Okay, I'll try to make it complete:
* Server *
Code: Select all
uname -a
Linux euve 4.4.0-042stab120.20 #1 SMP Fri Mar 10 16:52:50 MSK 2017 x86_64 x86_64 x86_64 GNU/Linux
Network Setup:
Code: Select all
ifconfig
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:320369 errors:0 dropped:0 overruns:0 frame:0
TX packets:320369 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:21065970 (21.0 MB) TX bytes:21065970 (21.0 MB)
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.8.0.1 P-t-P:10.8.0.1 Mask:255.255.255.0
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:12 errors:0 dropped:0 overruns:0 frame:0
TX packets:12 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:1008 (1.0 KB) TX bytes:1008 (1.0 KB)
venet0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:127.0.0.1 P-t-P:127.0.0.1 Bcast:0.0.0.0 Mask:255.255.255.255
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
RX packets:649244 errors:0 dropped:0 overruns:0 frame:0
TX packets:519074 errors:0 dropped:158 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:543933641 (543.9 MB) TX bytes:55667509 (55.6 MB)
venet0:0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:<SERVER_PUBLIC_IP> P-t-P:<SERVER_PUBLIC_IP> Bcast:<SERVER_PUBLIC_IP> Mask:255.255.255.0
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
View Original server.conf
port 1194
proto udp
dev tun
ca /etc/openvpn/easy-rsa2/keys/ca.crt
cert /etc/openvpn/easy-rsa2/keys/server.crt
key /etc/openvpn/easy-rsa2/keys/server.key
dh /etc/openvpn/easy-rsa2/keys/dh2048.pem
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
client-config-dir /etc/openvpn/ccd
route 192.168.0.0 255.255.255.0
client-to-client
push "route 192.168.0.0 255.255.255.0"
keepalive 10 120
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 4
Server Log: (my local public IP is replaced)
Code: Select all
Aug 4 11:30:12 euve ovpn-server[17836]: Current Parameter Settings:
Aug 4 11:30:12 euve ovpn-server[17836]: config = '/etc/openvpn/server.conf'
Aug 4 11:30:12 euve ovpn-server[17836]: mode = 1
Aug 4 11:30:12 euve ovpn-server[17836]: persist_config = DISABLED
Aug 4 11:30:12 euve ovpn-server[17836]: persist_mode = 1
Aug 4 11:30:12 euve ovpn-server[17836]: show_ciphers = DISABLED
Aug 4 11:30:12 euve ovpn-server[17836]: show_digests = DISABLED
Aug 4 11:30:12 euve ovpn-server[17836]: show_engines = DISABLED
Aug 4 11:30:12 euve ovpn-server[17836]: genkey = DISABLED
Aug 4 11:30:12 euve ovpn-server[17836]: key_pass_file = '[UNDEF]'
Aug 4 11:30:12 euve ovpn-server[17836]: show_tls_ciphers = DISABLED
Aug 4 11:30:12 euve ovpn-server[17836]: Connection profiles [default]:
Aug 4 11:30:12 euve ovpn-server[17836]: proto = udp
Aug 4 11:30:12 euve ovpn-server[17836]: local = '[UNDEF]'
Aug 4 11:30:12 euve ovpn-server[17836]: local_port = 1194
Aug 4 11:30:12 euve ovpn-server[17836]: remote = '[UNDEF]'
Aug 4 11:30:12 euve ovpn-server[17836]: remote_port = 1194
Aug 4 11:30:12 euve ovpn-server[17836]: remote_float = DISABLED
Aug 4 11:30:12 euve ovpn-server[17836]: bind_defined = DISABLED
Aug 4 11:30:12 euve ovpn-server[17836]: bind_local = ENABLED
Aug 4 11:30:12 euve ovpn-server[17836]: connect_retry_seconds = 5
Aug 4 11:30:12 euve ovpn-server[17836]: connect_timeout = 10
Aug 4 11:30:12 euve ovpn-server[17836]: connect_retry_max = 0
Aug 4 11:30:12 euve ovpn-server[17836]: socks_proxy_server = '[UNDEF]'
Aug 4 11:30:12 euve ovpn-server[17836]: socks_proxy_port = 0
Aug 4 11:30:12 euve ovpn-server[17836]: socks_proxy_retry = DISABLED
Aug 4 11:30:12 euve ovpn-server[17836]: tun_mtu = 1500
Aug 4 11:30:12 euve ovpn-server[17836]: tun_mtu_defined = ENABLED
Aug 4 11:30:12 euve ovpn-server[17836]: link_mtu = 1500
Aug 4 11:30:12 euve ovpn-server[17836]: link_mtu_defined = DISABLED
Aug 4 11:30:12 euve ovpn-server[17836]: tun_mtu_extra = 0
Aug 4 11:30:12 euve ovpn-server[17836]: tun_mtu_extra_defined = DISABLED
Aug 4 11:30:12 euve ovpn-server[17836]: mtu_discover_type = -1
Aug 4 11:30:12 euve ovpn-server[17836]: fragment = 0
Aug 4 11:30:12 euve ovpn-server[17836]: mssfix = 1450
Aug 4 11:30:12 euve ovpn-server[17836]: explicit_exit_notification = 0
Aug 4 11:30:12 euve ovpn-server[17836]: Connection profiles END
Aug 4 11:30:12 euve ovpn-server[17836]: remote_random = DISABLED
Aug 4 11:30:12 euve ovpn-server[17836]: ipchange = '[UNDEF]'
Aug 4 11:30:12 euve ovpn-server[17836]: dev = 'tun'
Aug 4 11:30:12 euve ovpn-server[17836]: dev_type = '[UNDEF]'
Aug 4 11:30:12 euve ovpn-server[17836]: dev_node = '[UNDEF]'
Aug 4 11:30:12 euve ovpn-server[17836]: lladdr = '[UNDEF]'
Aug 4 11:30:12 euve ovpn-server[17836]: topology = 3
Aug 4 11:30:12 euve ovpn-server[17836]: tun_ipv6 = DISABLED
Aug 4 11:30:12 euve ovpn-server[17836]: ifconfig_local = '10.8.0.1'
Aug 4 11:30:12 euve ovpn-server[17836]: ifconfig_remote_netmask = '255.255.255.0'
Aug 4 11:30:12 euve ovpn-server[17836]: ifconfig_noexec = DISABLED
Aug 4 11:30:12 euve ovpn-server[17836]: ifconfig_nowarn = DISABLED
Aug 4 11:30:12 euve ovpn-server[17836]: ifconfig_ipv6_local = '[UNDEF]'
Aug 4 11:30:12 euve ovpn-server[17836]: ifconfig_ipv6_netbits = 0
Aug 4 11:30:12 euve ovpn-server[17836]: ifconfig_ipv6_remote = '[UNDEF]'
Aug 4 11:30:12 euve ovpn-server[17836]: shaper = 0
Aug 4 11:30:12 euve ovpn-server[17836]: mtu_test = 0
Aug 4 11:30:12 euve ovpn-server[17836]: mlock = DISABLED
Aug 4 11:30:12 euve ovpn-server[17836]: keepalive_ping = 10
Aug 4 11:30:12 euve ovpn-server[17836]: keepalive_timeout = 120
Aug 4 11:30:12 euve ovpn-server[17836]: inactivity_timeout = 0
Aug 4 11:30:12 euve ovpn-server[17836]: ping_send_timeout = 10
Aug 4 11:30:12 euve ovpn-server[17836]: ping_rec_timeout = 240
Aug 4 11:30:12 euve ovpn-server[17836]: ping_rec_timeout_action = 2
Aug 4 11:30:12 euve ovpn-server[17836]: ping_timer_remote = DISABLED
Aug 4 11:30:12 euve ovpn-server[17836]: remap_sigusr1 = 0
Aug 4 11:30:12 euve ovpn-server[17836]: persist_tun = ENABLED
Aug 4 11:30:12 euve ovpn-server[17836]: persist_local_ip = DISABLED
Aug 4 11:30:12 euve ovpn-server[17836]: persist_remote_ip = DISABLED
Aug 4 11:30:12 euve ovpn-server[17836]: persist_key = ENABLED
Aug 4 11:30:12 euve ovpn-server[17836]: passtos = DISABLED
Aug 4 11:30:12 euve ovpn-server[17836]: resolve_retry_seconds = 1000000000
Aug 4 11:30:12 euve ovpn-server[17836]: username = 'nobody'
Aug 4 11:30:12 euve ovpn-server[17836]: groupname = 'nogroup'
Aug 4 11:30:12 euve ovpn-server[17836]: chroot_dir = '[UNDEF]'
Aug 4 11:30:12 euve ovpn-server[17836]: cd_dir = '/etc/openvpn'
Aug 4 11:30:12 euve ovpn-server[17836]: writepid = '/run/openvpn/server.pid'
Aug 4 11:30:12 euve ovpn-server[17836]: up_script = '[UNDEF]'
Aug 4 11:30:12 euve ovpn-server[17836]: down_script = '[UNDEF]'
Aug 4 11:30:12 euve ovpn-server[17836]: down_pre = DISABLED
Aug 4 11:30:12 euve ovpn-server[17836]: up_restart = DISABLED
Aug 4 11:30:12 euve ovpn-server[17836]: up_delay = DISABLED
Aug 4 11:30:12 euve ovpn-server[17836]: daemon = ENABLED
Aug 4 11:30:12 euve ovpn-server[17836]: inetd = 0
Aug 4 11:30:12 euve ovpn-server[17836]: log = DISABLED
Aug 4 11:30:12 euve ovpn-server[17836]: suppress_timestamps = DISABLED
Aug 4 11:30:12 euve ovpn-server[17836]: nice = 0
Aug 4 11:30:12 euve ovpn-server[17836]: verbosity = 4
Aug 4 11:30:12 euve ovpn-server[17836]: mute = 0
Aug 4 11:30:12 euve ovpn-server[17836]: gremlin = 0
Aug 4 11:30:12 euve ovpn-server[17836]: status_file = 'openvpn-status.log'
Aug 4 11:30:12 euve ovpn-server[17836]: status_file_version = 1
Aug 4 11:30:12 euve ovpn-server[17836]: status_file_update_freq = 10
Aug 4 11:30:12 euve ovpn-server[17836]: occ = ENABLED
Aug 4 11:30:12 euve ovpn-server[17836]: rcvbuf = 0
Aug 4 11:30:12 euve ovpn-server[17836]: sndbuf = 0
Aug 4 11:30:12 euve ovpn-server[17836]: mark = 0
Aug 4 11:30:12 euve ovpn-server[17836]: sockflags = 0
Aug 4 11:30:12 euve ovpn-server[17836]: fast_io = DISABLED
Aug 4 11:30:12 euve ovpn-server[17836]: lzo = 7
Aug 4 11:30:12 euve ovpn-server[17836]: route_script = '[UNDEF]'
Aug 4 11:30:12 euve ovpn-server[17836]: route_default_gateway = '10.8.0.2'
Aug 4 11:30:12 euve ovpn-server[17836]: route_default_metric = 0
Aug 4 11:30:12 euve ovpn-server[17836]: route_noexec = DISABLED
Aug 4 11:30:12 euve ovpn-server[17836]: route_delay = 0
Aug 4 11:30:12 euve ovpn-server[17836]: route_delay_window = 30
Aug 4 11:30:12 euve ovpn-server[17836]: route_delay_defined = DISABLED
Aug 4 11:30:12 euve ovpn-server[17836]: route_nopull = DISABLED
Aug 4 11:30:12 euve ovpn-server[17836]: route_gateway_via_dhcp = DISABLED
Aug 4 11:30:12 euve ovpn-server[17836]: max_routes = 100
Aug 4 11:30:12 euve ovpn-server[17836]: allow_pull_fqdn = DISABLED
Aug 4 11:30:12 euve ovpn-server[17836]: route 192.168.0.0/255.255.255.0/nil/nil
Aug 4 11:30:12 euve ovpn-server[17836]: management_addr = '[UNDEF]'
Aug 4 11:30:12 euve ovpn-server[17836]: management_port = 0
Aug 4 11:30:12 euve ovpn-server[17836]: management_user_pass = '[UNDEF]'
Aug 4 11:30:12 euve ovpn-server[17836]: management_log_history_cache = 250
Aug 4 11:30:12 euve ovpn-server[17836]: management_echo_buffer_size = 100
Aug 4 11:30:12 euve ovpn-server[17836]: management_write_peer_info_file = '[UNDEF]'
Aug 4 11:30:12 euve ovpn-server[17836]: management_client_user = '[UNDEF]'
Aug 4 11:30:12 euve ovpn-server[17836]: management_client_group = '[UNDEF]'
Aug 4 11:30:12 euve ovpn-server[17836]: management_flags = 0
Aug 4 11:30:12 euve ovpn-server[17836]: shared_secret_file = '[UNDEF]'
Aug 4 11:30:12 euve ovpn-server[17836]: key_direction = 0
Aug 4 11:30:12 euve ovpn-server[17836]: ciphername_defined = ENABLED
Aug 4 11:30:12 euve ovpn-server[17836]: ciphername = 'BF-CBC'
Aug 4 11:30:12 euve ovpn-server[17836]: authname_defined = ENABLED
Aug 4 11:30:12 euve ovpn-server[17836]: authname = 'SHA1'
Aug 4 11:30:12 euve ovpn-server[17836]: prng_hash = 'SHA1'
Aug 4 11:30:12 euve ovpn-server[17836]: prng_nonce_secret_len = 16
Aug 4 11:30:12 euve ovpn-server[17836]: keysize = 0
Aug 4 11:30:12 euve ovpn-server[17836]: engine = DISABLED
Aug 4 11:30:12 euve ovpn-server[17836]: replay = ENABLED
Aug 4 11:30:12 euve ovpn-server[17836]: mute_replay_warnings = DISABLED
Aug 4 11:30:12 euve ovpn-server[17836]: replay_window = 64
Aug 4 11:30:12 euve ovpn-server[17836]: replay_time = 15
Aug 4 11:30:12 euve ovpn-server[17836]: packet_id_file = '[UNDEF]'
Aug 4 11:30:12 euve ovpn-server[17836]: use_iv = ENABLED
Aug 4 11:30:12 euve ovpn-server[17836]: test_crypto = DISABLED
Aug 4 11:30:12 euve ovpn-server[17836]: tls_server = ENABLED
Aug 4 11:30:12 euve ovpn-server[17836]: tls_client = DISABLED
Aug 4 11:30:12 euve ovpn-server[17836]: key_method = 2
Aug 4 11:30:12 euve ovpn-server[17836]: ca_file = '/etc/openvpn/easy-rsa2/keys/ca.crt'
Aug 4 11:30:12 euve ovpn-server[17836]: ca_path = '[UNDEF]'
Aug 4 11:30:12 euve ovpn-server[17836]: dh_file = '/etc/openvpn/easy-rsa2/keys/dh2048.pem'
Aug 4 11:30:12 euve ovpn-server[17836]: cert_file = '/etc/openvpn/easy-rsa2/keys/server.crt'
Aug 4 11:30:12 euve ovpn-server[17836]: extra_certs_file = '[UNDEF]'
Aug 4 11:30:12 euve ovpn-server[17836]: priv_key_file = '/etc/openvpn/easy-rsa2/keys/server.key'
Aug 4 11:30:12 euve ovpn-server[17836]: pkcs12_file = '[UNDEF]'
Aug 4 11:30:12 euve ovpn-server[17836]: cipher_list = '[UNDEF]'
Aug 4 11:30:12 euve ovpn-server[17836]: tls_verify = '[UNDEF]'
Aug 4 11:30:12 euve ovpn-server[17836]: tls_export_cert = '[UNDEF]'
Aug 4 11:30:12 euve ovpn-server[17836]: verify_x509_type = 0
Aug 4 11:30:12 euve ovpn-server[17836]: verify_x509_name = '[UNDEF]'
Aug 4 11:30:12 euve ovpn-server[17836]: crl_file = '[UNDEF]'
Aug 4 11:30:12 euve ovpn-server[17836]: ns_cert_type = 0
Aug 4 11:30:12 euve ovpn-server[17836]: remote_cert_ku[i] = 0
Aug 4 11:30:12 euve ovpn-server[17836]: message repeated 15 times: [ remote_cert_ku[i] = 0]
Aug 4 11:30:12 euve ovpn-server[17836]: remote_cert_eku = '[UNDEF]'
Aug 4 11:30:12 euve ovpn-server[17836]: ssl_flags = 0
Aug 4 11:30:12 euve ovpn-server[17836]: tls_timeout = 2
Aug 4 11:30:12 euve ovpn-server[17836]: renegotiate_bytes = 0
Aug 4 11:30:12 euve ovpn-server[17836]: renegotiate_packets = 0
Aug 4 11:30:12 euve ovpn-server[17836]: renegotiate_seconds = 3600
Aug 4 11:30:12 euve ovpn-server[17836]: handshake_window = 60
Aug 4 11:30:12 euve ovpn-server[17836]: transition_window = 3600
Aug 4 11:30:12 euve ovpn-server[17836]: single_session = DISABLED
Aug 4 11:30:12 euve ovpn-server[17836]: push_peer_info = DISABLED
Aug 4 11:30:12 euve ovpn-server[17836]: tls_exit = DISABLED
Aug 4 11:30:12 euve ovpn-server[17836]: tls_auth_file = '[UNDEF]'
Aug 4 11:30:12 euve ovpn-server[17836]: pkcs11_protected_authentication = DISABLED
Aug 4 11:30:12 euve ovpn-server[17836]: message repeated 15 times: [ pkcs11_protected_authentication = DISABLED]
Aug 4 11:30:12 euve ovpn-server[17836]: pkcs11_private_mode = 00000000
Aug 4 11:30:12 euve ovpn-server[17836]: message repeated 15 times: [ pkcs11_private_mode = 00000000]
Aug 4 11:30:12 euve ovpn-server[17836]: pkcs11_cert_private = DISABLED
Aug 4 11:30:12 euve ovpn-server[17836]: message repeated 15 times: [ pkcs11_cert_private = DISABLED]
Aug 4 11:30:12 euve ovpn-server[17836]: pkcs11_pin_cache_period = -1
Aug 4 11:30:12 euve ovpn-server[17836]: pkcs11_id = '[UNDEF]'
Aug 4 11:30:12 euve ovpn-server[17836]: pkcs11_id_management = DISABLED
Aug 4 11:30:12 euve ovpn-server[17836]: server_network = 10.8.0.0
Aug 4 11:30:12 euve ovpn-server[17836]: server_netmask = 255.255.255.0
Aug 4 11:30:12 euve ovpn-server[17836]: server_network_ipv6 = ::
Aug 4 11:30:12 euve ovpn-server[17836]: server_netbits_ipv6 = 0
Aug 4 11:30:12 euve ovpn-server[17836]: server_bridge_ip = 0.0.0.0
Aug 4 11:30:12 euve ovpn-server[17836]: server_bridge_netmask = 0.0.0.0
Aug 4 11:30:12 euve ovpn-server[17836]: server_bridge_pool_start = 0.0.0.0
Aug 4 11:30:12 euve ovpn-server[17836]: server_bridge_pool_end = 0.0.0.0
Aug 4 11:30:12 euve ovpn-server[17836]: push_entry = 'route 192.168.0.0 255.255.255.0'
Aug 4 11:30:12 euve ovpn-server[17836]: push_entry = 'route-gateway 10.8.0.1'
Aug 4 11:30:12 euve ovpn-server[17836]: push_entry = 'topology subnet'
Aug 4 11:30:12 euve ovpn-server[17836]: push_entry = 'ping 10'
Aug 4 11:30:12 euve ovpn-server[17836]: push_entry = 'ping-restart 120'
Aug 4 11:30:12 euve ovpn-server[17836]: ifconfig_pool_defined = ENABLED
Aug 4 11:30:12 euve ovpn-server[17836]: ifconfig_pool_start = 10.8.0.2
Aug 4 11:30:12 euve ovpn-server[17836]: ifconfig_pool_end = 10.8.0.253
Aug 4 11:30:12 euve ovpn-server[17836]: ifconfig_pool_netmask = 255.255.255.0
Aug 4 11:30:12 euve ovpn-server[17836]: ifconfig_pool_persist_filename = 'ipp.txt'
Aug 4 11:30:12 euve ovpn-server[17836]: ifconfig_pool_persist_refresh_freq = 600
Aug 4 11:30:12 euve ovpn-server[17836]: ifconfig_ipv6_pool_defined = DISABLED
Aug 4 11:30:12 euve ovpn-server[17836]: ifconfig_ipv6_pool_base = ::
Aug 4 11:30:12 euve ovpn-server[17836]: ifconfig_ipv6_pool_netbits = 0
Aug 4 11:30:12 euve ovpn-server[17836]: n_bcast_buf = 256
Aug 4 11:30:12 euve ovpn-server[17836]: tcp_queue_limit = 64
Aug 4 11:30:12 euve ovpn-server[17836]: real_hash_size = 256
Aug 4 11:30:12 euve ovpn-server[17836]: virtual_hash_size = 256
Aug 4 11:30:12 euve ovpn-server[17836]: client_connect_script = '[UNDEF]'
Aug 4 11:30:12 euve ovpn-server[17836]: learn_address_script = '[UNDEF]'
Aug 4 11:30:12 euve ovpn-server[17836]: client_disconnect_script = '[UNDEF]'
Aug 4 11:30:12 euve ovpn-server[17836]: client_config_dir = '/etc/openvpn/ccd'
Aug 4 11:30:12 euve ovpn-server[17836]: ccd_exclusive = DISABLED
Aug 4 11:30:12 euve ovpn-server[17836]: tmp_dir = '/tmp'
Aug 4 11:30:12 euve ovpn-server[17836]: push_ifconfig_defined = DISABLED
Aug 4 11:30:12 euve ovpn-server[17836]: push_ifconfig_local = 0.0.0.0
Aug 4 11:30:12 euve ovpn-server[17836]: push_ifconfig_remote_netmask = 0.0.0.0
Aug 4 11:30:12 euve ovpn-server[17836]: push_ifconfig_ipv6_defined = DISABLED
Aug 4 11:30:12 euve ovpn-server[17836]: push_ifconfig_ipv6_local = ::/0
Aug 4 11:30:12 euve ovpn-server[17836]: push_ifconfig_ipv6_remote = ::
Aug 4 11:30:12 euve ovpn-server[17836]: enable_c2c = ENABLED
Aug 4 11:30:12 euve ovpn-server[17836]: duplicate_cn = DISABLED
Aug 4 11:30:12 euve ovpn-server[17836]: cf_max = 0
Aug 4 11:30:12 euve ovpn-server[17836]: cf_per = 0
Aug 4 11:30:12 euve ovpn-server[17836]: max_clients = 1024
Aug 4 11:30:12 euve ovpn-server[17836]: max_routes_per_client = 256
Aug 4 11:30:12 euve ovpn-server[17836]: auth_user_pass_verify_script = '[UNDEF]'
Aug 4 11:30:12 euve ovpn-server[17836]: auth_user_pass_verify_script_via_file = DISABLED
Aug 4 11:30:12 euve ovpn-server[17836]: port_share_host = '[UNDEF]'
Aug 4 11:30:12 euve ovpn-server[17836]: port_share_port = 0
Aug 4 11:30:12 euve ovpn-server[17836]: client = DISABLED
Aug 4 11:30:12 euve ovpn-server[17836]: pull = DISABLED
Aug 4 11:30:12 euve ovpn-server[17836]: auth_user_pass_file = '[UNDEF]'
Aug 4 11:30:12 euve ovpn-server[17836]: OpenVPN 2.3.10 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jun 22 2017
Aug 4 11:30:12 euve ovpn-server[17836]: library versions: OpenSSL 1.0.2g 1 Mar 2016, LZO 2.08
Aug 4 11:30:12 euve ovpn-server[17837]: Diffie-Hellman initialized with 2048 bit key
Aug 4 11:30:12 euve ovpn-server[17837]: TLS-Auth MTU parms [ L:1542 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Aug 4 11:30:12 euve ovpn-server[17837]: Socket Buffers: R=[133120->133120] S=[133120->133120]
Aug 4 11:30:12 euve ovpn-server[17837]: ROUTE_GATEWAY ON_LINK IFACE=venet0 HWADDR=00:00:00:00:00:00
Aug 4 11:30:12 euve ovpn-server[17837]: TUN/TAP device tun0 opened
Aug 4 11:30:12 euve ovpn-server[17837]: TUN/TAP TX queue length set to 100
Aug 4 11:30:12 euve ovpn-server[17837]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Aug 4 11:30:12 euve ovpn-server[17837]: /sbin/ip link set dev tun0 up mtu 1500
Aug 4 11:30:12 euve ovpn-server[17837]: /sbin/ip addr add dev tun0 10.8.0.1/24 broadcast 10.8.0.255
Aug 4 11:30:12 euve ovpn-server[17837]: /sbin/ip route add 192.168.0.0/24 via 10.8.0.2
Aug 4 11:30:12 euve ovpn-server[17837]: Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:143 ET:0 EL:3 AF:3/1 ]
Aug 4 11:30:12 euve ovpn-server[17837]: GID set to nogroup
Aug 4 11:30:12 euve ovpn-server[17837]: UID set to nobody
Aug 4 11:30:12 euve ovpn-server[17837]: UDPv4 link local (bound): [undef]
Aug 4 11:30:12 euve ovpn-server[17837]: UDPv4 link remote: [undef]
Aug 4 11:30:12 euve ovpn-server[17837]: MULTI: multi_init called, r=256 v=256
Aug 4 11:30:12 euve ovpn-server[17837]: IFCONFIG POOL: base=10.8.0.2 size=252, ipv6=0
Aug 4 11:30:12 euve ovpn-server[17837]: ifconfig_pool_read(), in='bahnhofstrasse,10.8.0.2', TODO: IPv6
Aug 4 11:30:12 euve ovpn-server[17837]: succeeded -> ifconfig_pool_set()
Aug 4 11:30:12 euve ovpn-server[17837]: ifconfig_pool_read(), in='ephraimlocal,10.8.0.3', TODO: IPv6
Aug 4 11:30:12 euve ovpn-server[17837]: succeeded -> ifconfig_pool_set()
Aug 4 11:30:12 euve ovpn-server[17837]: IFCONFIG POOL LIST
Aug 4 11:30:12 euve ovpn-server[17837]: bahnhofstrasse,10.8.0.2
Aug 4 11:30:12 euve ovpn-server[17837]: ephraimlocal,10.8.0.3
Aug 4 11:30:12 euve ovpn-server[17837]: Initialization Sequence Completed
Aug 4 11:30:52 euve ovpn-server[17837]: MULTI: multi_create_instance called
Aug 4 11:30:52 euve ovpn-server[17837]: <LOCAL_PUBLIC_IP>:64938 Re-using SSL/TLS context
Aug 4 11:30:52 euve ovpn-server[17837]: <LOCAL_PUBLIC_IP>:64938 LZO compression initialized
Aug 4 11:30:52 euve ovpn-server[17837]: <LOCAL_PUBLIC_IP>:64938 Control Channel MTU parms [ L:1542 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Aug 4 11:30:52 euve ovpn-server[17837]: <LOCAL_PUBLIC_IP>:64938 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:143 ET:0 EL:3 AF:3/1 ]
Aug 4 11:30:52 euve ovpn-server[17837]: <LOCAL_PUBLIC_IP>:64938 Local Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Aug 4 11:30:52 euve ovpn-server[17837]: <LOCAL_PUBLIC_IP>:64938 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Aug 4 11:30:52 euve ovpn-server[17837]: <LOCAL_PUBLIC_IP>:64938 Local Options hash (VER=V4): '530fdded'
Aug 4 11:30:52 euve ovpn-server[17837]: <LOCAL_PUBLIC_IP>:64938 Expected Remote Options hash (VER=V4): '41690919'
Aug 4 11:30:52 euve ovpn-server[17837]: <LOCAL_PUBLIC_IP>:64938 TLS: Initial packet from [AF_INET]<LOCAL_PUBLIC_IP>:64938, sid=f5481f52 b6034673
Aug 4 11:30:52 euve ovpn-server[17837]: <LOCAL_PUBLIC_IP>:64938 VERIFY OK: depth=1, C=DE, ST=NRW, L=Detmold, O=BTTEC, CN=euve, name=EasyRSA, emailAddress=xx
Aug 4 11:30:52 euve ovpn-server[17837]: <LOCAL_PUBLIC_IP>:64938 VERIFY OK: depth=0, C=DE, ST=NRW, L=Detmold, O=BTTEC, OU=MasterThienhaus, CN=bahnhofstrasse, name=EasyRSA, emailAddress=xx
Aug 4 11:30:52 euve ovpn-server[17837]: <LOCAL_PUBLIC_IP>:64938 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Aug 4 11:30:52 euve ovpn-server[17837]: <LOCAL_PUBLIC_IP>:64938 WARNING: this cipher's block size is less than 128 bit (64 bit). Consider using a --cipher with a larger block size.
Aug 4 11:30:52 euve ovpn-server[17837]: <LOCAL_PUBLIC_IP>:64938 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Aug 4 11:30:52 euve ovpn-server[17837]: <LOCAL_PUBLIC_IP>:64938 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Aug 4 11:30:52 euve ovpn-server[17837]: <LOCAL_PUBLIC_IP>:64938 WARNING: this cipher's block size is less than 128 bit (64 bit). Consider using a --cipher with a larger block size.
Aug 4 11:30:52 euve ovpn-server[17837]: <LOCAL_PUBLIC_IP>:64938 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Aug 4 11:30:52 euve ovpn-server[17837]: <LOCAL_PUBLIC_IP>:64938 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Aug 4 11:30:52 euve ovpn-server[17837]: <LOCAL_PUBLIC_IP>:64938 [bahnhofstrasse] Peer Connection Initiated with [AF_INET]<LOCAL_PUBLIC_IP>:64938
Aug 4 11:30:52 euve ovpn-server[17837]: bahnhofstrasse/<LOCAL_PUBLIC_IP>:64938 OPTIONS IMPORT: reading client specific options from: /etc/openvpn/ccd/bahnhofstrasse
Aug 4 11:30:52 euve ovpn-server[17837]: bahnhofstrasse/<LOCAL_PUBLIC_IP>:64938 MULTI_sva: pool returned IPv4=10.8.0.2, IPv6=(Not enabled)
Aug 4 11:30:52 euve ovpn-server[17837]: bahnhofstrasse/<LOCAL_PUBLIC_IP>:64938 MULTI: Learn: 10.8.0.2 -> bahnhofstrasse/<LOCAL_PUBLIC_IP>:64938
Aug 4 11:30:52 euve ovpn-server[17837]: bahnhofstrasse/<LOCAL_PUBLIC_IP>:64938 MULTI: primary virtual IP for bahnhofstrasse/<LOCAL_PUBLIC_IP>:64938: 10.8.0.2
Aug 4 11:30:52 euve ovpn-server[17837]: bahnhofstrasse/<LOCAL_PUBLIC_IP>:64938 MULTI: internal route 192.168.0.0/24 -> bahnhofstrasse/<LOCAL_PUBLIC_IP>:64938
Aug 4 11:30:52 euve ovpn-server[17837]: bahnhofstrasse/<LOCAL_PUBLIC_IP>:64938 MULTI: Learn: 192.168.0.0/24 -> bahnhofstrasse/<LOCAL_PUBLIC_IP>:64938
Aug 4 11:30:52 euve ovpn-server[17837]: bahnhofstrasse/<LOCAL_PUBLIC_IP>:64938 REMOVE PUSH ROUTE: 'route 192.168.0.0 255.255.255.0'
Aug 4 11:30:55 euve ovpn-server[17837]: bahnhofstrasse/<LOCAL_PUBLIC_IP>:64938 PUSH: Received control message: 'PUSH_REQUEST'
Aug 4 11:30:55 euve ovpn-server[17837]: bahnhofstrasse/<LOCAL_PUBLIC_IP>:64938 send_push_reply(): safe_cap=940
Aug 4 11:30:55 euve ovpn-server[17837]: bahnhofstrasse/<LOCAL_PUBLIC_IP>:64938 SENT CONTROL [bahnhofstrasse]: 'PUSH_REPLY,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.8.0.2 255.255.255.0' (status=1)
Aug 4 11:33:42 euve ovpn-server[17837]: MULTI: multi_create_instance called
Aug 4 11:33:42 euve ovpn-server[17837]: <LOCAL_PUBLIC_IP>:64826 Re-using SSL/TLS context
Aug 4 11:33:42 euve ovpn-server[17837]: <LOCAL_PUBLIC_IP>:64826 LZO compression initialized
Aug 4 11:33:42 euve ovpn-server[17837]: <LOCAL_PUBLIC_IP>:64826 Control Channel MTU parms [ L:1542 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Aug 4 11:33:42 euve ovpn-server[17837]: <LOCAL_PUBLIC_IP>:64826 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:143 ET:0 EL:3 AF:3/1 ]
Aug 4 11:33:42 euve ovpn-server[17837]: <LOCAL_PUBLIC_IP>:64826 Local Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Aug 4 11:33:42 euve ovpn-server[17837]: <LOCAL_PUBLIC_IP>:64826 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Aug 4 11:33:42 euve ovpn-server[17837]: <LOCAL_PUBLIC_IP>:64826 Local Options hash (VER=V4): '530fdded'
Aug 4 11:33:42 euve ovpn-server[17837]: <LOCAL_PUBLIC_IP>:64826 Expected Remote Options hash (VER=V4): '41690919'
Aug 4 11:33:42 euve ovpn-server[17837]: <LOCAL_PUBLIC_IP>:64826 TLS: Initial packet from [AF_INET]<LOCAL_PUBLIC_IP>:64826, sid=8ba55dc8 79630844
Aug 4 11:33:44 euve ovpn-server[17837]: <LOCAL_PUBLIC_IP>:64826 VERIFY OK: depth=1, C=DE, ST=NRW, L=Detmold, O=BTTEC, CN=euve, name=EasyRSA, emailAddress=xx
Aug 4 11:33:44 euve ovpn-server[17837]: <LOCAL_PUBLIC_IP>:64826 VERIFY OK: depth=0, C=DE, ST=NRW, L=Detmold, O=BTTEC, OU=MasterThienhaus, CN=bahnhofstrasse, name=EasyRSA, emailAddress=xx
Aug 4 11:33:44 euve ovpn-server[17837]: <LOCAL_PUBLIC_IP>:64826 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Aug 4 11:33:44 euve ovpn-server[17837]: <LOCAL_PUBLIC_IP>:64826 WARNING: this cipher's block size is less than 128 bit (64 bit). Consider using a --cipher with a larger block size.
Aug 4 11:33:44 euve ovpn-server[17837]: <LOCAL_PUBLIC_IP>:64826 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Aug 4 11:33:44 euve ovpn-server[17837]: <LOCAL_PUBLIC_IP>:64826 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Aug 4 11:33:44 euve ovpn-server[17837]: <LOCAL_PUBLIC_IP>:64826 WARNING: this cipher's block size is less than 128 bit (64 bit). Consider using a --cipher with a larger block size.
Aug 4 11:33:44 euve ovpn-server[17837]: <LOCAL_PUBLIC_IP>:64826 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Aug 4 11:33:44 euve ovpn-server[17837]: <LOCAL_PUBLIC_IP>:64826 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Aug 4 11:33:44 euve ovpn-server[17837]: <LOCAL_PUBLIC_IP>:64826 [bahnhofstrasse] Peer Connection Initiated with [AF_INET]<LOCAL_PUBLIC_IP>:64826
Aug 4 11:33:44 euve ovpn-server[17837]: MULTI: new connection by client 'bahnhofstrasse' will cause previous active sessions by this client to be dropped. Remember to use the --duplicate-cn option if you want multiple clients using the same certificate or username to concurrently connect.
Aug 4 11:33:44 euve ovpn-server[17837]: OPTIONS IMPORT: reading client specific options from: /etc/openvpn/ccd/bahnhofstrasse
Aug 4 11:33:44 euve ovpn-server[17837]: MULTI_sva: pool returned IPv4=10.8.0.2, IPv6=(Not enabled)
Aug 4 11:33:44 euve ovpn-server[17837]: MULTI: Learn: 10.8.0.2 -> bahnhofstrasse/<LOCAL_PUBLIC_IP>:64826
Aug 4 11:33:44 euve ovpn-server[17837]: MULTI: primary virtual IP for bahnhofstrasse/<LOCAL_PUBLIC_IP>:64826: 10.8.0.2
Aug 4 11:33:44 euve ovpn-server[17837]: MULTI: internal route 192.168.0.0/24 -> bahnhofstrasse/<LOCAL_PUBLIC_IP>:64826
Aug 4 11:33:44 euve ovpn-server[17837]: MULTI: Learn: 192.168.0.0/24 -> bahnhofstrasse/<LOCAL_PUBLIC_IP>:64826
Aug 4 11:33:44 euve ovpn-server[17837]: REMOVE PUSH ROUTE: 'route 192.168.0.0 255.255.255.0'
Aug 4 11:33:46 euve ovpn-server[17837]: bahnhofstrasse/<LOCAL_PUBLIC_IP>:64826 PUSH: Received control message: 'PUSH_REQUEST'
Aug 4 11:33:46 euve ovpn-server[17837]: bahnhofstrasse/<LOCAL_PUBLIC_IP>:64826 send_push_reply(): safe_cap=940
Aug 4 11:33:46 euve ovpn-server[17837]: bahnhofstrasse/<LOCAL_PUBLIC_IP>:64826 SENT CONTROL [bahnhofstrasse]: 'PUSH_REPLY,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.8.0.2 255.255.255.0' (status=1)
Aug 4 11:35:39 euve ovpn-server[17837]: MULTI: multi_create_instance called
Aug 4 11:35:39 euve ovpn-server[17837]: <LOCAL_PUBLIC_IP>:64823 Re-using SSL/TLS context
Aug 4 11:35:39 euve ovpn-server[17837]: <LOCAL_PUBLIC_IP>:64823 LZO compression initialized
Aug 4 11:35:39 euve ovpn-server[17837]: <LOCAL_PUBLIC_IP>:64823 Control Channel MTU parms [ L:1542 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Aug 4 11:35:39 euve ovpn-server[17837]: <LOCAL_PUBLIC_IP>:64823 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:143 ET:0 EL:3 AF:3/1 ]
Aug 4 11:35:39 euve ovpn-server[17837]: <LOCAL_PUBLIC_IP>:64823 Local Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Aug 4 11:35:39 euve ovpn-server[17837]: <LOCAL_PUBLIC_IP>:64823 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Aug 4 11:35:39 euve ovpn-server[17837]: <LOCAL_PUBLIC_IP>:64823 Local Options hash (VER=V4): '530fdded'
Aug 4 11:35:39 euve ovpn-server[17837]: <LOCAL_PUBLIC_IP>:64823 Expected Remote Options hash (VER=V4): '41690919'
Aug 4 11:35:39 euve ovpn-server[17837]: <LOCAL_PUBLIC_IP>:64823 TLS: Initial packet from [AF_INET]<LOCAL_PUBLIC_IP>:64823, sid=4bb66510 6ce8d3b4
Aug 4 11:35:39 euve ovpn-server[17837]: <LOCAL_PUBLIC_IP>:64823 VERIFY OK: depth=1, C=DE, ST=NRW, L=Detmold, O=BTTEC, CN=euve, name=EasyRSA, emailAddress=xx
Aug 4 11:35:39 euve ovpn-server[17837]: <LOCAL_PUBLIC_IP>:64823 VERIFY OK: depth=0, C=DE, ST=NRW, L=Detmold, O=BTTEC, CN=ephraimlocal, name=EasyRSA, emailAddress=xx
Aug 4 11:35:39 euve ovpn-server[17837]: <LOCAL_PUBLIC_IP>:64823 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1542', remote='link-mtu 1572'
Aug 4 11:35:39 euve ovpn-server[17837]: <LOCAL_PUBLIC_IP>:64823 WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1500', remote='tun-mtu 1530'
Aug 4 11:35:39 euve ovpn-server[17837]: <LOCAL_PUBLIC_IP>:64823 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Aug 4 11:35:39 euve ovpn-server[17837]: <LOCAL_PUBLIC_IP>:64823 WARNING: this cipher's block size is less than 128 bit (64 bit). Consider using a --cipher with a larger block size.
Aug 4 11:35:39 euve ovpn-server[17837]: <LOCAL_PUBLIC_IP>:64823 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Aug 4 11:35:39 euve ovpn-server[17837]: <LOCAL_PUBLIC_IP>:64823 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Aug 4 11:35:39 euve ovpn-server[17837]: <LOCAL_PUBLIC_IP>:64823 WARNING: this cipher's block size is less than 128 bit (64 bit). Consider using a --cipher with a larger block size.
Aug 4 11:35:39 euve ovpn-server[17837]: <LOCAL_PUBLIC_IP>:64823 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Aug 4 11:35:39 euve ovpn-server[17837]: <LOCAL_PUBLIC_IP>:64823 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Aug 4 11:35:39 euve ovpn-server[17837]: <LOCAL_PUBLIC_IP>:64823 [ephraimlocal] Peer Connection Initiated with [AF_INET]<LOCAL_PUBLIC_IP>:64823
Aug 4 11:35:39 euve ovpn-server[17837]: ephraimlocal/<LOCAL_PUBLIC_IP>:64823 MULTI_sva: pool returned IPv4=10.8.0.3, IPv6=(Not enabled)
Aug 4 11:35:39 euve ovpn-server[17837]: ephraimlocal/<LOCAL_PUBLIC_IP>:64823 MULTI: Learn: 10.8.0.3 -> ephraimlocal/<LOCAL_PUBLIC_IP>:64823
Aug 4 11:35:39 euve ovpn-server[17837]: ephraimlocal/<LOCAL_PUBLIC_IP>:64823 MULTI: primary virtual IP for ephraimlocal/<LOCAL_PUBLIC_IP>:64823: 10.8.0.3
Aug 4 11:35:41 euve ovpn-server[17837]: ephraimlocal/<LOCAL_PUBLIC_IP>:64823 PUSH: Received control message: 'PUSH_REQUEST'
Aug 4 11:35:41 euve ovpn-server[17837]: ephraimlocal/<LOCAL_PUBLIC_IP>:64823 send_push_reply(): safe_cap=940
Aug 4 11:35:41 euve ovpn-server[17837]: ephraimlocal/<LOCAL_PUBLIC_IP>:64823 SENT CONTROL [ephraimlocal]: 'PUSH_REPLY,route 192.168.0.0 255.255.255.0,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.8.0.3 255.255.255.0' (status=1)
Aug 4 11:38:22 euve ovpn-server[17837]: ephraimlocal/<LOCAL_PUBLIC_IP>:64823 MULTI: Learn: 192.168.0.15 -> bahnhofstrasse/<LOCAL_PUBLIC_IP>:64826
Aug 4 11:39:31 euve ovpn-server[17837]: bahnhofstrasse/<LOCAL_PUBLIC_IP>:64826 MULTI: Learn: 192.168.0.250 -> bahnhofstrasse/<LOCAL_PUBLIC_IP>:64826
Aug 4 11:41:52 euve ovpn-server[17837]: ephraimlocal/<LOCAL_PUBLIC_IP>:64823 MULTI: Learn: 192.168.0.200 -> bahnhofstrasse/<LOCAL_PUBLIC_IP>:64826
Aug 4 11:44:08 euve ovpn-server[17837]: bahnhofstrasse/<LOCAL_PUBLIC_IP>:64826 PID_ERR replay-window backtrack occurred [2] [SSL-0] [0__00001111111114>EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE] 0:427 0:425 t=1501847048[0] r=[-4,64,15,2,1] sl=[21,64,64,528]
Aug 4 11:47:09 euve ovpn-server[17837]: bahnhofstrasse/<LOCAL_PUBLIC_IP>:64826 PID_ERR replay-window backtrack occurred [3] [SSL-0] [00__00001111111119EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE] 0:506 0:503 t=1501847229[0] r=[-1,64,15,3,1] sl=[6,64,64,528]
* Endian Firewall Client with LAN 192.168.0.0 behind it *
Code: Select all
Linux efw.localdomain 2.6.32.43-57.e51.i586 #1 SMP Tue Sep 10 04:36:09 EDT 2013 i686 i686 i386 GNU/Linux
Network Setup:
Code: Select all
ifconfig
br0 Link encap:Ethernet HWaddr 00:13:D3:DA:16:AC
inet addr:192.168.0.15 Bcast:192.168.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:37519215 errors:0 dropped:0 overruns:0 frame:0
TX packets:29285197 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1217336640 (1.1 GiB) TX bytes:3618688929 (3.3 GiB)
br1 Link encap:Ethernet HWaddr 4E:11:D5:4F:A1:50
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
br2 Link encap:Ethernet HWaddr 00:13:D3:DA:16:AD
inet addr:192.168.2.15 Bcast:192.168.2.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:21540922 errors:0 dropped:0 overruns:0 frame:0
TX packets:45272662 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:448675212 (427.8 MiB) TX bytes:1025409319 (977.9 MiB)
eth0 Link encap:Ethernet HWaddr 00:13:D3:DA:16:AC
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
RX packets:37519880 errors:0 dropped:8 overruns:0 frame:0
TX packets:29285198 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1766446428 (1.6 GiB) TX bytes:3618689163 (3.3 GiB)
Interrupt:16
eth1 Link encap:Ethernet HWaddr 00:13:D3:DA:16:AD
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
RX packets:21541021 errors:0 dropped:0 overruns:0 frame:0
TX packets:45272660 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:779527550 (743.4 MiB) TX bytes:1025409235 (977.9 MiB)
Interrupt:17
eth2 Link encap:Ethernet HWaddr 00:1B:21:63:8C:AC
inet addr:192.168.1.2 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:74041155 errors:1 dropped:0 overruns:0 frame:1
TX packets:58045664 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:4112180041 (3.8 GiB) TX bytes:2294530586 (2.1 GiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:28019715 errors:0 dropped:0 overruns:0 frame:0
TX packets:28019715 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:2094136249 (1.9 GiB) TX bytes:2094136249 (1.9 GiB)
openvpntu Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.8.0.2 P-t-P:10.8.0.2 Mask:255.255.255.0
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:710 errors:0 dropped:0 overruns:0 frame:0
TX packets:504 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:54975 (53.6 KiB) TX bytes:186730 (182.3 KiB)
View Original client.conf
# Begin Additional configuration:
# (This is to cause the process to restart whenever
# such a configuration value changes)
# NAT: off
# Routetype: routed
# Block DHCP: on
# End Additional configuration
client
pull
comp-lzo yes
nobind
resolv-retry infinite
script-security 2 system
auth-retry nointeract
dev openvpntun0
dev-type tun
;askpass /var/efw/openvpnclients/euve/ephraimlocal.pass
ns-cert-type server
ca /var/efw/openvpnclients/euve/ca.crt
cert /var/efw/openvpnclients/euve/bahnhofstrasse.crt
key /var/efw/openvpnclients/euve/bahnhofstrasse.key
;auth-user-pass /var/efw/openvpnclients/euve/credentials
;tls-auth /var/efw/openvpnclients/euve/tls.key
proto udp
remote 62.75.213.217 1194 udp
writepid /var/run/openvpn/client_1.pid
up-delay
up "/usr/local/bin/dir.d-exec /etc/openvpn/ifup.client.d/"
down-pre
down "/usr/local/bin/dir.d-exec /etc/openvpn/ifdown.client.d/"
#custom "/usr/local/bin/dir.d-exec /etc/openvpn/custom.client.d/"
verb 4
Log:
Code: Select all
OpenVPN
2017-08-04 13:33:42
euve[31631]: Fri Aug 4 13:33:42 2017 us=723817 duplicate_cn = DISABLED
OpenVPN
2017-08-04 13:33:42
euve[31631]: Fri Aug 4 13:33:42 2017 us=723827 cf_max = 0
OpenVPN
2017-08-04 13:33:42
euve[31631]: Fri Aug 4 13:33:42 2017 us=723837 cf_per = 0
OpenVPN
2017-08-04 13:33:42
euve[31631]: Fri Aug 4 13:33:42 2017 us=723847 max_clients = 1024
OpenVPN
2017-08-04 13:33:42
euve[31631]: Fri Aug 4 13:33:42 2017 us=723857 max_routes_per_client = 256
OpenVPN
2017-08-04 13:33:42
euve[31631]: Fri Aug 4 13:33:42 2017 us=723868 auth_user_pass_verify_script = "[UNDEF]"
OpenVPN
2017-08-04 13:33:42
euve[31631]: Fri Aug 4 13:33:42 2017 us=723878 auth_user_pass_verify_script_via_file = DISABLED
OpenVPN
2017-08-04 13:33:42
euve[31631]: Fri Aug 4 13:33:42 2017 us=723888 port_share_host = "[UNDEF]"
OpenVPN
2017-08-04 13:33:42
euve[31631]: Fri Aug 4 13:33:42 2017 us=723898 port_share_port = 0
OpenVPN
2017-08-04 13:33:42
euve[31631]: Fri Aug 4 13:33:42 2017 us=723908 client = ENABLED
OpenVPN
2017-08-04 13:33:42
euve[31631]: Fri Aug 4 13:33:42 2017 us=723918 pull = ENABLED
OpenVPN
2017-08-04 13:33:42
euve[31631]: Fri Aug 4 13:33:42 2017 us=723927 auth_user_pass_file = "[UNDEF]"
OpenVPN
2017-08-04 13:33:42
euve[31631]: Fri Aug 4 13:33:42 2017 us=723941 OpenVPN 2.3.6 i686-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Mar 9 2015
OpenVPN
2017-08-04 13:33:42
euve[31631]: Fri Aug 4 13:33:42 2017 us=723963 library versions: OpenSSL 1.0.1h 5 Jun 2014, LZO 2.01
OpenVPN
2017-08-04 13:33:42
euve[31631]: Fri Aug 4 13:33:42 2017 us=724064 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
OpenVPN
2017-08-04 13:33:42
euve[31631]: Fri Aug 4 13:33:42 2017 us=728795 LZO compression initialized
OpenVPN
2017-08-04 13:33:42
euve[31631]: Fri Aug 4 13:33:42 2017 us=728940 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
OpenVPN
2017-08-04 13:33:42
euve[31631]: Fri Aug 4 13:33:42 2017 us=729001 Socket Buffers: R=[115712->131072] S=[115712->131072]
OpenVPN
2017-08-04 13:33:42
euve[31631]: Fri Aug 4 13:33:42 2017 us=729037 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
OpenVPN
2017-08-04 13:33:42
euve[31631]: Fri Aug 4 13:33:42 2017 us=729073 Local Options String: "V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client"
OpenVPN
2017-08-04 13:33:42
euve[31631]: Fri Aug 4 13:33:42 2017 us=729083 Expected Remote Options String: "V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server"
OpenVPN
2017-08-04 13:33:42
euve[31631]: Fri Aug 4 13:33:42 2017 us=729118 Local Options hash (VER=V4): "41690919"
OpenVPN
2017-08-04 13:33:42
euve[31631]: Fri Aug 4 13:33:42 2017 us=729140 Expected Remote Options hash (VER=V4): "530fdded"
OpenVPN
2017-08-04 13:33:42
euve[31631]: Fri Aug 4 13:33:42 2017 us=729288 UDPv4 link local: [undef]
OpenVPN
2017-08-04 13:33:42
euve[31631]: Fri Aug 4 13:33:42 2017 us=729305 UDPv4 link remote: [AF_INET]<SERVER_PUBLIC_IP>:1194
OpenVPN
2017-08-04 13:33:42
euve[31631]: Fri Aug 4 13:33:42 2017 us=745156 TLS: Initial packet from [AF_INET]<SERVER_PUBLIC_IP>:1194, sid=22228f75 7865a9f1
OpenVPN
2017-08-04 13:33:42
euve[31631]: Fri Aug 4 13:33:42 2017 us=774838 VERIFY OK: depth=1, C=DE, ST=NRW, L=Detmold, O=BTTEC, CN=euve, name=EasyRSA, emailAddress=xxx
OpenVPN
2017-08-04 13:33:42
euve[31631]: Fri Aug 4 13:33:42 2017 us=777625 VERIFY OK: nsCertType=SERVER
OpenVPN
2017-08-04 13:33:42
euve[31631]: Fri Aug 4 13:33:42 2017 us=777639 VERIFY OK: depth=0, C=DE, ST=NRW, L=Detmold, O=BTTEC, CN=euve., name=EasyRSA, emailAddress=xxx
OpenVPN
2017-08-04 13:33:44
euve[31631]: Fri Aug 4 13:33:44 2017 us=755702 Data Channel Encrypt: Cipher "BF-CBC" initialized with 128 bit key
OpenVPN
2017-08-04 13:33:44
euve[31631]: Fri Aug 4 13:33:44 2017 us=755740 Data Channel Encrypt: Using 160 bit message hash "SHA1" for HMAC authentication
OpenVPN
2017-08-04 13:33:44
euve[31631]: Fri Aug 4 13:33:44 2017 us=755828 Data Channel Decrypt: Cipher "BF-CBC" initialized with 128 bit key
OpenVPN
2017-08-04 13:33:44
euve[31631]: Fri Aug 4 13:33:44 2017 us=755843 Data Channel Decrypt: Using 160 bit message hash "SHA1" for HMAC authentication
OpenVPN
2017-08-04 13:33:44
euve[31631]: Fri Aug 4 13:33:44 2017 us=755929 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
OpenVPN
2017-08-04 13:33:44
euve[31631]: Fri Aug 4 13:33:44 2017 us=755971 [euve.] Peer Connection Initiated with [AF_INET]<SERVER_PUBLIC_IP>:1194
OpenVPN
2017-08-04 13:33:46
euve[31631]: Fri Aug 4 13:33:46 2017 us=865516 SENT CONTROL [euve.]: "PUSH_REQUEST" (status=1)
OpenVPN
2017-08-04 13:33:46
euve[31631]: Fri Aug 4 13:33:46 2017 us=881416 PUSH: Received control message: "PUSH_REPLY,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.8.0.2 255.255.255.0"
OpenVPN
2017-08-04 13:33:46
euve[31631]: Fri Aug 4 13:33:46 2017 us=881542 OPTIONS IMPORT: timers and/or timeouts modified
OpenVPN
2017-08-04 13:33:46
euve[31631]: Fri Aug 4 13:33:46 2017 us=881555 OPTIONS IMPORT: --ifconfig/up options modified
OpenVPN
2017-08-04 13:33:46
euve[31631]: Fri Aug 4 13:33:46 2017 us=881564 OPTIONS IMPORT: route-related options modified
OpenVPN
2017-08-04 13:33:46
euve[31631]: Fri Aug 4 13:33:46 2017 us=887039 TUN/TAP device openvpntun0 opened
OpenVPN
2017-08-04 13:33:46
euve[31631]: Fri Aug 4 13:33:46 2017 us=887086 TUN/TAP TX queue length set to 100
OpenVPN
2017-08-04 13:33:46
euve[31631]: Fri Aug 4 13:33:46 2017 us=887125 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
OpenVPN
2017-08-04 13:33:46
euve[31631]: Fri Aug 4 13:33:46 2017 us=887171 /sbin/ip link set dev openvpntun0 up mtu 1500
OpenVPN
2017-08-04 13:33:46
euve[31631]: Fri Aug 4 13:33:46 2017 us=891416 /sbin/ip addr add dev openvpntun0 10.8.0.2/24 broadcast 10.8.0.255
OpenVPN
2017-08-04 13:33:46
euve[31631]: Fri Aug 4 13:33:46 2017 us=893890 /usr/local/bin/dir.d-exec /etc/openvpn/ifup.client.d/ openvpntun0 1500 1542 10.8.0.2 255.255.255.0 init
OpenVPN
2017-08-04 13:33:47
euve[31631]: 280 scheduled_downloads async call
OpenVPN
2017-08-04 13:33:47
euve[31631]: 232 Restart job "setdnat" - Emit "request(status:restart,params:,name:setdnat)"
OpenVPN
2017-08-04 13:33:47
euve[31631]: 232 Restart job "setsnat" - Emit "request(status:restart,params:,name:setsnat)"
OpenVPN
2017-08-04 13:33:47
euve[31631]: Fri Aug 4 13:33:47 2017 us=805095 Initialization Sequence Completed
* Second Client *
This client is in another subnet behind the Endian firewall wich has no direkt acces to the 192.186.0.0 Network.
Code: Select all
uname -a
Darwin framebook.local 16.7.0 Darwin Kernel Version 16.7.0: Thu Jun 15 17:36:27 PDT 2017; root:xnu-3789.70.16~2/RELEASE_X86_64 x86_64
Network Setup:
Code: Select all
ifconfig
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
options=1203<RXCSUM,TXCSUM,TXSTATUS,SW_TIMESTAMP>
inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
nd6 options=201<PERFORMNUD,DAD>
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
stf0: flags=0<> mtu 1280
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=27<RXCSUM,TXCSUM,VLAN_MTU,TSO4>
ether 00:23:32:c8:f0:34
nd6 options=201<PERFORMNUD,DAD>
media: autoselect
status: inactive
en1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
ether 00:23:6c:89:e6:41
inet6 fe80::18b0:1ac2:b3d4:e473%en1 prefixlen 64 secured scopeid 0x5
inet 192.168.2.199 netmask 0xffffff00 broadcast 192.168.2.255
nd6 options=201<PERFORMNUD,DAD>
media: autoselect
status: active
fw0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 4078
lladdr 00:23:32:ff:fe:c8:f0:34
nd6 options=201<PERFORMNUD,DAD>
media: autoselect <full-duplex>
status: inactive
p2p0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 2304
ether 02:23:6c:89:e6:41
media: autoselect
status: inactive
utun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 2000
inet6 fe80::540b:c90d:c722:4983%utun0 prefixlen 64 scopeid 0x8
nd6 options=201<PERFORMNUD,DAD>
utun1: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1530
inet 10.8.0.3 --> 10.8.0.3 netmask 0xffffff00
View Original macOS using Tunnelblick
client
;dev tap
dev tun
proto udp
remote <SERVER_PUBLIC_IP> 1194
;remote my-server-2 1194
resolv-retry infinite
# Most clients don't need to bind to
# a specific local port number.
nobind
persist-key
persist-tun
ca keys/ca.crt
cert keys/ephraimlocal.crt
key keys/ephraimlocal.key
comp-lzo
# Set log file verbosity.
verb 3
# Silence repeating messages
;mute 20
link-mtu 1572
;tun-mtu 1500
Log
Code: Select all
*Tunnelblick: OS X 10.12.6; Tunnelblick 3.7.1b (build 4813)
2017-08-04 13:35:37 *Tunnelblick: Attempting connection with euve using shadow copy; Set nameserver = 769; monitoring connection
2017-08-04 13:35:37 *Tunnelblick: openvpnstart start euve.tblk 1337 769 0 1 0 1065264 -ptADGNWradsgnw 2.3.17-openssl-1.0.2k
2017-08-04 13:35:37 *Tunnelblick: openvpnstart starting OpenVPN
2017-08-04 13:35:38 *Tunnelblick: openvpnstart log:
OpenVPN started successfully. Command used to start OpenVPN (one argument per displayed line):
/Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.3.17-openssl-1.0.2k/openvpn
--daemon
--log
/Library/Application Support/Tunnelblick/Logs/-SUsers-Sephraim-SLibrary-SApplication Support-STunnelblick-SConfigurations-Seuve.tblk-SContents-SResources-Sconfig.ovpn.769_0_1_0_1065264.1337.openvpn.log
--cd
/Library/Application Support/Tunnelblick/Users/ephraim/euve.tblk/Contents/Resources
--verb
3
--config
/Library/Application Support/Tunnelblick/Users/ephraim/euve.tblk/Contents/Resources/config.ovpn
--verb
3
--cd
/Library/Application Support/Tunnelblick/Users/ephraim/euve.tblk/Contents/Resources
--management
127.0.0.1
1337
--management-query-passwords
--management-hold
--script-security
2
--up
/Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw
--down
/Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw
2017-08-04 13:35:38 *Tunnelblick: Established communication with OpenVPN
2017-08-04 13:35:38 *Tunnelblick: Obtained passphrase from the Keychain
2017-08-04 13:35:38 OpenVPN 2.3.17 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [PKCS11] [MH] [IPv6] built on Jun 21 2017
2017-08-04 13:35:38 library versions: OpenSSL 1.0.2k 26 Jan 2017, LZO 2.09
2017-08-04 13:35:38 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:1337
2017-08-04 13:35:38 Need hold release from management interface, waiting...
2017-08-04 13:35:38 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:1337
2017-08-04 13:35:38 MANAGEMENT: CMD 'pid'
2017-08-04 13:35:38 MANAGEMENT: CMD 'state on'
2017-08-04 13:35:38 MANAGEMENT: CMD 'state'
2017-08-04 13:35:38 MANAGEMENT: CMD 'bytecount 1'
2017-08-04 13:35:38 MANAGEMENT: CMD 'hold release'
2017-08-04 13:35:38 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
2017-08-04 13:35:38 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2017-08-04 13:35:38 MANAGEMENT: CMD 'password [...]'
2017-08-04 13:35:38 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2017-08-04 13:35:38 WARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 1530)
2017-08-04 13:35:38 Socket Buffers: R=[196724->196724] S=[9216->9216]
2017-08-04 13:35:38 UDPv4 link local: [undef]
2017-08-04 13:35:38 UDPv4 link remote: [AF_INET]<SERVER_PUBLIC_IP>:1194
2017-08-04 13:35:38 MANAGEMENT: >STATE:1501846538,WAIT,,,
2017-08-04 13:35:38 MANAGEMENT: >STATE:1501846538,AUTH,,,
2017-08-04 13:35:38 TLS: Initial packet from [AF_INET]<SERVER_PUBLIC_IP>:1194, sid=2a5960e4 3f8e7f9d
2017-08-04 13:35:38 VERIFY OK: depth=1, C=DE, ST=NRW, L=Detmold, O=BTTEC, CN=euve, name=EasyRSA, emailAddress=ephraimhahn@bttec.org
2017-08-04 13:35:38 VERIFY OK: depth=0, C=DE, ST=NRW, L=Detmold, O=BTTEC, CN=euve.hahnklang.de, name=EasyRSA, emailAddress=ephraimhahn@bttec.org
2017-08-04 13:35:38 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1572', remote='link-mtu 1542'
2017-08-04 13:35:38 WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1530', remote='tun-mtu 1500'
2017-08-04 13:35:38 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
2017-08-04 13:35:38 WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
2017-08-04 13:35:38 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
2017-08-04 13:35:38 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
2017-08-04 13:35:38 WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
2017-08-04 13:35:38 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
2017-08-04 13:35:38 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
2017-08-04 13:35:38 [euve.hahnklang.de] Peer Connection Initiated with [AF_INET]<SERVER_PUBLIC_IP>:1194
2017-08-04 13:35:39 MANAGEMENT: >STATE:1501846539,GET_CONFIG,,,
2017-08-04 13:35:41 SENT CONTROL [euve.hahnklang.de]: 'PUSH_REQUEST' (status=1)
2017-08-04 13:35:41 PUSH: Received control message: 'PUSH_REPLY,route 192.168.0.0 255.255.255.0,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.8.0.3 255.255.255.0'
2017-08-04 13:35:41 OPTIONS IMPORT: timers and/or timeouts modified
2017-08-04 13:35:41 OPTIONS IMPORT: --ifconfig/up options modified
2017-08-04 13:35:41 OPTIONS IMPORT: route options modified
2017-08-04 13:35:41 OPTIONS IMPORT: route-related options modified
2017-08-04 13:35:41 Opening utun (connect(AF_SYS_CONTROL)): Resource busy
2017-08-04 13:35:41 Opened utun device utun1
2017-08-04 13:35:41 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
2017-08-04 13:35:41 MANAGEMENT: >STATE:1501846541,ASSIGN_IP,,10.8.0.3,
2017-08-04 13:35:41 /sbin/ifconfig utun1 delete
ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address
2017-08-04 13:35:41 NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure
2017-08-04 13:35:41 /sbin/ifconfig utun1 10.8.0.3 10.8.0.3 netmask 255.255.255.0 mtu 1530 up
2017-08-04 13:35:41 /sbin/route add -net 10.8.0.0 10.8.0.3 255.255.255.0
add net 10.8.0.0: gateway 10.8.0.3
2017-08-04 13:35:41 /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw utun1 1530 1572 10.8.0.3 255.255.255.0 init
**********************************************
Start of output from client.up.tunnelblick.sh
NOTE: No network configuration changes need to be made.
WARNING: Will NOT monitor for other network configuration changes.
WARNING: Will NOT disable IPv6 settings.
DNS servers '192.168.2.15' will be used for DNS queries when the VPN is active
NOTE: The DNS servers do not include any free public DNS servers known to Tunnelblick. This may cause DNS queries to fail or be intercepted or falsified even if they are directed through the VPN. Specify only known public DNS servers or DNS servers located on the VPN network to avoid such problems.
Flushed the DNS cache via dscacheutil
/usr/sbin/discoveryutil not present. Not flushing the DNS cache via discoveryutil
Notified mDNSResponder that the DNS cache was flushed
End of output from client.up.tunnelblick.sh
**********************************************
2017-08-04 13:35:43 *Tunnelblick: No 'connected.sh' script to execute
2017-08-04 13:35:43 MANAGEMENT: >STATE:1501846543,ADD_ROUTES,,,
2017-08-04 13:35:43 /sbin/route add -net 192.168.0.0 10.8.0.1 255.255.255.0
add net 192.168.0.0: gateway 10.8.0.1
2017-08-04 13:35:43 Initialization Sequence Completed
2017-08-04 13:35:43 MANAGEMENT: >STATE:1501846543,CONNECTED,SUCCESS,10.8.0.3,<SERVER_PUBLIC_IP>
As mentioned, all tunnels are successfully established and I can ping the 192.168.0.0 Network from my second client. Also machines in the 192.168.0.0 Network can ping the VPN Server 10.8.0.1, but as soon as I want to start some "real" data transfer, the connection gets stuck without any other things appearing in the logs.