OpenVPN Support Forum

Community Support Forum
https://forums.openvpn.net/

OpenVPN and Raspberry Pi 3 configuration

https://forums.openvpn.net/viewtopic.php?t=24325

Page 1 of 1

OpenVPN and Raspberry Pi 3 configuration

Posted: Sat Jun 17, 2017 2:36 pm
by mvgilpatrick
I am getting errors attempting to setup openvpn on my Raspberry Pi 3. Here is the required info:
Server Conf
#local 10.0.0.12 # SWAP THIS NUMBER WITH YOUR RASPBERRY PI IP ADDRESS
dev tun
proto udp #Some people prefer to use tcp. Don't change it if you don't know.
port 1194
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/Pi.crt # SWAP WITH YOUR CRT NAME
key /etc/openvpn/easy-rsa/keys/Pi.key # SWAP WITH YOUR KEY NAME
dh /etc/openvpn/easy-rsa/keys/dh2048.pem
server 10.8.0.0 255.255.255.0
# server and remote endpoints
#ifconfig 10.8.0.1 10.8.0.2
# Add route to Client routing table for the OpenVPN Server
#push "route 10.8.0.1 255.255.255.255"
# Add route to Client routing table for the OpenVPN Subnet
#push "route 10.8.0.0 255.255.255.0"
# your local subnet
#push "route 10.0.0.12 255.255.255.255" # SWAP THE IP NUMBER WITH YOUR RASPBERRY PI IP ADDRESS
# Set primary domain name server address to the SOHO Router
# If your router does not do DNS, you can use Google DNS 8.8.8.8
push "dhcp-option DNS 10.0.0.1" # This should match your router's IP address.
# Override the Client default gateway by using 0.0.0.0/1 and
# 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of
# overriding but not wiping out the original default gateway.
push "redirect-gateway def1"
client-to-client
duplicate-cn
keepalive 10 120
tls-auth /etc/openvpn/easy-rsa/keys/ta.key 0
cipher AES-128-CBC
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status /var/log/openvpn-status.log 20
log /var/log/openvpn.log
verb 1
With this server configuration, I've tried uncommenting and commenting out push rout, local and ifconfig lines as described below.

I started with all these lines running and not commented out:

local 10.0.0.12
ifconfig 10.8.0.1 10.8.0.2
push "route 10.8.0.1 255.255.255.255"
push "route 10.8.0.0 255.255.255.0"
push "route 10.0.0.12 255.255.255.255"

Then tried just commenting out the push lines, then adding ifconfig, and finally commenting out all of them.
Client Conf
client
dev tun
proto udp
remote server.com 1194
resolv-retry infinite
nobind
persist-key
persist-tun
mute-replay-warnings
ns-cert-type server
key-direction 1
cipher AES-128-CBC
comp-lzo
verb 1
mute 20
Server Log
Sat Jun 17 10:15:23 2017 OpenVPN 2.3.4 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jan 23 2016
Sat Jun 17 10:15:23 2017 library versions: OpenSSL 1.0.1t 3 May 2016, LZO 2.08
Sat Jun 17 10:15:23 2017 Control Channel Authentication: using '/etc/openvpn/easy-rsa/keys/ta.key' as a OpenVPN static key file
Sat Jun 17 10:15:23 2017 TUN/TAP device tun0 opened
Sat Jun 17 10:15:23 2017 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Sat Jun 17 10:15:23 2017 /sbin/ip link set dev tun0 up mtu 1500
Sat Jun 17 10:15:23 2017 /sbin/ip addr add dev tun0 local 10.8.0.1 peer 10.8.0.2
Sat Jun 17 10:15:23 2017 GID set to nogroup
Sat Jun 17 10:15:23 2017 UID set to nobody
Sat Jun 17 10:15:23 2017 UDPv4 link local (bound): [undef]
Sat Jun 17 10:15:23 2017 UDPv4 link remote: [undef]
Sat Jun 17 10:15:23 2017 Initialization Sequence Completed
Sat Jun 17 10:15:27 2017 event_wait : Interrupted system call (code=4)
RTNETLINK answers: Operation not permitted
Sat Jun 17 10:15:27 2017 ERROR: Linux route delete command failed: external program exited with error status: 2
Sat Jun 17 10:15:27 2017 /sbin/ip addr del dev tun0 local 10.8.0.1 peer 10.8.0.2
RTNETLINK answers: Operation not permitted
Sat Jun 17 10:15:27 2017 Linux ip addr del failed: external program exited with error status: 2
Sat Jun 17 10:15:27 2017 SIGINT[hard,] received, process exiting
Client Log
*Tunnelblick: OS X 10.12.3; Tunnelblick 3.6.2 (build 4558)
2017-06-17 10:27:59 *Tunnelblick: Attempting connection with Client1; Set nameserver = 769; monitoring connection
2017-06-17 10:27:59 *Tunnelblick: openvpnstart start Client1.tblk 1337 769 0 3 0 1065264 -ptADGNWradsgnw 2.3.10
2017-06-17 10:27:59 *Tunnelblick: openvpnstart starting OpenVPN
2017-06-17 10:28:00 *Tunnelblick: openvpnstart log:
OpenVPN started successfully. Command used to start OpenVPN (one argument per displayed line):

/Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.3.10/openvpn
--daemon
--log
/Library/Application Support/Tunnelblick/Logs/-SLibrary-SApplication Support-STunnelblick-SShared-SClient1.tblk-SContents-SResources-Sconfig.ovpn.769_0_3_0_1065264.1337.openvpn.log
--cd
/Library/Application Support/Tunnelblick/Shared/Client1.tblk/Contents/Resources
--verb
3
--config
/Library/Application Support/Tunnelblick/Shared/Client1.tblk/Contents/Resources/config.ovpn
--verb
3
--cd
/Library/Application Support/Tunnelblick/Shared/Client1.tblk/Contents/Resources
--management
127.0.0.1
1337
--management-query-passwords
--management-hold
--script-security
2
--up
/Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw
--down
/Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw

2017-06-17 10:28:00 *Tunnelblick: Established communication with OpenVPN
2017-06-17 10:28:00 *Tunnelblick: Obtained VPN passphrase from the Keychain
2017-06-17 10:28:00 OpenVPN 2.3.10 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [PKCS11] [MH] [IPv6] built on Apr 23 2016
2017-06-17 10:28:00 library versions: OpenSSL 1.0.2g 1 Mar 2016, LZO 2.09
2017-06-17 10:28:00 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:1337
2017-06-17 10:28:00 Need hold release from management interface, waiting...
2017-06-17 10:28:00 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:1337
2017-06-17 10:28:00 MANAGEMENT: CMD 'pid'
2017-06-17 10:28:00 MANAGEMENT: CMD 'state on'
2017-06-17 10:28:00 MANAGEMENT: CMD 'state'
2017-06-17 10:28:00 MANAGEMENT: CMD 'bytecount 1'
2017-06-17 10:28:00 MANAGEMENT: CMD 'hold release'
2017-06-17 10:28:00 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2017-06-17 10:28:00 MANAGEMENT: CMD 'password [...]'
2017-06-17 10:28:00 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2017-06-17 10:28:00 Control Channel Authentication: tls-auth using INLINE static key file
2017-06-17 10:28:00 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2017-06-17 10:28:00 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2017-06-17 10:28:00 Socket Buffers: R=[196724->196724] S=[9216->9216]
2017-06-17 10:28:00 MANAGEMENT: >STATE:1497709680,RESOLVE,,,
2017-06-17 10:28:00 UDPv4 link local: [undef]
2017-06-17 10:28:00 UDPv4 link remote: [AF_INET]108.16.136.122:1194
2017-06-17 10:28:00 MANAGEMENT: >STATE:1497709680,WAIT,,,
2017-06-17 10:29:00 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2017-06-17 10:29:00 TLS Error: TLS handshake failed
2017-06-17 10:29:00 SIGUSR1[soft,tls-error] received, process restarting
2017-06-17 10:29:00 MANAGEMENT: >STATE:1497709740,RECONNECTING,tls-error,,
2017-06-17 10:29:00 MANAGEMENT: CMD 'hold release'
2017-06-17 10:29:00 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2017-06-17 10:29:00 Socket Buffers: R=[196724->196724] S=[9216->9216]
2017-06-17 10:29:00 MANAGEMENT: >STATE:1497709740,RESOLVE,,,
2017-06-17 10:29:00 UDPv4 link local: [undef]
2017-06-17 10:29:00 UDPv4 link remote: [AF_INET]108.16.136.122:1194
2017-06-17 10:29:00 MANAGEMENT: >STATE:1497709740,WAIT,,,
Any help would be greatly appreciated. Please let me know if there is anything I am missing for this post

Cannot connect to Raspberry Pi 3 OpenVPN server

Posted: Sat Jun 17, 2017 3:01 pm
by mvgilpatrick
I'm getting errors attempting to connect to my raspberry pi 3 openvpn server. Below are is the relevant info

I used the tutorial on:
https://sys.jonaharagon.com/2016/05/12/setting-up-an-openvpn-server-on-a-raspberry-pi-2-part-12/
Server Conf
#local 10.0.0.12
dev tun
proto udp
port 1194
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/Pi.crt
key /etc/openvpn/easy-rsa/keys/Pi.key
dh /etc/openvpn/easy-rsa/keys/dh2048.pem
server 10.8.0.0 255.255.255.0
#ifconfig 10.8.0.1 10.8.0.2
#push "route 10.8.0.1 255.255.255.255"
#push "route 10.8.0.0 255.255.255.0"
#push "route 10.0.0.12 255.255.255.255"
push "dhcp-option DNS 10.0.0.1"
push "redirect-gateway def1"
client-to-client
duplicate-cn
keepalive 10 120
tls-auth /etc/openvpn/easy-rsa/keys/ta.key 0
cipher AES-128-CBC
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status /var/log/openvpn-status.log 20
log /var/log/openvpn.log
verb 6
With this server configuration, I've tried uncommenting and commenting out push rout, local and ifconfig lines as described below.

I started with all these lines running and not commented out:

local 10.0.0.12
ifconfig 10.8.0.1 10.8.0.2
push "route 10.8.0.1 255.255.255.255"
push "route 10.8.0.0 255.255.255.0"
push "route 10.0.0.12 255.255.255.255"

Then tried just commenting out the push lines, then adding ifconfig, and finally commenting out all of them as shown in the code above.
Client Conf
client
dev tun
proto udp
remote server.com 1194
resolv-retry infinite
nobind
persist-key
persist-tun
mute-replay-warnings
ns-cert-type server
key-direction 1
cipher AES-128-CBC
comp-lzo
verb 6
mute 20
ifconfig:

Code: Select all

eth0      Link encap:Ethernet  HWaddr b8:27:eb:de:ed:bd  
          inet addr:10.0.0.12  Bcast:10.0.0.255  Mask:255.255.255.0
          inet6 addr: fe80::97c5:c5aa:3507:7949/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:20244 errors:0 dropped:3 overruns:0 frame:0
          TX packets:9900 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:4776114 (4.5 MiB)  TX bytes:1574532 (1.5 MiB)
My openvpn server log:

Code: Select all

Sat Jun 17 10:40:55 2017 us=304009 Current Parameter Settings:
Sat Jun 17 10:40:55 2017 us=304288   config = '/etc/openvpn/server.conf'
Sat Jun 17 10:40:55 2017 us=304354   mode = 1
Sat Jun 17 10:40:55 2017 us=304413   persist_config = DISABLED
Sat Jun 17 10:40:55 2017 us=304472   persist_mode = 1
Sat Jun 17 10:40:55 2017 us=304530   show_ciphers = DISABLED
Sat Jun 17 10:40:55 2017 us=304587   show_digests = DISABLED
Sat Jun 17 10:40:55 2017 us=304644   show_engines = DISABLED
Sat Jun 17 10:40:55 2017 us=304701   genkey = DISABLED
Sat Jun 17 10:40:55 2017 us=304758   key_pass_file = '[UNDEF]'
Sat Jun 17 10:40:55 2017 us=304816   show_tls_ciphers = DISABLED
Sat Jun 17 10:40:55 2017 us=304874 Connection profiles [default]:
Sat Jun 17 10:40:55 2017 us=304934   proto = udp
Sat Jun 17 10:40:55 2017 us=304991   local = '[UNDEF]'
Sat Jun 17 10:40:55 2017 us=305048   local_port = 1194
Sat Jun 17 10:40:55 2017 us=305104   remote = '[UNDEF]'
Sat Jun 17 10:40:55 2017 us=305161   remote_port = 1194
Sat Jun 17 10:40:55 2017 us=305217   remote_float = DISABLED
Sat Jun 17 10:40:55 2017 us=305274   bind_defined = DISABLED
Sat Jun 17 10:40:55 2017 us=305330   bind_local = ENABLED
Sat Jun 17 10:40:55 2017 us=305386   connect_retry_seconds = 5
Sat Jun 17 10:40:55 2017 us=305443   connect_timeout = 10
Sat Jun 17 10:40:55 2017 us=305500   connect_retry_max = 0
Sat Jun 17 10:40:55 2017 us=305556   socks_proxy_server = '[UNDEF]'
Sat Jun 17 10:40:55 2017 us=305614   socks_proxy_port = 0
Sat Jun 17 10:40:55 2017 us=305670   socks_proxy_retry = DISABLED
Sat Jun 17 10:40:55 2017 us=305728   tun_mtu = 1500
Sat Jun 17 10:40:55 2017 us=305785   tun_mtu_defined = ENABLED
Sat Jun 17 10:40:55 2017 us=305842   link_mtu = 1500
Sat Jun 17 10:40:55 2017 us=305898   link_mtu_defined = DISABLED
Sat Jun 17 10:40:55 2017 us=305955   tun_mtu_extra = 0
Sat Jun 17 10:40:55 2017 us=306012   tun_mtu_extra_defined = DISABLED
Sat Jun 17 10:40:55 2017 us=306070   mtu_discover_type = -1
Sat Jun 17 10:40:55 2017 us=306126   fragment = 0
Sat Jun 17 10:40:55 2017 us=306182   mssfix = 1450
Sat Jun 17 10:40:55 2017 us=306239   explicit_exit_notification = 0
Sat Jun 17 10:40:55 2017 us=306295 Connection profiles END
Sat Jun 17 10:40:55 2017 us=306351   remote_random = DISABLED
Sat Jun 17 10:40:55 2017 us=306408   ipchange = '[UNDEF]'
Sat Jun 17 10:40:55 2017 us=306464   dev = 'tun'
Sat Jun 17 10:40:55 2017 us=306519   dev_type = '[UNDEF]'
Sat Jun 17 10:40:55 2017 us=306576   dev_node = '[UNDEF]'
Sat Jun 17 10:40:55 2017 us=306631   lladdr = '[UNDEF]'
Sat Jun 17 10:40:55 2017 us=306688   topology = 1
Sat Jun 17 10:40:55 2017 us=306744   tun_ipv6 = DISABLED
Sat Jun 17 10:40:55 2017 us=306800   ifconfig_local = '10.8.0.1'
Sat Jun 17 10:40:55 2017 us=306857   ifconfig_remote_netmask = '10.8.0.2'
Sat Jun 17 10:40:55 2017 us=306914   ifconfig_noexec = DISABLED
Sat Jun 17 10:40:55 2017 us=306971   ifconfig_nowarn = DISABLED
Sat Jun 17 10:40:55 2017 us=307028   ifconfig_ipv6_local = '[UNDEF]'
Sat Jun 17 10:40:55 2017 us=307086   ifconfig_ipv6_netbits = 0
Sat Jun 17 10:40:55 2017 us=307142   ifconfig_ipv6_remote = '[UNDEF]'
Sat Jun 17 10:40:55 2017 us=307199   shaper = 0
Sat Jun 17 10:40:55 2017 us=307256   mtu_test = 0
Sat Jun 17 10:40:55 2017 us=307312   mlock = DISABLED
Sat Jun 17 10:40:55 2017 us=307369   keepalive_ping = 10
Sat Jun 17 10:40:55 2017 us=307425   keepalive_timeout = 120
Sat Jun 17 10:40:55 2017 us=307482   inactivity_timeout = 0
Sat Jun 17 10:40:55 2017 us=307539   ping_send_timeout = 10
Sat Jun 17 10:40:55 2017 us=307595   ping_rec_timeout = 240
Sat Jun 17 10:40:55 2017 us=307652   ping_rec_timeout_action = 2
Sat Jun 17 10:40:55 2017 us=307710   ping_timer_remote = DISABLED
Sat Jun 17 10:40:55 2017 us=307766   remap_sigusr1 = 0
Sat Jun 17 10:40:55 2017 us=307822   persist_tun = ENABLED
Sat Jun 17 10:40:55 2017 us=307878   persist_local_ip = DISABLED
Sat Jun 17 10:40:55 2017 us=307935   persist_remote_ip = DISABLED
Sat Jun 17 10:40:55 2017 us=307992   persist_key = ENABLED
Sat Jun 17 10:40:55 2017 us=308048   passtos = DISABLED
Sat Jun 17 10:40:55 2017 us=308105   resolve_retry_seconds = 1000000000
Sat Jun 17 10:40:55 2017 us=308190   username = 'nobody'
Sat Jun 17 10:40:55 2017 us=308248   groupname = 'nogroup'
Sat Jun 17 10:40:55 2017 us=308304   chroot_dir = '[UNDEF]'
Sat Jun 17 10:40:55 2017 us=308361   cd_dir = '[UNDEF]'
Sat Jun 17 10:40:55 2017 us=308518   writepid = '[UNDEF]'
Sat Jun 17 10:40:55 2017 us=308586   up_script = '[UNDEF]'
Sat Jun 17 10:40:55 2017 us=308644   down_script = '[UNDEF]'
Sat Jun 17 10:40:55 2017 us=308701   down_pre = DISABLED
Sat Jun 17 10:40:55 2017 us=308757   up_restart = DISABLED
Sat Jun 17 10:40:55 2017 us=308813   up_delay = DISABLED
Sat Jun 17 10:40:55 2017 us=308869   daemon = DISABLED
Sat Jun 17 10:40:55 2017 us=308926   inetd = 0
Sat Jun 17 10:40:55 2017 us=308982   log = ENABLED
Sat Jun 17 10:40:55 2017 us=309038   suppress_timestamps = DISABLED
Sat Jun 17 10:40:55 2017 us=309096   nice = 0
Sat Jun 17 10:40:55 2017 us=309153   verbosity = 6
Sat Jun 17 10:40:55 2017 us=309210   mute = 0
Sat Jun 17 10:40:55 2017 us=309267   gremlin = 0
Sat Jun 17 10:40:55 2017 us=309324   status_file = '/var/log/openvpn-status.log'
Sat Jun 17 10:40:55 2017 us=309382   status_file_version = 1
Sat Jun 17 10:40:55 2017 us=309439   status_file_update_freq = 20
Sat Jun 17 10:40:55 2017 us=309495   occ = ENABLED
Sat Jun 17 10:40:55 2017 us=309552   rcvbuf = 65536
Sat Jun 17 10:40:55 2017 us=309609   sndbuf = 65536
Sat Jun 17 10:40:55 2017 us=309665   mark = 0
Sat Jun 17 10:40:55 2017 us=309721   sockflags = 0
Sat Jun 17 10:40:55 2017 us=309777   fast_io = DISABLED
Sat Jun 17 10:40:55 2017 us=309833   lzo = 7
Sat Jun 17 10:40:55 2017 us=309888   route_script = '[UNDEF]'
Sat Jun 17 10:40:55 2017 us=309945   route_default_gateway = '[UNDEF]'
Sat Jun 17 10:40:55 2017 us=310002   route_default_metric = 0
Sat Jun 17 10:40:55 2017 us=310060   route_noexec = DISABLED
Sat Jun 17 10:40:55 2017 us=310118   route_delay = 0
Sat Jun 17 10:40:55 2017 us=310177   route_delay_window = 30
Sat Jun 17 10:40:55 2017 us=310234   route_delay_defined = DISABLED
Sat Jun 17 10:40:55 2017 us=310292   route_nopull = DISABLED
Sat Jun 17 10:40:55 2017 us=310350   route_gateway_via_dhcp = DISABLED
Sat Jun 17 10:40:55 2017 us=310408   max_routes = 100
Sat Jun 17 10:40:55 2017 us=310466   allow_pull_fqdn = DISABLED
Sat Jun 17 10:40:55 2017 us=310527   route 10.8.0.0/255.255.255.0/nil/nil
Sat Jun 17 10:40:55 2017 us=310586   management_addr = '[UNDEF]'
Sat Jun 17 10:40:55 2017 us=310645   management_port = 0
Sat Jun 17 10:40:55 2017 us=310703   management_user_pass = '[UNDEF]'
Sat Jun 17 10:40:55 2017 us=310762   management_log_history_cache = 250
Sat Jun 17 10:40:55 2017 us=310821   management_echo_buffer_size = 100
Sat Jun 17 10:40:55 2017 us=310880   management_write_peer_info_file = '[UNDEF]'
Sat Jun 17 10:40:55 2017 us=310939   management_client_user = '[UNDEF]'
Sat Jun 17 10:40:55 2017 us=310997   management_client_group = '[UNDEF]'
Sat Jun 17 10:40:55 2017 us=311055   management_flags = 0
Sat Jun 17 10:40:55 2017 us=311113   shared_secret_file = '[UNDEF]'
Sat Jun 17 10:40:55 2017 us=311171   key_direction = 1
Sat Jun 17 10:40:55 2017 us=311229   ciphername_defined = ENABLED
Sat Jun 17 10:40:55 2017 us=311287   ciphername = 'AES-128-CBC'
Sat Jun 17 10:40:55 2017 us=311346   authname_defined = ENABLED
Sat Jun 17 10:40:55 2017 us=311404   authname = 'SHA1'
Sat Jun 17 10:40:55 2017 us=311461   prng_hash = 'SHA1'
Sat Jun 17 10:40:55 2017 us=311518   prng_nonce_secret_len = 16
Sat Jun 17 10:40:55 2017 us=311576   keysize = 0
Sat Jun 17 10:40:55 2017 us=311632   engine = DISABLED
Sat Jun 17 10:40:55 2017 us=311689   replay = ENABLED
Sat Jun 17 10:40:55 2017 us=311746   mute_replay_warnings = DISABLED
Sat Jun 17 10:40:55 2017 us=311804   replay_window = 64
Sat Jun 17 10:40:55 2017 us=311862   replay_time = 15
Sat Jun 17 10:40:55 2017 us=311919   packet_id_file = '[UNDEF]'
Sat Jun 17 10:40:55 2017 us=311976   use_iv = ENABLED
Sat Jun 17 10:40:55 2017 us=312033   test_crypto = DISABLED
Sat Jun 17 10:40:55 2017 us=312090   tls_server = ENABLED
Sat Jun 17 10:40:55 2017 us=312147   tls_client = DISABLED
Sat Jun 17 10:40:55 2017 us=312204   key_method = 2
Sat Jun 17 10:40:55 2017 us=312278   ca_file = '/etc/openvpn/easy-rsa/keys/ca.crt'
Sat Jun 17 10:40:55 2017 us=312338   ca_path = '[UNDEF]'
Sat Jun 17 10:40:55 2017 us=312397   dh_file = '/etc/openvpn/easy-rsa/keys/dh2048.pem'
Sat Jun 17 10:40:55 2017 us=312456   cert_file = '/etc/openvpn/easy-rsa/keys/Pi.crt'
Sat Jun 17 10:40:55 2017 us=312515   priv_key_file = '/etc/openvpn/easy-rsa/keys/Pi.key'
Sat Jun 17 10:40:55 2017 us=312573   pkcs12_file = '[UNDEF]'
Sat Jun 17 10:40:55 2017 us=312630   cipher_list = '[UNDEF]'
Sat Jun 17 10:40:55 2017 us=312686   tls_verify = '[UNDEF]'
Sat Jun 17 10:40:55 2017 us=312743   tls_export_cert = '[UNDEF]'
Sat Jun 17 10:40:55 2017 us=312801   verify_x509_type = 0
Sat Jun 17 10:40:55 2017 us=312859   verify_x509_name = '[UNDEF]'
Sat Jun 17 10:40:55 2017 us=312917   crl_file = '[UNDEF]'
Sat Jun 17 10:40:55 2017 us=312974   ns_cert_type = 0
Sat Jun 17 10:40:55 2017 us=313031   remote_cert_ku[i] = 0
Sat Jun 17 10:40:55 2017 us=313089   remote_cert_ku[i] = 0
Sat Jun 17 10:40:55 2017 us=313146   remote_cert_ku[i] = 0
Sat Jun 17 10:40:55 2017 us=313204   remote_cert_ku[i] = 0
Sat Jun 17 10:40:55 2017 us=313261   remote_cert_ku[i] = 0
Sat Jun 17 10:40:55 2017 us=313318   remote_cert_ku[i] = 0
Sat Jun 17 10:40:55 2017 us=313375   remote_cert_ku[i] = 0
Sat Jun 17 10:40:55 2017 us=313432   remote_cert_ku[i] = 0
Sat Jun 17 10:40:55 2017 us=313489   remote_cert_ku[i] = 0
Sat Jun 17 10:40:55 2017 us=313546   remote_cert_ku[i] = 0
Sat Jun 17 10:40:55 2017 us=313603   remote_cert_ku[i] = 0
Sat Jun 17 10:40:55 2017 us=313660   remote_cert_ku[i] = 0
Sat Jun 17 10:40:55 2017 us=313716   remote_cert_ku[i] = 0
Sat Jun 17 10:40:55 2017 us=313773   remote_cert_ku[i] = 0
Sat Jun 17 10:40:55 2017 us=313830   remote_cert_ku[i] = 0
Sat Jun 17 10:40:55 2017 us=313887   remote_cert_ku[i] = 0
Sat Jun 17 10:40:55 2017 us=313943   remote_cert_eku = '[UNDEF]'
Sat Jun 17 10:40:55 2017 us=314001   ssl_flags = 0
Sat Jun 17 10:40:55 2017 us=314057   tls_timeout = 2
Sat Jun 17 10:40:55 2017 us=314115   renegotiate_bytes = 0
Sat Jun 17 10:40:55 2017 us=314171   renegotiate_packets = 0
Sat Jun 17 10:40:55 2017 us=314228   renegotiate_seconds = 3600
Sat Jun 17 10:40:55 2017 us=314285   handshake_window = 60
Sat Jun 17 10:40:55 2017 us=314341   transition_window = 3600
Sat Jun 17 10:40:55 2017 us=314397   single_session = DISABLED
Sat Jun 17 10:40:55 2017 us=314453   push_peer_info = DISABLED
Sat Jun 17 10:40:55 2017 us=314509   tls_exit = DISABLED
Sat Jun 17 10:40:55 2017 us=314567   tls_auth_file = '/etc/openvpn/easy-rsa/keys/ta.key'
Sat Jun 17 10:40:55 2017 us=314626   pkcs11_protected_authentication = DISABLED
Sat Jun 17 10:40:55 2017 us=314685   pkcs11_protected_authentication = DISABLED
Sat Jun 17 10:40:55 2017 us=314743   pkcs11_protected_authentication = DISABLED
Sat Jun 17 10:40:55 2017 us=314802   pkcs11_protected_authentication = DISABLED
Sat Jun 17 10:40:55 2017 us=314860   pkcs11_protected_authentication = DISABLED
Sat Jun 17 10:40:55 2017 us=314919   pkcs11_protected_authentication = DISABLED
Sat Jun 17 10:40:55 2017 us=314986   pkcs11_protected_authentication = DISABLED
Sat Jun 17 10:40:55 2017 us=315046   pkcs11_protected_authentication = DISABLED
Sat Jun 17 10:40:55 2017 us=315104   pkcs11_protected_authentication = DISABLED
Sat Jun 17 10:40:55 2017 us=315162   pkcs11_protected_authentication = DISABLED
Sat Jun 17 10:40:55 2017 us=315220   pkcs11_protected_authentication = DISABLED
Sat Jun 17 10:40:55 2017 us=315279   pkcs11_protected_authentication = DISABLED
Sat Jun 17 10:40:55 2017 us=315337   pkcs11_protected_authentication = DISABLED
Sat Jun 17 10:40:55 2017 us=315396   pkcs11_protected_authentication = DISABLED
Sat Jun 17 10:40:55 2017 us=315453   pkcs11_protected_authentication = DISABLED
Sat Jun 17 10:40:55 2017 us=315512   pkcs11_protected_authentication = DISABLED
Sat Jun 17 10:40:55 2017 us=315572   pkcs11_private_mode = 00000000
Sat Jun 17 10:40:55 2017 us=315631   pkcs11_private_mode = 00000000
Sat Jun 17 10:40:55 2017 us=315691   pkcs11_private_mode = 00000000
Sat Jun 17 10:40:55 2017 us=315774   pkcs11_private_mode = 00000000
Sat Jun 17 10:40:55 2017 us=315835   pkcs11_private_mode = 00000000
Sat Jun 17 10:40:55 2017 us=315894   pkcs11_private_mode = 00000000
Sat Jun 17 10:40:55 2017 us=315955   pkcs11_private_mode = 00000000
Sat Jun 17 10:40:55 2017 us=316015   pkcs11_private_mode = 00000000
Sat Jun 17 10:40:55 2017 us=316075   pkcs11_private_mode = 00000000
Sat Jun 17 10:40:55 2017 us=316134   pkcs11_private_mode = 00000000
Sat Jun 17 10:40:55 2017 us=316193   pkcs11_private_mode = 00000000
Sat Jun 17 10:40:55 2017 us=316251   pkcs11_private_mode = 00000000
Sat Jun 17 10:40:55 2017 us=316310   pkcs11_private_mode = 00000000
Sat Jun 17 10:40:55 2017 us=316368   pkcs11_private_mode = 00000000
Sat Jun 17 10:40:55 2017 us=316427   pkcs11_private_mode = 00000000
Sat Jun 17 10:40:55 2017 us=316485   pkcs11_private_mode = 00000000
Sat Jun 17 10:40:55 2017 us=316543   pkcs11_cert_private = DISABLED
Sat Jun 17 10:40:55 2017 us=316601   pkcs11_cert_private = DISABLED
Sat Jun 17 10:40:55 2017 us=316660   pkcs11_cert_private = DISABLED
Sat Jun 17 10:40:55 2017 us=316717   pkcs11_cert_private = DISABLED
Sat Jun 17 10:40:55 2017 us=316775   pkcs11_cert_private = DISABLED
Sat Jun 17 10:40:55 2017 us=316833   pkcs11_cert_private = DISABLED
Sat Jun 17 10:40:55 2017 us=316891   pkcs11_cert_private = DISABLED
Sat Jun 17 10:40:55 2017 us=316949   pkcs11_cert_private = DISABLED
Sat Jun 17 10:40:55 2017 us=317007   pkcs11_cert_private = DISABLED
Sat Jun 17 10:40:55 2017 us=317064   pkcs11_cert_private = DISABLED
Sat Jun 17 10:40:55 2017 us=317120   pkcs11_cert_private = DISABLED
Sat Jun 17 10:40:55 2017 us=317178   pkcs11_cert_private = DISABLED
Sat Jun 17 10:40:55 2017 us=317236   pkcs11_cert_private = DISABLED
Sat Jun 17 10:40:55 2017 us=317294   pkcs11_cert_private = DISABLED
Sat Jun 17 10:40:55 2017 us=317351   pkcs11_cert_private = DISABLED
Sat Jun 17 10:40:55 2017 us=317408   pkcs11_cert_private = DISABLED
Sat Jun 17 10:40:55 2017 us=317467   pkcs11_pin_cache_period = -1
Sat Jun 17 10:40:55 2017 us=317523   pkcs11_id = '[UNDEF]'
Sat Jun 17 10:40:55 2017 us=317581   pkcs11_id_management = DISABLED
Sat Jun 17 10:40:55 2017 us=317655   server_network = 10.8.0.0
Sat Jun 17 10:40:55 2017 us=317720   server_netmask = 255.255.255.0
Sat Jun 17 10:40:55 2017 us=317786   server_network_ipv6 = ::
Sat Jun 17 10:40:55 2017 us=317845   server_netbits_ipv6 = 0
Sat Jun 17 10:40:55 2017 us=317909   server_bridge_ip = 0.0.0.0
Sat Jun 17 10:40:55 2017 us=317975   server_bridge_netmask = 0.0.0.0
Sat Jun 17 10:40:55 2017 us=318040   server_bridge_pool_start = 0.0.0.0
Sat Jun 17 10:40:55 2017 us=318104   server_bridge_pool_end = 0.0.0.0
Sat Jun 17 10:40:55 2017 us=318163   push_entry = 'dhcp-option DNS 10.0.0.1'
Sat Jun 17 10:40:55 2017 us=318222   push_entry = 'redirect-gateway def1'
Sat Jun 17 10:40:55 2017 us=318280   push_entry = 'route 10.8.0.0 255.255.255.0'
Sat Jun 17 10:40:55 2017 us=318338   push_entry = 'topology net30'
Sat Jun 17 10:40:55 2017 us=318396   push_entry = 'ping 10'
Sat Jun 17 10:40:55 2017 us=318508   push_entry = 'ping-restart 120'
Sat Jun 17 10:40:55 2017 us=318567   ifconfig_pool_defined = ENABLED
Sat Jun 17 10:40:55 2017 us=318633   ifconfig_pool_start = 10.8.0.4
Sat Jun 17 10:40:55 2017 us=318698   ifconfig_pool_end = 10.8.0.251
Sat Jun 17 10:40:55 2017 us=318763   ifconfig_pool_netmask = 0.0.0.0
Sat Jun 17 10:40:55 2017 us=318821   ifconfig_pool_persist_filename = '[UNDEF]'
Sat Jun 17 10:40:55 2017 us=318880   ifconfig_pool_persist_refresh_freq = 600
Sat Jun 17 10:40:55 2017 us=318939   ifconfig_ipv6_pool_defined = DISABLED
Sat Jun 17 10:40:55 2017 us=319001   ifconfig_ipv6_pool_base = ::
Sat Jun 17 10:40:55 2017 us=319060   ifconfig_ipv6_pool_netbits = 0
Sat Jun 17 10:40:55 2017 us=319118   n_bcast_buf = 256
Sat Jun 17 10:40:55 2017 us=319176   tcp_queue_limit = 64
Sat Jun 17 10:40:55 2017 us=319233   real_hash_size = 256
Sat Jun 17 10:40:55 2017 us=319290   virtual_hash_size = 256
Sat Jun 17 10:40:55 2017 us=319348   client_connect_script = '[UNDEF]'
Sat Jun 17 10:40:55 2017 us=319406   learn_address_script = '[UNDEF]'
Sat Jun 17 10:40:55 2017 us=319490   client_disconnect_script = '[UNDEF]'
Sat Jun 17 10:40:55 2017 us=319551   client_config_dir = '[UNDEF]'
Sat Jun 17 10:40:55 2017 us=319609   ccd_exclusive = DISABLED
Sat Jun 17 10:40:55 2017 us=319667   tmp_dir = '/tmp'
Sat Jun 17 10:40:55 2017 us=319724   push_ifconfig_defined = DISABLED
Sat Jun 17 10:40:55 2017 us=319797   push_ifconfig_local = 0.0.0.0
Sat Jun 17 10:40:55 2017 us=319864   push_ifconfig_remote_netmask = 0.0.0.0
Sat Jun 17 10:40:55 2017 us=319924   push_ifconfig_ipv6_defined = DISABLED
Sat Jun 17 10:40:55 2017 us=319987   push_ifconfig_ipv6_local = ::/0
Sat Jun 17 10:40:55 2017 us=320049   push_ifconfig_ipv6_remote = ::
Sat Jun 17 10:40:55 2017 us=320107   enable_c2c = ENABLED
Sat Jun 17 10:40:55 2017 us=320165   duplicate_cn = ENABLED
Sat Jun 17 10:40:55 2017 us=320222   cf_max = 0
Sat Jun 17 10:40:55 2017 us=320279   cf_per = 0
Sat Jun 17 10:40:55 2017 us=320335   max_clients = 1024
Sat Jun 17 10:40:55 2017 us=320392   max_routes_per_client = 256
Sat Jun 17 10:40:55 2017 us=320451   auth_user_pass_verify_script = '[UNDEF]'
Sat Jun 17 10:40:55 2017 us=320509   auth_user_pass_verify_script_via_file = DISABLED
Sat Jun 17 10:40:55 2017 us=320568   port_share_host = '[UNDEF]'
Sat Jun 17 10:40:55 2017 us=320626   port_share_port = 0
Sat Jun 17 10:40:55 2017 us=320682   client = DISABLED
Sat Jun 17 10:40:55 2017 us=320739   pull = DISABLED
Sat Jun 17 10:40:55 2017 us=320796   auth_user_pass_file = '[UNDEF]'
Sat Jun 17 10:40:55 2017 us=320860 OpenVPN 2.3.4 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jan 23 2016
Sat Jun 17 10:40:55 2017 us=320937 library versions: OpenSSL 1.0.1t  3 May 2016, LZO 2.08
Sat Jun 17 10:40:55 2017 us=323771 Diffie-Hellman initialized with 2048 bit key
Sat Jun 17 10:40:55 2017 us=327414 Control Channel Authentication: using '/etc/openvpn/easy-rsa/keys/ta.key' as a OpenVPN static key file
Sat Jun 17 10:40:55 2017 us=327519 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Jun 17 10:40:55 2017 us=327593 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Jun 17 10:40:55 2017 us=327675 TLS-Auth MTU parms [ L:1558 D:166 EF:66 EB:0 ET:0 EL:0 ]
Sat Jun 17 10:40:55 2017 us=327783 Socket Buffers: R=[163840->131072] S=[163840->131072]
Sat Jun 17 10:40:55 2017 us=328286 ROUTE_GATEWAY 10.0.0.1/255.255.255.0 IFACE=eth0 HWADDR=b8:27:eb:de:ed:bd
Sat Jun 17 10:40:55 2017 us=332255 TUN/TAP device tun0 opened
Sat Jun 17 10:40:55 2017 us=332419 TUN/TAP TX queue length set to 100
Sat Jun 17 10:40:55 2017 us=332512 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Sat Jun 17 10:40:55 2017 us=332648 /sbin/ip link set dev tun0 up mtu 1500
Sat Jun 17 10:40:55 2017 us=347395 /sbin/ip addr add dev tun0 local 10.8.0.1 peer 10.8.0.2
Sat Jun 17 10:40:55 2017 us=354447 /sbin/ip route add 10.8.0.0/24 via 10.8.0.2
Sat Jun 17 10:40:55 2017 us=359950 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ]
Sat Jun 17 10:40:55 2017 us=361036 GID set to nogroup
Sat Jun 17 10:40:55 2017 us=361105 UID set to nobody
Sat Jun 17 10:40:55 2017 us=361139 UDPv4 link local (bound): [undef]
Sat Jun 17 10:40:55 2017 us=361168 UDPv4 link remote: [undef]
Sat Jun 17 10:40:55 2017 us=361208 MULTI: multi_init called, r=256 v=256
Sat Jun 17 10:40:55 2017 us=361284 IFCONFIG POOL: base=10.8.0.4 size=62, ipv6=0
Sat Jun 17 10:40:55 2017 us=361363 Initialization Sequence Completed
Sat Jun 17 10:46:12 2017 us=790464 event_wait : Interrupted system call (code=4)
Sat Jun 17 10:46:12 2017 us=791239 TCP/UDP: Closing socket
Sat Jun 17 10:46:12 2017 us=791513 /sbin/ip route del 10.8.0.0/24
RTNETLINK answers: Operation not permitted
Sat Jun 17 10:46:12 2017 us=796947 ERROR: Linux route delete command failed: external program exited with error status: 2
Sat Jun 17 10:46:12 2017 us=797151 Closing TUN/TAP interface
Sat Jun 17 10:46:12 2017 us=797296 /sbin/ip addr del dev tun0 local 10.8.0.1 peer 10.8.0.2
RTNETLINK answers: Operation not permitted
Sat Jun 17 10:46:12 2017 us=802916 Linux ip addr del failed: external program exited with error status: 2
Sat Jun 17 10:46:12 2017 us=858787 SIGINT[hard,] received, process exiting

My openvpn client log:

Code: Select all

*Tunnelblick: OS X 10.12.3; Tunnelblick 3.6.2 (build 4558)
2017-06-17 10:54:18 *Tunnelblick: Attempting connection with Client1 using shadow copy; Set nameserver = 769; monitoring connection
2017-06-17 10:54:18 *Tunnelblick: openvpnstart start Client1.tblk 1337 769 0 1 0 1065264 -ptADGNWradsgnw 2.3.10
2017-06-17 10:54:18 *Tunnelblick: openvpnstart log:
     OpenVPN started successfully. Command used to start OpenVPN (one argument per displayed line):
     
          /Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.3.10/openvpn
          --daemon
          --log
          /Library/Application Support/Tunnelblick/Logs/-SUsers-Suser-SLibrary-SApplication Support-STunnelblick-SConfigurations-SClient1.tblk-SContents-SResources-Sconfig.ovpn.769_0_1_0_1065264.1337.openvpn.log
          --cd
          /Library/Application Support/Tunnelblick/Users/user/Client1.tblk/Contents/Resources
          --verb
          3
          --config
          /Library/Application Support/Tunnelblick/Users/user/Client1.tblk/Contents/Resources/config.ovpn
          --verb
          3
          --cd
          /Library/Application Support/Tunnelblick/Users/user/Client1.tblk/Contents/Resources
          --management
          127.0.0.1
          1337
          --management-query-passwords
          --management-hold
          --script-security
          2
          --up
          /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw
          --down
          /Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw

2017-06-17 10:54:18 *Tunnelblick: Established communication with OpenVPN
2017-06-17 10:54:18 OpenVPN 2.3.10 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [PKCS11] [MH] [IPv6] built on Apr 23 2016
2017-06-17 10:54:18 library versions: OpenSSL 1.0.2g  1 Mar 2016, LZO 2.09
2017-06-17 10:54:18 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:1337
2017-06-17 10:54:18 Need hold release from management interface, waiting...
2017-06-17 10:54:18 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:1337
2017-06-17 10:54:18 MANAGEMENT: CMD 'pid'
2017-06-17 10:54:18 MANAGEMENT: CMD 'state on'
2017-06-17 10:54:18 MANAGEMENT: CMD 'state'
2017-06-17 10:54:18 MANAGEMENT: CMD 'bytecount 1'
2017-06-17 10:54:18 MANAGEMENT: CMD 'hold release'
2017-06-17 10:54:18 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2017-06-17 10:54:18 *Tunnelblick: openvpnstart starting OpenVPN
2017-06-17 10:54:28 MANAGEMENT: CMD 'password [...]'
2017-06-17 10:54:28 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2017-06-17 10:54:28 Control Channel Authentication: tls-auth using INLINE static key file
2017-06-17 10:54:28 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2017-06-17 10:54:28 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2017-06-17 10:54:28 Socket Buffers: R=[196724->196724] S=[9216->9216]
2017-06-17 10:54:28 MANAGEMENT: >STATE:1497711268,RESOLVE,,,
2017-06-17 10:54:28 UDPv4 link local: [undef]
2017-06-17 10:54:28 UDPv4 link remote: [AF_INET]a.b.c.d:1194
2017-06-17 10:54:28 MANAGEMENT: >STATE:1497711268,WAIT,,,
2017-06-17 10:55:28 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2017-06-17 10:55:28 TLS Error: TLS handshake failed
2017-06-17 10:55:28 SIGUSR1[soft,tls-error] received, process restarting
2017-06-17 10:55:28 MANAGEMENT: >STATE:1497711328,RECONNECTING,tls-error,,
2017-06-17 10:55:28 MANAGEMENT: CMD 'hold release'
2017-06-17 10:55:28 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2017-06-17 10:55:28 Socket Buffers: R=[196724->196724] S=[9216->9216]
2017-06-17 10:55:28 MANAGEMENT: >STATE:1497711328,RESOLVE,,,
2017-06-17 10:55:28 UDPv4 link local: [undef]
2017-06-17 10:55:28 UDPv4 link remote: [AF_INET]108.16.136.122:1194
2017-06-17 10:55:28 MANAGEMENT: >STATE:1497711328,WAIT,,,
2017-06-17 10:55:56 *Tunnelblick: Disconnecting; VPN Details… window disconnect button pressed
2017-06-17 10:55:56 *Tunnelblick: No 'pre-disconnect.sh' script to execute
2017-06-17 10:55:56 *Tunnelblick: Disconnecting using 'kill'
2017-06-17 10:55:56 event_wait : Interrupted system call (code=4)
2017-06-17 10:55:56 SIGTERM[hard,] received, process exiting
2017-06-17 10:55:56 MANAGEMENT: >STATE:1497711356,EXITING,SIGTERM,,
2017-06-17 10:55:57 *Tunnelblick: No 'post-disconnect.sh' script to execute
2017-06-17 10:55:57 *Tunnelblick: Expected disconnection occurred.
Any help would be greatly appreciated.
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/