Jump to content
Not connected, Your IP: 3.80.131.164
Sign in to follow this  
barry.white54

No AirVPN gateway if no gateway on LAN?

Recommended Posts

Hi Folks,

I have recently joined up and I want to ensure that my PC can only communicate with the Internet through the AirVPN. I am using the OpenVPN configs and have configured it to auto connect when I boot up the machine.

I tried the Comodo setups, but I couldn't get it to do what I want. As an alternative to Comodo, I have done the following:

1) Set up my LAN adapter with a static IP and mask only. No Default Gateway and no DNS. This effectively prevents my PC from communicating through my router to the Internet.

2) Added static routes to the entry points I want via the command line:

route - p add 31.193.12.98 MASK 255.255.255.255 192.168.0.254

route - p add 31.193.12.74 MASK 255.255.255.255 192.168.0.254

This gives my PC the ability to route and connect to Cassiopeia and Bootis.

This way, I will only get DNS server settings and routes out when the VPN is connected.

THE PROBLEM:

The problem is that when I connect to the VPN, it doesn't give me a route for 0.0.0.0 so it doesn't route through the VPN. I have resolved this temporarily by adding a static route:

route -p add 0.0.0.0 MASK 0.0.0.0 10.6.0.229

The strange thing is that if I configure my default gateway on my LAN connection before I connect the VPN, it DOES give me a new 0.0.0.0 route.

It would be great if the VPN could give me a new default route (0.0.0.0) even even I have no default gateway configured on my LAN adapter.

I hope this makes sense and thanks in advance.

Share this post


Link to post

Hi barry.white54

I have a similar setup to yours, for the same reason. In my case, blank gateway and dns entries were refused by the OS. I set the gateway to the same address as the static IP of my LAN adaptor and set the dns to 10.4.0.1 (airvpn dns). This worked fine on WinXP, but on Win2k3 I had to add the lines

route-method exe

route-delay 10 30

to the end of the .ovpn files. The need for a delay has also been reported on Vista. The OpenVPN log file may give you an idea if this is the problem.

Admin states that blocking methods other than using Comodo are deprecated; I would be glad to read admin's opinion on why ours is not a good solution.

Share this post


Link to post

Thanks athelstan,

I tried setting my DG to my local IP and the DNS as you've suggested, but it still doesn't give me a default route when I connect. I've stuck my static persistent route back in for Cassiopeia and it is working fine. I also tried the extra lines, but that didn't seem to help either. I'm using Windows XP by the way.

Thanks anyway and yes, I don't see why our way shouldn't be an accepted way of doing it. It would just need to have this default route issue sorted to make it easier.

Share this post


Link to post

Hi barry.white54

You wrote that you have configured OpenVPN to auto connect at boot up. Are you running OpenVPN as a Windows service?

If you would like to post your OpenVPN connection log, it may throw some light on the problem (and encourage some input from admin).

Share this post


Link to post

Hi,

Sorry for the delay in replying. No, I run OpenVPN using the GUI from the Startup group in Windows. The shortcut points to:

"C:\Program Files\OpenVPN\bin\openvpn-gui-1.0.3.exe" --connect "AirVPN GB Cassiopeia - UDP 80.ovpn"

I wasn't aware that it could be run as a service?

I couldn't get connected to the UK ones today so I connected to Virginis and I had to manually add the 0.0.0.0 route for it to work too. Log output as follows:

Fri Jan 25 10:32:19 2013 OpenVPN 2.2.2 Win32-MSVC++ [sSL] [LZO2] [PKCS11] built on Dec 15 2011

Fri Jan 25 10:32:19 2013 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables

Fri Jan 25 10:32:19 2013 LZO compression initialized

Fri Jan 25 10:32:19 2013 Control Channel MTU parms [ L:1558 D:138 EF:38 EB:0 ET:0 EL:0 ]

Fri Jan 25 10:32:19 2013 Socket Buffers: R=[8192->8192] S=[8192->8192]

Fri Jan 25 10:32:19 2013 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ]

Fri Jan 25 10:32:19 2013 Local Options hash (VER=V4): '22188c5b'

Fri Jan 25 10:32:19 2013 Expected Remote Options hash (VER=V4): 'a8f55717'

Fri Jan 25 10:32:19 2013 UDPv4 link local: [undef]

Fri Jan 25 10:32:19 2013 UDPv4 link remote: 46.19.137.114:80

Fri Jan 25 10:32:19 2013 TLS: Initial packet from 46.19.137.114:80, sid=1d4e1bdc b1132755

Fri Jan 25 10:32:20 2013 VERIFY OK: depth=1, /C=IT/ST=IT/L=Perugia/O=airvpn.org/CN=airvpn.org_CA/emailAddress=info@airvpn.org

Fri Jan 25 10:32:20 2013 VERIFY OK: nsCertType=SERVER

Fri Jan 25 10:32:20 2013 VERIFY OK: depth=0, /C=IT/ST=IT/L=Perugia/O=airvpn.org/CN=server/emailAddress=info@airvpn.org

Fri Jan 25 10:32:21 2013 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key

Fri Jan 25 10:32:21 2013 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

Fri Jan 25 10:32:21 2013 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key

Fri Jan 25 10:32:21 2013 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

Fri Jan 25 10:32:21 2013 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA

Fri Jan 25 10:32:21 2013 [server] Peer Connection Initiated with 46.19.137.114:80

Fri Jan 25 10:32:24 2013 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)

Fri Jan 25 10:32:24 2013 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 10.6.0.1,comp-lzo no,route 10.6.0.1,topology net30,ping 10,ping-restart 60,ifconfig 10.6.0.122 10.6.0.121'

Fri Jan 25 10:32:24 2013 OPTIONS IMPORT: timers and/or timeouts modified

Fri Jan 25 10:32:24 2013 OPTIONS IMPORT: LZO parms modified

Fri Jan 25 10:32:24 2013 OPTIONS IMPORT: --ifconfig/up options modified

Fri Jan 25 10:32:24 2013 OPTIONS IMPORT: route options modified

Fri Jan 25 10:32:24 2013 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified

Fri Jan 25 10:32:24 2013 ROUTE: default_gateway=UNDEF

Fri Jan 25 10:32:24 2013 TAP-WIN32 device [Local Area Connection 2] opened: \\.\Global\{3F1A5312-9234-43D7-8521-C5F1EBA0BF92}.tap

Fri Jan 25 10:32:24 2013 TAP-Win32 Driver Version 9.9

Fri Jan 25 10:32:24 2013 TAP-Win32 MTU=1500

Fri Jan 25 10:32:24 2013 Notified TAP-Win32 driver to set a DHCP IP/netmask of 10.6.0.122/255.255.255.252 on interface {3F1A5312-9234-43D7-8521-C5F1EBA0BF92} [DHCP-serv: 10.6.0.121, lease-time: 31536000]

Fri Jan 25 10:32:24 2013 Successful ARP Flush on interface [3] {3F1A5312-9234-43D7-8521-C5F1EBA0BF92}

Fri Jan 25 10:32:29 2013 TEST ROUTES: 2/2 succeeded len=1 ret=1 a=0 u/d=up

Fri Jan 25 10:32:29 2013 NOTE: unable to redirect default gateway -- Cannot read current default gateway from system

Fri Jan 25 10:32:29 2013 C:\WINDOWS\system32\route.exe ADD 10.6.0.1 MASK 255.255.255.255 10.6.0.121

Fri Jan 25 10:32:29 2013 Route addition via IPAPI succeeded [adaptive]

Fri Jan 25 10:32:29 2013 Initialization Sequence Completed

Fri Jan 25 10:38:22 2013 Replay-window backtrack occurred [1]

Fri Jan 25 10:38:22 2013 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #285 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings

Fri Jan 25 10:38:22 2013 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #286 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings

Share this post


Link to post

Hi barry.white54

The relevant lines from your log appear to be

ROUTE: default_gateway=UNDEF

and

NOTE: unable to redirect default gateway -- Cannot read current default gateway from system

OpenVPN expects to find an existing default gateway; if it doesn't, it fails to set a new one, or to create some routes. You can set the default gateway to the same IP address as the computer or to a non-existent local address. Please post another log if you still have problems.

Running OpenVPN as a Windows service

http://openvpn.net/index.php/open-source/documentation/install.html?start=1

has two advantages. It connects to the VPN sooner - at startup rather than at logon, and also allows a limited user to start and stop the VPN connection

http://openvpn.se/files/howto/openvpn-howto_run_openvpn_as_nonadmin.html

However, it can make switching between different AirVPN servers more complicated.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image
Sign in to follow this  

×
×
  • Create New...