Cannot see local devices via openvpn on 384.4_alpha2-g508109e

[TheBestPessimist]

Hello,

I have a problem when i am trying to connect to my local devices when i am connected via openvpn, tun (note that tap works w/o problems).

Could someone please be so kind and help me sort this out? I would really like to be able to acces my computer's shares + router hdd from everywhere (including my phone).

What i did:
Enabled the openvpn server,
chosen that i want to use openvpn for internet and local,
disabled user and pass authentication (so that everyone with config can just use the connection),
generated the config and used on my laptop, which is connected via wireless to my phone's hotspot.

I have added screenshots with my settings, plus some logs and other data i thought important.

Client route when connected to openvpn:

PS C:\Windows\system32> route print
===========================================================================
Interface List
  3...34 e6 d7 09 c3 ca ......Intel(R) Ethernet Connection I217-LM
  5...80 00 0b 48 f8 ab ......Microsoft Wi-Fi Direct Virtual Adapter
  4...00 ff 34 4d c8 5a ......TAP-Windows Adapter V9
  7...80 00 0b 48 f8 aa ......Intel(R) Centrino(R) Advanced-N 6235
  1...........................Software Loopback Interface 1
  6...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0     192.168.43.1    192.168.43.83     55
          0.0.0.0        128.0.0.0         10.8.0.1         10.8.0.2     35
         10.8.0.0    255.255.255.0         On-link          10.8.0.2    291
         10.8.0.2  255.255.255.255         On-link          10.8.0.2    291
       10.8.0.255  255.255.255.255         On-link          10.8.0.2    291
     79.114.56.29  255.255.255.255     192.168.43.1    192.168.43.83     55
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
        128.0.0.0        128.0.0.0         10.8.0.1         10.8.0.2     35
     192.168.43.0    255.255.255.0         On-link     192.168.43.83    311
    192.168.43.83  255.255.255.255         On-link     192.168.43.83    311
   192.168.43.255  255.255.255.255         On-link     192.168.43.83    311
     192.168.87.0    255.255.255.0         10.8.0.1         10.8.0.2    500
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link     192.168.43.83    311
        224.0.0.0        240.0.0.0         On-link          10.8.0.2    291
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link     192.168.43.83    311
  255.255.255.255  255.255.255.255         On-link          10.8.0.2    291
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    331 ::1/128                  On-link
  7    311 fe80::/64                On-link
  4    291 fe80::/64                On-link
  4    291 fe80::202d:f7af:21f7:5082/128
                                    On-link
  7    311 fe80::896c:6f52:2f18:7104/128
                                    On-link
  1    331 ff00::/8                 On-link
  7    311 ff00::/8                 On-link
  4    291 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
PS C:\Windows\system32>

Server log

Mar 15 09:56:25 ovpn-server1[16948]: 82.137.14.21 TLS: Initial packet from [AF_INET6]::ffff:82.137.14.21:16926, sid=040642e2 365d6704
Mar 15 09:56:25 ovpn-server1[16948]: 82.137.14.21 VERIFY OK: depth=1, C=TW, ST=TW, L=Taipei, O=ASUS, CN=RT-AC87U, emailAddress=me@myhost.mydomain
Mar 15 09:56:25 ovpn-server1[16948]: 82.137.14.21 VERIFY OK: depth=0, C=TW, ST=TW, L=Taipei, O=ASUS, CN=client, emailAddress=me@myhost.mydomain
Mar 15 09:56:25 ovpn-server1[16948]: 82.137.14.21 peer info: IV_VER=2.4.5
Mar 15 09:56:25 ovpn-server1[16948]: 82.137.14.21 peer info: IV_PLAT=win
Mar 15 09:56:25 ovpn-server1[16948]: 82.137.14.21 peer info: IV_PROTO=2
Mar 15 09:56:25 ovpn-server1[16948]: 82.137.14.21 peer info: IV_NCP=2
Mar 15 09:56:25 ovpn-server1[16948]: 82.137.14.21 peer info: IV_LZ4=1
Mar 15 09:56:25 ovpn-server1[16948]: 82.137.14.21 peer info: IV_LZ4v2=1
Mar 15 09:56:25 ovpn-server1[16948]: 82.137.14.21 peer info: IV_LZO=1
Mar 15 09:56:25 ovpn-server1[16948]: 82.137.14.21 peer info: IV_COMP_STUB=1
Mar 15 09:56:25 ovpn-server1[16948]: 82.137.14.21 peer info: IV_COMP_STUBv2=1
Mar 15 09:56:25 ovpn-server1[16948]: 82.137.14.21 peer info: IV_TCPNL=1
Mar 15 09:56:25 ovpn-server1[16948]: 82.137.14.21 peer info: IV_GUI_VER=OpenVPN_GUI_11
Mar 15 09:56:25 ovpn-server1[16948]: 82.137.14.21 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA
Mar 15 09:56:25 ovpn-server1[16948]: 82.137.14.21 [client] Peer Connection Initiated with [AF_INET6]::ffff:82.137.14.21:16926
Mar 15 09:56:25 ovpn-server1[16948]: client/82.137.14.21 MULTI_sva: pool returned IPv4=10.8.0.2, IPv6=(Not enabled)
Mar 15 09:56:25 ovpn-server1[16948]: client/82.137.14.21 MULTI: Learn: 10.8.0.2 -> client/82.137.14.21
Mar 15 09:56:25 ovpn-server1[16948]: client/82.137.14.21 MULTI: primary virtual IP for client/82.137.14.21: 10.8.0.2
Mar 15 09:56:26 ovpn-server1[16948]: client/82.137.14.21 PUSH: Received control message: 'PUSH_REQUEST'
Mar 15 09:56:26 ovpn-server1[16948]: client/82.137.14.21 SENT CONTROL [client]: 'PUSH_REPLY,route 192.168.87.0 255.255.255.0 vpn_gateway 500,dhcp-option DNS 192.168.87.1,redirect-gateway def1,route-gateway 10.8.0.1,topology subnet,ping 15,ping-restart 60,ifconfig 10.8.0.2 255.255.255.0,peer-id 1,cipher AES-128-GCM' (status=1)
Mar 15 09:56:26 ovpn-server1[16948]: client/82.137.14.21 Data Channel: using negotiated cipher 'AES-128-GCM'
Mar 15 09:56:26 ovpn-server1[16948]: client/82.137.14.21 Outgoing Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
Mar 15 09:56:26 ovpn-server1[16948]: client/82.137.14.21 Incoming Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
Mar 15 09:57:04 ovpn-server1[16948]: client/82.137.14.21 [client] Inactivity timeout (--ping-restart), restarting
Mar 15 09:57:04 ovpn-server1[16948]: client/82.137.14.21 SIGUSR1[soft,ping-restart] received, client-instance restarting

Client log

Thu Mar 15 08:56:32 2018 OpenVPN 2.4.5 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Mar  1 2018
Thu Mar 15 08:56:32 2018 Windows version 6.2 (Windows 8 or greater) 64bit
Thu Mar 15 08:56:32 2018 library versions: OpenSSL 1.1.0f  25 May 2017, LZO 2.10
Thu Mar 15 08:56:33 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]79.114.56.29:1194
Thu Mar 15 08:56:33 2018 UDP link local: (not bound)
Thu Mar 15 08:56:33 2018 UDP link remote: [AF_INET]79.114.56.29:1194
Thu Mar 15 08:56:33 2018 [RT-AC87U] Peer Connection Initiated with [AF_INET]79.114.56.29:1194
Thu Mar 15 08:56:34 2018 open_tun
Thu Mar 15 08:56:34 2018 TAP-WIN32 device [Ethernet 2] opened: \\.\Global\{344DC85A-6764-4E4A-9F62-E9CA6F201F24}.tap
Thu Mar 15 08:56:34 2018 Set TAP-Windows TUN subnet mode network/local/netmask = 10.8.0.0/10.8.0.2/255.255.255.0 [SUCCEEDED]
Thu Mar 15 08:56:34 2018 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.8.0.2/255.255.255.0 on interface {344DC85A-6764-4E4A-9F62-E9CA6F201F24} [DHCP-serv: 10.8.0.254, lease-time: 31536000]
Thu Mar 15 08:56:34 2018 Successful ARP Flush on interface [4] {344DC85A-6764-4E4A-9F62-E9CA6F201F24}
Thu Mar 15 08:56:34 2018 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Thu Mar 15 08:56:39 2018 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Thu Mar 15 08:56:39 2018 Initialization Sequence Completed

PS C:\Windows\system32> ipconfig

Windows IP Configuration


Ethernet adapter Ethernet:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : wamas.com

Wireless LAN adapter Local Area Connection* 1:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Ethernet adapter Ethernet 2:

   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::202d:f7af:21f7:5082%4
   IPv4 Address. . . . . . . . . . . : 10.8.0.2
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . :

Wireless LAN adapter Wi-Fi:

   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::896c:6f52:2f18:7104%7
   IPv4 Address. . . . . . . . . . . : 192.168.43.83
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.43.1

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
PS C:\Windows\system32>

 

[TheBestPessimist]

Continuation:

PS C:\Windows\system32> PING asus
Ping request could not find host asus. Please check the name and try again.
PS C:\Windows\system32> ping asus.tbp.lan

Pinging asus.tbp.lan [192.168.87.1] with 32 bytes of data:
Reply from 192.168.87.1: bytes=32 time=64ms TTL=64
Reply from 192.168.87.1: bytes=32 time=177ms TTL=64
Reply from 192.168.87.1: bytes=32 time=63ms TTL=64
Reply from 192.168.87.1: bytes=32 time=90ms TTL=64

Ping statistics for 192.168.87.1:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 63ms, Maximum = 177ms, Average = 98ms

PS C:\Windows\system32> ping tbp.tbp.lan

Pinging tbp.tbp.lan [192.168.87.69] with 32 bytes of data:
Request timed out.
Request timed out.

Ping statistics for 192.168.87.69:
    Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),
Control-C

PS C:\Windows\system32> tracert asus.tbp.lan

Tracing route to asus.tbp.lan [192.168.87.1]
over a maximum of 30 hops:

  1    76 ms    78 ms    78 ms  router.asus.com [192.168.87.1]

Trace complete.

PS C:\Windows\system32> tracert tbp.tbp.lan

Tracing route to tbp.tbp.lan [192.168.87.69]
over a maximum of 30 hops:

  1   104 ms    53 ms    58 ms  10.8.0.1
  2     *        *        *     Request timed out.
  3     *        *        *     Request timed out.
  4

PS C:\Windows\system32> PING 192.168.87.69

Pinging 192.168.87.69 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 192.168.87.69:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

PS C:\Windows\system32>

Route when disconnected from the VPN:

PS C:\Windows\system32> route print
===========================================================================
Interface List
  3...34 e6 d7 09 c3 ca ......Intel(R) Ethernet Connection I217-LM
  5...80 00 0b 48 f8 ab ......Microsoft Wi-Fi Direct Virtual Adapter
  4...00 ff 34 4d c8 5a ......TAP-Windows Adapter V9
  7...80 00 0b 48 f8 aa ......Intel(R) Centrino(R) Advanced-N 6235
  1...........................Software Loopback Interface 1
  6...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0     192.168.43.1    192.168.43.83     55
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
     192.168.43.0    255.255.255.0         On-link     192.168.43.83    311
    192.168.43.83  255.255.255.255         On-link     192.168.43.83    311
   192.168.43.255  255.255.255.255         On-link     192.168.43.83    311
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link     192.168.43.83    311
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link     192.168.43.83    311
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  6    331 ::/0                     On-link
  1    331 ::1/128                  On-link
  6    331 2001::/32                On-link
  6    331 2001:0:9d38:90d7:2cd1:13ee:3f57:d4ac/128
                                    On-link
  7    311 fe80::/64                On-link
  6    331 fe80::/64                On-link
  6    331 fe80::2cd1:13ee:3f57:d4ac/128
                                    On-link
  7    311 fe80::896c:6f52:2f18:7104/128
                                    On-link
  1    331 ff00::/8                 On-link
  7    311 ff00::/8                 On-link
  6    331 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
PS C:\Windows\system32>

 

[ColinTaylor]

Temporarily turn off the firewall on 192.168.87.69. By default Windows will block anything that doesn't originate from a LAN IP address (192.168.87.x), like your VPN client (10.8.0.x).

 

[TheBestPessimist]

Hello, I have tried that but i still can't connect. I have tried to connect both to a Mac, and to my windows PC.

 

[TheBestPessimist]

As a second issue, as you can also see in my logs:
Why must i use fully qualified name in order to ping asus? i was expecting that just the hostname would be enough.

 

[ColinTaylor]

As a second issue, as you can also see in my logs:
Why must i use fully qualified name in order to ping asus? i was expecting that just the hostname would be enough.

It's because the client isn't part of the tbp.lan domain (and its Connection-specific DNS Suffix is in fact null). Issue an ipconfig /all and look at the DNS Suffix Search List.

You could try pushing the server's domain to the client. I don't use the VPN client so I can't say exactly how to do it, but I believe the following command is what you want:

push "dhcp-option DOMAIN tbp.lan"

EDIT: I can only test with my mobile phone, but I find that using TCP instead of UDP is much more reliable, especially where ping's are concerned.

 

[TheBestPessimist]

Thank you very much .
The push command helped: i can ping asus w/o by only using the hostname .

Now if only i could figure out what to do to make the vpn connection work :-/
(note: when doing network traffic on the client, all the data goes through the vpn -- so that works, the only problem is accessing the computers inside the local network)

 

[TheBestPessimist]

Update: overnight i turned the router off (oh, it has been rebooted so many times, but this time it was just off for more than 4 hours), and in the morning, when i tested again, i could access my home computer and the hdd connected to the router. Yaaaaaaaay .

One more question and i'll be finished now (hopefully): how can i also connect from local lan to openvpn client?

I tried to add to Lan->Route the folllowing route:

 network 10.8.0.0 netmask 255.255.255.0 gateway 192.168.87.1 metric 200 interface MAN

but it doesn't seem to work. (router was rebooted after adding it).

 

[ColinTaylor]

I just tried pinging my phone and it worked without any problems. No additional routing is required because the OpenVPN server creates one itself.

# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
82.28.104.1     0.0.0.0         255.255.255.255 UH    0      0        0 eth0
10.8.0.0        0.0.0.0         255.255.255.0   U     0      0        0 tun21
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 br0
82.28.104.0     0.0.0.0         255.255.252.0   U     0      0        0 eth0
127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
0.0.0.0         82.28.104.1     0.0.0.0         UG    0      0        0 eth0

The only trick is knowing what the IP address is for the client.

C:\Users\Colin>ping 10.8.0.2

Pinging 10.8.0.2 with 32 bytes of data:
Reply from 10.8.0.2: bytes=32 time=242ms TTL=63
Reply from 10.8.0.2: bytes=32 time=186ms TTL=63
Reply from 10.8.0.2: bytes=32 time=115ms TTL=63
Reply from 10.8.0.2: bytes=32 time=110ms TTL=63

Ping statistics for 10.8.0.2:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 110ms, Maximum = 242ms, Average = 163ms

 

[TheBestPessimist]

For me, that just won't work:

Vpn client -> my computer:

PS C:\WINDOWS\system32> ipconfig
Windows IP Configuration
Wireless LAN adapter Local Area Connection* 1:
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
Ethernet adapter Ethernet:
   Connection-specific DNS Suffix  . : tbp.lan
   IPv4 Address. . . . . . . . . . . : 10.8.0.3
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . :
Wireless LAN adapter Wi-Fi:
   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::a58f:7dda:d32b:c02c%18
   IPv4 Address. . . . . . . . . . . : 172.20.10.12
   Subnet Mask . . . . . . . . . . . : 255.255.255.240
   Default Gateway . . . . . . . . . : 172.20.10.1
Tunnel adapter Local Area Connection* 11:
   Connection-specific DNS Suffix  . :
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:90d7:3c66:1096:a987:380c
   Link-local IPv6 Address . . . . . : fe80::3c66:1096:a987:380c%4
   Default Gateway . . . . . . . . . : ::
PS C:\WINDOWS\system32> ping 192.168.87.69
Pinging 192.168.87.69 with 32 bytes of data:
Reply from 192.168.87.69: bytes=32 time=182ms TTL=127
Reply from 192.168.87.69: bytes=32 time=83ms TTL=127
Reply from 192.168.87.69: bytes=32 time=94ms TTL=127
Reply from 192.168.87.69: bytes=32 time=120ms TTL=127
Ping statistics for 192.168.87.69:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 83ms, Maximum = 182ms, Average = 119ms
PS C:\WINDOWS\system32>

My computer -> client

PS C:\Windows\system32> ipconfig
Windows IP Configuration
Ethernet adapter Ethernet:
   Connection-specific DNS Suffix  . : tbp.lan
   IPv6 Address. . . . . . . . . . . : 2a02:2f09:3140:879:500:49c1:6201:4a8a
   Temporary IPv6 Address. . . . . . : 2a02:2f09:3140:879:e49a:d668:b95d:af0a
   Link-local IPv6 Address . . . . . : fe80::500:49c1:6201:4a8a%11
   IPv4 Address. . . . . . . . . . . : 192.168.87.69
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : fe80::325a:3aff:fe6f:76e0%11
                                       192.168.87.1
Tunnel adapter Teredo Tunneling Pseudo-Interface:
   Connection-specific DNS Suffix  . :
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:90d7:2862:11ce:a982:a315
   Link-local IPv6 Address . . . . . : fe80::2862:11ce:a982:a315%5
   Default Gateway . . . . . . . . . :
PS C:\Windows\system32>

 

[ColinTaylor]

Have you tried disabling the firewall on the client? Maybe it's a Windows thing, have you tried it with your mobile phone?

 

[TheBestPessimist]

Yes, for testing, all firewalls are off.

Plus: it's not only about the pinging, i can't access the shares on my pc from client.

 

[KevTech]

Not sure why you are still using the alpha as 384.4 has moved to beta and in fact is in beta 3 now so perhaps the issue has been addressed.

 

[TheBestPessimist]

Well, i cant quite update the router, as i am not @home. So that's why i am strugling with the VPN so much in the alpha version.