SoftEther with OpenVPN client (topology???)

[yurun]

Hello All,

First of all I want to thank all those who were (is) involved in SoftEther project which I have recently discovered for myself.
It really looks like very promising project and a pleasure to work with.
Keep up the good work!


Now I want to request for help, since I seem to be missing something.
I am looking for Open VPN server replacement due to performance issues. I already have OpenVPN server and many OpenVPN clients connecting to it to access VPN.
I have tried different configurations, including different ovpn client configuration, however I do not seem to be able to make Open-VPN client compatibility to work.
I have read the forum and I do not see anyone facing the same issue, so probably I might be missing smth obvious.

Basic info:

1. Operating system name and the type of CPU-bits:

Linux Ubuntu 64 bits



2. The result of "ifconfig –a" (UNIX) or "ipconfig /all" (Windows)

eth0 Link encap:Ethernet HWaddr 00:15:17:aa:f6:a8
inet addr:A.B.C.D Bcast:A.B.C.D Mask:255.255.255.248
inet6 addr: A.B.C.D/64 Scope:Link
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
RX packets:2122357 errors:0 dropped:1764 overruns:0 frame:0
TX packets:231224 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:404109680 (404.1 MB) TX bytes:45011402 (45.0 MB)
Interrupt:18 Memory:98820000-98840000

eth1 Link encap:Ethernet HWaddr 00:15:17:aa:f6:a9
BROADCAST PROMISC MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
Interrupt:19 Memory:98800000-98820000

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:36027 errors:0 dropped:0 overruns:0 frame:0
TX packets:36027 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:3121618 (3.1 MB) TX bytes:3121618 (3.1 MB)


3. The result of "uname –a" (UNIX) or "systeminfo" (Windows)


Linux ubuntu 3.13.0-32-generic #57-Ubuntu SMP Tue Jul 15 03:51:08 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux


4. The build number of SoftEther VPN

4.10 Build 9473


5. Which SoftEther VPN component are you using?

I am trying to use SoftEther VPN Server to replace OpenVPN Server, so that OpenVPN clients could still connect.
SE official client works OK.
Open VPN client does not work.


6. Whether or not there is a NAT or Firewall between your VPN server and the Internet.
(If there is a NAT or Firewall, you should open a TCP port for the VPN listener.)

There is a NAT, ( clients behind NAT), but it all works good with OpenVPN server, and the problem only appears if you try to connect with Open VPN Client to SoftEther server.

7. Are you using SecureNAT?
(If so, why don't you use the Local Bridge function instead?
The performance of SecureNAT is lower than Local Bridge, and it consumes
much of CPU time. You should not use SecureNAT except very limited situation.)
Please see http://www.softether.org/index.php?titl ... T_Function


I tried both configurations, with and without secureNAT.

In any configuration when I try to connect to SE with oVPN client I seem to be hitting the following problem:
- in the begginning I seem to get the tunnel up, certificate auth OK, then user-password auth ok, and the stage before getting ips seems all good.
- then I guess the problem on ip addressing stage occurs:
by default, openVPN server and client work in so called net30 network mode (more about OpenVPN topology is written here https://community.openvpn.net/openvpn/wiki/Topology).
In this mode a client and server should communicate inside a pair of tunnel interfaces with /30 network mask. And this behavior seem to "almost" or "mostly" supported by SoftEther server,
however I am not able to make it work even with this scenario.

In my current implementation the OpenVPN server and client use a more "better topology" (in terms of OpenVPN), which is called "subnet", which is a more like a star/point-to-multipoint,
basically say you can have /24 network and just 1 ip is spent for default gateway/VPN server and all other ips from this /24 network are assigned to clients ( no such ip address waste like in net30 mode).
The topology command is being pushed from server side, SoftEther server does not seem to support it yet (defaults to net30 in terms of Open VPN), I tried to patch SoftEther and configure DHCP so that I get same
exactly same push commands and ip addressing like I get with OpenVPN but in the end I get same symptoms I get each time with OpenVPN client and SoftEther server: I can just ping only my local tunnel endpoint and nothing else.

8. Your current vpn_server.config or vpn_bridge.config file should be attached on the post.

Config attached.




My questions are:
- did anyone get success with OpenVPN client and SoftEther server? Please share your configs.
- does anyone have an idea why in my case it does not work (I do not see any similar claims on the forum amd I missing something)?
- did anyone manage to address OpenVPN topology issue and make SoftEther work in "subnet" mode with OpenVPN client?





Here are some debug logs:


Case: OpenVPN client fails to connect to SoftEther VPN official server (unmodified) in SecureNat mode.
basically the connection gets established but no traffic can be sent over tunnel, and the connection gets reset each couple of seconds:

Client command/config:
openvpn.exe --client --dev tun --remote **HIDDEN** 1195 --resolv-retry 3 --proto tcp-client --persist-tun --comp-lzo --verb 3 --auth-user-pass login_yurun.conf --ns-cert-type server --ca "cachain.pem" --redirect-gateway --log "C:\Users\**HIDDEN**\openvpn.log"

SoftEther logs:


2014-09-15 06:30:44.941 On the TCP Listener (Port 1195), a Client (IP address **HIDDEN**, Host name "**HIDDEN**", Port number 18899) has connected.
2014-09-15 06:30:44.941 For the client (IP address: **HIDDEN**, host name: "**HIDDEN**", port number: 18899), connection "CID-488" has been created.
2014-09-15 06:30:44.941 OpenVPN Module: The OpenVPN Server Module is starting.
2014-09-15 06:30:44.941 OpenVPN Session 1 (**HIDDEN**:18899 -> **HIDDEN**:1195): A new session is created. Protocol: TCP
2014-09-15 06:30:44.941 OpenVPN Session 1 (**HIDDEN**:18899 -> **HIDDEN**:1195) Channel 0: A new channel is created.
2014-09-15 06:30:46.039 OpenVPN Session 1 (**HIDDEN**:18899 -> **HIDDEN**:1195) Channel 0: Option Strings Received: "V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client"
2014-09-15 06:30:46.039 OpenVPN Session 1 (**HIDDEN**:18899 -> **HIDDEN**:1195) Channel 0: Option Strings to Send: "V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_SERVER,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server"
2014-09-15 06:30:48.267 On the TCP Listener (Port 0), a Client (IP address **HIDDEN**, Host name "**HIDDEN**", Port number 18899) has connected.
2014-09-15 06:30:48.267 For the client (IP address: **HIDDEN**, host name: "**HIDDEN**", port number: 18899), connection "CID-489" has been created.
2014-09-15 06:30:48.267 SSL communication for connection "CID-489" has been started. The encryption algorithm name is "(null)".
2014-09-15 06:30:48.267 [HUB "VPN"] The connection "CID-489" (IP address: **HIDDEN**, Host name: **HIDDEN**, Port number: 18899, Client name: "OpenVPN Client", Version: 4.10, Build: 9473) is attempting to connect to the Virtual Hub. The auth type provided is "External server authentication" and the user name is "yurun".
2014-09-15 06:30:48.267 [HUB "VPN"] Connection "CID-489": Successfully authenticated as user "yurun".
2014-09-15 13:30:48.267 [HUB "VPN"] Connection "CID-489": The new session "SID-YURUN-[OPENVPN_L3]-241" has been created. (IP address: **HIDDEN**, Port number: 18899, Physical underlying protocol: "Legacy VPN - OPENVPN_L3")
2014-09-15 06:30:48.267 [HUB "VPN"] Session "SID-YURUN-[OPENVPN_L3]-241": The parameter has been set. Max number of TCP connections: 1, Use of encryption: Yes, Use of compression: No, Use of Half duplex communication: No, Timeout: 20 seconds.
2014-09-15 06:30:48.267 [HUB "VPN"] Session "SID-YURUN-[OPENVPN_L3]-241": VPN Client details: (Client product name: "OpenVPN Client", Client version: 410, Client build number: 9473, Server product name: "SoftEther VPN Server (64 bit) (Open Source)", Server version: 410, Server build number: 9473, Client OS name: "OpenVPN Client", Client OS version: "-", Client product ID: "-", Client host name: "", Client IP address: "**HIDDEN**", Client port number: 18899, Server host name: "**HIDDEN**", Server IP address: "**HIDDEN**", Server port number: 1195, Proxy host name: "", Proxy IP address: "0.0.0.0", Proxy port number: 0, Virtual Hub name: "VPN", Client unique ID: "00D762C69D08CED152178D3068E46874")
2014-09-15 06:30:48.529 [HUB "VPN"] SecureNAT: The DHCP entry 240 has been created. MAC address: CA-13-DD-50-DE-7E, IP address: 192.168.30.13, host name: , expiration span: 7200 seconds
2014-09-15 06:30:48.529 [HUB "VPN"] Session "SID-SECURENAT-1": The DHCP server of host "00-AC-95-FC-45-89" (192.168.30.1) on this session allocated, for host "SID-YURUN-[OPENVPN_L3]-241" on another session "CA-13-DD-50-DE-7E", the new IP address 192.168.30.13.
2014-09-15 06:30:48.529 OpenVPN Session 1 (**HIDDEN**:18899 -> **HIDDEN**:1195) Channel 0: The channel becomes the established state.
2014-09-15 06:30:48.529 OpenVPN Session 1 (**HIDDEN**:18899 -> **HIDDEN**:1195) Channel 0: The IP address and other network information parameters are set successfully. IP Address of Client: 192.168.30.13, Subnet Mask: 255.255.255.0, Default Gateway: 192.168.30.1, DNS Server 1: 8.8.8.8, DNS Server 2: , WINS Server 1: , WINS Server 2:
2014-09-15 06:30:48.529 OpenVPN Session 1 (**HIDDEN**:18899 -> **HIDDEN**:1195) Channel 0: The full strings replied: "PUSH_REPLY,ping 3,ping-restart 10,ifconfig 192.168.30.13 192.168.30.14,dhcp-option DNS 8.8.8.8,route-gateway 192.168.30.14,redirect-gateway def1"
2014-09-15 06:30:58.879 OpenVPN Module: The OpenVPN Server Module is stopped.
2014-09-15 06:30:58.879 Connection "CID-488" has been terminated.
2014-09-15 06:30:58.879 The connection with the client (IP address **HIDDEN**, Port number 18899) has been disconnected.
2014-09-15 06:30:59.131 [HUB "VPN"] Session "SID-YURUN-[OPENVPN_L3]-241": The session has been terminated. The statistical information is as follows: Total outgoing data size: 1270 bytes, Total incoming data size: 1286 bytes.
2014-09-15 06:30:59.161 Connection "CID-489" terminated by the cause "The VPN session has been deleted. It is possible that either the administrator disconnected the session or the connection from the client to the VPN Server has been disconnected." (code 11).
2014-09-15 06:30:59.161 Connection "CID-489" has been terminated.
2014-09-15 06:30:59.161 The connection with the client (IP address **HIDDEN**, Port number 18899) has been disconnected.
2014-09-15 06:31:03.988 On the TCP Listener (Port 1195), a Client (IP address **HIDDEN**, Host name "**HIDDEN**", Port number 2359) has connected.
2014-09-15 06:31:03.988 For the client (IP address: **HIDDEN**, host name: "**HIDDEN**", port number: 2359), connection "CID-490" has been created.
2014-09-15 06:31:03.988 OpenVPN Module: The OpenVPN Server Module is starting.
2014-09-15 06:31:03.998 OpenVPN Session 1 (**HIDDEN**:2359 -> **HIDDEN**:1195): A new session is created. Protocol: TCP
2014-09-15 06:31:03.998 OpenVPN Session 1 (**HIDDEN**:2359 -> **HIDDEN**:1195) Channel 0: A new channel is created.
2014-09-15 06:31:05.077 OpenVPN Session 1 (**HIDDEN**:2359 -> **HIDDEN**:1195) Channel 0: Option Strings Received: "V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client"
2014-09-15 06:31:05.077 OpenVPN Session 1 (**HIDDEN**:2359 -> **HIDDEN**:1195) Channel 0: Option Strings to Send: "V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_SERVER,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server"
2014-09-15 06:31:06.992 On the TCP Listener (Port 0), a Client (IP address **HIDDEN**, Host name "**HIDDEN**", Port number 2359) has connected.

here goes the reconnect over and over (only one shown):

2014-09-15 06:31:06.992 For the client (IP address: **HIDDEN**, host name: "**HIDDEN**", port number: 2359), connection "CID-491" has been created.
2014-09-15 06:31:06.992 SSL communication for connection "CID-491" has been started. The encryption algorithm name is "(null)".
2014-09-15 06:31:06.992 [HUB "VPN"] The connection "CID-491" (IP address: **HIDDEN**, Host name: **HIDDEN**, Port number: 2359, Client name: "OpenVPN Client", Version: 4.10, Build: 9473) is attempting to connect to the Virtual Hub. The auth type provided is "External server authentication" and the user name is "yurun".
2014-09-15 06:31:06.992 [HUB "VPN"] Connection "CID-491": Successfully authenticated as user "yurun".
2014-09-15 06:31:06.992 [HUB "VPN"] Connection "CID-491": The new session "SID-YURUN-[OPENVPN_L3]-242" has been created. (IP address: **HIDDEN**, Port number: 2359, Physical underlying protocol: "Legacy VPN - OPENVPN_L3")
2014-09-15 06:31:06.992 [HUB "VPN"] Session "SID-YURUN-[OPENVPN_L3]-242": The parameter has been set. Max number of TCP connections: 1, Use of encryption: Yes, Use of compression: No, Use of Half duplex communication: No, Timeout: 20 seconds.
2014-09-15 06:31:06.992 [HUB "VPN"] Session "SID-YURUN-[OPENVPN_L3]-242": VPN Client details: (Client product name: "OpenVPN Client", Client version: 410, Client build number: 9473, Server product name: "SoftEther VPN Server (64 bit) (Open Source)", Server version: 410, Server build number: 9473, Client OS name: "OpenVPN Client", Client OS version: "-", Client product ID: "-", Client host name: "", Client IP address: "**HIDDEN**", Client port number: 2359, Server host name: "**HIDDEN**", Server IP address: "**HIDDEN**", Server port number: 1195, Proxy host name: "", Proxy IP address: "0.0.0.0", Proxy port number: 0, Virtual Hub name: "VPN", Client unique ID: "00D762C69D08CED152178D3068E46874")
2014-09-15 06:31:07.496 [HUB "VPN"] SecureNAT: The DHCP entry 241 has been created. MAC address: CA-13-DD-50-DE-7E, IP address: 192.168.30.13, host name: , expiration span: 7200 seconds
2014-09-15 06:31:07.496 [HUB "VPN"] Session "SID-SECURENAT-1": The DHCP server of host "00-AC-95-FC-45-89" (192.168.30.1) on this session allocated, for host "SID-YURUN-[OPENVPN_L3]-242" on another session "CA-13-DD-50-DE-7E", the new IP address 192.168.30.13.
2014-09-15 06:31:07.496 OpenVPN Session 1 (**HIDDEN**:2359 -> **HIDDEN**:1195) Channel 0: The channel becomes the established state.
2014-09-15 06:31:07.496 OpenVPN Session 1 (**HIDDEN**:2359 -> **HIDDEN**:1195) Channel 0: The IP address and other network information parameters are set successfully. IP Address of Client: 192.168.30.13, Subnet Mask: 255.255.255.0, Default Gateway: 192.168.30.1, DNS Server 1: 8.8.8.8, DNS Server 2: , WINS Server 1: , WINS Server 2:
2014-09-15 06:31:07.496 OpenVPN Session 1 (**HIDDEN**:2359 -> **HIDDEN**:1195) Channel 0: The full strings replied: "PUSH_REPLY,ping 3,ping-restart 10,ifconfig 192.168.30.13 192.168.30.14,dhcp-option DNS 8.8.8.8,route-gateway 192.168.30.14,redirect-gateway def1"
2014-09-15 06:31:17.856 OpenVPN Module: The OpenVPN Server Module is stopped.
2014-09-15 06:31:17.856 Connection "CID-490" has been terminated.
2014-09-15 06:31:17.856 The connection with the client (IP address **HIDDEN**, Port number 2359) has been disconnected.
2014-09-15 06:31:18.108 [HUB "VPN"] Session "SID-YURUN-[OPENVPN_L3]-242": The session has been terminated. The statistical information is as follows: Total outgoing data size: 1392 bytes, Total incoming data size: 1597 bytes.
2014-09-15 06:31:18.138 Connection "CID-491" terminated by the cause "The VPN session has been deleted. It is possible that either the administrator disconnected the session or the connection from the client to the VPN Server has been disconnected." (code 11).
2014-09-15 06:31:18.138 Connection "CID-491" has been terminated.
2014-09-15 06:31:18.138 The connection with the client (IP address **HIDDEN**, Port number 2359) has been disconnected.





OpenVPN CLient logs:

Mon Sep 15 15:30:53 2014 OpenVPN 2.3.1 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [eurephia] [IPv6] built on Mar 28 2013
Mon Sep 15 15:30:53 2014 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Mon Sep 15 15:30:53 2014 Socket Buffers: R=[8192->8192] S=[8192->8192]
Mon Sep 15 15:30:53 2014 Attempting to establish TCP connection with [AF_INET]**HIDDEN**:1195
Mon Sep 15 15:30:53 2014 TCP connection established with [AF_INET]**HIDDEN**:1195
Mon Sep 15 15:30:53 2014 TCPv4_CLIENT link local: [undef]
Mon Sep 15 15:30:53 2014 TCPv4_CLIENT link remote: [AF_INET]**HIDDEN**:1195
Mon Sep 15 15:30:53 2014 TLS: Initial packet from [AF_INET]**HIDDEN**:1195, sid=6d443645 d4ac37c0
Mon Sep 15 15:30:53 2014 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Mon Sep 15 15:30:53 2014 VERIFY OK: depth=2, CN=**HIDDEN**
Mon Sep 15 15:30:53 2014 VERIFY OK: depth=1, CN=**HIDDEN**
Mon Sep 15 15:30:53 2014 VERIFY OK: nsCertType=SERVER
Mon Sep 15 15:30:53 2014 VERIFY OK: depth=0, CN=**HIDDEN**
Mon Sep 15 15:30:54 2014 WARNING: 'comp-lzo' is present in local config but missing in remote config, local='comp-lzo'
Mon Sep 15 15:30:54 2014 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Sep 15 15:30:54 2014 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Sep 15 15:30:54 2014 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Sep 15 15:30:54 2014 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Sep 15 15:30:54 2014 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 4096 bit RSA
Mon Sep 15 15:30:54 2014 [**HIDDEN**] Peer Connection Initiated with [AF_INET]**HIDDEN**:1195
Mon Sep 15 15:30:56 2014 SENT CONTROL [**HIDDEN**]: 'PUSH_REQUEST' (status=1)
Mon Sep 15 15:30:57 2014 PUSH: Received control message: 'PUSH_REPLY,ping 3,ping-restart 10,ifconfig 192.168.30.13 192.168.30.14,dhcp-option DNS 8.8.8.8,route-gateway 192.168.30.14,redirect-gateway def1'
Mon Sep 15 15:30:57 2014 OPTIONS IMPORT: timers and/or timeouts modified
Mon Sep 15 15:30:57 2014 OPTIONS IMPORT: --ifconfig/up options modified
Mon Sep 15 15:30:57 2014 OPTIONS IMPORT: route options modified
Mon Sep 15 15:30:57 2014 OPTIONS IMPORT: route-related options modified
Mon Sep 15 15:30:57 2014 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Mon Sep 15 15:30:57 2014 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Mon Sep 15 15:30:57 2014 open_tun, tt->ipv6=0
Mon Sep 15 15:30:57 2014 TAP-WIN32 device [Local Area Connection 2] opened: \\.\Global\{126E8D4E-3951-4E65-BEC0-E030CF97E828}.tap
Mon Sep 15 15:30:57 2014 TAP-Windows Driver Version 9.9
Mon Sep 15 15:30:57 2014 Notified TAP-Windows driver to set a DHCP IP/netmask of 192.168.30.13/255.255.255.252 on interface {126E8D4E-3951-4E65-BEC0-E030CF97E828} [DHCP-serv: 192.168.30.14, lease-time: 31536000]
Mon Sep 15 15:30:57 2014 Successful ARP Flush on interface [23] {126E8D4E-3951-4E65-BEC0-E030CF97E828}
Mon Sep 15 15:31:02 2014 TEST ROUTES: 1/1 succeeded len=0 ret=1 a=0 u/d=up
Mon Sep 15 15:31:02 2014 C:\Windows\system32\route.exe ADD **HIDDEN** MASK 255.255.255.255 172.22.44.1
Mon Sep 15 15:31:02 2014 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=25 and dwForwardType=4
Mon Sep 15 15:31:02 2014 Route addition via IPAPI succeeded [adaptive]
Mon Sep 15 15:31:02 2014 C:\Windows\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 192.168.30.14
Mon Sep 15 15:31:02 2014 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Mon Sep 15 15:31:02 2014 Route addition via IPAPI succeeded [adaptive]
Mon Sep 15 15:31:02 2014 C:\Windows\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 192.168.30.14
Mon Sep 15 15:31:02 2014 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Mon Sep 15 15:31:02 2014 Route addition via IPAPI succeeded [adaptive]
Mon Sep 15 15:31:02 2014 Initialization Sequence Completed
Mon Sep 15 15:31:07 2014 [**HIDDEN**] Inactivity timeout (--ping-restart), restarting
Mon Sep 15 15:31:07 2014 SIGUSR1[soft,ping-restart] received, process restarting
Mon Sep 15 15:31:07 2014 Restart pause, 5 second(s)
Mon Sep 15 15:31:12 2014 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Mon Sep 15 15:31:12 2014 Socket Buffers: R=[8192->8192] S=[8192->8192]
Mon Sep 15 15:31:12 2014 Attempting to establish TCP connection with [AF_INET]**HIDDEN**:1195
Mon Sep 15 15:31:12 2014 TCP connection established with [AF_INET]**HIDDEN**:1195
Mon Sep 15 15:31:12 2014 TCPv4_CLIENT link local: [undef]
Mon Sep 15 15:31:12 2014 TCPv4_CLIENT link remote: [AF_INET]**HIDDEN**:1195
Mon Sep 15 15:31:12 2014 TLS: Initial packet from [AF_INET]**HIDDEN**:1195, sid=afa8b31d b1999f04
Mon Sep 15 15:31:13 2014 VERIFY OK: depth=2, CN=**HIDDEN**
Mon Sep 15 15:31:13 2014 VERIFY OK: depth=1, CN=**HIDDEN**
Mon Sep 15 15:31:13 2014 VERIFY OK: nsCertType=SERVER
Mon Sep 15 15:31:13 2014 VERIFY OK: depth=0, CN=**HIDDEN**
Mon Sep 15 15:31:13 2014 WARNING: 'comp-lzo' is present in local config but missing in remote config, local='comp-lzo'
Mon Sep 15 15:31:13 2014 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Sep 15 15:31:13 2014 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Sep 15 15:31:13 2014 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Sep 15 15:31:13 2014 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Sep 15 15:31:13 2014 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 4096 bit RSA
Mon Sep 15 15:31:13 2014 [**HIDDEN**] Peer Connection Initiated with [AF_INET]**HIDDEN**:1195
Mon Sep 15 15:31:15 2014 SENT CONTROL [**HIDDEN**]: 'PUSH_REQUEST' (status=1)
Mon Sep 15 15:31:16 2014 PUSH: Received control message: 'PUSH_REPLY,ping 3,ping-restart 10,ifconfig 192.168.30.13 192.168.30.14,dhcp-option DNS 8.8.8.8,route-gateway 192.168.30.14,redirect-gateway def1'
Mon Sep 15 15:31:16 2014 OPTIONS IMPORT: timers and/or timeouts modified
Mon Sep 15 15:31:16 2014 OPTIONS IMPORT: --ifconfig/up options modified
Mon Sep 15 15:31:16 2014 OPTIONS IMPORT: route options modified
Mon Sep 15 15:31:16 2014 OPTIONS IMPORT: route-related options modified
Mon Sep 15 15:31:16 2014 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Mon Sep 15 15:31:16 2014 Preserving previous TUN/TAP instance: Local Area Connection 2
Mon Sep 15 15:31:16 2014 Initialization Sequence Completed
Mon Sep 15 15:31:26 2014 [**HIDDEN**] Inactivity timeout (--ping-restart), restarting
Mon Sep 15 15:31:26 2014 SIGUSR1[soft,ping-restart] received, process restarting
Mon Sep 15 15:31:26 2014 Restart pause, 5 second(s)
Mon Sep 15 15:31:31 2014 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Mon Sep 15 15:31:31 2014 Socket Buffers: R=[8192->8192] S=[8192->8192]
Mon Sep 15 15:31:31 2014 Attempting to establish TCP connection with [AF_INET]**HIDDEN**:1195
Mon Sep 15 15:31:31 2014 TCP connection established with [AF_INET]**HIDDEN**:1195
Mon Sep 15 15:31:31 2014 TCPv4_CLIENT link local: [undef]
Mon Sep 15 15:31:31 2014 TCPv4_CLIENT link remote: [AF_INET]**HIDDEN**:1195
Mon Sep 15 15:31:31 2014 TLS: Initial packet from [AF_INET]**HIDDEN**:1195, sid=c5760e57 a8922ebe
Mon Sep 15 15:31:32 2014 VERIFY OK: depth=2, **HIDDEN**
Mon Sep 15 15:31:32 2014 VERIFY OK: depth=1, **HIDDEN**
Mon Sep 15 15:31:32 2014 VERIFY OK: nsCertType=SERVER
Mon Sep 15 15:31:32 2014 VERIFY OK: depth=0, CN=**HIDDEN**
Mon Sep 15 15:31:32 2014 WARNING: 'comp-lzo' is present in local config but missing in remote config, local='comp-lzo'
Mon Sep 15 15:31:32 2014 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Sep 15 15:31:32 2014 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Sep 15 15:31:32 2014 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Sep 15 15:31:32 2014 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Sep 15 15:31:32 2014 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 4096 bit RSA
Mon Sep 15 15:31:32 2014 [**HIDDEN**] Peer Connection Initiated with [AF_INET]**HIDDEN**:1195
Mon Sep 15 15:31:34 2014 SENT CONTROL [**HIDDEN**]: 'PUSH_REQUEST' (status=1)
Mon Sep 15 15:31:34 2014 PUSH: Received control message: 'PUSH_REPLY,ping 3,ping-restart 10,ifconfig 192.168.30.13 192.168.30.14,dhcp-option DNS 8.8.8.8,route-gateway 192.168.30.14,redirect-gateway def1'
Mon Sep 15 15:31:34 2014 OPTIONS IMPORT: timers and/or timeouts modified
Mon Sep 15 15:31:34 2014 OPTIONS IMPORT: --ifconfig/up options modified
Mon Sep 15 15:31:34 2014 OPTIONS IMPORT: route options modified
Mon Sep 15 15:31:34 2014 OPTIONS IMPORT: route-related options modified
Mon Sep 15 15:31:34 2014 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Mon Sep 15 15:31:34 2014 Preserving previous TUN/TAP instance: Local Area Connection 2
Mon Sep 15 15:31:34 2014 Initialization Sequence Completed
Mon Sep 15 15:31:44 2014 [**HIDDEN**] Inactivity timeout (--ping-restart), restarting
Mon Sep 15 15:31:44 2014 SIGUSR1[soft,ping-restart] received, process restarting
Mon Sep 15 15:31:44 2014 Restart pause, 5 second(s)
Mon Sep 15 15:31:49 2014 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Mon Sep 15 15:31:49 2014 Socket Buffers: R=[8192->8192] S=[8192->8192]
Mon Sep 15 15:31:49 2014 Attempting to establish TCP connection with [AF_INET]**HIDDEN**:1195
Mon Sep 15 15:31:49 2014 TCP connection established with [AF_INET]**HIDDEN**:1195
Mon Sep 15 15:31:49 2014 TCPv4_CLIENT link local: [undef]
Mon Sep 15 15:31:49 2014 TCPv4_CLIENT link remote: [AF_INET]**HIDDEN**:1195
Mon Sep 15 15:31:49 2014 TLS: Initial packet from [AF_INET]**HIDDEN**:1195, sid=64570081 db373b52
Mon Sep 15 15:31:49 2014 VERIFY OK: depth=2, CN=**HIDDEN**
Mon Sep 15 15:31:49 2014 VERIFY OK: depth=1, CN=**HIDDEN**
Mon Sep 15 15:31:49 2014 VERIFY OK: nsCertType=SERVER
Mon Sep 15 15:31:49 2014 VERIFY OK: depth=0, CN=**HIDDEN**
Mon Sep 15 15:31:50 2014 WARNING: 'comp-lzo' is present in local config but missing in remote config, local='comp-lzo'
Mon Sep 15 15:31:50 2014 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Sep 15 15:31:50 2014 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Sep 15 15:31:50 2014 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Sep 15 15:31:50 2014 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Sep 15 15:31:50 2014 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 4096 bit RSA
Mon Sep 15 15:31:50 2014 [**HIDDEN**] Peer Connection Initiated with [AF_INET]**HIDDEN**:1195
Mon Sep 15 15:31:52 2014 SENT CONTROL [**HIDDEN**]: 'PUSH_REQUEST' (status=1)
Mon Sep 15 15:31:53 2014 PUSH: Received control message: 'PUSH_REPLY,ping 3,ping-restart 10,ifconfig 192.168.30.13 192.168.30.14,dhcp-option DNS 8.8.8.8,route-gateway 192.168.30.14,redirect-gateway def1'

and then again over and over....

Mon Sep 15 15:31:53 2014 OPTIONS IMPORT: timers and/or timeouts modified
Mon Sep 15 15:31:53 2014 OPTIONS IMPORT: --ifconfig/up options modified
Mon Sep 15 15:31:53 2014 OPTIONS IMPORT: route options modified
Mon Sep 15 15:31:53 2014 OPTIONS IMPORT: route-related options modified
Mon Sep 15 15:31:53 2014 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Mon Sep 15 15:31:53 2014 Preserving previous TUN/TAP instance: Local Area Connection 2
Mon Sep 15 15:31:53 2014 Initialization Sequence Completed
Mon Sep 15 15:32:03 2014 [**HIDDEN**] Inactivity timeout (--ping-restart), restarting
Mon Sep 15 15:32:03 2014 SIGUSR1[soft,ping-restart] received, process restarting
Mon Sep 15 15:32:03 2014 Restart pause, 5 second(s)
Mon Sep 15 15:32:08 2014 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Mon Sep 15 15:32:08 2014 Socket Buffers: R=[8192->8192] S=[8192->8192]
Mon Sep 15 15:32:08 2014 Attempting to establish TCP connection with [AF_INET]**HIDDEN**:1195
Mon Sep 15 15:32:08 2014 TCP connection established with [AF_INET]**HIDDEN**:1195
Mon Sep 15 15:32:08 2014 TCPv4_CLIENT link local: [undef]
Mon Sep 15 15:32:08 2014 TCPv4_CLIENT link remote: [AF_INET]**HIDDEN**:1195
Mon Sep 15 15:32:08 2014 TLS: Initial packet from [AF_INET]**HIDDEN**:1195, sid=ab431d91 d25a8f85
Mon Sep 15 15:32:09 2014 VERIFY OK: depth=2, CN=**HIDDEN**
Mon Sep 15 15:32:09 2014 VERIFY OK: depth=1, CN=**HIDDEN**
Mon Sep 15 15:32:09 2014 VERIFY OK: nsCertType=SERVER
Mon Sep 15 15:32:09 2014 VERIFY OK: depth=0, CN=**HIDDEN**
Mon Sep 15 15:32:09 2014 WARNING: 'comp-lzo' is present in local config but missing in remote config, local='comp-lzo'
Mon Sep 15 15:32:09 2014 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Sep 15 15:32:09 2014 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Sep 15 15:32:09 2014 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Sep 15 15:32:09 2014 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Sep 15 15:32:09 2014 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 4096 bit RSA
Mon Sep 15 15:32:09 2014 [**HIDDEN**] Peer Connection Initiated with [AF_INET]**HIDDEN**:1195
Mon Sep 15 15:32:11 2014 SENT CONTROL [**HIDDEN**]: 'PUSH_REQUEST' (status=1)
Mon Sep 15 15:32:11 2014 PUSH: Received control message: 'PUSH_REPLY,ping 3,ping-restart 10,ifconfig 192.168.30.13 192.168.30.14,dhcp-option DNS 8.8.8.8,route-gateway 192.168.30.14,redirect-gateway def1'
Mon Sep 15 15:32:11 2014 OPTIONS IMPORT: timers and/or timeouts modified
Mon Sep 15 15:32:11 2014 OPTIONS IMPORT: --ifconfig/up options modified
Mon Sep 15 15:32:11 2014 OPTIONS IMPORT: route options modified
Mon Sep 15 15:32:11 2014 OPTIONS IMPORT: route-related options modified
Mon Sep 15 15:32:11 2014 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Mon Sep 15 15:32:11 2014 Preserving previous TUN/TAP instance: Local Area Connection 2
Mon Sep 15 15:32:11 2014 Initialization Sequence Completed
Mon Sep 15 15:32:21 2014 [**HIDDEN**] Inactivity timeout (--ping-restart), restarting
Mon Sep 15 15:32:21 2014 SIGUSR1[soft,ping-restart] received, process restarting
Mon Sep 15 15:32:21 2014 Restart pause, 5 second(s)
Mon Sep 15 15:32:26 2014 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Mon Sep 15 15:32:26 2014 Socket Buffers: R=[8192->8192] S=[8192->8192]
Mon Sep 15 15:32:26 2014 Attempting to establish TCP connection with [AF_INET]**HIDDEN**:1195
Mon Sep 15 15:32:26 2014 C:\Windows\system32\route.exe DELETE **HIDDEN** MASK 255.255.255.255 172.22.44.1
Mon Sep 15 15:32:26 2014 Route deletion via IPAPI succeeded [adaptive]
Mon Sep 15 15:32:26 2014 C:\Windows\system32\route.exe DELETE 0.0.0.0 MASK 128.0.0.0 192.168.30.14
Mon Sep 15 15:32:26 2014 Route deletion via IPAPI succeeded [adaptive]
Mon Sep 15 15:32:26 2014 C:\Windows\system32\route.exe DELETE 128.0.0.0 MASK 128.0.0.0 192.168.30.14
Mon Sep 15 15:32:26 2014 Route deletion via IPAPI succeeded [adaptive]
Mon Sep 15 15:32:26 2014 Closing TUN/TAP interface
Mon Sep 15 15:32:26 2014 SIGTERM[hard,init_instance] received, process exiting



As a result during "connection" I get oin the client side machine the following, I get the ip:



Ethernet adapter Local Area Connection 2:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : TAP-Windows Adapter V9
Physical Address. . . . . . . . . : 00-FF-12-6E-8D-4E
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::e5b3:f145:64e4:5746%23(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.30.13(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.252
Lease Obtained. . . . . . . . . . : Monday, September 15, 2014 3:30:57 PM
Lease Expires . . . . . . . . . . : Tuesday, September 15, 2015 3:30:57 PM
Default Gateway . . . . . . . . . :
DHCP Server . . . . . . . . . . . : 192.168.30.14
DHCPv6 IAID . . . . . . . . . . . : 604045074
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-92-8A-AD-C4-34-6B-28-73-A5

DNS Servers . . . . . . . . . . . : 8.8.8.8
NetBIOS over Tcpip. . . . . . . . : Enabled


IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 172.22.44.1 172.22.44.15 25
0.0.0.0 128.0.0.0 192.168.30.14 192.168.30.13 30
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
128.0.0.0 128.0.0.0 192.168.30.14 192.168.30.13 30
172.22.44.0 255.255.255.0 On-link 172.22.44.15 281
172.22.44.15 255.255.255.255 On-link 172.22.44.15 281
172.22.44.255 255.255.255.255 On-link 172.22.44.15 281


Basically I can not reach anything except my local tennul endpoint ip.
192.168.30.1 - (supposed to be default gw) unreachable
192.168.30.14 - (supposed to be far tunnel end) unreachable





Case: OpenVPN client successfully connecting to OpenVPN Server:

Client command/config:
openvpn.exe --client --dev tun --remote A.B.C.D 1195 --resolv-retry 3 --proto tcp-client --persist-tun --comp-lzo --verb 3 --auth-user-pass login.conf --ns-cert-type server --ca "cachain.pem" --redirect-gateway --log "C:\Users\***HIDDEN***\openvpn.log"

Client log:

Mon Sep 15 14:05:00 2014 OpenVPN 2.3.1 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [eurephia] [IPv6] built on Mar 28 2013
Mon Sep 15 14:05:00 2014 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:10011
Mon Sep 15 14:05:00 2014 Need password(s) from management interface, waiting...
Mon Sep 15 14:05:01 2014 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:10011
Mon Sep 15 14:05:02 2014 MANAGEMENT: CMD 'state on 1'
Mon Sep 15 14:05:02 2014 MANAGEMENT: CMD 'username Auth ***HIDDEN***'
Mon Sep 15 14:05:02 2014 MANAGEMENT: CMD 'password [...]'
Mon Sep 15 14:05:02 2014 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Mon Sep 15 14:05:02 2014 Socket Buffers: R=[8192->8192] S=[8192->8192]
Mon Sep 15 14:05:02 2014 Attempting to establish TCP connection with [AF_INET]***HIDDEN***:1195
Mon Sep 15 14:05:02 2014 MANAGEMENT: >STATE:1410779102,TCP_CONNECT,,,
Mon Sep 15 14:05:02 2014 TCP connection established with [AF_INET]***HIDDEN***:1195
Mon Sep 15 14:05:02 2014 TCPv4_CLIENT link local: [undef]
Mon Sep 15 14:05:02 2014 TCPv4_CLIENT link remote: [AF_INET]***HIDDEN***:1195
Mon Sep 15 14:05:02 2014 MANAGEMENT: >STATE:1410779102,WAIT,,,
Mon Sep 15 14:05:02 2014 MANAGEMENT: >STATE:1410779102,AUTH,,,
Mon Sep 15 14:05:02 2014 TLS: Initial packet from [AF_INET]***HIDDEN***:1195, sid=96f2cbf9 ea8341df
Mon Sep 15 14:05:02 2014 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Mon Sep 15 14:05:05 2014 VERIFY OK: depth=2, CN=***HIDDEN***
Mon Sep 15 14:05:05 2014 VERIFY OK: depth=1, CN=***HIDDEN***
Mon Sep 15 14:05:05 2014 VERIFY OK: nsCertType=SERVER
Mon Sep 15 14:05:05 2014 VERIFY OK: depth=0, CN=***HIDDEN***
Mon Sep 15 14:05:06 2014 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Sep 15 14:05:06 2014 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Sep 15 14:05:06 2014 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Sep 15 14:05:06 2014 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Sep 15 14:05:06 2014 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 4096 bit RSA
Mon Sep 15 14:05:06 2014 [**HIDDEN**] Peer Connection Initiated with [AF_INET]***HIDDEN***:1195
Mon Sep 15 14:05:07 2014 MANAGEMENT: >STATE:1410779107,GET_CONFIG,,,
Mon Sep 15 14:05:08 2014 SENT CONTROL [***HIDDEN***]: 'PUSH_REQUEST' (status=1)
Mon Sep 15 14:05:08 2014 PUSH: Received control message: 'PUSH_REPLY,route-gateway 10.64.0.1,dhcp-option DNS 8.8.8.8,topology subnet,ping 7,ping-restart 20,socket-flags TCP_NODELAY,ifconfig 10.64.0.124 255.240.0.0'
Mon Sep 15 14:05:08 2014 OPTIONS IMPORT: timers and/or timeouts modified
Mon Sep 15 14:05:08 2014 OPTIONS IMPORT: --socket-flags option modified
Mon Sep 15 14:05:08 2014 OPTIONS IMPORT: --ifconfig/up options modified
Mon Sep 15 14:05:08 2014 OPTIONS IMPORT: route-related options modified
Mon Sep 15 14:05:08 2014 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Mon Sep 15 14:05:08 2014 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Mon Sep 15 14:05:08 2014 MANAGEMENT: >STATE:1410779108,ASSIGN_IP,,10.64.0.124,
Mon Sep 15 14:05:08 2014 open_tun, tt->ipv6=0
Mon Sep 15 14:05:08 2014 TAP-WIN32 device [Local Area Connection 2] opened: \\.\Global\{126E8D4E-3951-4E65-BEC0-E030CF97E828}.tap
Mon Sep 15 14:05:08 2014 TAP-Windows Driver Version 9.9
Mon Sep 15 14:05:08 2014 Set TAP-Windows TUN subnet mode network/local/netmask = 10.64.0.0/10.64.0.124/255.240.0.0 [SUCCEEDED]
Mon Sep 15 14:05:08 2014 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.64.0.124/255.240.0.0 on interface {126E8D4E-3951-4E65-BEC0-E030CF97E828} [DHCP-serv: 10.79.255.254, lease-time: 31536000]
Mon Sep 15 14:05:08 2014 Successful ARP Flush on interface [23] {126E8D4E-3951-4E65-BEC0-E030CF97E828}
Mon Sep 15 14:05:13 2014 TEST ROUTES: 1/1 succeeded len=0 ret=1 a=0 u/d=up
Mon Sep 15 14:05:13 2014 C:\Windows\system32\route.exe ADD ***HIDDEN*** MASK 255.255.255.255 172.22.44.1
Mon Sep 15 14:05:13 2014 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=25 and dwForwardType=4
Mon Sep 15 14:05:13 2014 Route addition via IPAPI succeeded [adaptive]
Mon Sep 15 14:05:13 2014 C:\Windows\system32\route.exe DELETE 0.0.0.0 MASK 0.0.0.0 172.22.44.1
Mon Sep 15 14:05:13 2014 Route deletion via IPAPI succeeded [adaptive]
Mon Sep 15 14:05:13 2014 C:\Windows\system32\route.exe ADD 0.0.0.0 MASK 0.0.0.0 10.64.0.1
Mon Sep 15 14:05:13 2014 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Mon Sep 15 14:05:13 2014 Route addition via IPAPI succeeded [adaptive]
Mon Sep 15 14:05:13 2014 Initialization Sequence Completed
Mon Sep 15 14:05:13 2014 MANAGEMENT: >STATE:1410779113,CONNECTED,SUCCESS,10.64.0.124,***HIDDEN***



here is what I get on the interface for tunnel when all is OK with OpenVPN server:

Ethernet adapter Local Area Connection 2:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : TAP-Windows Adapter V9
Physical Address. . . . . . . . . : 00-FF-12-6E-8D-4E
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::e5b3:f145:64e4:5746%23(Preferred)
IPv4 Address. . . . . . . . . . . : 10.64.0.124(Preferred)
Subnet Mask . . . . . . . . . . . : 255.240.0.0
Lease Obtained. . . . . . . . . . : Monday, September 15, 2014 2:05:08 PM
Lease Expires . . . . . . . . . . : Tuesday, September 15, 2015 2:05:08 PM
Default Gateway . . . . . . . . . : 10.64.0.1
DHCP Server . . . . . . . . . . . : 10.79.255.254
DHCPv6 IAID . . . . . . . . . . . : 604045074
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-92-8A-AD-C4-34-6B-28-73-A5

DNS Servers . . . . . . . . . . . : 8.8.8.8
NetBIOS over Tcpip. . . . . . . . : Enabled

here is my routing table clientside ( some routes removed):


IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.64.0.1 10.64.0.124 30
10.64.0.0 255.240.0.0 On-link 10.64.0.124 286
10.64.0.124 255.255.255.255 On-link 10.64.0.124 286
172.22.44.0 255.255.255.0 On-link 172.22.44.15 281
172.22.44.15 255.255.255.255 On-link 172.22.44.15 281
172.22.44.255 255.255.255.255 On-link 172.22.44.15 281











Official SoftEther (unmodified) success with official client




2014-09-15 03:07:29.412 On the TCP Listener (Port 443), a Client (IP address **HIDDEN**, Host name "**HIDDEN**", Port number 9146) has connected.
2014-09-15 03:07:29.412 For the client (IP address: **HIDDEN**, host name: "**HIDDEN**", port number: 9146), connection "CID-58" has been created.
2014-09-15 03:07:29.613 SSL communication for connection "CID-58" has been started. The encryption algorithm name is "RC4-MD5".
2014-09-15 03:07:30.742 [HUB "VPN"] The connection "CID-58" (IP address: **HIDDEN**, Host name: **HIDDEN**, Port number: 9146, Client name: "SoftEther VPN Client", Version: 4.10, Build: 9473) is attempting to connect to the Virtual Hub. The auth type provided is "Password authentication" and the user name is "yurun".
2014-09-15 03:07:30.742 [HUB "VPN"] Connection "CID-58": Successfully authenticated as user "yurun".
2014-09-15 03:07:30.742 [HUB "VPN"] Connection "CID-58": The new session "SID-YURUN-30" has been created. (IP address: **HIDDEN**, Port number: 9146, Physical underlying protocol: "Standard TCP/IP (IPv4)")
2014-09-15 03:07:30.742 [HUB "VPN"] Session "SID-YURUN-30": The parameter has been set. Max number of TCP connections: 2, Use of encryption: Yes, Use of compression: No, Use of Half duplex communication: No, Timeout: 20 seconds.
2014-09-15 03:07:30.742 [HUB "VPN"] Session "SID-YURUN-30": VPN Client details: (Client product name: "SoftEther VPN Client", Client version: 410, Client build number: 9473, Server product name: "SoftEther VPN Server (64 bit) (Open Source)", Server version: 410, Server build number: 9473, Client OS name: "Windows 7", Client OS version: "Build 7601, Multiprocessor Free, Service Pack 1 (7601.win7sp1_gdr.140303-2144)", Client product ID: "--", Client host name: "KBP1-LHP-F55549.synapse.com", Client IP address: "172.22.44.15", Client port number: 57455, Server host name: "**HIDDEN**", Server IP address: "**HIDDEN**", Server port number: 443, Proxy host name: "", Proxy IP address: "0.0.0.0", Proxy port number: 0, Virtual Hub name: "VPN", Client unique ID: "22D7BCD3523D3426917F32B71A005194")
2014-09-15 03:07:31.518 [HUB "VPN"] SecureNAT: The DHCP entry 29 has been created. MAC address: 00-AC-70-A1-B2-97, IP address: 192.168.30.10, host name: KBP1-LHP-F55549, expiration span: 7200 seconds
2014-09-15 03:07:31.518 [HUB "VPN"] Session "SID-SECURENAT-1": The DHCP server of host "00-AC-95-FC-45-89" (192.168.30.1) on this session allocated, for host "SID-YURUN-30" on another session "00-AC-70-A1-B2-97", the new IP address 192.168.30.10.
2014-09-15 03:07:31.841 [HUB "VPN"] SecureNAT: The UDP session 1 has been created. Connection source 192.168.30.10:138, Connection destination 255.255.255.255:138
2014-09-15 03:07:31.931 [HUB "VPN"] SecureNAT: The UDP session 2 has been created. Connection source 192.168.30.10:52568, Connection destination 255.255.255.255:3702
2014-09-15 03:07:32.032 [HUB "VPN"] SecureNAT: The UDP session 3 has been created. Connection source 192.168.30.10:55776, Connection destination 8.8.8.8:53
2014-09-15 03:07:32.133 [HUB "VPN"] SecureNAT: The UDP session 5 has been created. Connection source 192.168.30.10:53018, Connection destination 255.255.255.255:1900
2014-09-15 03:07:32.405 [HUB "VPN"] SecureNAT: The UDP session 6 has been created. Connection source 192.168.30.10:57048, Connection destination 89.252.1.12:59347
2014-09-15 03:07:32.546 On the TCP Listener (Port 443), a Client (IP address **HIDDEN**, Host name "**HIDDEN**", Port number 46015) has connected.
2014-09-15 03:07:32.546 For the client (IP address: **HIDDEN**, host name: "**HIDDEN**", port number: 46015), connection "CID-59" has been created.
2014-09-15 03:07:32.727 [HUB "VPN"] SecureNAT: The UDP session 7 has been created. Connection source 192.168.30.10:52692, Connection destination 8.8.8.8:53
2014-09-15 03:07:32.738 SSL communication for connection "CID-59" has been started. The encryption algorithm name is "RC4-MD5".

[qupfer]

Hi,i found in your logfile:
Mon Sep 15 15:30:54 2014 WARNING: 'comp-lzo' is present in local config but missing in remote config, local='comp-lzo'

Maybe softether can't unpack the compressed traffic? Have you tried the softether generated ovpn-config files?
If not, try them^^ or reduce your commandline to a minimum and add one featur by one, I mean, try first

Client command/config:
openvpn.exe --client --dev tun --remote **HIDDEN** 1195 --resolv-retry 3 --proto tcp-client --persist-tun --verb 3 --auth-user-pass

The auto-gen file:
http://pastebin.com/wh02sNiX

And now my personal opinion about your post:

Please, don't post all "logs" in one post. Its realy hard to read.
Use some "hosting" solution like pastebin or dropbox or something like that. So, if someone is interessed in the log, they can read it. If not, it's just a small line to "ignore" instead a complete log.

And some information about your network could also help.
I found many different private ranges and I'm not in the mood to recunstruct the "meaning" of them in your network.
172.22.44.x
192.168.30.x
10.64.0.x
10.79.x.x

And if you hide a IP, please don't use A.B.C.D, because so you can't see directly if it is a global or local ip.
Of course, your subnetmask is a huge indicator for a global ip, but you can't be sure. And the information, that you havn't a nat is also hidden very well in the wall of text.

[yurun]

qupfer, thanks it really helped! You made my Monday, really thanks man.

I think I must have tried it before, but it might have not worked for other reason...

I will sure try to keep posts as short as possible, sorry for this. I tried to put as much info.

Any idea how to enforce "no lzo-compression"?
I tried to push command from server "comp-lzo no", but it does not seem to work.
The problem is I can't really reconfigure existing clients which start their openvpn.exe with "--comp-lzo".
Maybe any other ideas how to workaround such configured clients with SoftEther?

[thisjun]

Why didn't you use sample configuration obtained from VPN Server ?