openvpn crashes due to connect from one special machine

This forum is for admins who are looking to build or expand their OpenVPN setup.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
dpt
OpenVpn Newbie
Posts: 7
Joined: Fri Apr 01, 2016 8:14 am

openvpn crashes due to connect from one special machine

Post by dpt » Tue Apr 11, 2017 8:10 am

Hey guys,

i have a strange behaviour of the openvpn service:
I have a server and multiple clients. Everything works fine up to this week. We bought a new laptop, I installed openvpn 2.4.1, issued a new certificate, copied the configuration file and tried to connect. The connection seemed to be fine, the openvpn-gui-window dissapeared as usual but the connection didn't work. AND, from now, I could not connect with any other device to the server. So I restartet the openvpn-daemon (windows server system) and everything works fine again. Until I try to connect with the new Laptop. This connection seems to cause a crash of the openvpn service, so that I have to restart it. I also tried older versions of openvpn for the laptop. Same result... I updated the server openvpn... Same result. I even set up a new vpn server on a different machine, Same same. Has anybody an idea whats going on? All the other computers can connect without any problems. Also the logfile did not help me any further (verb 5), it looks the same as when a normal connection is established...
Client
client
remote XXXX
port 1195
proto udp
dev tap
pkcs12 XXXX.p12
ns-cert-type server
pull
verb 3
mute 50
Server
server 10.10.1.0 255.255.255.0
port 1194
proto udp
dev tap
log-append Server.log
pkcs12 XXXX.p12
dh dh1024.pem
push "route 192.168.1.0 255.255.255.0"
keepalive 20 180
verb 3
mute 50
Thanks for you help !
Chris

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: openvpn crashes due to connect from one special machine

Post by TinCanTech » Tue Apr 11, 2017 10:15 am


dpt
OpenVpn Newbie
Posts: 7
Joined: Fri Apr 01, 2016 8:14 am

Re: openvpn crashes due to connect from one special machine

Post by dpt » Wed Apr 12, 2017 11:03 am

Client Operating System

Code: Select all

Microsoft Windows [Version 10.0.14393]
Client Network Setup

Code: Select all

Windows-IP-Konfiguration

   Hostname  . . . . . . . . . . . . : PC09151-CSL
   Prim„res DNS-Suffix . . . . . . . : 
   Knotentyp . . . . . . . . . . . . : Hybrid
   IP-Routing aktiviert  . . . . . . : Nein
   WINS-Proxy aktiviert  . . . . . . : Nein
   DNS-Suffixsuchliste . . . . . . . : fritz.box

Ethernet-Adapter Ethernet:

   Medienstatus. . . . . . . . . . . : Medium getrennt
   Verbindungsspezifisches DNS-Suffix: 
   Beschreibung. . . . . . . . . . . : Realtek PCIe FE Family Controller
   Physische Adresse . . . . . . . . : D0-BF-9C-8C-F6-17
   DHCP aktiviert. . . . . . . . . . : Ja
   Autokonfiguration aktiviert . . . : Ja

Drahtlos-LAN-Adapter LAN-Verbindung* 2:

   Medienstatus. . . . . . . . . . . : Medium getrennt
   Verbindungsspezifisches DNS-Suffix: 
   Beschreibung. . . . . . . . . . . : Virtueller Microsoft-Adapter fr direktes WiFi #2
   Physische Adresse . . . . . . . . : 36-68-95-40-72-79
   DHCP aktiviert. . . . . . . . . . : Ja
   Autokonfiguration aktiviert . . . : Ja

Ethernet-Adapter Ethernet 2:

   Medienstatus. . . . . . . . . . . : Medium getrennt
   Verbindungsspezifisches DNS-Suffix: 
   Beschreibung. . . . . . . . . . . : TAP-Windows Adapter V9
   Physische Adresse . . . . . . . . : 00-FF-E6-50-E0-A2
   DHCP aktiviert. . . . . . . . . . : Ja
   Autokonfiguration aktiviert . . . : Ja

Drahtlos-LAN-Adapter WiFi:

   Verbindungsspezifisches DNS-Suffix: fritz.box
   Beschreibung. . . . . . . . . . . : Realtek RTL8723BE 802.11 b/g/n Wi-Fi Adapter
   Physische Adresse . . . . . . . . : 34-68-95-40-72-79
   DHCP aktiviert. . . . . . . . . . : Ja
   Autokonfiguration aktiviert . . . : Ja
   Verbindungslokale IPv6-Adresse  . : fe80::d1cb:dc9b:1698:da3f%5(Bevorzugt) 
   IPv4-Adresse  . . . . . . . . . . : 192.168.2.103(Bevorzugt) 
   Subnetzmaske  . . . . . . . . . . : 255.255.255.0
   Lease erhalten. . . . . . . . . . : Freitag, 7. April 2017 09:11:45
   Lease l„uft ab. . . . . . . . . . : Samstag, 22. April 2017 12:13:01
   Standardgateway . . . . . . . . . : 192.168.2.1
   DHCP-Server . . . . . . . . . . . : 192.168.2.1
   DHCPv6-IAID . . . . . . . . . . . : 104097941
   DHCPv6-Client-DUID. . . . . . . . : 00-01-00-01-1D-8D-83-29-D0-BF-9C-8C-F6-17
   DNS-Server  . . . . . . . . . . . : 192.168.2.1
   NetBIOS ber TCP/IP . . . . . . . : Aktiviert

Ethernet-Adapter Bluetooth-Netzwerkverbindung:

   Medienstatus. . . . . . . . . . . : Medium getrennt
   Verbindungsspezifisches DNS-Suffix: 
   Beschreibung. . . . . . . . . . . : Bluetooth-Ger„t (PAN)
   Physische Adresse . . . . . . . . : 34-68-95-40-72-7A
   DHCP aktiviert. . . . . . . . . . : Ja
   Autokonfiguration aktiviert . . . : Ja

Tunneladapter isatap.fritz.box:

   Medienstatus. . . . . . . . . . . : Medium getrennt
   Verbindungsspezifisches DNS-Suffix: fritz.box
   Beschreibung. . . . . . . . . . . : Microsoft ISATAP Adapter
   Physische Adresse . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP aktiviert. . . . . . . . . . : Nein
   Autokonfiguration aktiviert . . . : Ja

Tunneladapter LAN-Verbindung* 1:

   Medienstatus. . . . . . . . . . . : Medium getrennt
   Verbindungsspezifisches DNS-Suffix: 
   Beschreibung. . . . . . . . . . . : Microsoft Teredo Tunneling Adapter
   Physische Adresse . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP aktiviert. . . . . . . . . . : Nein
   Autokonfiguration aktiviert . . . : Ja
Client
client
remote XXXX
port 1195
proto udp
dev tap
pkcs12 XXXX.p12
ns-cert-type server
pull
verb 3
mute 50
Client log @ verb 4

Code: Select all

Wed Apr 12 12:23:25 2017   pkcs11_protected_authentication = DISABLED
Wed Apr 12 12:23:25 2017   pkcs11_private_mode = 00000000
Wed Apr 12 12:23:25 2017   pkcs11_private_mode = 00000000
Wed Apr 12 12:23:25 2017   pkcs11_private_mode = 00000000
Wed Apr 12 12:23:25 2017   pkcs11_private_mode = 00000000
Wed Apr 12 12:23:25 2017   pkcs11_private_mode = 00000000
Wed Apr 12 12:23:25 2017   pkcs11_private_mode = 00000000
Wed Apr 12 12:23:25 2017   pkcs11_private_mode = 00000000
Wed Apr 12 12:23:25 2017   pkcs11_private_mode = 00000000
Wed Apr 12 12:23:25 2017   pkcs11_private_mode = 00000000
Wed Apr 12 12:23:25 2017   pkcs11_private_mode = 00000000
Wed Apr 12 12:23:25 2017   pkcs11_private_mode = 00000000
Wed Apr 12 12:23:25 2017   pkcs11_private_mode = 00000000
Wed Apr 12 12:23:25 2017   pkcs11_private_mode = 00000000
Wed Apr 12 12:23:25 2017   pkcs11_private_mode = 00000000
Wed Apr 12 12:23:25 2017   pkcs11_private_mode = 00000000
Wed Apr 12 12:23:25 2017   pkcs11_private_mode = 00000000
Wed Apr 12 12:23:25 2017   pkcs11_cert_private = DISABLED
Wed Apr 12 12:23:25 2017   pkcs11_cert_private = DISABLED
Wed Apr 12 12:23:25 2017   pkcs11_cert_private = DISABLED
Wed Apr 12 12:23:25 2017   pkcs11_cert_private = DISABLED
Wed Apr 12 12:23:25 2017   pkcs11_cert_private = DISABLED
Wed Apr 12 12:23:25 2017   pkcs11_cert_private = DISABLED
Wed Apr 12 12:23:25 2017   pkcs11_cert_private = DISABLED
Wed Apr 12 12:23:25 2017   pkcs11_cert_private = DISABLED
Wed Apr 12 12:23:25 2017   pkcs11_cert_private = DISABLED
Wed Apr 12 12:23:25 2017   pkcs11_cert_private = DISABLED
Wed Apr 12 12:23:25 2017   pkcs11_cert_private = DISABLED
Wed Apr 12 12:23:25 2017   pkcs11_cert_private = DISABLED
Wed Apr 12 12:23:25 2017   pkcs11_cert_private = DISABLED
Wed Apr 12 12:23:25 2017   pkcs11_cert_private = DISABLED
Wed Apr 12 12:23:25 2017   pkcs11_cert_private = DISABLED
Wed Apr 12 12:23:25 2017   pkcs11_cert_private = DISABLED
Wed Apr 12 12:23:25 2017   pkcs11_pin_cache_period = -1
Wed Apr 12 12:23:25 2017   pkcs11_id = '[UNDEF]'
Wed Apr 12 12:23:25 2017   pkcs11_id_management = DISABLED
Wed Apr 12 12:23:25 2017   server_network = 0.0.0.0
Wed Apr 12 12:23:25 2017   server_netmask = 0.0.0.0
Wed Apr 12 12:23:25 2017   server_network_ipv6 = ::
Wed Apr 12 12:23:25 2017   server_netbits_ipv6 = 0
Wed Apr 12 12:23:25 2017   server_bridge_ip = 0.0.0.0
Wed Apr 12 12:23:25 2017   server_bridge_netmask = 0.0.0.0
Wed Apr 12 12:23:25 2017   server_bridge_pool_start = 0.0.0.0
Wed Apr 12 12:23:25 2017   server_bridge_pool_end = 0.0.0.0
Wed Apr 12 12:23:25 2017   ifconfig_pool_defined = DISABLED
Wed Apr 12 12:23:25 2017   ifconfig_pool_start = 0.0.0.0
Wed Apr 12 12:23:25 2017   ifconfig_pool_end = 0.0.0.0
Wed Apr 12 12:23:25 2017   ifconfig_pool_netmask = 0.0.0.0
Wed Apr 12 12:23:25 2017   ifconfig_pool_persist_filename = '[UNDEF]'
Wed Apr 12 12:23:25 2017   ifconfig_pool_persist_refresh_freq = 600
Wed Apr 12 12:23:25 2017   ifconfig_ipv6_pool_defined = DISABLED
Wed Apr 12 12:23:25 2017   ifconfig_ipv6_pool_base = ::
Wed Apr 12 12:23:25 2017   ifconfig_ipv6_pool_netbits = 0
Wed Apr 12 12:23:25 2017   n_bcast_buf = 256
Wed Apr 12 12:23:25 2017   tcp_queue_limit = 64
Wed Apr 12 12:23:25 2017   real_hash_size = 256
Wed Apr 12 12:23:25 2017   virtual_hash_size = 256
Wed Apr 12 12:23:25 2017   client_connect_script = '[UNDEF]'
Wed Apr 12 12:23:25 2017   learn_address_script = '[UNDEF]'
Wed Apr 12 12:23:25 2017   client_disconnect_script = '[UNDEF]'
Wed Apr 12 12:23:25 2017   client_config_dir = '[UNDEF]'
Wed Apr 12 12:23:25 2017   ccd_exclusive = DISABLED
Wed Apr 12 12:23:25 2017   tmp_dir = 'C:\Users\AHST~1.MIC\AppData\Local\Temp\'
Wed Apr 12 12:23:25 2017   push_ifconfig_defined = DISABLED
Wed Apr 12 12:23:25 2017   push_ifconfig_local = 0.0.0.0
Wed Apr 12 12:23:25 2017   push_ifconfig_remote_netmask = 0.0.0.0
Wed Apr 12 12:23:25 2017   push_ifconfig_ipv6_defined = DISABLED
Wed Apr 12 12:23:25 2017   push_ifconfig_ipv6_local = ::/0
Wed Apr 12 12:23:25 2017   push_ifconfig_ipv6_remote = ::
Wed Apr 12 12:23:25 2017   enable_c2c = DISABLED
Wed Apr 12 12:23:25 2017   duplicate_cn = DISABLED
Wed Apr 12 12:23:25 2017   cf_max = 0
Wed Apr 12 12:23:25 2017   cf_per = 0
Wed Apr 12 12:23:25 2017   max_clients = 1024
Wed Apr 12 12:23:25 2017   max_routes_per_client = 256
Wed Apr 12 12:23:25 2017   auth_user_pass_verify_script = '[UNDEF]'
Wed Apr 12 12:23:25 2017   auth_user_pass_verify_script_via_file = DISABLED
Wed Apr 12 12:23:25 2017   auth_token_generate = DISABLED
Wed Apr 12 12:23:25 2017   auth_token_lifetime = 0
Wed Apr 12 12:23:25 2017   client = ENABLED
Wed Apr 12 12:23:25 2017   pull = ENABLED
Wed Apr 12 12:23:25 2017   auth_user_pass_file = '[UNDEF]'
Wed Apr 12 12:23:25 2017   show_net_up = DISABLED
Wed Apr 12 12:23:25 2017   route_method = 3
Wed Apr 12 12:23:25 2017   block_outside_dns = DISABLED
Wed Apr 12 12:23:25 2017   ip_win32_defined = DISABLED
Wed Apr 12 12:23:25 2017   ip_win32_type = 3
Wed Apr 12 12:23:25 2017   dhcp_masq_offset = 0
Wed Apr 12 12:23:25 2017   dhcp_lease_time = 31536000
Wed Apr 12 12:23:25 2017   tap_sleep = 0
Wed Apr 12 12:23:25 2017   dhcp_options = DISABLED
Wed Apr 12 12:23:25 2017   dhcp_renew = DISABLED
Wed Apr 12 12:23:25 2017   dhcp_pre_release = DISABLED
Wed Apr 12 12:23:25 2017   domain = '[UNDEF]'
Wed Apr 12 12:23:25 2017   netbios_scope = '[UNDEF]'
Wed Apr 12 12:23:25 2017   netbios_node_type = 0
Wed Apr 12 12:23:25 2017   disable_nbt = DISABLED
Wed Apr 12 12:23:25 2017 OpenVPN 2.4.1 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on 

Mar 22 2017
Wed Apr 12 12:23:25 2017 Windows version 6.2 (Windows 8 or greater) 64bit
Wed Apr 12 12:23:25 2017 library versions: OpenSSL 1.0.2k  26 Jan 2017, LZO 2.09
Wed Apr 12 12:23:25 2017 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Wed Apr 12 12:23:25 2017 Need hold release from management interface, waiting...
Wed Apr 12 12:23:25 2017 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Wed Apr 12 12:23:25 2017 MANAGEMENT: CMD 'state on'
Wed Apr 12 12:23:25 2017 MANAGEMENT: CMD 'log all on'
Wed Apr 12 12:23:26 2017 MANAGEMENT: CMD 'echo all on'
Wed Apr 12 12:23:26 2017 MANAGEMENT: CMD 'hold off'
Wed Apr 12 12:23:26 2017 MANAGEMENT: CMD 'hold release'
Wed Apr 12 12:23:26 2017 WARNING: --ns-cert-type is DEPRECATED.  Use --remote-cert-tls instead.
Wed Apr 12 12:23:31 2017 MANAGEMENT: CMD 'password [...]'
Wed Apr 12 12:23:31 2017 WARNING: this configuration may cache passwords in memory -- use the auth-nocache 

option to prevent this
Wed Apr 12 12:23:31 2017 Control Channel MTU parms [ L:1653 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Wed Apr 12 12:23:31 2017 MANAGEMENT: >STATE:1491992611,RESOLVE,,,,,,
Wed Apr 12 12:23:31 2017 Data Channel MTU parms [ L:1653 D:1450 EF:121 EB:411 ET:32 EL:3 ]
Wed Apr 12 12:23:31 2017 Local Options String (VER=V4): 'V4,dev-type tap,link-mtu 1573,tun-mtu 1532,proto 

UDPv4,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Wed Apr 12 12:23:31 2017 Expected Remote Options String (VER=V4): 'V4,dev-type tap,link-mtu 1573,tun-mtu 

1532,proto UDPv4,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Wed Apr 12 12:23:31 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]XXX.XXX.XXX.XXX:1194
Wed Apr 12 12:23:31 2017 Socket Buffers: R=[65536->65536] S=[65536->65536]
Wed Apr 12 12:23:31 2017 UDP link local (bound): [AF_INET][undef]:1194
Wed Apr 12 12:23:31 2017 UDP link remote: [AF_INET]XXX.XXX.XXX.XXX:1194
Wed Apr 12 12:23:31 2017 MANAGEMENT: >STATE:1491992611,WAIT,,,,,,
Wed Apr 12 12:23:37 2017 MANAGEMENT: >STATE:1491992617,AUTH,,,,,,
Wed Apr 12 12:23:37 2017 TLS: Initial packet from [AF_INET]XXX.XXX.XXX.XXX:1194, sid=85e08bd0 f5564800
Wed Apr 12 12:23:42 2017 VERIFY OK: depth=1, C=DE, ST=XXX, L=XXX, O=XXX, OU=XXX., 

CN=XXX, emailAddress=XXX
Wed Apr 12 12:23:42 2017 VERIFY OK: nsCertType=SERVER
Wed Apr 12 12:23:42 2017 VERIFY OK: depth=0, C=DE, ST=XXX, L=XXX, O=XXX, OU=XXX, 

CN=XXX, emailAddress=XXX
Wed Apr 12 12:23:42 2017 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 1024 bit RSA
Wed Apr 12 12:23:42 2017 [Server211] Peer Connection Initiated with [AF_INET]XXX.XXX.XXX.XXX:1194
Wed Apr 12 12:23:43 2017 MANAGEMENT: >STATE:1491992623,GET_CONFIG,,,,,,
Wed Apr 12 12:23:43 2017 SENT CONTROL [Server211]: 'PUSH_REQUEST' (status=1)
Wed Apr 12 12:23:44 2017 PUSH: Received control message: 'PUSH_REPLY,route 192.168.1.0 255.255.255.0,route-

gateway 10.10.1.1,ping 20,ping-restart 180,ifconfig 10.10.1.2 255.255.255.0'
Wed Apr 12 12:23:45 2017 OPTIONS IMPORT: timers and/or timeouts modified
Wed Apr 12 12:23:45 2017 OPTIONS IMPORT: --ifconfig/up options modified
Wed Apr 12 12:23:45 2017 OPTIONS IMPORT: route options modified
Wed Apr 12 12:23:45 2017 OPTIONS IMPORT: route-related options modified
Wed Apr 12 12:23:45 2017 Data Channel MTU parms [ L:1573 D:1450 EF:41 EB:411 ET:32 EL:3 ]
Wed Apr 12 12:23:45 2017 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Apr 12 12:23:45 2017 WARNING: INSECURE cipher with block size less than 128 bit (64 bit).  This allows 

attacks like SWEET32.  Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
Wed Apr 12 12:23:45 2017 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Apr 12 12:23:45 2017 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Apr 12 12:23:45 2017 WARNING: INSECURE cipher with block size less than 128 bit (64 bit).  This allows 

attacks like SWEET32.  Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
Wed Apr 12 12:23:45 2017 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Apr 12 12:23:45 2017 WARNING: cipher with small block size in use, reducing reneg-bytes to 64MB to mitigate 

SWEET32 attacks.
Wed Apr 12 12:23:45 2017 interactive service msg_channel=532
Wed Apr 12 12:23:45 2017 ROUTE_GATEWAY 192.168.2.1/255.255.255.0 I=5 HWADDR=34:68:95:40:72:79
Wed Apr 12 12:23:45 2017 open_tun
Wed Apr 12 12:23:45 2017 TAP-WIN32 device [Ethernet 2] opened: \\.\Global\{E650E0A2-7CF5-48CE-BE7A-

B78AF460B74C}.tap
Wed Apr 12 12:23:45 2017 TAP-Windows Driver Version 9.21 
Wed Apr 12 12:23:45 2017 TAP-Windows MTU=1500
Wed Apr 12 12:23:45 2017 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.10.1.2/255.255.255.0 on 

interface {E650E0A2-7CF5-48CE-BE7A-B78AF460B74C} [DHCP-serv: 10.10.1.0, lease-time: 31536000]
Wed Apr 12 12:23:45 2017 Successful ARP Flush on interface [3] {E650E0A2-7CF5-48CE-BE7A-B78AF460B74C}
Wed Apr 12 12:23:45 2017 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Wed Apr 12 12:23:45 2017 MANAGEMENT: >STATE:1491992625,ASSIGN_IP,,10.10.1.2,,,,
Wed Apr 12 12:23:50 2017 TEST ROUTES: 1/1 succeeded len=1 ret=1 a=0 u/d=up
Wed Apr 12 12:23:50 2017 MANAGEMENT: >STATE:1491992630,ADD_ROUTES,,,,,,
Wed Apr 12 12:23:50 2017 C:\WINDOWS\system32\route.exe ADD 192.168.1.0 MASK 255.255.255.0 10.10.1.1
Wed Apr 12 12:23:50 2017 Route addition via service succeeded
Wed Apr 12 12:23:50 2017 Initialization Sequence Completed
Wed Apr 12 12:23:50 2017 MANAGEMENT: >STATE:1491992630,CONNECTED,SUCCESS,10.10.1.2,XXX.XXX.XXX.XXX,1194,,
Server Operating System

Code: Select all

Microsoft Windows [Version 6.2.9200] (first Server tried)
 Microsoft Windows [Version 6.3.9600] (second Server tried)
Server Network Setup

Code: Select all

Windows-IP-Konfiguration

   Hostname  . . . . . . . . . . . . : Server211
   Prim„res DNS-Suffix . . . . . . . : XXX.local
   Knotentyp . . . . . . . . . . . . : Hybrid
   IP-Routing aktiviert  . . . . . . : Ja
   WINS-Proxy aktiviert  . . . . . . : Nein
   DNS-Suffixsuchliste . . . . . . . : XXX.local

Ethernet-Adapter Ethernet 4:

   Verbindungsspezifisches DNS-Suffix: 
   Beschreibung. . . . . . . . . . . : TAP-Windows Adapter V9
   Physische Adresse . . . . . . . . : 00-FF-79-5E-9C-63
   DHCP aktiviert. . . . . . . . . . : Ja
   Autokonfiguration aktiviert . . . : Ja
   Verbindungslokale IPv6-Adresse  . : fe80::ec19:5ab9:b0a9:4da1%16(Bevorzugt) 
   IPv4-Adresse  . . . . . . . . . . : 10.10.1.1(Bevorzugt) 
   Subnetzmaske  . . . . . . . . . . : 255.255.255.0
   Lease erhalten. . . . . . . . . . : Dienstag, 11. April 2017 08:57:31
   Lease l„uft ab. . . . . . . . . . : Mittwoch, 11. April 2018 08:57:32
   Standardgateway . . . . . . . . . : 
   DHCP-Server . . . . . . . . . . . : 10.10.1.0
   DHCPv6-IAID . . . . . . . . . . . : 587267961
   DHCPv6-Client-DUID. . . . . . . . : 00-01-00-01-1C-0C-99-82-90-1B-0E-30-48-8B
   DNS-Server  . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS ber TCP/IP . . . . . . . : Aktiviert

Ethernet-Adapter Ethernet 3:

   Verbindungsspezifisches DNS-Suffix: 
   Beschreibung. . . . . . . . . . . : Gruppe: Gruppe #0
   Physische Adresse . . . . . . . . : 90-1B-0E-30-48-8B
   DHCP aktiviert. . . . . . . . . . : Nein
   Autokonfiguration aktiviert . . . : Ja
   Verbindungslokale IPv6-Adresse  . : fe80::f9bb:eea0:8f68:cf2a%15(Bevorzugt) 
   IPv4-Adresse  . . . . . . . . . . : 192.168.1.212(Bevorzugt) 
   Subnetzmaske  . . . . . . . . . . : 255.255.255.0
   Standardgateway . . . . . . . . . : 192.168.1.80
   DHCPv6-IAID . . . . . . . . . . . : 479206158
   DHCPv6-Client-DUID. . . . . . . . : 00-01-00-01-1C-0C-99-82-90-1B-0E-30-48-8B
   DNS-Server  . . . . . . . . . . . : 192.168.1.212
   NetBIOS ber TCP/IP . . . . . . . : Aktiviert

Tunneladapter isatap.{3452FE31-E14F-419B-825A-54CBBEE7D5E4}:

   Medienstatus. . . . . . . . . . . : Medium getrennt
   Verbindungsspezifisches DNS-Suffix: 
   Beschreibung. . . . . . . . . . . : Microsoft-ISATAP-Adapter
   Physische Adresse . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP aktiviert. . . . . . . . . . : Nein
   Autokonfiguration aktiviert . . . : Ja

Tunneladapter isatap.{795E9C63-E206-45A5-9DDF-D87F232010DD}:

   Medienstatus. . . . . . . . . . . : Medium getrennt
   Verbindungsspezifisches DNS-Suffix: 
   Beschreibung. . . . . . . . . . . : Microsoft-ISATAP-Adapter #2
   Physische Adresse . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP aktiviert. . . . . . . . . . : Nein
   Autokonfiguration aktiviert . . . : Ja
Server, identical to both
server 10.10.1.0 255.255.255.0
port 1194
proto udp
dev tap
log-append Server.log
pkcs12 XXXX.p12
dh dh1024.pem
push "route 192.168.1.0 255.255.255.0"
keepalive 20 180
verb 3
mute 50
Server log @ verb 4

Code: Select all

Wed Apr 12 12:17:33 2017   pkcs11_private_mode = 00000000
Wed Apr 12 12:17:33 2017   pkcs11_private_mode = 00000000
Wed Apr 12 12:17:33 2017   pkcs11_private_mode = 00000000
Wed Apr 12 12:17:33 2017   pkcs11_private_mode = 00000000
Wed Apr 12 12:17:33 2017   pkcs11_private_mode = 00000000
Wed Apr 12 12:17:33 2017   pkcs11_private_mode = 00000000
Wed Apr 12 12:17:33 2017   pkcs11_private_mode = 00000000
Wed Apr 12 12:17:33 2017   pkcs11_private_mode = 00000000
Wed Apr 12 12:17:33 2017   pkcs11_private_mode = 00000000
Wed Apr 12 12:17:33 2017   pkcs11_private_mode = 00000000
Wed Apr 12 12:17:33 2017   pkcs11_private_mode = 00000000
Wed Apr 12 12:17:33 2017   pkcs11_private_mode = 00000000
Wed Apr 12 12:17:33 2017   pkcs11_private_mode = 00000000
Wed Apr 12 12:17:33 2017   pkcs11_private_mode = 00000000
Wed Apr 12 12:17:33 2017   pkcs11_cert_private = DISABLED
Wed Apr 12 12:17:33 2017   pkcs11_cert_private = DISABLED
Wed Apr 12 12:17:33 2017   pkcs11_cert_private = DISABLED
Wed Apr 12 12:17:33 2017   pkcs11_cert_private = DISABLED
Wed Apr 12 12:17:33 2017   pkcs11_cert_private = DISABLED
Wed Apr 12 12:17:33 2017   pkcs11_cert_private = DISABLED
Wed Apr 12 12:17:33 2017   pkcs11_cert_private = DISABLED
Wed Apr 12 12:17:33 2017   pkcs11_cert_private = DISABLED
Wed Apr 12 12:17:33 2017   pkcs11_cert_private = DISABLED
Wed Apr 12 12:17:33 2017   pkcs11_cert_private = DISABLED
Wed Apr 12 12:17:33 2017   pkcs11_cert_private = DISABLED
Wed Apr 12 12:17:33 2017   pkcs11_cert_private = DISABLED
Wed Apr 12 12:17:33 2017   pkcs11_cert_private = DISABLED
Wed Apr 12 12:17:33 2017   pkcs11_cert_private = DISABLED
Wed Apr 12 12:17:33 2017   pkcs11_cert_private = DISABLED
Wed Apr 12 12:17:33 2017   pkcs11_cert_private = DISABLED
Wed Apr 12 12:17:33 2017   pkcs11_pin_cache_period = -1
Wed Apr 12 12:17:33 2017   pkcs11_id = '[UNDEF]'
Wed Apr 12 12:17:33 2017   pkcs11_id_management = DISABLED
Wed Apr 12 12:17:33 2017   server_network = 10.10.1.0
Wed Apr 12 12:17:33 2017   server_netmask = 255.255.255.0
Wed Apr 12 12:17:33 2017   server_network_ipv6 = ::
Wed Apr 12 12:17:33 2017   server_netbits_ipv6 = 0
Wed Apr 12 12:17:33 2017   server_bridge_ip = 0.0.0.0
Wed Apr 12 12:17:33 2017   server_bridge_netmask = 0.0.0.0
Wed Apr 12 12:17:33 2017   server_bridge_pool_start = 0.0.0.0
Wed Apr 12 12:17:33 2017   server_bridge_pool_end = 0.0.0.0
Wed Apr 12 12:17:33 2017   push_entry = 'route 192.168.1.0 255.255.255.0'
Wed Apr 12 12:17:33 2017   push_entry = 'route-gateway 10.10.1.1'
Wed Apr 12 12:17:33 2017   push_entry = 'ping 20'
Wed Apr 12 12:17:33 2017   push_entry = 'ping-restart 180'
Wed Apr 12 12:17:33 2017   ifconfig_pool_defined = ENABLED
Wed Apr 12 12:17:33 2017   ifconfig_pool_start = 10.10.1.2
Wed Apr 12 12:17:33 2017   ifconfig_pool_end = 10.10.1.254
Wed Apr 12 12:17:33 2017   ifconfig_pool_netmask = 255.255.255.0
Wed Apr 12 12:17:33 2017   ifconfig_pool_persist_filename = '[UNDEF]'
Wed Apr 12 12:17:33 2017   ifconfig_pool_persist_refresh_freq = 600
Wed Apr 12 12:17:33 2017   ifconfig_ipv6_pool_defined = DISABLED
Wed Apr 12 12:17:33 2017   ifconfig_ipv6_pool_base = ::
Wed Apr 12 12:17:33 2017   ifconfig_ipv6_pool_netbits = 0
Wed Apr 12 12:17:33 2017   n_bcast_buf = 256
Wed Apr 12 12:17:33 2017   tcp_queue_limit = 64
Wed Apr 12 12:17:33 2017   real_hash_size = 256
Wed Apr 12 12:17:33 2017   virtual_hash_size = 256
Wed Apr 12 12:17:33 2017   client_connect_script = '[UNDEF]'
Wed Apr 12 12:17:33 2017   learn_address_script = '[UNDEF]'
Wed Apr 12 12:17:33 2017   client_disconnect_script = '[UNDEF]'
Wed Apr 12 12:17:33 2017   client_config_dir = '[UNDEF]'
Wed Apr 12 12:17:33 2017   ccd_exclusive = DISABLED
Wed Apr 12 12:17:33 2017   tmp_dir = 'C:\Users\ADMINI~1.HOS\AppData\Local\Temp\'
Wed Apr 12 12:17:33 2017   push_ifconfig_defined = DISABLED
Wed Apr 12 12:17:33 2017   push_ifconfig_local = 0.0.0.0
Wed Apr 12 12:17:33 2017   push_ifconfig_remote_netmask = 0.0.0.0
Wed Apr 12 12:17:33 2017   push_ifconfig_ipv6_defined = DISABLED
Wed Apr 12 12:17:33 2017   push_ifconfig_ipv6_local = ::/0
Wed Apr 12 12:17:33 2017   push_ifconfig_ipv6_remote = ::
Wed Apr 12 12:17:33 2017   enable_c2c = DISABLED
Wed Apr 12 12:17:33 2017   duplicate_cn = DISABLED
Wed Apr 12 12:17:33 2017   cf_max = 0
Wed Apr 12 12:17:33 2017   cf_per = 0
Wed Apr 12 12:17:33 2017   max_clients = 1024
Wed Apr 12 12:17:33 2017   max_routes_per_client = 256
Wed Apr 12 12:17:33 2017   auth_user_pass_verify_script = '[UNDEF]'
Wed Apr 12 12:17:33 2017   auth_user_pass_verify_script_via_file = DISABLED
Wed Apr 12 12:17:33 2017   client = DISABLED
Wed Apr 12 12:17:33 2017   pull = DISABLED
Wed Apr 12 12:17:33 2017   auth_user_pass_file = '[UNDEF]'
Wed Apr 12 12:17:33 2017   show_net_up = DISABLED
Wed Apr 12 12:17:33 2017   route_method = 0
Wed Apr 12 12:17:33 2017   block_outside_dns = DISABLED
Wed Apr 12 12:17:33 2017   ip_win32_defined = DISABLED
Wed Apr 12 12:17:33 2017   ip_win32_type = 3
Wed Apr 12 12:17:33 2017   dhcp_masq_offset = 0
Wed Apr 12 12:17:33 2017   dhcp_lease_time = 31536000
Wed Apr 12 12:17:33 2017   tap_sleep = 10
Wed Apr 12 12:17:33 2017   dhcp_options = DISABLED
Wed Apr 12 12:17:33 2017   dhcp_renew = DISABLED
Wed Apr 12 12:17:33 2017   dhcp_pre_release = DISABLED
Wed Apr 12 12:17:33 2017   dhcp_release = DISABLED
Wed Apr 12 12:17:33 2017   domain = '[UNDEF]'
Wed Apr 12 12:17:33 2017   netbios_scope = '[UNDEF]'
Wed Apr 12 12:17:33 2017   netbios_node_type = 0
Wed Apr 12 12:17:33 2017   disable_nbt = DISABLED
Wed Apr 12 12:17:33 2017 OpenVPN 2.3.11 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on May 10 

2016
Wed Apr 12 12:17:33 2017 Windows version 6.2 (Windows 8 or greater) 64bit
Wed Apr 12 12:17:33 2017 library versions: OpenSSL 1.0.1t  3 May 2016, LZO 2.09
Wed Apr 12 12:17:33 2017 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Wed Apr 12 12:17:33 2017 Need hold release from management interface, waiting...
Wed Apr 12 12:17:33 2017 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Wed Apr 12 12:17:33 2017 MANAGEMENT: CMD 'state on'
Wed Apr 12 12:17:33 2017 MANAGEMENT: CMD 'log all on'
Wed Apr 12 12:17:34 2017 MANAGEMENT: CMD 'hold off'
Wed Apr 12 12:17:34 2017 MANAGEMENT: CMD 'hold release'
Wed Apr 12 12:17:34 2017 NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 

192.168.1.x.  Be aware that this might create routing conflicts if you connect to the VPN server from public 

locations such as internet cafes that use the same subnet.
Wed Apr 12 12:17:34 2017 Diffie-Hellman initialized with 1024 bit key
Wed Apr 12 12:17:34 2017 TLS-Auth MTU parms [ L:1573 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Wed Apr 12 12:17:34 2017 Socket Buffers: R=[65536->65536] S=[65536->65536]
Wed Apr 12 12:17:34 2017 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Wed Apr 12 12:17:34 2017 MANAGEMENT: >STATE:1491992254,ASSIGN_IP,,10.10.1.1,
Wed Apr 12 12:17:34 2017 open_tun, tt->ipv6=0
Wed Apr 12 12:17:34 2017 TAP-WIN32 device [Ethernet 4] opened: \\.\Global\{795E9C63-E206-45A5-9DDF-

D87F232010DD}.tap
Wed Apr 12 12:17:34 2017 TAP-Windows Driver Version 9.21 
Wed Apr 12 12:17:34 2017 TAP-Windows MTU=1500
Wed Apr 12 12:17:34 2017 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.10.1.1/255.255.255.0 on 

interface {795E9C63-E206-45A5-9DDF-D87F232010DD} [DHCP-serv: 10.10.1.0, lease-time: 31536000]
Wed Apr 12 12:17:34 2017 Sleeping for 10 seconds...
Wed Apr 12 12:17:44 2017 Successful ARP Flush on interface [16] {795E9C63-E206-45A5-9DDF-D87F232010DD}
Wed Apr 12 12:17:44 2017 Data Channel MTU parms [ L:1573 D:1450 EF:41 EB:12 ET:32 EL:3 ]
Wed Apr 12 12:17:44 2017 UDPv4 link local (bound): [undef]
Wed Apr 12 12:17:44 2017 UDPv4 link remote: [undef]
Wed Apr 12 12:17:44 2017 MULTI: multi_init called, r=256 v=256
Wed Apr 12 12:17:44 2017 IFCONFIG POOL: base=10.10.1.2 size=253, ipv6=0
Wed Apr 12 12:17:44 2017 Initialization Sequence Completed
Wed Apr 12 12:17:44 2017 MANAGEMENT: >STATE:1491992264,CONNECTED,SUCCESS,10.10.1.1,
Wed Apr 12 12:23:20 2017 MULTI: multi_create_instance called
Wed Apr 12 12:23:20 2017 XXX.XXX.XXX.XXX:1194 Re-using SSL/TLS context
Wed Apr 12 12:23:20 2017 XXX.XXX.XXX.XXX:1194 Control Channel MTU parms [ L:1573 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Wed Apr 12 12:23:20 2017 XXX.XXX.XXX.XXX:1194 Data Channel MTU parms [ L:1573 D:1450 EF:41 EB:12 ET:32 EL:3 ]
Wed Apr 12 12:23:20 2017 XXX.XXX.XXX.XXX:1194 Local Options String: 'V4,dev-type tap,link-mtu 1573,tun-mtu 

1532,proto UDPv4,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Wed Apr 12 12:23:20 2017 XXX.XXX.XXX.XXX:1194 Expected Remote Options String: 'V4,dev-type tap,link-mtu 

1573,tun-mtu 1532,proto UDPv4,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Wed Apr 12 12:23:20 2017 XXX.XXX.XXX.XXX:1194 Local Options hash (VER=V4): '0ddbb6e3'
Wed Apr 12 12:23:20 2017 XXX.XXX.XXX.XXX:1194 Expected Remote Options hash (VER=V4): '2c50bd2c'
Wed Apr 12 12:23:20 2017 XXX.XXX.XXX.XXX:1194 TLS: Initial packet from [AF_INET]XXX.XXX.XXX.XXX:1194, 

sid=c4dfd3a4 54c28e28
Wed Apr 12 12:23:30 2017 XXX.XXX.XXX.XXX:1194 VERIFY OK: depth=1, C=DE, ST=XXX, L=XXX, O=XXX, OU=XXX, CN=XXX, 

emailAddress=XXX
Wed Apr 12 12:23:30 2017 XXX.XXX.XXX.XXX:1194 VERIFY OK: depth=0, C=DE, ST=XXX, L=XXX, O=XXX, OU=XXX, CN=XXX, 

emailAddress=XXX
Wed Apr 12 12:23:30 2017 XXX.XXX.XXX.XXX:1194 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Apr 12 12:23:30 2017 XXX.XXX.XXX.XXX:1194 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC 

authentication
Wed Apr 12 12:23:30 2017 XXX.XXX.XXX.XXX:1194 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Apr 12 12:23:30 2017 XXX.XXX.XXX.XXX:1194 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC 

authentication
Wed Apr 12 12:23:30 2017 XXX.XXX.XXX.XXX:1194 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-

SHA384, 1024 bit RSA
Wed Apr 12 12:23:30 2017 XXX.XXX.XXX.XXX:1194 [Laptop] Peer Connection Initiated with 

[AF_INET]XXX.XXX.XXX.XXX:1194
Wed Apr 12 12:23:30 2017 Laptop/XXX.XXX.XXX.XXX:1194 MULTI_sva: pool returned IPv4=10.10.1.2, IPv6=(Not enabled)
Wed Apr 12 12:23:31 2017 Laptop/XXX.XXX.XXX.XXX:1194 PUSH: Received control message: 'PUSH_REQUEST'
Wed Apr 12 12:23:31 2017 Laptop/XXX.XXX.XXX.XXX:1194 send_push_reply(): safe_cap=940
Wed Apr 12 12:23:31 2017 Laptop/XXX.XXX.XXX.XXX:1194 SENT CONTROL [Laptop]: 'PUSH_REPLY,route 192.168.1.0 

255.255.255.0,route-gateway 10.10.1.1,ping 20,ping-restart 180,ifconfig 10.10.1.2 255.255.255.0' (status=1)
Wed Apr 12 12:23:33 2017 Laptop/XXX.XXX.XXX.XXX:1194 MULTI: Learn: 00:ff
Thanks for your help, if anything further missing - just tell me...

Chris[/quote]

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: openvpn crashes due to connect from one special machine

Post by TinCanTech » Wed Apr 12, 2017 12:18 pm

dpt wrote:if anything further missing - just tell me...
Your complete server log at --verb 4 showing the time at which the problem client connects and what happens after the client has connected.
dpt wrote:the connection didn't work. AND, from now, I could not connect with any other device to the server. So I restartet the openvpn-daemon (windows server system) and everything works fine again. Until I try to connect with the new Laptop
If the server has crashed there should be error messages in the log (above).

dpt
OpenVpn Newbie
Posts: 7
Joined: Fri Apr 01, 2016 8:14 am

Re: openvpn crashes due to connect from one special machine

Post by dpt » Wed Apr 12, 2017 3:31 pm

Your complete server log at --verb 4 showing the time at which the problem client connects and what happens after the client has connected.
Sorry, thats all, no disconnect logged, no crash logged... The openvpn service does not respond anymore. The log above shows the connection of the problem client, but not more...
If the server has crashed there should be error messages in the log (above).
It isn't :-(. The connection at the client seams to be established (gui is green, ip address is shown in the balloon message) but after that nothing happens anymore. No ping possible, no other client connection possible.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: openvpn crashes due to connect from one special machine

Post by TinCanTech » Wed Apr 12, 2017 4:38 pm

dpt wrote:Wed Apr 12 12:23:30 2017 Laptop/XXX.XXX.XXX.XXX:1194 MULTI_sva: pool returned IPv4=10.10.1.2, IPv6=(Not enabled)
Wed Apr 12 12:23:31 2017 Laptop/XXX.XXX.XXX.XXX:1194 PUSH: Received control message: 'PUSH_REQUEST'
Wed Apr 12 12:23:31 2017 Laptop/XXX.XXX.XXX.XXX:1194 send_push_reply(): safe_cap=940
Wed Apr 12 12:23:31 2017 Laptop/XXX.XXX.XXX.XXX:1194 SENT CONTROL [Laptop]: 'PUSH_REPLY,route 192.168.1.0

255.255.255.0,route-gateway 10.10.1.1,ping 20,ping-restart 180,ifconfig 10.10.1.2 255.255.255.0' (status=1)
Wed Apr 12 12:23:33 2017 Laptop/XXX.XXX.XXX.XXX:1194 MULTI: Learn: 00:ff
So this is the end of your server log .. Followed by the server crashes ?

dpt
OpenVpn Newbie
Posts: 7
Joined: Fri Apr 01, 2016 8:14 am

Re: openvpn crashes due to connect from one special machine

Post by dpt » Thu Apr 13, 2017 11:35 am

Right... After that I have to restart the openvpn service

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: openvpn crashes due to connect from one special machine

Post by TinCanTech » Thu Apr 13, 2017 11:48 am

Try increasing to --verb 7 and see if you get any new information.

Post Reply