Windows 10 strange OpenVPN behavior127.0.0.1 corruptedInternet access via OpenVPNHow Can I enable rdp access to a laptop after it connects to VPN?Juniper Netscreen Remote - What is the interface / route config?Allowing SSH on a server with an active OpenVPN clientOpenVPN client on a windows 7, packets not routedCan't establish connection between openvpn client and serverSeparate corporate network traffic and internet traffic using two network interfacePPTP VPN connects but does not have access to network resourcesRouting trafffic from vpn tunnel source to other interface

Is it possible to fly backward if you have REALLY STRONG headwind?

Does Disney no longer produce hand-drawn cartoon films?

What aircraft was used as Air Force One for the flight between Southampton and Shannon?

Thread Pool C++ Implementation

Why 1,2 printed by a command in $() is not interpolated?

Russian word for a male zebra

Let M and N be single-digit integers. If the product 2M5 x 13N is divisible by 36, how many ordered pairs (M,N) are possible?

Has there been a multiethnic Star Trek character?

I have a problematic assistant manager, but I can't fire him

Warning about needing "authorization" when booking ticket

Why can my keyboard only digest 6 keypresses at a time?

Longest bridge/tunnel that can be cycled over/through?

Who enforces MPAA rating adherence?

If atoms are mostly vacuum, why are things so rigid around us?

Fixing obscure 8080 emulator bug?

How can I get an unreasonable manager to approve time off?

Second (easy access) account in case my bank screws up

Cascading Switches. Will it affect performance?

If I leave the US through an airport, do I have to return through the same airport?

How to decline a wedding invitation from a friend I haven't seen in years?

Active low-pass filters --- good to what frequencies?

Check if three arrays contains the same element

Which languages would be most useful in Europe at the end of the 19th century?

LuaLaTex - how to use number, computed later in the document



Windows 10 strange OpenVPN behavior


127.0.0.1 corruptedInternet access via OpenVPNHow Can I enable rdp access to a laptop after it connects to VPN?Juniper Netscreen Remote - What is the interface / route config?Allowing SSH on a server with an active OpenVPN clientOpenVPN client on a windows 7, packets not routedCan't establish connection between openvpn client and serverSeparate corporate network traffic and internet traffic using two network interfacePPTP VPN connects but does not have access to network resourcesRouting trafffic from vpn tunnel source to other interface






.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;








3















I have an OpenVPN server running (93.xxx.xxx.xxx is the public IP) to which different android and windows clients can connect and have access to the internet, but
an OpenVPN client on my Windows 10 PC behaves strangely:



  1. It successfully connects and authenticates.

Sun Nov 08 10:50:38 2015 NOTE: --user option is not implemented on Windows
Sun Nov 08 10:50:38 2015 NOTE: --group option is not implemented on Windows
Sun Nov 08 10:50:38 2015 OpenVPN 2.3.8 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Aug 4 2015
Sun Nov 08 10:50:38 2015 library versions: OpenSSL 1.0.1p 9 Jul 2015, LZO 2.08
Sun Nov 08 10:50:38 2015 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25342
Sun Nov 08 10:50:38 2015 Need hold release from management interface, waiting...
Sun Nov 08 10:50:39 2015 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25342
Sun Nov 08 10:50:39 2015 MANAGEMENT: CMD 'state on'
Sun Nov 08 10:50:39 2015 MANAGEMENT: CMD 'log all on'
Sun Nov 08 10:50:39 2015 MANAGEMENT: CMD 'hold off'
Sun Nov 08 10:50:39 2015 MANAGEMENT: CMD 'hold release'
Sun Nov 08 10:50:43 2015 MANAGEMENT: CMD 'username "Auth" "qwerty"'
Sun Nov 08 10:50:43 2015 MANAGEMENT: CMD 'password [...]'
Sun Nov 08 10:50:43 2015 Socket Buffers: R=[65536->65536] S=[65536->65536]
Sun Nov 08 10:50:43 2015 UDPv4 link local: [undef]
Sun Nov 08 10:50:43 2015 UDPv4 link remote: [AF_INET]93.xxx.xxx.xxx:50005
Sun Nov 08 10:50:43 2015 MANAGEMENT: >STATE:1446979843,WAIT,,,
Sun Nov 08 10:50:43 2015 MANAGEMENT: >STATE:1446979843,AUTH,,,
Sun Nov 08 10:50:43 2015 TLS: Initial packet from [AF_INET]93.xxx.xxx.xxx:50005, sid=48bd669d fdf76b86
Sun Nov 08 10:50:43 2015 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sun Nov 08 10:50:43 2015 VERIFY OK: depth=1, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=Fort-Funston CA, name=server, emailAddress=me@myhost.mydomain
Sun Nov 08 10:50:43 2015 Validating certificate key usage
Sun Nov 08 10:50:43 2015 ++ Certificate has key usage 00a0, expects 00a0
Sun Nov 08 10:50:43 2015 VERIFY KU OK
Sun Nov 08 10:50:43 2015 Validating certificate extended key usage
Sun Nov 08 10:50:43 2015 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Sun Nov 08 10:50:43 2015 VERIFY EKU OK
Sun Nov 08 10:50:43 2015 VERIFY OK: depth=0, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=server, name=server, emailAddress=me@myhost.mydomain
Sun Nov 08 10:50:43 2015 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Sun Nov 08 10:50:43 2015 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Nov 08 10:50:43 2015 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Sun Nov 08 10:50:43 2015 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Nov 08 10:50:43 2015 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Sun Nov 08 10:50:43 2015 [server] Peer Connection Initiated with [AF_INET]93.xxx.xxx.xxx:50005
Sun Nov 08 10:50:44 2015 MANAGEMENT: >STATE:1446979844,GET_CONFIG,,,
Sun Nov 08 10:50:45 2015 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Sun Nov 08 10:50:45 2015 PUSH: Received control message: 'PUSH_REPLY,route 172.16.101.0 255.0.0.0,redirect-gateway def1 bypass-dhcp,route 172.16.101.0 255.255.255.0,topology net30,ping 3,ping-restart 10,ifconfig 172.16.101.6 172.16.101.5'
Sun Nov 08 10:50:45 2015 OPTIONS IMPORT: timers and/or timeouts modified
Sun Nov 08 10:50:45 2015 OPTIONS IMPORT: --ifconfig/up options modified
Sun Nov 08 10:50:45 2015 OPTIONS IMPORT: route options modified
Sun Nov 08 10:50:45 2015 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Sun Nov 08 10:50:45 2015 MANAGEMENT: >STATE:1446979845,ASSIGN_IP,,172.16.101.6,
Sun Nov 08 10:50:45 2015 open_tun, tt->ipv6=0
Sun Nov 08 10:50:45 2015 TAP-WIN32 device [Ethernet 6] opened: \.GlobalB3106E59-6B92-4B4D-8A96-B9476295FF36.tap
Sun Nov 08 10:50:45 2015 TAP-Windows Driver Version 9.9 
Sun Nov 08 10:50:45 2015 Notified TAP-Windows driver to set a DHCP IP/netmask of 172.16.101.6/255.255.255.252 on interface B3106E59-6B92-4B4D-8A96-B9476295FF36 [DHCP-serv: 172.16.101.5, lease-time: 31536000]
Sun Nov 08 10:50:45 2015 Successful ARP Flush on interface [79] B3106E59-6B92-4B4D-8A96-B9476295FF36
Sun Nov 08 10:50:50 2015 TEST ROUTES: 3/3 succeeded len=2 ret=1 a=0 u/d=up
Sun Nov 08 10:50:50 2015 C:WINDOWSsystem32route.exe ADD 93.xxx.xxx.xxx MASK 255.255.255.255 192.168.10.1
Sun Nov 08 10:50:50 2015 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
Sun Nov 08 10:50:50 2015 Route addition via IPAPI succeeded [adaptive]
Sun Nov 08 10:50:50 2015 C:WINDOWSsystem32route.exe ADD 192.168.10.1 MASK 255.255.255.255 192.168.10.1 IF 24
Sun Nov 08 10:50:50 2015 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
Sun Nov 08 10:50:50 2015 Route addition via IPAPI succeeded [adaptive]
Sun Nov 08 10:50:50 2015 C:WINDOWSsystem32route.exe ADD 0.0.0.0 MASK 128.0.0.0 172.16.101.5
Sun Nov 08 10:50:50 2015 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Sun Nov 08 10:50:50 2015 Route addition via IPAPI succeeded [adaptive]
Sun Nov 08 10:50:50 2015 C:WINDOWSsystem32route.exe ADD 128.0.0.0 MASK 128.0.0.0 172.16.101.5
Sun Nov 08 10:50:50 2015 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Sun Nov 08 10:50:50 2015 Route addition via IPAPI succeeded [adaptive]
Sun Nov 08 10:50:50 2015 MANAGEMENT: >STATE:1446979850,ADD_ROUTES,,,
Sun Nov 08 10:50:50 2015 C:WINDOWSsystem32route.exe ADD 172.16.101.0 MASK 255.0.0.0 172.16.101.5
Sun Nov 08 10:50:50 2015 Warning: address 172.16.101.0 is not a network address in relation to netmask 255.0.0.0
Sun Nov 08 10:50:50 2015 ROUTE: route addition failed using CreateIpForwardEntry: The parameter is incorrect. [status=87 if_index=79]
Sun Nov 08 10:50:50 2015 Route addition via IPAPI failed [adaptive]
Sun Nov 08 10:50:50 2015 Route addition fallback to route.exe
Sun Nov 08 10:50:50 2015 env_block: add PATH=C:WindowsSystem32;C:WINDOWS;C:WINDOWSSystem32Wbem
Sun Nov 08 10:50:50 2015 C:WINDOWSsystem32route.exe ADD 172.16.101.0 MASK 255.255.255.0 172.16.101.5
Sun Nov 08 10:50:50 2015 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Sun Nov 08 10:50:50 2015 Route addition via IPAPI succeeded [adaptive]
Sun Nov 08 10:50:50 2015 Initialization Sequence Completed
Sun Nov 08 10:50:50 2015 MANAGEMENT: >STATE:1446979850,CONNECTED,SUCCESS,172.16.101.6,93.xxx.xxx.xxx


  1. It is able to ping google,8.8.8.8 etc, but can not browse the web (pages are loading for the first 3-5 sec. and then just stop.) This is mostly Chrome and Firefox. Edge seems to be working better, but still behaves strangely (slow page load, refresh required for page to load fully) [
    screenshot of a page loading infinitely]

SSH also does not seem to work, same thing with FTP:



Status: Connection established, waiting for welcome message...
Status: Insecure server, it does not support FTP over TLS.
Status: Connected
Status: Retrieving directory listing...
*Nothing happens*


Things like online games (UDP?) work fine.



Please also note that:



  • Different other clients can connect to the server and have no problems (windows ones as well)(and ones logged in under the same credentials).

  • There are no firewalls between client and server.

  • When the client tries to connect to similar servers the same problem occurs (even the ones that were working perfectly before).

  • Even with the VPN connected ping shows 0% packet loss.

  • The actual internet connection is ok and the client is able to connect to non-openvpn VPNs without any problems.

All the server's iptables (there is only one)



root@93.xxx.xxx.xxx:~# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination

Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- 172.16.101.0/24 anywhere


root@93.xxx.xxx.xxx:~# cat /proc/sys/net/ipv4/ip_forward
1


Client routes (connected to vpn):



>cmd /k route print
===========================================================================
Interface List
 24...10 c3 7b 96 51 7c ......Realtek PCIe GBE Family Controller
 79...00 ff b3 10 6e 59 ......TAP-Windows Adapter V9 #2
 1...........................Software Loopback Interface 1
 47...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 45...00 00 00 00 00 00 00 e0 Microsoft Teredo Tunneling Adapter
 52...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
 0.0.0.0 0.0.0.0 192.168.10.1 192.168.10.116 20
 0.0.0.0 128.0.0.0 172.16.101.9 172.16.101.10 30
 93.xxx.xxx.xxx 255.255.255.255 192.168.10.1 192.168.10.116 20
 127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
 127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
 127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
 128.0.0.0 128.0.0.0 172.16.101.9 172.16.101.10 30
 172.16.101.0 255.255.255.0 172.16.101.9 172.16.101.10 30
 172.16.101.8 255.255.255.252 On-link 172.16.101.10 286
 172.16.101.10 255.255.255.255 On-link 172.16.101.10 286
 172.16.101.11 255.255.255.255 On-link 172.16.101.10 286
 192.168.10.0 255.255.255.0 On-link 192.168.10.116 276
 192.168.10.1 255.255.255.255 192.168.10.1 192.168.10.116 20
 192.168.10.116 255.255.255.255 On-link 192.168.10.116 276
 192.168.10.255 255.255.255.255 On-link 192.168.10.116 276
 224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
 224.0.0.0 240.0.0.0 On-link 192.168.10.116 276
 224.0.0.0 240.0.0.0 On-link 172.16.101.10 286
 255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
 255.255.255.255 255.255.255.255 On-link 192.168.10.116 276
 255.255.255.255 255.255.255.255 On-link 172.16.101.10 286
===========================================================================
Persistent Routes:
 None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination Gateway
 1 306 ::1/128 On-link
 24 276 fe80::/64 On-link
 79 286 fe80::/64 On-link
 24 276 fe80::5990:eaa3:40fd:4a6d/128
 On-link
 79 286 fe80::8dce:5ebc:c720:2d68/128
 On-link
 1 306 ff00::/8 On-link
 24 276 ff00::/8 On-link
 79 286 ff00::/8 On-link
===========================================================================
Persistent Routes:
 None



Client routes (disconnected from vpn):



>cmd /k route print
===========================================================================
Interface List
 24...10 c3 7b 96 51 7c ......Realtek PCIe GBE Family Controller
 79...00 ff b3 10 6e 59 ......TAP-Windows Adapter V9 #2
 1...........................Software Loopback Interface 1
 45...00 00 00 00 00 00 00 e0 Microsoft Teredo Tunneling Adapter
 52...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
 0.0.0.0 0.0.0.0 192.168.10.1 192.168.10.116 20
 127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
 127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
 127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
 192.168.10.0 255.255.255.0 On-link 192.168.10.116 276
 192.168.10.116 255.255.255.255 On-link 192.168.10.116 276
 192.168.10.255 255.255.255.255 On-link 192.168.10.116 276
 224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
 224.0.0.0 240.0.0.0 On-link 192.168.10.116 276
 255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
 255.255.255.255 255.255.255.255 On-link 192.168.10.116 276
===========================================================================
Persistent Routes:
 None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination Gateway
 45 306 ::/0 On-link
 1 306 ::1/128 On-link
 45 306 2001::/32 On-link
 45 306 2001:0:9d38:6abd:107a:364f:9711:5573/128
 On-link
 24 276 fe80::/64 On-link
 45 306 fe80::/64 On-link
 45 306 fe80::107a:364f:9711:5573/128
 On-link
 24 276 fe80::5990:eaa3:40fd:4a6d/128
 On-link
 1 306 ff00::/8 On-link
 24 276 ff00::/8 On-link
 45 306 ff00::/8 On-link
===========================================================================
Persistent Routes:
 None



Client config:



client
dev tun
proto udp
remote 93.xxx.xxx.xxx 50005
resolv-retry infinite
user nobody
group nobody
resolv-retry infinite
nobind
persist-key
persist-tun
verb 3
auth-user-pass
cipher AES-128-CBC
auth SHA1
remote-cert-tls server
comp-lzo
<ca>
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
</ca>


Server config:


port 50005
proto udp
dev tun
server 172.16.101.0 255.255.255.0
duplicate-cn
client-to-client
cipher AES-128-CBC
auth SHA1
comp-lzo
username-as-common-name
client-cert-not-required
auth-user-pass-verify /etc/openvpn/script/login.sh via-env
comp-lzo
user nobody
;group nogroup
username-as-common-name
client-cert-not-required
auth-user-pass-verify /etc/openvpn/script/login.sh via-env
keepalive 3 10
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
push "route 172.16.101.0 255.0.0.0"
push "redirect-gateway def1 bypass-dhcp"
script-security 3 system
client-connect /etc/openvpn/script/connect.sh
client-disconnect /etc/openvpn/script/disconnect.sh
persist-key
persist-tun
status openvpn-status.log
verb 5
management localhost 7555
<ca>
...
</ca>
<cert>
...
</cert>
<key>
...
</key>
<dh>
...
</dh>


Any advise would be highly appreciated. Thank you.






windows ubuntu iptables vpn openvpn







share|improve this question




























    3















    I have an OpenVPN server running (93.xxx.xxx.xxx is the public IP) to which different android and windows clients can connect and have access to the internet, but
    an OpenVPN client on my Windows 10 PC behaves strangely:



    1. It successfully connects and authenticates.

    Sun Nov 08 10:50:38 2015 NOTE: --user option is not implemented on Windows
    Sun Nov 08 10:50:38 2015 NOTE: --group option is not implemented on Windows
    Sun Nov 08 10:50:38 2015 OpenVPN 2.3.8 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Aug 4 2015
    Sun Nov 08 10:50:38 2015 library versions: OpenSSL 1.0.1p 9 Jul 2015, LZO 2.08
    Sun Nov 08 10:50:38 2015 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25342
    Sun Nov 08 10:50:38 2015 Need hold release from management interface, waiting...
    Sun Nov 08 10:50:39 2015 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25342
    Sun Nov 08 10:50:39 2015 MANAGEMENT: CMD 'state on'
    Sun Nov 08 10:50:39 2015 MANAGEMENT: CMD 'log all on'
    Sun Nov 08 10:50:39 2015 MANAGEMENT: CMD 'hold off'
    Sun Nov 08 10:50:39 2015 MANAGEMENT: CMD 'hold release'
    Sun Nov 08 10:50:43 2015 MANAGEMENT: CMD 'username "Auth" "qwerty"'
    Sun Nov 08 10:50:43 2015 MANAGEMENT: CMD 'password [...]'
    Sun Nov 08 10:50:43 2015 Socket Buffers: R=[65536->65536] S=[65536->65536]
    Sun Nov 08 10:50:43 2015 UDPv4 link local: [undef]
    Sun Nov 08 10:50:43 2015 UDPv4 link remote: [AF_INET]93.xxx.xxx.xxx:50005
    Sun Nov 08 10:50:43 2015 MANAGEMENT: >STATE:1446979843,WAIT,,,
    Sun Nov 08 10:50:43 2015 MANAGEMENT: >STATE:1446979843,AUTH,,,
    Sun Nov 08 10:50:43 2015 TLS: Initial packet from [AF_INET]93.xxx.xxx.xxx:50005, sid=48bd669d fdf76b86
    Sun Nov 08 10:50:43 2015 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
    Sun Nov 08 10:50:43 2015 VERIFY OK: depth=1, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=Fort-Funston CA, name=server, emailAddress=me@myhost.mydomain
    Sun Nov 08 10:50:43 2015 Validating certificate key usage
    Sun Nov 08 10:50:43 2015 ++ Certificate has key usage 00a0, expects 00a0
    Sun Nov 08 10:50:43 2015 VERIFY KU OK
    Sun Nov 08 10:50:43 2015 Validating certificate extended key usage
    Sun Nov 08 10:50:43 2015 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
    Sun Nov 08 10:50:43 2015 VERIFY EKU OK
    Sun Nov 08 10:50:43 2015 VERIFY OK: depth=0, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=server, name=server, emailAddress=me@myhost.mydomain
    Sun Nov 08 10:50:43 2015 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
    Sun Nov 08 10:50:43 2015 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    Sun Nov 08 10:50:43 2015 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
    Sun Nov 08 10:50:43 2015 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    Sun Nov 08 10:50:43 2015 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
    Sun Nov 08 10:50:43 2015 [server] Peer Connection Initiated with [AF_INET]93.xxx.xxx.xxx:50005
    Sun Nov 08 10:50:44 2015 MANAGEMENT: >STATE:1446979844,GET_CONFIG,,,
    Sun Nov 08 10:50:45 2015 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
    Sun Nov 08 10:50:45 2015 PUSH: Received control message: 'PUSH_REPLY,route 172.16.101.0 255.0.0.0,redirect-gateway def1 bypass-dhcp,route 172.16.101.0 255.255.255.0,topology net30,ping 3,ping-restart 10,ifconfig 172.16.101.6 172.16.101.5'
    Sun Nov 08 10:50:45 2015 OPTIONS IMPORT: timers and/or timeouts modified
    Sun Nov 08 10:50:45 2015 OPTIONS IMPORT: --ifconfig/up options modified
    Sun Nov 08 10:50:45 2015 OPTIONS IMPORT: route options modified
    Sun Nov 08 10:50:45 2015 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
    Sun Nov 08 10:50:45 2015 MANAGEMENT: >STATE:1446979845,ASSIGN_IP,,172.16.101.6,
    Sun Nov 08 10:50:45 2015 open_tun, tt->ipv6=0
    Sun Nov 08 10:50:45 2015 TAP-WIN32 device [Ethernet 6] opened: \.GlobalB3106E59-6B92-4B4D-8A96-B9476295FF36.tap
    Sun Nov 08 10:50:45 2015 TAP-Windows Driver Version 9.9 
    Sun Nov 08 10:50:45 2015 Notified TAP-Windows driver to set a DHCP IP/netmask of 172.16.101.6/255.255.255.252 on interface B3106E59-6B92-4B4D-8A96-B9476295FF36 [DHCP-serv: 172.16.101.5, lease-time: 31536000]
    Sun Nov 08 10:50:45 2015 Successful ARP Flush on interface [79] B3106E59-6B92-4B4D-8A96-B9476295FF36
    Sun Nov 08 10:50:50 2015 TEST ROUTES: 3/3 succeeded len=2 ret=1 a=0 u/d=up
    Sun Nov 08 10:50:50 2015 C:WINDOWSsystem32route.exe ADD 93.xxx.xxx.xxx MASK 255.255.255.255 192.168.10.1
    Sun Nov 08 10:50:50 2015 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
    Sun Nov 08 10:50:50 2015 Route addition via IPAPI succeeded [adaptive]
    Sun Nov 08 10:50:50 2015 C:WINDOWSsystem32route.exe ADD 192.168.10.1 MASK 255.255.255.255 192.168.10.1 IF 24
    Sun Nov 08 10:50:50 2015 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
    Sun Nov 08 10:50:50 2015 Route addition via IPAPI succeeded [adaptive]
    Sun Nov 08 10:50:50 2015 C:WINDOWSsystem32route.exe ADD 0.0.0.0 MASK 128.0.0.0 172.16.101.5
    Sun Nov 08 10:50:50 2015 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
    Sun Nov 08 10:50:50 2015 Route addition via IPAPI succeeded [adaptive]
    Sun Nov 08 10:50:50 2015 C:WINDOWSsystem32route.exe ADD 128.0.0.0 MASK 128.0.0.0 172.16.101.5
    Sun Nov 08 10:50:50 2015 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
    Sun Nov 08 10:50:50 2015 Route addition via IPAPI succeeded [adaptive]
    Sun Nov 08 10:50:50 2015 MANAGEMENT: >STATE:1446979850,ADD_ROUTES,,,
    Sun Nov 08 10:50:50 2015 C:WINDOWSsystem32route.exe ADD 172.16.101.0 MASK 255.0.0.0 172.16.101.5
    Sun Nov 08 10:50:50 2015 Warning: address 172.16.101.0 is not a network address in relation to netmask 255.0.0.0
    Sun Nov 08 10:50:50 2015 ROUTE: route addition failed using CreateIpForwardEntry: The parameter is incorrect. [status=87 if_index=79]
    Sun Nov 08 10:50:50 2015 Route addition via IPAPI failed [adaptive]
    Sun Nov 08 10:50:50 2015 Route addition fallback to route.exe
    Sun Nov 08 10:50:50 2015 env_block: add PATH=C:WindowsSystem32;C:WINDOWS;C:WINDOWSSystem32Wbem
    Sun Nov 08 10:50:50 2015 C:WINDOWSsystem32route.exe ADD 172.16.101.0 MASK 255.255.255.0 172.16.101.5
    Sun Nov 08 10:50:50 2015 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
    Sun Nov 08 10:50:50 2015 Route addition via IPAPI succeeded [adaptive]
    Sun Nov 08 10:50:50 2015 Initialization Sequence Completed
    Sun Nov 08 10:50:50 2015 MANAGEMENT: >STATE:1446979850,CONNECTED,SUCCESS,172.16.101.6,93.xxx.xxx.xxx


    1. It is able to ping google,8.8.8.8 etc, but can not browse the web (pages are loading for the first 3-5 sec. and then just stop.) This is mostly Chrome and Firefox. Edge seems to be working better, but still behaves strangely (slow page load, refresh required for page to load fully) [
      screenshot of a page loading infinitely]

    SSH also does not seem to work, same thing with FTP:



    Status: Connection established, waiting for welcome message...
    Status: Insecure server, it does not support FTP over TLS.
    Status: Connected
    Status: Retrieving directory listing...
    *Nothing happens*


    Things like online games (UDP?) work fine.



    Please also note that:



    • Different other clients can connect to the server and have no problems (windows ones as well)(and ones logged in under the same credentials).

    • There are no firewalls between client and server.

    • When the client tries to connect to similar servers the same problem occurs (even the ones that were working perfectly before).

    • Even with the VPN connected ping shows 0% packet loss.

    • The actual internet connection is ok and the client is able to connect to non-openvpn VPNs without any problems.

    All the server's iptables (there is only one)



    root@93.xxx.xxx.xxx:~# iptables -t nat -L
    Chain PREROUTING (policy ACCEPT)
    target prot opt source destination

    Chain INPUT (policy ACCEPT)
    target prot opt source destination

    Chain OUTPUT (policy ACCEPT)
    target prot opt source destination

    Chain POSTROUTING (policy ACCEPT)
    target prot opt source destination
    MASQUERADE all -- 172.16.101.0/24 anywhere


    root@93.xxx.xxx.xxx:~# cat /proc/sys/net/ipv4/ip_forward
    1


    Client routes (connected to vpn):



    >cmd /k route print
    ===========================================================================
    Interface List
     24...10 c3 7b 96 51 7c ......Realtek PCIe GBE Family Controller
     79...00 ff b3 10 6e 59 ......TAP-Windows Adapter V9 #2
     1...........................Software Loopback Interface 1
     47...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
     45...00 00 00 00 00 00 00 e0 Microsoft Teredo Tunneling Adapter
     52...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
    ===========================================================================

    IPv4 Route Table
    ===========================================================================
    Active Routes:
    Network Destination Netmask Gateway Interface Metric
     0.0.0.0 0.0.0.0 192.168.10.1 192.168.10.116 20
     0.0.0.0 128.0.0.0 172.16.101.9 172.16.101.10 30
     93.xxx.xxx.xxx 255.255.255.255 192.168.10.1 192.168.10.116 20
     127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
     127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
     127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
     128.0.0.0 128.0.0.0 172.16.101.9 172.16.101.10 30
     172.16.101.0 255.255.255.0 172.16.101.9 172.16.101.10 30
     172.16.101.8 255.255.255.252 On-link 172.16.101.10 286
     172.16.101.10 255.255.255.255 On-link 172.16.101.10 286
     172.16.101.11 255.255.255.255 On-link 172.16.101.10 286
     192.168.10.0 255.255.255.0 On-link 192.168.10.116 276
     192.168.10.1 255.255.255.255 192.168.10.1 192.168.10.116 20
     192.168.10.116 255.255.255.255 On-link 192.168.10.116 276
     192.168.10.255 255.255.255.255 On-link 192.168.10.116 276
     224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
     224.0.0.0 240.0.0.0 On-link 192.168.10.116 276
     224.0.0.0 240.0.0.0 On-link 172.16.101.10 286
     255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
     255.255.255.255 255.255.255.255 On-link 192.168.10.116 276
     255.255.255.255 255.255.255.255 On-link 172.16.101.10 286
    ===========================================================================
    Persistent Routes:
     None

    IPv6 Route Table
    ===========================================================================
    Active Routes:
     If Metric Network Destination Gateway
     1 306 ::1/128 On-link
     24 276 fe80::/64 On-link
     79 286 fe80::/64 On-link
     24 276 fe80::5990:eaa3:40fd:4a6d/128
     On-link
     79 286 fe80::8dce:5ebc:c720:2d68/128
     On-link
     1 306 ff00::/8 On-link
     24 276 ff00::/8 On-link
     79 286 ff00::/8 On-link
    ===========================================================================
    Persistent Routes:
     None



    Client routes (disconnected from vpn):



    >cmd /k route print
    ===========================================================================
    Interface List
     24...10 c3 7b 96 51 7c ......Realtek PCIe GBE Family Controller
     79...00 ff b3 10 6e 59 ......TAP-Windows Adapter V9 #2
     1...........................Software Loopback Interface 1
     45...00 00 00 00 00 00 00 e0 Microsoft Teredo Tunneling Adapter
     52...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
    ===========================================================================

    IPv4 Route Table
    ===========================================================================
    Active Routes:
    Network Destination Netmask Gateway Interface Metric
     0.0.0.0 0.0.0.0 192.168.10.1 192.168.10.116 20
     127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
     127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
     127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
     192.168.10.0 255.255.255.0 On-link 192.168.10.116 276
     192.168.10.116 255.255.255.255 On-link 192.168.10.116 276
     192.168.10.255 255.255.255.255 On-link 192.168.10.116 276
     224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
     224.0.0.0 240.0.0.0 On-link 192.168.10.116 276
     255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
     255.255.255.255 255.255.255.255 On-link 192.168.10.116 276
    ===========================================================================
    Persistent Routes:
     None

    IPv6 Route Table
    ===========================================================================
    Active Routes:
     If Metric Network Destination Gateway
     45 306 ::/0 On-link
     1 306 ::1/128 On-link
     45 306 2001::/32 On-link
     45 306 2001:0:9d38:6abd:107a:364f:9711:5573/128
     On-link
     24 276 fe80::/64 On-link
     45 306 fe80::/64 On-link
     45 306 fe80::107a:364f:9711:5573/128
     On-link
     24 276 fe80::5990:eaa3:40fd:4a6d/128
     On-link
     1 306 ff00::/8 On-link
     24 276 ff00::/8 On-link
     45 306 ff00::/8 On-link
    ===========================================================================
    Persistent Routes:
     None



    Client config:



    client
    dev tun
    proto udp
    remote 93.xxx.xxx.xxx 50005
    resolv-retry infinite
    user nobody
    group nobody
    resolv-retry infinite
    nobind
    persist-key
    persist-tun
    verb 3
    auth-user-pass
    cipher AES-128-CBC
    auth SHA1
    remote-cert-tls server
    comp-lzo
    <ca>
    -----BEGIN CERTIFICATE-----
    ...
    -----END CERTIFICATE-----
    </ca>


    Server config:


    port 50005
    proto udp
    dev tun
    server 172.16.101.0 255.255.255.0
    duplicate-cn
    client-to-client
    cipher AES-128-CBC
    auth SHA1
    comp-lzo
    username-as-common-name
    client-cert-not-required
    auth-user-pass-verify /etc/openvpn/script/login.sh via-env
    comp-lzo
    user nobody
    ;group nogroup
    username-as-common-name
    client-cert-not-required
    auth-user-pass-verify /etc/openvpn/script/login.sh via-env
    keepalive 3 10
    push "dhcp-option DNS 8.8.8.8"
    push "dhcp-option DNS 8.8.4.4"
    push "route 172.16.101.0 255.0.0.0"
    push "redirect-gateway def1 bypass-dhcp"
    script-security 3 system
    client-connect /etc/openvpn/script/connect.sh
    client-disconnect /etc/openvpn/script/disconnect.sh
    persist-key
    persist-tun
    status openvpn-status.log
    verb 5
    management localhost 7555
    <ca>
    ...
    </ca>
    <cert>
    ...
    </cert>
    <key>
    ...
    </key>
    <dh>
    ...
    </dh>


    Any advise would be highly appreciated. Thank you.






    windows ubuntu iptables vpn openvpn







    share|improve this question
























      3












      3








      3








      I have an OpenVPN server running (93.xxx.xxx.xxx is the public IP) to which different android and windows clients can connect and have access to the internet, but
      an OpenVPN client on my Windows 10 PC behaves strangely:



      1. It successfully connects and authenticates.

      Sun Nov 08 10:50:38 2015 NOTE: --user option is not implemented on Windows
      Sun Nov 08 10:50:38 2015 NOTE: --group option is not implemented on Windows
      Sun Nov 08 10:50:38 2015 OpenVPN 2.3.8 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Aug 4 2015
      Sun Nov 08 10:50:38 2015 library versions: OpenSSL 1.0.1p 9 Jul 2015, LZO 2.08
      Sun Nov 08 10:50:38 2015 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25342
      Sun Nov 08 10:50:38 2015 Need hold release from management interface, waiting...
      Sun Nov 08 10:50:39 2015 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25342
      Sun Nov 08 10:50:39 2015 MANAGEMENT: CMD 'state on'
      Sun Nov 08 10:50:39 2015 MANAGEMENT: CMD 'log all on'
      Sun Nov 08 10:50:39 2015 MANAGEMENT: CMD 'hold off'
      Sun Nov 08 10:50:39 2015 MANAGEMENT: CMD 'hold release'
      Sun Nov 08 10:50:43 2015 MANAGEMENT: CMD 'username "Auth" "qwerty"'
      Sun Nov 08 10:50:43 2015 MANAGEMENT: CMD 'password [...]'
      Sun Nov 08 10:50:43 2015 Socket Buffers: R=[65536->65536] S=[65536->65536]
      Sun Nov 08 10:50:43 2015 UDPv4 link local: [undef]
      Sun Nov 08 10:50:43 2015 UDPv4 link remote: [AF_INET]93.xxx.xxx.xxx:50005
      Sun Nov 08 10:50:43 2015 MANAGEMENT: >STATE:1446979843,WAIT,,,
      Sun Nov 08 10:50:43 2015 MANAGEMENT: >STATE:1446979843,AUTH,,,
      Sun Nov 08 10:50:43 2015 TLS: Initial packet from [AF_INET]93.xxx.xxx.xxx:50005, sid=48bd669d fdf76b86
      Sun Nov 08 10:50:43 2015 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
      Sun Nov 08 10:50:43 2015 VERIFY OK: depth=1, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=Fort-Funston CA, name=server, emailAddress=me@myhost.mydomain
      Sun Nov 08 10:50:43 2015 Validating certificate key usage
      Sun Nov 08 10:50:43 2015 ++ Certificate has key usage 00a0, expects 00a0
      Sun Nov 08 10:50:43 2015 VERIFY KU OK
      Sun Nov 08 10:50:43 2015 Validating certificate extended key usage
      Sun Nov 08 10:50:43 2015 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
      Sun Nov 08 10:50:43 2015 VERIFY EKU OK
      Sun Nov 08 10:50:43 2015 VERIFY OK: depth=0, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=server, name=server, emailAddress=me@myhost.mydomain
      Sun Nov 08 10:50:43 2015 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
      Sun Nov 08 10:50:43 2015 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
      Sun Nov 08 10:50:43 2015 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
      Sun Nov 08 10:50:43 2015 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
      Sun Nov 08 10:50:43 2015 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
      Sun Nov 08 10:50:43 2015 [server] Peer Connection Initiated with [AF_INET]93.xxx.xxx.xxx:50005
      Sun Nov 08 10:50:44 2015 MANAGEMENT: >STATE:1446979844,GET_CONFIG,,,
      Sun Nov 08 10:50:45 2015 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
      Sun Nov 08 10:50:45 2015 PUSH: Received control message: 'PUSH_REPLY,route 172.16.101.0 255.0.0.0,redirect-gateway def1 bypass-dhcp,route 172.16.101.0 255.255.255.0,topology net30,ping 3,ping-restart 10,ifconfig 172.16.101.6 172.16.101.5'
      Sun Nov 08 10:50:45 2015 OPTIONS IMPORT: timers and/or timeouts modified
      Sun Nov 08 10:50:45 2015 OPTIONS IMPORT: --ifconfig/up options modified
      Sun Nov 08 10:50:45 2015 OPTIONS IMPORT: route options modified
      Sun Nov 08 10:50:45 2015 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
      Sun Nov 08 10:50:45 2015 MANAGEMENT: >STATE:1446979845,ASSIGN_IP,,172.16.101.6,
      Sun Nov 08 10:50:45 2015 open_tun, tt->ipv6=0
      Sun Nov 08 10:50:45 2015 TAP-WIN32 device [Ethernet 6] opened: \.GlobalB3106E59-6B92-4B4D-8A96-B9476295FF36.tap
      Sun Nov 08 10:50:45 2015 TAP-Windows Driver Version 9.9 
      Sun Nov 08 10:50:45 2015 Notified TAP-Windows driver to set a DHCP IP/netmask of 172.16.101.6/255.255.255.252 on interface B3106E59-6B92-4B4D-8A96-B9476295FF36 [DHCP-serv: 172.16.101.5, lease-time: 31536000]
      Sun Nov 08 10:50:45 2015 Successful ARP Flush on interface [79] B3106E59-6B92-4B4D-8A96-B9476295FF36
      Sun Nov 08 10:50:50 2015 TEST ROUTES: 3/3 succeeded len=2 ret=1 a=0 u/d=up
      Sun Nov 08 10:50:50 2015 C:WINDOWSsystem32route.exe ADD 93.xxx.xxx.xxx MASK 255.255.255.255 192.168.10.1
      Sun Nov 08 10:50:50 2015 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
      Sun Nov 08 10:50:50 2015 Route addition via IPAPI succeeded [adaptive]
      Sun Nov 08 10:50:50 2015 C:WINDOWSsystem32route.exe ADD 192.168.10.1 MASK 255.255.255.255 192.168.10.1 IF 24
      Sun Nov 08 10:50:50 2015 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
      Sun Nov 08 10:50:50 2015 Route addition via IPAPI succeeded [adaptive]
      Sun Nov 08 10:50:50 2015 C:WINDOWSsystem32route.exe ADD 0.0.0.0 MASK 128.0.0.0 172.16.101.5
      Sun Nov 08 10:50:50 2015 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
      Sun Nov 08 10:50:50 2015 Route addition via IPAPI succeeded [adaptive]
      Sun Nov 08 10:50:50 2015 C:WINDOWSsystem32route.exe ADD 128.0.0.0 MASK 128.0.0.0 172.16.101.5
      Sun Nov 08 10:50:50 2015 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
      Sun Nov 08 10:50:50 2015 Route addition via IPAPI succeeded [adaptive]
      Sun Nov 08 10:50:50 2015 MANAGEMENT: >STATE:1446979850,ADD_ROUTES,,,
      Sun Nov 08 10:50:50 2015 C:WINDOWSsystem32route.exe ADD 172.16.101.0 MASK 255.0.0.0 172.16.101.5
      Sun Nov 08 10:50:50 2015 Warning: address 172.16.101.0 is not a network address in relation to netmask 255.0.0.0
      Sun Nov 08 10:50:50 2015 ROUTE: route addition failed using CreateIpForwardEntry: The parameter is incorrect. [status=87 if_index=79]
      Sun Nov 08 10:50:50 2015 Route addition via IPAPI failed [adaptive]
      Sun Nov 08 10:50:50 2015 Route addition fallback to route.exe
      Sun Nov 08 10:50:50 2015 env_block: add PATH=C:WindowsSystem32;C:WINDOWS;C:WINDOWSSystem32Wbem
      Sun Nov 08 10:50:50 2015 C:WINDOWSsystem32route.exe ADD 172.16.101.0 MASK 255.255.255.0 172.16.101.5
      Sun Nov 08 10:50:50 2015 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
      Sun Nov 08 10:50:50 2015 Route addition via IPAPI succeeded [adaptive]
      Sun Nov 08 10:50:50 2015 Initialization Sequence Completed
      Sun Nov 08 10:50:50 2015 MANAGEMENT: >STATE:1446979850,CONNECTED,SUCCESS,172.16.101.6,93.xxx.xxx.xxx


      1. It is able to ping google,8.8.8.8 etc, but can not browse the web (pages are loading for the first 3-5 sec. and then just stop.) This is mostly Chrome and Firefox. Edge seems to be working better, but still behaves strangely (slow page load, refresh required for page to load fully) [
        screenshot of a page loading infinitely]

      SSH also does not seem to work, same thing with FTP:



      Status: Connection established, waiting for welcome message...
      Status: Insecure server, it does not support FTP over TLS.
      Status: Connected
      Status: Retrieving directory listing...
      *Nothing happens*


      Things like online games (UDP?) work fine.



      Please also note that:



      • Different other clients can connect to the server and have no problems (windows ones as well)(and ones logged in under the same credentials).

      • There are no firewalls between client and server.

      • When the client tries to connect to similar servers the same problem occurs (even the ones that were working perfectly before).

      • Even with the VPN connected ping shows 0% packet loss.

      • The actual internet connection is ok and the client is able to connect to non-openvpn VPNs without any problems.

      All the server's iptables (there is only one)



      root@93.xxx.xxx.xxx:~# iptables -t nat -L
      Chain PREROUTING (policy ACCEPT)
      target prot opt source destination

      Chain INPUT (policy ACCEPT)
      target prot opt source destination

      Chain OUTPUT (policy ACCEPT)
      target prot opt source destination

      Chain POSTROUTING (policy ACCEPT)
      target prot opt source destination
      MASQUERADE all -- 172.16.101.0/24 anywhere


      root@93.xxx.xxx.xxx:~# cat /proc/sys/net/ipv4/ip_forward
      1


      Client routes (connected to vpn):



      >cmd /k route print
      ===========================================================================
      Interface List
       24...10 c3 7b 96 51 7c ......Realtek PCIe GBE Family Controller
       79...00 ff b3 10 6e 59 ......TAP-Windows Adapter V9 #2
       1...........................Software Loopback Interface 1
       47...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
       45...00 00 00 00 00 00 00 e0 Microsoft Teredo Tunneling Adapter
       52...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
      ===========================================================================

      IPv4 Route Table
      ===========================================================================
      Active Routes:
      Network Destination Netmask Gateway Interface Metric
       0.0.0.0 0.0.0.0 192.168.10.1 192.168.10.116 20
       0.0.0.0 128.0.0.0 172.16.101.9 172.16.101.10 30
       93.xxx.xxx.xxx 255.255.255.255 192.168.10.1 192.168.10.116 20
       127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
       127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
       127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
       128.0.0.0 128.0.0.0 172.16.101.9 172.16.101.10 30
       172.16.101.0 255.255.255.0 172.16.101.9 172.16.101.10 30
       172.16.101.8 255.255.255.252 On-link 172.16.101.10 286
       172.16.101.10 255.255.255.255 On-link 172.16.101.10 286
       172.16.101.11 255.255.255.255 On-link 172.16.101.10 286
       192.168.10.0 255.255.255.0 On-link 192.168.10.116 276
       192.168.10.1 255.255.255.255 192.168.10.1 192.168.10.116 20
       192.168.10.116 255.255.255.255 On-link 192.168.10.116 276
       192.168.10.255 255.255.255.255 On-link 192.168.10.116 276
       224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
       224.0.0.0 240.0.0.0 On-link 192.168.10.116 276
       224.0.0.0 240.0.0.0 On-link 172.16.101.10 286
       255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
       255.255.255.255 255.255.255.255 On-link 192.168.10.116 276
       255.255.255.255 255.255.255.255 On-link 172.16.101.10 286
      ===========================================================================
      Persistent Routes:
       None

      IPv6 Route Table
      ===========================================================================
      Active Routes:
       If Metric Network Destination Gateway
       1 306 ::1/128 On-link
       24 276 fe80::/64 On-link
       79 286 fe80::/64 On-link
       24 276 fe80::5990:eaa3:40fd:4a6d/128
       On-link
       79 286 fe80::8dce:5ebc:c720:2d68/128
       On-link
       1 306 ff00::/8 On-link
       24 276 ff00::/8 On-link
       79 286 ff00::/8 On-link
      ===========================================================================
      Persistent Routes:
       None



      Client routes (disconnected from vpn):



      >cmd /k route print
      ===========================================================================
      Interface List
       24...10 c3 7b 96 51 7c ......Realtek PCIe GBE Family Controller
       79...00 ff b3 10 6e 59 ......TAP-Windows Adapter V9 #2
       1...........................Software Loopback Interface 1
       45...00 00 00 00 00 00 00 e0 Microsoft Teredo Tunneling Adapter
       52...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
      ===========================================================================

      IPv4 Route Table
      ===========================================================================
      Active Routes:
      Network Destination Netmask Gateway Interface Metric
       0.0.0.0 0.0.0.0 192.168.10.1 192.168.10.116 20
       127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
       127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
       127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
       192.168.10.0 255.255.255.0 On-link 192.168.10.116 276
       192.168.10.116 255.255.255.255 On-link 192.168.10.116 276
       192.168.10.255 255.255.255.255 On-link 192.168.10.116 276
       224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
       224.0.0.0 240.0.0.0 On-link 192.168.10.116 276
       255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
       255.255.255.255 255.255.255.255 On-link 192.168.10.116 276
      ===========================================================================
      Persistent Routes:
       None

      IPv6 Route Table
      ===========================================================================
      Active Routes:
       If Metric Network Destination Gateway
       45 306 ::/0 On-link
       1 306 ::1/128 On-link
       45 306 2001::/32 On-link
       45 306 2001:0:9d38:6abd:107a:364f:9711:5573/128
       On-link
       24 276 fe80::/64 On-link
       45 306 fe80::/64 On-link
       45 306 fe80::107a:364f:9711:5573/128
       On-link
       24 276 fe80::5990:eaa3:40fd:4a6d/128
       On-link
       1 306 ff00::/8 On-link
       24 276 ff00::/8 On-link
       45 306 ff00::/8 On-link
      ===========================================================================
      Persistent Routes:
       None



      Client config:



      client
      dev tun
      proto udp
      remote 93.xxx.xxx.xxx 50005
      resolv-retry infinite
      user nobody
      group nobody
      resolv-retry infinite
      nobind
      persist-key
      persist-tun
      verb 3
      auth-user-pass
      cipher AES-128-CBC
      auth SHA1
      remote-cert-tls server
      comp-lzo
      <ca>
      -----BEGIN CERTIFICATE-----
      ...
      -----END CERTIFICATE-----
      </ca>


      Server config:


      port 50005
      proto udp
      dev tun
      server 172.16.101.0 255.255.255.0
      duplicate-cn
      client-to-client
      cipher AES-128-CBC
      auth SHA1
      comp-lzo
      username-as-common-name
      client-cert-not-required
      auth-user-pass-verify /etc/openvpn/script/login.sh via-env
      comp-lzo
      user nobody
      ;group nogroup
      username-as-common-name
      client-cert-not-required
      auth-user-pass-verify /etc/openvpn/script/login.sh via-env
      keepalive 3 10
      push "dhcp-option DNS 8.8.8.8"
      push "dhcp-option DNS 8.8.4.4"
      push "route 172.16.101.0 255.0.0.0"
      push "redirect-gateway def1 bypass-dhcp"
      script-security 3 system
      client-connect /etc/openvpn/script/connect.sh
      client-disconnect /etc/openvpn/script/disconnect.sh
      persist-key
      persist-tun
      status openvpn-status.log
      verb 5
      management localhost 7555
      <ca>
      ...
      </ca>
      <cert>
      ...
      </cert>
      <key>
      ...
      </key>
      <dh>
      ...
      </dh>


      Any advise would be highly appreciated. Thank you.






      windows ubuntu iptables vpn openvpn







      share|improve this question














      I have an OpenVPN server running (93.xxx.xxx.xxx is the public IP) to which different android and windows clients can connect and have access to the internet, but
      an OpenVPN client on my Windows 10 PC behaves strangely:



      1. It successfully connects and authenticates.

      Sun Nov 08 10:50:38 2015 NOTE: --user option is not implemented on Windows
      Sun Nov 08 10:50:38 2015 NOTE: --group option is not implemented on Windows
      Sun Nov 08 10:50:38 2015 OpenVPN 2.3.8 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Aug 4 2015
      Sun Nov 08 10:50:38 2015 library versions: OpenSSL 1.0.1p 9 Jul 2015, LZO 2.08
      Sun Nov 08 10:50:38 2015 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25342
      Sun Nov 08 10:50:38 2015 Need hold release from management interface, waiting...
      Sun Nov 08 10:50:39 2015 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25342
      Sun Nov 08 10:50:39 2015 MANAGEMENT: CMD 'state on'
      Sun Nov 08 10:50:39 2015 MANAGEMENT: CMD 'log all on'
      Sun Nov 08 10:50:39 2015 MANAGEMENT: CMD 'hold off'
      Sun Nov 08 10:50:39 2015 MANAGEMENT: CMD 'hold release'
      Sun Nov 08 10:50:43 2015 MANAGEMENT: CMD 'username "Auth" "qwerty"'
      Sun Nov 08 10:50:43 2015 MANAGEMENT: CMD 'password [...]'
      Sun Nov 08 10:50:43 2015 Socket Buffers: R=[65536->65536] S=[65536->65536]
      Sun Nov 08 10:50:43 2015 UDPv4 link local: [undef]
      Sun Nov 08 10:50:43 2015 UDPv4 link remote: [AF_INET]93.xxx.xxx.xxx:50005
      Sun Nov 08 10:50:43 2015 MANAGEMENT: >STATE:1446979843,WAIT,,,
      Sun Nov 08 10:50:43 2015 MANAGEMENT: >STATE:1446979843,AUTH,,,
      Sun Nov 08 10:50:43 2015 TLS: Initial packet from [AF_INET]93.xxx.xxx.xxx:50005, sid=48bd669d fdf76b86
      Sun Nov 08 10:50:43 2015 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
      Sun Nov 08 10:50:43 2015 VERIFY OK: depth=1, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=Fort-Funston CA, name=server, emailAddress=me@myhost.mydomain
      Sun Nov 08 10:50:43 2015 Validating certificate key usage
      Sun Nov 08 10:50:43 2015 ++ Certificate has key usage 00a0, expects 00a0
      Sun Nov 08 10:50:43 2015 VERIFY KU OK
      Sun Nov 08 10:50:43 2015 Validating certificate extended key usage
      Sun Nov 08 10:50:43 2015 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
      Sun Nov 08 10:50:43 2015 VERIFY EKU OK
      Sun Nov 08 10:50:43 2015 VERIFY OK: depth=0, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=server, name=server, emailAddress=me@myhost.mydomain
      Sun Nov 08 10:50:43 2015 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
      Sun Nov 08 10:50:43 2015 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
      Sun Nov 08 10:50:43 2015 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
      Sun Nov 08 10:50:43 2015 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
      Sun Nov 08 10:50:43 2015 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
      Sun Nov 08 10:50:43 2015 [server] Peer Connection Initiated with [AF_INET]93.xxx.xxx.xxx:50005
      Sun Nov 08 10:50:44 2015 MANAGEMENT: >STATE:1446979844,GET_CONFIG,,,
      Sun Nov 08 10:50:45 2015 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
      Sun Nov 08 10:50:45 2015 PUSH: Received control message: 'PUSH_REPLY,route 172.16.101.0 255.0.0.0,redirect-gateway def1 bypass-dhcp,route 172.16.101.0 255.255.255.0,topology net30,ping 3,ping-restart 10,ifconfig 172.16.101.6 172.16.101.5'
      Sun Nov 08 10:50:45 2015 OPTIONS IMPORT: timers and/or timeouts modified
      Sun Nov 08 10:50:45 2015 OPTIONS IMPORT: --ifconfig/up options modified
      Sun Nov 08 10:50:45 2015 OPTIONS IMPORT: route options modified
      Sun Nov 08 10:50:45 2015 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
      Sun Nov 08 10:50:45 2015 MANAGEMENT: >STATE:1446979845,ASSIGN_IP,,172.16.101.6,
      Sun Nov 08 10:50:45 2015 open_tun, tt->ipv6=0
      Sun Nov 08 10:50:45 2015 TAP-WIN32 device [Ethernet 6] opened: \.GlobalB3106E59-6B92-4B4D-8A96-B9476295FF36.tap
      Sun Nov 08 10:50:45 2015 TAP-Windows Driver Version 9.9 
      Sun Nov 08 10:50:45 2015 Notified TAP-Windows driver to set a DHCP IP/netmask of 172.16.101.6/255.255.255.252 on interface B3106E59-6B92-4B4D-8A96-B9476295FF36 [DHCP-serv: 172.16.101.5, lease-time: 31536000]
      Sun Nov 08 10:50:45 2015 Successful ARP Flush on interface [79] B3106E59-6B92-4B4D-8A96-B9476295FF36
      Sun Nov 08 10:50:50 2015 TEST ROUTES: 3/3 succeeded len=2 ret=1 a=0 u/d=up
      Sun Nov 08 10:50:50 2015 C:WINDOWSsystem32route.exe ADD 93.xxx.xxx.xxx MASK 255.255.255.255 192.168.10.1
      Sun Nov 08 10:50:50 2015 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
      Sun Nov 08 10:50:50 2015 Route addition via IPAPI succeeded [adaptive]
      Sun Nov 08 10:50:50 2015 C:WINDOWSsystem32route.exe ADD 192.168.10.1 MASK 255.255.255.255 192.168.10.1 IF 24
      Sun Nov 08 10:50:50 2015 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
      Sun Nov 08 10:50:50 2015 Route addition via IPAPI succeeded [adaptive]
      Sun Nov 08 10:50:50 2015 C:WINDOWSsystem32route.exe ADD 0.0.0.0 MASK 128.0.0.0 172.16.101.5
      Sun Nov 08 10:50:50 2015 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
      Sun Nov 08 10:50:50 2015 Route addition via IPAPI succeeded [adaptive]
      Sun Nov 08 10:50:50 2015 C:WINDOWSsystem32route.exe ADD 128.0.0.0 MASK 128.0.0.0 172.16.101.5
      Sun Nov 08 10:50:50 2015 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
      Sun Nov 08 10:50:50 2015 Route addition via IPAPI succeeded [adaptive]
      Sun Nov 08 10:50:50 2015 MANAGEMENT: >STATE:1446979850,ADD_ROUTES,,,
      Sun Nov 08 10:50:50 2015 C:WINDOWSsystem32route.exe ADD 172.16.101.0 MASK 255.0.0.0 172.16.101.5
      Sun Nov 08 10:50:50 2015 Warning: address 172.16.101.0 is not a network address in relation to netmask 255.0.0.0
      Sun Nov 08 10:50:50 2015 ROUTE: route addition failed using CreateIpForwardEntry: The parameter is incorrect. [status=87 if_index=79]
      Sun Nov 08 10:50:50 2015 Route addition via IPAPI failed [adaptive]
      Sun Nov 08 10:50:50 2015 Route addition fallback to route.exe
      Sun Nov 08 10:50:50 2015 env_block: add PATH=C:WindowsSystem32;C:WINDOWS;C:WINDOWSSystem32Wbem
      Sun Nov 08 10:50:50 2015 C:WINDOWSsystem32route.exe ADD 172.16.101.0 MASK 255.255.255.0 172.16.101.5
      Sun Nov 08 10:50:50 2015 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
      Sun Nov 08 10:50:50 2015 Route addition via IPAPI succeeded [adaptive]
      Sun Nov 08 10:50:50 2015 Initialization Sequence Completed
      Sun Nov 08 10:50:50 2015 MANAGEMENT: >STATE:1446979850,CONNECTED,SUCCESS,172.16.101.6,93.xxx.xxx.xxx


      1. It is able to ping google,8.8.8.8 etc, but can not browse the web (pages are loading for the first 3-5 sec. and then just stop.) This is mostly Chrome and Firefox. Edge seems to be working better, but still behaves strangely (slow page load, refresh required for page to load fully) [
        screenshot of a page loading infinitely]

      SSH also does not seem to work, same thing with FTP:



      Status: Connection established, waiting for welcome message...
      Status: Insecure server, it does not support FTP over TLS.
      Status: Connected
      Status: Retrieving directory listing...
      *Nothing happens*


      Things like online games (UDP?) work fine.



      Please also note that:



      • Different other clients can connect to the server and have no problems (windows ones as well)(and ones logged in under the same credentials).

      • There are no firewalls between client and server.

      • When the client tries to connect to similar servers the same problem occurs (even the ones that were working perfectly before).

      • Even with the VPN connected ping shows 0% packet loss.

      • The actual internet connection is ok and the client is able to connect to non-openvpn VPNs without any problems.

      All the server's iptables (there is only one)



      root@93.xxx.xxx.xxx:~# iptables -t nat -L
      Chain PREROUTING (policy ACCEPT)
      target prot opt source destination

      Chain INPUT (policy ACCEPT)
      target prot opt source destination

      Chain OUTPUT (policy ACCEPT)
      target prot opt source destination

      Chain POSTROUTING (policy ACCEPT)
      target prot opt source destination
      MASQUERADE all -- 172.16.101.0/24 anywhere


      root@93.xxx.xxx.xxx:~# cat /proc/sys/net/ipv4/ip_forward
      1


      Client routes (connected to vpn):



      >cmd /k route print
      ===========================================================================
      Interface List
       24...10 c3 7b 96 51 7c ......Realtek PCIe GBE Family Controller
       79...00 ff b3 10 6e 59 ......TAP-Windows Adapter V9 #2
       1...........................Software Loopback Interface 1
       47...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
       45...00 00 00 00 00 00 00 e0 Microsoft Teredo Tunneling Adapter
       52...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
      ===========================================================================

      IPv4 Route Table
      ===========================================================================
      Active Routes:
      Network Destination Netmask Gateway Interface Metric
       0.0.0.0 0.0.0.0 192.168.10.1 192.168.10.116 20
       0.0.0.0 128.0.0.0 172.16.101.9 172.16.101.10 30
       93.xxx.xxx.xxx 255.255.255.255 192.168.10.1 192.168.10.116 20
       127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
       127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
       127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
       128.0.0.0 128.0.0.0 172.16.101.9 172.16.101.10 30
       172.16.101.0 255.255.255.0 172.16.101.9 172.16.101.10 30
       172.16.101.8 255.255.255.252 On-link 172.16.101.10 286
       172.16.101.10 255.255.255.255 On-link 172.16.101.10 286
       172.16.101.11 255.255.255.255 On-link 172.16.101.10 286
       192.168.10.0 255.255.255.0 On-link 192.168.10.116 276
       192.168.10.1 255.255.255.255 192.168.10.1 192.168.10.116 20
       192.168.10.116 255.255.255.255 On-link 192.168.10.116 276
       192.168.10.255 255.255.255.255 On-link 192.168.10.116 276
       224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
       224.0.0.0 240.0.0.0 On-link 192.168.10.116 276
       224.0.0.0 240.0.0.0 On-link 172.16.101.10 286
       255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
       255.255.255.255 255.255.255.255 On-link 192.168.10.116 276
       255.255.255.255 255.255.255.255 On-link 172.16.101.10 286
      ===========================================================================
      Persistent Routes:
       None

      IPv6 Route Table
      ===========================================================================
      Active Routes:
       If Metric Network Destination Gateway
       1 306 ::1/128 On-link
       24 276 fe80::/64 On-link
       79 286 fe80::/64 On-link
       24 276 fe80::5990:eaa3:40fd:4a6d/128
       On-link
       79 286 fe80::8dce:5ebc:c720:2d68/128
       On-link
       1 306 ff00::/8 On-link
       24 276 ff00::/8 On-link
       79 286 ff00::/8 On-link
      ===========================================================================
      Persistent Routes:
       None



      Client routes (disconnected from vpn):



      >cmd /k route print
      ===========================================================================
      Interface List
       24...10 c3 7b 96 51 7c ......Realtek PCIe GBE Family Controller
       79...00 ff b3 10 6e 59 ......TAP-Windows Adapter V9 #2
       1...........................Software Loopback Interface 1
       45...00 00 00 00 00 00 00 e0 Microsoft Teredo Tunneling Adapter
       52...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
      ===========================================================================

      IPv4 Route Table
      ===========================================================================
      Active Routes:
      Network Destination Netmask Gateway Interface Metric
       0.0.0.0 0.0.0.0 192.168.10.1 192.168.10.116 20
       127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
       127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
       127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
       192.168.10.0 255.255.255.0 On-link 192.168.10.116 276
       192.168.10.116 255.255.255.255 On-link 192.168.10.116 276
       192.168.10.255 255.255.255.255 On-link 192.168.10.116 276
       224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
       224.0.0.0 240.0.0.0 On-link 192.168.10.116 276
       255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
       255.255.255.255 255.255.255.255 On-link 192.168.10.116 276
      ===========================================================================
      Persistent Routes:
       None

      IPv6 Route Table
      ===========================================================================
      Active Routes:
       If Metric Network Destination Gateway
       45 306 ::/0 On-link
       1 306 ::1/128 On-link
       45 306 2001::/32 On-link
       45 306 2001:0:9d38:6abd:107a:364f:9711:5573/128
       On-link
       24 276 fe80::/64 On-link
       45 306 fe80::/64 On-link
       45 306 fe80::107a:364f:9711:5573/128
       On-link
       24 276 fe80::5990:eaa3:40fd:4a6d/128
       On-link
       1 306 ff00::/8 On-link
       24 276 ff00::/8 On-link
       45 306 ff00::/8 On-link
      ===========================================================================
      Persistent Routes:
       None



      Client config:



      client
      dev tun
      proto udp
      remote 93.xxx.xxx.xxx 50005
      resolv-retry infinite
      user nobody
      group nobody
      resolv-retry infinite
      nobind
      persist-key
      persist-tun
      verb 3
      auth-user-pass
      cipher AES-128-CBC
      auth SHA1
      remote-cert-tls server
      comp-lzo
      <ca>
      -----BEGIN CERTIFICATE-----
      ...
      -----END CERTIFICATE-----
      </ca>


      Server config:


      port 50005
      proto udp
      dev tun
      server 172.16.101.0 255.255.255.0
      duplicate-cn
      client-to-client
      cipher AES-128-CBC
      auth SHA1
      comp-lzo
      username-as-common-name
      client-cert-not-required
      auth-user-pass-verify /etc/openvpn/script/login.sh via-env
      comp-lzo
      user nobody
      ;group nogroup
      username-as-common-name
      client-cert-not-required
      auth-user-pass-verify /etc/openvpn/script/login.sh via-env
      keepalive 3 10
      push "dhcp-option DNS 8.8.8.8"
      push "dhcp-option DNS 8.8.4.4"
      push "route 172.16.101.0 255.0.0.0"
      push "redirect-gateway def1 bypass-dhcp"
      script-security 3 system
      client-connect /etc/openvpn/script/connect.sh
      client-disconnect /etc/openvpn/script/disconnect.sh
      persist-key
      persist-tun
      status openvpn-status.log
      verb 5
      management localhost 7555
      <ca>
      ...
      </ca>
      <cert>
      ...
      </cert>
      <key>
      ...
      </key>
      <dh>
      ...
      </dh>


      Any advise would be highly appreciated. Thank you.






      windows ubuntu iptables vpn openvpn




      windows ubuntu iptables vpn openvpn






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked Nov 8 '15 at 12:14









      Bob PretsBob Prets

      161




      161




















          1 Answer
          1






          active

          oldest

          votes


















          0














          Set the MTU on the client side down a bit. Use ping with -l to set payload size and find the right size to set. https://www.sonassi.com/help/magestack/setting-correct-mtu-for-openvpn






          share|improve this answer























            Your Answer








            StackExchange.ready(function()
            var channelOptions =
            tags: "".split(" "),
            id: "2"
            ;
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function()
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled)
            StackExchange.using("snippets", function()
            createEditor();
            );

            else
            createEditor();

            );

            function createEditor()
            StackExchange.prepareEditor(
            heartbeatType: 'answer',
            autoActivateHeartbeat: false,
            convertImagesToLinks: true,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: 10,
            bindNavPrevention: true,
            postfix: "",
            imageUploader:
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            ,
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            );



            );













            draft saved

            draft discarded


















            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f734776%2fwindows-10-strange-openvpn-behavior%23new-answer', 'question_page');

            );

            Post as a guest















            Required, but never shown

























            1 Answer
            1






            active

            oldest

            votes








            1 Answer
            1






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes









            0














            Set the MTU on the client side down a bit. Use ping with -l to set payload size and find the right size to set. https://www.sonassi.com/help/magestack/setting-correct-mtu-for-openvpn






            share|improve this answer



























              0














              Set the MTU on the client side down a bit. Use ping with -l to set payload size and find the right size to set. https://www.sonassi.com/help/magestack/setting-correct-mtu-for-openvpn






              share|improve this answer

























                0












                0








                0







                Set the MTU on the client side down a bit. Use ping with -l to set payload size and find the right size to set. https://www.sonassi.com/help/magestack/setting-correct-mtu-for-openvpn






                share|improve this answer













                Set the MTU on the client side down a bit. Use ping with -l to set payload size and find the right size to set. https://www.sonassi.com/help/magestack/setting-correct-mtu-for-openvpn







                share|improve this answer












                share|improve this answer



                share|improve this answer










                answered Nov 9 '15 at 2:00









                MarkMark

                2,1881014




                2,1881014



























                    draft saved

                    draft discarded
















































                    Thanks for contributing an answer to Server Fault!


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid


                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.

                    To learn more, see our tips on writing great answers.




                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function ()
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f734776%2fwindows-10-strange-openvpn-behavior%23new-answer', 'question_page');

                    );

                    Post as a guest















                    Required, but never shown





















































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown

































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown







                    -

                    Popular posts from this blog

                    Wikipedia:Vital articles Мазмуну Biography - Өмүр баян Philosophy and psychology - Философия жана психология Religion - Дин Social sciences - Коомдук илимдер Language and literature - Тил жана адабият Science - Илим Technology - Технология Arts and recreation - Искусство жана эс алуу History and geography - Тарых жана география Навигация менюсу

                    Image
                    centralized watchlist Wikipedia:Vital articles Wikipedia дан Jump to navigation Jump to search This is a list of basic subjects for which Wikipedia should have a corresponding high-quality article, and ideally a featured article. It also serves as a centralized watchlist and tracks the status of some of Wikipedia's most essential articles. Ideally this page should list approximately 1,000 of the most vital Wikipedia articles. Мазмуну 1 Biography - Өмүр баян 1.1 Actors, dancers and models - Актёрлор, бийчилер жана моделдер 1.2 Artists and architects - Сүрөтчүлөр жана архитекторлор 1.3 Authors, playwrights and poets - Жазуучулар, драматургдар жана акындар 1.4 Composers and musicians - Композиторлор жана музыканттар 1.5 Explorers and travelers - Изилдөөчүлөр менен саякатчылар 1.6 Film directors and screenwriters - Режиссёрлор жана сценаристтер 1.7 Inventors, scientists and mathematicians - Ойлоп табуучулар, окумуштуулар жана математиктер
                    Read more

                    Bruxelas-Capital Índice Historia | Composición | Situación lingüística | Clima | Cidades irmandadas | Notas | Véxase tamén | Menú de navegacióneO uso das linguas en Bruxelas e a situación do neerlandés"Rexión de Bruxelas Capital"o orixinalSitio da rexiónPáxina de Bruselas no sitio da Oficina de Promoción Turística de Valonia e BruxelasMapa Interactivo da Rexión de Bruxelas-CapitaleeWorldCat332144929079854441105155190212ID28008674080552-90000 0001 0666 3698n94104302ID540940339365017018237

                    Image
                    AnderlechtCidade de BruxelasIxellesEtterbeekEvereGanshorenJetteKoekelbergAuderghemSchaerbeekBerchem-Sainte-AgatheSaint-GillesMolenbeek-Saint-JeanSaint-Josse-ten-NoodeWoluwe-Saint-LambertWoluwe-Saint-PierreUccleForestWatermaal-Bosvoorde Comunidade Francesa de Bélxica Comunidade Flamenga de Bélxica Comunidade Xermanófona de Bélxica Bruxelas-CapitalRexións de Bélxica francésneerlandésRexiónsBélxicacomunidade francesacomunidade flamengafrancófonaflamengaUnión EuropeaMagrebMarrocosTurquíaAméricaÁfricaRepública Democrática do CongoEuropa central18 de xuño1989FlandresRexión Valoaflamengaséculo XIXClasificación climática de Köppen Bruxelas-Capital Na Galipedia, a Wikipedia en galego. Saltar ata a navegación Saltar á procura Para outras páxinas con títulos homónimos véxase: Bruxelas . Région de Bruxelles-Capitale Brussels Hoofdstedelijk Gewest Bandeira Estado Bélxica Capital Cidade de Bruxelas  • Poboación n/d Lingua oficial As dúas Superficie  • Total 1
                    Read more

                    What should I write in an apology letter, since I have decided not to join a company after accepting an offer letterShould I keep looking after accepting a job offer?What should I do when I've been verbally told I would get an offer letter, but still haven't gotten one after 4 weeks?Do I accept an offer from a company that I am not likely to join?New job hasn't confirmed starting date and I want to give current employer as much notice as possibleHow should I address my manager in my resignation letter?HR delayed background verification, now jobless as resignedNo email communication after accepting a formal written offer. How should I phrase the call?What should I do if after receiving a verbal offer letter I am informed that my written job offer is put on hold due to some internal issues?Should I inform the current employer that I am about to resign within 1-2 weeks since I have signed the offer letter and waiting for visa?What company will do, if I send their offer letter to another company

                    Image
                    When is the original BFGS algorithm still better than the Limited-Memory version? How well known and how commonly used was Huffman coding in 1979? Inverse-quotes-quine Can the US president have someone sent to jail? Employer wants to use my work email account after I quit, is this legal under German law? Is this a GDPR waiver? Do French speakers not use the subjunctive informally? Low-gravity Bronze Age fortifications Does ultrasonic bath cleaning damage laboratory volumetric glassware calibration? Why do some games show lights shine through walls? Unusual mail headers, evidence of an attempted attack. Have I been pwned? Smooth Julia set for quadratic polynomials Require advice on power conservation for backpacking trip Dimensions of list used in test C-152 carb heat on before landing in hot weather? Is my Rep in Stack-Exchange Form? What happens when your group is victim of a surprise attack but you can't be surprised? How come I was asked by a CBP
                    Read more