Beantwortet: Routing Problem?

pplover

Freshly Joined Member
Seit paar Tagen sehe ich irgendwelche Fehler im PP Client, sobald ich zum 3. VPN verbinde mit Chain, bei 2 VPN sehe ich keinen, unabhänging davon welches Land ich aussuche, Client ist auf dem neusten Stand, Netwerkreset wurde auch durchgeführt.

pp.png
 
27/10/2020 18:25:45 Debug enter FrmAdvancedProtection run
27/10/2020 18:25:46 Debug enter enableDNSProtection
27/10/2020 18:25:46 Debug enter enableFirewall
27/10/2020 18:25:46 Log Enabling Firewall
27/10/2020 18:25:47 Log Enabling Firewall successfull
27/10/2020 18:25:47 Debug enter StartWatchFirewall
27/10/2020 18:25:47 Debug leave StartWatchFirewall
27/10/2020 18:25:47 Debug leave enableFirewall
27/10/2020 18:25:47 Debug enter setPfFirewallException
27/10/2020 18:25:47 Debug leave setPfFirewallException
27/10/2020 18:25:47 Debug leave FrmAdvancedProtection run
27/10/2020 18:26:11 Log Firewall watchdog tests successfull

Da haengts dann mit 'Connected, waiting for confirmation.
 
Hier das Log von Zuerich nach Malmoe:

27/10/2020 18:40:13 Debug Debug: config connect called
27/10/2020 18:40:13 Log DisconnectReason set to NoDisconnect in connect_thread
27/10/2020 18:40:13 Log Debug: connect_thread started
27/10/2020 18:40:13 Log State Change Event - Initializing
27/10/2020 18:40:14 Log Checking firewall and DNS leak protection settings
27/10/2020 18:40:16 Log Waiting for network to get ready
27/10/2020 18:40:16 Debug Proxy: VpnServer: RemoteIp:194.68.170.51
27/10/2020 18:40:16 Debug Debug: Serviceconnection connect called
27/10/2020 18:40:17 Management Connecting to management interface 127.0.0.1:11212
27/10/2020 18:40:17 Log MANAGEMENT: CMD 'state on'
27/10/2020 18:40:17 Log MANAGEMENT: CMD 'hold release'
27/10/2020 18:40:17 Log MANAGEMENT: CMD 'username 'Auth' "<Username Removed>"'
27/10/2020 18:40:18 Log MANAGEMENT: CMD 'password [...]'
27/10/2020 18:40:18 Log NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
27/10/2020 18:40:18 Log Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
27/10/2020 18:40:18 Log Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
27/10/2020 18:40:18 Log Control Channel MTU parms [ L:1626 D:1140 EF:110 EB:0 ET:0 EL:3 ]
27/10/2020 18:40:18 Log Data Channel MTU parms [ L:1626 D:1300 EF:126 EB:407 ET:0 EL:3 ]
27/10/2020 18:40:18 Log Fragmentation MTU parms [ L:1626 D:1300 EF:125 EB:407 ET:1 EL:3 ]
27/10/2020 18:40:18 Log Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1606,tun-mtu 1500,proto UDPv4,comp-lzo,mtu-dynamic,keydir 1,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-client'
27/10/2020 18:40:18 Log Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1606,tun-mtu 1500,proto UDPv4,comp-lzo,mtu-dynamic,keydir 0,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-server'
27/10/2020 18:40:18 Log TCP/UDP: Preserving recently used remote address: [AF_INET]194.68.170.51:151
27/10/2020 18:40:18 Log Socket Buffers: R=[65536->65536] S=[65536->65536]
27/10/2020 18:40:18 Log UDP link local: (not bound)
27/10/2020 18:40:18 Log UDP link remote: [AF_INET]194.68.170.51:151
27/10/2020 18:40:18 Log MANAGEMENT: >STATE:1603820418,WAIT,,,,,,
27/10/2020 18:40:18 State WAIT
27/10/2020 18:40:18 Log MANAGEMENT: >STATE:1603820418,AUTH,,,,,,
27/10/2020 18:40:18 State AUTH
27/10/2020 18:40:18 Log TLS: Initial packet from [AF_INET]194.68.170.51:151, sid=6b37689f 7065f42e
27/10/2020 18:40:18 Log WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
27/10/2020 18:40:18 Log VERIFY OK: depth=1, C=CH, ST=Zug, L=Zug, O=Perfect Privacy, CN=Perfect Privacy, emailAddress=admin@perfect-privacy.com
27/10/2020 18:40:18 Log VERIFY KU OK
27/10/2020 18:40:18 Log Validating certificate extended key usage
27/10/2020 18:40:18 Log ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
27/10/2020 18:40:18 Log VERIFY EKU OK
27/10/2020 18:40:18 Log VERIFY OK: depth=0, C=CH, ST=Zug, O=Perfect Privacy, CN=Server_malmoe.perfect-privacy.com, emailAddress=admin@perfect-privacy.com
27/10/2020 18:40:18 Log Control Channel: TLSv1.2, cipher TLSv1.2 DHE-RSA-AES256-GCM-SHA384, 4096 bit RSA
27/10/2020 18:40:18 Log [Server_malmoe.perfect-privacy.com] Peer Connection Initiated with [AF_INET]194.68.170.51:151
27/10/2020 18:40:19 Log MANAGEMENT: >STATE:1603820419,GET_CONFIG,,,,,,
27/10/2020 18:40:20 State GET_CONFIG
27/10/2020 18:40:20 Log SENT CONTROL [Server_malmoe.perfect-privacy.com]: 'PUSH_REQUEST' (status=1)
27/10/2020 18:40:20 Log PUSH: Received control message: 'PUSH_REPLY,topology subnet,redirect-gateway def1,sndbuf 131072,rcvbuf 131072,comp-lzo adaptive,route-gateway 10.3.212.1,redirect-gateway ipv6,route-ipv6 2000::/3,ping 10,ping-restart 60,dhcp-option DNS 194.68.170.62,dhcp-option DNS 185.152.32.78,ifconfig-ipv6 fdbf:1d37:bbe0:0:61:4:0:f1/112 fdbf:1d37:bbe0:0:61:4:0:1,ifconfig 10.3.212.241 255.255.255.0,peer-id 1'
27/10/2020 18:40:20 Log Options error: option 'redirect-gateway' cannot be used in this context ([PUSH-OPTIONS])
27/10/2020 18:40:20 Log WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
27/10/2020 18:40:20 Log Options error: option 'redirect-gateway' cannot be used in this context ([PUSH-OPTIONS])
27/10/2020 18:40:20 Log Options error: option 'route-ipv6' cannot be used in this context ([PUSH-OPTIONS])
27/10/2020 18:40:20 Log Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS])
27/10/2020 18:40:20 Log Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS])
27/10/2020 18:40:20 Log OPTIONS IMPORT: timers and/or timeouts modified
27/10/2020 18:40:20 Log OPTIONS IMPORT: compression parms modified
27/10/2020 18:40:20 Log LZO compression initializing
27/10/2020 18:40:20 Log OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
27/10/2020 18:40:20 Log Socket Buffers: R=[65536->131072] S=[65536->131072]
27/10/2020 18:40:20 Log OPTIONS IMPORT: --ifconfig/up options modified
27/10/2020 18:40:20 Log OPTIONS IMPORT: route-related options modified
27/10/2020 18:40:20 Log OPTIONS IMPORT: peer-id set
27/10/2020 18:40:20 Log OPTIONS IMPORT: adjusting link_mtu to 1629
27/10/2020 18:40:20 Log Outgoing Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
27/10/2020 18:40:20 Log Outgoing Data Channel: Using 512 bit message hash 'SHA512' for HMAC authentication
27/10/2020 18:40:20 Log Incoming Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
27/10/2020 18:40:20 Log Incoming Data Channel: Using 512 bit message hash 'SHA512' for HMAC authentication
27/10/2020 18:40:20 Log interactive service msg_channel=0
27/10/2020 18:40:20 Log ROUTE: default_gateway=UNDEF
27/10/2020 18:40:20 Log open_tun
 
Hier der Rest:

27/10/2020 18:40:20 Log tap-windows6 device [Local Area Connection 2] opened
27/10/2020 18:40:20 Log TAP-Windows Driver Version 9.24
27/10/2020 18:40:20 Log TAP-Windows MTU=1500
27/10/2020 18:40:20 Log Set TAP-Windows TUN subnet mode network/local/netmask = 10.3.212.0/10.3.212.241/255.255.255.0 [SUCCEEDED]
27/10/2020 18:40:20 Log Notified TAP-Windows driver to set a DHCP IP/netmask of 10.3.212.241/255.255.255.0 on interface {55CC9FFA-9492-4DB9-9CF3-937C0519DCD9} [DHCP-serv: 10.3.212.254, lease-time: 31536000]
27/10/2020 18:40:20 Log Successful ARP Flush on interface [12] {55CC9FFA-9492-4DB9-9CF3-937C0519DCD9}
27/10/2020 18:40:20 Log do_ifconfig, ipv4=1, ipv6=1
27/10/2020 18:40:20 Log MANAGEMENT: >STATE:1603820420,ASSIGN_IP,,10.3.212.241,,,,,fdbf:1d37:bbe0:0:61:4:0:f1
27/10/2020 18:40:20 State ASSIGN_IP
27/10/2020 18:40:20 Log IPv4 MTU set to 1500 on interface 12 using SetIpInterfaceEntry()
27/10/2020 18:40:21 Log NETSH: C:\Windows\system32\netsh.exe interface ipv6 set address interface=12 fdbf:1d37:bbe0:0:61:4:0:f1/128 store=active
27/10/2020 18:40:21 Log add_route_ipv6(fdbf:1d37:bbe0:0:61:4::/112 -> fdbf:1d37:bbe0:0:61:4:0:f1 metric 0) dev Local Area Connection 2
27/10/2020 18:40:21 Log C:\Windows\system32\netsh.exe interface ipv6 add route fdbf:1d37:bbe0:0:61:4::/112 interface=12 fe80::8 store=active
27/10/2020 18:40:21 Log env_block: add PATH=C:\Windows\System32;C:\Windows;C:\Windows\System32\Wbem
27/10/2020 18:40:21 Log IPv6 MTU set to 1500 on interface 12 using SetIpInterfaceEntry()
27/10/2020 18:40:21 Log updown_v6.bat Local Area Connection 2 1500 1629 10.3.212.241 255.255.255.0 init
27/10/2020 18:40:21 Log env_block: add PATH=C:\Windows\System32;C:\Windows;C:\Windows\System32\Wbem
27/10/2020 18:40:21 Log Recursive routing detected, drop tun packet to [AF_INET]194.68.170.51:151
27/10/2020 18:40:21 Log Recursive routing detected, drop tun packet to [AF_INET]194.68.170.51:151
27/10/2020 18:40:21 Log Recursive routing detected, drop tun packet to [AF_INET]194.68.170.51:151
27/10/2020 18:40:21 Log Recursive routing detected, drop tun packet to [AF_INET]194.68.170.51:151
27/10/2020 18:40:21 Log Recursive routing detected, drop tun packet to [AF_INET]194.68.170.51:151
27/10/2020 18:40:21 Log Recursive routing detected, drop tun packet to [AF_INET]194.68.170.51:151
27/10/2020 18:40:21 Log Recursive routing detected, drop tun packet to [AF_INET]194.68.170.51:151
27/10/2020 18:40:21 Log Recursive routing detected, drop tun packet to [AF_INET]194.68.170.51:151
27/10/2020 18:40:21 Log Recursive routing detected, drop tun packet to [AF_INET]194.68.170.51:151
27/10/2020 18:40:21 Log Recursive routing detected, drop tun packet to [AF_INET]194.68.170.51:151
27/10/2020 18:40:21 Log Recursive routing detected, drop tun packet to [AF_INET]194.68.170.51:151
27/10/2020 18:40:21 Log Recursive routing detected, drop tun packet to [AF_INET]194.68.170.51:151
27/10/2020 18:40:21 Log Recursive routing detected, drop tun packet to [AF_INET]194.68.170.51:151
27/10/2020 18:40:21 Log Recursive routing detected, drop tun packet to [AF_INET]194.68.170.51:151
27/10/2020 18:40:21 Log Recursive routing detected, drop tun packet to [AF_INET]194.68.170.51:151
27/10/2020 18:40:21 Log Recursive routing detected, drop tun packet to [AF_INET]194.68.170.51:151
27/10/2020 18:40:21 Log Recursive routing detected, drop tun packet to [AF_INET]194.68.170.51:151
27/10/2020 18:40:21 Log Recursive routing detected, drop tun packet to [AF_INET]194.68.170.51:151
27/10/2020 18:40:21 Log Recursive routing detected, drop tun packet to [AF_INET]194.68.170.51:151
27/10/2020 18:40:21 Log Recursive routing detected, drop tun packet to [AF_INET]194.68.170.51:151
27/10/2020 18:40:21 Log Recursive routing detected, drop tun packet to [AF_INET]194.68.170.51:151
27/10/2020 18:40:21 Log Recursive routing detected, drop tun packet to [AF_INET]194.68.170.51:151
27/10/2020 18:40:22 Log Recursive routing detected, drop tun packet to [AF_INET]194.68.170.51:151
27/10/2020 18:40:23 Log TEST ROUTES: 2/2 succeeded len=1 ret=1 a=0 u/d=up
27/10/2020 18:40:23 Log Initialization Sequence Completed
27/10/2020 18:40:23 Log MANAGEMENT: >STATE:1603820423,CONNECTED,SUCCESS,10.3.212.241,194.68.170.51,151,,,fdbf:1d37:bbe0:0:61:4:0:f1
27/10/2020 18:40:23 Log State Change Event - Running
27/10/2020 18:40:23 State CONNECTED
27/10/2020 18:40:23 Log Recursive routing detected, drop tun packet to [AF_INET]194.68.170.51:151
27/10/2020 18:40:23 Log Recursive routing detected, drop tun packet to [AF_INET]194.68.170.51:151
27/10/2020 18:40:23 Log Recursive routing detected, drop tun packet to [AF_INET]194.68.170.51:151
27/10/2020 18:40:23 Log Recursive routing detected, drop tun packet to [AF_INET]194.68.170.51:151
27/10/2020 18:40:23 Log Recursive routing detected, drop tun packet to [AF_INET]194.68.170.51:151
27/10/2020 18:40:23 Log Recursive routing detected, drop tun packet to [AF_INET]194.68.170.51:151
27/10/2020 18:40:23 Log Recursive routing detected, drop tun packet to [AF_INET]194.68.170.51:151
[... viele, viele]
27/10/2020 18:40:55 Log Recursive routing detected, drop tun packet to [AF_INET]194.68.170.51:151
27/10/2020 18:40:55 Log Recursive routing detected, drop tun packet to [AF_INET]194.68.170.51:151
27/10/2020 18:40:55 Log Recursive routing detected, drop tun packet to [AF_INET]194.68.170.51:151
27/10/2020 18:40:56 Log Recursive routing detected, drop tun packet to [AF_INET]194.68.170.51:151
27/10/2020 18:40:56 Log Tunnel Malmoe Disconnect Called Reason:UserClicked
27/10/2020 18:40:56 Debug Debug: Serviceconnection Disconnect called
27/10/2020 18:40:56 Log State Change Event - Stopping
27/10/2020 18:40:56 Log Recursive routing detected, drop tun packet to [AF_INET]194.68.170.51:151
27/10/2020 18:40:56 Log Recursive routing detected, drop tun packet to [AF_INET]194.68.170.51:151
27/10/2020 18:40:56 Log Recursive routing detected, drop tun packet to [AF_INET]194.68.170.51:151
27/10/2020 18:40:56 Log Recursive routing detected, drop tun packet to [AF_INET]194.68.170.51:151
27/10/2020 18:40:56 Debug killConnection called
27/10/2020 18:40:56 Management Sending signal to close connection
27/10/2020 18:40:56 Log MANAGEMENT: CMD 'exit'
27/10/2020 18:40:56 Management Disconnecting from management interface
27/10/2020 18:40:56 Debug SendDisconnect done
27/10/2020 18:40:56 Management Disconnecting from management interface
27/10/2020 18:40:56 Debug DisconnectLogic done
27/10/2020 18:40:58 Log State Change Event - Stopped
27/10/2020 18:40:58 Log state changes to stoped, reason: UserClicked
27/10/2020 18:40:58 Log Handle disconnect for reason UserClicked error:NoError
 
Wenn es um den VPN Manager für Windows geht, schaut mal hier:
 
Hab vorhin mal einen 3. Hop aufgebaut (im Linux Terminal) mit

Eingabe:
Code:
openvpn --config SERVER --script-security 2 --route remote_host --persist-tun --up updown.sh --down updown.sh --route-noexec --setenv hopid 3 --setenv prevgw "$(ip r | grep 'tun1' | grep -m 1 '0.0.0.0' | cut -d ' ' -f 3)"

Ausgabe:
Code:
updown.sh: execuding: '/etc/openvpn/update-resolv-conf'
dhcp-option DNS 96.9.249.46
dhcp-option DNS 167.88.7.164
updown.sh: FINISHED
Wed Oct 28 11:16:04 2020 us=604002 Recursive routing detected, drop tun packet to [AF_INET]96.9.246.194:44
Wed Oct 28 11:16:05 2020 us=345418 Recursive routing detected, drop tun packet to [AF_INET]96.9.246.194:44
Wed Oct 28 11:16:06 2020 us=81540 Recursive routing detected, drop tun packet to [AF_INET]96.9.246.194:44
Wed Oct 28 11:16:06 2020 us=81627 Initialization Sequence Completed
Wed Oct 28 11:16:07 2020 us=553519 Recursive routing detected, drop tun packet to [AF_INET]96.9.246.194:44
Wed Oct 28 11:16:10 2020 us=689534 Recursive routing detected, drop tun packet to [AF_INET]96.9.246.194:44
^CWed Oct 28 11:16:12 2020 us=390055 event_wait : Interrupted system call (code=4)


Verwendet man hingegen den Standardbefehl
Code:
openvpn --config SERVER --script-security 2 --route remote_host --persist-tun --up updown.sh --down updown.sh --route-noexec --setenv hopid 3 --setenv prevgw 10.4.21.2

dann verhält sich das Terminal wie immer.


Das könnte bei der PP-Software vielleicht der Grund sein, also
"$(ip r | grep 'tun1' | grep -m 1 '0.0.0.0' | cut -d ' ' -f 3)"

statt
updown.sh: VPN: gateway: 10.4.21.2

Die obige Eingabesyntax wurde mithilfe von @PrivateMember (nochmals danke) erstellt,
aber sie funktioniert manchmal nicht, z.B. wenn ein Server (egal welcher Hop) abgenippelt ist
und man dann eine neue Verbindung aufbauen möchte.
Dann hilft bei mir nur die klassische Eingabe oder Rechner neu starten.

Allerdings läuft mein Rechner + VPN/SSH grad voll rund und der obige Befehl hätte funktionieren müssen.
 
Last edited:
Allerdings läuft mein Rechner + VPN/SSH grad voll rund und der obige Befehl hätte funktionieren müssen.

Mit einem neugestarteten Rechner funktioniert die Routine auch beim dritten Hop problemlos.

Allerdings ist der Reboot keine befriedigende Lösung des Problems, insbesondere dann nicht,
wenn die Verbindung auf PP-Seite abreißt und das Problem mit dem String beim Wiederverbinden auftritt.
 
Ähm.. moment wovon reden wir hier im thread?
Windows oder Linux?

Die Windows user sollten unter "Einstellungen" -> Sonstiges ein update bekommen, dann sollte das recursive routing problem weg sein.
Das ist entstanden da wir ja wegen https://board.perfect-privacy.com/threads/windows-wsl2-ip-leak-fix.4448/ unter Windows die Firewall um ein DeadRouting feature erweitert haben.

Das es auch auch Linux recursive routing Probleme gibt höre ich zum ersten mal, und an dem linux kram haben wir auch gar nichts geändert.
Besteht das dauerhaft und war das einmalig und nach dem reboot weg?

Grüße
Lars
 
Back
Top