Menu
What's new
By:
Filters Better Search

One OpenVPN clients work, second doesn't…

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

T

The Chief

Regular Contributor
Client1, connecting to OpenVPN server at work (net30 topology), works like a charm:

Code: 
Aug 26 20:18:55 openvpn[1817]: OpenVPN 2.3.7 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Aug 19 2015
Aug 26 20:18:55 openvpn[1817]: library versions: OpenSSL 1.0.2d 9 Jul 2015, LZO 2.08
Aug 26 20:18:55 openvpn[1818]: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Aug 26 20:18:55 openvpn[1818]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Aug 26 20:18:55 openvpn[1818]: Socket Buffers: R=[122880->131072] S=[122880->131072]
Aug 26 20:18:55 openvpn[1818]: UDPv4 link local: [undef]
Aug 26 20:18:55 openvpn[1818]: UDPv4 link remote: [AF_INET]213.234.12.10:1194
Aug 26 20:18:55 openvpn[1818]: TLS: Initial packet from [AF_INET]213.234.12.10:1194, sid=13147e03 64ec52a3
Aug 26 20:18:55 openvpn[1818]: VERIFY OK: depth=1, C=RU, ST=RU, L=Volcity, O=Volcity, OU=co.tamerlan, CN=co.tamerlan, name=co.tamerlan, emailAddress=s1@e5.vgg.ru
Aug 26 20:18:55 openvpn[1818]: VERIFY OK: depth=0, C=RU, ST=RU, L=Volcity, O=Volcity, OU=tamerlan.mainframe, CN=tamerlan.mainframe, name=tamerlan.mainframe, emailAddress=s1@e5.vgg.ru
Aug 26 20:18:55 openvpn[1818]: Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Aug 26 20:18:55 openvpn[1818]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Aug 26 20:18:55 openvpn[1818]: Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Aug 26 20:18:55 openvpn[1818]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Aug 26 20:18:55 openvpn[1818]: Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Aug 26 20:18:55 openvpn[1818]: [tamerlan.mainframe] Peer Connection Initiated with [AF_INET]213.234.12.10:1194
Aug 26 20:18:58 openvpn[1818]: SENT CONTROL [tamerlan.mainframe]: 'PUSH_REQUEST' (status=1)
Aug 26 20:18:58 openvpn[1818]: PUSH: Received control message: 'PUSH_REPLY,dhcp-option DOMAIN e5.vgg.ru,dhcp-option DOMAIN pokupochka.ru,dhcp-option DNS 192.168.111.3,dhcp-option DNS 192.168.111.32,route 172.16.0.1,topology net30,ping 10,ping-restart 120,socket-flags TCP_NODELAY,ifconfig 172.16.0.26 172.16.0.25'
Aug 26 20:18:58 openvpn[1818]: OPTIONS IMPORT: timers and/or timeouts modified
Aug 26 20:18:58 openvpn[1818]: OPTIONS IMPORT: --socket-flags option modified
Aug 26 20:18:58 openvpn[1818]: NOTE: setsockopt TCP_NODELAY=1 failed
Aug 26 20:18:58 openvpn[1818]: OPTIONS IMPORT: --ifconfig/up options modified
Aug 26 20:18:58 openvpn[1818]: OPTIONS IMPORT: route options modified
Aug 26 20:18:58 openvpn[1818]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Aug 26 20:18:58 openvpn[1818]: TUN/TAP device tun11 opened
Aug 26 20:18:58 openvpn[1818]: TUN/TAP TX queue length set to 100
Aug 26 20:18:58 openvpn[1818]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Aug 26 20:18:58 openvpn[1818]: /usr/sbin/ip link set dev tun11 up mtu 1500
Aug 26 20:18:58 openvpn[1818]: /usr/sbin/ip addr add dev tun11 local 172.16.0.26 peer 172.16.0.25
Aug 26 20:18:58 openvpn[1818]: updown.sh tun11 1500 1542 172.16.0.26 172.16.0.25 init
Aug 26 20:19:00 openvpn[1818]: /usr/sbin/ip route add 172.16.0.1/32 via 172.16.0.25
Aug 26 20:19:00 openvpn-routing: Configuring policy rules for client 1
Aug 26 20:19:00 openvpn-routing: Creating VPN routing table
Aug 26 20:19:00 openvpn-routing: Removing route for 172.16.0.1 to tun11 from routing tables
Aug 26 20:19:01 openvpn-routing: Added 192.168.16.2 to 192.168.108.0/22 through VPN to routing policy
Aug 26 20:19:01 openvpn-routing: Completed routing policy configuration
Aug 26 20:19:01 openvpn[1818]: Initialization Sequence Completed


Client2, connecting to ProstoVPN commercial OpenVPN server (subnet topology), doesn't work at all, no ping, no traceroute:

Code: 
Aug 26 20:25:13 openvpn[2035]: OpenVPN 2.3.7 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Aug 19 2015
Aug 26 20:25:13 openvpn[2035]: library versions: OpenSSL 1.0.2d 9 Jul 2015, LZO 2.08
Aug 26 20:25:13 openvpn[2036]: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Aug 26 20:25:13 openvpn[2036]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Aug 26 20:25:13 openvpn[2036]: Socket Buffers: R=[122880->131072] S=[122880->131072]
Aug 26 20:25:13 openvpn[2036]: UDPv4 link local: [undef]
Aug 26 20:25:13 openvpn[2036]: UDPv4 link remote: [AF_INET]209.148.85.58:1194
Aug 26 20:25:13 openvpn[2036]: TLS: Initial packet from [AF_INET]209.148.85.58:1194, sid=d101a4ae 79f38d33
Aug 26 20:25:14 openvpn[2036]: VERIFY OK: depth=1, C=RU, ST=RU, L=Internet, O=ProstoVPN.ru, CN=ProstoVPN.ru CA, emailAddress=prostovpn@valdikss.org.ru
Aug 26 20:25:14 openvpn[2036]: VERIFY OK: depth=0, CN=us6.pvpn.pw
Aug 26 20:25:19 openvpn[2036]: WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1542', remote='link-mtu 1541'
Aug 26 20:25:19 openvpn[2036]: WARNING: 'comp-lzo' is present in local config but missing in remote config, local='comp-lzo'
Aug 26 20:25:19 openvpn[2036]: Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Aug 26 20:25:19 openvpn[2036]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Aug 26 20:25:19 openvpn[2036]: Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Aug 26 20:25:19 openvpn[2036]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Aug 26 20:25:19 openvpn[2036]: Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 4096 bit RSA
Aug 26 20:25:19 openvpn[2036]: [us6.pvpn.pw] Peer Connection Initiated with [AF_INET]209.148.85.58:1194
Aug 26 20:25:21 openvpn[2036]: SENT CONTROL [us6.pvpn.pw]: 'PUSH_REQUEST' (status=1)
Aug 26 20:25:22 openvpn[2036]: PUSH: Received control message: 'PUSH_REPLY,ifconfig-ipv6 2002:d194:553a:1::1045/112 2002:d194:553a:1::1,dhcp-option DNS 192.168.101.1,route-ipv6 2000::/3,redirect-gateway def1 bypass-dhcp,sndbuf 393216,rcvbuf 393216,tun-ipv6,route-gateway 192.168.101.1,topology subnet,ping 35,ping-restart 180,ifconfig 192.168.101.71 255.255.255.0'
Aug 26 20:25:22 openvpn[2036]: Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS])
Aug 26 20:25:22 openvpn[2036]: Options error: option 'route-ipv6' cannot be used in this context ([PUSH-OPTIONS])
Aug 26 20:25:22 openvpn[2036]: Options error: option 'redirect-gateway' cannot be used in this context ([PUSH-OPTIONS])
Aug 26 20:25:22 openvpn[2036]: OPTIONS IMPORT: timers and/or timeouts modified
Aug 26 20:25:22 openvpn[2036]: OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
Aug 26 20:25:22 openvpn[2036]: Socket Buffers: R=[131072->245760] S=[131072->245760]
Aug 26 20:25:22 openvpn[2036]: OPTIONS IMPORT: --ifconfig/up options modified
Aug 26 20:25:22 openvpn[2036]: OPTIONS IMPORT: route-related options modified
Aug 26 20:25:22 openvpn[2036]: TUN/TAP device tun12 opened
Aug 26 20:25:22 openvpn[2036]: TUN/TAP TX queue length set to 100
Aug 26 20:25:22 openvpn[2036]: /usr/sbin/ip addr add dev tun12 192.168.101.71/24 broadcast 192.168.101.255
Aug 26 20:25:22 openvpn[2036]: /usr/sbin/ip -6 addr add 2002:d194:553a:1::1045/112 dev tun12
Aug 26 20:25:24 openvpn[2036]: /usr/sbin/ip route add 195.66.226.171/32 via 192.168.101.1
Aug 26 20:25:24 openvpn-routing: Skipping, client 2 not in routing policy mode
Aug 26 20:25:24 openvpn[2036]: Initialization Sequence Completed

What's wrong with it? have I done something stupid? Any ideas?
 
Are you running openvpn.exe as an administrator ?
 
It's a log from RT-AC68U, I've forgot to say. :)
 
There currently isn't full support for IPv6 across the VPN tunnel. Try disabling IPv6 for client2.
 
Can't disable IPv6, sever pushing ipv6 options to me. Disabling ipv6 in router configuration leads to error in openvpn client adding tun interface:

Code: 
openvpn[2804]: [us6.pvpn.pw] Peer Connection Initiated with [AF_INET]209.148.85.58:1194
Aug 27 09:40:32 openvpn[2804]: SENT CONTROL [us6.pvpn.pw]: 'PUSH_REQUEST' (status=1)
Aug 27 09:40:32 openvpn[2804]: PUSH: Received control message: 'PUSH_REPLY,ifconfig-ipv6 2002:d194:553a:1::1045/112 2002:d194:553a:1::1,dhcp-option DNS 192.168.101.1,route-ipv6 2000::/3,redirect-gateway def1 bypass-dhcp,sndbuf 393216,rcvbuf 393216,tun-ipv6,route-gateway 192.168.101.1,topology subnet,ping 35,ping-restart 180,ifconfig 192.168.101.71 255.255.255.0'
Aug 27 09:40:32 openvpn[2804]: OPTIONS IMPORT: timers and/or timeouts modified
Aug 27 09:40:32 openvpn[2804]: OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
Aug 27 09:40:32 openvpn[2804]: Socket Buffers: R=[131072->245760] S=[131072->245760]
Aug 27 09:40:32 openvpn[2804]: OPTIONS IMPORT: --ifconfig/up options modified
Aug 27 09:40:32 openvpn[2804]: OPTIONS IMPORT: route options modified
Aug 27 09:40:32 openvpn[2804]: OPTIONS IMPORT: route-related options modified
Aug 27 09:40:32 openvpn[2804]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Aug 27 09:40:32 openvpn[2804]: TUN/TAP device tun12 opened
Aug 27 09:40:32 openvpn[2804]: TUN/TAP TX queue length set to 100
Aug 27 09:40:32 openvpn[2804]: do_ifconfig, tt->ipv6=1, tt->did_ifconfig_ipv6_setup=1
Aug 27 09:40:32 openvpn[2804]: /usr/sbin/ip addr add dev tun12 192.168.101.71/24 broadcast 192.168.101.255
Aug 27 09:40:32 openvpn[2804]: Linux ip addr add failed: external program exited with error status: 254
Aug 27 09:40:32 openvpn[2804]: Exiting due to fatal error
 
Last edited:
OK..let's try this....re-enable IPv6, then telnet/ssh to the router and enter

ip6tables -I INPUT -i tun12 -j ACCEPT
ip6tables -I FORWARD -i tun12 -j ACCEPT
 
You must log in or register to reply here.

Similar threads

mxz800
GT AX11000 pro tainted P
Replies
6
Views
420
Tech9
Tech9
F
ASUS RT-AC86U (merlin Current Version : 386.12_6): jffs2: Argh. No free space left for GC. Can you help me troubleshoot this please?
Replies
6
Views
1K
fun4stuff
F
A
Devices connect to my openvpn server correctly but no traffic from server to client
Replies
6
Views
1K
ragtap
R
eTomm
I am trying to add an AIMesh node XD6S to a network of two XT8
Replies
0
Views
723
eTomm
eTomm
C
VPN doing a lot of unrecognized options without them even being in the config IPV6 issue
Replies
3
Views
879
RMerlin
RMerlin
Similar threads
Thread starter Title Forum Replies Date
J VPN director Multiple OpenVPN clients Asuswrt-Merlin 7
M OpenVPN clients cannot connect to LAN computers. Asuswrt-Merlin 0
J Solved OpenVPN clients can't resolve custom domains defined in dnsmasq config Asuswrt-Merlin 2
C Connection to router by ip fails while remote over OpenVPN Asuswrt-Merlin 17
S OpenVPN LAN access + one external IP Asuswrt-Merlin 3
G OpenVPN Server log, is this in error ? Asuswrt-Merlin 7
H Extremely low speed on ac86u with openvpn client Asuswrt-Merlin 7
H Can no longer get OpenVPN Server to work Asuswrt-Merlin 4
D Openvpn error Asuswrt-Merlin 1
Sunny786 Help Needed: Configuring OpenVPN Server and Instant Guard on Asus GT-AX11000 with Technicolor CobraXh Modem Router Asuswrt-Merlin 11

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 1,017 (members: 19, guests: 998)
Top