Sorry for my missing response. I was on a "city trip"(?) over the week-end and could test it again, today.
For me it looks, now it worked. The Securepoint SSL client shows green "connected" state, the logs show the following (all personal data replaced with MYCITY, MYLASTNAME, MYSERVER,...):
Try to start OpenVPN connection MYSERVER
Mon Jun 06 09:19:43 2016 OpenVPN 2.3.3 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Apr 9 2014
Mon Jun 06 09:19:43 2016 Socket Buffers: R=[8192->8192] S=[64512->64512]
Mon Jun 06 09:19:43 2016 UDPv4 link local: [undef]
Mon Jun 06 09:19:43 2016 UDPv4 link remote: [AF_INET]95.208.243.202:1194
Mon Jun 06 09:19:43 2016 TLS: Initial packet from [AF_INET]95.208.243.202:1194, sid=00a977e1 0bdc3b9f
Mon Jun 06 09:19:44 2016 VERIFY OK: depth=1, C=DE, ST=MYSTATE, L=MYCITY, O=MYLASTNAME, OU=MYLASTNAME, CN=MYLASTNAME.local, name=vpnserver, emailAddress=me@web.de
Mon Jun 06 09:19:44 2016 VERIFY OK: nsCertType=SERVER
Mon Jun 06 09:19:44 2016 VERIFY OK: depth=0, C=DE, ST=MYSTATE, L=MYCITY, O=MYLASTNAME, OU=MYLASTNAME, CN=MYLASTNAME.local, name=vpnserver, emailAddress=me@web.de
Mon Jun 06 09:19:44 2016 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Mon Jun 06 09:19:44 2016 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Jun 06 09:19:44 2016 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Mon Jun 06 09:19:44 2016 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Jun 06 09:19:44 2016 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Mon Jun 06 09:19:44 2016 [MYSERVER.local] Peer Connection Initiated with [AF_INET]95.208.243.202:1194
Mon Jun 06 09:19:47 2016 SENT CONTROL [MYSERVER.local]: 'PUSH_REQUEST' (status=1)
Mon Jun 06 09:19:47 2016 PUSH: Received control message: 'PUSH_REPLY,route 192.168.1.0 255.255.255.0,dhcp-option DNS 192.168.1.1,dhcp-option WINS 192.168.1.1,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,dhcp-option NTP 129.6.15.30,redirect-gateway def1 local,route-gateway 10.1.1.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.1.1.2 255.255.255.0'
Mon Jun 06 09:19:47 2016 OPTIONS IMPORT: timers and/or timeouts modified
Mon Jun 06 09:19:47 2016 OPTIONS IMPORT: --ifconfig/up options modified
Mon Jun 06 09:19:47 2016 OPTIONS IMPORT: route options modified
Mon Jun 06 09:19:47 2016 OPTIONS IMPORT: route-related options modified
Mon Jun 06 09:19:47 2016 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Mon Jun 06 09:19:47 2016 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Mon Jun 06 09:19:47 2016 open_tun, tt->ipv6=0
Mon Jun 06 09:19:47 2016 TAP-WIN32 device [LAN-Verbindung 2] opened: \\.\Global\{EE773150-51AB-4DFF-A3CA-B17D2E7BF6CF}.tap
Mon Jun 06 09:19:47 2016 TAP-Windows Driver Version 9.9
Mon Jun 06 09:19:47 2016 Set TAP-Windows TUN subnet mode network/local/netmask = 10.1.1.0/10.1.1.2/255.255.255.0 [SUCCEEDED]
Mon Jun 06 09:19:47 2016 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.1.1.2/255.255.255.0 on interface {EE773150-51AB-4DFF-A3CA-B17D2E7BF6CF} [DHCP-serv: 10.1.1.254, lease-time: 31536000]
Mon Jun 06 09:19:47 2016 Successful ARP Flush on interface [77] {EE773150-51AB-4DFF-A3CA-B17D2E7BF6CF}
Mon Jun 06 09:19:52 2016 TEST ROUTES: 2/2 succeeded len=1 ret=1 a=0 u/d=up
Mon Jun 06 09:19:52 2016 C:\Windows\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.1.1.1
Mon Jun 06 09:19:52 2016 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Mon Jun 06 09:19:52 2016 Route addition via IPAPI succeeded [adaptive]
Mon Jun 06 09:19:52 2016 C:\Windows\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.1.1.1
Mon Jun 06 09:19:52 2016 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Mon Jun 06 09:19:52 2016 Route addition via IPAPI succeeded [adaptive]
Mon Jun 06 09:19:52 2016 C:\Windows\system32\route.exe ADD 192.168.1.0 MASK 255.255.255.0 10.1.1.1
Mon Jun 06 09:19:52 2016 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Mon Jun 06 09:19:52 2016 Route addition via IPAPI succeeded [adaptive]
Mon Jun 06 09:19:52 2016 Initialization Sequence Completed
Mon Jun 06 09:19:47 2016 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Mon Jun 06 09:19:47 2016 open_tun, tt->ipv6=0
Mon Jun 06 09:19:47 2016 TAP-WIN32 device [LAN-Verbindung 2] opened: \\.\Global\{EE773150-51AB-4DFF-A3CA-B17D2E7BF6CF}.tap
Mon Jun 06 09:19:47 2016 TAP-Windows Driver Version 9.9
Mon Jun 06 09:19:47 2016 Set TAP-Windows TUN subnet mode network/local/netmask = 10.1.1.0/10.1.1.2/255.255.255.0 [SUCCEEDED]
Mon Jun 06 09:19:47 2016 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.1.1.2/255.255.255.0 on interface {EE773150-51AB-4DFF-A3CA-B17D2E7BF6CF} [DHCP-serv: 10.1.1.254, lease-time: 31536000]
Mon Jun 06 09:19:47 2016 Successful ARP Flush on interface [77] {EE773150-51AB-4DFF-A3CA-B17D2E7BF6CF}
Before it worked I still had to adjust my .ovpn file to use the same cipher as the server:
Mon Jun 06 09:10:38 2016 WARNING: 'cipher' is used inconsistently, local='cipher BF-CBC', remote='cipher AES-256-CBC'
...
Mon Jun 06 09:11:01 2016 Authenticate/Decrypt packet error: cipher final failed
I decided to use AES-256-CBC - or would you recommend another one? I found on the openvpn website, there are quite many. This warning does not appear any more and the connection contains no warnings / errors.
Nevertheless there's At least one problem left: When I connect to my VPN server, I can neither surf in the internet, nor connect to local network devices (I tried my router's luci to connect to).
For me it looks on the one hand, the network address is out of my network scope and the standard gateway is missing (sorry, the information is in english):
Ethernet-Adapter LAN-Verbindung 2:
Verbindungsspezifisches DNS-Suffix:
Beschreibung. . . . . . . . . . . : TAP-Windows Adapter V9
Physikalische Adresse . . . . . . : 00-FF-EE-77-31-50
DHCP aktiviert. . . . . . . . . . : Ja
Autokonfiguration aktiviert . . . : Ja
Verbindungslokale IPv6-Adresse . : fe80::59b7:a1da:6a9c:faf3%77(Bevorzugt)
IPv4-Adresse . . . . . . . . . . : 10.1.1.2(Bevorzugt)
Subnetzmaske . . . . . . . . . . : 255.255.255.0
Lease erhalten. . . . . . . . . . : Montag, 6. Juni 2016 09:19:53
Lease läuft ab. . . . . . . . . . : Dienstag, 6. Juni 2017 09:19:52
Standardgateway . . . . . . . . . :
DHCP-Server . . . . . . . . . . . : 10.1.1.254
DHCPv6-IAID . . . . . . . . . . . : 1291911150
DHCPv6-Client-DUID. . . . . . . . : 00-01-00-01-1C-94-CE-94-5C-51-4F-56-26-BF
DNS-Server . . . . . . . . . . . : 192.168.1.1
8.8.8.8
8.8.4.4
Primärer WINS-Server. . . . . . . : 192.168.1.1
NetBIOS über TCP/IP . . . . . . . : Aktiviert
My network address is now 10.1.1.2, the DHCP-Server address is 10.1.1.254 and the first DNS-Server is 192.168.1.1. I would expect the DHCP-Server to be my router's ip (10.50.50.1), as well as the DNS-Server?!
The ip address I'm not sure, if it has to be something like 10.50.50.X.
Thanks and kind regards,
Dirk
(Last edited by dirk1312 on 6 Jun 2016, 08:34)