[Solved] TLS handshake error - EasyRSA 3

Support forum for Easy-RSA certificate management suite.
evad
OpenVpn Newbie
Posts: 3
Joined: Mon Sep 01, 2014 1:38 pm

[Solved] TLS handshake error - EasyRSA 3

Postby evad » Mon Sep 01, 2014 3:19 pm

Hello there,

I had an openvpn server running in Ubuntu with easyrsa version 2.something. It worked fine and I remember the setup not being terribly complicated. I just use it as a secure connection when I'm using public wifi on my laptop or phone. Recently I decided to wipe out Ubuntu and run CentOS 6.5 and use easyrsa 3 and now I'm stuck. The only experience I have with PKI and TLS is what I've done in setting up openvpn for my own purposes. Maybe I'm misunderstanding the man page for easyrsa3 and my error is something simple but I'm out of ideas at this point and need some help.

To get the initial setup working, I'm on the same subnet as my server. I'll worry about forwarding traffic later. The way I understood easyrsa3 is that I need one easy-rsa directory for the CA, a separate one for the server (easy-rsa-SERVER) and separate ones for the clients (easy-rsa-CLIENT). I built the pki on and the CA in its directory. Built a pki, did a gen-req and made a DH for the server in its directory. Then built pki and gen-req for the clients in their own directories. Imported the req's to the CA and signed them. Built my configs on server and client, transferred the client's key, its cert and the CA's cert to the client.

As I understand it, the client needs to have its key, its cert and the CA's cert.

The logs make it sound like I'm having connectivity issues between server and the client but thats not the case because I'm ssh'd into the server from the client. In my troubleshooting I've disabled all firewalls and antivirus on the client and turned off the firewall on the server as well as set SELinux to permissive. Nothing has made a difference, handshake fails each time and the logs are identical each time.

The server is on 10.20.30.9
The client is on 10.20.30.6

Server Conf

Code: Select all

port 1194
proto udp
dev tun
ca /etc/openvpn/easy-rsa/pki/ca.crt
cert /etc/openvpn/easy-rsa/pki/issued/EVAD-SERVER.crt
key /etc/openvpn/easy-rsa-SERVER/pki/private/EVAD-SERVER.key
dh /etc/openvpn/easy-rsa-SERVER/pki/dh.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
keepalive 60 720
comp-lzo
persist-key
persist-tun
log-append  openvpn.log
verb 3


Server Log

Code: Select all

Mon Sep  1 08:55:29 2014 10.20.30.6:64063 TLS: Initial packet from [AF_INET]10.20.30.6:64063, sid=f249cda5 eb375b2f
Mon Sep  1 08:55:31 2014 10.20.30.6:64064 TLS: Initial packet from [AF_INET]10.20.30.6:64064, sid=1a972a19 a6525d80
Mon Sep  1 08:55:33 2014 10.20.30.6:64065 TLS: Initial packet from [AF_INET]10.20.30.6:64065, sid=47d71aeb 1e0b357a
Mon Sep  1 08:55:35 2014 10.20.30.6:64066 TLS: Initial packet from [AF_INET]10.20.30.6:64066, sid=db664970 58ba0dfa
Mon Sep  1 08:56:29 2014 10.20.30.6:64063 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Mon Sep  1 08:56:29 2014 10.20.30.6:64063 TLS Error: TLS handshake failed
Mon Sep  1 08:56:29 2014 10.20.30.6:64063 SIGUSR1[soft,tls-error] received, client-instance restarting
Mon Sep  1 08:56:31 2014 10.20.30.6:64064 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Mon Sep  1 08:56:31 2014 10.20.30.6:64064 TLS Error: TLS handshake failed
Mon Sep  1 08:56:31 2014 10.20.30.6:64064 SIGUSR1[soft,tls-error] received, client-instance restarting
Mon Sep  1 08:56:33 2014 10.20.30.6:64065 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Mon Sep  1 08:56:33 2014 10.20.30.6:64065 TLS Error: TLS handshake failed
Mon Sep  1 08:56:33 2014 10.20.30.6:64065 SIGUSR1[soft,tls-error] received, client-instance restarting
Mon Sep  1 08:56:36 2014 10.20.30.6:64066 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Mon Sep  1 08:56:36 2014 10.20.30.6:64066 TLS Error: TLS handshake failed
Mon Sep  1 08:56:36 2014 10.20.30.6:64066 SIGUSR1[soft,tls-error] received, client-instance restarting


Code: Select all

client
dev tun
proto udp
remote 10.20.30.9 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert evad-laptop.crt
key evad-laptop.key
ns-cert-type server
comp-lzo
verb 3


Client Log

Code: Select all

Mon Sep 01 08:55:20 2014 OpenVPN 2.3.4 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on May  2 2014
Mon Sep 01 08:55:20 2014 library versions: OpenSSL 1.0.1g 7 Apr 2014, LZO 2.05
Enter Management Password:
Mon Sep 01 08:55:20 2014 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Mon Sep 01 08:55:20 2014 Need hold release from management interface, waiting...
Mon Sep 01 08:55:20 2014 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Mon Sep 01 08:55:20 2014 MANAGEMENT: CMD 'state on'
Mon Sep 01 08:55:20 2014 MANAGEMENT: CMD 'log all on'
Mon Sep 01 08:55:20 2014 MANAGEMENT: CMD 'hold off'
Mon Sep 01 08:55:20 2014 MANAGEMENT: CMD 'hold release'
Mon Sep 01 08:55:26 2014 MANAGEMENT: CMD 'password [...]'
Mon Sep 01 08:55:26 2014 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Mon Sep 01 08:55:26 2014 Socket Buffers: R=[8192->8192] S=[8192->8192]
Mon Sep 01 08:55:26 2014 UDPv4 link local: [undef]
Mon Sep 01 08:55:26 2014 UDPv4 link remote: [AF_INET]10.20.30.9:1194
Mon Sep 01 08:55:26 2014 MANAGEMENT: >STATE:1409579726,WAIT,,,
Mon Sep 01 08:55:26 2014 MANAGEMENT: >STATE:1409579726,AUTH,,,
Mon Sep 01 08:55:26 2014 TLS: Initial packet from [AF_INET]10.20.30.9:1194, sid=c710ca7a bc79e32e
Mon Sep 01 08:55:26 2014 VERIFY OK: depth=1, CN=EVAD-VPN-CA
Mon Sep 01 08:55:26 2014 VERIFY nsCertType ERROR: CN=EVAD-VPN, require nsCertType=SERVER
Mon Sep 01 08:55:26 2014 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Mon Sep 01 08:55:26 2014 TLS Error: TLS object -> incoming plaintext read error
Mon Sep 01 08:55:26 2014 TLS Error: TLS handshake failed
Mon Sep 01 08:55:26 2014 SIGUSR1[soft,tls-error] received, process restarting
Mon Sep 01 08:55:26 2014 MANAGEMENT: >STATE:1409579726,RECONNECTING,tls-error,,
Mon Sep 01 08:55:26 2014 Restart pause, 2 second(s)
Mon Sep 01 08:55:28 2014 Socket Buffers: R=[8192->8192] S=[8192->8192]
Mon Sep 01 08:55:28 2014 UDPv4 link local: [undef]
Mon Sep 01 08:55:28 2014 UDPv4 link remote: [AF_INET]10.20.30.9:1194
Mon Sep 01 08:55:28 2014 MANAGEMENT: >STATE:1409579728,WAIT,,,
Mon Sep 01 08:55:28 2014 MANAGEMENT: >STATE:1409579728,AUTH,,,
Mon Sep 01 08:55:28 2014 TLS: Initial packet from [AF_INET]10.20.30.9:1194, sid=605acb84 8ca70128
Mon Sep 01 08:55:28 2014 VERIFY OK: depth=1, CN=EVAD-VPN-CA
Mon Sep 01 08:55:28 2014 VERIFY nsCertType ERROR: CN=EVAD-VPN, require nsCertType=SERVER
Mon Sep 01 08:55:28 2014 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Mon Sep 01 08:55:28 2014 TLS Error: TLS object -> incoming plaintext read error
Mon Sep 01 08:55:28 2014 TLS Error: TLS handshake failed
Mon Sep 01 08:55:28 2014 SIGUSR1[soft,tls-error] received, process restarting
Mon Sep 01 08:55:28 2014 MANAGEMENT: >STATE:1409579728,RECONNECTING,tls-error,,
Mon Sep 01 08:55:28 2014 Restart pause, 2 second(s)
Mon Sep 01 08:55:30 2014 Socket Buffers: R=[8192->8192] S=[8192->8192]
Mon Sep 01 08:55:30 2014 UDPv4 link local: [undef]
Mon Sep 01 08:55:30 2014 UDPv4 link remote: [AF_INET]10.20.30.9:1194
Mon Sep 01 08:55:30 2014 MANAGEMENT: >STATE:1409579730,WAIT,,,
Mon Sep 01 08:55:30 2014 MANAGEMENT: >STATE:1409579730,AUTH,,,
Mon Sep 01 08:55:30 2014 TLS: Initial packet from [AF_INET]10.20.30.9:1194, sid=15d07ac6 ad760f9a
Mon Sep 01 08:55:30 2014 VERIFY OK: depth=1, CN=EVAD-VPN-CA
Mon Sep 01 08:55:30 2014 VERIFY nsCertType ERROR: CN=EVAD-VPN, require nsCertType=SERVER
Mon Sep 01 08:55:30 2014 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Mon Sep 01 08:55:30 2014 TLS Error: TLS object -> incoming plaintext read error
Mon Sep 01 08:55:30 2014 TLS Error: TLS handshake failed
Mon Sep 01 08:55:30 2014 SIGUSR1[soft,tls-error] received, process restarting
Mon Sep 01 08:55:30 2014 MANAGEMENT: >STATE:1409579730,RECONNECTING,tls-error,,
Mon Sep 01 08:55:30 2014 Restart pause, 2 second(s)
Mon Sep 01 08:55:33 2014 Socket Buffers: R=[8192->8192] S=[8192->8192]
Mon Sep 01 08:55:33 2014 UDPv4 link local: [undef]
Mon Sep 01 08:55:33 2014 UDPv4 link remote: [AF_INET]10.20.30.9:1194
Mon Sep 01 08:55:33 2014 MANAGEMENT: >STATE:1409579733,WAIT,,,
Mon Sep 01 08:55:33 2014 MANAGEMENT: >STATE:1409579733,AUTH,,,
Mon Sep 01 08:55:33 2014 TLS: Initial packet from [AF_INET]10.20.30.9:1194, sid=cab2b7f7 df7a9455
Mon Sep 01 08:55:33 2014 VERIFY OK: depth=1, CN=EVAD-VPN-CA
Mon Sep 01 08:55:33 2014 VERIFY nsCertType ERROR: CN=EVAD-VPN, require nsCertType=SERVER
Mon Sep 01 08:55:33 2014 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Mon Sep 01 08:55:33 2014 TLS Error: TLS object -> incoming plaintext read error
Mon Sep 01 08:55:33 2014 TLS Error: TLS handshake failed
Mon Sep 01 08:55:33 2014 SIGUSR1[soft,tls-error] received, process restarting
Mon Sep 01 08:55:33 2014 MANAGEMENT: >STATE:1409579733,RECONNECTING,tls-error,,
Mon Sep 01 08:55:33 2014 Restart pause, 2 second(s)
Mon Sep 01 08:55:34 2014 SIGTERM[hard,init_instance] received, process exiting
Mon Sep 01 08:55:34 2014 MANAGEMENT: >STATE:1409579734,EXITING,init_instance,,


Any advice would be greatly appreciated.
Last edited by debbie10t on Wed Sep 03, 2014 10:15 am, edited 4 times in total.
Reason: Title Clarity

evad
OpenVpn Newbie
Posts: 3
Joined: Mon Sep 01, 2014 1:38 pm

Re: TLS handshake error

Postby evad » Mon Sep 01, 2014 3:33 pm

Increased verbosity of logs to exceed forum rules...

Server at Verb 5

Code: Select all

Mon Sep  1 10:22:31 2014 us=24707 Current Parameter Settings:
Mon Sep  1 10:22:31 2014 us=24804   config = 'server.conf'
Mon Sep  1 10:22:31 2014 us=24814   mode = 1
Mon Sep  1 10:22:31 2014 us=24821   persist_config = DISABLED
Mon Sep  1 10:22:31 2014 us=24829   persist_mode = 1
Mon Sep  1 10:22:31 2014 us=24836   show_ciphers = DISABLED
Mon Sep  1 10:22:31 2014 us=24843   show_digests = DISABLED
Mon Sep  1 10:22:31 2014 us=24849   show_engines = DISABLED
Mon Sep  1 10:22:31 2014 us=24856   genkey = DISABLED
Mon Sep  1 10:22:31 2014 us=24863   key_pass_file = '[UNDEF]'
Mon Sep  1 10:22:31 2014 us=24869   show_tls_ciphers = DISABLED
Mon Sep  1 10:22:31 2014 us=24876 Connection profiles [default]:
Mon Sep  1 10:22:31 2014 us=24883   proto = udp
Mon Sep  1 10:22:31 2014 us=24890   local = '[UNDEF]'
Mon Sep  1 10:22:31 2014 us=24897   local_port = 1194
Mon Sep  1 10:22:31 2014 us=24905   remote = '[UNDEF]'
Mon Sep  1 10:22:31 2014 us=24912   remote_port = 1194
Mon Sep  1 10:22:31 2014 us=24919   remote_float = DISABLED
Mon Sep  1 10:22:31 2014 us=24925   bind_defined = DISABLED
Mon Sep  1 10:22:31 2014 us=24932   bind_local = ENABLED
Mon Sep  1 10:22:31 2014 us=24938   connect_retry_seconds = 5
Mon Sep  1 10:22:31 2014 us=24945   connect_timeout = 10
Mon Sep  1 10:22:31 2014 us=24951   connect_retry_max = 0
Mon Sep  1 10:22:31 2014 us=24958   socks_proxy_server = '[UNDEF]'
Mon Sep  1 10:22:31 2014 us=24965   socks_proxy_port = 0
Mon Sep  1 10:22:31 2014 us=24971   socks_proxy_retry = DISABLED
Mon Sep  1 10:22:31 2014 us=24978   tun_mtu = 1500
Mon Sep  1 10:22:31 2014 us=24984   tun_mtu_defined = ENABLED
Mon Sep  1 10:22:31 2014 us=24991   link_mtu = 1500
Mon Sep  1 10:22:31 2014 us=24997   link_mtu_defined = DISABLED
Mon Sep  1 10:22:31 2014 us=25004   tun_mtu_extra = 0
Mon Sep  1 10:22:31 2014 us=25010   tun_mtu_extra_defined = DISABLED
Mon Sep  1 10:22:31 2014 us=25017   mtu_discover_type = -1
Mon Sep  1 10:22:31 2014 us=25023   fragment = 0
Mon Sep  1 10:22:31 2014 us=25030   mssfix = 1450
Mon Sep  1 10:22:31 2014 us=25036   explicit_exit_notification = 0
Mon Sep  1 10:22:31 2014 us=25044 Connection profiles END
Mon Sep  1 10:22:31 2014 us=25051   remote_random = DISABLED
Mon Sep  1 10:22:31 2014 us=25057   ipchange = '[UNDEF]'
Mon Sep  1 10:22:31 2014 us=25064   dev = 'tun'
Mon Sep  1 10:22:31 2014 us=25070   dev_type = '[UNDEF]'
Mon Sep  1 10:22:31 2014 us=25076   dev_node = '[UNDEF]'
Mon Sep  1 10:22:31 2014 us=25083   lladdr = '[UNDEF]'
Mon Sep  1 10:22:31 2014 us=25089   topology = 1
Mon Sep  1 10:22:31 2014 us=25096   tun_ipv6 = DISABLED
Mon Sep  1 10:22:31 2014 us=25102   ifconfig_local = '10.8.0.1'
Mon Sep  1 10:22:31 2014 us=25109   ifconfig_remote_netmask = '10.8.0.2'
Mon Sep  1 10:22:31 2014 us=25116   ifconfig_noexec = DISABLED
Mon Sep  1 10:22:31 2014 us=25122   ifconfig_nowarn = DISABLED
Mon Sep  1 10:22:31 2014 us=25129   ifconfig_ipv6_local = '[UNDEF]'
Mon Sep  1 10:22:31 2014 us=25135   ifconfig_ipv6_netbits = 0
Mon Sep  1 10:22:31 2014 us=25142   ifconfig_ipv6_remote = '[UNDEF]'
Mon Sep  1 10:22:31 2014 us=25148   shaper = 0
Mon Sep  1 10:22:31 2014 us=25163   mtu_test = 0
Mon Sep  1 10:22:31 2014 us=25170   mlock = DISABLED
Mon Sep  1 10:22:31 2014 us=25176   keepalive_ping = 60
Mon Sep  1 10:22:31 2014 us=25183   keepalive_timeout = 720
Mon Sep  1 10:22:31 2014 us=25189   inactivity_timeout = 0
Mon Sep  1 10:22:31 2014 us=25196   ping_send_timeout = 60
Mon Sep  1 10:22:31 2014 us=25202   ping_rec_timeout = 1440
Mon Sep  1 10:22:31 2014 us=25209   ping_rec_timeout_action = 2
Mon Sep  1 10:22:31 2014 us=25215   ping_timer_remote = DISABLED
Mon Sep  1 10:22:31 2014 us=25222   remap_sigusr1 = 0
Mon Sep  1 10:22:31 2014 us=25228   persist_tun = ENABLED
Mon Sep  1 10:22:31 2014 us=25234   persist_local_ip = DISABLED
Mon Sep  1 10:22:31 2014 us=25241   persist_remote_ip = DISABLED
Mon Sep  1 10:22:31 2014 us=25247   persist_key = ENABLED
Mon Sep  1 10:22:31 2014 us=25255   passtos = DISABLED
Mon Sep  1 10:22:31 2014 us=25262   resolve_retry_seconds = 1000000000
Mon Sep  1 10:22:31 2014 us=25268   username = '[UNDEF]'
Mon Sep  1 10:22:31 2014 us=25279   groupname = '[UNDEF]'
Mon Sep  1 10:22:31 2014 us=25286   chroot_dir = '[UNDEF]'
Mon Sep  1 10:22:31 2014 us=25292   cd_dir = '/etc/openvpn'
Mon Sep  1 10:22:31 2014 us=25299   writepid = '/var/run/openvpn/server.pid'
Mon Sep  1 10:22:31 2014 us=25305   up_script = '[UNDEF]'
Mon Sep  1 10:22:31 2014 us=25312   down_script = '[UNDEF]'
Mon Sep  1 10:22:31 2014 us=25318   down_pre = DISABLED
Mon Sep  1 10:22:31 2014 us=25325   up_restart = DISABLED
Mon Sep  1 10:22:31 2014 us=25331   up_delay = DISABLED
Mon Sep  1 10:22:31 2014 us=25338   daemon = ENABLED
Mon Sep  1 10:22:31 2014 us=25344   inetd = 0
Mon Sep  1 10:22:31 2014 us=25350   log = ENABLED
Mon Sep  1 10:22:31 2014 us=25357   suppress_timestamps = DISABLED
Mon Sep  1 10:22:31 2014 us=25363   nice = 0
Mon Sep  1 10:22:31 2014 us=25370   verbosity = 5
Mon Sep  1 10:22:31 2014 us=25376   mute = 0
Mon Sep  1 10:22:31 2014 us=25383   gremlin = 0
Mon Sep  1 10:22:31 2014 us=25389   status_file = 'openvpn-status.log'
Mon Sep  1 10:22:31 2014 us=25396   status_file_version = 1
Mon Sep  1 10:22:31 2014 us=25402   status_file_update_freq = 60
Mon Sep  1 10:22:31 2014 us=25409   occ = ENABLED
Mon Sep  1 10:22:31 2014 us=25415   rcvbuf = 65536
Mon Sep  1 10:22:31 2014 us=25422   sndbuf = 65536
Mon Sep  1 10:22:31 2014 us=25428   mark = 0
Mon Sep  1 10:22:31 2014 us=25435   sockflags = 0
Mon Sep  1 10:22:31 2014 us=25441   fast_io = DISABLED
Mon Sep  1 10:22:31 2014 us=25447   lzo = 7
Mon Sep  1 10:22:31 2014 us=25454   route_script = '[UNDEF]'
Mon Sep  1 10:22:31 2014 us=25461   route_default_gateway = '[UNDEF]'
Mon Sep  1 10:22:31 2014 us=25467   route_default_metric = 0
Mon Sep  1 10:22:31 2014 us=25474   route_noexec = DISABLED
Mon Sep  1 10:22:31 2014 us=25480   route_delay = 0
Mon Sep  1 10:22:31 2014 us=25487   route_delay_window = 30
Mon Sep  1 10:22:31 2014 us=25493   route_delay_defined = DISABLED
Mon Sep  1 10:22:31 2014 us=25500   route_nopull = DISABLED
Mon Sep  1 10:22:31 2014 us=25506   route_gateway_via_dhcp = DISABLED
Mon Sep  1 10:22:31 2014 us=25513   max_routes = 100
Mon Sep  1 10:22:31 2014 us=25520   allow_pull_fqdn = DISABLED
Mon Sep  1 10:22:31 2014 us=25527   route 10.8.0.0/255.255.255.0/nil/nil
Mon Sep  1 10:22:31 2014 us=25534   management_addr = '[UNDEF]'
Mon Sep  1 10:22:31 2014 us=25540   management_port = 0
Mon Sep  1 10:22:31 2014 us=25547   management_user_pass = '[UNDEF]'
Mon Sep  1 10:22:31 2014 us=25553   management_log_history_cache = 250
Mon Sep  1 10:22:31 2014 us=25560   management_echo_buffer_size = 100
Mon Sep  1 10:22:31 2014 us=25567   management_write_peer_info_file = '[UNDEF]'
Mon Sep  1 10:22:31 2014 us=25574   management_client_user = '[UNDEF]'
Mon Sep  1 10:22:31 2014 us=25580   management_client_group = '[UNDEF]'
Mon Sep  1 10:22:31 2014 us=25587   management_flags = 0
Mon Sep  1 10:22:31 2014 us=25593   shared_secret_file = '[UNDEF]'
Mon Sep  1 10:22:31 2014 us=25600   key_direction = 0
Mon Sep  1 10:22:31 2014 us=25607   ciphername_defined = ENABLED
Mon Sep  1 10:22:31 2014 us=25613   ciphername = 'BF-CBC'
Mon Sep  1 10:22:31 2014 us=25620   authname_defined = ENABLED
Mon Sep  1 10:22:31 2014 us=25626   authname = 'SHA1'
Mon Sep  1 10:22:31 2014 us=25633   prng_hash = 'SHA1'
Mon Sep  1 10:22:31 2014 us=25639   prng_nonce_secret_len = 16
Mon Sep  1 10:22:31 2014 us=25646   keysize = 0
Mon Sep  1 10:22:31 2014 us=25652   engine = DISABLED
Mon Sep  1 10:22:31 2014 us=25659   replay = ENABLED
Mon Sep  1 10:22:31 2014 us=25665   mute_replay_warnings = DISABLED
Mon Sep  1 10:22:31 2014 us=25672   replay_window = 64
Mon Sep  1 10:22:31 2014 us=25678   replay_time = 15
Mon Sep  1 10:22:31 2014 us=25684   packet_id_file = '[UNDEF]'
Mon Sep  1 10:22:31 2014 us=25691   use_iv = ENABLED
Mon Sep  1 10:22:31 2014 us=25697   test_crypto = DISABLED
Mon Sep  1 10:22:31 2014 us=25704   tls_server = ENABLED
Mon Sep  1 10:22:31 2014 us=25710   tls_client = DISABLED
Mon Sep  1 10:22:31 2014 us=25717   key_method = 2
Mon Sep  1 10:22:31 2014 us=25724   ca_file = '/etc/openvpn/easy-rsa/pki/ca.crt'
Mon Sep  1 10:22:31 2014 us=25730   ca_path = '[UNDEF]'
Mon Sep  1 10:22:31 2014 us=25742   dh_file = '/etc/openvpn/easy-rsa-SERVER/pki/dh.pem'
Mon Sep  1 10:22:31 2014 us=25749   cert_file = '/etc/openvpn/easy-rsa/pki/issued/EVAD-SERVER.crt'
Mon Sep  1 10:22:31 2014 us=25757   priv_key_file = '/etc/openvpn/easy-rsa-SERVER/pki/private/EVAD-SERVER.key'
Mon Sep  1 10:22:31 2014 us=25763   pkcs12_file = '[UNDEF]'
Mon Sep  1 10:22:31 2014 us=25770   cipher_list = '[UNDEF]'
Mon Sep  1 10:22:31 2014 us=25776   tls_verify = '[UNDEF]'
Mon Sep  1 10:22:31 2014 us=25783   tls_export_cert = '[UNDEF]'
Mon Sep  1 10:22:31 2014 us=25789   verify_x509_type = 0
Mon Sep  1 10:22:31 2014 us=25796   verify_x509_name = '[UNDEF]'
Mon Sep  1 10:22:31 2014 us=25802   crl_file = '[UNDEF]'
Mon Sep  1 10:22:31 2014 us=25809   ns_cert_type = 0
Mon Sep  1 10:22:31 2014 us=25816   remote_cert_ku[i] = 0
Mon Sep  1 10:22:31 2014 us=25822   remote_cert_ku[i] = 0
Mon Sep  1 10:22:31 2014 us=25828   remote_cert_ku[i] = 0
Mon Sep  1 10:22:31 2014 us=25835   remote_cert_ku[i] = 0
Mon Sep  1 10:22:31 2014 us=25841   remote_cert_ku[i] = 0
Mon Sep  1 10:22:31 2014 us=25847   remote_cert_ku[i] = 0
Mon Sep  1 10:22:31 2014 us=25854   remote_cert_ku[i] = 0
Mon Sep  1 10:22:31 2014 us=25860   remote_cert_ku[i] = 0
Mon Sep  1 10:22:31 2014 us=25866   remote_cert_ku[i] = 0
Mon Sep  1 10:22:31 2014 us=25873   remote_cert_ku[i] = 0
Mon Sep  1 10:22:31 2014 us=25879   remote_cert_ku[i] = 0
Mon Sep  1 10:22:31 2014 us=25885   remote_cert_ku[i] = 0
Mon Sep  1 10:22:31 2014 us=25892   remote_cert_ku[i] = 0
Mon Sep  1 10:22:31 2014 us=25898   remote_cert_ku[i] = 0
Mon Sep  1 10:22:31 2014 us=25904   remote_cert_ku[i] = 0
Mon Sep  1 10:22:31 2014 us=25911   remote_cert_ku[i] = 0
Mon Sep  1 10:22:31 2014 us=25917   remote_cert_eku = '[UNDEF]'
Mon Sep  1 10:22:31 2014 us=25924   ssl_flags = 0
Mon Sep  1 10:22:31 2014 us=25930   tls_timeout = 2
Mon Sep  1 10:22:31 2014 us=25936   renegotiate_bytes = 0
Mon Sep  1 10:22:31 2014 us=25943   renegotiate_packets = 0
Mon Sep  1 10:22:31 2014 us=25949   renegotiate_seconds = 3600
Mon Sep  1 10:22:31 2014 us=25956   handshake_window = 60
Mon Sep  1 10:22:31 2014 us=25962   transition_window = 3600
Mon Sep  1 10:22:31 2014 us=25969   single_session = DISABLED
Mon Sep  1 10:22:31 2014 us=25976   push_peer_info = DISABLED
Mon Sep  1 10:22:31 2014 us=25982   tls_exit = DISABLED
Mon Sep  1 10:22:31 2014 us=25989   tls_auth_file = '[UNDEF]'
Mon Sep  1 10:22:31 2014 us=25996   pkcs11_protected_authentication = DISABLED
Mon Sep  1 10:22:31 2014 us=26002   pkcs11_protected_authentication = DISABLED
Mon Sep  1 10:22:31 2014 us=26009   pkcs11_protected_authentication = DISABLED
Mon Sep  1 10:22:31 2014 us=26016   pkcs11_protected_authentication = DISABLED
Mon Sep  1 10:22:31 2014 us=26022   pkcs11_protected_authentication = DISABLED
Mon Sep  1 10:22:31 2014 us=26029   pkcs11_protected_authentication = DISABLED
Mon Sep  1 10:22:31 2014 us=26036   pkcs11_protected_authentication = DISABLED
Mon Sep  1 10:22:31 2014 us=26042   pkcs11_protected_authentication = DISABLED
Mon Sep  1 10:22:31 2014 us=26051   pkcs11_protected_authentication = DISABLED
Mon Sep  1 10:22:31 2014 us=26058   pkcs11_protected_authentication = DISABLED
Mon Sep  1 10:22:31 2014 us=26065   pkcs11_protected_authentication = DISABLED
Mon Sep  1 10:22:31 2014 us=26072   pkcs11_protected_authentication = DISABLED
Mon Sep  1 10:22:31 2014 us=26078   pkcs11_protected_authentication = DISABLED
Mon Sep  1 10:22:31 2014 us=26085   pkcs11_protected_authentication = DISABLED
Mon Sep  1 10:22:31 2014 us=26092   pkcs11_protected_authentication = DISABLED
Mon Sep  1 10:22:31 2014 us=26098   pkcs11_protected_authentication = DISABLED
Mon Sep  1 10:22:31 2014 us=26106   pkcs11_private_mode = 00000000
Mon Sep  1 10:22:31 2014 us=26113   pkcs11_private_mode = 00000000
Mon Sep  1 10:22:31 2014 us=26120   pkcs11_private_mode = 00000000
Mon Sep  1 10:22:31 2014 us=26126   pkcs11_private_mode = 00000000
Mon Sep  1 10:22:31 2014 us=26133   pkcs11_private_mode = 00000000
Mon Sep  1 10:22:31 2014 us=26139   pkcs11_private_mode = 00000000
Mon Sep  1 10:22:31 2014 us=26149   pkcs11_private_mode = 00000000
Mon Sep  1 10:22:31 2014 us=26165   pkcs11_private_mode = 00000000
Mon Sep  1 10:22:31 2014 us=26172   pkcs11_private_mode = 00000000
Mon Sep  1 10:22:31 2014 us=26179   pkcs11_private_mode = 00000000
Mon Sep  1 10:22:31 2014 us=26185   pkcs11_private_mode = 00000000
Mon Sep  1 10:22:31 2014 us=26192   pkcs11_private_mode = 00000000
Mon Sep  1 10:22:31 2014 us=26198   pkcs11_private_mode = 00000000
Mon Sep  1 10:22:31 2014 us=26205   pkcs11_private_mode = 00000000
Mon Sep  1 10:22:31 2014 us=26211   pkcs11_private_mode = 00000000
Mon Sep  1 10:22:31 2014 us=26218   pkcs11_private_mode = 00000000
Mon Sep  1 10:22:31 2014 us=26225   pkcs11_cert_private = DISABLED
Mon Sep  1 10:22:31 2014 us=26231   pkcs11_cert_private = DISABLED
Mon Sep  1 10:22:31 2014 us=26238   pkcs11_cert_private = DISABLED
Mon Sep  1 10:22:31 2014 us=26244   pkcs11_cert_private = DISABLED
Mon Sep  1 10:22:31 2014 us=26251   pkcs11_cert_private = DISABLED
Mon Sep  1 10:22:31 2014 us=26257   pkcs11_cert_private = DISABLED
Mon Sep  1 10:22:31 2014 us=26264   pkcs11_cert_private = DISABLED
Mon Sep  1 10:22:31 2014 us=26271   pkcs11_cert_private = DISABLED
Mon Sep  1 10:22:31 2014 us=26277   pkcs11_cert_private = DISABLED
Mon Sep  1 10:22:31 2014 us=26284   pkcs11_cert_private = DISABLED
Mon Sep  1 10:22:31 2014 us=26290   pkcs11_cert_private = DISABLED
Mon Sep  1 10:22:31 2014 us=26297   pkcs11_cert_private = DISABLED
Mon Sep  1 10:22:31 2014 us=26303   pkcs11_cert_private = DISABLED
Mon Sep  1 10:22:31 2014 us=26310   pkcs11_cert_private = DISABLED
Mon Sep  1 10:22:31 2014 us=26317   pkcs11_cert_private = DISABLED
Mon Sep  1 10:22:31 2014 us=26323   pkcs11_cert_private = DISABLED
Mon Sep  1 10:22:31 2014 us=26330   pkcs11_pin_cache_period = -1
Mon Sep  1 10:22:31 2014 us=26336   pkcs11_id = '[UNDEF]'
Mon Sep  1 10:22:31 2014 us=26343   pkcs11_id_management = DISABLED
Mon Sep  1 10:22:31 2014 us=26351   server_network = 10.8.0.0
Mon Sep  1 10:22:31 2014 us=26359   server_netmask = 255.255.255.0
Mon Sep  1 10:22:31 2014 us=26366   server_network_ipv6 = ::
Mon Sep  1 10:22:31 2014 us=26373   server_netbits_ipv6 = 0
Mon Sep  1 10:22:31 2014 us=26380   server_bridge_ip = 0.0.0.0
Mon Sep  1 10:22:31 2014 us=26388   server_bridge_netmask = 0.0.0.0
Mon Sep  1 10:22:31 2014 us=26395   server_bridge_pool_start = 0.0.0.0
Mon Sep  1 10:22:31 2014 us=26402   server_bridge_pool_end = 0.0.0.0
Mon Sep  1 10:22:31 2014 us=26409   push_entry = 'redirect-gateway def1 bypass-dhcp'
Mon Sep  1 10:22:31 2014 us=26416   push_entry = 'dhcp-option DNS 10.20.30.1'
Mon Sep  1 10:22:31 2014 us=26423   push_entry = 'route 10.8.0.1'
Mon Sep  1 10:22:31 2014 us=26429   push_entry = 'topology net30'
Mon Sep  1 10:22:31 2014 us=26436   push_entry = 'ping 60'
Mon Sep  1 10:22:31 2014 us=26443   push_entry = 'ping-restart 720'
Mon Sep  1 10:22:31 2014 us=26450   ifconfig_pool_defined = ENABLED
Mon Sep  1 10:22:31 2014 us=26457   ifconfig_pool_start = 10.8.0.4
Mon Sep  1 10:22:31 2014 us=26467   ifconfig_pool_end = 10.8.0.251
Mon Sep  1 10:22:31 2014 us=26475   ifconfig_pool_netmask = 0.0.0.0
Mon Sep  1 10:22:31 2014 us=26482   ifconfig_pool_persist_filename = 'ipp.txt'
Mon Sep  1 10:22:31 2014 us=26489   ifconfig_pool_persist_refresh_freq = 600
Mon Sep  1 10:22:31 2014 us=26496   ifconfig_ipv6_pool_defined = DISABLED
Mon Sep  1 10:22:31 2014 us=26503   ifconfig_ipv6_pool_base = ::
Mon Sep  1 10:22:31 2014 us=26510   ifconfig_ipv6_pool_netbits = 0
Mon Sep  1 10:22:31 2014 us=26517   n_bcast_buf = 256
Mon Sep  1 10:22:31 2014 us=26524   tcp_queue_limit = 64
Mon Sep  1 10:22:31 2014 us=26530   real_hash_size = 256
Mon Sep  1 10:22:31 2014 us=26537   virtual_hash_size = 256
Mon Sep  1 10:22:31 2014 us=26543   client_connect_script = '[UNDEF]'
Mon Sep  1 10:22:31 2014 us=26550   learn_address_script = '[UNDEF]'
Mon Sep  1 10:22:31 2014 us=26556   client_disconnect_script = '[UNDEF]'
Mon Sep  1 10:22:31 2014 us=26563   client_config_dir = '[UNDEF]'
Mon Sep  1 10:22:31 2014 us=26570   ccd_exclusive = DISABLED
Mon Sep  1 10:22:31 2014 us=26579   tmp_dir = '/tmp'
Mon Sep  1 10:22:31 2014 us=26586   push_ifconfig_defined = DISABLED
Mon Sep  1 10:22:31 2014 us=26594   push_ifconfig_local = 0.0.0.0
Mon Sep  1 10:22:31 2014 us=26601   push_ifconfig_remote_netmask = 0.0.0.0
Mon Sep  1 10:22:31 2014 us=26608   push_ifconfig_ipv6_defined = DISABLED
Mon Sep  1 10:22:31 2014 us=26615   push_ifconfig_ipv6_local = ::/0
Mon Sep  1 10:22:31 2014 us=26622   push_ifconfig_ipv6_remote = ::
Mon Sep  1 10:22:31 2014 us=26629   enable_c2c = DISABLED
Mon Sep  1 10:22:31 2014 us=26636   duplicate_cn = DISABLED
Mon Sep  1 10:22:31 2014 us=26642   cf_max = 0
Mon Sep  1 10:22:31 2014 us=26649   cf_per = 0
Mon Sep  1 10:22:31 2014 us=26655   max_clients = 1024
Mon Sep  1 10:22:31 2014 us=26662   max_routes_per_client = 256
Mon Sep  1 10:22:31 2014 us=26669   auth_user_pass_verify_script = '[UNDEF]'
Mon Sep  1 10:22:31 2014 us=26676   auth_user_pass_verify_script_via_file = DISABLED
Mon Sep  1 10:22:31 2014 us=26683   port_share_host = '[UNDEF]'
Mon Sep  1 10:22:31 2014 us=26689   port_share_port = 0
Mon Sep  1 10:22:31 2014 us=26696   client = DISABLED
Mon Sep  1 10:22:31 2014 us=26702   pull = DISABLED
Mon Sep  1 10:22:31 2014 us=26709   auth_user_pass_file = '[UNDEF]'
Mon Sep  1 10:22:31 2014 us=26719 OpenVPN 2.3.2 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [IPv6] built on Sep 12 2013
Mon Sep  1 10:22:31 2014 us=73965 Diffie-Hellman initialized with 4096 bit key
Mon Sep  1 10:22:31 2014 us=74283 TLS-Auth MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Mon Sep  1 10:22:31 2014 us=74315 Socket Buffers: R=[124928->131072] S=[124928->131072]
Mon Sep  1 10:22:31 2014 us=74623 ROUTE_GATEWAY 10.20.30.1/255.255.255.240 IFACE=eth1 HWADDR=00:0a:cd:25:fa:d3
Mon Sep  1 10:22:31 2014 us=75121 TUN/TAP device tun0 opened
Mon Sep  1 10:22:31 2014 us=75204 TUN/TAP TX queue length set to 100
Mon Sep  1 10:22:31 2014 us=75225 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Mon Sep  1 10:22:31 2014 us=75245 /sbin/ip link set dev tun0 up mtu 1500
Mon Sep  1 10:22:31 2014 us=77957 /sbin/ip addr add dev tun0 local 10.8.0.1 peer 10.8.0.2
Mon Sep  1 10:22:31 2014 us=79687 /sbin/ip route add 10.8.0.0/24 via 10.8.0.2
Mon Sep  1 10:22:31 2014 us=81373 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Mon Sep  1 10:22:31 2014 us=82944 UDPv4 link local (bound): [undef]
Mon Sep  1 10:22:31 2014 us=82997 UDPv4 link remote: [undef]
Mon Sep  1 10:22:31 2014 us=83013 MULTI: multi_init called, r=256 v=256
Mon Sep  1 10:22:31 2014 us=83081 IFCONFIG POOL: base=10.8.0.4 size=62, ipv6=0
Mon Sep  1 10:22:31 2014 us=83097 IFCONFIG POOL LIST
Mon Sep  1 10:22:31 2014 us=83126 Initialization Sequence Completed
Mon Sep  1 10:23:31 2014 us=781974 MULTI: multi_create_instance called
Mon Sep  1 10:23:31 2014 us=782146 10.20.30.6:65366 Re-using SSL/TLS context
Mon Sep  1 10:23:31 2014 us=782267 10.20.30.6:65366 LZO compression initialized
Mon Sep  1 10:23:31 2014 us=782629 10.20.30.6:65366 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Mon Sep  1 10:23:31 2014 us=782668 10.20.30.6:65366 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Mon Sep  1 10:23:31 2014 us=782986 10.20.30.6:65366 Local Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Mon Sep  1 10:23:31 2014 us=783029 10.20.30.6:65366 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Mon Sep  1 10:23:31 2014 us=783094 10.20.30.6:65366 Local Options hash (VER=V4): '530fdded'
Mon Sep  1 10:23:31 2014 us=783140 10.20.30.6:65366 Expected Remote Options hash (VER=V4): '41690919'
RMon Sep  1 10:23:31 2014 us=783275 10.20.30.6:65366 TLS: Initial packet from [AF_INET]10.20.30.6:65366, sid=5e76f849 bb2a52e1

{Edit: READ/WRITE EVENTS}

Mon Sep  1 10:23:33 2014 us=912110 MULTI: multi_create_instance called
Mon Sep  1 10:23:33 2014 us=912325 10.20.30.6:65367 Re-using SSL/TLS context
Mon Sep  1 10:23:33 2014 us=912416 10.20.30.6:65367 LZO compression initialized
Mon Sep  1 10:23:33 2014 us=912667 10.20.30.6:65367 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Mon Sep  1 10:23:33 2014 us=912705 10.20.30.6:65367 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Mon Sep  1 10:23:33 2014 us=912957 10.20.30.6:65367 Local Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Mon Sep  1 10:23:33 2014 us=912985 10.20.30.6:65367 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Mon Sep  1 10:23:33 2014 us=913032 10.20.30.6:65367 Local Options hash (VER=V4): '530fdded'
Mon Sep  1 10:23:33 2014 us=913074 10.20.30.6:65367 Expected Remote Options hash (VER=V4): '41690919'
RMon Sep  1 10:23:33 2014 us=913166 10.20.30.6:65367 TLS: Initial packet from [AF_INET]10.20.30.6:65367, sid=a0b4a536 9b772d3e

{Edit: READ/WRITE EVENTS}

Mon Sep  1 10:23:36 2014 us=33833 MULTI: multi_create_instance called
Mon Sep  1 10:23:36 2014 us=33975 10.20.30.6:65368 Re-using SSL/TLS context
Mon Sep  1 10:23:36 2014 us=34039 10.20.30.6:65368 LZO compression initialized
Mon Sep  1 10:23:36 2014 us=34326 10.20.30.6:65368 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Mon Sep  1 10:23:36 2014 us=34368 10.20.30.6:65368 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Mon Sep  1 10:23:36 2014 us=34613 10.20.30.6:65368 Local Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Mon Sep  1 10:23:36 2014 us=34642 10.20.30.6:65368 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Mon Sep  1 10:23:36 2014 us=34690 10.20.30.6:65368 Local Options hash (VER=V4): '530fdded'
Mon Sep  1 10:23:36 2014 us=34733 10.20.30.6:65368 Expected Remote Options hash (VER=V4): '41690919'
RMon Sep  1 10:23:36 2014 us=34810 10.20.30.6:65368 TLS: Initial packet from [AF_INET]10.20.30.6:65368, sid=a32356ab 14662fc8

{Edit: READ/WRITE EVENTS}

Mon Sep  1 10:23:38 2014 us=155274 MULTI: multi_create_instance called
Mon Sep  1 10:23:38 2014 us=155420 10.20.30.6:65369 Re-using SSL/TLS context
Mon Sep  1 10:23:38 2014 us=155480 10.20.30.6:65369 LZO compression initialized
Mon Sep  1 10:23:38 2014 us=155713 10.20.30.6:65369 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Mon Sep  1 10:23:38 2014 us=155751 10.20.30.6:65369 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Mon Sep  1 10:23:38 2014 us=156000 10.20.30.6:65369 Local Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Mon Sep  1 10:23:38 2014 us=156029 10.20.30.6:65369 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Mon Sep  1 10:23:38 2014 us=156076 10.20.30.6:65369 Local Options hash (VER=V4): '530fdded'
Mon Sep  1 10:23:38 2014 us=156119 10.20.30.6:65369 Expected Remote Options hash (VER=V4): '41690919'
RMon Sep  1 10:23:38 2014 us=156248 10.20.30.6:65369 TLS: Initial packet from [AF_INET]10.20.30.6:65369, sid=5805c16f eb8bc114

{Edit: READ/WRITE EVENTS}

Mon Sep  1 10:24:31 2014 us=601131 10.20.30.6:65366 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Mon Sep  1 10:24:31 2014 us=601238 10.20.30.6:65366 TLS Error: TLS handshake failed
Mon Sep  1 10:24:31 2014 us=601418 10.20.30.6:65366 SIGUSR1[soft,tls-error] received, client-instance restarting
Mon Sep  1 10:24:33 2014 us=908427 10.20.30.6:65367 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Mon Sep  1 10:24:33 2014 us=908518 10.20.30.6:65367 TLS Error: TLS handshake failed
Mon Sep  1 10:24:33 2014 us=908705 10.20.30.6:65367 SIGUSR1[soft,tls-error] received, client-instance restarting
Mon Sep  1 10:24:36 2014 us=119412 10.20.30.6:65368 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Mon Sep  1 10:24:36 2014 us=119749 10.20.30.6:65368 TLS Error: TLS handshake failed
Mon Sep  1 10:24:36 2014 us=119941 10.20.30.6:65368 SIGUSR1[soft,tls-error] received, client-instance restarting
Mon Sep  1 10:24:38 2014 us=178356 10.20.30.6:65369 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Mon Sep  1 10:24:38 2014 us=178446 10.20.30.6:65369 TLS Error: TLS handshake failed
Mon Sep  1 10:24:38 2014 us=178646 10.20.30.6:65369 SIGUSR1[soft,tls-error] received, client-instance restarting


Client at Verb 5

Code: Select all

Mon Sep 01 10:23:17 2014 us=143741 Current Parameter Settings:
Mon Sep 01 10:23:17 2014 us=143741   config = 'client.ovpn'
Mon Sep 01 10:23:17 2014 us=143741   mode = 0
Mon Sep 01 10:23:17 2014 us=143741   show_ciphers = DISABLED
Mon Sep 01 10:23:17 2014 us=143741   show_digests = DISABLED
Mon Sep 01 10:23:17 2014 us=143741   show_engines = DISABLED
Mon Sep 01 10:23:17 2014 us=143741   genkey = DISABLED
Mon Sep 01 10:23:17 2014 us=143741   key_pass_file = '[UNDEF]'
Mon Sep 01 10:23:17 2014 us=143741   show_tls_ciphers = DISABLED
Mon Sep 01 10:23:17 2014 us=143741 Connection profiles [default]:
Mon Sep 01 10:23:17 2014 us=143741   proto = udp
Mon Sep 01 10:23:17 2014 us=143741   local = '[UNDEF]'
Mon Sep 01 10:23:17 2014 us=143741   local_port = 0
Mon Sep 01 10:23:17 2014 us=143741   remote = '10.20.30.9'
Mon Sep 01 10:23:17 2014 us=143741   remote_port = 1194
Mon Sep 01 10:23:17 2014 us=143741   remote_float = DISABLED
Mon Sep 01 10:23:17 2014 us=143741   bind_defined = DISABLED
Mon Sep 01 10:23:17 2014 us=143741   bind_local = DISABLED
Mon Sep 01 10:23:17 2014 us=143741   connect_retry_seconds = 5
Mon Sep 01 10:23:17 2014 us=143741   connect_timeout = 10
Mon Sep 01 10:23:17 2014 us=143741   connect_retry_max = 0
Mon Sep 01 10:23:17 2014 us=143741   socks_proxy_server = '[UNDEF]'
Mon Sep 01 10:23:17 2014 us=143741   socks_proxy_port = 0
Mon Sep 01 10:23:17 2014 us=143741   socks_proxy_retry = DISABLED
Mon Sep 01 10:23:17 2014 us=143741   tun_mtu = 1500
Mon Sep 01 10:23:17 2014 us=143741   tun_mtu_defined = ENABLED
Mon Sep 01 10:23:17 2014 us=143741   link_mtu = 1500
Mon Sep 01 10:23:17 2014 us=143741   link_mtu_defined = DISABLED
Mon Sep 01 10:23:17 2014 us=143741   tun_mtu_extra = 0
Mon Sep 01 10:23:17 2014 us=143741   tun_mtu_extra_defined = DISABLED
Mon Sep 01 10:23:17 2014 us=143741   mtu_discover_type = -1
Mon Sep 01 10:23:17 2014 us=143741   fragment = 0
Mon Sep 01 10:23:17 2014 us=143741   mssfix = 1450
Mon Sep 01 10:23:17 2014 us=143741   explicit_exit_notification = 0
Mon Sep 01 10:23:17 2014 us=143741 Connection profiles END
Mon Sep 01 10:23:17 2014 us=143741   remote_random = DISABLED
Mon Sep 01 10:23:17 2014 us=143741   ipchange = '[UNDEF]'
Mon Sep 01 10:23:17 2014 us=143741   dev = 'tun'
Mon Sep 01 10:23:17 2014 us=143741   dev_type = '[UNDEF]'
Mon Sep 01 10:23:17 2014 us=143741   dev_node = '[UNDEF]'
Mon Sep 01 10:23:17 2014 us=143741   lladdr = '[UNDEF]'
Mon Sep 01 10:23:17 2014 us=143741   topology = 1
Mon Sep 01 10:23:17 2014 us=143741   tun_ipv6 = DISABLED
Mon Sep 01 10:23:17 2014 us=143741   ifconfig_local = '[UNDEF]'
Mon Sep 01 10:23:17 2014 us=143741   ifconfig_remote_netmask = '[UNDEF]'
Mon Sep 01 10:23:17 2014 us=143741   ifconfig_noexec = DISABLED
Mon Sep 01 10:23:17 2014 us=143741   ifconfig_nowarn = DISABLED
Mon Sep 01 10:23:17 2014 us=143741   ifconfig_ipv6_local = '[UNDEF]'
Mon Sep 01 10:23:17 2014 us=143741   ifconfig_ipv6_netbits = 0
Mon Sep 01 10:23:17 2014 us=143741   ifconfig_ipv6_remote = '[UNDEF]'
Mon Sep 01 10:23:17 2014 us=143741   shaper = 0
Mon Sep 01 10:23:17 2014 us=143741   mtu_test = 0
Mon Sep 01 10:23:17 2014 us=143741   mlock = DISABLED
Mon Sep 01 10:23:17 2014 us=143741   keepalive_ping = 0
Mon Sep 01 10:23:17 2014 us=143741   keepalive_timeout = 0
Mon Sep 01 10:23:17 2014 us=143741   inactivity_timeout = 0
Mon Sep 01 10:23:17 2014 us=143741   ping_send_timeout = 0
Mon Sep 01 10:23:17 2014 us=143741   ping_rec_timeout = 0
Mon Sep 01 10:23:17 2014 us=143741   ping_rec_timeout_action = 0
Mon Sep 01 10:23:17 2014 us=143741   ping_timer_remote = DISABLED
Mon Sep 01 10:23:17 2014 us=143741   remap_sigusr1 = 0
Mon Sep 01 10:23:17 2014 us=143741   persist_tun = ENABLED
Mon Sep 01 10:23:17 2014 us=143741   persist_local_ip = DISABLED
Mon Sep 01 10:23:17 2014 us=143741   persist_remote_ip = DISABLED
Mon Sep 01 10:23:17 2014 us=143741   persist_key = ENABLED
Mon Sep 01 10:23:17 2014 us=143741   passtos = DISABLED
Mon Sep 01 10:23:17 2014 us=143741   resolve_retry_seconds = 1000000000
Mon Sep 01 10:23:17 2014 us=143741   username = '[UNDEF]'
Mon Sep 01 10:23:17 2014 us=143741   groupname = '[UNDEF]'
Mon Sep 01 10:23:17 2014 us=143741   chroot_dir = '[UNDEF]'
Mon Sep 01 10:23:17 2014 us=143741   cd_dir = '[UNDEF]'
Mon Sep 01 10:23:17 2014 us=143741   writepid = '[UNDEF]'
Mon Sep 01 10:23:17 2014 us=143741   up_script = '[UNDEF]'
Mon Sep 01 10:23:17 2014 us=143741   down_script = '[UNDEF]'
Mon Sep 01 10:23:17 2014 us=143741   down_pre = DISABLED
Mon Sep 01 10:23:17 2014 us=143741   up_restart = DISABLED
Mon Sep 01 10:23:17 2014 us=143741   up_delay = DISABLED
Mon Sep 01 10:23:17 2014 us=143741   daemon = DISABLED
Mon Sep 01 10:23:17 2014 us=143741   inetd = 0
Mon Sep 01 10:23:17 2014 us=143741   log = ENABLED
Mon Sep 01 10:23:17 2014 us=143741   suppress_timestamps = DISABLED
Mon Sep 01 10:23:17 2014 us=143741   nice = 0
Mon Sep 01 10:23:17 2014 us=143741   verbosity = 5
Mon Sep 01 10:23:17 2014 us=143741   mute = 0
Mon Sep 01 10:23:17 2014 us=143741   status_file = '[UNDEF]'
Mon Sep 01 10:23:17 2014 us=143741   status_file_version = 1
Mon Sep 01 10:23:17 2014 us=143741   status_file_update_freq = 60
Mon Sep 01 10:23:17 2014 us=143741   occ = ENABLED
Mon Sep 01 10:23:17 2014 us=143741   rcvbuf = 0
Mon Sep 01 10:23:17 2014 us=143741   sndbuf = 0
Mon Sep 01 10:23:17 2014 us=143741   sockflags = 0
Mon Sep 01 10:23:17 2014 us=143741   fast_io = DISABLED
Mon Sep 01 10:23:17 2014 us=143741   lzo = 7
Mon Sep 01 10:23:17 2014 us=143741   route_script = '[UNDEF]'
Mon Sep 01 10:23:17 2014 us=143741   route_default_gateway = '[UNDEF]'
Mon Sep 01 10:23:17 2014 us=143741   route_default_metric = 0
Mon Sep 01 10:23:17 2014 us=143741   route_noexec = DISABLED
Mon Sep 01 10:23:17 2014 us=143741   route_delay = 5
Mon Sep 01 10:23:17 2014 us=143741   route_delay_window = 30
Mon Sep 01 10:23:17 2014 us=143741   route_delay_defined = ENABLED
Mon Sep 01 10:23:17 2014 us=143741   route_nopull = DISABLED
Mon Sep 01 10:23:17 2014 us=143741   route_gateway_via_dhcp = DISABLED
Mon Sep 01 10:23:17 2014 us=143741   max_routes = 100
Mon Sep 01 10:23:17 2014 us=143741   allow_pull_fqdn = DISABLED
Mon Sep 01 10:23:17 2014 us=143741   management_addr = '127.0.0.1'
Mon Sep 01 10:23:17 2014 us=143741   management_port = 25340
Mon Sep 01 10:23:17 2014 us=143741   management_user_pass = 'stdin'
Mon Sep 01 10:23:17 2014 us=143741   management_log_history_cache = 250
Mon Sep 01 10:23:17 2014 us=143741   management_echo_buffer_size = 100
Mon Sep 01 10:23:17 2014 us=143741   management_write_peer_info_file = '[UNDEF]'
Mon Sep 01 10:23:17 2014 us=143741   management_client_user = '[UNDEF]'
Mon Sep 01 10:23:17 2014 us=143741   management_client_group = '[UNDEF]'
Mon Sep 01 10:23:17 2014 us=143741   management_flags = 6
Mon Sep 01 10:23:17 2014 us=143741   shared_secret_file = '[UNDEF]'
Mon Sep 01 10:23:17 2014 us=143741   key_direction = 0
Mon Sep 01 10:23:17 2014 us=143741   ciphername_defined = ENABLED
Mon Sep 01 10:23:17 2014 us=143741   ciphername = 'BF-CBC'
Mon Sep 01 10:23:17 2014 us=143741   authname_defined = ENABLED
Mon Sep 01 10:23:17 2014 us=143741   authname = 'SHA1'
Mon Sep 01 10:23:17 2014 us=143741   prng_hash = 'SHA1'
Mon Sep 01 10:23:17 2014 us=143741   prng_nonce_secret_len = 16
Mon Sep 01 10:23:17 2014 us=143741   keysize = 0
Mon Sep 01 10:23:17 2014 us=143741   engine = DISABLED
Mon Sep 01 10:23:17 2014 us=143741   replay = ENABLED
Mon Sep 01 10:23:17 2014 us=143741   mute_replay_warnings = DISABLED
Mon Sep 01 10:23:17 2014 us=143741   replay_window = 64
Mon Sep 01 10:23:17 2014 us=143741   replay_time = 15
Mon Sep 01 10:23:17 2014 us=143741   packet_id_file = '[UNDEF]'
Mon Sep 01 10:23:17 2014 us=143741   use_iv = ENABLED
Mon Sep 01 10:23:17 2014 us=143741   test_crypto = DISABLED
Mon Sep 01 10:23:17 2014 us=143741   tls_server = DISABLED
Mon Sep 01 10:23:17 2014 us=143741   tls_client = ENABLED
Mon Sep 01 10:23:17 2014 us=143741   key_method = 2
Mon Sep 01 10:23:17 2014 us=143741   ca_file = 'ca.crt'
Mon Sep 01 10:23:17 2014 us=143741   ca_path = '[UNDEF]'
Mon Sep 01 10:23:17 2014 us=143741   dh_file = '[UNDEF]'
Mon Sep 01 10:23:17 2014 us=143741   cert_file = 'evad-laptop.crt'
Mon Sep 01 10:23:17 2014 us=143741   priv_key_file = 'evad-laptop.key'
Mon Sep 01 10:23:17 2014 us=143741   pkcs12_file = '[UNDEF]'
Mon Sep 01 10:23:17 2014 us=143741   cryptoapi_cert = '[UNDEF]'
Mon Sep 01 10:23:17 2014 us=143741   cipher_list = '[UNDEF]'
Mon Sep 01 10:23:17 2014 us=143741   tls_verify = '[UNDEF]'
Mon Sep 01 10:23:17 2014 us=143741   tls_export_cert = '[UNDEF]'
Mon Sep 01 10:23:17 2014 us=143741   verify_x509_type = 0
Mon Sep 01 10:23:17 2014 us=143741   verify_x509_name = '[UNDEF]'
Mon Sep 01 10:23:17 2014 us=143741   crl_file = '[UNDEF]'
Mon Sep 01 10:23:17 2014 us=143741   ns_cert_type = 1
Mon Sep 01 10:23:17 2014 us=143741   remote_cert_ku[i] = 0
Mon Sep 01 10:23:17 2014 us=143741   remote_cert_ku[i] = 0
Mon Sep 01 10:23:17 2014 us=143741   remote_cert_ku[i] = 0
Mon Sep 01 10:23:17 2014 us=143741   remote_cert_ku[i] = 0
Mon Sep 01 10:23:17 2014 us=143741   remote_cert_ku[i] = 0
Mon Sep 01 10:23:17 2014 us=143741   remote_cert_ku[i] = 0
Mon Sep 01 10:23:17 2014 us=143741   remote_cert_ku[i] = 0
Mon Sep 01 10:23:17 2014 us=143741   remote_cert_ku[i] = 0
Mon Sep 01 10:23:17 2014 us=143741   remote_cert_ku[i] = 0
Mon Sep 01 10:23:17 2014 us=143741   remote_cert_ku[i] = 0
Mon Sep 01 10:23:17 2014 us=143741   remote_cert_ku[i] = 0
Mon Sep 01 10:23:17 2014 us=143741   remote_cert_ku[i] = 0
Mon Sep 01 10:23:17 2014 us=143741   remote_cert_ku[i] = 0
Mon Sep 01 10:23:17 2014 us=143741   remote_cert_ku[i] = 0
Mon Sep 01 10:23:17 2014 us=143741   remote_cert_ku[i] = 0
Mon Sep 01 10:23:17 2014 us=143741   remote_cert_ku[i] = 0
Mon Sep 01 10:23:17 2014 us=143741   remote_cert_eku = '[UNDEF]'
Mon Sep 01 10:23:17 2014 us=143741   ssl_flags = 0
Mon Sep 01 10:23:17 2014 us=143741   tls_timeout = 2
Mon Sep 01 10:23:17 2014 us=143741   renegotiate_bytes = 0
Mon Sep 01 10:23:17 2014 us=143741   renegotiate_packets = 0
Mon Sep 01 10:23:17 2014 us=143741   renegotiate_seconds = 3600
Mon Sep 01 10:23:17 2014 us=143741   handshake_window = 60
Mon Sep 01 10:23:17 2014 us=143741   transition_window = 3600
Mon Sep 01 10:23:17 2014 us=143741   single_session = DISABLED
Mon Sep 01 10:23:17 2014 us=143741   push_peer_info = DISABLED
Mon Sep 01 10:23:17 2014 us=143741   tls_exit = DISABLED
Mon Sep 01 10:23:17 2014 us=143741   tls_auth_file = '[UNDEF]'
Mon Sep 01 10:23:17 2014 us=143741   pkcs11_protected_authentication = DISABLED
Mon Sep 01 10:23:17 2014 us=143741   pkcs11_protected_authentication = DISABLED
Mon Sep 01 10:23:17 2014 us=143741   pkcs11_protected_authentication = DISABLED
Mon Sep 01 10:23:17 2014 us=143741   pkcs11_protected_authentication = DISABLED
Mon Sep 01 10:23:17 2014 us=143741   pkcs11_protected_authentication = DISABLED
Mon Sep 01 10:23:17 2014 us=143741   pkcs11_protected_authentication = DISABLED
Mon Sep 01 10:23:17 2014 us=143741   pkcs11_protected_authentication = DISABLED
Mon Sep 01 10:23:17 2014 us=143741   pkcs11_protected_authentication = DISABLED
Mon Sep 01 10:23:17 2014 us=143741   pkcs11_protected_authentication = DISABLED
Mon Sep 01 10:23:17 2014 us=143741   pkcs11_protected_authentication = DISABLED
Mon Sep 01 10:23:17 2014 us=143741   pkcs11_protected_authentication = DISABLED
Mon Sep 01 10:23:17 2014 us=143741   pkcs11_protected_authentication = DISABLED
Mon Sep 01 10:23:17 2014 us=143741   pkcs11_protected_authentication = DISABLED
Mon Sep 01 10:23:17 2014 us=143741   pkcs11_protected_authentication = DISABLED
Mon Sep 01 10:23:17 2014 us=143741   pkcs11_protected_authentication = DISABLED
Mon Sep 01 10:23:17 2014 us=143741   pkcs11_protected_authentication = DISABLED
Mon Sep 01 10:23:17 2014 us=143741   pkcs11_private_mode = 00000000
Mon Sep 01 10:23:17 2014 us=143741   pkcs11_private_mode = 00000000
Mon Sep 01 10:23:17 2014 us=143741   pkcs11_private_mode = 00000000
Mon Sep 01 10:23:17 2014 us=143741   pkcs11_private_mode = 00000000
Mon Sep 01 10:23:17 2014 us=143741   pkcs11_private_mode = 00000000
Mon Sep 01 10:23:17 2014 us=143741   pkcs11_private_mode = 00000000
Mon Sep 01 10:23:17 2014 us=143741   pkcs11_private_mode = 00000000
Mon Sep 01 10:23:17 2014 us=143741   pkcs11_private_mode = 00000000
Mon Sep 01 10:23:17 2014 us=143741   pkcs11_private_mode = 00000000
Mon Sep 01 10:23:17 2014 us=143741   pkcs11_private_mode = 00000000
Mon Sep 01 10:23:17 2014 us=143741   pkcs11_private_mode = 00000000
Mon Sep 01 10:23:17 2014 us=143741   pkcs11_private_mode = 00000000
Mon Sep 01 10:23:17 2014 us=143741   pkcs11_private_mode = 00000000
Mon Sep 01 10:23:17 2014 us=143741   pkcs11_private_mode = 00000000
Mon Sep 01 10:23:17 2014 us=143741   pkcs11_private_mode = 00000000
Mon Sep 01 10:23:17 2014 us=143741   pkcs11_private_mode = 00000000
Mon Sep 01 10:23:17 2014 us=143741   pkcs11_cert_private = DISABLED
Mon Sep 01 10:23:17 2014 us=143741   pkcs11_cert_private = DISABLED
Mon Sep 01 10:23:17 2014 us=143741   pkcs11_cert_private = DISABLED
Mon Sep 01 10:23:17 2014 us=143741   pkcs11_cert_private = DISABLED
Mon Sep 01 10:23:17 2014 us=143741   pkcs11_cert_private = DISABLED
Mon Sep 01 10:23:17 2014 us=143741   pkcs11_cert_private = DISABLED
Mon Sep 01 10:23:17 2014 us=143741   pkcs11_cert_private = DISABLED
Mon Sep 01 10:23:17 2014 us=143741   pkcs11_cert_private = DISABLED
Mon Sep 01 10:23:17 2014 us=143741   pkcs11_cert_private = DISABLED
Mon Sep 01 10:23:17 2014 us=143741   pkcs11_cert_private = DISABLED
Mon Sep 01 10:23:17 2014 us=143741   pkcs11_cert_private = DISABLED
Mon Sep 01 10:23:17 2014 us=143741   pkcs11_cert_private = DISABLED
Mon Sep 01 10:23:17 2014 us=143741   pkcs11_cert_private = DISABLED
Mon Sep 01 10:23:17 2014 us=143741   pkcs11_cert_private = DISABLED
Mon Sep 01 10:23:17 2014 us=143741   pkcs11_cert_private = DISABLED
Mon Sep 01 10:23:17 2014 us=143741   pkcs11_cert_private = DISABLED
Mon Sep 01 10:23:17 2014 us=143741   pkcs11_pin_cache_period = -1
Mon Sep 01 10:23:17 2014 us=143741   pkcs11_id = '[UNDEF]'
Mon Sep 01 10:23:17 2014 us=143741   pkcs11_id_management = DISABLED
Mon Sep 01 10:23:17 2014 us=143741   server_network = 0.0.0.0
Mon Sep 01 10:23:17 2014 us=143741   server_netmask = 0.0.0.0
Mon Sep 01 10:23:17 2014 us=143741   server_network_ipv6 = ::
Mon Sep 01 10:23:17 2014 us=143741   server_netbits_ipv6 = 0
Mon Sep 01 10:23:17 2014 us=143741   server_bridge_ip = 0.0.0.0
Mon Sep 01 10:23:17 2014 us=143741   server_bridge_netmask = 0.0.0.0
Mon Sep 01 10:23:17 2014 us=143741   server_bridge_pool_start = 0.0.0.0
Mon Sep 01 10:23:17 2014 us=143741   server_bridge_pool_end = 0.0.0.0
Mon Sep 01 10:23:17 2014 us=143741   ifconfig_pool_defined = DISABLED
Mon Sep 01 10:23:17 2014 us=143741   ifconfig_pool_start = 0.0.0.0
Mon Sep 01 10:23:17 2014 us=143741   ifconfig_pool_end = 0.0.0.0
Mon Sep 01 10:23:17 2014 us=143741   ifconfig_pool_netmask = 0.0.0.0
Mon Sep 01 10:23:17 2014 us=143741   ifconfig_pool_persist_filename = '[UNDEF]'
Mon Sep 01 10:23:17 2014 us=143741   ifconfig_pool_persist_refresh_freq = 600
Mon Sep 01 10:23:17 2014 us=143741   ifconfig_ipv6_pool_defined = DISABLED
Mon Sep 01 10:23:17 2014 us=143741   ifconfig_ipv6_pool_base = ::
Mon Sep 01 10:23:17 2014 us=143741   ifconfig_ipv6_pool_netbits = 0
Mon Sep 01 10:23:17 2014 us=143741   n_bcast_buf = 256
Mon Sep 01 10:23:17 2014 us=143741   tcp_queue_limit = 64
Mon Sep 01 10:23:17 2014 us=143741   real_hash_size = 256
Mon Sep 01 10:23:17 2014 us=143741   virtual_hash_size = 256
Mon Sep 01 10:23:17 2014 us=143741   client_connect_script = '[UNDEF]'
Mon Sep 01 10:23:17 2014 us=143741   learn_address_script = '[UNDEF]'
Mon Sep 01 10:23:17 2014 us=143741   client_disconnect_script = '[UNDEF]'
Mon Sep 01 10:23:17 2014 us=143741   client_config_dir = '[UNDEF]'
Mon Sep 01 10:23:17 2014 us=143741   ccd_exclusive = DISABLED
Mon Sep 01 10:23:17 2014 us=143741   tmp_dir = 'C:\Users\evad\AppData\Local\Temp\'
Mon Sep 01 10:23:17 2014 us=143741   push_ifconfig_defined = DISABLED
Mon Sep 01 10:23:17 2014 us=143741   push_ifconfig_local = 0.0.0.0
Mon Sep 01 10:23:17 2014 us=143741   push_ifconfig_remote_netmask = 0.0.0.0
Mon Sep 01 10:23:17 2014 us=143741   push_ifconfig_ipv6_defined = DISABLED
Mon Sep 01 10:23:17 2014 us=143741   push_ifconfig_ipv6_local = ::/0
Mon Sep 01 10:23:17 2014 us=159341   push_ifconfig_ipv6_remote = ::
Mon Sep 01 10:23:17 2014 us=159341   enable_c2c = DISABLED
Mon Sep 01 10:23:17 2014 us=159341   duplicate_cn = DISABLED
Mon Sep 01 10:23:17 2014 us=159341   cf_max = 0
Mon Sep 01 10:23:17 2014 us=159341   cf_per = 0
Mon Sep 01 10:23:17 2014 us=159341   max_clients = 1024
Mon Sep 01 10:23:17 2014 us=159341   max_routes_per_client = 256
Mon Sep 01 10:23:17 2014 us=159341   auth_user_pass_verify_script = '[UNDEF]'
Mon Sep 01 10:23:17 2014 us=159341   auth_user_pass_verify_script_via_file = DISABLED
Mon Sep 01 10:23:17 2014 us=159341   client = ENABLED
Mon Sep 01 10:23:17 2014 us=159341   pull = ENABLED
Mon Sep 01 10:23:17 2014 us=159341   auth_user_pass_file = '[UNDEF]'
Mon Sep 01 10:23:17 2014 us=159341   show_net_up = DISABLED
Mon Sep 01 10:23:17 2014 us=159341   route_method = 0
Mon Sep 01 10:23:17 2014 us=159341   ip_win32_defined = DISABLED
Mon Sep 01 10:23:17 2014 us=159341   ip_win32_type = 3
Mon Sep 01 10:23:17 2014 us=159341   dhcp_masq_offset = 0
Mon Sep 01 10:23:17 2014 us=159341   dhcp_lease_time = 31536000
Mon Sep 01 10:23:17 2014 us=159341   tap_sleep = 0
Mon Sep 01 10:23:17 2014 us=159341   dhcp_options = DISABLED
Mon Sep 01 10:23:17 2014 us=159341   dhcp_renew = DISABLED
Mon Sep 01 10:23:17 2014 us=159341   dhcp_pre_release = DISABLED
Mon Sep 01 10:23:17 2014 us=159341   dhcp_release = DISABLED
Mon Sep 01 10:23:17 2014 us=159341   domain = '[UNDEF]'
Mon Sep 01 10:23:17 2014 us=159341   netbios_scope = '[UNDEF]'
Mon Sep 01 10:23:17 2014 us=159341   netbios_node_type = 0
Mon Sep 01 10:23:17 2014 us=159341   disable_nbt = DISABLED
Mon Sep 01 10:23:17 2014 us=159341 OpenVPN 2.3.4 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on May  2 2014
Mon Sep 01 10:23:17 2014 us=159341 library versions: OpenSSL 1.0.1g 7 Apr 2014, LZO 2.05
Enter Management Password:
Mon Sep 01 10:23:17 2014 us=159341 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Mon Sep 01 10:23:17 2014 us=159341 Need hold release from management interface, waiting...
Mon Sep 01 10:23:17 2014 us=611742 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Mon Sep 01 10:23:17 2014 us=720942 MANAGEMENT: CMD 'state on'
Mon Sep 01 10:23:17 2014 us=720942 MANAGEMENT: CMD 'log all on'
Mon Sep 01 10:23:17 2014 us=923743 MANAGEMENT: CMD 'hold off'
Mon Sep 01 10:23:17 2014 us=923743 MANAGEMENT: CMD 'hold release'
Mon Sep 01 10:23:29 2014 us=93362 MANAGEMENT: CMD 'password [...]'
Mon Sep 01 10:23:29 2014 us=93362 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Mon Sep 01 10:23:29 2014 us=108962 LZO compression initialized
Mon Sep 01 10:23:29 2014 us=108962 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Mon Sep 01 10:23:29 2014 us=108962 Socket Buffers: R=[8192->8192] S=[8192->8192]
Mon Sep 01 10:23:29 2014 us=108962 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Mon Sep 01 10:23:29 2014 us=108962 Local Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Mon Sep 01 10:23:29 2014 us=108962 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Mon Sep 01 10:23:29 2014 us=108962 Local Options hash (VER=V4): '41690919'
Mon Sep 01 10:23:29 2014 us=108962 Expected Remote Options hash (VER=V4): '530fdded'
Mon Sep 01 10:23:29 2014 us=108962 UDPv4 link local: [undef]
Mon Sep 01 10:23:29 2014 us=108962 UDPv4 link remote: [AF_INET]10.20.30.9:1194
Mon Sep 01 10:23:29 2014 us=108962 MANAGEMENT: >STATE:1409585009,WAIT,,,
Mon Sep 01 10:23:29 2014 us=140162 MANAGEMENT: >STATE:1409585009,AUTH,,,
Mon Sep 01 10:23:29 2014 us=140162 TLS: Initial packet from [AF_INET]10.20.30.9:1194, sid=928c98fc e008dadf
Mon Sep 01 10:23:29 2014 us=233763 VERIFY OK: depth=1, CN=EVAD-VPN-CA
Mon Sep 01 10:23:29 2014 us=233763 VERIFY nsCertType ERROR: CN=EVAD-VPN, require nsCertType=SERVER
Mon Sep 01 10:23:29 2014 us=233763 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Mon Sep 01 10:23:29 2014 us=233763 TLS Error: TLS object -> incoming plaintext read error
Mon Sep 01 10:23:29 2014 us=233763 TLS Error: TLS handshake failed
Mon Sep 01 10:23:29 2014 us=233763 TCP/UDP: Closing socket
Mon Sep 01 10:23:29 2014 us=233763 SIGUSR1[soft,tls-error] received, process restarting
Mon Sep 01 10:23:29 2014 us=233763 MANAGEMENT: >STATE:1409585009,RECONNECTING,tls-error,,
Mon Sep 01 10:23:29 2014 us=233763 Restart pause, 2 second(s)
Mon Sep 01 10:23:31 2014 us=261766 Re-using SSL/TLS context
Mon Sep 01 10:23:31 2014 us=261766 LZO compression initialized
Mon Sep 01 10:23:31 2014 us=261766 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Mon Sep 01 10:23:31 2014 us=261766 Socket Buffers: R=[8192->8192] S=[8192->8192]
Mon Sep 01 10:23:31 2014 us=261766 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Mon Sep 01 10:23:31 2014 us=261766 Local Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Mon Sep 01 10:23:31 2014 us=261766 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Mon Sep 01 10:23:31 2014 us=261766 Local Options hash (VER=V4): '41690919'
Mon Sep 01 10:23:31 2014 us=261766 Expected Remote Options hash (VER=V4): '530fdded'
Mon Sep 01 10:23:31 2014 us=261766 UDPv4 link local: [undef]
Mon Sep 01 10:23:31 2014 us=261766 UDPv4 link remote: [AF_INET]10.20.30.9:1194
Mon Sep 01 10:23:31 2014 us=261766 MANAGEMENT: >STATE:1409585011,WAIT,,,
Mon Sep 01 10:23:31 2014 us=261766 MANAGEMENT: >STATE:1409585011,AUTH,,,
Mon Sep 01 10:23:31 2014 us=261766 TLS: Initial packet from [AF_INET]10.20.30.9:1194, sid=fab13ade 2a7d86b5
Mon Sep 01 10:23:31 2014 us=355366 VERIFY OK: depth=1, CN=EVAD-VPN-CA
Mon Sep 01 10:23:31 2014 us=355366 VERIFY nsCertType ERROR: CN=EVAD-VPN, require nsCertType=SERVER
Mon Sep 01 10:23:31 2014 us=355366 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Mon Sep 01 10:23:31 2014 us=355366 TLS Error: TLS object -> incoming plaintext read error
Mon Sep 01 10:23:31 2014 us=355366 TLS Error: TLS handshake failed
Mon Sep 01 10:23:31 2014 us=355366 TCP/UDP: Closing socket
Mon Sep 01 10:23:31 2014 us=355366 SIGUSR1[soft,tls-error] received, process restarting
Mon Sep 01 10:23:31 2014 us=355366 MANAGEMENT: >STATE:1409585011,RECONNECTING,tls-error,,
Mon Sep 01 10:23:31 2014 us=355366 Restart pause, 2 second(s)
Mon Sep 01 10:23:33 2014 us=383370 Re-using SSL/TLS context
Mon Sep 01 10:23:33 2014 us=383370 LZO compression initialized
Mon Sep 01 10:23:33 2014 us=383370 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Mon Sep 01 10:23:33 2014 us=383370 Socket Buffers: R=[8192->8192] S=[8192->8192]
Mon Sep 01 10:23:33 2014 us=383370 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Mon Sep 01 10:23:33 2014 us=383370 Local Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Mon Sep 01 10:23:33 2014 us=383370 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Mon Sep 01 10:23:33 2014 us=383370 Local Options hash (VER=V4): '41690919'
Mon Sep 01 10:23:33 2014 us=383370 Expected Remote Options hash (VER=V4): '530fdded'
Mon Sep 01 10:23:33 2014 us=383370 UDPv4 link local: [undef]
Mon Sep 01 10:23:33 2014 us=383370 UDPv4 link remote: [AF_INET]10.20.30.9:1194
Mon Sep 01 10:23:33 2014 us=383370 MANAGEMENT: >STATE:1409585013,WAIT,,,
Mon Sep 01 10:23:33 2014 us=383370 MANAGEMENT: >STATE:1409585013,AUTH,,,
Mon Sep 01 10:23:33 2014 us=383370 TLS: Initial packet from [AF_INET]10.20.30.9:1194, sid=33ceaca1 4d0c65ff
Mon Sep 01 10:23:33 2014 us=476970 VERIFY OK: depth=1, CN=EVAD-VPN-CA
Mon Sep 01 10:23:33 2014 us=476970 VERIFY nsCertType ERROR: CN=EVAD-VPN, require nsCertType=SERVER
Mon Sep 01 10:23:33 2014 us=476970 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Mon Sep 01 10:23:33 2014 us=476970 TLS Error: TLS object -> incoming plaintext read error
Mon Sep 01 10:23:33 2014 us=476970 TLS Error: TLS handshake failed
Mon Sep 01 10:23:33 2014 us=476970 TCP/UDP: Closing socket
Mon Sep 01 10:23:33 2014 us=476970 SIGUSR1[soft,tls-error] received, process restarting
Mon Sep 01 10:23:33 2014 us=476970 MANAGEMENT: >STATE:1409585013,RECONNECTING,tls-error,,
Mon Sep 01 10:23:33 2014 us=476970 Restart pause, 2 second(s)
Mon Sep 01 10:23:35 2014 us=504974 Re-using SSL/TLS context
Mon Sep 01 10:23:35 2014 us=504974 LZO compression initialized
Mon Sep 01 10:23:35 2014 us=504974 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Mon Sep 01 10:23:35 2014 us=504974 Socket Buffers: R=[8192->8192] S=[8192->8192]
Mon Sep 01 10:23:35 2014 us=504974 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Mon Sep 01 10:23:35 2014 us=504974 Local Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Mon Sep 01 10:23:35 2014 us=504974 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Mon Sep 01 10:23:35 2014 us=504974 Local Options hash (VER=V4): '41690919'
Mon Sep 01 10:23:35 2014 us=504974 Expected Remote Options hash (VER=V4): '530fdded'
Mon Sep 01 10:23:35 2014 us=504974 UDPv4 link local: [undef]
Mon Sep 01 10:23:35 2014 us=504974 UDPv4 link remote: [AF_INET]10.20.30.9:1194
Mon Sep 01 10:23:35 2014 us=504974 MANAGEMENT: >STATE:1409585015,WAIT,,,
Mon Sep 01 10:23:35 2014 us=504974 MANAGEMENT: >STATE:1409585015,AUTH,,,
Mon Sep 01 10:23:35 2014 us=504974 TLS: Initial packet from [AF_INET]10.20.30.9:1194, sid=9f4f7dc6 d9eea244
Mon Sep 01 10:23:35 2014 us=598574 VERIFY OK: depth=1, CN=EVAD-VPN-CA
Mon Sep 01 10:23:35 2014 us=598574 VERIFY nsCertType ERROR: CN=EVAD-VPN, require nsCertType=SERVER
Mon Sep 01 10:23:35 2014 us=598574 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Mon Sep 01 10:23:35 2014 us=598574 TLS Error: TLS object -> incoming plaintext read error
Mon Sep 01 10:23:35 2014 us=598574 TLS Error: TLS handshake failed
Mon Sep 01 10:23:35 2014 us=598574 TCP/UDP: Closing socket
Mon Sep 01 10:23:35 2014 us=614174 SIGUSR1[soft,tls-error] received, process restarting
Mon Sep 01 10:23:35 2014 us=614174 MANAGEMENT: >STATE:1409585015,RECONNECTING,tls-error,,
Mon Sep 01 10:23:35 2014 us=614174 Restart pause, 2 second(s)
Mon Sep 01 10:23:36 2014 us=628175 SIGTERM[hard,init_instance] received, process exiting
Mon Sep 01 10:23:36 2014 us=628175 MANAGEMENT: >STATE:1409585016,EXITING,init_instance,,

{Edit: READ/WRITE EVENTS}

Last edited by debbie10t on Tue Sep 02, 2014 8:01 pm, edited 1 time in total.
Reason: Long Lines

evad
OpenVpn Newbie
Posts: 3
Joined: Mon Sep 01, 2014 1:38 pm

Re: TLS handshake error

Postby evad » Wed Sep 03, 2014 4:08 am

Thanks for the reply.

Traffic wrote:
evad wrote:run CentOS 6.5 and use easyrsa 3
With EasyRSA 3 the --ns-cert-type server is no longer supported by default. Instead you must only use --remote-cert-tls server


I'm not sure where to define this. I do see a reference to this in the vars file inside the easy-rsa directory, is that where I need to add that line?
Traffic wrote:
evad wrote:Client Log
Code:
Mon Sep 01 08:55:20 2014 OpenVPN 2.3.4 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on May 2 2014
Mon Sep 01 08:55:20 2014 library versions: OpenSSL 1.0.1g 7 Apr 2014, LZO 2.05
There is a further update ... but do not use v234-i603 due to a problem with the TAP driver.


Will definitely update the client.
Traffic wrote:
evad wrote:Server at Verb 5
Code:
Mon Sep 1 10:22:31 2014 us=26719 OpenVPN 2.3.2 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [IPv6] built on Sep 12 2013
Might be worth checking your server OpenSSL is not vulnerable to Heartbleed.


Thought I was good on this. I'm subscribed to the CentOS update mailing list and I update every time they send out something (few times a week). I noticed in July sometime there was an openssl update. I'll will double check though.


Return to “Easy-RSA”

Who is online

Users browsing this forum: No registered users and 3 guests