Problem resolved

OpenVPN Support Forum

[SOLVED] redirect-gateway problem with Linux server & Windo

[SOLVED] redirect-gateway problem with Linux server & Windo

Re: redirect-gateway problem with Linux server & Windows7 cl

Re: redirect-gateway problem with Linux server & Windows7 cl

Re: redirect-gateway problem with Linux server & Windows7 cl