Arethusa forum

Arethusa discussion forums.

You are not logged in.

Announcement

Login / password is independent from other sites. Registration is not required to post, but is required to post links.

#1 2013-10-27 21:16:06

Anonymous
Anonymous

Problem with IP address fallback

Something rather worrying has recently started happening with my Arethusa connection.  I’ve made no changes to the OpenVPN software or to my configuration files, but I’m suddenly seeing on a regular basis that my connection will start as normal through the tunnel with the corresponding IP address but will fall back at some point to my normal IP address, with the OpenVPN icon in the taskbar still showing connection.  I’ve copied a log file and my configuration file below.   Is there anything that points to something obvious that is not correct with my setup?

LOG FILE
Sun Oct 27 20:36:21 2013 OpenVPN 2.1.3 i586-pc-mingw32msvc [SSL] [LZO2] [PKCS11] built on Sep 11 2010
Sun Oct 27 20:36:21 2013 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Sun Oct 27 20:36:21 2013 LZO compression initialized
Sun Oct 27 20:36:21 2013 Control Channel MTU parms [ L:1558 D:138 EF:38 EB:0 ET:0 EL:0 ]
Sun Oct 27 20:36:21 2013 Socket Buffers: R=[8192->8192] S=[8192->8192]
Sun Oct 27 20:36:22 2013 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ]
Sun Oct 27 20:36:22 2013 Local Options hash (VER=V4): '22188c5b'
Sun Oct 27 20:36:22 2013 Expected Remote Options hash (VER=V4): 'a8f55717'
Sun Oct 27 20:36:22 2013 UDPv4 link local: [undef]
Sun Oct 27 20:36:22 2013 UDPv4 link remote: 46.165.222.197:443
Sun Oct 27 20:36:22 2013 TLS: Initial packet from 46.165.222.197:443, sid=9430a559 3f7d3516
Sun Oct 27 20:36:22 2013 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sun Oct 27 20:36:22 2013 VERIFY OK: depth=1, /C=AQ/ST=Antarctica/L=Mount_Vinson/O=S6N/CN=S6N_CA/emailAddress=root@s6n.org
Sun Oct 27 20:36:22 2013 VERIFY OK: nsCertType=SERVER
Sun Oct 27 20:36:22 2013 VERIFY OK: depth=0, /C=SC/ST=Mahe/L=Victoria/O=Black_Lagoon_Internet_Ltd/CN=VPN-Germany-lsw1.fra.de.eu/emailAddress=lagoon@alberich.org
Sun Oct 27 20:36:22 2013 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Sun Oct 27 20:36:22 2013 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Oct 27 20:36:22 2013 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Sun Oct 27 20:36:22 2013 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Oct 27 20:36:22 2013 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Sun Oct 27 20:36:22 2013 [VPN-Germany-lsw1.fra.de.eu] Peer Connection Initiated with 46.165.222.197:443
Sun Oct 27 20:36:24 2013 SENT CONTROL [VPN-Germany-lsw1.fra.de.eu]: 'PUSH_REQUEST' (status=1)
Sun Oct 27 20:36:24 2013 PUSH: Received control message: 'PUSH_REPLY,topology subnet,route-gateway 10.39.3.252,dhcp-option DNS 10.10.10.10,dhcp-option DNS 8.8.8.8,ping 10,ping-restart 120,ifconfig 10.39.3.102 255.255.255.0'
Sun Oct 27 20:36:24 2013 OPTIONS IMPORT: timers and/or timeouts modified
Sun Oct 27 20:36:24 2013 OPTIONS IMPORT: --ifconfig/up options modified
Sun Oct 27 20:36:24 2013 OPTIONS IMPORT: route-related options modified
Sun Oct 27 20:36:24 2013 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sun Oct 27 20:36:24 2013 ROUTE default_gateway=192.168.1.254
Sun Oct 27 20:36:25 2013 TAP-WIN32 device [Local Area Connection 3] opened: \\.\Global\{39330090-C963-4CF4-89B6-9A3A2521E82D}.tap
Sun Oct 27 20:36:25 2013 TAP-Win32 Driver Version 9.7
Sun Oct 27 20:36:25 2013 TAP-Win32 MTU=1500
Sun Oct 27 20:36:25 2013 Set TAP-Win32 TUN subnet mode network/local/netmask = 10.39.3.0/10.39.3.102/255.255.255.0 [SUCCEEDED]
Sun Oct 27 20:36:25 2013 Notified TAP-Win32 driver to set a DHCP IP/netmask of 10.39.3.102/255.255.255.0 on interface {39330090-C963-4CF4-89B6-9A3A2521E82D} [DHCP-serv: 10.39.3.254, lease-time: 31536000]
Sun Oct 27 20:36:25 2013 Successful ARP Flush on interface [14] {39330090-C963-4CF4-89B6-9A3A2521E82D}
Sun Oct 27 20:36:25 2013 TEST ROUTES: 1/1 succeeded len=0 ret=1 a=0 u/d=up
Sun Oct 27 20:36:25 2013 C:\WINDOWS\system32\route.exe ADD 46.165.222.197 MASK 255.255.255.255 192.168.1.254
Sun Oct 27 20:36:25 2013 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Sun Oct 27 20:36:25 2013 Route addition via IPAPI succeeded [adaptive]
Sun Oct 27 20:36:25 2013 C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.39.3.252
Sun Oct 27 20:36:25 2013 Warning: route gateway is not reachable on any active network adapters: 10.39.3.252
Sun Oct 27 20:36:25 2013 Route addition via IPAPI failed [adaptive]
Sun Oct 27 20:36:25 2013 Route addition fallback to route.exe
OK!
Sun Oct 27 20:36:25 2013 C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.39.3.252
Sun Oct 27 20:36:25 2013 Warning: route gateway is not reachable on any active network adapters: 10.39.3.252
Sun Oct 27 20:36:25 2013 Route addition via IPAPI failed [adaptive]
Sun Oct 27 20:36:25 2013 Route addition fallback to route.exe
OK!
Sun Oct 27 20:36:25 2013 Initialization Sequence Completed
Sun Oct 27 21:36:22 2013 TLS: soft reset sec=0 bytes=48433/0 pkts=707/0
Sun Oct 27 21:36:23 2013 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sun Oct 27 21:36:24 2013 VERIFY OK: depth=1, /C=AQ/ST=Antarctica/L=Mount_Vinson/O=S6N/CN=S6N_CA/emailAddress=root@s6n.org
Sun Oct 27 21:36:24 2013 VERIFY OK: nsCertType=SERVER
Sun Oct 27 21:36:24 2013 VERIFY OK: depth=0, /C=SC/ST=Mahe/L=Victoria/O=Black_Lagoon_Internet_Ltd/CN=VPN-Germany-lsw1.fra.de.eu/emailAddress=lagoon@alberich.org
Sun Oct 27 21:36:25 2013 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Sun Oct 27 21:36:25 2013 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Oct 27 21:36:25 2013 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Sun Oct 27 21:36:25 2013 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Oct 27 21:36:25 2013 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA



CONFIGURATION
client
dev tun
proto udp
remote de.tunsrv.s6n.net  443
resolv-retry infinite
nobind
persist-key
persist-tun
persist-remote-ip

route-delay

mute-replay-warnings
ca arethusa-ca.crt
ns-cert-type server
cipher AES-256-CBC
comp-lzo
verb 3
mute 20

#2 2013-10-28 17:59:48

Zero
Moderator

Re: Problem with IP address fallback

This is usually caused by a firewall or some security software.
You can try a google search on "Warning: route gateway is not reachable on any active network adapters:" for possible solutions.
But there is no universal solution because of all the interactions between OS, drivers, and firewalls.

If you can't find a solution, use L2TP/IPsec.

Offline

#3 2013-10-28 20:12:29

Anonymous
Anonymous

Re: Problem with IP address fallback

Thanks for the suggestions.  Kaspersky antivirus recently updated to a new version and I start to think that this is what is causing the issue.  It's certainly giving me a whole bunch of compatibility issues with regular things like the Firefox browser and I might try reverting to the previous version.  Anyone planning to use Kaspersky 2014 might be well advised to be cautious.

Board footer

Powered by FluxBB