first i want to say that my OpenVPN knowledge is based on my last 3 days Try´n´error and englisch is not my nativ language.
the Setup:
we have an Repeater for HF (Commscope NodeA) which supports OpenVPN (confirmed by someone who uses it and gave us an example config file for the Repeater)
The server uses OpenVPN 2.6.0 on an Windows 10 computer.
now my problem: i am at the point where the Repeater try's to connect to the VPN-Server but i get
Fri Jul 28 11:23:53 2023 80.187.64.229:26343 Connection reset, restarting [0]
Fri Jul 28 11:23:53 2023 80.187.64.229:26343 SIGUSR1[soft,connection-reset] received, client-instance restarting
as error
Server Log
2023-07-28 11:26:07 us=296000 Note: --cipher is not set. OpenVPN versions before 2.5 defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers-fallback BF-CBC' to your configuration and/or add BF-CBC to --data-ciphers.
2023-07-28 11:26:07 us=296000 Note: cipher 'AES-256-CBC' in --data-ciphers is not supported by ovpn-dco, disabling data channel offload.
2023-07-28 11:26:07 us=296000 --pull-filter ignored for --mode server
2023-07-28 11:26:07 us=312000 Current Parameter Settings:
2023-07-28 11:26:07 us=312000 config = 'AimosServerConfig3.ovpn'
2023-07-28 11:26:07 us=312000 mode = 1
2023-07-28 11:26:07 us=312000 show_ciphers = DISABLED
2023-07-28 11:26:07 us=312000 show_digests = DISABLED
2023-07-28 11:26:07 us=312000 show_engines = DISABLED
2023-07-28 11:26:07 us=312000 genkey = DISABLED
2023-07-28 11:26:07 us=312000 genkey_filename = '[UNDEF]'
2023-07-28 11:26:07 us=312000 key_pass_file = '[UNDEF]'
2023-07-28 11:26:07 us=312000 show_tls_ciphers = DISABLED
2023-07-28 11:26:07 us=312000 connect_retry_max = 0
2023-07-28 11:26:07 us=312000 Connection profiles [0]:
2023-07-28 11:26:07 us=312000 proto = tcp-server
2023-07-28 11:26:07 us=312000 local = '192.168.0.195'
2023-07-28 11:26:07 us=312000 local_port = '10132'
2023-07-28 11:26:07 us=312000 remote = '[UNDEF]'
2023-07-28 11:26:07 us=312000 remote_port = '10132'
2023-07-28 11:26:07 us=312000 remote_float = DISABLED
2023-07-28 11:26:07 us=312000 bind_defined = DISABLED
2023-07-28 11:26:07 us=312000 bind_local = ENABLED
2023-07-28 11:26:07 us=312000 bind_ipv6_only = DISABLED
2023-07-28 11:26:07 us=312000 connect_retry_seconds = 1
2023-07-28 11:26:07 us=312000 connect_timeout = 120
2023-07-28 11:26:07 us=312000 socks_proxy_server = '[UNDEF]'
2023-07-28 11:26:07 us=312000 socks_proxy_port = '[UNDEF]'
2023-07-28 11:26:07 us=312000 tun_mtu = 1500
2023-07-28 11:26:07 us=312000 tun_mtu_defined = ENABLED
2023-07-28 11:26:07 us=312000 link_mtu = 1500
2023-07-28 11:26:07 us=312000 link_mtu_defined = DISABLED
2023-07-28 11:26:07 us=312000 tun_mtu_extra = 32
2023-07-28 11:26:07 us=312000 tun_mtu_extra_defined = ENABLED
2023-07-28 11:26:07 us=312000 tls_mtu = 1250
2023-07-28 11:26:07 us=312000 mtu_discover_type = -1
2023-07-28 11:26:07 us=312000 fragment = 0
2023-07-28 11:26:07 us=312000 mssfix = 1492
2023-07-28 11:26:07 us=312000 mssfix_encap = ENABLED
2023-07-28 11:26:07 us=312000 mssfix_fixed = DISABLED
2023-07-28 11:26:07 us=312000 explicit_exit_notification = 0
2023-07-28 11:26:07 us=312000 tls_auth_file = '[UNDEF]'
2023-07-28 11:26:07 us=312000 key_direction = not set
2023-07-28 11:26:07 us=312000 tls_crypt_file = '[UNDEF]'
2023-07-28 11:26:07 us=312000 tls_crypt_v2_file = '[UNDEF]'
2023-07-28 11:26:07 us=312000 Connection profiles END
2023-07-28 11:26:07 us=312000 remote_random = DISABLED
2023-07-28 11:26:07 us=312000 ipchange = '[UNDEF]'
2023-07-28 11:26:07 us=312000 dev = 'tap'
2023-07-28 11:26:07 us=312000 dev_type = '[UNDEF]'
2023-07-28 11:26:07 us=312000 dev_node = 'MyTap'
2023-07-28 11:26:07 us=312000 tuntap_options.disable_dco = ENABLED
2023-07-28 11:26:07 us=312000 lladdr = '[UNDEF]'
2023-07-28 11:26:07 us=312000 topology = 3
2023-07-28 11:26:07 us=312000 ifconfig_local = '11.8.0.1'
2023-07-28 11:26:07 us=312000 ifconfig_remote_netmask = '255.255.255.0'
2023-07-28 11:26:07 us=312000 ifconfig_noexec = DISABLED
2023-07-28 11:26:07 us=312000 ifconfig_nowarn = DISABLED
2023-07-28 11:26:07 us=312000 ifconfig_ipv6_local = '[UNDEF]'
2023-07-28 11:26:07 us=312000 ifconfig_ipv6_netbits = 0
2023-07-28 11:26:07 us=312000 ifconfig_ipv6_remote = '[UNDEF]'
2023-07-28 11:26:07 us=312000 shaper = 0
2023-07-28 11:26:07 us=312000 mtu_test = 0
2023-07-28 11:26:07 us=312000 mlock = DISABLED
2023-07-28 11:26:07 us=312000 keepalive_ping = 10
2023-07-28 11:26:07 us=312000 keepalive_timeout = 120
2023-07-28 11:26:07 us=312000 inactivity_timeout = 0
2023-07-28 11:26:07 us=312000 session_timeout = 0
2023-07-28 11:26:07 us=312000 inactivity_minimum_bytes = 0
2023-07-28 11:26:07 us=312000 ping_send_timeout = 10
2023-07-28 11:26:07 us=312000 ping_rec_timeout = 240
2023-07-28 11:26:07 us=312000 ping_rec_timeout_action = 2
2023-07-28 11:26:07 us=312000 ping_timer_remote = DISABLED
2023-07-28 11:26:07 us=312000 remap_sigusr1 = 0
2023-07-28 11:26:07 us=312000 persist_tun = DISABLED
2023-07-28 11:26:07 us=312000 persist_local_ip = DISABLED
2023-07-28 11:26:07 us=312000 persist_remote_ip = DISABLED
2023-07-28 11:26:07 us=312000 persist_key = DISABLED
2023-07-28 11:26:07 us=312000 passtos = DISABLED
2023-07-28 11:26:07 us=312000 resolve_retry_seconds = 1000000000
2023-07-28 11:26:07 us=312000 resolve_in_advance = DISABLED
2023-07-28 11:26:07 us=312000 username = '[UNDEF]'
2023-07-28 11:26:07 us=312000 groupname = '[UNDEF]'
2023-07-28 11:26:07 us=312000 chroot_dir = '[UNDEF]'
2023-07-28 11:26:07 us=312000 cd_dir = '[UNDEF]'
2023-07-28 11:26:07 us=312000 writepid = '[UNDEF]'
2023-07-28 11:26:07 us=312000 up_script = '[UNDEF]'
2023-07-28 11:26:07 us=312000 down_script = '[UNDEF]'
2023-07-28 11:26:07 us=312000 down_pre = DISABLED
2023-07-28 11:26:07 us=312000 up_restart = DISABLED
2023-07-28 11:26:07 us=312000 up_delay = DISABLED
2023-07-28 11:26:07 us=312000 daemon = DISABLED
2023-07-28 11:26:07 us=312000 log = ENABLED
2023-07-28 11:26:07 us=312000 suppress_timestamps = DISABLED
2023-07-28 11:26:07 us=312000 machine_readable_output = DISABLED
2023-07-28 11:26:07 us=312000 nice = 0
2023-07-28 11:26:07 us=312000 verbosity = 6
2023-07-28 11:26:07 us=312000 mute = 0
2023-07-28 11:26:07 us=312000 status_file = 'openvpn-status.log'
2023-07-28 11:26:07 us=312000 status_file_version = 1
2023-07-28 11:26:07 us=312000 status_file_update_freq = 60
2023-07-28 11:26:07 us=312000 occ = ENABLED
2023-07-28 11:26:07 us=312000 rcvbuf = 0
2023-07-28 11:26:07 us=312000 sndbuf = 0
2023-07-28 11:26:07 us=312000 sockflags = 0
2023-07-28 11:26:07 us=312000 fast_io = DISABLED
2023-07-28 11:26:07 us=312000 comp.alg = 0
2023-07-28 11:26:07 us=312000 comp.flags = 24
2023-07-28 11:26:07 us=312000 route_script = '[UNDEF]'
2023-07-28 11:26:07 us=312000 route_default_gateway = '[UNDEF]'
2023-07-28 11:26:07 us=312000 route_default_metric = 0
2023-07-28 11:26:07 us=312000 route_noexec = DISABLED
2023-07-28 11:26:07 us=312000 route_delay = 0
2023-07-28 11:26:07 us=312000 route_delay_window = 30
2023-07-28 11:26:07 us=312000 route_delay_defined = DISABLED
2023-07-28 11:26:07 us=312000 route_nopull = DISABLED
2023-07-28 11:26:07 us=312000 route_gateway_via_dhcp = DISABLED
2023-07-28 11:26:07 us=312000 allow_pull_fqdn = DISABLED
2023-07-28 11:26:07 us=312000 Pull filters:
2023-07-28 11:26:07 us=312000 ignore "route-method"
2023-07-28 11:26:07 us=312000 management_addr = '127.0.0.1'
2023-07-28 11:26:07 us=312000 management_port = '25342'
2023-07-28 11:26:07 us=312000 management_user_pass = 'stdin'
2023-07-28 11:26:07 us=312000 management_log_history_cache = 250
2023-07-28 11:26:07 us=312000 management_echo_buffer_size = 100
2023-07-28 11:26:07 us=312000 management_client_user = '[UNDEF]'
2023-07-28 11:26:07 us=312000 management_client_group = '[UNDEF]'
2023-07-28 11:26:07 us=312000 management_flags = 6
2023-07-28 11:26:07 us=312000 shared_secret_file = '[UNDEF]'
2023-07-28 11:26:07 us=312000 key_direction = not set
2023-07-28 11:26:07 us=312000 ciphername = 'BF-CBC'
2023-07-28 11:26:07 us=312000 ncp_ciphers = 'AES-256-CBC'
2023-07-28 11:26:07 us=312000 authname = 'SHA1'
2023-07-28 11:26:07 us=312000 engine = DISABLED
2023-07-28 11:26:07 us=312000 replay = ENABLED
2023-07-28 11:26:07 us=312000 mute_replay_warnings = DISABLED
2023-07-28 11:26:07 us=312000 replay_window = 64
2023-07-28 11:26:07 us=312000 replay_time = 15
2023-07-28 11:26:07 us=312000 packet_id_file = '[UNDEF]'
2023-07-28 11:26:07 us=312000 test_crypto = DISABLED
2023-07-28 11:26:07 us=312000 tls_server = ENABLED
2023-07-28 11:26:07 us=312000 tls_client = DISABLED
2023-07-28 11:26:07 us=312000 ca_file = 'C:\Program Files\OpenVPN\config\ca.crt'
2023-07-28 11:26:07 us=312000 ca_path = '[UNDEF]'
2023-07-28 11:26:07 us=312000 dh_file = 'C:\Program Files\OpenVPN\config\dh2048.pem'
2023-07-28 11:26:07 us=312000 cert_file = 'C:\Program Files\OpenVPN\config\AIMOS_SERVER.crt'
2023-07-28 11:26:07 us=312000 extra_certs_file = '[UNDEF]'
2023-07-28 11:26:07 us=312000 priv_key_file = 'C:\Program Files\OpenVPN\config\AIMOS_SERVER.key'
2023-07-28 11:26:07 us=312000 pkcs12_file = '[UNDEF]'
2023-07-28 11:26:07 us=312000 cryptoapi_cert = '[UNDEF]'
2023-07-28 11:26:07 us=312000 cipher_list = '[UNDEF]'
2023-07-28 11:26:07 us=312000 cipher_list_tls13 = '[UNDEF]'
2023-07-28 11:26:07 us=312000 tls_cert_profile = '[UNDEF]'
2023-07-28 11:26:07 us=312000 tls_verify = '[UNDEF]'
2023-07-28 11:26:07 us=312000 tls_export_cert = '[UNDEF]'
2023-07-28 11:26:07 us=312000 verify_x509_type = 0
2023-07-28 11:26:07 us=312000 verify_x509_name = '[UNDEF]'
2023-07-28 11:26:07 us=312000 crl_file = '[UNDEF]'
2023-07-28 11:26:07 us=312000 ns_cert_type = 0
2023-07-28 11:26:07 us=312000 remote_cert_ku = 0
2023-07-28 11:26:07 us=312000 remote_cert_ku = 0
2023-07-28 11:26:07 us=312000 remote_cert_ku = 0
2023-07-28 11:26:07 us=312000 remote_cert_ku = 0
2023-07-28 11:26:07 us=312000 remote_cert_ku = 0
2023-07-28 11:26:07 us=312000 remote_cert_ku = 0
2023-07-28 11:26:07 us=312000 remote_cert_ku = 0
2023-07-28 11:26:07 us=312000 remote_cert_ku = 0
2023-07-28 11:26:07 us=312000 remote_cert_ku = 0
2023-07-28 11:26:07 us=312000 remote_cert_ku = 0
2023-07-28 11:26:07 us=312000 remote_cert_ku[i] = 0
2023-07-28 11:26:07 us=312000 remote_cert_ku[i] = 0
2023-07-28 11:26:07 us=312000 remote_cert_ku[i] = 0
2023-07-28 11:26:07 us=312000 remote_cert_ku[i] = 0
2023-07-28 11:26:07 us=312000 remote_cert_ku[i] = 0
2023-07-28 11:26:07 us=312000 remote_cert_ku[i] = 0
2023-07-28 11:26:07 us=312000 remote_cert_eku = '[UNDEF]'
2023-07-28 11:26:07 us=312000 ssl_flags = 192
2023-07-28 11:26:07 us=312000 tls_timeout = 2
2023-07-28 11:26:07 us=312000 renegotiate_bytes = -1
2023-07-28 11:26:07 us=312000 renegotiate_packets = 0
2023-07-28 11:26:07 us=312000 renegotiate_seconds = 3600
2023-07-28 11:26:07 us=312000 handshake_window = 60
2023-07-28 11:26:07 us=312000 transition_window = 3600
2023-07-28 11:26:07 us=312000 single_session = DISABLED
2023-07-28 11:26:07 us=312000 push_peer_info = DISABLED
2023-07-28 11:26:07 us=312000 tls_exit = DISABLED
2023-07-28 11:26:07 us=312000 tls_crypt_v2_metadata = '[UNDEF]'
2023-07-28 11:26:07 us=312000 pkcs11_protected_authentication = DISABLED
2023-07-28 11:26:07 us=312000 pkcs11_protected_authentication = DISABLED
2023-07-28 11:26:07 us=312000 pkcs11_protected_authentication = DISABLED
2023-07-28 11:26:07 us=312000 pkcs11_protected_authentication = DISABLED
2023-07-28 11:26:07 us=312000 pkcs11_protected_authentication = DISABLED
2023-07-28 11:26:07 us=312000 pkcs11_protected_authentication = DISABLED
2023-07-28 11:26:07 us=312000 pkcs11_protected_authentication = DISABLED
2023-07-28 11:26:07 us=312000 pkcs11_protected_authentication = DISABLED
2023-07-28 11:26:07 us=312000 pkcs11_protected_authentication = DISABLED
2023-07-28 11:26:07 us=312000 pkcs11_protected_authentication = DISABLED
2023-07-28 11:26:07 us=312000 pkcs11_protected_authentication = DISABLED
2023-07-28 11:26:07 us=312000 pkcs11_protected_authentication = DISABLED
2023-07-28 11:26:07 us=312000 pkcs11_protected_authentication = DISABLED
2023-07-28 11:26:07 us=312000 pkcs11_protected_authentication = DISABLED
2023-07-28 11:26:07 us=312000 pkcs11_protected_authentication = DISABLED
2023-07-28 11:26:07 us=312000 pkcs11_protected_authentication = DISABLED
2023-07-28 11:26:07 us=312000 pkcs11_private_mode = 00000000
2023-07-28 11:26:07 us=312000 pkcs11_private_mode = 00000000
2023-07-28 11:26:07 us=312000 pkcs11_private_mode = 00000000
2023-07-28 11:26:07 us=312000 pkcs11_private_mode = 00000000
2023-07-28 11:26:07 us=312000 pkcs11_private_mode = 00000000
2023-07-28 11:26:07 us=312000 pkcs11_private_mode = 00000000
2023-07-28 11:26:07 us=312000 pkcs11_private_mode = 00000000
2023-07-28 11:26:07 us=312000 pkcs11_private_mode = 00000000
2023-07-28 11:26:07 us=312000 pkcs11_private_mode = 00000000
2023-07-28 11:26:07 us=312000 pkcs11_private_mode = 00000000
2023-07-28 11:26:07 us=312000 pkcs11_private_mode = 00000000
2023-07-28 11:26:07 us=312000 pkcs11_private_mode = 00000000
2023-07-28 11:26:07 us=312000 pkcs11_private_mode = 00000000
2023-07-28 11:26:07 us=312000 pkcs11_private_mode = 00000000
2023-07-28 11:26:07 us=312000 pkcs11_private_mode = 00000000
2023-07-28 11:26:07 us=312000 pkcs11_private_mode = 00000000
2023-07-28 11:26:07 us=312000 pkcs11_cert_private = DISABLED
2023-07-28 11:26:07 us=312000 pkcs11_cert_private = DISABLED
2023-07-28 11:26:07 us=312000 pkcs11_cert_private = DISABLED
2023-07-28 11:26:07 us=312000 pkcs11_cert_private = DISABLED
2023-07-28 11:26:07 us=312000 pkcs11_cert_private = DISABLED
2023-07-28 11:26:07 us=312000 pkcs11_cert_private = DISABLED
2023-07-28 11:26:07 us=312000 pkcs11_cert_private = DISABLED
2023-07-28 11:26:07 us=312000 pkcs11_cert_private = DISABLED
2023-07-28 11:26:07 us=312000 pkcs11_cert_private = DISABLED
2023-07-28 11:26:07 us=312000 pkcs11_cert_private = DISABLED
2023-07-28 11:26:07 us=312000 pkcs11_cert_private = DISABLED
2023-07-28 11:26:07 us=312000 pkcs11_cert_private = DISABLED
2023-07-28 11:26:07 us=312000 pkcs11_cert_private = DISABLED
2023-07-28 11:26:07 us=312000 pkcs11_cert_private = DISABLED
2023-07-28 11:26:07 us=312000 pkcs11_cert_private = DISABLED
2023-07-28 11:26:07 us=312000 pkcs11_cert_private = DISABLED
2023-07-28 11:26:07 us=312000 pkcs11_pin_cache_period = -1
2023-07-28 11:26:07 us=312000 pkcs11_id = '[UNDEF]'
2023-07-28 11:26:07 us=312000 pkcs11_id_management = DISABLED
2023-07-28 11:26:07 us=312000 server_network = 11.8.0.0
2023-07-28 11:26:07 us=312000 server_netmask = 255.255.255.0
2023-07-28 11:26:07 us=312000 server_network_ipv6 = ::
2023-07-28 11:26:07 us=312000 server_netbits_ipv6 = 0
2023-07-28 11:26:07 us=312000 server_bridge_ip = 0.0.0.0
2023-07-28 11:26:07 us=312000 server_bridge_netmask = 0.0.0.0
2023-07-28 11:26:07 us=312000 server_bridge_pool_start = 0.0.0.0
2023-07-28 11:26:07 us=312000 server_bridge_pool_end = 0.0.0.0
2023-07-28 11:26:07 us=312000 push_entry = 'route-gateway 11.8.0.1'
2023-07-28 11:26:07 us=312000 push_entry = 'ping 10'
2023-07-28 11:26:07 us=312000 push_entry = 'ping-restart 120'
2023-07-28 11:26:07 us=312000 ifconfig_pool_defined = ENABLED
2023-07-28 11:26:07 us=312000 ifconfig_pool_start = 11.8.0.2
2023-07-28 11:26:07 us=312000 ifconfig_pool_end = 11.8.0.254
2023-07-28 11:26:07 us=312000 ifconfig_pool_netmask = 255.255.255.0
2023-07-28 11:26:07 us=312000 ifconfig_pool_persist_filename = '[UNDEF]'
2023-07-28 11:26:07 us=312000 ifconfig_pool_persist_refresh_freq = 600
2023-07-28 11:26:07 us=312000 ifconfig_ipv6_pool_defined = DISABLED
2023-07-28 11:26:07 us=312000 ifconfig_ipv6_pool_base = ::
2023-07-28 11:26:07 us=312000 ifconfig_ipv6_pool_netbits = 0
2023-07-28 11:26:07 us=312000 n_bcast_buf = 256
2023-07-28 11:26:07 us=312000 tcp_queue_limit = 64
2023-07-28 11:26:07 us=312000 real_hash_size = 256
2023-07-28 11:26:07 us=312000 virtual_hash_size = 256
2023-07-28 11:26:07 us=312000 client_connect_script = '[UNDEF]'
2023-07-28 11:26:07 us=312000 learn_address_script = '[UNDEF]'
2023-07-28 11:26:07 us=312000 client_disconnect_script = '[UNDEF]'
2023-07-28 11:26:07 us=312000 client_crresponse_script = '[UNDEF]'
2023-07-28 11:26:07 us=312000 client_config_dir = '[UNDEF]'
2023-07-28 11:26:07 us=312000 ccd_exclusive = DISABLED
2023-07-28 11:26:07 us=312000 tmp_dir = 'C:\Users\ADMINI~1.AIM\AppData\Local\Temp\'
2023-07-28 11:26:07 us=312000 push_ifconfig_defined = DISABLED
2023-07-28 11:26:07 us=312000 push_ifconfig_local = 0.0.0.0
2023-07-28 11:26:07 us=312000 push_ifconfig_remote_netmask = 0.0.0.0
2023-07-28 11:26:07 us=312000 push_ifconfig_ipv6_defined = DISABLED
2023-07-28 11:26:07 us=312000 push_ifconfig_ipv6_local = ::/0
2023-07-28 11:26:07 us=312000 push_ifconfig_ipv6_remote = ::
2023-07-28 11:26:07 us=312000 enable_c2c = DISABLED
2023-07-28 11:26:07 us=312000 duplicate_cn = ENABLED
2023-07-28 11:26:07 us=312000 cf_max = 0
2023-07-28 11:26:07 us=312000 cf_per = 0
2023-07-28 11:26:07 us=312000 cf_initial_max = 100
2023-07-28 11:26:07 us=312000 cf_initial_per = 10
2023-07-28 11:26:07 us=312000 max_clients = 1024
2023-07-28 11:26:07 us=312000 max_routes_per_client = 256
2023-07-28 11:26:07 us=312000 auth_user_pass_verify_script = '[UNDEF]'
2023-07-28 11:26:07 us=312000 auth_user_pass_verify_script_via_file = DISABLED
2023-07-28 11:26:07 us=312000 auth_token_generate = DISABLED
2023-07-28 11:26:07 us=312000 auth_token_lifetime = 0
2023-07-28 11:26:07 us=312000 auth_token_secret_file = '[UNDEF]'
2023-07-28 11:26:07 us=312000 vlan_tagging = DISABLED
2023-07-28 11:26:07 us=312000 vlan_accept = all
2023-07-28 11:26:07 us=312000 vlan_pvid = 1
2023-07-28 11:26:07 us=312000 client = DISABLED
2023-07-28 11:26:07 us=312000 pull = DISABLED
2023-07-28 11:26:07 us=312000 auth_user_pass_file = '[UNDEF]'
2023-07-28 11:26:07 us=312000 show_net_up = DISABLED
2023-07-28 11:26:07 us=312000 route_method = 3
2023-07-28 11:26:07 us=312000 block_outside_dns = DISABLED
2023-07-28 11:26:07 us=312000 ip_win32_defined = DISABLED
2023-07-28 11:26:07 us=312000 ip_win32_type = 3
2023-07-28 11:26:07 us=312000 dhcp_masq_offset = 0
2023-07-28 11:26:07 us=312000 dhcp_lease_time = 31536000
2023-07-28 11:26:07 us=312000 tap_sleep = 10
2023-07-28 11:26:07 us=312000 dhcp_options = DISABLED
2023-07-28 11:26:07 us=312000 dhcp_renew = DISABLED
2023-07-28 11:26:07 us=312000 dhcp_pre_release = DISABLED
2023-07-28 11:26:07 us=312000 domain = '[UNDEF]'
2023-07-28 11:26:07 us=312000 netbios_scope = '[UNDEF]'
2023-07-28 11:26:07 us=312000 netbios_node_type = 0
2023-07-28 11:26:07 us=312000 disable_nbt = DISABLED
2023-07-28 11:26:07 us=312000 OpenVPN 2.6.0 [git:v2.6.0/b999466418dddb89] Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] [DCO] built on Feb 6 2023
2023-07-28 11:26:07 us=312000 Windows version 10.0 (Windows 10 or greater), amd64 executable
2023-07-28 11:26:07 us=312000 library versions: OpenSSL 3.0.7 1 Nov 2022, LZO 2.10
2023-07-28 11:26:07 us=312000 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25342
2023-07-28 11:26:07 us=312000 Need hold release from management interface, waiting...
2023-07-28 11:26:07 us=734000 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:52417
2023-07-28 11:26:07 us=843000 MANAGEMENT: CMD 'state on'
2023-07-28 11:26:07 us=843000 MANAGEMENT: CMD 'log on all'
2023-07-28 11:26:08 us=109000 MANAGEMENT: CMD 'echo on all'
2023-07-28 11:26:08 us=109000 MANAGEMENT: CMD 'bytecount 5'
2023-07-28 11:26:08 us=109000 MANAGEMENT: CMD 'state'
2023-07-28 11:26:08 us=109000 MANAGEMENT: CMD 'hold off'
2023-07-28 11:26:08 us=109000 MANAGEMENT: CMD 'hold release'
2023-07-28 11:26:08 us=125000 NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x. Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
2023-07-28 11:26:08 us=125000 Diffie-Hellman initialized with 2048 bit key
2023-07-28 11:26:08 us=140000 MANAGEMENT: CMD 'password [...]'
2023-07-28 11:26:08 us=140000 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2023-07-28 11:26:08 us=156000 TLS-Auth MTU parms [ mss_fix:0 max_frag:0 tun_mtu:1250 tun_max_mtu:0 headroom:126 payload:1600 tailroom:126 ET:0 ]
2023-07-28 11:26:08 us=156000 interactive service msg_channel=820
2023-07-28 11:26:08 us=156000 open_tun
2023-07-28 11:26:08 us=156000 tap-windows6 device [MyTap] opened
2023-07-28 11:26:08 us=156000 TAP-Windows Driver Version 9.24
2023-07-28 11:26:08 us=156000 TAP-Windows MTU=1500
2023-07-28 11:26:08 us=171000 Notified TAP-Windows driver to set a DHCP IP/netmask of 11.8.0.1/255.255.255.0 on interface {F6E3C151-468E-431C-8E26-04E181A1516D} [DHCP-serv: 11.8.0.0, lease-time: 31536000]
2023-07-28 11:26:08 us=171000 Sleeping for 10 seconds...
2023-07-28 11:26:18 us=171000 Successful ARP Flush on interface [17] {F6E3C151-468E-431C-8E26-04E181A1516D}
2023-07-28 11:26:18 us=171000 do_ifconfig, ipv4=1, ipv6=0
2023-07-28 11:26:18 us=171000 MANAGEMENT: >STATE:1690536378,ASSIGN_IP,,11.8.0.1,,,,
2023-07-28 11:26:18 us=171000 IPv4 MTU set to 1500 on interface 17 using service
2023-07-28 11:26:18 us=171000 Data Channel MTU parms [ mss_fix:0 max_frag:0 tun_mtu:1500 tun_max_mtu:1600 headroom:136 payload:1800 tailroom:568 ET:32 ]
2023-07-28 11:26:18 us=171000 Could not determine IPv4/IPv6 protocol. Using AF_INET
2023-07-28 11:26:18 us=171000 Socket Buffers: R=[131072->131072] S=[131072->131072]
2023-07-28 11:26:18 us=171000 Listening for incoming TCP connection on [AF_INET]192.168.0.195:10132
2023-07-28 11:26:18 us=171000 TCPv4_SERVER link local (bound): [AF_INET]192.168.0.195:10132
2023-07-28 11:26:18 us=171000 TCPv4_SERVER link remote: [AF_UNSPEC]
2023-07-28 11:26:18 us=171000 MULTI: multi_init called, r=256 v=256
2023-07-28 11:26:18 us=171000 IFCONFIG POOL IPv4: base=11.8.0.2 size=253
2023-07-28 11:26:18 us=171000 MULTI: TCP INIT maxclients=59 maxevents=64
2023-07-28 11:26:18 us=171000 Initialization Sequence Completed
2023-07-28 11:26:18 us=171000 MANAGEMENT: >STATE:1690536378,CONNECTED,SUCCESS,11.8.0.1,,,192.168.0.195,10132
2023-07-28 11:26:25 us=109000 MULTI: multi_create_instance called
2023-07-28 11:26:25 us=109000 Re-using SSL/TLS context
2023-07-28 11:26:25 us=109000 Control Channel MTU parms [ mss_fix:0 max_frag:0 tun_mtu:1250 tun_max_mtu:0 headroom:126 payload:1600 tailroom:126 ET:0 ]
2023-07-28 11:26:25 us=109000 Data Channel MTU parms [ mss_fix:0 max_frag:0 tun_mtu:1500 tun_max_mtu:1600 headroom:136 payload:1800 tailroom:568 ET:32 ]
2023-07-28 11:26:25 us=109000 TCP connection established with [AF_INET]80.187.64.229:31729
2023-07-28 11:26:25 us=109000 TCPv4_SERVER link local: (not bound)
2023-07-28 11:26:25 us=109000 TCPv4_SERVER link remote: [AF_INET]80.187.64.229:31729
2023-07-28 11:26:25 us=906000 80.187.64.229:31729 TCPv4_SERVER READ [14] from [AF_INET]80.187.64.229
P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=02023-07-28 11:26:25 us=906000 80.187.64.229:31729 TLS: Initial packet from [AF_INET]80.187.64.229:31729, sid=9933fe32 344c21ee
2023-07-28 11:26:25 us=906000 80.187.64.229:31729 TCPv4_SERVER WRITE [26] to [AF_INET]80.187.64.229
P_CONTROL_HARD_RESET_SERVER_V2 kid=0 [ 0 ] pid=0 DATA len=02023-07-28 11:26:25 us=953000 80.187.64.229:31729 TCPv4_SERVER READ [22] from [AF_INET]80.187.64.229
P_ACK_V1 kid=0 [ 0 ] DATA len=02023-07-28 11:26:26 us=78000 80.187.64.229:31729 TCPv4_SERVER READ [291] from [AF_INET]80.187.64.229
P_CONTROL_V1 kid=0 [ ] pid=1 DATA len=2772023-07-28 11:26:26 us=93000 80.187.64.229:31729 TCPv4_SERVER WRITE [1222] to [AF_INET]80.187.64.229
P_CONTROL_V1 kid=0 [ 1 0 ] pid=1 DATA len=11922023-07-28 11:26:26 us=93000 80.187.64.229:31729 TCPv4_SERVER WRITE [1222] to [AF_INET]80.187.64.229
P_CONTROL_V1 kid=0 [ 1 0 ] pid=2 DATA len=11922023-07-28 11:26:26 us=93000 80.187.64.229:31729 TCPv4_SERVER WRITE [47] to [AF_INET]80.187.64.229
P_CONTROL_V1 kid=0 [ 1 0 ] pid=3 DATA len=172023-07-28 11:26:26 us=187000 80.187.64.229:31729 TCPv4_SERVER READ [22] from [AF_INET]80.187.64.229
P_ACK_V1 kid=0 [ 1 ] DATA len=02023-07-28 11:26:26 us=296000 80.187.64.229:31729 Connection reset, restarting [0]
2023-07-28 11:26:26 us=296000 80.187.64.229:31729 SIGUSR1[soft,connection-reset] received, client-instance restarting
2023-07-28 11:26:26 us=296000 TCP/UDP: Closing socket
2023-07-28 11:26:31 us=531000 MULTI: multi_create_instance called
2023-07-28 11:26:31 us=531000 Re-using SSL/TLS context
2023-07-28 11:26:31 us=531000 Control Channel MTU parms [ mss_fix:0 max_frag:0 tun_mtu:1250 tun_max_mtu:0 headroom:126 payload:1600 tailroom:126 ET:0 ]
2023-07-28 11:26:31 us=531000 Data Channel MTU parms [ mss_fix:0 max_frag:0 tun_mtu:1500 tun_max_mtu:1600 headroom:136 payload:1800 tailroom:568 ET:32 ]
2023-07-28 11:26:31 us=531000 TCP connection established with [AF_INET]80.187.64.229:31863
2023-07-28 11:26:31 us=531000 TCPv4_SERVER link local: (not bound)
2023-07-28 11:26:31 us=531000 TCPv4_SERVER link remote: [AF_INET]80.187.64.229:31863
2023-07-28 11:26:31 us=531000 80.187.64.229:31863 TCPv4_SERVER READ [14] from [AF_INET]80.187.64.229
P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=02023-07-28 11:26:31 us=531000 80.187.64.229:31863 TLS: Initial packet from [AF_INET]80.187.64.229:31863, sid=aa480827 80e41a5d
2023-07-28 11:26:31 us=531000 80.187.64.229:31863 TCPv4_SERVER WRITE [26] to [AF_INET]80.187.64.229
P_CONTROL_HARD_RESET_SERVER_V2 kid=0 [ 0 ] pid=0 DATA len=02023-07-28 11:26:31 us=625000 80.187.64.229:31863 TCPv4_SERVER READ [22] from [AF_INET]80.187.64.229
P_ACK_V1 kid=0 [ 0 ] DATA len=02023-07-28 11:26:31 us=734000 80.187.64.229:31863 TCPv4_SERVER READ [291] from [AF_INET]80.187.64.229
P_CONTROL_V1 kid=0 [ ] pid=1 DATA len=2772023-07-28 11:26:31 us=750000 80.187.64.229:31863 TCPv4_SERVER WRITE [1222] to [AF_INET]80.187.64.229
P_CONTROL_V1 kid=0 [ 1 0 ] pid=1 DATA len=11922023-07-28 11:26:31 us=750000 80.187.64.229:31863 TCPv4_SERVER WRITE [1222] to [AF_INET]80.187.64.229
P_CONTROL_V1 kid=0 [ 1 0 ] pid=2 DATA len=11922023-07-28 11:26:31 us=750000 80.187.64.229:31863 TCPv4_SERVER WRITE [47] to [AF_INET]80.187.64.229
P_CONTROL_V1 kid=0 [ 1 0 ] pid=3 DATA len=172023-07-28 11:26:31 us=890000 80.187.64.229:31863 TCPv4_SERVER READ [22] from [AF_INET]80.187.64.229
P_ACK_V1 kid=0 [ 1 ] DATA len=02023-07-28 11:26:31 us=968000 80.187.64.229:31863 Connection reset, restarting [0]
2023-07-28 11:26:31 us=968000 80.187.64.229:31863 SIGUSR1[soft,connection-reset] received, client-instance restarting
2023-07-28 11:26:31 us=968000 TCP/UDP: Closing socket
Multi to closing socket is than repeating
my server config:
Server Conf
local 192.168.0.195
port 10132
proto tcp
;proto udp
dev tap
;dev tun
dev-node MyTap
ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\config\\AIMOS_SERVER.crt"
key "C:\\Program Files\\OpenVPN\\config\\AIMOS_SERVER.key" # This file should be kept secret
dh "C:\\Program Files\\OpenVPN\\config\\dh2048.pem"
topology subnet
server 11.8.0.0 255.255.255.0
duplicate-cn
keepalive 10 120
;tls-auth ta.key 0 # This file is secret
#Cypher tests
data-ciphers AES-256-CBC
;data-ciphers BF-CBC
;data-ciphers-fallback BF-CBC
;providers legacy default
;tls-cipher "DEFAULT:@SECLEVEL=0"
;data-ciphers AES-256-GCM:AES-128-GCM:BF-CBC
#
# For compression compatible with older clients use comp-lzo
# If you enable it here, you must also
# enable it in the client config file.
;comp-lzo
status openvpn-status.log
# 0 is silent, except for fatal errors
# 4 is reasonable for general usage
# 5 and 6 can help to debug connection problems
# 9 is extremely verbose
verb 6
;mute 20
# can automatically reconnect.
;explicit-exit-notify 1
and now for the "special case"-Part. the Config file for the Repeater:
Repeater Config File
<VPNConfiguration>
<protocol>1</protocol>
<vpnOmcIPAddress>11.8.0.1</vpnOmcIPAddress>
<mainServerIPAddress1>STATIC_IP_SERVER:10132</mainServerIPAddress1>
<backupServerIPAddress1></backupServerIPAddress1>
<ca>
<caLine001>-----BEGIN CERTIFICATE-----</caLine001>
<caLine002>MIIDWTCCAkGgAwIBAgIQWrR/csI4+nAKNteZsAOn6DANBgkqhkiG9w0BAQsFADAX</caLine002>
BLANK
<caLine019>iSE6oMKo0MIgmecKsP3ABQnZ5saP+1pbFd6KBSPQth8S6y0hu33dJ5xfoBmn</caLine019>
<caLine020>-----END CERTIFICATE-----</caLine020>
</ca>
<conf>
<confLine001>##############################################</confLine001>
<confLine002># Sample client-side OpenVPN 2.0 config file #</confLine002>
<confLine003># for connecting to multi-client server. #</confLine003>
<confLine004># #</confLine004>
<confLine005># This configuration can be used by multiple #</confLine005>
<confLine006># clients, however each client should have #</confLine006>
<confLine007># its own cert and key files. #</confLine007>
<confLine008># #</confLine008>
<confLine009># On Windows, you might want to rename this #</confLine009>
<confLine010># file so it has a .ovpn extension #</confLine010>
<confLine011>##############################################</confLine011>
<confLine012></confLine012>
<confLine013># Specify that we are a client and that we</confLine013>
<confLine014># will be pulling certain config file directives</confLine014>
<confLine015># from the server.</confLine015>
<confLine016>client</confLine016>
<confLine017></confLine017>
<confLine018># Use the same setting as you are using on</confLine018>
<confLine019># the server.</confLine019>
<confLine020># On most systems, the VPN will not function</confLine020>
<confLine021># unless you partially or fully disable</confLine021>
<confLine022># the firewall for the TUN/TAP interface.</confLine022>
<confLine023>dev tap</confLine023>
<confLine024>;dev tun</confLine024>
<confLine025></confLine025>
<confLine026># Windows needs the TAP-Win32 adapter name</confLine026>
<confLine027># from the Network Connections panel</confLine027>
<confLine028># if you have more than one. On XP SP2,</confLine028>
<confLine029># you may need to disable the firewall</confLine029>
<confLine030># for the TAP adapter.</confLine030>
<confLine031>;dev-node MyTap</confLine031>
<confLine032></confLine032>
<confLine033># Are we connecting to a TCP or</confLine033>
<confLine034># UDP server? Use the same setting as</confLine034>
<confLine035># on the server.</confLine035>
<confLine036># Note: NodeA/AM passes this on the command-line</confLine036>
<confLine037>proto tcp</confLine037>
<confLine038>;proto udp</confLine038>
<confLine039></confLine039>
<confLine040># The hostname/IP and port of the server.</confLine040>
<confLine041># You can have multiple remote entries</confLine041>
<confLine042># to load balance between the servers.</confLine042>
<confLine043>remote STATIC_IP_SERVER 10132</confLine043>
<confLine044>;remote 192.168.1.4 1194</confLine044>
<confLine045>;server-poll-timeout 10</confLine045>
<confLine046>;script-security 3</confLine046>
<confLine047></confLine047>
<confLine048># Choose a random host from the remote</confLine048>
<confLine049># list for load-balancing. Otherwise</confLine049>
<confLine050># try hosts in the order specified.</confLine050>
<confLine051>;remote-random</confLine051>
<confLine052></confLine052>
<confLine053># Keep trying indefinitely to resolve the</confLine053>
<confLine054># host name of the OpenVPN server. Very useful</confLine054>
<confLine055># on machines which are not permanently connected</confLine055>
<confLine056># to the internet such as laptops.</confLine056>
<confLine057>;resolv-retry infinite</confLine057>
<confLine058></confLine058>
<confLine059># Most clients don't need to bind to</confLine059>
<confLine060># a specific local port number.</confLine060>
<confLine061># Note: NodeA/AM client needs to bind to a specific port, default to </confLine061>
<confLine062># 1194 for both server/client.</confLine062>
<confLine063>;nobind</confLine063>
<confLine064>port 1194</confLine064>
<confLine065></confLine065>
<confLine066># Downgrade privileges after initialization (non-Windows only)</confLine066>
<confLine067>;user nobody</confLine067>
<confLine068>;group nobody</confLine068>
<confLine069></confLine069>
<confLine070># Try to preserve some state across restarts.</confLine070>
<confLine071>;persist-key</confLine071>
<confLine072>;persist-tun</confLine072>
<confLine073></confLine073>
<confLine074># If you are connecting through an</confLine074>
<confLine075># HTTP proxy to reach the actual OpenVPN</confLine075>
<confLine076># server, put the proxy server/IP and</confLine076>
<confLine077># port number here. See the man page</confLine077>
<confLine078># if your proxy server requires</confLine078>
<confLine079># authentication.</confLine079>
<confLine080>;http-proxy-retry # retry on connection failures</confLine080>
<confLine081>;http-proxy [proxy server] [proxy port #]</confLine081>
<confLine082></confLine082>
<confLine083># Wireless networks often produce a lot</confLine083>
<confLine084># of duplicate packets. Set this flag</confLine084>
<confLine085># to silence duplicate packet warnings.</confLine085>
<confLine086>;mute-replay-warnings</confLine086>
<confLine087></confLine087>
<confLine088>auth-user-pass dummyUserCredentials</confLine088>
<confLine089></confLine089>
<confLine090># SSL/TLS parms.</confLine090>
<confLine091># See the server config file for more</confLine091>
<confLine092># description. It's best to use</confLine092>
<confLine093># a separate .crt/.key file pair</confLine093>
<confLine094># for each client. A single ca</confLine094>
<confLine095># file can be used for all clients.</confLine095>
<confLine096>ca ca.crt</confLine096>
<confLine097>;cert client.crt</confLine097>
<confLine098>;key client.key</confLine098>
<confLine099></confLine099>
<confLine100># Verify server certificate by checking</confLine100>
<confLine101># that the certicate has the nsCertType</confLine101>
<confLine102># field set to "server". This is an</confLine102>
<confLine103># important precaution to protect against</confLine103>
<confLine104># a potential attack discussed here:</confLine104>
<confLine105># http://openvpn.net/howto.html#mitm</confLine105>
<confLine106>#</confLine106>
<confLine107># To use this feature, you will need to generate</confLine107>
<confLine108># your server certificates with the nsCertType</confLine108>
<confLine109># field set to "server". The build-key-server</confLine109>
<confLine110># script in the easy-rsa folder will do this.</confLine110>
<confLine111>ns-cert-type server</confLine111>
<confLine112></confLine112>
<confLine113># If a tls-auth key is used on the server</confLine113>
<confLine114># then every client must also have the key.</confLine114>
<confLine115>;tls-auth ta.key 1</confLine115>
<confLine116></confLine116>
<confLine117># Select a cryptographic cipher.</confLine117>
<confLine118># If the cipher option is used on the server</confLine118>
<confLine119># then you must also specify it here.</confLine119>
<confLine120>;cipher x</confLine120>
<confLine121>cipher BF-CBC</confLine121>
<confLine122>;cipher-fallback BF-CBC</confLine122>
<confLine123># Enable compression on the VPN link.</confLine123>
<confLine124># Don't enable this unless it is also</confLine124>
<confLine125># enabled in the server config file.</confLine125>
<confLine126>;comp-lzo</confLine126>
<confLine127></confLine127>
<confLine128># Note: Server pushes this to the NodeA/AM client.</confLine128>
<confLine129>keepalive 10 120</confLine129>
<confLine130></confLine130>
<confLine131># Set log file verbosity.</confLine131>
<confLine132>verb 3</confLine132>
<confLine133></confLine133>
<confLine134># Silence repeating messages</confLine134>
<confLine135>;mute 20</confLine135>
<confLine136></confLine136>
<confLine137># Disable renegotiation, the server will control this.</confLine137>
<confLine138>reneg-sec 0</confLine138>
<confLine139></confLine139>
<confLine140># Parameters to limit datagram fragmentation</confLine140>
<confLine140># Parameters to limit datagram fragmentation</confLine140>
<confLine141>mssfix</confLine141>
<confLine142>tun-mtu 1500</confLine142>
</conf>
<timerInterval>2</timerInterval>
<connTimeout>30</connTimeout>
<serverReconnectTime>15</serverReconnectTime>
<serverRescanTime>1440</serverRescanTime>
</VPNConfiguration>
The Config File was given to me my a company which uses VPN to access there Repeater. i only changed IPs and Ports in the File so that i have a baseline to compare to.
Portforwarding is done in my Fritzox.
I hope someone might see something obvious which i cant find anymore after 3 days trying to get this to work.
maybe its something stupid like using the wrong CA for the Inline part in the Repeater config. sigh.
Ps. i hope i did everything right with the BBcodes and if anything is missing i will do my best to provide it.