FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.
0 votes
686 views 2 comments
by anonymous

Hi all,

I can't get the OpenVPN to work properly anymore. Does anyone see the mistake or know the trick to get it to work?

RUTX10 - OpenVPN Server Config

  • See screenshot
  • RUTX10 DHCP enabled and is working for local connections (wired and wireless). Internet connection also works.
    • Router IP: 192.168.14.254

OpenVPN - Client - Config

  • Windows 10
  • OpenVPN 2.5.3 (Community download)

.OVPN Client Config file:

client

dev tap

dev-node MyTap

proto udp

remote 5.206.212.114 1194

resolv-retry infinite

nobind

persist-key

;persist-tun

ca ca.crt

cert opa.crt

key opa.key

remote-cert-tls server

cipher AES-256-CBC

verb 3

Client LOG file

2021-07-29 14:48:04 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.

2021-07-29 14:48:04 OpenVPN 2.5.3 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Jun 17 2021

2021-07-29 14:48:04 Windows version 10.0 (Windows 10 or greater) 64bit

2021-07-29 14:48:04 library versions: OpenSSL 1.1.1k  25 Mar 2021, LZO 2.10

Enter Management Password:

2021-07-29 14:48:04 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340

2021-07-29 14:48:04 Need hold release from management interface, waiting...

2021-07-29 14:48:05 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340

2021-07-29 14:48:05 MANAGEMENT: CMD 'state on'

2021-07-29 14:48:05 MANAGEMENT: CMD 'log all on'

2021-07-29 14:48:05 MANAGEMENT: CMD 'echo all on'

2021-07-29 14:48:05 MANAGEMENT: CMD 'bytecount 5'

2021-07-29 14:48:05 MANAGEMENT: CMD 'hold off'

2021-07-29 14:48:05 MANAGEMENT: CMD 'hold release'

2021-07-29 14:48:05 TCP/UDP: Preserving recently used remote address: [AF_INET]5.206.212.114:1194

2021-07-29 14:48:05 Socket Buffers: R=[65536->65536] S=[65536->65536]

2021-07-29 14:48:05 UDP link local: (not bound)

2021-07-29 14:48:05 UDP link remote: [AF_INET]5.206.212.114:1194

2021-07-29 14:48:05 MANAGEMENT: >STATE:1627562885,WAIT,,,,,,

2021-07-29 14:48:05 MANAGEMENT: >STATE:1627562885,AUTH,,,,,,

2021-07-29 14:48:05 TLS: Initial packet from [AF_INET]5.206.212.114:1194, sid=a548adfc ae1986ff

2021-07-29 14:48:05 VERIFY OK: depth=1, CN=server

2021-07-29 14:48:05 VERIFY KU OK

2021-07-29 14:48:05 Validating certificate extended key usage

2021-07-29 14:48:05 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication

2021-07-29 14:48:05 VERIFY EKU OK

2021-07-29 14:48:05 VERIFY OK: depth=0, CN=server

2021-07-29 14:48:05 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_CHACHA20_POLY1305_SHA256, peer certificate: 2048 bit RSA, signature: RSA-SHA256

2021-07-29 14:48:05 [server] Peer Connection Initiated with [AF_INET]5.206.212.114:1194

2021-07-29 14:48:05 PUSH: Received control message: 'PUSH_REPLY,route 192.168.14.0 255.255.255.0,ping 10,ping-restart 120,peer-id 0,cipher AES-256-GCM'

2021-07-29 14:48:05 OPTIONS IMPORT: timers and/or timeouts modified

2021-07-29 14:48:05 OPTIONS IMPORT: route options modified

2021-07-29 14:48:05 OPTIONS IMPORT: peer-id set

2021-07-29 14:48:05 OPTIONS IMPORT: adjusting link_mtu to 1656

2021-07-29 14:48:05 OPTIONS IMPORT: data channel crypto options modified

2021-07-29 14:48:05 Data Channel: using negotiated cipher 'AES-256-GCM'

2021-07-29 14:48:05 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key

2021-07-29 14:48:05 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key

2021-07-29 14:48:05 interactive service msg_channel=572

2021-07-29 14:48:05 ROUTE_GATEWAY 192.168.30.254/255.255.255.0 I=10 HWADDR=3c:a9:f4:b3:35:d4

2021-07-29 14:48:05 OpenVPN ROUTE: OpenVPN needs a gateway parameter for a --route option and no default was specified by either --route-gateway or --ifconfig options

2021-07-29 14:48:05 OpenVPN ROUTE: failed to parse/resolve route for host/network: 192.168.14.0

2021-07-29 14:48:05 open_tun

2021-07-29 14:48:05 tap-windows6 device [MyTap] opened

2021-07-29 14:48:05 TAP-Windows Driver Version 9.24 

2021-07-29 14:48:05 Successful ARP Flush on interface [12] {5D1C80BC-5199-43F9-A8F6-F6F929E19591}

2021-07-29 14:48:05 MANAGEMENT: >STATE:1627562885,ASSIGN_IP,,,,,,

2021-07-29 14:48:10 TEST ROUTES: 0/0 succeeded len=-1 ret=1 a=0 u/d=up

2021-07-29 14:48:10 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this

2021-07-29 14:48:10 Initialization Sequence Completed

2021-07-29 14:48:10 MANAGEMENT: >STATE:1627562890,CONNECTED,SUCCESS,,5.206.212.114,1194,,

2021-07-29 14:48:21 Closing TUN/TAP interface

2021-07-29 14:48:21 TAP: DHCP address released

2021-07-29 14:48:21 SIGTERM[hard,] received, process exiting

2021-07-29 14:48:21 MANAGEMENT: >STATE:1627562901,EXITING,SIGTERM,,,,,

Notes

  • VPN is able to connnect.
  • The client receives a correct IP: 192.168.14.188 (see screenshot)
  • Client is not able to ping to local lan of VPN server (192.168.14.254)
  • Print route on client (see screenshot)

Thank you.

Olivier

by anonymous
UPDATE:

Current network setup:

WAN -> ROUTER 1 (192.168.1.1) -> ROUTER 2 (WAN-192.168.1.123 - 192.168.14.1), VPN Server is running on Router 3.

This works:

- Connect to VPN and have access to LAN when connecting via Router 1 using 192.168.1.123

This doesn't work:

- I can connect to the VPN via WAN (using public IP) but I can't ping. I however get following messages in the log (not when connecting via Router 1)

us=88247 Recursive routing detected, drop tun packet to [AF_INET]public_IP:1195

Does this help anyone?

Thank you.

1 Answer

0 votes
by anonymous
Hi,

Could you please tell me what is the device with the given IP 192.168.14.188? Is that your client connected to the server?

I see that only this IP appears in the routing table. And what exactly are you trying to ping? Is the address you're trying to ping is in the routing table?

Have you tried putting the route on the client manually?

Does the address you're trying to reach accepts ICMP requests through an OpenVPN connection?

Have you tried accessing the address in other ways than pinging it? Can you access it with anything else like FTP, some kind of app?

EB.
by anonymous
Hi,

The 192.168.14.188 is the client connected to the VPN server. I'm trying to bing both the server as some devices on the server's lan.

I haven't tried adding the route manually, but this should be necessary is it?

I have tried opening a local webserver and that doesn't work.

Kind regards,

Olivier