VPN connection established but no access

Hello everyone,

I've been trying to set up a VPN between windows server 2016 and mac os x client.

The connection gets established but I can not access the resources.
The internet connection is also gone. What I really wanted to do is split vpn.

This is the configuration on the Server:
#################################################
#################################################
#listen on IPv4
local 10.0.60.51
 
#the default port is 1194
port 1194
 
#UDP protocol chosen for better protection against DoS attacks and port scanning
proto udp
 
#using routed IP tunnel
dev tun
 
# ----------------------------------------------
# Zertifikate
# ----------------------------------------------
 
dh ..//server-keys//dh4096.pem
ca ..//server-keys//ca.crt
cert ..//server-keys//lexp-svr-101.crt
key ..//server-keys//lexp-svr-101.key
 
# ----------------------------------------------
# Server-Setup
# ----------------------------------------------
 
#set OpenVPN subnet
server 10.64.60.0 255.255.255.0
 
#maintain a record of client-to-virtual-IP-address
ifconfig-pool-persist ipp.txt
 
#cryptographic cipher, must be the same (copied) on the client config file as well
#cipher AES-256-CBC
 
client-to-client
 
# ----------------------------------------------
# Client-Settings (inkl Special Dir)Files
# ----------------------------------------------
 
#client-config-dir "C:\Program Files\OpenVPN\ccd"
push "route 10.0.60.0 255.255.255.0"
 
 
# ----------------------------------------------
# Defaults
# ----------------------------------------------
 
#ping every 10 seconds, assume that remote peer is down if no ping received during 60
keepalive 10 120
 
#enable compression on VPN link
 
 
#try to preserve some state across restarts
persist-key
persist-tun
 
# ----------------------------------------------
# Logging
# ----------------------------------------------
 
status ..//log//openvpn-status.log
log ..//log//openvpn.log
log-append ..//log//openvpn.log
verb 3

Open in new window



This is the configuration on the client side:

client

dev tun

proto udp
remote xx.xx.xx.xx 1194

resolv-retry infinite

nobind

persist-key
persist-tun

ca ca.crt
cert Client101.crt
key Client101.key

verb 3

Open in new window



Here is the Log from the server:


Fri Sep 14 13:30:06 2018 OpenVPN 2.4.6 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Apr 26 2018
Fri Sep 14 13:30:06 2018 Windows version 6.2 (Windows 8 or greater) 64bit
Fri Sep 14 13:30:06 2018 library versions: OpenSSL 1.1.0h  27 Mar 2018, LZO 2.10
Fri Sep 14 13:30:06 2018 Diffie-Hellman initialized with 4096 bit key
Fri Sep 14 13:30:06 2018 interactive service msg_channel=0
Fri Sep 14 13:30:06 2018 ROUTE_GATEWAY 10.0.60.1/255.255.255.0 I=7 HWADDR=00:15:5d:00:21:44
Fri Sep 14 13:30:06 2018 open_tun
Fri Sep 14 13:30:06 2018 TAP-WIN32 device [Ethernet 2] opened: \\.\Global\{3E90E92C-804C-41E9-A426-D4B5AF661931}.tap
Fri Sep 14 13:30:06 2018 TAP-Windows Driver Version 9.21
Fri Sep 14 13:30:06 2018 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.64.60.1/255.255.255.252 on interface {3E90E92C-804C-41E9-A426-D4B5AF661931} [DHCP-serv: 10.64.60.2, lease-time: 31536000]
Fri Sep 14 13:30:06 2018 Sleeping for 10 seconds...
Fri Sep 14 13:30:16 2018 Successful ARP Flush on interface [8] {3E90E92C-804C-41E9-A426-D4B5AF661931}
Fri Sep 14 13:30:16 2018 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Fri Sep 14 13:30:16 2018 C:\Windows\system32\route.exe ADD 10.64.60.0 MASK 255.255.255.0 10.64.60.2
Fri Sep 14 13:30:16 2018 Warning: route gateway is not reachable on any active network adapters: 10.64.60.2
Fri Sep 14 13:30:16 2018 Route addition via IPAPI failed [adaptive]
Fri Sep 14 13:30:16 2018 Route addition fallback to route.exe
Fri Sep 14 13:30:16 2018 env_block: add PATH=C:\Windows\System32;C:\Windows;C:\Windows\System32\Wbem
Fri Sep 14 13:30:16 2018 Could not determine IPv4/IPv6 protocol. Using AF_INET
Fri Sep 14 13:30:16 2018 Socket Buffers: R=[65536->65536] S=[65536->65536]
Fri Sep 14 13:30:16 2018 UDPv4 link local (bound): [AF_INET]10.0.60.51:1194
Fri Sep 14 13:30:16 2018 UDPv4 link remote: [AF_UNSPEC]
Fri Sep 14 13:30:16 2018 MULTI: multi_init called, r=256 v=256
Fri Sep 14 13:30:16 2018 IFCONFIG POOL: base=10.64.60.4 size=62, ipv6=0
Fri Sep 14 13:30:16 2018 ifconfig_pool_read(), in='Client101,10.64.60.4', TODO: IPv6
Fri Sep 14 13:30:16 2018 succeeded -> ifconfig_pool_set()
Fri Sep 14 13:30:16 2018 IFCONFIG POOL LIST
Fri Sep 14 13:30:16 2018 Client101,10.64.60.4
Fri Sep 14 13:30:16 2018 Initialization Sequence Completed

Open in new window


Log from the client (netstat -nr)
Internet:
Destination        Gateway            Flags        Refs      Use   Netif Expire
default            192.168.17.1       UGSc          165      113     en0
10.0.60/24         10.64.60.5         UGSc            0        5   utun2
10.64.60/24        10.64.60.5         UGSc            0        0   utun2
10.64.60.5         10.64.60.6         UH              2        0   utun2
127                127.0.0.1          UCS             0        0     lo0
127.0.0.1          127.0.0.1          UH              7     4714     lo0
169.254            link#5             UCS             0        0     en0
192.168.17         link#5             UCS             3        0     en0
192.168.17.1/32    link#5             UCS             1        0     en0
192.168.17.1       90:6c:ac:13:7d:4b  UHLWIir        36      594     en0   1198
192.168.17.9       80:2a:a8:8d:2b:74  UHLWI           0        6     en0    530
192.168.17.157     link#5             UHLWIi          1        2     en0
192.168.17.158/32  link#5             UCS             1        0     en0
192.168.17.158     f4:5c:89:ad:c5:1f  UHLWI           0       48     lo0
192.168.17.168     34:2:86:b4:a:6e    UHLWIi          1      271     en0    514
224.0.0/4          link#5             UmCS            3        0     en0
224.0.0.251        1:0:5e:0:0:fb      UHmLWI          0        0     en0
224.6.7.8          1:0:5e:6:7:8       UHmLWI          0        3     en0
239.255.255.250    1:0:5e:7f:ff:fa    UHmLWI          0       26     en0
255.255.255.255/32 link#5             UCS             0        0     en0

Internet6:
Destination                             Gateway                         Flags         Netif Expire
default                                 fe80::%utun0                    UGcI          utun0
default                                 fe80::%utun1                    UGcI          utun1
::1                                     ::1                             UHL             lo0
fe80::%lo0/64                           fe80::1%lo0                     UcI             lo0
fe80::1%lo0                             link#1                          UHLI            lo0
fe80::%en0/64                           link#5                          UCI             en0
fe80::8f1:755:d380:d52f%en0             f4:5c:89:ad:c5:1f               UHLI            lo0
fe80::%awdl0/64                         link#7                          UCI           awdl0
fe80::70f7:77ff:fef6:878e%awdl0         72:f7:77:f6:87:8e               UHLI            lo0
fe80::%utun0/64                         fe80::9ad6:4cb5:b4ea:b001%utun0 UcI           utun0
fe80::9ad6:4cb5:b4ea:b001%utun0         link#11                         UHLI            lo0
fe80::%utun1/64                         fe80::978:5a3a:5b1a:5d85%utun1  UcI           utun1
fe80::978:5a3a:5b1a:5d85%utun1          link#12                         UHLI            lo0
ff01::%lo0/32                           ::1                             UmCI            lo0
ff01::%en0/32                           link#5                          UmCI            en0
ff01::%awdl0/32                         link#7                          UmCI          awdl0
ff01::%utun0/32                         fe80::9ad6:4cb5:b4ea:b001%utun0 UmCI          utun0
ff01::%utun1/32                         fe80::978:5a3a:5b1a:5d85%utun1  UmCI          utun1
ff02::%lo0/32                           ::1                             UmCI            lo0
ff02::%en0/32                           link#5                          UmCI            en0
ff02::%awdl0/32                         link#7                          UmCI          awdl0
ff02::%utun0/32                         fe80::9ad6:4cb5:b4ea:b001%utun0 UmCI          utun0
ff02::%utun1/32                         fe80::978:5a3a:5b1a:5d85%utun1  UmCI          utun1

Open in new window


Thank you for the help.

Regards
LVL 1
SGTA14Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Owen RubinConsultantCommented:
Ok, so when the VPN is established, you Windows Machine is now on the Mac’s network. Does the Mac have internet?

Warning: route gateway is not reachable on any active network adapters: 10.64.60.2

That bothers me as well.  Would you clairify for me the local address and subnet of the Windows Machine and the Mac please? I see three private networks there and am a bit confused. Thanks.

As for split tunneling, on that I am not an expert. I have used apps that come with some VPN services that will do that for me, and I have had little luck making that work. But where do you want to split?  Typically, local IP traffic on the server side should route locally, but may need a static route added to assure that.  Typically any IP address that falls outside the local class address space will route across the VPN and end up trying to route there, depending on what and how that machines network is configured.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Owen RubinConsultantCommented:
Walk me through what happens. You do a connection, you say it established (seen in the log), and then nothing? You loose all network activity local and remote?
0
SGTA14Author Commented:
Hi Owen,

Many thanks for the help.
In the meantime, we opted for another VPN solution because we did not get OpenVPN up and running.

Regards
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2016

From novice to tech pro — start learning today.