OpenVPN to LAN access issue

marvosa

Post your server1.conf and give us a network map.

After that, I would do a few things:

• Disable the software firewall on your endpoint devices until basic ip communication is established

• Verify the endpoint devices are using PFsense as the default gateway

• Modify your openvpn firewall rule to reflect any/any instead of limiting it to tcp/udp

Derelict

And define discoverying the device.

nikkon

@Derelict:

And define discoverying the device.

the end point device (phone/tablet) using the application controller is not able to discover the device in the network.(works if both are in LAN, if the client controller is on vpn and the controlled device in LAN it does not)

nikkon

@marvosa:

Post your server1.conf and give us a network map.

After that, I would do a few things:

• Disable the software firewall on your endpoint devices until basic ip communication is established

• Verify the endpoint devices are using PFsense as the default gateway

• Modify your openvpn firewall rule to reflect any/any instead of limiting it to tcp/udp

1 & 2 are both checked.need to redo the rule for point 3 and update.
:)

Derelict

Yeah, device discovery usually uses broadcasts/multicasts and doesn't cross router interfaces.

I verified a couple days ago that the Avahi package does indeed forward these requests between router interfaces including OpenVPN assigned interfaces. Not really a surprise since that's what the package is for but I was unsure it would work across OpenVPN.

Note that this only holds true for site-to-site VPN. Remote access might or might not work depending on the client. I know it does NOT work on Viscosity for Mac clients.

That might or might not work in your case depending on the discovery method the app is using.

Anything relying on this sort of discovery is kind of broken to start with - or designed for the home and nothing else.

nikkon

will try this later tonigh and update asap with the findings.
thx alot

nikkon

avahi has been installed, firewall rule for openvpn was modified from tcp/udp to any.
still the same behaviour.

Derelict

You have to run avahi on both routers. It needs to be forwarded from LAN to OpenVPN on both sides if site-to-site.

And, like I said, it probably (almost certainly) won't work with remote access clients.

nikkon

this is strange cz the same setup i used on 2.2.x version and it worked.
it may be the product application or for some reason pfsense 2.3

nikkon

reconfigured all from scratch. this is what i have on the server side:
looks pretty normal :

Jul 21 22:32:30 openvpn 70989 OpenVPN 2.3.11 amd64-portbld-freebsd10.3 [SSL (OpenSSL)] [LZO] [MH] [IPv6] built on May 16 2016
Jul 21 22:32:30 openvpn 70989 library versions: OpenSSL 1.0.1s-freebsd 1 Mar 2016, LZO 2.09
Jul 21 22:32:30 openvpn 71245 NOTE: the current –script-security setting may allow this configuration to call user-defined scripts
Jul 21 22:32:30 openvpn 71245 Initializing OpenSSL support for engine 'rdrand'
Jul 21 22:32:30 openvpn 71245 Control Channel Authentication: using '/var/etc/openvpn/server1.tls-auth' as a OpenVPN static key file
Jul 21 22:32:30 openvpn 71245 TUN/TAP device ovpns1 exists previously, keep at program end
Jul 21 22:32:30 openvpn 71245 TUN/TAP device /dev/tun1 opened
Jul 21 22:32:30 openvpn 71245 do_ifconfig, tt->ipv6=1, tt->did_ifconfig_ipv6_setup=0
Jul 21 22:32:30 openvpn 71245 /sbin/ifconfig ovpns1 10.20.30.1 10.20.30.2 mtu 1500 netmask 255.255.255.0 up
Jul 21 22:32:30 openvpn 71245 /usr/local/sbin/ovpn-linkup ovpns1 1500 1572 10.20.30.1 255.255.255.0 init
Jul 21 22:32:30 openvpn 71245 Listening for incoming TCP connection on [AF_INET]188.25.246.65:1194
Jul 21 22:32:30 openvpn 71245 TCPv4_SERVER link local (bound): [AF_INET]188.25.246.65:1194
Jul 21 22:32:30 openvpn 71245 TCPv4_SERVER link remote: [undef]
Jul 21 22:32:30 openvpn 71245 Initialization Sequence Completed
Jul 21 22:33:52 openvpn 71245 /usr/local/sbin/ovpn-linkdown ovpns1 1500 1572 10.20.30.1 255.255.255.0 init
Jul 21 22:33:52 openvpn 71245 SIGTERM[hard,] received, process exiting
Jul 21 22:33:52 openvpn 57008 OpenVPN 2.3.11 amd64-portbld-freebsd10.3 [SSL (OpenSSL)] [LZO] [MH] [IPv6] built on May 16 2016
Jul 21 22:33:52 openvpn 57008 library versions: OpenSSL 1.0.1s-freebsd 1 Mar 2016, LZO 2.09
Jul 21 22:33:52 openvpn 57219 NOTE: the current –script-security setting may allow this configuration to call user-defined scripts
Jul 21 22:33:52 openvpn 57219 Initializing OpenSSL support for engine 'rdrand'
Jul 21 22:33:52 openvpn 57219 Control Channel Authentication: using '/var/etc/openvpn/server1.tls-auth' as a OpenVPN static key file
Jul 21 22:33:52 openvpn 57219 TUN/TAP device ovpns1 exists previously, keep at program end
Jul 21 22:33:52 openvpn 57219 TUN/TAP device /dev/tun1 opened
Jul 21 22:33:52 openvpn 57219 do_ifconfig, tt->ipv6=1, tt->did_ifconfig_ipv6_setup=0
Jul 21 22:33:52 openvpn 57219 /sbin/ifconfig ovpns1 10.20.30.1 10.20.30.2 mtu 1500 netmask 255.255.255.0 up
Jul 21 22:33:52 openvpn 57219 /usr/local/sbin/ovpn-linkup ovpns1 1500 1572 10.20.30.1 255.255.255.0 init
Jul 21 22:33:52 openvpn 57219 Listening for incoming TCP connection on [AF_INET]188.25.246.65:1194
Jul 21 22:33:52 openvpn 57219 TCPv4_SERVER link local (bound): [AF_INET]188.25.246.65:1194
Jul 21 22:33:52 openvpn 57219 TCPv4_SERVER link remote: [undef]
Jul 21 22:33:52 openvpn 57219 Initialization Sequence Completed
Jul 21 22:34:58 openvpn 57219 TCP connection established with [AF_INET]109.166.139.66:60240

And on the client side…well here looks verry odd:

2016-07-25 21:30:36 official build 0.6.57 running on Sony E6653 (msm8994), Android 6.0.1 (32.2.A.0.253) API 23, ABI arm64-v8a, (Sony/E6653/E6653:6.0.1/32.2.A.0.253/2701308494:user/release-keys)
2016-07-25 21:30:49 Building configuration…
2016-07-25 21:30:49 started Socket Thread
2016-07-25 21:30:49 Current Parameter Settings:
2016-07-25 21:30:49  config = '/data/user/0/de.blinkt.openvpn/cache/android.conf'
2016-07-25 21:30:49  mode = 0
2016-07-25 21:30:49  show_ciphers = DISABLED
2016-07-25 21:30:49  show_digests = DISABLED
2016-07-25 21:30:49  show_engines = DISABLED
2016-07-25 21:30:49  genkey = DISABLED
2016-07-25 21:30:49  key_pass_file = '[UNDEF]'
2016-07-25 21:30:49  show_tls_ciphers = DISABLED
2016-07-25 21:30:49  connect_retry_max = 0
2016-07-25 21:30:49 Connection profiles [0]:
2016-07-25 21:30:49  proto = tcp-client
2016-07-25 21:30:49  local = '[UNDEF]'
2016-07-25 21:30:49  local_port = '0'
2016-07-25 21:30:49  remote = 'nikkon.go.ro'
2016-07-25 21:30:49  remote_port = '1194'
2016-07-25 21:30:49  remote_float = DISABLED
2016-07-25 21:30:49  bind_defined = DISABLED
2016-07-25 21:30:49  bind_local = ENABLED
2016-07-25 21:30:49  bind_ipv6_only = DISABLED
2016-07-25 21:30:49  connect_retry_seconds = 2
2016-07-25 21:30:49  connect_timeout = 120
2016-07-25 21:30:49  socks_proxy_server = '[UNDEF]'
2016-07-25 21:30:49  socks_proxy_port = '[UNDEF]'
2016-07-25 21:30:49  tun_mtu = 1500
2016-07-25 21:30:49  tun_mtu_defined = ENABLED
2016-07-25 21:30:49  link_mtu = 1500
2016-07-25 21:30:49  link_mtu_defined = DISABLED
2016-07-25 21:30:49  tun_mtu_extra = 0
2016-07-25 21:30:49  tun_mtu_extra_defined = DISABLED
2016-07-25 21:30:49  mtu_discover_type = -1
2016-07-25 21:30:49  fragment = 0
2016-07-25 21:30:49  mssfix = 1450
2016-07-25 21:30:49  explicit_exit_notification = 0
2016-07-25 21:30:49 Connection profiles END
2016-07-25 21:30:49  remote_random = DISABLED
2016-07-25 21:30:49  ipchange = '[UNDEF]'
2016-07-25 21:30:49  dev = 'tun'
2016-07-25 21:30:49  dev_type = '[UNDEF]'
2016-07-25 21:30:49  dev_node = '[UNDEF]'
2016-07-25 21:30:49  lladdr = '[UNDEF]'
2016-07-25 21:30:49  topology = 1
2016-07-25 21:30:49  tun_ipv6 = DISABLED
2016-07-25 21:30:49  ifconfig_local = '[UNDEF]'
2016-07-25 21:30:49  ifconfig_remote_netmask = '[UNDEF]'
2016-07-25 21:30:49  ifconfig_noexec = DISABLED
2016-07-25 21:30:49  ifconfig_nowarn = ENABLED
2016-07-25 21:30:49  ifconfig_ipv6_local = '[UNDEF]'
2016-07-25 21:30:49  ifconfig_ipv6_netbits = 0
2016-07-25 21:30:49  ifconfig_ipv6_remote = '[UNDEF]'
2016-07-25 21:30:49  shaper = 0
2016-07-25 21:30:49  mtu_test = 0
2016-07-25 21:30:49  mlock = DISABLED
2016-07-25 21:30:49  keepalive_ping = 0
2016-07-25 21:30:49  keepalive_timeout = 0
2016-07-25 21:30:49  inactivity_timeout = 0
2016-07-25 21:30:49  ping_send_timeout = 0
2016-07-25 21:30:49  ping_rec_timeout = 0
2016-07-25 21:30:49  ping_rec_timeout_action = 0
2016-07-25 21:30:49  ping_timer_remote = DISABLED
2016-07-25 21:30:49  remap_sigusr1 = 0
2016-07-25 21:30:49  persist_tun = ENABLED
2016-07-25 21:30:49  persist_local_ip = DISABLED
2016-07-25 21:30:49  persist_remote_ip = DISABLED
2016-07-25 21:30:49  persist_key = DISABLED
2016-07-25 21:30:49  passtos = DISABLED
2016-07-25 21:30:49  resolve_retry_seconds = 60
2016-07-25 21:30:49 Network Status: CONNECTED HSPA to MOBILE net
2016-07-25 21:30:49  resolve_in_advance = ENABLED
2016-07-25 21:30:49  username = '[UNDEF]'
2016-07-25 21:30:49  groupname = '[UNDEF]'
2016-07-25 21:30:49  chroot_dir = '[UNDEF]'
2016-07-25 21:30:49  cd_dir = '[UNDEF]'
2016-07-25 21:30:49  writepid = '[UNDEF]'
2016-07-25 21:30:49  up_script = '[UNDEF]'
2016-07-25 21:30:49  down_script = '[UNDEF]'
2016-07-25 21:30:49  down_pre = DISABLED
2016-07-25 21:30:49  up_restart = DISABLED
2016-07-25 21:30:49  up_delay = DISABLED
2016-07-25 21:30:49  daemon = DISABLED
2016-07-25 21:30:49  inetd = 0
2016-07-25 21:30:49  log = DISABLED
2016-07-25 21:30:49  suppress_timestamps = DISABLED
2016-07-25 21:30:49  machine_readable_output = ENABLED
2016-07-25 21:30:49  nice = 0
2016-07-25 21:30:49  verbosity = 4
2016-07-25 21:30:49  mute = 0
2016-07-25 21:30:49  gremlin = 0
2016-07-25 21:30:49  status_file = '[UNDEF]'
2016-07-25 21:30:49  status_file_version = 1
2016-07-25 21:30:49  status_file_update_freq = 60
2016-07-25 21:30:49  occ = ENABLED
2016-07-25 21:30:49  rcvbuf = 0
2016-07-25 21:30:49  sndbuf = 0
2016-07-25 21:30:49  sockflags = 0
2016-07-25 21:30:49  fast_io = DISABLED
2016-07-25 21:30:49  comp.alg = 2
2016-07-25 21:30:49  comp.flags = 1
2016-07-25 21:30:49  route_script = '[UNDEF]'
2016-07-25 21:30:49  route_default_gateway = '[UNDEF]'
2016-07-25 21:30:49  route_default_metric = 0
2016-07-25 21:30:49  route_noexec = DISABLED
2016-07-25 21:30:49  route_delay = 0
2016-07-25 21:30:49  route_delay_window = 30
2016-07-25 21:30:49  route_delay_defined = DISABLED
2016-07-25 21:30:49  route_nopull = DISABLED
2016-07-25 21:30:49  route_gateway_via_dhcp = DISABLED
2016-07-25 21:30:49  allow_pull_fqdn = DISABLED
2016-07-25 21:30:49  management_addr = '/data/user/0/de.blinkt.openvpn/cache/mgmtsocket'
2016-07-25 21:30:49  management_port = 'unix'
2016-07-25 21:30:49  management_user_pass = '[UNDEF]'
2016-07-25 21:30:49  management_log_history_cache = 250
2016-07-25 21:30:49  management_echo_buffer_size = 100
2016-07-25 21:30:49  management_write_peer_info_file = '[UNDEF]'
2016-07-25 21:30:49  management_client_user = '[UNDEF]'
2016-07-25 21:30:49  management_client_group = '[UNDEF]'
2016-07-25 21:30:49  management_flags = 4390
2016-07-25 21:30:49  shared_secret_file = '[UNDEF]'
2016-07-25 21:30:49  key_direction = 2
2016-07-25 21:30:49  ciphername_defined = ENABLED
2016-07-25 21:30:49  ciphername = 'AES-256-CBC'
2016-07-25 21:30:49  authname_defined = ENABLED
2016-07-25 21:30:49  authname = 'SHA1'
2016-07-25 21:30:49  prng_hash = 'SHA1'
2016-07-25 21:30:49  prng_nonce_secret_len = 16
2016-07-25 21:30:49  keysize = 0
2016-07-25 21:30:49  engine = DISABLED
2016-07-25 21:30:49  replay = ENABLED
2016-07-25 21:30:49  mute_replay_warnings = DISABLED
2016-07-25 21:30:49  replay_window = 64
2016-07-25 21:30:49  replay_time = 15
2016-07-25 21:30:49  packet_id_file = '[UNDEF]'
2016-07-25 21:30:49  use_iv = ENABLED
2016-07-25 21:30:49  test_crypto = DISABLED
2016-07-25 21:30:49  tls_server = DISABLED
2016-07-25 21:30:49  tls_client = ENABLED
2016-07-25 21:30:49  key_method = 2
2016-07-25 21:30:49  ca_file = '[[INLINE]]'
2016-07-25 21:30:49  ca_path = '[UNDEF]'
2016-07-25 21:30:49  dh_file = '[UNDEF]'
2016-07-25 21:30:49  cert_file = '[[INLINE]]'
2016-07-25 21:30:49  extra_certs_file = '[UNDEF]'
2016-07-25 21:30:49  priv_key_file = '[[INLINE]]'
2016-07-25 21:30:49  pkcs12_file = '[UNDEF]'
2016-07-25 21:30:49  cipher_list = '[UNDEF]'
2016-07-25 21:30:49  tls_verify = '[UNDEF]'
2016-07-25 21:30:49  tls_export_cert = '[UNDEF]'
2016-07-25 21:30:49  verify_x509_type = 2
2016-07-25 21:30:49  verify_x509_name = 'nikkon.go.ro'
2016-07-25 21:30:49  crl_file = '[UNDEF]'
2016-07-25 21:30:49  ns_cert_type = 1
2016-07-25 21:30:49  remote_cert_ku _= 0
2016-07-25 21:30:49  remote_cert_ku _= 0
2016-07-25 21:30:49  remote_cert_ku _= 0
2016-07-25 21:30:49  remote_cert_ku _= 0
2016-07-25 21:30:49  remote_cert_ku _= 0
2016-07-25 21:30:49  remote_cert_ku _= 0
2016-07-25 21:30:49  remote_cert_ku _= 0
2016-07-25 21:30:49  remote_cert_ku _= 0
2016-07-25 21:30:49  remote_cert_ku _= 0
2016-07-25 21:30:49  remote_cert_ku _= 0
2016-07-25 21:30:49  remote_cert_ku _= 0
2016-07-25 21:30:49  remote_cert_ku _= 0
2016-07-25 21:30:49  remote_cert_ku _= 0
2016-07-25 21:30:49  remote_cert_ku _= 0
2016-07-25 21:30:49  remote_cert_ku _= 0
2016-07-25 21:30:49  remote_cert_ku _= 0
2016-07-25 21:30:49  remote_cert_eku = '[UNDEF]'
2016-07-25 21:30:49  ssl_flags = 0
2016-07-25 21:30:49  tls_timeout = 2
2016-07-25 21:30:49  renegotiate_bytes = 0
2016-07-25 21:30:49  renegotiate_packets = 0
2016-07-25 21:30:49  renegotiate_seconds = 3600
2016-07-25 21:30:49  handshake_window = 60
2016-07-25 21:30:49  transition_window = 3600
2016-07-25 21:30:49  single_session = DISABLED
2016-07-25 21:30:49  push_peer_info = DISABLED
2016-07-25 21:30:49  tls_exit = DISABLED
2016-07-25 21:30:49  tls_auth_file = '[[INLINE]]'
2016-07-25 21:30:49  client = ENABLED
2016-07-25 21:30:49  pull = ENABLED
2016-07-25 21:30:49  auth_user_pass_file = 'stdin'
2016-07-25 21:30:49 OpenVPN 2.4-icsopenvpn [git:icsopenvpn-b89b098fc66488b9] android-21-arm64-v8a [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH] [IPv6] built on Jul  6 2016
2016-07-25 21:30:49 library versions: OpenSSL 1.0.2h  3 May 2016, LZO 2.09
2016-07-25 21:30:49 MANAGEMENT: Connected to management server at /data/user/0/de.blinkt.openvpn/cache/mgmtsocket
2016-07-25 21:30:49 MANAGEMENT: CMD 'hold release'
2016-07-25 21:30:49 MANAGEMENT: CMD 'bytecount 2'
2016-07-25 21:30:49 MANAGEMENT: CMD 'state on'
2016-07-25 21:30:49 MANAGEMENT: CMD 'username 'Auth' mihai'
2016-07-25 21:30:49 MANAGEMENT: CMD 'password […]'
2016-07-25 21:30:49 MANAGEMENT: >STATE:1469471449,RESOLVE,,,,,,
2016-07-25 21:30:50 MANAGEMENT: CMD 'proxy NONE'
2016-07-25 21:30:51 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2016-07-25 21:30:51 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2016-07-25 21:30:51 LZO compression initializing
2016-07-25 21:30:51 Control Channel MTU parms [ L:1624 D:1182 EF:68 EB:0 ET:0 EL:3 ]
2016-07-25 21:30:51 Data Channel MTU parms [ L:1624 D:1450 EF:124 EB:406 ET:0 EL:3 ]
2016-07-25 21:30:51 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1560,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
2016-07-25 21:30:51 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1560,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
2016-07-25 21:30:51 TCP/UDP: Preserving recently used remote address: [AF_INET]188.25.246.65:1194
2016-07-25 21:30:51 Socket Buffers: R=[87380->87380] S=[16384->16384]
2016-07-25 21:30:51 Attempting to establish TCP connection with [AF_INET]188.25.246.65:1194 [nonblock]
2016-07-25 21:30:51 MANAGEMENT: >STATE:1469471451,TCP_CONNECT,,,,,,
2016-07-25 21:30:51 MANAGEMENT: CMD 'needok 'PROTECTFD' ok'
2016-07-25 21:30:52 TCP connection established with [AF_INET]188.25.246.65:1194
2016-07-25 21:30:52 MANAGEMENT: CMD 'needok 'PROTECTFD' ok'
2016-07-25 21:30:52 TCP_CLIENT link local (bound): [AF_INET][undef]:0
2016-07-25 21:30:52 TCP_CLIENT link remote: [AF_INET]188.25.246.65:1194
2016-07-25 21:30:52 MANAGEMENT: >STATE:1469471452,WAIT,,,,,,
2016-07-25 21:30:52 MANAGEMENT: >STATE:1469471452,AUTH,,,,,,
2016-07-25 21:30:52 TLS: Initial packet from [AF_INET]188.25.246.65:1194, sid=c1e295de d16d0ace
2016-07-25 21:30:52 WARNING: this configuration may cache passwords in memory – use the auth-nocache option to prevent this
2016-07-25 21:30:52 VERIFY OK: depth=1, C=RO, ST=Bucuresti, L=Bucuresti, O=home, emailAddress=mihai.balaci@gmail.com, CN=Mihai Balaci
2016-07-25 21:30:52 VERIFY OK: nsCertType=SERVER
2016-07-25 21:30:52 VERIFY X509NAME OK: C=RO, ST=Bucuresti, L=Bucuresti, O=home, emailAddress=mihai.balaci@gmail.com, CN=nikkon.go.ro
2016-07-25 21:30:52 VERIFY OK: depth=0, C=RO, ST=Bucuresti, L=Bucuresti, O=home, emailAddress=mihai.balaci@gmail.com, CN=nikkon.go.ro
2016-07-25 21:30:53 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
2016-07-25 21:30:53 [nikkon.go.ro] Peer Connection Initiated with [AF_INET]188.25.246.65:1194
2016-07-25 21:30:54 MANAGEMENT: >STATE:1469471454,GET_CONFIG,,,,,,
2016-07-25 21:30:54 SENT CONTROL [nikkon.go.ro]: 'PUSH_REQUEST' (status=1)
2016-07-25 21:30:54 PUSH: Received control message: 'PUSH_REPLY,route 192.168.100.0 255.255.255.0,dhcp-option DNS 192.168.100.1,dhcp-option DNS 193.231.252.1,dhcp-option DNS 8.8.8.8,route-gateway 10.20.30.1,topology subnet,ping 10,ping-restart 60,ifconfig 10.20.30.2 255.255.255.0'
2016-07-25 21:30:54 OPTIONS IMPORT: timers and/or timeouts modified
2016-07-25 21:30:54 OPTIONS IMPORT: –ifconfig/up options modified
2016-07-25 21:30:54 OPTIONS IMPORT: route options modified
2016-07-25 21:30:54 OPTIONS IMPORT: route-related options modified
2016-07-25 21:30:54 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2016-07-25 21:30:54 Data Channel MTU parms [ L:1560 D:1560 EF:60 EB:406 ET:0 EL:3 ]
2016-07-25 21:30:54 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
2016-07-25 21:30:54 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
2016-07-25 21:30:54 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
2016-07-25 21:30:54 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
2016-07-25 21:30:54 GDG: SIOCGIFHWADDR(lo) failed
2016-07-25 21:30:54 ROUTE_GATEWAY 127.100.103.119/255.0.0.0 IFACE=lo
2016-07-25 21:30:54 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
2016-07-25 21:30:54 MANAGEMENT: >STATE:1469471454,ASSIGN_IP,,10.20.30.2,,,,
2016-07-25 21:30:54 MANAGEMENT: CMD 'needok 'IFCONFIG' ok'
2016-07-25 21:30:54 MANAGEMENT: >STATE:1469471454,ADD_ROUTES,,,,,,
2016-07-25 21:30:54 MANAGEMENT: CMD 'needok 'ROUTE' ok'
2016-07-25 21:30:54 MANAGEMENT: CMD 'needok 'DNSSERVER' ok'
2016-07-25 21:30:54 MANAGEMENT: CMD 'needok 'DNSSERVER' ok'
2016-07-25 21:30:54 MANAGEMENT: CMD 'needok 'DNSSERVER' ok'
2016-07-25 21:30:54 MANAGEMENT: CMD 'needok 'PERSIST_TUN_ACTION' OPEN_BEFORE_CLOSE'
2016-07-25 21:30:54 Opening tun interface:
2016-07-25 21:30:54 Local IPv4: 10.20.30.2/24 IPv6: null MTU: 1500
2016-07-25 21:30:54 DNS Server: 192.168.100.1, 193.231.252.1, 8.8.8.8, Domain: null
2016-07-25 21:30:54 Routes: 10.20.30.0/24, 192.168.100.0/24
2016-07-25 21:30:54 Routes excluded: 
2016-07-25 21:30:54 VpnService routes installed: 10.20.30.0/24, 192.168.100.0/24
2016-07-25 21:30:54 Disallowed VPN apps:
2016-07-25 21:30:54 MANAGEMENT: CMD 'needok 'OPENTUN' ok'
2016-07-25 21:30:54 Initialization Sequence Completed
2016-07-25 21:30:54 MANAGEMENT: >STATE:1469471454,CONNECTED,SUCCESS,10.20.30.2,188.25.246.65,1194,10.141.250.36,52787
2016-07-25 21:30:55 Network Status: CONNECTED HSPA+ to MOBILE net
2016-07-25 21:31:18 read TCP_CLIENT []: Connection refused (code=111)
2016-07-25 21:31:18 read TCP_CLIENT []: Connection refused (code=111)
2016-07-25 21:31:18 read TCP_CLIENT []: Connection refused (code=111)
2016-07-25 21:31:18 read TCP_CLIENT []: Connection refused (code=111)
2016-07-25 21:31:18 read TCP_CLIENT []: Connection refused (code=111)
2016-07-25 21:31:18 read TCP_CLIENT []: Connection refused (code=111)
2016-07-25 21:31:18 read TCP_CLIENT []: Connection refused (code=111)
2016-07-25 21:31:19 read TCP_CLIENT []: Connection refused (code=111)
2016-07-25 21:31:22 read TCP_CLIENT []: Connection refused (code=111)
2016-07-25 21:31:26 read TCP_CLIENT []: Connection refused (code=111)
2016-07-25 21:31:27 read TCP_CLIENT []: Connection refused (code=111)
2016-07-25 21:31:27 read TCP_CLIENT []: Connection refused (code=111)
2016-07-25 21:31:27 read TCP_CLIENT []: Connection refused (code=111)
2016-07-25 21:31:28 read TCP_CLIENT []: Connection refused (code=111)
2016-07-25 21:31:28 read TCP_CLIENT []: Connection refused (code=111)
2016-07-25 21:31:28 read TCP_CLIENT []: Connection refused (code=111)
2016-07-25 21:31:30 read TCP_CLIENT []: Connection refused (code=111)
2016-07-25 21:31:30 read TCP_CLIENT []: Connection refused (code=111)
2016-07-25 21:31:30 read TCP_CLIENT []: Connection refused (code=111)
2016-07-25 21:31:31 read TCP_CLIENT []: Connection refused (code=111)
2016-07-25 21:31:31 read TCP_CLIENT []: Connection refused (code=111)
2016-07-25 21:31:34 read TCP_CLIENT []: Connection refused (code=111)
2016-07-25 21:31:34 read TCP_CLIENT []: Connection refused (code=111)
2016-07-25 21:31:34 read TCP_CLIENT []: Connection refused (code=111)
2016-07-25 21:31:34 read TCP_CLIENT []: Connection refused (code=111)
2016-07-25 21:31:36 read TCP_CLIENT []: Connection refused (code=111)
2016-07-25 21:31:38 read TCP_CLIENT []: Connection refused (code=111)

It connects but when i try to access anything from internal LAN i get the latest message.________________

Pippin

Try to exempt OpenVPN App from Power Saving.
That is a known issue, at least on Samsung Android 6.

According to the maker of your App the "GDG: SIOCGIFHWADDR(lo) failed" can be ignored.

" read TCP_CLIENT []: Connection refused (code=111)"
Here I would think, check firewall, but also the app uses port 80?
I ask myself, would that conflict with other service?

nikkon

Well, after the update to 2.3.2 works perfectly