Cannot get openvpn to work, traffic is not routed/flowing



  • I followed this guide: https://forum.pfsense.org/index.php?topic=84866.msg469736#msg469736
    I'm getting no route to host when pinging from pfsense connected through SSH.

    My lan machines are set to use 192.168.2.1 as the default gateway

    ifconfig

    vtnet0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
    	options=6c00bb <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum,vlan_hwtso,linkstate,rxcsum_ipv6,txcsum_ipv6>ether 52:54:00:32:5b:97
    	inet6 fe80::5054:ff:fe32:5b97%vtnet0 prefixlen 64 scopeid 0x1 
    	inet 192.168.1.2 netmask 0xffffff00 broadcast 192.168.1.255 
    	nd6 options=21 <performnud,auto_linklocal>media: Ethernet 10Gbase-T <full-duplex>
    	status: active
    vtnet1: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
    	options=6c00bb <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum,vlan_hwtso,linkstate,rxcsum_ipv6,txcsum_ipv6>ether 52:54:00:32:b5:de
    	inet6 fe80::5054:ff:fe32:b5de%vtnet1 prefixlen 64 scopeid 0x2 
    	inet 192.168.2.1 netmask 0xffff0000 broadcast 192.168.255.255 
    	nd6 options=21 <performnud,auto_linklocal>media: Ethernet 10Gbase-T <full-duplex>
    	status: active
    pflog0: flags=100 <promisc>metric 0 mtu 33144
    pfsync0: flags=0<> metric 0 mtu 1500
    	syncpeer: 224.0.0.240 maxupd: 128 defer: on
    	syncok: 1
    lo0: flags=8049 <up,loopback,running,multicast>metric 0 mtu 16384
    	options=600003 <rxcsum,txcsum,rxcsum_ipv6,txcsum_ipv6>inet 127.0.0.1 netmask 0xff000000 
    	inet6 ::1 prefixlen 128 
    	inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5 
    	nd6 options=21 <performnud,auto_linklocal>enc0: flags=0<> metric 0 mtu 1536
    	nd6 options=21 <performnud,auto_linklocal>ovpnc1: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
    	options=80000 <linkstate>ether 00:bd:d9:00:00:01
    	inet6 fe80::2bd:d9ff:fe00:1%ovpnc1 prefixlen 64 scopeid 0x7 
    	inet 192.253.240.70 netmask 0xffffffe0 broadcast 192.253.240.70 
    	nd6 options=21 <performnud,auto_linklocal>media: Ethernet autoselect
    	status: no carrier
    tun1: flags=8010 <pointopoint,multicast>metric 0 mtu 1500
    	options=80000 <linkstate>nd6 options=21 <performnud,auto_linklocal>Opened by PID 63253</performnud,auto_linklocal></linkstate></pointopoint,multicast></performnud,auto_linklocal></linkstate></up,broadcast,running,simplex,multicast></performnud,auto_linklocal></performnud,auto_linklocal></rxcsum,txcsum,rxcsum_ipv6,txcsum_ipv6></up,loopback,running,multicast></promisc></full-duplex></performnud,auto_linklocal></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum,vlan_hwtso,linkstate,rxcsum_ipv6,txcsum_ipv6></up,broadcast,running,simplex,multicast></full-duplex></performnud,auto_linklocal></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum,vlan_hwtso,linkstate,rxcsum_ipv6,txcsum_ipv6></up,broadcast,running,simplex,multicast>
    

    http://screencloud.net/v/o2Us

    route-delay 2
    auth-nocache;
    keepalive 10 120;
    pull;
    route-nopull;
    route 0.0.0.0 0.0.0.0;
    remote-cert-tls server;
    
    Mar 5 17:21:15	openvpn[62917]: WARNING: file '/var/etc/openvpn/client1.up' is group or others accessible
    Mar 5 17:21:15	openvpn[63253]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    Mar 5 17:21:15	openvpn[63253]: Control Channel Authentication: using '/var/etc/openvpn/client1.tls-auth' as a OpenVPN static key file
    Mar 5 17:21:15	openvpn[63253]: Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
    Mar 5 17:21:15	openvpn[63253]: Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
    Mar 5 17:21:15	openvpn[63253]: LZO compression initialized
    Mar 5 17:21:15	openvpn[63253]: Control Channel MTU parms [ L:1558 D:166 EF:66 EB:0 ET:0 EL:0 ]
    Mar 5 17:21:15	openvpn[63253]: Socket Buffers: R=[42080->65536] S=[57344->65536]
    Mar 5 17:21:16	openvpn[63253]: Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ]
    Mar 5 17:21:16	openvpn[63253]: Local Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
    Mar 5 17:21:16	openvpn[63253]: Expected Remote Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
    Mar 5 17:21:16	openvpn[63253]: Local Options hash (VER=V4): '9e7066d2'
    Mar 5 17:21:16	openvpn[63253]: Expected Remote Options hash (VER=V4): '162b04de'
    Mar 5 17:21:16	openvpn[63253]: UDPv4 link local (bound): [AF_INET]192.168.1.2
    Mar 5 17:21:16	openvpn[63253]: UDPv4 link remote: [AF_INET]192.253.240.2:53
    Mar 5 17:21:16	openvpn[63253]: TLS: Initial packet from [AF_INET]192.253.240.2:53, sid=4ecbb28d 58748260
    Mar 5 17:21:17	openvpn[63253]: VERIFY OK: depth=1, C=HK, ST=HK, L=HongKong, O=PureVPN, OU=IT, CN=PureVPN, name=PureVPN, emailAddress=mail@host.domain
    Mar 5 17:21:17	openvpn[63253]: Validating certificate key usage
    Mar 5 17:21:17	openvpn[63253]: ++ Certificate has key usage 00a0, expects 00a0
    Mar 5 17:21:17	openvpn[63253]: VERIFY KU OK
    Mar 5 17:21:17	openvpn[63253]: Validating certificate extended key usage
    Mar 5 17:21:17	openvpn[63253]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
    Mar 5 17:21:17	openvpn[63253]: VERIFY EKU OK
    Mar 5 17:21:17	openvpn[63253]: VERIFY OK: depth=0, C=HK, ST=HK, L=HongKong, O=PureVPN, OU=IT, CN=PureVPN, name=PureVPN, emailAddress=mail@host.domain
    Mar 5 17:21:21	openvpn[63253]: Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
    Mar 5 17:21:21	openvpn[63253]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    Mar 5 17:21:21	openvpn[63253]: Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
    Mar 5 17:21:21	openvpn[63253]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    Mar 5 17:21:21	openvpn[63253]: Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
    Mar 5 17:21:21	openvpn[63253]: [PureVPN] Peer Connection Initiated with [AF_INET]192.253.240.2:53
    Mar 5 17:21:23	openvpn[63253]: SENT CONTROL [PureVPN]: 'PUSH_REQUEST' (status=1)
    Mar 5 17:21:23	openvpn[63253]: PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 208.67.222.222,dhcp-option DNS 8.8.4.4,route-gateway 192.253.240.65,topology subnet,ping 10,ping-restart 120,ifconfig 192.253.240.70 255.255.255.224'
    Mar 5 17:21:23	openvpn[63253]: Options error: option 'redirect-gateway' cannot be used in this context ([PUSH-OPTIONS])
    Mar 5 17:21:23	openvpn[63253]: Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS])
    Mar 5 17:21:23	openvpn[63253]: Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS])
    Mar 5 17:21:23	openvpn[63253]: OPTIONS IMPORT: timers and/or timeouts modified
    Mar 5 17:21:23	openvpn[63253]: OPTIONS IMPORT: --ifconfig/up options modified
    Mar 5 17:21:23	openvpn[63253]: OPTIONS IMPORT: route-related options modified
    Mar 5 17:21:23	openvpn[63253]: WARNING: potential conflict between --remote address [192.253.240.2] and --ifconfig address pair [192.253.240.70, 255.255.255.224] -- this is a warning only that is triggered when local/remote addresses exist within the same /24 subnet as --ifconfig endpoints. (silence this warning with --ifconfig-nowarn)
    Mar 5 17:21:23	openvpn[63253]: ROUTE_GATEWAY 192.168.1.1
    Mar 5 17:21:23	openvpn[63253]: TUN/TAP device ovpnc1 exists previously, keep at program end
    Mar 5 17:21:23	openvpn[63253]: TUN/TAP device /dev/tun1 opened
    Mar 5 17:21:23	openvpn[63253]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
    Mar 5 17:21:23	openvpn[63253]: /sbin/ifconfig ovpnc1 192.253.240.70 192.253.240.70 mtu 1500 netmask 255.255.255.224 up
    Mar 5 17:21:23	openvpn[63253]: /sbin/route add -net 192.253.240.64 192.253.240.70 255.255.255.224
    Mar 5 17:21:23	openvpn[63253]: ERROR: FreeBSD route add command failed: external program exited with error status: 1
    Mar 5 17:21:23	openvpn[63253]: /usr/local/sbin/ovpn-linkup ovpnc1 1500 1558 192.253.240.70 255.255.255.224 init
    Mar 5 17:21:25	openvpn[63253]: /sbin/route add -net 0.0.0.0 192.253.240.65 0.0.0.0
    Mar 5 17:21:25	openvpn[63253]: ERROR: FreeBSD route add command failed: external program exited with error status: 1
    Mar 5 17:21:25	openvpn[63253]: Initialization Sequence Completed
    
    netstat -nr
    Routing tables
    
    Internet:
    Destination        Gateway            Flags      Netif Expire
    default            192.168.1.1        UGS      vtnet0
    127.0.0.1          link#5             UH          lo0
    192.168.0.0/16     link#2             U        vtnet1
    192.168.1.0/24     link#1             U        vtnet0
    192.168.1.2        link#1             UHS         lo0
    192.168.2.1        link#2             UHS         lo0
    192.253.240.64/27  link#7             U        ovpnc1
    192.253.240.70     link#7             UHS         lo0
    
    

    Firewall rules

    LAN

    ID	Proto	Source	Port	Destination	Port	Gateway	Queue	Schedule	Description	
    delete selected rules	add
     	pass	 	*	*	*	LAN Address	443
    80
    22	*	*	 	Anti-Lockout Rule	
    move	edit
    add
     avanced	icon	 	IPv4 *	LAN net	*	*	*	PUREVPN_VPNV4	none	 	Default allow LAN to any rule 	
    move selected rules before this rule	edit
    delete	add
    	icon	 	IPv6 *	LAN net	*	*	*	*	none	 	Default allow LAN IPv6 to any rule 	
    move selected rules before this rule	edit
    delete	add
    
    

    WAN

    ID	Proto	Source	Port	Destination	Port	Gateway	Queue	Schedule	Description	
    delete	add
     	block	 	*	RFC 1918 networks	*	*	*	*	*	 	Block private networks	
    edit	edit
    add
     	block	 	*	Reserved/not assigned by IANA	*	*	*	*	*	*	Block bogon networks	
    move	 edit
    add
    
    

    Other tabs are empty.

    NAT set to manual outbound rule generation

    Interface	Source	Source Port	Destination	Destination Port	NAT Address	NAT Port	Static Port	Description	
     add
    	 icon	WAN	 	127.0.0.0/8	*	*	500	WAN address	*	YES	Auto created rule for ISAKMP - localhost to WAN 	
    move selected rules before this rule	 edit
     delete	 duplicate
    	 icon	PUREVPN  	127.0.0.0/8	*	*	500	PUREVPN address	*	YES	Auto created rule for ISAKMP - localhost to WAN 	
    move selected rules before this rule	 edit
     delete	 duplicate
    	 icon	WAN	 	127.0.0.0/8	*	*	*	WAN address	*	NO	Auto created rule - localhost to WAN 	
    move selected rules before this rule	 edit
     delete	 duplicate
    	 icon	PUREVPN  	127.0.0.0/8	*	*	*	PUREVPN address	*	NO	Auto created rule - localhost to WAN 	
    move selected rules before this rule	 edit
     delete	 duplicate
    	 icon	WAN	 	192.168.0.0/16	*	*	500	WAN address	*	YES	Auto created rule for ISAKMP - LAN to WAN 	
    move selected rules before this rule	 edit
     delete	 duplicate
    	 icon	PUREVPN  	192.168.0.0/16	*	*	500	PUREVPN address	*	YES	Auto created rule for ISAKMP - LAN to WAN 	
    move selected rules before this rule	 edit
     delete	 duplicate
    	 icon	WAN	 	192.168.0.0/16	*	*	*	WAN address	*	NO	Auto created rule - LAN to WAN 	
    move selected rules before this rule	 edit
     delete	 duplicate
    	 icon	PUREVPN  	192.168.0.0/16	*	*	*	PUREVPN address	*	NO	Auto created rule - LAN to WAN 	
    move selected rules before this rule	 edit
     delete	 duplicate
    

    EDIT: Here's the open vpn settings from purevpn themselves.

    client
    dev tun
    proto udp
    remote hk1-ovpn-udp.purevpn.net 53
    persist-key
    persist-tun
    ca ca.crt
    tls-auth Wdc.key 1
    cipher AES-256-CBC
    comp-lzo
    verb 1
    mute 20
    route-method exe
    route-delay 2
    route 0.0.0.0 0.0.0.0
    auth-user-pass
    auth-retry interact
    explicit-exit-notify 2
    ifconfig-nowarn
    auth-nocache 
    


  • Use tap device.



  • Same thing. I got a little bit further as i set it back to TUN and took out:

    pull;
    route-nopull;
    route 0.0.0.0 0.0.0.0;
    

    Now the default gateway is correctly set to route all traffic through the VPN gateway when i type

    netstat -nr
    

    Now my problem is clients in the 192.168.2.0/24 subnet cannot get out through the VPN. I can ping 192.168.2.1 but anything else wont work, dns doesnt work either. Seems like it's being blocked by pfsense but it's not showing up in the logs.



  • From the OVPN server you get an IP in it's own subnet. That only works correctly with tap device as it is suggested by PureVPN.
    So use tap and if there are further problems post the logs again.



  • Changed back to TAP, left the advanced options out.

    [2.2-RELEASE][admin@vm-vpn.home.vpn]/root: ifconfig
    vtnet0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
    	options=6c00bb <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum,vlan_hwtso,linkstate,rxcsum_ipv6,txcsum_ipv6>ether 52:54:00:32:5b:97
    	inet 192.168.3.1 netmask 0xffffff00 broadcast 192.168.3.255 
    	inet6 fe80::5054:ff:fe32:5b97%vtnet0 prefixlen 64 scopeid 0x1 
    	nd6 options=21 <performnud,auto_linklocal>media: Ethernet 10Gbase-T <full-duplex>status: active
    vtnet1: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
    	options=6c00bb <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum,vlan_hwtso,linkstate,rxcsum_ipv6,txcsum_ipv6>ether 52:54:00:32:b5:de
    	inet 192.168.2.1 netmask 0xffff0000 broadcast 192.168.255.255 
    	inet6 fe80::5054:ff:fe32:b5de%vtnet1 prefixlen 64 scopeid 0x2 
    	nd6 options=21 <performnud,auto_linklocal>media: Ethernet 10Gbase-T <full-duplex>status: active
    pflog0: flags=100 <promisc>metric 0 mtu 33144
    pfsync0: flags=0<> metric 0 mtu 1500
    	syncpeer: 224.0.0.240 maxupd: 128 defer: on
    	syncok: 1
    lo0: flags=8049 <up,loopback,running,multicast>metric 0 mtu 16384
    	options=600003 <rxcsum,txcsum,rxcsum_ipv6,txcsum_ipv6>inet 127.0.0.1 netmask 0xff000000 
    	inet6 ::1 prefixlen 128 
    	inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5 
    	nd6 options=21 <performnud,auto_linklocal>enc0: flags=0<> metric 0 mtu 1536
    	nd6 options=21 <performnud,auto_linklocal>ovpnc1: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
    	options=80000 <linkstate>ether 00:bd:e7:00:00:01
    	inet6 fe80::2bd:e7ff:fe00:1%ovpnc1 prefixlen 64 scopeid 0x7 
    	inet 192.253.240.75 netmask 0xffffffe0 broadcast 192.253.240.75 
    	nd6 options=21 <performnud,auto_linklocal>media: Ethernet autoselect
    	status: active
    	Opened by PID 10235</performnud,auto_linklocal></linkstate></up,broadcast,running,simplex,multicast></performnud,auto_linklocal></performnud,auto_linklocal></rxcsum,txcsum,rxcsum_ipv6,txcsum_ipv6></up,loopback,running,multicast></promisc></full-duplex></performnud,auto_linklocal></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum,vlan_hwtso,linkstate,rxcsum_ipv6,txcsum_ipv6></up,broadcast,running,simplex,multicast></full-duplex></performnud,auto_linklocal></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum,vlan_hwtso,linkstate,rxcsum_ipv6,txcsum_ipv6></up,broadcast,running,simplex,multicast> 
    
    [2.2-RELEASE][admin@vm-vpn.home.vpn]/root: netstat -nr
    Routing tables
    
    Internet:
    Destination        Gateway            Flags      Netif Expire
    0.0.0.0/1          192.253.240.65     UGS      ovpnc1
    default            192.168.1.1        UGS      vtnet1
    127.0.0.1          link#5             UH          lo0
    128.0.0.0/1        192.253.240.65     UGS      ovpnc1
    192.168.0.0/16     link#2             U        vtnet1
    192.168.2.1        link#2             UHS         lo0
    192.168.3.0/24     link#1             U        vtnet0
    192.168.3.1        link#1             UHS         lo0
    192.253.240.2/32   192.168.1.1        UGS      vtnet1
    192.253.240.64/27  link#7             U        ovpnc1
    192.253.240.75     link#7             UHS         lo0
    
    Internet6:
    Destination                       Gateway                       Flags      Netif Expire
    ::1                               link#5                        UH          lo0
    fe80::%vtnet0/64                  link#1                        U        vtnet0
    fe80::5054:ff:fe32:5b97%vtnet0    link#1                        UHS         lo0
    fe80::%vtnet1/64                  link#2                        U        vtnet1
    fe80::5054:ff:fe32:b5de%vtnet1    link#2                        UHS         lo0
    fe80::%lo0/64                     link#5                        U           lo0
    fe80::1%lo0                       link#5                        UHS         lo0
    fe80::%ovpnc1/64                  link#7                        U        ovpnc1
    fe80::2bd:e7ff:fe00:1%ovpnc1      link#7                        UHS         lo0
    ff01::%vtnet0/32                  fe80::5054:ff:fe32:5b97%vtnet0 U        vtnet0
    ff01::%vtnet1/32                  fe80::5054:ff:fe32:b5de%vtnet1 U        vtnet1
    ff01::%lo0/32                     ::1                           U           lo0
    ff01::%ovpnc1/32                  fe80::2bd:e7ff:fe00:1%ovpnc1  U        ovpnc1
    ff02::%vtnet0/32                  fe80::5054:ff:fe32:5b97%vtnet0 U        vtnet0
    ff02::%vtnet1/32                  fe80::5054:ff:fe32:b5de%vtnet1 U        vtnet1
    ff02::%lo0/32                     ::1                           U           lo0
    ff02::%ovpnc1/32                  fe80::2bd:e7ff:fe00:1%ovpnc1  U        ovpnc1
    
    Mar 7 10:34:41	openvpn[10235]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    Mar 7 10:34:41	openvpn[10235]: Control Channel Authentication: using '/var/etc/openvpn/client1.tls-auth' as a OpenVPN static key file
    Mar 7 10:34:41	openvpn[10235]: Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
    Mar 7 10:34:41	openvpn[10235]: Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
    Mar 7 10:34:41	openvpn[10235]: LZO compression initialized
    Mar 7 10:34:41	openvpn[10235]: Control Channel MTU parms [ L:1590 D:166 EF:66 EB:0 ET:0 EL:0 ]
    Mar 7 10:34:41	openvpn[10235]: Socket Buffers: R=[42080->65536] S=[57344->65536]
    Mar 7 10:34:47	openvpn[10235]: Data Channel MTU parms [ L:1590 D:1450 EF:58 EB:135 ET:32 EL:0 AF:3/1 ]
    Mar 7 10:34:47	openvpn[10235]: Local Options String: 'V4,dev-type tap,link-mtu 1590,tun-mtu 1532,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
    Mar 7 10:34:47	openvpn[10235]: Expected Remote Options String: 'V4,dev-type tap,link-mtu 1590,tun-mtu 1532,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
    Mar 7 10:34:47	openvpn[10235]: Local Options hash (VER=V4): '48527533'
    Mar 7 10:34:47	openvpn[10235]: Expected Remote Options hash (VER=V4): '44bd8b5e'
    Mar 7 10:34:47	openvpn[10235]: UDPv4 link local (bound): [AF_INET]192.168.3.1
    Mar 7 10:34:47	openvpn[10235]: UDPv4 link remote: [AF_INET]192.253.240.2:53
    Mar 7 10:34:47	openvpn[10235]: TLS: Initial packet from [AF_INET]192.253.240.2:53, sid=dddc401d 519eb1d9
    Mar 7 10:35:01	openvpn[10235]: Validating certificate key usage
    Mar 7 10:35:01	openvpn[10235]: ++ Certificate has key usage 00a0, expects 00a0
    Mar 7 10:35:01	openvpn[10235]: VERIFY KU OK
    Mar 7 10:35:01	openvpn[10235]: Validating certificate extended key usage
    Mar 7 10:35:01	openvpn[10235]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
    Mar 7 10:35:01	openvpn[10235]: VERIFY EKU OK
    Mar 7 10:35:01	openvpn[10235]: VERIFY OK: depth=0, C=HK, ST=HK, L=HongKong, O=PureVPN, OU=IT, CN=PureVPN, name=PureVPN, emailAddress=mail@host.domain
    Mar 7 10:35:10	openvpn[10235]: WARNING: 'dev-type' is used inconsistently, local='dev-type tap', remote='dev-type tun'
    Mar 7 10:35:10	openvpn[10235]: WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1590', remote='link-mtu 1558'
    Mar 7 10:35:10	openvpn[10235]: WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1532', remote='tun-mtu 1500'
    Mar 7 10:35:10	openvpn[10235]: Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
    Mar 7 10:35:10	openvpn[10235]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    Mar 7 10:35:10	openvpn[10235]: Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
    Mar 7 10:35:10	openvpn[10235]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    Mar 7 10:35:10	openvpn[10235]: Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
    Mar 7 10:35:10	openvpn[10235]: [PureVPN] Peer Connection Initiated with [AF_INET]192.253.240.2:53
    Mar 7 10:35:12	openvpn[10235]: SENT CONTROL [PureVPN]: 'PUSH_REQUEST' (status=1)
    Mar 7 10:35:13	openvpn[10235]: PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 208.67.222.222,dhcp-option DNS 8.8.4.4,route-gateway 192.253.240.65,topology subnet,ping 10,ping-restart 120,ifconfig 192.253.240.75 255.255.255.224'
    Mar 7 10:35:13	openvpn[10235]: OPTIONS IMPORT: timers and/or timeouts modified
    Mar 7 10:35:13	openvpn[10235]: OPTIONS IMPORT: --ifconfig/up options modified
    Mar 7 10:35:13	openvpn[10235]: OPTIONS IMPORT: route options modified
    Mar 7 10:35:13	openvpn[10235]: OPTIONS IMPORT: route-related options modified
    Mar 7 10:35:13	openvpn[10235]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
    Mar 7 10:35:13	openvpn[10235]: ROUTE_GATEWAY 192.168.1.1
    Mar 7 10:35:13	openvpn[10235]: TUN/TAP device ovpnc1 exists previously, keep at program end
    Mar 7 10:35:13	openvpn[10235]: TUN/TAP device /dev/tap1 opened
    Mar 7 10:35:13	openvpn[10235]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
    Mar 7 10:35:13	openvpn[10235]: /sbin/ifconfig ovpnc1 192.253.240.75 192.253.240.75 mtu 1500 netmask 255.255.255.224 up
    Mar 7 10:35:13	openvpn[10235]: /sbin/route add -net 192.253.240.64 192.253.240.75 255.255.255.224
    Mar 7 10:35:13	openvpn[10235]: ERROR: FreeBSD route add command failed: external program exited with error status: 1
    Mar 7 10:35:13	openvpn[10235]: /usr/local/sbin/ovpn-linkup ovpnc1 1500 1590 192.253.240.75 255.255.255.224 init
    Mar 7 10:35:15	openvpn[10235]: /sbin/route add -net 192.253.240.2 192.168.1.1 255.255.255.255
    Mar 7 10:35:15	openvpn[10235]: /sbin/route add -net 0.0.0.0 192.253.240.65 128.0.0.0
    Mar 7 10:35:15	openvpn[10235]: /sbin/route add -net 128.0.0.0 192.253.240.65 128.0.0.0
    Mar 7 10:35:15	openvpn[10235]: Initialization Sequence Completed
    
    [2.2-RELEASE][admin@vm-vpn.home.vpn]/root: ping 8.8.8.8
    PING 8.8.8.8 (8.8.8.8): 56 data bytes
    ping: sendto: No route to host
    ping: sendto: No route to host
    ping: sendto: No route to host
    
    

    If it helps, heres the openvpn settings from purevpn's .ovpn file

    client
    dev tun
    proto udp
    remote hk1-ovpn-udp.purevpn.net 53
    persist-key
    persist-tun
    ca ca.crt
    tls-auth Wdc.key 1
    cipher AES-256-CBC
    comp-lzo
    verb 1
    mute 20
    route-method exe
    route-delay 2
    route 0.0.0.0 0.0.0.0
    auth-user-pass
    auth-retry interact
    explicit-exit-notify 2
    ifconfig-nowarn
    auth-nocache 
    

Log in to reply