Why my VPN doesn't work anymore?
Posted
by
xx77aBs
on Server Fault
See other posts from Server Fault
or by xx77aBs
Published on 2012-04-04T19:42:56Z
Indexed on
2012/04/05
11:31 UTC
Read the original article
Hit count: 472
I have openvpn server running on debian lenny. There is only one client - and it is running Windows 7 64-bit. This has worked for few months without any problems. And now, let's say for the last 7 days, it doesn't work at all. I connect successfully from client to the server, but I can't access anything through VPN. I have set it up so that all internet traffic is routed through VPN, and now when I connect with the client, the client can't do anything on the net (open any webpage, ping google, anything ...).
Can you help me to figure out what's wrong ? I don't know where to start. I've also tried to connect to another openvpn server (I've installed and configured openvpn on another server, and when I try to connect to it result is the same). So I think there's something wrong with client ...
Here is my connection log:
Wed Apr 04 21:35:59 2012 OpenVPN 2.3-alpha1 Win32-MSVC++ [SSL (OpenSSL)] [LZO2] [PF_INET6] [IPv6 payload 20110522-1 (2.2.0)] built on Feb 21 2012
Enter Management Password:
Wed Apr 04 21:35:59 2012 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.10:25340
Wed Apr 04 21:35:59 2012 Need hold release from management interface, waiting...
Wed Apr 04 21:36:00 2012 MANAGEMENT: Client connected from [AF_INET]127.0.0.10:25340
Wed Apr 04 21:36:00 2012 MANAGEMENT: CMD 'state on'
Wed Apr 04 21:36:00 2012 MANAGEMENT: CMD 'log all on'
Wed Apr 04 21:36:00 2012 MANAGEMENT: CMD 'hold off'
Wed Apr 04 21:36:00 2012 MANAGEMENT: CMD 'hold release'
Wed Apr 04 21:36:00 2012 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Wed Apr 04 21:36:00 2012 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Wed Apr 04 21:36:00 2012 Socket Buffers: R=[8192->8192] S=[8192->8192]
Wed Apr 04 21:36:00 2012 MANAGEMENT: >STATE:1333568160,RESOLVE,,,
Wed Apr 04 21:36:00 2012 UDPv4 link local: [undef]
Wed Apr 04 21:36:00 2012 UDPv4 link remote: [AF_INET]11.22.33.44:1234
Wed Apr 04 21:36:00 2012 MANAGEMENT: >STATE:1333568160,WAIT,,,
Wed Apr 04 21:36:00 2012 MANAGEMENT: >STATE:1333568160,AUTH,,,
Wed Apr 04 21:36:00 2012 TLS: Initial packet from [AF_INET]11.22.33.44:1234, sid=ee329574 f15e9e04
Wed Apr 04 21:36:00 2012 VERIFY OK: depth=1, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, CN=Fort-Funston CA, [email protected]
Wed Apr 04 21:36:00 2012 VERIFY OK: depth=0, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, CN=server_key, [email protected]
Wed Apr 04 21:36:01 2012 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Apr 04 21:36:01 2012 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Apr 04 21:36:01 2012 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Apr 04 21:36:01 2012 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Apr 04 21:36:01 2012 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Wed Apr 04 21:36:01 2012 [server_key] Peer Connection Initiated with [AF_INET]11.22.33.44:1234
Wed Apr 04 21:36:02 2012 MANAGEMENT: >STATE:1333568162,GET_CONFIG,,,
Wed Apr 04 21:36:03 2012 SENT CONTROL [server_key]: 'PUSH_REQUEST' (status=1)
Wed Apr 04 21:36:03 2012 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,route 172.16.100.1,topology net30,ping 10,ping-restart 120,ifconfig 172.16.100.6 172.16.100.5'
Wed Apr 04 21:36:03 2012 OPTIONS IMPORT: timers and/or timeouts modified
Wed Apr 04 21:36:03 2012 OPTIONS IMPORT: --ifconfig/up options modified
Wed Apr 04 21:36:03 2012 OPTIONS IMPORT: route options modified
Wed Apr 04 21:36:03 2012 ROUTE_GATEWAY 192.168.1.1/255.255.255.0 I=15 HWADDR=00:1f:1f:3f:61:55
Wed Apr 04 21:36:03 2012 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Wed Apr 04 21:36:03 2012 MANAGEMENT: >STATE:1333568163,ASSIGN_IP,,172.16.100.6,
Wed Apr 04 21:36:03 2012 open_tun, tt->ipv6=0
Wed Apr 04 21:36:03 2012 TAP-WIN32 device [VPN] opened: \\.\Global\{E28FD52B-F6C3-4094-A36A-30CB02FAC7E8}.tap
Wed Apr 04 21:36:03 2012 TAP-Win32 Driver Version 9.9
Wed Apr 04 21:36:03 2012 Notified TAP-Win32 driver to set a DHCP IP/netmask of 172.16.100.6/255.255.255.252 on interface {E28FD52B-F6C3-4094-A36A-30CB02FAC7E8} [DHCP-serv: 172.16.100.5, lease-time: 31536000]
Wed Apr 04 21:36:03 2012 Successful ARP Flush on interface [31] {E28FD52B-F6C3-4094-A36A-30CB02FAC7E8}
Wed Apr 04 21:36:08 2012 TEST ROUTES: 2/2 succeeded len=1 ret=1 a=0 u/d=up
Wed Apr 04 21:36:08 2012 C:\Windows\system32\route.exe ADD 11.22.33.44 MASK 255.255.255.255 192.168.1.1
Wed Apr 04 21:36:08 2012 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=25 and dwForwardType=4
Wed Apr 04 21:36:08 2012 Route addition via IPAPI succeeded [adaptive]
Wed Apr 04 21:36:08 2012 C:\Windows\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 172.16.100.5
Wed Apr 04 21:36:08 2012 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Wed Apr 04 21:36:08 2012 Route addition via IPAPI succeeded [adaptive]
Wed Apr 04 21:36:08 2012 C:\Windows\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 172.16.100.5
Wed Apr 04 21:36:08 2012 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Wed Apr 04 21:36:08 2012 Route addition via IPAPI succeeded [adaptive]
Wed Apr 04 21:36:08 2012 MANAGEMENT: >STATE:1333568168,ADD_ROUTES,,,
Wed Apr 04 21:36:08 2012 C:\Windows\system32\route.exe ADD 172.16.100.1 MASK 255.255.255.255 172.16.100.5
Wed Apr 04 21:36:08 2012 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Wed Apr 04 21:36:08 2012 Route addition via IPAPI succeeded [adaptive]
Wed Apr 04 21:36:08 2012 Initialization Sequence Completed
Wed Apr 04 21:36:08 2012 MANAGEMENT: >STATE:1333568168,CONNECTED,SUCCESS,172.16.100.6,11.22.33.44
Client's route table after connection with OpenVPN:
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.41 281
0.0.0.0 128.0.0.0 172.16.100.1 172.16.100.6 31
94.23.53.45 255.255.255.255 192.168.1.1 192.168.1.41 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
128.0.0.0 128.0.0.0 172.16.100.1 172.16.100.6 31
172.16.100.4 255.255.255.252 On-link 172.16.100.6 286
172.16.100.6 255.255.255.255 On-link 172.16.100.6 286
172.16.100.7 255.255.255.255 On-link 172.16.100.6 286
192.168.1.0 255.255.255.0 On-link 192.168.1.41 281
192.168.1.41 255.255.255.255 On-link 192.168.1.41 281
192.168.1.255 255.255.255.255 On-link 192.168.1.41 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.41 281
224.0.0.0 240.0.0.0 On-link 172.16.100.6 286
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.41 281
255.255.255.255 255.255.255.255 On-link 172.16.100.6 286
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 192.168.1.1 Default
===========================================================================
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
13 58 ::/0 On-link
1 306 ::1/128 On-link
13 58 2001::/32 On-link
13 306 2001:0:5ef5:79fd:3cc3:6b9:ac7c:14db/128
On-link
15 281 fe80::/64 On-link
31 286 fe80::/64 On-link
13 306 fe80::/64 On-link
13 306 fe80::3cc3:6b9:ac7c:14db/128
On-link
31 286 fe80::7d72:9515:7213:35e3/128
On-link
15 281 fe80::9cec:ce3f:89de:a123/128
On-link
1 306 ff00::/8 On-link
13 306 ff00::/8 On-link
15 281 ff00::/8 On-link
31 286 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
© Server Fault or respective owner
