Cannot get openvpn to work, traffic is not routed/flowing
-
I followed this guide: https://forum.pfsense.org/index.php?topic=84866.msg469736#msg469736
I'm getting no route to host when pinging from pfsense connected through SSH.My lan machines are set to use 192.168.2.1 as the default gateway
ifconfig
vtnet0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500 options=6c00bb <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum,vlan_hwtso,linkstate,rxcsum_ipv6,txcsum_ipv6>ether 52:54:00:32:5b:97 inet6 fe80::5054:ff:fe32:5b97%vtnet0 prefixlen 64 scopeid 0x1 inet 192.168.1.2 netmask 0xffffff00 broadcast 192.168.1.255 nd6 options=21 <performnud,auto_linklocal>media: Ethernet 10Gbase-T <full-duplex> status: active vtnet1: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500 options=6c00bb <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum,vlan_hwtso,linkstate,rxcsum_ipv6,txcsum_ipv6>ether 52:54:00:32:b5:de inet6 fe80::5054:ff:fe32:b5de%vtnet1 prefixlen 64 scopeid 0x2 inet 192.168.2.1 netmask 0xffff0000 broadcast 192.168.255.255 nd6 options=21 <performnud,auto_linklocal>media: Ethernet 10Gbase-T <full-duplex> status: active pflog0: flags=100 <promisc>metric 0 mtu 33144 pfsync0: flags=0<> metric 0 mtu 1500 syncpeer: 224.0.0.240 maxupd: 128 defer: on syncok: 1 lo0: flags=8049 <up,loopback,running,multicast>metric 0 mtu 16384 options=600003 <rxcsum,txcsum,rxcsum_ipv6,txcsum_ipv6>inet 127.0.0.1 netmask 0xff000000 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5 nd6 options=21 <performnud,auto_linklocal>enc0: flags=0<> metric 0 mtu 1536 nd6 options=21 <performnud,auto_linklocal>ovpnc1: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500 options=80000 <linkstate>ether 00:bd:d9:00:00:01 inet6 fe80::2bd:d9ff:fe00:1%ovpnc1 prefixlen 64 scopeid 0x7 inet 192.253.240.70 netmask 0xffffffe0 broadcast 192.253.240.70 nd6 options=21 <performnud,auto_linklocal>media: Ethernet autoselect status: no carrier tun1: flags=8010 <pointopoint,multicast>metric 0 mtu 1500 options=80000 <linkstate>nd6 options=21 <performnud,auto_linklocal>Opened by PID 63253</performnud,auto_linklocal></linkstate></pointopoint,multicast></performnud,auto_linklocal></linkstate></up,broadcast,running,simplex,multicast></performnud,auto_linklocal></performnud,auto_linklocal></rxcsum,txcsum,rxcsum_ipv6,txcsum_ipv6></up,loopback,running,multicast></promisc></full-duplex></performnud,auto_linklocal></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum,vlan_hwtso,linkstate,rxcsum_ipv6,txcsum_ipv6></up,broadcast,running,simplex,multicast></full-duplex></performnud,auto_linklocal></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum,vlan_hwtso,linkstate,rxcsum_ipv6,txcsum_ipv6></up,broadcast,running,simplex,multicast>
http://screencloud.net/v/o2Us
route-delay 2 auth-nocache; keepalive 10 120; pull; route-nopull; route 0.0.0.0 0.0.0.0; remote-cert-tls server;
Mar 5 17:21:15 openvpn[62917]: WARNING: file '/var/etc/openvpn/client1.up' is group or others accessible Mar 5 17:21:15 openvpn[63253]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Mar 5 17:21:15 openvpn[63253]: Control Channel Authentication: using '/var/etc/openvpn/client1.tls-auth' as a OpenVPN static key file Mar 5 17:21:15 openvpn[63253]: Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Mar 5 17:21:15 openvpn[63253]: Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Mar 5 17:21:15 openvpn[63253]: LZO compression initialized Mar 5 17:21:15 openvpn[63253]: Control Channel MTU parms [ L:1558 D:166 EF:66 EB:0 ET:0 EL:0 ] Mar 5 17:21:15 openvpn[63253]: Socket Buffers: R=[42080->65536] S=[57344->65536] Mar 5 17:21:16 openvpn[63253]: Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ] Mar 5 17:21:16 openvpn[63253]: Local Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client' Mar 5 17:21:16 openvpn[63253]: Expected Remote Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server' Mar 5 17:21:16 openvpn[63253]: Local Options hash (VER=V4): '9e7066d2' Mar 5 17:21:16 openvpn[63253]: Expected Remote Options hash (VER=V4): '162b04de' Mar 5 17:21:16 openvpn[63253]: UDPv4 link local (bound): [AF_INET]192.168.1.2 Mar 5 17:21:16 openvpn[63253]: UDPv4 link remote: [AF_INET]192.253.240.2:53 Mar 5 17:21:16 openvpn[63253]: TLS: Initial packet from [AF_INET]192.253.240.2:53, sid=4ecbb28d 58748260 Mar 5 17:21:17 openvpn[63253]: VERIFY OK: depth=1, C=HK, ST=HK, L=HongKong, O=PureVPN, OU=IT, CN=PureVPN, name=PureVPN, emailAddress=mail@host.domain Mar 5 17:21:17 openvpn[63253]: Validating certificate key usage Mar 5 17:21:17 openvpn[63253]: ++ Certificate has key usage 00a0, expects 00a0 Mar 5 17:21:17 openvpn[63253]: VERIFY KU OK Mar 5 17:21:17 openvpn[63253]: Validating certificate extended key usage Mar 5 17:21:17 openvpn[63253]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication Mar 5 17:21:17 openvpn[63253]: VERIFY EKU OK Mar 5 17:21:17 openvpn[63253]: VERIFY OK: depth=0, C=HK, ST=HK, L=HongKong, O=PureVPN, OU=IT, CN=PureVPN, name=PureVPN, emailAddress=mail@host.domain Mar 5 17:21:21 openvpn[63253]: Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key Mar 5 17:21:21 openvpn[63253]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Mar 5 17:21:21 openvpn[63253]: Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key Mar 5 17:21:21 openvpn[63253]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Mar 5 17:21:21 openvpn[63253]: Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA Mar 5 17:21:21 openvpn[63253]: [PureVPN] Peer Connection Initiated with [AF_INET]192.253.240.2:53 Mar 5 17:21:23 openvpn[63253]: SENT CONTROL [PureVPN]: 'PUSH_REQUEST' (status=1) Mar 5 17:21:23 openvpn[63253]: PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 208.67.222.222,dhcp-option DNS 8.8.4.4,route-gateway 192.253.240.65,topology subnet,ping 10,ping-restart 120,ifconfig 192.253.240.70 255.255.255.224' Mar 5 17:21:23 openvpn[63253]: Options error: option 'redirect-gateway' cannot be used in this context ([PUSH-OPTIONS]) Mar 5 17:21:23 openvpn[63253]: Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS]) Mar 5 17:21:23 openvpn[63253]: Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS]) Mar 5 17:21:23 openvpn[63253]: OPTIONS IMPORT: timers and/or timeouts modified Mar 5 17:21:23 openvpn[63253]: OPTIONS IMPORT: --ifconfig/up options modified Mar 5 17:21:23 openvpn[63253]: OPTIONS IMPORT: route-related options modified Mar 5 17:21:23 openvpn[63253]: WARNING: potential conflict between --remote address [192.253.240.2] and --ifconfig address pair [192.253.240.70, 255.255.255.224] -- this is a warning only that is triggered when local/remote addresses exist within the same /24 subnet as --ifconfig endpoints. (silence this warning with --ifconfig-nowarn) Mar 5 17:21:23 openvpn[63253]: ROUTE_GATEWAY 192.168.1.1 Mar 5 17:21:23 openvpn[63253]: TUN/TAP device ovpnc1 exists previously, keep at program end Mar 5 17:21:23 openvpn[63253]: TUN/TAP device /dev/tun1 opened Mar 5 17:21:23 openvpn[63253]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0 Mar 5 17:21:23 openvpn[63253]: /sbin/ifconfig ovpnc1 192.253.240.70 192.253.240.70 mtu 1500 netmask 255.255.255.224 up Mar 5 17:21:23 openvpn[63253]: /sbin/route add -net 192.253.240.64 192.253.240.70 255.255.255.224 Mar 5 17:21:23 openvpn[63253]: ERROR: FreeBSD route add command failed: external program exited with error status: 1 Mar 5 17:21:23 openvpn[63253]: /usr/local/sbin/ovpn-linkup ovpnc1 1500 1558 192.253.240.70 255.255.255.224 init Mar 5 17:21:25 openvpn[63253]: /sbin/route add -net 0.0.0.0 192.253.240.65 0.0.0.0 Mar 5 17:21:25 openvpn[63253]: ERROR: FreeBSD route add command failed: external program exited with error status: 1 Mar 5 17:21:25 openvpn[63253]: Initialization Sequence Completed
netstat -nr Routing tables Internet: Destination Gateway Flags Netif Expire default 192.168.1.1 UGS vtnet0 127.0.0.1 link#5 UH lo0 192.168.0.0/16 link#2 U vtnet1 192.168.1.0/24 link#1 U vtnet0 192.168.1.2 link#1 UHS lo0 192.168.2.1 link#2 UHS lo0 192.253.240.64/27 link#7 U ovpnc1 192.253.240.70 link#7 UHS lo0
Firewall rules
LAN
ID Proto Source Port Destination Port Gateway Queue Schedule Description delete selected rules add pass * * * LAN Address 443 80 22 * * Anti-Lockout Rule move edit add avanced icon IPv4 * LAN net * * * PUREVPN_VPNV4 none Default allow LAN to any rule move selected rules before this rule edit delete add icon IPv6 * LAN net * * * * none Default allow LAN IPv6 to any rule move selected rules before this rule edit delete add
WAN
ID Proto Source Port Destination Port Gateway Queue Schedule Description delete add block * RFC 1918 networks * * * * * Block private networks edit edit add block * Reserved/not assigned by IANA * * * * * * Block bogon networks move edit add
Other tabs are empty.
NAT set to manual outbound rule generation
Interface Source Source Port Destination Destination Port NAT Address NAT Port Static Port Description add icon WAN 127.0.0.0/8 * * 500 WAN address * YES Auto created rule for ISAKMP - localhost to WAN move selected rules before this rule edit delete duplicate icon PUREVPN 127.0.0.0/8 * * 500 PUREVPN address * YES Auto created rule for ISAKMP - localhost to WAN move selected rules before this rule edit delete duplicate icon WAN 127.0.0.0/8 * * * WAN address * NO Auto created rule - localhost to WAN move selected rules before this rule edit delete duplicate icon PUREVPN 127.0.0.0/8 * * * PUREVPN address * NO Auto created rule - localhost to WAN move selected rules before this rule edit delete duplicate icon WAN 192.168.0.0/16 * * 500 WAN address * YES Auto created rule for ISAKMP - LAN to WAN move selected rules before this rule edit delete duplicate icon PUREVPN 192.168.0.0/16 * * 500 PUREVPN address * YES Auto created rule for ISAKMP - LAN to WAN move selected rules before this rule edit delete duplicate icon WAN 192.168.0.0/16 * * * WAN address * NO Auto created rule - LAN to WAN move selected rules before this rule edit delete duplicate icon PUREVPN 192.168.0.0/16 * * * PUREVPN address * NO Auto created rule - LAN to WAN move selected rules before this rule edit delete duplicate
EDIT: Here's the open vpn settings from purevpn themselves.
client dev tun proto udp remote hk1-ovpn-udp.purevpn.net 53 persist-key persist-tun ca ca.crt tls-auth Wdc.key 1 cipher AES-256-CBC comp-lzo verb 1 mute 20 route-method exe route-delay 2 route 0.0.0.0 0.0.0.0 auth-user-pass auth-retry interact explicit-exit-notify 2 ifconfig-nowarn auth-nocache
-
Use tap device.
-
Same thing. I got a little bit further as i set it back to TUN and took out:
pull; route-nopull; route 0.0.0.0 0.0.0.0;
Now the default gateway is correctly set to route all traffic through the VPN gateway when i type
netstat -nr
Now my problem is clients in the 192.168.2.0/24 subnet cannot get out through the VPN. I can ping 192.168.2.1 but anything else wont work, dns doesnt work either. Seems like it's being blocked by pfsense but it's not showing up in the logs.
-
From the OVPN server you get an IP in it's own subnet. That only works correctly with tap device as it is suggested by PureVPN.
So use tap and if there are further problems post the logs again. -
Changed back to TAP, left the advanced options out.
[2.2-RELEASE][admin@vm-vpn.home.vpn]/root: ifconfig vtnet0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500 options=6c00bb <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum,vlan_hwtso,linkstate,rxcsum_ipv6,txcsum_ipv6>ether 52:54:00:32:5b:97 inet 192.168.3.1 netmask 0xffffff00 broadcast 192.168.3.255 inet6 fe80::5054:ff:fe32:5b97%vtnet0 prefixlen 64 scopeid 0x1 nd6 options=21 <performnud,auto_linklocal>media: Ethernet 10Gbase-T <full-duplex>status: active vtnet1: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500 options=6c00bb <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum,vlan_hwtso,linkstate,rxcsum_ipv6,txcsum_ipv6>ether 52:54:00:32:b5:de inet 192.168.2.1 netmask 0xffff0000 broadcast 192.168.255.255 inet6 fe80::5054:ff:fe32:b5de%vtnet1 prefixlen 64 scopeid 0x2 nd6 options=21 <performnud,auto_linklocal>media: Ethernet 10Gbase-T <full-duplex>status: active pflog0: flags=100 <promisc>metric 0 mtu 33144 pfsync0: flags=0<> metric 0 mtu 1500 syncpeer: 224.0.0.240 maxupd: 128 defer: on syncok: 1 lo0: flags=8049 <up,loopback,running,multicast>metric 0 mtu 16384 options=600003 <rxcsum,txcsum,rxcsum_ipv6,txcsum_ipv6>inet 127.0.0.1 netmask 0xff000000 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5 nd6 options=21 <performnud,auto_linklocal>enc0: flags=0<> metric 0 mtu 1536 nd6 options=21 <performnud,auto_linklocal>ovpnc1: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500 options=80000 <linkstate>ether 00:bd:e7:00:00:01 inet6 fe80::2bd:e7ff:fe00:1%ovpnc1 prefixlen 64 scopeid 0x7 inet 192.253.240.75 netmask 0xffffffe0 broadcast 192.253.240.75 nd6 options=21 <performnud,auto_linklocal>media: Ethernet autoselect status: active Opened by PID 10235</performnud,auto_linklocal></linkstate></up,broadcast,running,simplex,multicast></performnud,auto_linklocal></performnud,auto_linklocal></rxcsum,txcsum,rxcsum_ipv6,txcsum_ipv6></up,loopback,running,multicast></promisc></full-duplex></performnud,auto_linklocal></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum,vlan_hwtso,linkstate,rxcsum_ipv6,txcsum_ipv6></up,broadcast,running,simplex,multicast></full-duplex></performnud,auto_linklocal></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum,vlan_hwtso,linkstate,rxcsum_ipv6,txcsum_ipv6></up,broadcast,running,simplex,multicast>
[2.2-RELEASE][admin@vm-vpn.home.vpn]/root: netstat -nr Routing tables Internet: Destination Gateway Flags Netif Expire 0.0.0.0/1 192.253.240.65 UGS ovpnc1 default 192.168.1.1 UGS vtnet1 127.0.0.1 link#5 UH lo0 128.0.0.0/1 192.253.240.65 UGS ovpnc1 192.168.0.0/16 link#2 U vtnet1 192.168.2.1 link#2 UHS lo0 192.168.3.0/24 link#1 U vtnet0 192.168.3.1 link#1 UHS lo0 192.253.240.2/32 192.168.1.1 UGS vtnet1 192.253.240.64/27 link#7 U ovpnc1 192.253.240.75 link#7 UHS lo0 Internet6: Destination Gateway Flags Netif Expire ::1 link#5 UH lo0 fe80::%vtnet0/64 link#1 U vtnet0 fe80::5054:ff:fe32:5b97%vtnet0 link#1 UHS lo0 fe80::%vtnet1/64 link#2 U vtnet1 fe80::5054:ff:fe32:b5de%vtnet1 link#2 UHS lo0 fe80::%lo0/64 link#5 U lo0 fe80::1%lo0 link#5 UHS lo0 fe80::%ovpnc1/64 link#7 U ovpnc1 fe80::2bd:e7ff:fe00:1%ovpnc1 link#7 UHS lo0 ff01::%vtnet0/32 fe80::5054:ff:fe32:5b97%vtnet0 U vtnet0 ff01::%vtnet1/32 fe80::5054:ff:fe32:b5de%vtnet1 U vtnet1 ff01::%lo0/32 ::1 U lo0 ff01::%ovpnc1/32 fe80::2bd:e7ff:fe00:1%ovpnc1 U ovpnc1 ff02::%vtnet0/32 fe80::5054:ff:fe32:5b97%vtnet0 U vtnet0 ff02::%vtnet1/32 fe80::5054:ff:fe32:b5de%vtnet1 U vtnet1 ff02::%lo0/32 ::1 U lo0 ff02::%ovpnc1/32 fe80::2bd:e7ff:fe00:1%ovpnc1 U ovpnc1
Mar 7 10:34:41 openvpn[10235]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Mar 7 10:34:41 openvpn[10235]: Control Channel Authentication: using '/var/etc/openvpn/client1.tls-auth' as a OpenVPN static key file Mar 7 10:34:41 openvpn[10235]: Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Mar 7 10:34:41 openvpn[10235]: Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Mar 7 10:34:41 openvpn[10235]: LZO compression initialized Mar 7 10:34:41 openvpn[10235]: Control Channel MTU parms [ L:1590 D:166 EF:66 EB:0 ET:0 EL:0 ] Mar 7 10:34:41 openvpn[10235]: Socket Buffers: R=[42080->65536] S=[57344->65536] Mar 7 10:34:47 openvpn[10235]: Data Channel MTU parms [ L:1590 D:1450 EF:58 EB:135 ET:32 EL:0 AF:3/1 ] Mar 7 10:34:47 openvpn[10235]: Local Options String: 'V4,dev-type tap,link-mtu 1590,tun-mtu 1532,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client' Mar 7 10:34:47 openvpn[10235]: Expected Remote Options String: 'V4,dev-type tap,link-mtu 1590,tun-mtu 1532,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server' Mar 7 10:34:47 openvpn[10235]: Local Options hash (VER=V4): '48527533' Mar 7 10:34:47 openvpn[10235]: Expected Remote Options hash (VER=V4): '44bd8b5e' Mar 7 10:34:47 openvpn[10235]: UDPv4 link local (bound): [AF_INET]192.168.3.1 Mar 7 10:34:47 openvpn[10235]: UDPv4 link remote: [AF_INET]192.253.240.2:53 Mar 7 10:34:47 openvpn[10235]: TLS: Initial packet from [AF_INET]192.253.240.2:53, sid=dddc401d 519eb1d9 Mar 7 10:35:01 openvpn[10235]: Validating certificate key usage Mar 7 10:35:01 openvpn[10235]: ++ Certificate has key usage 00a0, expects 00a0 Mar 7 10:35:01 openvpn[10235]: VERIFY KU OK Mar 7 10:35:01 openvpn[10235]: Validating certificate extended key usage Mar 7 10:35:01 openvpn[10235]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication Mar 7 10:35:01 openvpn[10235]: VERIFY EKU OK Mar 7 10:35:01 openvpn[10235]: VERIFY OK: depth=0, C=HK, ST=HK, L=HongKong, O=PureVPN, OU=IT, CN=PureVPN, name=PureVPN, emailAddress=mail@host.domain Mar 7 10:35:10 openvpn[10235]: WARNING: 'dev-type' is used inconsistently, local='dev-type tap', remote='dev-type tun' Mar 7 10:35:10 openvpn[10235]: WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1590', remote='link-mtu 1558' Mar 7 10:35:10 openvpn[10235]: WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1532', remote='tun-mtu 1500' Mar 7 10:35:10 openvpn[10235]: Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key Mar 7 10:35:10 openvpn[10235]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Mar 7 10:35:10 openvpn[10235]: Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key Mar 7 10:35:10 openvpn[10235]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Mar 7 10:35:10 openvpn[10235]: Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA Mar 7 10:35:10 openvpn[10235]: [PureVPN] Peer Connection Initiated with [AF_INET]192.253.240.2:53 Mar 7 10:35:12 openvpn[10235]: SENT CONTROL [PureVPN]: 'PUSH_REQUEST' (status=1) Mar 7 10:35:13 openvpn[10235]: PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 208.67.222.222,dhcp-option DNS 8.8.4.4,route-gateway 192.253.240.65,topology subnet,ping 10,ping-restart 120,ifconfig 192.253.240.75 255.255.255.224' Mar 7 10:35:13 openvpn[10235]: OPTIONS IMPORT: timers and/or timeouts modified Mar 7 10:35:13 openvpn[10235]: OPTIONS IMPORT: --ifconfig/up options modified Mar 7 10:35:13 openvpn[10235]: OPTIONS IMPORT: route options modified Mar 7 10:35:13 openvpn[10235]: OPTIONS IMPORT: route-related options modified Mar 7 10:35:13 openvpn[10235]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified Mar 7 10:35:13 openvpn[10235]: ROUTE_GATEWAY 192.168.1.1 Mar 7 10:35:13 openvpn[10235]: TUN/TAP device ovpnc1 exists previously, keep at program end Mar 7 10:35:13 openvpn[10235]: TUN/TAP device /dev/tap1 opened Mar 7 10:35:13 openvpn[10235]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0 Mar 7 10:35:13 openvpn[10235]: /sbin/ifconfig ovpnc1 192.253.240.75 192.253.240.75 mtu 1500 netmask 255.255.255.224 up Mar 7 10:35:13 openvpn[10235]: /sbin/route add -net 192.253.240.64 192.253.240.75 255.255.255.224 Mar 7 10:35:13 openvpn[10235]: ERROR: FreeBSD route add command failed: external program exited with error status: 1 Mar 7 10:35:13 openvpn[10235]: /usr/local/sbin/ovpn-linkup ovpnc1 1500 1590 192.253.240.75 255.255.255.224 init Mar 7 10:35:15 openvpn[10235]: /sbin/route add -net 192.253.240.2 192.168.1.1 255.255.255.255 Mar 7 10:35:15 openvpn[10235]: /sbin/route add -net 0.0.0.0 192.253.240.65 128.0.0.0 Mar 7 10:35:15 openvpn[10235]: /sbin/route add -net 128.0.0.0 192.253.240.65 128.0.0.0 Mar 7 10:35:15 openvpn[10235]: Initialization Sequence Completed
[2.2-RELEASE][admin@vm-vpn.home.vpn]/root: ping 8.8.8.8 PING 8.8.8.8 (8.8.8.8): 56 data bytes ping: sendto: No route to host ping: sendto: No route to host ping: sendto: No route to host
If it helps, heres the openvpn settings from purevpn's .ovpn file
client dev tun proto udp remote hk1-ovpn-udp.purevpn.net 53 persist-key persist-tun ca ca.crt tls-auth Wdc.key 1 cipher AES-256-CBC comp-lzo verb 1 mute 20 route-method exe route-delay 2 route 0.0.0.0 0.0.0.0 auth-user-pass auth-retry interact explicit-exit-notify 2 ifconfig-nowarn auth-nocache