# OpenVPN - "Destination Host Unreachable" via one network

## manwe_

Hi *. 

I need some help with OpenVPN. I'm in a hotel with Wi-Fi and almost everything except http ports locked. Luckily I have one server with ssh on 443 so I was able to socks-proxy for last 2 days. Nevertheless I decided to set up OpenVPN (also on 443) on another server to be covered for situations like this. 

Config on the server (/etc/openvpn/XXX/local.conf):

```

proto tcp-server

local 176.58.XX.XX

port 443

dev tap0

tls-server

cd /etc/openvpn/XXX

ca ca.crt

cert server.crt

key server.key

dh dh1024.pem

tls-auth ta.key 0

mode server

duplicate-cn

ifconfig 10.100.0.1 255.255.255.0 

ifconfig-pool 10.100.0.2 10.100.0.11 255.255.255.0 

push "dhcp-option DNS 176.58.XX.XX" 

push "redirect-gateway"

push "route-gateway 10.100.0.1"

tun-mtu 1500

tun-mtu-extra 32

mssfix 1450

ping 10

ping-restart 120

push "ping 10"

push "ping-restart 60"

push "route 10.100.0.0 255.255.255.0 10.100.0.1"

comp-lzo

status openvpn-status.log

verb 4

```

I know this might not be the prettiest config ever but those are my first steps with OpenVPN.

Firewall for forwarding OpenVPN clients to the outside world:

```
echo 1 > /proc/sys/net/ipv4/ip_forward

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

iptables -A FORWARD -i eth0 -o tap0 -m state --state RELATED,ESTABLISHED -j ACCEPT

iptables -A FORWARD -i tap0 -o eth0 -j ACCEPT

```

Now client (/etc/openvpn/XXX/local.conf):

```
proto tcp-client

port 443 

dev tap0

remote 176.58.XX.XX

tls-client

cd /etc/openvpn/XXX

ca ca.crt

cert client.crt

key client.key

tls-auth ta.key 1

tun-mtu 1500

tun-mtu-extra 32

mssfix 1450

pull

comp-lzo

verb 4

```

It works when I connect my laptop with phone [Android AccessPoint] or go to a restaurant. VPN connects, client gets IP 10.100.0.2 and transfers everything via server. But in that damn hotel I get "Destination Host Unreachable" for ping 10.100.0.1 and every connections times out. Is there something wrong with my config? How can I get this working?

Client's dmesg log when connecting through hotel's WiFi:

```

May 23 18:00:47 openvpn[12605]: Current Parameter Settings:

May 23 18:00:47 openvpn[12605]:   config = '/etc/openvpn/XXX.conf'

May 23 18:00:47 openvpn[12605]:   mode = 0

May 23 18:00:47 openvpn[12605]:   persist_config = DISABLED

May 23 18:00:47 openvpn[12605]:   persist_mode = 1

May 23 18:00:47 openvpn[12605]:   show_ciphers = DISABLED

May 23 18:00:47 openvpn[12605]:   show_digests = DISABLED

May 23 18:00:47 openvpn[12605]:   show_engines = DISABLED

May 23 18:00:47 openvpn[12605]:   genkey = DISABLED

May 23 18:00:47 openvpn[12605]:   key_pass_file = '[UNDEF]'

May 23 18:00:47 openvpn[12605]:   show_tls_ciphers = DISABLED

May 23 18:00:47 openvpn[12605]: Connection profiles [default]:

May 23 18:00:47 openvpn[12605]:   proto = tcp-client

May 23 18:00:47 openvpn[12605]:   local = '[UNDEF]'

May 23 18:00:47 openvpn[12605]:   local_port = 0

May 23 18:00:47 openvpn[12605]:   remote = '176.58.XX.XX'

May 23 18:00:47 openvpn[12605]:   remote_port = 443

May 23 18:00:47 openvpn[12605]:   remote_float = DISABLED

May 23 18:00:47 openvpn[12605]:   bind_defined = DISABLED

May 23 18:00:47 openvpn[12605]:   bind_local = DISABLED

May 23 18:00:47 openvpn[12605]:   connect_retry_seconds = 5

May 23 18:00:47 openvpn[12605]:   connect_timeout = 10

May 23 18:00:47 openvpn[12605]:   connect_retry_max = 0

May 23 18:00:47 openvpn[12605]:   socks_proxy_server = '[UNDEF]'

May 23 18:00:47 openvpn[12605]:   socks_proxy_port = 0

May 23 18:00:47 openvpn[12605]:   socks_proxy_retry = DISABLED

May 23 18:00:47 openvpn[12605]:   tun_mtu = 1500

May 23 18:00:47 openvpn[12605]:   tun_mtu_defined = ENABLED

May 23 18:00:47 openvpn[12605]:   link_mtu = 1500

May 23 18:00:47 openvpn[12605]:   link_mtu_defined = DISABLED

May 23 18:00:47 openvpn[12605]:   tun_mtu_extra = 32

May 23 18:00:47 openvpn[12605]:   tun_mtu_extra_defined = ENABLED

May 23 18:00:47 openvpn[12605]:   mtu_discover_type = -1

May 23 18:00:47 openvpn[12605]:   fragment = 0

May 23 18:00:47 openvpn[12605]:   mssfix = 1450

May 23 18:00:47 openvpn[12605]:   explicit_exit_notification = 0

May 23 18:00:47 openvpn[12605]: Connection profiles END

May 23 18:00:47 openvpn[12605]:   remote_random = DISABLED

May 23 18:00:47 openvpn[12605]:   ipchange = '[UNDEF]'

May 23 18:00:47 openvpn[12605]:   dev = 'tap0'

May 23 18:00:47 openvpn[12605]:   dev_type = '[UNDEF]'

May 23 18:00:47 openvpn[12605]:   dev_node = '[UNDEF]'

May 23 18:00:47 openvpn[12605]:   lladdr = '[UNDEF]'

May 23 18:00:47 openvpn[12605]:   topology = 1

May 23 18:00:47 openvpn[12605]:   tun_ipv6 = DISABLED

May 23 18:00:47 openvpn[12605]:   ifconfig_local = '[UNDEF]'

May 23 18:00:47 openvpn[12605]:   ifconfig_remote_netmask = '[UNDEF]'

May 23 18:00:47 openvpn[12605]:   ifconfig_noexec = DISABLED

May 23 18:00:47 openvpn[12605]:   ifconfig_nowarn = DISABLED

May 23 18:00:47 openvpn[12605]:   ifconfig_ipv6_local = '[UNDEF]'

May 23 18:00:47 openvpn[12605]:   ifconfig_ipv6_netbits = 0

May 23 18:00:47 openvpn[12605]:   ifconfig_ipv6_remote = '[UNDEF]'

May 23 18:00:47 openvpn[12605]:   shaper = 0

May 23 18:00:47 openvpn[12605]:   mtu_test = 0

May 23 18:00:47 openvpn[12605]:   mlock = DISABLED

May 23 18:00:47 openvpn[12605]:   keepalive_ping = 0

May 23 18:00:47 openvpn[12605]:   keepalive_timeout = 0

May 23 18:00:47 openvpn[12605]:   inactivity_timeout = 0

May 23 18:00:47 openvpn[12605]:   ping_send_timeout = 0

May 23 18:00:47 openvpn[12605]:   ping_rec_timeout = 0

May 23 18:00:47 openvpn[12605]:   ping_rec_timeout_action = 0

May 23 18:00:47 openvpn[12605]:   ping_timer_remote = DISABLED

May 23 18:00:47 openvpn[12605]:   remap_sigusr1 = 0

May 23 18:00:47 openvpn[12605]:   persist_tun = DISABLED

May 23 18:00:47 openvpn[12605]:   persist_local_ip = DISABLED

May 23 18:00:47 openvpn[12605]:   persist_remote_ip = DISABLED

May 23 18:00:47 openvpn[12605]:   persist_key = DISABLED

May 23 18:00:47 openvpn[12605]:   passtos = DISABLED

May 23 18:00:47 openvpn[12605]:   resolve_retry_seconds = 1000000000

May 23 18:00:47 openvpn[12605]:   username = '[UNDEF]'

May 23 18:00:47 openvpn[12605]:   groupname = '[UNDEF]'

May 23 18:00:47 openvpn[12605]:   chroot_dir = '[UNDEF]'

May 23 18:00:47 openvpn[12605]:   cd_dir = '/etc/openvpn/XXX'

May 23 18:00:47 openvpn[12605]:   writepid = '/var/run/openvpn.XXX.pid'

May 23 18:00:47 openvpn[12605]:   up_script = '/etc/openvpn/up.sh'

May 23 18:00:47 openvpn[12605]:   down_script = '/etc/openvpn/down.sh'

May 23 18:00:47 openvpn[12605]:   down_pre = ENABLED

May 23 18:00:47 openvpn[12605]:   up_restart = ENABLED

May 23 18:00:47 openvpn[12605]:   up_delay = ENABLED

May 23 18:00:47 openvpn[12605]:   daemon = ENABLED

May 23 18:00:47 openvpn[12605]:   inetd = 0

May 23 18:00:47 openvpn[12605]:   log = DISABLED

May 23 18:00:47 openvpn[12605]:   suppress_timestamps = DISABLED

May 23 18:00:47 openvpn[12605]:   nice = 0

May 23 18:00:47 openvpn[12605]:   verbosity = 4

May 23 18:00:47 openvpn[12605]:   mute = 0

May 23 18:00:47 openvpn[12605]:   gremlin = 0

May 23 18:00:47 openvpn[12605]:   status_file = '[UNDEF]'

May 23 18:00:47 openvpn[12605]:   status_file_version = 1

May 23 18:00:47 openvpn[12605]:   status_file_update_freq = 60

May 23 18:00:47 openvpn[12605]:   occ = ENABLED

May 23 18:00:47 openvpn[12605]:   rcvbuf = 65536

May 23 18:00:47 openvpn[12605]:   sndbuf = 65536

May 23 18:00:47 openvpn[12605]:   mark = 0

May 23 18:00:47 openvpn[12605]:   sockflags = 0

May 23 18:00:47 openvpn[12605]:   fast_io = DISABLED

May 23 18:00:47 openvpn[12605]:   lzo = 7

May 23 18:00:47 openvpn[12605]:   route_script = '[UNDEF]'

May 23 18:00:47 openvpn[12605]:   route_default_gateway = '[UNDEF]'

May 23 18:00:47 openvpn[12605]:   route_default_metric = 0

May 23 18:00:47 openvpn[12605]:   route_noexec = DISABLED

May 23 18:00:47 openvpn[12605]:   route_delay = 0

May 23 18:00:47 openvpn[12605]:   route_delay_window = 30

May 23 18:00:47 openvpn[12605]:   route_delay_defined = DISABLED

May 23 18:00:47 openvpn[12605]:   route_nopull = DISABLED

May 23 18:00:47 openvpn[12605]:   route_gateway_via_dhcp = DISABLED

May 23 18:00:47 openvpn[12605]:   max_routes = 100

May 23 18:00:47 openvpn[12605]:   allow_pull_fqdn = DISABLED

May 23 18:00:47 openvpn[12605]:   management_addr = '[UNDEF]'

May 23 18:00:47 openvpn[12605]:   management_port = 0

May 23 18:00:47 openvpn[12605]:   management_user_pass = '[UNDEF]'

May 23 18:00:47 openvpn[12605]:   management_log_history_cache = 250

May 23 18:00:47 openvpn[12605]:   management_echo_buffer_size = 100

May 23 18:00:47 openvpn[12605]:   management_write_peer_info_file = '[UNDEF]'

May 23 18:00:47 openvpn[12605]:   management_client_user = '[UNDEF]'

May 23 18:00:47 openvpn[12605]:   management_client_group = '[UNDEF]'

May 23 18:00:47 openvpn[12605]:   management_flags = 0

May 23 18:00:47 openvpn[12605]:   shared_secret_file = '[UNDEF]'

May 23 18:00:47 openvpn[12605]:   key_direction = 2

May 23 18:00:47 openvpn[12605]:   ciphername_defined = ENABLED

May 23 18:00:47 openvpn[12605]:   ciphername = 'BF-CBC'

May 23 18:00:47 openvpn[12605]:   authname_defined = ENABLED

May 23 18:00:47 openvpn[12605]:   authname = 'SHA1'

May 23 18:00:47 openvpn[12605]:   prng_hash = 'SHA1'

May 23 18:00:47 openvpn[12605]:   prng_nonce_secret_len = 16

May 23 18:00:47 openvpn[12605]:   keysize = 0

May 23 18:00:47 openvpn[12605]:   engine = DISABLED

May 23 18:00:47 openvpn[12605]:   replay = ENABLED

May 23 18:00:47 openvpn[12605]:   mute_replay_warnings = DISABLED

May 23 18:00:47 openvpn[12605]:   replay_window = 64

May 23 18:00:47 openvpn[12605]:   replay_time = 15

May 23 18:00:47 openvpn[12605]:   packet_id_file = '[UNDEF]'

May 23 18:00:47 openvpn[12605]:   use_iv = ENABLED

May 23 18:00:47 openvpn[12605]:   test_crypto = DISABLED

May 23 18:00:47 openvpn[12605]:   tls_server = DISABLED

May 23 18:00:47 openvpn[12605]:   tls_client = ENABLED

May 23 18:00:47 openvpn[12605]:   key_method = 2

May 23 18:00:47 openvpn[12605]:   ca_file = 'ca.crt'

May 23 18:00:47 openvpn[12605]:   ca_path = '[UNDEF]'

May 23 18:00:47 openvpn[12605]:   dh_file = '[UNDEF]'

May 23 18:00:47 openvpn[12605]:   cert_file = 'client.crt'

May 23 18:00:47 openvpn[12605]:   priv_key_file = 'client.key'

May 23 18:00:47 openvpn[12605]:   pkcs12_file = '[UNDEF]'

May 23 18:00:47 openvpn[12605]:   cipher_list = '[UNDEF]'

May 23 18:00:47 openvpn[12605]:   tls_verify = '[UNDEF]'

May 23 18:00:47 openvpn[12605]:   tls_export_cert = '[UNDEF]'

May 23 18:00:47 openvpn[12605]:   verify_x509_type = 0

May 23 18:00:47 openvpn[12605]:   verify_x509_name = '[UNDEF]'

May 23 18:00:47 openvpn[12605]:   crl_file = '[UNDEF]'

May 23 18:00:47 openvpn[12605]:   ns_cert_type = 0

May 23 18:00:47 openvpn[12605]:   remote_cert_ku[i] = 0

May 23 18:00:47 openvpn[12605]:   remote_cert_ku[i] = 0

May 23 18:00:47 openvpn[12605]:   remote_cert_ku[i] = 0

May 23 18:00:47 openvpn[12605]:   remote_cert_ku[i] = 0

May 23 18:00:47 openvpn[12605]:   remote_cert_ku[i] = 0

May 23 18:00:47 openvpn[12605]:   remote_cert_ku[i] = 0

May 23 18:00:47 openvpn[12605]:   remote_cert_ku[i] = 0

May 23 18:00:47 openvpn[12605]:   remote_cert_ku[i] = 0

May 23 18:00:47 openvpn[12605]:   remote_cert_ku[i] = 0

May 23 18:00:47 openvpn[12605]:   remote_cert_ku[i] = 0

May 23 18:00:47 openvpn[12605]:   remote_cert_ku[i] = 0

May 23 18:00:47 openvpn[12605]:   remote_cert_ku[i] = 0

May 23 18:00:47 openvpn[12605]:   remote_cert_ku[i] = 0

May 23 18:00:47 openvpn[12605]:   remote_cert_ku[i] = 0

May 23 18:00:47 openvpn[12605]:   remote_cert_ku[i] = 0

May 23 18:00:47 openvpn[12605]:   remote_cert_ku[i] = 0

May 23 18:00:47 openvpn[12605]:   remote_cert_eku = '[UNDEF]'

May 23 18:00:47 openvpn[12605]:   ssl_flags = 0

May 23 18:00:47 openvpn[12605]:   tls_timeout = 2

May 23 18:00:47 openvpn[12605]:   renegotiate_bytes = 0

May 23 18:00:47 openvpn[12605]:   renegotiate_packets = 0

May 23 18:00:47 openvpn[12605]:   renegotiate_seconds = 3600

May 23 18:00:47 openvpn[12605]:   handshake_window = 60

May 23 18:00:47 openvpn[12605]:   transition_window = 3600

May 23 18:00:47 openvpn[12605]:   single_session = DISABLED

May 23 18:00:47 openvpn[12605]:   push_peer_info = DISABLED

May 23 18:00:47 openvpn[12605]:   tls_exit = DISABLED

May 23 18:00:47 openvpn[12605]:   tls_auth_file = 'ta.key'

May 23 18:00:47 openvpn[12605]:   server_network = 0.0.0.0

May 23 18:00:47 openvpn[12605]:   server_netmask = 0.0.0.0

May 23 18:00:47 openvpn[12605]:   server_network_ipv6 = ::

May 23 18:00:47 openvpn[12605]:   server_netbits_ipv6 = 0

May 23 18:00:47 openvpn[12605]:   server_bridge_ip = 0.0.0.0

May 23 18:00:47 openvpn[12605]:   server_bridge_netmask = 0.0.0.0

May 23 18:00:47 openvpn[12605]:   server_bridge_pool_start = 0.0.0.0

May 23 18:00:47 openvpn[12605]:   server_bridge_pool_end = 0.0.0.0

May 23 18:00:47 openvpn[12605]:   ifconfig_pool_defined = DISABLED

May 23 18:00:47 openvpn[12605]:   ifconfig_pool_start = 0.0.0.0

May 23 18:00:47 openvpn[12605]:   ifconfig_pool_end = 0.0.0.0

May 23 18:00:47 openvpn[12605]:   ifconfig_pool_netmask = 0.0.0.0

May 23 18:00:47 openvpn[12605]:   ifconfig_pool_persist_filename = '[UNDEF]'

May 23 18:00:47 openvpn[12605]:   ifconfig_pool_persist_refresh_freq = 600

May 23 18:00:47 openvpn[12605]:   ifconfig_ipv6_pool_defined = DISABLED

May 23 18:00:47 openvpn[12605]:   ifconfig_ipv6_pool_base = ::

May 23 18:00:47 openvpn[12605]:   ifconfig_ipv6_pool_netbits = 0

May 23 18:00:47 openvpn[12605]:   n_bcast_buf = 256

May 23 18:00:47 openvpn[12605]:   tcp_queue_limit = 64

May 23 18:00:47 openvpn[12605]:   real_hash_size = 256

May 23 18:00:47 openvpn[12605]:   virtual_hash_size = 256

May 23 18:00:47 openvpn[12605]:   client_connect_script = '[UNDEF]'

May 23 18:00:47 openvpn[12605]:   learn_address_script = '[UNDEF]'

May 23 18:00:47 openvpn[12605]:   client_disconnect_script = '[UNDEF]'

May 23 18:00:47 openvpn[12605]:   client_config_dir = '[UNDEF]'

May 23 18:00:47 openvpn[12605]:   ccd_exclusive = DISABLED

May 23 18:00:47 openvpn[12605]:   tmp_dir = '/tmp'

May 23 18:00:47 openvpn[12605]:   push_ifconfig_defined = DISABLED

May 23 18:00:47 openvpn[12605]:   push_ifconfig_local = 0.0.0.0

May 23 18:00:47 openvpn[12605]:   push_ifconfig_remote_netmask = 0.0.0.0

May 23 18:00:47 openvpn[12605]:   push_ifconfig_ipv6_defined = DISABLED

May 23 18:00:47 openvpn[12605]:   push_ifconfig_ipv6_local = ::/0

May 23 18:00:47 openvpn[12605]:   push_ifconfig_ipv6_remote = ::

May 23 18:00:47 openvpn[12605]:   enable_c2c = DISABLED

May 23 18:00:47 openvpn[12605]:   duplicate_cn = DISABLED

May 23 18:00:47 openvpn[12605]:   cf_max = 0

May 23 18:00:47 openvpn[12605]:   cf_per = 0

May 23 18:00:47 openvpn[12605]:   max_clients = 1024

May 23 18:00:47 openvpn[12605]:   max_routes_per_client = 256

May 23 18:00:47 openvpn[12605]:   auth_user_pass_verify_script = '[UNDEF]'

May 23 18:00:47 openvpn[12605]:   auth_user_pass_verify_script_via_file = DISABLED

May 23 18:00:47 openvpn[12605]:   port_share_host = '[UNDEF]'

May 23 18:00:47 openvpn[12605]:   port_share_port = 0

May 23 18:00:47 openvpn[12605]:   client = DISABLED

May 23 18:00:47 openvpn[12605]:   pull = ENABLED

May 23 18:00:47 openvpn[12605]:   auth_user_pass_file = '[UNDEF]'

May 23 18:00:47 openvpn[12605]: OpenVPN 2.3.1 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [eurephia] [MH] [IPv6] built on May 21 2013

May 23 18:00:47 openvpn[12605]: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.

May 23 18:00:47 openvpn[12605]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

May 23 18:00:47 openvpn[12605]: Control Channel Authentication: using 'ta.key' as a OpenVPN static key file

May 23 18:00:47 openvpn[12605]: Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication

May 23 18:00:47 openvpn[12605]: Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication

May 23 18:00:47 openvpn[12605]: LZO compression initialized

May 23 18:00:47 openvpn[12605]: Control Channel MTU parms [ L:1576 D:168 EF:68 EB:0 ET:0 EL:0 ]

May 23 18:00:47 openvpn[12605]: Socket Buffers: R=[87380->131072] S=[16384->131072]

May 23 18:00:47 openvpn[12605]: Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:135 ET:32 EL:0 AF:3/1 ]

May 23 18:00:47 openvpn[12605]: Local Options String: 'V4,dev-type tap,link-mtu 1576,tun-mtu 1532,proto TCPv4_CLIENT,comp-lzo,keydir 1,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client'

May 23 18:00:47 openvpn[12605]: Expected Remote Options String: 'V4,dev-type tap,link-mtu 1576,tun-mtu 1532,proto TCPv4_SERVER,comp-lzo,keydir 0,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server'

May 23 18:00:47 openvpn[12605]: Local Options hash (VER=V4): 'e39a3273'

May 23 18:00:47 openvpn[12605]: Expected Remote Options hash (VER=V4): '3c14feac'

May 23 18:00:47 openvpn[12608]: Attempting to establish TCP connection with [AF_INET]176.58.XX.XX:443 [nonblock]

May 23 18:00:48 openvpn[12608]: TCP connection established with [AF_INET]176.58.XX.XX:443

May 23 18:00:48 openvpn[12608]: TCPv4_CLIENT link local: [undef]

May 23 18:00:48 openvpn[12608]: TCPv4_CLIENT link remote: [AF_INET]176.58.XX.XX:443

May 23 18:00:48 openvpn[12608]: TLS: Initial packet from [AF_INET]176.58.XX.XX:443, sid=362165fa 197ba310

May 23 18:00:49 openvpn[12608]: VERIFY OK: depth=1, C=PL, ST=malopolska, L=Krakow, O=manwe.pl, OU=XXX.manwe.pl, CN=XXX.manwe.pl, name=XXX.manwe.pl, emailAddress=@manwe.pl

May 23 18:00:49 openvpn[12608]: VERIFY OK: depth=0, C=PL, ST=malopolska, L=Krakow, O=manwe.pl, OU=XXX.manwe.pl, CN=server, name=XXX.manwe.pl, emailAddress=@manwe.pl

May 23 18:00:51 openvpn[12608]: Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key

May 23 18:00:51 openvpn[12608]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

May 23 18:00:51 openvpn[12608]: Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key

May 23 18:00:51 openvpn[12608]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

May 23 18:00:51 openvpn[12608]: Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA

May 23 18:00:51 openvpn[12608]: [server] Peer Connection Initiated with [AF_INET]176.58.XX.XX:443

May 23 18:00:53 openvpn[12608]: SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)

May 23 18:00:54 openvpn[12608]: PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 176.58.XX.XX,redirect-gateway,route-gateway 10.100.0.1,ping 10,ping-restart 60,route 10.100.0.0 255.255.255.0 10.100.0.1,ifconfig 10.100.0.2 255.255.255.0'

May 23 18:00:54 openvpn[12608]: OPTIONS IMPORT: timers and/or timeouts modified

May 23 18:00:54 openvpn[12608]: OPTIONS IMPORT: --ifconfig/up options modified

May 23 18:00:54 openvpn[12608]: OPTIONS IMPORT: route options modified

May 23 18:00:54 openvpn[12608]: OPTIONS IMPORT: route-related options modified

May 23 18:00:54 openvpn[12608]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified

May 23 18:00:54 openvpn[12608]: ROUTE_GATEWAY 192.168.0.1/255.255.255.0 IFACE=wlan0 HWADDR=48:5d:60:83:1e:14

May 23 18:00:54 openvpn[12608]: TUN/TAP device tap0 opened

May 23 18:00:54 openvpn[12608]: TUN/TAP TX queue length set to 100

May 23 18:00:54 openvpn[12608]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0

May 23 18:00:54 openvpn[12608]: /bin/ip link set dev tap0 up mtu 1500

May 23 18:00:54 openvpn[12608]: /bin/ip addr add dev tap0 10.100.0.2/24 broadcast 10.100.0.255

May 23 18:00:54 openvpn[12608]: /etc/openvpn/up.sh tap0 1500 1576 10.100.0.2 255.255.255.0 init

May 23 18:00:54 openvpn[12608]: /bin/ip route add 176.58.XX.XX/32 via 192.168.0.1

May 23 18:00:54 openvpn[12608]: /bin/ip route del 0.0.0.0/0

May 23 18:00:54 openvpn[12608]: /bin/ip route add 0.0.0.0/0 via 10.100.0.1

May 23 18:00:54 openvpn[12608]: /bin/ip route add 10.100.0.0/24 via 10.100.0.1

May 23 18:00:54 openvpn[12608]: ERROR: Linux route add command failed: external program exited with error status: 2

May 23 18:00:54 openvpn[12608]: Initialization Sequence Completed
```

----------

## AngelKnight

 *manwe_ wrote:*   

> I need some help with OpenVPN. I'm in a hotel with Wi-Fi and almost everything except http ports locked. Luckily I have one server with ssh on 443 so I was able to socks-proxy for last 2 days. Nevertheless I decided to set up OpenVPN (also on 443) on another server to be covered for situations like this. 
> 
> Config on the server (/etc/openvpn/XXX/local.conf):
> 
> ```
> ...

 

The server is already dealing out 10.100.0.0/24 as a reachable scope, why push another route for 10.100.0.0/24?

 *manwe_ wrote:*   

> Client's dmesg log when connecting through hotel's WiFi:
> 
> ```
> May 23 18:00:54 openvpn[12608]: PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 176.58.XX.XX,redirect-gateway,route-gateway 10.100.0.1,ping 10,ping-restart 60,route 10.100.0.0 255.255.255.0 10.100.0.1,ifconfig 10.100.0.2 255.255.255.0'
> 
> ...

 

The error line is the kernel complaining that you're installing a nonsensical route indicating that a network is reached via a nexthop inside that same network.

----------

