HOWTO: Request Help !

All comments and questions related to the functionality of the OpenVPN web pages and forum should go here.
Post Reply
User avatar
TinCanTech
OpenVPN Protagonist
Posts: 2993
Joined: Fri Jun 03, 2016 1:17 pm

HOWTO: Request Help !

Post by TinCanTech » Tue Oct 11, 2016 2:30 pm

  • Please
    • take your time to read this entire thread, it will help you get started.
  • Please identify which version(s) of Openvpn you are using
    and your server and client operating systems.


    Note:
    • Read the help below for the Openvpn product you are using and follow the instructions.
    • Moderators are ready to move your post, once your requirement has been correctly identified.
    • Your problem may look obvious to you but we see all sorts of crazy schemes which people try to implement. If you do not document your problem clearly, by following the instructions below .... ?
    • Keep your system up to date ..

    OpenVPN Access Server


    OpenVPN Community Edition
    • Note:
      • OpenVPN Community Edition is Free Open Source Software,
        created and maintainted by Volunteers.
    • This is the free version of Openvpn which can be found here
      https://openvpn.net/index.php/open-source/overview.html
    • You must read the HOWTO
      HOWTO: For OpenVPN Community Edition
    • You are advised to check the Manual for specific help on any configuration directives
      The OpenVPN Manual 2.3
      The OpenVPN Manual 2.4
    • Question: Where should I post my question ?

      Please see: Which forum for help with OpenVPN client?

      Answer: Generally here
      Board index > Community Project > Server Administration > Configuration
    • Please include the following details
      • Use verb 4 in your config files

        Please remove any publicly identifiable data which you are uncomfortable posting online

        For details of how [ oconf= ] works please see:
        viewtopic.php?f=30&t=21589

        Here is a good example of how to post your request:
        viewtopic.php?f=7&t=20606
      • Server Configuration file:

        Use BBCode oconf=SERVER

        Code: Select all

        [oconf=SERVER]
        ### Paste Your Server Config File Below ###
        server 10.8.0.0 255.255.255.0  #  This is a private IP address which
                                       #  can *not* be used to hack your network
        verb 4                         #  Make sure to use --verb 4
        
        etc ...
        
        [/oconf]

        EXAMPLE:
        SERVER
        #################################################
        # Sample OpenVPN 2.0 config file for #
        # multi-client server. #
        # #
        # This file is for the server side #
        # of a many-clients one-server #
        # OpenVPN configuration. #
        # #
        # OpenVPN also supports #
        # single-machine single-machine #
        # configurations (See the Examples page #
        # on the web site for more info). #
        # #
        # This config should work on Windows #
        # or Linux/BSD systems. Remember on #
        # Windows to quote pathnames and use #
        # double backslashes, e.g.: #
        # "C:\\Program Files\\OpenVPN\\config\\foo.key" #
        # #
        # Comments are preceded with '#' or ';' #
        #################################################

        # Which local IP address should OpenVPN
        # listen on? (optional)
        ;local a.b.c.d

        # Which TCP/UDP port should OpenVPN listen on?
        # If you want to run multiple OpenVPN instances
        # on the same machine, use a different port
        # number for each one. You will need to
        # open up this port on your firewall.
        port 1194

        # TCP or UDP server?
        ;proto tcp
        proto udp

        # "dev tun" will create a routed IP tunnel,
        # "dev tap" will create an ethernet tunnel.
        # Use "dev tap0" if you are ethernet bridging
        # and have precreated a tap0 virtual interface
        # and bridged it with your ethernet interface.
        # If you want to control access policies
        # over the VPN, you must create firewall
        # rules for the the TUN/TAP interface.
        # On non-Windows systems, you can give
        # an explicit unit number, such as tun0.
        # On Windows, use "dev-node" for this.
        # On most systems, the VPN will not function
        # unless you partially or fully disable
        # the firewall for the TUN/TAP interface.
        ;dev tap
        dev tun

        # Windows needs the TAP-Windows adapter name
        # from the Network Connections panel if you
        # have more than one. On XP SP2 or higher,
        # you may need to selectively disable the
        # Windows firewall for the TAP adapter.
        # Non-Windows systems usually don't need this.
        ;dev-node MyTap

        # SSL/TLS root certificate (ca), certificate
        # (cert), and private key (key). Each client
        # and the server must have their own cert and
        # key file. The server and all clients will
        # use the same ca file.
        #
        # See the "easy-rsa" directory for a series
        # of scripts for generating RSA certificates
        # and private keys. Remember to use
        # a unique Common Name for the server
        # and each of the client certificates.
        #
        # Any X509 key management system can be used.
        # OpenVPN can also use a PKCS #12 formatted key file
        # (see "pkcs12" directive in man page).
        ca ca.crt
        cert server.crt
        key server.key # This file should be kept secret

        # Diffie hellman parameters.
        # Generate your own with:
        # openssl dhparam -out dh1024.pem 1024
        # Substitute 2048 for 1024 if you are using
        # 2048 bit keys.
        dh dh1024.pem

        # Configure server mode and supply a VPN subnet
        # for OpenVPN to draw client addresses from.
        # The server will take 10.8.0.1 for itself,
        # the rest will be made available to clients.
        # Each client will be able to reach the server
        # on 10.8.0.1. Comment this line out if you are
        # ethernet bridging. See the man page for more info.
        server 10.8.0.0 255.255.255.0

        # Maintain a record of client virtual IP address
        # associations in this file. If OpenVPN goes down or
        # is restarted, reconnecting clients can be assigned
        # the same virtual IP address from the pool that was
        # previously assigned.
        ifconfig-pool-persist ipp.txt

        # Configure server mode for ethernet bridging.
        # You must first use your OS's bridging capability
        # to bridge the TAP interface with the ethernet
        # NIC interface. Then you must manually set the
        # IP/netmask on the bridge interface, here we
        # assume 10.8.0.4/255.255.255.0. Finally we
        # must set aside an IP range in this subnet
        # (start=10.8.0.50 end=10.8.0.100) to allocate
        # to connecting clients. Leave this line commented
        # out unless you are ethernet bridging.
        ;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100

        # Push routes to the client to allow it
        # to reach other private subnets behind
        # the server. Remember that these
        # private subnets will also need
        # to know to route the OpenVPN client
        # address pool (10.8.0.0/255.255.255.0)
        # back to the OpenVPN server.
        ;push "route 192.168.10.0 255.255.255.0"
        ;push "route 192.168.20.0 255.255.255.0"

        # To assign specific IP addresses to specific
        # clients or if a connecting client has a private
        # subnet behind it that should also have VPN access,
        # use the subdirectory "ccd" for client-specific
        # configuration files (see man page for more info).

        # EXAMPLE: Suppose the client
        # having the certificate common name "Thelonious"
        # also has a small subnet behind his connecting
        # machine, such as 192.168.40.128/255.255.255.248.
        # First, uncomment out these lines:
        ;client-config-dir ccd
        ;route 192.168.40.128 255.255.255.248
        # Then create a file ccd/Thelonious with this line:
        # iroute 192.168.40.128 255.255.255.248
        # This will allow Thelonious' private subnet to
        # access the VPN. This example will only work
        # if you are routing, not bridging, i.e. you are
        # using "dev tun" and "server" directives.

        # EXAMPLE: Suppose you want to give
        # Thelonious a fixed VPN IP address of 10.9.0.1.
        # First uncomment out these lines:
        ;client-config-dir ccd
        ;route 10.9.0.0 255.255.255.252
        # Then add this line to ccd/Thelonious:
        # ifconfig-push 10.9.0.1 10.9.0.2

        # Suppose that you want to enable different
        # firewall access policies for different groups
        # of clients. There are two methods:
        # (1) Run multiple OpenVPN daemons, one for each
        # group, and firewall the TUN/TAP interface
        # for each group/daemon appropriately.
        # (2) (Advanced) Create a script to dynamically
        # modify the firewall in response to access
        # from different clients. See man
        # page for more info on learn-address script.
        ;learn-address ./script

        # If enabled, this directive will configure
        # all clients to redirect their default
        # network gateway through the VPN, causing
        # all IP traffic such as web browsing and
        # and DNS lookups to go through the VPN
        # (The OpenVPN server machine may need to NAT
        # the TUN/TAP interface to the internet in
        # order for this to work properly).
        # CAVEAT: May break client's network config if
        # client's local DHCP server packets get routed
        # through the tunnel. Solution: make sure
        # client's local DHCP server is reachable via
        # a more specific route than the default route
        # of 0.0.0.0/0.0.0.0.
        ;push "redirect-gateway"

        # Certain Windows-specific network settings
        # can be pushed to clients, such as DNS
        # or WINS server addresses. CAVEAT:
        # http://openvpn.net/faq.html#dhcpcaveats
        ;push "dhcp-option DNS 10.8.0.1"
        ;push "dhcp-option WINS 10.8.0.1"

        # Uncomment this directive to allow different
        # clients to be able to "see" each other.
        # By default, clients will only see the server.
        # To force clients to only see the server, you
        # will also need to appropriately firewall the
        # server's TUN/TAP interface.
        ;client-to-client

        # Uncomment this directive if multiple clients
        # might connect with the same certificate/key
        # files or common names. This is recommended
        # only for testing purposes. For production use,
        # each client should have its own certificate/key
        # pair.
        #
        # IF YOU HAVE NOT GENERATED INDIVIDUAL
        # CERTIFICATE/KEY PAIRS FOR EACH CLIENT,
        # EACH HAVING ITS OWN UNIQUE "COMMON NAME",
        # UNCOMMENT THIS LINE OUT.
        ;duplicate-cn

        # The keepalive directive causes ping-like
        # messages to be sent back and forth over
        # the link so that each side knows when
        # the other side has gone down.
        # Ping every 10 seconds, assume that remote
        # peer is down if no ping received during
        # a 120 second time period.
        keepalive 10 120

        # For extra security beyond that provided
        # by SSL/TLS, create an "HMAC firewall"
        # to help block DoS attacks and UDP port flooding.
        #
        # Generate with:
        # openvpn --genkey --secret ta.key
        #
        # The server and each client must have
        # a copy of this key.
        # The second parameter should be '0'
        # on the server and '1' on the clients.
        ;tls-auth ta.key 0 # This file is secret

        # Select a cryptographic cipher.
        # This config item must be copied to
        # the client config file as well.
        ;cipher BF-CBC # Blowfish (default)
        ;cipher AES-128-CBC # AES
        ;cipher DES-EDE3-CBC # Triple-DES

        # Enable compression on the VPN link.
        # If you enable it here, you must also
        # enable it in the client config file.
        comp-lzo

        # The maximum number of concurrently connected
        # clients we want to allow.
        ;max-clients 100

        # It's a good idea to reduce the OpenVPN
        # daemon's privileges after initialization.
        #
        # You can uncomment this out on
        # non-Windows systems.
        ;user nobody
        ;group nobody

        # The persist options will try to avoid
        # accessing certain resources on restart
        # that may no longer be accessible because
        # of the privilege downgrade.
        persist-key
        persist-tun

        # Output a short status file showing
        # current connections, truncated
        # and rewritten every minute.
        status openvpn-status.log

        # By default, log messages will go to the syslog (or
        # on Windows, if running as a service, they will go to
        # the "\Program Files\OpenVPN\log" directory).
        # Use log or log-append to override this default.
        # "log" will truncate the log file on OpenVPN startup,
        # while "log-append" will append to it. Use one
        # or the other (but not both).
        ;log openvpn.log
        ;log-append openvpn.log

        # Set the appropriate level of log
        # file verbosity.
        #
        # 0 is silent, except for fatal errors
        # 4 is reasonable for general usage
        # 5 and 6 can help to debug connection problems
        # 9 is extremely verbose
        verb 3

        # Silence repeating messages. At most 20
        # sequential messages of the same message
        # category will be output to the log.
        ;mute 20

        • Press [ View Original ] above to see why ..
      • Server Log file:

        (verb 4)

        Code: Select all

        ### Paste Your Server Log Below ###
        Tue Oct 11 13:18:43 2016 us=361220 Current Parameter Settings:
        Tue Oct 11 13:18:43 2016 us=361265   config = '/etc/openvpn/server.conf'
        
        etc ...
        
        Tue Oct 11 13:18:43 2016 us=362818 OpenVPN 2.3_git [git:master/4db062901fba790a] x86_64-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH] [IPv6] built on Sep  3 2016
        Tue Oct 11 13:18:43 2016 us=362833 library versions: OpenSSL 1.0.2j  26 Sep 2016, LZO 2.09
        
        etc ...
        
        
      • Client Configuration file:

        Use BCode oconf=CLIENT

        Code: Select all

        [oconf=CLIENT]
        ### Paste Your Client Config Below ###
        client
        remote x.x.x.x                 #  Please remove the public IP 
                                       #  of your server !
        verb 4                         #  Make sure to use --verb 4
        
        etc ...
        
        [/oconf]
        EXAMPLE:
        CLIENT
        ##############################################
        # Sample client-side OpenVPN 2.0 config file #
        # for connecting to multi-client server. #
        # #
        # This configuration can be used by multiple #
        # clients, however each client should have #
        # its own cert and key files. #
        # #
        # On Windows, you might want to rename this #
        # file so it has a .ovpn extension #
        ##############################################

        # Specify that we are a client and that we
        # will be pulling certain config file directives
        # from the server.
        client

        # Use the same setting as you are using on
        # the server.
        # On most systems, the VPN will not function
        # unless you partially or fully disable
        # the firewall for the TUN/TAP interface.
        ;dev tap
        dev tun

        # Windows needs the TAP-Windows adapter name
        # from the Network Connections panel
        # if you have more than one. On XP SP2,
        # you may need to disable the firewall
        # for the TAP adapter.
        ;dev-node MyTap

        # Are we connecting to a TCP or
        # UDP server? Use the same setting as
        # on the server.
        ;proto tcp
        proto udp

        # The hostname/IP and port of the server.
        # You can have multiple remote entries
        # to load balance between the servers.
        remote my-server-1 1194
        ;remote my-server-2 1194

        # Choose a random host from the remote
        # list for load-balancing. Otherwise
        # try hosts in the order specified.
        ;remote-random

        # Keep trying indefinitely to resolve the
        # host name of the OpenVPN server. Very useful
        # on machines which are not permanently connected
        # to the internet such as laptops.
        resolv-retry infinite

        # Most clients don't need to bind to
        # a specific local port number.
        nobind

        # Downgrade privileges after initialization (non-Windows only)
        ;user nobody
        ;group nobody

        # Try to preserve some state across restarts.
        persist-key
        persist-tun

        # If you are connecting through an
        # HTTP proxy to reach the actual OpenVPN
        # server, put the proxy server/IP and
        # port number here. See the man page
        # if your proxy server requires
        # authentication.
        ;http-proxy-retry # retry on connection failures
        ;http-proxy [proxy server] [proxy port #]

        # Wireless networks often produce a lot
        # of duplicate packets. Set this flag
        # to silence duplicate packet warnings.
        ;mute-replay-warnings

        # SSL/TLS parms.
        # See the server config file for more
        # description. It's best to use
        # a separate .crt/.key file pair
        # for each client. A single ca
        # file can be used for all clients.
        ca ca.crt
        cert client.crt
        key client.key

        # Verify server certificate by checking
        # that the certicate has the nsCertType
        # field set to "server". This is an
        # important precaution to protect against
        # a potential attack discussed here:
        # http://openvpn.net/howto.html#mitm
        #
        # To use this feature, you will need to generate
        # your server certificates with the nsCertType
        # field set to "server". The build-key-server
        # script in the easy-rsa folder will do this.
        ;ns-cert-type server

        # If a tls-auth key is used on the server
        # then every client must also have the key.
        ;tls-auth ta.key 1

        # Select a cryptographic cipher.
        # If the cipher option is used on the server
        # then you must also specify it here.
        ;cipher x

        # Enable compression on the VPN link.
        # Don't enable this unless it is also
        # enabled in the server config file.
        comp-lzo

        # Set log file verbosity.
        verb 3

        # Silence repeating messages
        ;mute 20

        • Press [ View Original ] above to see why ..
      • Client Log file:

        (verb 4)

        Code: Select all

        ### Paste Your Client Log Below ###
        Tue Oct 11 13:18:43 2016 us=361220 Current Parameter Settings:
        Tue Oct 11 13:18:43 2016 us=361265   config = '/etc/openvpn/client.conf'
        
        etc ...
        
        Tue Oct 11 13:18:43 2016 us=362818 OpenVPN 2.3_git [git:master/4db062901fba790a] x86_64-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH] [IPv6] built on Sep  3 2016
        Tue Oct 11 13:18:43 2016 us=362833 library versions: OpenSSL 1.0.2j  26 Sep 2016, LZO 2.09
        
        etc ...
        
        



        Please remove the public IP address of your server !
        Use your favourite text file editor to replace public IP with a fake IP before you submit



      For help connecting to an Online VPN Service

Remember: Take your time and post a well written request.

Thank you.

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 2993
Joined: Fri Jun 03, 2016 1:17 pm

Re: HOWTO: Request Help !

Post by TinCanTech » Thu Mar 23, 2017 1:26 pm

Here is an example of how to get help for openvpn community edition:

* Server *

Operating system:

Code: Select all

# uname -a
Linux my_pc 3.16.0-38-generic #52~14.04.1-Ubuntu SMP Fri May 8 09:43:57 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
Network setup:

Code: Select all

$ ifconfig
eth0      Link encap:Ethernet  HWaddr 00:30:1b:42:65:ac  
          inet addr:10.1.101.101  Bcast:10.1.101.255  Mask:255.255.255.0
          inet6 addr: fe80::230:1bff:fe42:65ac/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:69732 errors:0 dropped:0 overruns:0 frame:0
          TX packets:55761 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:42033514 (42.0 MB)  TX bytes:8046997 (8.0 MB)

eth1      Link encap:Ethernet  HWaddr 00:50:04:d0:50:0f  
          inet6 addr: fe80::250:4ff:fed0:500f/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:28 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 B)  TX bytes:5331 (5.3 KB)
          Interrupt:17 Base address:0xc000 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:284 errors:0 dropped:0 overruns:0 frame:0
          TX packets:284 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:33669 (33.6 KB)  TX bytes:33669 (33.6 KB)
server.conf
cd /etc/openvpn
dev tuns108
port 11948

server 10.8.0.0 255.255.255.0

server-ipv6 12fc:1918::10:8:0:0/112

keepalive 10 30
comp-lzo no
push "comp-lzo no"
push "explicit-exit-notify 3"

log defaults/108.log
verb 4

management 127.0.0.1 11948

client-config-dir defaults/ccd
ccd-exclusive

script-security 3
auth-user-pass-optional
auth-user-pass-verify defaults/userpass.sh via-env

tls-auth defaults/ta.key 0
ca defaults/ca.crt
cert defaults/defaults.crt
key defaults/defaults.key # This file should be kept secret
dh defaults/dh-4096b.pem
Server log (at --verb 4 and client IP address removed)

Code: Select all

Thu Mar 23 12:28:43 2017 us=789305 Current Parameter Settings:
Thu Mar 23 12:28:43 2017 us=789424   config = '/etc/openvpn/defs108.conf'
Thu Mar 23 12:28:43 2017 us=789445   mode = 1
Thu Mar 23 12:28:43 2017 us=789464   persist_config = DISABLED
Thu Mar 23 12:28:43 2017 us=789482   persist_mode = 1
Thu Mar 23 12:28:43 2017 us=789500   show_ciphers = DISABLED
Thu Mar 23 12:28:43 2017 us=789518   show_digests = DISABLED
Thu Mar 23 12:28:43 2017 us=789536   show_engines = DISABLED
Thu Mar 23 12:28:43 2017 us=789554   genkey = DISABLED
Thu Mar 23 12:28:43 2017 us=789572   key_pass_file = '[UNDEF]'
Thu Mar 23 12:28:43 2017 us=789590   show_tls_ciphers = DISABLED
Thu Mar 23 12:28:43 2017 us=789609   connect_retry_max = 0
Thu Mar 23 12:28:43 2017 us=789627 Connection profiles [0]:
Thu Mar 23 12:28:43 2017 us=789646   proto = udp
Thu Mar 23 12:28:43 2017 us=789664   local = '[UNDEF]'
Thu Mar 23 12:28:43 2017 us=789683   local_port = '11948'
Thu Mar 23 12:28:43 2017 us=789700   remote = '[UNDEF]'
Thu Mar 23 12:28:43 2017 us=789718   remote_port = '11948'
Thu Mar 23 12:28:43 2017 us=789736   remote_float = DISABLED
Thu Mar 23 12:28:43 2017 us=789753   bind_defined = DISABLED
Thu Mar 23 12:28:43 2017 us=789771   bind_local = ENABLED
Thu Mar 23 12:28:43 2017 us=789789   bind_ipv6_only = DISABLED
Thu Mar 23 12:28:43 2017 us=789806   connect_retry_seconds = 5
Thu Mar 23 12:28:43 2017 us=789824   connect_timeout = 120
Thu Mar 23 12:28:43 2017 us=789842   socks_proxy_server = '[UNDEF]'
Thu Mar 23 12:28:43 2017 us=789860   socks_proxy_port = '[UNDEF]'
Thu Mar 23 12:28:43 2017 us=789877   tun_mtu = 1500
Thu Mar 23 12:28:43 2017 us=789895   tun_mtu_defined = ENABLED
Thu Mar 23 12:28:43 2017 us=789913   link_mtu = 1500
Thu Mar 23 12:28:43 2017 us=789930   link_mtu_defined = DISABLED
Thu Mar 23 12:28:43 2017 us=789948   tun_mtu_extra = 0
Thu Mar 23 12:28:43 2017 us=789966   tun_mtu_extra_defined = DISABLED
Thu Mar 23 12:28:43 2017 us=789984   mtu_discover_type = -1
Thu Mar 23 12:28:43 2017 us=790001   fragment = 0
Thu Mar 23 12:28:43 2017 us=790019   mssfix = 1450
Thu Mar 23 12:28:43 2017 us=790037   explicit_exit_notification = 0
Thu Mar 23 12:28:43 2017 us=790055 Connection profiles END
Thu Mar 23 12:28:43 2017 us=790073   remote_random = DISABLED
Thu Mar 23 12:28:43 2017 us=790091   ipchange = '[UNDEF]'
Thu Mar 23 12:28:43 2017 us=790109   dev = 'tun108'
Thu Mar 23 12:28:43 2017 us=790127   dev_type = '[UNDEF]'
Thu Mar 23 12:28:43 2017 us=790144   dev_node = '[UNDEF]'
Thu Mar 23 12:28:43 2017 us=790163   lladdr = '[UNDEF]'
Thu Mar 23 12:28:43 2017 us=790181   topology = 1
Thu Mar 23 12:28:43 2017 us=790198   ifconfig_local = '10.8.0.1'
Thu Mar 23 12:28:43 2017 us=790217   ifconfig_remote_netmask = '10.8.0.2'
Thu Mar 23 12:28:43 2017 us=790235   ifconfig_noexec = DISABLED
Thu Mar 23 12:28:43 2017 us=790252   ifconfig_nowarn = DISABLED
Thu Mar 23 12:28:43 2017 us=790270   ifconfig_ipv6_local = '12fc:1918::10:8:0:1'
Thu Mar 23 12:28:43 2017 us=790312   ifconfig_ipv6_netbits = 112
Thu Mar 23 12:28:43 2017 us=790348   ifconfig_ipv6_remote = '12fc:1918::10:8:0:2'
Thu Mar 23 12:28:43 2017 us=790367   shaper = 0
Thu Mar 23 12:28:43 2017 us=790385   mtu_test = 0
Thu Mar 23 12:28:43 2017 us=790403   mlock = DISABLED
Thu Mar 23 12:28:43 2017 us=790421   keepalive_ping = 10
Thu Mar 23 12:28:43 2017 us=790439   keepalive_timeout = 30
Thu Mar 23 12:28:43 2017 us=790457   inactivity_timeout = 0
Thu Mar 23 12:28:43 2017 us=790475   ping_send_timeout = 10
Thu Mar 23 12:28:43 2017 us=790493   ping_rec_timeout = 60
Thu Mar 23 12:28:43 2017 us=790511   ping_rec_timeout_action = 2
Thu Mar 23 12:28:43 2017 us=790529   ping_timer_remote = DISABLED
Thu Mar 23 12:28:43 2017 us=790547   remap_sigusr1 = 0
Thu Mar 23 12:28:43 2017 us=790565   persist_tun = DISABLED
Thu Mar 23 12:28:43 2017 us=790583   persist_local_ip = DISABLED
Thu Mar 23 12:28:43 2017 us=790601   persist_remote_ip = DISABLED
Thu Mar 23 12:28:43 2017 us=790619   persist_key = DISABLED
Thu Mar 23 12:28:43 2017 us=790636   passtos = DISABLED
Thu Mar 23 12:28:43 2017 us=790655   resolve_retry_seconds = 1000000000
Thu Mar 23 12:28:43 2017 us=790685   resolve_in_advance = DISABLED
Thu Mar 23 12:28:43 2017 us=790703   username = '[UNDEF]'
Thu Mar 23 12:28:43 2017 us=790721   groupname = '[UNDEF]'
Thu Mar 23 12:28:43 2017 us=790739   chroot_dir = '[UNDEF]'
Thu Mar 23 12:28:43 2017 us=790757   cd_dir = '/etc/openvpn'
Thu Mar 23 12:28:43 2017 us=790775   writepid = '/run/openvpn/defs108.pid'
Thu Mar 23 12:28:43 2017 us=790793   up_script = '[UNDEF]'
Thu Mar 23 12:28:43 2017 us=790811   down_script = '[UNDEF]'
Thu Mar 23 12:28:43 2017 us=790829   down_pre = DISABLED
Thu Mar 23 12:28:43 2017 us=790846   up_restart = DISABLED
Thu Mar 23 12:28:43 2017 us=790864   up_delay = DISABLED
Thu Mar 23 12:28:43 2017 us=790882   daemon = ENABLED
Thu Mar 23 12:28:43 2017 us=790900   inetd = 0
Thu Mar 23 12:28:43 2017 us=790917   log = ENABLED
Thu Mar 23 12:28:43 2017 us=790935   suppress_timestamps = DISABLED
Thu Mar 23 12:28:43 2017 us=790953   machine_readable_output = DISABLED
Thu Mar 23 12:28:43 2017 us=790972   nice = 0
Thu Mar 23 12:28:43 2017 us=790990   verbosity = 4
Thu Mar 23 12:28:43 2017 us=791007   mute = 0
Thu Mar 23 12:28:43 2017 us=791025   gremlin = 0
Thu Mar 23 12:28:43 2017 us=791043   status_file = '/run/openvpn/defs108.status'
Thu Mar 23 12:28:43 2017 us=791062   status_file_version = 1
Thu Mar 23 12:28:43 2017 us=791079   status_file_update_freq = 10
Thu Mar 23 12:28:43 2017 us=791097   occ = ENABLED
Thu Mar 23 12:28:43 2017 us=791115   rcvbuf = 0
Thu Mar 23 12:28:43 2017 us=791133   sndbuf = 0
Thu Mar 23 12:28:43 2017 us=791151   mark = 0
Thu Mar 23 12:28:43 2017 us=791169   sockflags = 0
Thu Mar 23 12:28:43 2017 us=791187   fast_io = DISABLED
Thu Mar 23 12:28:43 2017 us=791205   comp.alg = 1
Thu Mar 23 12:28:43 2017 us=791223   comp.flags = 0
Thu Mar 23 12:28:43 2017 us=791241   route_script = '[UNDEF]'
Thu Mar 23 12:28:43 2017 us=791260   route_default_gateway = '[UNDEF]'
Thu Mar 23 12:28:43 2017 us=791278   route_default_metric = 0
Thu Mar 23 12:28:43 2017 us=791296   route_noexec = DISABLED
Thu Mar 23 12:28:43 2017 us=791314   route_delay = 0
Thu Mar 23 12:28:43 2017 us=791332   route_delay_window = 30
Thu Mar 23 12:28:43 2017 us=791350   route_delay_defined = DISABLED
Thu Mar 23 12:28:43 2017 us=791368   route_nopull = DISABLED
Thu Mar 23 12:28:43 2017 us=791386   route_gateway_via_dhcp = DISABLED
Thu Mar 23 12:28:43 2017 us=791404   allow_pull_fqdn = DISABLED
Thu Mar 23 12:28:43 2017 us=791423   route 10.8.0.0/255.255.255.0/default (not set)/default (not set)
Thu Mar 23 12:28:43 2017 us=791442   management_addr = '127.0.0.1'
Thu Mar 23 12:28:43 2017 us=791460   management_port = '11948'
Thu Mar 23 12:28:43 2017 us=791479   management_user_pass = '[UNDEF]'
Thu Mar 23 12:28:43 2017 us=791497   management_log_history_cache = 250
Thu Mar 23 12:28:43 2017 us=791516   management_echo_buffer_size = 100
Thu Mar 23 12:28:43 2017 us=791534   management_write_peer_info_file = '[UNDEF]'
Thu Mar 23 12:28:43 2017 us=791553   management_client_user = '[UNDEF]'
Thu Mar 23 12:28:43 2017 us=791571   management_client_group = '[UNDEF]'
Thu Mar 23 12:28:43 2017 us=791589   management_flags = 0
Thu Mar 23 12:28:43 2017 us=791607   shared_secret_file = '[UNDEF]'
Thu Mar 23 12:28:43 2017 us=791625   key_direction = 1
Thu Mar 23 12:28:43 2017 us=791643   ciphername = 'BF-CBC'
Thu Mar 23 12:28:43 2017 us=791661   ncp_enabled = ENABLED
Thu Mar 23 12:28:43 2017 us=791679   ncp_ciphers = 'AES-256-GCM:AES-128-GCM'
Thu Mar 23 12:28:43 2017 us=791698   authname = 'SHA1'
Thu Mar 23 12:28:43 2017 us=791716   prng_hash = 'SHA1'
Thu Mar 23 12:28:43 2017 us=791735   prng_nonce_secret_len = 16
Thu Mar 23 12:28:43 2017 us=791753   keysize = 0
Thu Mar 23 12:28:43 2017 us=791771   engine = DISABLED
Thu Mar 23 12:28:43 2017 us=791789   replay = ENABLED
Thu Mar 23 12:28:43 2017 us=791807   mute_replay_warnings = DISABLED
Thu Mar 23 12:28:43 2017 us=791825   replay_window = 64
Thu Mar 23 12:28:43 2017 us=791844   replay_time = 15
Thu Mar 23 12:28:43 2017 us=791862   packet_id_file = '[UNDEF]'
Thu Mar 23 12:28:43 2017 us=791880   test_crypto = DISABLED
Thu Mar 23 12:28:43 2017 us=791913   tls_server = ENABLED
Thu Mar 23 12:28:43 2017 us=791931   tls_client = DISABLED
Thu Mar 23 12:28:43 2017 us=791949   key_method = 2
Thu Mar 23 12:28:43 2017 us=791967   ca_file = 'defaults/ca.crt'
Thu Mar 23 12:28:43 2017 us=791985   ca_path = '[UNDEF]'
Thu Mar 23 12:28:43 2017 us=792003   dh_file = 'defaults/dh-4096b.pem'
Thu Mar 23 12:28:43 2017 us=792022   cert_file = 'defaults/defaults.crt'
Thu Mar 23 12:28:43 2017 us=792040   extra_certs_file = '[UNDEF]'
Thu Mar 23 12:28:43 2017 us=792059   priv_key_file = 'defaults/defaults.key'
Thu Mar 23 12:28:43 2017 us=792077   pkcs12_file = '[UNDEF]'
Thu Mar 23 12:28:43 2017 us=792095   cipher_list = '[UNDEF]'
Thu Mar 23 12:28:43 2017 us=792113   tls_verify = '[UNDEF]'
Thu Mar 23 12:28:43 2017 us=792131   tls_export_cert = '[UNDEF]'
Thu Mar 23 12:28:43 2017 us=792149   verify_x509_type = 0
Thu Mar 23 12:28:43 2017 us=792167   verify_x509_name = '[UNDEF]'
Thu Mar 23 12:28:43 2017 us=792185   crl_file = '[UNDEF]'
Thu Mar 23 12:28:43 2017 us=792203   ns_cert_type = 0
Thu Mar 23 12:28:43 2017 us=792221   remote_cert_ku[i] = 0
Thu Mar 23 12:28:43 2017 us=792239   remote_cert_ku[i] = 0
Thu Mar 23 12:28:43 2017 us=792257   remote_cert_ku[i] = 0
Thu Mar 23 12:28:43 2017 us=792275   remote_cert_ku[i] = 0
Thu Mar 23 12:28:43 2017 us=792293   remote_cert_ku[i] = 0
Thu Mar 23 12:28:43 2017 us=792311   remote_cert_ku[i] = 0
Thu Mar 23 12:28:43 2017 us=792329   remote_cert_ku[i] = 0
Thu Mar 23 12:28:43 2017 us=792347   remote_cert_ku[i] = 0
Thu Mar 23 12:28:43 2017 us=792365   remote_cert_ku[i] = 0
Thu Mar 23 12:28:43 2017 us=792383   remote_cert_ku[i] = 0
Thu Mar 23 12:28:43 2017 us=792402   remote_cert_ku[i] = 0
Thu Mar 23 12:28:43 2017 us=792420   remote_cert_ku[i] = 0
Thu Mar 23 12:28:43 2017 us=792438   remote_cert_ku[i] = 0
Thu Mar 23 12:28:43 2017 us=792456   remote_cert_ku[i] = 0
Thu Mar 23 12:28:43 2017 us=792474   remote_cert_ku[i] = 0
Thu Mar 23 12:28:43 2017 us=792492   remote_cert_ku[i] = 0
Thu Mar 23 12:28:43 2017 us=792510   remote_cert_eku = '[UNDEF]'
Thu Mar 23 12:28:43 2017 us=792528   ssl_flags = 8
Thu Mar 23 12:28:43 2017 us=792546   tls_timeout = 2
Thu Mar 23 12:28:43 2017 us=792564   renegotiate_bytes = -1
Thu Mar 23 12:28:43 2017 us=792582   renegotiate_packets = 0
Thu Mar 23 12:28:43 2017 us=792600   renegotiate_seconds = 3600
Thu Mar 23 12:28:43 2017 us=792618   handshake_window = 60
Thu Mar 23 12:28:43 2017 us=792636   transition_window = 3600
Thu Mar 23 12:28:43 2017 us=792653   single_session = DISABLED
Thu Mar 23 12:28:43 2017 us=792688   push_peer_info = DISABLED
Thu Mar 23 12:28:43 2017 us=792711   tls_exit = DISABLED
Thu Mar 23 12:28:43 2017 us=792735   tls_auth_file = 'defaults/ta.key'
Thu Mar 23 12:28:43 2017 us=792758   tls_crypt_file = '[UNDEF]'
Thu Mar 23 12:28:43 2017 us=792785   server_network = 10.8.0.0
Thu Mar 23 12:28:43 2017 us=792811   server_netmask = 255.255.255.0
Thu Mar 23 12:28:43 2017 us=792839   server_network_ipv6 = 12fc:1918::10:8:0:0
Thu Mar 23 12:28:43 2017 us=792862   server_netbits_ipv6 = 112
Thu Mar 23 12:28:43 2017 us=792889   server_bridge_ip = 0.0.0.0
Thu Mar 23 12:28:43 2017 us=792915   server_bridge_netmask = 0.0.0.0
Thu Mar 23 12:28:43 2017 us=792941   server_bridge_pool_start = 0.0.0.0
Thu Mar 23 12:28:43 2017 us=792966   server_bridge_pool_end = 0.0.0.0
Thu Mar 23 12:28:43 2017 us=792990   push_entry = 'comp-lzo no'
Thu Mar 23 12:28:43 2017 us=793013   push_entry = 'explicit-exit-notify 3'
Thu Mar 23 12:28:43 2017 us=793036   push_entry = 'tun-ipv6'
Thu Mar 23 12:28:43 2017 us=793060   push_entry = 'route 10.8.0.1'
Thu Mar 23 12:28:43 2017 us=793083   push_entry = 'topology net30'
Thu Mar 23 12:28:43 2017 us=793106   push_entry = 'ping 10'
Thu Mar 23 12:28:43 2017 us=793129   push_entry = 'ping-restart 30'
Thu Mar 23 12:28:43 2017 us=793152   ifconfig_pool_defined = ENABLED
Thu Mar 23 12:28:43 2017 us=793177   ifconfig_pool_start = 10.8.0.4
Thu Mar 23 12:28:43 2017 us=793203   ifconfig_pool_end = 10.8.0.251
Thu Mar 23 12:28:43 2017 us=793229   ifconfig_pool_netmask = 0.0.0.0
Thu Mar 23 12:28:43 2017 us=793252   ifconfig_pool_persist_filename = '[UNDEF]'
Thu Mar 23 12:28:43 2017 us=793287   ifconfig_pool_persist_refresh_freq = 600
Thu Mar 23 12:28:43 2017 us=793310   ifconfig_ipv6_pool_defined = ENABLED
Thu Mar 23 12:28:43 2017 us=793337   ifconfig_ipv6_pool_base = 12fc:1918::10:8:0:1000
Thu Mar 23 12:28:43 2017 us=793360   ifconfig_ipv6_pool_netbits = 112
Thu Mar 23 12:28:43 2017 us=793383   n_bcast_buf = 256
Thu Mar 23 12:28:43 2017 us=793406   tcp_queue_limit = 64
Thu Mar 23 12:28:43 2017 us=793429   real_hash_size = 256
Thu Mar 23 12:28:43 2017 us=793453   virtual_hash_size = 256
Thu Mar 23 12:28:43 2017 us=793476   client_connect_script = '[UNDEF]'
Thu Mar 23 12:28:43 2017 us=793499   learn_address_script = '[UNDEF]'
Thu Mar 23 12:28:43 2017 us=793521   client_disconnect_script = '[UNDEF]'
Thu Mar 23 12:28:43 2017 us=793543   client_config_dir = 'defaults/ccd'
Thu Mar 23 12:28:43 2017 us=793566   ccd_exclusive = ENABLED
Thu Mar 23 12:28:43 2017 us=793588   tmp_dir = '/tmp'
Thu Mar 23 12:28:43 2017 us=793612   push_ifconfig_defined = DISABLED
Thu Mar 23 12:28:43 2017 us=793641   push_ifconfig_local = 0.0.0.0
Thu Mar 23 12:28:43 2017 us=793663   push_ifconfig_remote_netmask = 0.0.0.0
Thu Mar 23 12:28:43 2017 us=793682   push_ifconfig_ipv6_defined = DISABLED
Thu Mar 23 12:28:43 2017 us=793702   push_ifconfig_ipv6_local = ::/0
Thu Mar 23 12:28:43 2017 us=793720   push_ifconfig_ipv6_remote = ::
Thu Mar 23 12:28:43 2017 us=793738   enable_c2c = DISABLED
Thu Mar 23 12:28:43 2017 us=793756   duplicate_cn = DISABLED
Thu Mar 23 12:28:43 2017 us=793773   cf_max = 0
Thu Mar 23 12:28:43 2017 us=793791   cf_per = 0
Thu Mar 23 12:28:43 2017 us=793808   max_clients = 1024
Thu Mar 23 12:28:43 2017 us=793826   max_routes_per_client = 256
Thu Mar 23 12:28:43 2017 us=793844   auth_user_pass_verify_script = 'defaults/userpass.sh'
Thu Mar 23 12:28:43 2017 us=793862   auth_user_pass_verify_script_via_file = DISABLED
Thu Mar 23 12:28:43 2017 us=793880   auth_token_generate = DISABLED
Thu Mar 23 12:28:43 2017 us=793897   auth_token_lifetime = 0
Thu Mar 23 12:28:43 2017 us=793915   port_share_host = '[UNDEF]'
Thu Mar 23 12:28:43 2017 us=793933   port_share_port = '[UNDEF]'
Thu Mar 23 12:28:43 2017 us=793950   client = DISABLED
Thu Mar 23 12:28:43 2017 us=793968   pull = DISABLED
Thu Mar 23 12:28:43 2017 us=793985   auth_user_pass_file = '[UNDEF]'
Thu Mar 23 12:28:43 2017 us=794006 OpenVPN 2.5_git [git:master/07372a0fdeb36382] x86_64-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Feb 23 2017
Thu Mar 23 12:28:43 2017 us=794045 library versions: OpenSSL 1.0.1f 6 Jan 2014, LZO 2.06
Thu Mar 23 12:28:43 2017 us=795012 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:11948
Thu Mar 23 12:28:43 2017 us=795448 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Thu Mar 23 12:28:43 2017 us=980428 Diffie-Hellman initialized with 4096 bit key
Thu Mar 23 12:28:44 2017 us=64136 Failed to extract curve from certificate (UNDEF), using secp384r1 instead.
Thu Mar 23 12:28:44 2017 us=64204 ECDH curve secp384r1 added
Thu Mar 23 12:28:44 2017 us=71160 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Mar 23 12:28:44 2017 us=71201 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Mar 23 12:28:44 2017 us=71244 TLS-Auth MTU parms [ L:1622 D:1184 EF:66 EB:0 ET:0 EL:3 ]
Thu Mar 23 12:28:44 2017 us=71793 ROUTE_GATEWAY 10.1.101.1/255.255.255.0 IFACE=eth0 HWADDR=00:30:1b:42:65:ac
Thu Mar 23 12:28:44 2017 us=72370 TUN/TAP device tun108 opened
Thu Mar 23 12:28:44 2017 us=72418 TUN/TAP TX queue length set to 100
Thu Mar 23 12:28:44 2017 us=72464 do_ifconfig, tt->did_ifconfig_ipv6_setup=1
Thu Mar 23 12:28:44 2017 us=72519 /sbin/ifconfig tun108 10.8.0.1 pointopoint 10.8.0.2 mtu 1500
Thu Mar 23 12:28:44 2017 us=79910 /sbin/ifconfig tun108 add 12fc:1918::10:8:0:1/112
Thu Mar 23 12:28:44 2017 us=84341 /sbin/route add -net 10.8.0.0 netmask 255.255.255.0 gw 10.8.0.2
Thu Mar 23 12:28:44 2017 us=86501 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 ]
Thu Mar 23 12:28:44 2017 us=86588 Could not determine IPv4/IPv6 protocol. Using AF_INET
Thu Mar 23 12:28:44 2017 us=86644 Socket Buffers: R=[212992->212992] S=[212992->212992]
Thu Mar 23 12:28:44 2017 us=86686 UDPv4 link local (bound): [AF_INET][undef]:11948
Thu Mar 23 12:28:44 2017 us=86710 UDPv4 link remote: [AF_UNSPEC]
Thu Mar 23 12:28:44 2017 us=86741 MULTI: multi_init called, r=256 v=256
Thu Mar 23 12:28:44 2017 us=86813 IFCONFIG POOL IPv6: (IPv4) size=62, size_ipv6=65536, netbits=112, base_ipv6=12fc:1918::10:8:0:1000
Thu Mar 23 12:28:44 2017 us=86846 IFCONFIG POOL: base=10.8.0.4 size=62, ipv6=1
Thu Mar 23 12:28:44 2017 us=86914 Initialization Sequence Completed
Thu Mar 23 13:35:37 2017 us=228773 Authenticate/Decrypt packet error: packet HMAC authentication failed
Thu Mar 23 13:35:37 2017 us=228906 TLS Error: incoming packet authentication failed from [AF_INET]Client_ip_address:3581
Thu Mar 23 13:35:57 2017 us=400041 Authenticate/Decrypt packet error: packet HMAC authentication failed
Thu Mar 23 13:35:57 2017 us=400175 TLS Error: incoming packet authentication failed from [AF_INET]Client_ip_address:3581
Thu Mar 23 13:36:31 2017 us=938488 Authenticate/Decrypt packet error: packet HMAC authentication failed
Thu Mar 23 13:36:31 2017 us=938659 TLS Error: incoming packet authentication failed from [AF_INET]Client_ip_address:2405
Thu Mar 23 13:36:41 2017 us=698118 Authenticate/Decrypt packet error: packet HMAC authentication failed
Thu Mar 23 13:36:41 2017 us=698279 TLS Error: incoming packet authentication failed from [AF_INET]Client_ip_address:2405
This is the error:

Code: Select all

Thu Mar 23 13:35:37 2017 us=228773 Authenticate/Decrypt packet error: packet HMAC authentication failed
Thu Mar 23 13:35:37 2017 us=228906 TLS Error: incoming packet authentication failed from [AF_INET]Client_ip_address:3581

* Client *

Operating system:

Code: Select all

C:\> ver
Microsoft Windows [Version 10 .0.14393]
Network setup:

Code: Select all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : w10p-dell-1
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : Yes
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter tunc0:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : TAP-Windows Adapter V9
   Physical Address. . . . . . . . . : 00-FF-14-ED-62-1A
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Network Bridge:

   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Network Adapter Multiplexor Driver
   Physical Address. . . . . . . . . : 00-FF-01-08-CD-B3
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 10.10.101.111(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 10.10.101.1
   DNS Servers . . . . . . . . . . . : 10.10.101.1
   NetBIOS over Tcpip. . . . . . . . : Disabled
client.ovpn
mtu-test


ping-timer-rem


management 127.0.0.1 56007

dev-node tunc0
dev-type tun
proto udp
nobind
resolv-retry infinite
client

ca ca.crt
cert w10p.crt
key w10p.key


tls-auth ta-default.key 1

tls-timeout 10
tls-version-min 1.2

cipher AES-256-CBC

auth RSA-SHA512
comp-lzo no

remote-cert-tls server

reneg-sec 0

verb 4

script-security 2

remote [my server name] [my server port] udp
Client log (at --verb 4 and server name and IP address removed)

Code: Select all

Thu Mar 23 13:29:53 2017 us=278952 Current Parameter Settings:
Thu Mar 23 13:29:53 2017 us=278952   config = 'w10client.ovpn'
Thu Mar 23 13:29:53 2017 us=278952   mode = 0
Thu Mar 23 13:29:53 2017 us=278952   show_ciphers = DISABLED
Thu Mar 23 13:29:53 2017 us=278952   show_digests = DISABLED
Thu Mar 23 13:29:53 2017 us=278952   show_engines = DISABLED
Thu Mar 23 13:29:53 2017 us=278952   genkey = DISABLED
Thu Mar 23 13:29:53 2017 us=278952   key_pass_file = '[UNDEF]'
Thu Mar 23 13:29:53 2017 us=278952   show_tls_ciphers = DISABLED
Thu Mar 23 13:29:53 2017 us=278952   connect_retry_max = 0
Thu Mar 23 13:29:53 2017 us=278952 Connection profiles [0]:
Thu Mar 23 13:29:53 2017 us=278952   proto = udp
Thu Mar 23 13:29:53 2017 us=278952   local = '[UNDEF]'
Thu Mar 23 13:29:53 2017 us=278952   local_port = '[UNDEF]'
Thu Mar 23 13:29:53 2017 us=278952   remote = '[ my server name ]'
Thu Mar 23 13:29:53 2017 us=278952   remote_port = 'PORTNO'
Thu Mar 23 13:29:53 2017 us=278952   remote_float = DISABLED
Thu Mar 23 13:29:53 2017 us=278952   bind_defined = DISABLED
Thu Mar 23 13:29:53 2017 us=278952   bind_local = DISABLED
Thu Mar 23 13:29:53 2017 us=278952   bind_ipv6_only = DISABLED
Thu Mar 23 13:29:53 2017 us=278952   connect_retry_seconds = 5
Thu Mar 23 13:29:53 2017 us=278952   connect_timeout = 120
Thu Mar 23 13:29:53 2017 us=278952   socks_proxy_server = '[UNDEF]'
Thu Mar 23 13:29:53 2017 us=278952   socks_proxy_port = '[UNDEF]'
Thu Mar 23 13:29:53 2017 us=278952   tun_mtu = 1500
Thu Mar 23 13:29:53 2017 us=278952   tun_mtu_defined = ENABLED
Thu Mar 23 13:29:53 2017 us=278952   link_mtu = 1500
Thu Mar 23 13:29:53 2017 us=278952   link_mtu_defined = DISABLED
Thu Mar 23 13:29:53 2017 us=278952   tun_mtu_extra = 0
Thu Mar 23 13:29:53 2017 us=278952   tun_mtu_extra_defined = DISABLED
Thu Mar 23 13:29:53 2017 us=278952   mtu_discover_type = -1
Thu Mar 23 13:29:53 2017 us=278952   fragment = 0
Thu Mar 23 13:29:53 2017 us=278952   mssfix = 1450
Thu Mar 23 13:29:53 2017 us=278952   explicit_exit_notification = 0
Thu Mar 23 13:29:53 2017 us=278952 Connection profiles END
Thu Mar 23 13:29:53 2017 us=278952   remote_random = DISABLED
Thu Mar 23 13:29:53 2017 us=278952   ipchange = '[UNDEF]'
Thu Mar 23 13:29:53 2017 us=278952   dev = 'tunc0'
Thu Mar 23 13:29:53 2017 us=278952   dev_type = 'tun'
Thu Mar 23 13:29:53 2017 us=278952   dev_node = 'tunc0'
Thu Mar 23 13:29:53 2017 us=278952   lladdr = '[UNDEF]'
Thu Mar 23 13:29:53 2017 us=278952   topology = 1
Thu Mar 23 13:29:53 2017 us=278952   ifconfig_local = '[UNDEF]'
Thu Mar 23 13:29:53 2017 us=278952   ifconfig_remote_netmask = '[UNDEF]'
Thu Mar 23 13:29:53 2017 us=278952   ifconfig_noexec = DISABLED
Thu Mar 23 13:29:53 2017 us=278952   ifconfig_nowarn = DISABLED
Thu Mar 23 13:29:53 2017 us=278952   ifconfig_ipv6_local = '[UNDEF]'
Thu Mar 23 13:29:53 2017 us=278952   ifconfig_ipv6_netbits = 0
Thu Mar 23 13:29:53 2017 us=278952   ifconfig_ipv6_remote = '[UNDEF]'
Thu Mar 23 13:29:53 2017 us=278952   shaper = 0
Thu Mar 23 13:29:53 2017 us=278952   mtu_test = 1
Thu Mar 23 13:29:53 2017 us=278952   mlock = DISABLED
Thu Mar 23 13:29:53 2017 us=278952   keepalive_ping = 0
Thu Mar 23 13:29:53 2017 us=278952   keepalive_timeout = 0
Thu Mar 23 13:29:53 2017 us=278952   inactivity_timeout = 0
Thu Mar 23 13:29:53 2017 us=278952   ping_send_timeout = 0
Thu Mar 23 13:29:53 2017 us=278952   ping_rec_timeout = 0
Thu Mar 23 13:29:53 2017 us=278952   ping_rec_timeout_action = 0
Thu Mar 23 13:29:53 2017 us=278952   ping_timer_remote = ENABLED
Thu Mar 23 13:29:53 2017 us=278952   remap_sigusr1 = 0
Thu Mar 23 13:29:53 2017 us=278952   persist_tun = DISABLED
Thu Mar 23 13:29:53 2017 us=278952   persist_local_ip = DISABLED
Thu Mar 23 13:29:53 2017 us=278952   persist_remote_ip = DISABLED
Thu Mar 23 13:29:53 2017 us=278952   persist_key = DISABLED
Thu Mar 23 13:29:53 2017 us=278952   passtos = DISABLED
Thu Mar 23 13:29:53 2017 us=278952   resolve_retry_seconds = 1000000000
Thu Mar 23 13:29:53 2017 us=278952   resolve_in_advance = DISABLED
Thu Mar 23 13:29:53 2017 us=278952   username = '[UNDEF]'
Thu Mar 23 13:29:53 2017 us=278952   groupname = '[UNDEF]'
Thu Mar 23 13:29:53 2017 us=278952   chroot_dir = '[UNDEF]'
Thu Mar 23 13:29:53 2017 us=278952   cd_dir = '[UNDEF]'
Thu Mar 23 13:29:53 2017 us=278952   writepid = '[UNDEF]'
Thu Mar 23 13:29:53 2017 us=278952   up_script = '[UNDEF]'
Thu Mar 23 13:29:53 2017 us=278952   down_script = '[UNDEF]'
Thu Mar 23 13:29:53 2017 us=278952   down_pre = DISABLED
Thu Mar 23 13:29:53 2017 us=278952   up_restart = DISABLED
Thu Mar 23 13:29:53 2017 us=278952   up_delay = DISABLED
Thu Mar 23 13:29:53 2017 us=278952   daemon = DISABLED
Thu Mar 23 13:29:53 2017 us=278952   inetd = 0
Thu Mar 23 13:29:53 2017 us=278952   log = ENABLED
Thu Mar 23 13:29:53 2017 us=278952   suppress_timestamps = DISABLED
Thu Mar 23 13:29:53 2017 us=278952   machine_readable_output = DISABLED
Thu Mar 23 13:29:53 2017 us=278952   nice = 0
Thu Mar 23 13:29:53 2017 us=278952   verbosity = 4
Thu Mar 23 13:29:53 2017 us=278952   mute = 0
Thu Mar 23 13:29:53 2017 us=278952   gremlin = 0
Thu Mar 23 13:29:53 2017 us=278952   status_file = '[UNDEF]'
Thu Mar 23 13:29:53 2017 us=278952   status_file_version = 1
Thu Mar 23 13:29:53 2017 us=278952   status_file_update_freq = 60
Thu Mar 23 13:29:53 2017 us=278952   occ = ENABLED
Thu Mar 23 13:29:53 2017 us=278952   rcvbuf = 0
Thu Mar 23 13:29:53 2017 us=278952   sndbuf = 0
Thu Mar 23 13:29:53 2017 us=278952   sockflags = 0
Thu Mar 23 13:29:53 2017 us=278952   fast_io = DISABLED
Thu Mar 23 13:29:53 2017 us=278952   comp.alg = 1
Thu Mar 23 13:29:53 2017 us=278952   comp.flags = 0
Thu Mar 23 13:29:53 2017 us=278952   route_script = '[UNDEF]'
Thu Mar 23 13:29:53 2017 us=278952   route_default_gateway = '[UNDEF]'
Thu Mar 23 13:29:53 2017 us=278952   route_default_metric = 0
Thu Mar 23 13:29:53 2017 us=278952   route_noexec = DISABLED
Thu Mar 23 13:29:53 2017 us=278952   route_delay = 5
Thu Mar 23 13:29:53 2017 us=278952   route_delay_window = 30
Thu Mar 23 13:29:53 2017 us=278952   route_delay_defined = ENABLED
Thu Mar 23 13:29:53 2017 us=278952   route_nopull = DISABLED
Thu Mar 23 13:29:53 2017 us=278952   route_gateway_via_dhcp = DISABLED
Thu Mar 23 13:29:53 2017 us=278952   allow_pull_fqdn = DISABLED
Thu Mar 23 13:29:53 2017 us=278952   management_addr = '127.0.0.1'
Thu Mar 23 13:29:53 2017 us=278952   management_port = '25347'
Thu Mar 23 13:29:53 2017 us=278952   management_user_pass = 'stdin'
Thu Mar 23 13:29:53 2017 us=278952   management_log_history_cache = 250
Thu Mar 23 13:29:53 2017 us=278952   management_echo_buffer_size = 100
Thu Mar 23 13:29:53 2017 us=278952   management_write_peer_info_file = '[UNDEF]'
Thu Mar 23 13:29:53 2017 us=278952   management_client_user = '[UNDEF]'
Thu Mar 23 13:29:53 2017 us=278952   management_client_group = '[UNDEF]'
Thu Mar 23 13:29:53 2017 us=278952   management_flags = 6
Thu Mar 23 13:29:53 2017 us=278952   shared_secret_file = '[UNDEF]'
Thu Mar 23 13:29:53 2017 us=278952   key_direction = 2
Thu Mar 23 13:29:53 2017 us=278952   ciphername = 'AES-256-CBC'
Thu Mar 23 13:29:53 2017 us=278952   ncp_enabled = ENABLED
Thu Mar 23 13:29:53 2017 us=278952   ncp_ciphers = 'AES-256-GCM:AES-128-GCM'
Thu Mar 23 13:29:53 2017 us=278952   authname = 'RSA-SHA512'
Thu Mar 23 13:29:53 2017 us=278952   prng_hash = 'SHA1'
Thu Mar 23 13:29:53 2017 us=278952   prng_nonce_secret_len = 16
Thu Mar 23 13:29:53 2017 us=278952   keysize = 0
Thu Mar 23 13:29:53 2017 us=278952   engine = DISABLED
Thu Mar 23 13:29:53 2017 us=278952   replay = ENABLED
Thu Mar 23 13:29:53 2017 us=278952   mute_replay_warnings = DISABLED
Thu Mar 23 13:29:53 2017 us=278952   replay_window = 64
Thu Mar 23 13:29:53 2017 us=278952   replay_time = 15
Thu Mar 23 13:29:53 2017 us=278952   packet_id_file = '[UNDEF]'
Thu Mar 23 13:29:53 2017 us=278952   use_iv = ENABLED
Thu Mar 23 13:29:53 2017 us=278952   test_crypto = DISABLED
Thu Mar 23 13:29:53 2017 us=278952   tls_server = DISABLED
Thu Mar 23 13:29:53 2017 us=278952   tls_client = ENABLED
Thu Mar 23 13:29:53 2017 us=278952   key_method = 2
Thu Mar 23 13:29:53 2017 us=278952   ca_file = 'ca.crt'
Thu Mar 23 13:29:53 2017 us=278952   ca_path = '[UNDEF]'
Thu Mar 23 13:29:53 2017 us=278952   dh_file = '[UNDEF]'
Thu Mar 23 13:29:53 2017 us=278952   cert_file = 'w10p.crt'
Thu Mar 23 13:29:53 2017 us=278952   extra_certs_file = '[UNDEF]'
Thu Mar 23 13:29:53 2017 us=278952   priv_key_file = 'w10p.key'
Thu Mar 23 13:29:53 2017 us=278952   pkcs12_file = '[UNDEF]'
Thu Mar 23 13:29:53 2017 us=278952   cryptoapi_cert = '[UNDEF]'
Thu Mar 23 13:29:53 2017 us=278952   cipher_list = '[UNDEF]'
Thu Mar 23 13:29:53 2017 us=278952   tls_verify = '[UNDEF]'
Thu Mar 23 13:29:53 2017 us=278952   tls_export_cert = '[UNDEF]'
Thu Mar 23 13:29:53 2017 us=278952   verify_x509_type = 0
Thu Mar 23 13:29:53 2017 us=278952   verify_x509_name = '[UNDEF]'
Thu Mar 23 13:29:53 2017 us=278952   crl_file = '[UNDEF]'
Thu Mar 23 13:29:53 2017 us=278952   ns_cert_type = 0
Thu Mar 23 13:29:53 2017 us=278952   remote_cert_ku[i] = 160
Thu Mar 23 13:29:53 2017 us=278952   remote_cert_ku[i] = 136
Thu Mar 23 13:29:53 2017 us=278952   remote_cert_ku[i] = 0
Thu Mar 23 13:29:53 2017 us=278952   remote_cert_ku[i] = 0
Thu Mar 23 13:29:53 2017 us=278952   remote_cert_ku[i] = 0
Thu Mar 23 13:29:53 2017 us=278952   remote_cert_ku[i] = 0
Thu Mar 23 13:29:53 2017 us=278952   remote_cert_ku[i] = 0
Thu Mar 23 13:29:53 2017 us=278952   remote_cert_ku[i] = 0
Thu Mar 23 13:29:53 2017 us=278952   remote_cert_ku[i] = 0
Thu Mar 23 13:29:53 2017 us=278952   remote_cert_ku[i] = 0
Thu Mar 23 13:29:53 2017 us=278952   remote_cert_ku[i] = 0
Thu Mar 23 13:29:53 2017 us=278952   remote_cert_ku[i] = 0
Thu Mar 23 13:29:53 2017 us=278952   remote_cert_ku[i] = 0
Thu Mar 23 13:29:53 2017 us=278952   remote_cert_ku[i] = 0
Thu Mar 23 13:29:53 2017 us=278952   remote_cert_ku[i] = 0
Thu Mar 23 13:29:53 2017 us=278952   remote_cert_ku[i] = 0
Thu Mar 23 13:29:53 2017 us=278952   remote_cert_eku = 'TLS Web Server Authentication'
Thu Mar 23 13:29:53 2017 us=278952   ssl_flags = 192
Thu Mar 23 13:29:53 2017 us=278952   tls_timeout = 10
Thu Mar 23 13:29:53 2017 us=278952   renegotiate_bytes = -1
Thu Mar 23 13:29:53 2017 us=278952   renegotiate_packets = 0
Thu Mar 23 13:29:53 2017 us=278952   renegotiate_seconds = 0
Thu Mar 23 13:29:53 2017 us=278952   handshake_window = 60
Thu Mar 23 13:29:53 2017 us=278952   transition_window = 3600
Thu Mar 23 13:29:53 2017 us=278952   single_session = DISABLED
Thu Mar 23 13:29:53 2017 us=278952   push_peer_info = DISABLED
Thu Mar 23 13:29:53 2017 us=278952   tls_exit = DISABLED
Thu Mar 23 13:29:53 2017 us=278952   tls_auth_file = 'ta-default.key'
Thu Mar 23 13:29:53 2017 us=278952   tls_crypt_file = '[UNDEF]'
Thu Mar 23 13:29:53 2017 us=278952   pkcs11_protected_authentication = DISABLED
Thu Mar 23 13:29:53 2017 us=278952   pkcs11_protected_authentication = DISABLED
Thu Mar 23 13:29:53 2017 us=278952   pkcs11_protected_authentication = DISABLED
Thu Mar 23 13:29:53 2017 us=278952   pkcs11_protected_authentication = DISABLED
Thu Mar 23 13:29:53 2017 us=278952   pkcs11_protected_authentication = DISABLED
Thu Mar 23 13:29:53 2017 us=278952   pkcs11_protected_authentication = DISABLED
Thu Mar 23 13:29:53 2017 us=278952   pkcs11_protected_authentication = DISABLED
Thu Mar 23 13:29:53 2017 us=278952   pkcs11_protected_authentication = DISABLED
Thu Mar 23 13:29:53 2017 us=278952   pkcs11_protected_authentication = DISABLED
Thu Mar 23 13:29:53 2017 us=278952   pkcs11_protected_authentication = DISABLED
Thu Mar 23 13:29:53 2017 us=278952   pkcs11_protected_authentication = DISABLED
Thu Mar 23 13:29:53 2017 us=278952   pkcs11_protected_authentication = DISABLED
Thu Mar 23 13:29:53 2017 us=278952   pkcs11_protected_authentication = DISABLED
Thu Mar 23 13:29:53 2017 us=278952   pkcs11_protected_authentication = DISABLED
Thu Mar 23 13:29:53 2017 us=278952   pkcs11_protected_authentication = DISABLED
Thu Mar 23 13:29:53 2017 us=278952   pkcs11_protected_authentication = DISABLED
Thu Mar 23 13:29:53 2017 us=278952   pkcs11_private_mode = 00000000
Thu Mar 23 13:29:53 2017 us=278952   pkcs11_private_mode = 00000000
Thu Mar 23 13:29:53 2017 us=278952   pkcs11_private_mode = 00000000
Thu Mar 23 13:29:53 2017 us=278952   pkcs11_private_mode = 00000000
Thu Mar 23 13:29:53 2017 us=278952   pkcs11_private_mode = 00000000
Thu Mar 23 13:29:53 2017 us=278952   pkcs11_private_mode = 00000000
Thu Mar 23 13:29:53 2017 us=278952   pkcs11_private_mode = 00000000
Thu Mar 23 13:29:53 2017 us=278952   pkcs11_private_mode = 00000000
Thu Mar 23 13:29:53 2017 us=278952   pkcs11_private_mode = 00000000
Thu Mar 23 13:29:53 2017 us=278952   pkcs11_private_mode = 00000000
Thu Mar 23 13:29:53 2017 us=278952   pkcs11_private_mode = 00000000
Thu Mar 23 13:29:53 2017 us=278952   pkcs11_private_mode = 00000000
Thu Mar 23 13:29:53 2017 us=278952   pkcs11_private_mode = 00000000
Thu Mar 23 13:29:53 2017 us=278952   pkcs11_private_mode = 00000000
Thu Mar 23 13:29:53 2017 us=278952   pkcs11_private_mode = 00000000
Thu Mar 23 13:29:53 2017 us=278952   pkcs11_private_mode = 00000000
Thu Mar 23 13:29:53 2017 us=278952   pkcs11_cert_private = DISABLED
Thu Mar 23 13:29:53 2017 us=278952   pkcs11_cert_private = DISABLED
Thu Mar 23 13:29:53 2017 us=278952   pkcs11_cert_private = DISABLED
Thu Mar 23 13:29:53 2017 us=278952   pkcs11_cert_private = DISABLED
Thu Mar 23 13:29:53 2017 us=278952   pkcs11_cert_private = DISABLED
Thu Mar 23 13:29:53 2017 us=278952   pkcs11_cert_private = DISABLED
Thu Mar 23 13:29:53 2017 us=278952   pkcs11_cert_private = DISABLED
Thu Mar 23 13:29:53 2017 us=278952   pkcs11_cert_private = DISABLED
Thu Mar 23 13:29:53 2017 us=278952   pkcs11_cert_private = DISABLED
Thu Mar 23 13:29:53 2017 us=278952   pkcs11_cert_private = DISABLED
Thu Mar 23 13:29:53 2017 us=278952   pkcs11_cert_private = DISABLED
Thu Mar 23 13:29:53 2017 us=278952   pkcs11_cert_private = DISABLED
Thu Mar 23 13:29:53 2017 us=278952   pkcs11_cert_private = DISABLED
Thu Mar 23 13:29:53 2017 us=278952   pkcs11_cert_private = DISABLED
Thu Mar 23 13:29:53 2017 us=278952   pkcs11_cert_private = DISABLED
Thu Mar 23 13:29:53 2017 us=278952   pkcs11_cert_private = DISABLED
Thu Mar 23 13:29:53 2017 us=278952   pkcs11_pin_cache_period = -1
Thu Mar 23 13:29:53 2017 us=278952   pkcs11_id = '[UNDEF]'
Thu Mar 23 13:29:53 2017 us=278952   pkcs11_id_management = DISABLED
Thu Mar 23 13:29:53 2017 us=278952   server_network = 0.0.0.0
Thu Mar 23 13:29:53 2017 us=278952   server_netmask = 0.0.0.0
Thu Mar 23 13:29:53 2017 us=278952   server_network_ipv6 = ::
Thu Mar 23 13:29:53 2017 us=278952   server_netbits_ipv6 = 0
Thu Mar 23 13:29:53 2017 us=278952   server_bridge_ip = 0.0.0.0
Thu Mar 23 13:29:53 2017 us=278952   server_bridge_netmask = 0.0.0.0
Thu Mar 23 13:29:53 2017 us=278952   server_bridge_pool_start = 0.0.0.0
Thu Mar 23 13:29:53 2017 us=278952   server_bridge_pool_end = 0.0.0.0
Thu Mar 23 13:29:53 2017 us=278952   ifconfig_pool_defined = DISABLED
Thu Mar 23 13:29:53 2017 us=278952   ifconfig_pool_start = 0.0.0.0
Thu Mar 23 13:29:53 2017 us=278952   ifconfig_pool_end = 0.0.0.0
Thu Mar 23 13:29:53 2017 us=278952   ifconfig_pool_netmask = 0.0.0.0
Thu Mar 23 13:29:53 2017 us=278952   ifconfig_pool_persist_filename = '[UNDEF]'
Thu Mar 23 13:29:53 2017 us=278952   ifconfig_pool_persist_refresh_freq = 600
Thu Mar 23 13:29:53 2017 us=278952   ifconfig_ipv6_pool_defined = DISABLED
Thu Mar 23 13:29:53 2017 us=278952   ifconfig_ipv6_pool_base = ::
Thu Mar 23 13:29:53 2017 us=278952   ifconfig_ipv6_pool_netbits = 0
Thu Mar 23 13:29:53 2017 us=278952   n_bcast_buf = 256
Thu Mar 23 13:29:53 2017 us=278952   tcp_queue_limit = 64
Thu Mar 23 13:29:53 2017 us=278952   real_hash_size = 256
Thu Mar 23 13:29:53 2017 us=278952   virtual_hash_size = 256
Thu Mar 23 13:29:53 2017 us=278952   client_connect_script = '[UNDEF]'
Thu Mar 23 13:29:53 2017 us=278952   learn_address_script = '[UNDEF]'
Thu Mar 23 13:29:53 2017 us=278952   client_disconnect_script = '[UNDEF]'
Thu Mar 23 13:29:53 2017 us=278952   client_config_dir = '[UNDEF]'
Thu Mar 23 13:29:53 2017 us=278952   ccd_exclusive = DISABLED
Thu Mar 23 13:29:53 2017 us=278952   tmp_dir = 'C:\Users\root\AppData\Local\Temp\'
Thu Mar 23 13:29:53 2017 us=278952   push_ifconfig_defined = DISABLED
Thu Mar 23 13:29:53 2017 us=278952   push_ifconfig_local = 0.0.0.0
Thu Mar 23 13:29:53 2017 us=278952   push_ifconfig_remote_netmask = 0.0.0.0
Thu Mar 23 13:29:53 2017 us=278952   push_ifconfig_ipv6_defined = DISABLED
Thu Mar 23 13:29:53 2017 us=278952   push_ifconfig_ipv6_local = ::/0
Thu Mar 23 13:29:53 2017 us=278952   push_ifconfig_ipv6_remote = ::
Thu Mar 23 13:29:53 2017 us=278952   enable_c2c = DISABLED
Thu Mar 23 13:29:53 2017 us=278952   duplicate_cn = DISABLED
Thu Mar 23 13:29:53 2017 us=278952   cf_max = 0
Thu Mar 23 13:29:53 2017 us=278952   cf_per = 0
Thu Mar 23 13:29:53 2017 us=278952   max_clients = 1024
Thu Mar 23 13:29:53 2017 us=278952   max_routes_per_client = 256
Thu Mar 23 13:29:53 2017 us=278952   auth_user_pass_verify_script = '[UNDEF]'
Thu Mar 23 13:29:53 2017 us=278952   auth_user_pass_verify_script_via_file = DISABLED
Thu Mar 23 13:29:53 2017 us=278952   auth_token_generate = DISABLED
Thu Mar 23 13:29:53 2017 us=278952   auth_token_lifetime = 0
Thu Mar 23 13:29:53 2017 us=278952   client = ENABLED
Thu Mar 23 13:29:53 2017 us=278952   pull = ENABLED
Thu Mar 23 13:29:53 2017 us=278952   auth_user_pass_file = '[UNDEF]'
Thu Mar 23 13:29:53 2017 us=278952   show_net_up = DISABLED
Thu Mar 23 13:29:53 2017 us=278952   route_method = 3
Thu Mar 23 13:29:53 2017 us=278952   block_outside_dns = DISABLED
Thu Mar 23 13:29:53 2017 us=278952   ip_win32_defined = DISABLED
Thu Mar 23 13:29:53 2017 us=278952   ip_win32_type = 3
Thu Mar 23 13:29:53 2017 us=278952   dhcp_masq_offset = 0
Thu Mar 23 13:29:53 2017 us=278952   dhcp_lease_time = 31536000
Thu Mar 23 13:29:53 2017 us=278952   tap_sleep = 0
Thu Mar 23 13:29:53 2017 us=278952   dhcp_options = DISABLED
Thu Mar 23 13:29:53 2017 us=278952   dhcp_renew = DISABLED
Thu Mar 23 13:29:53 2017 us=278952   dhcp_pre_release = DISABLED
Thu Mar 23 13:29:53 2017 us=278952   dhcp_release = DISABLED
Thu Mar 23 13:29:53 2017 us=278952   domain = '[UNDEF]'
Thu Mar 23 13:29:53 2017 us=278952   netbios_scope = '[UNDEF]'
Thu Mar 23 13:29:53 2017 us=278952   netbios_node_type = 0
Thu Mar 23 13:29:53 2017 us=278952   disable_nbt = DISABLED
Thu Mar 23 13:29:53 2017 us=278952 OpenVPN 2.4.0 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Jan 31 2017
Thu Mar 23 13:29:53 2017 us=278952 Windows version 6.2 (Windows 8 or greater) 64bit
Thu Mar 23 13:29:53 2017 us=278952 library versions: OpenSSL 1.0.2k  26 Jan 2017, LZO 2.09
Enter Management Password:
Thu Mar 23 13:29:53 2017 us=278952 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25347
Thu Mar 23 13:29:53 2017 us=278952 Need hold release from management interface, waiting...
Thu Mar 23 13:29:53 2017 us=747714 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25347
Thu Mar 23 13:29:53 2017 us=857077 MANAGEMENT: CMD 'state on'
Thu Mar 23 13:29:53 2017 us=857077 MANAGEMENT: CMD 'log all on'
Thu Mar 23 13:29:54 2017 us=44575 MANAGEMENT: CMD 'hold off'
Thu Mar 23 13:29:54 2017 us=44575 MANAGEMENT: CMD 'hold release'
Thu Mar 23 13:29:54 2017 us=216522 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Thu Mar 23 13:29:54 2017 us=216522 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Thu Mar 23 13:29:54 2017 us=216522 Control Channel MTU parms [ L:1622 D:1140 EF:110 EB:0 ET:0 EL:3 ]
Thu Mar 23 13:29:54 2017 us=216522 MANAGEMENT: >STATE:1490275794,RESOLVE,,,,,,
Thu Mar 23 13:29:54 2017 us=216522 RESOLVE: Cannot resolve host address: [ my server name ]:PORTNO (No such host is known. )
Thu Mar 23 13:29:54 2017 us=216522 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 ]
Thu Mar 23 13:29:54 2017 us=216522 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1602,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-client'
Thu Mar 23 13:29:54 2017 us=216522 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1602,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-server'
Thu Mar 23 13:29:54 2017 us=216522 MANAGEMENT: >STATE:1490275794,RESOLVE,,,,,,
Thu Mar 23 13:29:54 2017 us=216522 RESOLVE: Cannot resolve host address: [ my server name ]:PORTNO (No such host is known. )
Thu Mar 23 13:29:54 2017 us=216522 Could not determine IPv4/IPv6 protocol
Thu Mar 23 13:29:54 2017 us=216522 SIGUSR1[soft,init_instance] received, process restarting
Thu Mar 23 13:29:54 2017 us=216522 MANAGEMENT: >STATE:1490275794,RECONNECTING,init_instance,,,,,
Thu Mar 23 13:29:54 2017 us=216522 Restart pause, 5 second(s)
Thu Mar 23 13:29:59 2017 us=247765 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Thu Mar 23 13:29:59 2017 us=247765 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Thu Mar 23 13:29:59 2017 us=247765 Control Channel MTU parms [ L:1622 D:1140 EF:110 EB:0 ET:0 EL:3 ]
Thu Mar 23 13:29:59 2017 us=247765 MANAGEMENT: >STATE:1490275799,RESOLVE,,,,,,
Thu Mar 23 13:29:59 2017 us=247765 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 ]
Thu Mar 23 13:29:59 2017 us=247765 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1602,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-client'
Thu Mar 23 13:29:59 2017 us=247765 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1602,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-server'
Thu Mar 23 13:29:59 2017 us=247765 TCP/UDP: Preserving recently used remote address: [AF_INET]Server_ip_address:PORTNO
Thu Mar 23 13:29:59 2017 us=247765 Socket Buffers: R=[65536->65536] S=[65536->65536]
Thu Mar 23 13:29:59 2017 us=247765 UDP link local: (not bound)
Thu Mar 23 13:29:59 2017 us=247765 UDP link remote: [AF_INET]Server_ip_address:PORTNO
Thu Mar 23 13:29:59 2017 us=247765 MANAGEMENT: >STATE:1490275799,WAIT,,,,,,
Thu Mar 23 13:30:59 2017 us=763436 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Thu Mar 23 13:30:59 2017 us=763436 TLS Error: TLS handshake failed
Thu Mar 23 13:30:59 2017 us=763436 TCP/UDP: Closing socket
Thu Mar 23 13:30:59 2017 us=763436 SIGUSR1[soft,tls-error] received, process restarting
Thu Mar 23 13:30:59 2017 us=763436 MANAGEMENT: >STATE:1490275859,RECONNECTING,tls-error,,,,,
Thu Mar 23 13:30:59 2017 us=763436 Restart pause, 5 second(s)
Thu Mar 23 13:31:04 2017 us=810270 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Thu Mar 23 13:31:04 2017 us=810270 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Thu Mar 23 13:31:04 2017 us=810270 Control Channel MTU parms [ L:1622 D:1140 EF:110 EB:0 ET:0 EL:3 ]
Thu Mar 23 13:31:04 2017 us=810270 MANAGEMENT: >STATE:1490275864,RESOLVE,,,,,,
Thu Mar 23 13:31:04 2017 us=810270 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 ]
Thu Mar 23 13:31:04 2017 us=810270 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1602,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-client'
Thu Mar 23 13:31:04 2017 us=810270 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1602,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-server'
Thu Mar 23 13:31:04 2017 us=810270 TCP/UDP: Preserving recently used remote address: [AF_INET]Server_ip_address:PORTNO
Thu Mar 23 13:31:04 2017 us=810270 Socket Buffers: R=[65536->65536] S=[65536->65536]
Thu Mar 23 13:31:04 2017 us=810270 UDP link local: (not bound)
Thu Mar 23 13:31:04 2017 us=810270 UDP link remote: [AF_INET]Server_ip_address:PORTNO
Thu Mar 23 13:31:04 2017 us=810270 MANAGEMENT: >STATE:1490275864,WAIT,,,,,,
Thu Mar 23 13:32:04 2017 us=575879 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Thu Mar 23 13:32:04 2017 us=575879 TLS Error: TLS handshake failed
Thu Mar 23 13:32:04 2017 us=575879 TCP/UDP: Closing socket
Thu Mar 23 13:32:04 2017 us=575879 SIGUSR1[soft,tls-error] received, process restarting
Thu Mar 23 13:32:04 2017 us=575879 MANAGEMENT: >STATE:1490275924,RECONNECTING,tls-error,,,,,
Thu Mar 23 13:32:04 2017 us=575879 Restart pause, 5 second(s)
Thu Mar 23 13:32:09 2017 us=622770 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Thu Mar 23 13:32:09 2017 us=622770 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Thu Mar 23 13:32:09 2017 us=622770 Control Channel MTU parms [ L:1622 D:1140 EF:110 EB:0 ET:0 EL:3 ]
Thu Mar 23 13:32:09 2017 us=622770 MANAGEMENT: >STATE:1490275929,RESOLVE,,,,,,
Thu Mar 23 13:32:09 2017 us=622770 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 ]
Thu Mar 23 13:32:09 2017 us=622770 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1602,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-client'
Thu Mar 23 13:32:09 2017 us=622770 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1602,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-server'
Thu Mar 23 13:32:09 2017 us=622770 TCP/UDP: Preserving recently used remote address: [AF_INET]Server_ip_address:PORTNO
Thu Mar 23 13:32:09 2017 us=622770 Socket Buffers: R=[65536->65536] S=[65536->65536]
Thu Mar 23 13:32:09 2017 us=622770 UDP link local: (not bound)
Thu Mar 23 13:32:09 2017 us=622770 UDP link remote: [AF_INET]Server_ip_address:PORTNO
Thu Mar 23 13:32:09 2017 us=622770 MANAGEMENT: >STATE:1490275929,WAIT,,,,,,
Thu Mar 23 13:33:09 2017 us=263423 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Thu Mar 23 13:33:09 2017 us=263423 TLS Error: TLS handshake failed
Thu Mar 23 13:33:09 2017 us=263423 TCP/UDP: Closing socket
Thu Mar 23 13:33:09 2017 us=263423 SIGUSR1[soft,tls-error] received, process restarting
Thu Mar 23 13:33:09 2017 us=263423 MANAGEMENT: >STATE:1490275989,RECONNECTING,tls-error,,,,,
Thu Mar 23 13:33:09 2017 us=263423 Restart pause, 5 second(s)
Thu Mar 23 13:33:14 2017 us=310248 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Thu Mar 23 13:33:14 2017 us=310248 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Thu Mar 23 13:33:14 2017 us=310248 Control Channel MTU parms [ L:1622 D:1140 EF:110 EB:0 ET:0 EL:3 ]
Thu Mar 23 13:33:14 2017 us=310248 MANAGEMENT: >STATE:1490275994,RESOLVE,,,,,,
Thu Mar 23 13:33:14 2017 us=310248 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 ]
Thu Mar 23 13:33:14 2017 us=310248 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1602,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-client'
Thu Mar 23 13:33:14 2017 us=310248 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1602,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-server'
Thu Mar 23 13:33:14 2017 us=310248 TCP/UDP: Preserving recently used remote address: [AF_INET]Server_ip_address:PORTNO
Thu Mar 23 13:33:14 2017 us=310248 Socket Buffers: R=[65536->65536] S=[65536->65536]
Thu Mar 23 13:33:14 2017 us=310248 UDP link local: (not bound)
Thu Mar 23 13:33:14 2017 us=310248 UDP link remote: [AF_INET]Server_ip_address:PORTNO
Thu Mar 23 13:33:14 2017 us=310248 MANAGEMENT: >STATE:1490275994,WAIT,,,,,,
Thu Mar 23 13:33:32 2017 us=544667 TCP/UDP: Closing socket
Thu Mar 23 13:33:32 2017 us=544667 SIGTERM[hard,] received, process exiting
Thu Mar 23 13:33:32 2017 us=544667 MANAGEMENT: >STATE:1490276012,EXITING,SIGTERM,,,,,
This is the error:

Code: Select all

Thu Mar 23 13:32:04 2017 us=575879 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Thu Mar 23 13:32:04 2017 us=575879 TLS Error: TLS handshake failed
Thu Mar 23 13:32:04 2017 us=575879 TCP/UDP: Closing socket
Thu Mar 23 13:32:04 2017 us=575879 SIGUSR1[soft,tls-error] received, process restarting
Thank you for your help.

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 2993
Joined: Fri Jun 03, 2016 1:17 pm

Re: HOWTO: Request Help !

Post by TinCanTech » Thu Mar 23, 2017 2:27 pm

In this case
TinCanTech wrote:

Code: Select all

Thu Mar 23 13:35:37 2017 us=228773 Authenticate/Decrypt packet error: packet HMAC authentication failed
Thu Mar 23 13:35:37 2017 us=228906 TLS Error: incoming packet authentication failed from [AF_INET]Client_ip_address:3581
the error is caused by:
  • the server is using --auth SHA1 (openvpn default)
  • while the client is using --auth RSA-SHA512.
--auth algo must match on both server and client.

User avatar
disqualified
OpenVPN User
Posts: 35
Joined: Fri Jun 03, 2016 7:13 pm

Re: HOWTO: Request Help !

Post by disqualified » Thu Mar 30, 2017 11:28 pm

TinCanTech wrote:the error is caused by
Decent example.


I still don't understand, where should I post ?

viewtopic.php?f=30&t=22603&p=69144#p64922

:twisted:

Post Reply