config
port 1194
proto tcp
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key # This file should be kept secret
dh dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 10 120
comp-lzo
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
log openvpn.log
;log-append openvpn.log
verb 5
plugin /usr/lib/openvpn/plugins/openvpn-plugin-auth-pam.so /etc/pam.d/opevpn
client-cert-not-required
username-as-common-name
log server
Wed May 6 15:36:18 2015 us=186107 IFCONFIG POOL LIST
Wed May 6 15:36:18 2015 us=186134 client,10.8.0.4
Wed May 6 15:36:18 2015 us=186161 rgoncalves,10.8.0.8
Wed May 6 15:36:18 2015 us=186235 Initialization Sequence Completed
Wed May 6 15:38:53 2015 us=325073 MULTI: multi_create_instance called
Wed May 6 15:38:53 2015 us=325211 192.168.1.6:51276 Re-using SSL/TLS context
Wed May 6 15:38:53 2015 us=325275 192.168.1.6:51276 LZO compression initialized
Wed May 6 15:38:53 2015 us=325510 192.168.1.6:51276 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Wed May 6 15:38:53 2015 us=325538 192.168.1.6:51276 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Wed May 6 15:38:53 2015 us=325746 192.168.1.6:51276 Local Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Wed May 6 15:38:53 2015 us=325769 192.168.1.6:51276 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Wed May 6 15:38:53 2015 us=325814 192.168.1.6:51276 Local Options hash (VER=V4): '530fdded'
Wed May 6 15:38:53 2015 us=325843 192.168.1.6:51276 Expected Remote Options hash (VER=V4): '41690919'
RWed May 6 15:38:53 2015 us=325925 192.168.1.6:51276 TLS: Initial packet from [AF_INET]192.168.1.6:51276, sid=e825baf0 7ecb68fd
WRRWWWWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRRRRWRWRWRWRWRWRWRWRWRWRWRWRWed May 6 15:38:54 2015 us=60241 192.168.1.6:51276 VERIFY ERROR: depth=0, error=unable to get local issuer certificate: C=PT, ST=LX, L=Lisbon, O=FMF, OU=FMF, CN=pcorreia, name=FMFvpn, emailAddress=
suporte@fmf-ferramentas.com
Wed May 6 15:38:54 2015 us=60390 192.168.1.6:51276 TLS_ERROR: BIO read tls_read_plaintext error: error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
Wed May 6 15:38:54 2015 us=60414 192.168.1.6:51276 TLS Error: TLS object -> incoming plaintext read error
Wed May 6 15:38:54 2015 us=60434 192.168.1.6:51276 TLS Error: TLS handshake failed
Wed May 6 15:38:54 2015 us=60530 192.168.1.6:51276 SIGUSR1[soft,tls-error] received, client-instance restarting
Wed May 6 15:39:55 2015 us=839368 MULTI: multi_create_instance called
Wed May 6 15:39:55 2015 us=839479 192.168.1.6:54000 Re-using SSL/TLS context
Wed May 6 15:39:55 2015 us=839520 192.168.1.6:54000 LZO compression initialized
Wed May 6 15:39:55 2015 us=839646 192.168.1.6:54000 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Wed May 6 15:39:55 2015 us=839675 192.168.1.6:54000 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Wed May 6 15:39:55 2015 us=839855 192.168.1.6:54000 Local Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Wed May 6 15:39:55 2015 us=839877 192.168.1.6:54000 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Wed May 6 15:39:55 2015 us=839910 192.168.1.6:54000 Local Options hash (VER=V4): '530fdded'
Wed May 6 15:39:55 2015 us=839940 192.168.1.6:54000 Expected Remote Options hash (VER=V4): '41690919'
RWed May 6 15:39:55 2015 us=839995 192.168.1.6:54000 TLS: Initial packet from [AF_INET]192.168.1.6:54000, sid=08400678 3c15c94e
WRRWWWWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRRRRWRWRWRWRWRWRWRWRWRWRWRWRWed May 6 15:39:56 2015 us=605309 192.168.1.6:54000 VERIFY ERROR: depth=0, error=unable to get local issuer certificate: C=PT, ST=LX, L=Lisbon, O=FMF, OU=FMF, CN=pcorreia, name=FMFvpn, emailAddress=
suporte@fmf-ferramentas.com
Wed May 6 15:39:56 2015 us=605410 192.168.1.6:54000 TLS_ERROR: BIO read tls_read_plaintext error: error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
Wed May 6 15:39:56 2015 us=605433 192.168.1.6:54000 TLS Error: TLS object -> incoming plaintext read error
Wed May 6 15:39:56 2015 us=605453 192.168.1.6:54000 TLS Error: TLS handshake failed
log client
Wed May 06 15:40:35 2015 Local Options hash (VER=V4): 'd3a7571a'
Wed May 06 15:40:35 2015 Expected Remote Options hash (VER=V4): '5b1533a2'
Wed May 06 15:40:35 2015 UDPv4 link local: [undef]
Wed May 06 15:40:35 2015 UDPv4 link remote: 192.168.1.250:1194
Wed May 06 15:40:35 2015 TLS: Initial packet from 192.168.1.250:1194, sid=453f015f f6f4a5a7
Wed May 06 15:40:35 2015 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Wed May 06 15:40:35 2015 VERIFY OK: depth=1, /C=PT/ST=LX/L=Lisbon/O=empresa/OU=empresaVpn/CN=empresa_CA/name=empresavpn/emailAddress=
suporte@empresa-company.com
Wed May 06 15:40:35 2015 VERIFY OK: depth=0, /C=PT/ST=LX/L=Lisbon/O=empresa/OU=empresaVpn/CN=server/name=empresavpn/emailAddress=
suporte@empresa-company.com
Wed May 06 15:41:36 2015 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed May 06 15:41:36 2015 TLS Error: TLS handshake failed
Wed May 06 15:41:36 2015 TCP/UDP: Closing socket
Wed May 06 15:41:36 2015 SIGUSR1[soft,tls-error] received, process restarting