Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
Code: Select all
MULTI: bad source address from client [10.0.0.119Code: Select all
route 10.0.0.0 255.255.255.0
iroute 10.0.0.0 255.255.255.0
OK:
Code: Select all
port 1194
dev tun
# Use "local" to set the source address on multi-homed hosts
#local [IP address]
# TLS parms
tls-server
ca keys/ca.crt
cert keys/key.crt
key keys/key.key
dh keys/dh.pem
# Tell OpenVPN to be a multi-client udp server
mode server
# The server's virtual endpoints
ifconfig 10.8.0.1 10.8.0.2
# Pool of /30 subnets to be allocated to clients.
# When a client connects, an --ifconfig command
# will be automatically generated and pushed back to
# the client.
ifconfig-pool 10.8.0.4 10.8.0.255
# Push route to client to bind it to our local
# virtual endpoint.
push "route 10.8.0.1 255.255.255.255"
# Push any routes the client needs to get in
# to the local network.
#push "route 192.168.0.0 255.255.255.0"
# Push DHCP options to Windows clients.
#push "dhcp-option DOMAIN example.com"
#push "dhcp-option DNS 192.168.0.1"
#push "dhcp-option WINS 192.168.0.1"
# Client should attempt reconnection on link
# failure.
keepalive 10 60
# Delete client instances after some period
# of inactivity.
inactive 600
# Route the --ifconfig pool range into the
# OpenVPN server.
route 10.8.0.0 255.255.255.0
route 10.0.0.0 255.255.255.0
# The server doesn't need privileges
user openvpn
group openvpn
# Keep TUN devices and keys open across restarts.
persist-tun
persist-key
verb 4
client-config-dir /etc/openvpn/ccd
push "redirect-gateway def1 bypass-dhcp"Code: Select all
port 1194
dev tun
remote ec2.amazonaws.com
# TLS parms
tls-client
ca /home/key/ca.crt
cert /home/key.crt
key /home/key.key
# This parm is required for connecting
# to a multi-client server. It tells
# the client to accept options which
# the server pushes to us.
pull
# Scripts can be used to do various
# things (change nameservers, for
# example.
#up scripts/ifup-post
#down scripts/ifdown-post
verb 4
redirect-gateway def1Code: Select all
OpenVPN service for serverudp
Loaded: loaded (/usr/lib/systemd/system/openvpn-server@.service; enabled; vendor preset: disabled)
Active: active (running) since Tue 2019-02-19 21:47:29 UTC; 49s ago
Docs: man:openvpn(8)
https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage
https://community.openvpn.net/openvpn/wiki/HOWTO
Main PID: 20419 (openvpn)
Status: "Initialization Sequence Completed"
Tasks: 1 (limit: 2310)
Memory: 1.7M
CGroup: /system.slice/system-openvpn\x2dserver.slice/openvpn-server@serverudp.service
└─20419 /usr/sbin/openvpn --status /run/openvpn-server/status-serverudp.log --status-version 2 --suppress-timestamps --cipher AES-256>
Feb 19 21:47:46 ip172-ec2.internal openvpn[20419]: Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
Feb 19 21:47:46 ip-172.ec2.internal openvpn[20419]: Could not determine IPv4/IPv6 protocol. Using AF_INET
Feb 19 21:47:46 ip-172.ec2.internal openvpn[20419]: Socket Buffers: R=[212992->212992] S=[212992->212992]
Feb 19 21:47:46 ip-172.ec2.internal openvpn[20419]: UDPv4 link local (bound): [AF_INET][undef]:1194
Feb 19 21:47:46 ip-172.ec2.internal openvpn[20419]: UDPv4 link remote: [AF_UNSPEC]
Feb 19 21:47:46 ip-172.ec2.internal openvpn[20419]: GID set to openvpn
Feb 19 21:47:46 ip-172.ec2.internal openvpn[20419]: UID set to openvpn
Feb 19 21:47:46 ip-172.ec2.internal openvpn[20419]: MULTI: multi_init called, r=256 v=256
Feb 19 21:47:46 ip-172.ec2.internal openvpn[20419]: IFCONFIG POOL: base=10.8.0.4 size=63, ipv6=0
Feb 19 21:47:46 ip-172.ec2.internal openvpn[20419]: Initialization Sequence Completed
Code: Select all
Current Parameter Settings:
Tue Feb 19 17:03:50 2019 us=11851 config = '/etc/openvpn/client/client.conf'
Tue Feb 19 17:03:50 2019 us=11856 mode = 0
Tue Feb 19 17:03:50 2019 us=11860 persist_config = DISABLED
Tue Feb 19 17:03:50 2019 us=11863 persist_mode = 1
Tue Feb 19 17:03:50 2019 us=11867 show_ciphers = DISABLED
Tue Feb 19 17:03:50 2019 us=11870 show_digests = DISABLED
Tue Feb 19 17:03:50 2019 us=11873 show_engines = DISABLED
Tue Feb 19 17:03:50 2019 us=11877 genkey = DISABLED
Tue Feb 19 17:03:50 2019 us=11881 key_pass_file = '[UNDEF]'
Tue Feb 19 17:03:50 2019 us=11885 show_tls_ciphers = DISABLED
Tue Feb 19 17:03:50 2019 us=11889 connect_retry_max = 0
Tue Feb 19 17:03:50 2019 us=11893 Connection profiles [0]:
Tue Feb 19 17:03:50 2019 us=11896 proto = udp
Tue Feb 19 17:03:50 2019 us=11900 local = '[UNDEF]'
Tue Feb 19 17:03:50 2019 us=11904 local_port = '1194'
Tue Feb 19 17:03:50 2019 us=11908 remote = 'ec2.amazonaws.com'
Tue Feb 19 17:03:50 2019 us=11912 remote_port = '1194'
Tue Feb 19 17:03:50 2019 us=11915 remote_float = DISABLED
Tue Feb 19 17:03:50 2019 us=11919 bind_defined = DISABLED
Tue Feb 19 17:03:50 2019 us=11923 bind_local = ENABLED
Tue Feb 19 17:03:50 2019 us=11926 bind_ipv6_only = DISABLED
Tue Feb 19 17:03:50 2019 us=11930 connect_retry_seconds = 5
Tue Feb 19 17:03:50 2019 us=11934 connect_timeout = 120
Tue Feb 19 17:03:50 2019 us=11938 socks_proxy_server = '[UNDEF]'
Tue Feb 19 17:03:50 2019 us=11942 socks_proxy_port = '[UNDEF]'
Tue Feb 19 17:03:50 2019 us=11946 tun_mtu = 1500
Tue Feb 19 17:03:50 2019 us=11950 tun_mtu_defined = ENABLED
Tue Feb 19 17:03:50 2019 us=11954 link_mtu = 1500
Tue Feb 19 17:03:50 2019 us=11958 link_mtu_defined = DISABLED
Tue Feb 19 17:03:50 2019 us=11961 tun_mtu_extra = 0
Tue Feb 19 17:03:50 2019 us=11965 tun_mtu_extra_defined = DISABLED
Tue Feb 19 17:03:50 2019 us=11969 mtu_discover_type = -1
Tue Feb 19 17:03:50 2019 us=11973 fragment = 0
Tue Feb 19 17:03:50 2019 us=11977 mssfix = 1450
Tue Feb 19 17:03:50 2019 us=11980 explicit_exit_notification = 0
Tue Feb 19 17:03:50 2019 us=11984 Connection profiles END
Tue Feb 19 17:03:50 2019 us=11988 remote_random = DISABLED
Tue Feb 19 17:03:50 2019 us=11992 ipchange = '[UNDEF]'
Tue Feb 19 17:03:50 2019 us=11996 dev = 'tun'
Tue Feb 19 17:03:50 2019 us=12000 dev_type = '[UNDEF]'
Tue Feb 19 17:03:50 2019 us=12024 dev_node = '[UNDEF]'
Tue Feb 19 17:03:50 2019 us=12029 lladdr = '[UNDEF]'
Tue Feb 19 17:03:50 2019 us=12047 topology = 1
Tue Feb 19 17:03:50 2019 us=12051 ifconfig_local = '[UNDEF]'
Tue Feb 19 17:03:50 2019 us=12055 ifconfig_remote_netmask = '[UNDEF]'
Tue Feb 19 17:03:50 2019 us=12059 ifconfig_noexec = DISABLED
Tue Feb 19 17:03:50 2019 us=12063 ifconfig_nowarn = DISABLED
Tue Feb 19 17:03:50 2019 us=12066 ifconfig_ipv6_local = '[UNDEF]'
Tue Feb 19 17:03:50 2019 us=12070 ifconfig_ipv6_netbits = 0
Tue Feb 19 17:03:50 2019 us=12074 ifconfig_ipv6_remote = '[UNDEF]'
Tue Feb 19 17:03:50 2019 us=12078 shaper = 0
Tue Feb 19 17:03:50 2019 us=12081 mtu_test = 0
Tue Feb 19 17:03:50 2019 us=12085 mlock = DISABLED
Tue Feb 19 17:03:50 2019 us=12089 keepalive_ping = 0
Tue Feb 19 17:03:50 2019 us=12093 keepalive_timeout = 0
Tue Feb 19 17:03:50 2019 us=12097 inactivity_timeout = 0
Tue Feb 19 17:03:50 2019 us=12101 ping_send_timeout = 0
Tue Feb 19 17:03:50 2019 us=12104 ping_rec_timeout = 0
Tue Feb 19 17:03:50 2019 us=12108 ping_rec_timeout_action = 0
Tue Feb 19 17:03:50 2019 us=12112 ping_timer_remote = DISABLED
Tue Feb 19 17:03:50 2019 us=12116 remap_sigusr1 = 0
Tue Feb 19 17:03:50 2019 us=12120 persist_tun = DISABLED
Tue Feb 19 17:03:50 2019 us=12124 persist_local_ip = DISABLED
Tue Feb 19 17:03:50 2019 us=12127 persist_remote_ip = DISABLED
Tue Feb 19 17:03:50 2019 us=12131 persist_key = DISABLED
Tue Feb 19 17:03:50 2019 us=12135 passtos = DISABLED
Tue Feb 19 17:03:50 2019 us=12139 resolve_retry_seconds = 1000000000
Tue Feb 19 17:03:50 2019 us=12143 resolve_in_advance = DISABLED
Tue Feb 19 17:03:50 2019 us=12146 username = '[UNDEF]'
Tue Feb 19 17:03:50 2019 us=12150 groupname = '[UNDEF]'
Tue Feb 19 17:03:50 2019 us=12154 chroot_dir = '[UNDEF]'
Tue Feb 19 17:03:50 2019 us=12158 cd_dir = '[UNDEF]'
Tue Feb 19 17:03:50 2019 us=12161 selinux_context = '[UNDEF]'
Tue Feb 19 17:03:50 2019 us=12165 writepid = '[UNDEF]'
Tue Feb 19 17:03:50 2019 us=12169 up_script = '[UNDEF]'
Tue Feb 19 17:03:50 2019 us=12173 down_script = '[UNDEF]'
Tue Feb 19 17:03:50 2019 us=12176 down_pre = DISABLED
Tue Feb 19 17:03:50 2019 us=12180 up_restart = DISABLED
Tue Feb 19 17:03:50 2019 us=12184 up_delay = DISABLED
Tue Feb 19 17:03:50 2019 us=12188 daemon = DISABLED
Tue Feb 19 17:03:50 2019 us=12191 inetd = 0
Tue Feb 19 17:03:50 2019 us=12195 log = DISABLED
Tue Feb 19 17:03:50 2019 us=12199 suppress_timestamps = DISABLED
Tue Feb 19 17:03:50 2019 us=12203 machine_readable_output = DISABLED
Tue Feb 19 17:03:50 2019 us=12207 nice = 0
Tue Feb 19 17:03:50 2019 us=12211 verbosity = 4
Tue Feb 19 17:03:50 2019 us=12215 mute = 0
Tue Feb 19 17:03:50 2019 us=12218 gremlin = 0
Tue Feb 19 17:03:50 2019 us=12222 status_file = '[UNDEF]'
Tue Feb 19 17:03:50 2019 us=12226 status_file_version = 1
Tue Feb 19 17:03:50 2019 us=12230 status_file_update_freq = 60
Tue Feb 19 17:03:50 2019 us=12234 occ = ENABLED
Tue Feb 19 17:03:50 2019 us=12237 rcvbuf = 0
Tue Feb 19 17:03:50 2019 us=12241 sndbuf = 0
Tue Feb 19 17:03:50 2019 us=12245 mark = 0
Tue Feb 19 17:03:50 2019 us=12249 sockflags = 0
Tue Feb 19 17:03:50 2019 us=12252 fast_io = DISABLED
Tue Feb 19 17:03:50 2019 us=12256 comp.alg = 0
Tue Feb 19 17:03:50 2019 us=12260 comp.flags = 0
Tue Feb 19 17:03:50 2019 us=12264 route_script = '[UNDEF]'
Tue Feb 19 17:03:50 2019 us=12267 route_default_gateway = '[UNDEF]'
Tue Feb 19 17:03:50 2019 us=12271 route_default_metric = 0
Tue Feb 19 17:03:50 2019 us=12275 route_noexec = DISABLED
Tue Feb 19 17:03:50 2019 us=12279 route_delay = 0
Tue Feb 19 17:03:50 2019 us=12282 route_delay_window = 30
Tue Feb 19 17:03:50 2019 us=12286 route_delay_defined = DISABLED
Tue Feb 19 17:03:50 2019 us=12290 route_nopull = DISABLED
Tue Feb 19 17:03:50 2019 us=12293 route_gateway_via_dhcp = DISABLED
Tue Feb 19 17:03:50 2019 us=12297 allow_pull_fqdn = DISABLED
Tue Feb 19 17:03:50 2019 us=12301 [redirect_default_gateway local=0]
Tue Feb 19 17:03:50 2019 us=12305 management_addr = '[UNDEF]'
Tue Feb 19 17:03:50 2019 us=12309 management_port = '[UNDEF]'
Tue Feb 19 17:03:50 2019 us=12313 management_user_pass = '[UNDEF]'
Tue Feb 19 17:03:50 2019 us=12317 management_log_history_cache = 250
Tue Feb 19 17:03:50 2019 us=12320 management_echo_buffer_size = 100
Tue Feb 19 17:03:50 2019 us=12324 management_write_peer_info_file = '[UNDEF]'
Tue Feb 19 17:03:50 2019 us=12328 management_client_user = '[UNDEF]'
Tue Feb 19 17:03:50 2019 us=12332 management_client_group = '[UNDEF]'
Tue Feb 19 17:03:50 2019 us=12336 management_flags = 0
Tue Feb 19 17:03:50 2019 us=12340 shared_secret_file = '[UNDEF]'
Tue Feb 19 17:03:50 2019 us=12344 key_direction = not set
Tue Feb 19 17:03:50 2019 us=12348 ciphername = 'BF-CBC'
Tue Feb 19 17:03:50 2019 us=12351 ncp_enabled = ENABLED
Tue Feb 19 17:03:50 2019 us=12355 ncp_ciphers = 'AES-256-GCM:AES-128-GCM'
Tue Feb 19 17:03:50 2019 us=12359 authname = 'SHA1'
Tue Feb 19 17:03:50 2019 us=12363 prng_hash = 'SHA1'
Tue Feb 19 17:03:50 2019 us=12367 prng_nonce_secret_len = 16
Tue Feb 19 17:03:50 2019 us=12371 keysize = 0
Tue Feb 19 17:03:50 2019 us=12375 engine = DISABLED
Tue Feb 19 17:03:50 2019 us=12379 replay = ENABLED
Tue Feb 19 17:03:50 2019 us=12382 mute_replay_warnings = DISABLED
Tue Feb 19 17:03:50 2019 us=12386 replay_window = 64
Tue Feb 19 17:03:50 2019 us=12390 replay_time = 15
Tue Feb 19 17:03:50 2019 us=12394 packet_id_file = '[UNDEF]'
Tue Feb 19 17:03:50 2019 us=12397 use_iv = ENABLED
Tue Feb 19 17:03:50 2019 us=12401 test_crypto = DISABLED
Tue Feb 19 17:03:50 2019 us=12405 tls_server = DISABLED
Tue Feb 19 17:03:50 2019 us=12409 tls_client = ENABLED
Tue Feb 19 17:03:50 2019 us=12412 key_method = 2
Tue Feb 19 17:03:50 2019 us=12416 ca_file = '/home/ca.crt'
Tue Feb 19 17:03:50 2019 us=12420 ca_path = '[UNDEF]'
Tue Feb 19 17:03:50 2019 us=12424 dh_file = '[UNDEF]'
Tue Feb 19 17:03:50 2019 us=12428 cert_file = '/home/key.crt'
Tue Feb 19 17:03:50 2019 us=12431 extra_certs_file = '[UNDEF]'
Tue Feb 19 17:03:50 2019 us=12436 priv_key_file = '/home/key.key'
Tue Feb 19 17:03:50 2019 us=12439 pkcs12_file = '[UNDEF]'
Tue Feb 19 17:03:50 2019 us=12443 cipher_list = '[UNDEF]'
Tue Feb 19 17:03:50 2019 us=12447 tls_cert_profile = '[UNDEF]'
Tue Feb 19 17:03:50 2019 us=12451 tls_verify = '[UNDEF]'
Tue Feb 19 17:03:50 2019 us=12454 tls_export_cert = '[UNDEF]'
Tue Feb 19 17:03:50 2019 us=12458 verify_x509_type = 0
Tue Feb 19 17:03:50 2019 us=12462 verify_x509_name = '[UNDEF]'
Tue Feb 19 17:03:50 2019 us=12466 crl_file = '[UNDEF]'
Tue Feb 19 17:03:50 2019 us=12470 ns_cert_type = 0
Tue Feb 19 17:03:50 2019 us=12473 remote_cert_ku[i] = 0
Tue Feb 19 17:03:50 2019 us=12477 remote_cert_ku[i] = 0
Tue Feb 19 17:03:50 2019 us=12481 remote_cert_ku[i] = 0
Tue Feb 19 17:03:50 2019 us=12485 remote_cert_ku[i] = 0
Tue Feb 19 17:03:50 2019 us=12488 remote_cert_ku[i] = 0
Tue Feb 19 17:03:50 2019 us=12492 remote_cert_ku[i] = 0
Tue Feb 19 17:03:50 2019 us=12496 remote_cert_ku[i] = 0
Tue Feb 19 17:03:50 2019 us=12499 remote_cert_ku[i] = 0
Tue Feb 19 17:03:50 2019 us=12503 remote_cert_ku[i] = 0
Tue Feb 19 17:03:50 2019 us=12507 remote_cert_ku[i] = 0
Tue Feb 19 17:03:50 2019 us=12510 remote_cert_ku[i] = 0
Tue Feb 19 17:03:50 2019 us=12514 remote_cert_ku[i] = 0
Tue Feb 19 17:03:50 2019 us=12518 remote_cert_ku[i] = 0
Tue Feb 19 17:03:50 2019 us=12521 remote_cert_ku[i] = 0
Tue Feb 19 17:03:50 2019 us=12525 remote_cert_ku[i] = 0
Tue Feb 19 17:03:50 2019 us=12529 remote_cert_ku[i] = 0
Tue Feb 19 17:03:50 2019 us=12532 remote_cert_eku = '[UNDEF]'
Tue Feb 19 17:03:50 2019 us=12536 ssl_flags = 0
Tue Feb 19 17:03:50 2019 us=12540 tls_timeout = 2
Tue Feb 19 17:03:50 2019 us=12544 renegotiate_bytes = -1
Tue Feb 19 17:03:50 2019 us=12548 renegotiate_packets = 0
Tue Feb 19 17:03:50 2019 us=12551 renegotiate_seconds = 3600
Tue Feb 19 17:03:50 2019 us=12555 handshake_window = 60
Tue Feb 19 17:03:50 2019 us=12559 transition_window = 3600
Tue Feb 19 17:03:50 2019 us=12563 single_session = DISABLED
Tue Feb 19 17:03:50 2019 us=12566 push_peer_info = DISABLED
Tue Feb 19 17:03:50 2019 us=12570 tls_exit = DISABLED
Tue Feb 19 17:03:50 2019 us=12574 tls_auth_file = '[UNDEF]'
Tue Feb 19 17:03:50 2019 us=12578 tls_crypt_file = '[UNDEF]'
Tue Feb 19 17:03:50 2019 us=12581 pkcs11_protected_authentication = DISABLED
Tue Feb 19 17:03:50 2019 us=12585 pkcs11_protected_authentication = DISABLED
Tue Feb 19 17:03:50 2019 us=12589 pkcs11_protected_authentication = DISABLED
Tue Feb 19 17:03:50 2019 us=12593 pkcs11_protected_authentication = DISABLED
Tue Feb 19 17:03:50 2019 us=12597 pkcs11_protected_authentication = DISABLED
Tue Feb 19 17:03:50 2019 us=12601 pkcs11_protected_authentication = DISABLED
Tue Feb 19 17:03:50 2019 us=12604 pkcs11_protected_authentication = DISABLED
Tue Feb 19 17:03:50 2019 us=12608 pkcs11_protected_authentication = DISABLED
Tue Feb 19 17:03:50 2019 us=12612 pkcs11_protected_authentication = DISABLED
Tue Feb 19 17:03:50 2019 us=12616 pkcs11_protected_authentication = DISABLED
Tue Feb 19 17:03:50 2019 us=12619 pkcs11_protected_authentication = DISABLED
Tue Feb 19 17:03:50 2019 us=12623 pkcs11_protected_authentication = DISABLED
Tue Feb 19 17:03:50 2019 us=12627 pkcs11_protected_authentication = DISABLED
Tue Feb 19 17:03:50 2019 us=12631 pkcs11_protected_authentication = DISABLED
Tue Feb 19 17:03:50 2019 us=12634 pkcs11_protected_authentication = DISABLED
Tue Feb 19 17:03:50 2019 us=12638 pkcs11_protected_authentication = DISABLED
Tue Feb 19 17:03:50 2019 us=12642 pkcs11_private_mode = 00000000
Tue Feb 19 17:03:50 2019 us=12646 pkcs11_private_mode = 00000000
Tue Feb 19 17:03:50 2019 us=12649 pkcs11_private_mode = 00000000
Tue Feb 19 17:03:50 2019 us=12653 pkcs11_private_mode = 00000000
Tue Feb 19 17:03:50 2019 us=12657 pkcs11_private_mode = 00000000
Tue Feb 19 17:03:50 2019 us=12661 pkcs11_private_mode = 00000000
Tue Feb 19 17:03:50 2019 us=12664 pkcs11_private_mode = 00000000
Tue Feb 19 17:03:50 2019 us=12668 pkcs11_private_mode = 00000000
Tue Feb 19 17:03:50 2019 us=12672 pkcs11_private_mode = 00000000
Tue Feb 19 17:03:50 2019 us=12675 pkcs11_private_mode = 00000000
Tue Feb 19 17:03:50 2019 us=12679 pkcs11_private_mode = 00000000
Tue Feb 19 17:03:50 2019 us=12683 pkcs11_private_mode = 00000000
Tue Feb 19 17:03:50 2019 us=12686 pkcs11_private_mode = 00000000
Tue Feb 19 17:03:50 2019 us=12690 pkcs11_private_mode = 00000000
Tue Feb 19 17:03:50 2019 us=12694 pkcs11_private_mode = 00000000
Tue Feb 19 17:03:50 2019 us=12697 pkcs11_private_mode = 00000000
Tue Feb 19 17:03:50 2019 us=12701 pkcs11_cert_private = DISABLED
Tue Feb 19 17:03:50 2019 us=12705 pkcs11_cert_private = DISABLED
Tue Feb 19 17:03:50 2019 us=12708 pkcs11_cert_private = DISABLED
Tue Feb 19 17:03:50 2019 us=12712 pkcs11_cert_private = DISABLED
Tue Feb 19 17:03:50 2019 us=12716 pkcs11_cert_private = DISABLED
Tue Feb 19 17:03:50 2019 us=12719 pkcs11_cert_private = DISABLED
Tue Feb 19 17:03:50 2019 us=12723 pkcs11_cert_private = DISABLED
Tue Feb 19 17:03:50 2019 us=12727 pkcs11_cert_private = DISABLED
Tue Feb 19 17:03:50 2019 us=12730 pkcs11_cert_private = DISABLED
Tue Feb 19 17:03:50 2019 us=12734 pkcs11_cert_private = DISABLED
Tue Feb 19 17:03:50 2019 us=12738 pkcs11_cert_private = DISABLED
Tue Feb 19 17:03:50 2019 us=12741 pkcs11_cert_private = DISABLED
Tue Feb 19 17:03:50 2019 us=12745 pkcs11_cert_private = DISABLED
Tue Feb 19 17:03:50 2019 us=12749 pkcs11_cert_private = DISABLED
Tue Feb 19 17:03:50 2019 us=12753 pkcs11_cert_private = DISABLED
Tue Feb 19 17:03:50 2019 us=12756 pkcs11_cert_private = DISABLED
Tue Feb 19 17:03:50 2019 us=12760 pkcs11_pin_cache_period = -1
Tue Feb 19 17:03:50 2019 us=12764 pkcs11_id = '[UNDEF]'
Tue Feb 19 17:03:50 2019 us=12768 pkcs11_id_management = DISABLED
Tue Feb 19 17:03:50 2019 us=12772 server_network = 0.0.0.0
Tue Feb 19 17:03:50 2019 us=12776 server_netmask = 0.0.0.0
Tue Feb 19 17:03:50 2019 us=12783 server_network_ipv6 = ::
Tue Feb 19 17:03:50 2019 us=12787 server_netbits_ipv6 = 0
Tue Feb 19 17:03:50 2019 us=12792 server_bridge_ip = 0.0.0.0
Tue Feb 19 17:03:50 2019 us=12796 server_bridge_netmask = 0.0.0.0
Tue Feb 19 17:03:50 2019 us=12800 server_bridge_pool_start = 0.0.0.0
Tue Feb 19 17:03:50 2019 us=12804 server_bridge_pool_end = 0.0.0.0
Tue Feb 19 17:03:50 2019 us=12808 ifconfig_pool_defined = DISABLED
Tue Feb 19 17:03:50 2019 us=12812 ifconfig_pool_start = 0.0.0.0
Tue Feb 19 17:03:50 2019 us=12816 ifconfig_pool_end = 0.0.0.0
Tue Feb 19 17:03:50 2019 us=12820 ifconfig_pool_netmask = 0.0.0.0
Tue Feb 19 17:03:50 2019 us=12824 ifconfig_pool_persist_filename = '[UNDEF]'
Tue Feb 19 17:03:50 2019 us=12827 ifconfig_pool_persist_refresh_freq = 600
Tue Feb 19 17:03:50 2019 us=12831 ifconfig_ipv6_pool_defined = DISABLED
Tue Feb 19 17:03:50 2019 us=12835 ifconfig_ipv6_pool_base = ::
Tue Feb 19 17:03:50 2019 us=12839 ifconfig_ipv6_pool_netbits = 0
Tue Feb 19 17:03:50 2019 us=12843 n_bcast_buf = 256
Tue Feb 19 17:03:50 2019 us=12846 tcp_queue_limit = 64
Tue Feb 19 17:03:50 2019 us=12850 real_hash_size = 256
Tue Feb 19 17:03:50 2019 us=12854 virtual_hash_size = 256
Tue Feb 19 17:03:50 2019 us=12858 client_connect_script = '[UNDEF]'
Tue Feb 19 17:03:50 2019 us=12861 learn_address_script = '[UNDEF]'
Tue Feb 19 17:03:50 2019 us=12865 client_disconnect_script = '[UNDEF]'
Tue Feb 19 17:03:50 2019 us=12869 client_config_dir = '[UNDEF]'
Tue Feb 19 17:03:50 2019 us=12872 ccd_exclusive = DISABLED
Tue Feb 19 17:03:50 2019 us=12876 tmp_dir = '/tmp'
Tue Feb 19 17:03:50 2019 us=12880 push_ifconfig_defined = DISABLED
Tue Feb 19 17:03:50 2019 us=12884 push_ifconfig_local = 0.0.0.0
Tue Feb 19 17:03:50 2019 us=12888 push_ifconfig_remote_netmask = 0.0.0.0
Tue Feb 19 17:03:50 2019 us=12892 push_ifconfig_ipv6_defined = DISABLED
Tue Feb 19 17:03:50 2019 us=12896 push_ifconfig_ipv6_local = ::/0
Tue Feb 19 17:03:50 2019 us=12900 push_ifconfig_ipv6_remote = ::
Tue Feb 19 17:03:50 2019 us=12904 enable_c2c = DISABLED
Tue Feb 19 17:03:50 2019 us=12907 duplicate_cn = DISABLED
Tue Feb 19 17:03:50 2019 us=12911 cf_max = 0
Tue Feb 19 17:03:50 2019 us=12915 cf_per = 0
Tue Feb 19 17:03:50 2019 us=12918 max_clients = 1024
Tue Feb 19 17:03:50 2019 us=12922 max_routes_per_client = 256
Tue Feb 19 17:03:50 2019 us=12926 auth_user_pass_verify_script = '[UNDEF]'
Tue Feb 19 17:03:50 2019 us=12930 auth_user_pass_verify_script_via_file = DISABLED
Tue Feb 19 17:03:50 2019 us=12933 auth_token_generate = DISABLED
Tue Feb 19 17:03:50 2019 us=12937 auth_token_lifetime = 0
Tue Feb 19 17:03:50 2019 us=12941 port_share_host = '[UNDEF]'
Tue Feb 19 17:03:50 2019 us=12944 port_share_port = '[UNDEF]'
Tue Feb 19 17:03:50 2019 us=12948 client = DISABLED
Tue Feb 19 17:03:50 2019 us=12952 pull = ENABLED
Tue Feb 19 17:03:50 2019 us=12955 auth_user_pass_file = '[UNDEF]'
Tue Feb 19 17:03:50 2019 us=12960 OpenVPN 2.4.6 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Oct 6 2018
Tue Feb 19 17:03:50 2019 us=12968 library versions: OpenSSL 1.1.1a FIPS 20 Nov 2018, LZO 2.08
Tue Feb 19 17:03:50 2019 us=13024 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Enter Private Key Password:
Tue Feb 19 17:04:14 2019 us=660094 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Tue Feb 19 17:04:14 2019 us=665530 Control Channel MTU parms [ L:1621 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Tue Feb 19 17:04:14 2019 us=706191 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
Tue Feb 19 17:04:14 2019 us=706327 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1541,tun-mtu 1500,proto UDPv4,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Tue Feb 19 17:04:14 2019 us=706412 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1541,tun-mtu 1500,proto UDPv4,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Tue Feb 19 17:04:14 2019 us=706444 TCP/UDP: Preserving recently used remote address: [AF_INET]3.92.153.120:1194
Tue Feb 19 17:04:14 2019 us=706547 Socket Buffers: R=[212992->212992] S=[212992->212992]
Tue Feb 19 17:04:14 2019 us=706807 UDP link local (bound): [AF_INET][undef]:1194
Tue Feb 19 17:04:14 2019 us=706835 UDP link remote: [AF_INET]3.92.153.120:1194
Tue Feb 19 17:04:14 2019 us=756931 TLS: Initial packet from [AF_INET]3.92.153.120:1194, sid=7de6e59e 82470aad
Tue Feb 19 17:04:14 2019 us=807972 VERIFY OK: depth=1, CN=Easy-RSA CA
Tue Feb 19 17:04:14 2019 us=808467 VERIFY OK: depth=0, CN=ip-172-31-14-29
Tue Feb 19 17:04:14 2019 us=891911 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1541', remote='link-mtu 1549'
Tue Feb 19 17:04:14 2019 us=891998 WARNING: 'cipher' is used inconsistently, local='cipher BF-CBC', remote='cipher AES-256-GCM'
Tue Feb 19 17:04:14 2019 us=892052 WARNING: 'auth' is used inconsistently, local='auth SHA1', remote='auth [null-digest]'
Tue Feb 19 17:04:14 2019 us=892082 WARNING: 'keysize' is used inconsistently, local='keysize 128', remote='keysize 256'
Tue Feb 19 17:04:14 2019 us=892238 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Tue Feb 19 17:04:14 2019 us=892294 [ip-172-31-14-29] Peer Connection Initiated with [AF_INET]3.92.153.120:1194
Tue Feb 19 17:04:15 2019 us=945156 SENT CONTROL [ip-172-31-14-29]: 'PUSH_REQUEST' (status=1)
Tue Feb 19 17:04:15 2019 us=985526 PUSH: Received control message: 'PUSH_REPLY,route 10.8.0.1 255.255.255.255,redirect-gateway def1 bypass-dhcp,ping 10,ping-restart 60,ifconfig 10.8.0.6 10.8.0.5,peer-id 0,cipher AES-256-GCM'
Tue Feb 19 17:04:15 2019 us=985596 OPTIONS IMPORT: timers and/or timeouts modified
Tue Feb 19 17:04:15 2019 us=985605 OPTIONS IMPORT: --ifconfig/up options modified
Tue Feb 19 17:04:15 2019 us=985610 OPTIONS IMPORT: route options modified
Tue Feb 19 17:04:15 2019 us=985614 OPTIONS IMPORT: peer-id set
Tue Feb 19 17:04:15 2019 us=985618 OPTIONS IMPORT: adjusting link_mtu to 1624
Tue Feb 19 17:04:15 2019 us=985622 OPTIONS IMPORT: data channel crypto options modified
Tue Feb 19 17:04:15 2019 us=985626 Data Channel: using negotiated cipher 'AES-256-GCM'
Tue Feb 19 17:04:15 2019 us=985638 Data Channel MTU parms [ L:1552 D:1450 EF:52 EB:406 ET:0 EL:3 ]
Tue Feb 19 17:04:15 2019 us=985693 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Tue Feb 19 17:04:15 2019 us=985701 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Tue Feb 19 17:04:15 2019 us=985850 ROUTE_GATEWAY 10.0.0.1/255.255.255.0 IFACE=wlp3s0 HWADDR=e8:de:27:8e:b1:fe
Tue Feb 19 17:04:15 2019 us=986438 TUN/TAP device tun0 opened
Tue Feb 19 17:04:15 2019 us=986476 TUN/TAP TX queue length set to 100
Tue Feb 19 17:04:15 2019 us=986489 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Tue Feb 19 17:04:15 2019 us=986499 /sbin/ip link set dev tun0 up mtu 1500
Tue Feb 19 17:04:15 2019 us=989415 /sbin/ip addr add dev tun0 local 10.8.0.6 peer 10.8.0.5
Tue Feb 19 17:04:15 2019 us=991017 /sbin/ip route add 3...../32 via 10.0.0.1
Tue Feb 19 17:04:15 2019 us=992800 /sbin/ip route add 0.0.0.0/1 via 10.8.0.5
Tue Feb 19 17:04:15 2019 us=993960 /sbin/ip route add 128.0.0.0/1 via 10.8.0.5
Tue Feb 19 17:04:15 2019 us=995304 /sbin/ip route add 10.8.0.1/32 via 10.8.0.5
Tue Feb 19 17:04:15 2019 us=997412 Initialization Sequence Completed
A server requires --server .. please see the example configs linked here:pauld wrote: ↑Tue Feb 19, 2019 11:08 pmserver conf:Code: Select all
# The server's virtual endpoints ifconfig 10.8.0.1 10.8.0.2
??TinCanTech wrote: ↑Wed Feb 20, 2019 2:27 pmA server requires --server .. please see the example configs linked here:pauld wrote: ↑Tue Feb 19, 2019 11:08 pmserver conf:Code: Select all
# The server's virtual endpoints ifconfig 10.8.0.1 10.8.0.2
https://community.openvpn.net/openvpn/w ... andclients
Code: Select all
# Tell OpenVPN to be a multi-client udp server
mode serverOK.TinCanTech wrote: ↑Wed Feb 20, 2019 5:23 pmThe Openvpn example server config uses --server :
https://github.com/OpenVPN/openvpn/blob ... .conf#L101
Why Fedora choose to be unnecessarily obtuse about it is none of my business.
Anyway, please read section 17 of the OpenVPN Howto.