tunnel stops working after eth link looses sync for a mintue

This forum is for admins who are looking to build or expand their OpenVPN setup.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
pappyN4
OpenVpn Newbie
Posts: 2
Joined: Tue Jul 27, 2021 1:26 pm

tunnel stops working after eth link looses sync for a mintue

Post by pappyN4 » Tue Jul 27, 2021 6:13 pm

Hi

I have a pi connected to to my router. When the router needs a reboot every so often data stops flowing through VPN connection on the pi. The only way to get it come back is to "service openvpn stop" to get traffic back to my ISP, then "start" to bring it back.

For testing, I added in a switch; so the order is MODEM--ROUTER--SWITCH--PI.

If the modem or router is rebooted. The pi maintains the tun0 / IP address and once internet is restored the VPN is functional.

When rebooting the switch or pulling the cable from eth0 on the pi this is no longer the case. tun0/ IP is preserved but all TX packets get dropped. Openvpn service status is running. ifconfig adapters are unchanged except for eth0 loosing "running" status and ip address while its disconnected. Once eth0 is back up, i can ping my gateway and other devices on the LAN. However the browser fails "DNS_PROBE_FINISHED_NO_INTERNET". Trying to ping a website fails. Pinging the ip address directly also fails. I relaxed the firewall rules incase i was too zealous in blocking but no luck.

I noticed that in the failed state the routing table was missing VPN GATEWAY MASK eth0 IP's compared to when it was working. Manually adding it back to test did not solve. Restarting the networking service also failed to do anything.

/etc/resolve.conf DNS IPs stay the same while connected to the VPN and after if enters the failed state when eth0 is pulled. The DNSs work either on the VPN or going through the ISP so i dont think it would be that.

The only way i found to get it working is to log in to the pi and stop the openvpn service, then start it.

There is an openvpn script thats runs in /etc/network/if-down.d and if-up.d when eth0 is turned off/on, but in this case its just the link that gets disconnected so it doesnt get triggered. I suppose i could do a workaround and run something to listen if the link goes off and trigger those same scripts from that...


Anyone have ideas on whats going on?

Code: Select all

client
dev tun0
remote-cert-tls server
cipher aes-256-cbc
pull
nobind
reneg-sec 0
resolv-retry infinite
verb 3
persist-key
persist-tun
remote-random
remote ************
remote ************
proto udp
mute-replay-warnings
replay-window 256

comp-lzo

tun-mtu 1470
mssfix 1430
auth-user-pass /etc/openvpn/credentials

ca /etc/openvpn/************.crt
tls-auth /etc/openvpn/************-tls.key 1

log /tmp/openvpn.log

script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf

Code: Select all

#!/usr/bin/env bash
#
# Parses DHCP options from openvpn to update resolv.conf
# To use set as 'up' and 'down' script in your openvpn *.conf:
# up /etc/openvpn/update-resolv-conf
# down /etc/openvpn/update-resolv-conf
#
# Used snippets of resolvconf script by Thomas Hood <jdthood@yahoo.co.uk>
# and Chris Hanson
# Licensed under the GNU GPL.  See /usr/share/common-licenses/GPL.
# 07/2013 colin@daedrum.net Fixed intet name
# 05/2006 chlauber@bnc.ch
#
# Example envs set from openvpn:
# foreign_option_1='dhcp-option DNS 193.43.27.132'
# foreign_option_2='dhcp-option DNS 193.43.27.133'
# foreign_option_3='dhcp-option DOMAIN be.bnc.ch'
# foreign_option_4='dhcp-option DOMAIN-SEARCH bnc.local'

## The 'type' builtins will look for file in $PATH variable, so we set the
## PATH below. You might need to directly set the path to 'resolvconf'
## manually if it still doesn't work, i.e.
## RESOLVCONF=/usr/sbin/resolvconf
export PATH=$PATH:/sbin:/usr/sbin:/bin:/usr/bin
RESOLVCONF=$(type -p resolvconf)

case $script_type in

up)
  for optionname in ${!foreign_option_*} ; do
    option="${!optionname}"
    echo $option
    part1=$(echo "$option" | cut -d " " -f 1)
    if [ "$part1" == "dhcp-option" ] ; then
      part2=$(echo "$option" | cut -d " " -f 2)
      part3=$(echo "$option" | cut -d " " -f 3)
      if [ "$part2" == "DNS" ] ; then
        IF_DNS_NAMESERVERS="$IF_DNS_NAMESERVERS $part3"
      fi
      if [[ "$part2" == "DOMAIN" || "$part2" == "DOMAIN-SEARCH" ]] ; then
        IF_DNS_SEARCH="$IF_DNS_SEARCH $part3"
      fi
    fi
  done
  R=""
  if [ "$IF_DNS_SEARCH" ]; then
    R="search "
    for DS in $IF_DNS_SEARCH ; do
      R="${R} $DS"
    done
  R="${R}
"
  fi

  for NS in $IF_DNS_NAMESERVERS ; do
    R="${R}nameserver $NS
"
  done
  #echo -n "$R" | $RESOLVCONF -x -p -a "${dev}"
  echo -n "$R" | $RESOLVCONF -x -a "${dev}.inet"
  ;;
down)
  $RESOLVCONF -d "${dev}.inet"
  ;;
esac

# Workaround / jm@epiclabs.io
# force exit with no errors. Due to an apparent conflict with the Network Manager
# $RESOLVCONF sometimes exits with error code 6 even though it has performed the
# action correctly and OpenVPN shuts down.
exit 0

Code: Select all

# Generated by xtables-save v1.8.2 on Tue Jul 27 07:14:32 2021
*filter
:INPUT ACCEPT [1889509:1195908413]
:FORWARD ACCEPT [464831:291133804]
:OUTPUT ACCEPT [2467:978168]
-A FORWARD -i eth0 -o tun0 -j ACCEPT
-A FORWARD -i tun0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -o tun0 -m comment --comment vpn -j ACCEPT
-A OUTPUT -o eth0 -m comment --comment eth -j ACCEPT
COMMIT
# Completed on Tue Jul 27 07:14:32 2021
# Generated by xtables-save v1.8.2 on Tue Jul 27 07:14:32 2021
*nat
:PREROUTING ACCEPT [9544:874653]
:INPUT ACCEPT [3519:248699]
:POSTROUTING ACCEPT [7459:711056]
:OUTPUT ACCEPT [40454:3723514]
-A POSTROUTING -o tun0 -j MASQUERADE
COMMIT
# Completed on Tue Jul 27 07:14:32 2021
# Generated by xtables-save v1.8.2 on Tue Jul 27 07:14:32 2021
*mangle
:PREROUTING ACCEPT [2356799:1489433843]
:INPUT ACCEPT [1890115:1195959780]
:FORWARD ACCEPT [464846:291134987]
:OUTPUT ACCEPT [1936694:698441200]
:POSTROUTING ACCEPT [2401574:989586416]
COMMIT
# Completed on Tue Jul 27 07:14:32 2021

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: tunnel stops working after eth link looses sync for a mintue

Post by TinCanTech » Tue Jul 27, 2021 6:58 pm

And your openvpn log file ? Please use --verb 4

Also, is it your server ?

pappyN4
OpenVpn Newbie
Posts: 2
Joined: Tue Jul 27, 2021 1:26 pm

Re: tunnel stops working after eth link looses sync for a mintue

Post by pappyN4 » Thu Jul 29, 2021 6:05 pm

Not my server. I dont have any access to server conf files.

Fresh reboot at 12:31, unplugged link @12:31:33, reconnect a few seconds later, stop/stop openvpn service @ 12:32 to regain connectivity to vpn

/var/log/syslog

Code: Select all

Jul 29 12:31:15 pi systemd-timesyncd[379]: Synchronized to time server for the first time 83.168.200.198:123 (2.debian.pool.ntp.org).
Jul 29 12:31:22 pi systemd[1]: systemd-hostnamed.service: Succeeded.
Jul 29 12:31:33 pi dhcpcd[438]: eth0: carrier lost
Jul 29 12:31:33 pi kernel: [   58.873788] bcmgenet fd580000.ethernet eth0: Link is Down
Jul 29 12:31:33 pi dhcpcd[438]: eth0: deleting address fe80::7e30:ad17:f4db:f5af
Jul 29 12:31:33 pi avahi-daemon[398]: Withdrawing address record for fe80::7e30:ad17:f4db:f5af on eth0.
Jul 29 12:31:33 pi avahi-daemon[398]: Leaving mDNS multicast group on interface eth0.IPv6 with address fe80::7e30:ad17:f4db:f5af.
Jul 29 12:31:33 pi avahi-daemon[398]: Interface eth0.IPv6 no longer relevant for mDNS.
Jul 29 12:31:33 pi avahi-daemon[398]: Withdrawing address record for 192.168.0.2 on eth0.
Jul 29 12:31:33 pi avahi-daemon[398]: Leaving mDNS multicast group on interface eth0.IPv4 with address 192.168.0.2.
Jul 29 12:31:33 pi avahi-daemon[398]: Interface eth0.IPv4 no longer relevant for mDNS.
Jul 29 12:31:33 pi dhcpcd[438]: eth0: deleting route to 192.168.0.0/24
Jul 29 12:31:33 pi dhcpcd[438]: eth0: deleting default route via 192.168.0.1
Jul 29 12:31:38 pi dhcpcd[438]: eth0: carrier acquired
Jul 29 12:31:38 pi kernel: [   64.073920] bcmgenet fd580000.ethernet eth0: Link is Up - 1Gbps/Full - flow control rx/tx
Jul 29 12:31:38 pi dhcpcd[438]: eth0: IAID 01:09:e0:70
Jul 29 12:31:38 pi dhcpcd[438]: eth0: adding address fe80::7e30:ad17:f4db:f5af
Jul 29 12:31:38 pi dhcpcd[438]: eth0: probing address 192.168.0.2/24
Jul 29 12:31:38 pi avahi-daemon[398]: Joining mDNS multicast group on interface eth0.IPv6 with address fe80::7e30:ad17:f4db:f5af.
Jul 29 12:31:38 pi avahi-daemon[398]: New relevant interface eth0.IPv6 for mDNS.
Jul 29 12:31:38 pi avahi-daemon[398]: Registering new address record for fe80::7e30:ad17:f4db:f5af on eth0.*.
Jul 29 12:31:39 pi dhcpcd[438]: eth0: soliciting an IPv6 router
Jul 29 12:31:39 pi dhcpcd[438]: ipv6nd_sendrsprobe: Operation not permitted
Jul 29 12:31:42 pi dhcpcd[438]: eth0: using static address 192.168.0.2/24
Jul 29 12:31:42 pi avahi-daemon[398]: Joining mDNS multicast group on interface eth0.IPv4 with address 192.168.0.2.
Jul 29 12:31:42 pi dhcpcd[438]: eth0: adding route to 192.168.0.0/24
Jul 29 12:31:42 pi avahi-daemon[398]: New relevant interface eth0.IPv4 for mDNS.
Jul 29 12:31:42 pi avahi-daemon[398]: Registering new address record for 192.168.0.2 on eth0.IPv4.
Jul 29 12:31:42 pi dhcpcd[438]: eth0: adding default route via 192.168.0.1
Jul 29 12:31:43 pi dhcpcd[438]: ipv6nd_sendrsprobe: Operation not permitted
Jul 29 12:31:47 pi dhcpcd[438]: ipv6nd_sendrsprobe: Operation not permitted
Jul 29 12:31:51 pi dhcpcd[438]: ipv6nd_sendrsprobe: Operation not permitted
Jul 29 12:31:51 pi dhcpcd[438]: eth0: no IPv6 Routers available
Jul 29 12:32:18 pi systemd[1]: openvpn.service: Succeeded.
Jul 29 12:32:18 pi systemd[1]: Stopped OpenVPN service.
Jul 29 12:32:18 pi systemd[1]: Stopping OpenVPN connection to myvpn...
Jul 29 12:32:20 pi dnsmasq[521]: reading /run/dnsmasq/resolv.conf
Jul 29 12:32:20 pi dnsmasq[521]: using nameserver 192.168.0.1#53
Jul 29 12:32:20 pi systemd[1]: openvpn@myvpn.service: Succeeded.
Jul 29 12:32:20 pi systemd[1]: Stopped OpenVPN connection to myvpn.
Jul 29 12:32:28 pi systemd[1]: Starting OpenVPN connection to myvpn...
Jul 29 12:32:28 pi systemd[1]: Starting OpenVPN service...
Jul 29 12:32:28 pi systemd[1]: Started OpenVPN service.
Jul 29 12:32:28 pi systemd[1]: Started OpenVPN connection to myvpn.
Jul 29 12:32:30 pi dnsmasq[521]: reading /run/dnsmasq/resolv.conf
Jul 29 12:32:30 pi dnsmasq[521]: using nameserver ***VPNdns#53
Jul 29 12:32:30 pi dnsmasq[521]: using nameserver ***VPNdns#53
Jul 29 12:32:35 pi colord[1181]: failed to get session [pid 382]: No data available
Jul 29 12:32:55 pi dbus-daemon[648]: [session uid=1000 pid=648] Activating service name='ca.desrt.dconf' requested by ':1.34' (uid=1000 pid=2486 comm="mousepad /var/log/auth.log ")
Jul 29 12:32:55 pi dbus-daemon[648]: [session uid=1000 pid=648] Successfully activated service 'ca.desrt.dconf'
/var/log/messages.log

Code: Select all

Jul 29 12:31:33 pi kernel: [   58.873788] bcmgenet fd580000.ethernet eth0: Link is Down
Jul 29 12:31:38 pi kernel: [   64.073920] bcmgenet fd580000.ethernet eth0: Link is Up - 1Gbps/Full - flow control rx/tx
/var/log/daemon.log

Code: Select all

Jul 29 12:31:33 pi dhcpcd[438]: eth0: carrier lost
Jul 29 12:31:33 pi dhcpcd[438]: eth0: deleting address fe80::7e30:ad17:f4db:f5af
Jul 29 12:31:33 pi avahi-daemon[398]: Withdrawing address record for fe80::7e30:ad17:f4db:f5af on eth0.
Jul 29 12:31:33 pi avahi-daemon[398]: Leaving mDNS multicast group on interface eth0.IPv6 with address fe80::7e30:ad17:f4db:f5af.
Jul 29 12:31:33 pi avahi-daemon[398]: Interface eth0.IPv6 no longer relevant for mDNS.
Jul 29 12:31:33 pi avahi-daemon[398]: Withdrawing address record for 192.168.0.2 on eth0.
Jul 29 12:31:33 pi avahi-daemon[398]: Leaving mDNS multicast group on interface eth0.IPv4 with address 192.168.0.2.
Jul 29 12:31:33 pi avahi-daemon[398]: Interface eth0.IPv4 no longer relevant for mDNS.
Jul 29 12:31:33 pi dhcpcd[438]: eth0: deleting route to 192.168.0.0/24
Jul 29 12:31:33 pi dhcpcd[438]: eth0: deleting default route via 192.168.0.1
Jul 29 12:31:38 pi dhcpcd[438]: eth0: carrier acquired
Jul 29 12:31:38 pi dhcpcd[438]: eth0: IAID 01:09:e0:70
Jul 29 12:31:38 pi dhcpcd[438]: eth0: adding address fe80::7e30:ad17:f4db:f5af
Jul 29 12:31:38 pi dhcpcd[438]: eth0: probing address 192.168.0.2/24
Jul 29 12:31:38 pi avahi-daemon[398]: Joining mDNS multicast group on interface eth0.IPv6 with address fe80::7e30:ad17:f4db:f5af.
Jul 29 12:31:38 pi avahi-daemon[398]: New relevant interface eth0.IPv6 for mDNS.
Jul 29 12:31:38 pi avahi-daemon[398]: Registering new address record for fe80::7e30:ad17:f4db:f5af on eth0.*.
Jul 29 12:31:39 pi dhcpcd[438]: eth0: soliciting an IPv6 router
Jul 29 12:31:39 pi dhcpcd[438]: ipv6nd_sendrsprobe: Operation not permitted
Jul 29 12:31:42 pi dhcpcd[438]: eth0: using static address 192.168.0.2/24
Jul 29 12:31:42 pi avahi-daemon[398]: Joining mDNS multicast group on interface eth0.IPv4 with address 192.168.0.2.
Jul 29 12:31:42 pi dhcpcd[438]: eth0: adding route to 192.168.0.0/24
Jul 29 12:31:42 pi avahi-daemon[398]: New relevant interface eth0.IPv4 for mDNS.
Jul 29 12:31:42 pi avahi-daemon[398]: Registering new address record for 192.168.0.2 on eth0.IPv4.
Jul 29 12:31:42 pi dhcpcd[438]: eth0: adding default route via 192.168.0.1
Jul 29 12:31:43 pi dhcpcd[438]: ipv6nd_sendrsprobe: Operation not permitted
Jul 29 12:31:47 pi dhcpcd[438]: ipv6nd_sendrsprobe: Operation not permitted
Jul 29 12:31:51 pi dhcpcd[438]: ipv6nd_sendrsprobe: Operation not permitted
Jul 29 12:31:51 pi dhcpcd[438]: eth0: no IPv6 Routers available
Jul 29 12:32:18 pi systemd[1]: openvpn.service: Succeeded.
Jul 29 12:32:18 pi systemd[1]: Stopped OpenVPN service.
Jul 29 12:32:18 pi systemd[1]: Stopping OpenVPN connection to myvpn...
Jul 29 12:32:20 pi dnsmasq[521]: reading /run/dnsmasq/resolv.conf
Jul 29 12:32:20 pi dnsmasq[521]: using nameserver 192.168.0.1#53
Jul 29 12:32:20 pi systemd[1]: openvpn@myvpn.service: Succeeded.
Jul 29 12:32:20 pi systemd[1]: Stopped OpenVPN connection to myvpn.
Jul 29 12:32:28 pi systemd[1]: Starting OpenVPN connection to myvpn...
Jul 29 12:32:28 pi systemd[1]: Starting OpenVPN service...
Jul 29 12:32:28 pi systemd[1]: Started OpenVPN service.
Jul 29 12:32:28 pi systemd[1]: Started OpenVPN connection to myvpn.
Jul 29 12:32:30 pi dnsmasq[521]: reading /run/dnsmasq/resolv.conf
Jul 29 12:32:30 pi dnsmasq[521]: using nameserver **VPNdns#53
Jul 29 12:32:30 pi dnsmasq[521]: using nameserver **VPNdns#53
Jul 29 12:32:55 pi dbus-daemon[648]: [session uid=1000 pid=648] Activating service name='ca.desrt.dconf' requested by ':1.34' (uid=1000 pid=2486 comm="mousepad /var/log/auth.log ")
Jul 29 12:32:55 pi dbus-daemon[648]: [session uid=1000 pid=648] Successfully activated service 'ca.desrt.dconf'
--verb 4
didn't see log in expected /tmp/openvpn.log but found one in /var/tmp/systemd-private-*-openvpn
had to recreate error as log was overwritten when fresh vpn connect was established earlier,
stop/start vpn @12:58:09, disconnect/reconnect cable @ 12:58:17

Code: Select all

Thu Jul 29 12:58:09 2021 us=193446 WARNING: file '/etc/openvpn/myvpn-tls.key' is group or others accessible
Thu Jul 29 12:58:09 2021 us=193680 WARNING: file '/etc/openvpn/credentials' is group or others accessible
Thu Jul 29 12:58:09 2021 us=193753 Current Parameter Settings:
Thu Jul 29 12:58:09 2021 us=193785   config = '/etc/openvpn/myvpn.conf'
Thu Jul 29 12:58:09 2021 us=193815   mode = 0
Thu Jul 29 12:58:09 2021 us=193844   persist_config = DISABLED
Thu Jul 29 12:58:09 2021 us=193874   persist_mode = 1
Thu Jul 29 12:58:09 2021 us=193902   show_ciphers = DISABLED
Thu Jul 29 12:58:09 2021 us=193931   show_digests = DISABLED
Thu Jul 29 12:58:09 2021 us=193959   show_engines = DISABLED
Thu Jul 29 12:58:09 2021 us=193988   genkey = DISABLED
Thu Jul 29 12:58:09 2021 us=194016   key_pass_file = '[UNDEF]'
Thu Jul 29 12:58:09 2021 us=194045   show_tls_ciphers = DISABLED
Thu Jul 29 12:58:09 2021 us=194073   connect_retry_max = 0
Thu Jul 29 12:58:09 2021 us=194102 Connection profiles [0]:
Thu Jul 29 12:58:09 2021 us=194131   proto = udp
Thu Jul 29 12:58:09 2021 us=194158   local = '[UNDEF]'
Thu Jul 29 12:58:09 2021 us=194184   local_port = '[UNDEF]'
Thu Jul 29 12:58:09 2021 us=194212   remote = '**************.com'
Thu Jul 29 12:58:09 2021 us=194239   remote_port = '1194'
Thu Jul 29 12:58:09 2021 us=194265   remote_float = DISABLED
Thu Jul 29 12:58:09 2021 us=194292   bind_defined = DISABLED
Thu Jul 29 12:58:09 2021 us=194318   bind_local = DISABLED
Thu Jul 29 12:58:09 2021 us=194344   bind_ipv6_only = DISABLED
Thu Jul 29 12:58:09 2021 us=194370   connect_retry_seconds = 5
Thu Jul 29 12:58:09 2021 us=194397   connect_timeout = 120
Thu Jul 29 12:58:09 2021 us=194425   socks_proxy_server = '[UNDEF]'
Thu Jul 29 12:58:09 2021 us=194452   socks_proxy_port = '[UNDEF]'
Thu Jul 29 12:58:09 2021 us=194479   tun_mtu = 1470
Thu Jul 29 12:58:09 2021 us=194505   tun_mtu_defined = ENABLED
Thu Jul 29 12:58:09 2021 us=194532   link_mtu = 1500
Thu Jul 29 12:58:09 2021 us=194580   link_mtu_defined = DISABLED
Thu Jul 29 12:58:09 2021 us=194607   tun_mtu_extra = 0
Thu Jul 29 12:58:09 2021 us=194634   tun_mtu_extra_defined = DISABLED
Thu Jul 29 12:58:09 2021 us=194660   mtu_discover_type = -1
Thu Jul 29 12:58:09 2021 us=194686   fragment = 0
Thu Jul 29 12:58:09 2021 us=194712   mssfix = 1430
Thu Jul 29 12:58:09 2021 us=194739   explicit_exit_notification = 0
Thu Jul 29 12:58:09 2021 us=194767 Connection profiles [1]:
Thu Jul 29 12:58:09 2021 us=194795   proto = udp
Thu Jul 29 12:58:09 2021 us=194822   local = '[UNDEF]'
Thu Jul 29 12:58:09 2021 us=194849   local_port = '[UNDEF]'
Thu Jul 29 12:58:09 2021 us=194875   remote = '******'
Thu Jul 29 12:58:09 2021 us=194901   remote_port = '1195'
Thu Jul 29 12:58:09 2021 us=194927   remote_float = DISABLED
Thu Jul 29 12:58:09 2021 us=194953   bind_defined = DISABLED
Thu Jul 29 12:58:09 2021 us=194979   bind_local = DISABLED
Thu Jul 29 12:58:09 2021 us=195005   bind_ipv6_only = DISABLED
Thu Jul 29 12:58:09 2021 us=195031   connect_retry_seconds = 5
Thu Jul 29 12:58:09 2021 us=195057   connect_timeout = 120
Thu Jul 29 12:58:09 2021 us=195084   socks_proxy_server = '[UNDEF]'
Thu Jul 29 12:58:09 2021 us=195110   socks_proxy_port = '[UNDEF]'
Thu Jul 29 12:58:09 2021 us=195135   tun_mtu = 1470
Thu Jul 29 12:58:09 2021 us=195161   tun_mtu_defined = ENABLED
Thu Jul 29 12:58:09 2021 us=195188   link_mtu = 1500
Thu Jul 29 12:58:09 2021 us=195215   link_mtu_defined = DISABLED
Thu Jul 29 12:58:09 2021 us=195241   tun_mtu_extra = 0
Thu Jul 29 12:58:09 2021 us=195268   tun_mtu_extra_defined = DISABLED
Thu Jul 29 12:58:09 2021 us=195295   mtu_discover_type = -1
Thu Jul 29 12:58:09 2021 us=195321   fragment = 0
Thu Jul 29 12:58:09 2021 us=195348   mssfix = 1430
Thu Jul 29 12:58:09 2021 us=195377   explicit_exit_notification = 0
Thu Jul 29 12:58:09 2021 us=195408 Connection profiles END
Thu Jul 29 12:58:09 2021 us=195436   remote_random = ENABLED
Thu Jul 29 12:58:09 2021 us=195463   ipchange = '[UNDEF]'
Thu Jul 29 12:58:09 2021 us=195491   dev = 'tun0'
Thu Jul 29 12:58:09 2021 us=195519   dev_type = '[UNDEF]'
Thu Jul 29 12:58:09 2021 us=195576   dev_node = '[UNDEF]'
Thu Jul 29 12:58:09 2021 us=195606   lladdr = '[UNDEF]'
Thu Jul 29 12:58:09 2021 us=195634   topology = 1
Thu Jul 29 12:58:09 2021 us=195662   ifconfig_local = '[UNDEF]'
Thu Jul 29 12:58:09 2021 us=195690   ifconfig_remote_netmask = '[UNDEF]'
Thu Jul 29 12:58:09 2021 us=195719   ifconfig_noexec = DISABLED
Thu Jul 29 12:58:09 2021 us=195748   ifconfig_nowarn = DISABLED
Thu Jul 29 12:58:09 2021 us=195776   ifconfig_ipv6_local = '[UNDEF]'
Thu Jul 29 12:58:09 2021 us=195805   ifconfig_ipv6_netbits = 0
Thu Jul 29 12:58:09 2021 us=195834   ifconfig_ipv6_remote = '[UNDEF]'
Thu Jul 29 12:58:09 2021 us=195863   shaper = 0
Thu Jul 29 12:58:09 2021 us=195892   mtu_test = 0
Thu Jul 29 12:58:09 2021 us=195921   mlock = DISABLED
Thu Jul 29 12:58:09 2021 us=195949   keepalive_ping = 0
Thu Jul 29 12:58:09 2021 us=195979   keepalive_timeout = 0
Thu Jul 29 12:58:09 2021 us=196009   inactivity_timeout = 0
Thu Jul 29 12:58:09 2021 us=196039   ping_send_timeout = 0
Thu Jul 29 12:58:09 2021 us=196069   ping_rec_timeout = 0
Thu Jul 29 12:58:09 2021 us=196099   ping_rec_timeout_action = 0
Thu Jul 29 12:58:09 2021 us=196129   ping_timer_remote = DISABLED
Thu Jul 29 12:58:09 2021 us=196159   remap_sigusr1 = 0
Thu Jul 29 12:58:09 2021 us=196189   persist_tun = ENABLED
Thu Jul 29 12:58:09 2021 us=196219   persist_local_ip = DISABLED
Thu Jul 29 12:58:09 2021 us=196248   persist_remote_ip = DISABLED
Thu Jul 29 12:58:09 2021 us=196278   persist_key = ENABLED
Thu Jul 29 12:58:09 2021 us=196306   passtos = DISABLED
Thu Jul 29 12:58:09 2021 us=196334   resolve_retry_seconds = 1000000000
Thu Jul 29 12:58:09 2021 us=196362   resolve_in_advance = DISABLED
Thu Jul 29 12:58:09 2021 us=196389   username = '[UNDEF]'
Thu Jul 29 12:58:09 2021 us=196417   groupname = '[UNDEF]'
Thu Jul 29 12:58:09 2021 us=196444   chroot_dir = '[UNDEF]'
Thu Jul 29 12:58:09 2021 us=196471   cd_dir = '/etc/openvpn'
Thu Jul 29 12:58:09 2021 us=196499   writepid = '/run/openvpn/myvpn.pid'
Thu Jul 29 12:58:09 2021 us=196527   up_script = '/etc/openvpn/update-resolv-conf'
Thu Jul 29 12:58:09 2021 us=196555   down_script = '/etc/openvpn/update-resolv-conf'
Thu Jul 29 12:58:09 2021 us=196620   down_pre = DISABLED
Thu Jul 29 12:58:09 2021 us=196658   up_restart = DISABLED
Thu Jul 29 12:58:09 2021 us=196687   up_delay = DISABLED
Thu Jul 29 12:58:09 2021 us=196715   daemon = ENABLED
Thu Jul 29 12:58:09 2021 us=196743   inetd = 0
Thu Jul 29 12:58:09 2021 us=196771   log = ENABLED
Thu Jul 29 12:58:09 2021 us=196799   suppress_timestamps = DISABLED
Thu Jul 29 12:58:09 2021 us=196827   machine_readable_output = DISABLED
Thu Jul 29 12:58:09 2021 us=196855   nice = 0
Thu Jul 29 12:58:09 2021 us=196883   verbosity = 4
Thu Jul 29 12:58:09 2021 us=196911   mute = 0
Thu Jul 29 12:58:09 2021 us=196938   gremlin = 0
Thu Jul 29 12:58:09 2021 us=196967   status_file = '/run/openvpn/myvpn.status'
Thu Jul 29 12:58:09 2021 us=196995   status_file_version = 1
Thu Jul 29 12:58:09 2021 us=197023   status_file_update_freq = 10
Thu Jul 29 12:58:09 2021 us=197050   occ = ENABLED
Thu Jul 29 12:58:09 2021 us=197078   rcvbuf = 0
Thu Jul 29 12:58:09 2021 us=197106   sndbuf = 0
Thu Jul 29 12:58:09 2021 us=197141   mark = 0
Thu Jul 29 12:58:09 2021 us=197169   sockflags = 0
Thu Jul 29 12:58:09 2021 us=197196   fast_io = DISABLED
Thu Jul 29 12:58:09 2021 us=197224   comp.alg = 1
Thu Jul 29 12:58:09 2021 us=197252   comp.flags = 0
Thu Jul 29 12:58:09 2021 us=197279   route_script = '[UNDEF]'
Thu Jul 29 12:58:09 2021 us=197307   route_default_gateway = '[UNDEF]'
Thu Jul 29 12:58:09 2021 us=197335   route_default_metric = 0
Thu Jul 29 12:58:09 2021 us=197363   route_noexec = DISABLED
Thu Jul 29 12:58:09 2021 us=197390   route_delay = 0
Thu Jul 29 12:58:09 2021 us=197418   route_delay_window = 30
Thu Jul 29 12:58:09 2021 us=197446   route_delay_defined = DISABLED
Thu Jul 29 12:58:09 2021 us=197473   route_nopull = DISABLED
Thu Jul 29 12:58:09 2021 us=197501   route_gateway_via_dhcp = DISABLED
Thu Jul 29 12:58:09 2021 us=197529   allow_pull_fqdn = DISABLED
Thu Jul 29 12:58:09 2021 us=197583   management_addr = '[UNDEF]'
Thu Jul 29 12:58:09 2021 us=197612   management_port = '[UNDEF]'
Thu Jul 29 12:58:09 2021 us=197640   management_user_pass = '[UNDEF]'
Thu Jul 29 12:58:09 2021 us=197668   management_log_history_cache = 250
Thu Jul 29 12:58:09 2021 us=197696   management_echo_buffer_size = 100
Thu Jul 29 12:58:09 2021 us=197724   management_write_peer_info_file = '[UNDEF]'
Thu Jul 29 12:58:09 2021 us=197752   management_client_user = '[UNDEF]'
Thu Jul 29 12:58:09 2021 us=197780   management_client_group = '[UNDEF]'
Thu Jul 29 12:58:09 2021 us=197808   management_flags = 0
Thu Jul 29 12:58:09 2021 us=197836   shared_secret_file = '[UNDEF]'
Thu Jul 29 12:58:09 2021 us=197865   key_direction = 1
Thu Jul 29 12:58:09 2021 us=197893   ciphername = 'aes-256-cbc'
Thu Jul 29 12:58:09 2021 us=197921   ncp_enabled = ENABLED
Thu Jul 29 12:58:09 2021 us=197949   ncp_ciphers = 'AES-256-GCM:AES-128-GCM'
Thu Jul 29 12:58:09 2021 us=197977   authname = 'SHA1'
Thu Jul 29 12:58:09 2021 us=198004   prng_hash = 'SHA1'
Thu Jul 29 12:58:09 2021 us=198032   prng_nonce_secret_len = 16
Thu Jul 29 12:58:09 2021 us=198060   keysize = 0
Thu Jul 29 12:58:09 2021 us=198087   engine = DISABLED
Thu Jul 29 12:58:09 2021 us=198115   replay = ENABLED
Thu Jul 29 12:58:09 2021 us=198143   mute_replay_warnings = ENABLED
Thu Jul 29 12:58:09 2021 us=198170   replay_window = 256
Thu Jul 29 12:58:09 2021 us=198198   replay_time = 15
Thu Jul 29 12:58:09 2021 us=198226   packet_id_file = '[UNDEF]'
Thu Jul 29 12:58:09 2021 us=198254   use_iv = ENABLED
Thu Jul 29 12:58:09 2021 us=198281   test_crypto = DISABLED
Thu Jul 29 12:58:09 2021 us=198309   tls_server = DISABLED
Thu Jul 29 12:58:09 2021 us=198337   tls_client = ENABLED
Thu Jul 29 12:58:09 2021 us=198365   key_method = 2
Thu Jul 29 12:58:09 2021 us=198393   ca_file = '/etc/openvpn/myvpn-ca.crt'
Thu Jul 29 12:58:09 2021 us=198420   ca_path = '[UNDEF]'
Thu Jul 29 12:58:09 2021 us=198448   dh_file = '[UNDEF]'
Thu Jul 29 12:58:09 2021 us=198476   cert_file = '[UNDEF]'
Thu Jul 29 12:58:09 2021 us=198503   extra_certs_file = '[UNDEF]'
Thu Jul 29 12:58:09 2021 us=198531   priv_key_file = '[UNDEF]'
Thu Jul 29 12:58:09 2021 us=198559   pkcs12_file = '[UNDEF]'
Thu Jul 29 12:58:09 2021 us=198587   cipher_list = '[UNDEF]'
Thu Jul 29 12:58:09 2021 us=198614   cipher_list_tls13 = '[UNDEF]'
Thu Jul 29 12:58:09 2021 us=198641   tls_cert_profile = '[UNDEF]'
Thu Jul 29 12:58:09 2021 us=198669   tls_verify = '[UNDEF]'
Thu Jul 29 12:58:09 2021 us=198697   tls_export_cert = '[UNDEF]'
Thu Jul 29 12:58:09 2021 us=198724   verify_x509_type = 0
Thu Jul 29 12:58:09 2021 us=198752   verify_x509_name = '[UNDEF]'
Thu Jul 29 12:58:09 2021 us=198780   crl_file = '[UNDEF]'
Thu Jul 29 12:58:09 2021 us=198807   ns_cert_type = 0
Thu Jul 29 12:58:09 2021 us=198835   remote_cert_ku[i] = 65535
Thu Jul 29 12:58:09 2021 us=198863   remote_cert_ku[i] = 0
Thu Jul 29 12:58:09 2021 us=198890   remote_cert_ku[i] = 0
Thu Jul 29 12:58:09 2021 us=198918   remote_cert_ku[i] = 0
Thu Jul 29 12:58:09 2021 us=198946   remote_cert_ku[i] = 0
Thu Jul 29 12:58:09 2021 us=198973   remote_cert_ku[i] = 0
Thu Jul 29 12:58:09 2021 us=199001   remote_cert_ku[i] = 0
Thu Jul 29 12:58:09 2021 us=199029   remote_cert_ku[i] = 0
Thu Jul 29 12:58:09 2021 us=199056   remote_cert_ku[i] = 0
Thu Jul 29 12:58:09 2021 us=199083   remote_cert_ku[i] = 0
Thu Jul 29 12:58:09 2021 us=199111   remote_cert_ku[i] = 0
Thu Jul 29 12:58:09 2021 us=199138   remote_cert_ku[i] = 0
Thu Jul 29 12:58:09 2021 us=199166   remote_cert_ku[i] = 0
Thu Jul 29 12:58:09 2021 us=199193   remote_cert_ku[i] = 0
Thu Jul 29 12:58:09 2021 us=199221   remote_cert_ku[i] = 0
Thu Jul 29 12:58:09 2021 us=199248   remote_cert_ku[i] = 0
Thu Jul 29 12:58:09 2021 us=199276   remote_cert_eku = 'TLS Web Server Authentication'
Thu Jul 29 12:58:09 2021 us=199304   ssl_flags = 0
Thu Jul 29 12:58:09 2021 us=199332   tls_timeout = 2
Thu Jul 29 12:58:09 2021 us=199360   renegotiate_bytes = -1
Thu Jul 29 12:58:09 2021 us=199387   renegotiate_packets = 0
Thu Jul 29 12:58:09 2021 us=199415   renegotiate_seconds = 0
Thu Jul 29 12:58:09 2021 us=199481   handshake_window = 60
Thu Jul 29 12:58:09 2021 us=199509   transition_window = 3600
Thu Jul 29 12:58:09 2021 us=199537   single_session = DISABLED
Thu Jul 29 12:58:09 2021 us=199565   push_peer_info = DISABLED
Thu Jul 29 12:58:09 2021 us=199593   tls_exit = DISABLED
Thu Jul 29 12:58:09 2021 us=199621   tls_auth_file = '/etc/openvpn/myvpn-tls.key'
Thu Jul 29 12:58:09 2021 us=199649   tls_crypt_file = '[UNDEF]'
Thu Jul 29 12:58:09 2021 us=199677   pkcs11_protected_authentication = DISABLED
Thu Jul 29 12:58:09 2021 us=199705   pkcs11_protected_authentication = DISABLED
Thu Jul 29 12:58:09 2021 us=199732   pkcs11_protected_authentication = DISABLED
Thu Jul 29 12:58:09 2021 us=199760   pkcs11_protected_authentication = DISABLED
Thu Jul 29 12:58:09 2021 us=199788   pkcs11_protected_authentication = DISABLED
Thu Jul 29 12:58:09 2021 us=199816   pkcs11_protected_authentication = DISABLED
Thu Jul 29 12:58:09 2021 us=199844   pkcs11_protected_authentication = DISABLED
Thu Jul 29 12:58:09 2021 us=199871   pkcs11_protected_authentication = DISABLED
Thu Jul 29 12:58:09 2021 us=199899   pkcs11_protected_authentication = DISABLED
Thu Jul 29 12:58:09 2021 us=199927   pkcs11_protected_authentication = DISABLED
Thu Jul 29 12:58:09 2021 us=199955   pkcs11_protected_authentication = DISABLED
Thu Jul 29 12:58:09 2021 us=199983   pkcs11_protected_authentication = DISABLED
Thu Jul 29 12:58:09 2021 us=200010   pkcs11_protected_authentication = DISABLED
Thu Jul 29 12:58:09 2021 us=200038   pkcs11_protected_authentication = DISABLED
Thu Jul 29 12:58:09 2021 us=200065   pkcs11_protected_authentication = DISABLED
Thu Jul 29 12:58:09 2021 us=200093   pkcs11_protected_authentication = DISABLED
Thu Jul 29 12:58:09 2021 us=200122   pkcs11_private_mode = 00000000
Thu Jul 29 12:58:09 2021 us=200150   pkcs11_private_mode = 00000000
Thu Jul 29 12:58:09 2021 us=200177   pkcs11_private_mode = 00000000
Thu Jul 29 12:58:09 2021 us=200205   pkcs11_private_mode = 00000000
Thu Jul 29 12:58:09 2021 us=200233   pkcs11_private_mode = 00000000
Thu Jul 29 12:58:09 2021 us=200261   pkcs11_private_mode = 00000000
Thu Jul 29 12:58:09 2021 us=200289   pkcs11_private_mode = 00000000
Thu Jul 29 12:58:09 2021 us=200317   pkcs11_private_mode = 00000000
Thu Jul 29 12:58:09 2021 us=200344   pkcs11_private_mode = 00000000
Thu Jul 29 12:58:09 2021 us=200372   pkcs11_private_mode = 00000000
Thu Jul 29 12:58:09 2021 us=200400   pkcs11_private_mode = 00000000
Thu Jul 29 12:58:09 2021 us=200427   pkcs11_private_mode = 00000000
Thu Jul 29 12:58:09 2021 us=200455   pkcs11_private_mode = 00000000
Thu Jul 29 12:58:09 2021 us=200482   pkcs11_private_mode = 00000000
Thu Jul 29 12:58:09 2021 us=200510   pkcs11_private_mode = 00000000
Thu Jul 29 12:58:09 2021 us=200538   pkcs11_private_mode = 00000000
Thu Jul 29 12:58:09 2021 us=200565   pkcs11_cert_private = DISABLED
Thu Jul 29 12:58:09 2021 us=200593   pkcs11_cert_private = DISABLED
Thu Jul 29 12:58:09 2021 us=200620   pkcs11_cert_private = DISABLED
Thu Jul 29 12:58:09 2021 us=200648   pkcs11_cert_private = DISABLED
Thu Jul 29 12:58:09 2021 us=200676   pkcs11_cert_private = DISABLED
Thu Jul 29 12:58:09 2021 us=200703   pkcs11_cert_private = DISABLED
Thu Jul 29 12:58:09 2021 us=200731   pkcs11_cert_private = DISABLED
Thu Jul 29 12:58:09 2021 us=200758   pkcs11_cert_private = DISABLED
Thu Jul 29 12:58:09 2021 us=200786   pkcs11_cert_private = DISABLED
Thu Jul 29 12:58:09 2021 us=200813   pkcs11_cert_private = DISABLED
Thu Jul 29 12:58:09 2021 us=200840   pkcs11_cert_private = DISABLED
Thu Jul 29 12:58:09 2021 us=200868   pkcs11_cert_private = DISABLED
Thu Jul 29 12:58:09 2021 us=200896   pkcs11_cert_private = DISABLED
Thu Jul 29 12:58:09 2021 us=200923   pkcs11_cert_private = DISABLED
Thu Jul 29 12:58:09 2021 us=200950   pkcs11_cert_private = DISABLED
Thu Jul 29 12:58:09 2021 us=200978   pkcs11_cert_private = DISABLED
Thu Jul 29 12:58:09 2021 us=201006   pkcs11_pin_cache_period = -1
Thu Jul 29 12:58:09 2021 us=201033   pkcs11_id = '[UNDEF]'
Thu Jul 29 12:58:09 2021 us=201061   pkcs11_id_management = DISABLED
Thu Jul 29 12:58:09 2021 us=201108   server_network = 0.0.0.0
Thu Jul 29 12:58:09 2021 us=201153   server_netmask = 0.0.0.0
Thu Jul 29 12:58:09 2021 us=201205   server_network_ipv6 = ::
Thu Jul 29 12:58:09 2021 us=201237   server_netbits_ipv6 = 0
Thu Jul 29 12:58:09 2021 us=201266   server_bridge_ip = 0.0.0.0
Thu Jul 29 12:58:09 2021 us=201296   server_bridge_netmask = 0.0.0.0
Thu Jul 29 12:58:09 2021 us=201325   server_bridge_pool_start = 0.0.0.0
Thu Jul 29 12:58:09 2021 us=201354   server_bridge_pool_end = 0.0.0.0
Thu Jul 29 12:58:09 2021 us=201382   ifconfig_pool_defined = DISABLED
Thu Jul 29 12:58:09 2021 us=201411   ifconfig_pool_start = 0.0.0.0
Thu Jul 29 12:58:09 2021 us=201440   ifconfig_pool_end = 0.0.0.0
Thu Jul 29 12:58:09 2021 us=201470   ifconfig_pool_netmask = 0.0.0.0
Thu Jul 29 12:58:09 2021 us=201498   ifconfig_pool_persist_filename = '[UNDEF]'
Thu Jul 29 12:58:09 2021 us=201526   ifconfig_pool_persist_refresh_freq = 600
Thu Jul 29 12:58:09 2021 us=201554   ifconfig_ipv6_pool_defined = DISABLED
Thu Jul 29 12:58:09 2021 us=201583   ifconfig_ipv6_pool_base = ::
Thu Jul 29 12:58:09 2021 us=201611   ifconfig_ipv6_pool_netbits = 0
Thu Jul 29 12:58:09 2021 us=201639   n_bcast_buf = 256
Thu Jul 29 12:58:09 2021 us=201667   tcp_queue_limit = 64
Thu Jul 29 12:58:09 2021 us=201695   real_hash_size = 256
Thu Jul 29 12:58:09 2021 us=201723   virtual_hash_size = 256
Thu Jul 29 12:58:09 2021 us=201750   client_connect_script = '[UNDEF]'
Thu Jul 29 12:58:09 2021 us=201777   learn_address_script = '[UNDEF]'
Thu Jul 29 12:58:09 2021 us=201805   client_disconnect_script = '[UNDEF]'
Thu Jul 29 12:58:09 2021 us=201833   client_config_dir = '[UNDEF]'
Thu Jul 29 12:58:09 2021 us=201860   ccd_exclusive = DISABLED
Thu Jul 29 12:58:09 2021 us=201888   tmp_dir = '/tmp'
Thu Jul 29 12:58:09 2021 us=201915   push_ifconfig_defined = DISABLED
Thu Jul 29 12:58:09 2021 us=201944   push_ifconfig_local = 0.0.0.0
Thu Jul 29 12:58:09 2021 us=201974   push_ifconfig_remote_netmask = 0.0.0.0
Thu Jul 29 12:58:09 2021 us=202002   push_ifconfig_ipv6_defined = DISABLED
Thu Jul 29 12:58:09 2021 us=202031   push_ifconfig_ipv6_local = ::/0
Thu Jul 29 12:58:09 2021 us=202060   push_ifconfig_ipv6_remote = ::
Thu Jul 29 12:58:09 2021 us=202088   enable_c2c = DISABLED
Thu Jul 29 12:58:09 2021 us=202116   duplicate_cn = DISABLED
Thu Jul 29 12:58:09 2021 us=202144   cf_max = 0
Thu Jul 29 12:58:09 2021 us=202172   cf_per = 0
Thu Jul 29 12:58:09 2021 us=202200   max_clients = 1024
Thu Jul 29 12:58:09 2021 us=202228   max_routes_per_client = 256
Thu Jul 29 12:58:09 2021 us=202255   auth_user_pass_verify_script = '[UNDEF]'
Thu Jul 29 12:58:09 2021 us=202283   auth_user_pass_verify_script_via_file = DISABLED
Thu Jul 29 12:58:09 2021 us=202311   auth_token_generate = DISABLED
Thu Jul 29 12:58:09 2021 us=202339   auth_token_lifetime = 0
Thu Jul 29 12:58:09 2021 us=202366   port_share_host = '[UNDEF]'
Thu Jul 29 12:58:09 2021 us=202394   port_share_port = '[UNDEF]'
Thu Jul 29 12:58:09 2021 us=202421   client = ENABLED
Thu Jul 29 12:58:09 2021 us=202449   pull = ENABLED
Thu Jul 29 12:58:09 2021 us=202477   auth_user_pass_file = '/etc/openvpn/credentials'
Thu Jul 29 12:58:09 2021 us=202507 OpenVPN 2.4.7 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 28 2021
Thu Jul 29 12:58:09 2021 us=202555 library versions: OpenSSL 1.1.1d  10 Sep 2019, LZO 2.10
Thu Jul 29 12:58:09 2021 us=203273 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Thu Jul 29 12:58:09 2021 us=204511 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Jul 29 12:58:09 2021 us=204927 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Jul 29 12:58:09 2021 us=204976 WARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 1470)
Thu Jul 29 12:58:09 2021 us=205359 Control Channel MTU parms [ L:1592 D:1184 EF:66 EB:0 ET:0 EL:3 ]
Thu Jul 29 12:58:09 2021 us=418534 Data Channel MTU parms [ L:1592 D:1430 EF:122 EB:401 ET:0 EL:3 ]
Thu Jul 29 12:58:09 2021 us=418655 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1528,tun-mtu 1470,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
Thu Jul 29 12:58:09 2021 us=418684 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1528,tun-mtu 1470,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
Thu Jul 29 12:58:09 2021 us=418721 TCP/UDP: Preserving recently used remote address: [AF_INET]104.245.***.***:1195
Thu Jul 29 12:58:09 2021 us=418767 Socket Buffers: R=[180224->180224] S=[180224->180224]
Thu Jul 29 12:58:09 2021 us=418795 UDP link local: (not bound)
Thu Jul 29 12:58:09 2021 us=418823 UDP link remote: [AF_INET]104.245.***.***:1195
Thu Jul 29 12:58:09 2021 us=544902 TLS: Initial packet from [AF_INET]104.245.***.***:1195, sid=96309859 4b6d3bae
Thu Jul 29 12:58:09 2021 us=545172 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Thu Jul 29 12:58:09 2021 us=683773 VERIFY OK: depth=1, C=US **********************
Thu Jul 29 12:58:09 2021 us=684648 VERIFY KU OK
Thu Jul 29 12:58:09 2021 us=684708 Validating certificate extended key usage
Thu Jul 29 12:58:09 2021 us=684756 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Thu Jul 29 12:58:09 2021 us=684799 VERIFY EKU OK
Thu Jul 29 12:58:09 2021 us=684841 VERIFY OK: depth=0, CN=***********.com
Thu Jul 29 12:58:09 2021 us=819197 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1528', remote='link-mtu 1558'
Thu Jul 29 12:58:09 2021 us=819354 WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1470', remote='tun-mtu 1500'
Thu Jul 29 12:58:09 2021 us=819809 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 2048 bit RSA
Thu Jul 29 12:58:09 2021 us=819930 [**********.com] Peer Connection Initiated with [AF_INET]104.245.***.***:1195
Thu Jul 29 12:58:10 2021 us=870157 SENT CONTROL [**********.com]: 'PUSH_REQUEST' (status=1)
Thu Jul 29 12:58:10 2021 us=996504 PUSH: Received control message: 'PUSH_REPLY,ping 10,ping-restart 60,persist-key,redirect-gateway def1,explicit-exit-notify 2,route-gateway 10.133.0.1,topology subnet,compress ,dhcp-option DNS ********,dhcp-option DNS ***********,ifconfig 10.133.0.148 255.255.252.0,peer-id 1,cipher AES-256-GCM'
Thu Jul 29 12:58:10 2021 us=996747 OPTIONS IMPORT: timers and/or timeouts modified
Thu Jul 29 12:58:10 2021 us=996783 OPTIONS IMPORT: explicit notify parm(s) modified
Thu Jul 29 12:58:10 2021 us=996809 OPTIONS IMPORT: compression parms modified
Thu Jul 29 12:58:10 2021 us=996835 OPTIONS IMPORT: --persist options modified
Thu Jul 29 12:58:10 2021 us=996860 OPTIONS IMPORT: --ifconfig/up options modified
Thu Jul 29 12:58:10 2021 us=996884 OPTIONS IMPORT: route options modified
Thu Jul 29 12:58:10 2021 us=996908 OPTIONS IMPORT: route-related options modified
Thu Jul 29 12:58:10 2021 us=996932 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Thu Jul 29 12:58:10 2021 us=996955 OPTIONS IMPORT: peer-id set
Thu Jul 29 12:58:10 2021 us=996979 OPTIONS IMPORT: adjusting link_mtu to 1595
Thu Jul 29 12:58:10 2021 us=997003 OPTIONS IMPORT: data channel crypto options modified
Thu Jul 29 12:58:10 2021 us=997030 Data Channel: using negotiated cipher 'AES-256-GCM'
Thu Jul 29 12:58:10 2021 us=997068 Data Channel MTU parms [ L:1523 D:1430 EF:53 EB:401 ET:0 EL:3 ]
Thu Jul 29 12:58:10 2021 us=997245 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Thu Jul 29 12:58:10 2021 us=997279 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Thu Jul 29 12:58:10 2021 us=997503 ROUTE_GATEWAY 192.168.0.1/255.255.255.0 IFACE=eth0 HWADDR=e4:5f:01:09:e0:80
Thu Jul 29 12:58:10 2021 us=998002 TUN/TAP device tun0 opened
Thu Jul 29 12:58:10 2021 us=998123 TUN/TAP TX queue length set to 100
Thu Jul 29 12:58:10 2021 us=998216 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Thu Jul 29 12:58:10 2021 us=998264 /sbin/ip link set dev tun0 up mtu 1470
Thu Jul 29 12:58:11 2021 us=5119 /sbin/ip addr add dev tun0 10.133.0.148/22 broadcast 10.133.3.255
Thu Jul 29 12:58:11 2021 us=11661 /etc/openvpn/update-resolv-conf tun0 1470 1523 10.133.0.148 255.255.252.0 init
dhcp-option DNS ***********
dhcp-option DNS ************
Too few arguments.
Too few arguments.
Thu Jul 29 12:58:11 2021 us=212131 /sbin/ip route add 104.245.***.***/32 via 192.168.0.1
Thu Jul 29 12:58:11 2021 us=220951 /sbin/ip route add 0.0.0.0/1 via 10.133.0.1
Thu Jul 29 12:58:11 2021 us=228942 /sbin/ip route add 128.0.0.0/1 via 10.133.0.1
Thu Jul 29 12:58:11 2021 us=236990 Initialization Sequence Completed
Thu Jul 29 12:58:17 2021 us=22989 Recursive routing detected, drop tun packet to [AF_INET]104.245.***.***:1195
Thu Jul 29 12:58:17 2021 us=23196 Recursive routing detected, drop tun packet to [AF_INET]104.245.***.***:1195
Thu Jul 29 12:58:21 2021 us=865710 Recursive routing detected, drop tun packet to [AF_INET]104.245.***.***:1195
Thu Jul 29 12:58:21 2021 us=866116 Recursive routing detected, drop tun packet to [AF_INET]104.245.***.***:1195
Thu Jul 29 12:58:21 2021 us=887024 Recursive routing detected, drop tun packet to [AF_INET]104.245.***.***:1195
Thu Jul 29 12:58:22 2021 us=206976 Recursive routing detected, drop tun packet to [AF_INET]104.245.***.***:1195
Thu Jul 29 12:58:22 2021 us=866738 Recursive routing detected, drop tun packet to [AF_INET]104.245.***.***:1195
***

Thu Jul 29 13:49:13 2021 us=567877 Recursive routing detected, drop tun packet to [AF_INET]104.245.***.***:1195
Thu Jul 29 13:49:15 2021 us=404584 Recursive routing detected, drop tun packet to [AF_INET]104.245.***.***:1195
Thu Jul 29 13:49:15 2021 us=406808 Recursive routing detected, drop tun packet to [AF_INET]104.245.***.***:1195
Thu Jul 29 13:49:15 2021 us=558154 Recursive routing detected, drop tun packet to [AF_INET]104.245.***.***:1195
Thu Jul 29 13:49:20 2021 us=410030 [*******.com] Inactivity timeout (--ping-restart), restarting
Thu Jul 29 13:49:20 2021 us=410682 TCP/UDP: Closing socket
Thu Jul 29 13:49:20 2021 us=410857 SIGUSR1[soft,ping-restart] received, process restarting
Thu Jul 29 13:49:20 2021 us=410998 Restart pause, 5 second(s)
Thu Jul 29 13:49:25 2021 us=411192 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Thu Jul 29 13:49:25 2021 us=411372 Re-using SSL/TLS context
Thu Jul 29 13:49:25 2021 us=411459 WARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 1470)
Thu Jul 29 13:49:25 2021 us=411823 Control Channel MTU parms [ L:1592 D:1184 EF:66 EB:0 ET:0 EL:3 ]
Thu Jul 29 13:49:25 2021 us=411927 Data Channel MTU parms [ L:1592 D:1430 EF:122 EB:401 ET:0 EL:3 ]
Thu Jul 29 13:49:25 2021 us=412086 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1528,tun-mtu 1470,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
Thu Jul 29 13:49:25 2021 us=412161 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1528,tun-mtu 1470,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
Thu Jul 29 13:49:25 2021 us=412246 TCP/UDP: Preserving recently used remote address: [AF_INET]104.245.***.***:1195
Thu Jul 29 13:49:25 2021 us=412360 Socket Buffers: R=[180224->180224] S=[180224->180224]
Thu Jul 29 13:49:25 2021 us=412434 UDP link local: (not bound)
Thu Jul 29 13:49:25 2021 us=412511 UDP link remote: [AF_INET]104.245.***.***:1195
Thu Jul 29 13:49:25 2021 us=413845 Recursive routing detected, drop tun packet to [AF_INET]104.245.***.***:1195
Thu Jul 29 13:49:27 2021 us=577410 Recursive routing detected, drop tun packet to [AF_INET]104.245.***.***:1195
Thu Jul 29 13:49:31 2021 us=426900 Recursive routing detected, drop tun packet to [AF_INET]104.245.***.***:1195
Thu Jul 29 13:49:39 2021 us=692856 Recursive routing detected, drop tun packet to [AF_INET]104.245.***.***:1195
Thu Jul 29 13:49:55 2021 us=170104 Recursive routing detected, drop tun packet to [AF_INET]104.245.***.***:1195
Thu Jul 29 13:50:25 2021 us=980699 [UNDEF] Inactivity timeout (--ping-restart), restarting
Thu Jul 29 13:50:25 2021 us=981018 TCP/UDP: Closing socket
Thu Jul 29 13:50:25 2021 us=981138 SIGUSR1[soft,ping-restart] received, process restarting
Thu Jul 29 13:50:25 2021 us=981233 Restart pause, 5 second(s)
Thu Jul 29 13:50:30 2021 us=981396 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Thu Jul 29 13:50:30 2021 us=981546 Re-using SSL/TLS context
Thu Jul 29 13:50:30 2021 us=981617 WARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 1470)
Thu Jul 29 13:50:30 2021 us=981852 Control Channel MTU parms [ L:1592 D:1184 EF:66 EB:0 ET:0 EL:3 ]
Thu Jul 29 13:50:51 2021 us=3264 RESOLVE: Cannot resolve host address: *********.com:1195 (Temporary failure in name resolution)
Thu Jul 29 13:50:51 2021 us=3423 Data Channel MTU parms [ L:1592 D:1430 EF:122 EB:401 ET:0 EL:3 ]
Thu Jul 29 13:50:51 2021 us=3568 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1528,tun-mtu 1470,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
Thu Jul 29 13:50:51 2021 us=3629 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1528,tun-mtu 1470,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
Thu Jul 29 13:51:11 2021 us=23340 RESOLVE: Cannot resolve host address: **********.com:1195 (Temporary failure in name resolution)
Thu Jul 29 13:51:11 2021 us=23479 Could not determine IPv4/IPv6 protocol
Thu Jul 29 13:51:11 2021 us=23671 SIGUSR1[soft,init_instance] received, process restarting
Thu Jul 29 13:51:11 2021 us=23769 Restart pause, 5 second(s)
Thu Jul 29 13:51:16 2021 us=23936 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Thu Jul 29 13:51:16 2021 us=24098 Re-using SSL/TLS context
Thu Jul 29 13:51:16 2021 us=24172 WARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 1470)
Thu Jul 29 13:51:16 2021 us=24409 Control Channel MTU parms [ L:1592 D:1184 EF:66 EB:0 ET:0 EL:3 ]
Thu Jul 29 13:51:36 2021 us=42568 RESOLVE: Cannot resolve host address: ******.com:1194 (Temporary failure in name resolution)
Thu Jul 29 13:51:36 2021 us=42759 Data Channel MTU parms [ L:1592 D:1430 EF:122 EB:401 ET:0 EL:3 ]
Thu Jul 29 13:51:36 2021 us=42932 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1528,tun-mtu 1470,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
Thu Jul 29 13:51:36 2021 us=43009 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1528,tun-mtu 1470,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
Thu Jul 29 13:51:56 2021 us=64172 RESOLVE: Cannot resolve host address: ******.com:1194 (Temporary failure in name resolution)
Thu Jul 29 13:51:56 2021 us=64333 Could not determine IPv4/IPv6 protocol
Thu Jul 29 13:51:56 2021 us=64551 SIGUSR1[soft,init_instance] received, process restarting
Thu Jul 29 13:51:56 2021 us=64662 Restart pause, 5 second(s)
Thu Jul 29 13:52:01 2021 us=64829 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Thu Jul 29 13:52:01 2021 us=64994 Re-using SSL/TLS context
Thu Jul 29 13:52:01 2021 us=67187 WARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 1470)
Thu Jul 29 13:52:01 2021 us=67449 Control Channel MTU parms [ L:1592 D:1184 EF:66 EB:0 ET:0 EL:3 ]
Thu Jul 29 13:52:21 2021 us=86795 RESOLVE: Cannot resolve host address: **********.com:1195 (Temporary failure in name resolution)
Thu Jul 29 13:52:21 2021 us=87024 Data Channel MTU parms [ L:1592 D:1430 EF:122 EB:401 ET:0 EL:3 ]
Thu Jul 29 13:52:21 2021 us=87198 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1528,tun-mtu 1470,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
Thu Jul 29 13:52:21 2021 us=87330 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1528,tun-mtu 1470,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
Thu Jul 29 13:52:41 2021 us=108613 RESOLVE: Cannot resolve host address: **********.com:1195 (Temporary failure in name resolution)
Thu Jul 29 13:52:41 2021 us=108804 Could not determine IPv4/IPv6 protocol
Thu Jul 29 13:52:41 2021 us=109133 SIGUSR1[soft,init_instance] received, process restarting
Thu Jul 29 13:52:41 2021 us=109305 Restart pause, 5 second(s)
Thu Jul 29 13:52:46 2021 us=109518 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Thu Jul 29 13:52:46 2021 us=109697 Re-using SSL/TLS context
Thu Jul 29 13:52:46 2021 us=109782 WARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 1470)
Thu Jul 29 13:52:46 2021 us=110058 Control Channel MTU parms [ L:1592 D:1184 EF:66 EB:0 ET:0 EL:3 ]
Thu Jul 29 13:53:06 2021 us=131346 RESOLVE: Cannot resolve host address: ******.com:1194 (Temporary failure in name resolution)
Thu Jul 29 13:53:06 2021 us=131500 Data Channel MTU parms [ L:1592 D:1430 EF:122 EB:401 ET:0 EL:3 ]
Thu Jul 29 13:53:06 2021 us=131652 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1528,tun-mtu 1470,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
Thu Jul 29 13:53:06 2021 us=131718 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1528,tun-mtu 1470,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
Thu Jul 29 13:53:26 2021 us=149476 RESOLVE: Cannot resolve host address: ******.com:1194 (Temporary failure in name resolution)
Thu Jul 29 13:53:26 2021 us=149639 Could not determine IPv4/IPv6 protocol
Thu Jul 29 13:53:26 2021 us=149856 SIGUSR1[soft,init_instance] received, process restarting
Thu Jul 29 13:53:26 2021 us=149967 Restart pause, 5 second(s)
Thu Jul 29 13:53:31 2021 us=150143 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Thu Jul 29 13:53:31 2021 us=150332 Re-using SSL/TLS context
Thu Jul 29 13:53:31 2021 us=150419 WARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 1470)
Thu Jul 29 13:53:31 2021 us=150689 Control Channel MTU parms [ L:1592 D:1184 EF:66 EB:0 ET:0 EL:3 ]
Thu Jul 29 13:53:51 2021 us=171890 RESOLVE: Cannot resolve host address: **********.com:1195 (Temporary failure in name resolution)
Thu Jul 29 13:53:51 2021 us=171989 Data Channel MTU parms [ L:1592 D:1430 EF:122 EB:401 ET:0 EL:3 ]
Thu Jul 29 13:53:51 2021 us=172067 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1528,tun-mtu 1470,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
Thu Jul 29 13:53:51 2021 us=172098 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1528,tun-mtu 1470,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
Thu Jul 29 13:54:11 2021 us=193040 RESOLVE: Cannot resolve host address: **********.com:1195 (Temporary failure in name resolution)
Thu Jul 29 13:54:11 2021 us=193212 Could not determine IPv4/IPv6 protocol
Thu Jul 29 13:54:11 2021 us=193456 SIGUSR1[soft,init_instance] received, process restarting
Thu Jul 29 13:54:11 2021 us=193585 Restart pause, 5 second(s)
Thu Jul 29 13:54:16 2021 us=193765 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Thu Jul 29 13:54:16 2021 us=193895 Re-using SSL/TLS context
Thu Jul 29 13:54:16 2021 us=193955 WARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 1470)
Thu Jul 29 13:54:16 2021 us=194151 Control Channel MTU parms [ L:1592 D:1184 EF:66 EB:0 ET:0 EL:3 ]
Thu Jul 29 13:54:36 2021 us=212521 RESOLVE: Cannot resolve host address: ******.com:1194 (Temporary failure in name resolution)
Thu Jul 29 13:54:36 2021 us=212735 Data Channel MTU parms [ L:1592 D:1430 EF:122 EB:401 ET:0 EL:3 ]
Thu Jul 29 13:54:36 2021 us=212880 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1528,tun-mtu 1470,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
Thu Jul 29 13:54:36 2021 us=212941 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1528,tun-mtu 1470,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'


TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: tunnel stops working after eth link looses sync for a mintue

Post by TinCanTech » Thu Jul 29, 2021 6:55 pm

The problem is because the --down script is not executed and so your DNS is borked.

Try removing:

Code: Select all

persist-tun

Post Reply