Bridge client on Ubuntu not working

Need help configuring your VPN? Just post here and you'll get that help.
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
Olivier2564
OpenVpn Newbie
Posts: 5
Joined: Fri May 14, 2021 4:24 am

Bridge client on Ubuntu not working

Post by Olivier2564 » Fri May 14, 2021 4:57 am

I have had that frustrating experience for weeks.

OpenVPN server 2.5.1 on FreeBSD 12.2, configured as a bridge. Clients get a dynamic IP from some DHCP server on my network.

Windows clients is working out of the box. So that validates that the server is running fine and I have no issue with my username/password/TLS auth.

But I cannot make the Ubuntu client work:
- the connection can be established with no issue;
- as soon as I ifconfig tap0 up, I can see various packets coming in tcpdump;
- dhclient tap0 gets me a proper IP address;
- but then no other poackets seem to cross the interfaces, On the server I see no packet coming from the client, and on the client I see no packet comming from the server.

I must be doing something horibly wrong, but I cannot find any information on my problem.

TIA.

Olivier

User avatar
TinCanTech
Forum Team
Posts: 9431
Joined: Fri Jun 03, 2016 1:17 pm

Re: Bridge client on Ubuntu not working

Post by TinCanTech » Fri May 14, 2021 11:44 am

Olivier2564 wrote:
Fri May 14, 2021 4:57 am
I cannot find any information on my problem
Neither can we ...

viewtopic.php?f=30&t=22603

Olivier2564
OpenVpn Newbie
Posts: 5
Joined: Fri May 14, 2021 4:24 am

Re: Bridge client on Ubuntu not working

Post by Olivier2564 » Fri May 28, 2021 9:35 am

Here is the full configuration:

Server: FreeBSD 12.2 running as a VMware guest on ESXi 6.5 (I already set the virtual switch in promiscuous mode).

Operating system:

Code: Select all

vpn<on>73: uname -a
FreeBSD aa.bb.ac.th 12.2-RELEASE-p6 FreeBSD 12.2-RELEASE-p6 r369585 GENERIC  amd64
vpn<on>74: openvpn --version
OpenVPN 2.5.1 amd64-portbld-freebsd12.2 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Mar 23 2021
library versions: OpenSSL 1.1.1h-freebsd  22 Sep 2020, LZO 2.10
Originally developed by James Yonan
Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net>
Compile time defines: enable_async_push=no enable_comp_stub=no enable_crypto_ofb_cfb=yes enable_debug=yes enable_def_auth=yes enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown enable_fast_install=needless enable_fragment=yes enable_iproute2=no enable_libtool_lock=yes enable_lz4=yes enable_lzo=yes enable_management=yes enable_multihome=yes enable_pam_dlopen=no enable_pedantic=no enable_pf=yes enable_pkcs11=no enable_plugin_auth_pam=yes enable_plugin_down_root=yes enable_plugins=yes enable_port_share=yes enable_selinux=no enable_shared=yes enable_shared_with_static_runtimes=no enable_silent_rules=no enable_small=no enable_static=yes enable_strict=yes enable_strict_options=no enable_systemd=no enable_werror=no enable_win32_dll=yes enable_x509_alt_username=no with_aix_soname=aix with_crypto_library=openssl with_gnu_ld=yes with_mem_check=no with_sysroot=no
vpn<on>75: 
Network:

Code: Select all

vpn<on>68: ifconfig -a
vmx0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
	options=a400b9<RXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,VLAN_HWTSO,RXCSUM_IPV6>
	ether 00:0c:29:90:ec:84
	inet 192.41.XX.YY netmask 0xffffff00 broadcast 192.41.XX.YY
	status: active
	nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
vmx1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	options=e403bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,VLAN_HWTSO,RXCSUM_IPV6,TXCSUM_IPV6>
	ether 00:0c:29:90:ec:8e
	inet 10.41.XX.YY netmask 0xffffff00 broadcast 10.41.XX.YY
	media: Ethernet autoselect
	status: active
	nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
	options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
	inet6 ::1 prefixlen 128
	inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
	inet 127.0.0.1 netmask 0xff000000
	groups: lo
	nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
tap0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
	options=80000<LINKSTATE>
	ether 58:9c:fc:10:d9:6b
	groups: tap
	media: Ethernet autoselect
	status: active
	nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
	Opened by PID 9329
bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	ether 02:06:66:fd:9a:00
	id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
	maxage 20 holdcnt 6 proto stp-rstp maxaddr 2000 timeout 1200
	root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
	member: tap0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
	        ifmaxaddr 0 port 4 priority 128 path cost 2000000
	member: vmx0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
	        ifmaxaddr 0 port 1 priority 128 path cost 2000
	groups: bridge
	nd6 options=9<PERFORMNUD,IFDISABLED>
vpn<on>69: 
Configuration:

server

local 192.41.XX.YY
port 1194
proto udp
dev tap0
ca /usr/local/etc/openvpn/pki/ca.crt
cert /usr/local/etc/openvpn/pki/issued/server.crt
key /usr/local/etc/openvpn/pki/private/server.key # This file should be kept secret
dh /usr/local/ssl/dh/dh2048.pem
server-bridge
client-to-client
keepalive 10 120
tls-auth /usr/local/ssl/ta/ta.key 0 # This file is secret
data-ciphers-fallback AES-256-CBC # because deprecated?
user openvpn
group openvpn
persist-key
persist-tun
status openvpn-status.log
verb 4
explicit-exit-notify 1
plugin /usr/local/lib/openvpn/plugins/openvpn-plugin-auth-pam.so openvpn
verify-client-cert require
tun-mtu 1500
script-security 2 # must be 2 to allow the script bellow
up /usr/local/etc/openvpn/script/up # stoping openvpn down the interface
crl-verify /usr/local/etc/openvpn/crl.pem
chroot /var/chroot/openvpn


Log: Client: Ubuntu 20.04

Operating system:

Code: Select all

olivier@olivier:~$ openvpn --version
OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 27 2021
library versions: OpenSSL 1.1.1f  31 Mar 2020, LZO 2.10
Originally developed by James Yonan
Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net>
Compile time defines: enable_async_push=no enable_comp_stub=no enable_crypto=yes enable_crypto_ofb_cfb=yes enable_debug=yes enable_def_auth=yes enable_dependency_tracking=no enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown enable_fast_install=needless enable_fragment=yes enable_iproute2=yes enable_libtool_lock=yes enable_lz4=yes enable_lzo=yes enable_maintainer_mode=no enable_management=yes enable_multihome=yes enable_pam_dlopen=no enable_pedantic=no enable_pf=yes enable_pkcs11=yes enable_plugin_auth_pam=yes enable_plugin_down_root=yes enable_plugins=yes enable_port_share=yes enable_selinux=no enable_server=yes enable_shared=yes enable_shared_with_static_runtimes=no enable_silent_rules=no enable_small=no enable_static=yes enable_strict=no enable_strict_options=no enable_systemd=yes enable_werror=no enable_win32_dll=yes enable_x509_alt_username=yes with_aix_soname=aix with_crypto_library=openssl with_gnu_ld=yes with_mem_check=no with_sysroot=no
olivier@olivier:~$ 
Network configuration (before launching OpenVPN):

Code: Select all

olivier@olivier:~$ ifconfig -a 
enp8s0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        ether 34:64:a9:be:6d:4a  txqueuelen 1000  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 81838  bytes 47875842 (47.8 MB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 81838  bytes 47875842 (47.8 MB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

wlo1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.0.50  netmask 255.255.255.0  broadcast 192.168.0.255
        inet6 fe80::4dc7:da1:f67f:fb2d  prefixlen 64  scopeid 0x20<link>
        ether 30:3a:64:5a:46:50  txqueuelen 1000  (Ethernet)
        RX packets 14618253  bytes 19314444536 (19.3 GB)
        RX errors 0  dropped 581  overruns 0  frame 0
        TX packets 2208285  bytes 359788640 (359.7 MB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

olivier@olivier:~$ 
[code]

Serverlog before connection:

[code]
May 28 15:35:00 vpn openvpn[9328]: Current Parameter Settings:
May 28 15:35:00 vpn openvpn[9328]:   config = '/usr/local/etc/openvpn/openvpn.conf'
May 28 15:35:00 vpn openvpn[9328]:   mode = 1
May 28 15:35:00 vpn openvpn[9328]:   show_ciphers = DISABLED
May 28 15:35:00 vpn openvpn[9328]:   show_digests = DISABLED
May 28 15:35:00 vpn openvpn[9328]:   show_engines = DISABLED
May 28 15:35:00 vpn openvpn[9328]:   genkey = DISABLED
May 28 15:35:00 vpn openvpn[9328]:   genkey_filename = '[UNDEF]'
May 28 15:35:00 vpn openvpn[9328]:   key_pass_file = '[UNDEF]'
May 28 15:35:00 vpn openvpn[9328]:   show_tls_ciphers = DISABLED
May 28 15:35:00 vpn openvpn[9328]:   connect_retry_max = 0
May 28 15:35:00 vpn openvpn[9328]: Connection profiles [0]:
May 28 15:35:00 vpn openvpn[9328]:   proto = udp
May 28 15:35:00 vpn openvpn[9328]:   local = '192.41.XX.YY'
May 28 15:35:00 vpn openvpn[9328]:   local_port = '1194'
May 28 15:35:00 vpn openvpn[9328]:   remote = '[UNDEF]'
May 28 15:35:00 vpn openvpn[9328]:   remote_port = '1194'
May 28 15:35:00 vpn openvpn[9328]:   remote_float = DISABLED
May 28 15:35:00 vpn openvpn[9328]:   bind_defined = DISABLED
May 28 15:35:00 vpn openvpn[9328]:   bind_local = ENABLED
May 28 15:35:00 vpn openvpn[9328]:   bind_ipv6_only = DISABLED
May 28 15:35:00 vpn openvpn[9328]:   connect_retry_seconds = 5
May 28 15:35:00 vpn openvpn[9328]:   connect_timeout = 120
May 28 15:35:00 vpn openvpn[9328]:   socks_proxy_server = '[UNDEF]'
May 28 15:35:00 vpn openvpn[9328]:   socks_proxy_port = '[UNDEF]'
May 28 15:35:00 vpn openvpn[9328]:   tun_mtu = 1500
May 28 15:35:00 vpn openvpn[9328]:   tun_mtu_defined = ENABLED
May 28 15:35:00 vpn openvpn[9328]:   link_mtu = 1500
May 28 15:35:00 vpn openvpn[9328]:   link_mtu_defined = DISABLED
May 28 15:35:00 vpn openvpn[9328]:   tun_mtu_extra = 32
May 28 15:35:00 vpn openvpn[9328]:   tun_mtu_extra_defined = ENABLED
May 28 15:35:00 vpn openvpn[9328]:   mtu_discover_type = -1
May 28 15:35:00 vpn openvpn[9328]:   fragment = 0
May 28 15:35:00 vpn openvpn[9328]:   mssfix = 1450
May 28 15:35:00 vpn openvpn[9328]:   explicit_exit_notification = 1
May 28 15:35:00 vpn openvpn[9328]:   tls_auth_file = '[INLINE]'
May 28 15:35:00 vpn openvpn[9328]:   key_direction = 0
May 28 15:35:00 vpn openvpn[9328]:   tls_crypt_file = '[UNDEF]'
May 28 15:35:00 vpn openvpn[9328]:   tls_crypt_v2_file = '[UNDEF]'
May 28 15:35:00 vpn openvpn[9328]: Connection profiles END
May 28 15:35:00 vpn openvpn[9328]:   remote_random = DISABLED
May 28 15:35:00 vpn openvpn[9328]:   ipchange = '[UNDEF]'
May 28 15:35:00 vpn openvpn[9328]:   dev = 'tap0'
May 28 15:35:00 vpn openvpn[9328]:   dev_type = '[UNDEF]'
May 28 15:35:00 vpn openvpn[9328]:   dev_node = '[UNDEF]'
May 28 15:35:00 vpn openvpn[9328]:   lladdr = '[UNDEF]'
May 28 15:35:00 vpn openvpn[9328]:   topology = 1
May 28 15:35:00 vpn openvpn[9328]:   ifconfig_local = '[UNDEF]'
May 28 15:35:00 vpn openvpn[9328]:   ifconfig_remote_netmask = '[UNDEF]'
May 28 15:35:00 vpn openvpn[9328]:   ifconfig_noexec = DISABLED
May 28 15:35:00 vpn openvpn[9328]:   ifconfig_nowarn = DISABLED
May 28 15:35:00 vpn openvpn[9328]:   ifconfig_ipv6_local = '[UNDEF]'
May 28 15:35:00 vpn openvpn[9328]:   ifconfig_ipv6_netbits = 0
May 28 15:35:00 vpn openvpn[9328]:   ifconfig_ipv6_remote = '[UNDEF]'
May 28 15:35:00 vpn openvpn[9328]:   shaper = 0
May 28 15:35:00 vpn openvpn[9328]:   mtu_test = 0
May 28 15:35:00 vpn openvpn[9328]:   mlock = DISABLED
May 28 15:35:00 vpn openvpn[9328]:   keepalive_ping = 10
May 28 15:35:00 vpn openvpn[9328]:   keepalive_timeout = 120
May 28 15:35:00 vpn openvpn[9328]:   inactivity_timeout = 0
May 28 15:35:00 vpn openvpn[9328]:   ping_send_timeout = 10
May 28 15:35:00 vpn openvpn[9328]:   ping_rec_timeout = 240
May 28 15:35:00 vpn openvpn[9328]:   ping_rec_timeout_action = 2
May 28 15:35:00 vpn openvpn[9328]:   ping_timer_remote = DISABLED
May 28 15:35:00 vpn openvpn[9328]:   remap_sigusr1 = 0
May 28 15:35:00 vpn openvpn[9328]:   persist_tun = ENABLED
May 28 15:35:00 vpn openvpn[9328]:   persist_local_ip = DISABLED
May 28 15:35:00 vpn openvpn[9328]:   persist_remote_ip = DISABLED
May 28 15:35:00 vpn openvpn[9328]:   persist_key = ENABLED
May 28 15:35:00 vpn openvpn[9328]:   passtos = DISABLED
May 28 15:35:00 vpn openvpn[9328]:   resolve_retry_seconds = 1000000000
May 28 15:35:00 vpn openvpn[9328]:   resolve_in_advance = DISABLED
May 28 15:35:00 vpn openvpn[9328]:   username = 'openvpn'
May 28 15:35:00 vpn openvpn[9328]:   groupname = 'openvpn'
May 28 15:35:00 vpn openvpn[9328]:   chroot_dir = '/var/chroot/openvpn'
May 28 15:35:00 vpn openvpn[9328]:   cd_dir = '/usr/local/etc/openvpn'
May 28 15:35:00 vpn openvpn[9328]:   writepid = '/var/run/openvpn.pid'
May 28 15:35:00 vpn openvpn[9328]:   up_script = '/usr/local/etc/openvpn/script/up'
May 28 15:35:00 vpn openvpn[9328]:   down_script = '[UNDEF]'
May 28 15:35:00 vpn openvpn[9328]:   down_pre = DISABLED
May 28 15:35:00 vpn openvpn[9328]:   up_restart = DISABLED
May 28 15:35:00 vpn openvpn[9328]:   up_delay = DISABLED
May 28 15:35:00 vpn openvpn[9328]:   daemon = ENABLED
May 28 15:35:00 vpn openvpn[9328]:   inetd = 0
May 28 15:35:00 vpn openvpn[9328]:   log = DISABLED
May 28 15:35:00 vpn openvpn[9328]:   suppress_timestamps = DISABLED
May 28 15:35:00 vpn openvpn[9328]:   machine_readable_output = DISABLED
May 28 15:35:00 vpn openvpn[9328]:   nice = 0
May 28 15:35:00 vpn openvpn[9328]:   verbosity = 4
May 28 15:35:00 vpn openvpn[9328]:   mute = 0
May 28 15:35:00 vpn openvpn[9328]:   gremlin = 0
May 28 15:35:00 vpn openvpn[9328]:   status_file = 'openvpn-status.log'
May 28 15:35:00 vpn openvpn[9328]:   status_file_version = 1
May 28 15:35:00 vpn openvpn[9328]:   status_file_update_freq = 60
May 28 15:35:00 vpn openvpn[9328]:   occ = ENABLED
May 28 15:35:00 vpn openvpn[9328]:   rcvbuf = 0
May 28 15:35:00 vpn openvpn[9328]:   sndbuf = 0
May 28 15:35:00 vpn openvpn[9328]:   sockflags = 0
May 28 15:35:00 vpn openvpn[9328]:   fast_io = DISABLED
May 28 15:35:00 vpn openvpn[9328]:   comp.alg = 0
May 28 15:35:00 vpn openvpn[9328]:   comp.flags = 0
May 28 15:35:00 vpn openvpn[9328]:   route_script = '[UNDEF]'
May 28 15:35:00 vpn openvpn[9328]:   route_default_gateway = '[UNDEF]'
May 28 15:35:00 vpn openvpn[9328]:   route_default_metric = 0
May 28 15:35:00 vpn openvpn[9328]:   route_noexec = DISABLED
May 28 15:35:00 vpn openvpn[9328]:   route_delay = 0
May 28 15:35:00 vpn openvpn[9328]:   route_delay_window = 30
May 28 15:35:00 vpn openvpn[9328]:   route_delay_defined = DISABLED
May 28 15:35:00 vpn openvpn[9328]:   route_nopull = DISABLED
May 28 15:35:00 vpn openvpn[9328]:   route_gateway_via_dhcp = DISABLED
May 28 15:35:00 vpn openvpn[9328]:   allow_pull_fqdn = DISABLED
May 28 15:35:00 vpn openvpn[9328]:   management_addr = '[UNDEF]'
May 28 15:35:00 vpn openvpn[9328]:   management_port = '[UNDEF]'
May 28 15:35:00 vpn openvpn[9328]:   management_user_pass = '[UNDEF]'
May 28 15:35:00 vpn openvpn[9328]:   management_log_history_cache = 250
May 28 15:35:00 vpn openvpn[9328]:   management_echo_buffer_size = 100
May 28 15:35:00 vpn openvpn[9328]:   management_write_peer_info_file = '[UNDEF]'
May 28 15:35:00 vpn openvpn[9328]:   management_client_user = '[UNDEF]'
May 28 15:35:00 vpn openvpn[9328]:   management_client_group = '[UNDEF]'
May 28 15:35:00 vpn openvpn[9328]:   management_flags = 0
May 28 15:35:00 vpn openvpn[9328]:   plugin[0] /usr/local/lib/openvpn/plugins/openvpn-plugin-auth-pam.so '[/usr/local/lib/openvpn/plugins/openvpn-plugin-auth-pam.so] [openvpn]'
May 28 15:35:00 vpn openvpn[9328]:   shared_secret_file = '[UNDEF]'
May 28 15:35:00 vpn openvpn[9328]:   key_direction = 0
May 28 15:35:00 vpn openvpn[9328]:   ciphername = 'AES-256-CBC'
May 28 15:35:00 vpn openvpn[9328]:   ncp_enabled = ENABLED
May 28 15:35:00 vpn openvpn[9328]:   ncp_ciphers = 'AES-256-GCM:AES-128-GCM'
May 28 15:35:00 vpn openvpn[9328]:   authname = 'SHA1'
May 28 15:35:00 vpn openvpn[9328]:   prng_hash = 'SHA1'
May 28 15:35:00 vpn openvpn[9328]:   prng_nonce_secret_len = 16
May 28 15:35:00 vpn openvpn[9328]:   keysize = 0
May 28 15:35:00 vpn openvpn[9328]:   engine = DISABLED
May 28 15:35:00 vpn openvpn[9328]:   replay = ENABLED
May 28 15:35:00 vpn openvpn[9328]:   mute_replay_warnings = DISABLED
May 28 15:35:00 vpn openvpn[9328]:   replay_window = 64
May 28 15:35:00 vpn openvpn[9328]:   replay_time = 15
May 28 15:35:00 vpn openvpn[9328]:   packet_id_file = '[UNDEF]'
May 28 15:35:00 vpn openvpn[9328]:   test_crypto = DISABLED
May 28 15:35:00 vpn openvpn[9328]:   tls_server = ENABLED
May 28 15:35:00 vpn openvpn[9328]:   tls_client = DISABLED
May 28 15:35:00 vpn openvpn[9328]:   ca_file = '/usr/local/etc/openvpn/pki/ca.crt'
May 28 15:35:00 vpn openvpn[9328]:   ca_path = '[UNDEF]'
May 28 15:35:00 vpn openvpn[9328]:   dh_file = '/usr/local/ssl/dh/dh2048.pem'
May 28 15:35:00 vpn openvpn[9328]:   cert_file = '/usr/local/etc/openvpn/pki/issued/server.crt'
May 28 15:35:00 vpn openvpn[9328]:   extra_certs_file = '[UNDEF]'
May 28 15:35:00 vpn openvpn[9328]:   priv_key_file = '/usr/local/etc/openvpn/pki/private/server.key'
May 28 15:35:00 vpn openvpn[9328]:   pkcs12_file = '[UNDEF]'
May 28 15:35:00 vpn openvpn[9328]:   cipher_list = '[UNDEF]'
May 28 15:35:00 vpn openvpn[9328]:   cipher_list_tls13 = '[UNDEF]'
May 28 15:35:00 vpn openvpn[9328]:   tls_cert_profile = '[UNDEF]'
May 28 15:35:00 vpn openvpn[9328]:   tls_verify = '[UNDEF]'
May 28 15:35:00 vpn openvpn[9328]:   tls_export_cert = '[UNDEF]'
May 28 15:35:00 vpn openvpn[9328]:   verify_x509_type = 0
May 28 15:35:00 vpn openvpn[9328]:   verify_x509_name = '[UNDEF]'
May 28 15:35:00 vpn openvpn[9328]:   crl_file = '/usr/local/etc/openvpn/crl.pem'
May 28 15:35:00 vpn openvpn[9328]:   ns_cert_type = 0
May 28 15:35:00 vpn openvpn[9328]:   remote_cert_ku[i] = 0
May 28 15:35:00 vpn openvpn[9328]:   remote_cert_eku = '[UNDEF]'
May 28 15:35:00 vpn openvpn[9328]:   ssl_flags = 0
May 28 15:35:00 vpn openvpn[9328]:   tls_timeout = 2
May 28 15:35:00 vpn openvpn[9328]:   renegotiate_bytes = -1
May 28 15:35:00 vpn openvpn[9328]:   renegotiate_packets = 0
May 28 15:35:00 vpn openvpn[9328]:   renegotiate_seconds = 3600
May 28 15:35:00 vpn openvpn[9328]:   handshake_window = 60
May 28 15:35:00 vpn openvpn[9328]:   transition_window = 3600
May 28 15:35:00 vpn openvpn[9328]:   single_session = DISABLED
May 28 15:35:00 vpn openvpn[9328]:   push_peer_info = DISABLED
May 28 15:35:00 vpn openvpn[9328]:   tls_exit = DISABLED
May 28 15:35:00 vpn openvpn[9328]:   tls_crypt_v2_metadata = '[UNDEF]'
May 28 15:35:00 vpn openvpn[9328]:   server_network = 0.0.0.0
May 28 15:35:00 vpn openvpn[9328]:   server_netmask = 0.0.0.0
May 28 15:35:00 vpn openvpn[9328]:   server_network_ipv6 = ::
May 28 15:35:00 vpn openvpn[9328]:   server_netbits_ipv6 = 0
May 28 15:35:00 vpn openvpn[9328]:   server_bridge_ip = 0.0.0.0
May 28 15:35:00 vpn openvpn[9328]:   server_bridge_netmask = 0.0.0.0
May 28 15:35:00 vpn openvpn[9328]:   server_bridge_pool_start = 0.0.0.0
May 28 15:35:00 vpn openvpn[9328]:   server_bridge_pool_end = 0.0.0.0
May 28 15:35:00 vpn openvpn[9328]:   push_entry = 'route-gateway dhcp'
May 28 15:35:00 vpn openvpn[9328]:   push_entry = 'ping 10'
May 28 15:35:00 vpn openvpn[9328]:   push_entry = 'ping-restart 120'
May 28 15:35:00 vpn openvpn[9328]:   ifconfig_pool_defined = DISABLED
May 28 15:35:00 vpn openvpn[9328]:   ifconfig_pool_start = 0.0.0.0
May 28 15:35:00 vpn openvpn[9328]:   ifconfig_pool_end = 0.0.0.0
May 28 15:35:00 vpn openvpn[9328]:   ifconfig_pool_netmask = 0.0.0.0
May 28 15:35:00 vpn openvpn[9328]:   ifconfig_pool_persist_filename = '[UNDEF]'
May 28 15:35:00 vpn openvpn[9328]:   ifconfig_pool_persist_refresh_freq = 600
May 28 15:35:00 vpn openvpn[9328]:   ifconfig_ipv6_pool_defined = DISABLED
May 28 15:35:00 vpn openvpn[9328]:   ifconfig_ipv6_pool_base = ::
May 28 15:35:00 vpn openvpn[9328]:   ifconfig_ipv6_pool_netbits = 0
May 28 15:35:00 vpn openvpn[9328]:   n_bcast_buf = 256
May 28 15:35:00 vpn openvpn[9328]:   tcp_queue_limit = 64
May 28 15:35:00 vpn openvpn[9328]:   real_hash_size = 256
May 28 15:35:00 vpn openvpn[9328]:   virtual_hash_size = 256
May 28 15:35:00 vpn openvpn[9328]:   client_connect_script = '[UNDEF]'
May 28 15:35:00 vpn openvpn[9328]:   learn_address_script = '[UNDEF]'
May 28 15:35:00 vpn openvpn[9328]:   client_disconnect_script = '[UNDEF]'
May 28 15:35:00 vpn openvpn[9328]:   client_config_dir = '[UNDEF]'
May 28 15:35:00 vpn openvpn[9328]:   ccd_exclusive = DISABLED
May 28 15:35:00 vpn openvpn[9328]:   tmp_dir = '/tmp'
May 28 15:35:00 vpn openvpn[9328]:   push_ifconfig_defined = DISABLED
May 28 15:35:00 vpn openvpn[9328]:   push_ifconfig_local = 0.0.0.0
May 28 15:35:00 vpn openvpn[9328]:   push_ifconfig_remote_netmask = 0.0.0.0
May 28 15:35:00 vpn openvpn[9328]:   push_ifconfig_ipv6_defined = DISABLED
May 28 15:35:00 vpn openvpn[9328]:   push_ifconfig_ipv6_local = ::/0
May 28 15:35:00 vpn openvpn[9328]:   push_ifconfig_ipv6_remote = ::
May 28 15:35:00 vpn openvpn[9328]:   enable_c2c = ENABLED
May 28 15:35:00 vpn openvpn[9328]:   duplicate_cn = DISABLED
May 28 15:35:00 vpn openvpn[9328]:   cf_max = 0
May 28 15:35:00 vpn openvpn[9328]:   cf_per = 0
May 28 15:35:00 vpn openvpn[9328]:   max_clients = 1024
May 28 15:35:00 vpn openvpn[9328]:   max_routes_per_client = 256
May 28 15:35:00 vpn openvpn[9328]:   auth_user_pass_verify_script = '[UNDEF]'
May 28 15:35:00 vpn openvpn[9328]:   auth_user_pass_verify_script_via_file = DISABLED
May 28 15:35:00 vpn openvpn[9328]:   auth_token_generate = DISABLED
May 28 15:35:00 vpn openvpn[9328]:   auth_token_lifetime = 0
May 28 15:35:00 vpn openvpn[9328]:   auth_token_secret_file = '[UNDEF]'
May 28 15:35:00 vpn openvpn[9328]:   port_share_host = '[UNDEF]'
May 28 15:35:00 vpn openvpn[9328]:   port_share_port = '[UNDEF]'
May 28 15:35:00 vpn openvpn[9328]:   vlan_tagging = DISABLED
May 28 15:35:00 vpn openvpn[9328]:   vlan_accept = all
May 28 15:35:00 vpn openvpn[9328]:   vlan_pvid = 1
May 28 15:35:00 vpn openvpn[9328]:   client = DISABLED
May 28 15:35:00 vpn openvpn[9328]:   pull = DISABLED
May 28 15:35:00 vpn openvpn[9328]:   auth_user_pass_file = '[UNDEF]'
May 28 15:35:00 vpn openvpn[9328]: OpenVPN 2.5.1 amd64-portbld-freebsd12.2 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Mar 23 2021
May 28 15:35:00 vpn openvpn[9328]: library versions: OpenSSL 1.1.1h-freebsd  22 Sep 2020, LZO 2.10
May 28 15:35:00 vpn openvpn[9329]: NOTE: when bridging your LAN adapter with the TAP adapter, note that the new bridge adapter will often take on its own IP address that is different from what the LAN adapter was previously set to
May 28 15:35:00 vpn openvpn[9329]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
May 28 15:35:00 vpn openvpn[9330]: PLUGIN AUTH-PAM: BACKGROUND: INIT service='openvpn'
May 28 15:35:00 vpn openvpn[9329]: PLUGIN AUTH-PAM: initialization succeeded (fg)
May 28 15:35:00 vpn openvpn[9329]: PLUGIN_INIT: POST /usr/local/lib/openvpn/plugins/openvpn-plugin-auth-pam.so '[/usr/local/lib/openvpn/plugins/openvpn-plugin-auth-pam.so] [openvpn]' intercepted=PLUGIN_AUTH_USER_PASS_VERIFY 
May 28 15:35:00 vpn openvpn[9330]: PLUGIN AUTH-PAM: BACKGROUND: initialization succeeded
May 28 15:35:00 vpn openvpn[9329]: Diffie-Hellman initialized with 2048 bit key
May 28 15:35:00 vpn openvpn[9329]: CRL: loaded 1 CRLs from file /usr/local/etc/openvpn/crl.pem
May 28 15:35:00 vpn openvpn[9329]: Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
May 28 15:35:00 vpn openvpn[9329]: Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
May 28 15:35:00 vpn openvpn[9329]: TLS-Auth MTU parms [ L:1653 D:1184 EF:66 EB:0 ET:0 EL:3 ]
May 28 15:35:00 vpn openvpn[9329]: TUN/TAP device tap0 exists previously, keep at program end
May 28 15:35:00 vpn openvpn[9329]: TUN/TAP device /dev/tap0 opened
May 28 15:35:00 vpn openvpn[9329]: do_ifconfig, ipv4=0, ipv6=0
May 28 15:35:00 vpn openvpn[9329]: /usr/local/etc/openvpn/script/up tap0 1500 1653   init
May 28 15:35:00 vpn openvpn[9329]: Data Channel MTU parms [ L:1653 D:1450 EF:121 EB:411 ET:32 EL:3 ]
May 28 15:35:00 vpn openvpn[9329]: Could not determine IPv4/IPv6 protocol. Using AF_INET
May 28 15:35:00 vpn openvpn[9329]: Socket Buffers: R=[42080->42080] S=[9216->9216]
May 28 15:35:00 vpn openvpn[9329]: UDPv4 link local (bound): [AF_INET]192.41.XX.YY:1194
May 28 15:35:00 vpn openvpn[9329]: UDPv4 link remote: [AF_UNSPEC]
May 28 15:35:00 vpn openvpn[9329]: chroot to '/var/chroot/openvpn' and cd to '/' succeeded
May 28 15:35:00 vpn openvpn[9329]: GID set to openvpn
May 28 15:35:00 vpn openvpn[9329]: UID set to openvpn
May 28 15:35:00 vpn openvpn[9329]: MULTI: multi_init called, r=256 v=256
May 28 15:35:00 vpn openvpn[9329]: Initialization Sequence Completed
Client configuration:
client

olivier@olivier:~$ cat ~/Downloads/CSIM-on.ovpn
# --------------------------------------------------------
# CSIM VPN | https://cs.ait.ac.th/laboratory/vpn/
# Created on: 2021/4/7 15:7
# OpenVPN Client Configuration
# Client on@cs.ait.ac.th
# --------------------------------------------------------

client
dev tap
remote aa.bb.ac.th 1194
resolv-retry infinite
nobind
persist-key
persist-tun
auth-nocache
route-delay 5
verb 4
remote-cert-tls server
#data-ciphers-fallback AES-256-CBC
proto udp
key-direction 1
# link-mtu 1589
tun-mtu 1500
auth-user-pass
explicit-exit-notify 1
keepalive 10 120
keysize 256

# client: on

<ca>
-----BEGIN CERTIFICATE-----
M...
-----END CERTIFICATE-----
</ca>

<cert>
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
...
-----BEGIN CERTIFICATE-----
M...
-----END CERTIFICATE-----
</cert>

<key>
-----BEGIN ENCRYPTED PRIVATE KEY-----
M...
-----END ENCRYPTED PRIVATE KEY-----
</key>

<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
9...
-----END OpenVPN Static key V1-----
</tls-auth>
olivier@olivier:~$


Launching OpenVPN on client:

Code: Select all

olivier@olivier:~$ sudo openvpn --config Downloads/CSIM-on.ovpn
[sudo] password for olivier: 
Fri May 28 16:09:48 2021 us=99648 WARNING: --keysize is DEPRECATED and will be removed in OpenVPN 2.6
Fri May 28 16:09:48 2021 us=99683 Current Parameter Settings:
Fri May 28 16:09:48 2021 us=99704   config = 'Downloads/CSIM-on.ovpn'
Fri May 28 16:09:48 2021 us=99714   mode = 0
Fri May 28 16:09:48 2021 us=99722   persist_config = DISABLED
Fri May 28 16:09:48 2021 us=99731   persist_mode = 1
Fri May 28 16:09:48 2021 us=99740   show_ciphers = DISABLED
Fri May 28 16:09:48 2021 us=99748   show_digests = DISABLED
Fri May 28 16:09:48 2021 us=99756   show_engines = DISABLED
Fri May 28 16:09:48 2021 us=99765   genkey = DISABLED
Fri May 28 16:09:48 2021 us=99774   key_pass_file = '[UNDEF]'
Fri May 28 16:09:48 2021 us=99783   show_tls_ciphers = DISABLED
Fri May 28 16:09:48 2021 us=99793   connect_retry_max = 0
Fri May 28 16:09:48 2021 us=99802 Connection profiles [0]:
Fri May 28 16:09:48 2021 us=99811   proto = udp
Fri May 28 16:09:48 2021 us=99820   local = '[UNDEF]'
Fri May 28 16:09:48 2021 us=99829   local_port = '[UNDEF]'
Fri May 28 16:09:48 2021 us=99838   remote = 'aa.bb.ac.th'
Fri May 28 16:09:48 2021 us=99847   remote_port = '1194'
Fri May 28 16:09:48 2021 us=99857   remote_float = DISABLED
Fri May 28 16:09:48 2021 us=99866   bind_defined = DISABLED
Fri May 28 16:09:48 2021 us=99875   bind_local = DISABLED
Fri May 28 16:09:48 2021 us=99883   bind_ipv6_only = DISABLED
Fri May 28 16:09:48 2021 us=99893   connect_retry_seconds = 5
Fri May 28 16:09:48 2021 us=99900   connect_timeout = 120
Fri May 28 16:09:48 2021 us=99905   socks_proxy_server = '[UNDEF]'
Fri May 28 16:09:48 2021 us=99911   socks_proxy_port = '[UNDEF]'
Fri May 28 16:09:48 2021 us=99917   tun_mtu = 1500
Fri May 28 16:09:48 2021 us=99925   tun_mtu_defined = ENABLED
Fri May 28 16:09:48 2021 us=99932   link_mtu = 1500
Fri May 28 16:09:48 2021 us=99940   link_mtu_defined = DISABLED
Fri May 28 16:09:48 2021 us=99948   tun_mtu_extra = 32
Fri May 28 16:09:48 2021 us=99956   tun_mtu_extra_defined = ENABLED
Fri May 28 16:09:48 2021 us=99964   mtu_discover_type = -1
Fri May 28 16:09:48 2021 us=99973   fragment = 0
Fri May 28 16:09:48 2021 us=99980   mssfix = 1450
Fri May 28 16:09:48 2021 us=99988   explicit_exit_notification = 1
Fri May 28 16:09:48 2021 us=99996 Connection profiles END
Fri May 28 16:09:48 2021 us=100005   remote_random = DISABLED
Fri May 28 16:09:48 2021 us=100014   ipchange = '[UNDEF]'
Fri May 28 16:09:48 2021 us=100023   dev = 'tap'
Fri May 28 16:09:48 2021 us=100031   dev_type = '[UNDEF]'
Fri May 28 16:09:48 2021 us=100037   dev_node = '[UNDEF]'
Fri May 28 16:09:48 2021 us=100043   lladdr = '[UNDEF]'
Fri May 28 16:09:48 2021 us=100051   topology = 1
Fri May 28 16:09:48 2021 us=100061   ifconfig_local = '[UNDEF]'
Fri May 28 16:09:48 2021 us=100070   ifconfig_remote_netmask = '[UNDEF]'
Fri May 28 16:09:48 2021 us=100079   ifconfig_noexec = DISABLED
Fri May 28 16:09:48 2021 us=100088   ifconfig_nowarn = DISABLED
Fri May 28 16:09:48 2021 us=100096   ifconfig_ipv6_local = '[UNDEF]'
Fri May 28 16:09:48 2021 us=100103   ifconfig_ipv6_netbits = 0
Fri May 28 16:09:48 2021 us=100112   ifconfig_ipv6_remote = '[UNDEF]'
Fri May 28 16:09:48 2021 us=100121   shaper = 0
Fri May 28 16:09:48 2021 us=100129   mtu_test = 0
Fri May 28 16:09:48 2021 us=100138   mlock = DISABLED
Fri May 28 16:09:48 2021 us=100147   keepalive_ping = 10
Fri May 28 16:09:48 2021 us=100156   keepalive_timeout = 120
Fri May 28 16:09:48 2021 us=100165   inactivity_timeout = 0
Fri May 28 16:09:48 2021 us=100175   ping_send_timeout = 10
Fri May 28 16:09:48 2021 us=100184   ping_rec_timeout = 120
Fri May 28 16:09:48 2021 us=100193   ping_rec_timeout_action = 2
Fri May 28 16:09:48 2021 us=100203   ping_timer_remote = DISABLED
Fri May 28 16:09:48 2021 us=100212   remap_sigusr1 = 0
Fri May 28 16:09:48 2021 us=100221   persist_tun = ENABLED
Fri May 28 16:09:48 2021 us=100230   persist_local_ip = DISABLED
Fri May 28 16:09:48 2021 us=100239   persist_remote_ip = DISABLED
Fri May 28 16:09:48 2021 us=100249   persist_key = ENABLED
Fri May 28 16:09:48 2021 us=100258   passtos = DISABLED
Fri May 28 16:09:48 2021 us=100267   resolve_retry_seconds = 1000000000
Fri May 28 16:09:48 2021 us=100277   resolve_in_advance = DISABLED
Fri May 28 16:09:48 2021 us=100286   username = '[UNDEF]'
Fri May 28 16:09:48 2021 us=100295   groupname = '[UNDEF]'
Fri May 28 16:09:48 2021 us=100304   chroot_dir = '[UNDEF]'
Fri May 28 16:09:48 2021 us=100313   cd_dir = '[UNDEF]'
Fri May 28 16:09:48 2021 us=100323   writepid = '[UNDEF]'
Fri May 28 16:09:48 2021 us=100332   up_script = '[UNDEF]'
Fri May 28 16:09:48 2021 us=100341   down_script = '[UNDEF]'
Fri May 28 16:09:48 2021 us=100351   down_pre = DISABLED
Fri May 28 16:09:48 2021 us=100359   up_restart = DISABLED
Fri May 28 16:09:48 2021 us=100368   up_delay = DISABLED
Fri May 28 16:09:48 2021 us=100377   daemon = DISABLED
Fri May 28 16:09:48 2021 us=100386   inetd = 0
Fri May 28 16:09:48 2021 us=100396   log = DISABLED
Fri May 28 16:09:48 2021 us=100405   suppress_timestamps = DISABLED
Fri May 28 16:09:48 2021 us=100414   machine_readable_output = DISABLED
Fri May 28 16:09:48 2021 us=100423   nice = 0
Fri May 28 16:09:48 2021 us=100432   verbosity = 4
Fri May 28 16:09:48 2021 us=100441   mute = 0
Fri May 28 16:09:48 2021 us=100450   gremlin = 0
Fri May 28 16:09:48 2021 us=100460   status_file = '[UNDEF]'
Fri May 28 16:09:48 2021 us=100469   status_file_version = 1
Fri May 28 16:09:48 2021 us=100476   status_file_update_freq = 60
Fri May 28 16:09:48 2021 us=100482   occ = ENABLED
Fri May 28 16:09:48 2021 us=100488   rcvbuf = 0
Fri May 28 16:09:48 2021 us=100494   sndbuf = 0
Fri May 28 16:09:48 2021 us=100499   mark = 0
Fri May 28 16:09:48 2021 us=100505   sockflags = 0
Fri May 28 16:09:48 2021 us=100514   fast_io = DISABLED
Fri May 28 16:09:48 2021 us=100523   comp.alg = 0
Fri May 28 16:09:48 2021 us=100532   comp.flags = 0
Fri May 28 16:09:48 2021 us=100541   route_script = '[UNDEF]'
Fri May 28 16:09:48 2021 us=100549   route_default_gateway = '[UNDEF]'
Fri May 28 16:09:48 2021 us=100557   route_default_metric = 0
Fri May 28 16:09:48 2021 us=100564   route_noexec = DISABLED
Fri May 28 16:09:48 2021 us=100570   route_delay = 5
Fri May 28 16:09:48 2021 us=100576   route_delay_window = 30
Fri May 28 16:09:48 2021 us=100582   route_delay_defined = ENABLED
Fri May 28 16:09:48 2021 us=100588   route_nopull = DISABLED
Fri May 28 16:09:48 2021 us=100594   route_gateway_via_dhcp = DISABLED
Fri May 28 16:09:48 2021 us=100600   allow_pull_fqdn = DISABLED
Fri May 28 16:09:48 2021 us=100606   management_addr = '[UNDEF]'
Fri May 28 16:09:48 2021 us=100612   management_port = '[UNDEF]'
Fri May 28 16:09:48 2021 us=100618   management_user_pass = '[UNDEF]'
Fri May 28 16:09:48 2021 us=100624   management_log_history_cache = 250
Fri May 28 16:09:48 2021 us=100630   management_echo_buffer_size = 100
Fri May 28 16:09:48 2021 us=100637   management_write_peer_info_file = '[UNDEF]'
Fri May 28 16:09:48 2021 us=100643   management_client_user = '[UNDEF]'
Fri May 28 16:09:48 2021 us=100649   management_client_group = '[UNDEF]'
Fri May 28 16:09:48 2021 us=100655   management_flags = 0
Fri May 28 16:09:48 2021 us=100661   shared_secret_file = '[UNDEF]'
Fri May 28 16:09:48 2021 us=100667   key_direction = 1
Fri May 28 16:09:48 2021 us=100673   ciphername = 'BF-CBC'
Fri May 28 16:09:48 2021 us=100679   ncp_enabled = ENABLED
Fri May 28 16:09:48 2021 us=100685   ncp_ciphers = 'AES-256-GCM:AES-128-GCM'
Fri May 28 16:09:48 2021 us=100691   authname = 'SHA1'
Fri May 28 16:09:48 2021 us=100697   prng_hash = 'SHA1'
Fri May 28 16:09:48 2021 us=100703   prng_nonce_secret_len = 16
Fri May 28 16:09:48 2021 us=100708   keysize = 32
Fri May 28 16:09:48 2021 us=100714   engine = DISABLED
Fri May 28 16:09:48 2021 us=100719   replay = ENABLED
Fri May 28 16:09:48 2021 us=100725   mute_replay_warnings = DISABLED
Fri May 28 16:09:48 2021 us=100731   replay_window = 64
Fri May 28 16:09:48 2021 us=100737   replay_time = 15
Fri May 28 16:09:48 2021 us=100743   packet_id_file = '[UNDEF]'
Fri May 28 16:09:48 2021 us=100749   use_iv = ENABLED
Fri May 28 16:09:48 2021 us=100754   test_crypto = DISABLED
Fri May 28 16:09:48 2021 us=100760   tls_server = DISABLED
Fri May 28 16:09:48 2021 us=100766   tls_client = ENABLED
Fri May 28 16:09:48 2021 us=100772   key_method = 2
Fri May 28 16:09:48 2021 us=100778   ca_file = '[[INLINE]]'
Fri May 28 16:09:48 2021 us=100784   ca_path = '[UNDEF]'
Fri May 28 16:09:48 2021 us=100790   dh_file = '[UNDEF]'
Fri May 28 16:09:48 2021 us=100795   cert_file = '[[INLINE]]'
Fri May 28 16:09:48 2021 us=100801   extra_certs_file = '[UNDEF]'
Fri May 28 16:09:48 2021 us=100807   priv_key_file = '[[INLINE]]'
Fri May 28 16:09:48 2021 us=100812   pkcs12_file = '[UNDEF]'
Fri May 28 16:09:48 2021 us=100817   cipher_list = '[UNDEF]'
Fri May 28 16:09:48 2021 us=100823   cipher_list_tls13 = '[UNDEF]'
Fri May 28 16:09:48 2021 us=100829   tls_cert_profile = '[UNDEF]'
Fri May 28 16:09:48 2021 us=100835   tls_verify = '[UNDEF]'
Fri May 28 16:09:48 2021 us=100841   tls_export_cert = '[UNDEF]'
Fri May 28 16:09:48 2021 us=100847   verify_x509_type = 0
Fri May 28 16:09:48 2021 us=100852   verify_x509_name = '[UNDEF]'
Fri May 28 16:09:48 2021 us=100858   crl_file = '[UNDEF]'
Fri May 28 16:09:48 2021 us=100864   ns_cert_type = 0
Fri May 28 16:09:48 2021 us=100870   remote_cert_ku[i] = 65535
Fri May 28 16:09:48 2021 us=100875   remote_cert_ku[i] = 0
Fri May 28 16:09:48 2021 us=100881   remote_cert_ku[i] = 0
Fri May 28 16:09:48 2021 us=100887   remote_cert_ku[i] = 0
Fri May 28 16:09:48 2021 us=100891   remote_cert_ku[i] = 0
Fri May 28 16:09:48 2021 us=100897   remote_cert_ku[i] = 0
Fri May 28 16:09:48 2021 us=100903   remote_cert_ku[i] = 0
Fri May 28 16:09:48 2021 us=100909   remote_cert_ku[i] = 0
Fri May 28 16:09:48 2021 us=100914   remote_cert_ku[i] = 0
Fri May 28 16:09:48 2021 us=100920   remote_cert_ku[i] = 0
Fri May 28 16:09:48 2021 us=100926   remote_cert_ku[i] = 0
Fri May 28 16:09:48 2021 us=100932   remote_cert_ku[i] = 0
Fri May 28 16:09:48 2021 us=100937   remote_cert_ku[i] = 0
Fri May 28 16:09:48 2021 us=100943   remote_cert_ku[i] = 0
Fri May 28 16:09:48 2021 us=100949   remote_cert_ku[i] = 0
Fri May 28 16:09:48 2021 us=100954   remote_cert_ku[i] = 0
Fri May 28 16:09:48 2021 us=100960   remote_cert_eku = 'TLS Web Server Authentication'
Fri May 28 16:09:48 2021 us=100966   ssl_flags = 0
Fri May 28 16:09:48 2021 us=100971   tls_timeout = 2
Fri May 28 16:09:48 2021 us=100977   renegotiate_bytes = -1
Fri May 28 16:09:48 2021 us=100983   renegotiate_packets = 0
Fri May 28 16:09:48 2021 us=100989   renegotiate_seconds = 3600
Fri May 28 16:09:48 2021 us=100994   handshake_window = 60
Fri May 28 16:09:48 2021 us=101000   transition_window = 3600
Fri May 28 16:09:48 2021 us=101006   single_session = DISABLED
Fri May 28 16:09:48 2021 us=101012   push_peer_info = DISABLED
Fri May 28 16:09:48 2021 us=101018   tls_exit = DISABLED
Fri May 28 16:09:48 2021 us=101024   tls_auth_file = '[[INLINE]]'
Fri May 28 16:09:48 2021 us=101030   tls_crypt_file = '[UNDEF]'
Fri May 28 16:09:48 2021 us=101035   pkcs11_protected_authentication = DISABLED
Fri May 28 16:09:48 2021 us=101041   pkcs11_protected_authentication = DISABLED
Fri May 28 16:09:48 2021 us=101047   pkcs11_protected_authentication = DISABLED
Fri May 28 16:09:48 2021 us=101052   pkcs11_protected_authentication = DISABLED
Fri May 28 16:09:48 2021 us=101058   pkcs11_protected_authentication = DISABLED
Fri May 28 16:09:48 2021 us=101063   pkcs11_protected_authentication = DISABLED
Fri May 28 16:09:48 2021 us=101069   pkcs11_protected_authentication = DISABLED
Fri May 28 16:09:48 2021 us=101075   pkcs11_protected_authentication = DISABLED
Fri May 28 16:09:48 2021 us=101081   pkcs11_protected_authentication = DISABLED
Fri May 28 16:09:48 2021 us=101087   pkcs11_protected_authentication = DISABLED
Fri May 28 16:09:48 2021 us=101093   pkcs11_protected_authentication = DISABLED
Fri May 28 16:09:48 2021 us=101099   pkcs11_protected_authentication = DISABLED
Fri May 28 16:09:48 2021 us=101105   pkcs11_protected_authentication = DISABLED
Fri May 28 16:09:48 2021 us=101111   pkcs11_protected_authentication = DISABLED
Fri May 28 16:09:48 2021 us=101117   pkcs11_protected_authentication = DISABLED
Fri May 28 16:09:48 2021 us=101122   pkcs11_protected_authentication = DISABLED
Fri May 28 16:09:48 2021 us=101128   pkcs11_private_mode = 00000000
Fri May 28 16:09:48 2021 us=101134   pkcs11_private_mode = 00000000
Fri May 28 16:09:48 2021 us=101139   pkcs11_private_mode = 00000000
Fri May 28 16:09:48 2021 us=101144   pkcs11_private_mode = 00000000
Fri May 28 16:09:48 2021 us=101149   pkcs11_private_mode = 00000000
Fri May 28 16:09:48 2021 us=101155   pkcs11_private_mode = 00000000
Fri May 28 16:09:48 2021 us=101161   pkcs11_private_mode = 00000000
Fri May 28 16:09:48 2021 us=101166   pkcs11_private_mode = 00000000
Fri May 28 16:09:48 2021 us=101172   pkcs11_private_mode = 00000000
Fri May 28 16:09:48 2021 us=101178   pkcs11_private_mode = 00000000
Fri May 28 16:09:48 2021 us=101183   pkcs11_private_mode = 00000000
Fri May 28 16:09:48 2021 us=101190   pkcs11_private_mode = 00000000
Fri May 28 16:09:48 2021 us=101195   pkcs11_private_mode = 00000000
Fri May 28 16:09:48 2021 us=101201   pkcs11_private_mode = 00000000
Fri May 28 16:09:48 2021 us=101207   pkcs11_private_mode = 00000000
Fri May 28 16:09:48 2021 us=101213   pkcs11_private_mode = 00000000
Fri May 28 16:09:48 2021 us=101218   pkcs11_cert_private = DISABLED
Fri May 28 16:09:48 2021 us=101223   pkcs11_cert_private = DISABLED
Fri May 28 16:09:48 2021 us=101229   pkcs11_cert_private = DISABLED
Fri May 28 16:09:48 2021 us=101234   pkcs11_cert_private = DISABLED
Fri May 28 16:09:48 2021 us=101240   pkcs11_cert_private = DISABLED
Fri May 28 16:09:48 2021 us=101246   pkcs11_cert_private = DISABLED
Fri May 28 16:09:48 2021 us=101251   pkcs11_cert_private = DISABLED
Fri May 28 16:09:48 2021 us=101257   pkcs11_cert_private = DISABLED
Fri May 28 16:09:48 2021 us=101263   pkcs11_cert_private = DISABLED
Fri May 28 16:09:48 2021 us=101269   pkcs11_cert_private = DISABLED
Fri May 28 16:09:48 2021 us=101274   pkcs11_cert_private = DISABLED
Fri May 28 16:09:48 2021 us=101280   pkcs11_cert_private = DISABLED
Fri May 28 16:09:48 2021 us=101286   pkcs11_cert_private = DISABLED
Fri May 28 16:09:48 2021 us=101292   pkcs11_cert_private = DISABLED
Fri May 28 16:09:48 2021 us=101298   pkcs11_cert_private = DISABLED
Fri May 28 16:09:48 2021 us=101303   pkcs11_cert_private = DISABLED
Fri May 28 16:09:48 2021 us=101310   pkcs11_pin_cache_period = -1
Fri May 28 16:09:48 2021 us=101316   pkcs11_id = '[UNDEF]'
Fri May 28 16:09:48 2021 us=101321   pkcs11_id_management = DISABLED
Fri May 28 16:09:48 2021 us=101327   server_network = 0.0.0.0
Fri May 28 16:09:48 2021 us=101333   server_netmask = 0.0.0.0
Fri May 28 16:09:48 2021 us=101343   server_network_ipv6 = ::
Fri May 28 16:09:48 2021 us=101349   server_netbits_ipv6 = 0
Fri May 28 16:09:48 2021 us=101355   server_bridge_ip = 0.0.0.0
Fri May 28 16:09:48 2021 us=101361   server_bridge_netmask = 0.0.0.0
Fri May 28 16:09:48 2021 us=101368   server_bridge_pool_start = 0.0.0.0
Fri May 28 16:09:48 2021 us=101374   server_bridge_pool_end = 0.0.0.0
Fri May 28 16:09:48 2021 us=101380   ifconfig_pool_defined = DISABLED
Fri May 28 16:09:48 2021 us=101387   ifconfig_pool_start = 0.0.0.0
Fri May 28 16:09:48 2021 us=101393   ifconfig_pool_end = 0.0.0.0
Fri May 28 16:09:48 2021 us=101399   ifconfig_pool_netmask = 0.0.0.0
Fri May 28 16:09:48 2021 us=101405   ifconfig_pool_persist_filename = '[UNDEF]'
Fri May 28 16:09:48 2021 us=101412   ifconfig_pool_persist_refresh_freq = 600
Fri May 28 16:09:48 2021 us=101418   ifconfig_ipv6_pool_defined = DISABLED
Fri May 28 16:09:48 2021 us=101424   ifconfig_ipv6_pool_base = ::
Fri May 28 16:09:48 2021 us=101430   ifconfig_ipv6_pool_netbits = 0
Fri May 28 16:09:48 2021 us=101436   n_bcast_buf = 256
Fri May 28 16:09:48 2021 us=101442   tcp_queue_limit = 64
Fri May 28 16:09:48 2021 us=101448   real_hash_size = 256
Fri May 28 16:09:48 2021 us=101454   virtual_hash_size = 256
Fri May 28 16:09:48 2021 us=101460   client_connect_script = '[UNDEF]'
Fri May 28 16:09:48 2021 us=101466   learn_address_script = '[UNDEF]'
Fri May 28 16:09:48 2021 us=101472   client_disconnect_script = '[UNDEF]'
Fri May 28 16:09:48 2021 us=101477   client_config_dir = '[UNDEF]'
Fri May 28 16:09:48 2021 us=101484   ccd_exclusive = DISABLED
Fri May 28 16:09:48 2021 us=101490   tmp_dir = '/tmp'
Fri May 28 16:09:48 2021 us=101496   push_ifconfig_defined = DISABLED
Fri May 28 16:09:48 2021 us=101502   push_ifconfig_local = 0.0.0.0
Fri May 28 16:09:48 2021 us=101509   push_ifconfig_remote_netmask = 0.0.0.0
Fri May 28 16:09:48 2021 us=101515   push_ifconfig_ipv6_defined = DISABLED
Fri May 28 16:09:48 2021 us=101521   push_ifconfig_ipv6_local = ::/0
Fri May 28 16:09:48 2021 us=101528   push_ifconfig_ipv6_remote = ::
Fri May 28 16:09:48 2021 us=101534   enable_c2c = DISABLED
Fri May 28 16:09:48 2021 us=101539   duplicate_cn = DISABLED
Fri May 28 16:09:48 2021 us=101546   cf_max = 0
Fri May 28 16:09:48 2021 us=101551   cf_per = 0
Fri May 28 16:09:48 2021 us=101557   max_clients = 1024
Fri May 28 16:09:48 2021 us=101563   max_routes_per_client = 256
Fri May 28 16:09:48 2021 us=101569   auth_user_pass_verify_script = '[UNDEF]'
Fri May 28 16:09:48 2021 us=101575   auth_user_pass_verify_script_via_file = DISABLED
Fri May 28 16:09:48 2021 us=101581   auth_token_generate = DISABLED
Fri May 28 16:09:48 2021 us=101587   auth_token_lifetime = 0
Fri May 28 16:09:48 2021 us=101593   port_share_host = '[UNDEF]'
Fri May 28 16:09:48 2021 us=101599   port_share_port = '[UNDEF]'
Fri May 28 16:09:48 2021 us=101605   client = ENABLED
Fri May 28 16:09:48 2021 us=101610   pull = ENABLED
Fri May 28 16:09:48 2021 us=101616   auth_user_pass_file = 'stdin'
Fri May 28 16:09:48 2021 us=101623 OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 27 2021
Fri May 28 16:09:48 2021 us=101635 library versions: OpenSSL 1.1.1f  31 Mar 2020, LZO 2.10
Enter Auth Username: me
Enter Auth Password: ****************************                
Enter Private Key Password: ************************************               
Fri May 28 16:09:56 2021 us=794937 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri May 28 16:09:56 2021 us=794974 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri May 28 16:09:56 2021 us=795107 Control Channel MTU parms [ L:1653 D:1184 EF:66 EB:0 ET:0 EL:3 ]
Fri May 28 16:09:56 2021 us=826175 Data Channel MTU parms [ L:1653 D:1450 EF:121 EB:411 ET:32 EL:3 ]
Fri May 28 16:09:56 2021 us=826276 Local Options String (VER=V4): 'V4,dev-type tap,link-mtu 1573,tun-mtu 1532,proto UDPv4,keydir 1,cipher BF-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
Fri May 28 16:09:56 2021 us=826302 Expected Remote Options String (VER=V4): 'V4,dev-type tap,link-mtu 1573,tun-mtu 1532,proto UDPv4,keydir 0,cipher BF-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
Fri May 28 16:09:56 2021 us=826336 TCP/UDP: Preserving recently used remote address: [AF_INET]192.41.XX.YY:1194
Fri May 28 16:09:56 2021 us=826397 Socket Buffers: R=[212992->212992] S=[212992->212992]
Fri May 28 16:09:56 2021 us=826420 UDP link local: (not bound)
Fri May 28 16:09:56 2021 us=826440 UDP link remote: [AF_INET]192.41.XX.YY:1194
Fri May 28 16:09:56 2021 us=857241 TLS: Initial packet from [AF_INET]192.41.XX.YY:1194, sid=958390e0 1596e67c
Fri May 28 16:09:57 2021 us=90674 VERIFY OK: depth=1, CN=aa.bb.ac.th
Fri May 28 16:09:57 2021 us=91266 VERIFY KU OK
Fri May 28 16:09:57 2021 us=91328 Validating certificate extended key usage
Fri May 28 16:09:57 2021 us=91360 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Fri May 28 16:09:57 2021 us=91387 VERIFY EKU OK
Fri May 28 16:09:57 2021 us=91413 VERIFY OK: depth=0, CN=server
Fri May 28 16:09:57 2021 us=192810 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1573', remote='link-mtu 1589'
Fri May 28 16:09:57 2021 us=192902 WARNING: 'cipher' is present in local config but missing in remote config, local='cipher BF-CBC'
Fri May 28 16:09:57 2021 us=193088 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 2048 bit RSA
Fri May 28 16:09:57 2021 us=193144 [server] Peer Connection Initiated with [AF_INET]192.XX.YY:1194
Fri May 28 16:09:57 2021 us=449457 Key [AF_INET]192.41.XX.YY:1194 [0] not initialized (yet), dropping packet.
Fri May 28 16:09:57 2021 us=449722 Key [AF_INET]192.41.XX.YY:1194 [0] not initialized (yet), dropping packet.
Fri May 28 16:09:57 2021 us=499448 Key [AF_INET]192.41.XX,YY:1194 [0] not initialized (yet), dropping packet.
Fri May 28 16:09:57 2021 us=751722 Key [AF_INET]192.41.XX,YY:1194 [0] not initialized (yet), dropping packet.
Fri May 28 16:09:57 2021 us=752008 Key [AF_INET]192.41.XX,YY:1194 [0] not initialized (yet), dropping packet.
Fri May 28 16:09:57 2021 us=806421 Key [AF_INET]192.41.XX,YY6:1194 [0] not initialized (yet), dropping packet.
Fri May 28 16:09:58 2021 us=53799 Key [AF_INET]192.41.XX,YY:1194 [0] not initialized (yet), dropping packet.
Fri May 28 16:09:58 2021 us=53900 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Fri May 28 16:09:58 2021 us=61033 Key [AF_INET]192.41.XX,YY:1194 [0] not initialized (yet), dropping packet.
Fri May 28 16:09:58 2021 us=69395 PUSH: Received control message: 'PUSH_REPLY,route-gateway dhcp,ping 10,ping-restart 120,peer-id 1,cipher AES-256-GCM'
Fri May 28 16:09:58 2021 us=69496 OPTIONS IMPORT: timers and/or timeouts modified
Fri May 28 16:09:58 2021 us=69515 OPTIONS IMPORT: route-related options modified
Fri May 28 16:09:58 2021 us=69531 OPTIONS IMPORT: peer-id set
Fri May 28 16:09:58 2021 us=69547 OPTIONS IMPORT: adjusting link_mtu to 1656
Fri May 28 16:09:58 2021 us=69564 OPTIONS IMPORT: data channel crypto options modified
Fri May 28 16:09:58 2021 us=69581 Data Channel: using negotiated cipher 'AES-256-GCM'
Fri May 28 16:09:58 2021 us=69594 NCP: overriding user-set keysize with default
Fri May 28 16:09:58 2021 us=69620 Data Channel MTU parms [ L:1584 D:1450 EF:52 EB:411 ET:32 EL:3 ]
Fri May 28 16:09:58 2021 us=69718 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Fri May 28 16:09:58 2021 us=69733 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Fri May 28 16:09:58 2021 us=70138 TUN/TAP device tap0 opened
Fri May 28 16:09:58 2021 us=70220 TUN/TAP TX queue length set to 100
Fri May 28 16:10:03 2021 us=427702 Initialization Sequence Completed
Fri May 28 16:10:50 2021 us=597878 Extracted DHCP router address: 192.41.XX,YY
The last line of the log is after I started DHCP on tap0.

Then I bring the tap0 interface up and request an IP:

Code: Select all

olivier@olivier:~/Downloads$ sudo ifconfig tap0 up
olivier@olivier:~/Downloads$ sudo dhclient tap0
olivier@olivier:~/Downloads$ netstat -nr
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         192.168.0.1     0.0.0.0         UG        0 0          0 wlo1
169.254.0.0     0.0.0.0         255.255.0.0     U         0 0          0 wlo1
192.41.XX.YY    0.0.0.0         255.255.XX.YY   U         0 0          0 tap0
192.168.0.0     0.0.0.0         255.255.255.0   U         0 0          0 wlo1
olivier@olivier:~/Downloads$ ifconfig -a
enp8s0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        ether 34:64:a9:be:6d:4a  txqueuelen 1000  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 83868  bytes 48098759 (48.0 MB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 83868  bytes 48098759 (48.0 MB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

tap0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.41.XX.YY  netmask 255.255.255.0  broadcast 192.41.XX.YY
        inet6 fe80::7c6f:7bff:fee0:5847  prefixlen 64  scopeid 0x20<link>
        ether 7e:6f:7b:e0:58:47  txqueuelen 100  (Ethernet)
        RX packets 748  bytes 56024 (56.0 KB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 244  bytes 17073 (17.0 KB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

wlo1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.0.50  netmask 255.255.255.0  broadcast 192.168.0.255
        inet6 fe80::4dc7:da1:f67f:fb2d  prefixlen 64  scopeid 0x20<link>
        ether 30:3a:64:5a:46:50  txqueuelen 1000  (Ethernet)
        RX packets 14625837  bytes 19316293424 (19.3 GB)
        RX errors 0  dropped 581  overruns 0  frame 0
        TX packets 2210577  bytes 360350551 (360.3 MB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

olivier@olivier:~/Downloads$ 
Server log after the client connection:

Code: Select all

May 28 16:09:56 vpn openvpn[9329]: MULTI: multi_create_instance called
May 28 16:09:56 vpn openvpn[9329]: 113.53.211.204:13723 Re-using SSL/TLS context
May 28 16:09:56 vpn openvpn[9329]: 113.53.211.204:13723 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
May 28 16:09:56 vpn openvpn[9329]: 113.53.211.204:13723 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
May 28 16:09:56 vpn openvpn[9329]: 113.53.211.204:13723 Control Channel MTU parms [ L:1653 D:1184 EF:66 EB:0 ET:0 EL:3 ]
May 28 16:09:56 vpn openvpn[9329]: 113.53.211.204:13723 Data Channel MTU parms [ L:1653 D:1450 EF:121 EB:411 ET:32 EL:3 ]
May 28 16:09:56 vpn openvpn[9329]: 113.53.211.204:13723 Local Options String (VER=V4): 'V4,dev-type tap,link-mtu 1589,tun-mtu 1532,proto UDPv4,keydir 0,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
May 28 16:09:56 vpn openvpn[9329]: 113.53.211.204:13723 Expected Remote Options String (VER=V4): 'V4,dev-type tap,link-mtu 1589,tun-mtu 1532,proto UDPv4,keydir 1,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
May 28 16:09:56 vpn openvpn[9329]: 113.53.211.204:13723 TLS: Initial packet from [AF_INET]113.53.211.204:13723, sid=74654603 7252c401
May 28 16:09:56 vpn openvpn[9329]: 113.53.211.204:13723 CRL: loaded 1 CRLs from file /usr/local/etc/openvpn/crl.pem
May 28 16:09:57 vpn openvpn[9329]: 113.53.211.204:13723 VERIFY OK: depth=0, CN=on
May 28 16:09:57 vpn openvpn[9329]: 113.53.211.204:13723 peer info: IV_VER=2.4.7
May 28 16:09:57 vpn openvpn[9329]: 113.53.211.204:13723 peer info: IV_PLAT=linux
May 28 16:09:57 vpn openvpn[9329]: 113.53.211.204:13723 peer info: IV_PROTO=2
May 28 16:09:57 vpn openvpn[9329]: 113.53.211.204:13723 peer info: IV_NCP=2
May 28 16:09:57 vpn openvpn[9329]: 113.53.211.204:13723 peer info: IV_LZ4=1
May 28 16:09:57 vpn openvpn[9329]: 113.53.211.204:13723 peer info: IV_LZ4v2=1
May 28 16:09:57 vpn openvpn[9329]: 113.53.211.204:13723 peer info: IV_LZO=1
May 28 16:09:57 vpn openvpn[9329]: 113.53.211.204:13723 peer info: IV_COMP_STUB=1
May 28 16:09:57 vpn openvpn[9329]: 113.53.211.204:13723 peer info: IV_COMP_STUBv2=1
May 28 16:09:57 vpn openvpn[9329]: 113.53.211.204:13723 peer info: IV_TCPNL=1
May 28 16:09:57 vpn openvpn[9330]: PLUGIN AUTH-PAM: BACKGROUND: received command code: 0
May 28 16:09:57 vpn openvpn[9330]: PLUGIN AUTH-PAM: BACKGROUND: USER: me
May 28 16:09:57 vpn openvpn[9330]: PLUGIN AUTH-PAM: BACKGROUND: my_conv[0] query='Password:' style=1
May 28 16:09:57 vpn openvpn[9329]: 113.53.211.204:13723 PLUGIN_CALL: POST /usr/local/lib/openvpn/plugins/openvpn-plugin-auth-pam.so/PLUGIN_AUTH_USER_PASS_VERIFY status=0
May 28 16:09:57 vpn openvpn[9329]: 113.53.211.204:13723 TLS: Username/Password authentication succeeded for username 'me' 
May 28 16:09:57 vpn openvpn[9329]: 113.53.211.204:13723 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1589', remote='link-mtu 1573'
May 28 16:09:57 vpn openvpn[9329]: 113.53.211.204:13723 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 2048 bit RSA
May 28 16:09:57 vpn openvpn[9329]: 113.53.211.204:13723 [me] Peer Connection Initiated with [AF_INET]113.53.211.204:13723
May 28 16:09:57 vpn openvpn[9329]: MULTI: new connection by client 'me' will cause previous active sessions by this client to be dropped.  Remember to use the --duplicate-cn option if you want multiple clients using the same certificate or username to concurrently connect.
May 28 16:09:57 vpn openvpn[9329]: MULTI: no dynamic or static remote--ifconfig address is available for on/113.53.211.204:13723
May 28 16:09:57 vpn openvpn[9329]: Data Channel: using negotiated cipher 'AES-256-GCM'
May 28 16:09:57 vpn openvpn[9329]: Data Channel MTU parms [ L:1581 D:1450 EF:49 EB:411 ET:32 EL:3 ]
May 28 16:09:57 vpn openvpn[9329]: Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
May 28 16:09:57 vpn openvpn[9329]: Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
May 28 16:09:58 vpn openvpn[9329]: me/113.53.211.204:13723 PUSH: Received control message: 'PUSH_REQUEST'
May 28 16:09:58 vpn openvpn[9329]: me/113.53.211.204:13723 SENT CONTROL [me]: 'PUSH_REPLY,route-gateway dhcp,ping 10,ping-restart 120,peer-id 1,cipher AES-256-GCM' (status=1)
May 28 16:10:16 vpn openvpn[9329]: me/113.53.211.204:13723 MULTI: Learn: 7e:6f:7b:e0:58:47@0 -> me/113.53.211.204:13723
I think the server is not an issue because the Windows client is working fine. But I get no "network" on Ubuntu:

Code: Select all

olivier@olivier:~/Downloads$ ping 192.41.XX.YY
PING 192.41.XX.YY (192.41.XX.YY) 56(84) bytes of data.
From 192.41.XX.YY icmp_seq=1 Destination Host Unreachable
etc.
^C
--- 192.41.XX.YY ping statistics ---
7 packets transmitted, 0 received, +6 errors, 100% packet loss, time 6137ms
pipe 4
olivier@olivier:~/Downloads$ 
I suspect a stupid routing thing on Ubuntu, but I cannot see it.

TIA

Olivier

User avatar
TinCanTech
Forum Team
Posts: 9431
Joined: Fri Jun 03, 2016 1:17 pm

Re: Bridge client on Ubuntu not working

Post by TinCanTech » Fri May 28, 2021 10:35 am

Olivier2564 wrote:
Fri May 28, 2021 9:35 am
Then I bring the tap0 interface up and request an IP:
Try doing that in your --up script.

gabori
OpenVpn Newbie
Posts: 2
Joined: Sat May 29, 2021 6:34 pm

Re: Bridge client on Ubuntu not working

Post by gabori » Sat May 29, 2021 6:37 pm

This cannot be done. You cannot bridge a WiFi client connection. If you could, we wouldn't need WDS, we'd just bridge.

The problem is very simple -- an access point is prohibited by the WiFi specifaction from broadcasting traffic over the WiFi network unless something authorizes that transmission. This is largely a relic from the days when WiFi networks were very slow and had poor, if any, security.

The bridge only has a client connection to the access point. This only authorizes the access point to transmit traffic bound for the bridge. Because any machines connected to the bridge are not clients of the access point, the access point has no reason to send traffic bound for them over the WiFi link. So it will not do so.

Unfortunately, WiFi is enough like Ethernet that it's easy to expect it to act like Ethernet. But it's just different enough to bite you.

WDS configuration is a specific authorization for an access point to send traffic not bound for any of its clients. When both ends support WDS, they include the address of the bridging endpoint as well as the address of the destination, authorizing the access point to send the traffic.

You have to use something other than bridging to do this. Routing with NAT, for example. You can also use four address mode, if both ends of the WiFi link support it.

User avatar
TinCanTech
Forum Team
Posts: 9431
Joined: Fri Jun 03, 2016 1:17 pm

Re: Bridge client on Ubuntu not working

Post by TinCanTech » Sat May 29, 2021 7:07 pm

I don't see a bridge on the client side .. ?

Olivier2564
OpenVpn Newbie
Posts: 5
Joined: Fri May 14, 2021 4:24 am

Re: Bridge client on Ubuntu not working

Post by Olivier2564 » Mon May 31, 2021 4:45 am

gabori wrote:
Sat May 29, 2021 6:37 pm
This cannot be done. You cannot bridge a WiFi client connection. If you could, we wouldn't need WDS, we'd just bridge.
Thank you, the explanation makes sense.

I tried with a UTP connection, but I cannot get any further.

Olivier2564
OpenVpn Newbie
Posts: 5
Joined: Fri May 14, 2021 4:24 am

Re: Bridge client on Ubuntu not working

Post by Olivier2564 » Mon May 31, 2021 5:29 am

TinCanTech wrote:
Fri May 28, 2021 10:35 am
Olivier2564 wrote:
Fri May 28, 2021 9:35 am
Then I bring the tap0 interface up and request an IP:
Try doing that in your --up script.
Thank you, I think it boils down to this: what should be in the --up script for a bridge client on Ubuntu. I don't even know if I need a bridge or if a tap is enough.

What I want is that the client can still access Internet trough the ISP, but that traffic to my work network is routed through the VPN.

TIA.

Olivier

Olivier2564
OpenVpn Newbie
Posts: 5
Joined: Fri May 14, 2021 4:24 am

Re: Bridge client on Ubuntu not working

Post by Olivier2564 » Tue Jun 15, 2021 10:05 am

Olivier2564 wrote:
Mon May 31, 2021 5:29 am
TinCanTech wrote:
Fri May 28, 2021 10:35 am
Olivier2564 wrote:
Fri May 28, 2021 9:35 am
Then I bring the tap0 interface up and request an IP:
Try doing that in your --up script.
Thank you, I think it boils down to this: what should be in the --up script for a bridge client on Ubuntu. I don't even know if I need a bridge or if a tap is enough.

What I want is that the client can still access Internet trough the ISP, but that traffic to my work network is routed through the VPN.

TIA.

Olivier
I found the issue. It was a routing problem as I was suspecting, only it took me a very long time to notice my mistake:

Code: Select all

olivier@olivier:~/Downloads$ netstat -nr
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         192.168.0.1     0.0.0.0         UG        0 0          0 wlo1
169.254.0.0     0.0.0.0         255.255.0.0     U         0 0          0 wlo1
192.41.XX.YY    0.0.0.0         255.255.XX.YY   U         0 0          0 tap0
192.168.0.0     0.0.0.0         255.255.255.0   U         0 0          0 wlo1
olivier@olivier:~/Downloads$ 
The route to the VPN server is now part of the VPN. Everything worked after a defined a separate route for the VPN server:

Code: Select all

ip route add to 192.41.XX.YY via 192.168.0.1

User avatar
TinCanTech
Forum Team
Posts: 9431
Joined: Fri Jun 03, 2016 1:17 pm

Re: Bridge client on Ubuntu not working

Post by TinCanTech » Tue Jun 15, 2021 10:37 am

FYI: 192.168.0.0/24 is the worse choice of subnet that you can choose..

Post Reply