Client1, connecting to OpenVPN server at work (net30 topology), works like a charm:
Client2, connecting to ProstoVPN commercial OpenVPN server (subnet topology), doesn't work at all, no ping, no traceroute:
What's wrong with it? have I done something stupid? Any ideas?
Code:
Aug 26 20:18:55 openvpn[1817]: OpenVPN 2.3.7 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Aug 19 2015
Aug 26 20:18:55 openvpn[1817]: library versions: OpenSSL 1.0.2d 9 Jul 2015, LZO 2.08
Aug 26 20:18:55 openvpn[1818]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Aug 26 20:18:55 openvpn[1818]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Aug 26 20:18:55 openvpn[1818]: Socket Buffers: R=[122880->131072] S=[122880->131072]
Aug 26 20:18:55 openvpn[1818]: UDPv4 link local: [undef]
Aug 26 20:18:55 openvpn[1818]: UDPv4 link remote: [AF_INET]213.234.12.10:1194
Aug 26 20:18:55 openvpn[1818]: TLS: Initial packet from [AF_INET]213.234.12.10:1194, sid=13147e03 64ec52a3
Aug 26 20:18:55 openvpn[1818]: VERIFY OK: depth=1, C=RU, ST=RU, L=Volcity, O=Volcity, OU=co.tamerlan, CN=co.tamerlan, name=co.tamerlan, emailAddress=s1@e5.vgg.ru
Aug 26 20:18:55 openvpn[1818]: VERIFY OK: depth=0, C=RU, ST=RU, L=Volcity, O=Volcity, OU=tamerlan.mainframe, CN=tamerlan.mainframe, name=tamerlan.mainframe, emailAddress=s1@e5.vgg.ru
Aug 26 20:18:55 openvpn[1818]: Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Aug 26 20:18:55 openvpn[1818]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Aug 26 20:18:55 openvpn[1818]: Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Aug 26 20:18:55 openvpn[1818]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Aug 26 20:18:55 openvpn[1818]: Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Aug 26 20:18:55 openvpn[1818]: [tamerlan.mainframe] Peer Connection Initiated with [AF_INET]213.234.12.10:1194
Aug 26 20:18:58 openvpn[1818]: SENT CONTROL [tamerlan.mainframe]: 'PUSH_REQUEST' (status=1)
Aug 26 20:18:58 openvpn[1818]: PUSH: Received control message: 'PUSH_REPLY,dhcp-option DOMAIN e5.vgg.ru,dhcp-option DOMAIN pokupochka.ru,dhcp-option DNS 192.168.111.3,dhcp-option DNS 192.168.111.32,route 172.16.0.1,topology net30,ping 10,ping-restart 120,socket-flags TCP_NODELAY,ifconfig 172.16.0.26 172.16.0.25'
Aug 26 20:18:58 openvpn[1818]: OPTIONS IMPORT: timers and/or timeouts modified
Aug 26 20:18:58 openvpn[1818]: OPTIONS IMPORT: --socket-flags option modified
Aug 26 20:18:58 openvpn[1818]: NOTE: setsockopt TCP_NODELAY=1 failed
Aug 26 20:18:58 openvpn[1818]: OPTIONS IMPORT: --ifconfig/up options modified
Aug 26 20:18:58 openvpn[1818]: OPTIONS IMPORT: route options modified
Aug 26 20:18:58 openvpn[1818]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Aug 26 20:18:58 openvpn[1818]: TUN/TAP device tun11 opened
Aug 26 20:18:58 openvpn[1818]: TUN/TAP TX queue length set to 100
Aug 26 20:18:58 openvpn[1818]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Aug 26 20:18:58 openvpn[1818]: /usr/sbin/ip link set dev tun11 up mtu 1500
Aug 26 20:18:58 openvpn[1818]: /usr/sbin/ip addr add dev tun11 local 172.16.0.26 peer 172.16.0.25
Aug 26 20:18:58 openvpn[1818]: updown.sh tun11 1500 1542 172.16.0.26 172.16.0.25 init
Aug 26 20:19:00 openvpn[1818]: /usr/sbin/ip route add 172.16.0.1/32 via 172.16.0.25
Aug 26 20:19:00 openvpn-routing: Configuring policy rules for client 1
Aug 26 20:19:00 openvpn-routing: Creating VPN routing table
Aug 26 20:19:00 openvpn-routing: Removing route for 172.16.0.1 to tun11 from routing tables
Aug 26 20:19:01 openvpn-routing: Added 192.168.16.2 to 192.168.108.0/22 through VPN to routing policy
Aug 26 20:19:01 openvpn-routing: Completed routing policy configuration
Aug 26 20:19:01 openvpn[1818]: Initialization Sequence Completed
Client2, connecting to ProstoVPN commercial OpenVPN server (subnet topology), doesn't work at all, no ping, no traceroute:
Code:
Aug 26 20:25:13 openvpn[2035]: OpenVPN 2.3.7 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Aug 19 2015
Aug 26 20:25:13 openvpn[2035]: library versions: OpenSSL 1.0.2d 9 Jul 2015, LZO 2.08
Aug 26 20:25:13 openvpn[2036]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Aug 26 20:25:13 openvpn[2036]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Aug 26 20:25:13 openvpn[2036]: Socket Buffers: R=[122880->131072] S=[122880->131072]
Aug 26 20:25:13 openvpn[2036]: UDPv4 link local: [undef]
Aug 26 20:25:13 openvpn[2036]: UDPv4 link remote: [AF_INET]209.148.85.58:1194
Aug 26 20:25:13 openvpn[2036]: TLS: Initial packet from [AF_INET]209.148.85.58:1194, sid=d101a4ae 79f38d33
Aug 26 20:25:14 openvpn[2036]: VERIFY OK: depth=1, C=RU, ST=RU, L=Internet, O=ProstoVPN.ru, CN=ProstoVPN.ru CA, emailAddress=prostovpn@valdikss.org.ru
Aug 26 20:25:14 openvpn[2036]: VERIFY OK: depth=0, CN=us6.pvpn.pw
Aug 26 20:25:19 openvpn[2036]: WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1542', remote='link-mtu 1541'
Aug 26 20:25:19 openvpn[2036]: WARNING: 'comp-lzo' is present in local config but missing in remote config, local='comp-lzo'
Aug 26 20:25:19 openvpn[2036]: Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Aug 26 20:25:19 openvpn[2036]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Aug 26 20:25:19 openvpn[2036]: Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Aug 26 20:25:19 openvpn[2036]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Aug 26 20:25:19 openvpn[2036]: Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 4096 bit RSA
Aug 26 20:25:19 openvpn[2036]: [us6.pvpn.pw] Peer Connection Initiated with [AF_INET]209.148.85.58:1194
Aug 26 20:25:21 openvpn[2036]: SENT CONTROL [us6.pvpn.pw]: 'PUSH_REQUEST' (status=1)
Aug 26 20:25:22 openvpn[2036]: PUSH: Received control message: 'PUSH_REPLY,ifconfig-ipv6 2002:d194:553a:1::1045/112 2002:d194:553a:1::1,dhcp-option DNS 192.168.101.1,route-ipv6 2000::/3,redirect-gateway def1 bypass-dhcp,sndbuf 393216,rcvbuf 393216,tun-ipv6,route-gateway 192.168.101.1,topology subnet,ping 35,ping-restart 180,ifconfig 192.168.101.71 255.255.255.0'
Aug 26 20:25:22 openvpn[2036]: Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS])
Aug 26 20:25:22 openvpn[2036]: Options error: option 'route-ipv6' cannot be used in this context ([PUSH-OPTIONS])
Aug 26 20:25:22 openvpn[2036]: Options error: option 'redirect-gateway' cannot be used in this context ([PUSH-OPTIONS])
Aug 26 20:25:22 openvpn[2036]: OPTIONS IMPORT: timers and/or timeouts modified
Aug 26 20:25:22 openvpn[2036]: OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
Aug 26 20:25:22 openvpn[2036]: Socket Buffers: R=[131072->245760] S=[131072->245760]
Aug 26 20:25:22 openvpn[2036]: OPTIONS IMPORT: --ifconfig/up options modified
Aug 26 20:25:22 openvpn[2036]: OPTIONS IMPORT: route-related options modified
Aug 26 20:25:22 openvpn[2036]: TUN/TAP device tun12 opened
Aug 26 20:25:22 openvpn[2036]: TUN/TAP TX queue length set to 100
Aug 26 20:25:22 openvpn[2036]: /usr/sbin/ip addr add dev tun12 192.168.101.71/24 broadcast 192.168.101.255
Aug 26 20:25:22 openvpn[2036]: /usr/sbin/ip -6 addr add 2002:d194:553a:1::1045/112 dev tun12
Aug 26 20:25:24 openvpn[2036]: /usr/sbin/ip route add 195.66.226.171/32 via 192.168.101.1
Aug 26 20:25:24 openvpn-routing: Skipping, client 2 not in routing policy mode
Aug 26 20:25:24 openvpn[2036]: Initialization Sequence Completed
What's wrong with it? have I done something stupid? Any ideas?