Jamie Orzechowski
New Around Here
I have installed version 378.56_2 on my AC3200
OpenVPN was configured and the .ovpn profile loaded.
VPN is showing connected but when I check the routing table I don't see the VPN route(s) present nor is the VPN working.
Any ideas what is wrong?
I have Policy rules enabled and also tried "All Traffic" but neither work.
Here are the logs.
Nov 29 18:37:19 openvpn[1121]: OpenVPN 2.3.8 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Nov 2 2015
Nov 29 18:37:19 openvpn[1121]: library versions: OpenSSL 1.0.2d 9 Jul 2015, LZO 2.08
Nov 29 18:37:19 openvpn[1122]: WARNING: --ping should normally be used with --ping-restart or --ping-exit
Nov 29 18:37:19 openvpn[1122]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Nov 29 18:37:19 openvpn[1122]: Control Channel Authentication: using 'static.key' as a OpenVPN static key file
Nov 29 18:37:19 openvpn[1122]: Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Nov 29 18:37:19 openvpn[1122]: Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Nov 29 18:37:19 openvpn[1122]: Socket Buffers: R=[122880->131072] S=[122880->131072]
Nov 29 18:37:19 openvpn[1122]: UDPv4 link local: [undef]
Nov 29 18:37:19 openvpn[1122]: UDPv4 link remote: [AF_INET]192.99.47.186:1194
Nov 29 18:37:19 openvpn[1122]: TLS: Initial packet from [AF_INET]192.99.47.186:1194, sid=b0ab0cf7 d94955a3
Nov 29 18:37:19 openvpn[1122]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Nov 29 18:37:20 openvpn[1122]: VERIFY OK: depth=1, C=LT, ST=CA, L=MG, O=ca.nordvpn.com, OU=ca.nordvpn.com, CN=ca.nordvpn.com, name=ca.nordvpn.com, emailAddress=info@nordvpn.com
Nov 29 18:37:20 openvpn[1122]: Validating certificate key usage
Nov 29 18:37:20 openvpn[1122]: ++ Certificate has key usage 00a0, expects 00a0
Nov 29 18:37:20 openvpn[1122]: VERIFY KU OK
Nov 29 18:37:20 openvpn[1122]: Validating certificate extended key usage
Nov 29 18:37:20 openvpn[1122]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Nov 29 18:37:20 openvpn[1122]: VERIFY EKU OK
Nov 29 18:37:20 openvpn[1122]: VERIFY OK: depth=0, C=PA, ST=PA, L=Panama, O=NordVPN, OU=NordVPN, CN=vpn-ca.nordvpn.com, name=NordVPN, emailAddress=cert@nordvpn.com
Nov 29 18:37:21 openvpn[1122]: Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Nov 29 18:37:21 openvpn[1122]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Nov 29 18:37:21 openvpn[1122]: Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Nov 29 18:37:21 openvpn[1122]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Nov 29 18:37:21 openvpn[1122]: Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Nov 29 18:37:21 openvpn[1122]: [vpn-ca.nordvpn.com] Peer Connection Initiated with [AF_INET]192.99.47.186:1194
Nov 29 18:37:23 openvpn[1122]: SENT CONTROL [vpn-ca.nordvpn.com]: 'PUSH_REQUEST' (status=1)
Nov 29 18:37:23 openvpn[1122]: PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 198.7.63.141,dhcp-option DNS 78.46.223.24,route 10.8.8.1,topology net30,ping 5,ping-restart 30'
Nov 29 18:37:23 openvpn[1122]: OPTIONS IMPORT: timers and/or timeouts modified
Nov 29 18:37:23 openvpn[1122]: OPTIONS IMPORT: --ifconfig/up options modified
Nov 29 18:37:23 openvpn[1122]: OPTIONS IMPORT: route options modified
Nov 29 18:37:23 openvpn[1122]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Nov 29 18:37:23 openvpn[1122]: OpenVPN ROUTE: OpenVPN needs a gateway parameter for a --route option and no default was specified by either --route-gateway or --ifconfig options
Nov 29 18:37:23 openvpn[1122]: OpenVPN ROUTE: failed to parse/resolve route for host/network: 10.8.8.1
Nov 29 18:37:23 openvpn[1122]: TUN/TAP device tun11 opened
Nov 29 18:37:23 openvpn[1122]: TUN/TAP TX queue length set to 100
Nov 29 18:37:23 openvpn[1122]: updown.sh tun11 1500 1590 init
Nov 29 18:37:24 rc_service: service 1174:notify_rc updateresolv
Nov 29 18:37:26 openvpn[1122]: NOTE: unable to redirect default gateway -- VPN gateway parameter (--route-gateway or --ifconfig) is missing
Nov 29 18:37:26 openvpn-routing: Configuring policy rules for client 1
Nov 29 18:37:26 openvpn-routing: Creating VPN routing table
Nov 29 18:37:27 openvpn-routing: Added 192.168.69.51 to 0.0.0.0/0 through VPN to routing policy
Nov 29 18:37:27 openvpn-routing: Added 192.168.69.54 to 0.0.0.0/0 through VPN to routing policy
Nov 29 18:37:27 openvpn-routing: Tunnel re-established, restoring WAN access to clients
Nov 29 18:37:27 openvpn-routing: Completed routing policy configuration
Nov 29 18:37:27 openvpn[1122]: Initialization Sequence Completed
OpenVPN was configured and the .ovpn profile loaded.
VPN is showing connected but when I check the routing table I don't see the VPN route(s) present nor is the VPN working.
Any ideas what is wrong?
I have Policy rules enabled and also tried "All Traffic" but neither work.
Here are the logs.
Nov 29 18:37:19 openvpn[1121]: OpenVPN 2.3.8 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Nov 2 2015
Nov 29 18:37:19 openvpn[1121]: library versions: OpenSSL 1.0.2d 9 Jul 2015, LZO 2.08
Nov 29 18:37:19 openvpn[1122]: WARNING: --ping should normally be used with --ping-restart or --ping-exit
Nov 29 18:37:19 openvpn[1122]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Nov 29 18:37:19 openvpn[1122]: Control Channel Authentication: using 'static.key' as a OpenVPN static key file
Nov 29 18:37:19 openvpn[1122]: Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Nov 29 18:37:19 openvpn[1122]: Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Nov 29 18:37:19 openvpn[1122]: Socket Buffers: R=[122880->131072] S=[122880->131072]
Nov 29 18:37:19 openvpn[1122]: UDPv4 link local: [undef]
Nov 29 18:37:19 openvpn[1122]: UDPv4 link remote: [AF_INET]192.99.47.186:1194
Nov 29 18:37:19 openvpn[1122]: TLS: Initial packet from [AF_INET]192.99.47.186:1194, sid=b0ab0cf7 d94955a3
Nov 29 18:37:19 openvpn[1122]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Nov 29 18:37:20 openvpn[1122]: VERIFY OK: depth=1, C=LT, ST=CA, L=MG, O=ca.nordvpn.com, OU=ca.nordvpn.com, CN=ca.nordvpn.com, name=ca.nordvpn.com, emailAddress=info@nordvpn.com
Nov 29 18:37:20 openvpn[1122]: Validating certificate key usage
Nov 29 18:37:20 openvpn[1122]: ++ Certificate has key usage 00a0, expects 00a0
Nov 29 18:37:20 openvpn[1122]: VERIFY KU OK
Nov 29 18:37:20 openvpn[1122]: Validating certificate extended key usage
Nov 29 18:37:20 openvpn[1122]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Nov 29 18:37:20 openvpn[1122]: VERIFY EKU OK
Nov 29 18:37:20 openvpn[1122]: VERIFY OK: depth=0, C=PA, ST=PA, L=Panama, O=NordVPN, OU=NordVPN, CN=vpn-ca.nordvpn.com, name=NordVPN, emailAddress=cert@nordvpn.com
Nov 29 18:37:21 openvpn[1122]: Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Nov 29 18:37:21 openvpn[1122]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Nov 29 18:37:21 openvpn[1122]: Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Nov 29 18:37:21 openvpn[1122]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Nov 29 18:37:21 openvpn[1122]: Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Nov 29 18:37:21 openvpn[1122]: [vpn-ca.nordvpn.com] Peer Connection Initiated with [AF_INET]192.99.47.186:1194
Nov 29 18:37:23 openvpn[1122]: SENT CONTROL [vpn-ca.nordvpn.com]: 'PUSH_REQUEST' (status=1)
Nov 29 18:37:23 openvpn[1122]: PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 198.7.63.141,dhcp-option DNS 78.46.223.24,route 10.8.8.1,topology net30,ping 5,ping-restart 30'
Nov 29 18:37:23 openvpn[1122]: OPTIONS IMPORT: timers and/or timeouts modified
Nov 29 18:37:23 openvpn[1122]: OPTIONS IMPORT: --ifconfig/up options modified
Nov 29 18:37:23 openvpn[1122]: OPTIONS IMPORT: route options modified
Nov 29 18:37:23 openvpn[1122]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Nov 29 18:37:23 openvpn[1122]: OpenVPN ROUTE: OpenVPN needs a gateway parameter for a --route option and no default was specified by either --route-gateway or --ifconfig options
Nov 29 18:37:23 openvpn[1122]: OpenVPN ROUTE: failed to parse/resolve route for host/network: 10.8.8.1
Nov 29 18:37:23 openvpn[1122]: TUN/TAP device tun11 opened
Nov 29 18:37:23 openvpn[1122]: TUN/TAP TX queue length set to 100
Nov 29 18:37:23 openvpn[1122]: updown.sh tun11 1500 1590 init
Nov 29 18:37:24 rc_service: service 1174:notify_rc updateresolv
Nov 29 18:37:26 openvpn[1122]: NOTE: unable to redirect default gateway -- VPN gateway parameter (--route-gateway or --ifconfig) is missing
Nov 29 18:37:26 openvpn-routing: Configuring policy rules for client 1
Nov 29 18:37:26 openvpn-routing: Creating VPN routing table
Nov 29 18:37:27 openvpn-routing: Added 192.168.69.51 to 0.0.0.0/0 through VPN to routing policy
Nov 29 18:37:27 openvpn-routing: Added 192.168.69.54 to 0.0.0.0/0 through VPN to routing policy
Nov 29 18:37:27 openvpn-routing: Tunnel re-established, restoring WAN access to clients
Nov 29 18:37:27 openvpn-routing: Completed routing policy configuration
Nov 29 18:37:27 openvpn[1122]: Initialization Sequence Completed