Hi Below are some details that are relevant to my question:
Operating system: Microsoft Windows 11 Pro, 64bit OpenVPN version: 2.5.6 I have configured my system to prefer IPv4 over IPv6 using the guide: https://kb.firedaemon.com/support/solutions/articles/4000160803-prioritising-ipv4-over-ipv6-on-windows-10-and-11 Below are the contents of my configuration file (client config file): client dev tun resolv-retry infinite nobind persist-key persist-tun verb 3 remote-cert-tls server ping 10 ping-restart 60 sndbuf 524288 rcvbuf 524288 cipher AES-256-CBC tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA proto tcp auth-user-pass password.txt ca ca.crt service somevpnopenvpn block-outside-dns remote-random {list of resolved IP addresses redacted for privacy} Below are the contents of the log after a successful connection to the VPN server: 2022-04-28 21:36:47 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning. 2022-04-28 21:36:47 OpenVPN 2.5.6 Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Mar 16 2022 2022-04-28 21:36:47 Windows version 10.0 (Windows 10 or greater) 64bit 2022-04-28 21:36:47 library versions: OpenSSL 1.1.1n 15 Mar 2022, LZO 2.10 2022-04-28 21:36:47 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25374 2022-04-28 21:36:47 Need hold release from management interface, waiting... 2022-04-28 21:36:47 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25374 2022-04-28 21:36:47 MANAGEMENT: CMD 'state on' 2022-04-28 21:36:47 MANAGEMENT: CMD 'log all on' 2022-04-28 21:36:47 MANAGEMENT: CMD 'echo all on' 2022-04-28 21:36:47 MANAGEMENT: CMD 'bytecount 5' 2022-04-28 21:36:47 MANAGEMENT: CMD 'hold off' 2022-04-28 21:36:47 MANAGEMENT: CMD 'hold release' 2022-04-28 21:36:47 TCP/UDP: Preserving recently used remote address: [AF_INET]aa.bb.cc.dd:443 **the actual IP address has been redacted** 2022-04-28 21:36:47 Socket Buffers: R=[65536->524288] S=[65536->524288] 2022-04-28 21:36:47 Attempting to establish TCP connection with [AF_INET]aa.bb.cc.dd:443 [nonblock] 2022-04-28 21:36:47 MANAGEMENT: >STATE:1651153007,TCP_CONNECT,,,,,, 2022-04-28 21:36:48 TCP connection established with [AF_INET]aa.bb.cc.dd:443 2022-04-28 21:36:48 TCP_CLIENT link local: (not bound) 2022-04-28 21:36:48 TCP_CLIENT link remote: [AF_INET]aa.bb.cc.dd:443 2022-04-28 21:36:48 MANAGEMENT: >STATE:1651153008,WAIT,,,,,, 2022-04-28 21:36:48 MANAGEMENT: >STATE:1651153008,AUTH,,,,,, 2022-04-28 21:36:48 TLS: Initial packet from [AF_INET]aa.bb.cc.dd:443, sid=3903cca7 3d802dd1 2022-04-28 21:36:48 VERIFY OK: depth=2, C=XX, ST=Somewhere, L=Somecity, O=Verizon, OU=somevpn, CN=somevpn Root CA v2, emailAddress=secur...@somevpn.com 2022-04-28 21:36:48 VERIFY OK: depth=1, C=XX, ST=Somewhere, O=Verizon, OU=somevpn, CN=somevpn Intermediate CA v4, emailAddress=secur...@somevpn.com 2022-04-28 21:36:48 VERIFY KU OK 2022-04-28 21:36:48 Validating certificate extended key usage 2022-04-28 21:36:48 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication 2022-04-28 21:36:48 VERIFY EKU OK 2022-04-28 21:36:48 VERIFY OK: depth=0, C=XX, ST=Somewhere, O=Verizon, OU=somevpn, CN=us-slc-102.somevpn.com, emailAddress=secur...@somevpn.com 2022-04-28 21:36:49 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1559', remote='link-mtu 1560' 2022-04-28 21:36:49 WARNING: 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo' 2022-04-28 21:36:49 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_CHACHA20_POLY1305_SHA256, peer certificate: 4096 bit RSA, signature: RSA-SHA256 2022-04-28 21:36:49 [us-slc-102.somevpn.org] Peer Connection Initiated with [AF_INET]aa.bb.cc.dd:443 2022-04-28 21:36:50 MANAGEMENT: >STATE:1651153010,GET_CONFIG,,,,,, 2022-04-28 21:36:50 SENT CONTROL [us-slc-102.somevpn.com]: 'PUSH_REQUEST' (status=1) 2022-04-28 21:36:51 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 10.5.0.1,redirect-gateway def1 bypass-dhcp,route-ipv6 0000::/2,route-ipv6 4000::/2,route-ipv6 8000::/2,route-ipv6 C000::/2,comp-lzo no,route-gateway 10.5.0.1,topology subnet,socket-flags TCP_NODELAY,ifconfig-ipv6 fdda:d0d0:cafe:443::1001/64 fdda:d0d0:cafe:443::,ifconfig 10.5.0.3 255.255.0.0,peer-id 0,cipher AES-256-GCM' 2022-04-28 21:36:51 OPTIONS IMPORT: compression parms modified 2022-04-28 21:36:51 OPTIONS IMPORT: --socket-flags option modified 2022-04-28 21:36:51 OPTIONS IMPORT: --ifconfig/up options modified 2022-04-28 21:36:51 OPTIONS IMPORT: route options modified 2022-04-28 21:36:51 OPTIONS IMPORT: route-related options modified 2022-04-28 21:36:51 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified 2022-04-28 21:36:51 OPTIONS IMPORT: peer-id set 2022-04-28 21:36:51 OPTIONS IMPORT: adjusting link_mtu to 1626 2022-04-28 21:36:51 OPTIONS IMPORT: data channel crypto options modified 2022-04-28 21:36:51 Data Channel: using negotiated cipher 'AES-256-GCM' 2022-04-28 21:36:51 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key 2022-04-28 21:36:51 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key 2022-04-28 21:36:51 interactive service msg_channel=512 2022-04-28 21:36:52 GDG6: remote_host_ipv6=n/a 2022-04-28 21:36:52 NOTE: GetBestInterfaceEx returned error: Element not found. (code=1168) 2022-04-28 21:36:52 open_tun 2022-04-28 21:36:52 tap-windows6 device [OpenVPN TAP-Windows6] opened 2022-04-28 21:36:52 TAP-Windows Driver Version 9.24 2022-04-28 21:36:52 Set TAP-Windows TUN subnet mode network/local/netmask = 10.5.0.0/10.5.0.3/255.255.0.0 [SUCCEEDED] 2022-04-28 21:36:52 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.5.0.3/255.255.0.0 on interface {FB1A746D-116A-471A-A0B3-6017A1BF137A} [DHCP-serv: 10.5.0.0, lease-time: 31536000] 2022-04-28 21:36:52 Successful ARP Flush on interface [20] {FB1A746D-116A-471A-A0B3-6017A1BF137A} 2022-04-28 21:36:52 MANAGEMENT: >STATE:1651153012,ASSIGN_IP,,10.5.0.3,,,,,fdda:d0d0:cafe:443::1001 2022-04-28 21:36:52 IPv4 MTU set to 1500 on interface 20 using service 2022-04-28 21:36:52 INET6 address service: add fdda:d0d0:cafe:443::1001/128 2022-04-28 21:36:52 add_route_ipv6(fdda:d0d0:cafe:443::/64 -> fdda:d0d0:cafe:443::1001 metric 0) dev OpenVPN TAP-Windows6 2022-04-28 21:36:52 IPv6 route addition via service succeeded 2022-04-28 21:36:52 IPv6 MTU set to 1500 on interface 20 using service 2022-04-28 21:36:52 Blocking outside dns using service succeeded. 2022-04-28 21:36:57 TEST ROUTES: 1/1 succeeded len=0 ret=1 a=0 u/d=up 2022-04-28 21:36:57 C:\Windows\system32\route.exe ADD aa.bb.cc.dd MASK 255.255.255.255 192.168.1.1 **I have substituted aa.bb.cc.dd for the actual IP address** 2022-04-28 21:36:57 Route addition via service succeeded 2022-04-28 21:36:57 C:\Windows\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.5.0.1 2022-04-28 21:36:57 Route addition via service succeeded 2022-04-28 21:36:57 C:\Windows\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.5.0.1 2022-04-28 21:36:57 Route addition via service succeeded 2022-04-28 21:36:57 add_route_ipv6(::/2 -> fdda:d0d0:cafe:443:: metric -1) dev OpenVPN TAP-Windows6 2022-04-28 21:36:57 IPv6 route addition via service succeeded 2022-04-28 21:36:57 add_route_ipv6(4000::/2 -> fdda:d0d0:cafe:443:: metric -1) dev OpenVPN TAP-Windows6 2022-04-28 21:36:57 IPv6 route addition via service succeeded 2022-04-28 21:36:57 add_route_ipv6(8000::/2 -> fdda:d0d0:cafe:443:: metric -1) dev OpenVPN TAP-Windows6 2022-04-28 21:36:57 IPv6 route addition via service succeeded 2022-04-28 21:36:57 add_route_ipv6(c000::/2 -> fdda:d0d0:cafe:443:: metric -1) dev OpenVPN TAP-Windows6 2022-04-28 21:36:57 IPv6 route addition via service succeeded 2022-04-28 21:36:57 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this 2022-04-28 21:36:57 Initialization Sequence Completed 2022-04-28 21:36:57 MANAGEMENT: >STATE:1651153017,CONNECTED,SUCCESS,10.5.0.3,aa.bb.cc.dd,443,192.168.1.30,49684,fdda:d0d0:cafe:443::1001 Questions: 1. How do I modify my configuration file (client config file) such that IPv6 routes are not added to my connection? 2. What is the error "GetBestInterfaceEx returned error: Element not found"? Is there a fix for it? Thanks for your help. Stella _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
