Met een hoop gepuzzel heb ik eindelijk OpenVPN weten te installeren op mijn Windows 10 servertje
Heb hierbij voornamelijk gebruik gemaakt van het volgende artikel
OPenVPN howto
Inmiddels draait alles en kan ik via de OpenVPN client ook verbinding maken met de VPN server.
Via ipconfig zie ik dat ik keurig een ipadres krijg van de VPN server
Ik kan echter niet op het LAN komen waarop de OpenVPN server draait.
En dit is nou net wel de bedoeling
Ik heb hiervoor al de push route optie in de server.ovpn file aangezet
Echter zonder succes
Ook de register sleutel IPEnableRouter is toegevoegd. (Daarna opnieuw opgestart)
kortom wat gaat er mis, hieronder de logs en de ipconfig.
Heb wel wat zaken geblurred voor de veiligheid
Heb hierbij voornamelijk gebruik gemaakt van het volgende artikel
OPenVPN howto
Inmiddels draait alles en kan ik via de OpenVPN client ook verbinding maken met de VPN server.
Via ipconfig zie ik dat ik keurig een ipadres krijg van de VPN server
Ik kan echter niet op het LAN komen waarop de OpenVPN server draait.
En dit is nou net wel de bedoeling
Ik heb hiervoor al de push route optie in de server.ovpn file aangezet
Echter zonder succes
Ook de register sleutel IPEnableRouter is toegevoegd. (Daarna opnieuw opgestart)
kortom wat gaat er mis, hieronder de logs en de ipconfig.
Heb wel wat zaken geblurred voor de veiligheid
code:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
| AGENT LOG IPHelper: delete route 10.8.0.0/24 13 10.8.0.5 metric=-1 IPHelper: delete route 192.168.3.0/24 13 10.8.0.5 metric=-1 IPHelper: delete route 10.8.0.1/32 13 10.8.0.5 metric=-1 netsh interface ip delete route xxx.xxx.xxx.xxx/32 7 192.168.199.37 store=active Element not found. netsh interface ip delete route 0.0.0.0/1 13 10.8.0.5 store=active Ok. netsh interface ip delete route 128.0.0.0/1 13 10.8.0.5 store=active Ok. ipconfig /flushdns Windows IP Configuration Successfully flushed the DNS Resolver Cache. Tue Mar 14 15:28:04 2023 connection from C:\Program Files\OpenVPN Connect\OpenVPNConnect.exe Tue Mar 14 15:28:04 2023 HTTP request received from NAMED_PIPE HTTP Request method=POST uri=/add-bypass-route version=1/1 [0] Host=\\.\pipe\agent_ovpnconnect [1] Content-Type=application/json [2] Content-Length=49 [3] Accept=*/* Tue Mar 14 15:28:04 2023 GetBestGateway: selected gateway 192.168.199.37 on adapter 7 for destination xxx.xxx.xxx.xxx Tue Mar 14 15:28:04 2023 netsh interface ip add route xxx.xxx.xxx.xxx/32 7 192.168.199.37 store=active Ok. Tue Mar 14 15:28:04 2023 connection from C:\Program Files\OpenVPN Connect\OpenVPNConnect.exe Tue Mar 14 15:28:04 2023 HTTP request received from NAMED_PIPE HTTP Request method=POST uri=/tun-setup version=1/1 [0] Host=\\.\pipe\agent_ovpnconnect [1] Content-Type=application/json [2] Content-Length=1186 [3] Accept=*/* Tue Mar 14 15:28:04 2023 GetBestGateway: selected gateway 192.168.199.37 on adapter 7 for destination 141.224.227.138 Tue Mar 14 15:28:04 2023 proxy_auto_config_url Tue Mar 14 15:28:05 2023 TUN SETUP TAP ADAPTERS: guid='{894F67E6-C520-4423-8B3A-7E799A5276D5}' index=13 name='Local Area Connection' Open TAP device "Local Area Connection" PATH="\\.\Global\{894F67E6-C520-4423-8B3A-7E799A5276D5}.tap" SUCCEEDED TAP-Windows Driver Version 9.24 ActionDeleteAllRoutesOnInterface iface_index=13 netsh interface ip set interface 13 metric=1 Ok. netsh interface ip set address 13 static 10.8.0.6 255.255.255.252 gateway=10.8.0.5 store=active IPHelper: add route 10.8.0.0/24 13 10.8.0.5 metric=-1 IPHelper: add route 192.168.3.0/24 13 10.8.0.5 metric=-1 IPHelper: add route 10.8.0.1/32 13 10.8.0.5 metric=-1 netsh interface ip add route xxx.xxx.xxx.xxx/32 7 192.168.199.37 store=active The object already exists. netsh interface ip add route 0.0.0.0/1 13 10.8.0.5 store=active Ok. netsh interface ip add route 128.0.0.0/1 13 10.8.0.5 store=active Ok. ipconfig /flushdns Windows IP Configuration Successfully flushed the DNS Resolver Cache. TAP: ARP flush succeeded Tue Mar 14 15:28:05 2023 TUN CONFIRM |
code:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
| SERVER LOG 2023-03-14 15:26:53 WARNING: --topology net30 support for server configs with IPv4 pools will be removed in a future release. Please migrate to --topology subnet as soon as possible. 2023-03-14 15:26:53 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). OpenVPN ignores --cipher for cipher negotiations. 2023-03-14 15:26:53 NOTE: --remote is not defined, disabling data channel offload. 2023-03-14 15:26:53 OpenVPN 2.6.1 [git:v2.6.1/2c2a98a0e559928c] Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] [DCO] built on Mar 8 2023 2023-03-14 15:26:53 Windows version 10.0 (Windows 10 or greater), amd64 executable 2023-03-14 15:26:53 library versions: OpenSSL 3.0.8 7 Feb 2023, LZO 2.10 2023-03-14 15:26:53 Diffie-Hellman initialized with 2048 bit key 2023-03-14 15:26:53 interactive service msg_channel=0 2023-03-14 15:26:53 open_tun 2023-03-14 15:26:53 tap-windows6 device [OpenVPN TAP-Windows6] opened 2023-03-14 15:26:53 TAP-Windows Driver Version 9.24 2023-03-14 15:26:53 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.8.0.1/255.255.255.252 on interface {1A056EA0-C29B-4AD2-A871-5BAAAA489AC4} [DHCP-serv: 10.8.0.2, lease-time: 31536000] 2023-03-14 15:26:53 Sleeping for 10 seconds... 2023-03-14 15:27:03 Successful ARP Flush on interface [6] {1A056EA0-C29B-4AD2-A871-5BAAAA489AC4} 2023-03-14 15:27:03 IPv4 MTU set to 1500 on interface 6 using SetIpInterfaceEntry() 2023-03-14 15:27:03 C:\WINDOWS\system32\route.exe ADD 10.8.0.0 MASK 255.255.255.0 10.8.0.2 2023-03-14 15:27:03 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=25 and dwForwardType=4 2023-03-14 15:27:03 Route addition via ipapi [adaptive] succeeded 2023-03-14 15:27:03 Could not determine IPv4/IPv6 protocol. Using AF_INET6 2023-03-14 15:27:03 Socket Buffers: R=[65536->65536] S=[65536->65536] 2023-03-14 15:27:03 setsockopt(IPV6_V6ONLY=0) 2023-03-14 15:27:03 UDPv6 link local (bound): [AF_INET6][undef]:1194 2023-03-14 15:27:03 UDPv6 link remote: [AF_UNSPEC] 2023-03-14 15:27:03 MULTI: multi_init called, r=256 v=256 2023-03-14 15:27:03 IFCONFIG POOL IPv4: base=10.8.0.4 size=62 2023-03-14 15:27:03 ifconfig_pool_read(), in='MyName,10.8.0.4,' 2023-03-14 15:27:03 succeeded -> ifconfig_pool_set(hand=0) 2023-03-14 15:27:03 IFCONFIG POOL LIST 2023-03-14 15:27:03 MyName,10.8.0.4, 2023-03-14 15:27:03 Initialization Sequence Completed 2023-03-14 15:28:01 84.241.202.195:28025 VERIFY OK: depth=1, CN=MyName 2023-03-14 15:28:01 84.241.202.195:28025 VERIFY OK: depth=0, CN=MyName 2023-03-14 15:28:01 84.241.202.195:28025 peer info: IV_VER=3.git::d3f8b18b 2023-03-14 15:28:01 84.241.202.195:28025 peer info: IV_PLAT=win 2023-03-14 15:28:01 84.241.202.195:28025 peer info: IV_NCP=2 2023-03-14 15:28:01 84.241.202.195:28025 peer info: IV_TCPNL=1 2023-03-14 15:28:01 84.241.202.195:28025 peer info: IV_PROTO=30 2023-03-14 15:28:01 84.241.202.195:28025 peer info: IV_CIPHERS=AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:AES-256-CBC 2023-03-14 15:28:01 84.241.202.195:28025 peer info: IV_AUTO_SESS=1 2023-03-14 15:28:01 84.241.202.195:28025 peer info: IV_GUI_VER=OCWindows_3.3.7-2979 2023-03-14 15:28:01 84.241.202.195:28025 peer info: IV_SSO=webauth,openurl,crtext 2023-03-14 15:28:01 84.241.202.195:28025 TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1 2023-03-14 15:28:01 84.241.202.195:28025 TLS: tls_multi_process: initial untrusted session promoted to trusted 2023-03-14 15:28:01 84.241.202.195:28025 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256 2023-03-14 15:28:01 84.241.202.195:28025 [MyName] Peer Connection Initiated with [AF_INET6]::ffff:84.241.202.195:28025 2023-03-14 15:28:01 MyName/84.241.202.195:28025 MULTI_sva: pool returned IPv4=10.8.0.6, IPv6=(Not enabled) 2023-03-14 15:28:01 MyName/84.241.202.195:28025 MULTI: Learn: 10.8.0.6 -> MyName/84.241.202.195:28025 2023-03-14 15:28:01 MyName/84.241.202.195:28025 MULTI: primary virtual IP for MyName/84.241.202.195:28025: 10.8.0.6 2023-03-14 15:28:01 MyName/84.241.202.195:28025 SENT CONTROL [MyName]: 'PUSH_REPLY,route 10.8.0.0 255.255.255.0,route 192.168.3.0 255.255.255.0,redirect-gateway def1,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5,peer-id 0,cipher AES-256-GCM,key-derivation tls-ekm' (status=1) 2023-03-14 15:28:01 MyName/84.241.202.195:28025 PUSH: Received control message: 'PUSH_REQUEST' 2023-03-14 15:28:02 MyName/84.241.202.195:28025 Data Channel: cipher 'AES-256-GCM', peer-id: 0 2023-03-14 15:28:02 MyName/84.241.202.195:28025 Timers: ping 10, ping-restart 240 2023-03-14 15:28:02 MyName/84.241.202.195:28025 Protocol options: explicit-exit-notify 1, protocol-flags tls-ekm |
code:
1
2
3
4
5
6
7
8
9
10
11
| STATUS LOG OpenVPN CLIENT LIST Updated,2023-03-14 15:37:04 Common Name,Real Address,Bytes Received,Bytes Sent,Connected Since myName,84.241.202.195:28025,377859,7785,2023-03-14 15:28:01 ROUTING TABLE Virtual Address,Common Name,Real Address,Last Ref 10.8.0.6,MyName,84.241.202.195:28025,2023-03-14 15:35:31 GLOBAL STATS Max bcast/mcast queue length,0 END |