Can connect to servers, but IP doesn't change / VPN not used

[QuailRider43 0]

At home, AirVPN works fine, and once connected all network traffic runs through VPN.  However, different situation at work (corporate network I have no control over).  Using XP pc, OpenVPN and AirVPN client install just fine, connect to servers just fine, TAP interface shows up in ipconfig... BUT... after connecting to VPN, the VPN connection is simply not used by my client pc.  All network traffic runs normally ie. bypassing the VPN tunnel, and my outbound IP doesn't change.  Is there any way that I can tell my client pc to use the established VPN tunnel?  I don't understand why it's not automatic at work, but automatic and transparent use of VPN at home.  Thank you.

[Staff 9782]

Hello!

 

Do you have administrator access to your computer at work? OpenVPN needs to modify the routing table and in order to do that high privileges are required. Can you please post the (alleged) connection logs?

 

Kind regards

[QuailRider43 0]

Thank you for the prompt reply.  I have admin rights to the machine, but there may be some Group Policy settings in play.  It's XP, so I don't seem to have the "run as administrator" checkbox on the *.exe properties dialog box.  Here is the AirVPN log (with true IP changed to XX):

 

 

2013/09/03 - 1:50 PM    AirVPN client version: 1.8    
2013/09/03 - 1:50 PM    Reading options from C:\Documents and Settings\xxxxxx\Application Data\AirVPN\Air\1.0.0.0\AirVPN.xml    
2013/09/03 - 1:50 PM    OpenVPN bundle version: OpenVPN 2.3.0    
2013/09/03 - 1:50 PM    OpenVPN current version: OpenVPN 2.3.2    
2013/09/03 - 1:50 PM    Ready.    
2013/09/03 - 1:50 PM    Login...    
2013/09/03 - 1:50 PM    Login success.    
2013/09/03 - 1:50 PM    Contacting service...    
2013/09/03 - 1:50 PM    Connecting...    
2013/09/03 - 1:50 PM    OpenVPN 2.3.2 i686-w64-mingw32 [sSL (OpenSSL)] [LZO] [PKCS11] [eurephia] [iPv6] built on Aug 22 2013    
2013/09/03 - 1:50 PM    Socket Buffers: R=[8192->8192] S=[64512->64512]    
2013/09/03 - 1:50 PM    UDPv4 link local: [undef]    
2013/09/03 - 1:50 PM    UDPv4 link remote: [AF_INET] XX.XX.XX.XX:443    
2013/09/03 - 1:50 PM    TLS: Initial packet from [AF_INET] XX.XX.XX.XX:443, sid=XXXXXXXXX XXXXXXXXX    
2013/09/03 - 1:50 PM    VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org    
2013/09/03 - 1:50 PM    VERIFY OK: nsCertType=SERVER    
2013/09/03 - 1:50 PM    VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=server, emailAddress=info@airvpn.org    
2013/09/03 - 1:50 PM    Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key    
2013/09/03 - 1:50 PM    Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication    
2013/09/03 - 1:50 PM    Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key    
2013/09/03 - 1:50 PM    Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication    
2013/09/03 - 1:50 PM    Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA    
2013/09/03 - 1:50 PM    [server] Peer Connection Initiated with [AF_INET]XX.XX.XX.XX:443    
2013/09/03 - 1:50 PM    SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)    
2013/09/03 - 1:50 PM    PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 10.4.0.1,comp-lzo no,route 10.4.0.1,topology net30,ping 10,ping-restart 60,ifconfig 10.4.66.218 10.4.66.217'    
2013/09/03 - 1:50 PM    OPTIONS IMPORT: timers and/or timeouts modified    
2013/09/03 - 1:50 PM    OPTIONS IMPORT: LZO parms modified    
2013/09/03 - 1:50 PM    OPTIONS IMPORT: --ifconfig/up options modified    
2013/09/03 - 1:50 PM    OPTIONS IMPORT: route options modified    
2013/09/03 - 1:50 PM    OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified    
2013/09/03 - 1:50 PM    do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0    
2013/09/03 - 1:50 PM    open_tun, tt->ipv6=0    
2013/09/03 - 1:50 PM    TAP-WIN32 device [Local Area Connection 2] opened: \\.\Global\{E94F3E16-CCF8-49A1-B515-9730D5184FD9}.tap    
2013/09/03 - 1:50 PM    TAP-Windows Driver Version 9.9     
2013/09/03 - 1:50 PM    Notified TAP-Windows driver to set a DHCP IP/netmask of 10.4.66.218/255.255.255.252 on interface {E94F3E16-CCF8-49A1-B515-9730D5184FD9} [DHCP-serv: 10.4.66.217, lease-time: 31536000]    
2013/09/03 - 1:50 PM    Successful ARP Flush on interface [2] {E94F3E16-CCF8-49A1-B515-9730D5184FD9}    
2013/09/03 - 1:50 PM    TEST ROUTES: 2/2 succeeded len=1 ret=1 a=0 u/d=up    
2013/09/03 - 1:50 PM    C:\WINDOWS\system32\route.exe ADD XX.XX.XX.XX MASK 255.255.255.255 10.xxx.xx.254    
2013/09/03 - 1:50 PM    Route addition via IPAPI succeeded [adaptive]    
2013/09/03 - 1:50 PM    C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.4.66.217    
2013/09/03 - 1:50 PM    Route addition via IPAPI succeeded [adaptive]    
2013/09/03 - 1:50 PM    C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.4.66.217    
2013/09/03 - 1:50 PM    Route addition via IPAPI succeeded [adaptive]    
2013/09/03 - 1:50 PM    C:\WINDOWS\system32\route.exe ADD 10.4.0.1 MASK 255.255.255.255 10.4.66.217    
2013/09/03 - 1:50 PM    Route addition via IPAPI succeeded [adaptive]    
2013/09/03 - 1:50 PM    Initialization Sequence Completed    
2013/09/03 - 1:50 PM    Starting Management Interface...    
2013/09/03 - 1:50 PM    Checking...    
2013/09/03 - 1:51 PM    Retrieve statistics...    
2013/09/03 - 1:51 PM    Connected.    
 

 

 

route print:

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 ff e9 4f 3e 16 ...... TAP-Windows Adapter V9
0x10004 ...xx xx xx xx xx xx ...... Intel® 82567LM-3 Gigabit Network Connection
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    10.xxx.xx.254   10.xxx.xx.172      20
      10.4.66.216  255.255.255.252      10.4.66.218     10.4.66.218      30
      10.4.66.218  255.255.255.255        127.0.0.1       127.0.0.1      30
      10.xxx.xx.0    255.255.255.0    10.xxx.xx.172   10.xxx.xx.172      20
    10.xxx.xx.172  255.255.255.255        127.0.0.1       127.0.0.1      20
   10.255.255.255  255.255.255.255      10.4.66.218     10.4.66.218      30
   10.255.255.255  255.255.255.255    10.xxx.xx.172   10.xxx.xx.172      20
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1      1
  xxx.xxx.xxx.xxx  255.255.255.255    10.xxx.xx.254   10.xxx.xx.172      1
      169.254.0.0      255.255.0.0    10.xxx.xx.172   10.xxx.xx.172      20
        224.0.0.0        240.0.0.0      10.4.66.218     10.4.66.218      30
        224.0.0.0        240.0.0.0    10.xxx.xx.172   10.xxx.xx.172      20
  255.255.255.255  255.255.255.255      10.4.66.218     10.4.66.218      1
  255.255.255.255  255.255.255.255    10.xxx.xx.172   10.xxx.xx.172      1
Default Gateway:     10.xxx.xx.254
===========================================================================
Persistent Routes:
  None
 

[Staff 9782]

Hello!

 

You have wiped out some key private IP addresses in your routing table (why?), but we can anyway speculate that there's an overlapping between VPN and your corporate network IP ranges. Try to connect to different ports, see also here, hopefully you will find a non-overlapping IP range:

 

https://airvpn.org/specs

 

Kind regards

[QuailRider43 0]

I simply didn't want anything that my IT dept might recognize on a public forum.  The private ip addresses that are in normal use by the client pc are, as a modified example, 10.130.x.x, while the VPN tunnel assigns 10.4.x.x.  You said "try to connect to different ports".  Using AirVPN client, I chose to connect with TCP 80 instead of the default UDP 443.  The tunnel ip changes to 10.7.x.x.  There doesn't seem to be any overlap in assigned private IP subnets.  I suspect a routing issue.  This pc seems to be refusing to change its default gateway to the VPN, and I lack the knowledge to change this behavior.  I don't want to permanently break any routing that would require an awkward conversation with IT dept, but I don't know how to convince the PC to talk over the VPN when it becomes established.  Thank you for any help you can offer.

[QuailRider43 0]

Follow-up:  ipconfig shows the default gateway for the VPN network connection is blank, but the physical network adapter connected to the corp network has its gateway assigned to the corp servers.  Not sure if this is normal behavior.

 

Windows IP Configuration


Ethernet adapter Local Area Connection 2:

        Connection-specific DNS Suffix  . :
        IP Address. . . . . . . . . . . . : 10.7.0.114
        Subnet Mask . . . . . . . . . . . : 255.255.255.252
        Default Gateway . . . . . . . . . :

Ethernet adapter Local Area Connection:

        Connection-specific DNS Suffix  . : genericorp.com
        IP Address. . . . . . . . . . . . : 10.135.25.172
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 10.135.25.254
 

[Staff 9782]

Hello!

 

Ok, so there's no subnet conflict. Also, the logs are just fine, however there's apparently something very wrong in the routing table. Are you behind a  proxy?

 

Kind regards

[QuailRider43 0]

I don't need any proxy settings in web browsers for web to work, but there is a network based web content filter in place (which I can bypass using a SSH tunnel to my home router).  However, if the pc was routing properly through VPN, it would bypass this content filter.  Other protocols seem to work fine (SSH, NNTP, etc), so the corporate firewall seems fairly permissive.  The pc just ignores the VPN connection when it comes to sending/receiving traffic.  The VPN connection reports that all is well, just not being used for internet traffic.  I'm perplexed.  I can use VPN at home, so it's not a deal-breaker.  It's just annoying.  Thanks for the help.