Connected with no error but can't ping tunnel gateway?

twowordz · Jan 27, 2017, 2:45 PM

Hi,

I've setup an OpenVPN profile using the wizard in pfsense and I'm using a Windows 10 client with the latest OpenVPN version and tap driver.

I can connect to the openvpn sucessfully (port 443, TCP) and I don't see any errors in the client logs although the end of the log says "Initialization Sequence Completed With Errors".

In the end it says I'm connected and I receive an IP address (192.168.89.2). The tap interface stays down (unplugged) in windows and doing ipconfig /all, I don't see any interface with 192.168.89.2. Is that normal?

I also can't ping 192.168.89.1, the tunnel gateway.

Client config:

dev tun
persist-tun
persist-key
cipher AES-256-CBC
auth SHA1
tls-client
client
comp-lzo
resolv-retry infinite
remote xx.xx.xx.xx 443 tcp-client
verify-x509-name "router.domain.local" name
auth-user-pass
pkcs12 router-TCP-443-router.p12
tls-auth router-TCP-443-router-tls.key 1
ns-cert-type server
route-delay 5
route-method exe
ip-win32 netsh
verb 3

logs:


Fri Jan 27 09:21:05 2017 OpenVPN 2.4.0 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Dec 27 2016
Fri Jan 27 09:21:05 2017 Windows version 6.2 (Windows 8 or greater) 64bit
Fri Jan 27 09:21:05 2017 library versions: OpenSSL 1.0.2i  22 Sep 2016, LZO 2.09
Enter Management Password:
Fri Jan 27 09:21:05 2017 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Fri Jan 27 09:21:05 2017 Need hold release from management interface, waiting...
Fri Jan 27 09:21:06 2017 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Fri Jan 27 09:21:06 2017 MANAGEMENT: CMD 'state on'
Fri Jan 27 09:21:06 2017 MANAGEMENT: CMD 'log all on'
Fri Jan 27 09:21:06 2017 MANAGEMENT: CMD 'hold off'
Fri Jan 27 09:21:06 2017 MANAGEMENT: CMD 'hold release'
Fri Jan 27 09:21:07 2017 MANAGEMENT: CMD 'username "Auth" "username"'
Fri Jan 27 09:21:07 2017 MANAGEMENT: CMD 'password [...]'
Fri Jan 27 09:21:07 2017 MANAGEMENT: CMD 'proxy NONE  '
Fri Jan 27 09:21:08 2017 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Jan 27 09:21:08 2017 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Jan 27 09:21:08 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]xx.xx.xx.xx:443
Fri Jan 27 09:21:08 2017 Socket Buffers: R=[65536->65536] S=[64512->64512]
Fri Jan 27 09:21:08 2017 Attempting to establish TCP connection with [AF_INET]xx.xx.xx.xx:443 [nonblock]
Fri Jan 27 09:21:08 2017 MANAGEMENT: >STATE:1485526868,TCP_CONNECT,,,,,,
Fri Jan 27 09:21:12 2017 TCP connection established with [AF_INET]xx.xx.xx.xx:443
Fri Jan 27 09:21:12 2017 TCP_CLIENT link local: (not bound)
Fri Jan 27 09:21:12 2017 TCP_CLIENT link remote: [AF_INET]xx.xx.xx.xx:443
Fri Jan 27 09:21:12 2017 MANAGEMENT: >STATE:1485526872,WAIT,,,,,,
Fri Jan 27 09:21:12 2017 MANAGEMENT: >STATE:1485526872,AUTH,,,,,,
Fri Jan 27 09:21:12 2017 TLS: Initial packet from [AF_INET]xx.xx.xx.xx:443, sid=6b974749 02c963c4
Fri Jan 27 09:21:12 2017 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Fri Jan 27 09:21:13 2017 [router.domain.local] Peer Connection Initiated with [AF_INET]xx.xx.xx.xx:443
Fri Jan 27 09:21:14 2017 MANAGEMENT: >STATE:1485526874,GET_CONFIG,,,,,,
Fri Jan 27 09:21:14 2017 SENT CONTROL [router.domain.local]: 'PUSH_REQUEST' (status=1)
Fri Jan 27 09:21:14 2017 PUSH: Received control message: 'PUSH_REPLY,route 192.168.88.0 255.255.255.0,dhcp-option DOMAIN domain.local,dhcp-option DNS 192.168.88.3,dhcp-option DNS 8.8.8.8,route 192.168.88.0 255.255.255.0,route-gateway 192.168.89.1,topology subnet,ping 10,ping-restart 60,ifconfig 192.168.89.2 255.255.255.0'
Fri Jan 27 09:21:14 2017 OPTIONS IMPORT: timers and/or timeouts modified
Fri Jan 27 09:21:14 2017 OPTIONS IMPORT: --ifconfig/up options modified
Fri Jan 27 09:21:14 2017 OPTIONS IMPORT: route options modified
Fri Jan 27 09:21:14 2017 OPTIONS IMPORT: route-related options modified
Fri Jan 27 09:21:14 2017 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Fri Jan 27 09:21:14 2017 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Fri Jan 27 09:21:14 2017 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Jan 27 09:21:14 2017 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Fri Jan 27 09:21:14 2017 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Jan 27 09:21:14 2017 interactive service msg_channel=0
Fri Jan 27 09:21:14 2017 ROUTE_GATEWAY 192.168.31.1/255.255.255.0 I=8 HWADDR=90:8d:78:aa:25:32
Fri Jan 27 09:21:14 2017 open_tun
Fri Jan 27 09:21:14 2017 TAP-WIN32 device [tap0] opened: \\.\Global\{81F4A0A4-AE3C-47B2-89D1-383DBFD1D5CD}.tap
Fri Jan 27 09:21:14 2017 TAP-Windows Driver Version 9.21 
Fri Jan 27 09:21:14 2017 Set TAP-Windows TUN subnet mode network/local/netmask = 192.168.89.0/192.168.89.2/255.255.255.0 [SUCCEEDED]
Fri Jan 27 09:21:14 2017 Successful ARP Flush on interface [7] {81F4A0A4-AE3C-47B2-89D1-383DBFD1D5CD}
Fri Jan 27 09:21:14 2017 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Fri Jan 27 09:21:14 2017 MANAGEMENT: >STATE:1485526874,ASSIGN_IP,,192.168.89.2,,,,
Fri Jan 27 09:21:15 2017 NETSH: C:\Windows\system32\netsh.exe interface ip set address tap0 static 192.168.89.2 255.255.255.0
Fri Jan 27 09:21:16 2017 NETSH: C:\Windows\system32\netsh.exe interface ip delete dns tap0 all
Fri Jan 27 09:21:17 2017 NETSH: C:\Windows\system32\netsh.exe interface ip set dns tap0 static 192.168.88.3
Fri Jan 27 09:21:30 2017 NETSH: C:\Windows\system32\netsh.exe interface ip add dns tap0 8.8.8.8
Fri Jan 27 09:21:32 2017 NETSH: C:\Windows\system32\netsh.exe interface ip delete wins tap0 all

Fri Jan 27 09:22:06 2017 Route: Waiting for TUN/TAP interface to come up...
Fri Jan 27 09:22:07 2017 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
Fri Jan 27 09:22:07 2017 MANAGEMENT: >STATE:1485526927,ADD_ROUTES,,,,,,
Fri Jan 27 09:22:07 2017 C:\Windows\system32\route.exe ADD 192.168.88.0 MASK 255.255.255.0 192.168.89.1
Fri Jan 27 09:22:07 2017 env_block: add PATH=C:\Windows\System32;C:\Windows;C:\Windows\System32\Wbem
Fri Jan 27 09:22:07 2017 C:\Windows\system32\route.exe ADD 192.168.88.0 MASK 255.255.255.0 192.168.89.1
Fri Jan 27 09:22:07 2017 env_block: add PATH=C:\Windows\System32;C:\Windows;C:\Windows\System32\Wbem

SYSTEM ROUTING TABLE
0.0.0.0 0.0.0.0 192.168.31.1 p=0 i=8 t=4 pr=3 a=1169 h=0 m=25/0/0/0/0
127.0.0.0 255.0.0.0 127.0.0.1 p=0 i=1 t=3 pr=2 a=67807 h=0 m=306/0/0/0/0
127.0.0.1 255.255.255.255 127.0.0.1 p=0 i=1 t=3 pr=2 a=67807 h=0 m=306/0/0/0/0
127.255.255.255 255.255.255.255 127.0.0.1 p=0 i=1 t=3 pr=2 a=67807 h=0 m=306/0/0/0/0
192.168.31.0 255.255.255.0 192.168.31.226 p=0 i=8 t=3 pr=2 a=1169 h=0 m=281/0/0/0/0
192.168.31.226 255.255.255.255 192.168.31.226 p=0 i=8 t=3 pr=2 a=1169 h=0 m=281/0/0/0/0
192.168.31.255 255.255.255.255 192.168.31.226 p=0 i=8 t=3 pr=2 a=1169 h=0 m=281/0/0/0/0
192.168.88.0 255.255.255.0 192.168.89.1 p=0 i=8 t=4 pr=3 a=0 h=0 m=26/0/0/0/0
224.0.0.0 240.0.0.0 127.0.0.1 p=0 i=1 t=3 pr=2 a=67807 h=0 m=306/0/0/0/0
224.0.0.0 240.0.0.0 192.168.31.226 p=0 i=8 t=3 pr=2 a=67774 h=0 m=281/0/0/0/0
255.255.255.255 255.255.255.255 127.0.0.1 p=0 i=1 t=3 pr=2 a=67807 h=0 m=306/0/0/0/0
255.255.255.255 255.255.255.255 192.168.31.226 p=0 i=8 t=3 pr=2 a=67774 h=0 m=281/0/0/0/0
SYSTEM ADAPTER LIST
Intel(R) I210 Gigabit Network Connection
  Index = 10
  GUID = {E4D48A50-EA4C-413E-B916-EF65AA053840}
  IP = 0.0.0.0/0.0.0.0 
  MAC = 44:39:c4:92:eb:11
  GATEWAY = xx.xx.xx.129/255.255.255.255 
  DHCP SERV =  
  DHCP LEASE OBTAINED = Fri Jan 27 09:22:07 2017
  DHCP LEASE EXPIRES  = Fri Jan 27 09:22:07 2017
  PRI WINS = xx.xx.xx.xx/255.255.255.255 
  SEC WINS = xx.xx.xx.xx/255.255.255.255 
  DNS SERV =  
Wireless AC1200 Dual Band USB Adapter
  Index = 8
  GUID = {AA3F4CC5-920F-4D7A-AEA9-1194E1BF990A}
  IP = 192.168.31.226/255.255.255.0 
  MAC = 90:8d:78:aa:25:32
  GATEWAY = 192.168.31.1/255.255.255.255 
  DHCP SERV = 192.168.31.1/255.255.255.255 
  DHCP LEASE OBTAINED = Fri Jan 27 09:02:39 2017
  DHCP LEASE EXPIRES  = Fri Jan 27 13:02:39 2017
  DNS SERV = 8.8.8.8/255.255.255.255 
Intel(R) Ethernet Connection (2) I218-LM
  Index = 4
  GUID = {50E242CE-9EC0-4518-88CA-06B995EF57EE}
  IP = 0.0.0.0/0.0.0.0 
  MAC = 44:39:c4:92:eb:10
  GATEWAY = 0.0.0.0/255.255.255.255 
  DNS SERV =  
Microsoft Wi-Fi Direct Virtual Adapter
  Index = 6
  GUID = {59884E92-C6F5-4E66-9BCB-879BFE3FA2FB}
  IP = 0.0.0.0/0.0.0.0 
  MAC = 90:8d:78:aa:25:32
  GATEWAY = 0.0.0.0/255.255.255.255 
  DHCP SERV =  
  DHCP LEASE OBTAINED = Fri Jan 27 09:22:07 2017
  DHCP LEASE EXPIRES  = Fri Jan 27 09:22:07 2017
  DNS SERV =  
TAP-Windows Adapter V9
  Index = 7
  GUID = {81F4A0A4-AE3C-47B2-89D1-383DBFD1D5CD}
  IP = 0.0.0.0/0.0.0.0 
  MAC = 00:ff:81:f4:a0:a4
  GATEWAY = 0.0.0.0/255.255.255.255 
  DNS SERV =  
Fri Jan 27 09:22:07 2017 Initialization Sequence Completed With Errors ( see http://openvpn.net/faq.html#dhcpclientserv )
Fri Jan 27 09:22:07 2017 MANAGEMENT: >STATE:1485526927,CONNECTED,ERROR,192.168.89.2,xx.xx.xx.xx,443,192.168.31.226,23771

I'm not sure what's going on and I don't know where else to look. Could it be something incorrect on the server side?

yodaphone · Jan 27, 2017, 4:05 PM

@twowordz:

Hi,

I've setup an OpenVPN profile using the wizard in pfsense and I'm using a Windows 10 client with the latest OpenVPN version and tap driver.

I can connect to the openvpn sucessfully (port 443, TCP) and I don't see any errors in the client logs although the end of the log says "Initialization Sequence Completed With Errors".

In the end it says I'm connected and I receive an IP address (192.168.89.2). The tap interface stays down (unplugged) in windows and doing ipconfig /all, I don't see any interface with 192.168.89.2. Is that normal?

I also can't ping 192.168.89.1, the tunnel gateway.

Client config:

dev tun
persist-tun
persist-key
cipher AES-256-CBC
auth SHA1
tls-client
client
comp-lzo
resolv-retry infinite
remote xx.xx.xx.xx 443 tcp-client
verify-x509-name "router.domain.local" name
auth-user-pass
pkcs12 router-TCP-443-router.p12
tls-auth router-TCP-443-router-tls.key 1
ns-cert-type server
route-delay 5
route-method exe
ip-win32 netsh
verb 3

logs:


Fri Jan 27 09:21:05 2017 OpenVPN 2.4.0 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Dec 27 2016
Fri Jan 27 09:21:05 2017 Windows version 6.2 (Windows 8 or greater) 64bit
Fri Jan 27 09:21:05 2017 library versions: OpenSSL 1.0.2i  22 Sep 2016, LZO 2.09
Enter Management Password:
Fri Jan 27 09:21:05 2017 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Fri Jan 27 09:21:05 2017 Need hold release from management interface, waiting...
Fri Jan 27 09:21:06 2017 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Fri Jan 27 09:21:06 2017 MANAGEMENT: CMD 'state on'
Fri Jan 27 09:21:06 2017 MANAGEMENT: CMD 'log all on'
Fri Jan 27 09:21:06 2017 MANAGEMENT: CMD 'hold off'
Fri Jan 27 09:21:06 2017 MANAGEMENT: CMD 'hold release'
Fri Jan 27 09:21:07 2017 MANAGEMENT: CMD 'username "Auth" "username"'
Fri Jan 27 09:21:07 2017 MANAGEMENT: CMD 'password [...]'
Fri Jan 27 09:21:07 2017 MANAGEMENT: CMD 'proxy NONE  '
Fri Jan 27 09:21:08 2017 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Jan 27 09:21:08 2017 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Jan 27 09:21:08 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]xx.xx.xx.xx:443
Fri Jan 27 09:21:08 2017 Socket Buffers: R=[65536->65536] S=[64512->64512]
Fri Jan 27 09:21:08 2017 Attempting to establish TCP connection with [AF_INET]xx.xx.xx.xx:443 [nonblock]
Fri Jan 27 09:21:08 2017 MANAGEMENT: >STATE:1485526868,TCP_CONNECT,,,,,,
Fri Jan 27 09:21:12 2017 TCP connection established with [AF_INET]xx.xx.xx.xx:443
Fri Jan 27 09:21:12 2017 TCP_CLIENT link local: (not bound)
Fri Jan 27 09:21:12 2017 TCP_CLIENT link remote: [AF_INET]xx.xx.xx.xx:443
Fri Jan 27 09:21:12 2017 MANAGEMENT: >STATE:1485526872,WAIT,,,,,,
Fri Jan 27 09:21:12 2017 MANAGEMENT: >STATE:1485526872,AUTH,,,,,,
Fri Jan 27 09:21:12 2017 TLS: Initial packet from [AF_INET]xx.xx.xx.xx:443, sid=6b974749 02c963c4
Fri Jan 27 09:21:12 2017 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Fri Jan 27 09:21:13 2017 [router.domain.local] Peer Connection Initiated with [AF_INET]xx.xx.xx.xx:443
Fri Jan 27 09:21:14 2017 MANAGEMENT: >STATE:1485526874,GET_CONFIG,,,,,,
Fri Jan 27 09:21:14 2017 SENT CONTROL [router.domain.local]: 'PUSH_REQUEST' (status=1)
Fri Jan 27 09:21:14 2017 PUSH: Received control message: 'PUSH_REPLY,route 192.168.88.0 255.255.255.0,dhcp-option DOMAIN domain.local,dhcp-option DNS 192.168.88.3,dhcp-option DNS 8.8.8.8,route 192.168.88.0 255.255.255.0,route-gateway 192.168.89.1,topology subnet,ping 10,ping-restart 60,ifconfig 192.168.89.2 255.255.255.0'
Fri Jan 27 09:21:14 2017 OPTIONS IMPORT: timers and/or timeouts modified
Fri Jan 27 09:21:14 2017 OPTIONS IMPORT: --ifconfig/up options modified
Fri Jan 27 09:21:14 2017 OPTIONS IMPORT: route options modified
Fri Jan 27 09:21:14 2017 OPTIONS IMPORT: route-related options modified
Fri Jan 27 09:21:14 2017 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Fri Jan 27 09:21:14 2017 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Fri Jan 27 09:21:14 2017 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Jan 27 09:21:14 2017 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Fri Jan 27 09:21:14 2017 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Jan 27 09:21:14 2017 interactive service msg_channel=0
Fri Jan 27 09:21:14 2017 ROUTE_GATEWAY 192.168.31.1/255.255.255.0 I=8 HWADDR=90:8d:78:aa:25:32
Fri Jan 27 09:21:14 2017 open_tun
Fri Jan 27 09:21:14 2017 TAP-WIN32 device [tap0] opened: \\.\Global\{81F4A0A4-AE3C-47B2-89D1-383DBFD1D5CD}.tap
Fri Jan 27 09:21:14 2017 TAP-Windows Driver Version 9.21 
Fri Jan 27 09:21:14 2017 Set TAP-Windows TUN subnet mode network/local/netmask = 192.168.89.0/192.168.89.2/255.255.255.0 [SUCCEEDED]
Fri Jan 27 09:21:14 2017 Successful ARP Flush on interface [7] {81F4A0A4-AE3C-47B2-89D1-383DBFD1D5CD}
Fri Jan 27 09:21:14 2017 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Fri Jan 27 09:21:14 2017 MANAGEMENT: >STATE:1485526874,ASSIGN_IP,,192.168.89.2,,,,
Fri Jan 27 09:21:15 2017 NETSH: C:\Windows\system32\netsh.exe interface ip set address tap0 static 192.168.89.2 255.255.255.0
Fri Jan 27 09:21:16 2017 NETSH: C:\Windows\system32\netsh.exe interface ip delete dns tap0 all
Fri Jan 27 09:21:17 2017 NETSH: C:\Windows\system32\netsh.exe interface ip set dns tap0 static 192.168.88.3
Fri Jan 27 09:21:30 2017 NETSH: C:\Windows\system32\netsh.exe interface ip add dns tap0 8.8.8.8
Fri Jan 27 09:21:32 2017 NETSH: C:\Windows\system32\netsh.exe interface ip delete wins tap0 all

Fri Jan 27 09:22:06 2017 Route: Waiting for TUN/TAP interface to come up...
Fri Jan 27 09:22:07 2017 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
Fri Jan 27 09:22:07 2017 MANAGEMENT: >STATE:1485526927,ADD_ROUTES,,,,,,
Fri Jan 27 09:22:07 2017 C:\Windows\system32\route.exe ADD 192.168.88.0 MASK 255.255.255.0 192.168.89.1
Fri Jan 27 09:22:07 2017 env_block: add PATH=C:\Windows\System32;C:\Windows;C:\Windows\System32\Wbem
Fri Jan 27 09:22:07 2017 C:\Windows\system32\route.exe ADD 192.168.88.0 MASK 255.255.255.0 192.168.89.1
Fri Jan 27 09:22:07 2017 env_block: add PATH=C:\Windows\System32;C:\Windows;C:\Windows\System32\Wbem

SYSTEM ROUTING TABLE
0.0.0.0 0.0.0.0 192.168.31.1 p=0 i=8 t=4 pr=3 a=1169 h=0 m=25/0/0/0/0
127.0.0.0 255.0.0.0 127.0.0.1 p=0 i=1 t=3 pr=2 a=67807 h=0 m=306/0/0/0/0
127.0.0.1 255.255.255.255 127.0.0.1 p=0 i=1 t=3 pr=2 a=67807 h=0 m=306/0/0/0/0
127.255.255.255 255.255.255.255 127.0.0.1 p=0 i=1 t=3 pr=2 a=67807 h=0 m=306/0/0/0/0
192.168.31.0 255.255.255.0 192.168.31.226 p=0 i=8 t=3 pr=2 a=1169 h=0 m=281/0/0/0/0
192.168.31.226 255.255.255.255 192.168.31.226 p=0 i=8 t=3 pr=2 a=1169 h=0 m=281/0/0/0/0
192.168.31.255 255.255.255.255 192.168.31.226 p=0 i=8 t=3 pr=2 a=1169 h=0 m=281/0/0/0/0
192.168.88.0 255.255.255.0 192.168.89.1 p=0 i=8 t=4 pr=3 a=0 h=0 m=26/0/0/0/0
224.0.0.0 240.0.0.0 127.0.0.1 p=0 i=1 t=3 pr=2 a=67807 h=0 m=306/0/0/0/0
224.0.0.0 240.0.0.0 192.168.31.226 p=0 i=8 t=3 pr=2 a=67774 h=0 m=281/0/0/0/0
255.255.255.255 255.255.255.255 127.0.0.1 p=0 i=1 t=3 pr=2 a=67807 h=0 m=306/0/0/0/0
255.255.255.255 255.255.255.255 192.168.31.226 p=0 i=8 t=3 pr=2 a=67774 h=0 m=281/0/0/0/0
SYSTEM ADAPTER LIST
Intel(R) I210 Gigabit Network Connection
  Index = 10
  GUID = {E4D48A50-EA4C-413E-B916-EF65AA053840}
  IP = 0.0.0.0/0.0.0.0 
  MAC = 44:39:c4:92:eb:11
  GATEWAY = xx.xx.xx.129/255.255.255.255 
  DHCP SERV =  
  DHCP LEASE OBTAINED = Fri Jan 27 09:22:07 2017
  DHCP LEASE EXPIRES  = Fri Jan 27 09:22:07 2017
  PRI WINS = xx.xx.xx.xx/255.255.255.255 
  SEC WINS = xx.xx.xx.xx/255.255.255.255 
  DNS SERV =  
Wireless AC1200 Dual Band USB Adapter
  Index = 8
  GUID = {AA3F4CC5-920F-4D7A-AEA9-1194E1BF990A}
  IP = 192.168.31.226/255.255.255.0 
  MAC = 90:8d:78:aa:25:32
  GATEWAY = 192.168.31.1/255.255.255.255 
  DHCP SERV = 192.168.31.1/255.255.255.255 
  DHCP LEASE OBTAINED = Fri Jan 27 09:02:39 2017
  DHCP LEASE EXPIRES  = Fri Jan 27 13:02:39 2017
  DNS SERV = 8.8.8.8/255.255.255.255 
Intel(R) Ethernet Connection (2) I218-LM
  Index = 4
  GUID = {50E242CE-9EC0-4518-88CA-06B995EF57EE}
  IP = 0.0.0.0/0.0.0.0 
  MAC = 44:39:c4:92:eb:10
  GATEWAY = 0.0.0.0/255.255.255.255 
  DNS SERV =  
Microsoft Wi-Fi Direct Virtual Adapter
  Index = 6
  GUID = {59884E92-C6F5-4E66-9BCB-879BFE3FA2FB}
  IP = 0.0.0.0/0.0.0.0 
  MAC = 90:8d:78:aa:25:32
  GATEWAY = 0.0.0.0/255.255.255.255 
  DHCP SERV =  
  DHCP LEASE OBTAINED = Fri Jan 27 09:22:07 2017
  DHCP LEASE EXPIRES  = Fri Jan 27 09:22:07 2017
  DNS SERV =  
TAP-Windows Adapter V9
  Index = 7
  GUID = {81F4A0A4-AE3C-47B2-89D1-383DBFD1D5CD}
  IP = 0.0.0.0/0.0.0.0 
  MAC = 00:ff:81:f4:a0:a4
  GATEWAY = 0.0.0.0/255.255.255.255 
  DNS SERV =  
Fri Jan 27 09:22:07 2017 Initialization Sequence Completed With Errors ( see http://openvpn.net/faq.html#dhcpclientserv )
Fri Jan 27 09:22:07 2017 MANAGEMENT: >STATE:1485526927,CONNECTED,ERROR,192.168.89.2,xx.xx.xx.xx,443,192.168.31.226,23771

I'm not sure what's going on and I don't know where else to look. Could it be something incorrect on the server side?

from a n00b:

do you have the necessary rules in the firewall?

twowordz · Jan 27, 2017, 4:17 PM

The wizard added a rule under firewall/rules/openvpn for any.

marvosa · Jan 28, 2017, 4:41 AM

Post your server1.conf.

Derelict · Jan 28, 2017, 6:46 AM

https://doc.pfsense.org/index.php/Why_can%27t_I_ping_some_OpenVPN_adapter_addresses

twowordz · Jan 30, 2017, 1:26 PM

Hi Marvosa,

Here's the config:

dev ovpns2
verb 1
dev-type tun
tun-ipv6
dev-node /dev/tun2
writepid /var/run/openvpn_server2.pid
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto tcp-server
cipher AES-256-CBC
auth SHA1
up /usr/local/sbin/ovpn-linkup
down /usr/local/sbin/ovpn-linkdown
client-connect /usr/local/sbin/openvpn.attributes.sh
client-disconnect /usr/local/sbin/openvpn.attributes.sh
local xx.xx.xx.xx
tls-server
server 192.168.89.0 255.255.255.0
client-config-dir /var/etc/openvpn-csc/server2
username-as-common-name
auth-user-pass-verify "/usr/local/sbin/ovpn_auth_verify user 'Local Database' false server2" via-env
tls-verify "/usr/local/sbin/ovpn_auth_verify tls 'router.domain.local' 1"
lport 443
management /var/etc/openvpn/server2.sock unix
max-clients 1
push "route 192.168.88.0 255.255.255.0"
push "dhcp-option DOMAIN domain.local"
push "dhcp-option DNS 192.168.88.3"
push "dhcp-option DNS 8.8.8.8"
ca /var/etc/openvpn/server2.ca 
cert /var/etc/openvpn/server2.cert 
key /var/etc/openvpn/server2.key 
dh /etc/dh-parameters.2048
tls-auth /var/etc/openvpn/server2.tls-auth 0
persist-remote-ip
float
topology subnet
push "route 192.168.88.0 255.255.255.0"
mute 10
comp-lzo