有些事如何做: Configuring OpenVPN

Alright this one is a head scratcher. I've configured OpenVPN on my network and everything seems to work except that the clients have no internet access after logging in. There is no default gateway assigned to them, but clients get an ip and can even ping the gateway as well as interact with network systems through smb and ping. I have no clue how to assign the default gateway from the server. I've been looking all over for answers and am coming up short. I need ideas folks.

Server Logs

  Feb  9 21:22:33 raspberrypi ovpn-server[11907]: 174.240.129.196:2836 VERIFY EKU OK  Feb  9 21:22:33 raspberrypi ovpn-server[11907]: 174.240.129.196:2836 VERIFY OK: depth=0, CN=zphy-laptop  Feb  9 21:22:33 raspberrypi ovpn-server[11907]: 174.240.129.196:2836 peer info: IV_VER=2.5.0  Feb  9 21:22:33 raspberrypi ovpn-server[11907]: 174.240.129.196:2836 peer info: IV_PLAT=win  Feb  9 21:22:33 raspberrypi ovpn-server[11907]: 174.240.129.196:2836 peer info: IV_PROTO=6  Feb  9 21:22:33 raspberrypi ovpn-server[11907]: 174.240.129.196:2836 peer info: IV_NCP=2  Feb  9 21:22:33 raspberrypi ovpn-server[11907]: 174.240.129.196:2836 peer info: IV_CIPHERS=AES-256-GCM:AES-128-GCM:AES-256-CBC  Feb  9 21:22:33 raspberrypi ovpn-server[11907]: 174.240.129.196:2836 peer info: IV_LZ4=1  Feb  9 21:22:33 raspberrypi ovpn-server[11907]: 174.240.129.196:2836 peer info: IV_LZ4v2=1  Feb  9 21:22:33 raspberrypi ovpn-server[11907]: 174.240.129.196:2836 peer info: IV_LZO=1  Feb  9 21:22:33 raspberrypi ovpn-server[11907]: 174.240.129.196:2836 peer info: IV_COMP_STUB=1  Feb  9 21:22:33 raspberrypi ovpn-server[11907]: 174.240.129.196:2836 peer info: IV_COMP_STUBv2=1  Feb  9 21:22:33 raspberrypi ovpn-server[11907]: 174.240.129.196:2836 peer info: IV_TCPNL=1  Feb  9 21:22:33 raspberrypi ovpn-server[11907]: 174.240.129.196:2836 peer info: IV_GUI_VER=OpenVPN_GUI_11  Feb  9 21:22:33 raspberrypi ovpn-server[11907]: 174.240.129.196:2836 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 256 bit EC, curve: prime256v1  Feb  9 21:22:33 raspberrypi ovpn-server[11907]: 174.240.129.196:2836 [zphy-laptop] Peer Connection Initiated with [AF_INET]174.240.129.196:2836  Feb  9 21:22:33 raspberrypi ovpn-server[11907]: zphy-laptop/174.240.129.196:2836 OPTIONS IMPORT: reading client specific options from: /etc/openvpn/ccd/zphy-laptop  Feb  9 21:22:33 raspberrypi ovpn-server[11907]: zphy-laptop/174.240.129.196:2836 MULTI: Learn: 10.8.0.2 -> zphy-laptop/174.240.129.196:2836  Feb  9 21:22:33 raspberrypi ovpn-server[11907]: zphy-laptop/174.240.129.196:2836 MULTI: primary virtual IP for zphy-laptop/174.240.129.196:2836: 10.8.0.2  Feb  9 21:22:34 raspberrypi ovpn-server[11907]: zphy-laptop/174.240.129.196:2836 PUSH: Received control message: 'PUSH_REQUEST'  Feb  9 21:22:34 raspberrypi ovpn-server[11907]: zphy-laptop/174.240.129.196:2836 SENT CONTROL [zphy-laptop]: 'PUSH_REPLY,dhcp-option DNS 10.8.0.254,dhcp-option DNS 149.112.112.112,block-outside-dns,redirect-gateway def1,route-gateway 10.8.0.1,topology subnet,ping 15,ping-restart 120,ifconfig 10.8.0.2 255.255.255.0,peer-id 0,cipher AES-256-GCM' (status=1)  Feb  9 21:22:34 raspberrypi ovpn-server[11907]: zphy-laptop/174.240.129.196:2836 Data Channel: using negotiated cipher 'AES-256-GCM'  Feb  9 21:22:34 raspberrypi ovpn-server[11907]: zphy-laptop/174.240.129.196:2836 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key  Feb  9 21:22:34 raspberrypi ovpn-server[11907]: zphy-laptop/174.240.129.196:2836 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key  Feb  9 21:22:45 raspberrypi ovpn-server[11907]: zphy-laptop/174.240.129.196:2836 AEAD Decrypt error: bad packet ID (may be a replay): [ #255 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings  Feb  9 21:22:55 raspberrypi ovpn-server[11907]: zphy-laptop/174.240.129.196:2836 AEAD Decrypt error: bad packet ID (may be a replay): [ #353 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings  Feb  9 21:23:06 raspberrypi ovpn-server[11907]: zphy-laptop/174.240.129.196:2836 AEAD Decrypt error: bad packet ID (may be a replay): [ #380 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings  Feb  9 21:23:16 raspberrypi ovpn-server[11907]: zphy-laptop/174.240.129.196:2836 AEAD Decrypt error: bad packet ID (may be a replay): [ #397 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings  Feb  9 21:23:26 raspberrypi ovpn-server[11907]: zphy-laptop/174.240.129.196:2836 AEAD Decrypt error: bad packet ID (may be a replay): [ #431 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings  Feb  9 21:23:38 raspberrypi ovpn-server[11907]: zphy-laptop/174.240.129.196:2836 AEAD Decrypt error: bad packet ID (may be a replay): [ #454 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings  Feb  9 21:24:01 raspberrypi ovpn-server[11907]: zphy-laptop/174.240.129.196:2836 AEAD Decrypt error: bad packet ID (may be a replay): [ #513 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings  Feb  9 21:24:11 raspberrypi ovpn-server[11907]: zphy-laptop/174.240.129.196:2836 AEAD Decrypt error: bad packet ID (may be a replay): [ #528 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings  Feb  9 21:24:22 raspberrypi ovpn-server[11907]: zphy-laptop/174.240.129.196:2836 AEAD Decrypt error: bad packet ID (may be a replay): [ #539 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings  Feb  9 21:24:32 raspberrypi ovpn-server[11907]: zphy-laptop/174.240.129.196:2836 AEAD Decrypt error: bad packet ID (may be a replay): [ #557 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings  Feb  9 21:24:42 raspberrypi ovpn-server[11907]: zphy-laptop/174.240.129.196:2836 AEAD Decrypt error: bad packet ID (may be a replay): [ #569 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings  Feb  9 21:27:11 raspberrypi ovpn-server[11907]: zphy-laptop/174.240.129.196:2836 AEAD Decrypt error: bad packet ID (may be a replay): [ #751 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings  Feb  9 21:27:23 raspberrypi ovpn-server[11907]: zphy-laptop/174.240.129.196:2836 AEAD Decrypt error: bad packet ID (may be a replay): [ #765 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings  Feb  9 21:28:22 raspberrypi ovpn-server[11907]: zphy-laptop/174.240.129.196:2836 AEAD Decrypt error: bad packet ID (may be a replay): [ #825 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings  Feb  9 21:39:10 raspberrypi ovpn-server[11907]: zphy-laptop/174.240.129.196:2836 AEAD Decrypt error: bad packet ID (may be a replay): [ #1369 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings  Feb  9 21:41:17 raspberrypi ovpn-server[11907]: event_wait : Interrupted system call (code=4)  Feb  9 21:41:17 raspberrypi ovpn-server[11907]: Closing TUN/TAP interface  Feb  9 21:41:17 raspberrypi ovpn-server[11907]: /sbin/ip addr del dev tun0 10.8.0.1/24  Feb  9 21:41:17 raspberrypi ovpn-server[11907]: Linux ip addr del failed: external program exited with error status: 2  Feb  9 21:41:17 raspberrypi ovpn-server[11907]: SIGTERM[hard,] received, process exiting  Feb  9 21:41:38 raspberrypi ovpn-server[5588]: OpenVPN 2.4.7 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 20 2019  Feb  9 21:41:38 raspberrypi ovpn-server[5588]: library versions: OpenSSL 1.1.1d  10 Sep 2019, LZO 2.10  Feb  9 21:41:38 raspberrypi ovpn-server[5588]: ECDH curve prime256v1 added  Feb  9 21:41:38 raspberrypi ovpn-server[5588]: Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key  Feb  9 21:41:38 raspberrypi ovpn-server[5588]: Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication  Feb  9 21:41:38 raspberrypi ovpn-server[5588]: Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key  Feb  9 21:41:38 raspberrypi ovpn-server[5588]: Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication  Feb  9 21:41:38 raspberrypi ovpn-server[5588]: TUN/TAP device tun0 opened  Feb  9 21:41:38 raspberrypi ovpn-server[5588]: TUN/TAP TX queue length set to 100  Feb  9 21:41:38 raspberrypi ovpn-server[5588]: /sbin/ip link set dev tun0 up mtu 1500  Feb  9 21:41:38 raspberrypi ovpn-server[5588]: /sbin/ip addr add dev tun0 10.8.0.1/24 broadcast 10.8.0.255  Feb  9 21:41:38 raspberrypi ovpn-server[5588]: Could not determine IPv4/IPv6 protocol. Using AF_INET  Feb  9 21:41:38 raspberrypi ovpn-server[5588]: Socket Buffers: R=[180224->180224] S=[180224->180224]  Feb  9 21:41:38 raspberrypi ovpn-server[5588]: UDPv4 link local (bound): [AF_INET][undef]:1194  Feb  9 21:41:38 raspberrypi ovpn-server[5588]: UDPv4 link remote: [AF_UNSPEC]  Feb  9 21:41:38 raspberrypi ovpn-server[5588]: GID set to openvpn  Feb  9 21:41:38 raspberrypi ovpn-server[5588]: UID set to openvpn  Feb  9 21:41:38 raspberrypi ovpn-server[5588]: MULTI: multi_init called, r=256 v=256  Feb  9 21:41:38 raspberrypi ovpn-server[5588]: IFCONFIG POOL: base=10.8.0.2 size=252, ipv6=0  Feb  9 21:41:38 raspberrypi ovpn-server[5588]: Initialization Sequence Completed  Feb  9 21:41:44 raspberrypi ovpn-server[5588]: 174.240.129.196:2847 TLS: Initial packet from [AF_INET]174.240.129.196:2847, sid=15acab73 a12e73c8  Feb  9 21:41:45 raspberrypi ovpn-server[5588]: 174.240.129.196:2847 VERIFY OK: depth=1, CN=ChangeMe  Feb  9 21:41:45 raspberrypi ovpn-server[5588]: 174.240.129.196:2847 VERIFY KU OK  Feb  9 21:41:45 raspberrypi ovpn-server[5588]: 174.240.129.196:2847 Validating certificate extended key usage  Feb  9 21:41:45 raspberrypi ovpn-server[5588]: 174.240.129.196:2847 ++ Certificate has EKU (str) TLS Web Client Authentication, expects TLS Web Client Authentication  Feb  9 21:41:45 raspberrypi ovpn-server[5588]: 174.240.129.196:2847 VERIFY EKU OK  Feb  9 21:41:45 raspberrypi ovpn-server[5588]: 174.240.129.196:2847 VERIFY OK: depth=0, CN=zphy-laptop  Feb  9 21:41:45 raspberrypi ovpn-server[5588]: 174.240.129.196:2847 peer info: IV_VER=2.5.0  Feb  9 21:41:45 raspberrypi ovpn-server[5588]: 174.240.129.196:2847 peer info: IV_PLAT=win  Feb  9 21:41:45 raspberrypi ovpn-server[5588]: 174.240.129.196:2847 peer info: IV_PROTO=6  Feb  9 21:41:45 raspberrypi ovpn-server[5588]: 174.240.129.196:2847 peer info: IV_NCP=2  Feb  9 21:41:45 raspberrypi ovpn-server[5588]: 174.240.129.196:2847 peer info: IV_CIPHERS=AES-256-GCM:AES-128-GCM:AES-256-CBC  Feb  9 21:41:45 raspberrypi ovpn-server[5588]: 174.240.129.196:2847 peer info: IV_LZ4=1  Feb  9 21:41:45 raspberrypi ovpn-server[5588]: 174.240.129.196:2847 peer info: IV_LZ4v2=1  Feb  9 21:41:45 raspberrypi ovpn-server[5588]: 174.240.129.196:2847 peer info: IV_LZO=1  Feb  9 21:41:45 raspberrypi ovpn-server[5588]: 174.240.129.196:2847 peer info: IV_COMP_STUB=1  Feb  9 21:41:45 raspberrypi ovpn-server[5588]: 174.240.129.196:2847 peer info: IV_COMP_STUBv2=1  Feb  9 21:41:45 raspberrypi ovpn-server[5588]: 174.240.129.196:2847 peer info: IV_TCPNL=1  Feb  9 21:41:45 raspberrypi ovpn-server[5588]: 174.240.129.196:2847 peer info: IV_GUI_VER=OpenVPN_GUI_11  Feb  9 21:41:45 raspberrypi ovpn-server[5588]: 174.240.129.196:2847 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 256 bit EC, curve: prime256v1  Feb  9 21:41:45 raspberrypi ovpn-server[5588]: 174.240.129.196:2847 [zphy-laptop] Peer Connection Initiated with [AF_INET]174.240.129.196:2847  Feb  9 21:41:45 raspberrypi ovpn-server[5588]: zphy-laptop/174.240.129.196:2847 OPTIONS IMPORT: reading client specific options from: /etc/openvpn/ccd/zphy-laptop  Feb  9 21:41:45 raspberrypi ovpn-server[5588]: zphy-laptop/174.240.129.196:2847 MULTI: Learn: 10.8.0.2 -> zphy-laptop/174.240.129.196:2847  Feb  9 21:41:45 raspberrypi ovpn-server[5588]: zphy-laptop/174.240.129.196:2847 MULTI: primary virtual IP for zphy-laptop/174.240.129.196:2847: 10.8.0.2  Feb  9 21:41:46 raspberrypi ovpn-server[5588]: zphy-laptop/174.240.129.196:2847 PUSH: Received control message: 'PUSH_REQUEST'  Feb  9 21:41:46 raspberrypi ovpn-server[5588]: zphy-laptop/174.240.129.196:2847 SENT CONTROL [zphy-laptop]: 'PUSH_REPLY,dhcp-option DNS 10.8.0.254,dhcp-option DNS 149.112.112.112,block-outside-dns,redirect-gateway def1,route-gateway 10.8.0.1,topology subnet,ping 15,ping-restart 120,ifconfig 10.8.0.2 255.255.255.0,peer-id 0,cipher AES-256-GCM' (status=1)  Feb  9 21:41:46 raspberrypi ovpn-server[5588]: zphy-laptop/174.240.129.196:2847 Data Channel: using negotiated cipher 'AES-256-GCM'  Feb  9 21:41:46 raspberrypi ovpn-server[5588]: zphy-laptop/174.240.129.196:2847 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key  Feb  9 21:41:46 raspberrypi ovpn-server[5588]: zphy-laptop/174.240.129.196:2847 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key  Feb  9 21:41:57 raspberrypi ovpn-server[5588]: zphy-laptop/174.240.129.196:2847 AEAD Decrypt error: bad packet ID (may be a replay): [ #277 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings  Feb  9 21:42:07 raspberrypi ovpn-server[5588]: zphy-laptop/174.240.129.196:2847 AEAD Decrypt error: bad packet ID (may be a replay): [ #419 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings  Feb  9 21:42:18 raspberrypi ovpn-server[5588]: zphy-laptop/174.240.129.196:2847 AEAD Decrypt error: bad packet ID (may be a replay): [ #445 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings  Feb  9 21:42:28 raspberrypi ovpn-server[5588]: zphy-laptop/174.240.129.196:2847 AEAD Decrypt error: bad packet ID (may be a replay): [ #459 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings  Feb  9 21:42:38 raspberrypi ovpn-server[5588]: zphy-laptop/174.240.129.196:2847 AEAD Decrypt error: bad packet ID (may be a replay): [ #480 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings  Feb  9 21:42:49 raspberrypi ovpn-server[5588]: zphy-laptop/174.240.129.196:2847 AEAD Decrypt error: bad packet ID (may be a replay): [ #501 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings  Feb  9 21:42:59 raspberrypi ovpn-server[5588]: zphy-laptop/174.240.129.196:2847 AEAD Decrypt error: bad packet ID (may be a replay): [ #528 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings  Feb  9 21:43:11 raspberrypi ovpn-server[5588]: zphy-laptop/174.240.129.196:2847 AEAD Decrypt error: bad packet ID (may be a replay): [ #556 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings  Feb  9 21:43:22 raspberrypi ovpn-server[5588]: zphy-laptop/174.240.129.196:2847 AEAD Decrypt error: bad packet ID (may be a replay): [ #572 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings  Feb  9 21:43:33 raspberrypi ovpn-server[5588]: zphy-laptop/174.240.129.196:2847 AEAD Decrypt error: bad packet ID (may be a replay): [ #591 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings  Feb  9 21:44:01 raspberrypi ovpn-server[5588]: zphy-laptop/174.240.129.196:2847 AEAD Decrypt error: bad packet ID (may be a replay): [ #634 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings  Feb  9 21:46:10 raspberrypi ovpn-server[5588]: 174.240.129.196:2834 TLS: Initial packet from [AF_INET]174.240.129.196:2834, sid=cc9e79e9 4d14d264  Feb  9 21:46:11 raspberrypi ovpn-server[5588]: 174.240.129.196:2834 VERIFY OK: depth=1, CN=ChangeMe  Feb  9 21:46:11 raspberrypi ovpn-server[5588]: 174.240.129.196:2834 VERIFY KU OK  Feb  9 21:46:11 raspberrypi ovpn-server[5588]: 174.240.129.196:2834 Validating certificate extended key usage  Feb  9 21:46:11 raspberrypi ovpn-server[5588]: 174.240.129.196:2834 ++ Certificate has EKU (str) TLS Web Client Authentication, expects TLS Web Client Authentication  Feb  9 21:46:11 raspberrypi ovpn-server[5588]: 174.240.129.196:2834 VERIFY EKU OK  Feb  9 21:46:11 raspberrypi ovpn-server[5588]: 174.240.129.196:2834 VERIFY OK: depth=0, CN=zphy-laptop  Feb  9 21:46:11 raspberrypi ovpn-server[5588]: 174.240.129.196:2834 peer info: IV_VER=2.5.0  Feb  9 21:46:11 raspberrypi ovpn-server[5588]: 174.240.129.196:2834 peer info: IV_PLAT=win  Feb  9 21:46:11 raspberrypi ovpn-server[5588]: 174.240.129.196:2834 peer info: IV_PROTO=6  Feb  9 21:46:11 raspberrypi ovpn-server[5588]: 174.240.129.196:2834 peer info: IV_NCP=2  Feb  9 21:46:11 raspberrypi ovpn-server[5588]: 174.240.129.196:2834 peer info: IV_CIPHERS=AES-256-GCM:AES-128-GCM:AES-256-CBC  Feb  9 21:46:11 raspberrypi ovpn-server[5588]: 174.240.129.196:2834 peer info: IV_LZ4=1  Feb  9 21:46:11 raspberrypi ovpn-server[5588]: 174.240.129.196:2834 peer info: IV_LZ4v2=1  Feb  9 21:46:11 raspberrypi ovpn-server[5588]: 174.240.129.196:2834 peer info: IV_LZO=1  Feb  9 21:46:11 raspberrypi ovpn-server[5588]: 174.240.129.196:2834 peer info: IV_COMP_STUB=1  Feb  9 21:46:11 raspberrypi ovpn-server[5588]: 174.240.129.196:2834 peer info: IV_COMP_STUBv2=1  Feb  9 21:46:11 raspberrypi ovpn-server[5588]: 174.240.129.196:2834 peer info: IV_TCPNL=1  Feb  9 21:46:11 raspberrypi ovpn-server[5588]: 174.240.129.196:2834 peer info: IV_GUI_VER=OpenVPN_GUI_11  Feb  9 21:46:11 raspberrypi ovpn-server[5588]: 174.240.129.196:2834 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 256 bit EC, curve: prime256v1  Feb  9 21:46:11 raspberrypi ovpn-server[5588]: 174.240.129.196:2834 [zphy-laptop] Peer Connection Initiated with [AF_INET]174.240.129.196:2834  Feb  9 21:46:11 raspberrypi ovpn-server[5588]: MULTI: new connection by client 'zphy-laptop' will cause previous active sessions by this client to be dropped.  Remember to use the --duplicate-cn option if you want multiple clients using the same certificate or username to concurrently connect.  Feb  9 21:46:11 raspberrypi ovpn-server[5588]: OPTIONS IMPORT: reading client specific options from: /etc/openvpn/ccd/zphy-laptop  Feb  9 21:46:11 raspberrypi ovpn-server[5588]: MULTI: Learn: 10.8.0.2 -> zphy-laptop/174.240.129.196:2834  Feb  9 21:46:11 raspberrypi ovpn-server[5588]: MULTI: primary virtual IP for zphy-laptop/174.240.129.196:2834: 10.8.0.2  Feb  9 21:46:12 raspberrypi ovpn-server[5588]: zphy-laptop/174.240.129.196:2834 PUSH: Received control message: 'PUSH_REQUEST'  Feb  9 21:46:12 raspberrypi ovpn-server[5588]: zphy-laptop/174.240.129.196:2834 SENT CONTROL [zphy-laptop]: 'PUSH_REPLY,dhcp-option DNS 10.8.0.254,dhcp-option DNS 149.112.112.112,block-outside-dns,redirect-gateway def1,route-gateway 10.8.0.1,topology subnet,ping 15,ping-restart 120,ifconfig 10.8.0.2 255.255.255.0,peer-id 1,cipher AES-256-GCM' (status=1)  Feb  9 21:46:12 raspberrypi ovpn-server[5588]: zphy-laptop/174.240.129.196:2834 Data Channel: using negotiated cipher 'AES-256-GCM'  Feb  9 21:46:12 raspberrypi ovpn-server[5588]: zphy-laptop/174.240.129.196:2834 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key  Feb  9 21:46:12 raspberrypi ovpn-server[5588]: zphy-laptop/174.240.129.196:2834 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key  Feb  9 21:46:23 raspberrypi ovpn-server[5588]: zphy-laptop/174.240.129.196:2834 AEAD Decrypt error: bad packet ID (may be a replay): [ #243 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings  Feb  9 21:46:33 raspberrypi ovpn-server[5588]: zphy-laptop/174.240.129.196:2834 AEAD Decrypt error: bad packet ID (may be a replay): [ #348 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings  Feb  9 21:46:44 raspberrypi ovpn-server[5588]: zphy-laptop/174.240.129.196:2834 AEAD Decrypt error: bad packet ID (may be a replay): [ #365 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings  Feb  9 21:46:55 raspberrypi ovpn-server[5588]: zphy-laptop/174.240.129.196:2834 AEAD Decrypt error: bad packet ID (may be a replay): [ #381 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings  Feb  9 21:47:23 raspberrypi ovpn-server[5588]: zphy-laptop/174.240.129.196:2834 AEAD Decrypt error: bad packet ID (may be a replay): [ #429 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings  Feb  9 21:48:08 raspberrypi ovpn-server[5588]: zphy-laptop/174.240.129.196:2834 AEAD Decrypt error: bad packet ID (may be a replay): [ #507 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings

Client Logs

2021-02-09 21:46:05 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.  2021-02-09 21:46:05 OpenVPN 2.5.0 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Oct 28 2020  2021-02-09 21:46:05 Windows version 10.0 (Windows 10 or greater) 64bit  2021-02-09 21:46:05 library versions: OpenSSL 1.1.1h  22 Sep 2020, LZO 2.10  Enter Management Password:  2021-02-09 21:46:05 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25342  2021-02-09 21:46:05 Need hold release from management interface, waiting...  2021-02-09 21:46:05 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25342  2021-02-09 21:46:05 MANAGEMENT: CMD 'state on'  2021-02-09 21:46:05 MANAGEMENT: CMD 'log all on'  2021-02-09 21:46:05 MANAGEMENT: CMD 'echo all on'  2021-02-09 21:46:05 MANAGEMENT: CMD 'bytecount 5'  2021-02-09 21:46:05 MANAGEMENT: CMD 'hold off'  2021-02-09 21:46:05 MANAGEMENT: CMD 'hold release'  2021-02-09 21:46:11 MANAGEMENT: CMD 'password [...]'  2021-02-09 21:46:11 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key  2021-02-09 21:46:11 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication  2021-02-09 21:46:11 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key  2021-02-09 21:46:11 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication  2021-02-09 21:46:11 TCP/UDP: Preserving recently used remote address: [AF_INET]206.41.233.37:1194  2021-02-09 21:46:11 Socket Buffers: R=[65536->65536] S=[65536->65536]  2021-02-09 21:46:11 UDP link local: (not bound)  2021-02-09 21:46:11 UDP link remote: [AF_INET]206.41.233.37:1194  2021-02-09 21:46:11 MANAGEMENT: >STATE:1612928771,WAIT,,,,,,  2021-02-09 21:46:11 MANAGEMENT: >STATE:1612928771,AUTH,,,,,,  2021-02-09 21:46:11 TLS: Initial packet from [AF_INET]206.41.233.37:1194, sid=ddd1825f 98f031f9  2021-02-09 21:46:11 VERIFY KU OK  2021-02-09 21:46:11 Validating certificate extended key usage  2021-02-09 21:46:11 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication  2021-02-09 21:46:11 VERIFY EKU OK  2021-02-09 21:46:11 VERIFY X509NAME OK: CN=raspberrypi_9fe0ae39-f6ed-4dc8-80fc-f145c5a1d05c  2021-02-09 21:46:11 VERIFY OK: depth=0, CN=raspberrypi_9fe0ae39-f6ed-4dc8-80fc-f145c5a1d05c  2021-02-09 21:46:12 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 256 bit EC, curve: prime256v1  2021-02-09 21:46:12 [raspberrypi_9fe0ae39-f6ed-4dc8-80fc-f145c5a1d05c] Peer Connection Initiated with [AF_INET]206.41.233.37:1194  2021-02-09 21:46:13 MANAGEMENT: >STATE:1612928773,GET_CONFIG,,,,,,  2021-02-09 21:46:13 SENT CONTROL [raspberrypi_9fe0ae39-f6ed-4dc8-80fc-f145c5a1d05c]: 'PUSH_REQUEST' (status=1)  2021-02-09 21:46:13 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 10.8.0.254,dhcp-option DNS 149.112.112.112,block-outside-dns,redirect-gateway def1,route-gateway 10.8.0.1,topology subnet,ping 15,ping-restart 120,ifconfig 10.8.0.2 255.255.255.0,peer-id 1,cipher AES-256-GCM'  2021-02-09 21:46:13 OPTIONS IMPORT: timers and/or timeouts modified  2021-02-09 21:46:13 OPTIONS IMPORT: --ifconfig/up options modified  2021-02-09 21:46:13 OPTIONS IMPORT: route options modified  2021-02-09 21:46:13 OPTIONS IMPORT: route-related options modified  2021-02-09 21:46:13 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified  2021-02-09 21:46:13 OPTIONS IMPORT: peer-id set  2021-02-09 21:46:13 OPTIONS IMPORT: adjusting link_mtu to 1624  2021-02-09 21:46:13 OPTIONS IMPORT: data channel crypto options modified  2021-02-09 21:46:13 Data Channel: using negotiated cipher 'AES-256-GCM'  2021-02-09 21:46:13 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key  2021-02-09 21:46:13 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key  2021-02-09 21:46:13 interactive service msg_channel=708  2021-02-09 21:46:13 ROUTE_GATEWAY 192.168.151.100/255.255.255.0 I=15 HWADDR=f8:e4:e3:d8:cd:c2  2021-02-09 21:46:13 open_tun  2021-02-09 21:46:13 tap-windows6 device [OpenVPN TAP-Windows6] opened  2021-02-09 21:46:13 TAP-Windows Driver Version 9.24   2021-02-09 21:46:13 Set TAP-Windows TUN subnet mode network/local/netmask = 10.8.0.0/10.8.0.2/255.255.255.0 [SUCCEEDED]  2021-02-09 21:46:13 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.8.0.2/255.255.255.0 on interface {5690A796-B23A-4580-A9F1-64ED569EB3E6} [DHCP-serv: 10.8.0.254, lease-time: 31536000]  2021-02-09 21:46:13 Successful ARP Flush on interface [9] {5690A796-B23A-4580-A9F1-64ED569EB3E6}  2021-02-09 21:46:13 MANAGEMENT: >STATE:1612928773,ASSIGN_IP,,10.8.0.2,,,,  2021-02-09 21:46:13 IPv4 MTU set to 1500 on interface 9 using service  2021-02-09 21:46:13 Blocking outside dns using service succeeded.  2021-02-09 21:46:18 TEST ROUTES: 1/1 succeeded len=0 ret=1 a=0 u/d=up  2021-02-09 21:46:18 C:\WINDOWS\system32\route.exe ADD 206.41.233.37 MASK 255.255.255.255 192.168.151.100  2021-02-09 21:46:18 Route addition via service succeeded  2021-02-09 21:46:18 C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.8.0.1  2021-02-09 21:46:18 Route addition via service succeeded  2021-02-09 21:46:18 C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.8.0.1  2021-02-09 21:46:18 Route addition via service succeeded  2021-02-09 21:46:18 Initialization Sequence Completed  2021-02-09 21:46:18 MANAGEMENT: >STATE:1612928778,CONNECTED,SUCCESS,10.8.0.2,206.41.233.37,1194,,

https://stackoverflow.com/questions/66130777/configuring-openvpn February 10, 2021 at 12:06PM

有些事如何做

2021年2月9日星期二

Configuring OpenVPN

没有评论:

发表评论