wickywick DD-WRT Novice
Joined: 09 Sep 2012 Posts: 3
|
Posted: Mon Apr 21, 2014 12:19 Post subject: OpenVPN on Asus RT-N66U not routing internet traffic |
|
I am running an Asus RT-N66U with DD-WRT successfully installed. Here is relevant info:
Router CPU: Broadcom BCM5300 chip rev 1
dd-wrt: dd-wrt.v24-23919_NEWD-2_K3.x_mega_RT-N66U.trx
The big reason I want DD-WRT running is so I can operate OpenVPN on the router, and not on my Win7 machine (that is behind the router) as I have previously been doing with success.
I am able to get OpenVPN running on DD-WRT. I can connect to it from outside the network using an android phone as the client. Previous to running DD-WRT, I was able to successfully use the android phone to connect to OpenVPN running on the Win7 machine, so I know the system works.
Info about OpenVPN setup (logs and such to follow):
OpenVPN network: 10.8.0.0
LAN on the router: 192.168.40.0
Win7 machine running on the LAN: 192.168.40.2
When connected to the OpenVPN, the android client can ping 192.168.40.2 and other LAN clients. The only problem is the android client cannot reach the internet. Example: it cannot ping 8.8.8.8.
Following are the server and client setups, server and client logs, firewall mod to the DD-WRT server, results from server iptables, and results from client netstat command. Note on the server config: DD-WRT output lumps it all in one big paragraph. I tried to break it up into what I believe are the correct lines, though I may not have gotten it perfect. All the info is there, though.
Server config:
Code: | dh /tmp/openvpn/dh.pem
ca /tmp/openvpn/ca.crt
cert /tmp/openvpn/cert.pem
key /tmp/openvpn/key.pem
keepalive 10 120
verb 3
mute 3
syslog writepid /var/run/openvpnd.pid
management 127.0.0.1 14
management-log-cache 100
topology subnet script-security 2
port 1194
proto udp
cipher bf-cbc
auth sha1
client-config-dir /tmp/openvpn/ccd
comp-lzo yes
tls-server
ifconfig-pool-persist /tmp/openvpn/ip-pool 86400
client-to-client
push "redirect-gateway def1"
fast-io
tun-mtu 1500
mtu-disc yes
server 10.8.0.0 255.255.255.0
dev tun2 tun-ipv6
tls-auth /tmp/openvpn/ta.key 0
push "route 192.168.40.0 255.255.255.0"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
Clientlog |
Client config:
Code: | # Enables connection to GUI
management /data/data/de.blinkt.openvpn/cache/mgmtsocket unix
management-client
management-query-passwords
management-hold
setenv IV_GUI_VER "de.blinkt.openvpn 0.6.11"
machine-readable-output
client
verb 4
connect-retry-max 5
connect-retry 5
resolv-retry 60
dev tun
remote mynetwork.dnsdynamic.com 1194 udp
<ca>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</ca>
<key>
-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----
</key>
<cert>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</cert>
comp-lzo
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
-----END OpenVPN Static key V1-----
</tls-auth>
key-direction 1
nobind
persist-tun
# persist-tun also enables pre resolving to avoid DNS resolve problem
preresolve
# Use system proxy setting
management-query-proxy
# Custom configuration options
# You are on your on own here :)
# These Options were found in the config file do not map to config settings:
ns-cert-type server
resolv-retry infinite
|
Server firewall commands saved:
Code: |
iptables -I INPUT 1 -p udp --dport 1194 -j ACCEPT
iptables -I FORWARD 1 --source 10.8.0.0/24 -j ACCEPT
iptables -I FORWARD -i br0 -o tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -o br0 -j ACCEPT
|
Server log:
Code: |
20140420 06:57:11 70.210.134.109:3675 TLS: Initial packet from [AF_INET]70.210.134.109:3675 sid=6959f5b2 a16c2402
20140420 06:57:13 70.210.134.109:3675 VERIFY OK: depth=1 C=US ST=ST L=city O=mynetwork CN=name name=name emailAddress=email@gmail.com
20140420 06:57:13 70.210.134.109:3675 VERIFY OK: depth=0 C=US ST=ST L=city O=mynetwork OU=changeme CN=client name=name emailAddress=email@gmail.com
20140420 06:57:13 70.210.134.109:3675 NOTE: --mute triggered...
20140420 06:57:14 70.210.134.109:3675 5 variation(s) on previous 3 message(s) suppressed by --mute
20140420 06:57:14 I 70.210.134.109:3675 [client] Peer Connection Initiated with [AF_INET]70.210.134.109:3675
20140420 06:57:14 I client/70.210.134.109:3675 MULTI_sva: pool returned IPv4=10.8.0.2 IPv6=(Not enabled)
20140420 06:57:14 client/70.210.134.109:3675 MULTI: Learn: 10.8.0.2 -> client/70.210.134.109:3675
20140420 06:57:14 client/70.210.134.109:3675 MULTI: primary virtual IP for client/70.210.134.109:3675: 10.8.0.2
20140420 06:57:16 client/70.210.134.109:3675 PUSH: Received control message: 'PUSH_REQUEST'
20140420 06:57:16 I client/70.210.134.109:3675 send_push_reply(): safe_cap=940
20140420 06:57:16 client/70.210.134.109:3675 SENT CONTROL [client]: 'PUSH_REPLY redirect-gateway def1 route 192.168.40.0 255.255.255.0 dhcp-option DNS 208.67.222.222 dhcp-option DNS 208.67.220.220 route-gateway 10.8.0.1 topology subnet ping 10 ping-restart 120 ifconfig 10.8.0.2 255.255.255.0' (status=1)
20140420 06:58:39 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20140420 06:58:39 D MANAGEMENT: CMD 'state'
20140420 06:58:39 MANAGEMENT: Client disconnected
20140420 06:58:39 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20140420 06:58:39 D MANAGEMENT: CMD 'state'
20140420 06:58:39 MANAGEMENT: Client disconnected
20140420 06:58:39 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20140420 06:58:39 D MANAGEMENT: CMD 'state'
20140420 06:58:39 MANAGEMENT: Client disconnected
20140420 06:58:39 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20140420 06:58:39 D MANAGEMENT: CMD 'status 2'
20140420 06:58:39 MANAGEMENT: Client disconnected
20140420 06:58:39 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20140420 06:58:39 D MANAGEMENT: CMD 'log 500'
|
Client log:
Code: |
2014-04-20 06:57:11 Running on XT894 (maserati) verizon, Android API 18, version 0.6.11, official build
2014-04-20 06:57:22 Building configuration…
2014-04-20 06:57:24 started Socket Thread
2014-04-20 06:57:24 P:Initializing Google Breakpad!
2014-04-20 06:57:24 Current Parameter Settings:
2014-04-20 06:57:24 config = '/data/data/de.blinkt.openvpn/cache/android.conf'
2014-04-20 06:57:24 mode = 0
2014-04-20 06:57:24 show_ciphers = DISABLED
2014-04-20 06:57:24 show_digests = DISABLED
2014-04-20 06:57:24 show_engines = DISABLED
2014-04-20 06:57:24 genkey = DISABLED
2014-04-20 06:57:24 key_pass_file = '[UNDEF]'
2014-04-20 06:57:24 show_tls_ciphers = DISABLED
2014-04-20 06:57:24 connect_retry_max = 5
2014-04-20 06:57:24 Connection profiles [0]:
2014-04-20 06:57:24 proto = udp
2014-04-20 06:57:24 local = '[UNDEF]'
2014-04-20 06:57:24 local_port = '[UNDEF]'
2014-04-20 06:57:24 remote = 'mynetwork.dnsdynamic.com'
2014-04-20 06:57:24 remote_port = '1194'
2014-04-20 06:57:24 remote_float = DISABLED
2014-04-20 06:57:24 bind_defined = DISABLED
2014-04-20 06:57:24 bind_local = DISABLED
2014-04-20 06:57:24 bind_ipv6_only = DISABLED
2014-04-20 06:57:24 connect_retry_seconds = 5
2014-04-20 06:57:24 connect_timeout = 10
2014-04-20 06:57:24 socks_proxy_server = '[UNDEF]'
2014-04-20 06:57:24 socks_proxy_port = '[UNDEF]'
2014-04-20 06:57:24 socks_proxy_retry = DISABLED
2014-04-20 06:57:24 tun_mtu = 1500
2014-04-20 06:57:24 tun_mtu_defined = ENABLED
2014-04-20 06:57:24 link_mtu = 1500
2014-04-20 06:57:24 link_mtu_defined = DISABLED
2014-04-20 06:57:24 tun_mtu_extra = 0
2014-04-20 06:57:24 tun_mtu_extra_defined = DISABLED
2014-04-20 06:57:24 mtu_discover_type = -1
2014-04-20 06:57:24 fragment = 0
2014-04-20 06:57:24 mssfix = 1450
2014-04-20 06:57:24 explicit_exit_notification = 0
2014-04-20 06:57:24 Connection profiles END
2014-04-20 06:57:24 remote_random = DISABLED
2014-04-20 06:57:24 ipchange = '[UNDEF]'
2014-04-20 06:57:24 dev = 'tun'
2014-04-20 06:57:24 dev_type = '[UNDEF]'
2014-04-20 06:57:24 dev_node = '[UNDEF]'
2014-04-20 06:57:24 lladdr = '[UNDEF]'
2014-04-20 06:57:24 topology = 1
2014-04-20 06:57:24 tun_ipv6 = DISABLED
2014-04-20 06:57:24 ifconfig_local = '[UNDEF]'
2014-04-20 06:57:24 ifconfig_remote_netmask = '[UNDEF]'
2014-04-20 06:57:24 ifconfig_noexec = DISABLED
2014-04-20 06:57:24 ifconfig_nowarn = DISABLED
2014-04-20 06:57:24 ifconfig_ipv6_local = '[UNDEF]'
2014-04-20 06:57:24 ifconfig_ipv6_netbits = 0
2014-04-20 06:57:24 ifconfig_ipv6_remote = '[UNDEF]'
2014-04-20 06:57:24 shaper = 0
2014-04-20 06:57:24 mtu_test = 0
2014-04-20 06:57:24 mlock = DISABLED
2014-04-20 06:57:24 keepalive_ping = 0
2014-04-20 06:57:24 keepalive_timeout = 0
2014-04-20 06:57:24 inactivity_timeout = 0
2014-04-20 06:57:24 ping_send_timeout = 0
2014-04-20 06:57:24 ping_rec_timeout = 0
2014-04-20 06:57:24 ping_rec_timeout_action = 0
2014-04-20 06:57:24 ping_timer_remote = DISABLED
2014-04-20 06:57:24 remap_sigusr1 = 0
2014-04-20 06:57:24 persist_tun = ENABLED
2014-04-20 06:57:24 persist_local_ip = DISABLED
2014-04-20 06:57:24 persist_remote_ip = DISABLED
2014-04-20 06:57:24 persist_key = DISABLED
2014-04-20 06:57:24 passtos = DISABLED
2014-04-20 06:57:24 resolve_retry_seconds = 1000000000
2014-04-20 06:57:24 resolve_in_advance = ENABLED
2014-04-20 06:57:24 username = '[UNDEF]'
2014-04-20 06:57:24 groupname = '[UNDEF]'
2014-04-20 06:57:24 chroot_dir = '[UNDEF]'
2014-04-20 06:57:24 cd_dir = '[UNDEF]'
2014-04-20 06:57:24 up_restart = DISABLED
2014-04-20 06:57:24 up_delay = DISABLED
2014-04-20 06:57:24 daemon = DISABLED
2014-04-20 06:57:24 inetd = 0
2014-04-20 06:57:24 log = DISABLED
2014-04-20 06:57:24 suppress_timestamps = DISABLED
2014-04-20 06:57:24 machine_readable_output = ENABLED
2014-04-20 06:57:24 nice = 0
2014-04-20 06:57:24 verbosity = 4
2014-04-20 06:57:24 mute = 0
2014-04-20 06:57:24 gremlin = 0
2014-04-20 06:57:24 status_file = '[UNDEF]'
2014-04-20 06:57:24 status_file_version = 1
2014-04-20 06:57:24 status_file_update_freq = 60
2014-04-20 06:57:24 occ = ENABLED
2014-04-20 06:57:24 rcvbuf = 65536
2014-04-20 06:57:24 sndbuf = 65536
2014-04-20 06:57:24 sockflags = 0
2014-04-20 06:57:24 fast_io = DISABLED
2014-04-20 06:57:24 comp.alg = 2
2014-04-20 06:57:24 comp.flags = 1
2014-04-20 06:57:24 route_script = '[UNDEF]'
2014-04-20 06:57:24 route_default_gateway = '[UNDEF]'
2014-04-20 06:57:24 route_default_metric = 0
2014-04-20 06:57:24 route_noexec = DISABLED
2014-04-20 06:57:24 route_delay = 0
2014-04-20 06:57:24 route_delay_window = 30
2014-04-20 06:57:24 route_delay_defined = DISABLED
2014-04-20 06:57:24 route_nopull = DISABLED
2014-04-20 06:57:24 route_gateway_via_dhcp = DISABLED
2014-04-20 06:57:24 allow_pull_fqdn = DISABLED
2014-04-20 06:57:24 management_addr = '/data/data/de.blinkt.openvpn/cache/mgmtsocket'
2014-04-20 06:57:24 management_port = 'unix'
2014-04-20 06:57:24 management_user_pass = '[UNDEF]'
2014-04-20 06:57:24 management_log_history_cache = 250
2014-04-20 06:57:24 management_echo_buffer_size = 100
2014-04-20 06:57:24 management_write_peer_info_file = '[UNDEF]'
2014-04-20 06:57:24 management_client_user = '[UNDEF]'
2014-04-20 06:57:24 management_client_group = '[UNDEF]'
2014-04-20 06:57:24 management_flags = 4390
2014-04-20 06:57:24 shared_secret_file = '[UNDEF]'
2014-04-20 06:57:24 key_direction = 2
2014-04-20 06:57:24 ciphername_defined = ENABLED
2014-04-20 06:57:24 ciphername = 'BF-CBC'
2014-04-20 06:57:24 authname_defined = ENABLED
2014-04-20 06:57:24 authname = 'SHA1'
2014-04-20 06:57:24 prng_hash = 'SHA1'
2014-04-20 06:57:24 prng_nonce_secret_len = 16
2014-04-20 06:57:24 keysize = 0
2014-04-20 06:57:24 engine = DISABLED
2014-04-20 06:57:24 replay = ENABLED
2014-04-20 06:57:24 mute_replay_warnings = DISABLED
2014-04-20 06:57:24 replay_window = 64
2014-04-20 06:57:24 replay_time = 15
2014-04-20 06:57:24 packet_id_file = '[UNDEF]'
2014-04-20 06:57:25 use_iv = ENABLED
2014-04-20 06:57:25 test_crypto = DISABLED
2014-04-20 06:57:25 tls_server = DISABLED
2014-04-20 06:57:25 tls_client = ENABLED
2014-04-20 06:57:25 key_method = 2
2014-04-20 06:57:25 ca_file = '[[INLINE]]'
2014-04-20 06:57:25 ca_path = '[UNDEF]'
2014-04-20 06:57:25 dh_file = '[UNDEF]'
2014-04-20 06:57:25 cert_file = '[[INLINE]]'
2014-04-20 06:57:25 priv_key_file = '[[INLINE]]'
2014-04-20 06:57:25 pkcs12_file = '[UNDEF]'
2014-04-20 06:57:25 cipher_list = '[UNDEF]'
2014-04-20 06:57:25 tls_verify = '[UNDEF]'
2014-04-20 06:57:25 tls_export_cert = '[UNDEF]'
2014-04-20 06:57:25 verify_x509_type = 0
2014-04-20 06:57:25 verify_x509_name = '[UNDEF]'
2014-04-20 06:57:25 crl_file = '[UNDEF]'
2014-04-20 06:57:25 ns_cert_type = 1
2014-04-20 06:57:25 remote_cert_ku[i] = 0
2014-04-20 06:57:25 remote_cert_ku[i] = 0
2014-04-20 06:57:25 remote_cert_ku[i] = 0
2014-04-20 06:57:25 remote_cert_ku[i] = 0
2014-04-20 06:57:25 remote_cert_ku[i] = 0
2014-04-20 06:57:25 remote_cert_ku[i] = 0
2014-04-20 06:57:25 remote_cert_ku[i] = 0
2014-04-20 06:57:25 remote_cert_ku[i] = 0
2014-04-20 06:57:25 remote_cert_ku[i] = 0
2014-04-20 06:57:25 remote_cert_ku[i] = 0
2014-04-20 06:57:25 remote_cert_ku[i] = 0
2014-04-20 06:57:25 remote_cert_ku[i] = 0
2014-04-20 06:57:25 remote_cert_ku[i] = 0
2014-04-20 06:57:25 remote_cert_ku[i] = 0
2014-04-20 06:57:25 remote_cert_ku[i] = 0
2014-04-20 06:57:25 remote_cert_ku[i] = 0
2014-04-20 06:57:25 remote_cert_eku = '[UNDEF]'
2014-04-20 06:57:25 ssl_flags = 0
2014-04-20 06:57:25 tls_timeout = 2
2014-04-20 06:57:25 renegotiate_bytes = 0
2014-04-20 06:57:25 renegotiate_packets = 0
2014-04-20 06:57:25 renegotiate_seconds = 3600
2014-04-20 06:57:25 handshake_window = 60
2014-04-20 06:57:25 transition_window = 3600
2014-04-20 06:57:25 single_session = DISABLED
2014-04-20 06:57:25 push_peer_info = DISABLED
2014-04-20 06:57:25 tls_exit = DISABLED
2014-04-20 06:57:25 tls_auth_file = '[[INLINE]]'
2014-04-20 06:57:25 client = ENABLED
2014-04-20 06:57:25 pull = ENABLED
2014-04-20 06:57:25 auth_user_pass_file = '[UNDEF]'
2014-04-20 06:57:25 OpenVPN 2.4-icsopenvpn [git:icsopenvpn_70-078981e61dfdf105] android-14-armeabi-v7a [SSL (OpenSSL)] [LZO] [SNAPPY] [LZ4] [EPOLL] [MH] [IPv6] built on Mar 12 2014
2014-04-20 06:57:25 MANAGEMENT: Connected to management server at /data/data/de.blinkt.openvpn/cache/mgmtsocket
2014-04-20 06:57:25 MANAGEMENT: CMD 'hold release'
2014-04-20 06:57:26 MANAGEMENT: CMD 'bytecount 2'
2014-04-20 06:57:26 MANAGEMENT: CMD 'state on'
2014-04-20 06:57:26 Network Status: CONNECTED CDMA - eHRPD to mobile VZWINTERNET
2014-04-20 06:57:26 MANAGEMENT: CMD 'proxy NONE'
2014-04-20 06:57:27 MANAGEMENT: CMD 'password [...]'
2014-04-20 06:57:27 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2014-04-20 06:57:27 Control Channel Authentication: tls-auth using INLINE static key file
2014-04-20 06:57:27 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2014-04-20 06:57:27 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2014-04-20 06:57:27 LZO compression initializing
2014-04-20 06:57:27 Control Channel MTU parms [ L:1542 D:166 EF:66 EB:0 ET:0 EL:0 ]
2014-04-20 06:57:27 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:393 ET:0 EL:0 ]
2014-04-20 06:57:27 Local Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client'
2014-04-20 06:57:27 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server'
2014-04-20 06:57:27 Local Options hash (VER=V4): '504e774e'
2014-04-20 06:57:27 Expected Remote Options hash (VER=V4): '14168603'
2014-04-20 06:57:27 TCP/UDP: Preserving recently used remote address: [AF_INET]76.121.147.160:1194
2014-04-20 06:57:27 Socket Buffers: R=[112640->131072] S=[112640->131072]
2014-04-20 06:57:27 Protecting socket fd 4
2014-04-20 06:57:27 MANAGEMENT: CMD 'needok 'PROTECTFD' ok'
2014-04-20 06:57:27 UDP link local: (not bound)
2014-04-20 06:57:27 UDP link remote: [AF_INET]76.121.147.160:1194
2014-04-20 06:57:27 MANAGEMENT: >STATE:1398002247,WAIT,,,
2014-04-20 06:57:27 MANAGEMENT: >STATE:1398002247,AUTH,,,
2014-04-20 06:57:27 TLS: Initial packet from [AF_INET]76.121.147.160:1194, sid=a5a1680d 31e1b270
2014-04-20 06:57:27 PID_ERR replay-window backtrack occurred [1] [TLS_AUTH-0] [0_0000] 1397977031:6 1397977031:5 t=1398002247[0] r=[0,64,15,1,1] sl=[58,6,64,272]
2014-04-20 06:57:28 VERIFY OK: depth=1, C=US, ST=ST, L=city, O=mynetwork, CN=name, name=name, emailAddress=email@gmail.com
2014-04-20 06:57:28 VERIFY OK: nsCertType=SERVER
2014-04-20 06:57:28 VERIFY OK: depth=0, C=US, ST=ST, L=city, O=name, OU=changeme, CN=server, name=name, emailAddress=email@gmail.com
2014-04-20 06:57:29 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
2014-04-20 06:57:29 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
2014-04-20 06:57:29 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
2014-04-20 06:57:29 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
2014-04-20 06:57:29 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
2014-04-20 06:57:29 [server] Peer Connection Initiated with [AF_INET]76.121.147.160:1194
2014-04-20 06:57:30 MANAGEMENT: >STATE:1398002250,GET_CONFIG,,,
2014-04-20 06:57:31 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
2014-04-20 06:57:32 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,route 192.168.40.0 255.255.255.0,dhcp-option DNS 208.67.222.222,dhcp-option DNS 208.67.220.220,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.8.0.2 255.255.255.0'
2014-04-20 06:57:32 OPTIONS IMPORT: timers and/or timeouts modified
2014-04-20 06:57:32 OPTIONS IMPORT: --ifconfig/up options modified
2014-04-20 06:57:32 OPTIONS IMPORT: route options modified
2014-04-20 06:57:32 OPTIONS IMPORT: route-related options modified
2014-04-20 06:57:32 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2014-04-20 06:57:32 ROUTE_GATEWAY 10.173.117.69
2014-04-20 06:57:32 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
2014-04-20 06:57:32 MANAGEMENT: >STATE:1398002252,ASSIGN_IP,,10.8.0.2,
2014-04-20 06:57:32 MANAGEMENT: CMD 'needok 'IFCONFIG' ok'
2014-04-20 06:57:32 MANAGEMENT: CMD 'needok 'ROUTE' ok'
2014-04-20 06:57:32 MANAGEMENT: CMD 'needok 'ROUTE' ok'
2014-04-20 06:57:32 MANAGEMENT: >STATE:1398002252,ADD_ROUTES,,,
2014-04-20 06:57:32 MANAGEMENT: CMD 'needok 'ROUTE' ok'
2014-04-20 06:57:32 MANAGEMENT: CMD 'needok 'DNSSERVER' ok'
2014-04-20 06:57:32 MANAGEMENT: CMD 'needok 'DNSSERVER' ok'
2014-04-20 06:57:32 MANAGEMENT: CMD 'needok 'PERSIST_TUN_ACTION' OPEN_BEFORE_CLOSE'
2014-04-20 06:57:32 Opening tun interface:
2014-04-20 06:57:32 Local IPv4: 10.8.0.2/24 IPv6: null MTU: 1500
2014-04-20 06:57:32 DNS Server: 208.67.222.222, 208.67.220.220, Domain: null
2014-04-20 06:57:32 Routes: 0.0.0.0/1, 128.0.0.0/1, 192.168.40.0/24
2014-04-20 06:57:32 Routes excluded:
2014-04-20 06:57:32 VpnService routes installed: 0.0.0.0/1, 128.0.0.0/1, 192.168.40.0/24
2014-04-20 06:57:32 MANAGEMENT: CMD 'needok 'OPENTUN' ok'
2014-04-20 06:57:32 Initialization Sequence Completed
2014-04-20 06:57:32 MANAGEMENT: >STATE:1398002252,CONNECTED,SUCCESS,10.8.0.2,76.121.147.160
|
Server iptables: (command issued was "iptables -L -t -nat"
Code: |
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT icmp -- anywhere c-76-121-147-160.hsd1.wa.comcast.net to:192.168.40.1
TRIGGER 0 -- anywhere c-76-121-147-160.hsd1.wa.comcast.net TRIGGER type:dnat match:0 relate:0
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
SNAT 0 -- 192.168.40.0/24 anywhere to:76.121.147.160
MASQUERADE 0 -- anywhere anywhere mark match 0x80000000/0x80000000
|
Result of client command "netstat -nr":
Code: |
u0_a16@cdma_maserati:/ $ netstat -nr
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 192.168.157.1:45827 192.168.157.2:3265 ESTABLISHED
tcp 0 0 192.168.157.1:45813 192.168.157.2:3265 ESTABLISHED
tcp 0 0 192.168.157.1:45821 192.168.157.2:3265 ESTABLISHED
tcp 0 0 192.168.157.1:45826 192.168.157.2:3265 ESTABLISHED
tcp 0 0 192.168.157.1:45822 192.168.157.2:3265 ESTABLISHED
tcp 0 0 192.168.157.1:45816 192.168.157.2:3265 ESTABLISHED
tcp 0 0 192.168.157.1:45812 192.168.157.2:3265 ESTABLISHED
tcp 0 0 192.168.157.1:45818 192.168.157.2:3265 ESTABLISHED
tcp 0 0 192.168.157.1:45820 192.168.157.2:3265 ESTABLISHED
tcp 0 0 192.168.157.1:45817 192.168.157.2:3265 ESTABLISHED
tcp 0 0 192.168.157.1:45814 192.168.157.2:3265 ESTABLISHED
tcp 0 0 192.168.157.1:45819 192.168.157.2:3265 ESTABLISHED
tcp 0 0 192.168.157.1:45815 192.168.157.2:3265 ESTABLISHED
udp 0 0 0.0.0.0:56195 0.0.0.0:* CLOSE
tcp6 0 0 ::ffff:10.173.117.70:51740 ::ffff:66.147.244.79:993 ESTABLISHED
tcp6 0 0 2600:100f:b127:83a3::103:40400 2607:f8b0:400e:c04::bc:5228 ESTABLISHED
tcp6 0 0 ::ffff:10.173.117.70:51743 ::ffff:66.147.244.79:993 ESTABLISHED
tcp6 0 0 ::ffff:10.173.117.70:51739 ::ffff:66.147.244.79:993 ESTABLISHED
tcp6 0 0 ::ffff:10.173.117.70:51742 ::ffff:66.147.244.79:993 ESTABLISHED
tcp6 0 0 ::ffff:10.173.117.70:51745 ::ffff:66.147.244.79:993 ESTABLISHED
tcp6 0 0 ::ffff:10.173.117.70:51744 ::ffff:66.147.244.79:993 ESTABLISHED
|
|
|