0 comments

What is DMARC?


DMARC, which stands for “Domain-based Message Authentication, Reporting & Conformance”, is an email authentication protocol. It builds on the widely deployed SPF and DKIM protocols, adding a reporting function that allows senders and receivers to improve and monitor protection of the domain from fraudulent email.

This means that senders will experience consistent authentication results for their messages at AOL, Gmail, Hotmail, Yahoo! and any other email receiver implementing DMARC.

If you utilize a form on your website which has visitors send an email using a 'FROM' field in which they input their email addresses, there is a chance that the email will fail due to authentication if DMARC is being used by the @domain.com address. As of this writing, this only affects @yahoo.com addresses, however this may change in the future.

Note: Emails which are rejected due to the DMARC policy will normally indicate as much within the error itself. An example of an email rejected by Gmail can be seen below:

** info@xxxxx.co.uk R=lookuphost T=remote_smtp H=aspmx.l.google.com [74.125.133.27] X=TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128: SMTP error from remote mail server after end of data: 550-5.7.1 Unauthenticated email from xxxxxx.co.uk is not accepted due to\n550-5.7.1 domain's DMARC policy. Please contact administrator of envyhardwoods.\n550-5.7.1 co.uk domain if this was a legitimate mail. Please visit\n550-5.7.1  https://support.google.com/mail/answer/2451690 to learn about DMARC\n550 5.7.1 initiative. u6si28759615wje.60 - gsmtp

How can I do to fix this!

I'll recommend you update the 'FROM' field within your form to use an email address of @yourdomain.com. Additionally, the 'REPLY-TO' setting can be used with any DMARC compliant address and will successfully send emails without rejection such as  @gmail.com, @hotmail.com, @yahoo.com,  or @aol.com.

An example can be seen in the following header:

$headers = 'From: user@yourdomain.com' . " " .
'Reply-To: user@gmail.com' . " " .
'X-Mailer: PHP/' . phpversion();
0 comments

Spamming on cPanel Exim Server

Login to your server via SSH as the root user


  • The following command to pull email accounts being connected to from multiple IP addresses from the Exim mail log:


# grep "A=courier_login" /var/log/exim_mainlog | sed -e 's#H=.* \[##' -e 's#\]:[0-9]*##' | awk '{print $5,$6}' | sort | uniq | awk '{print $1}' | uniq -c | awk '{ if ($1 > 1) print $0}'.


  • If you see that you have a lot of users that have mail logins from multiple unique IP addresses you can run the following command to get a look at exactly what IPs they're connecting from:


# grep "A=courier_login" /var/log/exim_mainlog | sed -e 's#H=.* \[##' -e 's#\]:[0-9]*##' | awk '{print $5,$6}' | sort | uniq -c


  • Top 5 users sending maximum emails on the server:


grep "<=.*P=local" /var/log/exim_mainlog | awk '{print $6}' | sort | uniq -c | sort -nr | head -5

eximstats /var/log/exim_mainlog | grep -A7 "Top 50 local senders by message count" | tail -5 | awk '{print $1,$NF}'


  • Top 5 mail receivers maximum emails on the server:


egrep "(=>.*T=virtual_userdelivery|=>.*T=local_delivery)" /var/log/exim_mainlog | awk '{print $7}' | sort | uniq -c | sort -nr | head -5

eximstats /var/log/exim_mainlog | grep -A7 "Top 50 local destinations by message count" | tail -5 | awk '{print $1,$NF}'


  • Script to check and find path for the script used for spamming


awk '{ if ($0 ~ "cwd" && $0 ~ "home") {print $3} }' /var/log/exim_mainlog | sort | uniq -c | sort -nk 1
awk '{ if ($0 ~ "cwd" && $0 ~ "home") {print $4} }' /var/log/exim_mainlog | sort | uniq -c | sort -nk 1


  • If large number of hits from an IP, block the IP address


tail -n1000 /var/log/exim_mainlog |grep SMTP|cut -d[ -f2|cut -d] -f1|sort -n |uniq -c


  • Following command will show the maximum no of email currently in the mail queue from or to the email address in the mail queue with exact figure.


exim -bpr | grep "<*@*>" | awk '{print $4}'|grep -v "<>" | sort | uniq -c | sort -n


  • Following command will show you password compromised email accounts


egrep 'A=courier_login|A=dovecot_login' /var/log/exim_mainlog|sed -e 's#H=.* \[##' -e 's#\]:[0-9]*##'|awk '{print $5,$6}'|sort|uniq|awk '{print $1}'|uniq -c|awk '{ if ($1 > 1) print $0}'



  • Run below command to check the number of dovecot logins


egrep -o 'dovecot_login[^ ]+' /var/log/exim_mainlog | sort|uniq -c|sort -nk 1


  • Script to check path for the script used for spamming


awk '{ if ($0 ~ "cwd" && $0 ~ "home") {print $3} }' /var/log/exim_mainlog | sort | uniq -c | sort -nk 1
awk '{ if ($0 ~ "cwd" && $0 ~ "home") {print $4} }' /var/log/exim_mainlog | sort | uniq -c | sort -nk 1


  • Following command will show you the maximum no of email currently in the mail queue have from or to the email address in the mail queue with exact figure.


exim -bpr | grep "<*@*>" | awk '{print $4}'|grep -v "<>" | sort | uniq -c | sort -n


  • That will show you the maximum no of email currently in the mail queue have for the domain or from the domain with number.


exim -bpr | grep "<*@*>" | awk '{print $4}'|grep -v "<>" |awk -F "@" '{ print $2}' | sort | uniq -c | sort -n


  • Following command will show path to the script being utilized to send mail


ps -C exim -fH eww
ps -C exim -fH eww | grep home
cd /var/spool/exim/input/
egrep "X-PHP-Script" * -R


  • Command to delete frozen mails


exim -bp | awk '$6~"frozen" {print $3 }' | xargs exim -Mrm


  • If anyone is spamming from /tmp


tail -f /var/log/exim_mainlog | grep /tmp


  • To display the IP and no of tries done the IP to send mail but rejected by the server.


tail -3000 /var/log/exim_mainlog |grep 'rejected RCPT' |awk '{print$4}'|awk -F\[ '{print $2} '|awk -F\] '{print $1} '|sort | uniq -c | sort -k 1 -nr | head -n 5


  • Shows the  connections from a certain ip to the   SMTP server


netstat -plan|grep :25|awk {‘print $5′}|cut -d: -f 1|sort|uniq -c|sort -nk 1


  • To shows the domain name and the no of emails in queue


exim -bp | exiqsumm | more


  • If  spamming from outside domain then you can block that domain or email id on the server


pico /etc/antivirus.exim

  • Add the following lines:

if $header_from: contains “name@domain.com” then seen finish endif

Catching spammer

  • Check mail stats

exim -bp | exiqsumm | more


  • Check if any php script is causing the mass mailing with

cd /var/spool/exim/inputegrep “X-PHP-Script” * -R

Just cat the ID that you get and you will be able to check which script is here causing problem for you.

  • To Remove particular email account email

exim -bpr |grep “test.org”|awk {‘print $3′}|xargs exim -Mrm

Primary and Secondary DNS Zones in DNS Server

0 comments
When you deploy a DNS server in your organization, the installation and configuration process by default uses the Stub zone that caches all the resolve queries in this database. This DNS cache is helpful when the users request for the same destination repeatedly. With the help of the cache, the already resolved destinations can be easily accessed as query needs not to go through the entire name resolution process that happened when the query was resolved for the first time.
Apart from the default Stub zone, when administrators manually configure the DNS server and prepare it to service in large network infrastructures, they configure the Primary Zone in the DNS server.

Primary DNS Zone
Primary zone in the DNS server is the read/write copy of the DNS database. This means that whenever a new DNS record is added to the DNS database either automatically by the DNS clients or manually by the administrators, it is actually written in the primary zone of the DNS server. One DNS server can have only one primary DNS zone.

Since the primary zone of the DNS server is the read/write copy of the DNS database, it must be kept at a location where it remains physically protected from attacks, and remains safe from internal or external network threats and intrusions.

Secondary DNS Zone
Unlike primary DNS zone, the secondary DNS zone is the read-only copy of the DNS records. This means that the DNS records cannot be added directly to the secondary DNS zone. The secondary DNS zone can receive the updated records only from the primary DNS zone of the DNS server.

Also, unlike primary DNS zone where only one copy of the zone can exist in a DNS server, there can be up to 255 secondary DNS zones, where each secondary zone can receive DNS records updates from the same primary DNS zone, and none of the secondary zones can register the DNS records on its own.


DNS secondary zone is mostly deployed in another domain whose DNS server is not authoritative for resolving the queries of the current domain. For example, if there are two domains namely A and B, the primary DNS zones become authoritative for resolving the queries within their own domains, and the secondary DNS zone of the domain A will be placed in the domain B and vice-versa. With the help of this approach, if the DNS clients in the domain B try to communicate with any computer within the domain A, their queries can be resolved by the secondary DNS zone of the domain A that is placed within the domain B.

MTU - maximum transmission unit

0 comments
 A maximum transmission unit (MTU) is the largest size packet or frame, specified in octets (eight-bit bytes), that can be sent in a packet- or frame-based network such as the Internet. The Internet's Transmission Control Protocol (TCP) uses the MTU to determine the maximum size of each packet in any transmission. Too large an MTU size may mean retransmissions if the packet encounters a router that can't handle that large a packet. Too small an MTU size means relatively more header overhead and more acknowledgements that have to be sent and handled. Most computer operating systems provide a default MTU value that is suitable for most users. In general, Internet users should follow the advice of their Internet service provider (ISP) about whether to change the default value and what to change it to.

In Windows 95, the default MTU was 1500 octets (eight-bit bytes), partly because this is the Ethernet standard MTU. The Internet de facto standard MTU is 576, but ISPs often suggest using 1500. If you frequently access Web sites that encounter routers with an MTU size of 576, you may want to change to that size. (Apparently some users find that changing the setting to 576 improves performance and others do not find any improvement.) The minimum value that an MTU can be set to is 68.

For more recent Windows systems, the operating system is able to sense whether your connection should use 1500 or 576 and select the appropriate MTU for the connection.

For protocols other than TCP, different MTU sizes may apply.

How to get MySQL root Password - Linux Plesk

0 comments
Plesk MySQL server have no root user. Instead Plesk have user “admin” with root privileges.

You can run the command given below to get MySQL admin user password.

[root@server ~] # cat /etc/psa/.psa.shadow
3G5wVCxDGotP4itJ
Verify the password by login to the admin user.

[root@server ~] # mysql -u admin -p3G5wVCxDGotP4itJ
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 1234 to server version: 5.1

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql>

If you want login to MySQL without entering the password always, go through the following steps.

Create a file, /root/.my.cnf and add the follwong contents in it.

[mysql]
user = admin
password = 3G5wVCxDGotP4itJ

[mysqldump]
user = admin
password = 3G5wVCxDGotP4itJ

This will allow you to use mysql and mysqldump without providing passwords.

how to Enable wildcard subdomains

0 comments
When you install WPMU by default the subdomain option is checked. This is for blogs in the format of username.yourdomain.com.
There are two steps that need to be done to your server in order for this to work.
In Apache, there needs to be a line in the domain’s virtual hosts section as follows:
ServerName yourdomain.com
ServerAlias yourdomain.com *.yourdomain.com
DocumentRoot /your/doc/root/
ServerAdmin webmaster@yourdomain.com
** If you’re running an Nginx server, you’d use:
server {
listen 80;
server_name domain.com *.yourdomain.com;
}
The Server Alias line with the *.yourdomain.com is what controls this. If you do not have access to change this, ask your webhost for support. More and more hosts are enabling this by default.
The second thing that needs to be done is adding the DNS record. Where you add it depends on your domain hosting. Basically, you need to add a line like this:
*. in A YOURIPADDRESS
These wildcards mean that any subdomain request will fall through to the WPMU install, where MU will look up the name in the database. If it finds it, it serves up the blog.
Note: if you choose the subfolder option on installation, you do not have to do either one of these steps.

Resolving Domain Park Wrapper Errors

0 comments
If you run a more populated shared hosting server, sooner or later you’ll have received complaints about the dreaded park wrapper errors in cPanel that occur when a user tries to add a parked or addon domain to their cPanel. The errors may look like this:
Error from domain wrapper: domain.com is owned by another user.
Error from domain wrapper: Domain already exists, it was not added.
I’ve never really been able to attribute that error to a specific action, but my assumption is that it occurs as a result of the end user not completely removing the domain from their cPanel (i.e. hitting esc or closing the browser during removal), therefore not allowing cPanel to remove the domain’s entries to allow that domain to be re-added when certain security settings are enabled in WHM > Tweak Settings.
The easy solution to the first error is to enable the option for users to add domains owned by other users via WHM > Tweak Settings. But this is a very bad idea as it essentially allows users to repoint domains that you’re already hosting.
If you’re attempting to re-add a domain to a cPanel account and are getting one of the above errors, first check that the error needs to be corrected. Meaning, make sure that the domain in question isn’t already set up elsewhere. If it is, you would need to remove it from that account before being able to add it to another.
If the error is actually occurring due to an improperly removed domain, follow the below steps until you are able to add the domain back to the server:
  1. run /scripts/killdns <domain> on the server to remove the DNS records from the DNS cluster
  2. do grep -r <domain> /var/cpanel/users to see if it exists in a user file, and if so, delete the entry and run /scripts/updateuserdomains, make sure it’s remove from /etc/userdomains
  3. grep -r <domain> /var/cpanel/userdata to see if the domain appears in a user’s template. If so, remove any files based on the domain name (including .cache files), and remove any subdomain/parked/addon domain entries for that domain from the ‘main’ file located in that user’s folder (i.e. /var/cpanel/templates/username/main), then /scripts/rebuildhttpconf to remove it from httpd.conf .
This should allow you to re-add the domain name to the user’s cPanel without getting the park wrapper error.

Updating to WP 3.2 generates a fatal error code

0 comments

Fatal error: Call to undefined method Arras_Widget_Tag_Cloud::WP_Widget_Tag_Cloud() in /home/XXXXX/public_html/wp-content/themes/arras/library/widgets.php on line 404/405
To fix this, simply replace line 404 of /library/widgets.php from:
function Arras_Widget_Tag_Cloud() {
    $this->WP_Widget_Tag_Cloud();
}
to:
function Arras_Widget_Tag_Cloud() {
    parent::__construct();
}

mysql Couldn't find the mysql server or manager

0 comments
Solution
Step 1.)

Rem out the line in /etc/my.conf that was setting basedir to /var/lib. As seen below:

user=mysql
#basedir=/var/lib

Step 2.)

Create the directory "/var/run/mysqld" if it does not exist. Then chown that directory to mysql.mysql as below...

mkdir /var/run/mysqld
chown mysql.mysql /var/run/mysqld

Step 3.)

Start the service..

service mysql start

OpenVPN over Virtual Private Server (VPS)

0 comments

Environment:
Virtual Private Server (VPS)
  1. OS: CentOS
  2. IP Address: xxx.xxx.xxx.xxx
  3. Virtualization Platform: OpenVZ
  4. VPN Server: OpenVPN
My fresh server ip configuration
# ifconfig
lo Link encap:Local Loopback
inet addr:127.0.0.1  Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING  MTU:16436  Metric:1
RX packets:34 errors:0 dropped:0 overruns:0 frame:0
TX packets:34 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:3101 (3.0 KiB)  TX bytes:3101 (3.0 KiB)

venet0 Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-0000-00
inet addr:127.0.0.1  P-t-P:127.0.0.1  Bcast:0.0.0.0  Mask:255.255.255.255
UP BROADCAST POINTOPOINT RUNNING NOARP  MTU:1500  Metric:1
RX packets:30678 errors:0 dropped:0 overruns:0 frame:0
TX packets:29616 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:3556848 (3.3 MiB)  TX bytes:4822295 (4.5 MiB)

venet0:0 Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:64.79.205.xx P-t-P:64.79.205.xx Bcast:64.79.205.xx Mask:255.255.255.255
UP BROADCAST POINTOPOINT RUNNING NOARP  MTU:1500  Metric:1

Client Machine:
  1. Laptop
  2. OS: Windows Vista Business
  3. VPN Client: OpenVPN client for Windows

Scenario:
Server IP Address: xxx.xxx.xxx.xxx
Server Network: 192.168.100.x/24
Client Network: 192.168.1.x/24
Tunnel: 10.8.0.0/30


Installation of OpenVPN server

# tar xzf openvpn-2.1_rc20.tar.gz
# cd openvpn-2.1_rc20
# yum install openssl  ## Install openssl if it is not installes
# ./configure --disable-lzo
# make && make install

#cd openvpn

You will find easy-rsa in openvpn extracted distribution. What I did, I created a directory openvpn in /etc and copied all files from openvpn-[version]/easy-rsa to /etc/openvpn

# mkdir /etc/openvpn
# cp -r /[path]/openvpn-[version]/easy-rsa/* /etc/openvpn


then I executed following from /etc/openvpn

#cd /etc/openvpn
#. ./vars
#./clean-all
#./build-ca

Generating a 1024 bit RSA private key
............++++++
...........++++++
writing new private key to 'ca.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [KG]:
State or Province Name (full name) [NA]:
Locality Name (eg, city) [BISHKEK]:
Organization Name (eg, company) [OpenVPN-TEST]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:LINUX-ANGELS
Email Address [me@myhost.mydomain]: saifurab@gmail.com

Note that in the above sequence, most queried parameters were defaulted to the values set in the vars. The only parameter which must be explicitly entered is the Common Name. In the example above, I used "LINUX-ANGELS".


Generate certificate & key for server

Next, we will generate a certificate and private key for the server.

#./build-key-server server


As in the previous step, most parameters can be defaulted. When the Common Name is queried, enter "server".
Two other queries require positive responses,

"Sign the certificate? [y/n]"
and "1 out of 1 certificate requests certified, commit? [y/n]".


Generate certificates & keys for 3 clients

Generating client certificates is very similar to the previous step.

#./build-key client1
#./build-key client2
#./build-key client3

Remember that for each client, make sure to type the appropriate Common Name when prompted, i.e. "client1", "client2", or "client3". Always use a unique common name for each client.

Generate Diffie Hellman parameters

Diffie Hellman parameters must be generated for the OpenVPN server. On Linux/BSD/Unix:

#./build-dh

Output:

Generating DH parameters, 1024 bit long safe prime, generator 2
This is going to take a long time
.................+...........................................
...................+.............+.................+.........
......................................


Key Files

Now we will find our newly-generated keys and certificates in the /etc/openvpn/keys subdirectory. Here is an explanation of the relevant files:


ca.crt, ca.key, dh{n}.pem, server.crt, server.key, client1.crt,client1.key, client2.crt,
client2.key, client3.crt, client3.key


After key generation find sample-config-files in distribution files and copy server.conf to /etc/openvpn

Server Configuration File

#  grep -v \# /etc/openvpn/server.conf | grep -v ^$
port 1194
proto udp
dev tun
ca keys/ca.crt
cert keys/server.crt
dh keys/dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 192.168.100.0 255.255.255.0"
client-config-dir ccd
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 64.79.200.111"
push "dhcp-option DNS 64.79.200.113"
client-to-client
keepalive 10 120
persist-key
persist-tun
status openvpn-status.log
verb 3


Client Configuration
Download openVPN client for windows through google search and install it on your vista machine. Suppose we are setting up client for client1 certificates.

Assume that we are on vista machine for client1

copy ca.crt, client1.crt, client1.csr, client1.key in [Drivr]:\Program Files\OpenVPN\config
And configure client.ovpn file. See sample file


client
dev tun
proto udp
remote VPN Server IP 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client1.crt
key client1.key
verb 3

FEW MORE THINGS ON SERVER:
  1. We have to create virtual interface for private IPs. In my case I assigned 192.168.100.100 IP to my server. And I have created a copy of ifcfg-venet0:0 as ifcfg-venet0:1,

    # cat /etc/sysconfig/network-scripts/ifcfg-venet0:1
    DEVICE=venet0:1

    IPADDR=192.168.100.100
    NETMASK=255.255.255.0

  1. When I tried to rung openvpn server on my openVZ platform then I got this error

Note: Cannot open TUN/TAP dev /dev/net/tun: Permission denied (errno=13)

Note: Attempting fallback to kernel 2.2 TUN/TAP interface

Cannot open TUN/TAP dev /dev/tun0: No such file or directory (errno=2)



Solution
  1. Enter mkdir -p /dev/net
  2. Enter mknod /dev/net/tun c 10 200
  3. Enter chmod 600 /dev/net/tun
  4. Enter cat /dev/net/tun to test whether the TUN/TAP device is available:
    1. If you receive the message cat: /dev/net/tun: File descriptor in bad state your TUN/TAP device is ready for use
    2. If you receive the message cat: /dev/net/tun: No such device the TUN/TAP device was not successfully created
    3. We have to enable ip_forwarding and enable NAT by the command below. Masquerade will not work in VPS
# iptables -t nat -A POSTROUTING -j SNAT --to 64.79.205.xx

Run OpenVPN server
# openvpn server.conf

Fri Nov 27 10:10:28 2009 OpenVPN 2.1_rc20 i686-pc-linux-gnu [SSL] [EPOLL] built on Nov 11 2009
Fri Nov 27 10:10:28 2009 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Fri Nov 27 10:10:31 2009 Diffie-Hellman initialized with 1024 bit key
Fri Nov 27 10:10:32 2009 TLS-Auth MTU parms [ L:1541 D:138 EF:38 EB:0 ET:0 EL:0 ]
Fri Nov 27 10:10:32 2009 ROUTE default_gateway=191.255.255.1
Fri Nov 27 10:10:32 2009 TUN/TAP device tun0 opened
Fri Nov 27 10:10:32 2009 Note: Cannot set tx queue length on tun0: Operation not permitted (errno=1)
Fri Nov 27 10:10:32 2009 /sbin/ifconfig tun0 10.8.0.1 pointopoint 10.8.0.2 mtu 1500
Fri Nov 27 10:10:32 2009 /sbin/route add -net 10.8.0.0 netmask 255.255.255.0 gw 10.8.0.2
Fri Nov 27 10:10:32 2009 Data Channel MTU parms [ L:1541 D:1450 EF:41 EB:4 ET:0 EL:0 ]
Fri Nov 27 10:10:32 2009 Socket Buffers: R=[135168->131072] S=[135168->131072]
Fri Nov 27 10:10:32 2009 UDPv4 link local (bound): [undef]:1194
Fri Nov 27 10:10:32 2009 UDPv4 link remote: [undef]
Fri Nov 27 10:10:32 2009 MULTI: multi_init called, r=256 v=256
Fri Nov 27 10:10:32 2009 IFCONFIG POOL: base=10.8.0.4 size=62
Fri Nov 27 10:10:32 2009 IFCONFIG POOL LIST
Fri Nov 27 10:10:32 2009 LINUX-ANGELS,10.8.0.4
Fri Nov 27 10:10:32 2009 LINUX-ANGELS,10.8.0.8
Fri Nov 27 10:10:32 2009 Initialization Sequence Completed


Run OpenVPN Client in windows Vista
  1. Execute openVPN GUI as administrator.
  2. You will see an icon on tray. Right click it and click Connect


Now observe client and server

See ifconfig at server
# ifconfig
lo Link encap:Local Loopback
inet addr:127.0.0.1  Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING  MTU:16436  Metric:1
RX packets:34 errors:0 dropped:0 overruns:0 frame:0
TX packets:34 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:3101 (3.0 KiB)  TX bytes:3101 (3.0 KiB)

tun0 Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.8.0.1  P-t-P:10.8.0.2  Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
RX packets:11 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:924 (924.0 b)  TX bytes:0 (0.0 b)

venet0 Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:127.0.0.1  P-t-P:127.0.0.1  Bcast:0.0.0.0  Mask:255.255.255.255
UP BROADCAST POINTOPOINT RUNNING NOARP  MTU:1500  Metric:1
RX packets:31319 errors:0 dropped:0 overruns:0 frame:0
TX packets:30110 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:3608634 (3.4 MiB)  TX bytes:4883925 (4.6 MiB)

venet0:0 Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:64.79.205.xx  P-t-P:64.79.205.xx  Bcast:64.79.205.xx  Mask:255.255.255.255
UP BROADCAST POINTOPOINT RUNNING NOARP  MTU:1500  Metric:1

venet0:1  Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:192.168.100.100  P-t-P:192.168.100.100  Bcast:192.168.100.255  Mask:255.255.255.0
UP BROADCAST POINTOPOINT RUNNING NOARP  MTU:1500  Metric:1

See different outputs at Client
Ping tun0

C:\Users\Admin>ping 10.8.0.1

Pinging 10.8.0.1 with 32 bytes of data:

Reply from 10.8.0.1: bytes=32 time=363ms TTL=64
Reply from 10.8.0.1: bytes=32 time=363ms TTL=64
Reply from 10.8.0.1: bytes=32 time=363ms TTL=64
Reply from 10.8.0.1: bytes=32 time=363ms TTL=64

Ping statistics for 10.8.0.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 363ms, Maximum = 363ms, Average = 363ms

Ping OpenVPN server private IP

C:\Users\Admin>ping 192.168.100.100

Pinging 192.168.100.100 with 32 bytes of data:

Reply from 192.168.100.100: bytes=32 time=363ms TTL=64
Reply from 192.168.100.100: bytes=32 time=362ms TTL=64
Reply from 192.168.100.100: bytes=32 time=366ms TTL=64
Reply from 192.168.100.100: bytes=32 time=364ms TTL=64

Ping statistics for 192.168.100.100:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 362ms, Maximum = 366ms, Average = 363ms


C:\Users\Admin>tracert yahoo.com

Tracing route to yahoo.com [69.147.114.224]
over a maximum of 30 hops:

1   331 ms   331 ms   330 ms  10.8.0.1
2   330 ms   330 ms   330 ms  vpsl1-026.vpslink.com [66.249.15.63]
3   331 ms   331 ms   331 ms  po1-br0-tuk.wa.spry.com [64.79.223.1]
4   332 ms   331 ms   331 ms  cr1-tuk-g1-24.bb.spectrumnet.us [216.243.28.129]

5   331 ms   331 ms   331 ms  cr2-sea-B-pc1.bb.spectrumnet.us [208.76.184.69]

6   331 ms   331 ms   331 ms  six.yahoo.com [206.81.80.98]
7   424 ms   423 ms   422 ms  so-2-1-0.pat1.dce.yahoo.com [216.115.96.29]
8   425 ms   459 ms   445 ms  ae2-p140.msr1.re1.yahoo.com [216.115.108.57]
9   425 ms   426 ms   431 ms  gi1-22.bas-a1.re3.yahoo.com [68.142.238.65]
10   423 ms   424 ms   423 ms  b1.www.vip.re3.yahoo.com [69.147.114.224]

Trace complete.

This output clearly shows that now my gateway is 10.8.0.1. After testing I have connected X-Lite for it gets connected through VPN which couldn’t connect without VPN.

May be this is helpful for you