VPN Connection Issues - NAT

Need help configuring your VPN? Just post here and you'll get that help.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
VoidedNonce
OpenVpn Newbie
Posts: 9
Joined: Tue Apr 18, 2017 7:50 pm

VPN Connection Issues - NAT

Post by VoidedNonce » Tue Apr 18, 2017 8:09 pm

Hello,

I have configured my OpenVPN to pass through a Juniper SRX Service Gateway to a dedicated VPN box. I am using NAT and believe to have configured everything correctly except maybe the address to forward the external IP to internally.

I have shown all of my config files. Could anyone please help me? I am seeing translations on my SRX doing NAT, but the VPN box gets nothing in tcpdump or anywhere. see bottom for srx config (I have also posted a support request on the forums there but I believe it is my openvpn config. when a client attempts to connect it just server time polls out continuously.

below the srx config are my iptables rules and ifconfig and openvpn log. I should mentioned that I create certs ecdhe ecdsa with brainpool with the most currentl openssl with parameters being explicit

Thank you

server.conf
Server Config
# This is a comment
;local a.b.c.d
port 34916
proto udp
dev tun
ca /root/cavpn/certs/ca.cert.pem
cert /root/cavpn/intermediate/certs/www.layer967.com.cert.pem
key /root/cavpn/intermediate/private/www.layer967.com.key.pem # This file should be kept secret
dh /root/cavpn/dh4096.pem
server 172.16.234.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 172.16.234.1"
keepalive 10 120
tls-auth /root/cavpn/tls-auth/tls-auth.key 0 # This file is secret
tls-verify /root/cavpn/cn_allowed.sh
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384
cipher AES-256-CBC
tls-version-min 1.2
auth SHA512
max-clients 10
user openvpn_server
group nogroup
persist-key
persist-tun
status /var/log/openvpn-status.log
log-append openvpn.log
verb 9

client.conf
Server Config
# This is a comment
client
dev tun
proto udp
remote 75.72.76.40 34916
resolv-retry infinite
nobind
persist-key
persist-tun
ca /correctpathonclient/ca.cert.pem
cert /correctpathonclient/client1.cert.pem
key /correctpathonclient/client1.key.pem
ns-cert-type server
tls-auth tls-auth.key 1
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384
cipher AES-256-CBC
tls-version-min 1.2
auth SHA512
verb 3
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
REJECT all -- loopback/8 anywhere reject-with icmp-port-unreachable
ACCEPT icmp -- anywhere anywhere state NEW icmp echo-request
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere state NEW,ESTABLISHED tcp dpt:ssh
ACCEPT udp -- anywhere anywhere state NEW,ESTABLISHED udp dpt:34916
ACCEPT udp -- anywhere anywhere state ESTABLISHED udp spt:domain
ACCEPT tcp -- anywhere anywhere state ESTABLISHED tcp spt:http
ACCEPT tcp -- anywhere anywhere state ESTABLISHED tcp spt:https
ACCEPT all -- anywhere anywhere
LOG all -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning prefix "iptables_INPUT_denied: "
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable

Chain FORWARD (policy ACCEPT)
target prot opt source destination
LOG all -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning prefix "iptables_FORWARD_denied: "
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere state ESTABLISHED tcp spt:ssh
ACCEPT udp -- anywhere anywhere state ESTABLISHED udp spt:34916
ACCEPT udp -- anywhere anywhere state NEW,ESTABLISHED udp dpt:domain
ACCEPT tcp -- anywhere anywhere state NEW,ESTABLISHED tcp dpt:http
ACCEPT tcp -- anywhere anywhere state NEW,ESTABLISHED tcp dpt:https
ACCEPT all -- anywhere anywhere
LOG all -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning prefix "iptables_OUTPUT_denied: "
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable

Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 1 packets, 68 bytes)
pkts bytes target prot opt in out source destination

Chain POSTROUTING (policy ACCEPT 1 packets, 68 bytes)
pkts bytes target prot opt in out source destination
0 0 MASQUERADE all -- * eth0 172.16.234.0/24 0.0.0.0/0
0 0 MASQUERADE all -- * eth0 172.16.234.0/24 0.0.0.0/0

eth0 Link encap:Ethernet HWaddr 00:e0:81:74:16:91
inet addr:172.19.143.13 Bcast:172.19.143.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:9 errors:0 dropped:0 overruns:0 frame:0
TX packets:11 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1521 (1.4 KiB) TX bytes:1345 (1.3 KiB)

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)

tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:172.16.234.1 P-t-P:172.16.234.2 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)

VoidedNonce
OpenVpn Newbie
Posts: 9
Joined: Tue Apr 18, 2017 7:50 pm

Re: VPN Connection Issues - NAT

Post by VoidedNonce » Tue Apr 18, 2017 8:13 pm

Here is my SRX config since I had a character limitation

srx config
## Last changed: 2017-04-17 14:15:09 GMT-6
version 12.3X48-D45.6;
groups {
jweb-security-logging {
system {
syslog {
inactive: file loooooooggger {
any any;
archive files 1;
structured-data;
}
file logadog {
any any;
archive files 1;
structured-data;
}
}
}
}
}
system {
host-name SCRUBBED;
time-zone GMT-6;
root-authentication {
encrypted-password "SCRUBBED";
}
name-server {
208.67.222.222;
208.67.220.220;
}
name-resolution {
no-resolve-on-input;
}
services {
ssh;
web-management {
https {
system-generated-certificate;
interface vlan.3;
}
session {
idle-timeout 60;
}
}
dhcp {
pool 192.168.1.0/24 {
address-range low 192.168.1.2 high 192.168.1.254;
name-server {
208.67.222.222;
208.67.220.220;
}
router {
192.168.1.1;
}
}
pool 192.168.2.0/24 {
address-range low 192.168.2.2 high 192.168.2.254;
name-server {
208.67.220.220;
208.67.222.222;
}
router {
192.168.2.1;
}
}
pool 172.19.143.0/24 {
address-range low 172.19.143.13 high 172.19.143.13;
name-server {
208.67.222.222;
208.67.220.220;
}
router {
172.19.143.1;
}
}
static-binding 00:d0:4b:94:ec:74 {
fixed-address {
192.168.2.33;
}
name-server {
208.67.222.222;
208.67.220.220;
}
router {
192.168.2.1;
}
}
static-binding 00:10:75:4f:82:12 {
fixed-address {
192.168.2.34;
}
name-server {
208.67.222.222;
208.67.220.220;
}
router {
192.168.2.1;
}
}
static-binding 00:e0:81:74:16:91 {
fixed-address {
172.19.143.13;
}
name-server {
208.67.220.220;
208.67.222.222;
}
router {
172.19.143.1;
}
}
}
}
syslog {
archive size 100k files 3;
user * {
any emergency;
}
file messages {
any critical;
authorization info;
}
file interactive-commands {
interactive-commands error;
}
file policy_session {
user info;
match RT_FLOW;
archive size 1000k world-readable;
structured-data;
}
file logadog {
any any;
archive files 1;
structured-data;
}
}
max-configurations-on-flash 5;
max-configuration-rollbacks 5;
license {
autoupdate {
url https://ae1.juniper.net/junos/key_retrieval;
}
}
ntp {
server us.ntp.pool.org;
}
}
security {
log {
mode event;
}
screen {
ids-option untrust-screen {
alarm-without-drop;
icmp {
ip-sweep;
fragment;
large;
flood;
ping-death;
icmpv6-malformed;
}
ip {
bad-option;
record-route-option;
timestamp-option;
security-option;
stream-option;
spoofing;
source-route-option;
loose-source-route-option;
strict-source-route-option;
unknown-protocol;
block-frag;
tear-drop;
ipv6-malformed-header;
}
tcp {
syn-fin;
fin-no-ack;
tcp-no-flag;
syn-frag;
port-scan;
syn-flood {
alarm-threshold 1024;
attack-threshold 200;
source-threshold 1024;
destination-threshold 2048;
timeout 20;
}
land;
winnuke;
}
udp {
flood;
}
}
}
nat {
source {
rule-set nsw_srcnat {
from zone [ Home VPN Work ];
to zone Internet;
rule nsw-src-interface {
match {
source-address 0.0.0.0/0;
destination-address 0.0.0.0/0;
}
then {
source-nat {
interface;
}
}
}
}
}
destination {
pool VPNBox {
address 172.16.234.1/32 port 34916;
}
rule-set INT_TO_VPN {
from zone Internet;
rule INT_To_VPN {
match {
source-address 0.0.0.0/0;
destination-address 75.72.76.40/32;
destination-port {
34916;
}
protocol udp;
}
then {
destination-nat {
pool {
VPNBox;
}
}
}
}
}
}
}
policies {
from-zone Home to-zone Internet {
policy home-internet {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone Internet to-zone Home {
policy internet-home {
match {
source-address any;
destination-address any;
application any;
}
then {
deny;
log {
session-init;
session-close;
}
}
}
}
from-zone Work to-zone Internet {
policy work-internet {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone Internet to-zone Work {
policy internet-work {
match {
source-address any;
destination-address any;
application any;
}
then {
deny;
log {
session-init;
session-close;
}
}
}
}
from-zone VPN to-zone Internet {
policy vpn-internet {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone Internet to-zone VPN {
policy openvpnin {
match {
source-address any-ipv4;
destination-address home;
application openvpn_custom;
}
then {
permit;
}
}
policy internet-vpn {
match {
source-address any;
destination-address any;
application any;
}
then {
deny;
log {
session-init;
session-close;
}
}
}
}
from-zone Work to-zone Home {
policy work-home {
match {
source-address any;
destination-address any;
application any;
}
then {
deny;
log {
session-init;
session-close;
}
}
}
}
from-zone Home to-zone Work {
policy home-work {
match {
source-address any;
destination-address any;
application any;
}
then {
deny;
log {
session-init;
session-close;
}
}
}
}
from-zone Work to-zone VPN {
policy work-vpn {
match {
source-address any;
destination-address any;
application any;
}
then {
deny;
log {
session-init;
session-close;
}
}
}
}
from-zone VPN to-zone Work {
policy vpn-work {
match {
source-address any;
destination-address any;
application any;
}
then {
deny;
log {
session-init;
session-close;
}
}
}
}
from-zone VPN to-zone Home {
policy vpn-home {
match {
source-address any;
destination-address any;
application any;
}
then {
deny;
log {
session-init;
session-close;
}
}
}
}
from-zone Home to-zone VPN {
policy home-vpn {
match {
source-address any;
destination-address any;
application any;
}
then {
deny;
log {
session-init;
session-close;
}
}
}
}
}
zones {
security-zone Home {
interfaces {
vlan.1 {
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
}
}
}
security-zone VPN {
address-book {
address home 75.72.76.40/32;
}
interfaces {
vlan.2 {
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
}
}
}
security-zone Work {
interfaces {
vlan.3 {
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
}
}
}
security-zone Internet {
address-book {
address home 75.72.76.40/32;
}
screen untrust-screen;
interfaces {
ge-0/0/0.0 {
host-inbound-traffic {
system-services {
dhcp;
}
}
}
}
}
}
}
interfaces {
ge-0/0/0 {
unit 0 {
family inet {
dhcp;
}
}
}
ge-0/0/1 {
unit 0 {
family ethernet-switching {
vlan {
members vlan1;
}
}
}
}
ge-0/0/2 {
unit 0 {
family ethernet-switching {
vlan {
members vlan1;
}
}
}
}
ge-0/0/3 {
unit 0 {
family ethernet-switching {
vlan {
members vlan1;
}
}
}
}
ge-0/0/4 {
unit 0 {
family ethernet-switching {
vlan {
members vlan1;
}
}
}
}
ge-0/0/5 {
unit 0 {
family ethernet-switching {
vlan {
members vlan1;
}
}
}
}
ge-0/0/6 {
unit 0 {
family ethernet-switching {
vlan {
members vlan1;
}
}
}
}
ge-0/0/7 {
unit 0 {
family ethernet-switching {
vlan {
members vlan1;
}
}
}
}
ge-0/0/8 {
unit 0 {
family ethernet-switching {
vlan {
members vlan3;
}
}
}
}
ge-0/0/9 {
unit 0 {
family ethernet-switching {
vlan {
members vlan3;
}
}
}
}
ge-0/0/10 {
unit 0 {
family ethernet-switching {
vlan {
members vlan3;
}
}
}
}
ge-0/0/11 {
unit 0 {
family ethernet-switching {
vlan {
members vlan3;
}
}
}
}
ge-0/0/12 {
unit 0 {
family ethernet-switching {
vlan {
members vlan3;
}
}
}
}
ge-0/0/13 {
unit 0 {
family ethernet-switching {
vlan {
members vlan3;
}
}
}
}
ge-0/0/14 {
unit 0 {
family ethernet-switching {
port-mode trunk;
vlan {
members [ vlan1 vlan3 ];
}
}
}
}
ge-0/0/15 {
unit 0 {
family ethernet-switching {
port-mode access;
vlan {
members vlan2;
}
}
}
}
vlan {
unit 1 {
family inet {
address 192.168.1.1/24;
}
}
unit 2 {
family inet {
address 172.19.143.1/24;
}
}
unit 3 {
family inet {
address 192.168.2.1/24;
}
}
}
}
protocols {
stp {
disable;
}
}
applications {
application openvpn_custom {
protocol udp;
destination-port 34916;
}
}
wlan {
admin-authentication {
encrypted-password "SCRUBBED";
}
}
vlans {
vlan1 {
description Home;
vlan-id 3;
interface {
ge-0/0/2.0;
}
l3-interface vlan.1;
}
vlan2 {
description VPN;
vlan-id 2;
interface {
ge-0/0/15.0;
}
l3-interface vlan.2;
}
vlan3 {
description Work;
vlan-id 4;
interface {
ge-0/0/14.0;
}
l3-interface vlan.3;
}
}

VoidedNonce
OpenVpn Newbie
Posts: 9
Joined: Tue Apr 18, 2017 7:50 pm

Re: VPN Connection Issues - NAT

Post by VoidedNonce » Tue Apr 18, 2017 8:15 pm

I believe these to be the relevant parts of my openvpn logs

Tue Apr 18 10:35:58 2017 us=596390 Current Parameter Settings:
Tue Apr 18 10:35:58 2017 us=610949 config = '/etc/openvpn/server.conf'
Tue Apr 18 10:35:58 2017 us=610983 mode = 1
Tue Apr 18 10:35:58 2017 us=611007 persist_config = DISABLED
Tue Apr 18 10:35:58 2017 us=611030 persist_mode = 1
Tue Apr 18 10:35:58 2017 us=611053 show_ciphers = DISABLED
Tue Apr 18 10:35:58 2017 us=611075 show_digests = DISABLED
Tue Apr 18 10:35:58 2017 us=611097 show_engines = DISABLED
Tue Apr 18 10:35:58 2017 us=611120 genkey = DISABLED
Tue Apr 18 10:35:58 2017 us=611142 key_pass_file = '[UNDEF]'
Tue Apr 18 10:35:58 2017 us=611165 show_tls_ciphers = DISABLED
Tue Apr 18 10:35:58 2017 us=611188 connect_retry_max = 0
Tue Apr 18 10:35:58 2017 us=611211 Connection profiles [0]:
Tue Apr 18 10:35:58 2017 us=611235 proto = udp
Tue Apr 18 10:35:58 2017 us=611257 local = '[UNDEF]'
Tue Apr 18 10:35:58 2017 us=611280 local_port = '34916'
Tue Apr 18 10:35:58 2017 us=611302 remote = '[UNDEF]'
Tue Apr 18 10:35:58 2017 us=611325 remote_port = '34916'
Tue Apr 18 10:35:58 2017 us=611347 remote_float = DISABLED
Tue Apr 18 10:35:58 2017 us=611370 bind_defined = DISABLED
Tue Apr 18 10:35:58 2017 us=611392 bind_local = ENABLED
Tue Apr 18 10:35:58 2017 us=611415 bind_ipv6_only = DISABLED
Tue Apr 18 10:35:58 2017 us=611438 connect_retry_seconds = 5
Tue Apr 18 10:35:58 2017 us=611461 connect_timeout = 120
Tue Apr 18 10:35:58 2017 us=611483 socks_proxy_server = '[UNDEF]'
Tue Apr 18 10:35:58 2017 us=611506 socks_proxy_port = '[UNDEF]'
Tue Apr 18 10:35:58 2017 us=611529 tun_mtu = 1500
Tue Apr 18 10:35:58 2017 us=611551 tun_mtu_defined = ENABLED
Tue Apr 18 10:35:58 2017 us=611574 link_mtu = 1500
Tue Apr 18 10:35:58 2017 us=611596 link_mtu_defined = DISABLED
Tue Apr 18 10:35:58 2017 us=611618 tun_mtu_extra = 0
Tue Apr 18 10:35:58 2017 us=611641 tun_mtu_extra_defined = DISABLED
Tue Apr 18 10:35:58 2017 us=611663 mtu_discover_type = -1
Tue Apr 18 10:35:58 2017 us=611685 fragment = 0
Tue Apr 18 10:35:58 2017 us=611707 mssfix = 1450
Tue Apr 18 10:35:58 2017 us=611730 explicit_exit_notification = 0
Tue Apr 18 10:35:58 2017 us=611752 Connection profiles END
Tue Apr 18 10:35:58 2017 us=611775 remote_random = DISABLED
Tue Apr 18 10:35:58 2017 us=611797 ipchange = '[UNDEF]'
Tue Apr 18 10:35:58 2017 us=611820 dev = 'tun'
Tue Apr 18 10:35:58 2017 us=611842 dev_type = '[UNDEF]'
Tue Apr 18 10:35:58 2017 us=611864 dev_node = '[UNDEF]'
Tue Apr 18 10:35:58 2017 us=611887 lladdr = '[UNDEF]'
Tue Apr 18 10:35:58 2017 us=611909 topology = 1
Tue Apr 18 10:35:58 2017 us=611932 ifconfig_local = '172.16.234.1'
Tue Apr 18 10:35:58 2017 us=611955 ifconfig_remote_netmask = '172.16.234.2'
Tue Apr 18 10:35:58 2017 us=611977 ifconfig_noexec = DISABLED
Tue Apr 18 10:35:58 2017 us=612000 ifconfig_nowarn = DISABLED
Tue Apr 18 10:35:58 2017 us=612022 ifconfig_ipv6_local = '[UNDEF]'
Tue Apr 18 10:35:58 2017 us=612045 ifconfig_ipv6_netbits = 0
Tue Apr 18 10:35:58 2017 us=612067 ifconfig_ipv6_remote = '[UNDEF]'
Tue Apr 18 10:35:58 2017 us=612090 shaper = 0
Tue Apr 18 10:35:58 2017 us=612112 mtu_test = 0
Tue Apr 18 10:35:58 2017 us=612178 mlock = DISABLED
Tue Apr 18 10:35:58 2017 us=612203 keepalive_ping = 10
Tue Apr 18 10:35:58 2017 us=612225 keepalive_timeout = 120
Tue Apr 18 10:35:58 2017 us=612248 inactivity_timeout = 0
Tue Apr 18 10:35:58 2017 us=612271 ping_send_timeout = 10
Tue Apr 18 10:35:58 2017 us=612293 ping_rec_timeout = 240
Tue Apr 18 10:35:58 2017 us=612317 ping_rec_timeout_action = 2
Tue Apr 18 10:35:58 2017 us=612340 ping_timer_remote = DISABLED
Tue Apr 18 10:35:58 2017 us=612362 remap_sigusr1 = 0
Tue Apr 18 10:35:58 2017 us=612384 persist_tun = ENABLED
Tue Apr 18 10:35:58 2017 us=612407 persist_local_ip = DISABLED
Tue Apr 18 10:35:58 2017 us=612429 persist_remote_ip = DISABLED
Tue Apr 18 10:35:58 2017 us=612452 persist_key = ENABLED
Tue Apr 18 10:35:58 2017 us=612475 passtos = DISABLED
Tue Apr 18 10:35:58 2017 us=612498 resolve_retry_seconds = 1000000000
Tue Apr 18 10:35:58 2017 us=612520 resolve_in_advance = DISABLED
Tue Apr 18 10:35:58 2017 us=612543 username = 'openvpn_server'
Tue Apr 18 10:35:58 2017 us=612581 groupname = 'nogroup'
Tue Apr 18 10:35:58 2017 us=612605 chroot_dir = '[UNDEF]'
Tue Apr 18 10:35:58 2017 us=612628 cd_dir = '/etc/openvpn'
Tue Apr 18 10:35:58 2017 us=612651 writepid = '[UNDEF]'
Tue Apr 18 10:35:58 2017 us=612673 up_script = '[UNDEF]'
Tue Apr 18 10:35:58 2017 us=612696 down_script = '[UNDEF]'
Tue Apr 18 10:35:58 2017 us=612719 down_pre = DISABLED
Tue Apr 18 10:35:58 2017 us=612741 up_restart = DISABLED
Tue Apr 18 10:35:58 2017 us=612764 up_delay = DISABLED
Tue Apr 18 10:35:58 2017 us=612786 daemon = ENABLED
Tue Apr 18 10:35:58 2017 us=612809 inetd = 0
Tue Apr 18 10:35:58 2017 us=612831 log = ENABLED
Tue Apr 18 10:35:58 2017 us=612854 suppress_timestamps = DISABLED
Tue Apr 18 10:35:58 2017 us=612876 machine_readable_output = DISABLED
Tue Apr 18 10:35:58 2017 us=612899 nice = 0
Tue Apr 18 10:35:58 2017 us=612922 verbosity = 9
Tue Apr 18 10:35:58 2017 us=612944 mute = 0
Tue Apr 18 10:35:58 2017 us=612967 gremlin = 0
Tue Apr 18 10:35:58 2017 us=612990 status_file = '/var/log/openvpn-status.log'
Tue Apr 18 10:35:58 2017 us=613013 status_file_version = 1
Tue Apr 18 10:35:58 2017 us=613036 status_file_update_freq = 10
Tue Apr 18 10:35:58 2017 us=613058 occ = ENABLED
Tue Apr 18 10:35:58 2017 us=613080 rcvbuf = 0
Tue Apr 18 10:35:58 2017 us=613103 sndbuf = 0
Tue Apr 18 10:35:58 2017 us=613125 mark = 0
Tue Apr 18 10:35:58 2017 us=613147 sockflags = 0
Tue Apr 18 10:35:58 2017 us=613169 fast_io = DISABLED
Tue Apr 18 10:35:58 2017 us=613192 comp.alg = 0
Tue Apr 18 10:35:58 2017 us=613214 comp.flags = 0
Tue Apr 18 10:35:58 2017 us=613237 route_script = '[UNDEF]'
Tue Apr 18 10:35:58 2017 us=613260 route_default_gateway = '[UNDEF]'
Tue Apr 18 10:35:58 2017 us=613283 route_default_metric = 0
Tue Apr 18 10:35:58 2017 us=613306 route_noexec = DISABLED
Tue Apr 18 10:35:58 2017 us=613329 route_delay = 0
Tue Apr 18 10:35:58 2017 us=613352 route_delay_window = 30
Tue Apr 18 10:35:58 2017 us=613375 route_delay_defined = DISABLED
Tue Apr 18 10:35:58 2017 us=613398 route_nopull = DISABLED
Tue Apr 18 10:35:58 2017 us=613421 route_gateway_via_dhcp = DISABLED
Tue Apr 18 10:35:58 2017 us=613444 allow_pull_fqdn = DISABLED
Tue Apr 18 10:35:58 2017 us=613470 route 172.16.234.0/255.255.255.0/default (not set)/default (not set)
Tue Apr 18 10:35:58 2017 us=613494 management_addr = '[UNDEF]'
Tue Apr 18 10:35:58 2017 us=613517 management_port = '[UNDEF]'
Tue Apr 18 10:35:58 2017 us=613540 management_user_pass = '[UNDEF]'
Tue Apr 18 10:35:58 2017 us=613563 management_log_history_cache = 250
Tue Apr 18 10:35:58 2017 us=613586 management_echo_buffer_size = 100
Tue Apr 18 10:35:58 2017 us=613609 management_write_peer_info_file = '[UNDEF]'
Tue Apr 18 10:35:58 2017 us=613632 management_client_user = '[UNDEF]'
Tue Apr 18 10:35:58 2017 us=613655 management_client_group = '[UNDEF]'
Tue Apr 18 10:35:58 2017 us=613678 management_flags = 0
Tue Apr 18 10:35:58 2017 us=613701 shared_secret_file = '[UNDEF]'
Tue Apr 18 10:35:58 2017 us=613723 key_direction = 1
Tue Apr 18 10:35:58 2017 us=613745 ciphername = 'AES-256-CBC'
Tue Apr 18 10:35:58 2017 us=613767 ncp_enabled = ENABLED
Tue Apr 18 10:35:58 2017 us=613790 ncp_ciphers = 'AES-256-GCM:AES-128-GCM'
Tue Apr 18 10:35:58 2017 us=613813 authname = 'SHA512'
Tue Apr 18 10:35:58 2017 us=613836 prng_hash = 'SHA1'
Tue Apr 18 10:35:58 2017 us=613859 prng_nonce_secret_len = 16
Tue Apr 18 10:35:58 2017 us=613882 keysize = 0
Tue Apr 18 10:35:58 2017 us=613905 engine = DISABLED
Tue Apr 18 10:35:58 2017 us=613927 replay = ENABLED
Tue Apr 18 10:35:58 2017 us=613950 mute_replay_warnings = DISABLED
Tue Apr 18 10:35:58 2017 us=613973 replay_window = 64
Tue Apr 18 10:35:58 2017 us=613995 replay_time = 15
Tue Apr 18 10:35:58 2017 us=614018 packet_id_file = '[UNDEF]'
Tue Apr 18 10:35:58 2017 us=614040 use_iv = ENABLED
Tue Apr 18 10:35:58 2017 us=614063 test_crypto = DISABLED
Tue Apr 18 10:35:58 2017 us=614085 tls_server = ENABLED
Tue Apr 18 10:35:58 2017 us=614122 tls_client = DISABLED
Tue Apr 18 10:35:58 2017 us=614146 key_method = 2
Tue Apr 18 10:35:58 2017 us=614169 ca_file = '/root/cavpn/certs/ca.cert.pem'
Tue Apr 18 10:35:58 2017 us=614191 ca_path = '[UNDEF]'
Tue Apr 18 10:35:58 2017 us=614214 dh_file = '/root/cavpn/dh4096.pem'
Tue Apr 18 10:35:58 2017 us=614238 cert_file = '/root/cavpn/intermediate/certs/www.layer967.com.cert.pem'
Tue Apr 18 10:35:58 2017 us=614261 extra_certs_file = '[UNDEF]'
Tue Apr 18 10:35:58 2017 us=614285 priv_key_file = '/root/cavpn/intermediate/private/www.layer967.com.key.pem'
Tue Apr 18 10:35:58 2017 us=614308 pkcs12_file = '[UNDEF]'
Tue Apr 18 10:35:58 2017 us=614331 cipher_list = 'TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384'
Tue Apr 18 10:35:58 2017 us=614354 tls_verify = '/root/cavpn/cn_allowed.sh'
Tue Apr 18 10:35:58 2017 us=614377 tls_export_cert = '[UNDEF]'
Tue Apr 18 10:35:58 2017 us=614399 verify_x509_type = 0
Tue Apr 18 10:35:58 2017 us=614422 verify_x509_name = '[UNDEF]'
Tue Apr 18 10:35:58 2017 us=614444 crl_file = '[UNDEF]'
Tue Apr 18 10:35:58 2017 us=614466 ns_cert_type = 0
Tue Apr 18 10:35:58 2017 us=614489 remote_cert_ku = 0
Tue Apr 18 10:35:58 2017 us=614511 remote_cert_ku = 0
Tue Apr 18 10:35:58 2017 us=614533 remote_cert_ku = 0
Tue Apr 18 10:35:58 2017 us=614555 remote_cert_ku = 0
Tue Apr 18 10:35:58 2017 us=614577 remote_cert_ku = 0
Tue Apr 18 10:35:58 2017 us=614599 remote_cert_ku = 0
Tue Apr 18 10:35:58 2017 us=614621 remote_cert_ku = 0
Tue Apr 18 10:35:58 2017 us=614643 remote_cert_ku = 0
Tue Apr 18 10:35:58 2017 us=614665 remote_cert_ku = 0
Tue Apr 18 10:35:58 2017 us=614688 remote_cert_ku = 0
Tue Apr 18 10:35:58 2017 us=614710 remote_cert_ku[i] = 0
Tue Apr 18 10:35:58 2017 us=614732 remote_cert_ku[i] = 0
Tue Apr 18 10:35:58 2017 us=614754 remote_cert_ku[i] = 0
Tue Apr 18 10:35:58 2017 us=614776 remote_cert_ku[i] = 0
Tue Apr 18 10:35:58 2017 us=614798 remote_cert_ku[i] = 0
Tue Apr 18 10:35:58 2017 us=614820 remote_cert_ku[i] = 0
Tue Apr 18 10:35:58 2017 us=614843 remote_cert_eku = '[UNDEF]'
Tue Apr 18 10:35:58 2017 us=614865 ssl_flags = 192
Tue Apr 18 10:35:58 2017 us=614888 tls_timeout = 2
Tue Apr 18 10:35:58 2017 us=614910 renegotiate_bytes = -1
Tue Apr 18 10:35:58 2017 us=614933 renegotiate_packets = 0
Tue Apr 18 10:35:58 2017 us=614955 renegotiate_seconds = 3600
Tue Apr 18 10:35:58 2017 us=614978 handshake_window = 60
Tue Apr 18 10:35:58 2017 us=615002 transition_window = 3600
Tue Apr 18 10:35:58 2017 us=615024 single_session = DISABLED
Tue Apr 18 10:35:58 2017 us=615047 push_peer_info = DISABLED
Tue Apr 18 10:35:58 2017 us=615069 tls_exit = DISABLED
Tue Apr 18 10:35:58 2017 us=615093 tls_auth_file = '/root/cavpn/tls-auth/tls-auth.key'
Tue Apr 18 10:35:58 2017 us=615123 tls_crypt_file = '[UNDEF]'
Tue Apr 18 10:35:58 2017 us=615148 pkcs11_protected_authentication = DISABLED
Tue Apr 18 10:35:58 2017 us=615171 pkcs11_protected_authentication = DISABLED
Tue Apr 18 10:35:58 2017 us=615194 pkcs11_protected_authentication = DISABLED
Tue Apr 18 10:35:58 2017 us=615216 pkcs11_protected_authentication = DISABLED
Tue Apr 18 10:35:58 2017 us=615239 pkcs11_protected_authentication = DISABLED
Tue Apr 18 10:35:58 2017 us=615261 pkcs11_protected_authentication = DISABLED
Tue Apr 18 10:35:58 2017 us=615284 pkcs11_protected_authentication = DISABLED
Tue Apr 18 10:35:58 2017 us=615306 pkcs11_protected_authentication = DISABLED
Tue Apr 18 10:35:58 2017 us=615329 pkcs11_protected_authentication = DISABLED
Tue Apr 18 10:35:58 2017 us=615352 pkcs11_protected_authentication = DISABLED
Tue Apr 18 10:35:58 2017 us=615374 pkcs11_protected_authentication = DISABLED
Tue Apr 18 10:35:58 2017 us=615396 pkcs11_protected_authentication = DISABLED
Tue Apr 18 10:35:58 2017 us=615419 pkcs11_protected_authentication = DISABLED
Tue Apr 18 10:35:58 2017 us=615441 pkcs11_protected_authentication = DISABLED
Tue Apr 18 10:35:58 2017 us=615464 pkcs11_protected_authentication = DISABLED
Tue Apr 18 10:35:58 2017 us=615500 pkcs11_protected_authentication = DISABLED
Tue Apr 18 10:35:58 2017 us=615526 pkcs11_private_mode = 00000000
Tue Apr 18 10:35:58 2017 us=615550 pkcs11_private_mode = 00000000
Tue Apr 18 10:35:58 2017 us=615573 pkcs11_private_mode = 00000000
Tue Apr 18 10:35:58 2017 us=615596 pkcs11_private_mode = 00000000
Tue Apr 18 10:35:58 2017 us=615619 pkcs11_private_mode = 00000000
Tue Apr 18 10:35:58 2017 us=615642 pkcs11_private_mode = 00000000
Tue Apr 18 10:35:58 2017 us=615664 pkcs11_private_mode = 00000000
Tue Apr 18 10:35:58 2017 us=615687 pkcs11_private_mode = 00000000
Tue Apr 18 10:35:58 2017 us=615710 pkcs11_private_mode = 00000000
Tue Apr 18 10:35:58 2017 us=615732 pkcs11_private_mode = 00000000
Tue Apr 18 10:35:58 2017 us=615755 pkcs11_private_mode = 00000000
Tue Apr 18 10:35:58 2017 us=615778 pkcs11_private_mode = 00000000
Tue Apr 18 10:35:58 2017 us=615801 pkcs11_private_mode = 00000000
Tue Apr 18 10:35:58 2017 us=615823 pkcs11_private_mode = 00000000
Tue Apr 18 10:35:58 2017 us=615846 pkcs11_private_mode = 00000000
Tue Apr 18 10:35:58 2017 us=615868 pkcs11_private_mode = 00000000
Tue Apr 18 10:35:58 2017 us=615891 pkcs11_cert_private = DISABLED
Tue Apr 18 10:35:58 2017 us=615913 pkcs11_cert_private = DISABLED
Tue Apr 18 10:35:58 2017 us=615936 pkcs11_cert_private = DISABLED
Tue Apr 18 10:35:58 2017 us=615958 pkcs11_cert_private = DISABLED
Tue Apr 18 10:35:58 2017 us=615981 pkcs11_cert_private = DISABLED
Tue Apr 18 10:35:58 2017 us=616003 pkcs11_cert_private = DISABLED
Tue Apr 18 10:35:58 2017 us=616025 pkcs11_cert_private = DISABLED
Tue Apr 18 10:35:58 2017 us=616048 pkcs11_cert_private = DISABLED
Tue Apr 18 10:35:58 2017 us=616070 pkcs11_cert_private = DISABLED
Tue Apr 18 10:35:58 2017 us=616093 pkcs11_cert_private = DISABLED
Tue Apr 18 10:35:58 2017 us=616115 pkcs11_cert_private = DISABLED
Tue Apr 18 10:35:58 2017 us=616165 pkcs11_cert_private = DISABLED
Tue Apr 18 10:35:58 2017 us=616188 pkcs11_cert_private = DISABLED
Tue Apr 18 10:35:58 2017 us=616211 pkcs11_cert_private = DISABLED
Tue Apr 18 10:35:58 2017 us=616234 pkcs11_cert_private = DISABLED
Tue Apr 18 10:35:58 2017 us=616256 pkcs11_cert_private = DISABLED
Tue Apr 18 10:35:58 2017 us=616280 pkcs11_pin_cache_period = -1
Tue Apr 18 10:35:58 2017 us=616302 pkcs11_id = '[UNDEF]'
Tue Apr 18 10:35:58 2017 us=616325 pkcs11_id_management = DISABLED
Tue Apr 18 10:35:58 2017 us=616353 server_network = 172.16.234.0
Tue Apr 18 10:35:58 2017 us=616378 server_netmask = 255.255.255.0
Tue Apr 18 10:35:58 2017 us=616404 server_network_ipv6 = ::
Tue Apr 18 10:35:58 2017 us=616427 server_netbits_ipv6 = 0
Tue Apr 18 10:35:58 2017 us=616452 server_bridge_ip = 0.0.0.0
Tue Apr 18 10:35:58 2017 us=616477 server_bridge_netmask = 0.0.0.0
Tue Apr 18 10:35:58 2017 us=616501 server_bridge_pool_start = 0.0.0.0
Tue Apr 18 10:35:58 2017 us=616527 server_bridge_pool_end = 0.0.0.0
Tue Apr 18 10:35:58 2017 us=616550 push_entry = 'redirect-gateway def1 bypass-dhcp'
Tue Apr 18 10:35:58 2017 us=616573 push_entry = 'dhcp-option DNS 172.16.234.1'
Tue Apr 18 10:35:58 2017 us=616596 push_entry = 'route 172.16.234.1'
Tue Apr 18 10:35:58 2017 us=616619 push_entry = 'topology net30'
Tue Apr 18 10:35:58 2017 us=616642 push_entry = 'ping 10'
Tue Apr 18 10:35:58 2017 us=616664 push_entry = 'ping-restart 120'
Tue Apr 18 10:35:58 2017 us=616687 ifconfig_pool_defined = ENABLED
Tue Apr 18 10:35:58 2017 us=616712 ifconfig_pool_start = 172.16.234.4
Tue Apr 18 10:35:58 2017 us=616738 ifconfig_pool_end = 172.16.234.251
Tue Apr 18 10:35:58 2017 us=616763 ifconfig_pool_netmask = 0.0.0.0
Tue Apr 18 10:35:58 2017 us=616786 ifconfig_pool_persist_filename = 'ipp.txt'
Tue Apr 18 10:35:58 2017 us=616809 ifconfig_pool_persist_refresh_freq = 600
Tue Apr 18 10:35:58 2017 us=616832 ifconfig_ipv6_pool_defined = DISABLED
Tue Apr 18 10:35:58 2017 us=616857 ifconfig_ipv6_pool_base = ::
Tue Apr 18 10:35:58 2017 us=616879 ifconfig_ipv6_pool_netbits = 0
Tue Apr 18 10:35:58 2017 us=616902 n_bcast_buf = 256
Tue Apr 18 10:35:58 2017 us=616936 tcp_queue_limit = 64
Tue Apr 18 10:35:58 2017 us=616961 real_hash_size = 256
Tue Apr 18 10:35:58 2017 us=616984 virtual_hash_size = 256
Tue Apr 18 10:35:58 2017 us=617006 client_connect_script = '[UNDEF]'
Tue Apr 18 10:35:58 2017 us=617029 learn_address_script = '[UNDEF]'
Tue Apr 18 10:35:58 2017 us=617052 client_disconnect_script = '[UNDEF]'
Tue Apr 18 10:35:58 2017 us=617074 client_config_dir = '[UNDEF]'
Tue Apr 18 10:35:58 2017 us=617097 ccd_exclusive = DISABLED
Tue Apr 18 10:35:58 2017 us=617120 tmp_dir = '/tmp'
Tue Apr 18 10:35:58 2017 us=617142 push_ifconfig_defined = DISABLED
Tue Apr 18 10:35:58 2017 us=617167 push_ifconfig_local = 0.0.0.0
Tue Apr 18 10:35:58 2017 us=617193 push_ifconfig_remote_netmask = 0.0.0.0
Tue Apr 18 10:35:58 2017 us=617216 push_ifconfig_ipv6_defined = DISABLED
Tue Apr 18 10:35:58 2017 us=617241 push_ifconfig_ipv6_local = ::/0
Tue Apr 18 10:35:58 2017 us=617265 push_ifconfig_ipv6_remote = ::
Tue Apr 18 10:35:58 2017 us=617287 enable_c2c = DISABLED
Tue Apr 18 10:35:58 2017 us=617310 duplicate_cn = DISABLED
Tue Apr 18 10:35:58 2017 us=617333 cf_max = 0
Tue Apr 18 10:35:58 2017 us=617356 cf_per = 0
Tue Apr 18 10:35:58 2017 us=617379 max_clients = 10
Tue Apr 18 10:35:58 2017 us=617401 max_routes_per_client = 256
Tue Apr 18 10:35:58 2017 us=617424 auth_user_pass_verify_script = '[UNDEF]'
Tue Apr 18 10:35:58 2017 us=617447 auth_user_pass_verify_script_via_file = DISABLED
Tue Apr 18 10:35:58 2017 us=617470 auth_token_generate = DISABLED
Tue Apr 18 10:35:58 2017 us=617493 auth_token_lifetime = 0
Tue Apr 18 10:35:58 2017 us=617515 port_share_host = '[UNDEF]'
Tue Apr 18 10:35:58 2017 us=617538 port_share_port = '[UNDEF]'
Tue Apr 18 10:35:58 2017 us=617560 client = DISABLED
Tue Apr 18 10:35:58 2017 us=617582 pull = DISABLED
Tue Apr 18 10:35:58 2017 us=617605 auth_user_pass_file = '[UNDEF]'
Tue Apr 18 10:35:58 2017 us=617630 OpenVPN 2.4.1 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Mar 22 2017
Tue Apr 18 10:35:58 2017 us=617668 library versions: OpenSSL 1.0.1t 3 May 2016, LZO 2.08
Tue Apr 18 10:35:58 2017 us=618742 PKCS#11: pkcs11_initialize - entered
Tue Apr 18 10:35:58 2017 us=619320 PKCS#11: pkcs11_initialize - return 0-'CKR_OK'
Tue Apr 18 10:35:58 2017 us=620624 NOTE: starting with OpenVPN 2.1, '--script-security 2' or higher is required to call user-defined scripts or executables
Tue Apr 18 10:35:58 2017 us=718411 Diffie-Hellman initialized with 4096 bit key
Tue Apr 18 10:35:58 2017 us=743869 Extracting ECDH curve from private key
Tue Apr 18 10:35:58 2017 us=744011 Failed to extract curve from certificate (UNDEF), using secp384r1 instead.
Tue Apr 18 10:35:58 2017 us=744052 ECDH curve secp384r1 added
Tue Apr 18 10:35:58 2017 us=744243 PRNG init md=SHA1 size=36
Tue Apr 18 10:35:58 2017 us=747085 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Tue Apr 18 10:35:58 2017 us=747171 Outgoing Control Channel Authentication: HMAC KEY: f5e41a19 90c76efd 82f4c8e8 d0bb7e75 e2375061 ce56cbf8 97360563 bfd7a259 4682a112 72df5e89 64937688 58fe25b5 3e996f98 5c3485c2 3daecdbe 863806fc
Tue Apr 18 10:35:58 2017 us=747195 Outgoing Control Channel Authentication: HMAC size=64 block_size=64
Tue Apr 18 10:35:58 2017 us=747226 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Tue Apr 18 10:35:58 2017 us=747299 Incoming Control Channel Authentication: HMAC KEY: d96e5fb7 0f84930a 808e3144 58d3f4aa 313e3d9b b2f9e7b1 d945543c babba968 89783e03 04b3d23b b2747ac9 a241d199 9e410933 0bff6f5b 43176b87 7a578358
Tue Apr 18 10:35:58 2017 us=747322 Incoming Control Channel Authentication: HMAC size=64 block_size=64
Tue Apr 18 10:35:58 2017 us=747349 crypto_adjust_frame_parameters: Adjusting frame parameters for crypto by 72 bytes
Tue Apr 18 10:35:58 2017 us=747382 TLS-Auth MTU parms [ L:1621 D:1140 EF:110 EB:0 ET:0 EL:3 ]
Tue Apr 18 10:35:58 2017 us=747406 MTU DYNAMIC mtu=1450, flags=2, 1621 -> 1450
Tue Apr 18 10:35:58 2017 us=747941 ROUTE_GATEWAY 172.19.143.1/255.255.255.0 IFACE=eth0 HWADDR=00:e0:81:74:16:91
Tue Apr 18 10:35:58 2017 us=776925 TUN/TAP device tun0 opened
Tue Apr 18 10:35:58 2017 us=777049 TUN/TAP TX queue length set to 100
Tue Apr 18 10:35:58 2017 us=777101 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Tue Apr 18 10:35:58 2017 us=777153 /sbin/ip link set dev tun0 up mtu 1500
Tue Apr 18 10:35:58 2017 us=778123 PKCS#11: __pkcs11h_forkFixup entry pid=572, activate_slotevent=1
Tue Apr 18 10:35:58 2017 us=778309 PKCS#11: __pkcs11h_forkFixup return
Tue Apr 18 10:35:58 2017 us=780706 /sbin/ip addr add dev tun0 local 172.16.234.1 peer 172.16.234.2
Tue Apr 18 10:35:58 2017 us=785043 PKCS#11: __pkcs11h_forkFixup entry pid=575, activate_slotevent=1
Tue Apr 18 10:35:58 2017 us=785239 PKCS#11: __pkcs11h_forkFixup return
Tue Apr 18 10:35:58 2017 us=788495 /sbin/ip route add 172.16.234.0/24 via 172.16.234.2
Tue Apr 18 10:35:58 2017 us=790118 PKCS#11: __pkcs11h_forkFixup entry pid=579, activate_slotevent=1
Tue Apr 18 10:35:58 2017 us=790328 PKCS#11: __pkcs11h_forkFixup return
Tue Apr 18 10:35:58 2017 us=793668 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
Tue Apr 18 10:35:58 2017 us=794681 Could not determine IPv4/IPv6 protocol. Using AF_INET
Tue Apr 18 10:35:58 2017 us=794743 Socket Buffers: R=[212992->212992] S=[212992->212992]
Tue Apr 18 10:35:58 2017 us=794791 UDPv4 link local (bound): [AF_INET][undef]:34916
Tue Apr 18 10:35:58 2017 us=794816 UDPv4 link remote: [AF_UNSPEC]
Tue Apr 18 10:35:58 2017 us=794848 GID set to nogroup
Tue Apr 18 10:35:58 2017 us=794881 UID set to openvpn_server
Tue Apr 18 10:35:58 2017 us=794916 MULTI: multi_init called, r=256 v=256
Tue Apr 18 10:35:58 2017 us=795016 IFCONFIG POOL: base=172.16.234.4 size=62, ipv6=0
Tue Apr 18 10:35:58 2017 us=795069 IFCONFIG POOL LIST
Tue Apr 18 10:35:58 2017 us=795119 PO_INIT maxevents=4 flags=0x00000002
Tue Apr 18 10:35:58 2017 us=795180 Initialization Sequence Completed
Tue Apr 18 10:35:58 2017 us=795205 SCHEDULE: schedule_find_least NULL
Tue Apr 18 10:35:58 2017 us=795231 PO_CTL rwflags=0x0001 ev=6 arg=0x7fd99ceef170
Tue Apr 18 10:35:58 2017 us=795255 PO_CTL rwflags=0x0001 ev=5 arg=0x7fd99ceef088
Tue Apr 18 10:35:58 2017 us=795289 I/O WAIT TR|Tw|SR|Sw [10/0]
Tue Apr 18 10:36:08 2017 us=805383 event_wait returned 0
Tue Apr 18 10:36:08 2017 us=805499 I/O WAIT status=0x0020
Tue Apr 18 10:36:08 2017 us=805527 MULTI: REAP range 0 -> 16
Tue Apr 18 10:36:08 2017 us=805722 SCHEDULE: schedule_find_least NULL
Tue Apr 18 10:36:08 2017 us=805753 PO_CTL rwflags=0x0001 ev=6 arg=0x7fd99ceef170
Tue Apr 18 10:36:08 2017 us=805779 PO_CTL rwflags=0x0001 ev=5 arg=0x7fd99ceef088
Tue Apr 18 10:36:08 2017 us=805812 I/O WAIT TR|Tw|SR|Sw [10/0]
Tue Apr 18 10:36:18 2017 us=815897 event_wait returned 0
Tue Apr 18 10:36:18 2017 us=815991 I/O WAIT status=0x0020
Tue Apr 18 10:36:18 2017 us=816017 MULTI: REAP range 16 -> 32
Tue Apr 18 10:36:18 2017 us=816209 SCHEDULE: schedule_find_least NULL
Tue Apr 18 10:36:18 2017 us=816239 PO_CTL rwflags=0x0001 ev=6 arg=0x7fd99ceef170
Tue Apr 18 10:36:18 2017 us=816265 PO_CTL rwflags=0x0001 ev=5 arg=0x7fd99ceef088
Tue Apr 18 10:36:18 2017 us=816297 I/O WAIT TR|Tw|SR|Sw [10/0]
Tue Apr 18 10:36:28 2017 us=826385 event_wait returned 0
Tue Apr 18 10:36:28 2017 us=826503 I/O WAIT status=0x0020
Tue Apr 18 10:36:28 2017 us=826530 MULTI: REAP range 32 -> 48
Tue Apr 18 10:36:28 2017 us=826663 SCHEDULE: schedule_find_least NULL
Tue Apr 18 10:36:28 2017 us=826693 PO_CTL rwflags=0x0001 ev=6 arg=0x7fd99ceef170
Tue Apr 18 10:36:28 2017 us=826718 PO_CTL rwflags=0x0001 ev=5 arg=0x7fd99ceef088
Tue Apr 18 10:36:28 2017 us=826751 I/O WAIT TR|Tw|SR|Sw [10/0]
Tue Apr 18 10:36:38 2017 us=836840 event_wait returned 0
Tue Apr 18 10:36:38 2017 us=836941 I/O WAIT status=0x0020
Tue Apr 18 10:36:38 2017 us=836968 MULTI: REAP range 48 -> 64
Tue Apr 18 10:36:38 2017 us=837097 SCHEDULE: schedule_find_least NULL
Tue Apr 18 10:36:38 2017 us=837126 PO_CTL rwflags=0x0001 ev=6 arg=0x7fd99ceef170
Tue Apr 18 10:36:38 2017 us=837151 PO_CTL rwflags=0x0001 ev=5 arg=0x7fd99ceef088
Tue Apr 18 10:36:38 2017 us=837209 I/O WAIT TR|Tw|SR|Sw [10/0]
Tue Apr 18 10:36:48 2017 us=847301 event_wait returned 0
Tue Apr 18 10:36:48 2017 us=847401 I/O WAIT status=0x0020
Tue Apr 18 10:36:48 2017 us=847429 MULTI: REAP range 64 -> 80
Tue Apr 18 10:36:48 2017 us=847562 SCHEDULE: schedule_find_least NULL
Tue Apr 18 10:36:48 2017 us=847592 PO_CTL rwflags=0x0001 ev=6 arg=0x7fd99ceef170
Tue Apr 18 10:36:48 2017 us=847618 PO_CTL rwflags=0x0001 ev=5 arg=0x7fd99ceef088
Tue Apr 18 10:36:48 2017 us=847651 I/O WAIT TR|Tw|SR|Sw [10/0]
Tue Apr 18 10:36:58 2017 us=857740 event_wait returned 0
Tue Apr 18 10:36:58 2017 us=857849 I/O WAIT status=0x0020
Tue Apr 18 10:36:58 2017 us=857876 MULTI: REAP range 80 -> 96
Tue Apr 18 10:36:58 2017 us=858006 SCHEDULE: schedule_find_least NULL
Tue Apr 18 10:36:58 2017 us=858036 PO_CTL rwflags=0x0001 ev=6 arg=0x7fd99ceef170
Tue Apr 18 10:36:58 2017 us=858061 PO_CTL rwflags=0x0001 ev=5 arg=0x7fd99ceef088
Tue Apr 18 10:36:58 2017 us=858093 I/O WAIT TR|Tw|SR|Sw [10/0]
Tue Apr 18 10:37:08 2017 us=868173 event_wait returned 0
Tue Apr 18 10:37:08 2017 us=868265 I/O WAIT status=0x0020
Tue Apr 18 10:37:08 2017 us=868293 MULTI: REAP range 96 -> 112
Tue Apr 18 10:37:08 2017 us=868419 SCHEDULE: schedule_find_least NULL
Tue Apr 18 10:37:08 2017 us=868448 PO_CTL rwflags=0x0001 ev=6 arg=0x7fd99ceef170
Tue Apr 18 10:37:08 2017 us=868472 PO_CTL rwflags=0x0001 ev=5 arg=0x7fd99ceef088
Tue Apr 18 10:37:08 2017 us=868504 I/O WAIT TR|Tw|SR|Sw [10/0]
Tue Apr 18 10:37:18 2017 us=878598 event_wait returned 0
Tue Apr 18 10:37:18 2017 us=878683 I/O WAIT status=0x0020
Tue Apr 18 10:37:18 2017 us=878711 MULTI: REAP range 112 -> 128
Tue Apr 18 10:37:18 2017 us=878843 SCHEDULE: schedule_find_least NULL
Tue Apr 18 10:37:18 2017 us=878873 PO_CTL rwflags=0x0001 ev=6 arg=0x7fd99ceef170
Tue Apr 18 10:37:18 2017 us=878898 PO_CTL rwflags=0x0001 ev=5 arg=0x7fd99ceef088
Tue Apr 18 10:37:18 2017 us=878931 I/O WAIT TR|Tw|SR|Sw [10/0]
Tue Apr 18 10:37:28 2017 us=889018 event_wait returned 0
Tue Apr 18 10:37:28 2017 us=889132 I/O WAIT status=0x0020
Tue Apr 18 10:37:28 2017 us=889181 MULTI: REAP range 128 -> 144
Tue Apr 18 10:37:28 2017 us=890445 SCHEDULE: schedule_find_least NULL
Tue Apr 18 10:37:28 2017 us=890521 PO_CTL rwflags=0x0001 ev=6 arg=0x7fd99ceef170
Tue Apr 18 10:37:28 2017 us=890555 PO_CTL rwflags=0x0001 ev=5 arg=0x7fd99ceef088
Tue Apr 18 10:37:28 2017 us=890588 I/O WAIT TR|Tw|SR|Sw [10/0]
Tue Apr 18 10:37:38 2017 us=900678 event_wait returned 0
Tue Apr 18 10:37:38 2017 us=900786 I/O WAIT status=0x0020
Tue Apr 18 10:37:38 2017 us=900814 MULTI: REAP range 144 -> 160
Tue Apr 18 10:37:38 2017 us=900953 SCHEDULE: schedule_find_least NULL
Tue Apr 18 10:37:38 2017 us=900982 PO_CTL rwflags=0x0001 ev=6 arg=0x7fd99ceef170
Tue Apr 18 10:37:38 2017 us=901007 PO_CTL rwflags=0x0001 ev=5 arg=0x7fd99ceef088
Tue Apr 18 10:37:38 2017 us=901040 I/O WAIT TR|Tw|SR|Sw [10/0]
Tue Apr 18 10:37:48 2017 us=911132 event_wait returned 0
Tue Apr 18 10:37:48 2017 us=911238 I/O WAIT status=0x0020
Tue Apr 18 10:37:48 2017 us=911265 MULTI: REAP range 160 -> 176
Tue Apr 18 10:37:48 2017 us=911400 SCHEDULE: schedule_find_least NULL
Tue Apr 18 10:37:48 2017 us=911430 PO_CTL rwflags=0x0001 ev=6 arg=0x7fd99ceef170
Tue Apr 18 10:37:48 2017 us=911455 PO_CTL rwflags=0x0001 ev=5 arg=0x7fd99ceef088
Tue Apr 18 10:37:48 2017 us=911488 I/O WAIT TR|Tw|SR|Sw [10/0]
Tue Apr 18 10:37:58 2017 us=921577 event_wait returned 0
Tue Apr 18 10:37:58 2017 us=921688 I/O WAIT status=0x0020
Tue Apr 18 10:37:58 2017 us=921716 MULTI: REAP range 176 -> 192
Tue Apr 18 10:37:58 2017 us=921853 SCHEDULE: schedule_find_least NULL
Tue Apr 18 10:37:58 2017 us=921883 PO_CTL rwflags=0x0001 ev=6 arg=0x7fd99ceef170
Tue Apr 18 10:37:58 2017 us=921908 PO_CTL rwflags=0x0001 ev=5 arg=0x7fd99ceef088
Tue Apr 18 10:37:58 2017 us=921941 I/O WAIT TR|Tw|SR|Sw [10/0]
Tue Apr 18 10:38:08 2017 us=932028 event_wait returned 0
Tue Apr 18 10:38:08 2017 us=932162 I/O WAIT status=0x0020
Tue Apr 18 10:38:08 2017 us=932194 MULTI: REAP range 192 -> 208
Tue Apr 18 10:38:08 2017 us=932363 SCHEDULE: schedule_find_least NULL
Tue Apr 18 10:38:08 2017 us=932391 PO_CTL rwflags=0x0001 ev=6 arg=0x7fd99ceef170
Tue Apr 18 10:38:08 2017 us=932415 PO_CTL rwflags=0x0001 ev=5 arg=0x7fd99ceef088
Tue Apr 18 10:38:08 2017 us=932447 I/O WAIT TR|Tw|SR|Sw [10/0]
Tue Apr 18 10:38:18 2017 us=942534 event_wait returned 0
Tue Apr 18 10:38:18 2017 us=942622 I/O WAIT status=0x0020
Tue Apr 18 10:38:18 2017 us=942649 MULTI: REAP range 208 -> 224
Tue Apr 18 10:38:18 2017 us=942786 SCHEDULE: schedule_find_least NULL
Tue Apr 18 10:38:18 2017 us=942814 PO_CTL rwflags=0x0001 ev=6 arg=0x7fd99ceef170
Tue Apr 18 10:38:18 2017 us=942838 PO_CTL rwflags=0x0001 ev=5 arg=0x7fd99ceef088
Tue Apr 18 10:38:18 2017 us=942870 I/O WAIT TR|Tw|SR|Sw [10/0]
Tue Apr 18 10:38:28 2017 us=952963 event_wait returned 0
Tue Apr 18 10:38:28 2017 us=953060 I/O WAIT status=0x0020
Tue Apr 18 10:38:28 2017 us=953087 MULTI: REAP range 224 -> 240
Tue Apr 18 10:38:28 2017 us=953225 SCHEDULE: schedule_find_least NULL
Tue Apr 18 10:38:28 2017 us=953253 PO_CTL rwflags=0x0001 ev=6 arg=0x7fd99ceef170
Tue Apr 18 10:38:28 2017 us=953277 PO_CTL rwflags=0x0001 ev=5 arg=0x7fd99ceef088
Tue Apr 18 10:38:28 2017 us=953309 I/O WAIT TR|Tw|SR|Sw [10/0]
Tue Apr 18 10:38:38 2017 us=963399 event_wait returned 0
Tue Apr 18 10:38:38 2017 us=963506 I/O WAIT status=0x0020
Tue Apr 18 10:38:38 2017 us=963533 MULTI: REAP range 240 -> 256
Tue Apr 18 10:38:38 2017 us=963668 SCHEDULE: schedule_find_least NULL
Tue Apr 18 10:38:38 2017 us=963696 PO_CTL rwflags=0x0001 ev=6 arg=0x7fd99ceef170
Tue Apr 18 10:38:38 2017 us=963720 PO_CTL rwflags=0x0001 ev=5 arg=0x7fd99ceef088
Tue Apr 18 10:38:38 2017 us=963752 I/O WAIT TR|Tw|SR|Sw [10/0]
Tue Apr 18 10:38:48 2017 us=973841 event_wait returned 0
Tue Apr 18 10:38:48 2017 us=973958 I/O WAIT status=0x0020
Tue Apr 18 10:38:48 2017 us=974044 MULTI: REAP range 0 -> 16
Tue Apr 18 10:38:48 2017 us=974185 SCHEDULE: schedule_find_least NULL
Tue Apr 18 10:38:48 2017 us=974216 PO_CTL rwflags=0x0001 ev=6 arg=0x7fd99ceef170
Tue Apr 18 10:38:48 2017 us=974241 PO_CTL rwflags=0x0001 ev=5 arg=0x7fd99ceef088
Tue Apr 18 10:38:48 2017 us=974275 I/O WAIT TR|Tw|SR|Sw [10/0]
Tue Apr 18 10:38:58 2017 us=984367 event_wait returned 0
Tue Apr 18 10:38:58 2017 us=984457 I/O WAIT status=0x0020
Tue Apr 18 10:38:58 2017 us=984485 MULTI: REAP range 16 -> 32
Tue Apr 18 10:38:58 2017 us=984621 SCHEDULE: schedule_find_least NULL
Tue Apr 18 10:38:58 2017 us=984652 PO_CTL rwflags=0x0001 ev=6 arg=0x7fd99ceef170
Tue Apr 18 10:38:58 2017 us=984679 PO_CTL rwflags=0x0001 ev=5 arg=0x7fd99ceef088
Tue Apr 18 10:38:58 2017 us=984712 I/O WAIT TR|Tw|SR|Sw [10/0]
Tue Apr 18 10:39:08 2017 us=994803 event_wait returned 0
Tue Apr 18 10:39:08 2017 us=994908 I/O WAIT status=0x0020
Tue Apr 18 10:39:08 2017 us=994938 MULTI: REAP range 32 -> 48
Tue Apr 18 10:39:08 2017 us=995073 SCHEDULE: schedule_find_least NULL
Tue Apr 18 10:39:08 2017 us=995105 PO_CTL rwflags=0x0001 ev=6 arg=0x7fd99ceef170
Tue Apr 18 10:39:08 2017 us=995130 PO_CTL rwflags=0x0001 ev=5 arg=0x7fd99ceef088
Tue Apr 18 10:39:08 2017 us=995163 I/O WAIT TR|Tw|SR|Sw [10/0]
Tue Apr 18 10:39:19 2017 us=5252 event_wait returned 0
Tue Apr 18 10:39:19 2017 us=5346 I/O WAIT status=0x0020
Tue Apr 18 10:39:19 2017 us=5374 MULTI: REAP range 48 -> 64
Tue Apr 18 10:39:19 2017 us=5510 SCHEDULE: schedule_find_least NULL
Tue Apr 18 10:39:19 2017 us=5542 PO_CTL rwflags=0x0001 ev=6 arg=0x7fd99ceef170
Tue Apr 18 10:39:19 2017 us=5567 PO_CTL rwflags=0x0001 ev=5 arg=0x7fd99ceef088
Tue Apr 18 10:39:19 2017 us=5601 I/O WAIT TR|Tw|SR|Sw [10/0]
Tue Apr 18 10:39:29 2017 us=15684 event_wait returned 0
Tue Apr 18 10:39:29 2017 us=15790 I/O WAIT status=0x0020
Tue Apr 18 10:39:29 2017 us=15819 MULTI: REAP range 64 -> 80
Tue Apr 18 10:39:29 2017 us=15951 SCHEDULE: schedule_find_least NULL
Tue Apr 18 10:39:29 2017 us=15980 PO_CTL rwflags=0x0001 ev=6 arg=0x7fd99ceef170
Tue Apr 18 10:39:29 2017 us=16006 PO_CTL rwflags=0x0001 ev=5 arg=0x7fd99ceef088
Tue Apr 18 10:39:29 2017 us=16040 I/O WAIT TR|Tw|SR|Sw [10/0]
Tue Apr 18 10:39:39 2017 us=26128 event_wait returned 0
Tue Apr 18 10:39:39 2017 us=26253 I/O WAIT status=0x0020
Tue Apr 18 10:39:39 2017 us=26281 MULTI: REAP range 80 -> 96
Tue Apr 18 10:39:39 2017 us=26407 SCHEDULE: schedule_find_least NULL
Tue Apr 18 10:39:39 2017 us=26435 PO_CTL rwflags=0x0001 ev=6 arg=0x7fd99ceef170
Tue Apr 18 10:39:39 2017 us=26458 PO_CTL rwflags=0x0001 ev=5 arg=0x7fd99ceef088
Tue Apr 18 10:39:39 2017 us=26489 I/O WAIT TR|Tw|SR|Sw [10/0]
Tue Apr 18 10:39:49 2017 us=36581 event_wait returned 0
Tue Apr 18 10:39:49 2017 us=36671 I/O WAIT status=0x0020
Tue Apr 18 10:39:49 2017 us=36700 MULTI: REAP range 96 -> 112
Tue Apr 18 10:39:49 2017 us=36833 SCHEDULE: schedule_find_least NULL
Tue Apr 18 10:39:49 2017 us=36863 PO_CTL rwflags=0x0001 ev=6 arg=0x7fd99ceef170
Tue Apr 18 10:39:49 2017 us=36888 PO_CTL rwflags=0x0001 ev=5 arg=0x7fd99ceef088
Tue Apr 18 10:39:49 2017 us=36921 I/O WAIT TR|Tw|SR|Sw [10/0]
Tue Apr 18 10:39:59 2017 us=46995 event_wait returned 0
Tue Apr 18 10:39:59 2017 us=47078 I/O WAIT status=0x0020
Tue Apr 18 10:39:59 2017 us=47106 MULTI: REAP range 112 -> 128
Tue Apr 18 10:39:59 2017 us=47226 SCHEDULE: schedule_find_least NULL
Tue Apr 18 10:39:59 2017 us=47254 PO_CTL rwflags=0x0001 ev=6 arg=0x7fd99ceef170
Tue Apr 18 10:39:59 2017 us=47280 PO_CTL rwflags=0x0001 ev=5 arg=0x7fd99ceef088
Tue Apr 18 10:39:59 2017 us=47312 I/O WAIT TR|Tw|SR|Sw [10/0]
Tue Apr 18 10:40:09 2017 us=57411 event_wait returned 0
Tue Apr 18 10:40:09 2017 us=57509 I/O WAIT status=0x0020
Tue Apr 18 10:40:09 2017 us=57537 MULTI: REAP range 128 -> 144
Tue Apr 18 10:40:09 2017 us=57665 SCHEDULE: schedule_find_least NULL
Tue Apr 18 10:40:09 2017 us=57694 PO_CTL rwflags=0x0001 ev=6 arg=0x7fd99ceef170
Tue Apr 18 10:40:09 2017 us=57720 PO_CTL rwflags=0x0001 ev=5 arg=0x7fd99ceef088
Tue Apr 18 10:40:09 2017 us=57752 I/O WAIT TR|Tw|SR|Sw [10/0]
Tue Apr 18 10:40:19 2017 us=67846 event_wait returned 0
Tue Apr 18 10:40:19 2017 us=67943 I/O WAIT status=0x0020
Tue Apr 18 10:40:19 2017 us=67971 MULTI: REAP range 144 -> 160
Tue Apr 18 10:40:19 2017 us=68110 SCHEDULE: schedule_find_least NULL
Tue Apr 18 10:40:19 2017 us=68174 PO_CTL rwflags=0x0001 ev=6 arg=0x7fd99ceef170
Tue Apr 18 10:40:19 2017 us=68222 PO_CTL rwflags=0x0001 ev=5 arg=0x7fd99ceef088
Tue Apr 18 10:40:19 2017 us=68257 I/O WAIT TR|Tw|SR|Sw [10/0]
Tue Apr 18 10:40:29 2017 us=78348 event_wait returned 0
Tue Apr 18 10:40:29 2017 us=78450 I/O WAIT status=0x0020
Tue Apr 18 10:40:29 2017 us=78478 MULTI: REAP range 160 -> 176
Tue Apr 18 10:40:29 2017 us=78614 SCHEDULE: schedule_find_least NULL
Tue Apr 18 10:40:29 2017 us=78644 PO_CTL rwflags=0x0001 ev=6 arg=0x7fd99ceef170
Tue Apr 18 10:40:29 2017 us=78670 PO_CTL rwflags=0x0001 ev=5 arg=0x7fd99ceef088
Tue Apr 18 10:40:29 2017 us=78702 I/O WAIT TR|Tw|SR|Sw [10/0]
Tue Apr 18 10:40:39 2017 us=88790 event_wait returned 0
Tue Apr 18 10:40:39 2017 us=88895 I/O WAIT status=0x0020
Tue Apr 18 10:40:39 2017 us=88922 MULTI: REAP range 176 -> 192
Tue Apr 18 10:40:39 2017 us=89058 SCHEDULE: schedule_find_least NULL
Tue Apr 18 10:40:39 2017 us=89087 PO_CTL rwflags=0x0001 ev=6 arg=0x7fd99ceef170
Tue Apr 18 10:40:39 2017 us=89113 PO_CTL rwflags=0x0001 ev=5 arg=0x7fd99ceef088
Tue Apr 18 10:40:39 2017 us=89145 I/O WAIT TR|Tw|SR|Sw [10/0]
Tue Apr 18 10:40:49 2017 us=99239 event_wait returned 0
Tue Apr 18 10:40:49 2017 us=99354 I/O WAIT status=0x0020
Tue Apr 18 10:40:49 2017 us=99384 MULTI: REAP range 192 -> 208
Tue Apr 18 10:40:49 2017 us=99520 SCHEDULE: schedule_find_least NULL
Tue Apr 18 10:40:49 2017 us=99549 PO_CTL rwflags=0x0001 ev=6 arg=0x7fd99ceef170
Tue Apr 18 10:40:49 2017 us=99575 PO_CTL rwflags=0x0001 ev=5 arg=0x7fd99ceef088
Tue Apr 18 10:40:49 2017 us=99608 I/O WAIT TR|Tw|SR|Sw [10/0]
Tue Apr 18 10:40:59 2017 us=109703 event_wait returned 0
Tue Apr 18 10:40:59 2017 us=109805 I/O WAIT status=0x0020
Tue Apr 18 10:40:59 2017 us=109833 MULTI: REAP range 208 -> 224
Tue Apr 18 10:40:59 2017 us=109967 SCHEDULE: schedule_find_least NULL
Tue Apr 18 10:40:59 2017 us=109997 PO_CTL rwflags=0x0001 ev=6 arg=0x7fd99ceef170
Tue Apr 18 10:40:59 2017 us=110022 PO_CTL rwflags=0x0001 ev=5 arg=0x7fd99ceef088
Tue Apr 18 10:40:59 2017 us=110090 I/O WAIT TR|Tw|SR|Sw [10/0]
Tue Apr 18 10:41:09 2017 us=120205 event_wait returned 0
Tue Apr 18 10:41:09 2017 us=120303 I/O WAIT status=0x0020
Tue Apr 18 10:41:09 2017 us=120331 MULTI: REAP range 224 -> 240
Tue Apr 18 10:41:09 2017 us=120465 SCHEDULE: schedule_find_least NULL
Tue Apr 18 10:41:09 2017 us=120495 PO_CTL rwflags=0x0001 ev=6 arg=0x7fd99ceef170
Tue Apr 18 10:41:09 2017 us=120520 PO_CTL rwflags=0x0001 ev=5 arg=0x7fd99ceef088
Tue Apr 18 10:41:09 2017 us=120553 I/O WAIT TR|Tw|SR|Sw [10/0]
Tue Apr 18 10:41:19 2017 us=130647 event_wait returned 0
Tue Apr 18 10:41:19 2017 us=130755 I/O WAIT status=0x0020
Tue Apr 18 10:41:19 2017 us=130783 MULTI: REAP range 240 -> 256
Tue Apr 18 10:41:19 2017 us=130913 SCHEDULE: schedule_find_least NULL
Tue Apr 18 10:41:19 2017 us=130943 PO_CTL rwflags=0x0001 ev=6 arg=0x7fd99ceef170
Tue Apr 18 10:41:19 2017 us=130968 PO_CTL rwflags=0x0001 ev=5 arg=0x7fd99ceef088
Tue Apr 18 10:41:19 2017 us=131001 I/O WAIT TR|Tw|SR|Sw [10/0]
Tue Apr 18 10:41:29 2017 us=141119 event_wait returned 0
Tue Apr 18 10:41:29 2017 us=141216 I/O WAIT status=0x0020
Tue Apr 18 10:41:29 2017 us=141244 MULTI: REAP range 0 -> 16
Tue Apr 18 10:41:29 2017 us=141380 SCHEDULE: schedule_find_least NULL
Tue Apr 18 10:41:29 2017 us=141410 PO_CTL rwflags=0x0001 ev=6 arg=0x7fd99ceef170
Tue Apr 18 10:41:29 2017 us=141435 PO_CTL rwflags=0x0001 ev=5 arg=0x7fd99ceef088
Tue Apr 18 10:41:29 2017 us=141469 I/O WAIT TR|Tw|SR|Sw [10/0]
Tue Apr 18 10:41:39 2017 us=151561 event_wait returned 0
Tue Apr 18 10:41:39 2017 us=151671 I/O WAIT status=0x0020
Tue Apr 18 10:41:39 2017 us=151699 MULTI: REAP range 16 -> 32
Tue Apr 18 10:41:39 2017 us=151834 SCHEDULE: schedule_find_least NULL
Tue Apr 18 10:41:39 2017 us=151864 PO_CTL rwflags=0x0001 ev=6 arg=0x7fd99ceef170
Tue Apr 18 10:41:39 2017 us=151890 PO_CTL rwflags=0x0001 ev=5 arg=0x7fd99ceef088
Tue Apr 18 10:41:39 2017 us=151923 I/O WAIT TR|Tw|SR|Sw [10/0]
Tue Apr 18 10:41:49 2017 us=162017 event_wait returned 0
Tue Apr 18 10:41:49 2017 us=162114 I/O WAIT status=0x0020
Tue Apr 18 10:41:49 2017 us=162143 MULTI: REAP range 32 -> 48
Tue Apr 18 10:41:49 2017 us=162278 SCHEDULE: schedule_find_least NULL
Tue Apr 18 10:41:49 2017 us=162309 PO_CTL rwflags=0x0001 ev=6 arg=0x7fd99ceef170
Tue Apr 18 10:41:49 2017 us=162335 PO_CTL rwflags=0x0001 ev=5 arg=0x7fd99ceef088
Tue Apr 18 10:41:49 2017 us=162368 I/O WAIT TR|Tw|SR|Sw [10/0]
Tue Apr 18 10:41:59 2017 us=172469 event_wait returned 0
Tue Apr 18 10:41:59 2017 us=172562 I/O WAIT status=0x0020
Tue Apr 18 10:41:59 2017 us=172591 MULTI: REAP range 48 -> 64
Tue Apr 18 10:41:59 2017 us=172724 SCHEDULE: schedule_find_least NULL
Tue Apr 18 10:41:59 2017 us=172754 PO_CTL rwflags=0x0001 ev=6 arg=0x7fd99ceef170
Tue Apr 18 10:41:59 2017 us=172779 PO_CTL rwflags=0x0001 ev=5 arg=0x7fd99ceef088
Tue Apr 18 10:41:59 2017 us=172812 I/O WAIT TR|Tw|SR|Sw [10/0]
Tue Apr 18 10:42:09 2017 us=182902 event_wait returned 0
Tue Apr 18 10:42:09 2017 us=182995 I/O WAIT status=0x0020
Tue Apr 18 10:42:09 2017 us=183023 MULTI: REAP range 64 -> 80
Tue Apr 18 10:42:09 2017 us=183158 SCHEDULE: schedule_find_least NULL
Tue Apr 18 10:42:09 2017 us=183187 PO_CTL rwflags=0x0001 ev=6 arg=0x7fd99ceef170
Tue Apr 18 10:42:09 2017 us=183213 PO_CTL rwflags=0x0001 ev=5 arg=0x7fd99ceef088
Tue Apr 18 10:42:09 2017 us=183246 I/O WAIT TR|Tw|SR|Sw [10/0]
Tue Apr 18 10:42:19 2017 us=193344 event_wait returned 0
Tue Apr 18 10:42:19 2017 us=193454 I/O WAIT status=0x0020
Tue Apr 18 10:42:19 2017 us=193483 MULTI: REAP range 80 -> 96
Tue Apr 18 10:42:19 2017 us=193615 SCHEDULE: schedule_find_least NULL
Tue Apr 18 10:42:19 2017 us=193645 PO_CTL rwflags=0x0001 ev=6 arg=0x7fd99ceef170
Tue Apr 18 10:42:19 2017 us=193670 PO_CTL rwflags=0x0001 ev=5 arg=0x7fd99ceef088
Tue Apr 18 10:42:19 2017 us=193704 I/O WAIT TR|Tw|SR|Sw [10/0]
Tue Apr 18 10:42:29 2017 us=203810 event_wait returned 0
Tue Apr 18 10:42:29 2017 us=203901 I/O WAIT status=0x0020
Tue Apr 18 10:42:29 2017 us=203928 MULTI: REAP range 96 -> 112
Tue Apr 18 10:42:29 2017 us=204051 SCHEDULE: schedule_find_least NULL
Tue Apr 18 10:42:29 2017 us=204111 PO_CTL rwflags=0x0001 ev=6 arg=0x7fd99ceef170
Tue Apr 18 10:42:29 2017 us=204170 PO_CTL rwflags=0x0001 ev=5 arg=0x7fd99ceef088
Tue Apr 18 10:42:29 2017 us=204201 I/O WAIT TR|Tw|SR|Sw [10/0]
Tue Apr 18 10:42:39 2017 us=214284 event_wait returned 0
Tue Apr 18 10:42:39 2017 us=214358 I/O WAIT status=0x0020
Tue Apr 18 10:42:39 2017 us=214383 MULTI: REAP range 112 -> 128
Tue Apr 18 10:42:39 2017 us=214502 SCHEDULE: schedule_find_least NULL
Tue Apr 18 10:42:39 2017 us=214529 PO_CTL rwflags=0x0001 ev=6 arg=0x7fd99ceef170
Tue Apr 18 10:42:39 2017 us=214552 PO_CTL rwflags=0x0001 ev=5 arg=0x7fd99ceef088
Tue Apr 18 10:42:39 2017 us=214582 I/O WAIT TR|Tw|SR|Sw [10/0]
Tue Apr 18 10:42:49 2017 us=224699 event_wait returned 0
Tue Apr 18 10:42:49 2017 us=224788 I/O WAIT status=0x0020
Tue Apr 18 10:42:49 2017 us=224813 MULTI: REAP range 128 -> 144
Tue Apr 18 10:42:49 2017 us=224939 SCHEDULE: schedule_find_least NULL
Tue Apr 18 10:42:49 2017 us=224965 PO_CTL rwflags=0x0001 ev=6 arg=0x7fd99ceef170
Tue Apr 18 10:42:49 2017 us=224989 PO_CTL rwflags=0x0001 ev=5 arg=0x7fd99ceef088
Tue Apr 18 10:42:49 2017 us=225019 I/O WAIT TR|Tw|SR|Sw [10/0]
Tue Apr 18 10:42:59 2017 us=235107 event_wait returned 0
Tue Apr 18 10:42:59 2017 us=235215 I/O WAIT status=0x0020
Tue Apr 18 10:42:59 2017 us=235243 MULTI: REAP range 144 -> 160
Tue Apr 18 10:42:59 2017 us=235375 SCHEDULE: schedule_find_least NULL
Tue Apr 18 10:42:59 2017 us=235404 PO_CTL rwflags=0x0001 ev=6 arg=0x7fd99ceef170
Tue Apr 18 10:42:59 2017 us=235429 PO_CTL rwflags=0x0001 ev=5 arg=0x7fd99ceef088
Tue Apr 18 10:42:59 2017 us=235462 I/O WAIT TR|Tw|SR|Sw [10/0]
Tue Apr 18 10:43:09 2017 us=245569 event_wait returned 0
Tue Apr 18 10:43:09 2017 us=245671 I/O WAIT status=0x0020
Tue Apr 18 10:43:09 2017 us=245698 MULTI: REAP range 160 -> 176
Tue Apr 18 10:43:09 2017 us=245837 SCHEDULE: schedule_find_least NULL
Tue Apr 18 10:43:09 2017 us=245867 PO_CTL rwflags=0x0001 ev=6 arg=0x7fd99ceef170
Tue Apr 18 10:43:09 2017 us=245893 PO_CTL rwflags=0x0001 ev=5 arg=0x7fd99ceef088
Tue Apr 18 10:43:09 2017 us=245926 I/O WAIT TR|Tw|SR|Sw [10/0]
Tue Apr 18 10:43:19 2017 us=256008 event_wait returned 0
Tue Apr 18 10:43:19 2017 us=256113 I/O WAIT status=0x0020
Tue Apr 18 10:43:19 2017 us=256163 MULTI: REAP range 176 -> 192
Tue Apr 18 10:43:19 2017 us=256293 SCHEDULE: schedule_find_least NULL
Tue Apr 18 10:43:19 2017 us=256322 PO_CTL rwflags=0x0001 ev=6 arg=0x7fd99ceef170
Tue Apr 18 10:43:19 2017 us=256348 PO_CTL rwflags=0x0001 ev=5 arg=0x7fd99ceef088
Tue Apr 18 10:43:19 2017 us=256381 I/O WAIT TR|Tw|SR|Sw [10/0]
Tue Apr 18 10:43:29 2017 us=266473 event_wait returned 0
Tue Apr 18 10:43:29 2017 us=266575 I/O WAIT status=0x0020
Tue Apr 18 10:43:29 2017 us=266602 MULTI: REAP range 192 -> 208
Tue Apr 18 10:43:29 2017 us=266738 SCHEDULE: schedule_find_least NULL
Tue Apr 18 10:43:29 2017 us=266767 PO_CTL rwflags=0x0001 ev=6 arg=0x7fd99ceef170
Tue Apr 18 10:43:29 2017 us=266793 PO_CTL rwflags=0x0001 ev=5 arg=0x7fd99ceef088
Tue Apr 18 10:43:29 2017 us=266826 I/O WAIT TR|Tw|SR|Sw [10/0]
Tue Apr 18 10:43:39 2017 us=273279 event_wait returned 0
Tue Apr 18 10:43:39 2017 us=273390 I/O WAIT status=0x0020
Tue Apr 18 10:43:39 2017 us=273419 MULTI: REAP range 208 -> 224
Tue Apr 18 10:43:39 2017 us=273553 SCHEDULE: schedule_find_least NULL
Tue Apr 18 10:43:39 2017 us=273583 PO_CTL rwflags=0x0001 ev=6 arg=0x7fd99ceef170
Tue Apr 18 10:43:39 2017 us=273608 PO_CTL rwflags=0x0001 ev=5 arg=0x7fd99ceef088
Tue Apr 18 10:43:39 2017 us=273641 I/O WAIT TR|Tw|SR|Sw [10/0]
Tue Apr 18 10:43:49 2017 us=283743 event_wait returned 0
Tue Apr 18 10:43:49 2017 us=283838 I/O WAIT status=0x0020
Tue Apr 18 10:43:49 2017 us=283867 MULTI: REAP range 224 -> 240
Tue Apr 18 10:43:49 2017 us=284001 SCHEDULE: schedule_find_least NULL
Tue Apr 18 10:43:49 2017 us=284031 PO_CTL rwflags=0x0001 ev=6 arg=0x7fd99ceef170
Tue Apr 18 10:43:49 2017 us=284057 PO_CTL rwflags=0x0001 ev=5 arg=0x7fd99ceef088
Tue Apr 18 10:43:49 2017 us=284091 I/O WAIT TR|Tw|SR|Sw [10/0]
Tue Apr 18 10:43:59 2017 us=294180 event_wait returned 0
Tue Apr 18 10:43:59 2017 us=294313 I/O WAIT status=0x0020
Tue Apr 18 10:43:59 2017 us=294341 MULTI: REAP range 240 -> 256
Tue Apr 18 10:43:59 2017 us=294474 SCHEDULE: schedule_find_least NULL
Tue Apr 18 10:43:59 2017 us=294501 PO_CTL rwflags=0x0001 ev=6 arg=0x7fd99ceef170
Tue Apr 18 10:43:59 2017 us=294525 PO_CTL rwflags=0x0001 ev=5 arg=0x7fd99ceef088
Tue Apr 18 10:43:59 2017 us=294557 I/O WAIT TR|Tw|SR|Sw [10/0]
Tue Apr 18 10:44:09 2017 us=304693 event_wait returned 0
Tue Apr 18 10:44:09 2017 us=304797 I/O WAIT status=0x0020
Tue Apr 18 10:44:09 2017 us=304824 MULTI: REAP range 0 -> 16
Tue Apr 18 10:44:09 2017 us=304964 SCHEDULE: schedule_find_least NULL
Tue Apr 18 10:44:09 2017 us=304992 PO_CTL rwflags=0x0001 ev=6 arg=0x7fd99ceef170
Tue Apr 18 10:44:09 2017 us=305017 PO_CTL rwflags=0x0001 ev=5 arg=0x7fd99ceef088
Tue Apr 18 10:44:09 2017 us=305049 I/O WAIT TR|Tw|SR|Sw [10/0]
Tue Apr 18 10:44:19 2017 us=315132 event_wait returned 0
Tue Apr 18 10:44:19 2017 us=315228 I/O WAIT status=0x0020
Tue Apr 18 10:44:19 2017 us=315255 MULTI: REAP range 16 -> 32
Tue Apr 18 10:44:19 2017 us=315388 SCHEDULE: schedule_find_least NULL
Tue Apr 18 10:44:19 2017 us=315416 PO_CTL rwflags=0x0001 ev=6 arg=0x7fd99ceef170
Tue Apr 18 10:44:19 2017 us=315441 PO_CTL rwflags=0x0001 ev=5 arg=0x7fd99ceef088
Tue Apr 18 10:44:19 2017 us=315472 I/O WAIT TR|Tw|SR|Sw [10/0]
Tue Apr 18 10:44:29 2017 us=325577 event_wait returned 0
Tue Apr 18 10:44:29 2017 us=325684 I/O WAIT status=0x0020
Tue Apr 18 10:44:29 2017 us=325711 MULTI: REAP range 32 -> 48
Tue Apr 18 10:44:29 2017 us=325840 SCHEDULE: schedule_find_least NULL
Tue Apr 18 10:44:29 2017 us=325869 PO_CTL rwflags=0x0001 ev=6 arg=0x7fd99ceef170
Tue Apr 18 10:44:29 2017 us=325895 PO_CTL rwflags=0x0001 ev=5 arg=0x7fd99ceef088
Tue Apr 18 10:44:29 2017 us=325928 I/O WAIT TR|Tw|SR|Sw [10/0]

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: VPN Connection Issues - NAT

Post by TinCanTech » Tue Apr 18, 2017 9:04 pm


VoidedNonce
OpenVpn Newbie
Posts: 9
Joined: Tue Apr 18, 2017 7:50 pm

Re: VPN Connection Issues - NAT

Post by VoidedNonce » Wed Apr 19, 2017 8:12 pm

TinCanTech can you tell me what I am missing here please? uname -a ? I am on the current version of OpenVPN "OpenVPN 2.4.1" and I am running it on Debian Jessie 64 bit most up to date kernel 3.16

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: VPN Connection Issues - NAT

Post by TinCanTech » Wed Apr 19, 2017 9:10 pm

Your logs at --verb 4 ..

Sorry, we don't support your router.

From what you have posted, I would imagine, you have not setup port-forwarded correctly.

VoidedNonce
OpenVpn Newbie
Posts: 9
Joined: Tue Apr 18, 2017 7:50 pm

Re: VPN Connection Issues - NAT

Post by VoidedNonce » Wed Apr 19, 2017 10:09 pm

Ok I'll do some more troubleshooting, do you see any errors in the openvpn logs that are problematic? The line that mentions the inability to determine what curve it is? It should be brainpoolP512r1. I created the certificates with explicit parameters to aid in the identification... so not sure what the deal is.

Tue Apr 18 10:35:58 2017 us=743869 Extracting ECDH curve from private key
Tue Apr 18 10:35:58 2017 us=744011 Failed to extract curve from certificate (UNDEF), using secp384r1 instead.
Tue Apr 18 10:35:58 2017 us=744052 ECDH curve secp384r1 added

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: VPN Connection Issues - NAT

Post by TinCanTech » Wed Apr 19, 2017 10:36 pm

My mouse wheel finger locked up while scrolling through your posted log,
I did not see the error you mention.

Openvpn uses EasyRSA generated PKI, see here:
http://openvpn.net/index.php/open-sourc ... o.html#pki

VoidedNonce
OpenVpn Newbie
Posts: 9
Joined: Tue Apr 18, 2017 7:50 pm

Re: VPN Connection Issues - NAT

Post by VoidedNonce » Thu Apr 20, 2017 9:21 pm

I'm sorry, at first you told me I did not have enough information, now you are telling me I had too much. I did not use the easyrsa method, I created my own certificates and manually did the entire process because I have a strong distrust for standardized and NIST approved encryption and hashing algorithms.

The real problem I am having is understanding how to configure my OpenVPN to accommodate my server's IP address and how to handle the clients. Meaning the interaction between the subnet that eth0 operates on and tun0.

eth0 is statically being assigned by MAC IP address 172.19.143.13 on a /24 subnet with opendns resolvers and default gateway 172.19.143.1
my server.conf as you can see in my other postings is 172.16.234.0 255.255.255.0 which means tun0 gets 172.16.234.1 and p-t-p is 172.16.234.2.

Am I supposed to be putting the VPN subnet on the same subnet as the physical NIC e.g. eth0? Am I supposed to configure what tun0 should be? Do I have to use iptables to make it work between the physical and virtual adapter?

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: VPN Connection Issues - NAT

Post by TinCanTech » Sat Apr 22, 2017 1:05 am


TiTex
OpenVPN Super User
Posts: 310
Joined: Tue Apr 12, 2011 6:22 am

Re: VPN Connection Issues - NAT

Post by TiTex » Sat Apr 22, 2017 5:43 am

VoidedNonce , you should start by using certificates generated with easyrsa at least for testing even if you don't trust them fully
at least then you'll have a starting point as of what the issue might be.

i'm not sure what you're end goal is with the VPN , if you're trying to connect two locations together then use topology ptp , if you want server-client then i'll suggest using topology subnet instead topology net30 (default) see here https://community.openvpn.net/openvpn/w ... n24ManPage , option --topology

your TUN interface will have a separate IP address assigned by the vpn server config, the first one in the "server 172.16.234.0/24 pool" is assigned to the server, 172.16.234.1 in this case, your VPN box will act as a router for your VPN clients which means that your vpn server will need to be enabled to do ip forwarding

i know nothing about Juniper, but i've looked at your config and some things don't make sense to me, so you might need to check with them (Juniper) if your config is ok for what you are trying to do.

VoidedNonce
OpenVpn Newbie
Posts: 9
Joined: Tue Apr 18, 2017 7:50 pm

Re: VPN Connection Issues - NAT

Post by VoidedNonce » Mon Apr 24, 2017 3:32 pm

TinCanTech wrote:Please see:
HOWTO: Request Help !
You really are not being helpful by doing this. I apologize that I am confused and I am trying to learn but what you are doing is rude and not very supportive as an admin.

VoidedNonce
OpenVpn Newbie
Posts: 9
Joined: Tue Apr 18, 2017 7:50 pm

Re: VPN Connection Issues - NAT

Post by VoidedNonce » Mon Apr 24, 2017 3:34 pm

Thank you TiTex that is a good point I will try doing this without so much customization and make changes as I go to see what is possible and what is not. For the router I did contact Juniper and got a response, I was able to fix this prior to their response and am actually going to opt for a dual NIC configuration. I had forgotten that I had two NICs on this server. What I am doing is server-client. I will review the link you have sent below.

I greatly appreciate your direction and helpful comments below.

TiTex wrote:VoidedNonce , you should start by using certificates generated with easyrsa at least for testing even if you don't trust them fully
at least then you'll have a starting point as of what the issue might be.

i'm not sure what you're end goal is with the VPN , if you're trying to connect two locations together then use topology ptp , if you want server-client then i'll suggest using topology subnet instead topology net30 (default) see here https://community.openvpn.net/openvpn/w ... n24ManPage , option --topology

your TUN interface will have a separate IP address assigned by the vpn server config, the first one in the "server 172.16.234.0/24 pool" is assigned to the server, 172.16.234.1 in this case, your VPN box will act as a router for your VPN clients which means that your vpn server will need to be enabled to do ip forwarding

i know nothing about Juniper, but i've looked at your config and some things don't make sense to me, so you might need to check with them (Juniper) if your config is ok for what you are trying to do.

Post Reply