PUSH_REPLY - server error

zaffy · Post by **zaffy** » Sun Sep 20, 2020 11:30 am

Hi All,
I am new to OVPN and have just set up a OVPN as follows:

Server
armv7l GNU/Linux
Dlink NAS - DNS-327L
DNS-327L OpenVPN Package v1.01_03062016

Client Mac Osx- Catalina
client connect
openvpn-connect-3.2.2.1899_signed

I am able to connect from a variety of devices to the server but I am getting an error as follows in the server log.

Code: Select all

Sun Sep 20 11:50:36 2020 xx.xx.xx.xx/xx.xx.xx.xx:60608 SIGTERM[soft,remote-exit] received, client-instance exiting
Sun Sep 20 11:56:00 2020 xx.xx.xx.xx:40130 TLS: Initial packet from [AF_INET]xx.xx.xx.xx:40130, sid=76d8fa16 a2a5d4bc
Sun Sep 20 11:56:01 2020xx.xx.xx.xx:40130 VERIFY OK: depth=1, C=SG, ST=State, L=SG, O=Widgets Inc, OU=IT, CN=xx.xx.xx.xx name=xx.xx.xx.xx emailAddress=yourName@Widgets.com
Sun Sep 20 11:56:01 2020 xx.xx.xx.xx:40130 VERIFY OK: depth=0, C=SG, ST=State, L=SG, O=Widgets Inc, OU=IT, CN=xx.xx.xx.xx name=xx.xx.xx.xx emailAddress=yourName@Widgets.com
Sun Sep 20 11:56:01 2020 xx.xx.xx.xx:40130 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Sun Sep 20 11:56:01 2020 xx.xx.xx.xx:40130 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Sep 20 11:56:01 2020 xx.xx.xx.xx:40130 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Sun Sep 20 11:56:01 2020 xx.xx.xx.xx:40130 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Sep 20 11:56:02 2020 xx.xx.xx.xx:40130 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 4096 bit RSA
Sun Sep 20 11:56:02 2020 xx.xx.xx.xx:40130 [xx.xx.xx.xx] Peer Connection Initiated with [AF_INET]xx.xx.xx.xx:40130
Sun Sep 20 11:56:02 2020 xx.xx.xx.xx/xx.xx.xx.xx:40130 MULTI_sva: pool returned IPv4=10.8.0.6, IPv6=(Not enabled)
Sun Sep 20 11:56:02 2020 xx.xx.xx.xx/xx.xx.xx.xx:40130 MULTI: Learn: 10.8.0.6 -> xx.xx.xx.xx/xx.xx.xx.xx:40130
Sun Sep 20 11:56:02 2020 xx.xx.xx.xx/xx.xx.xx.xx:40130 MULTI: primary virtual IP for xx.xx.xx.xx/xx.xx.xx.xx:40130: 10.8.0.6
Sun Sep 20 11:56:02 2020 xx.xx.xx.xx7/xx.xx.xx.xx:40130 PUSH: Received control message: 'PUSH_REQUEST'
Sun Sep 20 11:56:02 2020 xx.xx.xx.xx/xx.xx.xx.xx:40130 send_push_reply(): safe_cap=940
Sun Sep 20 11:56:02 2020 xx.xx.xx.xx/xx.xx.xx.xx:40130 SENT CONTROL [xx.xx.xx.xx]:[b][i] 'PUSH_REPLY,dhcp-option DNS 8.8.8.8,redirect-gateway def1,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5' (status=1)

Server config

dev tun
proto udp
persist-key
persist-tun
verb 3
cipher AES-256-CBC
keepalive 10 120

ifconfig-pool-persist ipp.txt
status /var/log/openvpn-status.log
log /var/log/openvpn.log

port 1199
server 10.8.0.0 255.255.255.0

#push "route 192.168.0.0 255.255.255.0"

push "dhcp-option DNS 8.8.8.8"
push "redirect-gateway def1"

max-clients 100

ca /mnt/HD/HD_a2/Nas_Prog/OpenVPN/genkey/keys/ca.crt
cert /mnt/HD/HD_a2/Nas_Prog/OpenVPN/genkey/keys/server.crt
key /mnt/HD/HD_a2/Nas_Prog/OpenVPN/genkey/keys/server.key
dh /mnt/HD/HD_a2/Nas_Prog/OpenVPN/genkey/keys/dh2048.pem

Note: I am setting this up under port 1199 as I have port forwarded another OVPN I successfully set up on the standard port on a mac mini which work fine. However, I would like to get the NAS OVPN solution working as this will be a better long term option.

I have no idea what the issue is but any help would be appreciated.

zaffy · Post by **zaffy** » Sun Sep 20, 2020 11:36 am

Just to add - I am not getting anything returned from the VPN to the client.
The VPN connect app just hangs and I suspect it is related to the server log error

TinCanTech · Post by **TinCanTech** » Sun Sep 20, 2020 4:20 pm

What server error is that ?

zaffy · Post by **zaffy** » Sun Sep 20, 2020 5:36 pm

TinCanTech wrote: ↑
Sun Sep 20, 2020 4:20 pm
What server error is that ?

Looking at this line in the server log - looks like an issue.
PUSH_REPLY,dhcp-option DNS 8.8.8.8,redirect-gateway def1,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5' (status=1)

TinCanTech · Post by **TinCanTech** » Sun Sep 20, 2020 6:33 pm

zaffy wrote: ↑
Sun Sep 20, 2020 5:36 pm
Looking at this line in the server log - looks like an issue.
PUSH_REPLY,dhcp-option DNS 8.8.8.8,redirect-gateway def1,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5' (status=1)

What issue exactly ?

zaffy · Post by **zaffy** » Mon Sep 21, 2020 4:27 pm

status = 1 usually means an error

TinCanTech · Post by **TinCanTech** » Mon Sep 21, 2020 6:04 pm

zaffy wrote: ↑
Mon Sep 21, 2020 4:27 pm
status = 1 usually means an error

Exit status of non-zero commonly indicates an error.

That is not an exit status.

zaffy · Post by **zaffy** » Tue Sep 22, 2020 8:00 am

Thanks TinCanTech - I'm not saying that it is an EXIT status (server exit), just that it's probably denoting an error on the operation. As the VPN server is not returning data to my client, I was wondering if this error is the issue and how to resolve it.

Unfortunately, the OpenVPN version I'm using is quite old and is installed on a NAS and there will not be many who have installed this.

TinCanTech · Post by **TinCanTech** » Tue Sep 22, 2020 11:15 am

zaffy wrote: ↑
Tue Sep 22, 2020 8:00 am
I'm not saying that it is an EXIT status (server exit), just that it's probably denoting an error

It is not an error.

zaffy wrote: ↑
Tue Sep 22, 2020 8:00 am
the VPN server is not returning data to my client

Please see: viewtopic.php?f=30&t=22603

zaffy wrote: ↑
Tue Sep 22, 2020 8:00 am
the OpenVPN version I'm using is quite old

Openvpn should be reasonably compatible all the way back to v2.1

zaffy · Post by **zaffy** » Wed Sep 23, 2020 2:11 pm

Ok. Thanks for you help TinChanTech

OpenVPN Support Forum

PUSH_REPLY - server error

PUSH_REPLY - server error

Re: PUSH_REPLY - server error

Re: PUSH_REPLY - server error

Re: PUSH_REPLY - server error

Re: PUSH_REPLY - server error

Re: PUSH_REPLY - server error

Re: PUSH_REPLY - server error

Re: PUSH_REPLY - server error

Re: PUSH_REPLY - server error

Re: PUSH_REPLY - server error