ON THE SERVER
cat /etc/openvpn/server.conf
Code: Select all
dev tun
#proto tcp
proto udp
port 1194
ca /etc/openvpn/ca.crt
cert /etc/openvpn/server.crt
key /etc/openvpn/server.key
dh /etc/openvpn/dh2048.pem
user nobody
group nogroup
server 10.8.0.0 255.255.255.0
persist-key
persist-tun
status /var/log/openvpn-status.log
verb 3
client-to-client
push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
log-append /var/log/openvpn
comp-lzo
ifconfig -a
Code: Select all
eth0 Link encap:Ethernet HWaddr 00:0d:60:6c:39:3e
BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
eth1 Link encap:Ethernet HWaddr 00:1b:2f:31:99:46
inet addr:192.168.1.115 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::21b:2fff:fe31:9946/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:232748 errors:0 dropped:0 overruns:0 frame:0
TX packets:60373 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:22956697 (21.8 MiB) TX bytes:9382931 (8.9 MiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:318 errors:0 dropped:0 overruns:0 frame:0
TX packets:318 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:19283 (18.8 KiB) TX bytes:19283 (18.8 KiB)
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.8.0.1 P-t-P:10.8.0.2 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:1338 errors:0 dropped:0 overruns:0 frame:0
TX packets:7 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:82710 (80.7 KiB) TX bytes:600 (600.0 B)
cat /var/log/openvpn-status.log
Code: Select all
OpenVPN CLIENT LIST
Updated,Thu Oct 22 15:28:35 2015
Common Name,Real Address,Bytes Received,Bytes Sent,Connected Since
XXXXNAME,my.IP.my.IP:45831,12808,5642,Thu Oct 22 15:17:37 2015
ROUTING TABLE
Virtual Address,Common Name,Real Address,Last Ref
10.8.0.6,XXXXNAME,my.IP.my.IP:45831,Thu Oct 22 15:18:32 2015
GLOBAL STATS
Max bcast/mcast queue length,0
END
cat /var/log/openvpn
Code: Select all
RTNETLINK answers: Operation not permitted
Thu Oct 22 14:52:33 2015 ERROR: Linux route delete command failed: external program exited with error status: 2
Thu Oct 22 14:52:33 2015 Closing TUN/TAP interface
Thu Oct 22 14:52:33 2015 /sbin/ip addr del dev tun0 local 10.8.0.1 peer 10.8.0.2
RTNETLINK answers: Operation not permitted
Thu Oct 22 14:52:33 2015 Linux ip addr del failed: external program exited with error status: 2
Thu Oct 22 14:52:33 2015 SIGTERM[hard,] received, process exiting
Options error: --dh fails with '/etc/openvpn/dh1024.pem': No such file or directory
Options error: Please correct these errors.
Use --help for more information.
Thu Oct 22 14:54:26 2015 OpenVPN 2.3.4 i586-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Dec 1 2014
Thu Oct 22 14:54:26 2015 library versions: OpenSSL 1.0.1k 8 Jan 2015, LZO 2.08
Thu Oct 22 14:54:26 2015 WARNING: --keepalive option is missing from server config
Thu Oct 22 14:54:26 2015 NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x. Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
Thu Oct 22 14:54:26 2015 Diffie-Hellman initialized with 2048 bit key
Thu Oct 22 14:54:26 2015 Socket Buffers: R=[163840->131072] S=[163840->131072]
Thu Oct 22 14:54:26 2015 ROUTE_GATEWAY 192.168.1.1/255.255.255.0 IFACE=eth1 HWADDR=00:1b:2f:31:99:46
Thu Oct 22 14:54:26 2015 TUN/TAP device tun0 opened
Thu Oct 22 14:54:26 2015 TUN/TAP TX queue length set to 100
Thu Oct 22 14:54:26 2015 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Thu Oct 22 14:54:26 2015 /sbin/ip link set dev tun0 up mtu 1500
Thu Oct 22 14:54:26 2015 /sbin/ip addr add dev tun0 local 10.8.0.1 peer 10.8.0.2
Thu Oct 22 14:54:26 2015 /sbin/ip route add 10.8.0.0/24 via 10.8.0.2
Thu Oct 22 14:54:26 2015 GID set to nogroup
Thu Oct 22 14:54:26 2015 UID set to nobody
Thu Oct 22 14:54:26 2015 UDPv4 link local (bound): [undef]
Thu Oct 22 14:54:26 2015 UDPv4 link remote: [undef]
Thu Oct 22 14:54:26 2015 MULTI: multi_init called, r=256 v=256
Thu Oct 22 14:54:26 2015 IFCONFIG POOL: base=10.8.0.4 size=62, ipv6=0
Thu Oct 22 14:54:26 2015 Initialization Sequence Completed
Thu Oct 22 15:05:40 2015 68.82.29.112:37245 TLS: Initial packet from [AF_INET]68.82.29.112:37245, sid=b4fc6ac8 53cc6982
Thu Oct 22 15:05:42 2015 68.82.29.112:37245 VERIFY OK: depth=1, C=US, ST=PA, L=Upper Merion, O=UMDGC, OU=UMDGCLLC, CN=UMDGC CA, name=server, emailAddress=umdgcllc@gmail.com
Thu Oct 22 15:05:42 2015 68.82.29.112:37245 VERIFY OK: depth=0, C=US, ST=PA, L=Upper Merion, O=UMDGC, OU=UMDGCLLC, CN=dave, name=server, emailAddress=umdgcllc@gmail.com
Thu Oct 22 15:05:42 2015 68.82.29.112:37245 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Oct 22 15:05:42 2015 68.82.29.112:37245 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Oct 22 15:05:42 2015 68.82.29.112:37245 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Oct 22 15:05:42 2015 68.82.29.112:37245 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Oct 22 15:05:42 2015 68.82.29.112:37245 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Thu Oct 22 15:05:42 2015 68.82.29.112:37245 [dave] Peer Connection Initiated with [AF_INET]68.82.29.112:37245
Thu Oct 22 15:05:42 2015 dave/68.82.29.112:37245 MULTI_sva: pool returned IPv4=10.8.0.6, IPv6=(Not enabled)
Thu Oct 22 15:05:42 2015 dave/68.82.29.112:37245 MULTI: Learn: 10.8.0.6 -> dave/68.82.29.112:37245
Thu Oct 22 15:05:42 2015 dave/68.82.29.112:37245 MULTI: primary virtual IP for dave/68.82.29.112:37245: 10.8.0.6
Thu Oct 22 15:05:45 2015 dave/68.82.29.112:37245 PUSH: Received control message: 'PUSH_REQUEST'
Thu Oct 22 15:05:45 2015 dave/68.82.29.112:37245 send_push_reply(): safe_cap=940
Thu Oct 22 15:05:45 2015 dave/68.82.29.112:37245 SENT CONTROL [dave]: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route 10.8.0.0 255.255.255.0,topology net30,ifconfig 10.8.0.6 10.8.0.5' (status=1)
Thu Oct 22 15:07:46 2015 68.82.29.112:60657 TLS: Initial packet from [AF_INET]68.82.29.112:60657, sid=c521713f 43614c3d
Thu Oct 22 15:07:47 2015 68.82.29.112:60657 VERIFY OK: depth=1, C=US, ST=PA, L=Upper Merion, O=UMDGC, OU=UMDGCLLC, CN=UMDGC CA, name=server, emailAddress=umdgcllc@gmail.com
Thu Oct 22 15:07:47 2015 68.82.29.112:60657 VERIFY OK: depth=0, C=US, ST=PA, L=Upper Merion, O=UMDGC, OU=UMDGCLLC, CN=dave, name=server, emailAddress=umdgcllc@gmail.com
Thu Oct 22 15:07:47 2015 68.82.29.112:60657 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Oct 22 15:07:47 2015 68.82.29.112:60657 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Oct 22 15:07:47 2015 68.82.29.112:60657 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Oct 22 15:07:47 2015 68.82.29.112:60657 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Oct 22 15:07:47 2015 68.82.29.112:60657 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Thu Oct 22 15:07:47 2015 68.82.29.112:60657 [dave] Peer Connection Initiated with [AF_INET]68.82.29.112:60657
Thu Oct 22 15:07:47 2015 MULTI: new connection by client 'dave' will cause previous active sessions by this client to be dropped. Remember to use the --duplicate-cn option if you want multiple clients using the same certificate or username to concurrently connect.
Thu Oct 22 15:07:47 2015 MULTI_sva: pool returned IPv4=10.8.0.6, IPv6=(Not enabled)
Thu Oct 22 15:07:47 2015 MULTI: Learn: 10.8.0.6 -> dave/68.82.29.112:60657
Thu Oct 22 15:07:47 2015 MULTI: primary virtual IP for dave/68.82.29.112:60657: 10.8.0.6
Thu Oct 22 15:07:48 2015 dave/68.82.29.112:60657 PUSH: Received control message: 'PUSH_REQUEST'
Thu Oct 22 15:07:48 2015 dave/68.82.29.112:60657 send_push_reply(): safe_cap=940
Thu Oct 22 15:07:48 2015 dave/68.82.29.112:60657 SENT CONTROL [dave]: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route 10.8.0.0 255.255.255.0,topology net30,ifconfig 10.8.0.6 10.8.0.5' (status=1)
Thu Oct 22 15:09:50 2015 68.82.29.112:58037 TLS: Initial packet from [AF_INET]68.82.29.112:58037, sid=f79f70f8 c1c233f7
Thu Oct 22 15:09:51 2015 68.82.29.112:58037 VERIFY OK: depth=1, C=US, ST=PA, L=Upper Merion, O=UMDGC, OU=UMDGCLLC, CN=UMDGC CA, name=server, emailAddress=umdgcllc@gmail.com
Thu Oct 22 15:09:51 2015 68.82.29.112:58037 VERIFY OK: depth=0, C=US, ST=PA, L=Upper Merion, O=UMDGC, OU=UMDGCLLC, CN=dave, name=server, emailAddress=umdgcllc@gmail.com
Thu Oct 22 15:09:52 2015 68.82.29.112:58037 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Oct 22 15:09:52 2015 68.82.29.112:58037 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Oct 22 15:09:52 2015 68.82.29.112:58037 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Oct 22 15:09:52 2015 68.82.29.112:58037 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Oct 22 15:09:52 2015 68.82.29.112:58037 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Thu Oct 22 15:09:52 2015 68.82.29.112:58037 [dave] Peer Connection Initiated with [AF_INET]68.82.29.112:58037
Thu Oct 22 15:09:52 2015 MULTI: new connection by client 'dave' will cause previous active sessions by this client to be dropped. Remember to use the --duplicate-cn option if you want multiple clients using the same certificate or username to concurrently connect.
Thu Oct 22 15:09:52 2015 MULTI_sva: pool returned IPv4=10.8.0.6, IPv6=(Not enabled)
Thu Oct 22 15:09:52 2015 MULTI: Learn: 10.8.0.6 -> dave/68.82.29.112:58037
Thu Oct 22 15:09:52 2015 MULTI: primary virtual IP for dave/68.82.29.112:58037: 10.8.0.6
Thu Oct 22 15:09:53 2015 dave/68.82.29.112:58037 PUSH: Received control message: 'PUSH_REQUEST'
Thu Oct 22 15:09:53 2015 dave/68.82.29.112:58037 send_push_reply(): safe_cap=940
Thu Oct 22 15:09:53 2015 dave/68.82.29.112:58037 SENT CONTROL [dave]: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route 10.8.0.0 255.255.255.0,topology net30,ifconfig 10.8.0.6 10.8.0.5' (status=1)
Thu Oct 22 15:12:05 2015 68.82.29.112:46924 TLS: Initial packet from [AF_INET]68.82.29.112:46924, sid=756b158f ae8351af
Thu Oct 22 15:12:07 2015 68.82.29.112:46924 VERIFY OK: depth=1, C=US, ST=PA, L=Upper Merion, O=UMDGC, OU=UMDGCLLC, CN=UMDGC CA, name=server, emailAddress=umdgcllc@gmail.com
Thu Oct 22 15:12:07 2015 68.82.29.112:46924 VERIFY OK: depth=0, C=US, ST=PA, L=Upper Merion, O=UMDGC, OU=UMDGCLLC, CN=dave, name=server, emailAddress=umdgcllc@gmail.com
Thu Oct 22 15:12:07 2015 68.82.29.112:46924 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Oct 22 15:12:07 2015 68.82.29.112:46924 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Oct 22 15:12:07 2015 68.82.29.112:46924 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Oct 22 15:12:07 2015 68.82.29.112:46924 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Oct 22 15:12:07 2015 68.82.29.112:46924 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Thu Oct 22 15:12:07 2015 68.82.29.112:46924 [dave] Peer Connection Initiated with [AF_INET]68.82.29.112:46924
Thu Oct 22 15:12:07 2015 MULTI: new connection by client 'dave' will cause previous active sessions by this client to be dropped. Remember to use the --duplicate-cn option if you want multiple clients using the same certificate or username to concurrently connect.
Thu Oct 22 15:12:07 2015 MULTI_sva: pool returned IPv4=10.8.0.6, IPv6=(Not enabled)
Thu Oct 22 15:12:07 2015 MULTI: Learn: 10.8.0.6 -> dave/68.82.29.112:46924
Thu Oct 22 15:12:07 2015 MULTI: primary virtual IP for dave/68.82.29.112:46924: 10.8.0.6
Thu Oct 22 15:12:09 2015 dave/68.82.29.112:46924 PUSH: Received control message: 'PUSH_REQUEST'
Thu Oct 22 15:12:09 2015 dave/68.82.29.112:46924 send_push_reply(): safe_cap=940
Thu Oct 22 15:12:09 2015 dave/68.82.29.112:46924 SENT CONTROL [dave]: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route 10.8.0.0 255.255.255.0,topology net30,ifconfig 10.8.0.6 10.8.0.5' (status=1)
Thu Oct 22 15:15:33 2015 68.82.29.112:36059 TLS: Initial packet from [AF_INET]68.82.29.112:36059, sid=31bb5fb8 a1df7f5b
Thu Oct 22 15:15:34 2015 68.82.29.112:36059 VERIFY OK: depth=1, C=US, ST=PA, L=Upper Merion, O=UMDGC, OU=UMDGCLLC, CN=UMDGC CA, name=server, emailAddress=umdgcllc@gmail.com
Thu Oct 22 15:15:34 2015 68.82.29.112:36059 VERIFY OK: depth=0, C=US, ST=PA, L=Upper Merion, O=UMDGC, OU=UMDGCLLC, CN=dave, name=server, emailAddress=umdgcllc@gmail.com
Thu Oct 22 15:15:34 2015 68.82.29.112:36059 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Oct 22 15:15:34 2015 68.82.29.112:36059 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Oct 22 15:15:34 2015 68.82.29.112:36059 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Oct 22 15:15:34 2015 68.82.29.112:36059 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Oct 22 15:15:34 2015 68.82.29.112:36059 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Thu Oct 22 15:15:34 2015 68.82.29.112:36059 [dave] Peer Connection Initiated with [AF_INET]68.82.29.112:36059
Thu Oct 22 15:15:34 2015 MULTI: new connection by client 'dave' will cause previous active sessions by this client to be dropped. Remember to use the --duplicate-cn option if you want multiple clients using the same certificate or username to concurrently connect.
Thu Oct 22 15:15:34 2015 MULTI_sva: pool returned IPv4=10.8.0.6, IPv6=(Not enabled)
Thu Oct 22 15:15:34 2015 MULTI: Learn: 10.8.0.6 -> dave/68.82.29.112:36059
Thu Oct 22 15:15:34 2015 MULTI: primary virtual IP for dave/68.82.29.112:36059: 10.8.0.6
Thu Oct 22 15:15:35 2015 dave/68.82.29.112:36059 PUSH: Received control message: 'PUSH_REQUEST'
Thu Oct 22 15:15:35 2015 dave/68.82.29.112:36059 send_push_reply(): safe_cap=940
Thu Oct 22 15:15:35 2015 dave/68.82.29.112:36059 SENT CONTROL [dave]: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route 10.8.0.0 255.255.255.0,topology net30,ifconfig 10.8.0.6 10.8.0.5' (status=1)
Thu Oct 22 15:17:37 2015 68.82.29.112:45831 TLS: Initial packet from [AF_INET]68.82.29.112:45831, sid=10a6682a a6339aea
Thu Oct 22 15:17:39 2015 68.82.29.112:45831 VERIFY OK: depth=1, C=US, ST=PA, L=Upper Merion, O=UMDGC, OU=UMDGCLLC, CN=UMDGC CA, name=server, emailAddress=umdgcllc@gmail.com
Thu Oct 22 15:17:39 2015 68.82.29.112:45831 VERIFY OK: depth=0, C=US, ST=PA, L=Upper Merion, O=UMDGC, OU=UMDGCLLC, CN=dave, name=server, emailAddress=umdgcllc@gmail.com
Thu Oct 22 15:17:39 2015 68.82.29.112:45831 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Oct 22 15:17:39 2015 68.82.29.112:45831 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Oct 22 15:17:39 2015 68.82.29.112:45831 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Oct 22 15:17:39 2015 68.82.29.112:45831 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Oct 22 15:17:39 2015 68.82.29.112:45831 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Thu Oct 22 15:17:39 2015 68.82.29.112:45831 [dave] Peer Connection Initiated with [AF_INET]68.82.29.112:45831
Thu Oct 22 15:17:39 2015 MULTI: new connection by client 'dave' will cause previous active sessions by this client to be dropped. Remember to use the --duplicate-cn option if you want multiple clients using the same certificate or username to concurrently connect.
Thu Oct 22 15:17:39 2015 MULTI_sva: pool returned IPv4=10.8.0.6, IPv6=(Not enabled)
Thu Oct 22 15:17:39 2015 MULTI: Learn: 10.8.0.6 -> dave/68.82.29.112:45831
Thu Oct 22 15:17:39 2015 MULTI: primary virtual IP for dave/68.82.29.112:45831: 10.8.0.6
Thu Oct 22 15:17:41 2015 dave/68.82.29.112:45831 PUSH: Received control message: 'PUSH_REQUEST'
Thu Oct 22 15:17:41 2015 dave/68.82.29.112:45831 send_push_reply(): safe_cap=940
Thu Oct 22 15:17:41 2015 dave/68.82.29.112:45831 SENT CONTROL [dave]: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route 10.8.0.0 255.255.255.0,topology net30,ifconfig 10.8.0.6 10.8.0.5' (status=1)