Tweet
Hello. I installed an open vpn server on a client's mikrotik. I can connect without problems, but when I try to access the remote LAN network, the vpn disconnects and connects again. If I don't try to use the LAN, the vpn is OK.
I already use this same configuration on another client and it works fine.
The VPN IPs are 172.16.110.X
The LAN IP is 10.2.2.0/24
The original configuration file:
client
dev tun
remote f0380X.sn.mynetname.net 1194 tcp (Edited)
tun-mtu 1500
tls-client
nobind
user nobody
group nogroup
ping 15
ping-restart 45
persist-tun
persist-key
mute-replay-warnings
verb 3
cipher AES-256-GCM
auth none
pull
auth-user-pass
connect-retry 1
reneg-sec 3600
remote-cert-tls server
I add this line to create the route to the LAN network
route 10.2.2.0 255.255.255.0
I add this line to send traffic to the client's WAN. These I use, only when I need to use Public IP of cliente, it not necessary
redirect-gateway 172.16.110.1
Logs
[Apr 18, 2025, 09:55:18] OpenVPN core 3.10.5 win x86_64 64-bit OVPN-DCO built on Dec 17 2024 12:24:32
⏎[Apr 18, 2025, 09:55:18] Frame=512/2112/512 mssfix-ctrl=1250
⏎[Apr 18, 2025, 09:55:18] NOTE: This configuration contains options that were not used:
⏎[Apr 18, 2025, 09:55:18] Unsupported option (ignored)
⏎[Apr 18, 2025, 09:55:18] 0 [user] [nobody]
⏎[Apr 18, 2025, 09:55:18] 1 [group] [nogroup]
⏎[Apr 18, 2025, 09:55:18] 2 [persist-tun]
⏎[Apr 18, 2025, 09:55:18] 3 [persist-key]
⏎[Apr 18, 2025, 09:55:18] 4 [connect-retry] [1]
⏎[Apr 18, 2025, 09:55:18] Unused options, probably specified multiple times in the configuration file
⏎[Apr 18, 2025, 09:55:18] 0 [client]
⏎[Apr 18, 2025, 09:55:18] EVENT: RESOLVE ⏎[Apr 18, 2025, 09:55:18] EVENT: WAIT ⏎[Apr 18, 2025, 09:55:18] WinCommandAgent: transmitting bypass route to edit.edit.136.190
{
"host" : "edit.edit.136.190",
"ipv6" : false
}
⏎[Apr 18, 2025, 09:55:18] Connecting to [edit.sn.mynetname.net]:1194 (edit.edit.136.190) via TCP
⏎[Apr 18, 2025, 09:55:18] EVENT: CONNECTING ⏎[Apr 18, 2025, 09:55:18] Tunnel Options:V4,dev-type tun,link-mtu 1523,tun-mtu 1500,proto TCPv4_CLIENT,cipher AES-256-GCM,auth [null-digest],keysize 256,key-method 2,tls-client
⏎[Apr 18, 2025, 09:55:18] Creds: Username/Password
⏎[Apr 18, 2025, 09:55:18] Sending Peer Info:
IV_VER=3.10.5
IV_PLAT=win
IV_NCP=2
IV_TCPNL=1
IV_PROTO=2974
IV_MTU=1600
IV_CIPHERS=AES-128-CBC:AES-192-CBC:AES-256-CBC:AES-128-GCM:AES-192-GCM:AES-256-GCM:CHACHA20-POLY1305
IV_GUI_VER=OCWindows_3.6.0-4074
IV_SSO=webauth,crtext
⏎[Apr 18, 2025, 09:55:18] SSL Handshake: peer certificate: CN=Server, 2048 bit RSA, cipher: ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD
⏎[Apr 18, 2025, 09:55:18] Session is ACTIVE
⏎[Apr 18, 2025, 09:55:18] EVENT: GET_CONFIG ⏎[Apr 18, 2025, 09:55:18] Sending PUSH_REQUEST to server...
⏎[Apr 18, 2025, 09:55:19] OPTIONS:
0 [route] [10.2.2.0] [255.255.255.0]
1 [ping] [20]
2 [ping-restart] [60]
3 [topology] [subnet]
4 [route-gateway] [172.16.110.1]
5 [route] [10.2.2.0/24] [10.2.2.1]
6 [ifconfig] [172.16.110.120] [255.255.255.0]
7 [peer-id] [4]
⏎[Apr 18, 2025, 09:55:19] PROTOCOL OPTIONS:
cipher: AES-256-GCM
digest: none
key-derivation: OpenVPN PRF
compress: NONE
peer ID: 4
⏎[Apr 18, 2025, 09:55:19] EVENT: ASSIGN_IP ⏎[Apr 18, 2025, 09:55:19] exception parsing IPv4 route: [route] [10.2.2.0/24] [10.2.2.1] : addr_pair_mask_parse_error: AddrMaskPair parse error 'route': 10.2.2.0/24/10.2.2.1 : ip_exception: error parsing route IP address '10.2.2.0/24' : An invalid argument was supplied.
⏎[Apr 18, 2025, 09:55:19] CAPTURED OPTIONS:
Session Name: edit.sn.mynetname.net
Layer: OSI_LAYER_3
MTU: 1500
Remote Address: edit.edit.136.190
Tunnel Addresses:
172.16.110.120/24 -> 172.16.110.1
Reroute Gateway: IPv4=0 IPv6=0 flags=[ IPv4 ]
Block IPv4: no
Block IPv6: no
Block local DNS: no
Add Routes:
10.2.2.0/24
Exclude Routes:
⏎[Apr 18, 2025, 09:55:19] SetupClient: transmitting tun setup list to \\.\pipe\agent_ovpnconnect
{
"allow_local_dns_resolvers" : false,
"confirm_event" : "3818000000000000",
"destroy_event" : "9c17000000000000",
"tun" :
{
"adapter_domain_suffix" : "",
"add_routes" :
[
{
"address" : "10.2.2.0",
"gateway" : "",
"ipv6" : false,
"metric" : -1,
"net30" : false,
"prefix_length" : 24
}
],
"block_ipv6" : false,
"block_outside_dns" : false,
"dns_options" :
{
"servers" : {}
},
"layer" : 3,
"mtu" : 1500,
"remote_address" :
{
"address" : "edit.edit.136.190",
"ipv6" : false
},
"reroute_gw" :
{
"flags" : 256,
"ipv4" : false,
"ipv6" : false
},
"route_metric_default" : -1,
"session_name" : "edit.sn.mynetname.net",
"tunnel_address_index_ipv4" : 0,
"tunnel_address_index_ipv6" : -1,
"tunnel_addresses" :
[
{
"address" : "172.16.110.120",
"gateway" : "172.16.110.1",
"ipv6" : false,
"metric" : -1,
"net30" : false,
"prefix_length" : 24
}
]
},
"tun_type" : 0
}
POST np://[\\.\pipe\agent_ovpnconnect]/tun-setup : 200 OK
TAP ADAPTERS:
guid='{C2DA1B4F-CDAC-464A-8977-F63CB5F3B829}' index=25 name='Conexão Local 2'
Open TAP device "Conexão Local 2" PATH="\\.\Global\{C2DA1B4F-CDAC-464A-8977-F63CB5F3B829}.tap" SUCCEEDED
TAP-Windows Driver Version 9.27
ActionDeleteAllRoutesOnInterface iface_index=25
netsh interface ip set interface 25 metric=9000
Ok.
netsh interface ip set address 25 static 172.16.110.120 255.255.255.0 gateway=172.16.110.1 store=active
IPHelper: add route 10.2.2.0/24 25 172.16.110.1 metric=-1
ipconfig /flushdns
Configuração de IP do Windows
Liberação do Cache do DNS Resolver bem-sucedida.
TAP: ARP flush succeeded
TAP handle: 0817000000000000
⏎[Apr 18, 2025, 09:55:19] Connected via TUN_WIN
⏎[Apr 18, 2025, 09:55:19] EVENT: CONNECTED Eduardo@edit.sn.mynetname.net:1194 (edit.edit.136.190) via /TCP on TUN_WIN/172.16.110.120/ gw=[172.16.110.1/] mtu=(default)⏎[Apr 18, 2025, 09:55:30] Session invalidated: DECRYPT_ERROR
⏎[Apr 18, 2025, 09:55:30] Client terminated, restarting in 2000 ms...
⏎[Apr 18, 2025, 09:55:30] SetupClient: signaling tun destroy event
⏎[Apr 18, 2025, 09:55:32] EVENT: RECONNECTING ⏎[Apr 18, 2025, 09:55:32] EVENT: RESOLVE ⏎[Apr 18, 2025, 09:55:32] EVENT: WAIT ⏎[Apr 18, 2025, 09:55:32] WinCommandAgent: transmitting bypass route to edit.edit.136.190
{
"host" : "edit.edit.136.190",
"ipv6" : false
}
⏎[Apr 18, 2025, 09:55:32] Connecting to [edit.sn.mynetname.net]:1194 (edit.edit.136.190) via TCP
⏎[Apr 18, 2025, 09:55:32] EVENT: CONNECTING ⏎[Apr 18, 2025, 09:55:32] Tunnel Options:V4,dev-type tun,link-mtu 1523,tun-mtu 1500,proto TCPv4_CLIENT,cipher AES-256-GCM,auth [null-digest],keysize 256,key-method 2,tls-client
⏎[Apr 18, 2025, 09:55:32] Creds: Username/Password
⏎[Apr 18, 2025, 09:55:32] Sending Peer Info:
IV_VER=3.10.5
IV_PLAT=win
IV_NCP=2
IV_TCPNL=1
IV_PROTO=2974
IV_MTU=1600
IV_CIPHERS=AES-128-CBC:AES-192-CBC:AES-256-CBC:AES-128-GCM:AES-192-GCM:AES-256-GCM:CHACHA20-POLY1305
IV_GUI_VER=OCWindows_3.6.0-4074
IV_SSO=webauth,crtext
⏎[Apr 18, 2025, 09:55:32] SSL Handshake: peer certificate: CN=Server, 2048 bit RSA, cipher: ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD
⏎[Apr 18, 2025, 09:55:32] Session is ACTIVE
⏎[Apr 18, 2025, 09:55:32] EVENT: GET_CONFIG ⏎[Apr 18, 2025, 09:55:32] Sending PUSH_REQUEST to server...
⏎[Apr 18, 2025, 09:55:32] OPTIONS:
0 [route] [10.2.2.0] [255.255.255.0]
1 [ping] [20]
2 [ping-restart] [60]
3 [topology] [subnet]
4 [route-gateway] [172.16.110.1]
5 [route] [10.2.2.0/24] [10.2.2.1]
6 [ifconfig] [172.16.110.120] [255.255.255.0]
7 [peer-id] [4]
⏎[Apr 18, 2025, 09:55:32] PROTOCOL OPTIONS:
cipher: AES-256-GCM
digest: none
key-derivation: OpenVPN PRF
compress: NONE
peer ID: 4
⏎[Apr 18, 2025, 09:55:32] EVENT: ASSIGN_IP ⏎[Apr 18, 2025, 09:55:32] exception parsing IPv4 route: [route] [10.2.2.0/24] [10.2.2.1] : addr_pair_mask_parse_error: AddrMaskPair parse error 'route': 10.2.2.0/24/10.2.2.1 : ip_exception: error parsing route IP address '10.2.2.0/24' : An invalid argument was supplied.
⏎[Apr 18, 2025, 09:55:32] CAPTURED OPTIONS:
Session Name: edit.sn.mynetname.net
Layer: OSI_LAYER_3
MTU: 1500
Remote Address: edit.edit.136.190
Tunnel Addresses:
172.16.110.120/24 -> 172.16.110.1
Reroute Gateway: IPv4=0 IPv6=0 flags=[ IPv4 ]
Block IPv4: no
Block IPv6: no
Block local DNS: no
Add Routes:
10.2.2.0/24
I already use this same configuration on another client and it works fine.
The VPN IPs are 172.16.110.X
The LAN IP is 10.2.2.0/24
The original configuration file:
client
dev tun
remote f0380X.sn.mynetname.net 1194 tcp (Edited)
tun-mtu 1500
tls-client
nobind
user nobody
group nogroup
ping 15
ping-restart 45
persist-tun
persist-key
mute-replay-warnings
verb 3
cipher AES-256-GCM
auth none
pull
auth-user-pass
connect-retry 1
reneg-sec 3600
remote-cert-tls server
I add this line to create the route to the LAN network
route 10.2.2.0 255.255.255.0
I add this line to send traffic to the client's WAN. These I use, only when I need to use Public IP of cliente, it not necessary
redirect-gateway 172.16.110.1
Logs
[Apr 18, 2025, 09:55:18] OpenVPN core 3.10.5 win x86_64 64-bit OVPN-DCO built on Dec 17 2024 12:24:32
⏎[Apr 18, 2025, 09:55:18] Frame=512/2112/512 mssfix-ctrl=1250
⏎[Apr 18, 2025, 09:55:18] NOTE: This configuration contains options that were not used:
⏎[Apr 18, 2025, 09:55:18] Unsupported option (ignored)
⏎[Apr 18, 2025, 09:55:18] 0 [user] [nobody]
⏎[Apr 18, 2025, 09:55:18] 1 [group] [nogroup]
⏎[Apr 18, 2025, 09:55:18] 2 [persist-tun]
⏎[Apr 18, 2025, 09:55:18] 3 [persist-key]
⏎[Apr 18, 2025, 09:55:18] 4 [connect-retry] [1]
⏎[Apr 18, 2025, 09:55:18] Unused options, probably specified multiple times in the configuration file
⏎[Apr 18, 2025, 09:55:18] 0 [client]
⏎[Apr 18, 2025, 09:55:18] EVENT: RESOLVE ⏎[Apr 18, 2025, 09:55:18] EVENT: WAIT ⏎[Apr 18, 2025, 09:55:18] WinCommandAgent: transmitting bypass route to edit.edit.136.190
{
"host" : "edit.edit.136.190",
"ipv6" : false
}
⏎[Apr 18, 2025, 09:55:18] Connecting to [edit.sn.mynetname.net]:1194 (edit.edit.136.190) via TCP
⏎[Apr 18, 2025, 09:55:18] EVENT: CONNECTING ⏎[Apr 18, 2025, 09:55:18] Tunnel Options:V4,dev-type tun,link-mtu 1523,tun-mtu 1500,proto TCPv4_CLIENT,cipher AES-256-GCM,auth [null-digest],keysize 256,key-method 2,tls-client
⏎[Apr 18, 2025, 09:55:18] Creds: Username/Password
⏎[Apr 18, 2025, 09:55:18] Sending Peer Info:
IV_VER=3.10.5
IV_PLAT=win
IV_NCP=2
IV_TCPNL=1
IV_PROTO=2974
IV_MTU=1600
IV_CIPHERS=AES-128-CBC:AES-192-CBC:AES-256-CBC:AES-128-GCM:AES-192-GCM:AES-256-GCM:CHACHA20-POLY1305
IV_GUI_VER=OCWindows_3.6.0-4074
IV_SSO=webauth,crtext
⏎[Apr 18, 2025, 09:55:18] SSL Handshake: peer certificate: CN=Server, 2048 bit RSA, cipher: ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD
⏎[Apr 18, 2025, 09:55:18] Session is ACTIVE
⏎[Apr 18, 2025, 09:55:18] EVENT: GET_CONFIG ⏎[Apr 18, 2025, 09:55:18] Sending PUSH_REQUEST to server...
⏎[Apr 18, 2025, 09:55:19] OPTIONS:
0 [route] [10.2.2.0] [255.255.255.0]
1 [ping] [20]
2 [ping-restart] [60]
3 [topology] [subnet]
4 [route-gateway] [172.16.110.1]
5 [route] [10.2.2.0/24] [10.2.2.1]
6 [ifconfig] [172.16.110.120] [255.255.255.0]
7 [peer-id] [4]
⏎[Apr 18, 2025, 09:55:19] PROTOCOL OPTIONS:
cipher: AES-256-GCM
digest: none
key-derivation: OpenVPN PRF
compress: NONE
peer ID: 4
⏎[Apr 18, 2025, 09:55:19] EVENT: ASSIGN_IP ⏎[Apr 18, 2025, 09:55:19] exception parsing IPv4 route: [route] [10.2.2.0/24] [10.2.2.1] : addr_pair_mask_parse_error: AddrMaskPair parse error 'route': 10.2.2.0/24/10.2.2.1 : ip_exception: error parsing route IP address '10.2.2.0/24' : An invalid argument was supplied.
⏎[Apr 18, 2025, 09:55:19] CAPTURED OPTIONS:
Session Name: edit.sn.mynetname.net
Layer: OSI_LAYER_3
MTU: 1500
Remote Address: edit.edit.136.190
Tunnel Addresses:
172.16.110.120/24 -> 172.16.110.1
Reroute Gateway: IPv4=0 IPv6=0 flags=[ IPv4 ]
Block IPv4: no
Block IPv6: no
Block local DNS: no
Add Routes:
10.2.2.0/24
Exclude Routes:
⏎[Apr 18, 2025, 09:55:19] SetupClient: transmitting tun setup list to \\.\pipe\agent_ovpnconnect
{
"allow_local_dns_resolvers" : false,
"confirm_event" : "3818000000000000",
"destroy_event" : "9c17000000000000",
"tun" :
{
"adapter_domain_suffix" : "",
"add_routes" :
[
{
"address" : "10.2.2.0",
"gateway" : "",
"ipv6" : false,
"metric" : -1,
"net30" : false,
"prefix_length" : 24
}
],
"block_ipv6" : false,
"block_outside_dns" : false,
"dns_options" :
{
"servers" : {}
},
"layer" : 3,
"mtu" : 1500,
"remote_address" :
{
"address" : "edit.edit.136.190",
"ipv6" : false
},
"reroute_gw" :
{
"flags" : 256,
"ipv4" : false,
"ipv6" : false
},
"route_metric_default" : -1,
"session_name" : "edit.sn.mynetname.net",
"tunnel_address_index_ipv4" : 0,
"tunnel_address_index_ipv6" : -1,
"tunnel_addresses" :
[
{
"address" : "172.16.110.120",
"gateway" : "172.16.110.1",
"ipv6" : false,
"metric" : -1,
"net30" : false,
"prefix_length" : 24
}
]
},
"tun_type" : 0
}
POST np://[\\.\pipe\agent_ovpnconnect]/tun-setup : 200 OK
TAP ADAPTERS:
guid='{C2DA1B4F-CDAC-464A-8977-F63CB5F3B829}' index=25 name='Conexão Local 2'
Open TAP device "Conexão Local 2" PATH="\\.\Global\{C2DA1B4F-CDAC-464A-8977-F63CB5F3B829}.tap" SUCCEEDED
TAP-Windows Driver Version 9.27
ActionDeleteAllRoutesOnInterface iface_index=25
netsh interface ip set interface 25 metric=9000
Ok.
netsh interface ip set address 25 static 172.16.110.120 255.255.255.0 gateway=172.16.110.1 store=active
IPHelper: add route 10.2.2.0/24 25 172.16.110.1 metric=-1
ipconfig /flushdns
Configuração de IP do Windows
Liberação do Cache do DNS Resolver bem-sucedida.
TAP: ARP flush succeeded
TAP handle: 0817000000000000
⏎[Apr 18, 2025, 09:55:19] Connected via TUN_WIN
⏎[Apr 18, 2025, 09:55:19] EVENT: CONNECTED Eduardo@edit.sn.mynetname.net:1194 (edit.edit.136.190) via /TCP on TUN_WIN/172.16.110.120/ gw=[172.16.110.1/] mtu=(default)⏎[Apr 18, 2025, 09:55:30] Session invalidated: DECRYPT_ERROR
⏎[Apr 18, 2025, 09:55:30] Client terminated, restarting in 2000 ms...
⏎[Apr 18, 2025, 09:55:30] SetupClient: signaling tun destroy event
⏎[Apr 18, 2025, 09:55:32] EVENT: RECONNECTING ⏎[Apr 18, 2025, 09:55:32] EVENT: RESOLVE ⏎[Apr 18, 2025, 09:55:32] EVENT: WAIT ⏎[Apr 18, 2025, 09:55:32] WinCommandAgent: transmitting bypass route to edit.edit.136.190
{
"host" : "edit.edit.136.190",
"ipv6" : false
}
⏎[Apr 18, 2025, 09:55:32] Connecting to [edit.sn.mynetname.net]:1194 (edit.edit.136.190) via TCP
⏎[Apr 18, 2025, 09:55:32] EVENT: CONNECTING ⏎[Apr 18, 2025, 09:55:32] Tunnel Options:V4,dev-type tun,link-mtu 1523,tun-mtu 1500,proto TCPv4_CLIENT,cipher AES-256-GCM,auth [null-digest],keysize 256,key-method 2,tls-client
⏎[Apr 18, 2025, 09:55:32] Creds: Username/Password
⏎[Apr 18, 2025, 09:55:32] Sending Peer Info:
IV_VER=3.10.5
IV_PLAT=win
IV_NCP=2
IV_TCPNL=1
IV_PROTO=2974
IV_MTU=1600
IV_CIPHERS=AES-128-CBC:AES-192-CBC:AES-256-CBC:AES-128-GCM:AES-192-GCM:AES-256-GCM:CHACHA20-POLY1305
IV_GUI_VER=OCWindows_3.6.0-4074
IV_SSO=webauth,crtext
⏎[Apr 18, 2025, 09:55:32] SSL Handshake: peer certificate: CN=Server, 2048 bit RSA, cipher: ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD
⏎[Apr 18, 2025, 09:55:32] Session is ACTIVE
⏎[Apr 18, 2025, 09:55:32] EVENT: GET_CONFIG ⏎[Apr 18, 2025, 09:55:32] Sending PUSH_REQUEST to server...
⏎[Apr 18, 2025, 09:55:32] OPTIONS:
0 [route] [10.2.2.0] [255.255.255.0]
1 [ping] [20]
2 [ping-restart] [60]
3 [topology] [subnet]
4 [route-gateway] [172.16.110.1]
5 [route] [10.2.2.0/24] [10.2.2.1]
6 [ifconfig] [172.16.110.120] [255.255.255.0]
7 [peer-id] [4]
⏎[Apr 18, 2025, 09:55:32] PROTOCOL OPTIONS:
cipher: AES-256-GCM
digest: none
key-derivation: OpenVPN PRF
compress: NONE
peer ID: 4
⏎[Apr 18, 2025, 09:55:32] EVENT: ASSIGN_IP ⏎[Apr 18, 2025, 09:55:32] exception parsing IPv4 route: [route] [10.2.2.0/24] [10.2.2.1] : addr_pair_mask_parse_error: AddrMaskPair parse error 'route': 10.2.2.0/24/10.2.2.1 : ip_exception: error parsing route IP address '10.2.2.0/24' : An invalid argument was supplied.
⏎[Apr 18, 2025, 09:55:32] CAPTURED OPTIONS:
Session Name: edit.sn.mynetname.net
Layer: OSI_LAYER_3
MTU: 1500
Remote Address: edit.edit.136.190
Tunnel Addresses:
172.16.110.120/24 -> 172.16.110.1
Reroute Gateway: IPv4=0 IPv6=0 flags=[ IPv4 ]
Block IPv4: no
Block IPv6: no
Block local DNS: no
Add Routes:
10.2.2.0/24