Unable to access internet over openvpn connection on a personal server... please help

[punchsuckr]

Hi, I am at my wits end setting up an open vpn server on my PC. I was running it on my n66u but the speeds it provides leaves much to be desired so I decided to set it up on a separate PC I had lying around.

I have done most things and clients successfully connect to the server, however, as soon as I enable the push "redirect-gateway def1 bypass-dhcp" option, I lose internet connectivity on my client.

Also, I am currently on the extremely common LAN subnet of 192.168.1.x... I have never changed the subnet of my LAN before and I am wary of messing something up. The vpn will mostly only be used at my family's place in the UAE and I have used the older on-router solution there and it worked without problems so i do not know how worthwhile will the task of changing my subnet be.

Anyhoo my client and server config files are below:

server

;local a.b.c.d

port 1194


;proto tcp
proto udp

;dev tap
dev tun

;dev-node MyTap

ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\config\\server.crt"
key "C:\\Program Files\\OpenVPN\\config\\server.key"  # This file should be kept secret

dh "C:\\Program Files\\OpenVPN\\config\\dh1024.pem"

;topology subnet

server 10.8.0.0 255.255.255.0

ifconfig-pool-persist ipp.txt

;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100

;server-bridge

;push "route 192.168.10.0 255.255.255.0"
;push "route 192.168.20.0 255.255.255.0"
push "route 192.168.1.0 255.255.255.0"

;client-config-dir ccd
;route 192.168.40.128 255.255.255.248

;client-config-dir ccd
;route 10.9.0.0 255.255.255.252

;learn-address ./script

push "redirect-gateway def1 bypass-dhcp"

push "dhcp-option DNS 199.85.126.10"
push "dhcp-option DNS 199.85.127.10"

client-to-client

duplicate-cn

keepalive 10 120

;tls-auth ta.key 0 # This file is secret

cipher AES-256-CBC

;compress lz4-v2
;push "compress lz4-v2"

;comp-lzo

max-clients 5

;user nobody
;group nobody

persist-key
persist-tun

status openvpn-status.log

;log         openvpn.log
;log-append  openvpn.log

verb 3

;mute 20

;explicit-exit-notify 1

client

;dev tap
dev tun

;dev-node MyTap

;proto tcp
proto udp

remote spoiltrouter.asuscomm.com 1194
;remote my-server-2 1194

;remote-random

resolv-retry infinite


nobind


;user nobody
;group nobody


persist-key
persist-tun

;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]

;mute-replay-warnings

ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\config\\test2.crt"
key "C:\\Program Files\\OpenVPN\\config\\test2.key"

remote-cert-tls server

;tls-auth ta.key 1

cipher AES-256-CBC

#comp-lzo


verb 3

# Silence repeating messages
;mute 20

I have tried with both tcp and udp since udp doesn't work on the n66u server as well... but still there's nothing.

Thank you for going through this post. Please bear with me I am a complete noob when it comes to routing but really need it to work.

 

[punchsuckr]

Here are the connection logs from the server and client (also a half assed attempt at privacy with the external IP addr).

server log

Sat Jun 24 22:36:24 2017 interactive service msg_channel=0
Sat Jun 24 22:36:24 2017 ROUTE_GATEWAY 192.168.1.1/255.255.255.0 I=5 HWADDR=30:b5:c2:00:57:bf
Sat Jun 24 22:36:24 2017 open_tun
Sat Jun 24 22:36:24 2017 TAP-WIN32 device [Ethernet 2] opened: \\.\Global\{1D04E04E-FB80-4464-97A7-F70E4022643F}.tap
Sat Jun 24 22:36:24 2017 TAP-Windows Driver Version 9.21 
Sat Jun 24 22:36:24 2017 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.8.0.1/255.255.255.252 on interface {1D04E04E-FB80-4464-97A7-F70E4022643F} [DHCP-serv: 10.8.0.2, lease-time: 31536000]
Sat Jun 24 22:36:24 2017 Sleeping for 10 seconds...
Sat Jun 24 22:36:34 2017 Successful ARP Flush on interface [9] {1D04E04E-FB80-4464-97A7-F70E4022643F}
Sat Jun 24 22:36:34 2017 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Sat Jun 24 22:36:34 2017 MANAGEMENT: >STATE:1498323994,ASSIGN_IP,,10.8.0.1,,,,
Sat Jun 24 22:36:34 2017 MANAGEMENT: >STATE:1498323994,ADD_ROUTES,,,,,,
Sat Jun 24 22:36:34 2017 C:\WINDOWS\system32\route.exe ADD 10.8.0.0 MASK 255.255.255.0 10.8.0.2
Sat Jun 24 22:36:34 2017 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=35 and dwForwardType=4
Sat Jun 24 22:36:34 2017 Route addition via IPAPI succeeded [adaptive]
Sat Jun 24 22:36:34 2017 Could not determine IPv4/IPv6 protocol. Using AF_INET6
Sat Jun 24 22:36:34 2017 Socket Buffers: R=[65536->65536] S=[65536->65536]
Sat Jun 24 22:36:34 2017 setsockopt(IPV6_V6ONLY=0)
Sat Jun 24 22:36:34 2017 Listening for incoming TCP connection on [AF_INET6][undef]:1194
Sat Jun 24 22:36:34 2017 TCPv6_SERVER link local (bound): [AF_INET6][undef]:1194
Sat Jun 24 22:36:34 2017 TCPv6_SERVER link remote: [AF_UNSPEC]
Sat Jun 24 22:36:34 2017 MULTI: multi_init called, r=256 v=256
Sat Jun 24 22:36:34 2017 IFCONFIG POOL: base=10.8.0.4 size=62, ipv6=0
Sat Jun 24 22:36:34 2017 IFCONFIG POOL LIST
Sat Jun 24 22:36:34 2017 MULTI: TCP INIT maxclients=5 maxevents=9
Sat Jun 24 22:36:34 2017 Initialization Sequence Completed
Sat Jun 24 22:36:34 2017 MANAGEMENT: >STATE:1498323994,CONNECTED,SUCCESS,10.8.0.1,,,,

client log

Sat Jun 24 22:38:57 2017 OpenVPN 2.4.2 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on May 11 2017
Sat Jun 24 22:38:57 2017 Windows version 6.2 (Windows 8 or greater) 64bit
Sat Jun 24 22:38:57 2017 library versions: OpenSSL 1.0.2k  26 Jan 2017, LZO 2.10
Enter Management Password:
Sat Jun 24 22:38:57 2017 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Sat Jun 24 22:38:58 2017 Need hold release from management interface, waiting...
Sat Jun 24 22:38:58 2017 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Sat Jun 24 22:38:58 2017 MANAGEMENT: CMD 'state on'
Sat Jun 24 22:38:58 2017 MANAGEMENT: CMD 'log all on'
Sat Jun 24 22:38:58 2017 MANAGEMENT: CMD 'echo all on'
Sat Jun 24 22:38:58 2017 MANAGEMENT: CMD 'hold off'
Sat Jun 24 22:38:58 2017 MANAGEMENT: CMD 'hold release'
Sat Jun 24 22:38:59 2017 MANAGEMENT: >STATE:1498324139,RESOLVE,,,,,,
Sat Jun 24 22:38:59 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]xxxxxxxxxxxx:1194
Sat Jun 24 22:38:59 2017 Socket Buffers: R=[65536->65536] S=[65536->65536]
Sat Jun 24 22:38:59 2017 Attempting to establish TCP connection with [AF_INET]xxxxxxxxxxxx:1194 [nonblock]
Sat Jun 24 22:38:59 2017 MANAGEMENT: >STATE:1498324139,TCP_CONNECT,,,,,,
Sat Jun 24 22:39:00 2017 TCP connection established with [AF_INET]xxxxxxxxxxxx:1194
Sat Jun 24 22:39:00 2017 TCP_CLIENT link local: (not bound)
Sat Jun 24 22:39:00 2017 TCP_CLIENT link remote: [AF_INET]xxxxxxxxxxxxxx:1194
Sat Jun 24 22:39:00 2017 MANAGEMENT: >STATE:1498324140,WAIT,,,,,,
Sat Jun 24 22:39:00 2017 MANAGEMENT: >STATE:1498324140,AUTH,,,,,,
Sat Jun 24 22:39:00 2017 TLS: Initial packet from [AF_INET]xxxxxxxxxxxxxxxx:1194, sid=67ef1950 97261b6b
Sat Jun 24 22:39:00 2017 VERIFY OK: depth=1, C=IN, ST=DE, L=DEL, O=OpenVPN, OU=LOL, CN=ca, name=ca, emailAddress=mail@host.do
Sat Jun 24 22:39:00 2017 VERIFY KU OK
Sat Jun 24 22:39:00 2017 Validating certificate extended key usage
Sat Jun 24 22:39:00 2017 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Sat Jun 24 22:39:00 2017 VERIFY EKU OK
Sat Jun 24 22:39:00 2017 VERIFY OK: depth=0, C=IN, ST=DE, L=DEL, O=OpenVPN, OU=LOL, CN=server, name=server, emailAddress=mail@host.do
Sat Jun 24 22:39:00 2017 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA
Sat Jun 24 22:39:00 2017 [server] Peer Connection Initiated with [AF_INET]xxxxxxxxxxxxxxx:1194
Sat Jun 24 22:39:02 2017 MANAGEMENT: >STATE:1498324142,GET_CONFIG,,,,,,
Sat Jun 24 22:39:02 2017 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Sat Jun 24 22:39:02 2017 PUSH: Received control message: 'PUSH_REPLY,route 192.168.1.0 255.255.255.0,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 199.85.126.10,dhcp-option DNS 199.85.127.10,route 10.8.0.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.10 10.8.0.9,peer-id 0,cipher AES-256-GCM'
Sat Jun 24 22:39:02 2017 OPTIONS IMPORT: timers and/or timeouts modified
Sat Jun 24 22:39:02 2017 OPTIONS IMPORT: --ifconfig/up options modified
Sat Jun 24 22:39:02 2017 OPTIONS IMPORT: route options modified
Sat Jun 24 22:39:02 2017 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sat Jun 24 22:39:02 2017 OPTIONS IMPORT: peer-id set
Sat Jun 24 22:39:02 2017 OPTIONS IMPORT: adjusting link_mtu to 1626
Sat Jun 24 22:39:02 2017 OPTIONS IMPORT: data channel crypto options modified
Sat Jun 24 22:39:02 2017 Data Channel Encrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
Sat Jun 24 22:39:02 2017 Data Channel Decrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
Sat Jun 24 22:39:02 2017 interactive service msg_channel=728
Sat Jun 24 22:39:02 2017 ROUTE_GATEWAY 172.20.10.1/255.255.255.240 I=13 HWADDR=58:00:e3:45:5a:bd
Sat Jun 24 22:39:02 2017 open_tun
Sat Jun 24 22:39:02 2017 TAP-WIN32 device [Ethernet 2] opened: \\.\Global\{EB17C3A9-FFF9-492B-B1E8-7E647662EFD9}.tap
Sat Jun 24 22:39:02 2017 TAP-Windows Driver Version 9.21 
Sat Jun 24 22:39:02 2017 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.8.0.10/255.255.255.252 on interface {EB17C3A9-FFF9-492B-B1E8-7E647662EFD9} [DHCP-serv: 10.8.0.9, lease-time: 31536000]
Sat Jun 24 22:39:02 2017 Successful ARP Flush on interface [18] {EB17C3A9-FFF9-492B-B1E8-7E647662EFD9}
Sat Jun 24 22:39:02 2017 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Sat Jun 24 22:39:02 2017 MANAGEMENT: >STATE:1498324142,ASSIGN_IP,,10.8.0.10,,,,
Sat Jun 24 22:39:07 2017 TEST ROUTES: 3/3 succeeded len=2 ret=1 a=0 u/d=up
Sat Jun 24 22:39:07 2017 C:\WINDOWS\system32\route.exe ADD xxxxxxxxxxxxxx MASK 255.255.255.255 172.20.10.1
Sat Jun 24 22:39:07 2017 Route addition via service succeeded
Sat Jun 24 22:39:07 2017 C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.8.0.9
Sat Jun 24 22:39:07 2017 Route addition via service succeeded
Sat Jun 24 22:39:07 2017 C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.8.0.9
Sat Jun 24 22:39:07 2017 Route addition via service succeeded
Sat Jun 24 22:39:07 2017 MANAGEMENT: >STATE:1498324147,ADD_ROUTES,,,,,,
Sat Jun 24 22:39:07 2017 C:\WINDOWS\system32\route.exe ADD 192.168.1.0 MASK 255.255.255.0 10.8.0.9
Sat Jun 24 22:39:07 2017 Route addition via service succeeded
Sat Jun 24 22:39:07 2017 C:\WINDOWS\system32\route.exe ADD 10.8.0.0 MASK 255.255.255.0 10.8.0.9
Sat Jun 24 22:39:07 2017 Route addition via service succeeded
Sat Jun 24 22:39:07 2017 Initialization Sequence Completed
Sat Jun 24 22:39:07 2017 MANAGEMENT: >STATE:1498324147,CONNECTED,SUCCESS,10.8.0.10,xxxxxxxxxxxxxxx,1194,172.20.10.3,56978

 

[punchsuckr]

Changing my lan subnet was trivial and I did it. Eabled ip routing on the windows pc, added static route on my router from the open vpn subnet to the openvpn server PC, pushed route 10.93.69.0 (new lan subnet) in the server config, but still no luck. Could only ping the server pc only. Nothing else.
I am on the verge of calling it quits, having read all of the openvpn how to and other forum posts . If someone can still help me then I would be grateful.

 

[punchsuckr]

Dual booted to ubuntu and works like a charm as well as on a rpi3...

Peace!