Another guy with profiles problems.

pdelmonte94

Junior Member

Join Date: Jul 2024
Posts: 1

Another guy with profiles problems.

2024-07-03, 04:35 PM

Hello guys! I'm new on the forum, I had read hours and hours of information and learned a lot on the proccess. I know theres a bunch of information here of people with the same problem Im having, but even reading the posts I'm not being able to solve this.

I have a VPN created, Its running on the server and also the clients are able to connect, but with one problem: I can't reach the internet on the clients when they are connected to the tunnel. Also, I can ping clients from the server, but I can't ping the server from the client.

Tryed to fix my config files, with no luck (They look like frankenstein, one piece of each piece of information I found, Im sorry about it).

Server config:

Code:

# Specify a port, a protocol and a device type
port 1194
proto udp
dev tun
# Specify paths to server certificates
ca "ca.crt"
cert "crt.crt"
key "key.key"
dh "dh.pem"
# Specify the settings of the IP network your VPN clients will get their IP addresses from
server 10.24.10.0 255.255.255.0
#route1
push "route 10.24.10.1 255.255.255.0"
push "route 192.168.1.0 255.255.255.0"
route 192.168.1.0 255.255.255.0
#route2
push "route 192.168.0.0 255.255.255.0"
route 192.168.0.0 255.255.255.0
#gateway
route-gateway 192.168.1.1
#DNS
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
client-to-client
# If you want to allow your clients to connect using the same key, enable the duplicate-cn option (not recommended)
duplicate-cn
client-to-client
tls-auth "C:\\Program Files\\OpenVPN\\easy-rsa\\pki\\ta.key" 0
data-ciphers AES-256-CBC:AES-256-GCM:AES-128-CBC
# Other options
allow-pull-fqdn
keepalive 10 120
auth SHA256
persist-key
persist-tun
status "C:\\Program Files\\OpenVPN\\log\\status.log"
log "C:\\Program Files\\OpenVPN\\log\\openvpn.log"
verb 3

My server LAN (the one i need to provide internet to the tunnel) is on the subnet 192.168.1.1/24

Client profile

Code:

client
dev tun
proto udp
remote myip 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert Client1.crt
key Client1.key
auth SHA256
remote-cert-tls server
tls-auth ta.key 1
connect-retry-max 25
verb 3

On this case, the client is a Mac Air laptop, but tryed on a windows PC too with no luck, same issue.

Here are the logs on the Server:

Code:

2024-07-03 16:21:48 166.198.31.130:50164 VERIFY OK: depth=1, CN=SecuCast
2024-07-03 16:21:48 166.198.31.130:50164 VERIFY OK: depth=0, CN=Client1
2024-07-03 16:21:48 166.198.31.130:50164 peer info: IV_VER=3.8.2connect3
2024-07-03 16:21:48 166.198.31.130:50164 peer info: IV_PLAT=mac
2024-07-03 16:21:48 166.198.31.130:50164 peer info: IV_NCP=2
2024-07-03 16:21:48 166.198.31.130:50164 peer info: IV_TCPNL=1
2024-07-03 16:21:48 166.198.31.130:50164 peer info: IV_PROTO=990
2024-07-03 16:21:48 166.198.31.130:50164 peer info: IV_MTU=1600
2024-07-03 16:21:48 166.198.31.130:50164 peer info: IV_CIPHERS=AES-128-CBC:AES-192-CBC:AES-256-CBC:AES-128-GCM:AES-192-GCM:AES-256-GCM:CHACHA20-POLY1305
2024-07-03 16:21:48 166.198.31.130:50164 peer info: IV_AUTO_SESS=1
2024-07-03 16:21:48 166.198.31.130:50164 peer info: IV_GUI_VER=OCmacOS_3.4.9-4830
2024-07-03 16:21:48 166.198.31.130:50164 peer info: IV_SSO=webauth,crtext
2024-07-03 16:21:48 166.198.31.130:50164 peer info: IV_BS64DL=1
2024-07-03 16:21:48 166.198.31.130:50164 TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1
2024-07-03 16:21:48 166.198.31.130:50164 TLS: tls_multi_process: initial untrusted session promoted to trusted
2024-07-03 16:21:48 166.198.31.130:50164 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bits RSA, signature: RSA-SHA256, peer temporary key: 253 bits X25519
2024-07-03 16:21:48 166.198.31.130:50164 [Client1] Peer Connection Initiated with [AF_INET6]::ffff:166.198.31.130:50164
2024-07-03 16:21:48 Client1/166.198.31.130:50164 MULTI_sva: pool returned IPv4=10.24.10.14, IPv6=(Not enabled)
2024-07-03 16:21:48 Client1/166.198.31.130:50164 MULTI: Learn: 10.24.10.14 -> Client1/166.198.31.130:50164
2024-07-03 16:21:48 Client1/166.198.31.130:50164 MULTI: primary virtual IP for Client1/166.198.31.130:50164: 10.24.10.14
2024-07-03 16:21:48 Client1/166.198.31.130:50164 SENT CONTROL [Client1]: 'PUSH_REPLY,route 10.24.10.1 255.255.255.0,route 192.168.1.0 255.255.255.0,route 192.168.0.0 255.255.255.0,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route 10.24.10.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 10.24.10.14 10.24.10.13,peer-id 2,cipher AES-256-CBC,protocol-flags cc-exit tls-ekm dyn-tls-crypt,tun-mtu 1500' (status=1)
2024-07-03 16:21:48 Client1/166.198.31.130:50164 PUSH: Received control message: 'PUSH_REQUEST'
2024-07-03 16:21:49 72.179.176.145:36632 VERIFY OK: depth=1, CN=SecuCast
2024-07-03 16:21:49 72.179.176.145:36632 VERIFY OK: depth=0, CN=Mx-Cam
2024-07-03 16:21:49 72.179.176.145:36632 peer info: IV_VER=2.5.8
2024-07-03 16:21:49 72.179.176.145:36632 peer info: IV_PLAT=linux
2024-07-03 16:21:49 72.179.176.145:36632 peer info: IV_PROTO=6
2024-07-03 16:21:49 72.179.176.145:36632 peer info: IV_NCP=2
2024-07-03 16:21:49 72.179.176.145:36632 peer info: IV_CIPHERS=AES-256-GCM:AES-128-GCM:AES-256-CBC
2024-07-03 16:21:49 72.179.176.145:36632 peer info: IV_LZ4=1
2024-07-03 16:21:49 72.179.176.145:36632 peer info: IV_LZ4v2=1
2024-07-03 16:21:49 72.179.176.145:36632 peer info: IV_LZO=1
2024-07-03 16:21:49 72.179.176.145:36632 peer info: IV_COMP_STUB=1
2024-07-03 16:21:49 72.179.176.145:36632 peer info: IV_COMP_STUBv2=1
2024-07-03 16:21:49 72.179.176.145:36632 peer info: IV_TCPNL=1
2024-07-03 16:21:49 72.179.176.145:36632 TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1
2024-07-03 16:21:49 72.179.176.145:36632 TLS: tls_multi_process: initial untrusted session promoted to trusted
2024-07-03 16:21:49 72.179.176.145:36632 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bits RSA, signature: RSA-SHA256, peer temporary key: 253 bits X25519
2024-07-03 16:21:49 72.179.176.145:36632 [Mx-Cam] Peer Connection Initiated with [AF_INET6]::ffff:72.179.176.145:36632
2024-07-03 16:21:49 Mx-Cam/72.179.176.145:36632 MULTI_sva: pool returned IPv4=10.24.10.22, IPv6=(Not enabled)
2024-07-03 16:21:49 Mx-Cam/72.179.176.145:36632 MULTI: Learn: 10.24.10.22 -> Mx-Cam/72.179.176.145:36632
2024-07-03 16:21:49 Mx-Cam/72.179.176.145:36632 MULTI: primary virtual IP for Mx-Cam/72.179.176.145:36632: 10.24.10.22
2024-07-03 16:21:49 Mx-Cam/72.179.176.145:36632 SENT CONTROL [Mx-Cam]: 'PUSH_REPLY,route 10.24.10.1 255.255.255.0,route 192.168.1.0 255.255.255.0,route 192.168.0.0 255.255.255.0,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route 10.24.10.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 10.24.10.22 10.24.10.21,peer-id 4,cipher AES-256-CBC' (status=1)
2024-07-03 16:21:49 Client1/166.198.31.130:50164 Data Channel: cipher 'AES-256-CBC', auth 'SHA256', peer-id: 0
2024-07-03 16:21:49 Client1/166.198.31.130:50164 Timers: ping 10, ping-restart 240
2024-07-03 16:21:49 Client1/166.198.31.130:50164 Protocol options: protocol-flags cc-exit tls-ekm dyn-tls-crypt
2024-07-03 16:21:50 Mx-Cam/72.179.176.145:36632 Data Channel: cipher 'AES-256-CBC', auth 'SHA256', peer-id: 0
2024-07-03 16:21:50 Mx-Cam/72.179.176.145:36632 Timers: ping 10, ping-restart 240

Any help or idea will be really preciated.

Thank you!

Tags: None

Previous template Next