again
Server config:
Code: Select all
tls-server
port 443
proto udp
dev tap
ca /etc/ssl/openvpn/ca.crt
cert /etc/ssl/openvpn/myHostname.crt
key /etc/ssl/openvpn/myHostname.key
dh /etc/ssl/openvpn/dh2048.pem
tls-auth /etc/ssl/openvpn/ta.key 0
cipher AES-256-CBC
comp-lzo
ifconfig-pool-persist /var/log/ipp.txt
status /etc/openvpn/openvpn-status.log
log /etc/openvpn/openvpn.log
verb 4
mute 20
keepalive 10 120
persist-key
persist-tun
server-bridge 192.168.84.2 255.255.255.0 192.168.84.47 192.168.84.49
push dhcp-option DNS 192.168.84.2
push redirect-gateway def1
client-to-client
Code: Select all
client
dev tap
proto udp
remote myHostname 443
resolv-retry infinite
nobind
persist-key
persist-tun
mute-replay-warnings
ca ca.crt
cert MD1.crt
key MD1.key
tls-auth ta.key 1
remote-cert-tls server
cipher AES-256-CBC
verb 4
mute 20
keepalive 10 120
comp-lzo
Code: Select all
Fri Jun 19 04:02:08 2015 us=931054 OpenVPN 2.3.6 mips-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on May 7 2015
Fri Jun 19 04:02:08 2015 us=931405 library versions: OpenSSL 1.0.2a 19 Mar 2015, LZO 2.08
Fri Jun 19 04:02:08 2015 us=931952 NOTE: when bridging your LAN adapter with the TAP adapter, note that the new bridge adapter will often take on its own IP address that is different from what the LAN adapter was previously set to
Fri Jun 19 04:02:09 2015 us=314272 Diffie-Hellman initialized with 2048 bit key
Fri Jun 19 04:02:09 2015 us=318739 Control Channel Authentication: using '/etc/ssl/openvpn/ta.key' as a OpenVPN static key file
Fri Jun 19 04:02:09 2015 us=319046 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Jun 19 04:02:09 2015 us=319265 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Jun 19 04:02:09 2015 us=319523 TLS-Auth MTU parms [ L:1590 D:166 EF:66 EB:0 ET:0 EL:0 ]
Fri Jun 19 04:02:09 2015 us=319779 Socket Buffers: R=[163840->131072] S=[163840->131072]
Fri Jun 19 04:02:09 2015 us=343087 TUN/TAP device tap0 opened
Fri Jun 19 04:02:09 2015 us=343358 TUN/TAP TX queue length set to 100
Fri Jun 19 04:02:09 2015 us=343793 Data Channel MTU parms [ L:1590 D:1450 EF:58 EB:135 ET:32 EL:0 AF:3/1 ]
Fri Jun 19 04:02:09 2015 us=343986 UDPv4 link local (bound): [undef]
Fri Jun 19 04:02:09 2015 us=344158 UDPv4 link remote: [undef]
Fri Jun 19 04:02:09 2015 us=344332 MULTI: multi_init called, r=256 v=256
Fri Jun 19 04:02:09 2015 us=344624 IFCONFIG POOL: base=192.168.84.47 size=3, ipv6=0
Fri Jun 19 04:02:09 2015 us=344832 ifconfig_pool_read(), in='MD1,192.168.84.47', TODO: IPv6
Fri Jun 19 04:02:09 2015 us=345009 succeeded -> ifconfig_pool_set()
Fri Jun 19 04:02:09 2015 us=345183 IFCONFIG POOL LIST
Fri Jun 19 04:02:09 2015 us=345406 MD1,192.168.84.47
Fri Jun 19 04:02:09 2015 us=345790 Initialization Sequence Completed
Fri Jun 19 04:02:30 2015 us=608 MULTI: multi_create_instance called
Fri Jun 19 04:02:30 2015 us=1098 80.187.101.87:16033 Re-using SSL/TLS context
Fri Jun 19 04:02:30 2015 us=1379 80.187.101.87:16033 LZO compression initialized
Fri Jun 19 04:02:30 2015 us=2442 80.187.101.87:16033 Control Channel MTU parms [ L:1590 D:166 EF:66 EB:0 ET:0 EL:0 ]
Fri Jun 19 04:02:30 2015 us=2727 80.187.101.87:16033 Data Channel MTU parms [ L:1590 D:1450 EF:58 EB:135 ET:32 EL:0 AF:3/1 ]
Fri Jun 19 04:02:30 2015 us=3133 80.187.101.87:16033 TLS: Initial packet from [AF_INET]myMobileIP:16033, sid=a314d335 093917e7
Fri Jun 19 04:02:33 2015 us=976964 myMobileIP:16033 VERIFY OK: depth=1, CN=myHostname
Fri Jun 19 04:02:33 2015 us=981528 myMobileIP:16033 VERIFY OK: depth=0, CN=MD1
Fri Jun 19 04:02:35 2015 us=197641 myMobileIP:16033 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Fri Jun 19 04:02:35 2015 us=198328 myMobileIP:16033 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Jun 19 04:02:35 2015 us=202377 myMobileIP:16033 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Fri Jun 19 04:02:35 2015 us=202812 myMobileIP:16033 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Jun 19 04:02:35 2015 us=394725 myMobileIP:16033 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Fri Jun 19 04:02:35 2015 us=395173 myMobileIP:16033 [MD1] Peer Connection Initiated with [AF_INET]myMobileIP:16033
Fri Jun 19 04:02:35 2015 us=395548 MD1/myMobileIP:16033 MULTI_sva: pool returned IPv4=192.168.84.47, IPv6=(Not enabled)
Fri Jun 19 04:02:38 2015 us=34671 MD1/myMobileIP:16033 PUSH: Received control message: 'PUSH_REQUEST'
Fri Jun 19 04:02:38 2015 us=34923 MD1/myMobileIP:16033 send_push_reply(): safe_cap=940
Fri Jun 19 04:02:38 2015 us=35414 MD1/myMobileIP:16033 SENT CONTROL [MD1]: 'PUSH_REPLY,dhcp-option DNS 192.168.84.2,redirect-gateway def1,route-gateway 192.168.84.2,ping 10,ping-restart 120,ifconfig 192.168.84.47 255.255.255.0' (status=1)
Fri Jun 19 04:02:38 2015 us=316525 MD1/myMobileIP:16033 MULTI: Learn: 00:ff:6d:da:b7:c2 -> MD1/myMobileIP:16033
Code: Select all
Fri Jun 19 04:02:30 2015 us=661365 Current Parameter Settings:
Fri Jun 19 04:02:30 2015 us=661365 config = 'Arbeit (auskommentiert).ovpn'
Fri Jun 19 04:02:30 2015 us=661365 mode = 0
Fri Jun 19 04:02:30 2015 us=661365 show_ciphers = DISABLED
Fri Jun 19 04:02:30 2015 us=661365 show_digests = DISABLED
Fri Jun 19 04:02:30 2015 us=661365 show_engines = DISABLED
Fri Jun 19 04:02:30 2015 us=661365 genkey = DISABLED
Fri Jun 19 04:02:30 2015 us=661365 key_pass_file = '[UNDEF]'
Fri Jun 19 04:02:30 2015 us=661365 show_tls_ciphers = DISABLED
Fri Jun 19 04:02:30 2015 us=661365 Connection profiles [default]:
Fri Jun 19 04:02:30 2015 us=661365 proto = udp
Fri Jun 19 04:02:30 2015 us=661365 local = '[UNDEF]'
Fri Jun 19 04:02:30 2015 us=661365 local_port = 0
Fri Jun 19 04:02:30 2015 us=661365 remote = 'myHostname'
Fri Jun 19 04:02:30 2015 us=661365 remote_port = 443
Fri Jun 19 04:02:30 2015 us=661365 remote_float = DISABLED
Fri Jun 19 04:02:30 2015 us=661365 bind_defined = DISABLED
Fri Jun 19 04:02:30 2015 us=661365 bind_local = DISABLED
Fri Jun 19 04:02:30 2015 us=661365 connect_retry_seconds = 5
Fri Jun 19 04:02:30 2015 us=661365 connect_timeout = 10
Fri Jun 19 04:02:30 2015 us=661365 NOTE: --mute triggered...
Fri Jun 19 04:02:30 2015 us=661365 265 variation(s) on previous 20 message(s) suppressed by --mute
Fri Jun 19 04:02:30 2015 us=661365 OpenVPN 2.3.7 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Jun 8 2015
Fri Jun 19 04:02:30 2015 us=661365 library versions: OpenSSL 1.0.1m 19 Mar 2015, LZO 2.08
Enter Management Password:
Fri Jun 19 04:02:30 2015 us=662365 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Fri Jun 19 04:02:30 2015 us=662365 Need hold release from management interface, waiting...
Fri Jun 19 04:02:31 2015 us=160393 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Fri Jun 19 04:02:31 2015 us=260399 MANAGEMENT: CMD 'state on'
Fri Jun 19 04:02:31 2015 us=260399 MANAGEMENT: CMD 'log all on'
Fri Jun 19 04:02:31 2015 us=274400 MANAGEMENT: CMD 'hold off'
Fri Jun 19 04:02:31 2015 us=275400 MANAGEMENT: CMD 'hold release'
Fri Jun 19 04:02:31 2015 us=373405 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
Fri Jun 19 04:02:31 2015 us=373405 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Jun 19 04:02:31 2015 us=373405 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Jun 19 04:02:31 2015 us=373405 LZO compression initialized
Fri Jun 19 04:02:31 2015 us=373405 Control Channel MTU parms [ L:1590 D:166 EF:66 EB:0 ET:0 EL:3 ]
Fri Jun 19 04:02:31 2015 us=374405 Socket Buffers: R=[8192->8192] S=[8192->8192]
Fri Jun 19 04:02:31 2015 us=374405 MANAGEMENT: >STATE:1434679351,RESOLVE,,,
Fri Jun 19 04:02:32 2015 us=340461 Data Channel MTU parms [ L:1590 D:1450 EF:58 EB:143 ET:32 EL:3 AF:3/1 ]
Fri Jun 19 04:02:32 2015 us=340461 Local Options String: 'V4,dev-type tap,link-mtu 1590,tun-mtu 1532,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
Fri Jun 19 04:02:32 2015 us=340461 Expected Remote Options String: 'V4,dev-type tap,link-mtu 1590,tun-mtu 1532,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
Fri Jun 19 04:02:32 2015 us=340461 Local Options hash (VER=V4): '48527533'
Fri Jun 19 04:02:32 2015 us=340461 Expected Remote Options hash (VER=V4): '44bd8b5e'
Fri Jun 19 04:02:32 2015 us=340461 UDPv4 link local: [undef]
Fri Jun 19 04:02:32 2015 us=340461 UDPv4 link remote: [AF_INET]myServerIP:443
Fri Jun 19 04:02:32 2015 us=340461 MANAGEMENT: >STATE:1434679352,WAIT,,,
Fri Jun 19 04:02:32 2015 us=696481 MANAGEMENT: >STATE:1434679352,AUTH,,,
Fri Jun 19 04:02:32 2015 us=696481 TLS: Initial packet from [AF_INET]myServerIP:443, sid=7ed2a4fe 259be66f
Fri Jun 19 04:02:35 2015 us=119620 VERIFY OK: depth=1, CN=myHostname
Fri Jun 19 04:02:35 2015 us=120620 Validating certificate key usage
Fri Jun 19 04:02:35 2015 us=120620 ++ Certificate has key usage 00a0, expects 00a0
Fri Jun 19 04:02:35 2015 us=120620 VERIFY KU OK
Fri Jun 19 04:02:35 2015 us=120620 Validating certificate extended key usage
Fri Jun 19 04:02:35 2015 us=120620 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Fri Jun 19 04:02:35 2015 us=120620 VERIFY EKU OK
Fri Jun 19 04:02:35 2015 us=120620 VERIFY OK: depth=0, CN=myHostname
Fri Jun 19 04:02:37 2015 us=918780 NOTE: Options consistency check may be skewed by version differences
Fri Jun 19 04:02:37 2015 us=918780 WARNING: 'version' is used inconsistently, local='version V4', remote='version V0 UNDEF'
Fri Jun 19 04:02:37 2015 us=918780 WARNING: 'dev-type' is present in local config but missing in remote config, local='dev-type tap'
Fri Jun 19 04:02:37 2015 us=918780 WARNING: 'link-mtu' is present in local config but missing in remote config, local='link-mtu 1590'
Fri Jun 19 04:02:37 2015 us=918780 WARNING: 'tun-mtu' is present in local config but missing in remote config, local='tun-mtu 1532'
Fri Jun 19 04:02:37 2015 us=918780 WARNING: 'comp-lzo' is present in local config but missing in remote config, local='comp-lzo'
Fri Jun 19 04:02:37 2015 us=918780 WARNING: 'keydir' is present in local config but missing in remote config, local='keydir 0'
Fri Jun 19 04:02:37 2015 us=918780 WARNING: 'cipher' is present in local config but missing in remote config, local='cipher AES-256-CBC'
Fri Jun 19 04:02:37 2015 us=918780 WARNING: 'auth' is present in local config but missing in remote config, local='auth SHA1'
Fri Jun 19 04:02:37 2015 us=918780 WARNING: 'keysize' is present in local config but missing in remote config, local='keysize 256'
Fri Jun 19 04:02:37 2015 us=918780 WARNING: 'tls-auth' is present in local config but missing in remote config, local='tls-auth'
Fri Jun 19 04:02:37 2015 us=918780 WARNING: 'key-method' is present in local config but missing in remote config, local='key-method 2'
Fri Jun 19 04:02:37 2015 us=918780 WARNING: 'tls-server' is present in local config but missing in remote config, local='tls-server'
Fri Jun 19 04:02:37 2015 us=918780 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Fri Jun 19 04:02:37 2015 us=918780 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Jun 19 04:02:37 2015 us=918780 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Fri Jun 19 04:02:37 2015 us=918780 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Jun 19 04:02:37 2015 us=918780 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Fri Jun 19 04:02:37 2015 us=918780 [myHostname] Peer Connection Initiated with [AF_INET]myServerIP:443
Fri Jun 19 04:02:39 2015 us=117848 MANAGEMENT: >STATE:1434679359,GET_CONFIG,,,
Fri Jun 19 04:02:40 2015 us=316917 SENT CONTROL [myHostname]: 'PUSH_REQUEST' (status=1)
Fri Jun 19 04:02:40 2015 us=733941 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 192.168.84.2,redirect-gateway def1,route-gateway 192.168.84.2,ping 10,ping-restart 120,ifconfig 192.168.84.47 255.255.255.0'
Fri Jun 19 04:02:40 2015 us=733941 OPTIONS IMPORT: timers and/or timeouts modified
Fri Jun 19 04:02:40 2015 us=733941 OPTIONS IMPORT: --ifconfig/up options modified
Fri Jun 19 04:02:40 2015 us=733941 OPTIONS IMPORT: route options modified
Fri Jun 19 04:02:40 2015 us=733941 OPTIONS IMPORT: route-related options modified
Fri Jun 19 04:02:40 2015 us=733941 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Fri Jun 19 04:02:40 2015 us=745941 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Fri Jun 19 04:02:40 2015 us=745941 MANAGEMENT: >STATE:1434679360,ASSIGN_IP,,192.168.84.47,
Fri Jun 19 04:02:40 2015 us=745941 open_tun, tt->ipv6=0
Fri Jun 19 04:02:40 2015 us=746941 TAP-WIN32 device [LAN-Verbindung 2] opened: \\.\Global\{6DDAB7C2-A589-43D6-96DA-63CC0B7432EA}.tap
Fri Jun 19 04:02:40 2015 us=746941 TAP-Windows Driver Version 9.21
Fri Jun 19 04:02:40 2015 us=746941 TAP-Windows MTU=1500
Fri Jun 19 04:02:40 2015 us=748942 Notified TAP-Windows driver to set a DHCP IP/netmask of 192.168.84.47/255.255.255.0 on interface {6DDAB7C2-A589-43D6-96DA-63CC0B7432EA} [DHCP-serv: 192.168.84.0, lease-time: 31536000]
Fri Jun 19 04:02:40 2015 us=748942 DHCP option string: 0604c0a8 5402
Fri Jun 19 04:02:40 2015 us=748942 Successful ARP Flush on interface [30] {6DDAB7C2-A589-43D6-96DA-63CC0B7432EA}
Fri Jun 19 04:02:45 2015 us=48187 TEST ROUTES: 1/1 succeeded len=0 ret=1 a=0 u/d=up
Fri Jun 19 04:02:45 2015 us=48187 C:\Windows\system32\route.exe ADD myServerIP MASK 255.255.255.255 192.168.43.1
Fri Jun 19 04:02:45 2015 us=50188 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=25 and dwForwardType=4
Fri Jun 19 04:02:45 2015 us=50188 Route addition via IPAPI succeeded [adaptive]
Fri Jun 19 04:02:45 2015 us=50188 C:\Windows\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 192.168.84.2
Fri Jun 19 04:02:45 2015 us=52188 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
Fri Jun 19 04:02:45 2015 us=52188 Route addition via IPAPI succeeded [adaptive]
Fri Jun 19 04:02:45 2015 us=52188 C:\Windows\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 192.168.84.2
Fri Jun 19 04:02:45 2015 us=53188 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
Fri Jun 19 04:02:45 2015 us=53188 Route addition via IPAPI succeeded [adaptive]
Fri Jun 19 04:02:45 2015 us=53188 Initialization Sequence Completed
Fri Jun 19 04:02:45 2015 us=53188 MANAGEMENT: >STATE:1434679365,CONNECTED,SUCCESS,192.168.84.47,myServerIP