Connecting to home LAN via OpenVPN Server

Need help configuring your VPN? Just post here and you'll get that help.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
emc2
OpenVpn Newbie
Posts: 4
Joined: Thu Aug 03, 2017 7:53 pm

Connecting to home LAN via OpenVPN Server

Post by emc2 » Thu Aug 03, 2017 8:20 pm

Hi all together,

I am currently struggling with my first OpenVPN Setup. The basic idea is to have an OpenVPN Server running on a public vserver machine to which I connect my local Endian Firewall as a client. Now I would like to reach the GREEN Network behind my Endian firewall from every other client of the server. I already got pretty far with the setup, all OpenVPN connections can be established and I am even already able to ping certain machines in the GREEN zone.

The problem is now, as soon as I try some data transfer, there is not really traffic coming through the tunnel. I suspect there is still some routing mistake in my configuration and I would appreciate some support!

My VPN Network has the address range 10.8.0.0/24, the Server being 10.8.0.1
The Endian firewall has the VPN address 10.8.0.12 and in the LAN 192.168.0.15
In that LAN ther is a for example a NAS with the 192.168.0.200 which I would like to reach from other clients.

Here is the OpenVPN Server configuration:
Server
port 1194
proto udp
dev tun

ca /etc/openvpn/easy-rsa2/keys/ca.crt
cert /etc/openvpn/easy-rsa2/keys/server.crt
key /etc/openvpn/easy-rsa2/keys/server.key
dh /etc/openvpn/easy-rsa2/keys/dh2048.pem

topology subnet

server 10.8.0.0 255.255.255.0

ifconfig-pool-persist ipp.txt

client-config-dir /etc/openvpn/ccd
route 192.168.0.15 255.255.255.0
client-to-client
push "route 192.168.0.15 255.255.255.0"

keepalive 10 120
comp-lzo

user nobody
group nogroup

persist-key
persist-tun

status openvpn-status.log
verb 3
The client config file for the Endian firewall contains
Client Config
iroute 192.168.0.0 255.255.255.0
As mentioned, all tunnel connections are succesfully established. Of course I added the proper firewall rules in the Endian firewall to allow its OpenVPN client acces to the GREEN Network.
A ping 192.168.0.200 from another OpenVPN client works, and I can see the NAS Filelisting, but as soon as I want to start some transfer, the connection seems to be stuck.

Anyone could help me? Which further details should I give?

Thank you a lot!
Top
TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Connecting to home LAN via OpenVPN Server

Post by TinCanTech » Fri Aug 04, 2017 12:12 am

emc2 wrote:Which further details should I give?
Your logs at --verb 4 please

Maybe see:
HOWTO: Request Help ! {2}
Top
emc2
OpenVpn Newbie
Posts: 4
Joined: Thu Aug 03, 2017 7:53 pm

Re: Connecting to home LAN via OpenVPN Server

Post by emc2 » Fri Aug 04, 2017 12:22 pm

Okay, I'll try to make it complete:

* Server *

Code: Select all

uname -a
Linux euve 4.4.0-042stab120.20 #1 SMP Fri Mar 10 16:52:50 MSK 2017 x86_64 x86_64 x86_64 GNU/Linux
Network Setup:

Code: Select all

ifconfig
lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:320369 errors:0 dropped:0 overruns:0 frame:0
          TX packets:320369 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:21065970 (21.0 MB)  TX bytes:21065970 (21.0 MB)

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          inet addr:10.8.0.1  P-t-P:10.8.0.1  Mask:255.255.255.0
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:12 errors:0 dropped:0 overruns:0 frame:0
          TX packets:12 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100 
          RX bytes:1008 (1.0 KB)  TX bytes:1008 (1.0 KB)

venet0    Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          inet addr:127.0.0.1  P-t-P:127.0.0.1  Bcast:0.0.0.0  Mask:255.255.255.255
          UP BROADCAST POINTOPOINT RUNNING NOARP  MTU:1500  Metric:1
          RX packets:649244 errors:0 dropped:0 overruns:0 frame:0
          TX packets:519074 errors:0 dropped:158 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:543933641 (543.9 MB)  TX bytes:55667509 (55.6 MB)

venet0:0  Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          inet addr:<SERVER_PUBLIC_IP> P-t-P:<SERVER_PUBLIC_IP>  Bcast:<SERVER_PUBLIC_IP>  Mask:255.255.255.0
          UP BROADCAST POINTOPOINT RUNNING NOARP  MTU:1500  Metric:1
server.conf
port 1194
proto udp
dev tun

ca /etc/openvpn/easy-rsa2/keys/ca.crt
cert /etc/openvpn/easy-rsa2/keys/server.crt
key /etc/openvpn/easy-rsa2/keys/server.key
dh /etc/openvpn/easy-rsa2/keys/dh2048.pem

topology subnet

server 10.8.0.0 255.255.255.0

ifconfig-pool-persist ipp.txt

client-config-dir /etc/openvpn/ccd
route 192.168.0.0 255.255.255.0
client-to-client
push "route 192.168.0.0 255.255.255.0"

keepalive 10 120
comp-lzo

user nobody
group nogroup

persist-key
persist-tun

status openvpn-status.log
verb 4
Server Log: (my local public IP is replaced)

Code: Select all

Aug  4 11:30:12 euve ovpn-server[17836]: Current Parameter Settings:
Aug  4 11:30:12 euve ovpn-server[17836]:   config = '/etc/openvpn/server.conf'
Aug  4 11:30:12 euve ovpn-server[17836]:   mode = 1
Aug  4 11:30:12 euve ovpn-server[17836]:   persist_config = DISABLED
Aug  4 11:30:12 euve ovpn-server[17836]:   persist_mode = 1
Aug  4 11:30:12 euve ovpn-server[17836]:   show_ciphers = DISABLED
Aug  4 11:30:12 euve ovpn-server[17836]:   show_digests = DISABLED
Aug  4 11:30:12 euve ovpn-server[17836]:   show_engines = DISABLED
Aug  4 11:30:12 euve ovpn-server[17836]:   genkey = DISABLED
Aug  4 11:30:12 euve ovpn-server[17836]:   key_pass_file = '[UNDEF]'
Aug  4 11:30:12 euve ovpn-server[17836]:   show_tls_ciphers = DISABLED
Aug  4 11:30:12 euve ovpn-server[17836]: Connection profiles [default]:
Aug  4 11:30:12 euve ovpn-server[17836]:   proto = udp
Aug  4 11:30:12 euve ovpn-server[17836]:   local = '[UNDEF]'
Aug  4 11:30:12 euve ovpn-server[17836]:   local_port = 1194
Aug  4 11:30:12 euve ovpn-server[17836]:   remote = '[UNDEF]'
Aug  4 11:30:12 euve ovpn-server[17836]:   remote_port = 1194
Aug  4 11:30:12 euve ovpn-server[17836]:   remote_float = DISABLED
Aug  4 11:30:12 euve ovpn-server[17836]:   bind_defined = DISABLED
Aug  4 11:30:12 euve ovpn-server[17836]:   bind_local = ENABLED
Aug  4 11:30:12 euve ovpn-server[17836]:   connect_retry_seconds = 5
Aug  4 11:30:12 euve ovpn-server[17836]:   connect_timeout = 10
Aug  4 11:30:12 euve ovpn-server[17836]:   connect_retry_max = 0
Aug  4 11:30:12 euve ovpn-server[17836]:   socks_proxy_server = '[UNDEF]'
Aug  4 11:30:12 euve ovpn-server[17836]:   socks_proxy_port = 0
Aug  4 11:30:12 euve ovpn-server[17836]:   socks_proxy_retry = DISABLED
Aug  4 11:30:12 euve ovpn-server[17836]:   tun_mtu = 1500
Aug  4 11:30:12 euve ovpn-server[17836]:   tun_mtu_defined = ENABLED
Aug  4 11:30:12 euve ovpn-server[17836]:   link_mtu = 1500
Aug  4 11:30:12 euve ovpn-server[17836]:   link_mtu_defined = DISABLED
Aug  4 11:30:12 euve ovpn-server[17836]:   tun_mtu_extra = 0
Aug  4 11:30:12 euve ovpn-server[17836]:   tun_mtu_extra_defined = DISABLED
Aug  4 11:30:12 euve ovpn-server[17836]:   mtu_discover_type = -1
Aug  4 11:30:12 euve ovpn-server[17836]:   fragment = 0
Aug  4 11:30:12 euve ovpn-server[17836]:   mssfix = 1450
Aug  4 11:30:12 euve ovpn-server[17836]:   explicit_exit_notification = 0
Aug  4 11:30:12 euve ovpn-server[17836]: Connection profiles END
Aug  4 11:30:12 euve ovpn-server[17836]:   remote_random = DISABLED
Aug  4 11:30:12 euve ovpn-server[17836]:   ipchange = '[UNDEF]'
Aug  4 11:30:12 euve ovpn-server[17836]:   dev = 'tun'
Aug  4 11:30:12 euve ovpn-server[17836]:   dev_type = '[UNDEF]'
Aug  4 11:30:12 euve ovpn-server[17836]:   dev_node = '[UNDEF]'
Aug  4 11:30:12 euve ovpn-server[17836]:   lladdr = '[UNDEF]'
Aug  4 11:30:12 euve ovpn-server[17836]:   topology = 3
Aug  4 11:30:12 euve ovpn-server[17836]:   tun_ipv6 = DISABLED
Aug  4 11:30:12 euve ovpn-server[17836]:   ifconfig_local = '10.8.0.1'
Aug  4 11:30:12 euve ovpn-server[17836]:   ifconfig_remote_netmask = '255.255.255.0'
Aug  4 11:30:12 euve ovpn-server[17836]:   ifconfig_noexec = DISABLED
Aug  4 11:30:12 euve ovpn-server[17836]:   ifconfig_nowarn = DISABLED
Aug  4 11:30:12 euve ovpn-server[17836]:   ifconfig_ipv6_local = '[UNDEF]'
Aug  4 11:30:12 euve ovpn-server[17836]:   ifconfig_ipv6_netbits = 0
Aug  4 11:30:12 euve ovpn-server[17836]:   ifconfig_ipv6_remote = '[UNDEF]'
Aug  4 11:30:12 euve ovpn-server[17836]:   shaper = 0
Aug  4 11:30:12 euve ovpn-server[17836]:   mtu_test = 0
Aug  4 11:30:12 euve ovpn-server[17836]:   mlock = DISABLED
Aug  4 11:30:12 euve ovpn-server[17836]:   keepalive_ping = 10
Aug  4 11:30:12 euve ovpn-server[17836]:   keepalive_timeout = 120
Aug  4 11:30:12 euve ovpn-server[17836]:   inactivity_timeout = 0
Aug  4 11:30:12 euve ovpn-server[17836]:   ping_send_timeout = 10
Aug  4 11:30:12 euve ovpn-server[17836]:   ping_rec_timeout = 240
Aug  4 11:30:12 euve ovpn-server[17836]:   ping_rec_timeout_action = 2
Aug  4 11:30:12 euve ovpn-server[17836]:   ping_timer_remote = DISABLED
Aug  4 11:30:12 euve ovpn-server[17836]:   remap_sigusr1 = 0
Aug  4 11:30:12 euve ovpn-server[17836]:   persist_tun = ENABLED
Aug  4 11:30:12 euve ovpn-server[17836]:   persist_local_ip = DISABLED
Aug  4 11:30:12 euve ovpn-server[17836]:   persist_remote_ip = DISABLED
Aug  4 11:30:12 euve ovpn-server[17836]:   persist_key = ENABLED
Aug  4 11:30:12 euve ovpn-server[17836]:   passtos = DISABLED
Aug  4 11:30:12 euve ovpn-server[17836]:   resolve_retry_seconds = 1000000000
Aug  4 11:30:12 euve ovpn-server[17836]:   username = 'nobody'
Aug  4 11:30:12 euve ovpn-server[17836]:   groupname = 'nogroup'
Aug  4 11:30:12 euve ovpn-server[17836]:   chroot_dir = '[UNDEF]'
Aug  4 11:30:12 euve ovpn-server[17836]:   cd_dir = '/etc/openvpn'
Aug  4 11:30:12 euve ovpn-server[17836]:   writepid = '/run/openvpn/server.pid'
Aug  4 11:30:12 euve ovpn-server[17836]:   up_script = '[UNDEF]'
Aug  4 11:30:12 euve ovpn-server[17836]:   down_script = '[UNDEF]'
Aug  4 11:30:12 euve ovpn-server[17836]:   down_pre = DISABLED
Aug  4 11:30:12 euve ovpn-server[17836]:   up_restart = DISABLED
Aug  4 11:30:12 euve ovpn-server[17836]:   up_delay = DISABLED
Aug  4 11:30:12 euve ovpn-server[17836]:   daemon = ENABLED
Aug  4 11:30:12 euve ovpn-server[17836]:   inetd = 0
Aug  4 11:30:12 euve ovpn-server[17836]:   log = DISABLED
Aug  4 11:30:12 euve ovpn-server[17836]:   suppress_timestamps = DISABLED
Aug  4 11:30:12 euve ovpn-server[17836]:   nice = 0
Aug  4 11:30:12 euve ovpn-server[17836]:   verbosity = 4
Aug  4 11:30:12 euve ovpn-server[17836]:   mute = 0
Aug  4 11:30:12 euve ovpn-server[17836]:   gremlin = 0
Aug  4 11:30:12 euve ovpn-server[17836]:   status_file = 'openvpn-status.log'
Aug  4 11:30:12 euve ovpn-server[17836]:   status_file_version = 1
Aug  4 11:30:12 euve ovpn-server[17836]:   status_file_update_freq = 10
Aug  4 11:30:12 euve ovpn-server[17836]:   occ = ENABLED
Aug  4 11:30:12 euve ovpn-server[17836]:   rcvbuf = 0
Aug  4 11:30:12 euve ovpn-server[17836]:   sndbuf = 0
Aug  4 11:30:12 euve ovpn-server[17836]:   mark = 0
Aug  4 11:30:12 euve ovpn-server[17836]:   sockflags = 0
Aug  4 11:30:12 euve ovpn-server[17836]:   fast_io = DISABLED
Aug  4 11:30:12 euve ovpn-server[17836]:   lzo = 7
Aug  4 11:30:12 euve ovpn-server[17836]:   route_script = '[UNDEF]'
Aug  4 11:30:12 euve ovpn-server[17836]:   route_default_gateway = '10.8.0.2'
Aug  4 11:30:12 euve ovpn-server[17836]:   route_default_metric = 0
Aug  4 11:30:12 euve ovpn-server[17836]:   route_noexec = DISABLED
Aug  4 11:30:12 euve ovpn-server[17836]:   route_delay = 0
Aug  4 11:30:12 euve ovpn-server[17836]:   route_delay_window = 30
Aug  4 11:30:12 euve ovpn-server[17836]:   route_delay_defined = DISABLED
Aug  4 11:30:12 euve ovpn-server[17836]:   route_nopull = DISABLED
Aug  4 11:30:12 euve ovpn-server[17836]:   route_gateway_via_dhcp = DISABLED
Aug  4 11:30:12 euve ovpn-server[17836]:   max_routes = 100
Aug  4 11:30:12 euve ovpn-server[17836]:   allow_pull_fqdn = DISABLED
Aug  4 11:30:12 euve ovpn-server[17836]:   route 192.168.0.0/255.255.255.0/nil/nil
Aug  4 11:30:12 euve ovpn-server[17836]:   management_addr = '[UNDEF]'
Aug  4 11:30:12 euve ovpn-server[17836]:   management_port = 0
Aug  4 11:30:12 euve ovpn-server[17836]:   management_user_pass = '[UNDEF]'
Aug  4 11:30:12 euve ovpn-server[17836]:   management_log_history_cache = 250
Aug  4 11:30:12 euve ovpn-server[17836]:   management_echo_buffer_size = 100
Aug  4 11:30:12 euve ovpn-server[17836]:   management_write_peer_info_file = '[UNDEF]'
Aug  4 11:30:12 euve ovpn-server[17836]:   management_client_user = '[UNDEF]'
Aug  4 11:30:12 euve ovpn-server[17836]:   management_client_group = '[UNDEF]'
Aug  4 11:30:12 euve ovpn-server[17836]:   management_flags = 0
Aug  4 11:30:12 euve ovpn-server[17836]:   shared_secret_file = '[UNDEF]'
Aug  4 11:30:12 euve ovpn-server[17836]:   key_direction = 0
Aug  4 11:30:12 euve ovpn-server[17836]:   ciphername_defined = ENABLED
Aug  4 11:30:12 euve ovpn-server[17836]:   ciphername = 'BF-CBC'
Aug  4 11:30:12 euve ovpn-server[17836]:   authname_defined = ENABLED
Aug  4 11:30:12 euve ovpn-server[17836]:   authname = 'SHA1'
Aug  4 11:30:12 euve ovpn-server[17836]:   prng_hash = 'SHA1'
Aug  4 11:30:12 euve ovpn-server[17836]:   prng_nonce_secret_len = 16
Aug  4 11:30:12 euve ovpn-server[17836]:   keysize = 0
Aug  4 11:30:12 euve ovpn-server[17836]:   engine = DISABLED
Aug  4 11:30:12 euve ovpn-server[17836]:   replay = ENABLED
Aug  4 11:30:12 euve ovpn-server[17836]:   mute_replay_warnings = DISABLED
Aug  4 11:30:12 euve ovpn-server[17836]:   replay_window = 64
Aug  4 11:30:12 euve ovpn-server[17836]:   replay_time = 15
Aug  4 11:30:12 euve ovpn-server[17836]:   packet_id_file = '[UNDEF]'
Aug  4 11:30:12 euve ovpn-server[17836]:   use_iv = ENABLED
Aug  4 11:30:12 euve ovpn-server[17836]:   test_crypto = DISABLED
Aug  4 11:30:12 euve ovpn-server[17836]:   tls_server = ENABLED
Aug  4 11:30:12 euve ovpn-server[17836]:   tls_client = DISABLED
Aug  4 11:30:12 euve ovpn-server[17836]:   key_method = 2
Aug  4 11:30:12 euve ovpn-server[17836]:   ca_file = '/etc/openvpn/easy-rsa2/keys/ca.crt'
Aug  4 11:30:12 euve ovpn-server[17836]:   ca_path = '[UNDEF]'
Aug  4 11:30:12 euve ovpn-server[17836]:   dh_file = '/etc/openvpn/easy-rsa2/keys/dh2048.pem'
Aug  4 11:30:12 euve ovpn-server[17836]:   cert_file = '/etc/openvpn/easy-rsa2/keys/server.crt'
Aug  4 11:30:12 euve ovpn-server[17836]:   extra_certs_file = '[UNDEF]'
Aug  4 11:30:12 euve ovpn-server[17836]:   priv_key_file = '/etc/openvpn/easy-rsa2/keys/server.key'
Aug  4 11:30:12 euve ovpn-server[17836]:   pkcs12_file = '[UNDEF]'
Aug  4 11:30:12 euve ovpn-server[17836]:   cipher_list = '[UNDEF]'
Aug  4 11:30:12 euve ovpn-server[17836]:   tls_verify = '[UNDEF]'
Aug  4 11:30:12 euve ovpn-server[17836]:   tls_export_cert = '[UNDEF]'
Aug  4 11:30:12 euve ovpn-server[17836]:   verify_x509_type = 0
Aug  4 11:30:12 euve ovpn-server[17836]:   verify_x509_name = '[UNDEF]'
Aug  4 11:30:12 euve ovpn-server[17836]:   crl_file = '[UNDEF]'
Aug  4 11:30:12 euve ovpn-server[17836]:   ns_cert_type = 0
Aug  4 11:30:12 euve ovpn-server[17836]:   remote_cert_ku[i] = 0
Aug  4 11:30:12 euve ovpn-server[17836]: message repeated 15 times: [   remote_cert_ku[i] = 0]
Aug  4 11:30:12 euve ovpn-server[17836]:   remote_cert_eku = '[UNDEF]'
Aug  4 11:30:12 euve ovpn-server[17836]:   ssl_flags = 0
Aug  4 11:30:12 euve ovpn-server[17836]:   tls_timeout = 2
Aug  4 11:30:12 euve ovpn-server[17836]:   renegotiate_bytes = 0
Aug  4 11:30:12 euve ovpn-server[17836]:   renegotiate_packets = 0
Aug  4 11:30:12 euve ovpn-server[17836]:   renegotiate_seconds = 3600
Aug  4 11:30:12 euve ovpn-server[17836]:   handshake_window = 60
Aug  4 11:30:12 euve ovpn-server[17836]:   transition_window = 3600
Aug  4 11:30:12 euve ovpn-server[17836]:   single_session = DISABLED
Aug  4 11:30:12 euve ovpn-server[17836]:   push_peer_info = DISABLED
Aug  4 11:30:12 euve ovpn-server[17836]:   tls_exit = DISABLED
Aug  4 11:30:12 euve ovpn-server[17836]:   tls_auth_file = '[UNDEF]'
Aug  4 11:30:12 euve ovpn-server[17836]:   pkcs11_protected_authentication = DISABLED
Aug  4 11:30:12 euve ovpn-server[17836]: message repeated 15 times: [   pkcs11_protected_authentication = DISABLED]
Aug  4 11:30:12 euve ovpn-server[17836]:   pkcs11_private_mode = 00000000
Aug  4 11:30:12 euve ovpn-server[17836]: message repeated 15 times: [   pkcs11_private_mode = 00000000]
Aug  4 11:30:12 euve ovpn-server[17836]:   pkcs11_cert_private = DISABLED
Aug  4 11:30:12 euve ovpn-server[17836]: message repeated 15 times: [   pkcs11_cert_private = DISABLED]
Aug  4 11:30:12 euve ovpn-server[17836]:   pkcs11_pin_cache_period = -1
Aug  4 11:30:12 euve ovpn-server[17836]:   pkcs11_id = '[UNDEF]'
Aug  4 11:30:12 euve ovpn-server[17836]:   pkcs11_id_management = DISABLED
Aug  4 11:30:12 euve ovpn-server[17836]:   server_network = 10.8.0.0
Aug  4 11:30:12 euve ovpn-server[17836]:   server_netmask = 255.255.255.0
Aug  4 11:30:12 euve ovpn-server[17836]:   server_network_ipv6 = ::
Aug  4 11:30:12 euve ovpn-server[17836]:   server_netbits_ipv6 = 0
Aug  4 11:30:12 euve ovpn-server[17836]:   server_bridge_ip = 0.0.0.0
Aug  4 11:30:12 euve ovpn-server[17836]:   server_bridge_netmask = 0.0.0.0
Aug  4 11:30:12 euve ovpn-server[17836]:   server_bridge_pool_start = 0.0.0.0
Aug  4 11:30:12 euve ovpn-server[17836]:   server_bridge_pool_end = 0.0.0.0
Aug  4 11:30:12 euve ovpn-server[17836]:   push_entry = 'route 192.168.0.0 255.255.255.0'
Aug  4 11:30:12 euve ovpn-server[17836]:   push_entry = 'route-gateway 10.8.0.1'
Aug  4 11:30:12 euve ovpn-server[17836]:   push_entry = 'topology subnet'
Aug  4 11:30:12 euve ovpn-server[17836]:   push_entry = 'ping 10'
Aug  4 11:30:12 euve ovpn-server[17836]:   push_entry = 'ping-restart 120'
Aug  4 11:30:12 euve ovpn-server[17836]:   ifconfig_pool_defined = ENABLED
Aug  4 11:30:12 euve ovpn-server[17836]:   ifconfig_pool_start = 10.8.0.2
Aug  4 11:30:12 euve ovpn-server[17836]:   ifconfig_pool_end = 10.8.0.253
Aug  4 11:30:12 euve ovpn-server[17836]:   ifconfig_pool_netmask = 255.255.255.0
Aug  4 11:30:12 euve ovpn-server[17836]:   ifconfig_pool_persist_filename = 'ipp.txt'
Aug  4 11:30:12 euve ovpn-server[17836]:   ifconfig_pool_persist_refresh_freq = 600
Aug  4 11:30:12 euve ovpn-server[17836]:   ifconfig_ipv6_pool_defined = DISABLED
Aug  4 11:30:12 euve ovpn-server[17836]:   ifconfig_ipv6_pool_base = ::
Aug  4 11:30:12 euve ovpn-server[17836]:   ifconfig_ipv6_pool_netbits = 0
Aug  4 11:30:12 euve ovpn-server[17836]:   n_bcast_buf = 256
Aug  4 11:30:12 euve ovpn-server[17836]:   tcp_queue_limit = 64
Aug  4 11:30:12 euve ovpn-server[17836]:   real_hash_size = 256
Aug  4 11:30:12 euve ovpn-server[17836]:   virtual_hash_size = 256
Aug  4 11:30:12 euve ovpn-server[17836]:   client_connect_script = '[UNDEF]'
Aug  4 11:30:12 euve ovpn-server[17836]:   learn_address_script = '[UNDEF]'
Aug  4 11:30:12 euve ovpn-server[17836]:   client_disconnect_script = '[UNDEF]'
Aug  4 11:30:12 euve ovpn-server[17836]:   client_config_dir = '/etc/openvpn/ccd'
Aug  4 11:30:12 euve ovpn-server[17836]:   ccd_exclusive = DISABLED
Aug  4 11:30:12 euve ovpn-server[17836]:   tmp_dir = '/tmp'
Aug  4 11:30:12 euve ovpn-server[17836]:   push_ifconfig_defined = DISABLED
Aug  4 11:30:12 euve ovpn-server[17836]:   push_ifconfig_local = 0.0.0.0
Aug  4 11:30:12 euve ovpn-server[17836]:   push_ifconfig_remote_netmask = 0.0.0.0
Aug  4 11:30:12 euve ovpn-server[17836]:   push_ifconfig_ipv6_defined = DISABLED
Aug  4 11:30:12 euve ovpn-server[17836]:   push_ifconfig_ipv6_local = ::/0
Aug  4 11:30:12 euve ovpn-server[17836]:   push_ifconfig_ipv6_remote = ::
Aug  4 11:30:12 euve ovpn-server[17836]:   enable_c2c = ENABLED
Aug  4 11:30:12 euve ovpn-server[17836]:   duplicate_cn = DISABLED
Aug  4 11:30:12 euve ovpn-server[17836]:   cf_max = 0
Aug  4 11:30:12 euve ovpn-server[17836]:   cf_per = 0
Aug  4 11:30:12 euve ovpn-server[17836]:   max_clients = 1024
Aug  4 11:30:12 euve ovpn-server[17836]:   max_routes_per_client = 256
Aug  4 11:30:12 euve ovpn-server[17836]:   auth_user_pass_verify_script = '[UNDEF]'
Aug  4 11:30:12 euve ovpn-server[17836]:   auth_user_pass_verify_script_via_file = DISABLED
Aug  4 11:30:12 euve ovpn-server[17836]:   port_share_host = '[UNDEF]'
Aug  4 11:30:12 euve ovpn-server[17836]:   port_share_port = 0
Aug  4 11:30:12 euve ovpn-server[17836]:   client = DISABLED
Aug  4 11:30:12 euve ovpn-server[17836]:   pull = DISABLED
Aug  4 11:30:12 euve ovpn-server[17836]:   auth_user_pass_file = '[UNDEF]'
Aug  4 11:30:12 euve ovpn-server[17836]: OpenVPN 2.3.10 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jun 22 2017
Aug  4 11:30:12 euve ovpn-server[17836]: library versions: OpenSSL 1.0.2g  1 Mar 2016, LZO 2.08
Aug  4 11:30:12 euve ovpn-server[17837]: Diffie-Hellman initialized with 2048 bit key
Aug  4 11:30:12 euve ovpn-server[17837]: TLS-Auth MTU parms [ L:1542 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Aug  4 11:30:12 euve ovpn-server[17837]: Socket Buffers: R=[133120->133120] S=[133120->133120]
Aug  4 11:30:12 euve ovpn-server[17837]: ROUTE_GATEWAY ON_LINK IFACE=venet0 HWADDR=00:00:00:00:00:00
Aug  4 11:30:12 euve ovpn-server[17837]: TUN/TAP device tun0 opened
Aug  4 11:30:12 euve ovpn-server[17837]: TUN/TAP TX queue length set to 100
Aug  4 11:30:12 euve ovpn-server[17837]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Aug  4 11:30:12 euve ovpn-server[17837]: /sbin/ip link set dev tun0 up mtu 1500
Aug  4 11:30:12 euve ovpn-server[17837]: /sbin/ip addr add dev tun0 10.8.0.1/24 broadcast 10.8.0.255
Aug  4 11:30:12 euve ovpn-server[17837]: /sbin/ip route add 192.168.0.0/24 via 10.8.0.2
Aug  4 11:30:12 euve ovpn-server[17837]: Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:143 ET:0 EL:3 AF:3/1 ]
Aug  4 11:30:12 euve ovpn-server[17837]: GID set to nogroup
Aug  4 11:30:12 euve ovpn-server[17837]: UID set to nobody
Aug  4 11:30:12 euve ovpn-server[17837]: UDPv4 link local (bound): [undef]
Aug  4 11:30:12 euve ovpn-server[17837]: UDPv4 link remote: [undef]
Aug  4 11:30:12 euve ovpn-server[17837]: MULTI: multi_init called, r=256 v=256
Aug  4 11:30:12 euve ovpn-server[17837]: IFCONFIG POOL: base=10.8.0.2 size=252, ipv6=0
Aug  4 11:30:12 euve ovpn-server[17837]: ifconfig_pool_read(), in='bahnhofstrasse,10.8.0.2', TODO: IPv6
Aug  4 11:30:12 euve ovpn-server[17837]: succeeded -> ifconfig_pool_set()
Aug  4 11:30:12 euve ovpn-server[17837]: ifconfig_pool_read(), in='ephraimlocal,10.8.0.3', TODO: IPv6
Aug  4 11:30:12 euve ovpn-server[17837]: succeeded -> ifconfig_pool_set()
Aug  4 11:30:12 euve ovpn-server[17837]: IFCONFIG POOL LIST
Aug  4 11:30:12 euve ovpn-server[17837]: bahnhofstrasse,10.8.0.2
Aug  4 11:30:12 euve ovpn-server[17837]: ephraimlocal,10.8.0.3
Aug  4 11:30:12 euve ovpn-server[17837]: Initialization Sequence Completed
Aug  4 11:30:52 euve ovpn-server[17837]: MULTI: multi_create_instance called
Aug  4 11:30:52 euve ovpn-server[17837]: <LOCAL_PUBLIC_IP>:64938 Re-using SSL/TLS context
Aug  4 11:30:52 euve ovpn-server[17837]: <LOCAL_PUBLIC_IP>:64938 LZO compression initialized
Aug  4 11:30:52 euve ovpn-server[17837]: <LOCAL_PUBLIC_IP>:64938 Control Channel MTU parms [ L:1542 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Aug  4 11:30:52 euve ovpn-server[17837]: <LOCAL_PUBLIC_IP>:64938 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:143 ET:0 EL:3 AF:3/1 ]
Aug  4 11:30:52 euve ovpn-server[17837]: <LOCAL_PUBLIC_IP>:64938 Local Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Aug  4 11:30:52 euve ovpn-server[17837]: <LOCAL_PUBLIC_IP>:64938 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Aug  4 11:30:52 euve ovpn-server[17837]: <LOCAL_PUBLIC_IP>:64938 Local Options hash (VER=V4): '530fdded'
Aug  4 11:30:52 euve ovpn-server[17837]: <LOCAL_PUBLIC_IP>:64938 Expected Remote Options hash (VER=V4): '41690919'
Aug  4 11:30:52 euve ovpn-server[17837]: <LOCAL_PUBLIC_IP>:64938 TLS: Initial packet from [AF_INET]<LOCAL_PUBLIC_IP>:64938, sid=f5481f52 b6034673
Aug  4 11:30:52 euve ovpn-server[17837]: <LOCAL_PUBLIC_IP>:64938 VERIFY OK: depth=1, C=DE, ST=NRW, L=Detmold, O=BTTEC, CN=euve, name=EasyRSA, emailAddress=xx
Aug  4 11:30:52 euve ovpn-server[17837]: <LOCAL_PUBLIC_IP>:64938 VERIFY OK: depth=0, C=DE, ST=NRW, L=Detmold, O=BTTEC, OU=MasterThienhaus, CN=bahnhofstrasse, name=EasyRSA, emailAddress=xx
Aug  4 11:30:52 euve ovpn-server[17837]: <LOCAL_PUBLIC_IP>:64938 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Aug  4 11:30:52 euve ovpn-server[17837]: <LOCAL_PUBLIC_IP>:64938 WARNING: this cipher's block size is less than 128 bit (64 bit).  Consider using a --cipher with a larger block size.
Aug  4 11:30:52 euve ovpn-server[17837]: <LOCAL_PUBLIC_IP>:64938 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Aug  4 11:30:52 euve ovpn-server[17837]: <LOCAL_PUBLIC_IP>:64938 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Aug  4 11:30:52 euve ovpn-server[17837]: <LOCAL_PUBLIC_IP>:64938 WARNING: this cipher's block size is less than 128 bit (64 bit).  Consider using a --cipher with a larger block size.
Aug  4 11:30:52 euve ovpn-server[17837]: <LOCAL_PUBLIC_IP>:64938 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Aug  4 11:30:52 euve ovpn-server[17837]: <LOCAL_PUBLIC_IP>:64938 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Aug  4 11:30:52 euve ovpn-server[17837]: <LOCAL_PUBLIC_IP>:64938 [bahnhofstrasse] Peer Connection Initiated with [AF_INET]<LOCAL_PUBLIC_IP>:64938
Aug  4 11:30:52 euve ovpn-server[17837]: bahnhofstrasse/<LOCAL_PUBLIC_IP>:64938 OPTIONS IMPORT: reading client specific options from: /etc/openvpn/ccd/bahnhofstrasse
Aug  4 11:30:52 euve ovpn-server[17837]: bahnhofstrasse/<LOCAL_PUBLIC_IP>:64938 MULTI_sva: pool returned IPv4=10.8.0.2, IPv6=(Not enabled)
Aug  4 11:30:52 euve ovpn-server[17837]: bahnhofstrasse/<LOCAL_PUBLIC_IP>:64938 MULTI: Learn: 10.8.0.2 -> bahnhofstrasse/<LOCAL_PUBLIC_IP>:64938
Aug  4 11:30:52 euve ovpn-server[17837]: bahnhofstrasse/<LOCAL_PUBLIC_IP>:64938 MULTI: primary virtual IP for bahnhofstrasse/<LOCAL_PUBLIC_IP>:64938: 10.8.0.2
Aug  4 11:30:52 euve ovpn-server[17837]: bahnhofstrasse/<LOCAL_PUBLIC_IP>:64938 MULTI: internal route 192.168.0.0/24 -> bahnhofstrasse/<LOCAL_PUBLIC_IP>:64938
Aug  4 11:30:52 euve ovpn-server[17837]: bahnhofstrasse/<LOCAL_PUBLIC_IP>:64938 MULTI: Learn: 192.168.0.0/24 -> bahnhofstrasse/<LOCAL_PUBLIC_IP>:64938
Aug  4 11:30:52 euve ovpn-server[17837]: bahnhofstrasse/<LOCAL_PUBLIC_IP>:64938 REMOVE PUSH ROUTE: 'route 192.168.0.0 255.255.255.0'
Aug  4 11:30:55 euve ovpn-server[17837]: bahnhofstrasse/<LOCAL_PUBLIC_IP>:64938 PUSH: Received control message: 'PUSH_REQUEST'
Aug  4 11:30:55 euve ovpn-server[17837]: bahnhofstrasse/<LOCAL_PUBLIC_IP>:64938 send_push_reply(): safe_cap=940
Aug  4 11:30:55 euve ovpn-server[17837]: bahnhofstrasse/<LOCAL_PUBLIC_IP>:64938 SENT CONTROL [bahnhofstrasse]: 'PUSH_REPLY,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.8.0.2 255.255.255.0' (status=1)
Aug  4 11:33:42 euve ovpn-server[17837]: MULTI: multi_create_instance called
Aug  4 11:33:42 euve ovpn-server[17837]: <LOCAL_PUBLIC_IP>:64826 Re-using SSL/TLS context
Aug  4 11:33:42 euve ovpn-server[17837]: <LOCAL_PUBLIC_IP>:64826 LZO compression initialized
Aug  4 11:33:42 euve ovpn-server[17837]: <LOCAL_PUBLIC_IP>:64826 Control Channel MTU parms [ L:1542 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Aug  4 11:33:42 euve ovpn-server[17837]: <LOCAL_PUBLIC_IP>:64826 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:143 ET:0 EL:3 AF:3/1 ]
Aug  4 11:33:42 euve ovpn-server[17837]: <LOCAL_PUBLIC_IP>:64826 Local Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Aug  4 11:33:42 euve ovpn-server[17837]: <LOCAL_PUBLIC_IP>:64826 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Aug  4 11:33:42 euve ovpn-server[17837]: <LOCAL_PUBLIC_IP>:64826 Local Options hash (VER=V4): '530fdded'
Aug  4 11:33:42 euve ovpn-server[17837]: <LOCAL_PUBLIC_IP>:64826 Expected Remote Options hash (VER=V4): '41690919'
Aug  4 11:33:42 euve ovpn-server[17837]: <LOCAL_PUBLIC_IP>:64826 TLS: Initial packet from [AF_INET]<LOCAL_PUBLIC_IP>:64826, sid=8ba55dc8 79630844
Aug  4 11:33:44 euve ovpn-server[17837]: <LOCAL_PUBLIC_IP>:64826 VERIFY OK: depth=1, C=DE, ST=NRW, L=Detmold, O=BTTEC, CN=euve, name=EasyRSA, emailAddress=xx
Aug  4 11:33:44 euve ovpn-server[17837]: <LOCAL_PUBLIC_IP>:64826 VERIFY OK: depth=0, C=DE, ST=NRW, L=Detmold, O=BTTEC, OU=MasterThienhaus, CN=bahnhofstrasse, name=EasyRSA, emailAddress=xx
Aug  4 11:33:44 euve ovpn-server[17837]: <LOCAL_PUBLIC_IP>:64826 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Aug  4 11:33:44 euve ovpn-server[17837]: <LOCAL_PUBLIC_IP>:64826 WARNING: this cipher's block size is less than 128 bit (64 bit).  Consider using a --cipher with a larger block size.
Aug  4 11:33:44 euve ovpn-server[17837]: <LOCAL_PUBLIC_IP>:64826 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Aug  4 11:33:44 euve ovpn-server[17837]: <LOCAL_PUBLIC_IP>:64826 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Aug  4 11:33:44 euve ovpn-server[17837]: <LOCAL_PUBLIC_IP>:64826 WARNING: this cipher's block size is less than 128 bit (64 bit).  Consider using a --cipher with a larger block size.
Aug  4 11:33:44 euve ovpn-server[17837]: <LOCAL_PUBLIC_IP>:64826 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Aug  4 11:33:44 euve ovpn-server[17837]: <LOCAL_PUBLIC_IP>:64826 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Aug  4 11:33:44 euve ovpn-server[17837]: <LOCAL_PUBLIC_IP>:64826 [bahnhofstrasse] Peer Connection Initiated with [AF_INET]<LOCAL_PUBLIC_IP>:64826
Aug  4 11:33:44 euve ovpn-server[17837]: MULTI: new connection by client 'bahnhofstrasse' will cause previous active sessions by this client to be dropped.  Remember to use the --duplicate-cn option if you want multiple clients using the same certificate or username to concurrently connect.
Aug  4 11:33:44 euve ovpn-server[17837]: OPTIONS IMPORT: reading client specific options from: /etc/openvpn/ccd/bahnhofstrasse
Aug  4 11:33:44 euve ovpn-server[17837]: MULTI_sva: pool returned IPv4=10.8.0.2, IPv6=(Not enabled)
Aug  4 11:33:44 euve ovpn-server[17837]: MULTI: Learn: 10.8.0.2 -> bahnhofstrasse/<LOCAL_PUBLIC_IP>:64826
Aug  4 11:33:44 euve ovpn-server[17837]: MULTI: primary virtual IP for bahnhofstrasse/<LOCAL_PUBLIC_IP>:64826: 10.8.0.2
Aug  4 11:33:44 euve ovpn-server[17837]: MULTI: internal route 192.168.0.0/24 -> bahnhofstrasse/<LOCAL_PUBLIC_IP>:64826
Aug  4 11:33:44 euve ovpn-server[17837]: MULTI: Learn: 192.168.0.0/24 -> bahnhofstrasse/<LOCAL_PUBLIC_IP>:64826
Aug  4 11:33:44 euve ovpn-server[17837]: REMOVE PUSH ROUTE: 'route 192.168.0.0 255.255.255.0'
Aug  4 11:33:46 euve ovpn-server[17837]: bahnhofstrasse/<LOCAL_PUBLIC_IP>:64826 PUSH: Received control message: 'PUSH_REQUEST'
Aug  4 11:33:46 euve ovpn-server[17837]: bahnhofstrasse/<LOCAL_PUBLIC_IP>:64826 send_push_reply(): safe_cap=940
Aug  4 11:33:46 euve ovpn-server[17837]: bahnhofstrasse/<LOCAL_PUBLIC_IP>:64826 SENT CONTROL [bahnhofstrasse]: 'PUSH_REPLY,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.8.0.2 255.255.255.0' (status=1)
Aug  4 11:35:39 euve ovpn-server[17837]: MULTI: multi_create_instance called
Aug  4 11:35:39 euve ovpn-server[17837]: <LOCAL_PUBLIC_IP>:64823 Re-using SSL/TLS context
Aug  4 11:35:39 euve ovpn-server[17837]: <LOCAL_PUBLIC_IP>:64823 LZO compression initialized
Aug  4 11:35:39 euve ovpn-server[17837]: <LOCAL_PUBLIC_IP>:64823 Control Channel MTU parms [ L:1542 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Aug  4 11:35:39 euve ovpn-server[17837]: <LOCAL_PUBLIC_IP>:64823 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:143 ET:0 EL:3 AF:3/1 ]
Aug  4 11:35:39 euve ovpn-server[17837]: <LOCAL_PUBLIC_IP>:64823 Local Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Aug  4 11:35:39 euve ovpn-server[17837]: <LOCAL_PUBLIC_IP>:64823 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Aug  4 11:35:39 euve ovpn-server[17837]: <LOCAL_PUBLIC_IP>:64823 Local Options hash (VER=V4): '530fdded'
Aug  4 11:35:39 euve ovpn-server[17837]: <LOCAL_PUBLIC_IP>:64823 Expected Remote Options hash (VER=V4): '41690919'
Aug  4 11:35:39 euve ovpn-server[17837]: <LOCAL_PUBLIC_IP>:64823 TLS: Initial packet from [AF_INET]<LOCAL_PUBLIC_IP>:64823, sid=4bb66510 6ce8d3b4
Aug  4 11:35:39 euve ovpn-server[17837]: <LOCAL_PUBLIC_IP>:64823 VERIFY OK: depth=1, C=DE, ST=NRW, L=Detmold, O=BTTEC, CN=euve, name=EasyRSA, emailAddress=xx
Aug  4 11:35:39 euve ovpn-server[17837]: <LOCAL_PUBLIC_IP>:64823 VERIFY OK: depth=0, C=DE, ST=NRW, L=Detmold, O=BTTEC, CN=ephraimlocal, name=EasyRSA, emailAddress=xx
Aug  4 11:35:39 euve ovpn-server[17837]: <LOCAL_PUBLIC_IP>:64823 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1542', remote='link-mtu 1572'
Aug  4 11:35:39 euve ovpn-server[17837]: <LOCAL_PUBLIC_IP>:64823 WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1500', remote='tun-mtu 1530'
Aug  4 11:35:39 euve ovpn-server[17837]: <LOCAL_PUBLIC_IP>:64823 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Aug  4 11:35:39 euve ovpn-server[17837]: <LOCAL_PUBLIC_IP>:64823 WARNING: this cipher's block size is less than 128 bit (64 bit).  Consider using a --cipher with a larger block size.
Aug  4 11:35:39 euve ovpn-server[17837]: <LOCAL_PUBLIC_IP>:64823 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Aug  4 11:35:39 euve ovpn-server[17837]: <LOCAL_PUBLIC_IP>:64823 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Aug  4 11:35:39 euve ovpn-server[17837]: <LOCAL_PUBLIC_IP>:64823 WARNING: this cipher's block size is less than 128 bit (64 bit).  Consider using a --cipher with a larger block size.
Aug  4 11:35:39 euve ovpn-server[17837]: <LOCAL_PUBLIC_IP>:64823 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Aug  4 11:35:39 euve ovpn-server[17837]: <LOCAL_PUBLIC_IP>:64823 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Aug  4 11:35:39 euve ovpn-server[17837]: <LOCAL_PUBLIC_IP>:64823 [ephraimlocal] Peer Connection Initiated with [AF_INET]<LOCAL_PUBLIC_IP>:64823
Aug  4 11:35:39 euve ovpn-server[17837]: ephraimlocal/<LOCAL_PUBLIC_IP>:64823 MULTI_sva: pool returned IPv4=10.8.0.3, IPv6=(Not enabled)
Aug  4 11:35:39 euve ovpn-server[17837]: ephraimlocal/<LOCAL_PUBLIC_IP>:64823 MULTI: Learn: 10.8.0.3 -> ephraimlocal/<LOCAL_PUBLIC_IP>:64823
Aug  4 11:35:39 euve ovpn-server[17837]: ephraimlocal/<LOCAL_PUBLIC_IP>:64823 MULTI: primary virtual IP for ephraimlocal/<LOCAL_PUBLIC_IP>:64823: 10.8.0.3
Aug  4 11:35:41 euve ovpn-server[17837]: ephraimlocal/<LOCAL_PUBLIC_IP>:64823 PUSH: Received control message: 'PUSH_REQUEST'
Aug  4 11:35:41 euve ovpn-server[17837]: ephraimlocal/<LOCAL_PUBLIC_IP>:64823 send_push_reply(): safe_cap=940
Aug  4 11:35:41 euve ovpn-server[17837]: ephraimlocal/<LOCAL_PUBLIC_IP>:64823 SENT CONTROL [ephraimlocal]: 'PUSH_REPLY,route 192.168.0.0 255.255.255.0,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.8.0.3 255.255.255.0' (status=1)
Aug  4 11:38:22 euve ovpn-server[17837]: ephraimlocal/<LOCAL_PUBLIC_IP>:64823 MULTI: Learn: 192.168.0.15 -> bahnhofstrasse/<LOCAL_PUBLIC_IP>:64826
Aug  4 11:39:31 euve ovpn-server[17837]: bahnhofstrasse/<LOCAL_PUBLIC_IP>:64826 MULTI: Learn: 192.168.0.250 -> bahnhofstrasse/<LOCAL_PUBLIC_IP>:64826
Aug  4 11:41:52 euve ovpn-server[17837]: ephraimlocal/<LOCAL_PUBLIC_IP>:64823 MULTI: Learn: 192.168.0.200 -> bahnhofstrasse/<LOCAL_PUBLIC_IP>:64826
Aug  4 11:44:08 euve ovpn-server[17837]: bahnhofstrasse/<LOCAL_PUBLIC_IP>:64826 PID_ERR replay-window backtrack occurred [2] [SSL-0] [0__00001111111114>EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE] 0:427 0:425 t=1501847048[0] r=[-4,64,15,2,1] sl=[21,64,64,528]
Aug  4 11:47:09 euve ovpn-server[17837]: bahnhofstrasse/<LOCAL_PUBLIC_IP>:64826 PID_ERR replay-window backtrack occurred [3] [SSL-0] [00__00001111111119EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE] 0:506 0:503 t=1501847229[0] r=[-1,64,15,3,1] sl=[6,64,64,528]
* Endian Firewall Client with LAN 192.168.0.0 behind it *

Code: Select all

Linux efw.localdomain 2.6.32.43-57.e51.i586 #1 SMP Tue Sep 10 04:36:09 EDT 2013 i686 i686 i386 GNU/Linux
Network Setup:

Code: Select all

ifconfig
br0       Link encap:Ethernet  HWaddr 00:13:D3:DA:16:AC  
          inet addr:192.168.0.15  Bcast:192.168.0.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:37519215 errors:0 dropped:0 overruns:0 frame:0
          TX packets:29285197 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:1217336640 (1.1 GiB)  TX bytes:3618688929 (3.3 GiB)

br1       Link encap:Ethernet  HWaddr 4E:11:D5:4F:A1:50  
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

br2       Link encap:Ethernet  HWaddr 00:13:D3:DA:16:AD  
          inet addr:192.168.2.15  Bcast:192.168.2.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:21540922 errors:0 dropped:0 overruns:0 frame:0
          TX packets:45272662 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:448675212 (427.8 MiB)  TX bytes:1025409319 (977.9 MiB)

eth0      Link encap:Ethernet  HWaddr 00:13:D3:DA:16:AC  
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
          RX packets:37519880 errors:0 dropped:8 overruns:0 frame:0
          TX packets:29285198 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:1766446428 (1.6 GiB)  TX bytes:3618689163 (3.3 GiB)
          Interrupt:16 

eth1      Link encap:Ethernet  HWaddr 00:13:D3:DA:16:AD  
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
          RX packets:21541021 errors:0 dropped:0 overruns:0 frame:0
          TX packets:45272660 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:779527550 (743.4 MiB)  TX bytes:1025409235 (977.9 MiB)
          Interrupt:17 

eth2      Link encap:Ethernet  HWaddr 00:1B:21:63:8C:AC  
          inet addr:192.168.1.2  Bcast:192.168.1.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:74041155 errors:1 dropped:0 overruns:0 frame:1
          TX packets:58045664 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:4112180041 (3.8 GiB)  TX bytes:2294530586 (2.1 GiB)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:28019715 errors:0 dropped:0 overruns:0 frame:0
          TX packets:28019715 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:2094136249 (1.9 GiB)  TX bytes:2094136249 (1.9 GiB)

openvpntu Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          inet addr:10.8.0.2  P-t-P:10.8.0.2  Mask:255.255.255.0
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:710 errors:0 dropped:0 overruns:0 frame:0
          TX packets:504 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100 
          RX bytes:54975 (53.6 KiB)  TX bytes:186730 (182.3 KiB)
client.conf
# Begin Additional configuration:
# (This is to cause the process to restart whenever
# such a configuration value changes)
# NAT: off
# Routetype: routed
# Block DHCP: on
# End Additional configuration

client
pull

comp-lzo yes

nobind
resolv-retry infinite
script-security 2 system
auth-retry nointeract

dev openvpntun0
dev-type tun

;askpass /var/efw/openvpnclients/euve/ephraimlocal.pass
ns-cert-type server
ca /var/efw/openvpnclients/euve/ca.crt
cert /var/efw/openvpnclients/euve/bahnhofstrasse.crt
key /var/efw/openvpnclients/euve/bahnhofstrasse.key
;auth-user-pass /var/efw/openvpnclients/euve/credentials

;tls-auth /var/efw/openvpnclients/euve/tls.key

proto udp

remote 62.75.213.217 1194 udp


writepid /var/run/openvpn/client_1.pid

up-delay
up "/usr/local/bin/dir.d-exec /etc/openvpn/ifup.client.d/"
down-pre
down "/usr/local/bin/dir.d-exec /etc/openvpn/ifdown.client.d/"

#custom "/usr/local/bin/dir.d-exec /etc/openvpn/custom.client.d/"


verb 4
Log:

Code: Select all






OpenVPN
2017-08-04 13:33:42
euve[31631]: Fri Aug 4 13:33:42 2017 us=723817 duplicate_cn = DISABLED
OpenVPN
2017-08-04 13:33:42
euve[31631]: Fri Aug 4 13:33:42 2017 us=723827 cf_max = 0
OpenVPN
2017-08-04 13:33:42
euve[31631]: Fri Aug 4 13:33:42 2017 us=723837 cf_per = 0
OpenVPN
2017-08-04 13:33:42
euve[31631]: Fri Aug 4 13:33:42 2017 us=723847 max_clients = 1024
OpenVPN
2017-08-04 13:33:42
euve[31631]: Fri Aug 4 13:33:42 2017 us=723857 max_routes_per_client = 256
OpenVPN
2017-08-04 13:33:42
euve[31631]: Fri Aug 4 13:33:42 2017 us=723868 auth_user_pass_verify_script = "[UNDEF]"
OpenVPN
2017-08-04 13:33:42
euve[31631]: Fri Aug 4 13:33:42 2017 us=723878 auth_user_pass_verify_script_via_file = DISABLED
OpenVPN
2017-08-04 13:33:42
euve[31631]: Fri Aug 4 13:33:42 2017 us=723888 port_share_host = "[UNDEF]"
OpenVPN
2017-08-04 13:33:42
euve[31631]: Fri Aug 4 13:33:42 2017 us=723898 port_share_port = 0
OpenVPN
2017-08-04 13:33:42
euve[31631]: Fri Aug 4 13:33:42 2017 us=723908 client = ENABLED
OpenVPN
2017-08-04 13:33:42
euve[31631]: Fri Aug 4 13:33:42 2017 us=723918 pull = ENABLED
OpenVPN
2017-08-04 13:33:42
euve[31631]: Fri Aug 4 13:33:42 2017 us=723927 auth_user_pass_file = "[UNDEF]"
OpenVPN
2017-08-04 13:33:42
euve[31631]: Fri Aug 4 13:33:42 2017 us=723941 OpenVPN 2.3.6 i686-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Mar 9 2015
OpenVPN
2017-08-04 13:33:42
euve[31631]: Fri Aug 4 13:33:42 2017 us=723963 library versions: OpenSSL 1.0.1h 5 Jun 2014, LZO 2.01
OpenVPN
2017-08-04 13:33:42
euve[31631]: Fri Aug 4 13:33:42 2017 us=724064 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
OpenVPN
2017-08-04 13:33:42
euve[31631]: Fri Aug 4 13:33:42 2017 us=728795 LZO compression initialized
OpenVPN
2017-08-04 13:33:42
euve[31631]: Fri Aug 4 13:33:42 2017 us=728940 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
OpenVPN
2017-08-04 13:33:42
euve[31631]: Fri Aug 4 13:33:42 2017 us=729001 Socket Buffers: R=[115712->131072] S=[115712->131072]
OpenVPN
2017-08-04 13:33:42
euve[31631]: Fri Aug 4 13:33:42 2017 us=729037 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
OpenVPN
2017-08-04 13:33:42
euve[31631]: Fri Aug 4 13:33:42 2017 us=729073 Local Options String: "V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client"
OpenVPN
2017-08-04 13:33:42
euve[31631]: Fri Aug 4 13:33:42 2017 us=729083 Expected Remote Options String: "V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server"
OpenVPN
2017-08-04 13:33:42
euve[31631]: Fri Aug 4 13:33:42 2017 us=729118 Local Options hash (VER=V4): "41690919"
OpenVPN
2017-08-04 13:33:42
euve[31631]: Fri Aug 4 13:33:42 2017 us=729140 Expected Remote Options hash (VER=V4): "530fdded"
OpenVPN
2017-08-04 13:33:42
euve[31631]: Fri Aug 4 13:33:42 2017 us=729288 UDPv4 link local: [undef]
OpenVPN
2017-08-04 13:33:42
euve[31631]: Fri Aug 4 13:33:42 2017 us=729305 UDPv4 link remote: [AF_INET]<SERVER_PUBLIC_IP>:1194
OpenVPN
2017-08-04 13:33:42
euve[31631]: Fri Aug 4 13:33:42 2017 us=745156 TLS: Initial packet from [AF_INET]<SERVER_PUBLIC_IP>:1194, sid=22228f75 7865a9f1
OpenVPN
2017-08-04 13:33:42
euve[31631]: Fri Aug 4 13:33:42 2017 us=774838 VERIFY OK: depth=1, C=DE, ST=NRW, L=Detmold, O=BTTEC, CN=euve, name=EasyRSA, emailAddress=xxx
OpenVPN
2017-08-04 13:33:42
euve[31631]: Fri Aug 4 13:33:42 2017 us=777625 VERIFY OK: nsCertType=SERVER
OpenVPN
2017-08-04 13:33:42
euve[31631]: Fri Aug 4 13:33:42 2017 us=777639 VERIFY OK: depth=0, C=DE, ST=NRW, L=Detmold, O=BTTEC, CN=euve., name=EasyRSA, emailAddress=xxx
OpenVPN
2017-08-04 13:33:44
euve[31631]: Fri Aug 4 13:33:44 2017 us=755702 Data Channel Encrypt: Cipher "BF-CBC" initialized with 128 bit key
OpenVPN
2017-08-04 13:33:44
euve[31631]: Fri Aug 4 13:33:44 2017 us=755740 Data Channel Encrypt: Using 160 bit message hash "SHA1" for HMAC authentication
OpenVPN
2017-08-04 13:33:44
euve[31631]: Fri Aug 4 13:33:44 2017 us=755828 Data Channel Decrypt: Cipher "BF-CBC" initialized with 128 bit key
OpenVPN
2017-08-04 13:33:44
euve[31631]: Fri Aug 4 13:33:44 2017 us=755843 Data Channel Decrypt: Using 160 bit message hash "SHA1" for HMAC authentication
OpenVPN
2017-08-04 13:33:44
euve[31631]: Fri Aug 4 13:33:44 2017 us=755929 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
OpenVPN
2017-08-04 13:33:44
euve[31631]: Fri Aug 4 13:33:44 2017 us=755971 [euve.] Peer Connection Initiated with [AF_INET]<SERVER_PUBLIC_IP>:1194
OpenVPN
2017-08-04 13:33:46
euve[31631]: Fri Aug 4 13:33:46 2017 us=865516 SENT CONTROL [euve.]: "PUSH_REQUEST" (status=1)
OpenVPN
2017-08-04 13:33:46
euve[31631]: Fri Aug 4 13:33:46 2017 us=881416 PUSH: Received control message: "PUSH_REPLY,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.8.0.2 255.255.255.0"
OpenVPN
2017-08-04 13:33:46
euve[31631]: Fri Aug 4 13:33:46 2017 us=881542 OPTIONS IMPORT: timers and/or timeouts modified
OpenVPN
2017-08-04 13:33:46
euve[31631]: Fri Aug 4 13:33:46 2017 us=881555 OPTIONS IMPORT: --ifconfig/up options modified
OpenVPN
2017-08-04 13:33:46
euve[31631]: Fri Aug 4 13:33:46 2017 us=881564 OPTIONS IMPORT: route-related options modified
OpenVPN
2017-08-04 13:33:46
euve[31631]: Fri Aug 4 13:33:46 2017 us=887039 TUN/TAP device openvpntun0 opened
OpenVPN
2017-08-04 13:33:46
euve[31631]: Fri Aug 4 13:33:46 2017 us=887086 TUN/TAP TX queue length set to 100
OpenVPN
2017-08-04 13:33:46
euve[31631]: Fri Aug 4 13:33:46 2017 us=887125 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
OpenVPN
2017-08-04 13:33:46
euve[31631]: Fri Aug 4 13:33:46 2017 us=887171 /sbin/ip link set dev openvpntun0 up mtu 1500
OpenVPN
2017-08-04 13:33:46
euve[31631]: Fri Aug 4 13:33:46 2017 us=891416 /sbin/ip addr add dev openvpntun0 10.8.0.2/24 broadcast 10.8.0.255
OpenVPN
2017-08-04 13:33:46
euve[31631]: Fri Aug 4 13:33:46 2017 us=893890 /usr/local/bin/dir.d-exec /etc/openvpn/ifup.client.d/ openvpntun0 1500 1542 10.8.0.2 255.255.255.0 init
OpenVPN
2017-08-04 13:33:47
euve[31631]: 280 scheduled_downloads async call
OpenVPN
2017-08-04 13:33:47
euve[31631]: 232 Restart job "setdnat" - Emit "request(status:restart,params:,name:setdnat)"
OpenVPN
2017-08-04 13:33:47
euve[31631]: 232 Restart job "setsnat" - Emit "request(status:restart,params:,name:setsnat)"
OpenVPN
2017-08-04 13:33:47
euve[31631]: Fri Aug 4 13:33:47 2017 us=805095 Initialization Sequence Completed
* Second Client *
This client is in another subnet behind the Endian firewall wich has no direkt acces to the 192.186.0.0 Network.

Code: Select all

uname -a
Darwin framebook.local 16.7.0 Darwin Kernel Version 16.7.0: Thu Jun 15 17:36:27 PDT 2017; root:xnu-3789.70.16~2/RELEASE_X86_64 x86_64
Network Setup:

Code: Select all

ifconfig
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
	options=1203<RXCSUM,TXCSUM,TXSTATUS,SW_TIMESTAMP>
	inet 127.0.0.1 netmask 0xff000000 
	inet6 ::1 prefixlen 128 
	inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1 
	nd6 options=201<PERFORMNUD,DAD>
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
stf0: flags=0<> mtu 1280
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
	options=27<RXCSUM,TXCSUM,VLAN_MTU,TSO4>
	ether 00:23:32:c8:f0:34 
	nd6 options=201<PERFORMNUD,DAD>
	media: autoselect
	status: inactive
en1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
	ether 00:23:6c:89:e6:41 
	inet6 fe80::18b0:1ac2:b3d4:e473%en1 prefixlen 64 secured scopeid 0x5 
	inet 192.168.2.199 netmask 0xffffff00 broadcast 192.168.2.255
	nd6 options=201<PERFORMNUD,DAD>
	media: autoselect
	status: active
fw0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 4078
	lladdr 00:23:32:ff:fe:c8:f0:34 
	nd6 options=201<PERFORMNUD,DAD>
	media: autoselect <full-duplex>
	status: inactive
p2p0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 2304
	ether 02:23:6c:89:e6:41 
	media: autoselect
	status: inactive
utun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 2000
	inet6 fe80::540b:c90d:c722:4983%utun0 prefixlen 64 scopeid 0x8 
	nd6 options=201<PERFORMNUD,DAD>
utun1: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1530
	inet 10.8.0.3 --> 10.8.0.3 netmask 0xffffff00
macOS using Tunnelblick
client


;dev tap
dev tun

proto udp

remote <SERVER_PUBLIC_IP> 1194
;remote my-server-2 1194


resolv-retry infinite

# Most clients don't need to bind to
# a specific local port number.
nobind


persist-key
persist-tun

ca keys/ca.crt
cert keys/ephraimlocal.crt
key keys/ephraimlocal.key

comp-lzo

# Set log file verbosity.
verb 3

# Silence repeating messages
;mute 20

link-mtu 1572
;tun-mtu 1500
Log

Code: Select all

*Tunnelblick: OS X 10.12.6; Tunnelblick 3.7.1b (build 4813)
2017-08-04 13:35:37 *Tunnelblick: Attempting connection with euve using shadow copy; Set nameserver = 769; monitoring connection
2017-08-04 13:35:37 *Tunnelblick: openvpnstart start euve.tblk 1337 769 0 1 0 1065264 -ptADGNWradsgnw 2.3.17-openssl-1.0.2k
2017-08-04 13:35:37 *Tunnelblick: openvpnstart starting OpenVPN
2017-08-04 13:35:38 *Tunnelblick: openvpnstart log:
     OpenVPN started successfully. Command used to start OpenVPN (one argument per displayed line):
     
          /Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.3.17-openssl-1.0.2k/openvpn
          --daemon
          --log
          /Library/Application Support/Tunnelblick/Logs/-SUsers-Sephraim-SLibrary-SApplication Support-STunnelblick-SConfigurations-Seuve.tblk-SContents-SResources-Sconfig.ovpn.769_0_1_0_1065264.1337.openvpn.log
          --cd
          /Library/Application Support/Tunnelblick/Users/ephraim/euve.tblk/Contents/Resources
          --verb
          3
          --config
          /Library/Application Support/Tunnelblick/Users/ephraim/euve.tblk/Contents/Resources/config.ovpn
          --verb
          3
          --cd
          /Library/Application Support/Tunnelblick/Users/ephraim/euve.tblk/Contents/Resources
          --management
          127.0.0.1
          1337
          --management-query-passwords
          --management-hold
          --script-security
          2
          --up
          /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw
          --down
          /Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw

2017-08-04 13:35:38 *Tunnelblick: Established communication with OpenVPN
2017-08-04 13:35:38 *Tunnelblick: Obtained passphrase from the Keychain
2017-08-04 13:35:38 OpenVPN 2.3.17 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [PKCS11] [MH] [IPv6] built on Jun 21 2017
2017-08-04 13:35:38 library versions: OpenSSL 1.0.2k  26 Jan 2017, LZO 2.09
2017-08-04 13:35:38 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:1337
2017-08-04 13:35:38 Need hold release from management interface, waiting...
2017-08-04 13:35:38 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:1337
2017-08-04 13:35:38 MANAGEMENT: CMD 'pid'
2017-08-04 13:35:38 MANAGEMENT: CMD 'state on'
2017-08-04 13:35:38 MANAGEMENT: CMD 'state'
2017-08-04 13:35:38 MANAGEMENT: CMD 'bytecount 1'
2017-08-04 13:35:38 MANAGEMENT: CMD 'hold release'
2017-08-04 13:35:38 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
2017-08-04 13:35:38 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2017-08-04 13:35:38 MANAGEMENT: CMD 'password [...]'
2017-08-04 13:35:38 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2017-08-04 13:35:38 WARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 1530)
2017-08-04 13:35:38 Socket Buffers: R=[196724->196724] S=[9216->9216]
2017-08-04 13:35:38 UDPv4 link local: [undef]
2017-08-04 13:35:38 UDPv4 link remote: [AF_INET]<SERVER_PUBLIC_IP>:1194
2017-08-04 13:35:38 MANAGEMENT: >STATE:1501846538,WAIT,,,
2017-08-04 13:35:38 MANAGEMENT: >STATE:1501846538,AUTH,,,
2017-08-04 13:35:38 TLS: Initial packet from [AF_INET]<SERVER_PUBLIC_IP>:1194, sid=2a5960e4 3f8e7f9d
2017-08-04 13:35:38 VERIFY OK: depth=1, C=DE, ST=NRW, L=Detmold, O=BTTEC, CN=euve, name=EasyRSA, emailAddress=ephraimhahn@bttec.org
2017-08-04 13:35:38 VERIFY OK: depth=0, C=DE, ST=NRW, L=Detmold, O=BTTEC, CN=euve.hahnklang.de, name=EasyRSA, emailAddress=ephraimhahn@bttec.org
2017-08-04 13:35:38 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1572', remote='link-mtu 1542'
2017-08-04 13:35:38 WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1530', remote='tun-mtu 1500'
2017-08-04 13:35:38 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
2017-08-04 13:35:38 WARNING: INSECURE cipher with block size less than 128 bit (64 bit).  This allows attacks like SWEET32.  Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
2017-08-04 13:35:38 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
2017-08-04 13:35:38 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
2017-08-04 13:35:38 WARNING: INSECURE cipher with block size less than 128 bit (64 bit).  This allows attacks like SWEET32.  Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
2017-08-04 13:35:38 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
2017-08-04 13:35:38 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
2017-08-04 13:35:38 [euve.hahnklang.de] Peer Connection Initiated with [AF_INET]<SERVER_PUBLIC_IP>:1194
2017-08-04 13:35:39 MANAGEMENT: >STATE:1501846539,GET_CONFIG,,,
2017-08-04 13:35:41 SENT CONTROL [euve.hahnklang.de]: 'PUSH_REQUEST' (status=1)
2017-08-04 13:35:41 PUSH: Received control message: 'PUSH_REPLY,route 192.168.0.0 255.255.255.0,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.8.0.3 255.255.255.0'
2017-08-04 13:35:41 OPTIONS IMPORT: timers and/or timeouts modified
2017-08-04 13:35:41 OPTIONS IMPORT: --ifconfig/up options modified
2017-08-04 13:35:41 OPTIONS IMPORT: route options modified
2017-08-04 13:35:41 OPTIONS IMPORT: route-related options modified
2017-08-04 13:35:41 Opening utun (connect(AF_SYS_CONTROL)): Resource busy
2017-08-04 13:35:41 Opened utun device utun1
2017-08-04 13:35:41 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
2017-08-04 13:35:41 MANAGEMENT: >STATE:1501846541,ASSIGN_IP,,10.8.0.3,
2017-08-04 13:35:41 /sbin/ifconfig utun1 delete
                                        ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address
2017-08-04 13:35:41 NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure
2017-08-04 13:35:41 /sbin/ifconfig utun1 10.8.0.3 10.8.0.3 netmask 255.255.255.0 mtu 1530 up
2017-08-04 13:35:41 /sbin/route add -net 10.8.0.0 10.8.0.3 255.255.255.0
                                        add net 10.8.0.0: gateway 10.8.0.3
2017-08-04 13:35:41 /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw utun1 1530 1572 10.8.0.3 255.255.255.0 init
                                        **********************************************
                                        Start of output from client.up.tunnelblick.sh
                                        NOTE: No network configuration changes need to be made.
                                        WARNING: Will NOT monitor for other network configuration changes.
                                        WARNING: Will NOT disable IPv6 settings.
                                        DNS servers '192.168.2.15' will be used for DNS queries when the VPN is active
                                        NOTE: The DNS servers do not include any free public DNS servers known to Tunnelblick. This may cause DNS queries to fail or be intercepted or falsified even if they are directed through the VPN. Specify only known public DNS servers or DNS servers located on the VPN network to avoid such problems.
                                        Flushed the DNS cache via dscacheutil
                                        /usr/sbin/discoveryutil not present. Not flushing the DNS cache via discoveryutil
                                        Notified mDNSResponder that the DNS cache was flushed
                                        End of output from client.up.tunnelblick.sh
                                        **********************************************
2017-08-04 13:35:43 *Tunnelblick: No 'connected.sh' script to execute
2017-08-04 13:35:43 MANAGEMENT: >STATE:1501846543,ADD_ROUTES,,,
2017-08-04 13:35:43 /sbin/route add -net 192.168.0.0 10.8.0.1 255.255.255.0
                                        add net 192.168.0.0: gateway 10.8.0.1
2017-08-04 13:35:43 Initialization Sequence Completed
2017-08-04 13:35:43 MANAGEMENT: >STATE:1501846543,CONNECTED,SUCCESS,10.8.0.3,<SERVER_PUBLIC_IP>
As mentioned, all tunnels are successfully established and I can ping the 192.168.0.0 Network from my second client. Also machines in the 192.168.0.0 Network can ping the VPN Server 10.8.0.1, but as soon as I want to start some "real" data transfer, the connection gets stuck without any other things appearing in the logs.
Top
TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Connecting to home LAN via OpenVPN Server

Post by TinCanTech » Fri Aug 04, 2017 1:15 pm

It looks like your --iroute is being installed for your EFW client.

I presume you have read this:
HOWTO: Expanding the scope of the VPN to include additional machines

Finally, ensure all clients on your home subnet have a route for the VPN subnet and their firewalls do not block it .. or use NAT on the EFW VPN client if you can.
Top
emc2
OpenVpn Newbie
Posts: 4
Joined: Thu Aug 03, 2017 7:53 pm

Re: Connecting to home LAN via OpenVPN Server

Post by emc2 » Fri Aug 04, 2017 5:35 pm

Thank you! Yes I already read a lot about how to include LANs into a VPN and tried to do everything according to the guidelines.

I just figured out, that everything works fine if I connect my second client to the VPN from a completely different Network (in this case a LTE Hotspot via my phone). But as soon as this client is also behind the EFW I can't really establish any transfer.

This is now not such a big deal, because the purpose of the whole installation is anyway the access from somwhere completely else, but I really wonder why it is like that...
Top
TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Connecting to home LAN via OpenVPN Server

Post by TinCanTech » Fri Aug 04, 2017 6:20 pm

emc2 wrote:I just figured out, that everything works fine if I connect my second client to the VPN from a completely different Network (in this case a LTE Hotspot via my phone). But as soon as this client is also behind the EFW I can't really establish any transfer
I am not surprised .. you will have conflicting routes while on the same LAN as the EFW client.
emc2 wrote:
server
route 192.168.0.0 255.255.255.0
push "route 192.168.0.0 255.255.255.0"
One thing ..
  • NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x. Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
:arrow: Never use 192.168.0.0/24 or 192.168.1.0/24 (or other common subnets) for your OpenVPN connected LAN :!:
  • You are advised to change your connected LAN to a more unique RFC1918 compliant subnet.
    For example: 192.168.143.0/24
Top
emc2
OpenVpn Newbie
Posts: 4
Joined: Thu Aug 03, 2017 7:53 pm

Re: Connecting to home LAN via OpenVPN Server

Post by emc2 » Fri Aug 04, 2017 10:16 pm

Okay, I understand that. Anyway if my "second client" is behind the EFW, it is in the 192.168.2.0 subnet, which should somehow work for my understanding. But indeed, I have to rethink the whole layout.

Thank you very much!
Top
Post Reply

Return to “Configuration”