Tweet
Hello, first of all, I'm a newbie in networking, so sorry if I can't provide all the needed information, if anything needed, tell me and I'll try to provide it to you. I'll try to say right away, at the moment, I don't have access to our OpenVPN server or the GUI to look into server's OpenVPN logs, but I keep asking for it, so I can try to solve it.
Our company has a data center and if you aren't working in an office, obviously we use VPN to connect to it.
The issue, I am at least having, as I'm the one who needs it the most at the moment, is that I can't access any of our internal IP addresses with VPN.
We use OpenVPN Connect v3.4.3, as per Microsoft's Intune settings, but I tried the newest version, the result is the same.
Profile connects fine, OpenVPN doesn't show any errors but I can't ping, I can't trace route internal IPs. 'route show' I can see that routes are made, but I can't access any of them.
So I just guessed something's wrong with the profile and decided to leave it at the moment and I'll try to fix it later on, as a learning experience.
Just for the fun of it, I decided to try the profile on my iPhone. I can connect also fine, but also I can ping and trace route the internal IP addresses.
I know it's not a computer issue, as I tried to connect on another Windows laptop and same thing, it connects to the VPN, but can't ping or trace route.
Thank you in advance and sorry for the lack of information.
If it helps, here's the OpenVPN Connect logs
Our company has a data center and if you aren't working in an office, obviously we use VPN to connect to it.
The issue, I am at least having, as I'm the one who needs it the most at the moment, is that I can't access any of our internal IP addresses with VPN.
We use OpenVPN Connect v3.4.3, as per Microsoft's Intune settings, but I tried the newest version, the result is the same.
Profile connects fine, OpenVPN doesn't show any errors but I can't ping, I can't trace route internal IPs. 'route show' I can see that routes are made, but I can't access any of them.
So I just guessed something's wrong with the profile and decided to leave it at the moment and I'll try to fix it later on, as a learning experience.
Just for the fun of it, I decided to try the profile on my iPhone. I can connect also fine, but also I can ping and trace route the internal IP addresses.
I know it's not a computer issue, as I tried to connect on another Windows laptop and same thing, it connects to the VPN, but can't ping or trace route.
Thank you in advance and sorry for the lack of information.
If it helps, here's the OpenVPN Connect logs
Code:
[Aug 2, 2024, 17:15:00] SetupClient: signaling tun destroy event
⏎[Aug 2, 2024, 17:15:00] EVENT: DISCONNECTED ⏎[Aug 2, 2024, 17:15:01] OpenVPN core 3.10_qa win x86_64 64-bit OVPN-DCO built on Jul 17 2024 14:22:15
⏎[Aug 2, 2024, 17:15:01] Frame=512/2112/512 mssfix-ctrl=1250
⏎[Aug 2, 2024, 17:15:01] NOTE: This configuration contains options that were not used:
⏎[Aug 2, 2024, 17:15:01] Unsupported option (ignored)
⏎[Aug 2, 2024, 17:15:01] 0 [resolv-retry] [infinite]
⏎[Aug 2, 2024, 17:15:01] 1 [persist-key]
⏎[Aug 2, 2024, 17:15:01] 2 [persist-tun]
⏎[Aug 2, 2024, 17:15:01] Unused options, probably specified multiple times in the configuration file
⏎[Aug 2, 2024, 17:15:01] 0 [client]
⏎[Aug 2, 2024, 17:15:01] EVENT: RESOLVE ⏎[Aug 2, 2024, 17:15:01] EVENT: WAIT ⏎[Aug 2, 2024, 17:15:01] WinCommandAgent: transmitting bypass route to 5.133.x.x
{
"host" : "5.133.x.x",
"ipv6" : false
}
⏎[Aug 2, 2024, 17:15:01] Connecting to [pve]:1194 (5.133.x.x) via TCP
⏎[Aug 2, 2024, 17:15:01] EVENT: CONNECTING ⏎[Aug 2, 2024, 17:15:01] Tunnel Options:V4,dev-type tun,link-mtu 1559,tun-mtu 1500,proto TCPv4_CLIENT,cipher AES-128-CBC,auth SHA1,keysize 128,key-method 2,tls-client
⏎[Aug 2, 2024, 17:15:01] Creds: Username/Password
⏎[Aug 2, 2024, 17:15:01] Sending Peer Info:
IV_VER=3.10_qa
IV_PLAT=win
IV_NCP=2
IV_TCPNL=1
IV_PROTO=2974
IV_MTU=1600
IV_CIPHERS=AES-128-CBC:AES-192-CBC:AES-256-CBC:AES-128-GCM:AES-192-GCM:AES-256-GCM:CHACHA20-POLY1305
IV_GUI_VER=OCWindows_3.5.0-3818
IV_SSO=webauth,crtext
⏎[Aug 2, 2024, 17:15:01] SSL Handshake: peer certificate: CN=OpenVPNServer, 2048 bit RSA, cipher: ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD
⏎[Aug 2, 2024, 17:15:01] Session is ACTIVE
⏎[Aug 2, 2024, 17:15:01] EVENT: GET_CONFIG ⏎[Aug 2, 2024, 17:15:01] Sending PUSH_REQUEST to server...
⏎[Aug 2, 2024, 17:15:01] OPTIONS:
0 [route] [172.16.x.x] [255.255.255.0]
1 [route] [172.16.x.x] [255.255.255.0]
2 [route] [172.16.x.x] [255.255.255.0]
3 [route] [172.18.x.x] [255.255.255.0]
4 [route] [10.214.x.x] [255.255.255.0]
5 [ping] [20]
6 [ping-restart] [60]
7 [topology] [subnet]
8 [route-gateway] [172.16.x.x]
9 [ifconfig] [172.17.x.x] [255.255.255.0]
10 [peer-id] [4]
⏎[Aug 2, 2024, 17:15:01] PROTOCOL OPTIONS:
cipher: AES-128-CBC
digest: SHA1
key-derivation: OpenVPN PRF
compress: NONE
peer ID: 4
⏎[Aug 2, 2024, 17:15:01] EVENT: ASSIGN_IP ⏎[Aug 2, 2024, 17:15:01] CAPTURED OPTIONS:
Session Name: pve
Layer: OSI_LAYER_3
Remote Address: 5.133.x.x
Tunnel Addresses:
172.17.x.x/24 -> 172.16.x.x
Reroute Gateway: IPv4=0 IPv6=0 flags=[ IPv4 ]
Block IPv4: no
Block IPv6: no
Block local DNS: no
Add Routes:
172.16.x.x/24
172.16.x.x/24
172.16.x.x/24
172.18.x.x/24
10.214.x.x/24
Exclude Routes:
⏎[Aug 2, 2024, 17:15:02] SetupClient: transmitting tun setup list to \\.\pipe\agent_ovpnconnect
{
"allow_local_dns_resolvers" : false,
"confirm_event" : "4c0e000000000000",
"destroy_event" : "c80b000000000000",
"tun" :
{
"adapter_domain_suffix" : "",
"add_routes" :
[
{
"address" : "172.16.x.x",
"gateway" : "",
"ipv6" : false,
"metric" : -1,
"net30" : false,
"prefix_length" : 24
},
{
"address" : "172.16.x.x",
"gateway" : "",
"ipv6" : false,
"metric" : -1,
"net30" : false,
"prefix_length" : 24
},
{
"address" : "172.16.x.x",
"gateway" : "",
"ipv6" : false,
"metric" : -1,
"net30" : false,
"prefix_length" : 24
},
{
"address" : "172.18.x.x",
"gateway" : "",
"ipv6" : false,
"metric" : -1,
"net30" : false,
"prefix_length" : 24
},
{
"address" : "10.214.x.x",
"gateway" : "",
"ipv6" : false,
"metric" : -1,
"net30" : false,
"prefix_length" : 24
}
],
"block_ipv6" : false,
"block_outside_dns" : false,
"dns_options" :
{
"servers" : {}
},
"layer" : 3,
"mtu" : 0,
"remote_address" :
{
"address" : "5.133.x.x",
"ipv6" : false
},
"reroute_gw" :
{
"flags" : 256,
"ipv4" : false,
"ipv6" : false
},
"route_metric_default" : -1,
"session_name" : "pve.devoro.cloud",
"tunnel_address_index_ipv4" : 0,
"tunnel_address_index_ipv6" : -1,
"tunnel_addresses" :
[
{
"address" : "172.17.x.x",
"gateway" : "172.16.x.x",
"ipv6" : false,
"metric" : -1,
"net30" : false,
"prefix_length" : 24
}
]
},
"tun_type" : 0
}
POST np://[\\.\pipe\agent_ovpnconnect]/tun-setup : 200 OK
TAP ADAPTERS:
guid='{0B766C5D-C0D4-44EE-8525-1ACB6B995047}' index=5 name='Local Area Connection'
Open TAP device "Local Area Connection" PATH="\\.\Global\{0B766C5D-C0D4-44EE-8525-1ACB6B995047}.tap" SUCCEEDED
TAP-Windows Driver Version 9.27
ActionDeleteAllRoutesOnInterface iface_index=5
netsh interface ip set interface 5 metric=9000
Ok.
netsh interface ip set address 5 static 172.17.x.x 255.255.255.0 gateway=172.16.x.x store=active
IPHelper: add route 172.16.x.x/24 5 172.16.x.x metric=-1
IPHelper: add route 172.16.x.x/24 5 172.16.x.x metric=-1
IPHelper: add route 172.16.x.x/24 5 172.16.x.x metric=-1
IPHelper: add route 172.18.x.x/24 5 172.16.x.x metric=-1
IPHelper: add route 10.214.x.x/24 5 172.16.x.x metric=-1
ipconfig /flushdns
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
TAP: ARP flush succeeded
TAP handle: 0c0f000000000000
⏎[Aug 2, 2024, 17:15:02] Connected via TUN_WIN
⏎[Aug 2, 2024, 17:15:02] EVENT: CONNECTED righN@pve:1194 (5.133.x.x) via /TCP on TUN_WIN/172.17.x.x/ gw=[172.16.x.x/] mtu=(default)⏎