100% package lost after ~1-2 minute after connection

This forum is for admins who are looking to build or expand their OpenVPN setup.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
Dm3Ch
OpenVpn Newbie
Posts: 2
Joined: Tue Feb 07, 2017 12:09 pm

100% package lost after ~1-2 minute after connection

Post by Dm3Ch » Tue Feb 07, 2017 12:16 pm

Hello!
I've installed OpenVPN server throw wizard on pfSense. When I'm connecting to this server from my lan all work great, but when i'm connecting from internet VPN works about 1-2 minutes and then all packets loses. But I couldn't find anything usefull in server or client logs.

Had anyone the same problem? How did you fixed it.

Server config:

Code: Select all

dev ovpns3
verb 4
dev-type tun
dev-node /dev/tun3
writepid /var/run/openvpn_server3.pid
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto udp
cipher AES-256-CBC
auth SHA256
up /usr/local/sbin/ovpn-linkup
down /usr/local/sbin/ovpn-linkdown
local 188.243.142.239
tls-server
server 10.10.0.0 255.255.255.0
client-config-dir /var/etc/openvpn-csc/server3
tls-verify "/usr/local/sbin/ovpn_auth_verify tls 'Dm3Ch-Home-OpenVPN+Server+Cert' 1"
lport 1194
management /var/etc/openvpn/server3.sock unix
max-clients 10
push "route 192.168.254.0 255.255.255.0"
push "route 192.168.1.0 255.255.255.0"
push "route 10.0.0.0 255.255.255.0"
ca /var/etc/openvpn/server3.ca 
cert /var/etc/openvpn/server3.cert 
key /var/etc/openvpn/server3.key 
dh /etc/dh-parameters.4096
tls-auth /var/etc/openvpn/server3.tls-auth 0
persist-remote-ip
float
topology subnet
Client config with deleted keys:

Code: Select all

dev tun
persist-tun
persist-key
cipher AES-256-CBC
auth SHA256
tls-client
client
resolv-retry infinite
remote x.x.x.x 1194 udp
lport 0
verify-x509-name "Dm3Ch-Home-OpenVPN Server Cert" name
ns-cert-type server

<ca>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
-----END PRIVATE KEY-----
</key>
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
-----END OpenVPN Static key V1-----
</tls-auth>
key-direction 1
Top
TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: 100% package lost after ~1-2 minute after connection

Post by TinCanTech » Tue Feb 07, 2017 12:36 pm

Please post your sanitized server and client logs at --verb 4

Please see:
HOWTO: Request Help !
Top
Dm3Ch
OpenVpn Newbie
Posts: 2
Joined: Tue Feb 07, 2017 12:09 pm

Re: 100% package lost after ~1-2 minute after connection

Post by Dm3Ch » Tue Feb 07, 2017 1:06 pm

Server config:
SERVER
dev ovpns3
verb 4
dev-type tun
dev-node /dev/tun3
writepid /var/run/openvpn_server3.pid
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto udp
cipher AES-256-CBC
auth SHA256
up /usr/local/sbin/ovpn-linkup
down /usr/local/sbin/ovpn-linkdown
local x.x.x.x
tls-server
server 10.10.0.0 255.255.255.0
client-config-dir /var/etc/openvpn-csc/server3
tls-verify "/usr/local/sbin/ovpn_auth_verify tls 'Dm3Ch-Home-OpenVPN+Server+Cert' 1"
lport 1194
management /var/etc/openvpn/server3.sock unix
max-clients 10
push "route 192.168.254.0 255.255.255.0"
push "route 192.168.1.0 255.255.255.0"
push "route 10.0.0.0 255.255.0.0"
ca /var/etc/openvpn/server3.ca
cert /var/etc/openvpn/server3.cert
key /var/etc/openvpn/server3.key
dh /etc/dh-parameters.4096
tls-auth /var/etc/openvpn/server3.tls-auth 0
persist-remote-ip
float
topology subnet
Client config:
CLIENT
dev tun
persist-tun
persist-key
cipher AES-256-CBC
auth SHA256
tls-client
client
resolv-retry infinite
remote x.x.x.x 1194 udp
lport 0
verify-x509-name "Dm3Ch-Home-OpenVPN Server Cert" name
ns-cert-type server

<ca>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
-----END PRIVATE KEY-----
</key>
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
-----END OpenVPN Static key V1-----
</tls-auth>
key-direction 1
Server log:

Code: Select all

Time	Message
Feb 7 15:54:45	openvpn[73391]: MANAGEMENT: CMD 'status 2'
Feb 7 15:54:45	openvpn[73391]: MANAGEMENT: CMD 'quit'
Feb 7 15:54:45	openvpn[73391]: MANAGEMENT: Client disconnected
Feb 7 15:54:48	openvpn[73391]: 188.162.65.5:50216 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Feb 7 15:54:48	openvpn[73391]: 188.162.65.5:50216 TLS Error: TLS handshake failed
Feb 7 15:54:48	openvpn[73391]: 188.162.65.5:50216 SIGUSR1[soft,tls-error] received, client-instance restarting
Feb 7 15:54:50	openvpn[73391]: MULTI: multi_create_instance called
Feb 7 15:54:50	openvpn[73391]: 188.162.65.5:41777 Re-using SSL/TLS context
Feb 7 15:54:50	openvpn[73391]: 188.162.65.5:41777 Control Channel MTU parms [ L:1569 D:1172 EF:78 EB:0 ET:0 EL:3 ]
Feb 7 15:54:50	openvpn[73391]: 188.162.65.5:41777 Data Channel MTU parms [ L:1569 D:1450 EF:69 EB:12 ET:0 EL:3 ]
Feb 7 15:54:50	openvpn[73391]: 188.162.65.5:41777 Local Options String: 'V4,dev-type tun,link-mtu 1569,tun-mtu 1500,proto UDPv4,keydir 0,cipher AES-256-CBC,auth SHA256,keysize 256,tls-auth,key-method 2,tls-server'
Feb 7 15:54:50	openvpn[73391]: 188.162.65.5:41777 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1569,tun-mtu 1500,proto UDPv4,keydir 1,cipher AES-256-CBC,auth SHA256,keysize 256,tls-auth,key-method 2,tls-client'
Feb 7 15:54:50	openvpn[73391]: 188.162.65.5:41777 Local Options hash (VER=V4): '66f5538f'
Feb 7 15:54:50	openvpn[73391]: 188.162.65.5:41777 Expected Remote Options hash (VER=V4): 'c7c95cbc'
Feb 7 15:54:50	openvpn[73391]: 188.162.65.5:41777 TLS: Initial packet from [AF_INET]188.162.65.5:41777, sid=e7725b20 bdd9df25
Feb 7 15:55:47	openvpn[73391]: MANAGEMENT: Client connected from /var/etc/openvpn/server3.sock
Feb 7 15:55:47	openvpn[73391]: MANAGEMENT: CMD 'status 2'
Feb 7 15:55:47	openvpn[73391]: MANAGEMENT: CMD 'quit'
Feb 7 15:55:47	openvpn[73391]: MANAGEMENT: Client disconnected
Feb 7 15:55:50	openvpn[73391]: 188.162.65.5:41777 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Feb 7 15:55:50	openvpn[73391]: 188.162.65.5:41777 TLS Error: TLS handshake failed
Feb 7 15:55:50	openvpn[73391]: 188.162.65.5:41777 SIGUSR1[soft,tls-error] received, client-instance restarting
Feb 7 15:55:52	openvpn[73391]: MULTI: multi_create_instance called
Feb 7 15:55:52	openvpn[73391]: 188.162.65.42:32943 Re-using SSL/TLS context
Feb 7 15:55:52	openvpn[73391]: 188.162.65.42:32943 Control Channel MTU parms [ L:1569 D:1172 EF:78 EB:0 ET:0 EL:3 ]
Feb 7 15:55:52	openvpn[73391]: 188.162.65.42:32943 Data Channel MTU parms [ L:1569 D:1450 EF:69 EB:12 ET:0 EL:3 ]
Feb 7 15:55:52	openvpn[73391]: 188.162.65.42:32943 Local Options String: 'V4,dev-type tun,link-mtu 1569,tun-mtu 1500,proto UDPv4,keydir 0,cipher AES-256-CBC,auth SHA256,keysize 256,tls-auth,key-method 2,tls-server'
Feb 7 15:55:52	openvpn[73391]: 188.162.65.42:32943 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1569,tun-mtu 1500,proto UDPv4,keydir 1,cipher AES-256-CBC,auth SHA256,keysize 256,tls-auth,key-method 2,tls-client'
Feb 7 15:55:52	openvpn[73391]: 188.162.65.42:32943 Local Options hash (VER=V4): '66f5538f'
Feb 7 15:55:52	openvpn[73391]: 188.162.65.42:32943 Expected Remote Options hash (VER=V4): 'c7c95cbc'
Feb 7 15:55:52	openvpn[73391]: 188.162.65.42:32943 TLS: Initial packet from [AF_INET]188.162.65.42:32943, sid=2734450c 840fa3aa
Feb 7 15:56:49	openvpn[73391]: MANAGEMENT: Client connected from /var/etc/openvpn/server3.sock
Feb 7 15:56:50	openvpn[73391]: MANAGEMENT: CMD 'status 2'
Feb 7 15:56:50	openvpn[73391]: MANAGEMENT: CMD 'quit'
Feb 7 15:56:50	openvpn[73391]: MANAGEMENT: Client disconnected
Feb 7 15:56:52	openvpn[73391]: 188.162.65.42:32943 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Feb 7 15:56:52	openvpn[73391]: 188.162.65.42:32943 TLS Error: TLS handshake failed
Feb 7 15:56:52	openvpn[73391]: 188.162.65.42:32943 SIGUSR1[soft,tls-error] received, client-instance restarting
Feb 7 15:57:52	openvpn[73391]: MANAGEMENT: Client connected from /var/etc/openvpn/server3.sock
Feb 7 15:57:52	openvpn[73391]: MANAGEMENT: CMD 'status 2'
Feb 7 15:57:52	openvpn[73391]: MANAGEMENT: CMD 'quit'
Feb 7 15:57:52	openvpn[73391]: MANAGEMENT: Client disconnected
Feb 7 15:58:54	openvpn[73391]: MANAGEMENT: Client connected from /var/etc/openvpn/server3.sock
Feb 7 15:58:54	openvpn[73391]: MANAGEMENT: CMD 'status 2'
Feb 7 15:58:55	openvpn[73391]: MANAGEMENT: CMD 'quit'
Feb 7 15:58:55	openvpn[73391]: MANAGEMENT: Client disconnected
Feb 7 15:59:56	openvpn[73391]: MANAGEMENT: Client connected from /var/etc/openvpn/server3.sock
Feb 7 15:59:57	openvpn[73391]: MANAGEMENT: CMD 'status 2'
Feb 7 15:59:57	openvpn[73391]: MANAGEMENT: CMD 'quit'
Feb 7 15:59:57	openvpn[73391]: MANAGEMENT: Client disconnected
Client log:

Code: Select all

Tue Feb  7 15:51:32 2017 us=999680 Current Parameter Settings:
Tue Feb  7 15:51:32 2017 us=999802   config = 'pfSense-udp-1194-Dm3Ch-Home-OpenVPN_Dm3Ch_Client_Cert-config.ovpn'
Tue Feb  7 15:51:32 2017 us=999842   mode = 0
Tue Feb  7 15:51:32 2017 us=999874   persist_config = DISABLED
Tue Feb  7 15:51:32 2017 us=999904   persist_mode = 1
Tue Feb  7 15:51:32 2017 us=999932   show_ciphers = DISABLED
Tue Feb  7 15:51:32 2017 us=999960   show_digests = DISABLED
Tue Feb  7 15:51:32 2017 us=999988   show_engines = DISABLED
Tue Feb  7 15:51:33 2017 us=16   genkey = DISABLED
Tue Feb  7 15:51:33 2017 us=43   key_pass_file = '[UNDEF]'
Tue Feb  7 15:51:33 2017 us=70   show_tls_ciphers = DISABLED
Tue Feb  7 15:51:33 2017 us=97 Connection profiles [default]:
Tue Feb  7 15:51:33 2017 us=125   proto = udp
Tue Feb  7 15:51:33 2017 us=153   local = '[UNDEF]'
Tue Feb  7 15:51:33 2017 us=181   local_port = 0
Tue Feb  7 15:51:33 2017 us=208   remote = 'x.x.x.x'
Tue Feb  7 15:51:33 2017 us=235   remote_port = 1194
Tue Feb  7 15:51:33 2017 us=262   remote_float = DISABLED
Tue Feb  7 15:51:33 2017 us=291   bind_defined = DISABLED
Tue Feb  7 15:51:33 2017 us=303   bind_local = ENABLED
Tue Feb  7 15:51:33 2017 us=314   connect_retry_seconds = 5
Tue Feb  7 15:51:33 2017 us=325   connect_timeout = 10
Tue Feb  7 15:51:33 2017 us=336   connect_retry_max = 0
Tue Feb  7 15:51:33 2017 us=349   socks_proxy_server = '[UNDEF]'
Tue Feb  7 15:51:33 2017 us=361   socks_proxy_port = 0
Tue Feb  7 15:51:33 2017 us=376   socks_proxy_retry = DISABLED
Tue Feb  7 15:51:33 2017 us=387   tun_mtu = 1500
Tue Feb  7 15:51:33 2017 us=398   tun_mtu_defined = ENABLED
Tue Feb  7 15:51:33 2017 us=410   link_mtu = 1500
Tue Feb  7 15:51:33 2017 us=421   link_mtu_defined = DISABLED
Tue Feb  7 15:51:33 2017 us=434   tun_mtu_extra = 0
Tue Feb  7 15:51:33 2017 us=445   tun_mtu_extra_defined = DISABLED
Tue Feb  7 15:51:33 2017 us=457   mtu_discover_type = -1
Tue Feb  7 15:51:33 2017 us=468   fragment = 0
Tue Feb  7 15:51:33 2017 us=480   mssfix = 1450
Tue Feb  7 15:51:33 2017 us=492   explicit_exit_notification = 0
Tue Feb  7 15:51:33 2017 us=504 Connection profiles END
Tue Feb  7 15:51:33 2017 us=516   remote_random = DISABLED
Tue Feb  7 15:51:33 2017 us=528   ipchange = '[UNDEF]'
Tue Feb  7 15:51:33 2017 us=540   dev = 'tun'
Tue Feb  7 15:51:33 2017 us=552   dev_type = '[UNDEF]'
Tue Feb  7 15:51:33 2017 us=565   dev_node = '[UNDEF]'
Tue Feb  7 15:51:33 2017 us=577   lladdr = '[UNDEF]'
Tue Feb  7 15:51:33 2017 us=589   topology = 1
Tue Feb  7 15:51:33 2017 us=602   tun_ipv6 = DISABLED
Tue Feb  7 15:51:33 2017 us=614   ifconfig_local = '[UNDEF]'
Tue Feb  7 15:51:33 2017 us=626   ifconfig_remote_netmask = '[UNDEF]'
Tue Feb  7 15:51:33 2017 us=638   ifconfig_noexec = DISABLED
Tue Feb  7 15:51:33 2017 us=651   ifconfig_nowarn = DISABLED
Tue Feb  7 15:51:33 2017 us=663   ifconfig_ipv6_local = '[UNDEF]'
Tue Feb  7 15:51:33 2017 us=675   ifconfig_ipv6_netbits = 0
Tue Feb  7 15:51:33 2017 us=688   ifconfig_ipv6_remote = '[UNDEF]'
Tue Feb  7 15:51:33 2017 us=700   shaper = 0
Tue Feb  7 15:51:33 2017 us=712   mtu_test = 0
Tue Feb  7 15:51:33 2017 us=725   mlock = DISABLED
Tue Feb  7 15:51:33 2017 us=737   keepalive_ping = 0
Tue Feb  7 15:51:33 2017 us=749   keepalive_timeout = 0
Tue Feb  7 15:51:33 2017 us=761   inactivity_timeout = 0
Tue Feb  7 15:51:33 2017 us=773   ping_send_timeout = 0
Tue Feb  7 15:51:33 2017 us=786   ping_rec_timeout = 0
Tue Feb  7 15:51:33 2017 us=798   ping_rec_timeout_action = 0
Tue Feb  7 15:51:33 2017 us=810   ping_timer_remote = DISABLED
Tue Feb  7 15:51:33 2017 us=822   remap_sigusr1 = 0
Tue Feb  7 15:51:33 2017 us=834   persist_tun = ENABLED
Tue Feb  7 15:51:33 2017 us=847   persist_local_ip = DISABLED
Tue Feb  7 15:51:33 2017 us=859   persist_remote_ip = DISABLED
Tue Feb  7 15:51:33 2017 us=871   persist_key = ENABLED
Tue Feb  7 15:51:33 2017 us=883   passtos = DISABLED
Tue Feb  7 15:51:33 2017 us=896   resolve_retry_seconds = 1000000000
Tue Feb  7 15:51:33 2017 us=908   username = '[UNDEF]'
Tue Feb  7 15:51:33 2017 us=919   groupname = '[UNDEF]'
Tue Feb  7 15:51:33 2017 us=931   chroot_dir = '[UNDEF]'
Tue Feb  7 15:51:33 2017 us=949   cd_dir = '[UNDEF]'
Tue Feb  7 15:51:33 2017 us=962   writepid = '[UNDEF]'
Tue Feb  7 15:51:33 2017 us=974   up_script = '[UNDEF]'
Tue Feb  7 15:51:33 2017 us=986   down_script = '[UNDEF]'
Tue Feb  7 15:51:33 2017 us=998   down_pre = DISABLED
Tue Feb  7 15:51:33 2017 us=1011   up_restart = DISABLED
Tue Feb  7 15:51:33 2017 us=1023   up_delay = DISABLED
Tue Feb  7 15:51:33 2017 us=1035   daemon = DISABLED
Tue Feb  7 15:51:33 2017 us=1048   inetd = 0
Tue Feb  7 15:51:33 2017 us=1060   log = DISABLED
Tue Feb  7 15:51:33 2017 us=1072   suppress_timestamps = DISABLED
Tue Feb  7 15:51:33 2017 us=1084   nice = 0
Tue Feb  7 15:51:33 2017 us=1097   verbosity = 4
Tue Feb  7 15:51:33 2017 us=1109   mute = 0
Tue Feb  7 15:51:33 2017 us=1122   gremlin = 0
Tue Feb  7 15:51:33 2017 us=1134   status_file = '[UNDEF]'
Tue Feb  7 15:51:33 2017 us=1146   status_file_version = 1
Tue Feb  7 15:51:33 2017 us=1158   status_file_update_freq = 60
Tue Feb  7 15:51:33 2017 us=1186   occ = ENABLED
Tue Feb  7 15:51:33 2017 us=1197   rcvbuf = 0
Tue Feb  7 15:51:33 2017 us=1209   sndbuf = 0
Tue Feb  7 15:51:33 2017 us=1220   mark = 0
Tue Feb  7 15:51:33 2017 us=1232   sockflags = 0
Tue Feb  7 15:51:33 2017 us=1244   fast_io = DISABLED
Tue Feb  7 15:51:33 2017 us=1256   lzo = 0
Tue Feb  7 15:51:33 2017 us=1267   route_script = '[UNDEF]'
Tue Feb  7 15:51:33 2017 us=1279   route_default_gateway = '[UNDEF]'
Tue Feb  7 15:51:33 2017 us=1291   route_default_metric = 0
Tue Feb  7 15:51:33 2017 us=1302   route_noexec = DISABLED
Tue Feb  7 15:51:33 2017 us=1314   route_delay = 0
Tue Feb  7 15:51:33 2017 us=1325   route_delay_window = 30
Tue Feb  7 15:51:33 2017 us=1337   route_delay_defined = DISABLED
Tue Feb  7 15:51:33 2017 us=1348   route_nopull = DISABLED
Tue Feb  7 15:51:33 2017 us=1360   route_gateway_via_dhcp = DISABLED
Tue Feb  7 15:51:33 2017 us=1371   max_routes = 100
Tue Feb  7 15:51:33 2017 us=1383   allow_pull_fqdn = DISABLED
Tue Feb  7 15:51:33 2017 us=1395   management_addr = '[UNDEF]'
Tue Feb  7 15:51:33 2017 us=1407   management_port = 0
Tue Feb  7 15:51:33 2017 us=1419   management_user_pass = '[UNDEF]'
Tue Feb  7 15:51:33 2017 us=1431   management_log_history_cache = 250
Tue Feb  7 15:51:33 2017 us=1443   management_echo_buffer_size = 100
Tue Feb  7 15:51:33 2017 us=1455   management_write_peer_info_file = '[UNDEF]'
Tue Feb  7 15:51:33 2017 us=1467   management_client_user = '[UNDEF]'
Tue Feb  7 15:51:33 2017 us=1479   management_client_group = '[UNDEF]'
Tue Feb  7 15:51:33 2017 us=1491   management_flags = 0
Tue Feb  7 15:51:33 2017 us=1503   shared_secret_file = '[UNDEF]'
Tue Feb  7 15:51:33 2017 us=1515   key_direction = 2
Tue Feb  7 15:51:33 2017 us=1527   ciphername_defined = ENABLED
Tue Feb  7 15:51:33 2017 us=1539   ciphername = 'AES-256-CBC'
Tue Feb  7 15:51:33 2017 us=1550   authname_defined = ENABLED
Tue Feb  7 15:51:33 2017 us=1562   authname = 'SHA256'
Tue Feb  7 15:51:33 2017 us=1574   prng_hash = 'SHA1'
Tue Feb  7 15:51:33 2017 us=1586   prng_nonce_secret_len = 16
Tue Feb  7 15:51:33 2017 us=1598   keysize = 0
Tue Feb  7 15:51:33 2017 us=1609   engine = DISABLED
Tue Feb  7 15:51:33 2017 us=1621   replay = ENABLED
Tue Feb  7 15:51:33 2017 us=1633   mute_replay_warnings = DISABLED
Tue Feb  7 15:51:33 2017 us=1645   replay_window = 64
Tue Feb  7 15:51:33 2017 us=1656   replay_time = 15
Tue Feb  7 15:51:33 2017 us=1668   packet_id_file = '[UNDEF]'
Tue Feb  7 15:51:33 2017 us=1680   use_iv = ENABLED
Tue Feb  7 15:51:33 2017 us=1691   test_crypto = DISABLED
Tue Feb  7 15:51:33 2017 us=1703   tls_server = DISABLED
Tue Feb  7 15:51:33 2017 us=1715   tls_client = ENABLED
Tue Feb  7 15:51:33 2017 us=1727   key_method = 2
Tue Feb  7 15:51:33 2017 us=1739   ca_file = '[[INLINE]]'
Tue Feb  7 15:51:33 2017 us=1750   ca_path = '[UNDEF]'
Tue Feb  7 15:51:33 2017 us=1762   dh_file = '[UNDEF]'
Tue Feb  7 15:51:33 2017 us=1774   cert_file = '[[INLINE]]'
Tue Feb  7 15:51:33 2017 us=1786   extra_certs_file = '[UNDEF]'
Tue Feb  7 15:51:33 2017 us=1798   priv_key_file = '[[INLINE]]'
Tue Feb  7 15:51:33 2017 us=1813   pkcs12_file = '[UNDEF]'
Tue Feb  7 15:51:33 2017 us=1826   cipher_list = '[UNDEF]'
Tue Feb  7 15:51:33 2017 us=1838   tls_verify = '[UNDEF]'
Tue Feb  7 15:51:33 2017 us=1849   tls_export_cert = '[UNDEF]'
Tue Feb  7 15:51:33 2017 us=1861   verify_x509_type = 2
Tue Feb  7 15:51:33 2017 us=1873   verify_x509_name = 'Dm3Ch-Home-OpenVPN Server Cert'
Tue Feb  7 15:51:33 2017 us=1885   crl_file = '[UNDEF]'
Tue Feb  7 15:51:33 2017 us=1897   ns_cert_type = 1
Tue Feb  7 15:51:33 2017 us=1909   remote_cert_ku[i] = 0
Tue Feb  7 15:51:33 2017 us=1921   remote_cert_ku[i] = 0
Tue Feb  7 15:51:33 2017 us=1932   remote_cert_ku[i] = 0
Tue Feb  7 15:51:33 2017 us=1944   remote_cert_ku[i] = 0
Tue Feb  7 15:51:33 2017 us=1960   remote_cert_ku[i] = 0
Tue Feb  7 15:51:33 2017 us=1970   remote_cert_ku[i] = 0
Tue Feb  7 15:51:33 2017 us=1979   remote_cert_ku[i] = 0
Tue Feb  7 15:51:33 2017 us=1991   remote_cert_ku[i] = 0
Tue Feb  7 15:51:33 2017 us=2002   remote_cert_ku[i] = 0
Tue Feb  7 15:51:33 2017 us=2013   remote_cert_ku[i] = 0
Tue Feb  7 15:51:33 2017 us=2026   remote_cert_ku[i] = 0
Tue Feb  7 15:51:33 2017 us=2037   remote_cert_ku[i] = 0
Tue Feb  7 15:51:33 2017 us=2047   remote_cert_ku[i] = 0
Tue Feb  7 15:51:33 2017 us=2060   remote_cert_ku[i] = 0
Tue Feb  7 15:51:33 2017 us=2071   remote_cert_ku[i] = 0
Tue Feb  7 15:51:33 2017 us=2083   remote_cert_ku[i] = 0
Tue Feb  7 15:51:33 2017 us=2093   remote_cert_eku = '[UNDEF]'
Tue Feb  7 15:51:33 2017 us=2105   ssl_flags = 0
Tue Feb  7 15:51:33 2017 us=2116   tls_timeout = 2
Tue Feb  7 15:51:33 2017 us=2128   renegotiate_bytes = 0
Tue Feb  7 15:51:33 2017 us=2139   renegotiate_packets = 0
Tue Feb  7 15:51:33 2017 us=2151   renegotiate_seconds = 3600
Tue Feb  7 15:51:33 2017 us=2163   handshake_window = 60
Tue Feb  7 15:51:33 2017 us=2175   transition_window = 3600
Tue Feb  7 15:51:33 2017 us=2187   single_session = DISABLED
Tue Feb  7 15:51:33 2017 us=2198   push_peer_info = DISABLED
Tue Feb  7 15:51:33 2017 us=2210   tls_exit = DISABLED
Tue Feb  7 15:51:33 2017 us=2223   tls_auth_file = '[[INLINE]]'
Tue Feb  7 15:51:33 2017 us=2235   pkcs11_protected_authentication = DISABLED
Tue Feb  7 15:51:33 2017 us=2247   pkcs11_protected_authentication = DISABLED
Tue Feb  7 15:51:33 2017 us=2258   pkcs11_protected_authentication = DISABLED
Tue Feb  7 15:51:33 2017 us=2270   pkcs11_protected_authentication = DISABLED
Tue Feb  7 15:51:33 2017 us=2282   pkcs11_protected_authentication = DISABLED
Tue Feb  7 15:51:33 2017 us=2295   pkcs11_protected_authentication = DISABLED
Tue Feb  7 15:51:33 2017 us=2307   pkcs11_protected_authentication = DISABLED
Tue Feb  7 15:51:33 2017 us=2319   pkcs11_protected_authentication = DISABLED
Tue Feb  7 15:51:33 2017 us=2331   pkcs11_protected_authentication = DISABLED
Tue Feb  7 15:51:33 2017 us=2343   pkcs11_protected_authentication = DISABLED
Tue Feb  7 15:51:33 2017 us=2356   pkcs11_protected_authentication = DISABLED
Tue Feb  7 15:51:33 2017 us=2368   pkcs11_protected_authentication = DISABLED
Tue Feb  7 15:51:33 2017 us=2380   pkcs11_protected_authentication = DISABLED
Tue Feb  7 15:51:33 2017 us=2392   pkcs11_protected_authentication = DISABLED
Tue Feb  7 15:51:33 2017 us=2404   pkcs11_protected_authentication = DISABLED
Tue Feb  7 15:51:33 2017 us=2416   pkcs11_protected_authentication = DISABLED
Tue Feb  7 15:51:33 2017 us=2429   pkcs11_private_mode = 00000000
Tue Feb  7 15:51:33 2017 us=2441   pkcs11_private_mode = 00000000
Tue Feb  7 15:51:33 2017 us=2453   pkcs11_private_mode = 00000000
Tue Feb  7 15:51:33 2017 us=2464   pkcs11_private_mode = 00000000
Tue Feb  7 15:51:33 2017 us=2474   pkcs11_private_mode = 00000000
Tue Feb  7 15:51:33 2017 us=2485   pkcs11_private_mode = 00000000
Tue Feb  7 15:51:33 2017 us=2496   pkcs11_private_mode = 00000000
Tue Feb  7 15:51:33 2017 us=2506   pkcs11_private_mode = 00000000
Tue Feb  7 15:51:33 2017 us=2517   pkcs11_private_mode = 00000000
Tue Feb  7 15:51:33 2017 us=2528   pkcs11_private_mode = 00000000
Tue Feb  7 15:51:33 2017 us=2538   pkcs11_private_mode = 00000000
Tue Feb  7 15:51:33 2017 us=2549   pkcs11_private_mode = 00000000
Tue Feb  7 15:51:33 2017 us=2565   pkcs11_private_mode = 00000000
Tue Feb  7 15:51:33 2017 us=2577   pkcs11_private_mode = 00000000
Tue Feb  7 15:51:33 2017 us=2589   pkcs11_private_mode = 00000000
Tue Feb  7 15:51:33 2017 us=2601   pkcs11_private_mode = 00000000
Tue Feb  7 15:51:33 2017 us=2613   pkcs11_cert_private = DISABLED
Tue Feb  7 15:51:33 2017 us=2624   pkcs11_cert_private = DISABLED
Tue Feb  7 15:51:33 2017 us=2642   pkcs11_cert_private = DISABLED
Tue Feb  7 15:51:33 2017 us=2653   pkcs11_cert_private = DISABLED
Tue Feb  7 15:51:33 2017 us=2670   pkcs11_cert_private = DISABLED
Tue Feb  7 15:51:33 2017 us=2680   pkcs11_cert_private = DISABLED
Tue Feb  7 15:51:33 2017 us=2691   pkcs11_cert_private = DISABLED
Tue Feb  7 15:51:33 2017 us=2703   pkcs11_cert_private = DISABLED
Tue Feb  7 15:51:33 2017 us=2715   pkcs11_cert_private = DISABLED
Tue Feb  7 15:51:33 2017 us=2727   pkcs11_cert_private = DISABLED
Tue Feb  7 15:51:33 2017 us=2738   pkcs11_cert_private = DISABLED
Tue Feb  7 15:51:33 2017 us=2750   pkcs11_cert_private = DISABLED
Tue Feb  7 15:51:33 2017 us=2762   pkcs11_cert_private = DISABLED
Tue Feb  7 15:51:33 2017 us=2774   pkcs11_cert_private = DISABLED
Tue Feb  7 15:51:33 2017 us=2785   pkcs11_cert_private = DISABLED
Tue Feb  7 15:51:33 2017 us=2797   pkcs11_cert_private = DISABLED
Tue Feb  7 15:51:33 2017 us=2809   pkcs11_pin_cache_period = -1
Tue Feb  7 15:51:33 2017 us=2821   pkcs11_id = '[UNDEF]'
Tue Feb  7 15:51:33 2017 us=2833   pkcs11_id_management = DISABLED
Tue Feb  7 15:51:33 2017 us=2847   server_network = 0.0.0.0
Tue Feb  7 15:51:33 2017 us=2858   server_netmask = 0.0.0.0
Tue Feb  7 15:51:33 2017 us=2889   server_network_ipv6 = ::
Tue Feb  7 15:51:33 2017 us=2900   server_netbits_ipv6 = 0
Tue Feb  7 15:51:33 2017 us=2908   server_bridge_ip = 0.0.0.0
Tue Feb  7 15:51:33 2017 us=2918   server_bridge_netmask = 0.0.0.0
Tue Feb  7 15:51:33 2017 us=2929   server_bridge_pool_start = 0.0.0.0
Tue Feb  7 15:51:33 2017 us=2941   server_bridge_pool_end = 0.0.0.0
Tue Feb  7 15:51:33 2017 us=2949   ifconfig_pool_defined = DISABLED
Tue Feb  7 15:51:33 2017 us=2960   ifconfig_pool_start = 0.0.0.0
Tue Feb  7 15:51:33 2017 us=2969   ifconfig_pool_end = 0.0.0.0
Tue Feb  7 15:51:33 2017 us=3005   ifconfig_pool_netmask = 0.0.0.0
Tue Feb  7 15:51:33 2017 us=3033   ifconfig_pool_persist_filename = '[UNDEF]'
Tue Feb  7 15:51:33 2017 us=3061   ifconfig_pool_persist_refresh_freq = 600
Tue Feb  7 15:51:33 2017 us=3087   ifconfig_ipv6_pool_defined = DISABLED
Tue Feb  7 15:51:33 2017 us=3115   ifconfig_ipv6_pool_base = ::
Tue Feb  7 15:51:33 2017 us=3141   ifconfig_ipv6_pool_netbits = 0
Tue Feb  7 15:51:33 2017 us=3167   n_bcast_buf = 256
Tue Feb  7 15:51:33 2017 us=3206   tcp_queue_limit = 64
Tue Feb  7 15:51:33 2017 us=3231   real_hash_size = 256
Tue Feb  7 15:51:33 2017 us=3256   virtual_hash_size = 256
Tue Feb  7 15:51:33 2017 us=3281   client_connect_script = '[UNDEF]'
Tue Feb  7 15:51:33 2017 us=3306   learn_address_script = '[UNDEF]'
Tue Feb  7 15:51:33 2017 us=3331   client_disconnect_script = '[UNDEF]'
Tue Feb  7 15:51:33 2017 us=3356   client_config_dir = '[UNDEF]'
Tue Feb  7 15:51:33 2017 us=3382   ccd_exclusive = DISABLED
Tue Feb  7 15:51:33 2017 us=3407   tmp_dir = '/tmp'
Tue Feb  7 15:51:33 2017 us=3432   push_ifconfig_defined = DISABLED
Tue Feb  7 15:51:33 2017 us=3458   push_ifconfig_local = 0.0.0.0
Tue Feb  7 15:51:33 2017 us=3488   push_ifconfig_remote_netmask = 0.0.0.0
Tue Feb  7 15:51:33 2017 us=3516   push_ifconfig_ipv6_defined = DISABLED
Tue Feb  7 15:51:33 2017 us=3562   push_ifconfig_ipv6_local = ::/0
Tue Feb  7 15:51:33 2017 us=3593   push_ifconfig_ipv6_remote = ::
Tue Feb  7 15:51:33 2017 us=3621   enable_c2c = DISABLED
Tue Feb  7 15:51:33 2017 us=3647   duplicate_cn = DISABLED
Tue Feb  7 15:51:33 2017 us=3672   cf_max = 0
Tue Feb  7 15:51:33 2017 us=3698   cf_per = 0
Tue Feb  7 15:51:33 2017 us=3724   max_clients = 1024
Tue Feb  7 15:51:33 2017 us=3766   max_routes_per_client = 256
Tue Feb  7 15:51:33 2017 us=3798   auth_user_pass_verify_script = '[UNDEF]'
Tue Feb  7 15:51:33 2017 us=3832   auth_user_pass_verify_script_via_file = DISABLED
Tue Feb  7 15:51:33 2017 us=3860   port_share_host = '[UNDEF]'
Tue Feb  7 15:51:33 2017 us=3889   port_share_port = 0
Tue Feb  7 15:51:33 2017 us=3917   client = ENABLED
Tue Feb  7 15:51:33 2017 us=3946   pull = ENABLED
Tue Feb  7 15:51:33 2017 us=3979   auth_user_pass_file = '[UNDEF]'
Tue Feb  7 15:51:33 2017 us=4011 OpenVPN 2.3.10 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Feb  2 2016
Tue Feb  7 15:51:33 2017 us=4055 library versions: OpenSSL 1.0.2g  1 Mar 2016, LZO 2.08
Tue Feb  7 15:51:33 2017 us=4520 Control Channel Authentication: tls-auth using INLINE static key file
Tue Feb  7 15:51:33 2017 us=4544 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Tue Feb  7 15:51:33 2017 us=4557 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Tue Feb  7 15:51:33 2017 us=4611 Control Channel MTU parms [ L:1569 D:1172 EF:78 EB:0 ET:0 EL:3 ]
Tue Feb  7 15:51:33 2017 us=4638 Socket Buffers: R=[212992->212992] S=[212992->212992]
Tue Feb  7 15:51:33 2017 us=4657 Data Channel MTU parms [ L:1569 D:1450 EF:69 EB:12 ET:0 EL:3 ]
Tue Feb  7 15:51:33 2017 us=4676 Local Options String: 'V4,dev-type tun,link-mtu 1569,tun-mtu 1500,proto UDPv4,keydir 1,cipher AES-256-CBC,auth SHA256,keysize 256,tls-auth,key-method 2,tls-client'
Tue Feb  7 15:51:33 2017 us=4686 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1569,tun-mtu 1500,proto UDPv4,keydir 0,cipher AES-256-CBC,auth SHA256,keysize 256,tls-auth,key-method 2,tls-server'
Tue Feb  7 15:51:33 2017 us=4704 Local Options hash (VER=V4): 'c7c95cbc'
Tue Feb  7 15:51:33 2017 us=4718 Expected Remote Options hash (VER=V4): '66f5538f'
Tue Feb  7 15:51:33 2017 us=4731 UDPv4 link local (bound): [undef]
Tue Feb  7 15:51:33 2017 us=4743 UDPv4 link remote: [AF_INET]x.x.x.x:1194
Tue Feb  7 15:51:33 2017 us=102528 TLS: Initial packet from [AF_INET]x.x.x.x:1194, sid=875e3b47 6980e970
Tue Feb  7 15:51:33 2017 us=657133 VERIFY OK: depth=1, C=RU, ST=Saint-Petersburg, L=Saint-Petersburg, O=Dm3Ch Home OpenVPN, emailAddress=dm3chip@gmail.com, CN=Dm3Ch-Home-OpenVPN CA
Tue Feb  7 15:51:33 2017 us=658288 VERIFY OK: nsCertType=SERVER
Tue Feb  7 15:51:33 2017 us=658361 VERIFY X509NAME OK: C=RU, ST=Saint-Petersburg, L=Saint-Petersburg, O=Dm3Ch-Home-Openvpn, emailAddress=dm3chip@gmail.com, CN=Dm3Ch-Home-OpenVPN Server Cert
Tue Feb  7 15:51:33 2017 us=658408 VERIFY OK: depth=0, C=RU, ST=Saint-Petersburg, L=Saint-Petersburg, O=Dm3Ch-Home-Openvpn, emailAddress=dm3chip@gmail.com, CN=Dm3Ch-Home-OpenVPN Server Cert
Tue Feb  7 15:51:34 2017 us=415135 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Tue Feb  7 15:51:34 2017 us=415260 Data Channel Encrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
Tue Feb  7 15:51:34 2017 us=415308 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Tue Feb  7 15:51:34 2017 us=415354 Data Channel Decrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
Tue Feb  7 15:51:34 2017 us=415532 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Tue Feb  7 15:51:34 2017 us=415617 [Dm3Ch-Home-OpenVPN Server Cert] Peer Connection Initiated with [AF_INET]x.x.x.x:1194
Tue Feb  7 15:51:36 2017 us=728134 SENT CONTROL [Dm3Ch-Home-OpenVPN Server Cert]: 'PUSH_REQUEST' (status=1)
Tue Feb  7 15:51:36 2017 us=782923 PUSH: Received control message: 'PUSH_REPLY,route 192.168.254.0 255.255.255.0,route 192.168.1.0 255.255.255.0,route 10.0.0.0 255.255.0.0,route-gateway 10.10.0.1,topology subnet,ping 10,ping-restart 60,ifconfig 10.10.0.2 255.255.255.0'
Tue Feb  7 15:51:36 2017 us=783082 OPTIONS IMPORT: timers and/or timeouts modified
Tue Feb  7 15:51:36 2017 us=783102 OPTIONS IMPORT: --ifconfig/up options modified
Tue Feb  7 15:51:36 2017 us=783113 OPTIONS IMPORT: route options modified
Tue Feb  7 15:51:36 2017 us=783123 OPTIONS IMPORT: route-related options modified
Tue Feb  7 15:51:36 2017 us=783291 ROUTE_GATEWAY 192.168.1.1/255.255.255.0 IFACE=wlp4s0 HWADDR=f0:d5:bf:68:7f:81
Tue Feb  7 15:51:36 2017 us=787760 TUN/TAP device tun0 opened
Tue Feb  7 15:51:36 2017 us=787823 TUN/TAP TX queue length set to 100
Tue Feb  7 15:51:36 2017 us=787844 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Tue Feb  7 15:51:36 2017 us=787869 /sbin/ip link set dev tun0 up mtu 1500
Tue Feb  7 15:51:36 2017 us=792045 /sbin/ip addr add dev tun0 10.10.0.2/24 broadcast 10.10.0.255
Tue Feb  7 15:51:36 2017 us=793942 /sbin/ip route add 192.168.254.0/24 via 10.10.0.1
Tue Feb  7 15:51:36 2017 us=794935 /sbin/ip route add 192.168.1.0/24 via 10.10.0.1
Tue Feb  7 15:51:36 2017 us=799895 /sbin/ip route add 10.0.0.0/16 via 10.10.0.1
Tue Feb  7 15:51:36 2017 us=809814 Initialization Sequence Completed
Tue Feb  7 15:52:44 2017 us=133632 [Dm3Ch-Home-OpenVPN Server Cert] Inactivity timeout (--ping-restart), restarting
Tue Feb  7 15:52:44 2017 us=134258 TCP/UDP: Closing socket
Tue Feb  7 15:52:44 2017 us=134428 SIGUSR1[soft,ping-restart] received, process restarting
Tue Feb  7 15:52:44 2017 us=134517 Restart pause, 2 second(s)
Tue Feb  7 15:52:46 2017 us=135191 Re-using SSL/TLS context
Tue Feb  7 15:52:46 2017 us=135536 Control Channel MTU parms [ L:1569 D:1172 EF:78 EB:0 ET:0 EL:3 ]
Tue Feb  7 15:52:46 2017 us=135726 Socket Buffers: R=[212992->212992] S=[212992->212992]
Tue Feb  7 15:52:46 2017 us=135844 Data Channel MTU parms [ L:1569 D:1450 EF:69 EB:12 ET:0 EL:3 ]
Tue Feb  7 15:52:46 2017 us=135979 Local Options String: 'V4,dev-type tun,link-mtu 1569,tun-mtu 1500,proto UDPv4,keydir 1,cipher AES-256-CBC,auth SHA256,keysize 256,tls-auth,key-method 2,tls-client'
Tue Feb  7 15:52:46 2017 us=136050 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1569,tun-mtu 1500,proto UDPv4,keydir 0,cipher AES-256-CBC,auth SHA256,keysize 256,tls-auth,key-method 2,tls-server'
Tue Feb  7 15:52:46 2017 us=136172 Local Options hash (VER=V4): 'c7c95cbc'
Tue Feb  7 15:52:46 2017 us=136256 Expected Remote Options hash (VER=V4): '66f5538f'
Tue Feb  7 15:52:46 2017 us=136311 UDPv4 link local (bound): [undef]
Tue Feb  7 15:52:46 2017 us=136376 UDPv4 link remote: [AF_INET]x.x.x.x:1194
Tue Feb  7 15:53:46 2017 us=335398 [UNDEF] Inactivity timeout (--ping-restart), restarting
Tue Feb  7 15:53:46 2017 us=335649 TCP/UDP: Closing socket
Tue Feb  7 15:53:46 2017 us=335762 SIGUSR1[soft,ping-restart] received, process restarting
Tue Feb  7 15:53:46 2017 us=335845 Restart pause, 2 second(s)
Tue Feb  7 15:53:48 2017 us=336286 Re-using SSL/TLS context
Tue Feb  7 15:53:48 2017 us=336634 Control Channel MTU parms [ L:1569 D:1172 EF:78 EB:0 ET:0 EL:3 ]
Tue Feb  7 15:53:48 2017 us=336769 Socket Buffers: R=[212992->212992] S=[212992->212992]
Tue Feb  7 15:53:48 2017 us=336897 Data Channel MTU parms [ L:1569 D:1450 EF:69 EB:12 ET:0 EL:3 ]
Tue Feb  7 15:53:48 2017 us=337025 Local Options String: 'V4,dev-type tun,link-mtu 1569,tun-mtu 1500,proto UDPv4,keydir 1,cipher AES-256-CBC,auth SHA256,keysize 256,tls-auth,key-method 2,tls-client'
Tue Feb  7 15:53:48 2017 us=337097 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1569,tun-mtu 1500,proto UDPv4,keydir 0,cipher AES-256-CBC,auth SHA256,keysize 256,tls-auth,key-method 2,tls-server'
Tue Feb  7 15:53:48 2017 us=337202 Local Options hash (VER=V4): 'c7c95cbc'
Tue Feb  7 15:53:48 2017 us=337294 Expected Remote Options hash (VER=V4): '66f5538f'
Tue Feb  7 15:53:48 2017 us=337357 UDPv4 link local (bound): [undef]
Tue Feb  7 15:53:48 2017 us=337419 UDPv4 link remote: [AF_INET]x.x.x.x:1194
Tue Feb  7 15:54:48 2017 us=334899 [UNDEF] Inactivity timeout (--ping-restart), restarting
Tue Feb  7 15:54:48 2017 us=335171 TCP/UDP: Closing socket
Tue Feb  7 15:54:48 2017 us=335299 SIGUSR1[soft,ping-restart] received, process restarting
Tue Feb  7 15:54:48 2017 us=335378 Restart pause, 2 second(s)
Tue Feb  7 15:54:50 2017 us=335619 Re-using SSL/TLS context
Tue Feb  7 15:54:50 2017 us=335920 Control Channel MTU parms [ L:1569 D:1172 EF:78 EB:0 ET:0 EL:3 ]
Tue Feb  7 15:54:50 2017 us=336038 Socket Buffers: R=[212992->212992] S=[212992->212992]
Tue Feb  7 15:54:50 2017 us=336167 Data Channel MTU parms [ L:1569 D:1450 EF:69 EB:12 ET:0 EL:3 ]
Tue Feb  7 15:54:50 2017 us=336276 Local Options String: 'V4,dev-type tun,link-mtu 1569,tun-mtu 1500,proto UDPv4,keydir 1,cipher AES-256-CBC,auth SHA256,keysize 256,tls-auth,key-method 2,tls-client'
Tue Feb  7 15:54:50 2017 us=336330 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1569,tun-mtu 1500,proto UDPv4,keydir 0,cipher AES-256-CBC,auth SHA256,keysize 256,tls-auth,key-method 2,tls-server'
Tue Feb  7 15:54:50 2017 us=336417 Local Options hash (VER=V4): 'c7c95cbc'
Tue Feb  7 15:54:50 2017 us=336496 Expected Remote Options hash (VER=V4): '66f5538f'
Tue Feb  7 15:54:50 2017 us=336581 UDPv4 link local (bound): [undef]
Tue Feb  7 15:54:50 2017 us=336645 UDPv4 link remote: [AF_INET]x.x.x.x:1194
Tue Feb  7 15:55:50 2017 us=334927 [UNDEF] Inactivity timeout (--ping-restart), restarting
Tue Feb  7 15:55:50 2017 us=335191 TCP/UDP: Closing socket
Tue Feb  7 15:55:50 2017 us=335316 SIGUSR1[soft,ping-restart] received, process restarting
Tue Feb  7 15:55:50 2017 us=335384 Restart pause, 2 second(s)
Tue Feb  7 15:55:52 2017 us=335769 Re-using SSL/TLS context
Tue Feb  7 15:55:52 2017 us=336116 Control Channel MTU parms [ L:1569 D:1172 EF:78 EB:0 ET:0 EL:3 ]
Tue Feb  7 15:55:52 2017 us=336249 Socket Buffers: R=[212992->212992] S=[212992->212992]
Tue Feb  7 15:55:52 2017 us=336380 Data Channel MTU parms [ L:1569 D:1450 EF:69 EB:12 ET:0 EL:3 ]
Tue Feb  7 15:55:52 2017 us=336503 Local Options String: 'V4,dev-type tun,link-mtu 1569,tun-mtu 1500,proto UDPv4,keydir 1,cipher AES-256-CBC,auth SHA256,keysize 256,tls-auth,key-method 2,tls-client'
Tue Feb  7 15:55:52 2017 us=336580 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1569,tun-mtu 1500,proto UDPv4,keydir 0,cipher AES-256-CBC,auth SHA256,keysize 256,tls-auth,key-method 2,tls-server'
Tue Feb  7 15:55:52 2017 us=336711 Local Options hash (VER=V4): 'c7c95cbc'
Tue Feb  7 15:55:52 2017 us=336792 Expected Remote Options hash (VER=V4): '66f5538f'
Tue Feb  7 15:55:52 2017 us=336855 UDPv4 link local (bound): [undef]
Tue Feb  7 15:55:52 2017 us=336915 UDPv4 link remote: [AF_INET]x.x.x.x:1194
Tue Feb  7 15:56:32 2017 us=705629 event_wait : Interrupted system call (code=4)
Tue Feb  7 15:56:32 2017 us=705977 TCP/UDP: Closing socket
Tue Feb  7 15:56:32 2017 us=706152 /sbin/ip route del 10.0.0.0/16
Tue Feb  7 15:56:32 2017 us=709110 /sbin/ip route del 192.168.1.0/24
Tue Feb  7 15:56:32 2017 us=714239 /sbin/ip route del 192.168.254.0/24
Tue Feb  7 15:56:32 2017 us=719701 Closing TUN/TAP interface
Tue Feb  7 15:56:32 2017 us=719902 /sbin/ip addr del dev tun0 10.10.0.2/24
Tue Feb  7 15:56:32 2017 us=762756 SIGINT[hard,] received, process exiting
P.S. with --verb 4 I saw TLS error but i don't know how to fix it
Top
TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: 100% package lost after ~1-2 minute after connection

Post by TinCanTech » Tue Feb 07, 2017 1:28 pm

Dm3Ch wrote:connecting to this server from my lan all work great, but when i'm connecting from internet VPN works about 1-2 minutes and then all packets loses
In fact, your connection drops after one minute:
Dm3Ch wrote:Tue Feb 7 15:51:36 2017 us=809814 Initialization Sequence Completed
Tue Feb 7 15:52:44 2017 us=133632 [Dm3Ch-Home-OpenVPN Server Cert] Inactivity timeout (--ping-restart), restarting
this is why we ask for log files. :mrgreen:

I think you are running into network conflicts due to using 192.168.254.0/24, 192.168.1.0/24 and 10.0.0.0/24

So,
  • NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x. Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
:arrow: Never use 192.168.0.0/24 or 192.168.1.0/24 (or other common subnets) for your OpenVPN Server LAN :!:
  • You are advised to change your server LAN to a more unique RFC1918 compliant subnet. f.e 192.168.143.0/24
Change your network so you do not use any common subnets.

For example:
  • Tunnel subnet: 10.18.0.0/24
  • LAN Subnet: 192.168.159.0/24
  • Other Subnets: 172.16.8.0/24 thru 172.31.9.0/24
For your convenience, I strongly advise you to change the 192.168.1.0/24 subnet to something else, then change your server config to reflect the the new subnet, then restart openvpn and try again.
Top
User avatar
Pippin
Forum Team
Posts: 1201
Joined: Wed Jul 01, 2015 8:03 am
Location: irc://irc.libera.chat:6697/openvpn

Re: 100% package lost after ~1-2 minute after connection

Post by Pippin » Tue Feb 07, 2017 1:53 pm

For info, commonly used subnets:

Code: Select all

10.0.0
10.0.1
10.1.1
10.1.10
10.2.0
10.10.1
10.90.90

192.168.0
192.168.1
192.168.2
192.168.3
192.168.4
192.168.8
192.168.9
192.168.10
192.168.11
192.168.15
192.168.16
192.168.20
192.168.30
192.168.50
192.168.55
192.168.62
192.168.100
192.168.102
192.168.123
192.168.168
192.168.178
192.168.223
192.168.251
192.168.254

200.200.200
Top
Post Reply

Return to “Server Administration”