pi@raspberrypi:~ $ cd /etc/openvpn/
pi@raspberrypi:/etc/openvpn $ cat server.conf
dev tun
proto udp
port XXXXX
ca /etc/openvpn/easy-rsa/pki/ca.crt
cert /etc/openvpn/easy-rsa/pki/issued/raspberrypi.crt
key /etc/openvpn/easy-rsa/pki/private/raspberrypi.key
dh none
ecdh-curve prime256v1
topology subnet
server 10.8.0.0 255.255.255.0
push "route 192.168.0.0 255.255.255.0"
......
config file on w10 laptop
client
dev tun
proto udp
remote XXX.XXX.XXX XXXX
resolv-retry infinite
nobind
remote-cert-tls server
tls-version-min 1.2
verify-x509-name raspberrypi name
cipher AES-256-GCM
auth SHA256
auth-nocache
verb 3
<ca>
-----BEGIN CERTIFICATE-----
MIIBtTCCAVqgAwIBAgITZPc/gHTdu
..........
But looking at the win10 client log......... i see a strange thing.....
If I set to TUN, why does it open a TAP driver ????
open_tun
tap-windows6 device [OpenVPN TAP-Windows6] opened
TAP-Windows Driver Version 9.24
Set TAP-Windows TUN subnet mode network/local/netmask = 10.8.0.0/10.8.0.2/255.255.255.0 [SUCCEEDED]
2020-12-11 18:27:03 OpenVPN 2.5_rc2 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Sep 30 2020
2020-12-11 18:27:03 Windows version 10.0 (Windows 10 or greater) 64bit
2020-12-11 18:27:03 library versions: OpenSSL 1.1.1h 22 Sep 2020, LZO 2.10
Enter Management Password:
2020-12-11 18:27:03 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25341
2020-12-11 18:27:03 Need hold release from management interface, waiting...
2020-12-11 18:27:03 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25341
2020-12-11 18:27:04 MANAGEMENT: CMD 'state on'
2020-12-11 18:27:04 MANAGEMENT: CMD 'log all on'
2020-12-11 18:27:04 MANAGEMENT: CMD 'echo all on'
2020-12-11 18:27:04 MANAGEMENT: CMD 'bytecount 5'
2020-12-11 18:27:04 MANAGEMENT: CMD 'hold off'
2020-12-11 18:27:04 MANAGEMENT: CMD 'hold release'
2020-12-11 18:27:04 MANAGEMENT: CMD 'password [...]'
2020-12-11 18:27:04 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2020-12-11 18:27:04 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2020-12-11 18:27:04 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2020-12-11 18:27:04 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2020-12-11 18:27:04 MANAGEMENT: >STATE:1607707624,RESOLVE,,,,,,
2020-12-11 18:27:04 TCP/UDP: Preserving recently used remote address: [AF_INET]XX.XX.XX.XX YYYYY
2020-12-11 18:27:04 Socket Buffers: R=[65536->65536] S=[65536->65536]
2020-12-11 18:27:04 UDP link local: (not bound)
2020-12-11 18:27:04 UDP link remote: [AF_INET]XX.XX.XX.XX:YYYYY
2020-12-11 18:27:04 MANAGEMENT: >STATE:1607707624,WAIT,,,,,,
2020-12-11 18:27:04 MANAGEMENT: >STATE:1607707624,AUTH,,,,,,
2020-12-11 18:27:04 TLS: Initial packet from [AF_INET]XX.XX.XX.XX:YYYYY, sid=646f6869 120fde53
2020-12-11 18:27:04 VERIFY KU OK
2020-12-11 18:27:04 Validating certificate extended key usage
2020-12-11 18:27:04 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2020-12-11 18:27:04 VERIFY EKU OK
2020-12-11 18:27:04 VERIFY X509NAME OK: CN=raspberrypi
2020-12-11 18:27:04 VERIFY OK: depth=0, CN=raspberrypi
2020-12-11 18:27:04 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 256 bit EC, curve: prime256v1
2020-12-11 18:27:04 [raspberrypi] Peer Connection Initiated with [AF_INET]XX.XX.XX.XX:YYYYY
2020-12-11 18:27:05 MANAGEMENT: >STATE:1607707625,GET_CONFIG,,,,,,
2020-12-11 18:27:05 SENT CONTROL [raspberrypi]: 'PUSH_REQUEST' (status=1)
2020-12-11 18:27:05 PUSH: Received control message: 'PUSH_REPLY,route 192.168.0.0 255.255.255.0,route-gateway 10.8.0.1,topology subnet,ping 15,ping-restart 120,ifconfig 10.8.0.2 255.255.255.0,peer-id 0'
2020-12-11 18:27:05 OPTIONS IMPORT: timers and/or timeouts modified
2020-12-11 18:27:05 OPTIONS IMPORT: --ifconfig/up options modified
2020-12-11 18:27:05 OPTIONS IMPORT: route options modified
2020-12-11 18:27:05 OPTIONS IMPORT: route-related options modified
2020-12-11 18:27:05 OPTIONS IMPORT: peer-id set
2020-12-11 18:27:05 OPTIONS IMPORT: adjusting link_mtu to 1624
2020-12-11 18:27:05 Using peer cipher 'AES-256-GCM'
2020-12-11 18:27:05 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2020-12-11 18:27:05 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2020-12-11 18:27:05 interactive service msg_channel=432
2020-12-11 18:27:05 ROUTE_GATEWAY 192.168.1.1/255.255.255.0 I=16 HWADDR=40:9f:38:16:c1:19
2020-12-11 18:27:05 open_tun
2020-12-11 18:27:05 tap-windows6 device [OpenVPN TAP-Windows6] opened
2020-12-11 18:27:05 TAP-Windows Driver Version 9.24
2020-12-11 18:27:05 Set TAP-Windows TUN subnet mode network/local/netmask = 10.8.0.0/10.8.0.2/255.255.255.0 [SUCCEEDED]
2020-12-11 18:27:05 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.8.0.2/255.255.255.0 on interface {85E0D69A-BD0C-4D4A-B2F4-5D4DAC0B9C1B} [DHCP-serv: 10.8.0.254, lease-time: 31536000]
2020-12-11 18:27:05 Successful ARP Flush on interface [11] {85E0D69A-BD0C-4D4A-B2F4-5D4DAC0B9C1B}
2020-12-11 18:27:05 MANAGEMENT: >STATE:1607707625,ASSIGN_IP,,10.8.0.2,,,,
2020-12-11 18:27:05 IPv4 MTU set to 1500 on interface 11 using service
2020-12-11 18:27:10 TEST ROUTES: 1/1 succeeded len=1 ret=1 a=0 u/d=up
2020-12-11 18:27:10 MANAGEMENT: >STATE:1607707630,ADD_ROUTES,,,,,,
2020-12-11 18:27:10 C:\WINDOWS\system32\route.exe ADD 192.168.0.0 MASK 255.255.255.0 10.8.0.1
2020-12-11 18:27:10 Route addition via service succeeded
2020-12-11 18:27:10 Initialization Sequence Completed
2020-12-11 18:27:10 MANAGEMENT: >STATE:1607707630,CONNECTED,SUCCESS,10.8.0.2,XX.XX.XX.XX,YYYYY,,
2020-12-11 18:34:11 C:\WINDOWS\system32\route.exe DELETE 192.168.0.0 MASK 255.255.255.0 10.8.0.1