Windows 10 strange OpenVPN behavior127.0.0.1 corruptedInternet access via OpenVPNHow Can I enable rdp access to a laptop after it connects to VPN?Juniper Netscreen Remote - What is the interface / route config?Allowing SSH on a server with an active OpenVPN clientOpenVPN client on a windows 7, packets not routedCan't establish connection between openvpn client and serverSeparate corporate network traffic and internet traffic using two network interfacePPTP VPN connects but does not have access to network resourcesRouting trafffic from vpn tunnel source to other interface
Is it possible to fly backward if you have REALLY STRONG headwind?
Does Disney no longer produce hand-drawn cartoon films?
What aircraft was used as Air Force One for the flight between Southampton and Shannon?
Thread Pool C++ Implementation
Why 1,2 printed by a command in $() is not interpolated?
Russian word for a male zebra
Let M and N be single-digit integers. If the product 2M5 x 13N is divisible by 36, how many ordered pairs (M,N) are possible?
Has there been a multiethnic Star Trek character?
I have a problematic assistant manager, but I can't fire him
Warning about needing "authorization" when booking ticket
Why can my keyboard only digest 6 keypresses at a time?
Longest bridge/tunnel that can be cycled over/through?
Who enforces MPAA rating adherence?
If atoms are mostly vacuum, why are things so rigid around us?
Fixing obscure 8080 emulator bug?
How can I get an unreasonable manager to approve time off?
Second (easy access) account in case my bank screws up
Cascading Switches. Will it affect performance?
If I leave the US through an airport, do I have to return through the same airport?
How to decline a wedding invitation from a friend I haven't seen in years?
Active low-pass filters --- good to what frequencies?
Check if three arrays contains the same element
Which languages would be most useful in Europe at the end of the 19th century?
LuaLaTex - how to use number, computed later in the document
Windows 10 strange OpenVPN behavior
127.0.0.1 corruptedInternet access via OpenVPNHow Can I enable rdp access to a laptop after it connects to VPN?Juniper Netscreen Remote - What is the interface / route config?Allowing SSH on a server with an active OpenVPN clientOpenVPN client on a windows 7, packets not routedCan't establish connection between openvpn client and serverSeparate corporate network traffic and internet traffic using two network interfacePPTP VPN connects but does not have access to network resourcesRouting trafffic from vpn tunnel source to other interface
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;
3
I have an OpenVPN server running (93.xxx.xxx.xxx is the public IP) to which different android and windows clients can connect and have access to the internet, but
an OpenVPN client on my Windows 10 PC behaves strangely:
- It successfully connects and authenticates.
Sun Nov 08 10:50:38 2015 NOTE: --user option is not implemented on Windows
Sun Nov 08 10:50:38 2015 NOTE: --group option is not implemented on Windows
Sun Nov 08 10:50:38 2015 OpenVPN 2.3.8 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Aug 4 2015
Sun Nov 08 10:50:38 2015 library versions: OpenSSL 1.0.1p 9 Jul 2015, LZO 2.08
Sun Nov 08 10:50:38 2015 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25342
Sun Nov 08 10:50:38 2015 Need hold release from management interface, waiting...
Sun Nov 08 10:50:39 2015 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25342
Sun Nov 08 10:50:39 2015 MANAGEMENT: CMD 'state on'
Sun Nov 08 10:50:39 2015 MANAGEMENT: CMD 'log all on'
Sun Nov 08 10:50:39 2015 MANAGEMENT: CMD 'hold off'
Sun Nov 08 10:50:39 2015 MANAGEMENT: CMD 'hold release'
Sun Nov 08 10:50:43 2015 MANAGEMENT: CMD 'username "Auth" "qwerty"'
Sun Nov 08 10:50:43 2015 MANAGEMENT: CMD 'password [...]'
Sun Nov 08 10:50:43 2015 Socket Buffers: R=[65536->65536] S=[65536->65536]
Sun Nov 08 10:50:43 2015 UDPv4 link local: [undef]
Sun Nov 08 10:50:43 2015 UDPv4 link remote: [AF_INET]93.xxx.xxx.xxx:50005
Sun Nov 08 10:50:43 2015 MANAGEMENT: >STATE:1446979843,WAIT,,,
Sun Nov 08 10:50:43 2015 MANAGEMENT: >STATE:1446979843,AUTH,,,
Sun Nov 08 10:50:43 2015 TLS: Initial packet from [AF_INET]93.xxx.xxx.xxx:50005, sid=48bd669d fdf76b86
Sun Nov 08 10:50:43 2015 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sun Nov 08 10:50:43 2015 VERIFY OK: depth=1, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=Fort-Funston CA, name=server, emailAddress=me@myhost.mydomain
Sun Nov 08 10:50:43 2015 Validating certificate key usage
Sun Nov 08 10:50:43 2015 ++ Certificate has key usage 00a0, expects 00a0
Sun Nov 08 10:50:43 2015 VERIFY KU OK
Sun Nov 08 10:50:43 2015 Validating certificate extended key usage
Sun Nov 08 10:50:43 2015 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Sun Nov 08 10:50:43 2015 VERIFY EKU OK
Sun Nov 08 10:50:43 2015 VERIFY OK: depth=0, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=server, name=server, emailAddress=me@myhost.mydomain
Sun Nov 08 10:50:43 2015 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Sun Nov 08 10:50:43 2015 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Nov 08 10:50:43 2015 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Sun Nov 08 10:50:43 2015 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Nov 08 10:50:43 2015 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Sun Nov 08 10:50:43 2015 [server] Peer Connection Initiated with [AF_INET]93.xxx.xxx.xxx:50005
Sun Nov 08 10:50:44 2015 MANAGEMENT: >STATE:1446979844,GET_CONFIG,,,
Sun Nov 08 10:50:45 2015 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Sun Nov 08 10:50:45 2015 PUSH: Received control message: 'PUSH_REPLY,route 172.16.101.0 255.0.0.0,redirect-gateway def1 bypass-dhcp,route 172.16.101.0 255.255.255.0,topology net30,ping 3,ping-restart 10,ifconfig 172.16.101.6 172.16.101.5'
Sun Nov 08 10:50:45 2015 OPTIONS IMPORT: timers and/or timeouts modified
Sun Nov 08 10:50:45 2015 OPTIONS IMPORT: --ifconfig/up options modified
Sun Nov 08 10:50:45 2015 OPTIONS IMPORT: route options modified
Sun Nov 08 10:50:45 2015 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Sun Nov 08 10:50:45 2015 MANAGEMENT: >STATE:1446979845,ASSIGN_IP,,172.16.101.6,
Sun Nov 08 10:50:45 2015 open_tun, tt->ipv6=0
Sun Nov 08 10:50:45 2015 TAP-WIN32 device [Ethernet 6] opened: \.GlobalB3106E59-6B92-4B4D-8A96-B9476295FF36.tap
Sun Nov 08 10:50:45 2015 TAP-Windows Driver Version 9.9
Sun Nov 08 10:50:45 2015 Notified TAP-Windows driver to set a DHCP IP/netmask of 172.16.101.6/255.255.255.252 on interface B3106E59-6B92-4B4D-8A96-B9476295FF36 [DHCP-serv: 172.16.101.5, lease-time: 31536000]
Sun Nov 08 10:50:45 2015 Successful ARP Flush on interface [79] B3106E59-6B92-4B4D-8A96-B9476295FF36
Sun Nov 08 10:50:50 2015 TEST ROUTES: 3/3 succeeded len=2 ret=1 a=0 u/d=up
Sun Nov 08 10:50:50 2015 C:WINDOWSsystem32route.exe ADD 93.xxx.xxx.xxx MASK 255.255.255.255 192.168.10.1
Sun Nov 08 10:50:50 2015 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
Sun Nov 08 10:50:50 2015 Route addition via IPAPI succeeded [adaptive]
Sun Nov 08 10:50:50 2015 C:WINDOWSsystem32route.exe ADD 192.168.10.1 MASK 255.255.255.255 192.168.10.1 IF 24
Sun Nov 08 10:50:50 2015 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
Sun Nov 08 10:50:50 2015 Route addition via IPAPI succeeded [adaptive]
Sun Nov 08 10:50:50 2015 C:WINDOWSsystem32route.exe ADD 0.0.0.0 MASK 128.0.0.0 172.16.101.5
Sun Nov 08 10:50:50 2015 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Sun Nov 08 10:50:50 2015 Route addition via IPAPI succeeded [adaptive]
Sun Nov 08 10:50:50 2015 C:WINDOWSsystem32route.exe ADD 128.0.0.0 MASK 128.0.0.0 172.16.101.5
Sun Nov 08 10:50:50 2015 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Sun Nov 08 10:50:50 2015 Route addition via IPAPI succeeded [adaptive]
Sun Nov 08 10:50:50 2015 MANAGEMENT: >STATE:1446979850,ADD_ROUTES,,,
Sun Nov 08 10:50:50 2015 C:WINDOWSsystem32route.exe ADD 172.16.101.0 MASK 255.0.0.0 172.16.101.5
Sun Nov 08 10:50:50 2015 Warning: address 172.16.101.0 is not a network address in relation to netmask 255.0.0.0
Sun Nov 08 10:50:50 2015 ROUTE: route addition failed using CreateIpForwardEntry: The parameter is incorrect. [status=87 if_index=79]
Sun Nov 08 10:50:50 2015 Route addition via IPAPI failed [adaptive]
Sun Nov 08 10:50:50 2015 Route addition fallback to route.exe
Sun Nov 08 10:50:50 2015 env_block: add PATH=C:WindowsSystem32;C:WINDOWS;C:WINDOWSSystem32Wbem
Sun Nov 08 10:50:50 2015 C:WINDOWSsystem32route.exe ADD 172.16.101.0 MASK 255.255.255.0 172.16.101.5
Sun Nov 08 10:50:50 2015 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Sun Nov 08 10:50:50 2015 Route addition via IPAPI succeeded [adaptive]
Sun Nov 08 10:50:50 2015 Initialization Sequence Completed
Sun Nov 08 10:50:50 2015 MANAGEMENT: >STATE:1446979850,CONNECTED,SUCCESS,172.16.101.6,93.xxx.xxx.xxx
- It is able to ping google,8.8.8.8 etc, but can not browse the web (pages are loading for the first 3-5 sec. and then just stop.) This is mostly Chrome and Firefox. Edge seems to be working better, but still behaves strangely (slow page load, refresh required for page to load fully) [
screenshot of a page loading infinitely]
SSH also does not seem to work, same thing with FTP:
Status: Connection established, waiting for welcome message...
Status: Insecure server, it does not support FTP over TLS.
Status: Connected
Status: Retrieving directory listing...
*Nothing happens*
Things like online games (UDP?) work fine.
Please also note that:
- Different other clients can connect to the server and have no problems (windows ones as well)(and ones logged in under the same credentials).
- There are no firewalls between client and server.
- When the client tries to connect to similar servers the same problem occurs (even the ones that were working perfectly before).
- Even with the VPN connected ping shows 0% packet loss.
- The actual internet connection is ok and the client is able to connect to non-openvpn VPNs without any problems.
All the server's iptables (there is only one)
root@93.xxx.xxx.xxx:~# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- 172.16.101.0/24 anywhere
root@93.xxx.xxx.xxx:~# cat /proc/sys/net/ipv4/ip_forward
1
Client routes (connected to vpn):
>cmd /k route print
===========================================================================
Interface List
24...10 c3 7b 96 51 7c ......Realtek PCIe GBE Family Controller
79...00 ff b3 10 6e 59 ......TAP-Windows Adapter V9 #2
1...........................Software Loopback Interface 1
47...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
45...00 00 00 00 00 00 00 e0 Microsoft Teredo Tunneling Adapter
52...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.10.1 192.168.10.116 20
0.0.0.0 128.0.0.0 172.16.101.9 172.16.101.10 30
93.xxx.xxx.xxx 255.255.255.255 192.168.10.1 192.168.10.116 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
128.0.0.0 128.0.0.0 172.16.101.9 172.16.101.10 30
172.16.101.0 255.255.255.0 172.16.101.9 172.16.101.10 30
172.16.101.8 255.255.255.252 On-link 172.16.101.10 286
172.16.101.10 255.255.255.255 On-link 172.16.101.10 286
172.16.101.11 255.255.255.255 On-link 172.16.101.10 286
192.168.10.0 255.255.255.0 On-link 192.168.10.116 276
192.168.10.1 255.255.255.255 192.168.10.1 192.168.10.116 20
192.168.10.116 255.255.255.255 On-link 192.168.10.116 276
192.168.10.255 255.255.255.255 On-link 192.168.10.116 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.10.116 276
224.0.0.0 240.0.0.0 On-link 172.16.101.10 286
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.10.116 276
255.255.255.255 255.255.255.255 On-link 172.16.101.10 286
===========================================================================
Persistent Routes:
None
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
24 276 fe80::/64 On-link
79 286 fe80::/64 On-link
24 276 fe80::5990:eaa3:40fd:4a6d/128
On-link
79 286 fe80::8dce:5ebc:c720:2d68/128
On-link
1 306 ff00::/8 On-link
24 276 ff00::/8 On-link
79 286 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
Client routes (disconnected from vpn):
>cmd /k route print
===========================================================================
Interface List
24...10 c3 7b 96 51 7c ......Realtek PCIe GBE Family Controller
79...00 ff b3 10 6e 59 ......TAP-Windows Adapter V9 #2
1...........................Software Loopback Interface 1
45...00 00 00 00 00 00 00 e0 Microsoft Teredo Tunneling Adapter
52...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.10.1 192.168.10.116 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.10.0 255.255.255.0 On-link 192.168.10.116 276
192.168.10.116 255.255.255.255 On-link 192.168.10.116 276
192.168.10.255 255.255.255.255 On-link 192.168.10.116 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.10.116 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.10.116 276
===========================================================================
Persistent Routes:
None
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
45 306 ::/0 On-link
1 306 ::1/128 On-link
45 306 2001::/32 On-link
45 306 2001:0:9d38:6abd:107a:364f:9711:5573/128
On-link
24 276 fe80::/64 On-link
45 306 fe80::/64 On-link
45 306 fe80::107a:364f:9711:5573/128
On-link
24 276 fe80::5990:eaa3:40fd:4a6d/128
On-link
1 306 ff00::/8 On-link
24 276 ff00::/8 On-link
45 306 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
Client config:
client
dev tun
proto udp
remote 93.xxx.xxx.xxx 50005
resolv-retry infinite
user nobody
group nobody
resolv-retry infinite
nobind
persist-key
persist-tun
verb 3
auth-user-pass
cipher AES-128-CBC
auth SHA1
remote-cert-tls server
comp-lzo
<ca>
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
</ca>
Server config:
port 50005
proto udp
dev tun
server 172.16.101.0 255.255.255.0
duplicate-cn
client-to-client
cipher AES-128-CBC
auth SHA1
comp-lzo
username-as-common-name
client-cert-not-required
auth-user-pass-verify /etc/openvpn/script/login.sh via-env
comp-lzo
user nobody
;group nogroup
username-as-common-name
client-cert-not-required
auth-user-pass-verify /etc/openvpn/script/login.sh via-env
keepalive 3 10
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
push "route 172.16.101.0 255.0.0.0"
push "redirect-gateway def1 bypass-dhcp"
script-security 3 system
client-connect /etc/openvpn/script/connect.sh
client-disconnect /etc/openvpn/script/disconnect.sh
persist-key
persist-tun
status openvpn-status.log
verb 5
management localhost 7555
<ca>
...
</ca>
<cert>
...
</cert>
<key>
...
</key>
<dh>
...
</dh>
Any advise would be highly appreciated. Thank you.
windows ubuntu iptables vpn openvpn
asked Nov 8 '15 at 12:14
Bob PretsBob Prets
161
add a comment |
3
I have an OpenVPN server running (93.xxx.xxx.xxx is the public IP) to which different android and windows clients can connect and have access to the internet, but
an OpenVPN client on my Windows 10 PC behaves strangely:
- It successfully connects and authenticates.
Sun Nov 08 10:50:38 2015 NOTE: --user option is not implemented on Windows
Sun Nov 08 10:50:38 2015 NOTE: --group option is not implemented on Windows
Sun Nov 08 10:50:38 2015 OpenVPN 2.3.8 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Aug 4 2015
Sun Nov 08 10:50:38 2015 library versions: OpenSSL 1.0.1p 9 Jul 2015, LZO 2.08
Sun Nov 08 10:50:38 2015 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25342
Sun Nov 08 10:50:38 2015 Need hold release from management interface, waiting...
Sun Nov 08 10:50:39 2015 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25342
Sun Nov 08 10:50:39 2015 MANAGEMENT: CMD 'state on'
Sun Nov 08 10:50:39 2015 MANAGEMENT: CMD 'log all on'
Sun Nov 08 10:50:39 2015 MANAGEMENT: CMD 'hold off'
Sun Nov 08 10:50:39 2015 MANAGEMENT: CMD 'hold release'
Sun Nov 08 10:50:43 2015 MANAGEMENT: CMD 'username "Auth" "qwerty"'
Sun Nov 08 10:50:43 2015 MANAGEMENT: CMD 'password [...]'
Sun Nov 08 10:50:43 2015 Socket Buffers: R=[65536->65536] S=[65536->65536]
Sun Nov 08 10:50:43 2015 UDPv4 link local: [undef]
Sun Nov 08 10:50:43 2015 UDPv4 link remote: [AF_INET]93.xxx.xxx.xxx:50005
Sun Nov 08 10:50:43 2015 MANAGEMENT: >STATE:1446979843,WAIT,,,
Sun Nov 08 10:50:43 2015 MANAGEMENT: >STATE:1446979843,AUTH,,,
Sun Nov 08 10:50:43 2015 TLS: Initial packet from [AF_INET]93.xxx.xxx.xxx:50005, sid=48bd669d fdf76b86
Sun Nov 08 10:50:43 2015 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sun Nov 08 10:50:43 2015 VERIFY OK: depth=1, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=Fort-Funston CA, name=server, emailAddress=me@myhost.mydomain
Sun Nov 08 10:50:43 2015 Validating certificate key usage
Sun Nov 08 10:50:43 2015 ++ Certificate has key usage 00a0, expects 00a0
Sun Nov 08 10:50:43 2015 VERIFY KU OK
Sun Nov 08 10:50:43 2015 Validating certificate extended key usage
Sun Nov 08 10:50:43 2015 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Sun Nov 08 10:50:43 2015 VERIFY EKU OK
Sun Nov 08 10:50:43 2015 VERIFY OK: depth=0, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=server, name=server, emailAddress=me@myhost.mydomain
Sun Nov 08 10:50:43 2015 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Sun Nov 08 10:50:43 2015 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Nov 08 10:50:43 2015 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Sun Nov 08 10:50:43 2015 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Nov 08 10:50:43 2015 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Sun Nov 08 10:50:43 2015 [server] Peer Connection Initiated with [AF_INET]93.xxx.xxx.xxx:50005
Sun Nov 08 10:50:44 2015 MANAGEMENT: >STATE:1446979844,GET_CONFIG,,,
Sun Nov 08 10:50:45 2015 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Sun Nov 08 10:50:45 2015 PUSH: Received control message: 'PUSH_REPLY,route 172.16.101.0 255.0.0.0,redirect-gateway def1 bypass-dhcp,route 172.16.101.0 255.255.255.0,topology net30,ping 3,ping-restart 10,ifconfig 172.16.101.6 172.16.101.5'
Sun Nov 08 10:50:45 2015 OPTIONS IMPORT: timers and/or timeouts modified
Sun Nov 08 10:50:45 2015 OPTIONS IMPORT: --ifconfig/up options modified
Sun Nov 08 10:50:45 2015 OPTIONS IMPORT: route options modified
Sun Nov 08 10:50:45 2015 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Sun Nov 08 10:50:45 2015 MANAGEMENT: >STATE:1446979845,ASSIGN_IP,,172.16.101.6,
Sun Nov 08 10:50:45 2015 open_tun, tt->ipv6=0
Sun Nov 08 10:50:45 2015 TAP-WIN32 device [Ethernet 6] opened: \.GlobalB3106E59-6B92-4B4D-8A96-B9476295FF36.tap
Sun Nov 08 10:50:45 2015 TAP-Windows Driver Version 9.9
Sun Nov 08 10:50:45 2015 Notified TAP-Windows driver to set a DHCP IP/netmask of 172.16.101.6/255.255.255.252 on interface B3106E59-6B92-4B4D-8A96-B9476295FF36 [DHCP-serv: 172.16.101.5, lease-time: 31536000]
Sun Nov 08 10:50:45 2015 Successful ARP Flush on interface [79] B3106E59-6B92-4B4D-8A96-B9476295FF36
Sun Nov 08 10:50:50 2015 TEST ROUTES: 3/3 succeeded len=2 ret=1 a=0 u/d=up
Sun Nov 08 10:50:50 2015 C:WINDOWSsystem32route.exe ADD 93.xxx.xxx.xxx MASK 255.255.255.255 192.168.10.1
Sun Nov 08 10:50:50 2015 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
Sun Nov 08 10:50:50 2015 Route addition via IPAPI succeeded [adaptive]
Sun Nov 08 10:50:50 2015 C:WINDOWSsystem32route.exe ADD 192.168.10.1 MASK 255.255.255.255 192.168.10.1 IF 24
Sun Nov 08 10:50:50 2015 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
Sun Nov 08 10:50:50 2015 Route addition via IPAPI succeeded [adaptive]
Sun Nov 08 10:50:50 2015 C:WINDOWSsystem32route.exe ADD 0.0.0.0 MASK 128.0.0.0 172.16.101.5
Sun Nov 08 10:50:50 2015 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Sun Nov 08 10:50:50 2015 Route addition via IPAPI succeeded [adaptive]
Sun Nov 08 10:50:50 2015 C:WINDOWSsystem32route.exe ADD 128.0.0.0 MASK 128.0.0.0 172.16.101.5
Sun Nov 08 10:50:50 2015 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Sun Nov 08 10:50:50 2015 Route addition via IPAPI succeeded [adaptive]
Sun Nov 08 10:50:50 2015 MANAGEMENT: >STATE:1446979850,ADD_ROUTES,,,
Sun Nov 08 10:50:50 2015 C:WINDOWSsystem32route.exe ADD 172.16.101.0 MASK 255.0.0.0 172.16.101.5
Sun Nov 08 10:50:50 2015 Warning: address 172.16.101.0 is not a network address in relation to netmask 255.0.0.0
Sun Nov 08 10:50:50 2015 ROUTE: route addition failed using CreateIpForwardEntry: The parameter is incorrect. [status=87 if_index=79]
Sun Nov 08 10:50:50 2015 Route addition via IPAPI failed [adaptive]
Sun Nov 08 10:50:50 2015 Route addition fallback to route.exe
Sun Nov 08 10:50:50 2015 env_block: add PATH=C:WindowsSystem32;C:WINDOWS;C:WINDOWSSystem32Wbem
Sun Nov 08 10:50:50 2015 C:WINDOWSsystem32route.exe ADD 172.16.101.0 MASK 255.255.255.0 172.16.101.5
Sun Nov 08 10:50:50 2015 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Sun Nov 08 10:50:50 2015 Route addition via IPAPI succeeded [adaptive]
Sun Nov 08 10:50:50 2015 Initialization Sequence Completed
Sun Nov 08 10:50:50 2015 MANAGEMENT: >STATE:1446979850,CONNECTED,SUCCESS,172.16.101.6,93.xxx.xxx.xxx
- It is able to ping google,8.8.8.8 etc, but can not browse the web (pages are loading for the first 3-5 sec. and then just stop.) This is mostly Chrome and Firefox. Edge seems to be working better, but still behaves strangely (slow page load, refresh required for page to load fully) [
screenshot of a page loading infinitely]
SSH also does not seem to work, same thing with FTP:
Status: Connection established, waiting for welcome message...
Status: Insecure server, it does not support FTP over TLS.
Status: Connected
Status: Retrieving directory listing...
*Nothing happens*
Things like online games (UDP?) work fine.
Please also note that:
- Different other clients can connect to the server and have no problems (windows ones as well)(and ones logged in under the same credentials).
- There are no firewalls between client and server.
- When the client tries to connect to similar servers the same problem occurs (even the ones that were working perfectly before).
- Even with the VPN connected ping shows 0% packet loss.
- The actual internet connection is ok and the client is able to connect to non-openvpn VPNs without any problems.
All the server's iptables (there is only one)
root@93.xxx.xxx.xxx:~# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- 172.16.101.0/24 anywhere
root@93.xxx.xxx.xxx:~# cat /proc/sys/net/ipv4/ip_forward
1
Client routes (connected to vpn):
>cmd /k route print
===========================================================================
Interface List
24...10 c3 7b 96 51 7c ......Realtek PCIe GBE Family Controller
79...00 ff b3 10 6e 59 ......TAP-Windows Adapter V9 #2
1...........................Software Loopback Interface 1
47...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
45...00 00 00 00 00 00 00 e0 Microsoft Teredo Tunneling Adapter
52...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.10.1 192.168.10.116 20
0.0.0.0 128.0.0.0 172.16.101.9 172.16.101.10 30
93.xxx.xxx.xxx 255.255.255.255 192.168.10.1 192.168.10.116 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
128.0.0.0 128.0.0.0 172.16.101.9 172.16.101.10 30
172.16.101.0 255.255.255.0 172.16.101.9 172.16.101.10 30
172.16.101.8 255.255.255.252 On-link 172.16.101.10 286
172.16.101.10 255.255.255.255 On-link 172.16.101.10 286
172.16.101.11 255.255.255.255 On-link 172.16.101.10 286
192.168.10.0 255.255.255.0 On-link 192.168.10.116 276
192.168.10.1 255.255.255.255 192.168.10.1 192.168.10.116 20
192.168.10.116 255.255.255.255 On-link 192.168.10.116 276
192.168.10.255 255.255.255.255 On-link 192.168.10.116 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.10.116 276
224.0.0.0 240.0.0.0 On-link 172.16.101.10 286
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.10.116 276
255.255.255.255 255.255.255.255 On-link 172.16.101.10 286
===========================================================================
Persistent Routes:
None
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
24 276 fe80::/64 On-link
79 286 fe80::/64 On-link
24 276 fe80::5990:eaa3:40fd:4a6d/128
On-link
79 286 fe80::8dce:5ebc:c720:2d68/128
On-link
1 306 ff00::/8 On-link
24 276 ff00::/8 On-link
79 286 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
Client routes (disconnected from vpn):
>cmd /k route print
===========================================================================
Interface List
24...10 c3 7b 96 51 7c ......Realtek PCIe GBE Family Controller
79...00 ff b3 10 6e 59 ......TAP-Windows Adapter V9 #2
1...........................Software Loopback Interface 1
45...00 00 00 00 00 00 00 e0 Microsoft Teredo Tunneling Adapter
52...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.10.1 192.168.10.116 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.10.0 255.255.255.0 On-link 192.168.10.116 276
192.168.10.116 255.255.255.255 On-link 192.168.10.116 276
192.168.10.255 255.255.255.255 On-link 192.168.10.116 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.10.116 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.10.116 276
===========================================================================
Persistent Routes:
None
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
45 306 ::/0 On-link
1 306 ::1/128 On-link
45 306 2001::/32 On-link
45 306 2001:0:9d38:6abd:107a:364f:9711:5573/128
On-link
24 276 fe80::/64 On-link
45 306 fe80::/64 On-link
45 306 fe80::107a:364f:9711:5573/128
On-link
24 276 fe80::5990:eaa3:40fd:4a6d/128
On-link
1 306 ff00::/8 On-link
24 276 ff00::/8 On-link
45 306 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
Client config:
client
dev tun
proto udp
remote 93.xxx.xxx.xxx 50005
resolv-retry infinite
user nobody
group nobody
resolv-retry infinite
nobind
persist-key
persist-tun
verb 3
auth-user-pass
cipher AES-128-CBC
auth SHA1
remote-cert-tls server
comp-lzo
<ca>
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
</ca>
Server config:
port 50005
proto udp
dev tun
server 172.16.101.0 255.255.255.0
duplicate-cn
client-to-client
cipher AES-128-CBC
auth SHA1
comp-lzo
username-as-common-name
client-cert-not-required
auth-user-pass-verify /etc/openvpn/script/login.sh via-env
comp-lzo
user nobody
;group nogroup
username-as-common-name
client-cert-not-required
auth-user-pass-verify /etc/openvpn/script/login.sh via-env
keepalive 3 10
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
push "route 172.16.101.0 255.0.0.0"
push "redirect-gateway def1 bypass-dhcp"
script-security 3 system
client-connect /etc/openvpn/script/connect.sh
client-disconnect /etc/openvpn/script/disconnect.sh
persist-key
persist-tun
status openvpn-status.log
verb 5
management localhost 7555
<ca>
...
</ca>
<cert>
...
</cert>
<key>
...
</key>
<dh>
...
</dh>
Any advise would be highly appreciated. Thank you.
windows ubuntu iptables vpn openvpn
asked Nov 8 '15 at 12:14
Bob PretsBob Prets
161
add a comment |
3
3
3
I have an OpenVPN server running (93.xxx.xxx.xxx is the public IP) to which different android and windows clients can connect and have access to the internet, but
an OpenVPN client on my Windows 10 PC behaves strangely:
- It successfully connects and authenticates.
Sun Nov 08 10:50:38 2015 NOTE: --user option is not implemented on Windows
Sun Nov 08 10:50:38 2015 NOTE: --group option is not implemented on Windows
Sun Nov 08 10:50:38 2015 OpenVPN 2.3.8 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Aug 4 2015
Sun Nov 08 10:50:38 2015 library versions: OpenSSL 1.0.1p 9 Jul 2015, LZO 2.08
Sun Nov 08 10:50:38 2015 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25342
Sun Nov 08 10:50:38 2015 Need hold release from management interface, waiting...
Sun Nov 08 10:50:39 2015 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25342
Sun Nov 08 10:50:39 2015 MANAGEMENT: CMD 'state on'
Sun Nov 08 10:50:39 2015 MANAGEMENT: CMD 'log all on'
Sun Nov 08 10:50:39 2015 MANAGEMENT: CMD 'hold off'
Sun Nov 08 10:50:39 2015 MANAGEMENT: CMD 'hold release'
Sun Nov 08 10:50:43 2015 MANAGEMENT: CMD 'username "Auth" "qwerty"'
Sun Nov 08 10:50:43 2015 MANAGEMENT: CMD 'password [...]'
Sun Nov 08 10:50:43 2015 Socket Buffers: R=[65536->65536] S=[65536->65536]
Sun Nov 08 10:50:43 2015 UDPv4 link local: [undef]
Sun Nov 08 10:50:43 2015 UDPv4 link remote: [AF_INET]93.xxx.xxx.xxx:50005
Sun Nov 08 10:50:43 2015 MANAGEMENT: >STATE:1446979843,WAIT,,,
Sun Nov 08 10:50:43 2015 MANAGEMENT: >STATE:1446979843,AUTH,,,
Sun Nov 08 10:50:43 2015 TLS: Initial packet from [AF_INET]93.xxx.xxx.xxx:50005, sid=48bd669d fdf76b86
Sun Nov 08 10:50:43 2015 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sun Nov 08 10:50:43 2015 VERIFY OK: depth=1, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=Fort-Funston CA, name=server, emailAddress=me@myhost.mydomain
Sun Nov 08 10:50:43 2015 Validating certificate key usage
Sun Nov 08 10:50:43 2015 ++ Certificate has key usage 00a0, expects 00a0
Sun Nov 08 10:50:43 2015 VERIFY KU OK
Sun Nov 08 10:50:43 2015 Validating certificate extended key usage
Sun Nov 08 10:50:43 2015 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Sun Nov 08 10:50:43 2015 VERIFY EKU OK
Sun Nov 08 10:50:43 2015 VERIFY OK: depth=0, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=server, name=server, emailAddress=me@myhost.mydomain
Sun Nov 08 10:50:43 2015 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Sun Nov 08 10:50:43 2015 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Nov 08 10:50:43 2015 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Sun Nov 08 10:50:43 2015 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Nov 08 10:50:43 2015 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Sun Nov 08 10:50:43 2015 [server] Peer Connection Initiated with [AF_INET]93.xxx.xxx.xxx:50005
Sun Nov 08 10:50:44 2015 MANAGEMENT: >STATE:1446979844,GET_CONFIG,,,
Sun Nov 08 10:50:45 2015 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Sun Nov 08 10:50:45 2015 PUSH: Received control message: 'PUSH_REPLY,route 172.16.101.0 255.0.0.0,redirect-gateway def1 bypass-dhcp,route 172.16.101.0 255.255.255.0,topology net30,ping 3,ping-restart 10,ifconfig 172.16.101.6 172.16.101.5'
Sun Nov 08 10:50:45 2015 OPTIONS IMPORT: timers and/or timeouts modified
Sun Nov 08 10:50:45 2015 OPTIONS IMPORT: --ifconfig/up options modified
Sun Nov 08 10:50:45 2015 OPTIONS IMPORT: route options modified
Sun Nov 08 10:50:45 2015 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Sun Nov 08 10:50:45 2015 MANAGEMENT: >STATE:1446979845,ASSIGN_IP,,172.16.101.6,
Sun Nov 08 10:50:45 2015 open_tun, tt->ipv6=0
Sun Nov 08 10:50:45 2015 TAP-WIN32 device [Ethernet 6] opened: \.GlobalB3106E59-6B92-4B4D-8A96-B9476295FF36.tap
Sun Nov 08 10:50:45 2015 TAP-Windows Driver Version 9.9
Sun Nov 08 10:50:45 2015 Notified TAP-Windows driver to set a DHCP IP/netmask of 172.16.101.6/255.255.255.252 on interface B3106E59-6B92-4B4D-8A96-B9476295FF36 [DHCP-serv: 172.16.101.5, lease-time: 31536000]
Sun Nov 08 10:50:45 2015 Successful ARP Flush on interface [79] B3106E59-6B92-4B4D-8A96-B9476295FF36
Sun Nov 08 10:50:50 2015 TEST ROUTES: 3/3 succeeded len=2 ret=1 a=0 u/d=up
Sun Nov 08 10:50:50 2015 C:WINDOWSsystem32route.exe ADD 93.xxx.xxx.xxx MASK 255.255.255.255 192.168.10.1
Sun Nov 08 10:50:50 2015 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
Sun Nov 08 10:50:50 2015 Route addition via IPAPI succeeded [adaptive]
Sun Nov 08 10:50:50 2015 C:WINDOWSsystem32route.exe ADD 192.168.10.1 MASK 255.255.255.255 192.168.10.1 IF 24
Sun Nov 08 10:50:50 2015 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
Sun Nov 08 10:50:50 2015 Route addition via IPAPI succeeded [adaptive]
Sun Nov 08 10:50:50 2015 C:WINDOWSsystem32route.exe ADD 0.0.0.0 MASK 128.0.0.0 172.16.101.5
Sun Nov 08 10:50:50 2015 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Sun Nov 08 10:50:50 2015 Route addition via IPAPI succeeded [adaptive]
Sun Nov 08 10:50:50 2015 C:WINDOWSsystem32route.exe ADD 128.0.0.0 MASK 128.0.0.0 172.16.101.5
Sun Nov 08 10:50:50 2015 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Sun Nov 08 10:50:50 2015 Route addition via IPAPI succeeded [adaptive]
Sun Nov 08 10:50:50 2015 MANAGEMENT: >STATE:1446979850,ADD_ROUTES,,,
Sun Nov 08 10:50:50 2015 C:WINDOWSsystem32route.exe ADD 172.16.101.0 MASK 255.0.0.0 172.16.101.5
Sun Nov 08 10:50:50 2015 Warning: address 172.16.101.0 is not a network address in relation to netmask 255.0.0.0
Sun Nov 08 10:50:50 2015 ROUTE: route addition failed using CreateIpForwardEntry: The parameter is incorrect. [status=87 if_index=79]
Sun Nov 08 10:50:50 2015 Route addition via IPAPI failed [adaptive]
Sun Nov 08 10:50:50 2015 Route addition fallback to route.exe
Sun Nov 08 10:50:50 2015 env_block: add PATH=C:WindowsSystem32;C:WINDOWS;C:WINDOWSSystem32Wbem
Sun Nov 08 10:50:50 2015 C:WINDOWSsystem32route.exe ADD 172.16.101.0 MASK 255.255.255.0 172.16.101.5
Sun Nov 08 10:50:50 2015 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Sun Nov 08 10:50:50 2015 Route addition via IPAPI succeeded [adaptive]
Sun Nov 08 10:50:50 2015 Initialization Sequence Completed
Sun Nov 08 10:50:50 2015 MANAGEMENT: >STATE:1446979850,CONNECTED,SUCCESS,172.16.101.6,93.xxx.xxx.xxx
- It is able to ping google,8.8.8.8 etc, but can not browse the web (pages are loading for the first 3-5 sec. and then just stop.) This is mostly Chrome and Firefox. Edge seems to be working better, but still behaves strangely (slow page load, refresh required for page to load fully) [
screenshot of a page loading infinitely]
SSH also does not seem to work, same thing with FTP:
Status: Connection established, waiting for welcome message...
Status: Insecure server, it does not support FTP over TLS.
Status: Connected
Status: Retrieving directory listing...
*Nothing happens*
Things like online games (UDP?) work fine.
Please also note that:
- Different other clients can connect to the server and have no problems (windows ones as well)(and ones logged in under the same credentials).
- There are no firewalls between client and server.
- When the client tries to connect to similar servers the same problem occurs (even the ones that were working perfectly before).
- Even with the VPN connected ping shows 0% packet loss.
- The actual internet connection is ok and the client is able to connect to non-openvpn VPNs without any problems.
All the server's iptables (there is only one)
root@93.xxx.xxx.xxx:~# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- 172.16.101.0/24 anywhere
root@93.xxx.xxx.xxx:~# cat /proc/sys/net/ipv4/ip_forward
1
Client routes (connected to vpn):
>cmd /k route print
===========================================================================
Interface List
24...10 c3 7b 96 51 7c ......Realtek PCIe GBE Family Controller
79...00 ff b3 10 6e 59 ......TAP-Windows Adapter V9 #2
1...........................Software Loopback Interface 1
47...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
45...00 00 00 00 00 00 00 e0 Microsoft Teredo Tunneling Adapter
52...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.10.1 192.168.10.116 20
0.0.0.0 128.0.0.0 172.16.101.9 172.16.101.10 30
93.xxx.xxx.xxx 255.255.255.255 192.168.10.1 192.168.10.116 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
128.0.0.0 128.0.0.0 172.16.101.9 172.16.101.10 30
172.16.101.0 255.255.255.0 172.16.101.9 172.16.101.10 30
172.16.101.8 255.255.255.252 On-link 172.16.101.10 286
172.16.101.10 255.255.255.255 On-link 172.16.101.10 286
172.16.101.11 255.255.255.255 On-link 172.16.101.10 286
192.168.10.0 255.255.255.0 On-link 192.168.10.116 276
192.168.10.1 255.255.255.255 192.168.10.1 192.168.10.116 20
192.168.10.116 255.255.255.255 On-link 192.168.10.116 276
192.168.10.255 255.255.255.255 On-link 192.168.10.116 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.10.116 276
224.0.0.0 240.0.0.0 On-link 172.16.101.10 286
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.10.116 276
255.255.255.255 255.255.255.255 On-link 172.16.101.10 286
===========================================================================
Persistent Routes:
None
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
24 276 fe80::/64 On-link
79 286 fe80::/64 On-link
24 276 fe80::5990:eaa3:40fd:4a6d/128
On-link
79 286 fe80::8dce:5ebc:c720:2d68/128
On-link
1 306 ff00::/8 On-link
24 276 ff00::/8 On-link
79 286 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
Client routes (disconnected from vpn):
>cmd /k route print
===========================================================================
Interface List
24...10 c3 7b 96 51 7c ......Realtek PCIe GBE Family Controller
79...00 ff b3 10 6e 59 ......TAP-Windows Adapter V9 #2
1...........................Software Loopback Interface 1
45...00 00 00 00 00 00 00 e0 Microsoft Teredo Tunneling Adapter
52...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.10.1 192.168.10.116 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.10.0 255.255.255.0 On-link 192.168.10.116 276
192.168.10.116 255.255.255.255 On-link 192.168.10.116 276
192.168.10.255 255.255.255.255 On-link 192.168.10.116 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.10.116 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.10.116 276
===========================================================================
Persistent Routes:
None
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
45 306 ::/0 On-link
1 306 ::1/128 On-link
45 306 2001::/32 On-link
45 306 2001:0:9d38:6abd:107a:364f:9711:5573/128
On-link
24 276 fe80::/64 On-link
45 306 fe80::/64 On-link
45 306 fe80::107a:364f:9711:5573/128
On-link
24 276 fe80::5990:eaa3:40fd:4a6d/128
On-link
1 306 ff00::/8 On-link
24 276 ff00::/8 On-link
45 306 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
Client config:
client
dev tun
proto udp
remote 93.xxx.xxx.xxx 50005
resolv-retry infinite
user nobody
group nobody
resolv-retry infinite
nobind
persist-key
persist-tun
verb 3
auth-user-pass
cipher AES-128-CBC
auth SHA1
remote-cert-tls server
comp-lzo
<ca>
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
</ca>
Server config:
port 50005
proto udp
dev tun
server 172.16.101.0 255.255.255.0
duplicate-cn
client-to-client
cipher AES-128-CBC
auth SHA1
comp-lzo
username-as-common-name
client-cert-not-required
auth-user-pass-verify /etc/openvpn/script/login.sh via-env
comp-lzo
user nobody
;group nogroup
username-as-common-name
client-cert-not-required
auth-user-pass-verify /etc/openvpn/script/login.sh via-env
keepalive 3 10
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
push "route 172.16.101.0 255.0.0.0"
push "redirect-gateway def1 bypass-dhcp"
script-security 3 system
client-connect /etc/openvpn/script/connect.sh
client-disconnect /etc/openvpn/script/disconnect.sh
persist-key
persist-tun
status openvpn-status.log
verb 5
management localhost 7555
<ca>
...
</ca>
<cert>
...
</cert>
<key>
...
</key>
<dh>
...
</dh>
Any advise would be highly appreciated. Thank you.
windows ubuntu iptables vpn openvpn
asked Nov 8 '15 at 12:14
Bob PretsBob Prets
161
I have an OpenVPN server running (93.xxx.xxx.xxx is the public IP) to which different android and windows clients can connect and have access to the internet, but
an OpenVPN client on my Windows 10 PC behaves strangely:
- It successfully connects and authenticates.
Sun Nov 08 10:50:38 2015 NOTE: --user option is not implemented on Windows
Sun Nov 08 10:50:38 2015 NOTE: --group option is not implemented on Windows
Sun Nov 08 10:50:38 2015 OpenVPN 2.3.8 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Aug 4 2015
Sun Nov 08 10:50:38 2015 library versions: OpenSSL 1.0.1p 9 Jul 2015, LZO 2.08
Sun Nov 08 10:50:38 2015 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25342
Sun Nov 08 10:50:38 2015 Need hold release from management interface, waiting...
Sun Nov 08 10:50:39 2015 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25342
Sun Nov 08 10:50:39 2015 MANAGEMENT: CMD 'state on'
Sun Nov 08 10:50:39 2015 MANAGEMENT: CMD 'log all on'
Sun Nov 08 10:50:39 2015 MANAGEMENT: CMD 'hold off'
Sun Nov 08 10:50:39 2015 MANAGEMENT: CMD 'hold release'
Sun Nov 08 10:50:43 2015 MANAGEMENT: CMD 'username "Auth" "qwerty"'
Sun Nov 08 10:50:43 2015 MANAGEMENT: CMD 'password [...]'
Sun Nov 08 10:50:43 2015 Socket Buffers: R=[65536->65536] S=[65536->65536]
Sun Nov 08 10:50:43 2015 UDPv4 link local: [undef]
Sun Nov 08 10:50:43 2015 UDPv4 link remote: [AF_INET]93.xxx.xxx.xxx:50005
Sun Nov 08 10:50:43 2015 MANAGEMENT: >STATE:1446979843,WAIT,,,
Sun Nov 08 10:50:43 2015 MANAGEMENT: >STATE:1446979843,AUTH,,,
Sun Nov 08 10:50:43 2015 TLS: Initial packet from [AF_INET]93.xxx.xxx.xxx:50005, sid=48bd669d fdf76b86
Sun Nov 08 10:50:43 2015 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sun Nov 08 10:50:43 2015 VERIFY OK: depth=1, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=Fort-Funston CA, name=server, emailAddress=me@myhost.mydomain
Sun Nov 08 10:50:43 2015 Validating certificate key usage
Sun Nov 08 10:50:43 2015 ++ Certificate has key usage 00a0, expects 00a0
Sun Nov 08 10:50:43 2015 VERIFY KU OK
Sun Nov 08 10:50:43 2015 Validating certificate extended key usage
Sun Nov 08 10:50:43 2015 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Sun Nov 08 10:50:43 2015 VERIFY EKU OK
Sun Nov 08 10:50:43 2015 VERIFY OK: depth=0, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=server, name=server, emailAddress=me@myhost.mydomain
Sun Nov 08 10:50:43 2015 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Sun Nov 08 10:50:43 2015 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Nov 08 10:50:43 2015 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Sun Nov 08 10:50:43 2015 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Nov 08 10:50:43 2015 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Sun Nov 08 10:50:43 2015 [server] Peer Connection Initiated with [AF_INET]93.xxx.xxx.xxx:50005
Sun Nov 08 10:50:44 2015 MANAGEMENT: >STATE:1446979844,GET_CONFIG,,,
Sun Nov 08 10:50:45 2015 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Sun Nov 08 10:50:45 2015 PUSH: Received control message: 'PUSH_REPLY,route 172.16.101.0 255.0.0.0,redirect-gateway def1 bypass-dhcp,route 172.16.101.0 255.255.255.0,topology net30,ping 3,ping-restart 10,ifconfig 172.16.101.6 172.16.101.5'
Sun Nov 08 10:50:45 2015 OPTIONS IMPORT: timers and/or timeouts modified
Sun Nov 08 10:50:45 2015 OPTIONS IMPORT: --ifconfig/up options modified
Sun Nov 08 10:50:45 2015 OPTIONS IMPORT: route options modified
Sun Nov 08 10:50:45 2015 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Sun Nov 08 10:50:45 2015 MANAGEMENT: >STATE:1446979845,ASSIGN_IP,,172.16.101.6,
Sun Nov 08 10:50:45 2015 open_tun, tt->ipv6=0
Sun Nov 08 10:50:45 2015 TAP-WIN32 device [Ethernet 6] opened: \.GlobalB3106E59-6B92-4B4D-8A96-B9476295FF36.tap
Sun Nov 08 10:50:45 2015 TAP-Windows Driver Version 9.9
Sun Nov 08 10:50:45 2015 Notified TAP-Windows driver to set a DHCP IP/netmask of 172.16.101.6/255.255.255.252 on interface B3106E59-6B92-4B4D-8A96-B9476295FF36 [DHCP-serv: 172.16.101.5, lease-time: 31536000]
Sun Nov 08 10:50:45 2015 Successful ARP Flush on interface [79] B3106E59-6B92-4B4D-8A96-B9476295FF36
Sun Nov 08 10:50:50 2015 TEST ROUTES: 3/3 succeeded len=2 ret=1 a=0 u/d=up
Sun Nov 08 10:50:50 2015 C:WINDOWSsystem32route.exe ADD 93.xxx.xxx.xxx MASK 255.255.255.255 192.168.10.1
Sun Nov 08 10:50:50 2015 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
Sun Nov 08 10:50:50 2015 Route addition via IPAPI succeeded [adaptive]
Sun Nov 08 10:50:50 2015 C:WINDOWSsystem32route.exe ADD 192.168.10.1 MASK 255.255.255.255 192.168.10.1 IF 24
Sun Nov 08 10:50:50 2015 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
Sun Nov 08 10:50:50 2015 Route addition via IPAPI succeeded [adaptive]
Sun Nov 08 10:50:50 2015 C:WINDOWSsystem32route.exe ADD 0.0.0.0 MASK 128.0.0.0 172.16.101.5
Sun Nov 08 10:50:50 2015 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Sun Nov 08 10:50:50 2015 Route addition via IPAPI succeeded [adaptive]
Sun Nov 08 10:50:50 2015 C:WINDOWSsystem32route.exe ADD 128.0.0.0 MASK 128.0.0.0 172.16.101.5
Sun Nov 08 10:50:50 2015 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Sun Nov 08 10:50:50 2015 Route addition via IPAPI succeeded [adaptive]
Sun Nov 08 10:50:50 2015 MANAGEMENT: >STATE:1446979850,ADD_ROUTES,,,
Sun Nov 08 10:50:50 2015 C:WINDOWSsystem32route.exe ADD 172.16.101.0 MASK 255.0.0.0 172.16.101.5
Sun Nov 08 10:50:50 2015 Warning: address 172.16.101.0 is not a network address in relation to netmask 255.0.0.0
Sun Nov 08 10:50:50 2015 ROUTE: route addition failed using CreateIpForwardEntry: The parameter is incorrect. [status=87 if_index=79]
Sun Nov 08 10:50:50 2015 Route addition via IPAPI failed [adaptive]
Sun Nov 08 10:50:50 2015 Route addition fallback to route.exe
Sun Nov 08 10:50:50 2015 env_block: add PATH=C:WindowsSystem32;C:WINDOWS;C:WINDOWSSystem32Wbem
Sun Nov 08 10:50:50 2015 C:WINDOWSsystem32route.exe ADD 172.16.101.0 MASK 255.255.255.0 172.16.101.5
Sun Nov 08 10:50:50 2015 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Sun Nov 08 10:50:50 2015 Route addition via IPAPI succeeded [adaptive]
Sun Nov 08 10:50:50 2015 Initialization Sequence Completed
Sun Nov 08 10:50:50 2015 MANAGEMENT: >STATE:1446979850,CONNECTED,SUCCESS,172.16.101.6,93.xxx.xxx.xxx
- It is able to ping google,8.8.8.8 etc, but can not browse the web (pages are loading for the first 3-5 sec. and then just stop.) This is mostly Chrome and Firefox. Edge seems to be working better, but still behaves strangely (slow page load, refresh required for page to load fully) [
screenshot of a page loading infinitely]
SSH also does not seem to work, same thing with FTP:
Status: Connection established, waiting for welcome message...
Status: Insecure server, it does not support FTP over TLS.
Status: Connected
Status: Retrieving directory listing...
*Nothing happens*
Things like online games (UDP?) work fine.
Please also note that:
- Different other clients can connect to the server and have no problems (windows ones as well)(and ones logged in under the same credentials).
- There are no firewalls between client and server.
- When the client tries to connect to similar servers the same problem occurs (even the ones that were working perfectly before).
- Even with the VPN connected ping shows 0% packet loss.
- The actual internet connection is ok and the client is able to connect to non-openvpn VPNs without any problems.
All the server's iptables (there is only one)
root@93.xxx.xxx.xxx:~# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- 172.16.101.0/24 anywhere
root@93.xxx.xxx.xxx:~# cat /proc/sys/net/ipv4/ip_forward
1
Client routes (connected to vpn):
>cmd /k route print
===========================================================================
Interface List
24...10 c3 7b 96 51 7c ......Realtek PCIe GBE Family Controller
79...00 ff b3 10 6e 59 ......TAP-Windows Adapter V9 #2
1...........................Software Loopback Interface 1
47...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
45...00 00 00 00 00 00 00 e0 Microsoft Teredo Tunneling Adapter
52...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.10.1 192.168.10.116 20
0.0.0.0 128.0.0.0 172.16.101.9 172.16.101.10 30
93.xxx.xxx.xxx 255.255.255.255 192.168.10.1 192.168.10.116 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
128.0.0.0 128.0.0.0 172.16.101.9 172.16.101.10 30
172.16.101.0 255.255.255.0 172.16.101.9 172.16.101.10 30
172.16.101.8 255.255.255.252 On-link 172.16.101.10 286
172.16.101.10 255.255.255.255 On-link 172.16.101.10 286
172.16.101.11 255.255.255.255 On-link 172.16.101.10 286
192.168.10.0 255.255.255.0 On-link 192.168.10.116 276
192.168.10.1 255.255.255.255 192.168.10.1 192.168.10.116 20
192.168.10.116 255.255.255.255 On-link 192.168.10.116 276
192.168.10.255 255.255.255.255 On-link 192.168.10.116 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.10.116 276
224.0.0.0 240.0.0.0 On-link 172.16.101.10 286
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.10.116 276
255.255.255.255 255.255.255.255 On-link 172.16.101.10 286
===========================================================================
Persistent Routes:
None
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
24 276 fe80::/64 On-link
79 286 fe80::/64 On-link
24 276 fe80::5990:eaa3:40fd:4a6d/128
On-link
79 286 fe80::8dce:5ebc:c720:2d68/128
On-link
1 306 ff00::/8 On-link
24 276 ff00::/8 On-link
79 286 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
Client routes (disconnected from vpn):
>cmd /k route print
===========================================================================
Interface List
24...10 c3 7b 96 51 7c ......Realtek PCIe GBE Family Controller
79...00 ff b3 10 6e 59 ......TAP-Windows Adapter V9 #2
1...........................Software Loopback Interface 1
45...00 00 00 00 00 00 00 e0 Microsoft Teredo Tunneling Adapter
52...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.10.1 192.168.10.116 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.10.0 255.255.255.0 On-link 192.168.10.116 276
192.168.10.116 255.255.255.255 On-link 192.168.10.116 276
192.168.10.255 255.255.255.255 On-link 192.168.10.116 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.10.116 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.10.116 276
===========================================================================
Persistent Routes:
None
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
45 306 ::/0 On-link
1 306 ::1/128 On-link
45 306 2001::/32 On-link
45 306 2001:0:9d38:6abd:107a:364f:9711:5573/128
On-link
24 276 fe80::/64 On-link
45 306 fe80::/64 On-link
45 306 fe80::107a:364f:9711:5573/128
On-link
24 276 fe80::5990:eaa3:40fd:4a6d/128
On-link
1 306 ff00::/8 On-link
24 276 ff00::/8 On-link
45 306 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
Client config:
client
dev tun
proto udp
remote 93.xxx.xxx.xxx 50005
resolv-retry infinite
user nobody
group nobody
resolv-retry infinite
nobind
persist-key
persist-tun
verb 3
auth-user-pass
cipher AES-128-CBC
auth SHA1
remote-cert-tls server
comp-lzo
<ca>
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
</ca>
Server config:
port 50005
proto udp
dev tun
server 172.16.101.0 255.255.255.0
duplicate-cn
client-to-client
cipher AES-128-CBC
auth SHA1
comp-lzo
username-as-common-name
client-cert-not-required
auth-user-pass-verify /etc/openvpn/script/login.sh via-env
comp-lzo
user nobody
;group nogroup
username-as-common-name
client-cert-not-required
auth-user-pass-verify /etc/openvpn/script/login.sh via-env
keepalive 3 10
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
push "route 172.16.101.0 255.0.0.0"
push "redirect-gateway def1 bypass-dhcp"
script-security 3 system
client-connect /etc/openvpn/script/connect.sh
client-disconnect /etc/openvpn/script/disconnect.sh
persist-key
persist-tun
status openvpn-status.log
verb 5
management localhost 7555
<ca>
...
</ca>
<cert>
...
</cert>
<key>
...
</key>
<dh>
...
</dh>
Any advise would be highly appreciated. Thank you.
windows ubuntu iptables vpn openvpn
windows ubuntu iptables vpn openvpn
asked Nov 8 '15 at 12:14
Bob PretsBob Prets
161
asked Nov 8 '15 at 12:14
Bob PretsBob Prets
161
asked Nov 8 '15 at 12:14
Bob PretsBob Prets
161
asked Nov 8 '15 at 12:14
Bob PretsBob Prets
161
asked Nov 8 '15 at 12:14
Bob PretsBob Prets
161
161
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
0
Set the MTU on the client side down a bit. Use ping with -l to set payload size and find the right size to set. https://www.sonassi.com/help/magestack/setting-correct-mtu-for-openvpn
answered Nov 9 '15 at 2:00
MarkMark
2,1881014
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "2"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
draft saved
draft discarded
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f734776%2fwindows-10-strange-openvpn-behavior%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
0
Set the MTU on the client side down a bit. Use ping with -l to set payload size and find the right size to set. https://www.sonassi.com/help/magestack/setting-correct-mtu-for-openvpn
answered Nov 9 '15 at 2:00
MarkMark
2,1881014
add a comment |
0
Set the MTU on the client side down a bit. Use ping with -l to set payload size and find the right size to set. https://www.sonassi.com/help/magestack/setting-correct-mtu-for-openvpn
answered Nov 9 '15 at 2:00
MarkMark
2,1881014
add a comment |
0
0
0
Set the MTU on the client side down a bit. Use ping with -l to set payload size and find the right size to set. https://www.sonassi.com/help/magestack/setting-correct-mtu-for-openvpn
answered Nov 9 '15 at 2:00
MarkMark
2,1881014
Set the MTU on the client side down a bit. Use ping with -l to set payload size and find the right size to set. https://www.sonassi.com/help/magestack/setting-correct-mtu-for-openvpn
answered Nov 9 '15 at 2:00
MarkMark
2,1881014
answered Nov 9 '15 at 2:00
MarkMark
2,1881014
answered Nov 9 '15 at 2:00
MarkMark
2,1881014
answered Nov 9 '15 at 2:00
MarkMark
2,1881014
2,1881014
add a comment |
add a comment |
draft saved
draft discarded
Thanks for contributing an answer to Server Fault!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
draft saved
draft discarded
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f734776%2fwindows-10-strange-openvpn-behavior%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
