OpenVPN 2.4 client connection problems
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
-
- OpenVpn Newbie
- Posts: 4
- Joined: Tue Jul 18, 2017 7:12 am
OpenVPN 2.4 client connection problems
I installed an OpenVPN + stunnel server on my Raspberry PI following this tutorial: https://www.youtube.com/watch?v=nnQDiGBFIXk
I have the problem that with the Windows client 2.3.X it all works fine, but with the client 2.4.X the connection always fails on the first try. Only when a 2 minute timeout is reached and it automatically attempts a reconnect, the connection is established successfully.
I have the problem that with the Windows client 2.3.X it all works fine, but with the client 2.4.X the connection always fails on the first try. Only when a 2 minute timeout is reached and it automatically attempts a reconnect, the connection is established successfully.
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
-
- OpenVpn Newbie
- Posts: 4
- Joined: Tue Jul 18, 2017 7:12 am
Re: OpenVPN 2.4 client connection problems
Here is my configuration:
Server system:
# uname -a
# ifconfig
server.conf
openvpn.log
stunnel.conf
stunnel client log:
Client OS:
Network setup:
client.ovpn
OpenVPN client log:
This is the error. A two minute timeout must pass before a connection is successful.
Server system:
# uname -a
Code: Select all
Linux raspberrypi 4.9.35-v7+ #1014 SMP Fri Jun 30 14:47:43 BST 2017 armv7l GNU/Linux
Code: Select all
eth0 Link encap:Ethernet HWaddr b8:27:eb:72:0e:2c
inet addr:192.168.2.3 Bcast:192.168.2.255 Mask:255.255.255.0
inet6 addr: fe80::4c91:2a68:c850:7ffa/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:19532135 errors:0 dropped:152 overruns:0 frame:0
TX packets:15760772 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1706217330 (1.5 GiB) TX bytes:2126397334 (1.9 GiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:10455267 errors:0 dropped:0 overruns:0 frame:0
TX packets:10455267 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1
RX bytes:10536587152 (9.8 GiB) TX bytes:10536587152 (9.8 GiB)
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 -00
inet addr:10.8.0.1 P-t-P:10.8.0.2 Mask:255.255.255.255
inet6 addr: fe80::664a:a4b6:78d:6fdb/64 Scope:Link
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:5818894 errors:0 dropped:0 overruns:0 frame:0
TX packets:8759999 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:597976966 (570.2 MiB) TX bytes:8817799882 (8.2 GiB)
wlan0 Link encap:Ethernet HWaddr b8:27:eb:27:5b:79
inet6 addr: fe80::9f27:d1e0:ecd2:146b/64 Scope:Link
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
SERVER
port 1194
proto tcp
dev tun
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/MY_DOMAIN_NAME.crt
key /etc/openvpn/easy-rsa/keys/MY_DOMAIN_NAME.key
dh /etc/openvpn/easy-rsa/keys/dh2048.pem
server 10.8.0.0 255.255.255.0
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 5 30
comp-lzo
persist-key
persist-tun
status /var/log/openvpn.log
verb 4
proto tcp
dev tun
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/MY_DOMAIN_NAME.crt
key /etc/openvpn/easy-rsa/keys/MY_DOMAIN_NAME.key
dh /etc/openvpn/easy-rsa/keys/dh2048.pem
server 10.8.0.0 255.255.255.0
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 5 30
comp-lzo
persist-key
persist-tun
status /var/log/openvpn.log
verb 4
openvpn.log
Code: Select all
OpenVPN CLIENT LIST
Updated,Tue Jul 18 20:56:22 2017
Common Name,Real Address,Bytes Received,Bytes Sent,Connected Since
home-client,127.0.0.1:51694,18914,31348,Tue Jul 18 20:53:24 2017
ROUTING TABLE
Virtual Address,Common Name,Real Address,Last Ref
10.8.0.6,home-client,127.0.0.1:51694,Tue Jul 18 20:56:11 2017
GLOBAL STATS
Max bcast/mcast queue length,1
END
Code: Select all
[openvpn]
client = yes
accept = 1337
connect = MY_DOMAIN_NAME:443
cert = stunnel.pem
stunnel client log:
Code: Select all
2017.07.18 07:44:06 LOG5[main]: stunnel 5.42 on x86-pc-msvc-1500 platform
2017.07.18 07:44:06 LOG5[main]: Compiled/running with OpenSSL 1.0.2l-fips 25 May 2017
2017.07.18 07:44:06 LOG5[main]: Threading:WIN32 Sockets:SELECT,IPv6 TLS:ENGINE,FIPS,OCSP,PSK,SNI
2017.07.18 07:44:06 LOG5[main]: Reading configuration from file stunnel.conf
2017.07.18 07:44:06 LOG5[main]: UTF-8 byte order mark detected
2017.07.18 07:44:06 LOG5[main]: FIPS mode disabled
2017.07.18 07:44:06 LOG4[main]: Service [openvpn] needs authentication to prevent MITM attacks
2017.07.18 07:44:06 LOG5[main]: Configuration successful
2017.07.18 07:46:32 LOG5[0]: Service [openvpn] accepted connection from 127.0.0.1:50146
2017.07.18 07:46:32 LOG5[0]: s_connect: connected MY_PUBLIC_IP:443
2017.07.18 07:46:32 LOG5[0]: Service [openvpn] connected remote server from 10.0.0.59:50147
2017.07.18 20:32:29 LOG3[0]: readsocket: Connection reset by peer (WSAECONNRESET) (10054)
2017.07.18 20:32:29 LOG5[0]: Connection reset: 85348024 byte(s) sent to TLS, 784020195 byte(s) sent to socket
2017.07.18 20:45:57 LOG5[1]: Service [openvpn] accepted connection from 127.0.0.1:59194
2017.07.18 20:45:57 LOG5[1]: s_connect: connected MY_PUBLIC_IP:443
2017.07.18 20:45:57 LOG5[1]: Service [openvpn] connected remote server from 10.0.0.59:59195
2017.07.18 20:50:59 LOG5[1]: Connection closed: 107988 byte(s) sent to TLS, 123669 byte(s) sent to socket
2017.07.18 20:51:04 LOG5[2]: Service [openvpn] accepted connection from 127.0.0.1:59226
2017.07.18 20:51:13 LOG3[2]: s_connect: connect MY_PUBLIC_IP:443: Connection refused (WSAECONNREFUSED) (10061)
2017.07.18 20:51:13 LOG3[2]: No more addresses to connect
2017.07.18 20:51:13 LOG5[2]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket
2017.07.18 20:53:23 LOG5[3]: Service [openvpn] accepted connection from 127.0.0.1:59239
2017.07.18 20:53:23 LOG5[3]: s_connect: connected MY_PUBLIC_IP:443
2017.07.18 20:53:23 LOG5[3]: Service [openvpn] connected remote server from 10.0.0.59:59240
Code: Select all
Microsoft Windows [Version 10.0.15063]
Code: Select all
Windows IP Configuration
Ethernet adapter Ethernet:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Wireless LAN adapter Local network connection* 12:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Ethernet adapter Ethernet 2:
Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::95b3:cbd2:f3dc:3ab8%16
IPv4 Address. . . . . . . . . . . : 10.8.0.6
Subnet Mask . . . . . . . . . . . : 255.255.255.252
Default Gateway . . . . . . . . . :
Wireless LAN adapter Wi-Fi:
Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::dcbd:e797:856a:24b6%21
IPv4 Address. . . . . . . . . . . : 10.0.0.59
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.0.0.138
CLIENT
client
dev tun
proto tcp
remote localhost 1337
route MY_PUBLIC_IP 255.255.255.255 net_gateway
resolv-retry infinite
nobind
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun
auth-nocache
remote-cert-tls server
comp-lzo
verb 4
dev tun
proto tcp
remote localhost 1337
route MY_PUBLIC_IP 255.255.255.255 net_gateway
resolv-retry infinite
nobind
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun
auth-nocache
remote-cert-tls server
comp-lzo
verb 4
OpenVPN client log:
Code: Select all
Tue Jul 18 20:43:51 2017 pkcs11_protected_authentication = DISABLED
Tue Jul 18 20:43:51 2017 pkcs11_private_mode = 00000000
Tue Jul 18 20:43:51 2017 pkcs11_private_mode = 00000000
Tue Jul 18 20:43:51 2017 pkcs11_private_mode = 00000000
Tue Jul 18 20:43:51 2017 pkcs11_private_mode = 00000000
Tue Jul 18 20:43:51 2017 pkcs11_private_mode = 00000000
Tue Jul 18 20:43:51 2017 pkcs11_private_mode = 00000000
Tue Jul 18 20:43:51 2017 pkcs11_private_mode = 00000000
Tue Jul 18 20:43:51 2017 pkcs11_private_mode = 00000000
Tue Jul 18 20:43:51 2017 pkcs11_private_mode = 00000000
Tue Jul 18 20:43:51 2017 pkcs11_private_mode = 00000000
Tue Jul 18 20:43:51 2017 pkcs11_private_mode = 00000000
Tue Jul 18 20:43:51 2017 pkcs11_private_mode = 00000000
Tue Jul 18 20:43:51 2017 pkcs11_private_mode = 00000000
Tue Jul 18 20:43:51 2017 pkcs11_private_mode = 00000000
Tue Jul 18 20:43:51 2017 pkcs11_private_mode = 00000000
Tue Jul 18 20:43:51 2017 pkcs11_private_mode = 00000000
Tue Jul 18 20:43:51 2017 pkcs11_cert_private = DISABLED
Tue Jul 18 20:43:51 2017 pkcs11_cert_private = DISABLED
Tue Jul 18 20:43:51 2017 pkcs11_cert_private = DISABLED
Tue Jul 18 20:43:51 2017 pkcs11_cert_private = DISABLED
Tue Jul 18 20:43:51 2017 pkcs11_cert_private = DISABLED
Tue Jul 18 20:43:51 2017 pkcs11_cert_private = DISABLED
Tue Jul 18 20:43:51 2017 pkcs11_cert_private = DISABLED
Tue Jul 18 20:43:51 2017 pkcs11_cert_private = DISABLED
Tue Jul 18 20:43:51 2017 pkcs11_cert_private = DISABLED
Tue Jul 18 20:43:51 2017 pkcs11_cert_private = DISABLED
Tue Jul 18 20:43:51 2017 pkcs11_cert_private = DISABLED
Tue Jul 18 20:43:51 2017 pkcs11_cert_private = DISABLED
Tue Jul 18 20:43:51 2017 pkcs11_cert_private = DISABLED
Tue Jul 18 20:43:51 2017 pkcs11_cert_private = DISABLED
Tue Jul 18 20:43:51 2017 pkcs11_cert_private = DISABLED
Tue Jul 18 20:43:51 2017 pkcs11_cert_private = DISABLED
Tue Jul 18 20:43:51 2017 pkcs11_pin_cache_period = -1
Tue Jul 18 20:43:51 2017 pkcs11_id = '[UNDEF]'
Tue Jul 18 20:43:51 2017 pkcs11_id_management = DISABLED
Tue Jul 18 20:43:51 2017 server_network = 0.0.0.0
Tue Jul 18 20:43:51 2017 server_netmask = 0.0.0.0
Tue Jul 18 20:43:51 2017 server_network_ipv6 = ::
Tue Jul 18 20:43:51 2017 server_netbits_ipv6 = 0
Tue Jul 18 20:43:51 2017 server_bridge_ip = 0.0.0.0
Tue Jul 18 20:43:51 2017 server_bridge_netmask = 0.0.0.0
Tue Jul 18 20:43:51 2017 server_bridge_pool_start = 0.0.0.0
Tue Jul 18 20:43:51 2017 server_bridge_pool_end = 0.0.0.0
Tue Jul 18 20:43:51 2017 ifconfig_pool_defined = DISABLED
Tue Jul 18 20:43:51 2017 ifconfig_pool_start = 0.0.0.0
Tue Jul 18 20:43:51 2017 ifconfig_pool_end = 0.0.0.0
Tue Jul 18 20:43:51 2017 ifconfig_pool_netmask = 0.0.0.0
Tue Jul 18 20:43:51 2017 ifconfig_pool_persist_filename = '[UNDEF]'
Tue Jul 18 20:43:51 2017 ifconfig_pool_persist_refresh_freq = 600
Tue Jul 18 20:43:51 2017 ifconfig_ipv6_pool_defined = DISABLED
Tue Jul 18 20:43:51 2017 ifconfig_ipv6_pool_base = ::
Tue Jul 18 20:43:51 2017 ifconfig_ipv6_pool_netbits = 0
Tue Jul 18 20:43:51 2017 n_bcast_buf = 256
Tue Jul 18 20:43:51 2017 tcp_queue_limit = 64
Tue Jul 18 20:43:51 2017 real_hash_size = 256
Tue Jul 18 20:43:51 2017 virtual_hash_size = 256
Tue Jul 18 20:43:51 2017 client_connect_script = '[UNDEF]'
Tue Jul 18 20:43:51 2017 learn_address_script = '[UNDEF]'
Tue Jul 18 20:43:51 2017 client_disconnect_script = '[UNDEF]'
Tue Jul 18 20:43:51 2017 client_config_dir = '[UNDEF]'
Tue Jul 18 20:43:51 2017 ccd_exclusive = DISABLED
Tue Jul 18 20:43:51 2017 tmp_dir = 'C:\Users\MY_USERNAME~1\AppData\Local\Temp\'
Tue Jul 18 20:43:51 2017 push_ifconfig_defined = DISABLED
Tue Jul 18 20:43:51 2017 push_ifconfig_local = 0.0.0.0
Tue Jul 18 20:43:51 2017 push_ifconfig_remote_netmask = 0.0.0.0
Tue Jul 18 20:43:51 2017 push_ifconfig_ipv6_defined = DISABLED
Tue Jul 18 20:43:51 2017 push_ifconfig_ipv6_local = ::/0
Tue Jul 18 20:43:51 2017 push_ifconfig_ipv6_remote = ::
Tue Jul 18 20:43:51 2017 enable_c2c = DISABLED
Tue Jul 18 20:43:51 2017 duplicate_cn = DISABLED
Tue Jul 18 20:43:51 2017 cf_max = 0
Tue Jul 18 20:43:51 2017 cf_per = 0
Tue Jul 18 20:43:51 2017 max_clients = 1024
Tue Jul 18 20:43:51 2017 max_routes_per_client = 256
Tue Jul 18 20:43:51 2017 auth_user_pass_verify_script = '[UNDEF]'
Tue Jul 18 20:43:51 2017 auth_user_pass_verify_script_via_file = DISABLED
Tue Jul 18 20:43:51 2017 auth_token_generate = DISABLED
Tue Jul 18 20:43:51 2017 auth_token_lifetime = 0
Tue Jul 18 20:43:51 2017 client = ENABLED
Tue Jul 18 20:43:51 2017 pull = ENABLED
Tue Jul 18 20:43:51 2017 auth_user_pass_file = '[UNDEF]'
Tue Jul 18 20:43:51 2017 show_net_up = DISABLED
Tue Jul 18 20:43:51 2017 route_method = 0
Tue Jul 18 20:43:51 2017 block_outside_dns = DISABLED
Tue Jul 18 20:43:51 2017 ip_win32_defined = DISABLED
Tue Jul 18 20:43:51 2017 ip_win32_type = 3
Tue Jul 18 20:43:51 2017 dhcp_masq_offset = 0
Tue Jul 18 20:43:51 2017 dhcp_lease_time = 31536000
Tue Jul 18 20:43:51 2017 tap_sleep = 0
Tue Jul 18 20:43:51 2017 dhcp_options = DISABLED
Tue Jul 18 20:43:51 2017 dhcp_renew = DISABLED
Tue Jul 18 20:43:51 2017 dhcp_pre_release = DISABLED
Tue Jul 18 20:43:51 2017 domain = '[UNDEF]'
Tue Jul 18 20:43:51 2017 netbios_scope = '[UNDEF]'
Tue Jul 18 20:43:51 2017 netbios_node_type = 0
Tue Jul 18 20:43:51 2017 disable_nbt = DISABLED
Tue Jul 18 20:43:51 2017 OpenVPN 2.4.3 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Jun 20 2017
Tue Jul 18 20:43:51 2017 Windows version 6.2 (Windows 8 or greater) 64bit
Tue Jul 18 20:43:51 2017 library versions: OpenSSL 1.0.2l 25 May 2017, LZO 2.10
Tue Jul 18 20:43:51 2017 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Tue Jul 18 20:43:51 2017 Need hold release from management interface, waiting...
Tue Jul 18 20:43:51 2017 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Tue Jul 18 20:43:51 2017 MANAGEMENT: CMD 'state on'
Tue Jul 18 20:43:51 2017 MANAGEMENT: CMD 'log all on'
Tue Jul 18 20:43:51 2017 MANAGEMENT: CMD 'echo all on'
Tue Jul 18 20:43:51 2017 MANAGEMENT: CMD 'hold off'
Tue Jul 18 20:43:51 2017 MANAGEMENT: CMD 'hold release'
Tue Jul 18 20:43:52 2017 LZO compression initializing
Tue Jul 18 20:43:52 2017 Control Channel MTU parms [ L:1656 D:1210 EF:40 EB:0 ET:0 EL:3 ]
Tue Jul 18 20:43:52 2017 MANAGEMENT: >STATE:1500403432,RESOLVE,,,,,,
Tue Jul 18 20:43:52 2017 Data Channel MTU parms [ L:1656 D:1450 EF:124 EB:412 ET:32 EL:3 ]
Tue Jul 18 20:43:52 2017 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1576,tun-mtu 1532,proto TCPv4_CLIENT,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Tue Jul 18 20:43:52 2017 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1576,tun-mtu 1532,proto TCPv4_SERVER,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Tue Jul 18 20:43:52 2017 TCP/UDP: Preserving recently used remote address: [AF_INET6]::1:1337
Tue Jul 18 20:43:52 2017 Socket Buffers: R=[65536->65536] S=[65536->65536]
Tue Jul 18 20:43:52 2017 Attempting to establish TCP connection with [AF_INET6]::1:1337 [nonblock]
Tue Jul 18 20:43:52 2017 MANAGEMENT: >STATE:1500403432,TCP_CONNECT,,,,,,
Tue Jul 18 20:45:52 2017 TCP: connect to [AF_INET6]::1:1337 failed: Connection timed out (WSAETIMEDOUT)
Tue Jul 18 20:45:52 2017 SIGUSR1[connection failed(soft),init_instance] received, process restarting
Tue Jul 18 20:45:52 2017 MANAGEMENT: >STATE:1500403552,RECONNECTING,init_instance,,,,,
Tue Jul 18 20:45:52 2017 Restart pause, 5 second(s)
Tue Jul 18 20:45:57 2017 Re-using SSL/TLS context
Tue Jul 18 20:45:57 2017 LZO compression initializing
Tue Jul 18 20:45:57 2017 Control Channel MTU parms [ L:1656 D:1210 EF:40 EB:0 ET:0 EL:3 ]
Tue Jul 18 20:45:57 2017 Data Channel MTU parms [ L:1656 D:1450 EF:124 EB:412 ET:32 EL:3 ]
Tue Jul 18 20:45:57 2017 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1576,tun-mtu 1532,proto TCPv4_CLIENT,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Tue Jul 18 20:45:57 2017 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1576,tun-mtu 1532,proto TCPv4_SERVER,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Tue Jul 18 20:45:57 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]127.0.0.1:1337
Tue Jul 18 20:45:57 2017 Socket Buffers: R=[65536->65536] S=[65536->65536]
Tue Jul 18 20:45:57 2017 Attempting to establish TCP connection with [AF_INET]127.0.0.1:1337 [nonblock]
Tue Jul 18 20:45:57 2017 MANAGEMENT: >STATE:1500403557,TCP_CONNECT,,,,,,
Tue Jul 18 20:45:57 2017 TCP connection established with [AF_INET]127.0.0.1:1337
Tue Jul 18 20:45:57 2017 TCP_CLIENT link local: (not bound)
Tue Jul 18 20:45:57 2017 TCP_CLIENT link remote: [AF_INET]127.0.0.1:1337
Tue Jul 18 20:45:57 2017 MANAGEMENT: >STATE:1500403557,WAIT,,,,,,
Tue Jul 18 20:45:57 2017 MANAGEMENT: >STATE:1500403557,AUTH,,,,,,
Tue Jul 18 20:45:57 2017 TLS: Initial packet from [AF_INET]127.0.0.1:1337, sid=e7ffddf2 4b3ef37a
Tue Jul 18 20:45:57 2017 VERIFY OK: depth=1, C=*, L=*, CN=*, emailAddress=*
Tue Jul 18 20:45:57 2017 VERIFY KU OK
Tue Jul 18 20:45:57 2017 Validating certificate extended key usage
Tue Jul 18 20:45:57 2017 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Tue Jul 18 20:45:57 2017 VERIFY EKU OK
Tue Jul 18 20:45:57 2017 VERIFY OK: depth=0, C=*, L=*, CN=*, emailAddress=*
Tue Jul 18 20:45:58 2017 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Tue Jul 18 20:45:58 2017 [MY_DOMAIN_NAME] Peer Connection Initiated with [AF_INET]127.0.0.1:1337
Tue Jul 18 20:45:59 2017 MANAGEMENT: >STATE:1500403559,GET_CONFIG,,,,,,
Tue Jul 18 20:45:59 2017 SENT CONTROL [MY_DOMAIN_NAME]: 'PUSH_REQUEST' (status=1)
Tue Jul 18 20:45:59 2017 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route 10.8.0.1,topology net30,ping 5,ping-restart 30,ifconfig 10.8.0.6 10.8.0.5'
Tue Jul 18 20:45:59 2017 OPTIONS IMPORT: timers and/or timeouts modified
Tue Jul 18 20:45:59 2017 OPTIONS IMPORT: --ifconfig/up options modified
Tue Jul 18 20:45:59 2017 OPTIONS IMPORT: route options modified
Tue Jul 18 20:45:59 2017 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Tue Jul 18 20:45:59 2017 Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:412 ET:32 EL:3 ]
Tue Jul 18 20:45:59 2017 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Jul 18 20:45:59 2017 WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
Tue Jul 18 20:45:59 2017 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jul 18 20:45:59 2017 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Jul 18 20:45:59 2017 WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
Tue Jul 18 20:45:59 2017 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jul 18 20:45:59 2017 WARNING: cipher with small block size in use, reducing reneg-bytes to 64MB to mitigate SWEET32 attacks.
Tue Jul 18 20:45:59 2017 interactive service msg_channel=0
Tue Jul 18 20:45:59 2017 ROUTE_GATEWAY 10.0.0.138/255.255.255.0 I=21 HWADDR=74:e5:0b:4f:12:56
Tue Jul 18 20:45:59 2017 open_tun
Tue Jul 18 20:45:59 2017 TAP-WIN32 device [Ethernet 2] opened: \\.\Global\{BF6EC74E-E387-41D4-97AF-7AAC090606D7}.tap
Tue Jul 18 20:45:59 2017 TAP-Windows Driver Version 9.21
Tue Jul 18 20:45:59 2017 TAP-Windows MTU=1500
Tue Jul 18 20:45:59 2017 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.8.0.6/255.255.255.252 on interface {BF6EC74E-E387-41D4-97AF-7AAC090606D7} [DHCP-serv: 10.8.0.5, lease-time: 31536000]
Tue Jul 18 20:45:59 2017 DHCP option string: 06080808 08080808 0404
Tue Jul 18 20:45:59 2017 Successful ARP Flush on interface [16] {BF6EC74E-E387-41D4-97AF-7AAC090606D7}
Tue Jul 18 20:45:59 2017 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Tue Jul 18 20:45:59 2017 MANAGEMENT: >STATE:1500403559,ASSIGN_IP,,10.8.0.6,,,,
Tue Jul 18 20:46:04 2017 TEST ROUTES: 3/3 succeeded len=2 ret=1 a=0 u/d=up
Tue Jul 18 20:46:04 2017 C:\WINDOWS\system32\route.exe ADD 127.0.0.1 MASK 255.255.255.255 10.0.0.138
Tue Jul 18 20:46:04 2017 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=50 and dwForwardType=4
Tue Jul 18 20:46:04 2017 Route addition via IPAPI succeeded [adaptive]
Tue Jul 18 20:46:04 2017 C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.8.0.5
Tue Jul 18 20:46:04 2017 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=35 and dwForwardType=4
Tue Jul 18 20:46:04 2017 Route addition via IPAPI succeeded [adaptive]
Tue Jul 18 20:46:04 2017 C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.8.0.5
Tue Jul 18 20:46:04 2017 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=35 and dwForwardType=4
Tue Jul 18 20:46:04 2017 Route addition via IPAPI succeeded [adaptive]
Tue Jul 18 20:46:04 2017 MANAGEMENT: >STATE:1500403564,ADD_ROUTES,,,,,,
Tue Jul 18 20:46:04 2017 C:\WINDOWS\system32\route.exe ADD MY_PUBLIC_IP MASK 255.255.255.255 10.0.0.138
Tue Jul 18 20:46:04 2017 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=50 and dwForwardType=4
Tue Jul 18 20:46:04 2017 Route addition via IPAPI succeeded [adaptive]
Tue Jul 18 20:46:04 2017 C:\WINDOWS\system32\route.exe ADD 10.8.0.1 MASK 255.255.255.255 10.8.0.5
Tue Jul 18 20:46:04 2017 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=35 and dwForwardType=4
Tue Jul 18 20:46:04 2017 Route addition via IPAPI succeeded [adaptive]
Tue Jul 18 20:46:04 2017 Initialization Sequence Completed
Tue Jul 18 20:46:04 2017 MANAGEMENT: >STATE:1500403564,CONNECTED,SUCCESS,10.8.0.6,127.0.0.1,1337,127.0.0.1,59194
Code: Select all
Tue Jul 18 20:43:52 2017 TCP/UDP: Preserving recently used remote address: [AF_INET6]::1:1337
Tue Jul 18 20:43:52 2017 Socket Buffers: R=[65536->65536] S=[65536->65536]
Tue Jul 18 20:43:52 2017 Attempting to establish TCP connection with [AF_INET6]::1:1337 [nonblock]
[b]Tue Jul 18 20:43:52 2017 MANAGEMENT: >STATE:1500403432,TCP_CONNECT,,,,,,
Tue Jul 18 20:45:52 2017 TCP: connect to [AF_INET6]::1:1337 failed: Connection timed out (WSAETIMEDOUT)[/b]
Tue Jul 18 20:45:52 2017 SIGUSR1[connection failed(soft),init_instance] received, process restarting
Tue Jul 18 20:45:52 2017 MANAGEMENT: >STATE:1500403552,RECONNECTING,init_instance,,,,,
Tue Jul 18 20:45:52 2017 Restart pause, 5 second(s)
Tue Jul 18 20:45:57 2017 Re-using SSL/TLS context
Tue Jul 18 20:45:57 2017 LZO compression initializing
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: OpenVPN 2.4 client connection problems
Does it work with out stunnel ?
-
- OpenVpn Newbie
- Posts: 4
- Joined: Tue Jul 18, 2017 7:12 am
Re: OpenVPN 2.4 client connection problems
Yes, it does. How should I configure Stunnel?
BTW. Stunnel doesn't work for me. The organization I work for blocks all encrypted trafic, but seems to allow certain SSL connections (E-banking, Gmail...). The stunnel connection is always blocked. Any tips?
BTW. Stunnel doesn't work for me. The organization I work for blocks all encrypted trafic, but seems to allow certain SSL connections (E-banking, Gmail...). The stunnel connection is always blocked. Any tips?
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: OpenVPN 2.4 client connection problems
Is it worth risking your job for ?mlamat wrote:The organization I work for blocks all encrypted trafic <snip> Any tips?
-
- OpenVpn Newbie
- Posts: 4
- Joined: Tue Jul 18, 2017 7:12 am
Re: OpenVPN 2.4 client connection problems
I travel a lot so it would be nice to have the stunnel connection for other reasons.