Packet loss on bridged server

This forum is for all inquiries relating to the installation of OpenVPN from source and with binaries.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please visit (and READ) the OpenVPN HowTo http://openvpn.net/howto prior to asking any questions in here!
Post Reply
Vart
OpenVpn Newbie
Posts: 3
Joined: Mon Feb 27, 2017 11:46 pm

Packet loss on bridged server

Post by Vart » Tue Feb 28, 2017 12:12 am

Hello, my setup is a bit unusual :
On a lan a Mac (IP:192.168.0.14 Gateway:192.168.0.254), on this Mac, VitualBox with Ubuntu 16 (IP : 192.168.0.15 Gateway:192.168.0.254). On the lan’s gateway a port 443 forwarded to the Ubuntu box open on port 443. As you understood the OpenVPN server is not the lan gateway.
I try to get not only access to the server machine but also to the other machines on the server’s lan.
Server Lan is 192.168.3.0, client Lan si 192.168.2.0. And gateways are closed boxes on which I cannot setup routes.

No firewall active

I’ve setup a briged server (tap) on the Ubuntu virtual machine. Clients can connect but a simple ping gives me from 10 % to 50 %packet loss, and a ping -R gives 100 % packet loss.


Server side :

Code: Select all

Ubuntu--$cat /etc/openvpn/server.conf
mode server
port 443
proto udp
dev tap0
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/server.crt
key /etc/openvpn/easy-rsa/keys/server.key
dh /etc/openvpn/easy-rsa/keys/dh2048.pem
remote-cert-tls client
server-bridge 192.168.3.15 255.255.255.0 192.168.3.192 192.168.3.198
push "route 192.168.3.0 255.255.255.248"
client-to-client
keepalive 10 120
comp-lzo
persist-key
persist-tun
passtos
status /var/log/openvpn-status.log
log-append /var/log/openvpn.log
verb 4

On the server (connected) :

Code: Select all

Ubuntu--$ ifconfig
br0       Link encap:Ethernet  HWaddr 08:00:27:5e:70:c0
          inet addr:192.168.3.15  Bcast:192.168.3.255  Mask:255.255.255.0
          inet6 addr: fe80::a00:27ff:fe5e:70c0/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:941960 errors:0 dropped:6 overruns:0 frame:0
          TX packets:1099957 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:316430588 (316.4 MB)  TX bytes:707344584 (707.3 MB)

enp0s3    Link encap:Ethernet  HWaddr 02:2d:cd:03:0d:15
          inet addr:10.0.2.15  Bcast:10.0.2.255  Mask:255.255.255.0
          inet6 addr: fe80::2d:cdff:fe03:d15/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:41230 errors:0 dropped:0 overruns:0 frame:0
          TX packets:35968 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:4729019 (4.7 MB)  TX bytes:15221889 (15.2 MB)

enp0s8    Link encap:Ethernet  HWaddr 08:00:27:5e:70:c0
          inet addr:192.168.3.15  Bcast:192.168.3.255  Mask:255.255.255.0
          inet6 addr: fe80::a00:27ff:fe5e:70c0/64 Scope:Link
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
          RX packets:38445246 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1301970 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:50965044981 (50.9 GB)  TX bytes:669265264 (669.2 MB)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:121816 errors:0 dropped:0 overruns:0 frame:0
          TX packets:121816 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1
          RX bytes:48071372 (48.0 MB)  TX bytes:48071372 (48.0 MB)

tap0      Link encap:Ethernet  HWaddr d6:32:30:da:44:ab
          inet6 addr: fe80::d432:30ff:feda:44ab/64 Scope:Link
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
          RX packets:347938 errors:0 dropped:0 overruns:0 frame:0
          TX packets:588965 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:34694045 (34.6 MB)  TX bytes:391282809 (391.2 MB)

Code: Select all

Ubuntu--$ route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.3.254   0.0.0.0         UG    0      0        0 br0
0.0.0.0         10.0.2.2        0.0.0.0         UG    0      0        0 enp0s3
10.0.2.0        0.0.0.0         255.255.255.0   U     0      0        0 enp0s3
192.168.3.0     0.0.0.0         255.255.255.0   U     0      0        0 br0
192.168.3.0     0.0.0.0         255.255.255.0   U     0      0        0 enp0s8

Code: Select all

Ubuntu--$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Ubuntu--$ sudo ufw status
Status: inactive


Client side :

Code: Select all

client-mac--$cat client.opvn
client
dev tap0
proto udp
remote my.domain.com 443
persist-key
persist-tun
ca ca.crt
cert mykey.crt
key mykey.key
remote-cert-tls server
comp-lzo
verb 3


on the client (during connection) :

Code: Select all

client-mac--$ifconconfig
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
	ether 78:31:c1:b9:12:1c
	inet 192.168.2.51 netmask 0xffffff00 broadcast 192.168.2.255
	media: autoselect
	status: active
en1: flags=963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX> mtu 1500
	options=60<TSO4,TSO6>
	ether 72:00:01:ee:e9:50
	media: autoselect <full-duplex>
	status: inactive
en2: flags=963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX> mtu 1500
	options=60<TSO4,TSO6>
	ether 72:00:01:ee:e9:51
	media: autoselect <full-duplex>
	status: inactive
bridge0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
	options=63<RXCSUM,TXCSUM,TSO4,TSO6>
	ether 7a:31:c1:9b:3d:00
	Configuration:
		id 0:0:0:0:0:0 priority 0 hellotime 0 fwddelay 0
		maxage 0 holdcnt 0 proto stp maxaddr 100 timeout 1200
		root id 0:0:0:0:0:0 priority 0 ifcost 0 port 0
		ipfilter disabled flags 0x2
	member: en2 flags=3<LEARNING,DISCOVER>
	        ifmaxaddr 0 port 6 priority 0 path cost 0
	member: en1 flags=3<LEARNING,DISCOVER>
	        ifmaxaddr 0 port 5 priority 0 path cost 0
	nd6 options=1<PERFORMNUD>
	media: <unknown type>
	status: inactive
p2p0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 2304
	ether 0a:31:c1:b9:12:1c
	media: autoselect
	status: inactive
awdl0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1484
	ether 36:f2:15:ae:aa:a8
	inet6 fe80::34f2:15ff:feae:aaa8%awdl0 prefixlen 64 scopeid 0x9
	nd6 options=1<PERFORMNUD>
	media: autoselect
	status: active
vboxnet0: flags=8842<BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
	ether 0a:00:27:00:00:00
vboxnet1: flags=8842<BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
	ether 0a:00:27:00:00:01
tap0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
	ether 96:b6:d7:9f:bd:96
	inet 192.168.3.192 netmask 0xffffff00 broadcast 192.168.3.255
	media: autoselect
	status: active
	open (pid 44216)

Code: Select all

client-mac--$netstat -nr
Routing tables

Internet:
Destination        Gateway            Flags        Refs      Use   Netif Expire
default            192.168.2.254      UGSc         4747        0     en0
127                127.0.0.1          UCS             3     2215     lo0
127.0.0.1          127.0.0.1          UH             16  3291910     lo0
127.0.0.11         127.0.0.1          UHWIi           1        1     lo0
127.39.184.87      127.0.0.1          UHWIi           1     1974     lo0
169.254            link#4             UCS             1        0     en0
192.168.2          link#4             UCS             7        0     en0
192.168.2.10       link#4             UHLWIi          1        1     en0
192.168.2.14       link#4             UHLWIi          1        1     en0
192.168.2.17       link#4             UHLWIi          1        1     en0
192.168.2.20       link#4             UHLWIi          1        1     en0
192.168.2.51/32    link#4             UCS             2        0     en0
192.168.2.51       78:31:c1:b9:12:1c  UHLWIi          1      856     lo0
192.168.2.53       0:17:88:9:c2:f7    UHLWIi          1       48     en0    412
192.168.2.100      link#4             UHLWIi          1    10477     en0
192.168.2.254/32   link#4             UCS             2        0     en0
192.168.2.254      0:7:cb:30:0:2e     UHLWIir      4743      987     en0   1198
192.168.3/29       192.168.3.15       UGSc            1        0    tap0
192.168.3          link#12            UC              5        0    tap0
192.168.3.15       8:0:27:5e:70:c0    UHLWIi          2      818    tap0    486
192.168.3.193      link#12            UHLWIi          1        6    tap0
192.168.3.202      link#12            UHLWIi          1        3    tap0
224.0.0            link#4             UmCS            2        0     en0
224.0.0.251        1:0:5e:0:0:fb      UHmLWI          1        3     en0
255.255.255.255/32 link#4             UCS             2        0     en0
255.255.255.255    link#4             UHLWbI          1     2107     en0

Internet6:
Destination                             Gateway                         Flags         Netif Expire
::1                                     ::1                             UHL             lo0
fe80::%lo0/64                           fe80::1%lo0                     UcI             lo0
fe80::1%lo0                             link#1                          UHLI            lo0
fe80::%awdl0/64                         link#9                          UCI           awdl0
fe80::34f2:15ff:feae:aaa8%awdl0         36:f2:15:ae:aa:a8               UHLI            lo0
ff01::%lo0/32                           ::1                             UmCI            lo0
ff01::%awdl0/32                         link#9                          UmCI          awdl0
ff02::%lo0/32                           ::1                             UmCI            lo0
ff02::%awdl0/32                         link#9                          UmCI          awdl0
Host Mac :

Code: Select all

host-mac--$ ifconfig
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
	options=3<RXCSUM,TXCSUM>
	inet6 ::1 prefixlen 128
	inet 127.0.0.1 netmask 0xff000000
	inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
	nd6 options=1<PERFORMNUD>
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
stf0: flags=0<> mtu 1280
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
	options=10b<RXCSUM,TXCSUM,VLAN_HWTAGGING,AV>
	ether 68:5b:35:b7:7b:2a
	nd6 options=1<PERFORMNUD>
	media: autoselect (none)
	status: inactive
en1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
	ether b4:18:d1:e5:22:4d
	inet6 fe80::b618:d1ff:fee5:224d%en1 prefixlen 64 scopeid 0x5
	inet 192.168.3.14 netmask 0xffffff00 broadcast 192.168.3.255
	nd6 options=1<PERFORMNUD>
	media: autoselect
	status: active
en2: flags=822<BROADCAST,SMART,SIMPLEX> mtu 1500
	options=60<TSO4,TSO6>
	ether 32:00:1b:16:60:00
	media: autoselect <full-duplex>
	status: inactive
en3: flags=963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX> mtu 1500
	options=60<TSO4,TSO6>
	ether 32:00:1b:16:60:01
	media: autoselect <full-duplex>
	status: inactive
p2p0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 2304
	ether 06:18:d1:e5:22:4d
	media: autoselect
	status: inactive
awdl0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1484
	ether 0e:cd:40:0a:6b:f2
	inet6 fe80::ccd:40ff:fe0a:6bf2%awdl0 prefixlen 64 scopeid 0x9
	nd6 options=1<PERFORMNUD>
	media: autoselect
	status: active
utun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1380
	inet6 fe80::1c27:5eb8:124f:ce11%utun0 prefixlen 64 scopeid 0xa
	inet6 fdda:ba4b:a926:92e4:1c27:5eb8:124f:ce11 prefixlen 64
	nd6 options=1<PERFORMNUD>
bridge0: flags=8822<BROADCAST,SMART,SIMPLEX,MULTICAST> mtu 1500
	options=63<RXCSUM,TXCSUM,TSO4,TSO6>
	ether 6a:5b:35:7b:9d:00
	Configuration:
		id 0:0:0:0:0:0 priority 0 hellotime 0 fwddelay 0
		maxage 0 holdcnt 0 proto stp maxaddr 100 timeout 1200
		root id 0:0:0:0:0:0 priority 0 ifcost 0 port 0
		ipfilter disabled flags 0x2
	member: en3 flags=3<LEARNING,DISCOVER>
	        ifmaxaddr 0 port 7 priority 0 path cost 0
	media: <unknown type>
	status: inactive

Code: Select all

host-mac--$ netstat -nr
Routing tables

Internet:
Destination        Gateway            Flags        Refs      Use   Netif Expire
default            192.168.3.254      UGSc           23        0     en1
127                127.0.0.1          UCS             0        0     lo0
127.0.0.1          127.0.0.1          UH              6    13460     lo0
169.254            link#5             UCS             0        0     en1
192.168.3          link#5             UCS             2        0     en1
192.168.3.10       0:d:93:61:30:c4    UHLWIi          1   150137     en1   1140
192.168.3.14/32    link#5             UCS             0        0     en1
192.168.3.192      96:b6:d7:9f:bd:96  UHLWI           0       20     en1    970
192.168.3.254/32   link#5             UCS             1        0     en1
192.168.3.254      0:24:d4:b3:e7:d6   UHLWIir        25     3095     en1   1173
224.0.0            link#5             UmCS            1        0     en1
224.0.0.251        1:0:5e:0:0:fb      UHmLWI          0        0     en1
255.255.255.255/32 link#5             UCS             0        0     en1

Internet6:
Destination                             Gateway                         Flags         Netif Expire
::1                                     ::1                             UHL             lo0
fdda:ba4b:a926:92e4::/64                fe80::1c27:5eb8:124f:ce11%utun0 Uc            utun0
fdda:ba4b:a926:92e4:1c27:5eb8:124f:ce11 link#10                         UHL             lo0
fe80::%lo0/64                           fe80::1%lo0                     UcI             lo0
fe80::1%lo0                             link#1                          UHLI            lo0
fe80::%en1/64                           link#5                          UCI             en1
fe80::183b:b0cd:eed7:befa%en1           0:6d:52:88:1b:ce                UHLWI           en1
fe80::b618:d1ff:fee5:224d%en1           b4:18:d1:e5:22:4d               UHLI            lo0
fe80::%awdl0/64                         link#9                          UCI           awdl0
fe80::ccd:40ff:fe0a:6bf2%awdl0          e:cd:40:a:6b:f2                 UHLI            lo0
fe80::%utun0/64                         fe80::1c27:5eb8:124f:ce11%utun0 UcI           utun0
fe80::1c27:5eb8:124f:ce11%utun0         link#10                         UHLI            lo0
ff01::%lo0/32                           ::1                             UmCI            lo0
ff01::%en1/32                           link#5                          UmCI            en1
ff01::%awdl0/32                         link#9                          UmCI          awdl0
ff01::%utun0/32                         fe80::1c27:5eb8:124f:ce11%utun0 UmCI          utun0
ff02::%lo0/32                           ::1                             UmCI            lo0
ff02::%en1/32                           link#5                          UmCI            en1
ff02::%awdl0/32                         link#9                          UmCI          awdl0
ff02::%utun0/32                         fe80::1c27:5eb8:124f:ce11%utun0 UmCI          utun0

From client to server :
client-mac--$ ping -c 10 192.168.3.15
--- 192.168.3.15 ping statistics ---
10 packets transmitted, 6 packets received, 40.0% packet loss
round-trip min/avg/max/stddev = 98.563/221.529/507.537/133.399 ms

client-mac--$ ping -c 10 -n 192.168.3.15
--- 192.168.3.15 ping statistics ---
10 packets transmitted, 7 packets received, 30.0% packet loss
round-trip min/avg/max/stddev = 96.743/146.345/193.829/30.541 ms

client-mac--$ ping -c 10 -n -R 192.168.3.15
--- 192.168.3.15 ping statistics ---
10 packets transmitted, 0 packets received, 100.0% packet loss

From client to host :
client-mac--$ ping -c 10 192.168.3.14
--- 192.168.3.14 ping statistics ---
10 packets transmitted, 10 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 105.332/163.339/238.152/39.035 ms

$ ping -c 10 -n 192.168.3.14
--- 192.168.3.14 ping statistics ---
10 packets transmitted, 10 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 61.561/175.646/444.777/103.324 ms

clien-mac--$ ping -c 10 -n -R 192.168.3.14
--- 192.168.3.14 ping statistics ---
10 packets transmitted, 0 packets received, 100.0% packet loss


If these are not enough to diagnose tell me.

Thanks for your help

V.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Packet loss on bridged server

Post by TinCanTech » Tue Feb 28, 2017 2:16 pm

Vart wrote:VitualBox with Ubuntu 16 (IP : 192.168.0.15 Gateway:192.168.0.254).
Vart wrote:setup a briged server (tap) on the Ubuntu virtual machine
Vart wrote:server-bridge 192.168.3.15 255.255.255.0 192.168.3.192 192.168.3.198
Ethernet Bridging

Vart
OpenVpn Newbie
Posts: 3
Joined: Mon Feb 27, 2017 11:46 pm

Re: Packet loss on bridged server

Post by Vart » Sat Mar 04, 2017 11:46 am

Sorry, that's a typo, you can see it in ifconfigs,
VitualBox with Ubuntu 16 (IP : 192.168.0.15 Gateway:192.168.0.254). is
VitualBox with Ubuntu 16 (IP : 192.168.3.15 Gateway:192.168.3.254).

that's why
server-bridge 192.168.3.15 255.255.255.0 192.168.3.192 192.168.3.198

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Packet loss on bridged server

Post by TinCanTech » Sat Mar 04, 2017 12:34 pm

Vart wrote:Ubuntu--$ ifconfig
br0 Link encap:Ethernet HWaddr 08:00:27:5e:70:c0
inet addr:192.168.3.15 Bcast:192.168.3.255 Mask:255.255.255.0
inet6 addr: fe80::a00:27ff:fe5e:70c0/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:941960 errors:0 dropped:6 overruns:0 frame:0
TX packets:1099957 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:316430588 (316.4 MB) TX bytes:707344584 (707.3 MB)

enp0s3 Link encap:Ethernet HWaddr 02:2d:cd:03:0d:15
inet addr:10.0.2.15 Bcast:10.0.2.255 Mask:255.255.255.0
inet6 addr: fe80::2d:cdff:fe03:d15/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:41230 errors:0 dropped:0 overruns:0 frame:0
TX packets:35968 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:4729019 (4.7 MB) TX bytes:15221889 (15.2 MB)

enp0s8 Link encap:Ethernet HWaddr 08:00:27:5e:70:c0
inet addr:192.168.3.15 Bcast:192.168.3.255 Mask:255.255.255.0
inet6 addr: fe80::a00:27ff:fe5e:70c0/64 Scope:Link
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
RX packets:38445246 errors:0 dropped:0 overruns:0 frame:0
TX packets:1301970 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:50965044981 (50.9 GB) TX bytes:669265264 (669.2 MB)

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:121816 errors:0 dropped:0 overruns:0 frame:0
TX packets:121816 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1
RX bytes:48071372 (48.0 MB) TX bytes:48071372 (48.0 MB)

tap0 Link encap:Ethernet HWaddr d6:32:30:da:44:ab
inet6 addr: fe80::d432:30ff:feda:44ab/64 Scope:Link
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
RX packets:347938 errors:0 dropped:0 overruns:0 frame:0
TX packets:588965 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:34694045 (34.6 MB) TX bytes:391282809 (391.2 MB)
Ethernet Bridging

Please see:
HOWTO: Request Help !

Vart
OpenVpn Newbie
Posts: 3
Joined: Mon Feb 27, 2017 11:46 pm

Re: Packet loss on bridged server

Post by Vart » Sun Mar 05, 2017 7:45 pm

Hello,

and thannk you for repkying. I've read the two links you gave, several times, and for the HowTo there's obviously things I didn't understand. For the oconf BBCode, I tried and it didn't work, I missed that there was a code for server and one for client, sorry.

As far as I understood from your last post, my enp0s8 shouldn't have an IP as it is supposed to be bridged into br0. I've investigated the matter : running my script from command line works (enp0s8 has no IP), stoping and starting openvpn server from command lines calls the script which works, but rebooting the virtual machine, i.e. letting the script be run by the /lib/systemd/system/openvpn@.service file which contains:

Code: Select all

.
.
.
ExecStartPre=/etc/openvpn/openvpn-bridge start
ExecStopPost=/etc/openvpn/openvpn-bridge stop
.
.
doesn't work. Even if :

Code: Select all

$ sudo service openvpn status
● openvpn.service - OpenVPN service
   Loaded: loaded (/lib/systemd/system/openvpn.service; enabled; vendor preset: enabled)
   Active: active (exited) since Sun 2017-03-05 19:13:34 UTC; 14min ago
  Process: 7862 ExecStart=/bin/true (code=exited, status=0/SUCCESS)
 Main PID: 7862 (code=exited, status=0/SUCCESS)
    Tasks: 0
   Memory: 0B
      CPU: 0
   CGroup: /system.slice/openvpn.service
   
it says ExecStart=/bin/true (code=exited, status=0/SUCCESS).

I'm investigating the matter and I plan to make the bridge permanent by modifying /etc/network/interfaces as I don't really need an on demand bridge.

But, but... That is not the cause of my troubles. Building the bridge from command line, and then starting the openvpn server still gives the same rate of packets lost.
I'm neither able to reach another machine on the server Lan, i.e. pinging 192.168.3.10 from a client (192.168.3.192) gives 100% packet loss.

Here are the openvpn log file, if ever this can help understand what is happening.

Server start log :

Code: Select all

   Sun Mar  5 19:13:34 2017 us=406517 Current Parameter Settings:
Sun Mar  5 19:13:34 2017 us=406575   config = '/etc/openvpn/server.conf'
Sun Mar  5 19:13:34 2017 us=406584   mode = 1
Sun Mar  5 19:13:34 2017 us=406588   persist_config = DISABLED
Sun Mar  5 19:13:34 2017 us=406602   persist_mode = 1
Sun Mar  5 19:13:34 2017 us=406606   show_ciphers = DISABLED
Sun Mar  5 19:13:34 2017 us=406610   show_digests = DISABLED
Sun Mar  5 19:13:34 2017 us=406614   show_engines = DISABLED
Sun Mar  5 19:13:34 2017 us=406617   genkey = DISABLED
Sun Mar  5 19:13:34 2017 us=406621   key_pass_file = '[UNDEF]'
Sun Mar  5 19:13:34 2017 us=406635   show_tls_ciphers = DISABLED
Sun Mar  5 19:13:34 2017 us=406638 Connection profiles [default]:
Sun Mar  5 19:13:34 2017 us=406642   proto = udp
Sun Mar  5 19:13:34 2017 us=406646   local = '[UNDEF]'
Sun Mar  5 19:13:34 2017 us=406650   local_port = 443
Sun Mar  5 19:13:34 2017 us=406654   remote = '[UNDEF]'
Sun Mar  5 19:13:34 2017 us=406658   remote_port = 443
Sun Mar  5 19:13:34 2017 us=406722   remote_float = DISABLED
Sun Mar  5 19:13:34 2017 us=406727   bind_defined = DISABLED
Sun Mar  5 19:13:34 2017 us=406730   bind_local = ENABLED
Sun Mar  5 19:13:34 2017 us=406734   connect_retry_seconds = 5
Sun Mar  5 19:13:34 2017 us=406738   connect_timeout = 10
Sun Mar  5 19:13:34 2017 us=406742   connect_retry_max = 0
Sun Mar  5 19:13:34 2017 us=406745   socks_proxy_server = '[UNDEF]'
Sun Mar  5 19:13:34 2017 us=406749   socks_proxy_port = 0
Sun Mar  5 19:13:34 2017 us=406773   socks_proxy_retry = DISABLED
Sun Mar  5 19:13:34 2017 us=406779   tun_mtu = 1500
Sun Mar  5 19:13:34 2017 us=406783   tun_mtu_defined = ENABLED
Sun Mar  5 19:13:34 2017 us=406787   link_mtu = 1500
Sun Mar  5 19:13:34 2017 us=406790   link_mtu_defined = DISABLED
Sun Mar  5 19:13:34 2017 us=406794   tun_mtu_extra = 32
Sun Mar  5 19:13:34 2017 us=406797   tun_mtu_extra_defined = ENABLED
Sun Mar  5 19:13:34 2017 us=406801   mtu_discover_type = -1
Sun Mar  5 19:13:34 2017 us=406805   fragment = 0
Sun Mar  5 19:13:34 2017 us=406808   mssfix = 1450
Sun Mar  5 19:13:34 2017 us=406812   explicit_exit_notification = 0
Sun Mar  5 19:13:34 2017 us=406816 Connection profiles END
Sun Mar  5 19:13:34 2017 us=406819   remote_random = DISABLED
Sun Mar  5 19:13:34 2017 us=406823   ipchange = '[UNDEF]'
Sun Mar  5 19:13:34 2017 us=406827   dev = 'tap0'
Sun Mar  5 19:13:34 2017 us=406830   dev_type = '[UNDEF]'
Sun Mar  5 19:13:34 2017 us=406834   dev_node = '[UNDEF]'
Sun Mar  5 19:13:34 2017 us=406837   lladdr = '[UNDEF]'
Sun Mar  5 19:13:34 2017 us=406841   topology = 1
Sun Mar  5 19:13:34 2017 us=406845   tun_ipv6 = DISABLED
Sun Mar  5 19:13:34 2017 us=406848   ifconfig_local = '[UNDEF]'
Sun Mar  5 19:13:34 2017 us=406852   ifconfig_remote_netmask = '[UNDEF]'
Sun Mar  5 19:13:34 2017 us=406856   ifconfig_noexec = DISABLED
Sun Mar  5 19:13:34 2017 us=406859   ifconfig_nowarn = DISABLED
Sun Mar  5 19:13:34 2017 us=406863   ifconfig_ipv6_local = '[UNDEF]'
Sun Mar  5 19:13:34 2017 us=406867   ifconfig_ipv6_netbits = 0
Sun Mar  5 19:13:34 2017 us=406870   ifconfig_ipv6_remote = '[UNDEF]'
Sun Mar  5 19:13:34 2017 us=406874   shaper = 0
Sun Mar  5 19:13:34 2017 us=406884   mtu_test = 0
Sun Mar  5 19:13:34 2017 us=406888   mlock = DISABLED
Sun Mar  5 19:13:34 2017 us=406892   keepalive_ping = 10
Sun Mar  5 19:13:34 2017 us=406895   keepalive_timeout = 120
Sun Mar  5 19:13:34 2017 us=406899   inactivity_timeout = 0
Sun Mar  5 19:13:34 2017 us=406902   ping_send_timeout = 10
Sun Mar  5 19:13:34 2017 us=406916   ping_rec_timeout = 240
Sun Mar  5 19:13:34 2017 us=406919   ping_rec_timeout_action = 2
Sun Mar  5 19:13:34 2017 us=407136   ping_timer_remote = DISABLED
Sun Mar  5 19:13:34 2017 us=407152   remap_sigusr1 = 0
Sun Mar  5 19:13:34 2017 us=407156   persist_tun = ENABLED
Sun Mar  5 19:13:34 2017 us=407159   persist_local_ip = DISABLED
Sun Mar  5 19:13:34 2017 us=407163   persist_remote_ip = DISABLED
Sun Mar  5 19:13:34 2017 us=407166   persist_key = ENABLED
Sun Mar  5 19:13:34 2017 us=407170   passtos = ENABLED
Sun Mar  5 19:13:34 2017 us=407173   resolve_retry_seconds = 1000000000
Sun Mar  5 19:13:34 2017 us=407177   username = '[UNDEF]'
Sun Mar  5 19:13:34 2017 us=407202   groupname = '[UNDEF]'
Sun Mar  5 19:13:34 2017 us=407207   chroot_dir = '[UNDEF]'
Sun Mar  5 19:13:34 2017 us=407211   cd_dir = '/etc/openvpn'
Sun Mar  5 19:13:34 2017 us=407391   writepid = '/run/openvpn/server.pid'
Sun Mar  5 19:13:34 2017 us=408171   up_script = '[UNDEF]'
Sun Mar  5 19:13:34 2017 us=408184   down_script = '[UNDEF]'
Sun Mar  5 19:13:34 2017 us=408189   down_pre = DISABLED
Sun Mar  5 19:13:34 2017 us=408193   up_restart = DISABLED
Sun Mar  5 19:13:34 2017 us=408197   up_delay = DISABLED
Sun Mar  5 19:13:34 2017 us=408211   daemon = ENABLED
Sun Mar  5 19:13:34 2017 us=408215   inetd = 0
Sun Mar  5 19:13:34 2017 us=408219   log = ENABLED
Sun Mar  5 19:13:34 2017 us=408222   suppress_timestamps = DISABLED
Sun Mar  5 19:13:34 2017 us=408226   nice = 0
Sun Mar  5 19:13:34 2017 us=408230   verbosity = 4
Sun Mar  5 19:13:34 2017 us=408233   mute = 0
Sun Mar  5 19:13:34 2017 us=408309   gremlin = 0
Sun Mar  5 19:13:34 2017 us=408314   status_file = '/var/log/openvpn-status.log'
Sun Mar  5 19:13:34 2017 us=408318   status_file_version = 1
Sun Mar  5 19:13:34 2017 us=408332   status_file_update_freq = 10
Sun Mar  5 19:13:34 2017 us=408335   occ = ENABLED
Sun Mar  5 19:13:34 2017 us=408349   rcvbuf = 0
Sun Mar  5 19:13:34 2017 us=408352   sndbuf = 0
Sun Mar  5 19:13:34 2017 us=408355   mark = 0
Sun Mar  5 19:13:34 2017 us=408359   sockflags = 0
Sun Mar  5 19:13:34 2017 us=408401   fast_io = DISABLED
Sun Mar  5 19:13:34 2017 us=408418   lzo = 7
Sun Mar  5 19:13:34 2017 us=408422   route_script = '[UNDEF]'
Sun Mar  5 19:13:34 2017 us=408426   route_default_gateway = '[UNDEF]'
Sun Mar  5 19:13:34 2017 us=408430   route_default_metric = 0
Sun Mar  5 19:13:34 2017 us=408499   route_noexec = DISABLED
Sun Mar  5 19:13:34 2017 us=408505   route_delay = 0
Sun Mar  5 19:13:34 2017 us=408653   route_delay_window = 30
Sun Mar  5 19:13:34 2017 us=408726   route_delay_defined = DISABLED
Sun Mar  5 19:13:34 2017 us=408742   route_nopull = DISABLED
Sun Mar  5 19:13:34 2017 us=408747   route_gateway_via_dhcp = DISABLED
Sun Mar  5 19:13:34 2017 us=408751   max_routes = 100
Sun Mar  5 19:13:34 2017 us=408754   allow_pull_fqdn = DISABLED
Sun Mar  5 19:13:34 2017 us=408758   management_addr = '[UNDEF]'
Sun Mar  5 19:13:34 2017 us=408761   management_port = 0
Sun Mar  5 19:13:34 2017 us=408765   management_user_pass = '[UNDEF]'
Sun Mar  5 19:13:34 2017 us=408768   management_log_history_cache = 250
Sun Mar  5 19:13:34 2017 us=408772   management_echo_buffer_size = 100
Sun Mar  5 19:13:34 2017 us=408775   management_write_peer_info_file = '[UNDEF]'
Sun Mar  5 19:13:34 2017 us=408779   management_client_user = '[UNDEF]'
Sun Mar  5 19:13:34 2017 us=408782   management_client_group = '[UNDEF]'
Sun Mar  5 19:13:34 2017 us=408786   management_flags = 0
Sun Mar  5 19:13:34 2017 us=408789   shared_secret_file = '[UNDEF]'
Sun Mar  5 19:13:34 2017 us=408793   key_direction = 0
Sun Mar  5 19:13:34 2017 us=408796   ciphername_defined = ENABLED
Sun Mar  5 19:13:34 2017 us=408800   ciphername = 'BF-CBC'
Sun Mar  5 19:13:34 2017 us=408858   authname_defined = ENABLED
Sun Mar  5 19:13:34 2017 us=408865   authname = 'SHA1'
Sun Mar  5 19:13:34 2017 us=409091   prng_hash = 'SHA1'
Sun Mar  5 19:13:34 2017 us=409097   prng_nonce_secret_len = 16
Sun Mar  5 19:13:34 2017 us=409100   keysize = 0
Sun Mar  5 19:13:34 2017 us=409104   engine = DISABLED
Sun Mar  5 19:13:34 2017 us=409107   replay = ENABLED
Sun Mar  5 19:13:34 2017 us=409111   mute_replay_warnings = DISABLED
Sun Mar  5 19:13:34 2017 us=409114   replay_window = 64
Sun Mar  5 19:13:34 2017 us=409118   replay_time = 15
Sun Mar  5 19:13:34 2017 us=409121   packet_id_file = '[UNDEF]'
Sun Mar  5 19:13:34 2017 us=409125   use_iv = ENABLED
Sun Mar  5 19:13:34 2017 us=409128   test_crypto = DISABLED
Sun Mar  5 19:13:34 2017 us=409132   tls_server = ENABLED
Sun Mar  5 19:13:34 2017 us=409135   tls_client = DISABLED
Sun Mar  5 19:13:34 2017 us=409225   key_method = 2
Sun Mar  5 19:13:34 2017 us=409237   ca_file = '/etc/openvpn/easy-rsa/keys/ca.crt'
Sun Mar  5 19:13:34 2017 us=409243   ca_path = '[UNDEF]'
Sun Mar  5 19:13:34 2017 us=409247   dh_file = '/etc/openvpn/easy-rsa/keys/dh2048.pem'
Sun Mar  5 19:13:34 2017 us=409251   cert_file = '/etc/openvpn/easy-rsa/keys/server.crt'
Sun Mar  5 19:13:34 2017 us=409254   extra_certs_file = '[UNDEF]'
Sun Mar  5 19:13:34 2017 us=409530   priv_key_file = '/etc/openvpn/easy-rsa/keys/server.key'
Sun Mar  5 19:13:34 2017 us=409708   pkcs12_file = '[UNDEF]'
Sun Mar  5 19:13:34 2017 us=409879   cipher_list = '[UNDEF]'
Sun Mar  5 19:13:34 2017 us=409901   tls_verify = '[UNDEF]'
Sun Mar  5 19:13:34 2017 us=410139   tls_export_cert = '[UNDEF]'
Sun Mar  5 19:13:34 2017 us=410149   verify_x509_type = 0
Sun Mar  5 19:13:34 2017 us=410154   verify_x509_name = '[UNDEF]'
Sun Mar  5 19:13:34 2017 us=410158   crl_file = '[UNDEF]'
Sun Mar  5 19:13:34 2017 us=410191   ns_cert_type = 0
Sun Mar  5 19:13:34 2017 us=410196   remote_cert_ku[i] = 128
Sun Mar  5 19:13:34 2017 us=410200   remote_cert_ku[i] = 8
Sun Mar  5 19:13:34 2017 us=410203   remote_cert_ku[i] = 136
Sun Mar  5 19:13:34 2017 us=410207   remote_cert_ku[i] = 0
Sun Mar  5 19:13:34 2017 us=410210   remote_cert_ku[i] = 0
Sun Mar  5 19:13:34 2017 us=410213   remote_cert_ku[i] = 0
Sun Mar  5 19:13:34 2017 us=410217   remote_cert_ku[i] = 0
Sun Mar  5 19:13:34 2017 us=410220   remote_cert_ku[i] = 0
Sun Mar  5 19:13:34 2017 us=410224   remote_cert_ku[i] = 0
Sun Mar  5 19:13:34 2017 us=410237   remote_cert_ku[i] = 0
Sun Mar  5 19:13:34 2017 us=410282   remote_cert_ku[i] = 0
Sun Mar  5 19:13:34 2017 us=410288   remote_cert_ku[i] = 0
Sun Mar  5 19:13:34 2017 us=410291   remote_cert_ku[i] = 0
Sun Mar  5 19:13:34 2017 us=410295   remote_cert_ku[i] = 0
Sun Mar  5 19:13:34 2017 us=410298   remote_cert_ku[i] = 0
Sun Mar  5 19:13:34 2017 us=410302   remote_cert_ku[i] = 0
Sun Mar  5 19:13:34 2017 us=410306   remote_cert_eku = 'TLS Web Client Authentication'
Sun Mar  5 19:13:34 2017 us=410320   ssl_flags = 0
Sun Mar  5 19:13:34 2017 us=410955   tls_timeout = 2
Sun Mar  5 19:13:34 2017 us=410972   renegotiate_bytes = 0
Sun Mar  5 19:13:34 2017 us=410977   renegotiate_packets = 0
Sun Mar  5 19:13:34 2017 us=410981   renegotiate_seconds = 3600
Sun Mar  5 19:13:34 2017 us=410985   handshake_window = 60
Sun Mar  5 19:13:34 2017 us=410988   transition_window = 3600
Sun Mar  5 19:13:34 2017 us=411138   single_session = DISABLED
Sun Mar  5 19:13:34 2017 us=411146   push_peer_info = DISABLED
Sun Mar  5 19:13:34 2017 us=411150   tls_exit = DISABLED
Sun Mar  5 19:13:34 2017 us=411154   tls_auth_file = '[UNDEF]'
Sun Mar  5 19:13:34 2017 us=411158   pkcs11_protected_authentication = DISABLED
Sun Mar  5 19:13:34 2017 us=411162   pkcs11_protected_authentication = DISABLED
Sun Mar  5 19:13:34 2017 us=411165   pkcs11_protected_authentication = DISABLED
Sun Mar  5 19:13:34 2017 us=411169   pkcs11_protected_authentication = DISABLED
Sun Mar  5 19:13:34 2017 us=411172   pkcs11_protected_authentication = DISABLED
Sun Mar  5 19:13:34 2017 us=411176   pkcs11_protected_authentication = DISABLED
Sun Mar  5 19:13:34 2017 us=411179   pkcs11_protected_authentication = DISABLED
Sun Mar  5 19:13:34 2017 us=411188   pkcs11_protected_authentication = DISABLED
Sun Mar  5 19:13:34 2017 us=411192   pkcs11_protected_authentication = DISABLED
Sun Mar  5 19:13:34 2017 us=411195   pkcs11_protected_authentication = DISABLED
Sun Mar  5 19:13:34 2017 us=411199   pkcs11_protected_authentication = DISABLED
Sun Mar  5 19:13:34 2017 us=411203   pkcs11_protected_authentication = DISABLED
Sun Mar  5 19:13:34 2017 us=411217   pkcs11_protected_authentication = DISABLED
Sun Mar  5 19:13:34 2017 us=411220   pkcs11_protected_authentication = DISABLED
Sun Mar  5 19:13:34 2017 us=411233   pkcs11_protected_authentication = DISABLED
Sun Mar  5 19:13:34 2017 us=411475   pkcs11_protected_authentication = DISABLED
Sun Mar  5 19:13:34 2017 us=411641   pkcs11_private_mode = 00000000
Sun Mar  5 19:13:34 2017 us=411647   pkcs11_private_mode = 00000000
Sun Mar  5 19:13:34 2017 us=411651   pkcs11_private_mode = 00000000
Sun Mar  5 19:13:34 2017 us=411654   pkcs11_private_mode = 00000000
Sun Mar  5 19:13:34 2017 us=411658   pkcs11_private_mode = 00000000
Sun Mar  5 19:13:34 2017 us=411661   pkcs11_private_mode = 00000000
Sun Mar  5 19:13:34 2017 us=411665   pkcs11_private_mode = 00000000
Sun Mar  5 19:13:34 2017 us=411668   pkcs11_private_mode = 00000000
Sun Mar  5 19:13:34 2017 us=411671   pkcs11_private_mode = 00000000
Sun Mar  5 19:13:34 2017 us=411863   pkcs11_private_mode = 00000000
Sun Mar  5 19:13:34 2017 us=411873   pkcs11_private_mode = 00000000
Sun Mar  5 19:13:34 2017 us=411877   pkcs11_private_mode = 00000000
Sun Mar  5 19:13:34 2017 us=411881   pkcs11_private_mode = 00000000
Sun Mar  5 19:13:34 2017 us=411884   pkcs11_private_mode = 00000000
Sun Mar  5 19:13:34 2017 us=412070   pkcs11_private_mode = 00000000
Sun Mar  5 19:13:34 2017 us=412078   pkcs11_private_mode = 00000000
Sun Mar  5 19:13:34 2017 us=412082   pkcs11_cert_private = DISABLED
Sun Mar  5 19:13:34 2017 us=412086   pkcs11_cert_private = DISABLED
Sun Mar  5 19:13:34 2017 us=412089   pkcs11_cert_private = DISABLED
Sun Mar  5 19:13:34 2017 us=412093   pkcs11_cert_private = DISABLED
Sun Mar  5 19:13:34 2017 us=412097   pkcs11_cert_private = DISABLED
Sun Mar  5 19:13:34 2017 us=412100   pkcs11_cert_private = DISABLED
Sun Mar  5 19:13:34 2017 us=412211   pkcs11_cert_private = DISABLED
Sun Mar  5 19:13:34 2017 us=412221   pkcs11_cert_private = DISABLED
Sun Mar  5 19:13:34 2017 us=412702   pkcs11_cert_private = DISABLED
Sun Mar  5 19:13:34 2017 us=412834   pkcs11_cert_private = DISABLED
Sun Mar  5 19:13:34 2017 us=413074   pkcs11_cert_private = DISABLED
Sun Mar  5 19:13:34 2017 us=413184   pkcs11_cert_private = DISABLED
Sun Mar  5 19:13:34 2017 us=413465   pkcs11_cert_private = DISABLED
Sun Mar  5 19:13:34 2017 us=413484   pkcs11_cert_private = DISABLED
Sun Mar  5 19:13:34 2017 us=413489   pkcs11_cert_private = DISABLED
Sun Mar  5 19:13:34 2017 us=413493   pkcs11_cert_private = DISABLED
Sun Mar  5 19:13:34 2017 us=413497   pkcs11_pin_cache_period = -1
Sun Mar  5 19:13:34 2017 us=413501   pkcs11_id = '[UNDEF]'
Sun Mar  5 19:13:34 2017 us=413628   pkcs11_id_management = DISABLED
Sun Mar  5 19:13:34 2017 us=413636   server_network = 0.0.0.0
Sun Mar  5 19:13:34 2017 us=413640   server_netmask = 0.0.0.0
Sun Mar  5 19:13:34 2017 us=413672   server_network_ipv6 = ::
Sun Mar  5 19:13:34 2017 us=413678   server_netbits_ipv6 = 0
Sun Mar  5 19:13:34 2017 us=413682   server_bridge_ip = 192.168.3.15
Sun Mar  5 19:13:34 2017 us=413686   server_bridge_netmask = 255.255.255.0
Sun Mar  5 19:13:34 2017 us=413690   server_bridge_pool_start = 192.168.3.192
Sun Mar  5 19:13:34 2017 us=413694   server_bridge_pool_end = 192.168.3.198
Sun Mar  5 19:13:34 2017 us=413698   push_entry = 'route 192.168.3.0 255.255.255.248'
Sun Mar  5 19:13:34 2017 us=413701   push_entry = 'route-gateway 192.168.3.15'
Sun Mar  5 19:13:34 2017 us=413705   push_entry = 'ping 10'
Sun Mar  5 19:13:34 2017 us=413760   push_entry = 'ping-restart 120'
Sun Mar  5 19:13:34 2017 us=413768   ifconfig_pool_defined = ENABLED
Sun Mar  5 19:13:34 2017 us=413818   ifconfig_pool_start = 192.168.3.192
Sun Mar  5 19:13:34 2017 us=414034   ifconfig_pool_end = 192.168.3.198
Sun Mar  5 19:13:34 2017 us=414044   ifconfig_pool_netmask = 255.255.255.0
Sun Mar  5 19:13:34 2017 us=414048   ifconfig_pool_persist_filename = '[UNDEF]'
Sun Mar  5 19:13:34 2017 us=414052   ifconfig_pool_persist_refresh_freq = 600
Sun Mar  5 19:13:34 2017 us=414056   ifconfig_ipv6_pool_defined = DISABLED
Sun Mar  5 19:13:34 2017 us=414060   ifconfig_ipv6_pool_base = ::
Sun Mar  5 19:13:34 2017 us=414064   ifconfig_ipv6_pool_netbits = 0
Sun Mar  5 19:13:34 2017 us=414068   n_bcast_buf = 256
Sun Mar  5 19:13:34 2017 us=414071   tcp_queue_limit = 64
Sun Mar  5 19:13:34 2017 us=414122   real_hash_size = 256
Sun Mar  5 19:13:34 2017 us=414129   virtual_hash_size = 256
Sun Mar  5 19:13:34 2017 us=414133   client_connect_script = '[UNDEF]'
Sun Mar  5 19:13:34 2017 us=414137   learn_address_script = '[UNDEF]'
Sun Mar  5 19:13:34 2017 us=414141   client_disconnect_script = '[UNDEF]'
Sun Mar  5 19:13:34 2017 us=414144   client_config_dir = '[UNDEF]'
Sun Mar  5 19:13:34 2017 us=414148   ccd_exclusive = DISABLED
Sun Mar  5 19:13:34 2017 us=414152   tmp_dir = '/tmp'
Sun Mar  5 19:13:34 2017 us=414155   push_ifconfig_defined = DISABLED
Sun Mar  5 19:13:34 2017 us=414162   push_ifconfig_local = 0.0.0.0
Sun Mar  5 19:13:34 2017 us=414167   push_ifconfig_remote_netmask = 0.0.0.0
Sun Mar  5 19:13:34 2017 us=414213   push_ifconfig_ipv6_defined = DISABLED
Sun Mar  5 19:13:34 2017 us=414220   push_ifconfig_ipv6_local = ::/0
Sun Mar  5 19:13:34 2017 us=414500   push_ifconfig_ipv6_remote = ::
Sun Mar  5 19:13:34 2017 us=414600   enable_c2c = ENABLED
Sun Mar  5 19:13:34 2017 us=414608   duplicate_cn = DISABLED
Sun Mar  5 19:13:34 2017 us=414612   cf_max = 0
Sun Mar  5 19:13:34 2017 us=414616   cf_per = 0
Sun Mar  5 19:13:34 2017 us=414619   max_clients = 1024
Sun Mar  5 19:13:34 2017 us=414623   max_routes_per_client = 256
Sun Mar  5 19:13:34 2017 us=414627   auth_user_pass_verify_script = '[UNDEF]'
Sun Mar  5 19:13:34 2017 us=414631   auth_user_pass_verify_script_via_file = DISABLED
Sun Mar  5 19:13:34 2017 us=414742   port_share_host = '[UNDEF]'
Sun Mar  5 19:13:34 2017 us=414750   port_share_port = 0
Sun Mar  5 19:13:34 2017 us=414754   client = DISABLED
Sun Mar  5 19:13:34 2017 us=414757   pull = DISABLED
Sun Mar  5 19:13:34 2017 us=414762   auth_user_pass_file = '[UNDEF]'
Sun Mar  5 19:13:34 2017 us=414771 OpenVPN 2.3.10 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Feb  2 2016
Sun Mar  5 19:13:34 2017 us=415020 library versions: OpenSSL 1.0.2g  1 Mar 2016, LZO 2.08
Sun Mar  5 19:13:34 2017 us=415670 NOTE: when bridging your LAN adapter with the TAP adapter, note that the new bridge adapter will often take on its own IP address that is different from what the LAN adapter was previously set to
Sun Mar  5 19:13:34 2017 us=416024 Diffie-Hellman initialized with 2048 bit key
Sun Mar  5 19:13:34 2017 us=416293 TLS-Auth MTU parms [ L:1574 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Sun Mar  5 19:13:34 2017 us=416308 Socket Buffers: R=[212992->212992] S=[212992->212992]
Sun Mar  5 19:13:34 2017 us=416438 TUN/TAP device tap0 opened
Sun Mar  5 19:13:34 2017 us=416471 TUN/TAP TX queue length set to 100
Sun Mar  5 19:13:34 2017 us=416487 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:143 ET:32 EL:3 AF:3/1 ]
Sun Mar  5 19:13:34 2017 us=416493 UDPv4 link local (bound): [undef]
Sun Mar  5 19:13:34 2017 us=416497 UDPv4 link remote: [undef]
Sun Mar  5 19:13:34 2017 us=416502 MULTI: multi_init called, r=256 v=256
Sun Mar  5 19:13:34 2017 us=416514 IFCONFIG POOL: base=192.168.3.192 size=7, ipv6=0
Sun Mar  5 19:13:34 2017 us=416525 Initialization Sequence Completed

Client connection log :

Code: Select all

Sun Mar  5 19:11:33 2017 us=949709 MULTI: multi_create_instance called
Sun Mar  5 19:11:33 2017 us=949787 82.xxx.xxx.xxx:1024 Re-using SSL/TLS context
Sun Mar  5 19:11:33 2017 us=949808 82.xxx.xxx.xxx:1024 LZO compression initialized
Sun Mar  5 19:11:33 2017 us=949850 82.xxx.xxx.xxx:1024 Control Channel MTU parms [ L:1574 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Sun Mar  5 19:11:33 2017 us=949856 82.xxx.xxx.xxx:1024 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:143 ET:32 EL:3 AF:3/1 ]
Sun Mar  5 19:11:33 2017 us=949948 82.xxx.xxx.xxx:1024 Local Options String: 'V4,dev-type tap,link-mtu 1574,tun-mtu 1532,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Sun Mar  5 19:11:33 2017 us=949955 82.xxx.xxx.xxx:1024 Expected Remote Options String: 'V4,dev-type tap,link-mtu 1574,tun-mtu 1532,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Sun Mar  5 19:11:33 2017 us=949964 82.xxx.xxx.xxx:1024 Local Options hash (VER=V4): 'f7df56b8'
Sun Mar  5 19:11:33 2017 us=949971 82.xxx.xxx.xxx:1024 Expected Remote Options hash (VER=V4): 'd79ca330'
Sun Mar  5 19:11:33 2017 us=949985 82.xxx.xxx.xxx:1024 TLS: Initial packet from [AF_INET]82.xxx.xxx.xxx:1024, sid=9b3527ab e2d3cb77
Sun Mar  5 19:11:34 2017 us=164453 82.xxx.xxx.xxx:1024 VERIFY OK: depth=1, C=US, ST=CA, L=Town, O=Firm, OU=Dept, CN=here.local, name=client, emailAddress=v....@domain.com
Sun Mar  5 19:11:34 2017 us=164664 82.xxx.xxx.xxx:1024 Validating certificate key usage
Sun Mar  5 19:11:34 2017 us=164681 82.xxx.xxx.xxx:1024 ++ Certificate has key usage  0080, expects 0080
Sun Mar  5 19:11:34 2017 us=164687 82.xxx.xxx.xxx:1024 VERIFY KU OK
Sun Mar  5 19:11:34 2017 us=164692 82.xxx.xxx.xxx:1024 Validating certificate extended key usage
Sun Mar  5 19:11:34 2017 us=164697 82.xxx.xxx.xxx:1024 ++ Certificate has EKU (str) TLS Web Client Authentication, expects TLS Web Client Authentication
Sun Mar  5 19:11:34 2017 us=164701 82.xxx.xxx.xxx:1024 VERIFY EKU OK
Sun Mar  5 19:11:34 2017 us=164705 82.xxx.xxx.xxx:1024 VERIFY OK: depth=0, C=US, ST=CA, L=Town, O=Firm, OU=Compta, CN=Dept, name=client, emailAddress=v....@domain.com
Sun Mar  5 19:11:34 2017 us=239100 82.xxx.xxx.xxx:1024 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Mar  5 19:11:34 2017 us=239162 82.xxx.xxx.xxx:1024 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Mar  5 19:11:34 2017 us=239201 82.xxx.xxx.xxx:1024 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Mar  5 19:11:34 2017 us=239206 82.xxx.xxx.xxx:1024 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Mar  5 19:11:34 2017 us=304536 82.xxx.xxx.xxx:1024 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Sun Mar  5 19:11:34 2017 us=304618 82.xxx.xxx.xxx:1024 [client] Peer Connection Initiated with [AF_INET]82.xxx.xxx.xxx:1024
Sun Mar  5 19:11:34 2017 us=304709 MULTI: new connection by client 'client' will cause previous active sessions by this client to be dropped.  Remember to use the --duplicate-cn option if you want multiple clients using the same certificate or username to concurrently connect.
Sun Mar  5 19:11:34 2017 us=304729 MULTI_sva: pool returned IPv4=192.168.3.192, IPv6=(Not enabled)
Sun Mar  5 19:11:36 2017 us=716484 client/82.xxx.xxx.xxx:1024 PUSH: Received control message: 'PUSH_REQUEST'
Sun Mar  5 19:11:36 2017 us=716581 client/82.xxx.xxx.xxx:1024 send_push_reply(): safe_cap=940
Sun Mar  5 19:11:36 2017 us=716604 client/82.xxx.xxx.xxx:1024 SENT CONTROL [client]: 'PUSH_REPLY,route 192.168.3.0 255.255.255.248,route-gateway 192.168.3.15,ping 10,ping-restart 120,ifconfig 192.168.3.192 255.255.255.0' (status=1)
Sun Mar  5 19:11:38 2017 us=894690 client/82.xxx.xxx.xxx:1024 MULTI: Learn: 5a:15:83:b9:75:df -> client/82.xxx.xxx.xxx:1024

Post Reply