4. Cannot get openvpn to work, traffic is not routed/flowing

Cannot get openvpn to work, traffic is not routed/flowing

  • K

    I followed this guide: https://forum.pfsense.org/index.php?topic=84866.msg469736#msg469736
    I'm getting no route to host when pinging from pfsense connected through SSH.

    My lan machines are set to use 192.168.2.1 as the default gateway

    ifconfig

    vtnet0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
	options=6c00bb <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum,vlan_hwtso,linkstate,rxcsum_ipv6,txcsum_ipv6>ether 52:54:00:32:5b:97
	inet6 fe80::5054:ff:fe32:5b97%vtnet0 prefixlen 64 scopeid 0x1 
	inet 192.168.1.2 netmask 0xffffff00 broadcast 192.168.1.255 
	nd6 options=21 <performnud,auto_linklocal>media: Ethernet 10Gbase-T <full-duplex>
	status: active
vtnet1: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
	options=6c00bb <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum,vlan_hwtso,linkstate,rxcsum_ipv6,txcsum_ipv6>ether 52:54:00:32:b5:de
	inet6 fe80::5054:ff:fe32:b5de%vtnet1 prefixlen 64 scopeid 0x2 
	inet 192.168.2.1 netmask 0xffff0000 broadcast 192.168.255.255 
	nd6 options=21 <performnud,auto_linklocal>media: Ethernet 10Gbase-T <full-duplex>
	status: active
pflog0: flags=100 <promisc>metric 0 mtu 33144
pfsync0: flags=0<> metric 0 mtu 1500
	syncpeer: 224.0.0.240 maxupd: 128 defer: on
	syncok: 1
lo0: flags=8049 <up,loopback,running,multicast>metric 0 mtu 16384
	options=600003 <rxcsum,txcsum,rxcsum_ipv6,txcsum_ipv6>inet 127.0.0.1 netmask 0xff000000 
	inet6 ::1 prefixlen 128 
	inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5 
	nd6 options=21 <performnud,auto_linklocal>enc0: flags=0<> metric 0 mtu 1536
	nd6 options=21 <performnud,auto_linklocal>ovpnc1: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
	options=80000 <linkstate>ether 00:bd:d9:00:00:01
	inet6 fe80::2bd:d9ff:fe00:1%ovpnc1 prefixlen 64 scopeid 0x7 
	inet 192.253.240.70 netmask 0xffffffe0 broadcast 192.253.240.70 
	nd6 options=21 <performnud,auto_linklocal>media: Ethernet autoselect
	status: no carrier
tun1: flags=8010 <pointopoint,multicast>metric 0 mtu 1500
	options=80000 <linkstate>nd6 options=21 <performnud,auto_linklocal>Opened by PID 63253</performnud,auto_linklocal></linkstate></pointopoint,multicast></performnud,auto_linklocal></linkstate></up,broadcast,running,simplex,multicast></performnud,auto_linklocal></performnud,auto_linklocal></rxcsum,txcsum,rxcsum_ipv6,txcsum_ipv6></up,loopback,running,multicast></promisc></full-duplex></performnud,auto_linklocal></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum,vlan_hwtso,linkstate,rxcsum_ipv6,txcsum_ipv6></up,broadcast,running,simplex,multicast></full-duplex></performnud,auto_linklocal></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum,vlan_hwtso,linkstate,rxcsum_ipv6,txcsum_ipv6></up,broadcast,running,simplex,multicast>

    http://screencloud.net/v/o2Us

    route-delay 2
auth-nocache;
keepalive 10 120;
pull;
route-nopull;
route 0.0.0.0 0.0.0.0;
remote-cert-tls server;

    Mar 5 17:21:15	openvpn[62917]: WARNING: file '/var/etc/openvpn/client1.up' is group or others accessible
Mar 5 17:21:15	openvpn[63253]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Mar 5 17:21:15	openvpn[63253]: Control Channel Authentication: using '/var/etc/openvpn/client1.tls-auth' as a OpenVPN static key file
Mar 5 17:21:15	openvpn[63253]: Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Mar 5 17:21:15	openvpn[63253]: Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Mar 5 17:21:15	openvpn[63253]: LZO compression initialized
Mar 5 17:21:15	openvpn[63253]: Control Channel MTU parms [ L:1558 D:166 EF:66 EB:0 ET:0 EL:0 ]
Mar 5 17:21:15	openvpn[63253]: Socket Buffers: R=[42080->65536] S=[57344->65536]
Mar 5 17:21:16	openvpn[63253]: Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ]
Mar 5 17:21:16	openvpn[63253]: Local Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
Mar 5 17:21:16	openvpn[63253]: Expected Remote Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
Mar 5 17:21:16	openvpn[63253]: Local Options hash (VER=V4): '9e7066d2'
Mar 5 17:21:16	openvpn[63253]: Expected Remote Options hash (VER=V4): '162b04de'
Mar 5 17:21:16	openvpn[63253]: UDPv4 link local (bound): [AF_INET]192.168.1.2
Mar 5 17:21:16	openvpn[63253]: UDPv4 link remote: [AF_INET]192.253.240.2:53
Mar 5 17:21:16	openvpn[63253]: TLS: Initial packet from [AF_INET]192.253.240.2:53, sid=4ecbb28d 58748260
Mar 5 17:21:17	openvpn[63253]: VERIFY OK: depth=1, C=HK, ST=HK, L=HongKong, O=PureVPN, OU=IT, CN=PureVPN, name=PureVPN, emailAddress=mail@host.domain
Mar 5 17:21:17	openvpn[63253]: Validating certificate key usage
Mar 5 17:21:17	openvpn[63253]: ++ Certificate has key usage 00a0, expects 00a0
Mar 5 17:21:17	openvpn[63253]: VERIFY KU OK
Mar 5 17:21:17	openvpn[63253]: Validating certificate extended key usage
Mar 5 17:21:17	openvpn[63253]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Mar 5 17:21:17	openvpn[63253]: VERIFY EKU OK
Mar 5 17:21:17	openvpn[63253]: VERIFY OK: depth=0, C=HK, ST=HK, L=HongKong, O=PureVPN, OU=IT, CN=PureVPN, name=PureVPN, emailAddress=mail@host.domain
Mar 5 17:21:21	openvpn[63253]: Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Mar 5 17:21:21	openvpn[63253]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mar 5 17:21:21	openvpn[63253]: Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Mar 5 17:21:21	openvpn[63253]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mar 5 17:21:21	openvpn[63253]: Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Mar 5 17:21:21	openvpn[63253]: [PureVPN] Peer Connection Initiated with [AF_INET]192.253.240.2:53
Mar 5 17:21:23	openvpn[63253]: SENT CONTROL [PureVPN]: 'PUSH_REQUEST' (status=1)
Mar 5 17:21:23	openvpn[63253]: PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 208.67.222.222,dhcp-option DNS 8.8.4.4,route-gateway 192.253.240.65,topology subnet,ping 10,ping-restart 120,ifconfig 192.253.240.70 255.255.255.224'
Mar 5 17:21:23	openvpn[63253]: Options error: option 'redirect-gateway' cannot be used in this context ([PUSH-OPTIONS])
Mar 5 17:21:23	openvpn[63253]: Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS])
Mar 5 17:21:23	openvpn[63253]: Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS])
Mar 5 17:21:23	openvpn[63253]: OPTIONS IMPORT: timers and/or timeouts modified
Mar 5 17:21:23	openvpn[63253]: OPTIONS IMPORT: --ifconfig/up options modified
Mar 5 17:21:23	openvpn[63253]: OPTIONS IMPORT: route-related options modified
Mar 5 17:21:23	openvpn[63253]: WARNING: potential conflict between --remote address [192.253.240.2] and --ifconfig address pair [192.253.240.70, 255.255.255.224] -- this is a warning only that is triggered when local/remote addresses exist within the same /24 subnet as --ifconfig endpoints. (silence this warning with --ifconfig-nowarn)
Mar 5 17:21:23	openvpn[63253]: ROUTE_GATEWAY 192.168.1.1
Mar 5 17:21:23	openvpn[63253]: TUN/TAP device ovpnc1 exists previously, keep at program end
Mar 5 17:21:23	openvpn[63253]: TUN/TAP device /dev/tun1 opened
Mar 5 17:21:23	openvpn[63253]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Mar 5 17:21:23	openvpn[63253]: /sbin/ifconfig ovpnc1 192.253.240.70 192.253.240.70 mtu 1500 netmask 255.255.255.224 up
Mar 5 17:21:23	openvpn[63253]: /sbin/route add -net 192.253.240.64 192.253.240.70 255.255.255.224
Mar 5 17:21:23	openvpn[63253]: ERROR: FreeBSD route add command failed: external program exited with error status: 1
Mar 5 17:21:23	openvpn[63253]: /usr/local/sbin/ovpn-linkup ovpnc1 1500 1558 192.253.240.70 255.255.255.224 init
Mar 5 17:21:25	openvpn[63253]: /sbin/route add -net 0.0.0.0 192.253.240.65 0.0.0.0
Mar 5 17:21:25	openvpn[63253]: ERROR: FreeBSD route add command failed: external program exited with error status: 1
Mar 5 17:21:25	openvpn[63253]: Initialization Sequence Completed

    netstat -nr
Routing tables

Internet:
Destination        Gateway            Flags      Netif Expire
default            192.168.1.1        UGS      vtnet0
127.0.0.1          link#5             UH          lo0
192.168.0.0/16     link#2             U        vtnet1
192.168.1.0/24     link#1             U        vtnet0
192.168.1.2        link#1             UHS         lo0
192.168.2.1        link#2             UHS         lo0
192.253.240.64/27  link#7             U        ovpnc1
192.253.240.70     link#7             UHS         lo0

    Firewall rules

    LAN

    ID	Proto	Source	Port	Destination	Port	Gateway	Queue	Schedule	Description	
delete selected rules	add
 	pass	 	*	*	*	LAN Address	443
80
22	*	*	 	Anti-Lockout Rule	
move	edit
add
 avanced	icon	 	IPv4 *	LAN net	*	*	*	PUREVPN_VPNV4	none	 	Default allow LAN to any rule 	
move selected rules before this rule	edit
delete	add
	icon	 	IPv6 *	LAN net	*	*	*	*	none	 	Default allow LAN IPv6 to any rule 	
move selected rules before this rule	edit
delete	add

    WAN

    ID	Proto	Source	Port	Destination	Port	Gateway	Queue	Schedule	Description	
delete	add
 	block	 	*	RFC 1918 networks	*	*	*	*	*	 	Block private networks	
edit	edit
add
 	block	 	*	Reserved/not assigned by IANA	*	*	*	*	*	*	Block bogon networks	
move	 edit
add

    Other tabs are empty.

    NAT set to manual outbound rule generation

    Interface	Source	Source Port	Destination	Destination Port	NAT Address	NAT Port	Static Port	Description	
 add
	 icon	WAN	 	127.0.0.0/8	*	*	500	WAN address	*	YES	Auto created rule for ISAKMP - localhost to WAN 	
move selected rules before this rule	 edit
 delete	 duplicate
	 icon	PUREVPN  	127.0.0.0/8	*	*	500	PUREVPN address	*	YES	Auto created rule for ISAKMP - localhost to WAN 	
move selected rules before this rule	 edit
 delete	 duplicate
	 icon	WAN	 	127.0.0.0/8	*	*	*	WAN address	*	NO	Auto created rule - localhost to WAN 	
move selected rules before this rule	 edit
 delete	 duplicate
	 icon	PUREVPN  	127.0.0.0/8	*	*	*	PUREVPN address	*	NO	Auto created rule - localhost to WAN 	
move selected rules before this rule	 edit
 delete	 duplicate
	 icon	WAN	 	192.168.0.0/16	*	*	500	WAN address	*	YES	Auto created rule for ISAKMP - LAN to WAN 	
move selected rules before this rule	 edit
 delete	 duplicate
	 icon	PUREVPN  	192.168.0.0/16	*	*	500	PUREVPN address	*	YES	Auto created rule for ISAKMP - LAN to WAN 	
move selected rules before this rule	 edit
 delete	 duplicate
	 icon	WAN	 	192.168.0.0/16	*	*	*	WAN address	*	NO	Auto created rule - LAN to WAN 	
move selected rules before this rule	 edit
 delete	 duplicate
	 icon	PUREVPN  	192.168.0.0/16	*	*	*	PUREVPN address	*	NO	Auto created rule - LAN to WAN 	
move selected rules before this rule	 edit
 delete	 duplicate

    EDIT: Here's the open vpn settings from purevpn themselves.

    client
dev tun
proto udp
remote hk1-ovpn-udp.purevpn.net 53
persist-key
persist-tun
ca ca.crt
tls-auth Wdc.key 1
cipher AES-256-CBC
comp-lzo
verb 1
mute 20
route-method exe
route-delay 2
route 0.0.0.0 0.0.0.0
auth-user-pass
auth-retry interact
explicit-exit-notify 2
ifconfig-nowarn
auth-nocache
    0
  • V

    Use tap device.

    0
  • K

    Same thing. I got a little bit further as i set it back to TUN and took out:

    pull;
route-nopull;
route 0.0.0.0 0.0.0.0;

    Now the default gateway is correctly set to route all traffic through the VPN gateway when i type

    netstat -nr

    Now my problem is clients in the 192.168.2.0/24 subnet cannot get out through the VPN. I can ping 192.168.2.1 but anything else wont work, dns doesnt work either. Seems like it's being blocked by pfsense but it's not showing up in the logs.

    0
  • V

    From the OVPN server you get an IP in it's own subnet. That only works correctly with tap device as it is suggested by PureVPN.
    So use tap and if there are further problems post the logs again.

    0
  • K

    Changed back to TAP, left the advanced options out.

    [2.2-RELEASE][admin@vm-vpn.home.vpn]/root: ifconfig
vtnet0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
	options=6c00bb <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum,vlan_hwtso,linkstate,rxcsum_ipv6,txcsum_ipv6>ether 52:54:00:32:5b:97
	inet 192.168.3.1 netmask 0xffffff00 broadcast 192.168.3.255 
	inet6 fe80::5054:ff:fe32:5b97%vtnet0 prefixlen 64 scopeid 0x1 
	nd6 options=21 <performnud,auto_linklocal>media: Ethernet 10Gbase-T <full-duplex>status: active
vtnet1: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
	options=6c00bb <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum,vlan_hwtso,linkstate,rxcsum_ipv6,txcsum_ipv6>ether 52:54:00:32:b5:de
	inet 192.168.2.1 netmask 0xffff0000 broadcast 192.168.255.255 
	inet6 fe80::5054:ff:fe32:b5de%vtnet1 prefixlen 64 scopeid 0x2 
	nd6 options=21 <performnud,auto_linklocal>media: Ethernet 10Gbase-T <full-duplex>status: active
pflog0: flags=100 <promisc>metric 0 mtu 33144
pfsync0: flags=0<> metric 0 mtu 1500
	syncpeer: 224.0.0.240 maxupd: 128 defer: on
	syncok: 1
lo0: flags=8049 <up,loopback,running,multicast>metric 0 mtu 16384
	options=600003 <rxcsum,txcsum,rxcsum_ipv6,txcsum_ipv6>inet 127.0.0.1 netmask 0xff000000 
	inet6 ::1 prefixlen 128 
	inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5 
	nd6 options=21 <performnud,auto_linklocal>enc0: flags=0<> metric 0 mtu 1536
	nd6 options=21 <performnud,auto_linklocal>ovpnc1: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
	options=80000 <linkstate>ether 00:bd:e7:00:00:01
	inet6 fe80::2bd:e7ff:fe00:1%ovpnc1 prefixlen 64 scopeid 0x7 
	inet 192.253.240.75 netmask 0xffffffe0 broadcast 192.253.240.75 
	nd6 options=21 <performnud,auto_linklocal>media: Ethernet autoselect
	status: active
	Opened by PID 10235</performnud,auto_linklocal></linkstate></up,broadcast,running,simplex,multicast></performnud,auto_linklocal></performnud,auto_linklocal></rxcsum,txcsum,rxcsum_ipv6,txcsum_ipv6></up,loopback,running,multicast></promisc></full-duplex></performnud,auto_linklocal></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum,vlan_hwtso,linkstate,rxcsum_ipv6,txcsum_ipv6></up,broadcast,running,simplex,multicast></full-duplex></performnud,auto_linklocal></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum,vlan_hwtso,linkstate,rxcsum_ipv6,txcsum_ipv6></up,broadcast,running,simplex,multicast> 

    [2.2-RELEASE][admin@vm-vpn.home.vpn]/root: netstat -nr
Routing tables

Internet:
Destination        Gateway            Flags      Netif Expire
0.0.0.0/1          192.253.240.65     UGS      ovpnc1
default            192.168.1.1        UGS      vtnet1
127.0.0.1          link#5             UH          lo0
128.0.0.0/1        192.253.240.65     UGS      ovpnc1
192.168.0.0/16     link#2             U        vtnet1
192.168.2.1        link#2             UHS         lo0
192.168.3.0/24     link#1             U        vtnet0
192.168.3.1        link#1             UHS         lo0
192.253.240.2/32   192.168.1.1        UGS      vtnet1
192.253.240.64/27  link#7             U        ovpnc1
192.253.240.75     link#7             UHS         lo0

Internet6:
Destination                       Gateway                       Flags      Netif Expire
::1                               link#5                        UH          lo0
fe80::%vtnet0/64                  link#1                        U        vtnet0
fe80::5054:ff:fe32:5b97%vtnet0    link#1                        UHS         lo0
fe80::%vtnet1/64                  link#2                        U        vtnet1
fe80::5054:ff:fe32:b5de%vtnet1    link#2                        UHS         lo0
fe80::%lo0/64                     link#5                        U           lo0
fe80::1%lo0                       link#5                        UHS         lo0
fe80::%ovpnc1/64                  link#7                        U        ovpnc1
fe80::2bd:e7ff:fe00:1%ovpnc1      link#7                        UHS         lo0
ff01::%vtnet0/32                  fe80::5054:ff:fe32:5b97%vtnet0 U        vtnet0
ff01::%vtnet1/32                  fe80::5054:ff:fe32:b5de%vtnet1 U        vtnet1
ff01::%lo0/32                     ::1                           U           lo0
ff01::%ovpnc1/32                  fe80::2bd:e7ff:fe00:1%ovpnc1  U        ovpnc1
ff02::%vtnet0/32                  fe80::5054:ff:fe32:5b97%vtnet0 U        vtnet0
ff02::%vtnet1/32                  fe80::5054:ff:fe32:b5de%vtnet1 U        vtnet1
ff02::%lo0/32                     ::1                           U           lo0
ff02::%ovpnc1/32                  fe80::2bd:e7ff:fe00:1%ovpnc1  U        ovpnc1

    Mar 7 10:34:41	openvpn[10235]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Mar 7 10:34:41	openvpn[10235]: Control Channel Authentication: using '/var/etc/openvpn/client1.tls-auth' as a OpenVPN static key file
Mar 7 10:34:41	openvpn[10235]: Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Mar 7 10:34:41	openvpn[10235]: Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Mar 7 10:34:41	openvpn[10235]: LZO compression initialized
Mar 7 10:34:41	openvpn[10235]: Control Channel MTU parms [ L:1590 D:166 EF:66 EB:0 ET:0 EL:0 ]
Mar 7 10:34:41	openvpn[10235]: Socket Buffers: R=[42080->65536] S=[57344->65536]
Mar 7 10:34:47	openvpn[10235]: Data Channel MTU parms [ L:1590 D:1450 EF:58 EB:135 ET:32 EL:0 AF:3/1 ]
Mar 7 10:34:47	openvpn[10235]: Local Options String: 'V4,dev-type tap,link-mtu 1590,tun-mtu 1532,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
Mar 7 10:34:47	openvpn[10235]: Expected Remote Options String: 'V4,dev-type tap,link-mtu 1590,tun-mtu 1532,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
Mar 7 10:34:47	openvpn[10235]: Local Options hash (VER=V4): '48527533'
Mar 7 10:34:47	openvpn[10235]: Expected Remote Options hash (VER=V4): '44bd8b5e'
Mar 7 10:34:47	openvpn[10235]: UDPv4 link local (bound): [AF_INET]192.168.3.1
Mar 7 10:34:47	openvpn[10235]: UDPv4 link remote: [AF_INET]192.253.240.2:53
Mar 7 10:34:47	openvpn[10235]: TLS: Initial packet from [AF_INET]192.253.240.2:53, sid=dddc401d 519eb1d9
Mar 7 10:35:01	openvpn[10235]: Validating certificate key usage
Mar 7 10:35:01	openvpn[10235]: ++ Certificate has key usage 00a0, expects 00a0
Mar 7 10:35:01	openvpn[10235]: VERIFY KU OK
Mar 7 10:35:01	openvpn[10235]: Validating certificate extended key usage
Mar 7 10:35:01	openvpn[10235]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Mar 7 10:35:01	openvpn[10235]: VERIFY EKU OK
Mar 7 10:35:01	openvpn[10235]: VERIFY OK: depth=0, C=HK, ST=HK, L=HongKong, O=PureVPN, OU=IT, CN=PureVPN, name=PureVPN, emailAddress=mail@host.domain
Mar 7 10:35:10	openvpn[10235]: WARNING: 'dev-type' is used inconsistently, local='dev-type tap', remote='dev-type tun'
Mar 7 10:35:10	openvpn[10235]: WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1590', remote='link-mtu 1558'
Mar 7 10:35:10	openvpn[10235]: WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1532', remote='tun-mtu 1500'
Mar 7 10:35:10	openvpn[10235]: Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Mar 7 10:35:10	openvpn[10235]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mar 7 10:35:10	openvpn[10235]: Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Mar 7 10:35:10	openvpn[10235]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mar 7 10:35:10	openvpn[10235]: Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Mar 7 10:35:10	openvpn[10235]: [PureVPN] Peer Connection Initiated with [AF_INET]192.253.240.2:53
Mar 7 10:35:12	openvpn[10235]: SENT CONTROL [PureVPN]: 'PUSH_REQUEST' (status=1)
Mar 7 10:35:13	openvpn[10235]: PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 208.67.222.222,dhcp-option DNS 8.8.4.4,route-gateway 192.253.240.65,topology subnet,ping 10,ping-restart 120,ifconfig 192.253.240.75 255.255.255.224'
Mar 7 10:35:13	openvpn[10235]: OPTIONS IMPORT: timers and/or timeouts modified
Mar 7 10:35:13	openvpn[10235]: OPTIONS IMPORT: --ifconfig/up options modified
Mar 7 10:35:13	openvpn[10235]: OPTIONS IMPORT: route options modified
Mar 7 10:35:13	openvpn[10235]: OPTIONS IMPORT: route-related options modified
Mar 7 10:35:13	openvpn[10235]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Mar 7 10:35:13	openvpn[10235]: ROUTE_GATEWAY 192.168.1.1
Mar 7 10:35:13	openvpn[10235]: TUN/TAP device ovpnc1 exists previously, keep at program end
Mar 7 10:35:13	openvpn[10235]: TUN/TAP device /dev/tap1 opened
Mar 7 10:35:13	openvpn[10235]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Mar 7 10:35:13	openvpn[10235]: /sbin/ifconfig ovpnc1 192.253.240.75 192.253.240.75 mtu 1500 netmask 255.255.255.224 up
Mar 7 10:35:13	openvpn[10235]: /sbin/route add -net 192.253.240.64 192.253.240.75 255.255.255.224
Mar 7 10:35:13	openvpn[10235]: ERROR: FreeBSD route add command failed: external program exited with error status: 1
Mar 7 10:35:13	openvpn[10235]: /usr/local/sbin/ovpn-linkup ovpnc1 1500 1590 192.253.240.75 255.255.255.224 init
Mar 7 10:35:15	openvpn[10235]: /sbin/route add -net 192.253.240.2 192.168.1.1 255.255.255.255
Mar 7 10:35:15	openvpn[10235]: /sbin/route add -net 0.0.0.0 192.253.240.65 128.0.0.0
Mar 7 10:35:15	openvpn[10235]: /sbin/route add -net 128.0.0.0 192.253.240.65 128.0.0.0
Mar 7 10:35:15	openvpn[10235]: Initialization Sequence Completed

    [2.2-RELEASE][admin@vm-vpn.home.vpn]/root: ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
ping: sendto: No route to host
ping: sendto: No route to host
ping: sendto: No route to host

    If it helps, heres the openvpn settings from purevpn's .ovpn file

    client
dev tun
proto udp
remote hk1-ovpn-udp.purevpn.net 53
persist-key
persist-tun
ca ca.crt
tls-auth Wdc.key 1
cipher AES-256-CBC
comp-lzo
verb 1
mute 20
route-method exe
route-delay 2
route 0.0.0.0 0.0.0.0
auth-user-pass
auth-retry interact
explicit-exit-notify 2
ifconfig-nowarn
auth-nocache
    0
Log in to reply
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy