TLS please ;-)

Need help configuring your VPN? Just post here and you'll get that help.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
matrois
OpenVpn Newbie
Posts: 8
Joined: Mon Mar 27, 2017 9:02 am

TLS please ;-)

Post by matrois » Fri Mar 31, 2017 2:01 pm

Here I am back with one special question...
Please excuse me for the big infos, but without log and config I think no one could help me.
On my simple server.conf: viewtopic.php?f=6&t=23766
I have made some more complex one.

My setup is:
server -> raspbian on raspberry pi (OpenVPN 2.3.4, not the newest, I know)
client -> Android and Windows (with latest OpenVPN)

My actual server.conf is

Code: Select all

port 443
proto udp
dev tun
local 192.168.0.2
ifconfig 10.8.0.1 10.8.0.2
comp-lzo
max-clients 5
cipher AES-256-CBC 
auth SHA512 
verb 7 
status /var/log/openvpn-status.log 
log-append /var/log/openvpn.log

push "redirect-gateway def1" 
push "dhcp-option DNS 10.8.0.1" 
push "route 192.168.0.0 255.255.255.0" 

ping-timer-rem 
user nobody 
group nogroup

persist-key 
persist-tun 

# "Static Section 
#secret /etc/openvpn/static.key

# "TLS Section"
tls-server 
remote-cert-tls 
server tls-version-min 1.2 
tls-cipher TLS-RSA-WITH-AES-128-CBC-SHA 
ca ca.crt 
cert DietPi_OpenVPN_Server.crt 
key DietPi_OpenVPN_Server.key 
dh dh1024.pem
tls-auth /etc/openvpn/easy-rsa/pki/ta.key 0
static.ovpn:

Code: Select all

port 443
proto udp
remote m.y.i.p
dev tun
comp-lzo
cipher AES-256-CBC
auth SHA512
auth-nocache
#mute 50
#keepalive 10 60
nobind

route 192.168.0.0 255.255.255.0

# "static Section"
secret static.key
ifconfig 10.8.0.2 10.8.0.1
tls.ovpn:

Code: Select all

port 443
proto udp
remote m.y.i.p
dev tun
comp-lzo
cipher AES-256-CBC
auth SHA512
auth-nocache
#mute 50
#keepalive 10 60
nobind
resolv-retry infinite
verb 7

route 192.168.0.0 255.255.255.0

# "static Section"
#secret static.key
#ifconfig 10.0.0.2 10.0.0.1

# "TLS Section"
tls-client
pull
remote-cert-tls client
#key-direction 1
#tls-version-min 1.2
tls-cipher TLS-RSA-WITH-AES-128-CBC-SHA
#verify-x509-name server name

<ca>
-----BEGIN CERTIFICATE-----
...
I get a connection with "static section" from server.conf and static.ovpn. Everything works as expected. But now I want to have TLS. If I switch from "static Section" to "TLS Section" in server.conf and tls.ovpn I get this logs:

server.log:

Code: Select all

...
Fri Mar 31 15:20:43 2017 us=807073   tls_auth_file = '/etc/openvpn/easy-rsa/pki/ta.key'
Fri Mar 31 15:20:43 2017 us=807108   pkcs11_protected_authentication = DISABLED
Fri Mar 31 15:20:43 2017 us=807138   pkcs11_protected_authentication = DISABLED
Fri Mar 31 15:20:43 2017 us=807167   pkcs11_protected_authentication = DISABLED
Fri Mar 31 15:20:43 2017 us=807196   pkcs11_protected_authentication = DISABLED
Fri Mar 31 15:20:43 2017 us=807226   pkcs11_protected_authentication = DISABLED
Fri Mar 31 15:20:43 2017 us=807255   pkcs11_protected_authentication = DISABLED
Fri Mar 31 15:20:43 2017 us=807296   pkcs11_protected_authentication = DISABLED
Fri Mar 31 15:20:43 2017 us=807334   pkcs11_protected_authentication = DISABLED
Fri Mar 31 15:20:43 2017 us=807379   pkcs11_protected_authentication = DISABLED
Fri Mar 31 15:20:43 2017 us=807422   pkcs11_protected_authentication = DISABLED
Fri Mar 31 15:20:43 2017 us=807465   pkcs11_protected_authentication = DISABLED
Fri Mar 31 15:20:43 2017 us=807495   pkcs11_protected_authentication = DISABLED
Fri Mar 31 15:20:43 2017 us=807525   pkcs11_protected_authentication = DISABLED
Fri Mar 31 15:20:43 2017 us=807564   pkcs11_protected_authentication = DISABLED
Fri Mar 31 15:20:43 2017 us=807600   pkcs11_protected_authentication = DISABLED
Fri Mar 31 15:20:43 2017 us=807642   pkcs11_protected_authentication = DISABLED
Fri Mar 31 15:20:43 2017 us=807673   pkcs11_private_mode = 00000000
Fri Mar 31 15:20:43 2017 us=807714   pkcs11_private_mode = 00000000
Fri Mar 31 15:20:43 2017 us=807752   pkcs11_private_mode = 00000000
Fri Mar 31 15:20:43 2017 us=807782   pkcs11_private_mode = 00000000
Fri Mar 31 15:20:43 2017 us=807813   pkcs11_private_mode = 00000000
Fri Mar 31 15:20:43 2017 us=807843   pkcs11_private_mode = 00000000
Fri Mar 31 15:20:43 2017 us=807872   pkcs11_private_mode = 00000000
Fri Mar 31 15:20:43 2017 us=807901   pkcs11_private_mode = 00000000
Fri Mar 31 15:20:43 2017 us=807931   pkcs11_private_mode = 00000000
Fri Mar 31 15:20:43 2017 us=807960   pkcs11_private_mode = 00000000
Fri Mar 31 15:20:43 2017 us=807989   pkcs11_private_mode = 00000000
Fri Mar 31 15:20:43 2017 us=808018   pkcs11_private_mode = 00000000
Fri Mar 31 15:20:43 2017 us=808047   pkcs11_private_mode = 00000000
Fri Mar 31 15:20:43 2017 us=808084   pkcs11_private_mode = 00000000
Fri Mar 31 15:20:43 2017 us=808114   pkcs11_private_mode = 00000000
Fri Mar 31 15:20:43 2017 us=808143   pkcs11_private_mode = 00000000
Fri Mar 31 15:20:43 2017 us=808172   pkcs11_cert_private = DISABLED
Fri Mar 31 15:20:43 2017 us=808200   pkcs11_cert_private = DISABLED
Fri Mar 31 15:20:43 2017 us=808230   pkcs11_cert_private = DISABLED
Fri Mar 31 15:20:43 2017 us=808259   pkcs11_cert_private = DISABLED
Fri Mar 31 15:20:43 2017 us=808322   pkcs11_cert_private = DISABLED
Fri Mar 31 15:20:43 2017 us=808352   pkcs11_cert_private = DISABLED
Fri Mar 31 15:20:43 2017 us=808381   pkcs11_cert_private = DISABLED
Fri Mar 31 15:20:43 2017 us=808410   pkcs11_cert_private = DISABLED
Fri Mar 31 15:20:43 2017 us=808438   pkcs11_cert_private = DISABLED
Fri Mar 31 15:20:43 2017 us=808467   pkcs11_cert_private = DISABLED
Fri Mar 31 15:20:43 2017 us=808495   pkcs11_cert_private = DISABLED
Fri Mar 31 15:20:43 2017 us=808527   pkcs11_cert_private = DISABLED
Fri Mar 31 15:20:43 2017 us=808557   pkcs11_cert_private = DISABLED
Fri Mar 31 15:20:43 2017 us=808586   pkcs11_cert_private = DISABLED
Fri Mar 31 15:20:43 2017 us=808614   pkcs11_cert_private = DISABLED
Fri Mar 31 15:20:43 2017 us=808642   pkcs11_cert_private = DISABLED
Fri Mar 31 15:20:43 2017 us=808673   pkcs11_pin_cache_period = -1
Fri Mar 31 15:20:43 2017 us=808702   pkcs11_id = '[UNDEF]'
Fri Mar 31 15:20:43 2017 us=808731   pkcs11_id_management = DISABLED
Fri Mar 31 15:20:43 2017 us=808866   server_network = 0.0.0.0
Fri Mar 31 15:20:43 2017 us=808913   server_netmask = 0.0.0.0
Fri Mar 31 15:20:43 2017 us=808948   server_network_ipv6 = ::
Fri Mar 31 15:20:43 2017 us=808978   server_netbits_ipv6 = 0
Fri Mar 31 15:20:43 2017 us=809011   server_bridge_ip = 0.0.0.0
Fri Mar 31 15:20:43 2017 us=809045   server_bridge_netmask = 0.0.0.0
Fri Mar 31 15:20:43 2017 us=809080   server_bridge_pool_start = 0.0.0.0
Fri Mar 31 15:20:43 2017 us=809112   server_bridge_pool_end = 0.0.0.0
Fri Mar 31 15:20:43 2017 us=809141   push_entry = 'redirect-gateway def1'
Fri Mar 31 15:20:43 2017 us=809171   push_entry = 'dhcp-option DNS 10.8.0.1'
Fri Mar 31 15:20:43 2017 us=809200   push_entry = 'route 192.168.0.0 255.255.255.0'
Fri Mar 31 15:20:43 2017 us=809228   ifconfig_pool_defined = DISABLED
Fri Mar 31 15:20:43 2017 us=809261   ifconfig_pool_start = 0.0.0.0
Fri Mar 31 15:20:43 2017 us=809293   ifconfig_pool_end = 0.0.0.0
Fri Mar 31 15:20:43 2017 us=809325   ifconfig_pool_netmask = 0.0.0.0
Fri Mar 31 15:20:43 2017 us=809356   ifconfig_pool_persist_filename = '[UNDEF]'
Fri Mar 31 15:20:43 2017 us=809386   ifconfig_pool_persist_refresh_freq = 600
Fri Mar 31 15:20:43 2017 us=809414   ifconfig_ipv6_pool_defined = DISABLED
Fri Mar 31 15:20:43 2017 us=809447   ifconfig_ipv6_pool_base = ::
Fri Mar 31 15:20:43 2017 us=809476   ifconfig_ipv6_pool_netbits = 0
Fri Mar 31 15:20:43 2017 us=809504   n_bcast_buf = 256
Fri Mar 31 15:20:43 2017 us=809533   tcp_queue_limit = 64
Fri Mar 31 15:20:43 2017 us=809613   real_hash_size = 256
Fri Mar 31 15:20:43 2017 us=809642   virtual_hash_size = 256
Fri Mar 31 15:20:43 2017 us=809671   client_connect_script = '[UNDEF]'
Fri Mar 31 15:20:43 2017 us=809699   learn_address_script = '[UNDEF]'
Fri Mar 31 15:20:43 2017 us=809728   client_disconnect_script = '[UNDEF]'
Fri Mar 31 15:20:43 2017 us=809757   client_config_dir = '[UNDEF]'
Fri Mar 31 15:20:43 2017 us=809785   ccd_exclusive = DISABLED
Fri Mar 31 15:20:43 2017 us=809814   tmp_dir = '/tmp'
Fri Mar 31 15:20:43 2017 us=809842   push_ifconfig_defined = DISABLED
Fri Mar 31 15:20:43 2017 us=809875   push_ifconfig_local = 0.0.0.0
Fri Mar 31 15:20:43 2017 us=809907   push_ifconfig_remote_netmask = 0.0.0.0
Fri Mar 31 15:20:43 2017 us=809937   push_ifconfig_ipv6_defined = DISABLED
Fri Mar 31 15:20:43 2017 us=809968   push_ifconfig_ipv6_local = ::/0
Fri Mar 31 15:20:43 2017 us=809998   push_ifconfig_ipv6_remote = ::
Fri Mar 31 15:20:43 2017 us=810027   enable_c2c = DISABLED
Fri Mar 31 15:20:43 2017 us=810055   duplicate_cn = DISABLED
Fri Mar 31 15:20:43 2017 us=810083   cf_max = 0
Fri Mar 31 15:20:43 2017 us=810217   cf_per = 0
Fri Mar 31 15:20:43 2017 us=810246   max_clients = 4
Fri Mar 31 15:20:43 2017 us=810275   max_routes_per_client = 256
Fri Mar 31 15:20:43 2017 us=810304   auth_user_pass_verify_script = '[UNDEF]'
Fri Mar 31 15:20:43 2017 us=810333   auth_user_pass_verify_script_via_file = DISABLED
Fri Mar 31 15:20:43 2017 us=810362   port_share_host = '[UNDEF]'
Fri Mar 31 15:20:43 2017 us=810391   port_share_port = 0
Fri Mar 31 15:20:43 2017 us=810454   client = DISABLED
Fri Mar 31 15:20:43 2017 us=810483   pull = DISABLED
Fri Mar 31 15:20:43 2017 us=810512   auth_user_pass_file = '[UNDEF]'
Fri Mar 31 15:20:43 2017 us=810546 OpenVPN 2.3.4 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jan 23 2016
Fri Mar 31 15:20:43 2017 us=810600 library versions: OpenSSL 1.0.1t  3 May 2016, LZO 2.08
Fri Mar 31 15:20:43 2017 us=811239 NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x.  Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
Fri Mar 31 15:20:43 2017 us=812419 Diffie-Hellman initialized with 1024 bit key
Fri Mar 31 15:20:43 2017 us=814115 PRNG init md=SHA1 size=36
Fri Mar 31 15:20:43 2017 us=814499 WARNING: file '/etc/openvpn/easy-rsa/pki/ta.key' is group or others accessible
Fri Mar 31 15:20:43 2017 us=814534 Control Channel Authentication: using '/etc/openvpn/easy-rsa/pki/ta.key' as a OpenVPN static key file
Fri Mar 31 15:20:43 2017 us=814621 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Fri Mar 31 15:20:43 2017 us=814709 Outgoing Control Channel Authentication: HMAC KEY: f1aea250 696bce6c 0eaad1a7 7f676487 089c5cf6 086baaee 888cca64 2000194e ccd94c26 ...
Fri Mar 31 15:20:43 2017 us=814737 Outgoing Control Channel Authentication: HMAC size=64 block_size=64
Fri Mar 31 15:20:43 2017 us=814779 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Fri Mar 31 15:20:43 2017 us=814864 Incoming Control Channel Authentication: HMAC KEY: c269c7ae ba5439a5 e158c18c 7e7c2a5e aaef1629 9899f70f 3ac96491 82be8ef8 03780dd9 ...
Fri Mar 31 15:20:43 2017 us=814892 Incoming Control Channel Authentication: HMAC size=64 block_size=64
Fri Mar 31 15:20:43 2017 us=814951 LZO compression initialized
Fri Mar 31 15:20:43 2017 us=814983 MTU DYNAMIC mtu=0, flags=1, 0 -> 210
Fri Mar 31 15:20:43 2017 us=815022 PID packet_id_init tcp_mode=0 seq_backtrack=64 time_backtrack=15
Fri Mar 31 15:20:43 2017 us=815160 PID packet_id_init tcp_mode=0 seq_backtrack=64 time_backtrack=15
Fri Mar 31 15:20:43 2017 us=815214 PID packet_id_init tcp_mode=0 seq_backtrack=64 time_backtrack=15
Fri Mar 31 15:20:43 2017 us=815311 PID packet_id_init tcp_mode=0 seq_backtrack=64 time_backtrack=15
Fri Mar 31 15:20:43 2017 us=815349 Control Channel MTU parms [ L:1602 D:210 EF:110 EB:0 ET:0 EL:0 ]
Fri Mar 31 15:20:43 2017 us=815400 MTU DYNAMIC mtu=1450, flags=2, 1602 -> 1450
Fri Mar 31 15:20:43 2017 us=815464 Socket Buffers: R=[163840->131072] S=[163840->131072]
Fri Mar 31 15:20:43 2017 us=816718 TUN/TAP device tun0 opened
Fri Mar 31 15:20:43 2017 us=816822 TUN/TAP TX queue length set to 100
Fri Mar 31 15:20:43 2017 us=816875 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Fri Mar 31 15:20:43 2017 us=816963 /sbin/ip link set dev tun0 up mtu 1500
Fri Mar 31 15:20:43 2017 us=820359 /sbin/ip addr add dev tun0 local 10.8.0.1 peer 10.8.0.2
Fri Mar 31 15:20:43 2017 us=825245 Data Channel MTU parms [ L:1602 D:1450 EF:102 EB:135 ET:0 EL:0 AF:3/1 ]
Fri Mar 31 15:20:43 2017 us=825433 Local Options String: 'V4,dev-type tun,link-mtu 1602,tun-mtu 1500,proto UDPv4,ifconfig 10.8.0.2 10.8.0.1,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-server'
Fri Mar 31 15:20:43 2017 us=825469 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1602,tun-mtu 1500,proto UDPv4,ifconfig 10.8.0.1 10.8.0.2,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-client'
Fri Mar 31 15:20:43 2017 us=825571 Local Options hash (VER=V4): '89908c19'
Fri Mar 31 15:20:43 2017 us=825625 Expected Remote Options hash (VER=V4): '42fed017'
Fri Mar 31 15:20:43 2017 us=827963 GID set to nogroup
Fri Mar 31 15:20:43 2017 us=828171 UID set to nobody
Fri Mar 31 15:20:43 2017 us=828279 UDPv4 link local (bound): [AF_INET]192.168.0.2:443
Fri Mar 31 15:20:43 2017 us=828349 UDPv4 link remote: [undef]
Fri Mar 31 15:20:55 2017 us=239390 UDPv4 READ [86] from [AF_INET]m.y.i.p:57363: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #1 ] [ ] pid=0 DATA len=0
Fri Mar 31 15:20:55 2017 us=239504 TLS: Initial packet from [AF_INET]m.y.i.p:57363, sid=e958ad17 da8d1b1e
Fri Mar 31 15:20:55 2017 us=239662 PID_TEST [0] [TLS_AUTH-0] [] 0:0 1490966454:1 t=1490966455[0] r=[0,64,15,0,1] sl=[0,0,64,272]
Fri Mar 31 15:20:55 2017 us=239795 UDPv4 WRITE [98] to [AF_INET]m.y.i.p:57363: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 pid=[ #1 ] [ 0 ] pid=0 DATA len=0
Fri Mar 31 15:20:55 2017 us=241298 UDPv4 READ [94] from [AF_INET]m.y.i.p:57363: P_ACK_V1 kid=0 pid=[ #2 ] [ 0 ]
Fri Mar 31 15:20:55 2017 us=241424 PID_TEST [0] [TLS_AUTH-0] [0] 1490966454:1 1490966454:2 t=1490966455[0] r=[0,64,15,0,1] sl=[63,1,64,272]
Fri Mar 31 15:20:55 2017 us=241537 UDPv4 READ [181] from [AF_INET]m.y.i.p:57363: P_CONTROL_V1 kid=0 pid=[ #3 ] [ ] pid=1 DATA len=95
Fri Mar 31 15:20:55 2017 us=241599 PID_TEST [0] [TLS_AUTH-0] [00] 1490966454:2 1490966454:3 t=1490966455[0] r=[0,64,15,0,1] sl=[62,2,64,272]
Fri Mar 31 15:20:55 2017 us=243628 UDPv4 WRITE [198] to [AF_INET]m.y.i.p:57363: P_CONTROL_V1 kid=0 pid=[ #2 ] [ 1 ] pid=1 DATA len=100
Fri Mar 31 15:20:55 2017 us=243899 UDPv4 WRITE [186] to [AF_INET]m.y.i.p:57363: P_CONTROL_V1 kid=0 pid=[ #3 ] [ ] pid=2 DATA len=100
Fri Mar 31 15:20:55 2017 us=244038 UDPv4 WRITE [186] to [AF_INET]m.y.i.p:57363: P_CONTROL_V1 kid=0 pid=[ #4 ] [ ] pid=3 DATA len=100
Fri Mar 31 15:20:55 2017 us=244152 UDPv4 WRITE [186] to [AF_INET]m.y.i.p:57363: P_CONTROL_V1 kid=0 pid=[ #5 ] [ ] pid=4 DATA len=100
Fri Mar 31 15:20:55 2017 us=244228 ACK output sequence broken: [5] 1 2 3 4
Fri Mar 31 15:20:56 2017 us=300439 ACK output sequence broken: [5] 1 2 3 4
Fri Mar 31 15:20:57 2017 us=356768 UDPv4 WRITE [186] to [AF_INET]m.y.i.p:57363: P_CONTROL_V1 kid=0 pid=[ #6 ] [ ] pid=1 DATA len=100
Fri Mar 31 15:20:57 2017 us=366215 ACK output sequence broken: [5] 1 2 3 4
Fri Mar 31 15:20:58 2017 us=422521 UDPv4 WRITE [186] to [AF_INET]m.y.i.p:57363: P_CONTROL_V1 kid=0 pid=[ #7 ] [ ] pid=2 DATA len=100
Fri Mar 31 15:20:58 2017 us=422782 ACK output sequence broken: [5] 1 2 3 4
Fri Mar 31 15:20:59 2017 us=479049 UDPv4 WRITE [186] to [AF_INET]m.y.i.p:57363: P_CONTROL_V1 kid=0 pid=[ #8 ] [ ] pid=3 DATA len=100
Fri Mar 31 15:20:59 2017 us=479315 ACK output sequence broken: [5] 1 2 3 4
Fri Mar 31 15:21:00 2017 us=535595 UDPv4 WRITE [186] to [AF_INET]m.y.i.p:57363: P_CONTROL_V1 kid=0 pid=[ #9 ] [ ] pid=4 DATA len=100
Fri Mar 31 15:21:00 2017 us=535884 ACK output sequence broken: [5] 1 2 3 4
Fri Mar 31 15:21:01 2017 us=592204 UDPv4 WRITE [186] to [AF_INET]m.y.i.p:57363: P_CONTROL_V1 kid=0 pid=[ #10 ] [ ] pid=1 DATA len=100
Fri Mar 31 15:21:01 2017 us=592488 ACK output sequence broken: [5] 1 2 3 4
Fri Mar 31 15:21:02 2017 us=648751 UDPv4 WRITE [186] to [AF_INET]m.y.i.p:57363: P_CONTROL_V1 kid=0 pid=[ #11 ] [ ] pid=2 DATA len=100
Fri Mar 31 15:21:02 2017 us=649031 ACK output sequence broken: [5] 1 2 3 4
Fri Mar 31 15:21:03 2017 us=705508 UDPv4 WRITE [186] to [AF_INET]m.y.i.p:57363: P_CONTROL_V1 kid=0 pid=[ #12 ] [ ] pid=3 DATA len=100
Fri Mar 31 15:21:03 2017 us=705706 ACK output sequence broken: [5] 1 2 3 4
Fri Mar 31 15:21:04 2017 us=739938 UDPv4 WRITE [186] to [AF_INET]m.y.i.p:57363: P_CONTROL_V1 kid=0 pid=[ #13 ] [ ] pid=4 DATA len=100
Fri Mar 31 15:21:04 2017 us=740189 ACK output sequence broken: [5] 1 2 3 4
Fri Mar 31 15:21:05 2017 us=774395 ACK output sequence broken: [5] 1 2 3 4
Fri Mar 31 15:21:09 2017 us=910952 UDPv4 WRITE [186] to [AF_INET]m.y.i.p:57363: P_CONTROL_V1 kid=0 pid=[ #14 ] [ ] pid=1 DATA len=100
Fri Mar 31 15:21:09 2017 us=911233 ACK output sequence broken: [5] 1 2 3 4
Fri Mar 31 15:21:10 2017 us=945469 UDPv4 WRITE [186] to [AF_INET]m.y.i.p:57363: P_CONTROL_V1 kid=0 pid=[ #15 ] [ ] pid=2 DATA len=100
Fri Mar 31 15:21:12 2017 us=713468 UDPv4 WRITE [186] to [AF_INET]m.y.i.p:57363: P_CONTROL_V1 kid=0 pid=[ #16 ] [ ] pid=3 DATA len=100
Fri Mar 31 15:21:12 2017 us=713686 UDPv4 WRITE [186] to [AF_INET]m.y.i.p:57363: P_CONTROL_V1 kid=0 pid=[ #17 ] [ ] pid=4 DATA len=100
Fri Mar 31 15:21:12 2017 us=713792 ACK output sequence broken: [5] 1 2 3 4
Fri Mar 31 15:21:13 2017 us=748234 ACK output sequence broken: [5] 1 2 3 4
Fri Mar 31 15:21:25 2017 us=860144 UDPv4 WRITE [186] to [AF_INET]m.y.i.p:57363: P_CONTROL_V1 kid=0 pid=[ #18 ] [ ] pid=1 DATA len=100
Fri Mar 31 15:21:25 2017 us=860445 ACK output sequence broken: [5] 1 2 3 4
Fri Mar 31 15:21:26 2017 us=902704 UDPv4 WRITE [186] to [AF_INET]m.y.i.p:57363: P_CONTROL_V1 kid=0 pid=[ #19 ] [ ] pid=2 DATA len=100
Fri Mar 31 15:21:26 2017 us=902962 ACK output sequence broken: [5] 1 2 3 4
Fri Mar 31 15:21:27 2017 us=945166 ACK output sequence broken: [5] 1 2 3 4
Fri Mar 31 15:21:28 2017 us=987514 UDPv4 WRITE [186] to [AF_INET]m.y.i.p:57363: P_CONTROL_V1 kid=0 pid=[ #20 ] [ ] pid=3 DATA len=100
Fri Mar 31 15:21:28 2017 us=987809 ACK output sequence broken: [5] 1 2 3 4
Fri Mar 31 15:21:30 2017 us=30046 UDPv4 WRITE [186] to [AF_INET]m.y.i.p:57363: P_CONTROL_V1 kid=0 pid=[ #21 ] [ ] pid=4 DATA len=100
Fri Mar 31 15:21:30 2017 us=30302 ACK output sequence broken: [5] 1 2 3 4
Fri Mar 31 15:21:31 2017 us=72491 ACK output sequence broken: [5] 1 2 3 4
Fri Mar 31 15:21:46 2017 us=928500 ACK output sequence broken: [5] 1 2 3 4
Fri Mar 31 15:21:49 2017 us=160164 UDPv4 READ [86] from [AF_INET]m.y.i.p:55481: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #1 ] [ ] pid=0 DATA len=0
Fri Mar 31 15:21:49 2017 us=160323 PID_TEST [0] [TLS_AUTH-0] [] 0:0 1490966508:1 t=1490966509[0] r=[0,64,15,0,1] sl=[0,0,64,272]
Fri Mar 31 15:21:49 2017 us=160367 TLS: new session incoming connection from [AF_INET]m.y.i.p:55481
Fri Mar 31 15:21:49 2017 us=160469 ACK output sequence broken: [5] 1 2 3 4
Fri Mar 31 15:21:49 2017 us=160560 UDPv4 WRITE [98] to [AF_INET]m.y.i.p:55481: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 pid=[ #1 ] [ 0 ] pid=0 DATA len=0
Fri Mar 31 15:21:49 2017 us=160687 ACK output sequence broken: [5] 1 2 3 4
Fri Mar 31 15:21:49 2017 us=162039 UDPv4 READ [94] from [AF_INET]m.y.i.p:55481: P_ACK_V1 kid=0 pid=[ #2 ] [ 0 ]
Fri Mar 31 15:21:49 2017 us=162104 PID_TEST [0] [TLS_AUTH-0] [0] 1490966508:1 1490966508:2 t=1490966509[0] r=[0,64,15,0,1] sl=[63,1,64,272]
Fri Mar 31 15:21:49 2017 us=162161 ACK output sequence broken: [5] 1 2 3 4
Fri Mar 31 15:21:49 2017 us=162243 UDPv4 READ [181] from [AF_INET]m.y.i.p:55481: P_CONTROL_V1 kid=0 pid=[ #3 ] [ ] pid=1 DATA len=95
Fri Mar 31 15:21:49 2017 us=162304 PID_TEST [0] [TLS_AUTH-0] [00] 1490966508:2 1490966508:3 t=1490966509[0] r=[0,64,15,0,1] sl=[62,2,64,272]
Fri Mar 31 15:21:49 2017 us=162360 ACK output sequence broken: [5] 1 2 3 4
Fri Mar 31 15:21:49 2017 us=162849 UDPv4 WRITE [198] to [AF_INET]m.y.i.p:55481: P_CONTROL_V1 kid=0 pid=[ #2 ] [ 1 ] pid=1 DATA len=100
Fri Mar 31 15:21:49 2017 us=162958 ACK output sequence broken: [5] 1 2 3 4
Fri Mar 31 15:21:49 2017 us=163050 UDPv4 WRITE [186] to [AF_INET]m.y.i.p:55481: P_CONTROL_V1 kid=0 pid=[ #3 ] [ ] pid=2 DATA len=100
Fri Mar 31 15:21:49 2017 us=163125 ACK output sequence broken: [5] 1 2 3 4
Fri Mar 31 15:21:49 2017 us=163211 UDPv4 WRITE [186] to [AF_INET]m.y.i.p:55481: P_CONTROL_V1 kid=0 pid=[ #4 ] [ ] pid=3 DATA len=100
Fri Mar 31 15:21:49 2017 us=163285 ACK output sequence broken: [5] 1 2 3 4
Fri Mar 31 15:21:49 2017 us=163370 UDPv4 WRITE [186] to [AF_INET]m.y.i.p:55481: P_CONTROL_V1 kid=0 pid=[ #5 ] [ ] pid=4 DATA len=100
Fri Mar 31 15:21:49 2017 us=163500 ACK output sequence broken: [5] 1 2 3 4
Fri Mar 31 15:21:49 2017 us=163554 ACK output sequence broken: [5] 1 2 3 4
Fri Mar 31 15:21:50 2017 us=373902 ACK output sequence broken: [5] 1 2 3 4
Fri Mar 31 15:21:50 2017 us=374024 ACK output sequence broken: [5] 1 2 3 4
Fri Mar 31 15:21:51 2017 us=584383 ACK output sequence broken: [5] 1 2 3 4
Fri Mar 31 15:21:51 2017 us=584561 UDPv4 WRITE [186] to [AF_INET]m.y.i.p:55481: P_CONTROL_V1 kid=0 pid=[ #6 ] [ ] pid=1 DATA len=100
Fri Mar 31 15:21:51 2017 us=584757 ACK output sequence broken: [5] 1 2 3 4
Fri Mar 31 15:21:51 2017 us=584807 ACK output sequence broken: [5] 1 2 3 4
Fri Mar 31 15:21:52 2017 us=795148 ACK output sequence broken: [5] 1 2 3 4
Fri Mar 31 15:21:52 2017 us=795318 UDPv4 WRITE [186] to [AF_INET]m.y.i.p:55481: P_CONTROL_V1 kid=0 pid=[ #7 ] [ ] pid=2 DATA len=100
Fri Mar 31 15:21:52 2017 us=795466 ACK output sequence broken: [5] 1 2 3 4
Fri Mar 31 15:21:52 2017 us=795516 ACK output sequence broken: [5] 1 2 3 4
Fri Mar 31 15:21:54 2017 us=6085 ACK output sequence broken: [5] 1 2 3 4
Fri Mar 31 15:21:54 2017 us=6216 UDPv4 WRITE [186] to [AF_INET]m.y.i.p:55481: P_CONTROL_V1 kid=0 pid=[ #8 ] [ ] pid=3 DATA len=100
Fri Mar 31 15:21:54 2017 us=6365 ACK output sequence broken: [5] 1 2 3 4
Fri Mar 31 15:21:54 2017 us=6442 UDPv4 WRITE [186] to [AF_INET]m.y.i.p:55481: P_CONTROL_V1 kid=0 pid=[ #9 ] [ ] pid=4 DATA len=100
Fri Mar 31 15:21:54 2017 us=6517 ACK output sequence broken: [5] 1 2 3 4
Fri Mar 31 15:21:54 2017 us=6567 ACK output sequence broken: [5] 1 2 3 4
Fri Mar 31 15:21:55 2017 us=225876 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Fri Mar 31 15:21:55 2017 us=225986 TLS Error: TLS handshake failed
Fri Mar 31 15:21:55 2017 us=226018 PID packet_id_free
Fri Mar 31 15:21:55 2017 us=226289 PID packet_id_free
Fri Mar 31 15:21:55 2017 us=226324 PID packet_id_free
Fri Mar 31 15:21:55 2017 us=226368 PID packet_id_init tcp_mode=0 seq_backtrack=64 time_backtrack=15
Fri Mar 31 15:21:55 2017 us=226488 PID packet_id_init tcp_mode=0 seq_backtrack=64 time_backtrack=15
Fri Mar 31 15:21:55 2017 us=226609 PID packet_id_free
Fri Mar 31 15:21:55 2017 us=226658 PID packet_id_free
Fri Mar 31 15:21:55 2017 us=226688 PID packet_id_free
Fri Mar 31 15:21:55 2017 us=226715 PID packet_id_free
Fri Mar 31 15:21:55 2017 us=226792 PID packet_id_free
Fri Mar 31 15:21:55 2017 us=226822 PID packet_id_free
Fri Mar 31 15:21:55 2017 us=226851 PID packet_id_free
Fri Mar 31 15:21:55 2017 us=226878 PID packet_id_free
Fri Mar 31 15:21:55 2017 us=226912 TCP/UDP: Closing socket
Fri Mar 31 15:21:55 2017 us=226973 PID packet_id_free
Fri Mar 31 15:21:55 2017 us=227015 SIGUSR1[soft,tls-error] received, process restarting
Fri Mar 31 15:21:55 2017 us=227056 Restart pause, 2 second(s)
Fri Mar 31 15:21:57 2017 us=227472 NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x.  Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
Fri Mar 31 15:21:57 2017 us=227586 Re-using SSL/TLS context
Fri Mar 31 15:21:57 2017 us=227666 LZO compression initialized
Fri Mar 31 15:21:57 2017 us=227701 MTU DYNAMIC mtu=0, flags=1, 0 -> 210
Fri Mar 31 15:21:57 2017 us=227749 PID packet_id_init tcp_mode=0 seq_backtrack=64 time_backtrack=15
Fri Mar 31 15:21:57 2017 us=227877 PID packet_id_init tcp_mode=0 seq_backtrack=64 time_backtrack=15
Fri Mar 31 15:21:57 2017 us=227916 PID packet_id_init tcp_mode=0 seq_backtrack=64 time_backtrack=15
Fri Mar 31 15:21:57 2017 us=227999 PID packet_id_init tcp_mode=0 seq_backtrack=64 time_backtrack=15
Fri Mar 31 15:21:57 2017 us=228037 Control Channel MTU parms [ L:1602 D:210 EF:110 EB:0 ET:0 EL:0 ]
Fri Mar 31 15:21:57 2017 us=228078 MTU DYNAMIC mtu=1450, flags=2, 1602 -> 1450
Fri Mar 31 15:21:57 2017 us=228130 Socket Buffers: R=[163840->131072] S=[163840->131072]
Fri Mar 31 15:21:57 2017 us=228221 TCP/UDP: Socket bind failed on local address [AF_INET]192.168.0.2:443: Permission denied
Fri Mar 31 15:21:57 2017 us=228250 Exiting due to fatal error
Fri Mar 31 15:21:57 2017 us=228320 Closing TUN/TAP interface
Fri Mar 31 15:21:57 2017 us=228388 /sbin/ip addr del dev tun0 local 10.8.0.1 peer 10.8.0.2
RTNETLINK answers: Operation not permitted
Fri Mar 31 15:21:57 2017 us=231323 Linux ip addr del failed: external program exited with error status: 2
client.log:

Code: Select all

Fri Mar 31 15:21:42 2017 us=771784 Current Parameter Settings:
Fri Mar 31 15:21:42 2017 us=771784   config = 'tls.ovpn'
Fri Mar 31 15:21:42 2017 us=771784   mode = 0
Fri Mar 31 15:21:42 2017 us=771784   show_ciphers = DISABLED
Fri Mar 31 15:21:42 2017 us=771784   show_digests = DISABLED
Fri Mar 31 15:21:42 2017 us=771784   show_engines = DISABLED
Fri Mar 31 15:21:42 2017 us=771784   genkey = DISABLED
Fri Mar 31 15:21:42 2017 us=771784   key_pass_file = '[UNDEF]'
Fri Mar 31 15:21:42 2017 us=771784   show_tls_ciphers = DISABLED
Fri Mar 31 15:21:42 2017 us=771784   connect_retry_max = 0
Fri Mar 31 15:21:42 2017 us=771784 Connection profiles [0]:
Fri Mar 31 15:21:42 2017 us=771784   proto = udp
Fri Mar 31 15:21:42 2017 us=771784   local = '[UNDEF]'
Fri Mar 31 15:21:42 2017 us=771784   local_port = '[UNDEF]'
Fri Mar 31 15:21:42 2017 us=771784   remote = 'm.y.i.p'
Fri Mar 31 15:21:42 2017 us=771784   remote_port = '443'
Fri Mar 31 15:21:42 2017 us=771784   remote_float = DISABLED
Fri Mar 31 15:21:42 2017 us=771784   bind_defined = DISABLED
Fri Mar 31 15:21:42 2017 us=771784   bind_local = DISABLED
Fri Mar 31 15:21:42 2017 us=771784   bind_ipv6_only = DISABLED
Fri Mar 31 15:21:42 2017 us=771784   connect_retry_seconds = 5
Fri Mar 31 15:21:42 2017 us=771784   connect_timeout = 120
Fri Mar 31 15:21:42 2017 us=771784   socks_proxy_server = '[UNDEF]'
Fri Mar 31 15:21:42 2017 us=771784   socks_proxy_port = '[UNDEF]'
Fri Mar 31 15:21:42 2017 us=771784   tun_mtu = 1500
Fri Mar 31 15:21:42 2017 us=771784   tun_mtu_defined = ENABLED
Fri Mar 31 15:21:42 2017 us=771784   link_mtu = 1500
Fri Mar 31 15:21:42 2017 us=771784   link_mtu_defined = DISABLED
Fri Mar 31 15:21:42 2017 us=771784   tun_mtu_extra = 0
Fri Mar 31 15:21:42 2017 us=771784   tun_mtu_extra_defined = DISABLED
Fri Mar 31 15:21:42 2017 us=771784   mtu_discover_type = -1
Fri Mar 31 15:21:42 2017 us=771784   fragment = 0
Fri Mar 31 15:21:42 2017 us=771784   mssfix = 1450
Fri Mar 31 15:21:42 2017 us=771784   explicit_exit_notification = 0
Fri Mar 31 15:21:42 2017 us=771784 Connection profiles END
Fri Mar 31 15:21:42 2017 us=771784   remote_random = DISABLED
Fri Mar 31 15:21:42 2017 us=771784   ipchange = '[UNDEF]'
Fri Mar 31 15:21:42 2017 us=771784   dev = 'tun'
Fri Mar 31 15:21:42 2017 us=771784   dev_type = '[UNDEF]'
Fri Mar 31 15:21:42 2017 us=771784   dev_node = '[UNDEF]'
Fri Mar 31 15:21:42 2017 us=771784   lladdr = '[UNDEF]'
Fri Mar 31 15:21:42 2017 us=771784   topology = 1
Fri Mar 31 15:21:42 2017 us=771784   ifconfig_local = '[UNDEF]'
Fri Mar 31 15:21:42 2017 us=771784   ifconfig_remote_netmask = '[UNDEF]'
Fri Mar 31 15:21:42 2017 us=771784   ifconfig_noexec = DISABLED
Fri Mar 31 15:21:42 2017 us=771784   ifconfig_nowarn = DISABLED
Fri Mar 31 15:21:42 2017 us=771784   ifconfig_ipv6_local = '[UNDEF]'
Fri Mar 31 15:21:42 2017 us=771784   ifconfig_ipv6_netbits = 0
Fri Mar 31 15:21:42 2017 us=771784   ifconfig_ipv6_remote = '[UNDEF]'
Fri Mar 31 15:21:42 2017 us=771784   shaper = 0
Fri Mar 31 15:21:42 2017 us=771784   mtu_test = 0
Fri Mar 31 15:21:42 2017 us=771784   mlock = DISABLED
Fri Mar 31 15:21:42 2017 us=771784   keepalive_ping = 0
Fri Mar 31 15:21:42 2017 us=771784   keepalive_timeout = 0
Fri Mar 31 15:21:42 2017 us=771784   inactivity_timeout = 0
Fri Mar 31 15:21:42 2017 us=771784   ping_send_timeout = 0
Fri Mar 31 15:21:42 2017 us=771784   ping_rec_timeout = 0
Fri Mar 31 15:21:42 2017 us=771784   ping_rec_timeout_action = 0
Fri Mar 31 15:21:42 2017 us=771784   ping_timer_remote = DISABLED
Fri Mar 31 15:21:42 2017 us=771784   remap_sigusr1 = 0
Fri Mar 31 15:21:42 2017 us=771784   persist_tun = DISABLED
Fri Mar 31 15:21:42 2017 us=771784   persist_local_ip = DISABLED
Fri Mar 31 15:21:42 2017 us=771784   persist_remote_ip = DISABLED
Fri Mar 31 15:21:42 2017 us=771784   persist_key = DISABLED
Fri Mar 31 15:21:42 2017 us=771784   passtos = DISABLED
Fri Mar 31 15:21:42 2017 us=771784   resolve_retry_seconds = 1000000000
Fri Mar 31 15:21:42 2017 us=771784   resolve_in_advance = DISABLED
Fri Mar 31 15:21:42 2017 us=771784   username = '[UNDEF]'
Fri Mar 31 15:21:42 2017 us=771784   groupname = '[UNDEF]'
Fri Mar 31 15:21:42 2017 us=771784   chroot_dir = '[UNDEF]'
Fri Mar 31 15:21:42 2017 us=771784   cd_dir = '[UNDEF]'
Fri Mar 31 15:21:42 2017 us=771784   writepid = '[UNDEF]'
Fri Mar 31 15:21:42 2017 us=771784   up_script = '[UNDEF]'
Fri Mar 31 15:21:42 2017 us=771784   down_script = '[UNDEF]'
Fri Mar 31 15:21:42 2017 us=771784   down_pre = DISABLED
Fri Mar 31 15:21:42 2017 us=771784   up_restart = DISABLED
Fri Mar 31 15:21:42 2017 us=771784   up_delay = DISABLED
Fri Mar 31 15:21:42 2017 us=771784   daemon = DISABLED
Fri Mar 31 15:21:42 2017 us=771784   inetd = 0
Fri Mar 31 15:21:42 2017 us=771784   log = ENABLED
Fri Mar 31 15:21:42 2017 us=771784   suppress_timestamps = DISABLED
Fri Mar 31 15:21:42 2017 us=771784   machine_readable_output = DISABLED
Fri Mar 31 15:21:42 2017 us=771784   nice = 0
Fri Mar 31 15:21:42 2017 us=771784   verbosity = 7
Fri Mar 31 15:21:42 2017 us=771784   mute = 0
Fri Mar 31 15:21:42 2017 us=771784   gremlin = 0
Fri Mar 31 15:21:42 2017 us=771784   status_file = '[UNDEF]'
Fri Mar 31 15:21:42 2017 us=771784   status_file_version = 1
Fri Mar 31 15:21:42 2017 us=771784   status_file_update_freq = 60
Fri Mar 31 15:21:42 2017 us=771784   occ = ENABLED
Fri Mar 31 15:21:42 2017 us=771784   rcvbuf = 0
Fri Mar 31 15:21:42 2017 us=771784   sndbuf = 0
Fri Mar 31 15:21:42 2017 us=771784   sockflags = 0
Fri Mar 31 15:21:42 2017 us=771784   fast_io = DISABLED
Fri Mar 31 15:21:42 2017 us=771784   comp.alg = 2
Fri Mar 31 15:21:42 2017 us=771784   comp.flags = 1
Fri Mar 31 15:21:42 2017 us=771784   route_script = '[UNDEF]'
Fri Mar 31 15:21:42 2017 us=771784   route_default_gateway = '[UNDEF]'
Fri Mar 31 15:21:42 2017 us=771784   route_default_metric = 0
Fri Mar 31 15:21:42 2017 us=771784   route_noexec = DISABLED
Fri Mar 31 15:21:42 2017 us=771784   route_delay = 5
Fri Mar 31 15:21:42 2017 us=771784   route_delay_window = 30
Fri Mar 31 15:21:42 2017 us=771784   route_delay_defined = ENABLED
Fri Mar 31 15:21:42 2017 us=771784   route_nopull = DISABLED
Fri Mar 31 15:21:42 2017 us=771784   route_gateway_via_dhcp = DISABLED
Fri Mar 31 15:21:42 2017 us=771784   allow_pull_fqdn = DISABLED
Fri Mar 31 15:21:42 2017 us=771784   route 192.168.0.0/255.255.255.0/default (not set)/default (not set)
Fri Mar 31 15:21:42 2017 us=771784   management_addr = '127.0.0.1'
Fri Mar 31 15:21:42 2017 us=771784   management_port = '25342'
Fri Mar 31 15:21:42 2017 us=771784   management_user_pass = 'stdin'
Fri Mar 31 15:21:42 2017 us=771784   management_log_history_cache = 250
Fri Mar 31 15:21:42 2017 us=771784   management_echo_buffer_size = 100
Fri Mar 31 15:21:42 2017 us=771784   management_write_peer_info_file = '[UNDEF]'
Fri Mar 31 15:21:42 2017 us=771784   management_client_user = '[UNDEF]'
Fri Mar 31 15:21:42 2017 us=771784   management_client_group = '[UNDEF]'
Fri Mar 31 15:21:42 2017 us=771784   management_flags = 6
Fri Mar 31 15:21:42 2017 us=771784   shared_secret_file = '[UNDEF]'
Fri Mar 31 15:21:42 2017 us=771784   key_direction = 2
Fri Mar 31 15:21:42 2017 us=771784   ciphername = 'AES-256-CBC'
Fri Mar 31 15:21:42 2017 us=771784   ncp_enabled = ENABLED
Fri Mar 31 15:21:42 2017 us=771784   ncp_ciphers = 'AES-256-GCM:AES-128-GCM'
Fri Mar 31 15:21:42 2017 us=771784   authname = 'SHA512'
Fri Mar 31 15:21:42 2017 us=771784   prng_hash = 'SHA1'
Fri Mar 31 15:21:42 2017 us=771784   prng_nonce_secret_len = 16
Fri Mar 31 15:21:42 2017 us=771784   keysize = 0
Fri Mar 31 15:21:42 2017 us=771784   engine = DISABLED
Fri Mar 31 15:21:42 2017 us=771784   replay = ENABLED
Fri Mar 31 15:21:42 2017 us=771784   mute_replay_warnings = DISABLED
Fri Mar 31 15:21:42 2017 us=771784   replay_window = 64
Fri Mar 31 15:21:42 2017 us=771784   replay_time = 15
Fri Mar 31 15:21:42 2017 us=771784   packet_id_file = '[UNDEF]'
Fri Mar 31 15:21:42 2017 us=771784   use_iv = ENABLED
Fri Mar 31 15:21:42 2017 us=771784   test_crypto = DISABLED
Fri Mar 31 15:21:42 2017 us=771784   tls_server = DISABLED
Fri Mar 31 15:21:42 2017 us=771784   tls_client = ENABLED
Fri Mar 31 15:21:42 2017 us=771784   key_method = 2
Fri Mar 31 15:21:42 2017 us=771784   ca_file = '[[INLINE]]'
Fri Mar 31 15:21:42 2017 us=771784   ca_path = '[UNDEF]'
Fri Mar 31 15:21:42 2017 us=771784   dh_file = '[UNDEF]'
Fri Mar 31 15:21:42 2017 us=771784   cert_file = '[[INLINE]]'
Fri Mar 31 15:21:42 2017 us=771784   extra_certs_file = '[UNDEF]'
Fri Mar 31 15:21:42 2017 us=771784   priv_key_file = '[[INLINE]]'
Fri Mar 31 15:21:42 2017 us=771784   pkcs12_file = '[UNDEF]'
Fri Mar 31 15:21:42 2017 us=771784   cryptoapi_cert = '[UNDEF]'
Fri Mar 31 15:21:42 2017 us=771784   cipher_list = 'TLS-RSA-WITH-AES-128-CBC-SHA'
Fri Mar 31 15:21:42 2017 us=771784   tls_verify = '[UNDEF]'
Fri Mar 31 15:21:42 2017 us=771784   tls_export_cert = '[UNDEF]'
Fri Mar 31 15:21:42 2017 us=771784   verify_x509_type = 0
Fri Mar 31 15:21:42 2017 us=771784   verify_x509_name = '[UNDEF]'
Fri Mar 31 15:21:42 2017 us=771784   crl_file = '[UNDEF]'
Fri Mar 31 15:21:42 2017 us=771784   ns_cert_type = 0
Fri Mar 31 15:21:42 2017 us=771784   remote_cert_ku[i] = 65535
Fri Mar 31 15:21:42 2017 us=771784   remote_cert_ku[i] = 0
Fri Mar 31 15:21:42 2017 us=771784   remote_cert_ku[i] = 0
Fri Mar 31 15:21:42 2017 us=771784   remote_cert_ku[i] = 0
Fri Mar 31 15:21:42 2017 us=771784   remote_cert_ku[i] = 0
Fri Mar 31 15:21:42 2017 us=771784   remote_cert_ku[i] = 0
Fri Mar 31 15:21:42 2017 us=771784   remote_cert_ku[i] = 0
Fri Mar 31 15:21:42 2017 us=771784   remote_cert_ku[i] = 0
Fri Mar 31 15:21:42 2017 us=771784   remote_cert_ku[i] = 0
Fri Mar 31 15:21:42 2017 us=771784   remote_cert_ku[i] = 0
Fri Mar 31 15:21:42 2017 us=771784   remote_cert_ku[i] = 0
Fri Mar 31 15:21:42 2017 us=771784   remote_cert_ku[i] = 0
Fri Mar 31 15:21:42 2017 us=771784   remote_cert_ku[i] = 0
Fri Mar 31 15:21:42 2017 us=771784   remote_cert_ku[i] = 0
Fri Mar 31 15:21:42 2017 us=771784   remote_cert_ku[i] = 0
Fri Mar 31 15:21:42 2017 us=771784   remote_cert_ku[i] = 0
Fri Mar 31 15:21:42 2017 us=771784   remote_cert_eku = 'TLS Web Client Authentication'
Fri Mar 31 15:21:42 2017 us=771784   ssl_flags = 192
Fri Mar 31 15:21:42 2017 us=771784   tls_timeout = 2
Fri Mar 31 15:21:42 2017 us=771784   renegotiate_bytes = -1
Fri Mar 31 15:21:42 2017 us=771784   renegotiate_packets = 0
Fri Mar 31 15:21:42 2017 us=771784   renegotiate_seconds = 3600
Fri Mar 31 15:21:42 2017 us=771784   handshake_window = 60
Fri Mar 31 15:21:42 2017 us=771784   transition_window = 3600
Fri Mar 31 15:21:42 2017 us=771784   single_session = DISABLED
Fri Mar 31 15:21:42 2017 us=771784   push_peer_info = DISABLED
Fri Mar 31 15:21:42 2017 us=771784   tls_exit = DISABLED
Fri Mar 31 15:21:42 2017 us=771784   tls_auth_file = '[[INLINE]]'
Fri Mar 31 15:21:42 2017 us=771784   tls_crypt_file = '[UNDEF]'
Fri Mar 31 15:21:42 2017 us=771784   pkcs11_protected_authentication = DISABLED
Fri Mar 31 15:21:42 2017 us=771784   pkcs11_protected_authentication = DISABLED
Fri Mar 31 15:21:42 2017 us=771784   pkcs11_protected_authentication = DISABLED
Fri Mar 31 15:21:42 2017 us=771784   pkcs11_protected_authentication = DISABLED
Fri Mar 31 15:21:42 2017 us=771784   pkcs11_protected_authentication = DISABLED
Fri Mar 31 15:21:42 2017 us=771784   pkcs11_protected_authentication = DISABLED
Fri Mar 31 15:21:42 2017 us=771784   pkcs11_protected_authentication = DISABLED
Fri Mar 31 15:21:42 2017 us=771784   pkcs11_protected_authentication = DISABLED
Fri Mar 31 15:21:42 2017 us=771784   pkcs11_protected_authentication = DISABLED
Fri Mar 31 15:21:42 2017 us=771784   pkcs11_protected_authentication = DISABLED
Fri Mar 31 15:21:42 2017 us=771784   pkcs11_protected_authentication = DISABLED
Fri Mar 31 15:21:42 2017 us=771784   pkcs11_protected_authentication = DISABLED
Fri Mar 31 15:21:42 2017 us=771784   pkcs11_protected_authentication = DISABLED
Fri Mar 31 15:21:42 2017 us=771784   pkcs11_protected_authentication = DISABLED
Fri Mar 31 15:21:42 2017 us=771784   pkcs11_protected_authentication = DISABLED
Fri Mar 31 15:21:42 2017 us=771784   pkcs11_protected_authentication = DISABLED
Fri Mar 31 15:21:42 2017 us=771784   pkcs11_private_mode = 00000000
Fri Mar 31 15:21:42 2017 us=771784   pkcs11_private_mode = 00000000
Fri Mar 31 15:21:42 2017 us=771784   pkcs11_private_mode = 00000000
Fri Mar 31 15:21:42 2017 us=771784   pkcs11_private_mode = 00000000
Fri Mar 31 15:21:42 2017 us=771784   pkcs11_private_mode = 00000000
Fri Mar 31 15:21:42 2017 us=771784   pkcs11_private_mode = 00000000
Fri Mar 31 15:21:42 2017 us=771784   pkcs11_private_mode = 00000000
Fri Mar 31 15:21:42 2017 us=771784   pkcs11_private_mode = 00000000
Fri Mar 31 15:21:42 2017 us=771784   pkcs11_private_mode = 00000000
Fri Mar 31 15:21:42 2017 us=771784   pkcs11_private_mode = 00000000
Fri Mar 31 15:21:42 2017 us=771784   pkcs11_private_mode = 00000000
Fri Mar 31 15:21:42 2017 us=771784   pkcs11_private_mode = 00000000
Fri Mar 31 15:21:42 2017 us=771784   pkcs11_private_mode = 00000000
Fri Mar 31 15:21:42 2017 us=771784   pkcs11_private_mode = 00000000
Fri Mar 31 15:21:42 2017 us=771784   pkcs11_private_mode = 00000000
Fri Mar 31 15:21:42 2017 us=771784   pkcs11_private_mode = 00000000
Fri Mar 31 15:21:42 2017 us=771784   pkcs11_cert_private = DISABLED
Fri Mar 31 15:21:42 2017 us=771784   pkcs11_cert_private = DISABLED
Fri Mar 31 15:21:42 2017 us=787389   pkcs11_cert_private = DISABLED
Fri Mar 31 15:21:42 2017 us=787389   pkcs11_cert_private = DISABLED
Fri Mar 31 15:21:42 2017 us=787389   pkcs11_cert_private = DISABLED
Fri Mar 31 15:21:42 2017 us=787389   pkcs11_cert_private = DISABLED
Fri Mar 31 15:21:42 2017 us=787389   pkcs11_cert_private = DISABLED
Fri Mar 31 15:21:42 2017 us=787389   pkcs11_cert_private = DISABLED
Fri Mar 31 15:21:42 2017 us=787389   pkcs11_cert_private = DISABLED
Fri Mar 31 15:21:42 2017 us=787389   pkcs11_cert_private = DISABLED
Fri Mar 31 15:21:42 2017 us=787389   pkcs11_cert_private = DISABLED
Fri Mar 31 15:21:42 2017 us=787389   pkcs11_cert_private = DISABLED
Fri Mar 31 15:21:42 2017 us=787389   pkcs11_cert_private = DISABLED
Fri Mar 31 15:21:42 2017 us=787389   pkcs11_cert_private = DISABLED
Fri Mar 31 15:21:42 2017 us=787389   pkcs11_cert_private = DISABLED
Fri Mar 31 15:21:42 2017 us=787389   pkcs11_cert_private = DISABLED
Fri Mar 31 15:21:42 2017 us=787389   pkcs11_pin_cache_period = -1
Fri Mar 31 15:21:42 2017 us=787389   pkcs11_id = '[UNDEF]'
Fri Mar 31 15:21:42 2017 us=787389   pkcs11_id_management = DISABLED
Fri Mar 31 15:21:42 2017 us=787389   server_network = 0.0.0.0
Fri Mar 31 15:21:42 2017 us=787389   server_netmask = 0.0.0.0
Fri Mar 31 15:21:42 2017 us=787389   server_network_ipv6 = ::
Fri Mar 31 15:21:42 2017 us=787389   server_netbits_ipv6 = 0
Fri Mar 31 15:21:42 2017 us=787389   server_bridge_ip = 0.0.0.0
Fri Mar 31 15:21:42 2017 us=787389   server_bridge_netmask = 0.0.0.0
Fri Mar 31 15:21:42 2017 us=787389   server_bridge_pool_start = 0.0.0.0
Fri Mar 31 15:21:42 2017 us=787389   server_bridge_pool_end = 0.0.0.0
Fri Mar 31 15:21:42 2017 us=787389   ifconfig_pool_defined = DISABLED
Fri Mar 31 15:21:42 2017 us=787389   ifconfig_pool_start = 0.0.0.0
Fri Mar 31 15:21:42 2017 us=787389   ifconfig_pool_end = 0.0.0.0
Fri Mar 31 15:21:42 2017 us=787389   ifconfig_pool_netmask = 0.0.0.0
Fri Mar 31 15:21:42 2017 us=787389   ifconfig_pool_persist_filename = '[UNDEF]'
Fri Mar 31 15:21:42 2017 us=787389   ifconfig_pool_persist_refresh_freq = 600
Fri Mar 31 15:21:42 2017 us=787389   ifconfig_ipv6_pool_defined = DISABLED
Fri Mar 31 15:21:42 2017 us=787389   ifconfig_ipv6_pool_base = ::
Fri Mar 31 15:21:42 2017 us=787389   ifconfig_ipv6_pool_netbits = 0
Fri Mar 31 15:21:42 2017 us=787389   n_bcast_buf = 256
Fri Mar 31 15:21:42 2017 us=787389   tcp_queue_limit = 64
Fri Mar 31 15:21:42 2017 us=787389   real_hash_size = 256
Fri Mar 31 15:21:42 2017 us=787389   virtual_hash_size = 256
Fri Mar 31 15:21:42 2017 us=787389   client_connect_script = '[UNDEF]'
Fri Mar 31 15:21:42 2017 us=787389   learn_address_script = '[UNDEF]'
Fri Mar 31 15:21:42 2017 us=787389   client_disconnect_script = '[UNDEF]'
Fri Mar 31 15:21:42 2017 us=787389   client_config_dir = '[UNDEF]'
Fri Mar 31 15:21:42 2017 us=787389   ccd_exclusive = DISABLED
Fri Mar 31 15:21:42 2017 us=787389   tmp_dir = 'C:\Users\hp\AppData\Local\Temp\'
Fri Mar 31 15:21:42 2017 us=787389   push_ifconfig_defined = DISABLED
Fri Mar 31 15:21:42 2017 us=787389   push_ifconfig_local = 0.0.0.0
Fri Mar 31 15:21:42 2017 us=787389   push_ifconfig_remote_netmask = 0.0.0.0
Fri Mar 31 15:21:42 2017 us=787389   push_ifconfig_ipv6_defined = DISABLED
Fri Mar 31 15:21:42 2017 us=787389   push_ifconfig_ipv6_local = ::/0
Fri Mar 31 15:21:42 2017 us=787389   push_ifconfig_ipv6_remote = ::
Fri Mar 31 15:21:42 2017 us=787389   enable_c2c = DISABLED
Fri Mar 31 15:21:42 2017 us=787389   duplicate_cn = DISABLED
Fri Mar 31 15:21:42 2017 us=787389   cf_max = 0
Fri Mar 31 15:21:42 2017 us=787389   cf_per = 0
Fri Mar 31 15:21:42 2017 us=787389   max_clients = 1024
Fri Mar 31 15:21:42 2017 us=787389   max_routes_per_client = 256
Fri Mar 31 15:21:42 2017 us=787389   auth_user_pass_verify_script = '[UNDEF]'
Fri Mar 31 15:21:42 2017 us=787389   auth_user_pass_verify_script_via_file = DISABLED
Fri Mar 31 15:21:42 2017 us=787389   auth_token_generate = DISABLED
Fri Mar 31 15:21:42 2017 us=787389   auth_token_lifetime = 0
Fri Mar 31 15:21:42 2017 us=787389   client = DISABLED
Fri Mar 31 15:21:42 2017 us=787389   pull = ENABLED
Fri Mar 31 15:21:42 2017 us=787389   auth_user_pass_file = '[UNDEF]'
Fri Mar 31 15:21:42 2017 us=787389   show_net_up = DISABLED
Fri Mar 31 15:21:42 2017 us=787389   route_method = 3
Fri Mar 31 15:21:42 2017 us=787389   block_outside_dns = DISABLED
Fri Mar 31 15:21:42 2017 us=787389   ip_win32_defined = DISABLED
Fri Mar 31 15:21:42 2017 us=787389   ip_win32_type = 3
Fri Mar 31 15:21:42 2017 us=787389   dhcp_masq_offset = 0
Fri Mar 31 15:21:42 2017 us=787389   dhcp_lease_time = 31536000
Fri Mar 31 15:21:42 2017 us=787389   tap_sleep = 0
Fri Mar 31 15:21:42 2017 us=787389   dhcp_options = DISABLED
Fri Mar 31 15:21:42 2017 us=787389   dhcp_renew = DISABLED
Fri Mar 31 15:21:42 2017 us=787389   dhcp_pre_release = DISABLED
Fri Mar 31 15:21:42 2017 us=787389   domain = '[UNDEF]'
Fri Mar 31 15:21:42 2017 us=787389   netbios_scope = '[UNDEF]'
Fri Mar 31 15:21:42 2017 us=787389   netbios_node_type = 0
Fri Mar 31 15:21:42 2017 us=787389   disable_nbt = DISABLED
Fri Mar 31 15:21:42 2017 us=787389 OpenVPN 2.4.1 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Mar 22 2017
Fri Mar 31 15:21:42 2017 us=787389 Windows version 6.2 (Windows 8 or greater) 64bit
Fri Mar 31 15:21:42 2017 us=787389 library versions: OpenSSL 1.0.2k  26 Jan 2017, LZO 2.09
Enter Management Password:
Fri Mar 31 15:21:42 2017 us=787389 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25342
Fri Mar 31 15:21:42 2017 us=787389 Need hold release from management interface, waiting...
Fri Mar 31 15:21:43 2017 us=267055 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25342
Fri Mar 31 15:21:43 2017 us=376216 MANAGEMENT: CMD 'state on'
Fri Mar 31 15:21:43 2017 us=376216 MANAGEMENT: CMD 'log all on'
Fri Mar 31 15:21:43 2017 us=501046 MANAGEMENT: CMD 'echo all on'
Fri Mar 31 15:21:43 2017 us=501046 MANAGEMENT: CMD 'hold off'
Fri Mar 31 15:21:43 2017 us=501046 MANAGEMENT: CMD 'hold release'
Fri Mar 31 15:21:48 2017 us=823345 MANAGEMENT: CMD 'password [...]'
Fri Mar 31 15:21:48 2017 us=838925 PRNG init md=SHA1 size=36
Fri Mar 31 15:21:48 2017 us=838925 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Fri Mar 31 15:21:48 2017 us=838925 Outgoing Control Channel Authentication: HMAC KEY: c269c7ae ba5439a5 e158c18c 7e7c2a5e aaef1629 9899f70f 3ac96491 82be8ef8 ...
Fri Mar 31 15:21:48 2017 us=838925 Outgoing Control Channel Authentication: HMAC size=64 block_size=64
Fri Mar 31 15:21:48 2017 us=838925 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Fri Mar 31 15:21:48 2017 us=838925 Incoming Control Channel Authentication: HMAC KEY: f1aea250 696bce6c 0eaad1a7 7f676487 089c5cf6 086baaee 888cca64 2000194e ...
Fri Mar 31 15:21:48 2017 us=838925 Incoming Control Channel Authentication: HMAC size=64 block_size=64
Fri Mar 31 15:21:48 2017 us=838925 crypto_adjust_frame_parameters: Adjusting frame parameters for crypto by 72 bytes
Fri Mar 31 15:21:48 2017 us=838925 LZO compression initializing
Fri Mar 31 15:21:48 2017 us=838925 PID packet_id_init seq_backtrack=64 time_backtrack=15
Fri Mar 31 15:21:48 2017 us=838925 PID packet_id_init seq_backtrack=64 time_backtrack=15
Fri Mar 31 15:21:48 2017 us=838925 PID packet_id_init seq_backtrack=64 time_backtrack=15
Fri Mar 31 15:21:48 2017 us=838925 PID packet_id_init seq_backtrack=64 time_backtrack=15
Fri Mar 31 15:21:48 2017 us=838925 Control Channel MTU parms [ L:1622 D:1140 EF:110 EB:0 ET:0 EL:3 ]
Fri Mar 31 15:21:48 2017 us=838925 MTU DYNAMIC mtu=1450, flags=2, 1622 -> 1450
Fri Mar 31 15:21:48 2017 us=838925 MANAGEMENT: >STATE:1490966508,RESOLVE,,,,,,
Fri Mar 31 15:21:48 2017 us=838925 GETADDRINFO flags=0x0901 ai_family=0 ai_socktype=2
Fri Mar 31 15:21:48 2017 us=838925 RESOLVE_REMOTE flags=0x0901 phase=1 rrs=0 sig=-1 status=0
Fri Mar 31 15:21:48 2017 us=838925 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 ]
Fri Mar 31 15:21:48 2017 us=838925 crypto_adjust_frame_parameters: Adjusting frame parameters for crypto by 100 bytes
Fri Mar 31 15:21:48 2017 us=838925 calc_options_string_link_mtu: link-mtu 1622 -> 1602
Fri Mar 31 15:21:48 2017 us=838925 crypto_adjust_frame_parameters: Adjusting frame parameters for crypto by 100 bytes
Fri Mar 31 15:21:48 2017 us=838925 calc_options_string_link_mtu: link-mtu 1622 -> 1602
Fri Mar 31 15:21:48 2017 us=838925 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1602,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-client'
Fri Mar 31 15:21:48 2017 us=838925 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1602,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-server'
Fri Mar 31 15:21:48 2017 us=838925 TCP/UDP: Preserving recently used remote address: [AF_INET]m.y.i.p:443
Fri Mar 31 15:21:48 2017 us=838925 Socket Buffers: R=[65536->65536] S=[65536->65536]
Fri Mar 31 15:21:48 2017 us=838925 UDP link local: (not bound)
Fri Mar 31 15:21:48 2017 us=838925 UDP link remote: [AF_INET]m.y.i.p:443
Fri Mar 31 15:21:48 2017 us=838925 MANAGEMENT: >STATE:1490966508,WAIT,,,,,,
Fri Mar 31 15:21:48 2017 us=838925 UDP WRITE [86] to [AF_INET]m.y.i.p:443: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #1 ] [ ] pid=0 DATA len=0
Fri Mar 31 15:21:48 2017 us=838925 UDP READ [0] from [AF_UNSPEC]: DATA UNDEF len=-1
Fri Mar 31 15:21:48 2017 us=838925 UDP READ [98] from [AF_INET]m.y.i.p:443: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 pid=[ #1 ] [ 0 ] pid=0 DATA len=0
Fri Mar 31 15:21:48 2017 us=838925 MANAGEMENT: >STATE:1490966508,AUTH,,,,,,
Fri Mar 31 15:21:48 2017 us=838925 TLS: Initial packet from [AF_INET]m.y.i.p:443, sid=5ce5beba 14b52417
Fri Mar 31 15:21:48 2017 us=838925 PID_TEST [0] [TLS_WRAP-0] [] 0:0 1490966509:1 t=1490966508[0] r=[0,64,15,0,1] sl=[0,0,64,528]
Fri Mar 31 15:21:48 2017 us=838925 UDP WRITE [94] to [AF_INET]m.y.i.p:443: P_ACK_V1 kid=0 pid=[ #2 ] [ 0 ]
Fri Mar 31 15:21:48 2017 us=838925 UDP WRITE [181] to [AF_INET]m.y.i.p:443: P_CONTROL_V1 kid=0 pid=[ #3 ] [ ] pid=1 DATA len=95
Fri Mar 31 15:21:48 2017 us=838925 UDP READ [198] from [AF_INET]m.y.i.p:443: P_CONTROL_V1 kid=0 pid=[ #2 ] [ 1 ] pid=1 DATA len=100
Fri Mar 31 15:21:48 2017 us=838925 PID_TEST [0] [TLS_WRAP-0] [0] 1490966509:1 1490966509:2 t=1490966508[0] r=[0,64,15,0,1] sl=[63,1,64,528]
Fri Mar 31 15:21:48 2017 us=838925 OpenSSL: error:14077102:SSL routines:SSL23_GET_SERVER_HELLO:unsupported protocol
Fri Mar 31 15:21:48 2017 us=838925 TLS_ERROR: BIO read tls_read_plaintext error
Fri Mar 31 15:21:48 2017 us=838925 TLS Error: TLS object -> incoming plaintext read error
Fri Mar 31 15:21:48 2017 us=838925 TLS Error: TLS handshake failed
Fri Mar 31 15:21:48 2017 us=838925 PID packet_id_free
Fri Mar 31 15:21:48 2017 us=838925 PID packet_id_free
Fri Mar 31 15:21:48 2017 us=838925 PID packet_id_free
Fri Mar 31 15:21:48 2017 us=838925 PID packet_id_init seq_backtrack=64 time_backtrack=15
Fri Mar 31 15:21:48 2017 us=838925 PID packet_id_init seq_backtrack=64 time_backtrack=15
Fri Mar 31 15:21:48 2017 us=838925 PID packet_id_free
Fri Mar 31 15:21:48 2017 us=838925 PID packet_id_free
Fri Mar 31 15:21:48 2017 us=838925 PID packet_id_free
Fri Mar 31 15:21:48 2017 us=838925 PID packet_id_free
Fri Mar 31 15:21:48 2017 us=838925 PID packet_id_free
Fri Mar 31 15:21:48 2017 us=838925 PID packet_id_free
Fri Mar 31 15:21:48 2017 us=838925 PID packet_id_free
Fri Mar 31 15:21:48 2017 us=838925 PID packet_id_free
Fri Mar 31 15:21:48 2017 us=838925 TCP/UDP: Closing socket
Fri Mar 31 15:21:48 2017 us=838925 PID packet_id_free
Fri Mar 31 15:21:48 2017 us=838925 SIGUSR1[soft,tls-error] received, process restarting
Fri Mar 31 15:21:48 2017 us=838925 MANAGEMENT: >STATE:1490966508,RECONNECTING,tls-error,,,,,
Fri Mar 31 15:21:48 2017 us=838925 Restart pause, 5 second(s)
Fri Mar 31 15:21:59 2017 us=169381 MANAGEMENT: CMD 'password [...]'
Fri Mar 31 15:21:59 2017 us=169381 PRNG init md=SHA1 size=36
Fri Mar 31 15:21:59 2017 us=169381 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Fri Mar 31 15:21:59 2017 us=169381 Outgoing Control Channel Authentication: HMAC KEY: c269c7ae ba5439a5 e158c18c 7e7c2a5e aaef1629 9899f70f 3ac96491 82be8ef8 ...
Fri Mar 31 15:21:59 2017 us=169381 Outgoing Control Channel Authentication: HMAC size=64 block_size=64
Fri Mar 31 15:21:59 2017 us=169381 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Fri Mar 31 15:21:59 2017 us=169381 Incoming Control Channel Authentication: HMAC KEY: f1aea250 696bce6c 0eaad1a7 7f676487 089c5cf6 086baaee 888cca64 2000194e ...
Fri Mar 31 15:21:59 2017 us=169381 crypto_adjust_frame_parameters: Adjusting frame parameters for crypto by 72 bytes
Fri Mar 31 15:21:59 2017 us=169381 LZO compression initializing
Fri Mar 31 15:21:59 2017 us=169381 PID packet_id_init seq_backtrack=64 time_backtrack=15
Fri Mar 31 15:21:59 2017 us=169381 PID packet_id_init seq_backtrack=64 time_backtrack=15
Fri Mar 31 15:21:59 2017 us=169381 PID packet_id_init seq_backtrack=64 time_backtrack=15
Fri Mar 31 15:21:59 2017 us=169381 PID packet_id_init seq_backtrack=64 time_backtrack=15
Fri Mar 31 15:21:59 2017 us=169381 Control Channel MTU parms [ L:1622 D:1140 EF:110 EB:0 ET:0 EL:3 ]
Fri Mar 31 15:21:59 2017 us=169381 MTU DYNAMIC mtu=1450, flags=2, 1622 -> 1450
Fri Mar 31 15:21:59 2017 us=169381 MANAGEMENT: >STATE:1490966519,RESOLVE,,,,,,
Fri Mar 31 15:21:59 2017 us=169381 GETADDRINFO flags=0x0901 ai_family=0 ai_socktype=2
Fri Mar 31 15:21:59 2017 us=263010 RESOLVE_REMOTE flags=0x0901 phase=1 rrs=0 sig=-1 status=0
Fri Mar 31 15:21:59 2017 us=263010 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 ]
Fri Mar 31 15:21:59 2017 us=263010 crypto_adjust_frame_parameters: Adjusting frame parameters for crypto by 100 bytes
Fri Mar 31 15:21:59 2017 us=263010 calc_options_string_link_mtu: link-mtu 1622 -> 1602
Fri Mar 31 15:21:59 2017 us=263010 crypto_adjust_frame_parameters: Adjusting frame parameters for crypto by 100 bytes
Fri Mar 31 15:21:59 2017 us=263010 calc_options_string_link_mtu: link-mtu 1622 -> 1602
Fri Mar 31 15:21:59 2017 us=263010 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1602,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-client'
Fri Mar 31 15:21:59 2017 us=263010 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1602,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-server'
Fri Mar 31 15:21:59 2017 us=263010 TCP/UDP: Preserving recently used remote address: [AF_INET]m.y.i.p:443
Fri Mar 31 15:21:59 2017 us=263010 Socket Buffers: R=[65536->65536] S=[65536->65536]
Fri Mar 31 15:21:59 2017 us=263010 UDP link local: (not bound)
Fri Mar 31 15:21:59 2017 us=263010 UDP link remote: [AF_INET]m.y.i.p:443
Fri Mar 31 15:21:59 2017 us=263010 MANAGEMENT: >STATE:1490966519,WAIT,,,,,,
Fri Mar 31 15:21:59 2017 us=263010 UDP WRITE [86] to [AF_INET]m.y.i.p:443: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #1 ] [ ] pid=0 DATA len=0
Fri Mar 31 15:21:59 2017 us=263010 UDP READ [0] from [AF_UNSPEC]: DATA UNDEF len=-1
Fri Mar 31 15:22:01 2017 us=510032 UDP WRITE [86] to [AF_INET]m.y.i.p:443: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #2 ] [ ] pid=0 DATA len=0
Fri Mar 31 15:22:06 2017 us=4135 UDP WRITE [86] to [AF_INET]m.y.i.p:443: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #3 ] [ ] pid=0 DATA len=0
Fri Mar 31 15:22:15 2017 us=13371 UDP WRITE [86] to [AF_INET]m.y.i.p:443: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #4 ] [ ] pid=0 DATA len=0
Fri Mar 31 15:22:31 2017 us=216607 PID packet_id_free
Fri Mar 31 15:22:31 2017 us=216607 PID packet_id_free
Fri Mar 31 15:22:31 2017 us=216607 PID packet_id_free
Fri Mar 31 15:22:31 2017 us=216607 PID packet_id_free
Fri Mar 31 15:22:31 2017 us=216607 PID packet_id_free
Fri Mar 31 15:22:31 2017 us=232210 PID packet_id_free
Fri Mar 31 15:22:31 2017 us=232210 PID packet_id_free
Fri Mar 31 15:22:31 2017 us=232210 PID packet_id_free
Fri Mar 31 15:22:31 2017 us=232210 TCP/UDP: Closing socket
Fri Mar 31 15:22:31 2017 us=232210 PID packet_id_free
Fri Mar 31 15:22:31 2017 us=232210 SIGTERM[hard,] received, process exiting
Fri Mar 31 15:22:31 2017 us=232210 MANAGEMENT: >STATE:1490966551,EXITING,SIGTERM,,,,,
Fri Mar 31 15:22:31 2017 us=232210 PKCS#11: Terminating openssl
Fri Mar 31 15:22:31 2017 us=232210 PKCS#11: Removing providers
Fri Mar 31 15:22:31 2017 us=232210 PKCS#11: Releasing sessions
Fri Mar 31 15:22:31 2017 us=232210 PKCS#11: Terminating slotevent
Fri Mar 31 15:22:31 2017 us=232210 PKCS#11: Marking as uninitialized
In the server.log I wonder about the messages

Code: Select all

Fri Mar 31 15:21:49 2017 us=163500 ACK output sequence broken: [5] 1 2 3 4
...
Fri Mar 31 15:21:55 2017 us=225876 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Fri Mar 31 15:21:55 2017 us=225986 TLS Error: TLS handshake failed
...
Fri Mar 31 15:21:57 2017 us=228221 TCP/UDP: Socket bind failed on local address [AF_INET]192.168.0.2:443: Permission denied
I think there is beside other problems a permission problem. But I do not know where to change which permission. Any help / hint would beam me up at this point.

Thank your for reading up to here.
Top
TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: TLS please ;-)

Post by TinCanTech » Fri Mar 31, 2017 7:54 pm

Try without --user/--group nobody
Top
matrois
OpenVpn Newbie
Posts: 8
Joined: Mon Mar 27, 2017 9:02 am

Re: TLS please ;-)

Post by matrois » Sat Apr 01, 2017 6:59 pm

Thank your for the hint about commenting out

Code: Select all

user nobody
group nogroup
After some testing I had the idea to try it also with

Code: Select all

user root
group root
At the first moment I where very expectant but only the error messages changed. After changing back to "nobody/nogroup" it do not change back to the "old error message". The actual error messages are:
Sat Apr 01 20:51:06 2017 UDP link remote: [AF_INET]m.y.i.p:443
Sat Apr 01 20:51:06 2017 MANAGEMENT: >STATE:1491072666,WAIT,,,,,,
Sat Apr 01 20:51:06 2017 MANAGEMENT: >STATE:1491072666,AUTH,,,,,,
Sat Apr 01 20:51:06 2017 TLS: Initial packet from [AF_INET]m.y.i.p:443, sid=7d9b9c89 7f15c6da
Sat Apr 01 20:51:06 2017 VERIFY ERROR: depth=1, error=self signed certificate in certificate chain: C=UK, ST=DietPi, L=DietPi, O=DietPi, OU=DietPi, CN=DietPi_OpenVPN_Server, name=DietPi_OpenVPN_Server, emailAddress=noreply@DietPi.com
Sat Apr 01 20:51:06 2017 OpenSSL: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
Sat Apr 01 20:51:06 2017 TLS_ERROR: BIO read tls_read_plaintext error
Sat Apr 01 20:51:06 2017 TLS Error: TLS object -> incoming plaintext read error
Sat Apr 01 20:51:06 2017 TLS Error: TLS handshake failed
Sat Apr 01 20:51:06 2017 SIGUSR1[soft,tls-error] received, process restarting
Sat Apr 01 20:51:06 2017 MANAGEMENT: >STATE:1491072666,RECONNECTING,tls-error,,,,,
Sat Apr 01 20:51:06 2017 Restart pause, 5 second(s)
For me as layman it looks like the certificates are wrong / having errors. But I allready deinstalled and installed again all (openvpn with removing all certificates). It must be something about the communication between server and client...
Top
TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: TLS please ;-)

Post by TinCanTech » Sat Apr 01, 2017 11:22 pm

matrois wrote:My actual server.conf is

Code: Select all
port 443
proto udp
dev tun
local 192.168.0.2
ifconfig 10.8.0.1 10.8.0.2
comp-lzo
max-clients 5
cipher AES-256-CBC
auth SHA512
verb 7
status /var/log/openvpn-status.log
log-append /var/log/openvpn.log

push "redirect-gateway def1"
push "dhcp-option DNS 10.8.0.1"
push "route 192.168.0.0 255.255.255.0"

ping-timer-rem
user nobody
group nogroup

persist-key
persist-tun

# "Static Section
#secret /etc/openvpn/static.key

# "TLS Section"
tls-server
remote-cert-tls
server tls-version-min 1.2
tls-cipher TLS-RSA-WITH-AES-128-CBC-SHA
ca ca.crt
cert DietPi_OpenVPN_Server.crt
key DietPi_OpenVPN_Server.key
dh dh1024.pem
tls-auth /etc/openvpn/easy-rsa/pki/ta.key 0
:mrgreen:
Top
matrois
OpenVpn Newbie
Posts: 8
Joined: Mon Mar 27, 2017 9:02 am

Re: TLS please ;-)

Post by matrois » Sun Apr 02, 2017 8:27 pm

That was a mistake while copying (from texteditor with wordwrap).
The server.conf was and is

Code: Select all

remote-cert-tls server 
tls-version-min 1.2
Top
TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: TLS please ;-)

Post by TinCanTech » Sun Apr 02, 2017 8:39 pm

matrois wrote:That was a mistake while copying (from texteditor with wordwrap).
The server.conf was and is

Code: Select all

remote-cert-tls server 
tls-version-min 1.2
and it is still wrong.

See --remote-cert-tls in The Manual v24x
Top
User avatar
Pippin
Forum Team
Posts: 1201
Joined: Wed Jul 01, 2015 8:03 am
Location: irc://irc.libera.chat:6697/openvpn

Re: TLS please ;-)

Post by Pippin » Sun Apr 02, 2017 11:16 pm

Hint:

server.conf
has
remote-cert-tls server
in it......

Your client conf, tls.ovpn has
remote-cert-tls client
in it......
Top
matrois
OpenVpn Newbie
Posts: 8
Joined: Mon Mar 27, 2017 9:02 am

Re: TLS please ;-)

Post by matrois » Wed Apr 05, 2017 6:10 pm

OK, I have read the manual in the section "remote-cert-tls" again. Please excuse my bad knowledge of the english language but I do not understand how I make it work. Pippins hint in combination with the manual section makes me guess that both configs need neither

Code: Select all

remote-cert-tls client
or

Code: Select all

remote-cert-tls server
Am I right? I try out both variants and it do not work as expected but stops with the same error messages as before. I additionally tried out to delete the option "remote-cert-tls ..." from both configs with no success.

Is there a possibility to activate "tls" stepwise so that I do not need to activate my whole "TLS block"? I already tried to activate only some options and had no success. Could the error even depend on my certificates?
Top
Post Reply

Return to “Configuration”