actually the IP's in last 2 images are fake IP's, the IP in third image is private network IP.
Still thanks for the heads up
actually the IP's in last 2 images are fake IP's, the IP in third image is private network IP.
Still thanks for the heads up
The client can no longer connect to the web once it successfully connects to the server. As for it being an issue with iptables/routing, I have iptables disabled, the client computer has its firewall disabled and is set to DMZ mode through the router just to make damn sure that it's not a firewall problem.
The end goal is I want the client to tunnel all IP traffic through the server running OpenVPN.
I don't mean the IP tables, I mean the route table of windows, if you really managed to disable it, it must be the source, because VPN cannot work without routing tables, In a nice coincidence I just wrote a guide about IP tables today.
Here in your client output;
OpenVPN cannot manage to fix your routing tables to redirect your traffic to openVPN serverCode:Sun Apr 04 22:42:33 2010 Route addition fallback to route.exe The route addition failed: The object already exists. Sun Apr 04 22:42:33 2010 C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.15.30.31 Sun Apr 04 22:42:33 2010 ROUTE: route addition failed using CreateIpForwardEntry: The object already exists. [status=5010 if_index=98] Sun Apr 04 22:42:33 2010 Route addition via IPAPI failed [adaptive] Sun Apr 04 22:42:33 2010 Route addition fallback to route.exe The route addition failed: The object already exists. Sun Apr 04 22:42:33 2010 C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.15.30.31 Sun Apr 04 22:42:33 2010 ROUTE: route addition failed using CreateIpForwardEntry: The object already exists. [status=5010 if_index=98]
Do a "netstat -R" in cmd and send me to output please. We might able to make a workaround to fix this. If we manage to do such a workaround, it will protect you for IP leaks, so it will better than new
but no promises for now, its just a theory.
Its not very private information but, if you have security concerns about sharing the output in a public board, you can PM me.
Last edited by Expeto; 04-15-2010 at 06:27 PM.
Here's the routing tables with the VPN off:
Here they are with the VPN on:
Notes: The 85.17.*.* is my server's external IP, and is static.
10.15.30.* is the internal network I've set up on the box in /etc/network/interfaces for my VPN.
10.15.30.101 was the address I was assigned when I connected to the VPN.
192.168.2.* is my home LAN IP subset, 192.168.2.10 is my computer on the LAN.
Thoughts?
Also: I don't need to set up routing so that traffic stops if the VPN drops, I want it set up so that traffic only goes through the VPN while the VPN is active.
OK, I just took a second look to your logs after getting rid of distractions it become little more clear
Code://here it sets gateways, your gateway for routing is 10.15.30.100 Sun Apr 04 22:42:25 2010 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 85.17.150.123,route-gateway10.15.30.31,ping 10,ping-restart 120,ifconfig 10.15.30.100 255.255.255.0' //here it tells you default_gateway for route is 192.168.2.1 Sun Apr 04 22:42:25 2010 ROUTE default_gateway=192.168.2.1 //now it tells that gateways works(I guess) Sun Apr 04 22:42:31 2010 TEST ROUTES: 1/1 succeeded len=0 ret=1 a=0 u/d=up //now with the real deal starts here, C:\WINDOWS\system32\route.exe ADD 85.*.*.* MASK 255.255.255.255 192.168.2.1 means, its adding a rule to your routing table, to redirect everything from 85.*.*.* for 192.168.2.1[your default local vpn route gateway IP] Sun Apr 04 22:42:32 2010 C:\WINDOWS\system32\route.exe ADD 85.*.*.* MASK 255.255.255.255 192.168.2.1 //now it fails, because such a rule already exist Sun Apr 04 22:42:33 2010 ROUTE: route addition failed using CreateIpForwardEntry: The object already exists. [status=5010 if_index=12] //now it tries the redirect everything from 0.0.0.0 for 10.15.30.31. (0.0.0.0 means any IP address) Sun Apr 04 22:42:33 2010 C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.15.30.31 //fails again Sun Apr 04 22:42:33 2010 ROUTE: route addition failed using CreateIpForwardEntry: The object already exists. [status=5010 if_index=98] //another route attempt and another fail Sun Apr 04 22:42:33 2010 C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.15.30.31 Sun Apr 04 22:42:33 2010 ROUTE: route addition failed using CreateIpForwardEntry: The object already exists. [status=5010 if_index=98] Sun Apr 04 22:42:33 2010 Route addition via IPAPI failed [adaptive] Sun Apr 04 22:42:33 2010 Route addition fallback to route.exe The route addition failed: The object already exists.
I'm kinda having information overload with this data, deduction is not easy on pictures and your win32-TAP interface definitely not helping
try "route -f" to rebuild your route tables while VPN off, restart computer after this.
also "netsh winsock reset" might do the trick
"IPConfig /renew" also another way to reset route tables.
if this doesn't solves,
try;
route delete 85.17. 192.168.2.1 while vpn is on
if this doesn't helps neither, try
"route add 85.*.*.*[your IP] MASK 255.255.255.255 192.168.2.1" while VPN is on
"route delete 0.0.0.0 192.168.2.1" while VPN is online, but be careful, because when you type this, you force your connection to go over VPN, your internet connection will either go over VPN or go nowhere.
Save "route add 0.0.0.0 mask 0.0.0.0 192.168.2.1 IF 2" into a text file, you will need this to disable the first command and get your computer working without VPN again.
if none works, use the first commands again to rebuild your tables once again...
let me know if none of them works, also ipconfig output might be helpful too
also if you can, try to connect your VPN from another computer, or maybe from an virtual machine.
good luck
Last edited by Expeto; 04-15-2010 at 07:55 PM.
thanks for sharing this tutor really helpfull =)
Thanks for the tutorial. I keep getting an error when using vpnetmon, it says to download a newer version from an address but there's nothing at the address, any ideas ??
vpnetmon is not the greatest example of stable program. Tts a god forgotten software which haven't been touched by December 05, 2007. So don't expect a lot from it.
but usually the problems with it cause by, antivirus&firewall software, its understandable, that a security software to not allow another software to terminate uTorrent when it wants, and open it again.
also re-installing might do the trick
Thanks, But I get Error with vpnetmon
Here are 6 free vpn services for those on a tight budget.
UltraVPN
JAP Vpn
PacketiX.net VPN
Hotspot Shield Vpn
Loke VPN Client
Alonweb free VPN software
Bookmarks