Problems with OpenVPN server

[ivicav]

I created OpenVPN server on virtual machine. But I have some problems with using it. Attached is basic scheme of my config.

1. Operating system name and the type of CPU-bits
CentOS 7.1 64bit

2. The result of "ifconfig –a"

[root@localhost ~]# ifconfig -a
eth0: flags=4419<UP,BROADCAST,RUNNING,PROMISC,MULTICAST> mtu 1500
inet 172.28.42.3 netmask 255.255.255.0 broadcast 172.28.42.255
inet6 fe80::215:5dff:fe2a:a05 prefixlen 64 scopeid 0x20<link>
ether 00:15:5d:2a:0a:05 txqueuelen 1000 (Ethernet)
RX packets 2133816 bytes 284848597 (271.6 MiB)
RX errors 0 dropped 20 overruns 0 frame 0
TX packets 868233 bytes 760198346 (724.9 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

eth1: flags=4419<UP,BROADCAST,RUNNING,PROMISC,MULTICAST> mtu 1500
inet 192.168.30.2 netmask 255.255.255.0 broadcast 192.168.30.255
inet6 fe80::215:5dff:fe2a:a06 prefixlen 64 scopeid 0x20<link>
ether 00:15:5d:2a:0a:06 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 176645 bytes 11365477 (10.8 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 0 (Local Loopback)
RX packets 11659 bytes 1067696 (1.0 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 11659 bytes 1067696 (1.0 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

3. The result of "uname –a"

Linux localhost.localdomain 3.10.0-229.el7.x86_64 #1 SMP Fri Mar 6 11:36:42 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux

4. The build number of SoftEther VPN

SoftEther VPN Server (Ver 4.15, Build 9546, beta)

5. Which SoftEther VPN component are you using?

Only server. I want to use OpenVPN since my port 1194 is free and I want VPN server behind NAT and firewall.

6. Whether or not there is a NAT or Firewall between your VPN server and the Internet.

Yes, there is NAT-ed port 1194 tcp/udp and listener is configured. VPN server is connected on one LAN and is behind router and NAT.

7. Are you using SecureNAT?

Yes. To be honest I could not understand clearly how should bridge work in this config since all traffic went through one interface (eth0) an goes out through same one.. Hub is connected on local interface eth1 which is not connected anywhere physically.

I am trying to accomplish remote access to LAN. When I try my phone (Android) using openvpn client everything works fine and I can ping every PC in my remote LAN. But when I try to use Windows client it ends badly. Cannot ping anything in LAN, Internet is not working. I tried to push routes to local LAN (172.28.42.0/255.255.255.0/192.168.30.1), but same results. Log from client is attached.

Anyone have some idea?

[hatimux]

The first problem I can see:
RESOLVE: Cannot resolve host address: myserver.v4.softether.net: No such host is known.

The client is unable to resolve the IP address of your server. Try to modify the config file and put directly the IP address of the server instead of its name.

[ivicav]

hatimux wrote:
> The first problem I can see:
> RESOLVE: Cannot resolve host address: myserver.v4.softether.net: No such
> host is known.
>
> The client is unable to resolve the IP address of your server. Try to
> modify the config file and put directly the IP address of the server
> instead of its name.


If I modify config with public IP address client cannot connect at all... Also if you look at config you will see lines:

[i]Tue May 19 11:51:31 2015 [myserver.softether.net] Peer Connection Initiated with [AF_INET]89.216.X.X:1194[/i]

And after few seconds there is another line

[i]Tue May 19 11:51:56 2015 [myserver.softether.net] Inactivity timeout (--ping-restart), restarting
Tue May 19 11:51:56 2015 SIGUSR1[soft,ping-restart] received, process restarting
Tue May 19 11:51:56 2015 MANAGEMENT: >STATE:1432029116,RECONNECTING,ping-restart,,
Tue May 19 11:51:56 2015 Restart pause, 2 second(s)
Tue May 19 11:51:58 2015 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Tue May 19 11:51:58 2015 Socket Buffers: R=[65536->65536] S=[65536->65536]
Tue May 19 11:51:58 2015 MANAGEMENT: >STATE:1432029118,RESOLVE,,,
Tue May 19 11:52:10 2015 RESOLVE: Cannot resolve host address: myserver.v4.softether.net: No such host is known.[/i]


Also when I ping myserver.v4.softether.net client computer resolves successfully IP address as it should.

[hatimux]

Can you provide the result of a "route -n" before and after you connect to the server.
It seems that there is a problem with the gateway configuration:
Tue May 19 11:51:39 2015 Warning: route gateway is ambiguous: 192.168.1.1 (2 matches)

[ivicav]

hatimux wrote:
> Can you provide the result of a "route -n" before and after you
> connect to the server.
> It seems that there is a problem with the gateway configuration:
> Tue May 19 11:51:39 2015 Warning: route gateway is ambiguous: 192.168.1.1
> (2 matches)

Thank you for idea. Problem was my VMWare virtual interface with same IP as my LAN network I was connected. I changed IP scope and cleared some old persistent routes from client and now everything works just fine.

Again, thanks for idea. Softether is by far best VPN software I found. Much appreciation for people from University of Tsukuba and their work.