The RPI gets gets an IP address (road warrior) and connects to the vpn server, but cannot get pinged from the vpn server.
The same config works with regular Windows/Mac clients.
IP config of the RPI
Code: Select all
eth0 Link encap:Ethernet HWaddr B8:27:EB:6F:C0:A4
inet addr:192.168.188.33 Bcast:192.168.188.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:882 errors:0 dropped:0 overruns:0 frame:0
TX packets:841 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:230421 (225.0 KiB) TX bytes:100397 (98.0 KiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.65.58.22 P-t-P:10.65.58.21 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1400 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
Code: Select all
Send broadcast WTCU discover.
[ initrd] [ 13.372328] Run OpenVPN with user config configs/openvpn.cfg.
[ initrd] [ 13.376828] Unpack /bootmedia/packages/pi2-dbus.
[ initrd] [ 13.651154] +--- Executing "/usr/bin/dbus-daemon --system"
[ initrd] [ 13.694850] +- Errorlevel: 0, output:
File is empty.
[ initrd] [ 13.695525] +------------------------
[ initrd] [ 13.695612] Unpack /bootmedia/packages/pi2-xnet.
[ initrd] [ 14.822597] +--- Executing "/sbin/modprobe tun"
[ KERNEL] [ 14.830361] tun: Universal TUN/TAP device driver, 1.6
[ KERNEL] [ 14.830369] tun: (C) 1999-2004 Max Krasnyansky <maxk@qualcomm.com>
[ initrd] [ 14.830714] +- Errorlevel: 0, output:
File is empty.
[ initrd] [ 14.831333] +------------------------
[ initrd] [ 14.831456] +--- Executing "/usr/sbin/openvpn /etc/client.conf"
[SYSLOG] <29>Sep 30 00:00:11 openvpn[653]: OpenVPN 2.4.0 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jun 22 2017
[SYSLOG] <29>Sep 30 00:00:11 openvpn[653]: library versions: OpenSSL 1.0.2g 1 Mar 2016, LZO 2.08
[ initrd] [ 14.858972] +- Errorlevel: 0, output:
File is empty.
[ initrd] [ 14.859426] +------------------------
[SYSLOG] <28>Sep 30 00:00:11 openvpn[654]: WARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 1400)
[SYSLOG] <29>Sep 30 00:00:11 openvpn[654]: TCP/UDP: Preserving recently used remote address: [AF_INET]*******:1194
[SYSLOG] <29>Sep 30 00:00:11 openvpn[654]: UDP link local: (not bound)
[SYSLOG] <29>Sep 30 00:00:11 openvpn[654]: UDP link remote: [AF_INET]*******:1194
[SYSLOG] <28>Sep 30 00:00:12 openvpn[654]: WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1442', remote='link-mtu 1469'
[SYSLOG] <28>Sep 30 00:00:12 openvpn[654]: WARNING: 'comp-lzo' is present in local config but missing in remote config, local='comp-lzo'
[SYSLOG] <28>Sep 30 00:00:12 openvpn[654]: WARNING: 'cipher' is used inconsistently, local='cipher BF-CBC', remote='cipher AES-256-CBC'
[SYSLOG] <28>Sep 30 00:00:12 openvpn[654]: WARNING: 'auth' is used inconsistently, local='auth SHA1', remote='auth SHA256'
[SYSLOG] <28>Sep 30 00:00:12 openvpn[654]: WARNING: 'keysize' is used inconsistently, local='keysize 128', remote='keysize 256'
[SYSLOG] <29>Sep 30 00:00:12 openvpn[654]: [*******] Peer Connection Initiated with [AF_INET]*******:1194
[SYSLOG] <28>Sep 30 00:00:13 openvpn[654]: WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
[SYSLOG] <28>Sep 30 00:00:13 openvpn[654]: WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
[SYSLOG] <28>Sep 30 00:00:13 openvpn[654]: WARNING: cipher with small block size in use, reducing reneg-bytes to 64MB to mitigate SWEET32 attacks.
[SYSLOG] <29>Sep 30 00:00:13 openvpn[654]: TUN/TAP device tun0 opened
[SYSLOG] <29>Sep 30 00:00:13 openvpn[654]: do_ifconfig, tt->did_ifconfig_ipv6_setup=0
[SYSLOG] <29>Sep 30 00:00:13 openvpn[654]: /sbin/ip link set dev tun0 up mtu 1400
[SYSLOG] <29>Sep 30 00:00:13 openvpn[654]: /sbin/ip addr add dev tun0 local 10.65.58.22 peer 10.65.58.21
[SYSLOG] <29>Sep 30 00:00:13 openvpn[654]: Initialization Sequence Completed
Code: Select all
tls-client
client
nobind
dev tun
proto udp
tun-mtu 1400
ns-cert-type server
comp-lzo
daemon
remote ******* 1194
<ca>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
-----END PRIVATE KEY-----
</key>