OpenVPN windows TAP anomália

Fórumok

Hi!

 

Kezdjük azzal, hogy "eddig működött". :-)

Szerveren Ubuntu, több porton figyelő OpenVPN szerver - portonként más-más VLAN-ba enged be-, cliensen Windows10 20H2 OpenVPN 2.5.0 client.

Az egyik portra történő csatlakozáskor úgy tűnik a TAP adapter nem kapja meg az IP-t, holott a logban - és a GUI-ban is - az látszik, hogy megkapja, sőt a routing is "lejön", de az ipconfig ezt mutatja:

====================

Unknown adapter OpenVPN TAP-Windows6:

   Connection-specific DNS Suffix  . :
   Default Gateway . . . . . . . . . :

 

route print
===========================================================================
Interface List
  6...8c 47 be 22 74 9d ......Realtek PCIe GbE Family Controller
 21...........................Wintun Userspace Tunnel
 19...00 ff af af 16 18 ......TAP-Windows Adapter V9
 11...28 cd c4 f4 a4 d7 ......Qualcomm QCA61x4A 802.11ac Wireless Adapter
 22...2a cd c4 f4 a4 d7 ......Microsoft Wi-Fi Direct Virtual Adapter
  3...3a cd c4 f4 a4 d7 ......Microsoft Wi-Fi Direct Virtual Adapter #2
 15...00 50 56 c0 00 01 ......VMware Virtual Ethernet Adapter for VMnet1
  7...00 50 56 c0 00 08 ......VMware Virtual Ethernet Adapter for VMnet8
  9...00 1e 10 1f 00 00 ......HUAWEI Mobile Connect - Network Card
  5...28 cd c4 f4 a4 d8 ......Bluetooth Device (Personal Area Network)
  1...........................Software Loopback Interface 1
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
     192.168.31.0    255.255.255.0     192.168.17.9               13    281
     192.168.38.0    255.255.255.0     192.168.17.9               13    281
     192.168.39.0    255.255.255.0     192.168.17.9               13    281

[...]

======================

 

Csatlakozáskor ez a "gyanús" sor:

===========================

Thu Jan 21 10:14:06 2021 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
Thu Jan 21 10:14:06 2021 Route: Waiting for TUN/TAP interface to come up...

==============================

 

Na és amikor a configban kizárólag a portot írom át, akkor szépen csatlakozik,  IP rendben, routing rendben.

 

==========================

Unknown adapter OpenVPN TAP-Windows6:

   Connection-specific DNS Suffix  . :
   IPv4 Address. . . . . . . . . . . : 192.168.16.156
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . :

route print
===========================================================================
Interface List
  6...8c 47 be 22 74 9d ......Realtek PCIe GbE Family Controller
 21...........................Wintun Userspace Tunnel
 19...00 ff af af 16 18 ......TAP-Windows Adapter V9
 11...28 cd c4 f4 a4 d7 ......Qualcomm QCA61x4A 802.11ac Wireless Adapter
 22...2a cd c4 f4 a4 d7 ......Microsoft Wi-Fi Direct Virtual Adapter
  3...3a cd c4 f4 a4 d7 ......Microsoft Wi-Fi Direct Virtual Adapter #2
 15...00 50 56 c0 00 01 ......VMware Virtual Ethernet Adapter for VMnet1
  7...00 50 56 c0 00 08 ......VMware Virtual Ethernet Adapter for VMnet8
  9...00 1e 10 1f 00 00 ......HUAWEI Mobile Connect - Network Card
  5...28 cd c4 f4 a4 d8 ......Bluetooth Device (Personal Area Network)
  1...........................Software Loopback Interface 1
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric

    192.168.1.101  255.255.255.255     192.168.16.9   192.168.16.156    281
    192.168.1.117  255.255.255.255     192.168.16.9   192.168.16.156    281
    192.168.1.181  255.255.255.255     192.168.16.9   192.168.16.156    281
      192.168.2.0    255.255.255.0     192.168.17.9   192.168.16.156    281
      192.168.2.0    255.255.255.0     192.168.16.9   192.168.16.156    281

=======================================

Természetesen linux cliensen ugyanezekkel a konfigokkal mindkét portra történő csatlakozás működik.

Amit eddig próbáltam - sikertelenül :-( :

- tűzfal, víruskereső kikapcsolása

- TAP, majd OpenVPN cliens újratelepítés

 

Régebben ez a hiba akkor jött elő, amikor a GUI nem rendszergazdaként futott, most ez is rendben.

 

Valakinek ötlete, javaslata?

 

Előre is köszönöm!

Hozzászólások

Ennyi:

===========================

2021-01-22 00:01:52 OpenVPN 2.5.0 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Oct 28 2020
2021-01-22 00:01:52 Windows version 10.0 (Windows 10 or greater) 64bit
2021-01-22 00:01:52 library versions: OpenSSL 1.1.1h 22 Sep 2020, LZO 2.10
Enter Management Password:
2021-01-22 00:01:52 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25341
2021-01-22 00:01:52 Need hold release from management interface, waiting...
2021-01-22 00:01:52 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25341
2021-01-22 00:01:52 MANAGEMENT: CMD 'state on'
2021-01-22 00:01:52 MANAGEMENT: CMD 'log all on'
2021-01-22 00:01:52 MANAGEMENT: CMD 'echo all on'
2021-01-22 00:01:52 MANAGEMENT: CMD 'bytecount 5'
2021-01-22 00:01:52 MANAGEMENT: CMD 'hold off'
2021-01-22 00:01:52 MANAGEMENT: CMD 'hold release'
2021-01-22 00:01:52 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2021-01-22 00:01:52 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2021-01-22 00:01:52 TCP/UDP: Preserving recently used remote address: [AF_INET]XXX.XXX.XXX.XXX:1196
2021-01-22 00:01:52 Socket Buffers: R=[65536->65536] S=[65536->65536]
2021-01-22 00:01:52 UDP link local: (not bound)
2021-01-22 00:01:52 UDP link remote: [AF_INET]XXX.XXX.XXX.XXX:1196
2021-01-22 00:01:52 MANAGEMENT: >STATE:1611270112,WAIT,,,,,,
2021-01-22 00:01:52 MANAGEMENT: >STATE:1611270112,AUTH,,,,,,
2021-01-22 00:01:52 TLS: Initial packet from [AF_INET]XXX.XXX.XXX.XXX:1196, sid=45f2e0a3 b30f5f5f
2021-01-22 00:01:52 VERIFY KU OK
2021-01-22 00:01:52 Validating certificate extended key usage
2021-01-22 00:01:52 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2021-01-22 00:01:52 VERIFY EKU OK
2021-01-22 00:01:52 VERIFY OK: depth=0, C=HU, ST=JNSZ, L=NNNNN, O=NNNNNN, OU=IT, CN=server, name=EasyRSA, emailAddress=postmaster@NNNNNNN.hu
2021-01-22 00:01:52 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
2021-01-22 00:01:52 [server] Peer Connection Initiated with [AF_INET]XXX.XXX.XXX.XXX:1196
2021-01-22 00:01:53 MANAGEMENT: >STATE:1611270113,GET_CONFIG,,,,,,
2021-01-22 00:01:53 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
2021-01-22 00:01:53 PUSH: Received control message: 'PUSH_REPLY,route-gateway 192.168.17.9,ping 10,ping-restart 120,route 192.168.1.0 255.255.255.0 192.168.17.9,route 192.168.99.0 255.255.255.0 192.168.17.9,route 192.168.20.0 255.255.255.0 192.168.17.9,route 10.0.0.0 255.255.255.0 192.168.17.9,route 192.168.252.0 255.255.255.0 192.168.17.9,route 192.168.17.0 255.255.255.0 192.168.17.9,route 192.168.2.0 255.255.255.0 192.168.17.9,route 192.168.3.0 255.255.255.0 192.168.17.9,route 192.168.5.0 255.255.255.0 192.168.17.9,route 192.168.38.0 255.255.255.0 192.168.17.9,route 192.168.39.0 255.255.255.0 192.168.17.9,route 192.168.31.0 255.255.255.0 192.168.17.9,route 192.168.40.0 255.255.255.0 192.168.17.9,route 192.168.43.0 255.255.255.0 192.168.17.9,route 192.168.44.0 255.255.255.0 192.168.17.9,route 192.168.46.0 255.255.255.0 192.168.17.9,route 192.168.47.0 255.255.255.0 192.168.17.9,route 192.168.201.0 255.255.255.0 192.168.17.9,route 192.168.203.0 255.255.255.0 192.168.17.9,push-continuation 2'
2021-01-22 00:01:53 PUSH: Received control message: 'PUSH_REPLY,route 192.168.223.0 255.255.255.0 192.168.17.9,route 192.168.221.0 255.255.255.0 192.168.17.9,route 192.168.222.0 255.255.255.0 192.168.17.9,route 192.168.253.0 255.255.255.0 192.168.17.9,ifconfig 192.168.17.156 255.255.255.0,peer-id 0,cipher AES-256-GCM,push-continuation 1'
2021-01-22 00:01:53 OPTIONS IMPORT: timers and/or timeouts modified
2021-01-22 00:01:53 OPTIONS IMPORT: --ifconfig/up options modified
2021-01-22 00:01:53 OPTIONS IMPORT: route options modified
2021-01-22 00:01:53 OPTIONS IMPORT: route-related options modified
2021-01-22 00:01:53 OPTIONS IMPORT: peer-id set
2021-01-22 00:01:53 OPTIONS IMPORT: adjusting link_mtu to 1657
2021-01-22 00:01:53 OPTIONS IMPORT: data channel crypto options modified
2021-01-22 00:01:53 Data Channel: using negotiated cipher 'AES-256-GCM'
2021-01-22 00:01:53 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2021-01-22 00:01:53 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2021-01-22 00:01:53 interactive service msg_channel=740
2021-01-22 00:01:53 ROUTE_GATEWAY 192.168.222.1/255.255.255.0 I=11 HWADDR=28:cd:c4:f4:a4:d7
2021-01-22 00:01:53 open_tun
2021-01-22 00:01:53 tap-windows6 device [OpenVPN TAP-Windows6] opened
2021-01-22 00:01:53 TAP-Windows Driver Version 9.24
2021-01-22 00:01:53 Notified TAP-Windows driver to set a DHCP IP/netmask of 192.168.17.156/255.255.255.0 on interface {AFAF1618-BFFB-4AC3-944A-BF0F051F4DEE} [DHCP-serv: 192.168.17.0, lease-time: 31536000]
2021-01-22 00:01:53 Successful ARP Flush on interface [19] {AFAF1618-BFFB-4AC3-944A-BF0F051F4DEE}
2021-01-22 00:01:53 MANAGEMENT: >STATE:1611270113,ASSIGN_IP,,192.168.17.156,,,,
2021-01-22 00:01:53 IPv4 MTU set to 1500 on interface 19 using service
2021-01-22 00:01:58 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
2021-01-22 00:01:58 Route: Waiting for TUN/TAP interface to come up...
2021-01-22 00:02:03 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
[....]
2021-01-22 00:02:18 TEST ROUTES: 23/23 succeeded len=23 ret=1 a=0 u/d=up
2021-01-22 00:02:18 MANAGEMENT: >STATE:1611270138,ADD_ROUTES,,,,,,
2021-01-22 00:02:18 C:\WINDOWS\system32\route.exe ADD 192.168.1.0 MASK 255.255.255.0 192.168.17.9
2021-01-22 00:02:18 Route addition via service succeeded
2021-01-22 00:02:18 C:\WINDOWS\system32\route.exe ADD 192.168.99.0 MASK 255.255.255.0 192.168.17.9
2021-01-22 00:02:18 Route addition via service succeeded
[....]
2021-01-22 00:02:18 Route addition via service succeeded
2021-01-22 00:02:18 Initialization Sequence Completed
2021-01-22 00:02:18 MANAGEMENT: >STATE:1611270138,CONNECTED,SUCCESS,192.168.17.156,XXX.XXX.XXX.XXX,1196,,

==================================

Mi az eltérés a szerver oldali konfigokban - azon túl, hogy más VLAN-ba kerül a szerver oldali adapter?

Érdemben semmi.

Logok, VLAN más, illetve szerver oldalon tűzfal szabályok másak, de ettől még a cliensnél fel kellene jönni a TAP-ra az IP-nek.

Külön érdekesség, hogy csatlakozás előtt el kezdem pingetni a szerver oldali IP-t, aztán nagy ritkán a csatlakozás egyik pillanatában 1db ping visszajön(!), aztán persze semmi több. Tehát úgy tűnik, mitha elindulna, de aztán "lerohadna", de az okát sajna nem találom... :-(

Érdemes a 2.4.6 verziót telepíteni mert a 2.5.0-val voltak gondok mostanában nálunk is.

Cseréltem, de sajnos nem lett jó. 

Viszont újabb irányt adott, picit beszédesebb a log:

 

==========================
ri Jan 22 00:26:52 2021 MANAGEMENT: >STATE:1611271612,ADD_ROUTES,,,,,,
Fri Jan 22 00:26:52 2021 C:\WINDOWS\system32\route.exe ADD 192.168.1.0 MASK 255.255.255.0 192.168.17.9
Fri Jan 22 00:26:52 2021 Warning: route gateway is not reachable on any active network adapters: 192.168.17.9
Fri Jan 22 00:26:52 2021 Route addition via service failed
Fri Jan 22 00:26:52 2021 C:\WINDOWS\system32\route.exe ADD 192.168.99.0 MASK 255.255.255.0 192.168.17.9
Fri Jan 22 00:26:52 2021 Warning: route gateway is not reachable on any active network adapters: 192.168.17.9
Fri Jan 22 00:26:52 2021 Route addition via service failed
[...]
Fri Jan 22 00:26:52 2021 Initialization Sequence Completed With Errors ( see http://openvpn.net/faq.html#dhcpclientserv )
Fri Jan 22 00:26:52 2021 MANAGEMENT: >STATE:1611271612,CONNECTED,ERROR,192.168.17.156,XXX.XXX.XXX.XXX,1196,,

==============================