vpngate and windows 10

[Serathin]

When you try to connect to vpngate, the console writes that the connection is established, but in fact it is not established, and dns stops working while this connection is active. As a result, it is simply impossible to get to any site by its domain name.

[dsommers]

This is a local configuration issue. Just tested with this configuration file using openvpn3-linux, which connected fine and could pass traffic as expected.

You don't provide any logs, which OpenVPN 3 based program you use. I'm referencing OpenVPN 3, as this issue was filed with the openvpn3 project. So there is nothing to go on here to understand why it doesn't work for you.

For reference, a log from openvpn3-linux.

2019-11-29 16:15:25 >> [2,2] Connection, Configuration OK: config_path=/net/openvpn/v3/configuration/c4e6f506x4cc7x4e2dx83cbx9ce2cf0d729e
2019-11-29 16:15:25 Client INFO: Starting connection
2019-11-29 16:15:25 >> [2,6] Connection, Client connecting
2019-11-29 16:15:25 Client DEBUG: OpenVPN core 3.git:HEAD:7bd55e0a linux x86_64 64-bit built on Nov 20 2019 18:19:46
2019-11-29 16:15:25 Client DEBUG: Frame=512/2048/512 mssfix-ctrl=1250
2019-11-29 16:15:25 Client DEBUG: UNUSED OPTIONS
5 [resolv-retry] [infinite] 
6 [nobind] 
7 [persist-key] 
8 [persist-tun] 
10 [verb] [3] 

2019-11-29 16:15:25 Client DEBUG:  EVENT [1][name=RESOLVE]: 
2019-11-29 16:15:25 Client VERB2: Resolving
2019-11-29 16:15:25 Client DEBUG: Contacting 120.88.50.136:1302 via UDP
2019-11-29 16:15:25 Client DEBUG:  EVENT [2][name=WAIT]: 
2019-11-29 16:15:25 Client VERB1: Waiting for server response
2019-11-29 16:15:25 Client DEBUG: Connecting to [vpn678252822.opengw.net]:1302 (120.88.50.136) via UDPv4
2019-11-29 16:15:26 Client DEBUG:  EVENT [3][name=CONNECTING]: 
2019-11-29 16:15:26 Client INFO: Connecting
2019-11-29 16:15:26 >> [2,6] Connection, Client connecting
2019-11-29 16:15:26 Client DEBUG: Tunnel Options:V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,cipher AES-128-CBC,auth SHA1,keysize 128,key-method 2,tls-client
2019-11-29 16:15:26 Client DEBUG: Creds: UsernameEmpty/PasswordEmpty
2019-11-29 16:15:26 Client DEBUG: Peer Info:
IV_VER=3.git:HEAD:7bd55e0a
IV_PLAT=linux
IV_NCP=2
IV_TCPNL=1
IV_PROTO=2
IV_AUTO_SESS=1
IV_GUI_VER=OpenVPN 3/Linux git:master:9e098253c3404c4e+/3.git:HEAD:7bd55e0a linux x86_64 64-bit

2019-11-29 16:15:26 Client DEBUG: VERIFY OK: depth=2, /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority
2019-11-29 16:15:26 Client DEBUG: VERIFY OK: depth=1, /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA
2019-11-29 16:15:26 Client DEBUG: VERIFY OK: depth=0, /OU=Domain Control Validated/OU=PositiveSSL Wildcard/CN=*.opengw.net
2019-11-29 16:15:27 Client DEBUG: SSL Handshake: CN=*.opengw.net, TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
2019-11-29 16:15:27 Client DEBUG: Session is ACTIVE
2019-11-29 16:15:27 Client DEBUG:  EVENT [4][name=GET_CONFIG]: 
2019-11-29 16:15:27 Client VERB2: Retrieving configuration from server
2019-11-29 16:15:27 Client DEBUG: Sending PUSH_REQUEST to server...
2019-11-29 16:15:27 Client DEBUG: OPTIONS:
0 [ping] [3] 
1 [ping-restart] [10] 
2 [ifconfig] [10.211.1.45] [10.211.1.46] 
3 [dhcp-option] [DNS] [10.211.254.254] 
4 [dhcp-option] [DNS] [8.8.8.8] 
5 [route-gateway] [10.211.1.46] 
6 [redirect-gateway] [def1] 

2019-11-29 16:15:27 Client DEBUG: PROTOCOL OPTIONS:
  cipher: AES-128-CBC
  digest: SHA1
  compress: NONE
  peer ID: -1

2019-11-29 16:15:27 Client DEBUG:  EVENT [5][name=ASSIGN_IP]: 
2019-11-29 16:15:27 Client VERB2: Session name: 'vpn678252822.opengw.net'
2019-11-29 16:15:27 Client DEBUG: TunPersist: saving tun context:
Session Name: vpn678252822.opengw.net
Layer: OSI_LAYER_3
Remote Address: 120.88.50.136
Tunnel Addresses:
  10.211.1.45/30 -> 10.211.1.46 [net30]
Reroute Gateway: IPv4=1 IPv6=0 flags=[ ENABLE REROUTE_GW DEF1 IPv4 ]
Block IPv6: no
Add Routes:
Exclude Routes:
DNS Servers:
  10.211.254.254
  8.8.8.8
Search Domains:

2019-11-29 16:15:27 Client DEBUG: Connected via tun
2019-11-29 16:15:27 Client DEBUG:  EVENT [6][name=CONNECTED]: vpn678252822.opengw.net:1302 (120.88.50.136) via /UDPv4 on tun/10.211.1.45/ gw=[10.211.1.46/]
2019-11-29 16:15:27 Client INFO: Connected: vpn678252822.opengw.net:1302 (120.88.50.136) via /UDPv4 on tun/10.211.1.45/ gw=[10.211.1.46/]
2019-11-29 16:15:27 >> [2,7] Connection, Client connected
[Ctrl-C]
Initiated session shutdown.

Connection statistics:
     BYTES_IN..................462646
     BYTES_OUT..................55405
     PACKETS_IN...................638
     PACKETS_OUT..................451
     TUN_BYTES_IN...............31304
     TUN_BYTES_OUT.............426231
     TUN_PACKETS_IN...............420
     TUN_PACKETS_OUT..............589

And /etc/resolv.conf contained:

# cat /etc/resolv.conf
#
# Generated by NetCfg::DNS::ResolvConfFormat
# 2019-11-29 16:15:27
#
nameserver 10.211.254.254
nameserver 8.8.8.8
nameserver 127.0.0.53

options edns0

[Serathin]

logs: `OpenVPN core 3.6_git:master win x86_64 64-bit Frame=512/2048/512 mssfix-ctrl=1250 UNUSED OPTIONS 5 [resolv-retry] [infinite] 6 [nobind] 7 [persist-key] 8 [persist-tun] 10 [verb] [3] RESOLVE Contacting 1.55.138.46:1958 via UDP WAITConnecting to [vpn416268182.opengw.net]:1958 (1.55.138.46) via UDPv4 CONNECTINGTunnel Options:V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,cipher AES-128-CBC,auth SHA1,keysize 128,key-method 2,tls-client Creds: UsernameEmpty/PasswordEmpty Peer Info: IV_VER=3.6_git:master IV_PLAT=win IV_NCP=2 IV_TCPNL=1 IV_PROTO=2 IV_AUTO_SESS=1

VERIFY OK: depth=2, /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority VERIFY OK: depth=1, /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA VERIFY OK: depth=0, /OU=Domain Control Validated/OU=PositiveSSL Wildcard/CN=.opengw.net SSL Handshake: CN=.opengw.net, TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA Session is ACTIVE GET_CONFIGSending PUSH_REQUEST to server...

OPTIONS: 0 [ping] [3] 1 [ping-restart] [10] 2 [ifconfig] [10.211.1.49] [10.211.1.50] 3 [dhcp-option] [DNS] [10.211.254.254] 4 [dhcp-option] [DNS] [8.8.8.8] 5 [route-gateway] [10.211.1.50] 6 [redirect-gateway] [def1]

PROTOCOL OPTIONS: cipher: AES-128-CBC digest: SHA1 compress: NONE peer ID: -1 ASSIGN_IPCAPTURED OPTIONS: Session Name: vpn416268182.opengw.net Layer: OSI_LAYER_3 Remote Address: 1.55.138.46 Tunnel Addresses: 10.211.1.49/30 -> 10.211.1.50 [net30] Reroute Gateway: IPv4=1 IPv6=0 flags=[ ENABLE REROUTE_GW DEF1 IPv4 ] Block IPv6: no Add Routes: Exclude Routes: DNS Servers: 10.211.254.254 8.8.8.8 Search Domains:

proxy_auto_config_url

TAP ADAPTERS: guid='{49BBCFC1-6D01-4271-8150-4D9CB1E90C27}' index=54 name='����������� �� ��������� ����' guid='{9CC153BD-C415-421E-A8E6-2CCBECAEEAF1}' index=61 name='Ethernet 2' guid='{2D7D9F21-A096-4AF2-88D4-37488527707E}' index=67 name='Ethernet 3' guid='{B9B1B4FB-65C9-4AFA-9900-D734813AE8B5}' index=73 name='Ethernet 4' guid='{E30A85FB-0DD9-48D3-A03B-5B642402945B}' index=79 name='Ethernet 5' guid='{48A874D9-F779-4663-AE3E-20BA5BA26967}' index=85 name='Ethernet 6'

Open TAP device "Ethernet 2" PATH="\.\Global{9CC153BD-C415-421E-A8E6-2CCBECAEEAF1}.tap" SUCCEEDED TAP-Windows Driver Version 9.9 ActionDeleteAllRoutesOnInterface iface_index=61 netsh interface ip delete route 0.0.0.0/1 61 store=active ОК.

netsh interface ip delete route 10.8.0.0/24 61 store=active ОК.

netsh interface ip delete route 10.8.0.11/32 61 store=active ОК.

netsh interface ip delete route 10.8.0.255/32 61 store=active Элемент не найден.

netsh interface ip delete route 128.0.0.0/1 61 store=active ОК.

netsh interface ip set interface 61 metric=1 ОК.

netsh interface ip set address 61 static 10.211.1.49 255.255.255.252 gateway=10.211.1.50 store=active

netsh interface ip add route 1.55.138.46/32 17 192.168.1.1 store=active Этот объект уже существует.

netsh interface ip add route 0.0.0.0/1 61 10.211.1.50 store=active ОК.

netsh interface ip add route 128.0.0.0/1 61 10.211.1.50 store=active ОК.

netsh interface ip set dnsservers 61 static 10.211.254.254 register=primary validate=no

netsh interface ip add dnsservers 61 8.8.8.8 2 validate=no

NRPT::ActionCreate names=[.] dns_servers=[10.211.254.254,8.8.8.8] ActionWFP openvpn_app_path=D:\QtProjects\QtGuiApplication1\x64\Release\QtGuiApplication1.exe tap_index=61 enable=1 permit IPv4 DNS requests from OpenVPN app permit IPv6 DNS requests from OpenVPN app block IPv4 DNS requests from other apps block IPv6 DNS requests from other apps allow IPv4 traffic from TAP allow IPv6 traffic from TAP ipconfig /flushdns

Настройка протокола IP для Windows

Кэш сопоставителя DNS успешно очищен. Connected via TUN_WIN CONNECTED`

config: `dev tun proto udp remote vpn416268182.opengw.net 1958 cipher AES-128-CBC auth SHA1 resolv-retry infinite nobind persist-key persist-tun client verb 3

-----BEGIN CERTIFICATE----- ... -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- ... -----END CERTIFICATE----- -----BEGIN RSA PRIVATE KEY----- ... -----END RSA PRIVATE KEY-----

`

[Serathin]

At the same time this config works without problems: client dev tun proto udp sndbuf 0 rcvbuf 0 remote 185.203.119.144 1194 resolv-retry infinite nobind persist-key persist-tun remote-cert-tls server auth SHA512 cipher AES-256-CBC setenv opt block-outside-dns key-direction 1 verb 3

[Serathin]

my code: QString filename = QFileDialog::getOpenFileName(...); QFile file(filename); file.open(QIODevice::ReadOnly); QTextStream textStream(&file);

    VPNClient::init_process();
    client = new VPNClient;
    ClientAPI::Config config;
    config.content = textStream.readAll().toStdString();
    file.close();

    ClientAPI::EvalConfig evalConfig = client->eval_config(config);
    client->start();

[lstipakov]

Hi,

I can confirm that problem exists on Windows - the same configuration works with OpenVPN2 GUI, but doesn't work with openvpn3 cli. I am on it.

[lstipakov]

Thanks for reporting it @Serathin !

I have committed a fix to my personal repo (https://github.com/lstipakov/openvpn3/tree/fx/vpngate), could you please give it a try and let us know if it works for you?

[Serathin]

It works!