OpenVPN zwischen Manjaro Linux und Windows Server 2016, VPN wird eingerichtet, es wird jedoch kein Datenverkehr durchgeleitet

Ich habe einen Windows-Server zu Hause, in diesem Szenario den OpenVPN-Server. Mein Client ist ein Manjaro Linux (Arch Distro) in der neuesten Version. Ich wollte ein einfaches VPN und DNS-Optionen schieben. Die Adresse des Heimnetzwerks meines Servers lautet 192.168.69.200 und der Adressbereich für die OpenVPN-Verbindung ist 10.69.0.0/24. Die DNS-Optionen werden nicht auf meine resolv.conf übertragen (dies ist jedoch ein Problem des NetworkManagers). Die Route nach 192.168.69.0/24 wurde erfolgreich hinzugefügt, das Tuning-Gerät erstellt und die richtige IP-Adresse zugewiesen. Aber wenn ich versuche, 192.168.69.200 zu pingen, nichts. Hier ist meine Serverkonfiguration:

port 1194 proto udp dev tun ca ca.crt cert muxi-at.crt key muxi-at.key dh dh2048.pem topology subnet server 10.69.0.0 255.255.255.0 ifconfig-pool-persist ipp.txt push "route 192.168.69.0 255.255.255.0" push "dhcp-option DNS 192.168.69.200" push "dhcp-option DOMAIN muxi.at" keepalive 10 120 cipher AES-256-CBC comp-lzo persist-key persist-tun status openvpn-status.log verb 4 explicit-exit-notify 1 

Hier ist meine Client-Konfiguration:

client dev tun proto udp remote muxi.at 1194 resolv-retry infinite nobind user nobody group nobody persist-key persist-tun ca ca.crt cert johann-pad.crt key johann-pad.key remote-cert-tls server cipher AES-256-CBC verb 4 

Und nun ein paar Protokollausgaben, um alles abzurunden:

Server:

Mon Jul 30 10:11:45 2018 us=238102 Current Parameter Settings: Mon Jul 30 10:11:45 2018 us=238102 config = 'server.ovpn' Mon Jul 30 10:11:45 2018 us=238102 mode = 1 Mon Jul 30 10:11:45 2018 us=238102 show_ciphers = DISABLED Mon Jul 30 10:11:45 2018 us=238102 show_digests = DISABLED Mon Jul 30 10:11:45 2018 us=238102 show_engines = DISABLED Mon Jul 30 10:11:45 2018 us=238102 genkey = DISABLED Mon Jul 30 10:11:45 2018 us=238102 key_pass_file = '[UNDEF]' Mon Jul 30 10:11:45 2018 us=238102 show_tls_ciphers = DISABLED Mon Jul 30 10:11:45 2018 us=238102 connect_retry_max = 0 Mon Jul 30 10:11:45 2018 us=238102 Connection profiles [0]: Mon Jul 30 10:11:45 2018 us=238102 proto = udp Mon Jul 30 10:11:45 2018 us=238102 local = '[UNDEF]' Mon Jul 30 10:11:45 2018 us=238102 local_port = '1194' Mon Jul 30 10:11:45 2018 us=238102 remote = '[UNDEF]' Mon Jul 30 10:11:45 2018 us=239101 remote_port = '1194' Mon Jul 30 10:11:45 2018 us=239101 remote_float = DISABLED Mon Jul 30 10:11:45 2018 us=239101 bind_defined = DISABLED Mon Jul 30 10:11:45 2018 us=239101 bind_local = ENABLED Mon Jul 30 10:11:45 2018 us=239101 bind_ipv6_only = DISABLED Mon Jul 30 10:11:45 2018 us=239101 connect_retry_seconds = 5 Mon Jul 30 10:11:45 2018 us=239101 connect_timeout = 120 Mon Jul 30 10:11:45 2018 us=239101 socks_proxy_server = '[UNDEF]' Mon Jul 30 10:11:45 2018 us=239101 socks_proxy_port = '[UNDEF]' Mon Jul 30 10:11:45 2018 us=239101 tun_mtu = 1500 Mon Jul 30 10:11:45 2018 us=241102 management_client_user = '[UNDEF]' Mon Jul 30 10:11:45 2018 us=241102 management_client_group = '[UNDEF]' Mon Jul 30 10:11:45 2018 us=241102 management_flags = 6 Mon Jul 30 10:11:45 2018 us=241102 shared_secret_file = '[UNDEF]' Mon Jul 30 10:11:45 2018 us=241102 key_direction = not set Mon Jul 30 10:11:45 2018 us=241102 ciphername = 'AES-256-CBC' Mon Jul 30 10:11:45 2018 us=241102 ncp_enabled = ENABLED Mon Jul 30 10:11:45 2018 us=241102 ncp_ciphers = 'AES-256-GCM:AES-128- Mon Jul 30 10:11:45 2018 us=243102 tls_exit = DISABLED Mon Jul 30 10:11:45 2018 us=243102 tls_auth_file = '[UNDEF]' Mon Jul 30 10:11:45 2018 us=243102 tls_crypt_file = '[UNDEF]' Mon Jul 30 10:11:45 2018 us=243102 pkcs11_protected_authentication =  Mon Jul 30 10:11:45 2018 us=244102 server_network = 10.69.0.0 Mon Jul 30 10:11:45 2018 us=244102 server_netmask = 255.255.255.0 Mon Jul 30 10:11:45 2018 us=244102 server_network_ipv6 = :: Mon Jul 30 10:11:45 2018 us=244102 server_netbits_ipv6 = 0 Mon Jul 30 10:11:45 2018 us=244102 server_bridge_ip = 0.0.0.0 Mon Jul 30 10:11:45 2018 us=244102 server_bridge_netmask = 0.0.0.0 Mon Jul 30 10:11:45 2018 us=244102 server_bridge_pool_start = 0.0.0.0 Mon Jul 30 10:11:45 2018 us=244102 server_bridge_pool_end = 0.0.0.0 Mon Jul 30 10:11:45 2018 us=244102 push_entry = 'route 192.168.69.0 255.255.255.0' Mon Jul 30 10:11:45 2018 us=244102 push_entry = 'dhcp-option DNS 192.168.69.200' Mon Jul 30 10:11:45 2018 us=244102 push_entry = 'dhcp-option DOMAIN muxi.at' Mon Jul 30 10:11:45 2018 us=244102 push_entry = 'route-gateway 10.69.0.1' Mon Jul 30 10:11:45 2018 us=244102 push_entry = 'topology subnet' Mon Jul 30 10:11:45 2018 us=244102 push_entry = 'ping 10' Mon Jul 30 10:11:45 2018 us=244102 push_entry = 'ping-restart 120' Mon Jul 30 10:11:45 2018 us=245102 ifconfig_pool_defined = ENABLED Mon Jul 30 10:11:45 2018 us=245102 ifconfig_pool_start = 10.69.0.2 Mon Jul 30 10:11:45 2018 us=245102 ifconfig_pool_end = 10.69.0.253 Mon Jul 30 10:11:45 2018 us=245102 ifconfig_pool_netmask = 255.255.255.0 Mon Jul 30 10:11:45 2018 us=245102 ifconfig_pool_persist_filename = 'ipp.txt' Mon Jul 30 10:11:45 2018 us=245102 ifconfig_pool_persist_refresh_freq = 600 Mon Jul 30 10:11:45 2018 us=245102 ifconfig_ipv6_pool_defined = DISABLED Mon Jul 30 10:11:45 2018 us=245102 ifconfig_ipv6_pool_base = :: Mon Jul 30 10:11:45 2018 us=245102 ifconfig_ipv6_pool_netbits = 0 Mon Jul 30 10:11:45 2018 us=245102 n_bcast_buf = 256 Mon Jul 30 10:11:45 2018 us=245102 tcp_queue_limit = 64 Mon Jul 30 10:11:45 2018 us=245102 real_hash_size = 256 Mon Jul 30 10:11:45 2018 us=245102 virtual_hash_size = 256 Mon Jul 30 10:11:45 2018 us=245102 client_connect_script = '[UNDEF]' Mon Jul 30 10:11:45 2018 us=245102 learn_address_script = '[UNDEF]' Mon Jul 30 10:11:45 2018 us=245102 client_disconnect_script = '[UNDEF]' Mon Jul 30 10:11:45 2018 us=245102 client_config_dir = '[UNDEF]' Mon Jul 30 10:11:45 2018 us=245102 ccd_exclusive = DISABLED Mon Jul 30 10:11:45 2018 us=245102 tmp_dir = 'C:\Users\ADMINI~1.MUX\AppData\Local\Temp\3\' Mon Jul 30 10:11:45 2018 us=245102 push_ifconfig_defined = DISABLED Mon Jul 30 10:11:45 2018 us=245102 push_ifconfig_local = 0.0.0.0 Mon Jul 30 10:11:45 2018 us=245102 push_ifconfig_remote_netmask = 0.0.0.0 Mon Jul 30 10:11:45 2018 us=245102 push_ifconfig_ipv6_defined = DISABLED Mon Jul 30 10:11:45 2018 us=245102 push_ifconfig_ipv6_local = ::/0 Mon Jul 30 10:11:45 2018 us=245102 push_ifconfig_ipv6_remote = :: Mon Jul 30 10:11:45 2018 us=245102 enable_c2c = ENABLED Mon Jul 30 10:11:45 2018 us=245102 duplicate_cn = DISABLED Mon Jul 30 10:11:45 2018 us=245102 cf_max = 0 Mon Jul 30 10:11:45 2018 us=245102 cf_per = 0 Mon Jul 30 10:11:45 2018 us=245102 max_clients = 1024 Mon Jul 30 10:11:45 2018 us=245102 max_routes_per_client = 256 Mon Jul 30 10:11:45 2018 us=245102 auth_user_pass_verify_script = '[UNDEF]' Mon Jul 30 10:11:45 2018 us=245102 auth_user_pass_verify_script_via_file = DISABLED Mon Jul 30 10:11:45 2018 us=245102 auth_token_generate = DISABLED Mon Jul 30 10:11:45 2018 us=245102 auth_token_lifetime = 0 Mon Jul 30 10:11:45 2018 us=245102 client = DISABLED Mon Jul 30 10:11:45 2018 us=246102 pull = DISABLED Mon Jul 30 10:11:45 2018 us=246102 auth_user_pass_file = '[UNDEF]' Mon Jul 30 10:11:45 2018 us=246102 show_net_up = DISABLED Mon Jul 30 10:11:45 2018 us=246102 route_method = 0 Mon Jul 30 10:11:45 2018 us=246102 block_outside_dns = DISABLED Mon Jul 30 10:11:45 2018 us=246102 ip_win32_defined = DISABLED Mon Jul 30 10:11:45 2018 us=246102 ip_win32_type = 3 Mon Jul 30 10:11:45 2018 us=246102 dhcp_masq_offset = 0 Mon Jul 30 10:11:45 2018 us=246102 dhcp_lease_time = 31536000 Mon Jul 30 10:11:45 2018 us=246102 tap_sleep = 10 Mon Jul 30 10:11:45 2018 us=246102 dhcp_options = DISABLED Mon Jul 30 10:11:45 2018 us=246102 dhcp_renew = DISABLED Mon Jul 30 10:11:45 2018 us=246102 dhcp_pre_release = DISABLED Mon Jul 30 10:11:45 2018 us=246102 domain = '[UNDEF]' Mon Jul 30 10:11:45 2018 us=246102 netbios_scope = '[UNDEF]' Mon Jul 30 10:11:45 2018 us=246102 netbios_node_type = 0 Mon Jul 30 10:11:45 2018 us=246102 disable_nbt = DISABLED Mon Jul 30 10:11:45 2018 us=246102 OpenVPN 2.4.6 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Apr 26 2018 Mon Jul 30 10:11:45 2018 us=246102 Windows version 6.2 (Windows 8 or greater) 64bit Mon Jul 30 10:11:45 2018 us=246102 library versions: OpenSSL 1.1.0h 27 Mar 2018, LZO 2.10 Enter Management Password: Mon Jul 30 10:11:45 2018 us=248035 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340 Mon Jul 30 10:11:45 2018 us=248035 Need hold release from management interface, waiting... Mon Jul 30 10:11:45 2018 us=677305 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340 Mon Jul 30 10:11:45 2018 us=778947 MANAGEMENT: CMD 'state on' Mon Jul 30 10:11:45 2018 us=778947 MANAGEMENT: CMD 'log all on' Mon Jul 30 10:11:46 2018 us=238888 MANAGEMENT: CMD 'echo all on' Mon Jul 30 10:11:46 2018 us=244887 MANAGEMENT: CMD 'bytecount 5' Mon Jul 30 10:11:46 2018 us=249887 MANAGEMENT: CMD 'hold off' Mon Jul 30 10:11:46 2018 us=254887 MANAGEMENT: CMD 'hold release' Mon Jul 30 10:11:46 2018 us=270889 Diffie-Hellman initialized with 2048 bit key Mon Jul 30 10:11:46 2018 us=273892 TLS-Auth MTU parms [ L:1621 D:1212 EF:38 EB:0 ET:0 EL:3 ] Mon Jul 30 10:11:46 2018 us=274890 interactive service msg_channel=0 Mon Jul 30 10:11:46 2018 us=274890 open_tun Mon Jul 30 10:11:46 2018 us=278892 TAP-WIN32 device [Ethernet 2] opened: \\.\Global\.tap Mon Jul 30 10:11:46 2018 us=279889 TAP-Windows Driver Version 9.21  Mon Jul 30 10:11:46 2018 us=279889 TAP-Windows MTU=1500 Mon Jul 30 10:11:46 2018 us=285893 Set TAP-Windows TUN subnet mode network/local/netmask = 10.69.0.0/10.69.0.1/255.255.255.0 [SUCCEEDED] Mon Jul 30 10:11:46 2018 us=285893 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.69.0.1/255.255.255.0 on interface [DHCP-serv: 10.69.0.254, lease-time: 31536000] Mon Jul 30 10:11:46 2018 us=286889 Sleeping for 10 seconds... Mon Jul 30 10:11:56 2018 us=292720 Successful ARP Flush on interface [12]  Mon Jul 30 10:11:56 2018 us=301641 do_ifconfig, tt->did_ifconfig_ipv6_setup=0 Mon Jul 30 10:11:56 2018 us=301641 MANAGEMENT: >STATE:1532938316,ASSIGN_IP,,10.69.0.1,,,, Mon Jul 30 10:11:56 2018 us=302641 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ] Mon Jul 30 10:11:56 2018 us=302641 Could not determine IPv4/IPv6 protocol. Using AF_INET6 Mon Jul 30 10:11:56 2018 us=302641 Socket Buffers: R=[65536->65536] S=[65536->65536] Mon Jul 30 10:11:56 2018 us=302641 setsockopt(IPV6_V6ONLY=0) Mon Jul 30 10:11:56 2018 us=303641 UDPv6 link local (bound): [AF_INET6][undef]:1194 Mon Jul 30 10:11:56 2018 us=303641 UDPv6 link remote: [AF_UNSPEC] Mon Jul 30 10:11:56 2018 us=303641 MULTI: multi_init called, r=256 v=256 Mon Jul 30 10:11:56 2018 us=303641 IFCONFIG POOL: base=10.69.0.2 size=252, ipv6=0 Mon Jul 30 10:11:56 2018 us=303641 ifconfig_pool_read(), in='johann-pad,10.69.0.2', TODO: IPv6 Mon Jul 30 10:11:56 2018 us=303641 succeeded -> ifconfig_pool_set() Mon Jul 30 10:11:56 2018 us=304641 IFCONFIG POOL LIST Mon Jul 30 10:11:56 2018 us=304641 johann-pad,10.69.0.2 Mon Jul 30 10:11:56 2018 us=304641 Initialization Sequence Completed Mon Jul 30 10:11:56 2018 us=304641 MANAGEMENT: >STATE:1532938316,CONNECTED,SUCCESS,10.69.0.1,,,, Mon Jul 30 10:16:37 2018 us=659163 MULTI: multi_create_instance called Mon Jul 30 10:16:37 2018 us=659163 46.125.249.62 Re-using SSL/TLS context Mon Jul 30 10:16:37 2018 us=659163 46.125.249.62 Control Channel MTU parms [ L:1621 D:1212 EF:38 EB:0 ET:0 EL:3 ] Mon Jul 30 10:16:37 2018 us=659163 46.125.249.62 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ] Mon Jul 30 10:16:37 2018 us=660086 46.125.249.62 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-server' Mon Jul 30 10:16:37 2018 us=660086 46.125.249.62 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-client' Mon Jul 30 10:16:37 2018 us=660086 46.125.249.62 TLS: Initial packet from [AF_INET6]::ffff:46.125.249.62:22475, sid=6682eaa3 bc5c637a Mon Jul 30 10:16:37 2018 us=837153 46.125.249.62 VERIFY OK: depth=1, C=AT, ST=Vienna, L=Vienna, O=Privat, OU=OU, CN=muxi.at, name=Max Maier, emailAddress=kek Mon Jul 30 10:16:37 2018 us=838153 46.125.249.62 VERIFY OK: depth=0, C=AT, ST=Vienna, L=Vienna, O=Privat, OU=OU, CN=johann-pad, name=Max Maier, emailAddress=kek Mon Jul 30 10:16:37 2018 us=882235 46.125.249.62 peer info: IV_VER=2.4.6 Mon Jul 30 10:16:37 2018 us=882235 46.125.249.62 peer info: IV_PLAT=linux Mon Jul 30 10:16:37 2018 us=882235 46.125.249.62 peer info: IV_PROTO=2 Mon Jul 30 10:16:37 2018 us=882235 46.125.249.62 peer info: IV_NCP=2 Mon Jul 30 10:16:37 2018 us=882235 46.125.249.62 peer info: IV_LZ4=1 Mon Jul 30 10:16:37 2018 us=882235 46.125.249.62 peer info: IV_LZ4v2=1 Mon Jul 30 10:16:37 2018 us=882235 46.125.249.62 peer info: IV_LZO=1 Mon Jul 30 10:16:37 2018 us=882235 46.125.249.62 peer info: IV_COMP_STUB=1 Mon Jul 30 10:16:37 2018 us=882235 46.125.249.62 peer info: IV_COMP_STUBv2=1 Mon Jul 30 10:16:37 2018 us=882235 46.125.249.62 peer info: IV_TCPNL=1 Mon Jul 30 10:16:37 2018 us=915237 46.125.249.62 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 4096 bit RSA Mon Jul 30 10:16:37 2018 us=915237 46.125.249.62 [johann-pad] Peer Connection Initiated with [AF_INET6]::ffff:46.125.249.62:22475 Mon Jul 30 10:16:37 2018 us=916156 johann-pad/46.125.249.62 MULTI_sva: pool returned IPv4=10.69.0.2, IPv6=(Not enabled) Mon Jul 30 10:16:37 2018 us=916156 johann-pad/46.125.249.62 MULTI: Learn: 10.69.0.2 -> johann-pad/46.125.249.62 Mon Jul 30 10:16:37 2018 us=916156 johann-pad/46.125.249.62 MULTI: primary virtual IP for johann-pad/46.125.249.62: 10.69.0.2 Mon Jul 30 10:16:39 2018 us=70985 johann-pad/46.125.249.62 PUSH: Received control message: 'PUSH_REQUEST' Mon Jul 30 10:16:39 2018 us=70985 johann-pad/46.125.249.62 SENT CONTROL [johann-pad]: 'PUSH_REPLY,route 192.168.69.0 255.255.255.0,dhcp-option DNS 192.168.69.200,dhcp-option DOMAIN muxi.at,route-gateway 10.69.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.69.0.2 255.255.255.0,peer-id 0,cipher AES-256-GCM' (status=1) Mon Jul 30 10:16:39 2018 us=70985 johann-pad/46.125.249.62 Data Channel: using negotiated cipher 'AES-256-GCM' Mon Jul 30 10:16:39 2018 us=70985 johann-pad/46.125.249.62 Data Channel MTU parms [ L:1549 D:1450 EF:49 EB:406 ET:0 EL:3 ] Mon Jul 30 10:16:39 2018 us=71986 johann-pad/46.125.249.62 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key Mon Jul 30 10:16:39 2018 us=71986 johann-pad/46.125.249.62 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key Mon Jul 30 10:21:25 2018 us=192651 johann-pad/46.125.249.62 [johann-pad] Inactivity timeout (--ping-restart), restarting Mon Jul 30 10:21:25 2018 us=192651 johann-pad/46.125.249.62 SIGUSR1[soft,ping-restart] received, client-instance restarting Mon Jul 30 10:22:23 2018 us=681125 MULTI: multi_create_instance called Mon Jul 30 10:22:23 2018 us=681125 46.125.249.62 Re-using SSL/TLS context Mon Jul 30 10:22:23 2018 us=681125 46.125.249.62 Control Channel MTU parms [ L:1621 D:1212 EF:38 EB:0 ET:0 EL:3 ] Mon Jul 30 10:22:23 2018 us=681125 46.125.249.62 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ] Mon Jul 30 10:22:23 2018 us=681125 46.125.249.62 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-server' Mon Jul 30 10:22:23 2018 us=681125 46.125.249.62 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-client' Mon Jul 30 10:22:23 2018 us=681125 46.125.249.62 TLS: Initial packet from [AF_INET6]::ffff:46.125.249.62:22476, sid=9a4e2a35 85429d9e Mon Jul 30 10:22:23 2018 us=848831 46.125.249.62 VERIFY OK: depth=1, C=AT, ST=Vienna, L=Vienna, O=Privat, OU=OU, CN=muxi.at, name=Max Maier, emailAddress=kek Mon Jul 30 10:22:23 2018 us=849830 46.125.249.62 VERIFY OK: depth=0, C=AT, ST=Vienna, L=Vienna, O=Privat, OU=OU, CN=johann-pad, name=Max Maier, emailAddress=kek Mon Jul 30 10:22:23 2018 us=909473 46.125.249.62 peer info: IV_VER=2.4.6 Mon Jul 30 10:22:23 2018 us=909473 46.125.249.62 peer info: IV_PLAT=linux Mon Jul 30 10:22:23 2018 us=909473 46.125.249.62 peer info: IV_PROTO=2 Mon Jul 30 10:22:23 2018 us=909473 46.125.249.62 peer info: IV_NCP=2 Mon Jul 30 10:22:23 2018 us=909473 46.125.249.62 peer info: IV_LZ4=1 Mon Jul 30 10:22:23 2018 us=909473 46.125.249.62 peer info: IV_LZ4v2=1 Mon Jul 30 10:22:23 2018 us=909473 46.125.249.62 peer info: IV_LZO=1 Mon Jul 30 10:22:23 2018 us=909473 46.125.249.62 peer info: IV_COMP_STUB=1 Mon Jul 30 10:22:23 2018 us=909473 46.125.249.62 peer info: IV_COMP_STUBv2=1 Mon Jul 30 10:22:23 2018 us=909473 46.125.249.62 peer info: IV_TCPNL=1 Mon Jul 30 10:22:23 2018 us=956686 46.125.249.62 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 4096 bit RSA Mon Jul 30 10:22:23 2018 us=956686 46.125.249.62 [johann-pad] Peer Connection Initiated with [AF_INET6]::ffff:46.125.249.62:22476 Mon Jul 30 10:22:23 2018 us=956686 johann-pad/46.125.249.62 MULTI_sva: pool returned IPv4=10.69.0.2, IPv6=(Not enabled) Mon Jul 30 10:22:23 2018 us=957683 johann-pad/46.125.249.62 MULTI: Learn: 10.69.0.2 -> johann-pad/46.125.249.62 Mon Jul 30 10:22:23 2018 us=957683 johann-pad/46.125.249.62 MULTI: primary virtual IP for johann-pad/46.125.249.62: 10.69.0.2 Mon Jul 30 10:22:25 2018 us=108082 johann-pad/46.125.249.62 PUSH: Received control message: 'PUSH_REQUEST' Mon Jul 30 10:22:25 2018 us=108082 johann-pad/46.125.249.62 SENT CONTROL [johann-pad]: 'PUSH_REPLY,route 192.168.69.0 255.255.255.0,dhcp-option DNS 192.168.69.200,dhcp-option DOMAIN muxi.at,route-gateway 10.69.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.69.0.2 255.255.255.0,peer-id 0,cipher AES-256-GCM' (status=1) Mon Jul 30 10:22:25 2018 us=108082 johann-pad/46.125.249.62 Data Channel: using negotiated cipher 'AES-256-GCM' Mon Jul 30 10:22:25 2018 us=108082 johann-pad/46.125.249.62 Data Channel MTU parms [ L:1549 D:1450 EF:49 EB:406 ET:0 EL:3 ] Mon Jul 30 10:22:25 2018 us=108082 johann-pad/46.125.249.62 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key Mon Jul 30 10:22:25 2018 us=108082 johann-pad/46.125.249.62 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key Mon Jul 30 10:23:45 2018 us=469757 MULTI: multi_create_instance called Mon Jul 30 10:23:45 2018 us=469757 46.125.249.62 Re-using SSL/TLS context Mon Jul 30 10:23:45 2018 us=469757 46.125.249.62 Control Channel MTU parms [ L:1621 D:1212 EF:38 EB:0 ET:0 EL:3 ] Mon Jul 30 10:23:45 2018 us=469757 46.125.249.62 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ] Mon Jul 30 10:23:45 2018 us=469757 46.125.249.62 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-server' Mon Jul 30 10:23:45 2018 us=469757 46.125.249.62 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-client' Mon Jul 30 10:23:45 2018 us=469757 46.125.249.62 TLS: Initial packet from [AF_INET6]::ffff:46.125.249.62:22477, sid=9c33023e 1518749c Mon Jul 30 10:23:45 2018 us=641242 46.125.249.62 VERIFY OK: depth=1, C=AT, ST=Vienna, L=Vienna, O=Privat, OU=OU, CN=muxi.at, name=Max Maier, emailAddress=kek Mon Jul 30 10:23:45 2018 us=642243 46.125.249.62 VERIFY OK: depth=0, C=AT, ST=Vienna, L=Vienna, O=Privat, OU=OU, CN=johann-pad, name=Max Maier, emailAddress=kek Mon Jul 30 10:23:45 2018 us=691307 46.125.249.62 peer info: IV_VER=2.4.6 Mon Jul 30 10:23:45 2018 us=691307 46.125.249.62 peer info: IV_PLAT=linux Mon Jul 30 10:23:45 2018 us=691307 46.125.249.62 peer info: IV_PROTO=2 Mon Jul 30 10:23:45 2018 us=691307 46.125.249.62 peer info: IV_NCP=2 Mon Jul 30 10:23:45 2018 us=691307 46.125.249.62 peer info: IV_LZ4=1 Mon Jul 30 10:23:45 2018 us=691307 46.125.249.62 peer info: IV_LZ4v2=1 Mon Jul 30 10:23:45 2018 us=691307 46.125.249.62 peer info: IV_LZO=1 Mon Jul 30 10:23:45 2018 us=691307 46.125.249.62 peer info: IV_COMP_STUB=1 Mon Jul 30 10:23:45 2018 us=691307 46.125.249.62 peer info: IV_COMP_STUBv2=1 Mon Jul 30 10:23:45 2018 us=691307 46.125.249.62 peer info: IV_TCPNL=1 Mon Jul 30 10:23:45 2018 us=724308 46.125.249.62 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 4096 bit RSA Mon Jul 30 10:23:45 2018 us=724308 46.125.249.62 [johann-pad] Peer Connection Initiated with [AF_INET6]::ffff:46.125.249.62:22477 Mon Jul 30 10:23:45 2018 us=724308 MULTI: new connection by client 'johann-pad' will cause previous active sessions by this client to be dropped. Remember to use the --duplicate-cn option if you want multiple clients using the same certificate or username to concurrently connect. Mon Jul 30 10:23:45 2018 us=724308 MULTI_sva: pool returned IPv4=10.69.0.2, IPv6=(Not enabled) Mon Jul 30 10:23:45 2018 us=724308 MULTI: Learn: 10.69.0.2 -> johann-pad/46.125.249.62 Mon Jul 30 10:23:45 2018 us=725244 MULTI: primary virtual IP for johann-pad/46.125.249.62: 10.69.0.2 Mon Jul 30 10:23:46 2018 us=808942 johann-pad/46.125.249.62 PUSH: Received control message: 'PUSH_REQUEST' Mon Jul 30 10:23:46 2018 us=808942 johann-pad/46.125.249.62 SENT CONTROL [johann-pad]: 'PUSH_REPLY,route 192.168.69.0 255.255.255.0,dhcp-option DNS 192.168.69.200,dhcp-option DOMAIN muxi.at,route-gateway 10.69.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.69.0.2 255.255.255.0,peer-id 1,cipher AES-256-GCM' (status=1) Mon Jul 30 10:23:46 2018 us=808942 johann-pad/46.125.249.62 Data Channel: using negotiated cipher 'AES-256-GCM' Mon Jul 30 10:23:46 2018 us=809861 johann-pad/46.125.249.62 Data Channel MTU parms [ L:1549 D:1450 EF:49 EB:406 ET:0 EL:3 ] Mon Jul 30 10:23:46 2018 us=809861 johann-pad/46.125.249.62 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key Mon Jul 30 10:23:46 2018 us=809861 johann-pad/46.125.249.62 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key 

Klient:

Mon Jul 30 10:23:45 2018 WARNING: file 'johann-pad.key' is group or others accessible Mon Jul 30 10:23:45 2018 OpenVPN 2.4.6 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 24 2018 Mon Jul 30 10:23:45 2018 library versions: OpenSSL 1.1.0h 27 Mar 2018, LZO 2.10 Mon Jul 30 10:23:45 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]84.113.131.29:1194 Mon Jul 30 10:23:45 2018 Socket Buffers: R=[212992->212992] S=[212992->212992] Mon Jul 30 10:23:45 2018 UDP link local: (not bound) Mon Jul 30 10:23:45 2018 UDP link remote: [AF_INET]84.113.131.29:1194 Mon Jul 30 10:23:45 2018 NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay Mon Jul 30 10:23:45 2018 TLS: Initial packet from [AF_INET]84.113.131.29:1194, sid=5a41de68 a1cf8ed2 Mon Jul 30 10:23:45 2018 VERIFY OK: depth=1, C=AT, ST=Vienna, L=Vienna, O=Privat, OU=OU, CN=muxi.at, name=Max Maier, emailAddress=kek Mon Jul 30 10:23:45 2018 VERIFY KU OK Mon Jul 30 10:23:45 2018 Validating certificate extended key usage Mon Jul 30 10:23:45 2018 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication Mon Jul 30 10:23:45 2018 VERIFY EKU OK Mon Jul 30 10:23:45 2018 VERIFY OK: depth=0, C=AT, ST=Vienna, L=Vienna, O=Privat, OU=OU, CN=muxi.at, name=Max Maier, emailAddress=kek Mon Jul 30 10:23:45 2018 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 4096 bit RSA Mon Jul 30 10:23:45 2018 [muxi.at] Peer Connection Initiated with [AF_INET]84.113.131.29:1194 Mon Jul 30 10:23:46 2018 SENT CONTROL [muxi.at]: 'PUSH_REQUEST' (status=1) Mon Jul 30 10:23:46 2018 PUSH: Received control message: 'PUSH_REPLY,route 192.168.69.0 255.255.255.0,dhcp-option DNS 192.168.69.200,dhcp-option DOMAIN muxi.at,route-gateway 10.69.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.69.0.2 255.255.255.0,peer-id 1,cipher AES-256-GCM' Mon Jul 30 10:23:46 2018 OPTIONS IMPORT: timers and/or timeouts modified Mon Jul 30 10:23:46 2018 OPTIONS IMPORT: --ifconfig/up options modified Mon Jul 30 10:23:46 2018 OPTIONS IMPORT: route options modified Mon Jul 30 10:23:46 2018 OPTIONS IMPORT: route-related options modified Mon Jul 30 10:23:46 2018 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified Mon Jul 30 10:23:46 2018 OPTIONS IMPORT: peer-id set Mon Jul 30 10:23:46 2018 OPTIONS IMPORT: adjusting link_mtu to 1624 Mon Jul 30 10:23:46 2018 OPTIONS IMPORT: data channel crypto options modified Mon Jul 30 10:23:46 2018 Data Channel: using negotiated cipher 'AES-256-GCM' Mon Jul 30 10:23:46 2018 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key Mon Jul 30 10:23:46 2018 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key Mon Jul 30 10:23:46 2018 ROUTE_GATEWAY 192.168.43.1/255.255.255.0 IFACE=wlp5s0 HWADDR=f8:28:19:cc:26:ef Mon Jul 30 10:23:46 2018 TUN/TAP device tun0 opened Mon Jul 30 10:23:46 2018 TUN/TAP TX queue length set to 100 Mon Jul 30 10:23:46 2018 do_ifconfig, tt->did_ifconfig_ipv6_setup=0 Mon Jul 30 10:23:46 2018 /usr/bin/ip link set dev tun0 up mtu 1500 Mon Jul 30 10:23:46 2018 /usr/bin/ip addr add dev tun0 10.69.0.2/24 broadcast 10.69.0.255 Mon Jul 30 10:23:46 2018 /usr/bin/ip route add 192.168.69.0/24 via 10.69.0.1 Mon Jul 30 10:23:46 2018 GID set to nobody Mon Jul 30 10:23:46 2018 UID set to nobody Mon Jul 30 10:23:46 2018 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this Mon Jul 30 10:23:46 2018 Initialization Sequence Completed 

Hier sind einige Befehlsausgaben

ip a:

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host  valid_lft forever preferred_lft forever 2: enp4s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc fq_codel state DOWN group default qlen 1000 link/ether 54:e1:ad:91:aa:03 brd ff:ff:ff:ff:ff:ff 3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000 link/ether 52:54:00:d2:90:f1 brd ff:ff:ff:ff:ff:ff inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0 valid_lft forever preferred_lft forever 4: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc fq_codel master virbr0 state DOWN group default qlen 1000 link/ether 52:54:00:d2:90:f1 brd ff:ff:ff:ff:ff:ff 5: wlp5s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000 link/ether f8:28:19:cc:26:ef brd ff:ff:ff:ff:ff:ff inet 192.168.43.204/24 brd 192.168.43.255 scope global dynamic noprefixroute wlp5s0 valid_lft 2669sec preferred_lft 2669sec inet6 fe80::5993:8ec8:4639:a2a/64 scope link noprefixroute  valid_lft forever preferred_lft forever 14: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 100 link/none  inet 10.69.0.2/24 brd 10.69.0.255 scope global tun0 valid_lft forever preferred_lft forever inet6 fe80::e15e:1efc:7b76:1902/64 scope link stable-privacy  valid_lft forever preferred_lft forever 

ip route show:

default via 192.168.43.1 dev wlp5s0 proto dhcp metric 600  10.69.0.0/24 dev tun0 proto kernel scope link src 10.69.0.2  192.168.43.0/24 dev wlp5s0 proto kernel scope link src 192.168.43.204 metric 600  192.168.69.0/24 via 10.69.0.1 dev tun0  192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1 linkdown  

Ich musste einige Ausgaben aus den OpenVPN Server-Protokollen aufgrund der Zeichenbegrenzung auslassen. Falls wichtige Informationen fehlen, lassen Sie es mich bitte wissen. Danke im Voraus.