OpenVPN to LAN access issue



  • Hi all,
    have an issue accessing from vpn -> lan network using an application.the app works on port 80.

    • lan netwrok : 192.168.100.0/24
    • device i want to connect to is wired and can be accessed from lan
    • openvpn netw: 10.20.30.0/24
      firewall rulles attached and vpn settings too.
      does the controller application be limited in terms of discoverying the device if it gets ip's from a different netwrok? will it only scan 10.20.30.0/24 netwrok? can i force it to look on 192.168.100.0/24 netw?

    Thank you.





  • Post your server1.conf and give us a network map.

    After that, I would do a few things:

    • Disable the software firewall on your endpoint devices until basic ip communication is established

    • Verify the endpoint devices are using PFsense as the default gateway

    • Modify your openvpn firewall rule to reflect any/any instead of limiting it to tcp/udp


  • LAYER 8 Netgate

    And define discoverying the device.



  • @Derelict:

    And define discoverying the device.

    the end point device (phone/tablet) using the application controller is not able to discover the device in the network.(works if both are in LAN, if the client controller is on vpn and the controlled device in LAN it does not)



  • @marvosa:

    Post your server1.conf and give us a network map.

    After that, I would do a few things:

    • Disable the software firewall on your endpoint devices until basic ip communication is established

    • Verify the endpoint devices are using PFsense as the default gateway

    • Modify your openvpn firewall rule to reflect any/any instead of limiting it to tcp/udp

    1 & 2 are both checked.need to redo the rule for point 3 and update.
    :)


  • LAYER 8 Netgate

    Yeah, device discovery usually uses broadcasts/multicasts and doesn't cross router interfaces.

    I verified a couple days ago that the Avahi package does indeed forward these requests between router interfaces including OpenVPN assigned interfaces. Not really a surprise since that's what the package is for but I was unsure it would work across OpenVPN.

    Note that this only holds true for site-to-site VPN. Remote access might or might not work depending on the client. I know it does NOT work on Viscosity for Mac clients.

    That might or might not work in your case depending on the discovery method the app is using.

    Anything relying on this sort of discovery is kind of broken to start with - or designed for the home and nothing else.



  • will try this later tonigh and update asap with the findings.
    thx alot



  • avahi has been installed, firewall rule for openvpn was modified from tcp/udp to any.
    still the same behaviour.


  • LAYER 8 Netgate

    You have to run avahi on both routers. It needs to be forwarded from LAN to OpenVPN on both sides if site-to-site.

    And, like I said, it probably (almost certainly) won't work with remote access clients.



  • this is strange cz the same setup i used on 2.2.x version and it worked.
    it may be the product application or for some reason pfsense 2.3



  • reconfigured all from scratch. this is what i have on the server side:
    looks pretty normal :

    Jul 21 22:32:30 openvpn 70989 OpenVPN 2.3.11 amd64-portbld-freebsd10.3 [SSL (OpenSSL)] [LZO] [MH] [IPv6] built on May 16 2016
    Jul 21 22:32:30 openvpn 70989 library versions: OpenSSL 1.0.1s-freebsd 1 Mar 2016, LZO 2.09
    Jul 21 22:32:30 openvpn 71245 NOTE: the current –script-security setting may allow this configuration to call user-defined scripts
    Jul 21 22:32:30 openvpn 71245 Initializing OpenSSL support for engine 'rdrand'
    Jul 21 22:32:30 openvpn 71245 Control Channel Authentication: using '/var/etc/openvpn/server1.tls-auth' as a OpenVPN static key file
    Jul 21 22:32:30 openvpn 71245 TUN/TAP device ovpns1 exists previously, keep at program end
    Jul 21 22:32:30 openvpn 71245 TUN/TAP device /dev/tun1 opened
    Jul 21 22:32:30 openvpn 71245 do_ifconfig, tt->ipv6=1, tt->did_ifconfig_ipv6_setup=0
    Jul 21 22:32:30 openvpn 71245 /sbin/ifconfig ovpns1 10.20.30.1 10.20.30.2 mtu 1500 netmask 255.255.255.0 up
    Jul 21 22:32:30 openvpn 71245 /usr/local/sbin/ovpn-linkup ovpns1 1500 1572 10.20.30.1 255.255.255.0 init
    Jul 21 22:32:30 openvpn 71245 Listening for incoming TCP connection on [AF_INET]188.25.246.65:1194
    Jul 21 22:32:30 openvpn 71245 TCPv4_SERVER link local (bound): [AF_INET]188.25.246.65:1194
    Jul 21 22:32:30 openvpn 71245 TCPv4_SERVER link remote: [undef]
    Jul 21 22:32:30 openvpn 71245 Initialization Sequence Completed
    Jul 21 22:33:52 openvpn 71245 /usr/local/sbin/ovpn-linkdown ovpns1 1500 1572 10.20.30.1 255.255.255.0 init
    Jul 21 22:33:52 openvpn 71245 SIGTERM[hard,] received, process exiting
    Jul 21 22:33:52 openvpn 57008 OpenVPN 2.3.11 amd64-portbld-freebsd10.3 [SSL (OpenSSL)] [LZO] [MH] [IPv6] built on May 16 2016
    Jul 21 22:33:52 openvpn 57008 library versions: OpenSSL 1.0.1s-freebsd 1 Mar 2016, LZO 2.09
    Jul 21 22:33:52 openvpn 57219 NOTE: the current –script-security setting may allow this configuration to call user-defined scripts
    Jul 21 22:33:52 openvpn 57219 Initializing OpenSSL support for engine 'rdrand'
    Jul 21 22:33:52 openvpn 57219 Control Channel Authentication: using '/var/etc/openvpn/server1.tls-auth' as a OpenVPN static key file
    Jul 21 22:33:52 openvpn 57219 TUN/TAP device ovpns1 exists previously, keep at program end
    Jul 21 22:33:52 openvpn 57219 TUN/TAP device /dev/tun1 opened
    Jul 21 22:33:52 openvpn 57219 do_ifconfig, tt->ipv6=1, tt->did_ifconfig_ipv6_setup=0
    Jul 21 22:33:52 openvpn 57219 /sbin/ifconfig ovpns1 10.20.30.1 10.20.30.2 mtu 1500 netmask 255.255.255.0 up
    Jul 21 22:33:52 openvpn 57219 /usr/local/sbin/ovpn-linkup ovpns1 1500 1572 10.20.30.1 255.255.255.0 init
    Jul 21 22:33:52 openvpn 57219 Listening for incoming TCP connection on [AF_INET]188.25.246.65:1194
    Jul 21 22:33:52 openvpn 57219 TCPv4_SERVER link local (bound): [AF_INET]188.25.246.65:1194
    Jul 21 22:33:52 openvpn 57219 TCPv4_SERVER link remote: [undef]
    Jul 21 22:33:52 openvpn 57219 Initialization Sequence Completed
    Jul 21 22:34:58 openvpn 57219 TCP connection established with [AF_INET]109.166.139.66:60240

    And on the client side…well here looks verry odd:

    2016-07-25 21:30:36 official build 0.6.57 running on Sony E6653 (msm8994), Android 6.0.1 (32.2.A.0.253) API 23, ABI arm64-v8a, (Sony/E6653/E6653:6.0.1/32.2.A.0.253/2701308494:user/release-keys)
    2016-07-25 21:30:49 Building configuration…
    2016-07-25 21:30:49 started Socket Thread
    2016-07-25 21:30:49 Current Parameter Settings:
    2016-07-25 21:30:49  config = '/data/user/0/de.blinkt.openvpn/cache/android.conf'
    2016-07-25 21:30:49  mode = 0
    2016-07-25 21:30:49  show_ciphers = DISABLED
    2016-07-25 21:30:49  show_digests = DISABLED
    2016-07-25 21:30:49  show_engines = DISABLED
    2016-07-25 21:30:49  genkey = DISABLED
    2016-07-25 21:30:49  key_pass_file = '[UNDEF]'
    2016-07-25 21:30:49  show_tls_ciphers = DISABLED
    2016-07-25 21:30:49  connect_retry_max = 0
    2016-07-25 21:30:49 Connection profiles [0]:
    2016-07-25 21:30:49  proto = tcp-client
    2016-07-25 21:30:49  local = '[UNDEF]'
    2016-07-25 21:30:49  local_port = '0'
    2016-07-25 21:30:49  remote = 'nikkon.go.ro'
    2016-07-25 21:30:49  remote_port = '1194'
    2016-07-25 21:30:49  remote_float = DISABLED
    2016-07-25 21:30:49  bind_defined = DISABLED
    2016-07-25 21:30:49  bind_local = ENABLED
    2016-07-25 21:30:49  bind_ipv6_only = DISABLED
    2016-07-25 21:30:49  connect_retry_seconds = 2
    2016-07-25 21:30:49  connect_timeout = 120
    2016-07-25 21:30:49  socks_proxy_server = '[UNDEF]'
    2016-07-25 21:30:49  socks_proxy_port = '[UNDEF]'
    2016-07-25 21:30:49  tun_mtu = 1500
    2016-07-25 21:30:49  tun_mtu_defined = ENABLED
    2016-07-25 21:30:49  link_mtu = 1500
    2016-07-25 21:30:49  link_mtu_defined = DISABLED
    2016-07-25 21:30:49  tun_mtu_extra = 0
    2016-07-25 21:30:49  tun_mtu_extra_defined = DISABLED
    2016-07-25 21:30:49  mtu_discover_type = -1
    2016-07-25 21:30:49  fragment = 0
    2016-07-25 21:30:49  mssfix = 1450
    2016-07-25 21:30:49  explicit_exit_notification = 0
    2016-07-25 21:30:49 Connection profiles END
    2016-07-25 21:30:49  remote_random = DISABLED
    2016-07-25 21:30:49  ipchange = '[UNDEF]'
    2016-07-25 21:30:49  dev = 'tun'
    2016-07-25 21:30:49  dev_type = '[UNDEF]'
    2016-07-25 21:30:49  dev_node = '[UNDEF]'
    2016-07-25 21:30:49  lladdr = '[UNDEF]'
    2016-07-25 21:30:49  topology = 1
    2016-07-25 21:30:49  tun_ipv6 = DISABLED
    2016-07-25 21:30:49  ifconfig_local = '[UNDEF]'
    2016-07-25 21:30:49  ifconfig_remote_netmask = '[UNDEF]'
    2016-07-25 21:30:49  ifconfig_noexec = DISABLED
    2016-07-25 21:30:49  ifconfig_nowarn = ENABLED
    2016-07-25 21:30:49  ifconfig_ipv6_local = '[UNDEF]'
    2016-07-25 21:30:49  ifconfig_ipv6_netbits = 0
    2016-07-25 21:30:49  ifconfig_ipv6_remote = '[UNDEF]'
    2016-07-25 21:30:49  shaper = 0
    2016-07-25 21:30:49  mtu_test = 0
    2016-07-25 21:30:49  mlock = DISABLED
    2016-07-25 21:30:49  keepalive_ping = 0
    2016-07-25 21:30:49  keepalive_timeout = 0
    2016-07-25 21:30:49  inactivity_timeout = 0
    2016-07-25 21:30:49  ping_send_timeout = 0
    2016-07-25 21:30:49  ping_rec_timeout = 0
    2016-07-25 21:30:49  ping_rec_timeout_action = 0
    2016-07-25 21:30:49  ping_timer_remote = DISABLED
    2016-07-25 21:30:49  remap_sigusr1 = 0
    2016-07-25 21:30:49  persist_tun = ENABLED
    2016-07-25 21:30:49  persist_local_ip = DISABLED
    2016-07-25 21:30:49  persist_remote_ip = DISABLED
    2016-07-25 21:30:49  persist_key = DISABLED
    2016-07-25 21:30:49  passtos = DISABLED
    2016-07-25 21:30:49  resolve_retry_seconds = 60
    2016-07-25 21:30:49 Network Status: CONNECTED HSPA to MOBILE net
    2016-07-25 21:30:49  resolve_in_advance = ENABLED
    2016-07-25 21:30:49  username = '[UNDEF]'
    2016-07-25 21:30:49  groupname = '[UNDEF]'
    2016-07-25 21:30:49  chroot_dir = '[UNDEF]'
    2016-07-25 21:30:49  cd_dir = '[UNDEF]'
    2016-07-25 21:30:49  writepid = '[UNDEF]'
    2016-07-25 21:30:49  up_script = '[UNDEF]'
    2016-07-25 21:30:49  down_script = '[UNDEF]'
    2016-07-25 21:30:49  down_pre = DISABLED
    2016-07-25 21:30:49  up_restart = DISABLED
    2016-07-25 21:30:49  up_delay = DISABLED
    2016-07-25 21:30:49  daemon = DISABLED
    2016-07-25 21:30:49  inetd = 0
    2016-07-25 21:30:49  log = DISABLED
    2016-07-25 21:30:49  suppress_timestamps = DISABLED
    2016-07-25 21:30:49  machine_readable_output = ENABLED
    2016-07-25 21:30:49  nice = 0
    2016-07-25 21:30:49  verbosity = 4
    2016-07-25 21:30:49  mute = 0
    2016-07-25 21:30:49  gremlin = 0
    2016-07-25 21:30:49  status_file = '[UNDEF]'
    2016-07-25 21:30:49  status_file_version = 1
    2016-07-25 21:30:49  status_file_update_freq = 60
    2016-07-25 21:30:49  occ = ENABLED
    2016-07-25 21:30:49  rcvbuf = 0
    2016-07-25 21:30:49  sndbuf = 0
    2016-07-25 21:30:49  sockflags = 0
    2016-07-25 21:30:49  fast_io = DISABLED
    2016-07-25 21:30:49  comp.alg = 2
    2016-07-25 21:30:49  comp.flags = 1
    2016-07-25 21:30:49  route_script = '[UNDEF]'
    2016-07-25 21:30:49  route_default_gateway = '[UNDEF]'
    2016-07-25 21:30:49  route_default_metric = 0
    2016-07-25 21:30:49  route_noexec = DISABLED
    2016-07-25 21:30:49  route_delay = 0
    2016-07-25 21:30:49  route_delay_window = 30
    2016-07-25 21:30:49  route_delay_defined = DISABLED
    2016-07-25 21:30:49  route_nopull = DISABLED
    2016-07-25 21:30:49  route_gateway_via_dhcp = DISABLED
    2016-07-25 21:30:49  allow_pull_fqdn = DISABLED
    2016-07-25 21:30:49  management_addr = '/data/user/0/de.blinkt.openvpn/cache/mgmtsocket'
    2016-07-25 21:30:49  management_port = 'unix'
    2016-07-25 21:30:49  management_user_pass = '[UNDEF]'
    2016-07-25 21:30:49  management_log_history_cache = 250
    2016-07-25 21:30:49  management_echo_buffer_size = 100
    2016-07-25 21:30:49  management_write_peer_info_file = '[UNDEF]'
    2016-07-25 21:30:49  management_client_user = '[UNDEF]'
    2016-07-25 21:30:49  management_client_group = '[UNDEF]'
    2016-07-25 21:30:49  management_flags = 4390
    2016-07-25 21:30:49  shared_secret_file = '[UNDEF]'
    2016-07-25 21:30:49  key_direction = 2
    2016-07-25 21:30:49  ciphername_defined = ENABLED
    2016-07-25 21:30:49  ciphername = 'AES-256-CBC'
    2016-07-25 21:30:49  authname_defined = ENABLED
    2016-07-25 21:30:49  authname = 'SHA1'
    2016-07-25 21:30:49  prng_hash = 'SHA1'
    2016-07-25 21:30:49  prng_nonce_secret_len = 16
    2016-07-25 21:30:49  keysize = 0
    2016-07-25 21:30:49  engine = DISABLED
    2016-07-25 21:30:49  replay = ENABLED
    2016-07-25 21:30:49  mute_replay_warnings = DISABLED
    2016-07-25 21:30:49  replay_window = 64
    2016-07-25 21:30:49  replay_time = 15
    2016-07-25 21:30:49  packet_id_file = '[UNDEF]'
    2016-07-25 21:30:49  use_iv = ENABLED
    2016-07-25 21:30:49  test_crypto = DISABLED
    2016-07-25 21:30:49  tls_server = DISABLED
    2016-07-25 21:30:49  tls_client = ENABLED
    2016-07-25 21:30:49  key_method = 2
    2016-07-25 21:30:49  ca_file = '[[INLINE]]'
    2016-07-25 21:30:49  ca_path = '[UNDEF]'
    2016-07-25 21:30:49  dh_file = '[UNDEF]'
    2016-07-25 21:30:49  cert_file = '[[INLINE]]'
    2016-07-25 21:30:49  extra_certs_file = '[UNDEF]'
    2016-07-25 21:30:49  priv_key_file = '[[INLINE]]'
    2016-07-25 21:30:49  pkcs12_file = '[UNDEF]'
    2016-07-25 21:30:49  cipher_list = '[UNDEF]'
    2016-07-25 21:30:49  tls_verify = '[UNDEF]'
    2016-07-25 21:30:49  tls_export_cert = '[UNDEF]'
    2016-07-25 21:30:49  verify_x509_type = 2
    2016-07-25 21:30:49  verify_x509_name = 'nikkon.go.ro'
    2016-07-25 21:30:49  crl_file = '[UNDEF]'
    2016-07-25 21:30:49  ns_cert_type = 1
    2016-07-25 21:30:49  remote_cert_ku _= 0
    2016-07-25 21:30:49  remote_cert_ku _= 0
    2016-07-25 21:30:49  remote_cert_ku _= 0
    2016-07-25 21:30:49  remote_cert_ku _= 0
    2016-07-25 21:30:49  remote_cert_ku _= 0
    2016-07-25 21:30:49  remote_cert_ku _= 0
    2016-07-25 21:30:49  remote_cert_ku _= 0
    2016-07-25 21:30:49  remote_cert_ku _= 0
    2016-07-25 21:30:49  remote_cert_ku _= 0
    2016-07-25 21:30:49  remote_cert_ku _= 0
    2016-07-25 21:30:49  remote_cert_ku _= 0
    2016-07-25 21:30:49  remote_cert_ku _= 0
    2016-07-25 21:30:49  remote_cert_ku _= 0
    2016-07-25 21:30:49  remote_cert_ku _= 0
    2016-07-25 21:30:49  remote_cert_ku _= 0
    2016-07-25 21:30:49  remote_cert_ku _= 0
    2016-07-25 21:30:49  remote_cert_eku = '[UNDEF]'
    2016-07-25 21:30:49  ssl_flags = 0
    2016-07-25 21:30:49  tls_timeout = 2
    2016-07-25 21:30:49  renegotiate_bytes = 0
    2016-07-25 21:30:49  renegotiate_packets = 0
    2016-07-25 21:30:49  renegotiate_seconds = 3600
    2016-07-25 21:30:49  handshake_window = 60
    2016-07-25 21:30:49  transition_window = 3600
    2016-07-25 21:30:49  single_session = DISABLED
    2016-07-25 21:30:49  push_peer_info = DISABLED
    2016-07-25 21:30:49  tls_exit = DISABLED
    2016-07-25 21:30:49  tls_auth_file = '[[INLINE]]'
    2016-07-25 21:30:49  client = ENABLED
    2016-07-25 21:30:49  pull = ENABLED
    2016-07-25 21:30:49  auth_user_pass_file = 'stdin'
    2016-07-25 21:30:49 OpenVPN 2.4-icsopenvpn [git:icsopenvpn-b89b098fc66488b9] android-21-arm64-v8a [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH] [IPv6] built on Jul  6 2016
    2016-07-25 21:30:49 library versions: OpenSSL 1.0.2h  3 May 2016, LZO 2.09
    2016-07-25 21:30:49 MANAGEMENT: Connected to management server at /data/user/0/de.blinkt.openvpn/cache/mgmtsocket
    2016-07-25 21:30:49 MANAGEMENT: CMD 'hold release'
    2016-07-25 21:30:49 MANAGEMENT: CMD 'bytecount 2'
    2016-07-25 21:30:49 MANAGEMENT: CMD 'state on'
    2016-07-25 21:30:49 MANAGEMENT: CMD 'username 'Auth' mihai'
    2016-07-25 21:30:49 MANAGEMENT: CMD 'password […]'
    2016-07-25 21:30:49 MANAGEMENT: >STATE:1469471449,RESOLVE,,,,,,
    2016-07-25 21:30:50 MANAGEMENT: CMD 'proxy NONE'
    2016-07-25 21:30:51 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
    2016-07-25 21:30:51 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
    2016-07-25 21:30:51 LZO compression initializing
    2016-07-25 21:30:51 Control Channel MTU parms [ L:1624 D:1182 EF:68 EB:0 ET:0 EL:3 ]
    2016-07-25 21:30:51 Data Channel MTU parms [ L:1624 D:1450 EF:124 EB:406 ET:0 EL:3 ]
    2016-07-25 21:30:51 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1560,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
    2016-07-25 21:30:51 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1560,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
    2016-07-25 21:30:51 TCP/UDP: Preserving recently used remote address: [AF_INET]188.25.246.65:1194
    2016-07-25 21:30:51 Socket Buffers: R=[87380->87380] S=[16384->16384]
    2016-07-25 21:30:51 Attempting to establish TCP connection with [AF_INET]188.25.246.65:1194 [nonblock]
    2016-07-25 21:30:51 MANAGEMENT: >STATE:1469471451,TCP_CONNECT,,,,,,
    2016-07-25 21:30:51 MANAGEMENT: CMD 'needok 'PROTECTFD' ok'
    2016-07-25 21:30:52 TCP connection established with [AF_INET]188.25.246.65:1194
    2016-07-25 21:30:52 MANAGEMENT: CMD 'needok 'PROTECTFD' ok'
    2016-07-25 21:30:52 TCP_CLIENT link local (bound): [AF_INET][undef]:0
    2016-07-25 21:30:52 TCP_CLIENT link remote: [AF_INET]188.25.246.65:1194
    2016-07-25 21:30:52 MANAGEMENT: >STATE:1469471452,WAIT,,,,,,
    2016-07-25 21:30:52 MANAGEMENT: >STATE:1469471452,AUTH,,,,,,
    2016-07-25 21:30:52 TLS: Initial packet from [AF_INET]188.25.246.65:1194, sid=c1e295de d16d0ace
    2016-07-25 21:30:52 WARNING: this configuration may cache passwords in memory – use the auth-nocache option to prevent this
    2016-07-25 21:30:52 VERIFY OK: depth=1, C=RO, ST=Bucuresti, L=Bucuresti, O=home, emailAddress=mihai.balaci@gmail.com, CN=Mihai Balaci
    2016-07-25 21:30:52 VERIFY OK: nsCertType=SERVER
    2016-07-25 21:30:52 VERIFY X509NAME OK: C=RO, ST=Bucuresti, L=Bucuresti, O=home, emailAddress=mihai.balaci@gmail.com, CN=nikkon.go.ro
    2016-07-25 21:30:52 VERIFY OK: depth=0, C=RO, ST=Bucuresti, L=Bucuresti, O=home, emailAddress=mihai.balaci@gmail.com, CN=nikkon.go.ro
    2016-07-25 21:30:53 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
    2016-07-25 21:30:53 [nikkon.go.ro] Peer Connection Initiated with [AF_INET]188.25.246.65:1194
    2016-07-25 21:30:54 MANAGEMENT: >STATE:1469471454,GET_CONFIG,,,,,,
    2016-07-25 21:30:54 SENT CONTROL [nikkon.go.ro]: 'PUSH_REQUEST' (status=1)
    2016-07-25 21:30:54 PUSH: Received control message: 'PUSH_REPLY,route 192.168.100.0 255.255.255.0,dhcp-option DNS 192.168.100.1,dhcp-option DNS 193.231.252.1,dhcp-option DNS 8.8.8.8,route-gateway 10.20.30.1,topology subnet,ping 10,ping-restart 60,ifconfig 10.20.30.2 255.255.255.0'
    2016-07-25 21:30:54 OPTIONS IMPORT: timers and/or timeouts modified
    2016-07-25 21:30:54 OPTIONS IMPORT: –ifconfig/up options modified
    2016-07-25 21:30:54 OPTIONS IMPORT: route options modified
    2016-07-25 21:30:54 OPTIONS IMPORT: route-related options modified
    2016-07-25 21:30:54 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
    2016-07-25 21:30:54 Data Channel MTU parms [ L:1560 D:1560 EF:60 EB:406 ET:0 EL:3 ]
    2016-07-25 21:30:54 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
    2016-07-25 21:30:54 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    2016-07-25 21:30:54 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
    2016-07-25 21:30:54 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    2016-07-25 21:30:54 GDG: SIOCGIFHWADDR(lo) failed
    2016-07-25 21:30:54 ROUTE_GATEWAY 127.100.103.119/255.0.0.0 IFACE=lo
    2016-07-25 21:30:54 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
    2016-07-25 21:30:54 MANAGEMENT: >STATE:1469471454,ASSIGN_IP,,10.20.30.2,,,,
    2016-07-25 21:30:54 MANAGEMENT: CMD 'needok 'IFCONFIG' ok'
    2016-07-25 21:30:54 MANAGEMENT: >STATE:1469471454,ADD_ROUTES,,,,,,
    2016-07-25 21:30:54 MANAGEMENT: CMD 'needok 'ROUTE' ok'
    2016-07-25 21:30:54 MANAGEMENT: CMD 'needok 'DNSSERVER' ok'
    2016-07-25 21:30:54 MANAGEMENT: CMD 'needok 'DNSSERVER' ok'
    2016-07-25 21:30:54 MANAGEMENT: CMD 'needok 'DNSSERVER' ok'
    2016-07-25 21:30:54 MANAGEMENT: CMD 'needok 'PERSIST_TUN_ACTION' OPEN_BEFORE_CLOSE'
    2016-07-25 21:30:54 Opening tun interface:
    2016-07-25 21:30:54 Local IPv4: 10.20.30.2/24 IPv6: null MTU: 1500
    2016-07-25 21:30:54 DNS Server: 192.168.100.1, 193.231.252.1, 8.8.8.8, Domain: null
    2016-07-25 21:30:54 Routes: 10.20.30.0/24, 192.168.100.0/24
    2016-07-25 21:30:54 Routes excluded: 
    2016-07-25 21:30:54 VpnService routes installed: 10.20.30.0/24, 192.168.100.0/24
    2016-07-25 21:30:54 Disallowed VPN apps:
    2016-07-25 21:30:54 MANAGEMENT: CMD 'needok 'OPENTUN' ok'
    2016-07-25 21:30:54 Initialization Sequence Completed
    2016-07-25 21:30:54 MANAGEMENT: >STATE:1469471454,CONNECTED,SUCCESS,10.20.30.2,188.25.246.65,1194,10.141.250.36,52787
    2016-07-25 21:30:55 Network Status: CONNECTED HSPA+ to MOBILE net
    2016-07-25 21:31:18 read TCP_CLIENT []: Connection refused (code=111)
    2016-07-25 21:31:18 read TCP_CLIENT []: Connection refused (code=111)
    2016-07-25 21:31:18 read TCP_CLIENT []: Connection refused (code=111)
    2016-07-25 21:31:18 read TCP_CLIENT []: Connection refused (code=111)
    2016-07-25 21:31:18 read TCP_CLIENT []: Connection refused (code=111)
    2016-07-25 21:31:18 read TCP_CLIENT []: Connection refused (code=111)
    2016-07-25 21:31:18 read TCP_CLIENT []: Connection refused (code=111)
    2016-07-25 21:31:19 read TCP_CLIENT []: Connection refused (code=111)
    2016-07-25 21:31:22 read TCP_CLIENT []: Connection refused (code=111)
    2016-07-25 21:31:26 read TCP_CLIENT []: Connection refused (code=111)
    2016-07-25 21:31:27 read TCP_CLIENT []: Connection refused (code=111)
    2016-07-25 21:31:27 read TCP_CLIENT []: Connection refused (code=111)
    2016-07-25 21:31:27 read TCP_CLIENT []: Connection refused (code=111)
    2016-07-25 21:31:28 read TCP_CLIENT []: Connection refused (code=111)
    2016-07-25 21:31:28 read TCP_CLIENT []: Connection refused (code=111)
    2016-07-25 21:31:28 read TCP_CLIENT []: Connection refused (code=111)
    2016-07-25 21:31:30 read TCP_CLIENT []: Connection refused (code=111)
    2016-07-25 21:31:30 read TCP_CLIENT []: Connection refused (code=111)
    2016-07-25 21:31:30 read TCP_CLIENT []: Connection refused (code=111)
    2016-07-25 21:31:31 read TCP_CLIENT []: Connection refused (code=111)
    2016-07-25 21:31:31 read TCP_CLIENT []: Connection refused (code=111)
    2016-07-25 21:31:34 read TCP_CLIENT []: Connection refused (code=111)
    2016-07-25 21:31:34 read TCP_CLIENT []: Connection refused (code=111)
    2016-07-25 21:31:34 read TCP_CLIENT []: Connection refused (code=111)
    2016-07-25 21:31:34 read TCP_CLIENT []: Connection refused (code=111)
    2016-07-25 21:31:36 read TCP_CLIENT []: Connection refused (code=111)
    2016-07-25 21:31:38 read TCP_CLIENT []: Connection refused (code=111)

    It connects but when i try to access anything from internal LAN i get the latest message.________________



  • Try to exempt OpenVPN App from Power Saving.
    That is a known issue, at least on Samsung Android 6.

    According to the maker of your App the "GDG: SIOCGIFHWADDR(lo) failed" can be ignored.

    " read TCP_CLIENT []: Connection refused (code=111)"
    Here I would think, check firewall, but also the app uses port 80?
    I ask myself, would that conflict with other service?



  • Well, after the update to 2.3.2 works perfectly


Log in to reply