unwrap error: packet too short

This forum is for admins who are looking to build or expand their OpenVPN setup.
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
tontonjab
OpenVpn Newbie
Posts: 15
Joined: Sat Jul 24, 2021 4:13 pm

unwrap error: packet too short

Post by tontonjab » Tue Jul 27, 2021 4:08 pm

Hello again !
Now, i am facing a very weird issue. My connected devices are ok for 4-7 days, and... then, they disconnect. And i need a reboot to make them work again.

The logs says:

Mon Jul 26 23:43:57 2021 gate_******/92.184.***.***:60371 SIGUSR1[soft,ping-restart] received, client-instance restarting
Mon Jul 26 23:43:58 2021 [gate_******] Inactivity timeout (--ping-restart), restarting
Mon Jul 26 23:43:58 2021 SIGUSR1[soft,ping-restart] received, client-instance restarting
Tue Jul 27 03:18:27 2021 tls-crypt unwrap error: packet too short
Tue Jul 27 03:18:27 2021 TLS Error: tls-crypt unwrapping failed from [AF_INET6]::ffff:*******:59555
Tue Jul 27 06:36:48 2021 tls-crypt unwrap error: packet too short
Tue Jul 27 06:36:48 2021 TLS Error: tls-crypt unwrapping failed from [AF_INET6]::ffff:*********:58319
Tue Jul 27 09:25:09 2021 tls-crypt unwrap error: packet too short
Tue Jul 27 09:25:09 2021 TLS Error: tls-crypt unwrapping failed from [AF_INET6]::ffff:*************:54677

i read some advices about switching from UDP to TCP. Do you think that might help ?

User avatar
TinCanTech
Forum Team
Posts: 9658
Joined: Fri Jun 03, 2016 1:17 pm

Re: unwrap error: packet too short

Post by TinCanTech » Tue Jul 27, 2021 4:29 pm

tontonjab wrote:
Tue Jul 27, 2021 4:08 pm
i need a reboot to make them work again.
Well, you should not because Openvpn recovers from that problem easily.

You need to give more details.
viewtopic.php?f=30&t=22603#p68963

tontonjab
OpenVpn Newbie
Posts: 15
Joined: Sat Jul 24, 2021 4:13 pm

Re: unwrap error: packet too short

Post by tontonjab » Wed Jul 28, 2021 11:07 am

Thx you, and sorry for the lack of infos:


SERVEUR
Linux ns3033356 5.8.0-43-generic #49-Ubuntu SMP Fri Feb 5 03:01:28 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux

Code: Select all

eno1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet x.x.x.x  netmask 255.255.255.0  broadcast 176.31.182.255
        inet6 2001:41d0:8:ed26::1  prefixlen 56  scopeid 0x0<global>
        inet6 fe80::4e72:b9ff:fe43:1547  prefixlen 64  scopeid 0x20<link>
        ether 4c:72:b9:43:15:47  txqueuelen 1000  (Ethernet)
        RX packets 152312962  bytes 41359528322 (41.3 GB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 71303444  bytes 38301302236 (38.3 GB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
        device interrupt 20  memory 0xfe500000-fe520000

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 1060886816  bytes 254660108579 (254.6 GB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 1060886816  bytes 254660108579 (254.6 GB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1500
        inet 10.8.0.1  netmask 255.255.255.0  destination 10.8.0.1
        inet6 fe80::d11e:e61a:e94f:8f7d  prefixlen 64  scopeid 0x20<link>
        inet6 fd42:42:42:42::1  prefixlen 112  scopeid 0x0<global>
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 100  (UNSPEC)
        RX packets 234110  bytes 21804939 (21.8 MB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 610957  bytes 791619725 (791.6 MB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

server

port 1194
proto udp6
dev tun
user nobody
group nogroup
persist-key
persist-tun
duplicate-cn
keepalive 10 120
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS 94.140.14.14"
push "dhcp-option DNS 94.140.15.15"
push "redirect-gateway def1 bypass-dhcp"
server-ipv6 fd42:42:42:42::/112
tun-ipv6
push tun-ipv6
push "route-ipv6 2000::/3"
push "redirect-gateway ipv6"
dh none
ecdh-curve prime256v1
tls-crypt tls-crypt.key
crl-verify crl.pem
ca ca.crt
cert server_XL98c6RoSdvOVX3E.crt
key server_XL98c6RoSdvOVX3E.key
auth SHA256
cipher AES-128-GCM
ncp-ciphers AES-128-GCM
tls-server
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
client-config-dir /etc/openvpn/ccd
status /var/log/openvpn/status.log
client-to-client
management 127.0.0.1 17562
verb 4
mute 20
status /var/log/openvpn-status.log
log-append /var/log/openvpn.log


Code: Select all

Mon Jul 26 12:57:53 2021 gate_07062021_0000002/x.x.x.x:60371 peer info: IV_LZO=1
Mon Jul 26 12:57:53 2021 gate_07062021_0000002/x.x.x.x:60371 peer info: IV_COMP_STUB=1
Mon Jul 26 12:57:53 2021 gate_07062021_0000002/x.x.x.x:60371 peer info: IV_COMP_STUBv2=1
Mon Jul 26 12:57:53 2021 gate_07062021_0000002/x.x.x.x:60371 peer info: IV_TCPNL=1
Mon Jul 26 12:57:53 2021 gate_07062021_0000002/x.x.x.x:60371 Outgoing Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
Mon Jul 26 12:57:53 2021 gate_07062021_0000002/x.x.x.x:60371 Incoming Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
Mon Jul 26 12:57:53 2021 gate_07062021_0000002/x.x.x.x:60371 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit EC, curve: prime256v1
Mon Jul 26 13:56:44 2021 VERIFY OK: depth=1, CN=cn_8AQUbm3PFw5ievQB
Mon Jul 26 13:56:44 2021 VERIFY OK: depth=0, CN=gate_07062021_0000002
Mon Jul 26 13:56:44 2021 peer info: IV_VER=2.4.4
Mon Jul 26 13:56:44 2021 peer info: IV_PLAT=linux
Mon Jul 26 13:56:44 2021 peer info: IV_PROTO=2
Mon Jul 26 13:56:44 2021 peer info: IV_LZ4=1
Mon Jul 26 13:56:44 2021 peer info: IV_LZ4v2=1
Mon Jul 26 13:56:44 2021 peer info: IV_LZO=1
Mon Jul 26 13:56:44 2021 peer info: IV_COMP_STUB=1
Mon Jul 26 13:56:44 2021 peer info: IV_COMP_STUBv2=1
Mon Jul 26 13:56:44 2021 peer info: IV_TCPNL=1
Mon Jul 26 13:56:44 2021 Outgoing Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
Mon Jul 26 13:56:44 2021 Incoming Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
Mon Jul 26 13:56:44 2021 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit EC, curve: prime256v1
Mon Jul 26 13:57:53 2021 gate_07062021_0000002/x.x.x.x:60371 TLS: soft reset sec=0 bytes=26532/-1 pkts=697/0
Mon Jul 26 13:57:53 2021 gate_07062021_0000002/x.x.x.x:60371 VERIFY OK: depth=1, CN=cn_8AQUbm3PFw5ievQB
Mon Jul 26 13:57:53 2021 gate_07062021_0000002/x.x.x.x:60371 VERIFY OK: depth=0, CN=gate_07062021_0000002
Mon Jul 26 13:57:53 2021 gate_07062021_0000002/x.x.x.x:60371 peer info: IV_VER=2.4.4
Mon Jul 26 13:57:53 2021 gate_07062021_0000002/x.x.x.x:60371 peer info: IV_PLAT=linux
Mon Jul 26 13:57:53 2021 gate_07062021_0000002/x.x.x.x:60371 peer info: IV_PROTO=2
Mon Jul 26 13:57:53 2021 gate_07062021_0000002/x.x.x.x:60371 peer info: IV_LZ4=1
Mon Jul 26 13:57:53 2021 gate_07062021_0000002/x.x.x.x:60371 peer info: IV_LZ4v2=1
Mon Jul 26 13:57:53 2021 gate_07062021_0000002/x.x.x.x:60371 peer info: IV_LZO=1
Mon Jul 26 13:57:53 2021 gate_07062021_0000002/x.x.x.x:60371 peer info: IV_COMP_STUB=1
Mon Jul 26 13:57:53 2021 gate_07062021_0000002/x.x.x.x:60371 peer info: IV_COMP_STUBv2=1
Mon Jul 26 13:57:53 2021 gate_07062021_0000002/x.x.x.x:60371 peer info: IV_TCPNL=1
Mon Jul 26 13:57:53 2021 gate_07062021_0000002/x.x.x.x:60371 Outgoing Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
Mon Jul 26 13:57:53 2021 gate_07062021_0000002/x.x.x.x:60371 Incoming Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
Mon Jul 26 13:57:53 2021 gate_07062021_0000002/x.x.x.x:60371 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit EC, curve: prime256v1
Mon Jul 26 14:56:44 2021 VERIFY OK: depth=1, CN=cn_8AQUbm3PFw5ievQB
Mon Jul 26 14:56:44 2021 VERIFY OK: depth=0, CN=gate_07062021_0000002
Mon Jul 26 14:56:44 2021 peer info: IV_VER=2.4.4
Mon Jul 26 14:56:44 2021 peer info: IV_PLAT=linux
Mon Jul 26 14:56:44 2021 peer info: IV_PROTO=2
Mon Jul 26 14:56:44 2021 peer info: IV_LZ4=1
Mon Jul 26 14:56:44 2021 peer info: IV_LZ4v2=1
Mon Jul 26 14:56:44 2021 peer info: IV_LZO=1
Mon Jul 26 14:56:44 2021 peer info: IV_COMP_STUB=1
Mon Jul 26 14:56:44 2021 peer info: IV_COMP_STUBv2=1
Mon Jul 26 14:56:44 2021 peer info: IV_TCPNL=1
[SAME LOGS UNDRED TIMES]

Code: Select all

Mon Jul 26 22:56:44 2021 Outgoing Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
Mon Jul 26 22:56:44 2021 Incoming Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
Mon Jul 26 22:56:44 2021 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit EC, curve: prime256v1
Mon Jul 26 22:57:54 2021 gate_07062021_0000002/x.x.x.x:60371 TLS: tls_process: killed expiring key
Mon Jul 26 22:57:55 2021 gate_07062021_0000002/x.x.x.x:60371 VERIFY OK: depth=1, CN=cn_8AQUbm3PFw5ievQB
Mon Jul 26 22:57:55 2021 gate_07062021_0000002/x.x.x.x:60371 VERIFY OK: depth=0, CN=gate_07062021_0000002
Mon Jul 26 22:57:55 2021 gate_07062021_0000002/x.x.x.x:60371 peer info: IV_VER=2.4.4
Mon Jul 26 22:57:55 2021 gate_07062021_0000002/x.x.x.x:60371 peer info: IV_PLAT=linux
Mon Jul 26 22:57:55 2021 gate_07062021_0000002/x.x.x.x:60371 peer info: IV_PROTO=2
Mon Jul 26 22:57:55 2021 gate_07062021_0000002/x.x.x.x:60371 peer info: IV_LZ4=1
Mon Jul 26 22:57:55 2021 gate_07062021_0000002/x.x.x.x:60371 peer info: IV_LZ4v2=1
Mon Jul 26 22:57:55 2021 gate_07062021_0000002/x.x.x.x:60371 peer info: IV_LZO=1
Mon Jul 26 22:57:55 2021 gate_07062021_0000002/x.x.x.x:60371 peer info: IV_COMP_STUB=1
Mon Jul 26 22:57:55 2021 gate_07062021_0000002/x.x.x.x:60371 peer info: IV_COMP_STUBv2=1
Mon Jul 26 22:57:55 2021 gate_07062021_0000002/x.x.x.x:60371 peer info: IV_TCPNL=1
Mon Jul 26 22:57:55 2021 gate_07062021_0000002/x.x.x.x:60371 Outgoing Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
Mon Jul 26 22:57:55 2021 gate_07062021_0000002/x.x.x.x:60371 Incoming Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
Mon Jul 26 22:57:56 2021 gate_07062021_0000002/x.x.x.x:60371 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit EC, curve: prime256v1
Mon Jul 26 23:43:57 2021 gate_07062021_0000002/x.x.x.x:60371 [gate_07062021_0000002] Inactivity timeout (--ping-restart), restarting
Mon Jul 26 23:43:57 2021 gate_07062021_0000002/x.x.x.x:60371 SIGUSR1[soft,ping-restart] received, client-instance restarting
Mon Jul 26 23:43:58 2021 [gate_07062021_0000002] Inactivity timeout (--ping-restart), restarting
Mon Jul 26 23:43:58 2021 SIGUSR1[soft,ping-restart] received, client-instance restarting
Tue Jul 27 03:18:27 2021 tls-crypt unwrap error: packet too short
Tue Jul 27 03:18:27 2021 TLS Error: tls-crypt unwrapping failed from [AF_INET6]::ffff:146.88.240.4:59555
Tue Jul 27 06:36:48 2021 tls-crypt unwrap error: packet too short
Tue Jul 27 06:36:48 2021 TLS Error: tls-crypt unwrapping failed from [AF_INET6]::ffff:192.241.209.207:58319
Tue Jul 27 09:25:09 2021 tls-crypt unwrap error: packet too short
Tue Jul 27 09:25:09 2021 TLS Error: tls-crypt unwrapping failed from [AF_INET6]::ffff:185.200.118.35:54677
Tue Jul 27 21:58:46 2021 tls-crypt unwrap error: packet too short
Tue Jul 27 21:58:46 2021 TLS Error: tls-crypt unwrapping failed from [AF_INET6]::ffff:185.200.118.37:59175
Wed Jul 28 03:18:28 2021 tls-crypt unwrap error: packet too short
Wed Jul 28 03:18:28 2021 TLS Error: tls-crypt unwrapping failed from [AF_INET6]::ffff:146.88.240.4:36938
Wed Jul 28 07:37:29 2021 tls-crypt unwrap error: packet too short
Wed Jul 28 07:37:29 2021 TLS Error: tls-crypt unwrapping failed from [AF_INET6]::ffff:212.60.13.11:42126
Wed Jul 28 08:36:36 2021 tls-crypt unwrap error: packet too short
Wed Jul 28 08:36:36 2021 TLS Error: tls-crypt unwrapping failed from [AF_INET6]::ffff:192.241.196.229:52913
Wed Jul 28 08:44:08 2021 tls-crypt unwrap error: packet too short
Wed Jul 28 08:44:08 2021 TLS Error: tls-crypt unwrapping failed from [AF_INET6]::ffff:185.200.118.80:43437
Wed Jul 28 09:49:13 2021 176.176.203.106:35961 TLS: Initial packet from [AF_INET6]::ffff:176.176.203.106:35961, sid=827c0065 066cbd16
Wed Jul 28 09:49:14 2021 176.176.203.106:35961 VERIFY OK: depth=1, CN=cn_8AQUbm3PFw5ievQB
Wed Jul 28 09:49:14 2021 176.176.203.106:35961 VERIFY OK: depth=0, CN=gate-17072021-TEST
Wed Jul 28 09:49:14 2021 176.176.203.106:35961 peer info: IV_VER=2.4.4
Wed Jul 28 09:49:14 2021 176.176.203.106:35961 peer info: IV_PLAT=linux
Wed Jul 28 09:49:14 2021 176.176.203.106:35961 peer info: IV_PROTO=2
Wed Jul 28 09:49:14 2021 176.176.203.106:35961 peer info: IV_NCP=2
Wed Jul 28 09:49:14 2021 176.176.203.106:35961 peer info: IV_LZ4=1
Wed Jul 28 09:49:14 2021 176.176.203.106:35961 peer info: IV_LZ4v2=1
Wed Jul 28 09:49:14 2021 176.176.203.106:35961 peer info: IV_LZO=1
Wed Jul 28 09:49:14 2021 176.176.203.106:35961 peer info: IV_COMP_STUB=1
Wed Jul 28 09:49:14 2021 176.176.203.106:35961 peer info: IV_COMP_STUBv2=1
Wed Jul 28 09:49:14 2021 176.176.203.106:35961 peer info: IV_TCPNL=1
Wed Jul 28 09:49:14 2021 176.176.203.106:35961 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit EC, curve: prime256v1
Wed Jul 28 09:49:14 2021 176.176.203.106:35961 [gate-17072021-TEST] Peer Connection Initiated with [AF_INET6]::ffff:176.176.203.106:35961
Wed Jul 28 09:49:14 2021 gate-17072021-TEST/176.176.203.106:35961 MULTI_sva: pool returned IPv4=10.8.0.2, IPv6=fd42:42:42:42::1000
Wed Jul 28 09:49:14 2021 gate-17072021-TEST/176.176.203.106:35961 MULTI: Learn: 10.8.0.2 -> gate-17072021-TEST/176.176.203.106:35961
Wed Jul 28 09:49:14 2021 gate-17072021-TEST/176.176.203.106:35961 MULTI: primary virtual IP for gate-17072021-TEST/176.176.203.106:35961: 10.8.0.2
Wed Jul 28 09:49:14 2021 gate-17072021-TEST/176.176.203.106:35961 MULTI: Learn: fd42:42:42:42::1000 -> gate-17072021-TEST/176.176.203.106:35961
Wed Jul 28 09:49:14 2021 gate-17072021-TEST/176.176.203.106:35961 MULTI: primary virtual IPv6 for gate-17072021-TEST/176.176.203.106:35961: fd42:42:42:42::1000
Wed Jul 28 09:49:15 2021 gate-17072021-TEST/176.176.203.106:35961 PUSH: Received control message: 'PUSH_REQUEST'
Wed Jul 28 09:49:15 2021 gate-17072021-TEST/176.176.203.106:35961 SENT CONTROL [gate-17072021-TEST]: 'PUSH_REPLY,dhcp-option DNS 94.140.14.14,dhcp-option DNS 94.140.15.15,redirect-gateway def1 bypass-dhcp,tun-ipv6,route-ipv6 2000::/3,redirect-gateway ipv6,tun-ipv6,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig-ipv6 fd42:42:42:42::1000/112 fd42:42:42:42::1,ifconfig 10.8.0.2 255.255.255.0,peer-id 0,cipher AES-128-GCM' (status=1)
Wed Jul 28 09:49:15 2021 gate-17072021-TEST/176.176.203.106:35961 Outgoing Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
Wed Jul 28 09:49:15 2021 gate-17072021-TEST/176.176.203.106:35961 Incoming Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
Wed Jul 28 09:49:33 2021 176.176.203.106:35221 TLS: Initial packet from [AF_INET6]::ffff:176.176.203.106:35221, sid=a0fb4c35 113b71ce
Wed Jul 28 09:49:33 2021 176.176.203.106:35221 VERIFY OK: depth=1, CN=cn_8AQUbm3PFw5ievQB
Wed Jul 28 09:49:33 2021 176.176.203.106:35221 VERIFY OK: depth=0, CN=gate-17072021-TEST
Wed Jul 28 09:49:33 2021 176.176.203.106:35221 peer info: IV_VER=2.4.4
Wed Jul 28 09:49:33 2021 176.176.203.106:35221 peer info: IV_PLAT=linux
Wed Jul 28 09:49:33 2021 176.176.203.106:35221 peer info: IV_PROTO=2
Wed Jul 28 09:49:33 2021 176.176.203.106:35221 peer info: IV_NCP=2
Wed Jul 28 09:49:33 2021 176.176.203.106:35221 peer info: IV_LZ4=1
Wed Jul 28 09:49:33 2021 176.176.203.106:35221 peer info: IV_LZ4v2=1
Wed Jul 28 09:49:33 2021 176.176.203.106:35221 peer info: IV_LZO=1
Wed Jul 28 09:49:33 2021 176.176.203.106:35221 peer info: IV_COMP_STUB=1
Wed Jul 28 09:49:33 2021 176.176.203.106:35221 peer info: IV_COMP_STUBv2=1
Wed Jul 28 09:49:33 2021 176.176.203.106:35221 peer info: IV_TCPNL=1
Wed Jul 28 09:49:33 2021 176.176.203.106:35221 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit EC, curve: prime256v1
Wed Jul 28 09:49:33 2021 176.176.203.106:35221 [gate-17072021-TEST] Peer Connection Initiated with [AF_INET6]::ffff:176.176.203.106:35221
Wed Jul 28 09:49:33 2021 gate-17072021-TEST/176.176.203.106:35221 MULTI_sva: pool returned IPv4=10.8.0.3, IPv6=fd42:42:42:42::1001
Wed Jul 28 09:49:33 2021 gate-17072021-TEST/176.176.203.106:35221 MULTI: Learn: 10.8.0.3 -> gate-17072021-TEST/176.176.203.106:35221
Wed Jul 28 09:49:33 2021 gate-17072021-TEST/176.176.203.106:35221 MULTI: primary virtual IP for gate-17072021-TEST/176.176.203.106:35221: 10.8.0.3
Wed Jul 28 09:49:33 2021 gate-17072021-TEST/176.176.203.106:35221 MULTI: Learn: fd42:42:42:42::1001 -> gate-17072021-TEST/176.176.203.106:35221
Wed Jul 28 09:49:33 2021 gate-17072021-TEST/176.176.203.106:35221 MULTI: primary virtual IPv6 for gate-17072021-TEST/176.176.203.106:35221: fd42:42:42:42::1001
Wed Jul 28 09:49:34 2021 gate-17072021-TEST/176.176.203.106:35221 PUSH: Received control message: 'PUSH_REQUEST'
Wed Jul 28 09:49:34 2021 gate-17072021-TEST/176.176.203.106:35221 SENT CONTROL [gate-17072021-TEST]: 'PUSH_REPLY,dhcp-option DNS 94.140.14.14,dhcp-option DNS 94.140.15.15,redirect-gateway def1 bypass-dhcp,tun-ipv6,route-ipv6 2000::/3,redirect-gateway ipv6,tun-ipv6,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig-ipv6 fd42:42:42:42::1001/112 fd42:42:42:42::1,ifconfig 10.8.0.3 255.255.255.0,peer-id 1,cipher AES-128-GCM' (status=1)
Wed Jul 28 09:49:34 2021 gate-17072021-TEST/176.176.203.106:35221 Outgoing Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
Wed Jul 28 09:49:34 2021 gate-17072021-TEST/176.176.203.106:35221 Incoming Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
Wed Jul 28 09:49:45 2021 176.176.203.106:38597 TLS: Initial packet from [AF_INET6]::ffff:176.176.203.106:38597, sid=d378ac33 d07c7eb4
Wed Jul 28 09:49:45 2021 176.176.203.106:38597 VERIFY OK: depth=1, CN=cn_8AQUbm3PFw5ievQB
Wed Jul 28 09:49:45 2021 176.176.203.106:38597 VERIFY OK: depth=0, CN=gate-17072021-TEST
Wed Jul 28 09:49:45 2021 176.176.203.106:38597 peer info: IV_VER=2.4.4
Wed Jul 28 09:49:45 2021 176.176.203.106:38597 peer info: IV_PLAT=linux
Wed Jul 28 09:49:45 2021 176.176.203.106:38597 peer info: IV_PROTO=2
Wed Jul 28 09:49:45 2021 176.176.203.106:38597 peer info: IV_NCP=2
Wed Jul 28 09:49:45 2021 176.176.203.106:38597 peer info: IV_LZ4=1
Wed Jul 28 09:49:45 2021 176.176.203.106:38597 peer info: IV_LZ4v2=1
Wed Jul 28 09:49:45 2021 176.176.203.106:38597 peer info: IV_LZO=1
Wed Jul 28 09:49:45 2021 176.176.203.106:38597 peer info: IV_COMP_STUB=1
Wed Jul 28 09:49:45 2021 176.176.203.106:38597 peer info: IV_COMP_STUBv2=1
Wed Jul 28 09:49:45 2021 176.176.203.106:38597 peer info: IV_TCPNL=1
Wed Jul 28 09:49:45 2021 176.176.203.106:38597 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit EC, curve: prime256v1
Wed Jul 28 09:49:45 2021 176.176.203.106:38597 [gate-17072021-TEST] Peer Connection Initiated with [AF_INET6]::ffff:176.176.203.106:38597
Wed Jul 28 09:49:45 2021 gate-17072021-TEST/176.176.203.106:38597 MULTI_sva: pool returned IPv4=10.8.0.4, IPv6=fd42:42:42:42::1002
Wed Jul 28 09:49:45 2021 gate-17072021-TEST/176.176.203.106:38597 MULTI: Learn: 10.8.0.4 -> gate-17072021-TEST/176.176.203.106:38597
Wed Jul 28 09:49:45 2021 gate-17072021-TEST/176.176.203.106:38597 MULTI: primary virtual IP for gate-17072021-TEST/176.176.203.106:38597: 10.8.0.4
Wed Jul 28 09:49:45 2021 gate-17072021-TEST/176.176.203.106:38597 MULTI: Learn: fd42:42:42:42::1002 -> gate-17072021-TEST/176.176.203.106:38597
Wed Jul 28 09:49:45 2021 gate-17072021-TEST/176.176.203.106:38597 MULTI: primary virtual IPv6 for gate-17072021-TEST/176.176.203.106:38597: fd42:42:42:42::1002
Wed Jul 28 09:49:47 2021 gate-17072021-TEST/176.176.203.106:38597 PUSH: Received control message: 'PUSH_REQUEST'
Wed Jul 28 09:49:47 2021 gate-17072021-TEST/176.176.203.106:38597 SENT CONTROL [gate-17072021-TEST]: 'PUSH_REPLY,dhcp-option DNS 94.140.14.14,dhcp-option DNS 94.140.15.15,redirect-gateway def1 bypass-dhcp,tun-ipv6,route-ipv6 2000::/3,redirect-gateway ipv6,tun-ipv6,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig-ipv6 fd42:42:42:42::1002/112 fd42:42:42:42::1,ifconfig 10.8.0.4 255.255.255.0,peer-id 2,cipher AES-128-GCM' (status=1)
Wed Jul 28 09:49:47 2021 gate-17072021-TEST/176.176.203.106:38597 Outgoing Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
Wed Jul 28 09:49:47 2021 gate-17072021-TEST/176.176.203.106:38597 Incoming Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
Wed Jul 28 09:53:27 2021 gate-17072021-TEST/176.176.203.106:35961 [gate-17072021-TEST] Inactivity timeout (--ping-restart), restarting
Wed Jul 28 09:53:27 2021 gate-17072021-TEST/176.176.203.106:35961 SIGUSR1[soft,ping-restart] received, client-instance restarting




Linux klk-fevo-SERIAL 4.14.9-klk #1 SMP Tue Feb 18 14:41:02 CET 2020 armv7l armv7l armv7l GNU/Linux



CLIENT

Code: Select all

eth0      Link encap:Ethernet  HWaddr 70:76:FF:05:13:EC
          inet addr:192.168.1.97  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: 2001:861:59c1:38f0:7276:ffff:fe05:13ec/64 Scope:Global
          inet6 addr: fe80::7276:ffff:fe05:13ec/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:7945 errors:0 dropped:4034 overruns:0 frame:0
          TX packets:3416 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:1014731 (990.9 KiB)  TX bytes:2293154 (2.1 MiB)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:65890 errors:0 dropped:0 overruns:0 frame:0
          TX packets:65890 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:3493379 (3.3 MiB)  TX bytes:3493379 (3.3 MiB)

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:10.8.0.3  P-t-P:10.8.0.3  Mask:255.255.255.0
          inet6 addr: fd42:42:42:42::1001/112 Scope:Global
          inet6 addr: fe80::8797:fe9f:de8a:6832/64 Scope:Link
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:2556 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2333 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:182482 (178.2 KiB)  TX bytes:2043180 (1.9 MiB)

tun1      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:10.8.0.4  P-t-P:10.8.0.4  Mask:255.255.255.0
          inet6 addr: fe80::f98:5e7a:ef8c:4a58/64 Scope:Link
          inet6 addr: fd42:42:42:42::1002/112 Scope:Global
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:18 errors:0 dropped:0 overruns:0 frame:0
          TX packets:11 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:3416 (3.3 KiB)  TX bytes:528 (528.0 B)

client

client
proto udp
explicit-exit-notify
remote x.x.x.x 1194
dev tun
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
verify-x509-name server_XL98c6RoSdvOVX3E name
auth SHA256
auth-nocache
cipher AES-128-GCM
tls-client
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
ignore-unknown-option block-outside-dns
setenv opt block-outside-dns # Prevent Windows 10 DNS leak
verb 3

Code: Select all

: R=[163840->163840] S=[163840->163840]
2021-07-28T02:25:07.210023+02:00 klk-fevo-SERIAL openvpn[1183]: UDP link local: (not bound)
2021-07-28T02:25:07.210082+02:00 klk-fevo-SERIAL openvpn[1183]: UDP link remote: [AF_INET]x.x.x.x:1194
2021-07-28T02:25:55.330283+02:00 klk-fevo-SERIAL openvpn[1642]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2021-07-28T02:25:55.330357+02:00 klk-fevo-SERIAL openvpn[1642]: TLS Error: TLS handshake failed
2021-07-28T02:25:55.330833+02:00 klk-fevo-SERIAL openvpn[1642]: SIGUSR1[soft,tls-error] received, process restarting
2021-07-28T02:25:55.330925+02:00 klk-fevo-SERIAL openvpn[1642]: Restart pause, 300 second(s)
2021-07-28T02:26:07.059462+02:00 klk-fevo-SERIAL openvpn[1183]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2021-07-28T02:26:07.059537+02:00 klk-fevo-SERIAL openvpn[1183]: TLS Error: TLS handshake failed
2021-07-28T02:26:07.059961+02:00 klk-fevo-SERIAL openvpn[1183]: SIGUSR1[soft,tls-error] received, process restarting
2021-07-28T02:26:07.060052+02:00 klk-fevo-SERIAL openvpn[1183]: Restart pause, 300 second(s)
2021-07-28T02:30:55.331480+02:00 klk-fevo-SERIAL openvpn[1642]: TCP/UDP: Preserving recently used remote address: [AF_INET]x.x.x.x:1194
2021-07-28T02:30:55.331631+02:00 klk-fevo-SERIAL openvpn[1642]: Socket Buffers: R=[163840->163840] S=[163840->163840]
2021-07-28T02:30:55.331686+02:00 klk-fevo-SERIAL openvpn[1642]: UDP link local: (not bound)
2021-07-28T02:30:55.331740+02:00 klk-fevo-SERIAL openvpn[1642]: UDP link remote: [AF_INET]x.x.x.x:1194
2021-07-28T02:31:07.060658+02:00 klk-fevo-SERIAL openvpn[1183]: TCP/UDP: Preserving recently used remote address: [AF_INET]x.x.x.x:1194
2021-07-28T02:31:07.060806+02:00 klk-fevo-SERIAL openvpn[1183]: Socket Buffers: R=[163840->163840] S=[163840->163840]
2021-07-28T02:31:07.060859+02:00 klk-fevo-SERIAL openvpn[1183]: UDP link local: (not bound)
2021-07-28T02:31:07.060914+02:00 klk-fevo-SERIAL openvpn[1183]: UDP link remote: [AF_INET]x.x.x.x:1194
2021-07-28T02:31:55.909807+02:00 klk-fevo-SERIAL openvpn[1642]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2021-07-28T02:31:55.909886+02:00 klk-fevo-SERIAL openvpn[1642]: TLS Error: TLS handshake failed
2021-07-28T02:31:55.910355+02:00 klk-fevo-SERIAL openvpn[1642]: SIGUSR1[soft,tls-error] received, process restarting
2021-07-28T02:31:55.910450+02:00 klk-fevo-SERIAL openvpn[1642]: Restart pause, 300 second(s)
2021-07-28T02:32:08.084911+02:00 klk-fevo-SERIAL openvpn[1183]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2021-07-28T02:32:08.084986+02:00 klk-fevo-SERIAL openvpn[1183]: TLS Error: TLS handshake failed
2021-07-28T02:32:08.085407+02:00 klk-fevo-SERIAL openvpn[1183]: SIGUSR1[soft,tls-error] received, process restarting
2021-07-28T02:32:08.085501+02:00 klk-fevo-SERIAL openvpn[1183]: Restart pause, 300 second(s)
2021-07-28T02:36:55.911003+02:00 klk-fevo-SERIAL openvpn[1642]: TCP/UDP: Preserving recently used remote address: [AF_INET]x.x.x.x:1194
2021-07-28T02:36:55.911155+02:00 klk-fevo-SERIAL openvpn[1642]: Socket Buffers: R=[163840->163840] S=[163840->163840]
2021-07-28T02:36:55.911209+02:00 klk-fevo-SERIAL openvpn[1642]: UDP link local: (not bound)
2021-07-28T02:36:55.911264+02:00 klk-fevo-SERIAL openvpn[1642]: UDP link remote: [AF_INET]x.x.x.x:1194
2021-07-28T02:37:08.086068+02:00 klk-fevo-SERIAL openvpn[1183]: TCP/UDP: Preserving recently used remote address: [AF_INET]x.x.x.x:1194
2021-07-28T02:37:08.086326+02:00 klk-fevo-SERIAL openvpn[1183]: Socket Buffers: R=[163840->163840] S=[163840->163840]
2021-07-28T02:37:08.086383+02:00 klk-fevo-SERIAL openvpn[1183]: UDP link local: (not bound)
2021-07-28T02:37:08.086477+02:00 klk-fevo-SERIAL openvpn[1183]: UDP link remote: [AF_INET]x.x.x.x:1194
2021-07-28T02:37:55.615375+02:00 klk-fevo-SERIAL openvpn[1642]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2021-07-28T02:37:55.615448+02:00 klk-fevo-SERIAL openvpn[1642]: TLS Error: TLS handshake failed
2021-07-28T02:37:55.615880+02:00 klk-fevo-SERIAL openvpn[1642]: SIGUSR1[soft,tls-error] received, process restarting
2021-07-28T02:37:55.615975+02:00 klk-fevo-SERIAL openvpn[1642]: Restart pause, 300 second(s)
2021-07-28T02:38:09.108729+02:00 klk-fevo-SERIAL openvpn[1183]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2021-07-28T02:38:09.108806+02:00 klk-fevo-SERIAL openvpn[1183]: TLS Error: TLS handshake failed
2021-07-28T02:38:09.109266+02:00 klk-fevo-SERIAL openvpn[1183]: SIGUSR1[soft,tls-error] received, process restarting
2021-07-28T02:38:09.109359+02:00 klk-fevo-SERIAL openvpn[1183]: Restart pause, 300 second(s)
2021-07-28T02:42:55.616581+02:00 klk-fevo-SERIAL openvpn[1642]: TCP/UDP: Preserving recently used remote address: [AF_INET]x.x.x.x:1194
2021-07-28T02:42:55.616731+02:00 klk-fevo-SERIAL openvpn[1642]: Socket Buffers: R=[163840->163840] S=[163840->163840]
2021-07-28T02:42:55.616784+02:00 klk-fevo-SERIAL openvpn[1642]: UDP link local: (not bound)
2021-07-28T02:42:55.616836+02:00 klk-fevo-SERIAL openvpn[1642]: UDP link remote: [AF_INET]x.x.x.x:1194
2021-07-28T02:43:09.109988+02:00 klk-fevo-SERIAL openvpn[1183]: TCP/UDP: Preserving recently used remote address: [AF_INET]x.x.x.x:1194
2021-07-28T02:43:09.110139+02:00 klk-fevo-SERIAL openvpn[1183]: Socket Buffers: R=[163840->163840] S=[163840->163840]
2021-07-28T02:43:09.110193+02:00 klk-fevo-SERIAL openvpn[1183]: UDP link local: (not bound)
2021-07-28T02:43:09.110247+02:00 klk-fevo-SERIAL openvpn[1183]: UDP link remote: [AF_INET]x.x.x.x:1194
2021-07-28T02:43:55.744681+02:00 klk-fevo-SERIAL openvpn[1642]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2021-07-28T02:43:55.744754+02:00 klk-fevo-SERIAL openvpn[1642]: TLS Error: TLS handshake failed
2021-07-28T02:43:55.745184+02:00 klk-fevo-SERIAL openvpn[1642]: SIGUSR1[soft,tls-error] received, process restarting
2021-07-28T02:43:55.745278+02:00 klk-fevo-SERIAL openvpn[1642]: Restart pause, 300 second(s)
2021-07-28T02:44:09.045475+02:00 klk-fevo-SERIAL openvpn[1183]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
[SAME LOGS UNDRED AND UNDRED TIMES]

Code: Select all

2021-07-28T11:31:06.040715+02:00 klk-fevo-SERIAL openvpn[1642]: UDP link remote: [AF_INET]x.x.x.x:1194
2021-07-28T11:31:23.524703+02:00 klk-fevo-SERIAL openvpn[1183]: TCP/UDP: Preserving recently used remote address: [AF_INET]x.x.x.x:1194
2021-07-28T11:31:23.524857+02:00 klk-fevo-SERIAL openvpn[1183]: Socket Buffers: R=[163840->163840] S=[163840->163840]
2021-07-28T11:31:23.524909+02:00 klk-fevo-SERIAL openvpn[1183]: UDP link local: (not bound)
2021-07-28T11:31:23.524964+02:00 klk-fevo-SERIAL openvpn[1183]: UDP link remote: [AF_INET]x.x.x.x:1194
2021-07-28T11:32:06.225875+02:00 klk-fevo-SERIAL openvpn[1642]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2021-07-28T11:32:06.225949+02:00 klk-fevo-SERIAL openvpn[1642]: TLS Error: TLS handshake failed
2021-07-28T11:32:06.226486+02:00 klk-fevo-SERIAL openvpn[1642]: SIGUSR1[soft,tls-error] received, process restarting
2021-07-28T11:32:06.226582+02:00 klk-fevo-SERIAL openvpn[1642]: Restart pause, 300 second(s)
2021-07-28T11:32:23.978292+02:00 klk-fevo-SERIAL openvpn[1183]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2021-07-28T11:32:23.978399+02:00 klk-fevo-SERIAL openvpn[1183]: TLS Error: TLS handshake failed
2021-07-28T11:32:23.978822+02:00 klk-fevo-SERIAL openvpn[1183]: SIGUSR1[soft,tls-error] received, process restarting
2021-07-28T11:32:23.978916+02:00 klk-fevo-SERIAL openvpn[1183]: Restart pause, 300 second(s)
2021-07-28T11:37:06.227137+02:00 klk-fevo-SERIAL openvpn[1642]: TCP/UDP: Preserving recently used remote address: [AF_INET]x.x.x.x:1194
2021-07-28T11:37:06.227290+02:00 klk-fevo-SERIAL openvpn[1642]: Socket Buffers: R=[163840->163840] S=[163840->163840]
2021-07-28T11:37:06.227342+02:00 klk-fevo-SERIAL openvpn[1642]: UDP link local: (not bound)
2021-07-28T11:37:06.227397+02:00 klk-fevo-SERIAL openvpn[1642]: UDP link remote: [AF_INET]x.x.x.x:1194
2021-07-28T11:37:23.979475+02:00 klk-fevo-SERIAL openvpn[1183]: TCP/UDP: Preserving recently used remote address: [AF_INET]x.x.x.x:1194
2021-07-28T11:37:23.979671+02:00 klk-fevo-SERIAL openvpn[1183]: Socket Buffers: R=[163840->163840] S=[163840->163840]
2021-07-28T11:37:23.979732+02:00 klk-fevo-SERIAL openvpn[1183]: UDP link local: (not bound)
2021-07-28T11:37:23.979788+02:00 klk-fevo-SERIAL openvpn[1183]: UDP link remote: [AF_INET]x.x.x.x:1194
2021-07-28T11:38:06.310039+02:00 klk-fevo-SERIAL openvpn[1642]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2021-07-28T11:38:06.310112+02:00 klk-fevo-SERIAL openvpn[1642]: TLS Error: TLS handshake failed
2021-07-28T11:38:06.310535+02:00 klk-fevo-SERIAL openvpn[1642]: SIGUSR1[soft,tls-error] received, process restarting
2021-07-28T11:38:06.310675+02:00 klk-fevo-SERIAL openvpn[1642]: Restart pause, 300 second(s)
2021-07-28T11:38:23.683907+02:00 klk-fevo-SERIAL openvpn[1183]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2021-07-28T11:38:23.683983+02:00 klk-fevo-SERIAL openvpn[1183]: TLS Error: TLS handshake failed
2021-07-28T11:38:23.684408+02:00 klk-fevo-SERIAL openvpn[1183]: SIGUSR1[soft,tls-error] received, process restarting
2021-07-28T11:38:23.684498+02:00 klk-fevo-SERIAL openvpn[1183]: Restart pause, 300 second(s)
2021-07-28T11:43:06.311229+02:00 klk-fevo-SERIAL openvpn[1642]: TCP/UDP: Preserving recently used remote address: [AF_INET]x.x.x.x:1194
2021-07-28T11:43:06.311382+02:00 klk-fevo-SERIAL openvpn[1642]: Socket Buffers: R=[163840->163840] S=[163840->163840]
2021-07-28T11:43:06.311436+02:00 klk-fevo-SERIAL openvpn[1642]: UDP link local: (not bound)
2021-07-28T11:43:06.311489+02:00 klk-fevo-SERIAL openvpn[1642]: UDP link remote: [AF_INET]x.x.x.x:1194
2021-07-28T11:43:23.685053+02:00 klk-fevo-SERIAL openvpn[1183]: TCP/UDP: Preserving recently used remote address: [AF_INET]x.x.x.x:1194
2021-07-28T11:43:23.685208+02:00 klk-fevo-SERIAL openvpn[1183]: Socket Buffers: R=[163840->163840] S=[163840->163840]
2021-07-28T11:43:23.685261+02:00 klk-fevo-SERIAL openvpn[1183]: UDP link local: (not bound)
2021-07-28T11:43:23.685316+02:00 klk-fevo-SERIAL openvpn[1183]: UDP link remote: [AF_INET]x.x.x.x:1194
2021-07-28T11:44:06.794551+02:00 klk-fevo-SERIAL openvpn[1642]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2021-07-28T11:44:06.794658+02:00 klk-fevo-SERIAL openvpn[1642]: TLS Error: TLS handshake failed
2021-07-28T11:44:06.795083+02:00 klk-fevo-SERIAL openvpn[1642]: SIGUSR1[soft,tls-error] received, process restarting
2021-07-28T11:44:06.795175+02:00 klk-fevo-SERIAL openvpn[1642]: Restart pause, 300 second(s)
2021-07-28T11:44:23.687047+02:00 klk-fevo-SERIAL openvpn[1183]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2021-07-28T11:44:23.687122+02:00 klk-fevo-SERIAL openvpn[1183]: TLS Error: TLS handshake failed
2021-07-28T11:44:23.687547+02:00 klk-fevo-SERIAL openvpn[1183]: SIGUSR1[soft,tls-error] received, process restarting
2021-07-28T11:44:23.687640+02:00 klk-fevo-SERIAL openvpn[1183]: Restart pause, 300 second(s)
2021-07-28T11:00:16.359201+02:00 klk-fevo-SERIAL openvpn[1180]: Unrecognized option or missing or extra parameter(s) in /etc/openvpn/gate-17072021-TEST.conf:19: block-outside-dns (2.4.4)
2021-07-28T11:00:16.367264+02:00 klk-fevo-SERIAL openvpn[1180]: OpenVPN 2.4.4 arm-poky-linux-gnueabi [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Feb 18 2020
2021-07-28T11:00:16.367866+02:00 klk-fevo-SERIAL openvpn[1180]: library versions: OpenSSL 1.0.2n  7 Dec 2017, LZO 2.10
2021-07-28T11:00:16.393570+02:00 klk-fevo-SERIAL openvpn[1183]: Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2021-07-28T11:00:16.398203+02:00 klk-fevo-SERIAL openvpn[1183]: Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2021-07-28T11:00:16.398988+02:00 klk-fevo-SERIAL openvpn[1183]: Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2021-07-28T11:00:16.399480+02:00 klk-fevo-SERIAL openvpn[1183]: Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2021-07-28T11:00:16.401580+02:00 klk-fevo-SERIAL openvpn[1183]: TCP/UDP: Preserving recently used remote address: [AF_INET]x.x.x.x:1194
2021-07-28T11:00:16.407800+02:00 klk-fevo-SERIAL openvpn[1183]: Socket Buffers: R=[163840->163840] S=[163840->163840]
2021-07-28T11:00:16.408872+02:00 klk-fevo-SERIAL openvpn[1183]: UDP link local: (not bound)
2021-07-28T11:00:16.409421+02:00 klk-fevo-SERIAL openvpn[1183]: UDP link remote: [AF_INET]x.x.x.x:1194
2021-07-28T11:00:16.431020+02:00 klk-fevo-SERIAL openvpn[1183]: TLS: Initial packet from [AF_INET]x.x.x.x:1194, sid=6aa08bb7 72a981e4
2021-07-28T11:00:16.460883+02:00 klk-fevo-SERIAL openvpn[1183]: VERIFY OK: depth=1, CN=cn_8AQUbm3PFw5ievQB
2021-07-28T11:00:16.475806+02:00 klk-fevo-SERIAL openvpn[1183]: VERIFY KU OK
2021-07-28T11:00:16.476396+02:00 klk-fevo-SERIAL openvpn[1183]: Validating certificate extended key usage
2021-07-28T11:00:16.476821+02:00 klk-fevo-SERIAL openvpn[1183]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2021-07-28T11:00:16.477206+02:00 klk-fevo-SERIAL openvpn[1183]: VERIFY EKU OK
2021-07-28T11:00:16.478167+02:00 klk-fevo-SERIAL openvpn[1183]: VERIFY X509NAME OK: CN=server_XL98c6RoSdvOVX3E
2021-07-28T11:00:16.478680+02:00 klk-fevo-SERIAL openvpn[1183]: VERIFY OK: depth=0, CN=server_XL98c6RoSdvOVX3E
2021-07-28T11:00:16.579172+02:00 klk-fevo-SERIAL openvpn[1183]: Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit EC, curve: prime256v1
2021-07-28T11:00:16.582991+02:00 klk-fevo-SERIAL openvpn[1183]: [server_XL98c6RoSdvOVX3E] Peer Connection Initiated with [AF_INET]x.x.x.x:1194
2021-07-28T11:00:17.782216+02:00 klk-fevo-SERIAL openvpn[1183]: SENT CONTROL [server_XL98c6RoSdvOVX3E]: 'PUSH_REQUEST' (status=1)
2021-07-28T11:00:17.800873+02:00 klk-fevo-SERIAL openvpn[1183]: PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 94.140.14.14,dhcp-option DNS 94.140.15.15,redirect-gateway def1 bypass-dhcp,tun-ipv6,route-ipv6 2000::/3,redirect-gateway ipv6,tun-ipv6,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig-ipv6 fd42:42:42:42::1000/112 fd42:42:42:42::1,ifconfig 10.8.0.2 255.255.255.0,peer-id 0,cipher AES-128-GCM'
2021-07-28T11:00:17.801132+02:00 klk-fevo-SERIAL openvpn[1183]: Note: option tun-ipv6 is ignored because modern operating systems do not need special IPv6 tun handling anymore.
2021-07-28T11:00:17.801245+02:00 klk-fevo-SERIAL openvpn[1183]: Note: option tun-ipv6 is ignored because modern operating systems do not need special IPv6 tun handling anymore.
2021-07-28T11:00:17.801505+02:00 klk-fevo-SERIAL openvpn[1183]: OPTIONS IMPORT: timers and/or timeouts modified
2021-07-28T11:00:17.801551+02:00 klk-fevo-SERIAL openvpn[1183]: OPTIONS IMPORT: --ifconfig/up options modified
2021-07-28T11:00:17.801588+02:00 klk-fevo-SERIAL openvpn[1183]: OPTIONS IMPORT: route options modified
2021-07-28T11:00:17.801629+02:00 klk-fevo-SERIAL openvpn[1183]: OPTIONS IMPORT: route-related options modified
2021-07-28T11:00:17.801668+02:00 klk-fevo-SERIAL openvpn[1183]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2021-07-28T11:00:17.801704+02:00 klk-fevo-SERIAL openvpn[1183]: OPTIONS IMPORT: peer-id set
2021-07-28T11:00:17.801744+02:00 klk-fevo-SERIAL openvpn[1183]: OPTIONS IMPORT: adjusting link_mtu to 1624
2021-07-28T11:00:17.801782+02:00 klk-fevo-SERIAL openvpn[1183]: OPTIONS IMPORT: data channel crypto options modified
2021-07-28T11:00:17.803298+02:00 klk-fevo-SERIAL openvpn[1183]: Outgoing Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
2021-07-28T11:00:17.803752+02:00 klk-fevo-SERIAL openvpn[1183]: Incoming Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
2021-07-28T11:00:17.804938+02:00 klk-fevo-SERIAL openvpn[1183]: ROUTE_GATEWAY 192.168.1.254/255.255.255.0 IFACE=eth0 HWADDR=70:76:ff:05:13:ec
2021-07-28T11:00:17.805575+02:00 klk-fevo-SERIAL openvpn[1183]: GDG6: remote_host_ipv6=n/a
2021-07-28T11:00:17.806879+02:00 klk-fevo-SERIAL openvpn[1183]: ROUTE6_GATEWAY fe80::5a2f:f7ff:fe2c:1cbc IFACE=eth0
2021-07-28T11:00:17.828089+02:00 klk-fevo-SERIAL openvpn[1183]: TUN/TAP device tun0 opened
2021-07-28T11:00:17.833453+02:00 klk-fevo-SERIAL openvpn[1183]: TUN/TAP TX queue length set to 100
2021-07-28T11:00:17.839498+02:00 klk-fevo-SERIAL openvpn[1183]: do_ifconfig, tt->did_ifconfig_ipv6_setup=1
2021-07-28T11:00:17.841422+02:00 klk-fevo-SERIAL openvpn[1183]: /sbin/ip link set dev tun0 up mtu 1500
2021-07-28T11:00:17.990268+02:00 klk-fevo-SERIAL openvpn[1183]: /sbin/ip addr add dev tun0 10.8.0.2/24 broadcast 10.8.0.255
2021-07-28T11:00:18.044362+02:00 klk-fevo-SERIAL openvpn[1183]: /sbin/ip -6 addr add fd42:42:42:42::1000/112 dev tun0
2021-07-28T11:00:18.084561+02:00 klk-fevo-SERIAL openvpn[1183]: /sbin/ip route add x.x.x.x/32 via 192.168.1.254
2021-07-28T11:00:18.116717+02:00 klk-fevo-SERIAL openvpn[1183]: /sbin/ip route add 0.0.0.0/1 via 10.8.0.1
2021-07-28T11:00:18.135137+02:00 klk-fevo-SERIAL openvpn[1183]: /sbin/ip route add 128.0.0.0/1 via 10.8.0.1
2021-07-28T11:00:18.161500+02:00 klk-fevo-SERIAL openvpn[1183]: add_route_ipv6(2000::/3 -> fd42:42:42:42::1 metric -1) dev tun0
2021-07-28T11:00:18.161596+02:00 klk-fevo-SERIAL openvpn[1183]: /sbin/ip -6 route add 2000::/3 dev tun0
2021-07-28T11:00:18.187110+02:00 klk-fevo-SERIAL openvpn[1183]: add_route_ipv6(::/3 -> fd42:42:42:42::1 metric -1) dev tun0
2021-07-28T11:00:18.187208+02:00 klk-fevo-SERIAL openvpn[1183]: /sbin/ip -6 route add ::/3 dev tun0
2021-07-28T11:00:18.210611+02:00 klk-fevo-SERIAL openvpn[1183]: add_route_ipv6(2000::/4 -> fd42:42:42:42::1 metric -1) dev tun0
2021-07-28T11:00:18.210708+02:00 klk-fevo-SERIAL openvpn[1183]: /sbin/ip -6 route add 2000::/4 dev tun0
2021-07-28T11:00:18.232474+02:00 klk-fevo-SERIAL openvpn[1183]: add_route_ipv6(3000::/4 -> fd42:42:42:42::1 metric -1) dev tun0
2021-07-28T11:00:18.232569+02:00 klk-fevo-SERIAL openvpn[1183]: /sbin/ip -6 route add 3000::/4 dev tun0
2021-07-28T11:00:18.255326+02:00 klk-fevo-SERIAL openvpn[1183]: add_route_ipv6(fc00::/7 -> fd42:42:42:42::1 metric -1) dev tun0
2021-07-28T11:00:18.255423+02:00 klk-fevo-SERIAL openvpn[1183]: /sbin/ip -6 route add fc00::/7 dev tun0
2021-07-28T11:00:18.280757+02:00 klk-fevo-SERIAL openvpn[1183]: Initialization Sequence Completed
2021-07-28T11:49:28.361296+02:00 klk-fevo-SERIAL openvpn[1183]: [server_XL98c6RoSdvOVX3E] Inactivity timeout (--ping-restart), restarting
2021-07-28T11:49:28.362083+02:00 klk-fevo-SERIAL openvpn[1183]: SIGUSR1[soft,ping-restart] received, process restarting
2021-07-28T11:49:28.362176+02:00 klk-fevo-SERIAL openvpn[1183]: Restart pause, 5 second(s)
2021-07-28T11:49:33.362768+02:00 klk-fevo-SERIAL openvpn[1183]: TCP/UDP: Preserving recently used remote address: [AF_INET]x.x.x.x:1194
2021-07-28T11:49:33.362923+02:00 klk-fevo-SERIAL openvpn[1183]: Socket Buffers: R=[163840->163840] S=[163840->163840]
2021-07-28T11:49:33.362975+02:00 klk-fevo-SERIAL openvpn[1183]: UDP link local: (not bound)
2021-07-28T11:49:33.363028+02:00 klk-fevo-SERIAL openvpn[1183]: UDP link remote: [AF_INET]x.x.x.x:1194
2021-07-28T11:49:33.382212+02:00 klk-fevo-SERIAL openvpn[1183]: TLS: Initial packet from [AF_INET]x.x.x.x:1194, sid=1f273218 b407cf63
2021-07-28T11:49:33.404813+02:00 klk-fevo-SERIAL openvpn[1183]: VERIFY OK: depth=1, CN=cn_8AQUbm3PFw5ievQB
2021-07-28T11:49:33.417769+02:00 klk-fevo-SERIAL openvpn[1183]: VERIFY KU OK
2021-07-28T11:49:33.418334+02:00 klk-fevo-SERIAL openvpn[1183]: Validating certificate extended key usage
2021-07-28T11:49:33.420610+02:00 klk-fevo-SERIAL openvpn[1183]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2021-07-28T11:49:33.421323+02:00 klk-fevo-SERIAL openvpn[1183]: VERIFY EKU OK
2021-07-28T11:49:33.421744+02:00 klk-fevo-SERIAL openvpn[1183]: VERIFY X509NAME OK: CN=server_XL98c6RoSdvOVX3E
2021-07-28T11:49:33.422189+02:00 klk-fevo-SERIAL openvpn[1183]: VERIFY OK: depth=0, CN=server_XL98c6RoSdvOVX3E
2021-07-28T11:49:33.501609+02:00 klk-fevo-SERIAL openvpn[1183]: Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit EC, curve: prime256v1
2021-07-28T11:49:33.501746+02:00 klk-fevo-SERIAL openvpn[1183]: [server_XL98c6RoSdvOVX3E] Peer Connection Initiated with [AF_INET]x.x.x.x:1194
2021-07-28T11:49:34.736267+02:00 klk-fevo-SERIAL openvpn[1183]: SENT CONTROL [server_XL98c6RoSdvOVX3E]: 'PUSH_REQUEST' (status=1)
2021-07-28T11:49:34.754936+02:00 klk-fevo-SERIAL openvpn[1183]: PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 94.140.14.14,dhcp-option DNS 94.140.15.15,redirect-gateway def1 bypass-dhcp,tun-ipv6,route-ipv6 2000::/3,redirect-gateway ipv6,tun-ipv6,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig-ipv6 fd42:42:42:42::1001/112 fd42:42:42:42::1,ifconfig 10.8.0.3 255.255.255.0,peer-id 1,cipher AES-128-GCM'
2021-07-28T11:49:34.755182+02:00 klk-fevo-SERIAL openvpn[1183]: Note: option tun-ipv6 is ignored because modern operating systems do not need special IPv6 tun handling anymore.
2021-07-28T11:49:34.755273+02:00 klk-fevo-SERIAL openvpn[1183]: Note: option tun-ipv6 is ignored because modern operating systems do not need special IPv6 tun handling anymore.
2021-07-28T11:49:34.755512+02:00 klk-fevo-SERIAL openvpn[1183]: OPTIONS IMPORT: timers and/or timeouts modified
2021-07-28T11:49:34.755553+02:00 klk-fevo-SERIAL openvpn[1183]: OPTIONS IMPORT: --ifconfig/up options modified
2021-07-28T11:49:34.755590+02:00 klk-fevo-SERIAL openvpn[1183]: OPTIONS IMPORT: route options modified
2021-07-28T11:49:34.755627+02:00 klk-fevo-SERIAL openvpn[1183]: OPTIONS IMPORT: route-related options modified
2021-07-28T11:49:34.755668+02:00 klk-fevo-SERIAL openvpn[1183]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2021-07-28T11:49:34.755707+02:00 klk-fevo-SERIAL openvpn[1183]: OPTIONS IMPORT: peer-id set
2021-07-28T11:49:34.755745+02:00 klk-fevo-SERIAL openvpn[1183]: OPTIONS IMPORT: adjusting link_mtu to 1624
2021-07-28T11:49:34.755785+02:00 klk-fevo-SERIAL openvpn[1183]: OPTIONS IMPORT: data channel crypto options modified
2021-07-28T11:49:34.757292+02:00 klk-fevo-SERIAL openvpn[1183]: Outgoing Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
2021-07-28T11:49:34.757823+02:00 klk-fevo-SERIAL openvpn[1183]: Incoming Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
2021-07-28T11:49:34.758252+02:00 klk-fevo-SERIAL openvpn[1183]: Preserving previous TUN/TAP instance: tun0
2021-07-28T11:49:34.758720+02:00 klk-fevo-SERIAL openvpn[1183]: NOTE: Pulled options changed on restart, will need to close and reopen TUN/TAP device.
2021-07-28T11:49:34.759176+02:00 klk-fevo-SERIAL openvpn[1183]: /sbin/ip route del x.x.x.x/32
2021-07-28T11:49:34.770475+02:00 klk-fevo-SERIAL openvpn[1183]: /sbin/ip route del 0.0.0.0/1
2021-07-28T11:49:34.781280+02:00 klk-fevo-SERIAL openvpn[1183]: /sbin/ip route del 128.0.0.0/1
2021-07-28T11:49:34.792152+02:00 klk-fevo-SERIAL openvpn[1183]: delete_route_ipv6(2000::/3)
2021-07-28T11:49:34.792268+02:00 klk-fevo-SERIAL openvpn[1183]: /sbin/ip -6 route del 2000::/3 dev tun0
2021-07-28T11:49:34.803428+02:00 klk-fevo-SERIAL openvpn[1183]: delete_route_ipv6(::/3)
2021-07-28T11:49:34.803537+02:00 klk-fevo-SERIAL openvpn[1183]: /sbin/ip -6 route del ::/3 dev tun0
2021-07-28T11:49:34.814964+02:00 klk-fevo-SERIAL openvpn[1183]: delete_route_ipv6(2000::/4)
2021-07-28T11:49:34.815076+02:00 klk-fevo-SERIAL openvpn[1183]: /sbin/ip -6 route del 2000::/4 dev tun0
2021-07-28T11:49:34.827193+02:00 klk-fevo-SERIAL openvpn[1183]: delete_route_ipv6(3000::/4)
2021-07-28T11:49:34.827314+02:00 klk-fevo-SERIAL openvpn[1183]: /sbin/ip -6 route del 3000::/4 dev tun0
2021-07-28T11:49:34.839673+02:00 klk-fevo-SERIAL openvpn[1183]: delete_route_ipv6(fc00::/7)
2021-07-28T11:49:34.839784+02:00 klk-fevo-SERIAL openvpn[1183]: /sbin/ip -6 route del fc00::/7 dev tun0
2021-07-28T11:49:34.851411+02:00 klk-fevo-SERIAL openvpn[1183]: Closing TUN/TAP interface
2021-07-28T11:49:34.851521+02:00 klk-fevo-SERIAL openvpn[1183]: /sbin/ip addr del dev tun0 10.8.0.2/24
2021-07-28T11:49:34.872301+02:00 klk-fevo-SERIAL openvpn[1183]: /sbin/ip -6 addr del fd42:42:42:42::1000/112 dev tun0
2021-07-28T11:49:35.933428+02:00 klk-fevo-SERIAL openvpn[1183]: ROUTE_GATEWAY 192.168.1.254/255.255.255.0 IFACE=eth0 HWADDR=70:76:ff:05:13:ec
2021-07-28T11:49:35.933544+02:00 klk-fevo-SERIAL openvpn[1183]: GDG6: remote_host_ipv6=n/a
2021-07-28T11:49:35.933936+02:00 klk-fevo-SERIAL openvpn[1183]: ROUTE6_GATEWAY fe80::5a2f:f7ff:fe2c:1cbc IFACE=eth0
2021-07-28T11:49:35.944776+02:00 klk-fevo-SERIAL openvpn[1183]: TUN/TAP device tun0 opened
2021-07-28T11:49:35.948136+02:00 klk-fevo-SERIAL openvpn[1183]: TUN/TAP TX queue length set to 100
2021-07-28T11:49:35.948645+02:00 klk-fevo-SERIAL openvpn[1183]: do_ifconfig, tt->did_ifconfig_ipv6_setup=1
2021-07-28T11:49:35.949115+02:00 klk-fevo-SERIAL openvpn[1183]: /sbin/ip link set dev tun0 up mtu 1500
2021-07-28T11:49:35.975238+02:00 klk-fevo-SERIAL openvpn[1183]: /sbin/ip addr add dev tun0 10.8.0.3/24 broadcast 10.8.0.255
2021-07-28T11:49:36.005516+02:00 klk-fevo-SERIAL openvpn[1183]: /sbin/ip -6 addr add fd42:42:42:42::1001/112 dev tun0
2021-07-28T11:49:36.031261+02:00 klk-fevo-SERIAL openvpn[1183]: /sbin/ip route add x.x.x.x/32 via 192.168.1.254
2021-07-28T11:49:36.048481+02:00 klk-fevo-SERIAL openvpn[1183]: /sbin/ip route add 0.0.0.0/1 via 10.8.0.1
2021-07-28T11:49:36.072209+02:00 klk-fevo-SERIAL openvpn[1183]: /sbin/ip route add 128.0.0.0/1 via 10.8.0.1
2021-07-28T11:49:36.083580+02:00 klk-fevo-SERIAL openvpn[1183]: add_route_ipv6(2000::/3 -> fd42:42:42:42::1 metric -1) dev tun0
2021-07-28T11:49:36.083676+02:00 klk-fevo-SERIAL openvpn[1183]: /sbin/ip -6 route add 2000::/3 dev tun0
2021-07-28T11:49:36.095341+02:00 klk-fevo-SERIAL openvpn[1183]: add_route_ipv6(::/3 -> fd42:42:42:42::1 metric -1) dev tun0
2021-07-28T11:49:36.095438+02:00 klk-fevo-SERIAL openvpn[1183]: /sbin/ip -6 route add ::/3 dev tun0
2021-07-28T11:49:36.107301+02:00 klk-fevo-SERIAL openvpn[1183]: add_route_ipv6(2000::/4 -> fd42:42:42:42::1 metric -1) dev tun0
2021-07-28T11:49:36.107398+02:00 klk-fevo-SERIAL openvpn[1183]: /sbin/ip -6 route add 2000::/4 dev tun0
2021-07-28T11:49:36.118761+02:00 klk-fevo-SERIAL openvpn[1183]: add_route_ipv6(3000::/4 -> fd42:42:42:42::1 metric -1) dev tun0
2021-07-28T11:49:36.118857+02:00 klk-fevo-SERIAL openvpn[1183]: /sbin/ip -6 route add 3000::/4 dev tun0
2021-07-28T11:49:36.130139+02:00 klk-fevo-SERIAL openvpn[1183]: add_route_ipv6(fc00::/7 -> fd42:42:42:42::1 metric -1) dev tun0
2021-07-28T11:49:36.130235+02:00 klk-fevo-SERIAL openvpn[1183]: /sbin/ip -6 route add fc00::/7 dev tun0
2021-07-28T11:49:36.142899+02:00 klk-fevo-SERIAL openvpn[1183]: Initialization Sequence Completed
2021-07-28T11:49:45.732402+02:00 klk-fevo-SERIAL openvpn[1641]: Unrecognized option or missing or extra parameter(s) in /etc/openvpn/gate-17072021-TEST.conf:19: block-outside-dns (2.4.4)
2021-07-28T11:49:45.733834+02:00 klk-fevo-SERIAL openvpn[1641]: OpenVPN 2.4.4 arm-poky-linux-gnueabi [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Feb 18 2020
2021-07-28T11:49:45.734533+02:00 klk-fevo-SERIAL openvpn[1641]: library versions: OpenSSL 1.0.2n  7 Dec 2017, LZO 2.10
2021-07-28T11:49:45.763030+02:00 klk-fevo-SERIAL openvpn[1642]: Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2021-07-28T11:49:45.763929+02:00 klk-fevo-SERIAL openvpn[1642]: Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2021-07-28T11:49:45.764400+02:00 klk-fevo-SERIAL openvpn[1642]: Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2021-07-28T11:49:45.765371+02:00 klk-fevo-SERIAL openvpn[1642]: Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2021-07-28T11:49:45.770852+02:00 klk-fevo-SERIAL openvpn[1642]: TCP/UDP: Preserving recently used remote address: [AF_INET]x.x.x.x:1194
2021-07-28T11:49:45.771692+02:00 klk-fevo-SERIAL openvpn[1642]: Socket Buffers: R=[163840->163840] S=[163840->163840]
2021-07-28T11:49:45.772139+02:00 klk-fevo-SERIAL openvpn[1642]: UDP link local: (not bound)
2021-07-28T11:49:45.773241+02:00 klk-fevo-SERIAL openvpn[1642]: UDP link remote: [AF_INET]x.x.x.x:1194
2021-07-28T11:49:45.793183+02:00 klk-fevo-SERIAL openvpn[1642]: TLS: Initial packet from [AF_INET]x.x.x.x:1194, sid=09435b5c ee6db952
2021-07-28T11:49:45.816713+02:00 klk-fevo-SERIAL openvpn[1642]: VERIFY OK: depth=1, CN=cn_8AQUbm3PFw5ievQB
2021-07-28T11:49:45.835133+02:00 klk-fevo-SERIAL openvpn[1642]: VERIFY KU OK
2021-07-28T11:49:45.835839+02:00 klk-fevo-SERIAL openvpn[1642]: Validating certificate extended key usage
2021-07-28T11:49:45.836287+02:00 klk-fevo-SERIAL openvpn[1642]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2021-07-28T11:49:45.836679+02:00 klk-fevo-SERIAL openvpn[1642]: VERIFY EKU OK
2021-07-28T11:49:45.837703+02:00 klk-fevo-SERIAL openvpn[1642]: VERIFY X509NAME OK: CN=server_XL98c6RoSdvOVX3E
2021-07-28T11:49:45.838138+02:00 klk-fevo-SERIAL openvpn[1642]: VERIFY OK: depth=0, CN=server_XL98c6RoSdvOVX3E
2021-07-28T11:49:45.931675+02:00 klk-fevo-SERIAL openvpn[1642]: Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit EC, curve: prime256v1
2021-07-28T11:49:45.931808+02:00 klk-fevo-SERIAL openvpn[1642]: [server_XL98c6RoSdvOVX3E] Peer Connection Initiated with [AF_INET]x.x.x.x:1194
2021-07-28T11:49:47.103668+02:00 klk-fevo-SERIAL openvpn[1642]: SENT CONTROL [server_XL98c6RoSdvOVX3E]: 'PUSH_REQUEST' (status=1)
2021-07-28T11:49:47.122501+02:00 klk-fevo-SERIAL openvpn[1642]: PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 94.140.14.14,dhcp-option DNS 94.140.15.15,redirect-gateway def1 bypass-dhcp,tun-ipv6,route-ipv6 2000::/3,redirect-gateway ipv6,tun-ipv6,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig-ipv6 fd42:42:42:42::1002/112 fd42:42:42:42::1,ifconfig 10.8.0.4 255.255.255.0,peer-id 2,cipher AES-128-GCM'
2021-07-28T11:49:47.122856+02:00 klk-fevo-SERIAL openvpn[1642]: Note: option tun-ipv6 is ignored because modern operating systems do not need special IPv6 tun handling anymore.
2021-07-28T11:49:47.123046+02:00 klk-fevo-SERIAL openvpn[1642]: Note: option tun-ipv6 is ignored because modern operating systems do not need special IPv6 tun handling anymore.
2021-07-28T11:49:47.123386+02:00 klk-fevo-SERIAL openvpn[1642]: OPTIONS IMPORT: timers and/or timeouts modified
2021-07-28T11:49:47.124164+02:00 klk-fevo-SERIAL openvpn[1642]: OPTIONS IMPORT: --ifconfig/up options modified
2021-07-28T11:49:47.124558+02:00 klk-fevo-SERIAL openvpn[1642]: OPTIONS IMPORT: route options modified
2021-07-28T11:49:47.124916+02:00 klk-fevo-SERIAL openvpn[1642]: OPTIONS IMPORT: route-related options modified
2021-07-28T11:49:47.125261+02:00 klk-fevo-SERIAL openvpn[1642]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2021-07-28T11:49:47.125592+02:00 klk-fevo-SERIAL openvpn[1642]: OPTIONS IMPORT: peer-id set
2021-07-28T11:49:47.125920+02:00 klk-fevo-SERIAL openvpn[1642]: OPTIONS IMPORT: adjusting link_mtu to 1624
2021-07-28T11:49:47.126244+02:00 klk-fevo-SERIAL openvpn[1642]: OPTIONS IMPORT: data channel crypto options modified
2021-07-28T11:49:47.127674+02:00 klk-fevo-SERIAL openvpn[1642]: Outgoing Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
2021-07-28T11:49:47.128291+02:00 klk-fevo-SERIAL openvpn[1642]: Incoming Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
2021-07-28T11:49:47.134529+02:00 klk-fevo-SERIAL openvpn[1642]: ROUTE_GATEWAY 192.168.1.254/255.255.255.0 IFACE=eth0 HWADDR=70:76:ff:05:13:ec
2021-07-28T11:49:47.135098+02:00 klk-fevo-SERIAL openvpn[1642]: GDG6: remote_host_ipv6=n/a
2021-07-28T11:49:47.136174+02:00 klk-fevo-SERIAL openvpn[1642]: ROUTE6_GATEWAY :: ON_LINK IFACE=tun0
2021-07-28T11:49:47.146667+02:00 klk-fevo-SERIAL openvpn[1642]: TUN/TAP device tun1 opened
2021-07-28T11:49:47.153428+02:00 klk-fevo-SERIAL openvpn[1642]: TUN/TAP TX queue length set to 100
2021-07-28T11:49:47.154066+02:00 klk-fevo-SERIAL openvpn[1642]: do_ifconfig, tt->did_ifconfig_ipv6_setup=1
2021-07-28T11:49:47.155702+02:00 klk-fevo-SERIAL openvpn[1642]: /sbin/ip link set dev tun1 up mtu 1500
2021-07-28T11:49:47.191077+02:00 klk-fevo-SERIAL openvpn[1642]: /sbin/ip addr add dev tun1 10.8.0.4/24 broadcast 10.8.0.255
2021-07-28T11:49:47.233401+02:00 klk-fevo-SERIAL openvpn[1642]: /sbin/ip -6 addr add fd42:42:42:42::1002/112 dev tun1
2021-07-28T11:49:47.277355+02:00 klk-fevo-SERIAL openvpn[1642]: /sbin/ip route add x.x.x.x/32 via 192.168.1.254
2021-07-28T11:49:47.306315+02:00 klk-fevo-SERIAL openvpn[1642]: ERROR: Linux route add command failed: external program exited with error status: 2
2021-07-28T11:49:47.306439+02:00 klk-fevo-SERIAL openvpn[1642]: /sbin/ip route add 0.0.0.0/1 via 10.8.0.1
2021-07-28T11:49:47.350360+02:00 klk-fevo-SERIAL openvpn[1642]: ERROR: Linux route add command failed: external program exited with error status: 2
2021-07-28T11:49:47.350483+02:00 klk-fevo-SERIAL openvpn[1642]: /sbin/ip route add 128.0.0.0/1 via 10.8.0.1
2021-07-28T11:49:47.384665+02:00 klk-fevo-SERIAL openvpn[1642]: ERROR: Linux route add command failed: external program exited with error status: 2
2021-07-28T11:49:47.384780+02:00 klk-fevo-SERIAL openvpn[1642]: add_route_ipv6(2000::/3 -> fd42:42:42:42::1 metric -1) dev tun1
2021-07-28T11:49:47.384848+02:00 klk-fevo-SERIAL openvpn[1642]: /sbin/ip -6 route add 2000::/3 dev tun1
2021-07-28T11:49:47.408654+02:00 klk-fevo-SERIAL openvpn[1642]: ERROR: Linux route -6/-A inet6 add command failed: external program exited with error status: 2
2021-07-28T11:49:47.408767+02:00 klk-fevo-SERIAL openvpn[1642]: add_route_ipv6(::/3 -> fd42:42:42:42::1 metric -1) dev tun1
2021-07-28T11:49:47.408836+02:00 klk-fevo-SERIAL openvpn[1642]: /sbin/ip -6 route add ::/3 dev tun1
2021-07-28T11:49:47.439056+02:00 klk-fevo-SERIAL openvpn[1642]: ERROR: Linux route -6/-A inet6 add command failed: external program exited with error status: 2
2021-07-28T11:49:47.439166+02:00 klk-fevo-SERIAL openvpn[1642]: add_route_ipv6(2000::/4 -> fd42:42:42:42::1 metric -1) dev tun1
2021-07-28T11:49:47.439236+02:00 klk-fevo-SERIAL openvpn[1642]: /sbin/ip -6 route add 2000::/4 dev tun1
2021-07-28T11:49:47.460732+02:00 klk-fevo-SERIAL openvpn[1642]: ERROR: Linux route -6/-A inet6 add command failed: external program exited with error status: 2
2021-07-28T11:49:47.460845+02:00 klk-fevo-SERIAL openvpn[1642]: add_route_ipv6(3000::/4 -> fd42:42:42:42::1 metric -1) dev tun1
2021-07-28T11:49:47.461043+02:00 klk-fevo-SERIAL openvpn[1642]: /sbin/ip -6 route add 3000::/4 dev tun1
2021-07-28T11:49:47.478351+02:00 klk-fevo-SERIAL openvpn[1642]: ERROR: Linux route -6/-A inet6 add command failed: external program exited with error status: 2
2021-07-28T11:49:47.478464+02:00 klk-fevo-SERIAL openvpn[1642]: add_route_ipv6(fc00::/7 -> fd42:42:42:42::1 metric -1) dev tun1
2021-07-28T11:49:47.478533+02:00 klk-fevo-SERIAL openvpn[1642]: /sbin/ip -6 route add fc00::/7 dev tun1
2021-07-28T11:49:47.502248+02:00 klk-fevo-SERIAL openvpn[1642]: ERROR: Linux route -6/-A inet6 add command failed: external program exited with error status: 2
2021-07-28T11:49:47.502410+02:00 klk-fevo-SERIAL openvpn[1642]: Initialization Sequence Completed
2021-07-28T12:00:57.753193+02:00 klk-fevo-SERIAL KLK: REFTP INFO New CSV file 64SERIAL_rx_data_20210728090038.csv available

300000
OpenVPN Expert
Posts: 617
Joined: Tue May 01, 2012 9:30 pm

Re: unwrap error: packet too short

Post by 300000 » Wed Jul 28, 2021 11:28 am

Inactivity timeout (--ping-restart), restarting

you server cut it off after no active you need make it active for keep open server running, just adding this into your server so it will work for you

Code: Select all

keepalive 90 190
push "ping 190"

User avatar
TinCanTech
Forum Team
Posts: 9658
Joined: Fri Jun 03, 2016 1:17 pm

Re: unwrap error: packet too short

Post by TinCanTech » Wed Jul 28, 2021 11:29 am

Which version of openvpn does your server use ?

tontonjab
OpenVpn Newbie
Posts: 15
Joined: Sat Jul 24, 2021 4:13 pm

Re: unwrap error: packet too short

Post by tontonjab » Sat Jul 31, 2021 10:24 pm

Thx you a lot for your help, i wasnt able to access to internet for a while :(

OpenVPN 2.4.9 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 27 2021
library versions: OpenSSL 1.1.1f 31 Mar 2020, LZO 2.10
Originally developed by James Yonan
Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net>
Compile time defines: enable_async_push=no enable_comp_stub=no enable_crypto=yes enable_crypto_ofb_cfb=yes enable_debug=yes enable_def_auth=yes enable_dependency_tracking=no enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown enable_fast_install=needless enable_fragment=yes enable_iproute2=yes enable_libtool_lock=yes enable_lz4=yes enable_lzo=yes enable_maintainer_mode=no enable_management=yes enable_multihome=yes enable_option_checking=no enable_pam_dlopen=no enable_pedantic=no enable_pf=yes enable_pkcs11=yes enable_plugin_auth_pam=yes enable_plugin_down_root=yes enable_plugins=yes enable_port_share=yes enable_selinux=no enable_server=yes enable_shared=yes enable_shared_with_static_runtimes=no enable_silent_rules=no enable_small=no enable_static=yes enable_strict=no enable_strict_options=no enable_systemd=yes enable_werror=no enable_win32_dll=yes enable_x509_alt_username=yes with_aix_soname=aix with_crypto_library=openssl with_gnu_ld=yes with_mem_check=no with_sysroot=no



I will try

keepalive 90 190
push "ping 190"

User avatar
TinCanTech
Forum Team
Posts: 9658
Joined: Fri Jun 03, 2016 1:17 pm

Re: unwrap error: packet too short

Post by TinCanTech » Sat Jul 31, 2021 10:55 pm

TinCanTech wrote:
Wed Jul 28, 2021 11:29 am
Which version of openvpn does your server use ?
tontonjab wrote:
Sat Jul 31, 2021 10:24 pm
OpenVPN 2.4.9 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 27 2021
library versions: OpenSSL 1.1.1f 31 Mar 2020, LZO 2.10
Your client uses version 2.4.4:
tontonjab wrote:
Wed Jul 28, 2021 11:07 am
2021-07-28T11:00:16.367264+02:00 klk-fevo-SERIAL openvpn[1180]: OpenVPN 2.4.4 arm-poky-linux-gnueabi [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Feb 18 2020
There has been a lot of development.

Upgrade your client or define your compression model.
See: --comp-lzo and --compress in the manual: https://community.openvpn.net/openvpn/w ... n24ManPage

tontonjab
OpenVpn Newbie
Posts: 15
Joined: Sat Jul 24, 2021 4:13 pm

Re: unwrap error: packet too short

Post by tontonjab » Sat Jul 31, 2021 11:09 pm

I have to use LZO ? according to the doc, for backward comp. Why do you point this ?

A cant update openVPN, because its a device from the market. (LoRa gateway).

User avatar
TinCanTech
Forum Team
Posts: 9658
Joined: Fri Jun 03, 2016 1:17 pm

Re: unwrap error: packet too short

Post by TinCanTech » Sun Aug 01, 2021 1:37 pm

Try removing this from your client:

Code: Select all

persist-tun

tontonjab
OpenVpn Newbie
Posts: 15
Joined: Sat Jul 24, 2021 4:13 pm

Re: unwrap error: packet too short

Post by tontonjab » Mon Aug 02, 2021 3:52 pm

Hello TinCan, i have added LZO to my conf, now i have:


[olog]
Mon Aug 2 15:46:13 2021 us=667023 *.*.*.*:41551 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1550', remote='link-mtu 1549'
Mon Aug 2 15:46:13 2021 us=667049 *.*.*.*:41551 WARNING: 'comp-lzo' is present in local config but missing in remote config, local='comp-lzo'
Mon Aug 2 15:46:13 2021 us=728478 *.*.*.*:41551 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit EC, curve: prime256v1
Mon Aug 2 15:46:13 2021 us=728548 *.*.*.*:41551 [gate-02082021_0000003] Peer Connection Initiated with [AF_INET6]::ffff:*.*.*.*:41551
Mon Aug 2 15:46:13 2021 us=738208 gate-02082021_0000003/*.*.*.*:41551 MULTI_sva: pool returned IPv4=10.8.0.4, IPv6=fd42:42:42:42::1002
Mon Aug 2 15:46:13 2021 us=738270 gate-02082021_0000003/*.*.*.*:41551 MULTI: Learn: 10.8.0.4 -> gate-02082021_0000003/*.*.*.*:41551
Mon Aug 2 15:46:13 2021 us=738284 gate-02082021_0000003/*.*.*.*:41551 MULTI: primary virtual IP for gate-02082021_0000003/*.*.*.*:41551: 10.8.0.4
Mon Aug 2 15:46:13 2021 us=738296 gate-02082021_0000003/*.*.*.*:41551 MULTI: Learn: fd42:42:42:42::1002 -> gate-02082021_0000003/*.*.*.*:41551
Mon Aug 2 15:46:13 2021 us=738309 gate-02082021_0000003/*.*.*.*:41551 MULTI: primary virtual IPv6 for gate-02082021_0000003/*.*.*.*:41551: fd42:42:42:42::1002
Mon Aug 2 15:46:14 2021 us=915069 gate-02082021_0000003/*.*.*.*:41551 PUSH: Received control message: 'PUSH_REQUEST'
Mon Aug 2 15:46:14 2021 us=915225 gate-02082021_0000003/*.*.*.*:41551 SENT CONTROL [gate-02082021_0000003]: 'PUSH_REPLY,dhcp-option DNS 94.140.14.14,dhcp-option DNS 94.140.15.15,redirect-gateway def1 bypass-dhcp,tun-ipv6,route-ipv6 2000::/3,redirect-gateway ipv6,tun-ipv6,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig-ipv6 fd42:42:42:42::1002/112 fd42:42:42:42::1,ifconfig 10.8.0.4 255.255.255.0,peer-id 2,cipher AES-128-GCM' (status=1)
Mon Aug 2 15:46:14 2021 us=915311 gate-02082021_0000003/*.*.*.*:41551 Data Channel MTU parms [ L:1550 D:1450 EF:50 EB:406 ET:0 EL:3 ]
Mon Aug 2 15:46:14 2021 us=915514 gate-02082021_0000003/*.*.*.*:41551 Outgoing Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
Mon Aug 2 15:46:14 2021 us=915553 gate-02082021_0000003/*.*.*.*:41551 Incoming Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
Mon Aug 2 15:46:15 2021 us=249623 gate-02082021_0000003/*.*.*.*:41551 Bad LZO decompression header byte: 96
Mon Aug 2 15:46:15 2021 us=303133 gate-17072021-TEST/176.176.203.106:39416 Bad LZO decompression header byte: 42
Mon Aug 2 15:46:15 2021 us=328973 gate-17072021-TEST/176.176.203.106:49496 Bad LZO decompression header byte: 42
Mon Aug 2 15:46:19 2021 us=2714 gate-02082021_0000003/*.*.*.*:41551 Bad LZO decompression header byte: 96
Mon Aug 2 15:46:25 2021 us=520043 gate-17072021-TEST/176.176.203.106:39416 Bad LZO decompression header byte: 42
Mon Aug 2 15:46:25 2021 us=538987 gate-17072021-TEST/176.176.203.106:49496 Bad LZO decompression header byte: 42
Mon Aug 2 15:46:26 2021 us=682303 gate-02082021_0000003/*.*.*.*:41551 Bad LZO decompression header byte: 96
[/olog]

I have to add compress lzo to client too ?

I have removed persist-tun. Why do you point this ?

Since i added compress lzo, everything fail. If i add compress lzo to the client too, i have:
Mon Aug 2 15:55:22 2021 us=903752 Float requested for peer 0 to 176.176.203.106:46397
Mon Aug 2 15:55:22 2021 us=903792 AEAD Decrypt error: cipher final failed
Mon Aug 2 15:55:32 2021 us=953478 Float requested for peer 0 to 176.176.203.106:46397
Mon Aug 2 15:55:32 2021 us=953526 AEAD Decrypt error: cipher final failed

User avatar
TinCanTech
Forum Team
Posts: 9658
Joined: Fri Jun 03, 2016 1:17 pm

Re: unwrap error: packet too short

Post by TinCanTech » Mon Aug 02, 2021 4:17 pm

tontonjab wrote:
Mon Aug 02, 2021 3:52 pm
i have added LZO to my conf
Use this in your server:

Code: Select all

comp-lzo no
push "comp-lzo no"
compress no
push "compress no"
Use this in your client:

Code: Select all

comp-lzo no
tontonjab wrote:
Mon Aug 02, 2021 3:52 pm
I have removed persist-tun. Why do you point this ?
It interferes with resets.

tontonjab
OpenVpn Newbie
Posts: 15
Joined: Sat Jul 24, 2021 4:13 pm

Re: unwrap error: packet too short

Post by tontonjab » Mon Aug 02, 2021 4:37 pm

my server dont want to restart with this:

port 1194
proto udp6
dev tun
user nobody
group nogroup
persist-key
persist-tun
duplicate-cn
keepalive 10 120
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS 94.140.14.14"
push "dhcp-option DNS 94.140.15.15"
push "redirect-gateway def1 bypass-dhcp"
server-ipv6 fd42:42:42:42::/112
tun-ipv6
push tun-ipv6
push "route-ipv6 2000::/3"
push "redirect-gateway ipv6"
dh none
ecdh-curve prime256v1
tls-crypt tls-crypt.key
crl-verify crl.pem
ca ca.crt
cert server_XL98c6RoSdvOVX3E.crt
key server_XL98c6RoSdvOVX3E.key
auth SHA256
cipher AES-128-GCM
ncp-ciphers AES-128-GCM
tls-server
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
client-config-dir /etc/openvpn/ccd
status /var/log/openvpn/status.log
client-to-client
management 127.0.0.1 17562
verb 4
mute 20
status /var/log/openvpn-status.log
log-append /var/log/openvpn.log
comp-lzo no
push "comp-lzo no"
compress no
push "compress no"

tontonjab
OpenVpn Newbie
Posts: 15
Joined: Sat Jul 24, 2021 4:13 pm

Re: unwrap error: packet too short

Post by tontonjab » Mon Aug 02, 2021 5:06 pm

now... i have this kind of logs:


[olog]
Mon Aug 2 17:00:09 2021 us=188822 gate-17072021-TEST/*.*.*.*:58701 Data Channel MTU parms [ L:1549 D:1450 EF:49 EB:406 ET:0 EL:3 ]
Mon Aug 2 17:00:09 2021 us=188887 gate-17072021-TEST/*.*.*.*:58701 Outgoing Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
Mon Aug 2 17:00:09 2021 us=188897 gate-17072021-TEST/*.*.*.*:58701 Incoming Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
Mon Aug 2 17:00:10 2021 us=548466 gate-17072021-TEST/*.*.*.*:58701 IP packet with unknown IP version=15 seen
Mon Aug 2 17:00:12 2021 us=797275 gate-17072021-TEST/*.*.*.*:37423 IP packet with unknown IP version=15 seen
Mon Aug 2 17:00:12 2021 us=797356 gate-17072021-TEST/*.*.*.*:37423 IP packet with unknown IP version=15 seen
Mon Aug 2 17:00:14 2021 us=715360 gate-17072021-TEST/*.*.*.*:58701 IP packet with unknown IP version=15 seen
Mon Aug 2 17:00:22 2021 us=942469 gate-17072021-TEST/*.*.*.*:37423 IP packet with unknown IP version=15 seen
Mon Aug 2 17:00:24 2021 us=155921 gate-17072021-TEST/*.*.*.*:58701 IP packet with unknown IP version=15 seen
Mon Aug 2 17:00:27 2021 us=995568 gate-17072021-TEST/*.*.*.*:37423 IP packet with unknown IP version=15 seen
Mon Aug 2 17:00:34 2021 us=320107 gate-17072021-TEST/*.*.*.*:58701 IP packet with unknown IP version=15 seen
Mon Aug 2 17:00:38 2021 us=68917 gate-17072021-TEST/*.*.*.*:37423 IP packet with unknown IP version=15 seen
Mon Aug 2 17:00:42 2021 us=76007 gate-17072021-TEST/*.*.*.*:58701 IP packet with unknown IP version=15 seen
Mon Aug 2 17:00:49 2021 us=23984 gate-17072021-TEST/*.*.*.*:37423 IP packet with unknown IP version=15 seen
Mon Aug 2 17:00:52 2021 us=351016 gate-17072021-TEST/*.*.*.*:58701 IP packet with unknown IP version=15 seen
Mon Aug 2 17:00:59 2021 us=603968 gate-17072021-TEST/*.*.*.*:37423 IP packet with unknown IP version=15 seen
Mon Aug 2 17:01:03 2021 us=67276 gate-17072021-TEST/*.*.*.*:58701 IP packet with unknown IP version=15 seen
Mon Aug 2 17:01:09 2021 us=115492 gate-17072021-TEST/*.*.*.*:48864 [gate-17072021-TEST] Inactivity timeout (--ping-restart), restarting
Mon Aug 2 17:01:09 2021 us=115563 gate-17072021-TEST/*.*.*.*:48864 SIGUSR1[soft,ping-restart] received, client-instance restarting
Mon Aug 2 17:01:09 2021 us=978005 gate-17072021-TEST/*.*.*.*:37423 IP packet with unknown IP version=15 seen
Mon Aug 2 17:01:13 2021 us=451673 gate-17072021-TEST/*.*.*.*:58701 IP packet with unknown IP version=15 seen
Mon Aug 2 17:01:15 2021 us=996043 gate-17072021-TEST/*.*.*.*:58701 IP packet with unknown IP version=15 seen
Mon Aug 2 17:01:18 2021 us=796970 gate-17072021-TEST/*.*.*.*:37423 IP packet with unknown IP version=15 seen
Mon Aug 2 17:01:19 2021 us=796852 gate-17072021-TEST/*.*.*.*:37423 IP packet with unknown IP version=15 seen
Mon Aug 2 17:01:25 2021 us=857026 gate-17072021-TEST/*.*.*.*:58701 IP packet with unknown IP version=15 seen
Mon Aug 2 17:01:29 2021 us=119242 gate-17072021-TEST/*.*.*.*:37423 IP packet with unknown IP version=15 seen
Mon Aug 2 17:01:30 2021 us=76079 gate-17072021-TEST/*.*.*.*:37423 IP packet with unknown IP version=15 seen
Mon Aug 2 17:01:35 2021 us=446638 gate-17072021-TEST/*.*.*.*:58701 IP packet with unknown IP version=15 seen
Mon Aug 2 17:01:36 2021 us=405866 *.*.*.*:58491 VERIFY OK: depth=0, CN=gate-17072021-TEST
Mon Aug 2 17:01:36 2021 us=444620 *.*.*.*:58491 [gate-17072021-TEST] Peer Connection Initiated with [AF_INET6]::ffff:*.*.*.*:58491
Mon Aug 2 17:01:36 2021 us=444712 gate-17072021-TEST/*.*.*.*:58491 MULTI_sva: pool returned IPv4=10.8.0.4, IPv6=fd42:42:42:42::1002
Mon Aug 2 17:01:36 2021 us=444821 gate-17072021-TEST/*.*.*.*:58491 MULTI: Learn: 10.8.0.4 -> gate-17072021-TEST/*.*.*.*:58491
Mon Aug 2 17:01:36 2021 us=444851 gate-17072021-TEST/*.*.*.*:58491 MULTI: primary virtual IP for gate-17072021-TEST/*.*.*.*:58491: 10.8.0.4
Mon Aug 2 17:01:36 2021 us=444883 gate-17072021-TEST/*.*.*.*:58491 MULTI: Learn: fd42:42:42:42::1002 -> gate-17072021-TEST/*.*.*.*:58491
Mon Aug 2 17:01:36 2021 us=444912 gate-17072021-TEST/*.*.*.*:58491 MULTI: primary virtual IPv6 for gate-17072021-TEST/*.*.*.*:58491: fd42:42:42:42::1002
Mon Aug 2 17:01:37 2021 us=552481 gate-17072021-TEST/*.*.*.*:58491 PUSH: Received control message: 'PUSH_REQUEST'
Mon Aug 2 17:01:37 2021 us=552613 gate-17072021-TEST/*.*.*.*:58491 SENT CONTROL [gate-17072021-TEST]: 'PUSH_REPLY,dhcp-option DNS 94.140.14.14,dhcp-option DNS 94.140.15.15,redirect-gateway def1 bypass-dhcp,tun-ipv6,route-ipv6 2000::/3,redirect-gateway ipv6,tun-ipv6,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig-ipv6 fd42:42:42:42::1002/112 fd42:42:42:42::1,ifconfig 10.8.0.4 255.255.255.0,peer-id 2,cipher AES-128-GCM' (status=1)
Mon Aug 2 17:01:37 2021 us=552645 gate-17072021-TEST/*.*.*.*:58491 Data Channel MTU parms [ L:1549 D:1450 EF:49 EB:406 ET:0 EL:3 ]
Mon Aug 2 17:01:37 2021 us=552774 gate-17072021-TEST/*.*.*.*:58491 Outgoing Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
Mon Aug 2 17:01:37 2021 us=552796 gate-17072021-TEST/*.*.*.*:58491 Incoming Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
Mon Aug 2 17:01:38 2021 us=980755 gate-17072021-TEST/*.*.*.*:58491 IP packet with unknown IP version=15 seen
Mon Aug 2 17:01:41 2021 us=796708 gate-17072021-TEST/*.*.*.*:58701 IP packet with unknown IP version=15 seen
Mon Aug 2 17:01:43 2021 us=36509 gate-17072021-TEST/*.*.*.*:58491 IP packet with unknown IP version=15 seen
Mon Aug 2 17:01:44 2021 us=796586 gate-17072021-TEST/*.*.*.*:58701 IP packet with unknown IP version=15 seen
Mon Aug 2 17:01:51 2021 us=233395 gate-17072021-TEST/*.*.*.*:45815 [gate-17072021-TEST] Inactivity timeout (--ping-restart), restarting
Mon Aug 2 17:01:51 2021 us=233482 gate-17072021-TEST/*.*.*.*:45815 SIGUSR1[soft,ping-restart] received, client-instance restarting
Mon Aug 2 17:01:51 2021 us=836077 gate-17072021-TEST/*.*.*.*:58491 IP packet with unknown IP version=15 seen
Mon Aug 2 17:01:54 2021 us=671293 gate-17072021-TEST/*.*.*.*:58701 IP packet with unknown IP version=15 seen
Mon Aug 2 17:02:01 2021 us=219791 gate-17072021-TEST/*.*.*.*:58491 IP packet with unknown IP version=15 seen
Mon Aug 2 17:02:04 2021 us=540003 gate-17072021-TEST/*.*.*.*:58701 IP packet with unknown IP version=15 seen
Mon Aug 2 17:02:08 2021 us=476075 gate-17072021-TEST/*.*.*.*:58491 IP packet with unknown IP version=15 seen
Mon Aug 2 17:02:15 2021 us=136429 *.*.*.*:36621 VERIFY OK: depth=0, CN=gate-17072021-TEST
Mon Aug 2 17:02:15 2021 us=175268 *.*.*.*:36621 [gate-17072021-TEST] Peer Connection Initiated with [AF_INET6]::ffff:*.*.*.*:36621
Mon Aug 2 17:02:15 2021 us=175335 gate-17072021-TEST/*.*.*.*:36621 MULTI_sva: pool returned IPv4=10.8.0.5, IPv6=fd42:42:42:42::1003
Mon Aug 2 17:02:15 2021 us=175425 gate-17072021-TEST/*.*.*.*:36621 MULTI: Learn: 10.8.0.5 -> gate-17072021-TEST/*.*.*.*:36621
Mon Aug 2 17:02:15 2021 us=175444 gate-17072021-TEST/*.*.*.*:36621 MULTI: primary virtual IP for gate-17072021-TEST/*.*.*.*:36621: 10.8.0.5
Mon Aug 2 17:02:15 2021 us=175471 gate-17072021-TEST/*.*.*.*:36621 MULTI: Learn: fd42:42:42:42::1003 -> gate-17072021-TEST/*.*.*.*:36621
Mon Aug 2 17:02:15 2021 us=175501 gate-17072021-TEST/*.*.*.*:36621 MULTI: primary virtual IPv6 for gate-17072021-TEST/*.*.*.*:36621: fd42:42:42:42::1003
Mon Aug 2 17:02:16 2021 us=370302 gate-17072021-TEST/*.*.*.*:36621 PUSH: Received control message: 'PUSH_REQUEST'
Mon Aug 2 17:02:16 2021 us=370406 gate-17072021-TEST/*.*.*.*:36621 SENT CONTROL [gate-17072021-TEST]: 'PUSH_REPLY,dhcp-option DNS 94.140.14.14,dhcp-option DNS 94.140.15.15,redirect-gateway def1 bypass-dhcp,tun-ipv6,route-ipv6 2000::/3,redirect-gateway ipv6,tun-ipv6,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig-ipv6 fd42:42:42:42::1003/112 fd42:42:42:42::1,ifconfig 10.8.0.5 255.255.255.0,peer-id 3,cipher AES-128-GCM' (status=1)
Mon Aug 2 17:02:16 2021 us=370489 gate-17072021-TEST/*.*.*.*:36621 Data Channel MTU parms [ L:1549 D:1450 EF:49 EB:406 ET:0 EL:3 ]
Mon Aug 2 17:02:16 2021 us=370625 gate-17072021-TEST/*.*.*.*:36621 Outgoing Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
Mon Aug 2 17:02:16 2021 us=370648 gate-17072021-TEST/*.*.*.*:36621 Incoming Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
Mon Aug 2 17:02:17 2021 us=724238 gate-17072021-TEST/*.*.*.*:36621 IP packet with unknown IP version=15 seen
Mon Aug 2 17:02:18 2021 us=744117 gate-17072021-TEST/*.*.*.*:58491 IP packet with unknown IP version=15 seen
Mon Aug 2 17:02:20 2021 us=796857 gate-17072021-TEST/*.*.*.*:58491 IP packet with unknown IP version=15 seen
Mon Aug 2 17:02:21 2021 us=796859 gate-17072021-TEST/*.*.*.*:58491 IP packet with unknown IP version=15 seen
Mon Aug 2 17:02:21 2021 us=836055 gate-17072021-TEST/*.*.*.*:36621 IP packet with unknown IP version=15 seen
Mon Aug 2 17:02:30 2021 us=236026 gate-17072021-TEST/*.*.*.*:36621 IP packet with unknown IP version=15 seen
Mon Aug 2 17:02:31 2021 us=376023 gate-17072021-TEST/*.*.*.*:58491 IP packet with unknown IP version=15 seen
Mon Aug 2 17:02:40 2021 us=964340 gate-17072021-TEST/*.*.*.*:36621 IP packet with unknown IP version=15 seen
Mon Aug 2 17:02:41 2021 us=468529 gate-17072021-TEST/*.*.*.*:58491 IP packet with unknown IP version=15 seen
Mon Aug 2 17:02:43 2021 us=36117 gate-17072021-TEST/*.*.*.*:58491 IP packet with unknown IP version=15 seen
Mon Aug 2 17:02:46 2021 us=876064 gate-17072021-TEST/*.*.*.*:36621 IP packet with unknown IP version=15 seen
Mon Aug 2 17:02:53 2021 us=210813 gate-17072021-TEST/*.*.*.*:58491 IP packet with unknown IP version=15 seen
Mon Aug 2 17:02:56 2021 us=190127 gate-17072021-TEST/*.*.*.*:36621 IP packet with unknown IP version=15 seen
Mon Aug 2 17:03:03 2021 us=569945 gate-17072021-TEST/*.*.*.*:58491 IP packet with unknown IP version=15 seen
Mon Aug 2 17:03:06 2021 us=285917 gate-17072021-TEST/*.*.*.*:36621 IP packet with unknown IP version=15 seen
Mon Aug 2 17:03:13 2021 us=279779 gate-17072021-TEST/*.*.*.*:58491 IP packet with unknown IP version=15 seen
Mon Aug 2 17:03:16 2021 us=520990 gate-17072021-TEST/*.*.*.*:36621 IP packet with unknown IP version=15 seen
Mon Aug 2 17:03:19 2021 us=579151 gate-17072021-TEST/*.*.*.*:55418 [gate-17072021-TEST] Inactivity timeout (--ping-restart), restarting
Mon Aug 2 17:03:19 2021 us=579230 gate-17072021-TEST/*.*.*.*:55418 SIGUSR1[soft,ping-restart] received, client-instance restarting
Mon Aug 2 17:03:20 2021 us=156134 gate-17072021-TEST/*.*.*.*:36621 IP packet with unknown IP version=15 seen
Mon Aug 2 17:03:23 2021 us=361720 gate-17072021-TEST/*.*.*.*:58491 IP packet with unknown IP version=15 seen
Mon Aug 2 17:03:31 2021 us=226888 gate-17072021-TEST/*.*.*.*:36621 IP packet with unknown IP version=15 seen
Mon Aug 2 17:03:33 2021 us=293767 gate-17072021-TEST/*.*.*.*:58491 IP packet with unknown IP version=15 seen
Mon Aug 2 17:03:41 2021 us=200360 gate-17072021-TEST/*.*.*.*:36621 IP packet with unknown IP version=15 seen
Mon Aug 2 17:03:42 2021 us=832979 *.*.*.*:33178 VERIFY OK: depth=0, CN=gate-17072021-TEST
Mon Aug 2 17:03:42 2021 us=872356 *.*.*.*:33178 [gate-17072021-TEST] Peer Connection Initiated with [AF_INET6]::ffff:*.*.*.*:33178
Mon Aug 2 17:03:42 2021 us=872415 gate-17072021-TEST/*.*.*.*:33178 MULTI_sva: pool returned IPv4=10.8.0.6, IPv6=fd42:42:42:42::1004
Mon Aug 2 17:03:42 2021 us=872469 gate-17072021-TEST/*.*.*.*:33178 MULTI: Learn: 10.8.0.6 -> gate-17072021-TEST/*.*.*.*:33178
Mon Aug 2 17:03:42 2021 us=872484 gate-17072021-TEST/*.*.*.*:33178 MULTI: primary virtual IP for gate-17072021-TEST/*.*.*.*:33178: 10.8.0.6
Mon Aug 2 17:03:42 2021 us=872499 gate-17072021-TEST/*.*.*.*:33178 MULTI: Learn: fd42:42:42:42::1004 -> gate-17072021-TEST/*.*.*.*:33178
Mon Aug 2 17:03:42 2021 us=872535 gate-17072021-TEST/*.*.*.*:33178 MULTI: primary virtual IPv6 for gate-17072021-TEST/*.*.*.*:33178: fd42:42:42:42::1004
Mon Aug 2 17:03:43 2021 us=901879 gate-17072021-TEST/*.*.*.*:33178 PUSH: Received control message: 'PUSH_REQUEST'
Mon Aug 2 17:03:43 2021 us=901981 gate-17072021-TEST/*.*.*.*:33178 SENT CONTROL [gate-17072021-TEST]: 'PUSH_REPLY,dhcp-option DNS 94.140.14.14,dhcp-option DNS 94.140.15.15,redirect-gateway def1 bypass-dhcp,tun-ipv6,route-ipv6 2000::/3,redirect-gateway ipv6,tun-ipv6,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig-ipv6 fd42:42:42:42::1004/112 fd42:42:42:42::1,ifconfig 10.8.0.6 255.255.255.0,peer-id 4,cipher AES-128-GCM' (status=1)
Mon Aug 2 17:03:43 2021 us=902015 gate-17072021-TEST/*.*.*.*:33178 Data Channel MTU parms [ L:1549 D:1450 EF:49 EB:406 ET:0 EL:3 ]
Mon Aug 2 17:03:43 2021 us=902123 gate-17072021-TEST/*.*.*.*:33178 Outgoing Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
Mon Aug 2 17:03:43 2021 us=902142 gate-17072021-TEST/*.*.*.*:33178 Incoming Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
Mon Aug 2 17:03:45 2021 us=321892 gate-17072021-TEST/*.*.*.*:33178 IP packet with unknown IP version=15 seen
Mon Aug 2 17:03:47 2021 us=797199 gate-17072021-TEST/*.*.*.*:36621 IP packet with unknown IP version=15 seen
Mon Aug 2 17:03:48 2021 us=797169 gate-17072021-TEST/*.*.*.*:36621 IP packet with unknown IP version=15 seen
Mon Aug 2 17:03:49 2021 us=116115 gate-17072021-TEST/*.*.*.*:33178 IP packet with unknown IP version=15 seen
Mon Aug 2 17:03:57 2021 us=137855 gate-17072021-TEST/*.*.*.*:58548 [gate-17072021-TEST] Inactivity timeout (--ping-restart), restarting
Mon Aug 2 17:03:57 2021 us=137934 gate-17072021-TEST/*.*.*.*:58548 SIGUSR1[soft,ping-restart] received, client-instance restarting
Mon Aug 2 17:03:57 2021 us=276115 gate-17072021-TEST/*.*.*.*:33178 IP packet with unknown IP version=15 seen
Mon Aug 2 17:03:58 2021 us=505868 gate-17072021-TEST/*.*.*.*:36621 IP packet with unknown IP version=15 seen
Mon Aug 2 17:04:07 2021 us=414096 gate-17072021-TEST/*.*.*.*:33178 IP packet with unknown IP version=15 seen
Mon Aug 2 17:04:08 2021 us=143250 gate-17072021-TEST/*.*.*.*:36621 IP packet with unknown IP version=15 seen
Mon Aug 2 17:04:12 2021 us=635991 gate-17072021-TEST/*.*.*.*:33178 IP packet with unknown IP version=15 seen
[/olog]

User avatar
TinCanTech
Forum Team
Posts: 9658
Joined: Fri Jun 03, 2016 1:17 pm

Re: unwrap error: packet too short

Post by TinCanTech » Mon Aug 02, 2021 5:42 pm

May be you need to restart your server .. or may be you did not edit the correct server file ..

tontonjab
OpenVpn Newbie
Posts: 15
Joined: Sat Jul 24, 2021 4:13 pm

Re: unwrap error: packet too short

Post by tontonjab » Tue Aug 03, 2021 8:02 am

Without persist tun, the IP is "refreshed" every connection ? What is the bets approach to point the right client then. Open vpn have a local DNS ?

https://community.openvpn.net/openvpn/ticket/952
According to this, "comp-lzo no" and "compress" options not compatible. Can you help me with this ?

i try this:

comp-lzo no
push "comp-lzo no"
#compress no
#push "compress no

And it works. For the moment. I will see if my client drops....

I have something weird on my client:

tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.8.0.5 P-t-P:10.8.0.5 Mask:255.255.255.0
inet6 addr: fe80::eba7:fd9b:c714:239b/64 Scope:Link
inet6 addr: fd42:42:42:42::1003/112 Scope:Global
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:38 errors:0 dropped:0 overruns:0 frame:0
TX packets:90 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:3668 (3.5 KiB) TX bytes:7288 (7.1 KiB)

tun1 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.8.0.6 P-t-P:10.8.0.6 Mask:255.255.255.0
inet6 addr: fd42:42:42:42::1004/112 Scope:Global
inet6 addr: fe80::53fc:8b75:88e7:2ca3/64 Scope:Link
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:47 errors:0 dropped:0 overruns:0 frame:0
TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:4424 (4.3 KiB) TX bytes:288 (288.0 B)

tun0 works. 10.8.0.5 ping from the server. Why i have tun1 ? I have only one conf in /etc/openvpn. What am i doing wrong ?

User avatar
TinCanTech
Forum Team
Posts: 9658
Joined: Fri Jun 03, 2016 1:17 pm

Re: unwrap error: packet too short

Post by TinCanTech » Tue Aug 03, 2021 1:02 pm

tontonjab wrote:
Tue Aug 03, 2021 8:02 am
Why i have tun1 ? I have only one conf in /etc/openvpn. What am i doing wrong ?
I have no idea .. try stopping openvpn and see what you have.

And always read your log files..

tontonjab
OpenVpn Newbie
Posts: 15
Joined: Sat Jul 24, 2021 4:13 pm

Re: unwrap error: packet too short

Post by tontonjab » Wed Aug 04, 2021 10:19 am

TinCanTech wrote:
Sun Aug 01, 2021 1:37 pm
Try removing this from your client:

Code: Select all

persist-tun
My clients are connected to a broker, for the moment, i dont care what IP is assigned to my clients. Persist-tun seems to broke restart, but IP are changed every connection. (maybe i am wrong...)

Is there an openvpn "DNS" ? With the client name or something ?

User avatar
TinCanTech
Forum Team
Posts: 9658
Joined: Fri Jun 03, 2016 1:17 pm

Re: unwrap error: packet too short

Post by TinCanTech » Wed Aug 04, 2021 9:22 pm

Ask your broker.

300000
OpenVPN Expert
Posts: 617
Joined: Tue May 01, 2012 9:30 pm

Re: unwrap error: packet too short

Post by 300000 » Thu Aug 05, 2021 9:14 am

There is nothing wrong with your config . it is working and only disconnect when no active . just add keepalive and ping so it will work again for you.

From working openvpn client now you are mess up and if you try harder this will bring you to more mess .

tontonjab
OpenVpn Newbie
Posts: 15
Joined: Sat Jul 24, 2021 4:13 pm

Re: unwrap error: packet too short

Post by tontonjab » Thu Aug 05, 2021 10:35 am

keep alive and ping to the client conf ? ok

I still dont get the answer of TinCanTech: My broker is mosquitto. The client connect to the server through the VPN. I tried to fix IP with ipp.txt (not ok) and ccd (but it says that i have to use only ipv6... then only address are fixed and not ipv4, i thought it was impossible but ok..)

[oconf=]
port 1194
proto udp6
dev tun
user nobody
group nogroup
persist-key
persist-tun
duplicate-cn
keepalive 10 120
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS 94.140.14.14"
push "dhcp-option DNS 94.140.15.15"
push "redirect-gateway def1 bypass-dhcp"
server-ipv6 fd42:42:42:42::/112
tun-ipv6
push tun-ipv6
push "route-ipv6 2000::/3"
push "redirect-gateway ipv6"
dh none
ecdh-curve prime256v1
tls-crypt tls-crypt.key
crl-verify crl.pem
ca ca.crt
cert server_XerzrzerzerzerX3E.crt
key server_XerzrzerzerzerX3E.key
auth SHA256
cipher AES-128-GCM
ncp-ciphers AES-128-GCM
tls-server
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
client-config-dir /etc/openvpn/ccd
status /var/log/openvpn/status.log
client-to-client
verb 4
mute 20
status /var/log/openvpn-status.log
log-append /var/log/openvpn.log
comp-lzo no
push "comp-lzo no"
#compress no
#push "compress no
client-config-dir ccd
management 127.0.0.1 8989
[/oconf]

Post Reply