Turn off management / ECDSA under windows

Need help configuring your VPN? Just post here and you'll get that help.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
asweo
OpenVpn Newbie
Posts: 5
Joined: Sat Jun 24, 2017 10:19 am

Turn off management / ECDSA under windows

Post by asweo » Mon Jun 26, 2017 10:56 pm

Hey guys,

Hope you can help me, cause I spent hours of searching and am at a loss. I've got 2 errors.

1.) (more urgent) I can't connect to the server, because my client want's some management configuration and the web just didn't give any sufficient answer (yeah there was this one point where "enter management password" would be gone after restart, but not the popup and the resulting error).
I even tried to take a look into command line help and do (in the hope it would turn it off but it didn't:) management 0 0

2.) Prior to connecting building the certificates: I could not use new ecliptic curve here. I tried (with that as example) to "set KEY_ALGO=ec" and "set KEY_CURVE=secp521r1" in my vars, but they are not existent in the openssl-1.0.0.cnf (but it would require the KEY_SIZE). Now is there any way to manage this under windows?

3.) (Not a (known) error, but if you see any further mistake, enhancement, unneeded lines, ...... - input is welcome)

1. SERVER CONFIG:
server
;local 0.0.0.0
port 1194
proto udp4
dev tun
dev-node VPN

# Certificates
ca ..\\config\\ca.crt
cert ..\\config\\server.crt
key ..\\config\\server.key
;dh ..\\config\\dh2048.pem #it's there for compat., but not wanted
dh none

# Server-Setup
;topology subnet
server 10.0.0.0 255.255.255.0
ifconfig-pool-persist ..\\log\\ipp.txt

# Client-Settings (incl Special Dir)Files
push "route 1.1.1.2 255.255.255.0"
;push "dhcp-option DNS 0.0.0.0"

# Defaults
;duplicate-cn
keepalive 10 120
;tls-auth ta.key 0
tls-crypt ..\\config\\ta.key 0
cipher AES-256-GCM
ncp-ciphers AES-256-GCM
compress lz4-v2
max-clients 10
persist-key
persist-tun

# Logging
status ..\\log\\openvpn-status.log
verb 3
explicit-exit-notify 1

# Hardening
tls-server
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384:TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256
auth sha512
remote-cert-tls Client #same as below
;remote-cert-ku 80 08 88 // remote-cert-eku "TLS Web Client Authentication"
crl-verify ..\\config\\crl.pem
auth-user-pass-verify ..\\config\\auth.bat via-env
script-security 3
route-delay 5
route-method exe
;ip-win32 netsh
2. CLIENT CONFIG:
client
client
dev tun
dev-node VPN
proto udp4

# Client-Setup
remote 1.1.1.2 1194
resolv-retry infinite
nobind
persist-key
persist-tun
route-up route.bat
script-security 3
dhcp-option DNS 0.0.0.0

# Certificates
ca ca.crt
cert client1.crt
key client1.key
tls-crypt client1-ta.key 1
cipher AES-256-GCM
ncp-ciphers AES-256-GCM
compress lz4-v2

# Logging
verb 3

# Hardening
redirect-gateway def1
verify-x509-name 'C=changeme, O=changeme, CN=changeme' name
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384:TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256
auth sha512
remote-cert-tls server #same as below
;remote-cert-ku a0 88 // remote-cert-eku "TLS Web Server Authentication"
;ns-cert-type server #depricated
;tls-verify
;auth-retry none
auth-user-pass client1.txt
auth-nocache
route-delay 5
;route-method exe
3. SERVER LOG (--verb 4):

Code: Select all

Mon Jun 26 23:36:54 2017 us=600477 Current Parameter Settings:
Mon Jun 26 23:36:54 2017 us=600477   config = 'C:\Program Files\OpenVPN\config\server.ovpn'
Mon Jun 26 23:36:54 2017 us=600477   mode = 1
Mon Jun 26 23:36:54 2017 us=600477   show_ciphers = DISABLED
Mon Jun 26 23:36:54 2017 us=600477   show_digests = DISABLED
Mon Jun 26 23:36:54 2017 us=600477   show_engines = DISABLED
Mon Jun 26 23:36:54 2017 us=600477   genkey = DISABLED
Mon Jun 26 23:36:54 2017 us=600477   key_pass_file = '[UNDEF]'
Mon Jun 26 23:36:54 2017 us=600477   show_tls_ciphers = DISABLED
Mon Jun 26 23:36:54 2017 us=600477   connect_retry_max = 0
Mon Jun 26 23:36:54 2017 us=600477 Connection profiles [0]:
Mon Jun 26 23:36:54 2017 us=600477   proto = udp4
Mon Jun 26 23:36:54 2017 us=600477   local = '[UNDEF]'
Mon Jun 26 23:36:54 2017 us=601336   local_port = '1194'
Mon Jun 26 23:36:54 2017 us=601336   remote = '[UNDEF]'
Mon Jun 26 23:36:54 2017 us=601336   remote_port = '1194'
Mon Jun 26 23:36:54 2017 us=601336   remote_float = DISABLED
Mon Jun 26 23:36:54 2017 us=601336   bind_defined = DISABLED
Mon Jun 26 23:36:54 2017 us=601336   bind_local = ENABLED
Mon Jun 26 23:36:54 2017 us=601336   bind_ipv6_only = DISABLED
Mon Jun 26 23:36:54 2017 us=601336   connect_retry_seconds = 5
Mon Jun 26 23:36:54 2017 us=601336   connect_timeout = 120
Mon Jun 26 23:36:54 2017 us=601336   socks_proxy_server = '[UNDEF]'
Mon Jun 26 23:36:54 2017 us=601336   socks_proxy_port = '[UNDEF]'
Mon Jun 26 23:36:54 2017 us=601336   tun_mtu = 1500
Mon Jun 26 23:36:54 2017 us=601336   tun_mtu_defined = ENABLED
Mon Jun 26 23:36:54 2017 us=601336   link_mtu = 1500
Mon Jun 26 23:36:54 2017 us=601336   link_mtu_defined = DISABLED
Mon Jun 26 23:36:54 2017 us=601336   tun_mtu_extra = 0
Mon Jun 26 23:36:54 2017 us=601336   tun_mtu_extra_defined = DISABLED
Mon Jun 26 23:36:54 2017 us=601336   mtu_discover_type = -1
Mon Jun 26 23:36:54 2017 us=601336   fragment = 0
Mon Jun 26 23:36:54 2017 us=601336   mssfix = 1450
Mon Jun 26 23:36:54 2017 us=601336   explicit_exit_notification = 1
Mon Jun 26 23:36:54 2017 us=601336 Connection profiles END
Mon Jun 26 23:36:54 2017 us=601336   remote_random = DISABLED
Mon Jun 26 23:36:54 2017 us=601336   ipchange = '[UNDEF]'
Mon Jun 26 23:36:54 2017 us=601336   dev = 'tun'
Mon Jun 26 23:36:54 2017 us=601336   dev_type = '[UNDEF]'
Mon Jun 26 23:36:54 2017 us=601336   dev_node = 'VPN'
Mon Jun 26 23:36:54 2017 us=601336   lladdr = '[UNDEF]'
Mon Jun 26 23:36:54 2017 us=601336   topology = 1
Mon Jun 26 23:36:54 2017 us=601336   ifconfig_local = '10.0.0.1'
Mon Jun 26 23:36:54 2017 us=601336   ifconfig_remote_netmask = '10.0.0.2'
Mon Jun 26 23:36:54 2017 us=601336   ifconfig_noexec = DISABLED
Mon Jun 26 23:36:54 2017 us=601336   ifconfig_nowarn = DISABLED
Mon Jun 26 23:36:54 2017 us=601336   ifconfig_ipv6_local = '[UNDEF]'
Mon Jun 26 23:36:54 2017 us=601336   ifconfig_ipv6_netbits = 0
Mon Jun 26 23:36:54 2017 us=601336   ifconfig_ipv6_remote = '[UNDEF]'
Mon Jun 26 23:36:54 2017 us=601336   shaper = 0
Mon Jun 26 23:36:54 2017 us=601336   mtu_test = 0
Mon Jun 26 23:36:54 2017 us=601336   mlock = DISABLED
Mon Jun 26 23:36:54 2017 us=601336   keepalive_ping = 10
Mon Jun 26 23:36:54 2017 us=601336   keepalive_timeout = 120
Mon Jun 26 23:36:54 2017 us=601336   inactivity_timeout = 0
Mon Jun 26 23:36:54 2017 us=601336   ping_send_timeout = 10
Mon Jun 26 23:36:54 2017 us=601336   ping_rec_timeout = 240
Mon Jun 26 23:36:54 2017 us=601336   ping_rec_timeout_action = 2
Mon Jun 26 23:36:54 2017 us=601336   ping_timer_remote = DISABLED
Mon Jun 26 23:36:54 2017 us=601336   remap_sigusr1 = 0
Mon Jun 26 23:36:54 2017 us=601336   persist_tun = ENABLED
Mon Jun 26 23:36:54 2017 us=601336   persist_local_ip = DISABLED
Mon Jun 26 23:36:54 2017 us=601336   persist_remote_ip = DISABLED
Mon Jun 26 23:36:54 2017 us=601336   persist_key = ENABLED
Mon Jun 26 23:36:54 2017 us=601336   passtos = DISABLED
Mon Jun 26 23:36:54 2017 us=601336   resolve_retry_seconds = 1000000000
Mon Jun 26 23:36:54 2017 us=601336   resolve_in_advance = DISABLED
Mon Jun 26 23:36:54 2017 us=601336   username = '[UNDEF]'
Mon Jun 26 23:36:54 2017 us=602305   groupname = '[UNDEF]'
Mon Jun 26 23:36:54 2017 us=602305   chroot_dir = '[UNDEF]'
Mon Jun 26 23:36:54 2017 us=602305   cd_dir = '[UNDEF]'
Mon Jun 26 23:36:54 2017 us=602305   writepid = '[UNDEF]'
Mon Jun 26 23:36:54 2017 us=602305   up_script = '[UNDEF]'
Mon Jun 26 23:36:54 2017 us=602305   down_script = '[UNDEF]'
Mon Jun 26 23:36:54 2017 us=602305   down_pre = DISABLED
Mon Jun 26 23:36:54 2017 us=602305   up_restart = DISABLED
Mon Jun 26 23:36:54 2017 us=602305   up_delay = DISABLED
Mon Jun 26 23:36:54 2017 us=602305   daemon = DISABLED
Mon Jun 26 23:36:54 2017 us=602305   inetd = 0
Mon Jun 26 23:36:54 2017 us=602305   log = DISABLED
Mon Jun 26 23:36:54 2017 us=602305   suppress_timestamps = DISABLED
Mon Jun 26 23:36:54 2017 us=602305   machine_readable_output = DISABLED
Mon Jun 26 23:36:54 2017 us=602305   nice = 0
Mon Jun 26 23:36:54 2017 us=602305   verbosity = 4
Mon Jun 26 23:36:54 2017 us=602305   mute = 0
Mon Jun 26 23:36:54 2017 us=602305   gremlin = 0
Mon Jun 26 23:36:54 2017 us=602305   status_file = '..\log\openvpn-status.log'
Mon Jun 26 23:36:54 2017 us=602305   status_file_version = 1
Mon Jun 26 23:36:54 2017 us=602305   status_file_update_freq = 60
Mon Jun 26 23:36:54 2017 us=602305   occ = ENABLED
Mon Jun 26 23:36:54 2017 us=602305   rcvbuf = 0
Mon Jun 26 23:36:54 2017 us=602305   sndbuf = 0
Mon Jun 26 23:36:54 2017 us=602305   sockflags = 0
Mon Jun 26 23:36:54 2017 us=602305   fast_io = DISABLED
Mon Jun 26 23:36:54 2017 us=602305   comp.alg = 11
Mon Jun 26 23:36:54 2017 us=602305   comp.flags = 0
Mon Jun 26 23:36:54 2017 us=602305   route_script = '[UNDEF]'
Mon Jun 26 23:36:54 2017 us=602305   route_default_gateway = '[UNDEF]'
Mon Jun 26 23:36:54 2017 us=602305   route_default_metric = 0
Mon Jun 26 23:36:54 2017 us=602305   route_noexec = DISABLED
Mon Jun 26 23:36:54 2017 us=602305   route_delay = 5
Mon Jun 26 23:36:54 2017 us=602305   route_delay_window = 30
Mon Jun 26 23:36:54 2017 us=604177   route_delay_defined = DISABLED
Mon Jun 26 23:36:54 2017 us=604177   route_nopull = DISABLED
Mon Jun 26 23:36:54 2017 us=604177   route_gateway_via_dhcp = DISABLED
Mon Jun 26 23:36:54 2017 us=604177   allow_pull_fqdn = DISABLED
Mon Jun 26 23:36:54 2017 us=604177   route 10.0.0.0/255.255.255.0/default (not set)/default (not set)
Mon Jun 26 23:36:54 2017 us=604177   management_addr = '[UNDEF]'
Mon Jun 26 23:36:54 2017 us=604177   management_port = '[UNDEF]'
Mon Jun 26 23:36:54 2017 us=604177   management_user_pass = '[UNDEF]'
Mon Jun 26 23:36:54 2017 us=604177   management_log_history_cache = 250
Mon Jun 26 23:36:54 2017 us=604177   management_echo_buffer_size = 100
Mon Jun 26 23:36:54 2017 us=604177   management_write_peer_info_file = '[UNDEF]'
Mon Jun 26 23:36:54 2017 us=604177   management_client_user = '[UNDEF]'
Mon Jun 26 23:36:54 2017 us=604177   management_client_group = '[UNDEF]'
Mon Jun 26 23:36:54 2017 us=604177   management_flags = 0
Mon Jun 26 23:36:54 2017 us=604177   shared_secret_file = '[UNDEF]'
Mon Jun 26 23:36:54 2017 us=604177   key_direction = 0
Mon Jun 26 23:36:54 2017 us=604177   ciphername = 'AES-256-GCM'
Mon Jun 26 23:36:54 2017 us=604177   ncp_enabled = ENABLED
Mon Jun 26 23:36:54 2017 us=604177   ncp_ciphers = 'AES-256-GCM'
Mon Jun 26 23:36:54 2017 us=604177   authname = 'sha512'
Mon Jun 26 23:36:54 2017 us=604177   prng_hash = 'SHA1'
Mon Jun 26 23:36:54 2017 us=604177   prng_nonce_secret_len = 16
Mon Jun 26 23:36:54 2017 us=604177   keysize = 0
Mon Jun 26 23:36:54 2017 us=604177   engine = DISABLED
Mon Jun 26 23:36:54 2017 us=604177   replay = ENABLED
Mon Jun 26 23:36:54 2017 us=604177   mute_replay_warnings = DISABLED
Mon Jun 26 23:36:54 2017 us=604177   replay_window = 64
Mon Jun 26 23:36:54 2017 us=604177   replay_time = 15
Mon Jun 26 23:36:54 2017 us=604177   packet_id_file = '[UNDEF]'
Mon Jun 26 23:36:54 2017 us=604177   use_iv = ENABLED
Mon Jun 26 23:36:54 2017 us=604177   test_crypto = DISABLED
Mon Jun 26 23:36:54 2017 us=604177   tls_server = ENABLED
Mon Jun 26 23:36:54 2017 us=604177   tls_client = DISABLED
Mon Jun 26 23:36:54 2017 us=604177   key_method = 2
Mon Jun 26 23:36:54 2017 us=604177   ca_file = '..\config\ca.crt'
Mon Jun 26 23:36:54 2017 us=604177   ca_path = '[UNDEF]'
Mon Jun 26 23:36:54 2017 us=604177   dh_file = '[UNDEF]'
Mon Jun 26 23:36:54 2017 us=604177   cert_file = '..\config\server.crt'
Mon Jun 26 23:36:54 2017 us=604177   extra_certs_file = '[UNDEF]'
Mon Jun 26 23:36:54 2017 us=604177   priv_key_file = '..\config\server.key'
Mon Jun 26 23:36:54 2017 us=604177   pkcs12_file = '[UNDEF]'
Mon Jun 26 23:36:54 2017 us=604177   cryptoapi_cert = '[UNDEF]'
Mon Jun 26 23:36:54 2017 us=604177   cipher_list = 'TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384:TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256'
Mon Jun 26 23:36:54 2017 us=604177   tls_verify = '[UNDEF]'
Mon Jun 26 23:36:54 2017 us=604177   tls_export_cert = '[UNDEF]'
Mon Jun 26 23:36:54 2017 us=604177   verify_x509_type = 0
Mon Jun 26 23:36:54 2017 us=604177   verify_x509_name = '[UNDEF]'
Mon Jun 26 23:36:54 2017 us=604177   crl_file = '..\config\crl.pem'
Mon Jun 26 23:36:54 2017 us=604177   ns_cert_type = 0
Mon Jun 26 23:36:54 2017 us=604177   remote_cert_ku[i] = 65535
Mon Jun 26 23:36:54 2017 us=604177   remote_cert_ku[i] = 0
Mon Jun 26 23:36:54 2017 us=604177   remote_cert_ku[i] = 0
Mon Jun 26 23:36:54 2017 us=604177   remote_cert_ku[i] = 0
Mon Jun 26 23:36:54 2017 us=604177   remote_cert_ku[i] = 0
Mon Jun 26 23:36:54 2017 us=604177   remote_cert_ku[i] = 0
Mon Jun 26 23:36:54 2017 us=604177   remote_cert_ku[i] = 0
Mon Jun 26 23:36:54 2017 us=604177   remote_cert_ku[i] = 0
Mon Jun 26 23:36:54 2017 us=604177   remote_cert_ku[i] = 0
Mon Jun 26 23:36:54 2017 us=604177   remote_cert_ku[i] = 0
Mon Jun 26 23:36:54 2017 us=604177   remote_cert_ku[i] = 0
Mon Jun 26 23:36:54 2017 us=604177   remote_cert_ku[i] = 0
Mon Jun 26 23:36:54 2017 us=604177   remote_cert_ku[i] = 0
Mon Jun 26 23:36:54 2017 us=604177   remote_cert_ku[i] = 0
Mon Jun 26 23:36:54 2017 us=604177   remote_cert_ku[i] = 0
Mon Jun 26 23:36:54 2017 us=604177   remote_cert_ku[i] = 0
Mon Jun 26 23:36:54 2017 us=604177   remote_cert_eku = 'TLS Web Client Authentication'
Mon Jun 26 23:36:54 2017 us=604177   ssl_flags = 192
Mon Jun 26 23:36:54 2017 us=604177   tls_timeout = 2
Mon Jun 26 23:36:54 2017 us=604177   renegotiate_bytes = -1
Mon Jun 26 23:36:54 2017 us=604177   renegotiate_packets = 0
Mon Jun 26 23:36:54 2017 us=604177   renegotiate_seconds = 3600
Mon Jun 26 23:36:54 2017 us=604177   handshake_window = 60
Mon Jun 26 23:36:54 2017 us=604177   transition_window = 3600
Mon Jun 26 23:36:54 2017 us=604177   single_session = DISABLED
Mon Jun 26 23:36:54 2017 us=604177   push_peer_info = DISABLED
Mon Jun 26 23:36:54 2017 us=604177   tls_exit = DISABLED
Mon Jun 26 23:36:54 2017 us=604177   tls_auth_file = '[UNDEF]'
Mon Jun 26 23:36:54 2017 us=604177   tls_crypt_file = '..\config\ta.key'
Mon Jun 26 23:36:54 2017 us=604177   pkcs11_protected_authentication = DISABLED
Mon Jun 26 23:36:54 2017 us=604177   pkcs11_protected_authentication = DISABLED
Mon Jun 26 23:36:54 2017 us=604177   pkcs11_protected_authentication = DISABLED
Mon Jun 26 23:36:54 2017 us=604177   pkcs11_protected_authentication = DISABLED
Mon Jun 26 23:36:54 2017 us=604177   pkcs11_protected_authentication = DISABLED
Mon Jun 26 23:36:54 2017 us=604177   pkcs11_protected_authentication = DISABLED
Mon Jun 26 23:36:54 2017 us=604177   pkcs11_protected_authentication = DISABLED
Mon Jun 26 23:36:54 2017 us=604177   pkcs11_protected_authentication = DISABLED
Mon Jun 26 23:36:54 2017 us=604177   pkcs11_protected_authentication = DISABLED
Mon Jun 26 23:36:54 2017 us=604177   pkcs11_protected_authentication = DISABLED
Mon Jun 26 23:36:54 2017 us=604177   pkcs11_protected_authentication = DISABLED
Mon Jun 26 23:36:54 2017 us=604177   pkcs11_protected_authentication = DISABLED
Mon Jun 26 23:36:54 2017 us=604177   pkcs11_protected_authentication = DISABLED
Mon Jun 26 23:36:54 2017 us=604177   pkcs11_protected_authentication = DISABLED
Mon Jun 26 23:36:54 2017 us=604177   pkcs11_protected_authentication = DISABLED
Mon Jun 26 23:36:54 2017 us=604177   pkcs11_protected_authentication = DISABLED
Mon Jun 26 23:36:54 2017 us=604177   pkcs11_private_mode = 00000000
Mon Jun 26 23:36:54 2017 us=604177   pkcs11_private_mode = 00000000
Mon Jun 26 23:36:54 2017 us=604177   pkcs11_private_mode = 00000000
Mon Jun 26 23:36:54 2017 us=604177   pkcs11_private_mode = 00000000
Mon Jun 26 23:36:54 2017 us=604177   pkcs11_private_mode = 00000000
Mon Jun 26 23:36:54 2017 us=604177   pkcs11_private_mode = 00000000
Mon Jun 26 23:36:54 2017 us=604177   pkcs11_private_mode = 00000000
Mon Jun 26 23:36:54 2017 us=604177   pkcs11_private_mode = 00000000
Mon Jun 26 23:36:54 2017 us=604177   pkcs11_private_mode = 00000000
Mon Jun 26 23:36:54 2017 us=604177   pkcs11_private_mode = 00000000
Mon Jun 26 23:36:54 2017 us=604177   pkcs11_private_mode = 00000000
Mon Jun 26 23:36:54 2017 us=604177   pkcs11_private_mode = 00000000
Mon Jun 26 23:36:54 2017 us=604177   pkcs11_private_mode = 00000000
Mon Jun 26 23:36:54 2017 us=604177   pkcs11_private_mode = 00000000
Mon Jun 26 23:36:54 2017 us=604177   pkcs11_private_mode = 00000000
Mon Jun 26 23:36:54 2017 us=604177   pkcs11_private_mode = 00000000
Mon Jun 26 23:36:54 2017 us=606015   pkcs11_cert_private = DISABLED
Mon Jun 26 23:36:54 2017 us=606015   pkcs11_cert_private = DISABLED
Mon Jun 26 23:36:54 2017 us=606015   pkcs11_cert_private = DISABLED
Mon Jun 26 23:36:54 2017 us=606015   pkcs11_cert_private = DISABLED
Mon Jun 26 23:36:54 2017 us=606015   pkcs11_cert_private = DISABLED
Mon Jun 26 23:36:54 2017 us=606015   pkcs11_cert_private = DISABLED
Mon Jun 26 23:36:54 2017 us=606015   pkcs11_cert_private = DISABLED
Mon Jun 26 23:36:54 2017 us=606015   pkcs11_cert_private = DISABLED
Mon Jun 26 23:36:54 2017 us=606406   pkcs11_cert_private = DISABLED
Mon Jun 26 23:36:54 2017 us=606406   pkcs11_cert_private = DISABLED
Mon Jun 26 23:36:54 2017 us=606406   pkcs11_cert_private = DISABLED
Mon Jun 26 23:36:54 2017 us=606406   pkcs11_cert_private = DISABLED
Mon Jun 26 23:36:54 2017 us=606462   pkcs11_cert_private = DISABLED
Mon Jun 26 23:36:54 2017 us=606462   pkcs11_cert_private = DISABLED
Mon Jun 26 23:36:54 2017 us=606462   pkcs11_cert_private = DISABLED
Mon Jun 26 23:36:54 2017 us=606462   pkcs11_cert_private = DISABLED
Mon Jun 26 23:36:54 2017 us=606462   pkcs11_pin_cache_period = -1
Mon Jun 26 23:36:54 2017 us=606462   pkcs11_id = '[UNDEF]'
Mon Jun 26 23:36:54 2017 us=606462   pkcs11_id_management = DISABLED
Mon Jun 26 23:36:54 2017 us=606462   server_network = 10.0.0.0
Mon Jun 26 23:36:54 2017 us=606462   server_netmask = 255.255.255.0
Mon Jun 26 23:36:54 2017 us=606462   server_network_ipv6 = ::
Mon Jun 26 23:36:54 2017 us=606462   server_netbits_ipv6 = 0
Mon Jun 26 23:36:54 2017 us=606462   server_bridge_ip = 0.0.0.0
Mon Jun 26 23:36:54 2017 us=606462   server_bridge_netmask = 0.0.0.0
Mon Jun 26 23:36:54 2017 us=606462   server_bridge_pool_start = 0.0.0.0
Mon Jun 26 23:36:54 2017 us=606462   server_bridge_pool_end = 0.0.0.0
Mon Jun 26 23:36:54 2017 us=606462   push_entry = 'route 1.1.1.2 255.255.255.0'
Mon Jun 26 23:36:54 2017 us=606462   push_entry = 'route 10.0.0.1'
Mon Jun 26 23:36:54 2017 us=606462   push_entry = 'topology net30'
Mon Jun 26 23:36:54 2017 us=606462   push_entry = 'ping 10'
Mon Jun 26 23:36:54 2017 us=606462   push_entry = 'ping-restart 120'
Mon Jun 26 23:36:54 2017 us=606462   ifconfig_pool_defined = ENABLED
Mon Jun 26 23:36:54 2017 us=606462   ifconfig_pool_start = 10.0.0.4
Mon Jun 26 23:36:54 2017 us=606462   ifconfig_pool_end = 10.0.0.251
Mon Jun 26 23:36:54 2017 us=606462   ifconfig_pool_netmask = 0.0.0.0
Mon Jun 26 23:36:54 2017 us=606462   ifconfig_pool_persist_filename = '..\log\ipp.txt'
Mon Jun 26 23:36:54 2017 us=606462   ifconfig_pool_persist_refresh_freq = 600
Mon Jun 26 23:36:54 2017 us=606462   ifconfig_ipv6_pool_defined = DISABLED
Mon Jun 26 23:36:54 2017 us=606462   ifconfig_ipv6_pool_base = ::
Mon Jun 26 23:36:54 2017 us=606462   ifconfig_ipv6_pool_netbits = 0
Mon Jun 26 23:36:54 2017 us=606462   n_bcast_buf = 256
Mon Jun 26 23:36:54 2017 us=606462   tcp_queue_limit = 64
Mon Jun 26 23:36:54 2017 us=606462   real_hash_size = 256
Mon Jun 26 23:36:54 2017 us=606462   virtual_hash_size = 256
Mon Jun 26 23:36:54 2017 us=606462   client_connect_script = '[UNDEF]'
Mon Jun 26 23:36:54 2017 us=606462   learn_address_script = '[UNDEF]'
Mon Jun 26 23:36:54 2017 us=606462   client_disconnect_script = '[UNDEF]'
Mon Jun 26 23:36:54 2017 us=606462   client_config_dir = '[UNDEF]'
Mon Jun 26 23:36:54 2017 us=606462   ccd_exclusive = DISABLED
Mon Jun 26 23:36:54 2017 us=606462   tmp_dir = 'C:\Windows\TEMP\'
Mon Jun 26 23:36:54 2017 us=606462   push_ifconfig_defined = DISABLED
Mon Jun 26 23:36:54 2017 us=606462   push_ifconfig_local = 0.0.0.0
Mon Jun 26 23:36:54 2017 us=606462   push_ifconfig_remote_netmask = 0.0.0.0
Mon Jun 26 23:36:54 2017 us=606462   push_ifconfig_ipv6_defined = DISABLED
Mon Jun 26 23:36:54 2017 us=606462   push_ifconfig_ipv6_local = ::/0
Mon Jun 26 23:36:54 2017 us=606462   push_ifconfig_ipv6_remote = ::
Mon Jun 26 23:36:54 2017 us=606462   enable_c2c = DISABLED
Mon Jun 26 23:36:54 2017 us=606462   duplicate_cn = DISABLED
Mon Jun 26 23:36:54 2017 us=606462   cf_max = 0
Mon Jun 26 23:36:54 2017 us=606462   cf_per = 0
Mon Jun 26 23:36:54 2017 us=606462   max_clients = 10
Mon Jun 26 23:36:54 2017 us=606462   max_routes_per_client = 256
Mon Jun 26 23:36:54 2017 us=606462   auth_user_pass_verify_script = 'C:\Program Files\OpenVPN\config\auth.bat'
Mon Jun 26 23:36:54 2017 us=606462   auth_user_pass_verify_script_via_file = DISABLED
Mon Jun 26 23:36:54 2017 us=606462   auth_token_generate = DISABLED
Mon Jun 26 23:36:54 2017 us=606462   auth_token_lifetime = 0
Mon Jun 26 23:36:54 2017 us=606462   client = DISABLED
Mon Jun 26 23:36:54 2017 us=606462   pull = DISABLED
Mon Jun 26 23:36:54 2017 us=606462   auth_user_pass_file = '[UNDEF]'
Mon Jun 26 23:36:54 2017 us=606462   show_net_up = DISABLED
Mon Jun 26 23:36:54 2017 us=606462   route_method = 2
Mon Jun 26 23:36:54 2017 us=606462   block_outside_dns = DISABLED
Mon Jun 26 23:36:54 2017 us=606462   ip_win32_defined = DISABLED
Mon Jun 26 23:36:54 2017 us=606462   ip_win32_type = 3
Mon Jun 26 23:36:54 2017 us=606462   dhcp_masq_offset = 0
Mon Jun 26 23:36:54 2017 us=606462   dhcp_lease_time = 31536000
Mon Jun 26 23:36:54 2017 us=606462   tap_sleep = 5
Mon Jun 26 23:36:54 2017 us=606462   dhcp_options = DISABLED
Mon Jun 26 23:36:54 2017 us=606462   dhcp_renew = DISABLED
Mon Jun 26 23:36:54 2017 us=606462   dhcp_pre_release = DISABLED
Mon Jun 26 23:36:54 2017 us=606462   domain = '[UNDEF]'
Mon Jun 26 23:36:54 2017 us=606462   netbios_scope = '[UNDEF]'
Mon Jun 26 23:36:54 2017 us=606462   netbios_node_type = 0
Mon Jun 26 23:36:54 2017 us=606462   disable_nbt = DISABLED
Mon Jun 26 23:36:54 2017 us=606462 OpenVPN 2.4.3 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Jun 20 2017
Mon Jun 26 23:36:54 2017 us=606462 Windows version 6.2 (Windows 8 or greater) 64bit
Mon Jun 26 23:36:54 2017 us=606462 library versions: OpenSSL 1.0.2l  25 May 2017, LZO 2.10
Mon Jun 26 23:36:54 2017 us=612090 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Mon Jun 26 23:36:54 2017 us=900159 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Mon Jun 26 23:36:54 2017 us=900159 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Mon Jun 26 23:36:54 2017 us=900159 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Mon Jun 26 23:36:54 2017 us=900159 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Mon Jun 26 23:36:54 2017 us=900159 TLS-Auth MTU parms [ L:1622 D:1156 EF:94 EB:0 ET:0 EL:3 ]
Mon Jun 26 23:36:54 2017 us=900159 interactive service msg_channel=0
Mon Jun 26 23:36:54 2017 us=905012 ROUTE_GATEWAY 1.1.1.1/255.255.255.0 I=14 HWADDR=00:00:00:00:00:00
Mon Jun 26 23:36:54 2017 us=905012 open_tun
Mon Jun 26 23:36:54 2017 us=905012 TAP-WIN32 device [VPN] opened: \\.\Global\{D96D5C1D-}.tap
Mon Jun 26 23:36:54 2017 us=905012 TAP-Windows Driver Version 9.21 
Mon Jun 26 23:36:54 2017 us=905012 TAP-Windows MTU=1500
Mon Jun 26 23:36:54 2017 us=909445 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.0.0.1/255.255.255.252 on interface {D96D5C1D-F453-4648-A76B-B261196CD130} [DHCP-serv: 10.0.0.2, lease-time: 31536000]
Mon Jun 26 23:36:54 2017 us=910087 Sleeping for 5 seconds...
Mon Jun 26 23:36:59 2017 us=910907 Successful ARP Flush on interface [15] {D96D5C1D-F453-4648-A76B-B261196CD130}
Mon Jun 26 23:36:59 2017 us=912864 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Mon Jun 26 23:36:59 2017 us=912864 C:\Windows\system32\route.exe ADD 10.0.0.0 MASK 255.255.255.0 10.0.0.2
Mon Jun 26 23:36:59 2017 us=912864 env_block: add PATH=C:\Windows\System32;C:\Windows;C:\Windows\System32\Wbem
Mon Jun 26 23:36:59 2017 us=966869 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 ]
Mon Jun 26 23:36:59 2017 us=967546 Socket Buffers: R=[65536->65536] S=[65536->65536]
Mon Jun 26 23:36:59 2017 us=967546 UDPv4 link local (bound): [AF_INET][undef]:1194
Mon Jun 26 23:36:59 2017 us=967546 UDPv4 link remote: [AF_UNSPEC]
Mon Jun 26 23:36:59 2017 us=967546 MULTI: multi_init called, r=256 v=256
Mon Jun 26 23:36:59 2017 us=968528 IFCONFIG POOL: base=10.0.0.4 size=62, ipv6=0
Mon Jun 26 23:36:59 2017 us=968528 IFCONFIG POOL LIST
Mon Jun 26 23:36:59 2017 us=968528 Initialization Sequence Completed
4. CLIENT LOG (--verb 4):

Code: Select all

Mon Jun 26 21:03:37 2017 us=375812 Current Parameter Settings:
Mon Jun 26 21:03:37 2017 us=375812   config = 'client.ovpn'
Mon Jun 26 21:03:37 2017 us=375812   mode = 0
Mon Jun 26 21:03:37 2017 us=375812   show_ciphers = DISABLED
Mon Jun 26 21:03:37 2017 us=375812   show_digests = DISABLED
Mon Jun 26 21:03:37 2017 us=375812   show_engines = DISABLED
Mon Jun 26 21:03:37 2017 us=375812   genkey = DISABLED
Mon Jun 26 21:03:37 2017 us=375812   key_pass_file = '[UNDEF]'
Mon Jun 26 21:03:37 2017 us=375812   show_tls_ciphers = DISABLED
Mon Jun 26 21:03:37 2017 us=375812   connect_retry_max = 0
Mon Jun 26 21:03:37 2017 us=375812 Connection profiles [0]:
Mon Jun 26 21:03:37 2017 us=375812   proto = udp4
Mon Jun 26 21:03:37 2017 us=375812   local = '[UNDEF]'
Mon Jun 26 21:03:37 2017 us=375812   local_port = '[UNDEF]'
Mon Jun 26 21:03:37 2017 us=375812   remote = '1.1.1.2'
Mon Jun 26 21:03:37 2017 us=375812   remote_port = '1194'
Mon Jun 26 21:03:37 2017 us=375812   remote_float = DISABLED
Mon Jun 26 21:03:37 2017 us=375812   bind_defined = DISABLED
Mon Jun 26 21:03:37 2017 us=375812   bind_local = DISABLED
Mon Jun 26 21:03:37 2017 us=375812   bind_ipv6_only = DISABLED
Mon Jun 26 21:03:37 2017 us=375812   connect_retry_seconds = 5
Mon Jun 26 21:03:37 2017 us=375812   connect_timeout = 120
Mon Jun 26 21:03:37 2017 us=375812   socks_proxy_server = '[UNDEF]'
Mon Jun 26 21:03:37 2017 us=375812   socks_proxy_port = '[UNDEF]'
Mon Jun 26 21:03:37 2017 us=375812   tun_mtu = 1500
Mon Jun 26 21:03:37 2017 us=375812   tun_mtu_defined = ENABLED
Mon Jun 26 21:03:37 2017 us=375812   link_mtu = 1500
Mon Jun 26 21:03:37 2017 us=375812   link_mtu_defined = DISABLED
Mon Jun 26 21:03:37 2017 us=376311   tun_mtu_extra = 0
Mon Jun 26 21:03:37 2017 us=376311   tun_mtu_extra_defined = DISABLED
Mon Jun 26 21:03:37 2017 us=376311   mtu_discover_type = -1
Mon Jun 26 21:03:37 2017 us=376311   fragment = 0
Mon Jun 26 21:03:37 2017 us=376311   mssfix = 1450
Mon Jun 26 21:03:37 2017 us=376311   explicit_exit_notification = 0
Mon Jun 26 21:03:37 2017 us=376311 Connection profiles END
Mon Jun 26 21:03:37 2017 us=376311   remote_random = DISABLED
Mon Jun 26 21:03:37 2017 us=376311   ipchange = '[UNDEF]'
Mon Jun 26 21:03:37 2017 us=376311   dev = 'tun'
Mon Jun 26 21:03:37 2017 us=376311   dev_type = '[UNDEF]'
Mon Jun 26 21:03:37 2017 us=376311   dev_node = 'VPN'
Mon Jun 26 21:03:37 2017 us=376311   lladdr = '[UNDEF]'
Mon Jun 26 21:03:37 2017 us=376311   topology = 1
Mon Jun 26 21:03:37 2017 us=376311   ifconfig_local = '[UNDEF]'
Mon Jun 26 21:03:37 2017 us=376311   ifconfig_remote_netmask = '[UNDEF]'
Mon Jun 26 21:03:37 2017 us=376311   ifconfig_noexec = DISABLED
Mon Jun 26 21:03:37 2017 us=376311   ifconfig_nowarn = DISABLED
Mon Jun 26 21:03:37 2017 us=376311   ifconfig_ipv6_local = '[UNDEF]'
Mon Jun 26 21:03:37 2017 us=376311   ifconfig_ipv6_netbits = 0
Mon Jun 26 21:03:37 2017 us=376311   ifconfig_ipv6_remote = '[UNDEF]'
Mon Jun 26 21:03:37 2017 us=376311   shaper = 0
Mon Jun 26 21:03:37 2017 us=376311   mtu_test = 0
Mon Jun 26 21:03:37 2017 us=376311   mlock = DISABLED
Mon Jun 26 21:03:37 2017 us=376311   keepalive_ping = 0
Mon Jun 26 21:03:37 2017 us=376311   keepalive_timeout = 0
Mon Jun 26 21:03:37 2017 us=376311   inactivity_timeout = 0
Mon Jun 26 21:03:37 2017 us=376311   ping_send_timeout = 0
Mon Jun 26 21:03:37 2017 us=376311   ping_rec_timeout = 0
Mon Jun 26 21:03:37 2017 us=376311   ping_rec_timeout_action = 0
Mon Jun 26 21:03:37 2017 us=376311   ping_timer_remote = DISABLED
Mon Jun 26 21:03:37 2017 us=376311   remap_sigusr1 = 0
Mon Jun 26 21:03:37 2017 us=376311   persist_tun = ENABLED
Mon Jun 26 21:03:37 2017 us=376311   persist_local_ip = DISABLED
Mon Jun 26 21:03:37 2017 us=376311   persist_remote_ip = DISABLED
Mon Jun 26 21:03:37 2017 us=376311   persist_key = ENABLED
Mon Jun 26 21:03:37 2017 us=376311   passtos = DISABLED
Mon Jun 26 21:03:37 2017 us=376311   resolve_retry_seconds = 1000000000
Mon Jun 26 21:03:37 2017 us=376311   resolve_in_advance = DISABLED
Mon Jun 26 21:03:37 2017 us=376311   username = '[UNDEF]'
Mon Jun 26 21:03:37 2017 us=376311   groupname = '[UNDEF]'
Mon Jun 26 21:03:37 2017 us=376811   chroot_dir = '[UNDEF]'
Mon Jun 26 21:03:37 2017 us=376811   cd_dir = '[UNDEF]'
Mon Jun 26 21:03:37 2017 us=376811   writepid = '[UNDEF]'
Mon Jun 26 21:03:37 2017 us=376811   up_script = '[UNDEF]'
Mon Jun 26 21:03:37 2017 us=376811   down_script = '[UNDEF]'
Mon Jun 26 21:03:37 2017 us=376811   down_pre = DISABLED
Mon Jun 26 21:03:37 2017 us=376811   up_restart = DISABLED
Mon Jun 26 21:03:37 2017 us=376811   up_delay = DISABLED
Mon Jun 26 21:03:37 2017 us=376811   daemon = DISABLED
Mon Jun 26 21:03:37 2017 us=376811   inetd = 0
Mon Jun 26 21:03:37 2017 us=376811   log = ENABLED
Mon Jun 26 21:03:37 2017 us=376811   suppress_timestamps = DISABLED
Mon Jun 26 21:03:37 2017 us=376811   machine_readable_output = DISABLED
Mon Jun 26 21:03:37 2017 us=376811   nice = 0
Mon Jun 26 21:03:37 2017 us=376811   verbosity = 4
Mon Jun 26 21:03:37 2017 us=376811   mute = 0
Mon Jun 26 21:03:37 2017 us=376811   gremlin = 0
Mon Jun 26 21:03:37 2017 us=376811   status_file = '[UNDEF]'
Mon Jun 26 21:03:37 2017 us=376811   status_file_version = 1
Mon Jun 26 21:03:37 2017 us=376811   status_file_update_freq = 60
Mon Jun 26 21:03:37 2017 us=376811   occ = ENABLED
Mon Jun 26 21:03:37 2017 us=376811   rcvbuf = 0
Mon Jun 26 21:03:37 2017 us=376811   sndbuf = 0
Mon Jun 26 21:03:37 2017 us=376811   sockflags = 0
Mon Jun 26 21:03:37 2017 us=376811   fast_io = DISABLED
Mon Jun 26 21:03:37 2017 us=376811   comp.alg = 11
Mon Jun 26 21:03:37 2017 us=376811   comp.flags = 0
Mon Jun 26 21:03:37 2017 us=376811   route_script = 'route.bat'
Mon Jun 26 21:03:37 2017 us=376811   route_default_gateway = '[UNDEF]'
Mon Jun 26 21:03:37 2017 us=376811   route_default_metric = 0
Mon Jun 26 21:03:37 2017 us=376811   route_noexec = DISABLED
Mon Jun 26 21:03:37 2017 us=376811   route_delay = 5
Mon Jun 26 21:03:37 2017 us=376811   route_delay_window = 30
Mon Jun 26 21:03:37 2017 us=376811   route_delay_defined = ENABLED
Mon Jun 26 21:03:37 2017 us=376811   route_nopull = DISABLED
Mon Jun 26 21:03:37 2017 us=376811   route_gateway_via_dhcp = DISABLED
Mon Jun 26 21:03:37 2017 us=376811   allow_pull_fqdn = DISABLED
Mon Jun 26 21:03:37 2017 us=376811   [redirect_default_gateway local=0]
Mon Jun 26 21:03:37 2017 us=376811   management_addr = '127.0.0.1'
Mon Jun 26 21:03:37 2017 us=376811   management_port = '25340'
Mon Jun 26 21:03:37 2017 us=376811   management_user_pass = 'stdin'
Mon Jun 26 21:03:37 2017 us=376811   management_log_history_cache = 250
Mon Jun 26 21:03:37 2017 us=376811   management_echo_buffer_size = 100
Mon Jun 26 21:03:37 2017 us=376811   management_write_peer_info_file = '[UNDEF]'
Mon Jun 26 21:03:37 2017 us=376811   management_client_user = '[UNDEF]'
Mon Jun 26 21:03:37 2017 us=377309   management_client_group = '[UNDEF]'
Mon Jun 26 21:03:37 2017 us=377309   management_flags = 6
Mon Jun 26 21:03:37 2017 us=377309   shared_secret_file = '[UNDEF]'
Mon Jun 26 21:03:37 2017 us=377309   key_direction = 0
Mon Jun 26 21:03:37 2017 us=377309   ciphername = 'AES-256-GCM'
Mon Jun 26 21:03:37 2017 us=377309   ncp_enabled = ENABLED
Mon Jun 26 21:03:37 2017 us=377309   ncp_ciphers = 'AES-256-GCM'
Mon Jun 26 21:03:37 2017 us=377309   authname = 'sha512'
Mon Jun 26 21:03:37 2017 us=377309   prng_hash = 'SHA1'
Mon Jun 26 21:03:37 2017 us=377309   prng_nonce_secret_len = 16
Mon Jun 26 21:03:37 2017 us=377309   keysize = 0
Mon Jun 26 21:03:37 2017 us=377309   engine = DISABLED
Mon Jun 26 21:03:37 2017 us=377309   replay = ENABLED
Mon Jun 26 21:03:37 2017 us=377309   mute_replay_warnings = DISABLED
Mon Jun 26 21:03:37 2017 us=377309   replay_window = 64
Mon Jun 26 21:03:37 2017 us=377309   replay_time = 15
Mon Jun 26 21:03:37 2017 us=377309   packet_id_file = '[UNDEF]'
Mon Jun 26 21:03:37 2017 us=377309   use_iv = ENABLED
Mon Jun 26 21:03:37 2017 us=377309   test_crypto = DISABLED
Mon Jun 26 21:03:37 2017 us=377309   tls_server = DISABLED
Mon Jun 26 21:03:37 2017 us=377309   tls_client = ENABLED
Mon Jun 26 21:03:37 2017 us=377309   key_method = 2
Mon Jun 26 21:03:37 2017 us=377309   ca_file = 'ca.crt'
Mon Jun 26 21:03:37 2017 us=377309   ca_path = '[UNDEF]'
Mon Jun 26 21:03:37 2017 us=377309   dh_file = '[UNDEF]'
Mon Jun 26 21:03:37 2017 us=377309   cert_file = 'client1.crt'
Mon Jun 26 21:03:37 2017 us=377309   extra_certs_file = '[UNDEF]'
Mon Jun 26 21:03:37 2017 us=377309   priv_key_file = 'client1.key'
Mon Jun 26 21:03:37 2017 us=377309   pkcs12_file = '[UNDEF]'
Mon Jun 26 21:03:37 2017 us=377309   cryptoapi_cert = '[UNDEF]'
Mon Jun 26 21:03:37 2017 us=377309   cipher_list = 'TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384:TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256'
Mon Jun 26 21:03:37 2017 us=377309   tls_verify = '[UNDEF]'
Mon Jun 26 21:03:37 2017 us=377309   tls_export_cert = '[UNDEF]'
Mon Jun 26 21:03:37 2017 us=377309   verify_x509_type = 2
Mon Jun 26 21:03:37 2017 us=377309   verify_x509_name = 'C=changeme, O=changeme, CN=changeme'
Mon Jun 26 21:03:37 2017 us=377309   crl_file = '[UNDEF]'
Mon Jun 26 21:03:37 2017 us=377309   ns_cert_type = 1
Mon Jun 26 21:03:37 2017 us=377309   remote_cert_ku[i] = 65535
Mon Jun 26 21:03:37 2017 us=377309   remote_cert_ku[i] = 0
Mon Jun 26 21:03:37 2017 us=377309   remote_cert_ku[i] = 0
Mon Jun 26 21:03:37 2017 us=377309   remote_cert_ku[i] = 0
Mon Jun 26 21:03:37 2017 us=377309   remote_cert_ku[i] = 0
Mon Jun 26 21:03:37 2017 us=377309   remote_cert_ku[i] = 0
Mon Jun 26 21:03:37 2017 us=377309   remote_cert_ku[i] = 0
Mon Jun 26 21:03:37 2017 us=377309   remote_cert_ku[i] = 0
Mon Jun 26 21:03:37 2017 us=377309   remote_cert_ku[i] = 0
Mon Jun 26 21:03:37 2017 us=377809   remote_cert_ku[i] = 0
Mon Jun 26 21:03:37 2017 us=377809   remote_cert_ku[i] = 0
Mon Jun 26 21:03:37 2017 us=377809   remote_cert_ku[i] = 0
Mon Jun 26 21:03:37 2017 us=377809   remote_cert_ku[i] = 0
Mon Jun 26 21:03:37 2017 us=377809   remote_cert_ku[i] = 0
Mon Jun 26 21:03:37 2017 us=377809   remote_cert_ku[i] = 0
Mon Jun 26 21:03:37 2017 us=377809   remote_cert_ku[i] = 0
Mon Jun 26 21:03:37 2017 us=377809   remote_cert_eku = 'TLS Web Server Authentication'
Mon Jun 26 21:03:37 2017 us=377809   ssl_flags = 192
Mon Jun 26 21:03:37 2017 us=377809   tls_timeout = 2
Mon Jun 26 21:03:37 2017 us=377809   renegotiate_bytes = -1
Mon Jun 26 21:03:37 2017 us=377809   renegotiate_packets = 0
Mon Jun 26 21:03:37 2017 us=377809   renegotiate_seconds = 3600
Mon Jun 26 21:03:37 2017 us=377809   handshake_window = 60
Mon Jun 26 21:03:37 2017 us=377809   transition_window = 3600
Mon Jun 26 21:03:37 2017 us=377809   single_session = DISABLED
Mon Jun 26 21:03:37 2017 us=377809   push_peer_info = DISABLED
Mon Jun 26 21:03:37 2017 us=377809   tls_exit = DISABLED
Mon Jun 26 21:03:37 2017 us=377809   tls_auth_file = '[UNDEF]'
Mon Jun 26 21:03:37 2017 us=377809   tls_crypt_file = 'ta.key'
Mon Jun 26 21:03:37 2017 us=377809   pkcs11_protected_authentication = DISABLED
Mon Jun 26 21:03:37 2017 us=377809   pkcs11_protected_authentication = DISABLED
Mon Jun 26 21:03:37 2017 us=377809   pkcs11_protected_authentication = DISABLED
Mon Jun 26 21:03:37 2017 us=377809   pkcs11_protected_authentication = DISABLED
Mon Jun 26 21:03:37 2017 us=377809   pkcs11_protected_authentication = DISABLED
Mon Jun 26 21:03:37 2017 us=377809   pkcs11_protected_authentication = DISABLED
Mon Jun 26 21:03:37 2017 us=377809   pkcs11_protected_authentication = DISABLED
Mon Jun 26 21:03:37 2017 us=377809   pkcs11_protected_authentication = DISABLED
Mon Jun 26 21:03:37 2017 us=377809   pkcs11_protected_authentication = DISABLED
Mon Jun 26 21:03:37 2017 us=377809   pkcs11_protected_authentication = DISABLED
Mon Jun 26 21:03:37 2017 us=377809   pkcs11_protected_authentication = DISABLED
Mon Jun 26 21:03:37 2017 us=377809   pkcs11_protected_authentication = DISABLED
Mon Jun 26 21:03:37 2017 us=377809   pkcs11_protected_authentication = DISABLED
Mon Jun 26 21:03:37 2017 us=377809   pkcs11_protected_authentication = DISABLED
Mon Jun 26 21:03:37 2017 us=377809   pkcs11_protected_authentication = DISABLED
Mon Jun 26 21:03:37 2017 us=377809   pkcs11_protected_authentication = DISABLED
Mon Jun 26 21:03:37 2017 us=377809   pkcs11_private_mode = 00000000
Mon Jun 26 21:03:37 2017 us=377809   pkcs11_private_mode = 00000000
Mon Jun 26 21:03:37 2017 us=377809   pkcs11_private_mode = 00000000
Mon Jun 26 21:03:37 2017 us=377809   pkcs11_private_mode = 00000000
Mon Jun 26 21:03:37 2017 us=377809   pkcs11_private_mode = 00000000
Mon Jun 26 21:03:37 2017 us=377809   pkcs11_private_mode = 00000000
Mon Jun 26 21:03:37 2017 us=377809   pkcs11_private_mode = 00000000
Mon Jun 26 21:03:37 2017 us=377809   pkcs11_private_mode = 00000000
Mon Jun 26 21:03:37 2017 us=377809   pkcs11_private_mode = 00000000
Mon Jun 26 21:03:37 2017 us=378309   pkcs11_private_mode = 00000000
Mon Jun 26 21:03:37 2017 us=378309   pkcs11_private_mode = 00000000
Mon Jun 26 21:03:37 2017 us=378309   pkcs11_private_mode = 00000000
Mon Jun 26 21:03:37 2017 us=378309   pkcs11_private_mode = 00000000
Mon Jun 26 21:03:37 2017 us=378309   pkcs11_private_mode = 00000000
Mon Jun 26 21:03:37 2017 us=378309   pkcs11_private_mode = 00000000
Mon Jun 26 21:03:37 2017 us=378309   pkcs11_private_mode = 00000000
Mon Jun 26 21:03:37 2017 us=378309   pkcs11_cert_private = DISABLED
Mon Jun 26 21:03:37 2017 us=378309   pkcs11_cert_private = DISABLED
Mon Jun 26 21:03:37 2017 us=378309   pkcs11_cert_private = DISABLED
Mon Jun 26 21:03:37 2017 us=378309   pkcs11_cert_private = DISABLED
Mon Jun 26 21:03:37 2017 us=378309   pkcs11_cert_private = DISABLED
Mon Jun 26 21:03:37 2017 us=378309   pkcs11_cert_private = DISABLED
Mon Jun 26 21:03:37 2017 us=378309   pkcs11_cert_private = DISABLED
Mon Jun 26 21:03:37 2017 us=378309   pkcs11_cert_private = DISABLED
Mon Jun 26 21:03:37 2017 us=378309   pkcs11_cert_private = DISABLED
Mon Jun 26 21:03:37 2017 us=378309   pkcs11_cert_private = DISABLED
Mon Jun 26 21:03:37 2017 us=378309   pkcs11_cert_private = DISABLED
Mon Jun 26 21:03:37 2017 us=378309   pkcs11_cert_private = DISABLED
Mon Jun 26 21:03:37 2017 us=378309   pkcs11_cert_private = DISABLED
Mon Jun 26 21:03:37 2017 us=378309   pkcs11_cert_private = DISABLED
Mon Jun 26 21:03:37 2017 us=378309   pkcs11_cert_private = DISABLED
Mon Jun 26 21:03:37 2017 us=378309   pkcs11_cert_private = DISABLED
Mon Jun 26 21:03:37 2017 us=378309   pkcs11_pin_cache_period = -1
Mon Jun 26 21:03:37 2017 us=378309   pkcs11_id = '[UNDEF]'
Mon Jun 26 21:03:37 2017 us=378309   pkcs11_id_management = DISABLED
Mon Jun 26 21:03:37 2017 us=378309   server_network = 0.0.0.0
Mon Jun 26 21:03:37 2017 us=378309   server_netmask = 0.0.0.0
Mon Jun 26 21:03:37 2017 us=378309   server_network_ipv6 = ::
Mon Jun 26 21:03:37 2017 us=378309   server_netbits_ipv6 = 0
Mon Jun 26 21:03:37 2017 us=378309   server_bridge_ip = 0.0.0.0
Mon Jun 26 21:03:37 2017 us=378309   server_bridge_netmask = 0.0.0.0
Mon Jun 26 21:03:37 2017 us=378309   server_bridge_pool_start = 0.0.0.0
Mon Jun 26 21:03:37 2017 us=378309   server_bridge_pool_end = 0.0.0.0
Mon Jun 26 21:03:37 2017 us=378309   ifconfig_pool_defined = DISABLED
Mon Jun 26 21:03:37 2017 us=378309   ifconfig_pool_start = 0.0.0.0
Mon Jun 26 21:03:37 2017 us=378309   ifconfig_pool_end = 0.0.0.0
Mon Jun 26 21:03:37 2017 us=378309   ifconfig_pool_netmask = 0.0.0.0
Mon Jun 26 21:03:37 2017 us=378309   ifconfig_pool_persist_filename = '[UNDEF]'
Mon Jun 26 21:03:37 2017 us=378309   ifconfig_pool_persist_refresh_freq = 600
Mon Jun 26 21:03:37 2017 us=378309   ifconfig_ipv6_pool_defined = DISABLED
Mon Jun 26 21:03:37 2017 us=378309   ifconfig_ipv6_pool_base = ::
Mon Jun 26 21:03:37 2017 us=378309   ifconfig_ipv6_pool_netbits = 0
Mon Jun 26 21:03:37 2017 us=378309   n_bcast_buf = 256
Mon Jun 26 21:03:37 2017 us=378309   tcp_queue_limit = 64
Mon Jun 26 21:03:37 2017 us=378810   real_hash_size = 256
Mon Jun 26 21:03:37 2017 us=378810   virtual_hash_size = 256
Mon Jun 26 21:03:37 2017 us=378810   client_connect_script = '[UNDEF]'
Mon Jun 26 21:03:37 2017 us=378810   learn_address_script = '[UNDEF]'
Mon Jun 26 21:03:37 2017 us=378810   client_disconnect_script = '[UNDEF]'
Mon Jun 26 21:03:37 2017 us=378810   client_config_dir = '[UNDEF]'
Mon Jun 26 21:03:37 2017 us=378810   ccd_exclusive = DISABLED
Mon Jun 26 21:03:37 2017 us=378810   tmp_dir = 'C:\Users\Install\AppData\Local\Temp\'
Mon Jun 26 21:03:37 2017 us=378810   push_ifconfig_defined = DISABLED
Mon Jun 26 21:03:37 2017 us=378810   push_ifconfig_local = 0.0.0.0
Mon Jun 26 21:03:37 2017 us=378810   push_ifconfig_remote_netmask = 0.0.0.0
Mon Jun 26 21:03:37 2017 us=378810   push_ifconfig_ipv6_defined = DISABLED
Mon Jun 26 21:03:37 2017 us=378810   push_ifconfig_ipv6_local = ::/0
Mon Jun 26 21:03:37 2017 us=378810   push_ifconfig_ipv6_remote = ::
Mon Jun 26 21:03:37 2017 us=378810   enable_c2c = DISABLED
Mon Jun 26 21:03:37 2017 us=378810   duplicate_cn = DISABLED
Mon Jun 26 21:03:37 2017 us=378810   cf_max = 0
Mon Jun 26 21:03:37 2017 us=378810   cf_per = 0
Mon Jun 26 21:03:37 2017 us=378810   max_clients = 1024
Mon Jun 26 21:03:37 2017 us=378810   max_routes_per_client = 256
Mon Jun 26 21:03:37 2017 us=378810   auth_user_pass_verify_script = '[UNDEF]'
Mon Jun 26 21:03:37 2017 us=378810   auth_user_pass_verify_script_via_file = DISABLED
Mon Jun 26 21:03:37 2017 us=378810   auth_token_generate = DISABLED
Mon Jun 26 21:03:37 2017 us=378810   auth_token_lifetime = 0
Mon Jun 26 21:03:37 2017 us=378810   client = ENABLED
Mon Jun 26 21:03:37 2017 us=378810   pull = ENABLED
Mon Jun 26 21:03:37 2017 us=378810   auth_user_pass_file = 'client1.txt'
Mon Jun 26 21:03:37 2017 us=378810   show_net_up = DISABLED
Mon Jun 26 21:03:37 2017 us=378810   route_method = 3
Mon Jun 26 21:03:37 2017 us=378810   block_outside_dns = DISABLED
Mon Jun 26 21:03:37 2017 us=378810   ip_win32_defined = DISABLED
Mon Jun 26 21:03:37 2017 us=378810   ip_win32_type = 3
Mon Jun 26 21:03:37 2017 us=378810   dhcp_masq_offset = 0
Mon Jun 26 21:03:37 2017 us=378810   dhcp_lease_time = 31536000
Mon Jun 26 21:03:37 2017 us=378810   tap_sleep = 0
Mon Jun 26 21:03:37 2017 us=378810   dhcp_options = ENABLED
Mon Jun 26 21:03:37 2017 us=378810   dhcp_renew = DISABLED
Mon Jun 26 21:03:37 2017 us=378810   dhcp_pre_release = DISABLED
Mon Jun 26 21:03:37 2017 us=378810   domain = '[UNDEF]'
Mon Jun 26 21:03:37 2017 us=378810   netbios_scope = '[UNDEF]'
Mon Jun 26 21:03:37 2017 us=378810   netbios_node_type = 0
Mon Jun 26 21:03:37 2017 us=378810   disable_nbt = DISABLED
Mon Jun 26 21:03:37 2017 us=378810   DNS[0] = 0.0.0.0
Mon Jun 26 21:03:37 2017 us=379309 OpenVPN 2.4.3 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Jun 20 2017
Mon Jun 26 21:03:37 2017 us=379309 Windows version 6.2 (Windows 8 or greater) 64bit
Mon Jun 26 21:03:37 2017 us=379309 library versions: OpenSSL 1.0.2l  25 May 2017, LZO 2.10
Enter Management Password:
Mon Jun 26 21:03:37 2017 us=379810 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Mon Jun 26 21:03:37 2017 us=379810 Need hold release from management interface, waiting...
Mon Jun 26 21:03:37 2017 us=855994 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Mon Jun 26 21:03:37 2017 us=966037 MANAGEMENT: CMD 'state on'
Mon Jun 26 21:03:37 2017 us=966037 MANAGEMENT: CMD 'log all on'
Mon Jun 26 21:03:38 2017 us=79055 MANAGEMENT: CMD 'echo all on'
Mon Jun 26 21:03:38 2017 us=80054 MANAGEMENT: CMD 'hold off'
Mon Jun 26 21:03:38 2017 us=81557 MANAGEMENT: CMD 'hold release'
Mon Jun 26 21:03:38 2017 us=81557 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Mon Jun 26 21:03:41 2017 us=188976 MANAGEMENT: Client disconnected
Mon Jun 26 21:03:41 2017 us=188976 ERROR: could not read Private Key username/password/ok/string from management interface
Mon Jun 26 21:03:41 2017 us=188976 Exiting due to fatal error
The .bat files are taken out of http://www.andysblog.de/openvpn-server- ... einrichten .
Top
TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Turn off management / ECDSA under windows

Post by TinCanTech » Tue Jun 27, 2017 9:54 am

asweo wrote:1.) (more urgent) I can't connect to the server, because my client want's some management configuration
asweo wrote:Mon Jun 26 21:03:41 2017 us=188976 ERROR: could not read Private Key username/password/ok/string from management interface
Mon Jun 26 21:03:41 2017 us=188976 Exiting due to fatal error
Either enter the key password or make keys without a password.

To make a key without a password use:
easyrsa build-key name nopass
Top
asweo
OpenVpn Newbie
Posts: 5
Joined: Sat Jun 24, 2017 10:19 am

Re: Turn off management / ECDSA under windows

Post by asweo » Tue Jun 27, 2017 3:17 pm

Okay 1.) is solved. Add info: What I forgot to write btw.
  • Enter the client password, but would result in:
    Tue Jun 27 14:21:42 2017 MANAGEMENT: CMD 'password [...]'
    Tue Jun 27 14:21:42 2017 SIGUSR1[soft,private-key-password-failure] received, process restarting
    Tue Jun 27 14:21:42 2017 MANAGEMENT: >STATE:1498566102,RECONNECTING,private-key-password-failure,,,,,
    Tue Jun 27 14:21:42 2017 Restart pause, 5 second(s)
  • I deactivated most not essential options on client/server (hardening, dns)
  • I did take a look if all names and IP addresses are correct.
  • Check if user/passwords use allowed characters:
    To protect against a client passing a maliciously formed username or password string, the username string must consist only of these characters: alphanumeric, underbar ('_'), dash ('-'), dot ('.'), or at ('@'). The password string can consist of any printable characters except for CR or LF. Any illegal characters in either the username or password string will be converted to underbar ('_').
  • (of course read how to and searched for many pages.
Now the solution was a wrong copied password for certificate creation. Well, I see now it is there, but I guess I didn't believe it expecting something in the config wrong. -.-

3.a) Then I had another error:

Code: Select all

Tue Jun 27 14:46:28 2017 TLS: Initial packet from [AF_INET]1.1.1.1:1194, sid=***
Tue Jun 27 14:46:28 2017 VERIFY OK: depth=1, C=changeme1, ST=changeme2, L=changeme3, O=changeme4, OU=changeme5, CN=changeme6, name=changeme7, emailAddress=changeme8
Tue Jun 27 14:46:28 2017 VERIFY KU OK
Tue Jun 27 14:46:28 2017 Validating certificate extended key usage
Tue Jun 27 14:46:28 2017 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Tue Jun 27 14:46:28 2017 VERIFY EKU OK
Tue Jun 27 14:46:28 2017 VERIFY X509NAME ERROR: C=changeme1, ST=changeme2, L=changeme3, O=changeme4, OU=changeme5, CN=changeme6, name=changeme7, emailAddress=changeme8
Tue Jun 27 14:46:28 2017 OpenSSL: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
Tue Jun 27 14:46:28 2017 TLS_ERROR: BIO read tls_read_plaintext error
Tue Jun 27 14:46:28 2017 TLS Error: TLS object -> incoming plaintext read error
Tue Jun 27 14:46:28 2017 TLS Error: TLS handshake failed
Tue Jun 27 14:46:28 2017 SIGUSR1[soft,tls-error] received, process restarting
I played with the verify x509 name, till I just turned that off for now (do I need that with remote-cert-tls server anyway?).
3.b) Log would look now like:

Code: Select all

Tue Jun 27 17:00:25 2017 OpenVPN 2.4.3 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Jun 20 2017
Tue Jun 27 17:00:25 2017 Windows version 6.2 (Windows 8 or greater) 64bit
Tue Jun 27 17:00:25 2017 library versions: OpenSSL 1.0.2l  25 May 2017, LZO 2.10
Enter Management Password:
Tue Jun 27 17:00:25 2017 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Tue Jun 27 17:00:25 2017 Need hold release from management interface, waiting...
Tue Jun 27 17:00:25 2017 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Tue Jun 27 17:00:25 2017 MANAGEMENT: CMD 'state on'
Tue Jun 27 17:00:25 2017 MANAGEMENT: CMD 'log all on'
Tue Jun 27 17:00:25 2017 MANAGEMENT: CMD 'echo all on'
Tue Jun 27 17:00:25 2017 MANAGEMENT: CMD 'hold off'
Tue Jun 27 17:00:25 2017 MANAGEMENT: CMD 'hold release'
Tue Jun 27 17:00:25 2017 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Tue Jun 27 17:00:25 2017 MANAGEMENT: CMD 'password [...]'
Tue Jun 27 17:00:25 2017 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Tue Jun 27 17:00:25 2017 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Tue Jun 27 17:00:25 2017 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Tue Jun 27 17:00:25 2017 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Tue Jun 27 17:00:25 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]1.1.1.2:1194
Tue Jun 27 17:00:25 2017 Socket Buffers: R=[65536->65536] S=[65536->65536]
Tue Jun 27 17:00:25 2017 UDPv4 link local: (not bound)
Tue Jun 27 17:00:25 2017 UDPv4 link remote: [AF_INET]1.1.1.2:1194
Tue Jun 27 17:00:25 2017 MANAGEMENT: >STATE:1498575625,WAIT,,,,,,
Tue Jun 27 17:00:25 2017 MANAGEMENT: >STATE:1498575625,AUTH,,,,,,
Tue Jun 27 17:00:25 2017 TLS: Initial packet from [AF_INET]1.1.1.2:1194, sid=******
Tue Jun 27 17:00:25 2017 VERIFY OK: depth=1, C=changeme1, ST=changeme2, L=changeme3, O=changeme4, OU=changeme5, CN=changeme6, name=changeme7, emailAddress=changeme8
Tue Jun 27 17:00:25 2017 VERIFY KU OK
Tue Jun 27 17:00:25 2017 Validating certificate extended key usage
Tue Jun 27 17:00:25 2017 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Tue Jun 27 17:00:25 2017 VERIFY EKU OK
Tue Jun 27 17:00:25 2017 VERIFY OK: depth=0, C=changeme1, ST=changeme2, L=changeme3, O=changeme4, OU=changeme5, CN=changeme6, name=changeme7, emailAddress=changeme8
Tue Jun 27 17:00:26 2017 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Tue Jun 27 17:00:26 2017 [BanozKG] Peer Connection Initiated with [AF_INET]1.1.1.2:1194
Tue Jun 27 17:00:27 2017 MANAGEMENT: >STATE:1498575627,GET_CONFIG,,,,,,
Tue Jun 27 17:00:27 2017 SENT CONTROL [BanozKG]: 'PUSH_REQUEST' (status=1)
Tue Jun 27 17:00:27 2017 PUSH: Received control message: 'PUSH_REPLY,route 1.1.1.2 255.255.255.0,route 10.0.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.0.0.6 10.0.0.5,peer-id 1,cipher AES-256-GCM'
Tue Jun 27 17:00:27 2017 OPTIONS IMPORT: timers and/or timeouts modified
Tue Jun 27 17:00:27 2017 OPTIONS IMPORT: --ifconfig/up options modified
Tue Jun 27 17:00:27 2017 OPTIONS IMPORT: route options modified
Tue Jun 27 17:00:27 2017 OPTIONS IMPORT: peer-id set
Tue Jun 27 17:00:27 2017 OPTIONS IMPORT: adjusting link_mtu to 1625
Tue Jun 27 17:00:27 2017 OPTIONS IMPORT: data channel crypto options modified
Tue Jun 27 17:00:27 2017 Data Channel Encrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
Tue Jun 27 17:00:27 2017 Data Channel Decrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
Tue Jun 27 17:00:27 2017 interactive service msg_channel=0
Tue Jun 27 17:00:27 2017 ROUTE_GATEWAY 192.168.0.1/255.255.255.0 I=8 HWADDR=00:00:00:00:00:00
Tue Jun 27 17:00:27 2017 open_tun
Tue Jun 27 17:00:27 2017 TAP-WIN32 device [OpenVPN-A] opened: \\.\Global\{23****}.tap
Tue Jun 27 17:00:27 2017 TAP-Windows Driver Version 9.21 
Tue Jun 27 17:00:27 2017 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.0.0.6/255.255.255.252 on interface {23******} [DHCP-serv: 10.0.0.5, lease-time: 31536000]
Tue Jun 27 17:00:27 2017 Successful ARP Flush on interface [3] {23****}
Tue Jun 27 17:00:27 2017 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Tue Jun 27 17:00:27 2017 MANAGEMENT: >STATE:1498575627,ASSIGN_IP,,10.0.0.6,,,,
Tue Jun 27 17:00:29 2017 TEST ROUTES: 3/3 succeeded len=2 ret=1 a=0 u/d=up
Tue Jun 27 17:00:29 2017 C:\WINDOWS\system32\route.exe ADD 1.1.1.2 MASK 255.255.255.255 192.168.0.1
Tue Jun 27 17:00:29 2017 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=25 and dwForwardType=4
Tue Jun 27 17:00:29 2017 Route addition via IPAPI succeeded [adaptive]
Tue Jun 27 17:00:29 2017 C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.0.0.5
Tue Jun 27 17:00:29 2017 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=35 and dwForwardType=4
Tue Jun 27 17:00:29 2017 Route addition via IPAPI succeeded [adaptive]
Tue Jun 27 17:00:29 2017 C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.0.0.5
Tue Jun 27 17:00:29 2017 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=35 and dwForwardType=4
Tue Jun 27 17:00:29 2017 Route addition via IPAPI succeeded [adaptive]
Tue Jun 27 17:00:29 2017 MANAGEMENT: >STATE:1498575629,ADD_ROUTES,,,,,,
Tue Jun 27 17:00:29 2017 C:\WINDOWS\system32\route.exe ADD 1.1.1.2 MASK 255.255.255.0 10.0.0.5
Tue Jun 27 17:00:29 2017 Warning: address 1.1.1.2 is not a network address in relation to netmask 255.255.255.0
Tue Jun 27 17:00:29 2017 ROUTE: route addition failed using CreateIpForwardEntry: Falscher Parameter.   [status=87 if_index=3]
Tue Jun 27 17:00:29 2017 Route addition via IPAPI failed [adaptive]
Tue Jun 27 17:00:29 2017 Route addition fallback to route.exe
Tue Jun 27 17:00:29 2017 env_block: add PATH=C:\WINDOWS\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
Tue Jun 27 17:00:29 2017 C:\WINDOWS\system32\route.exe ADD 10.0.0.1 MASK 255.255.255.255 10.0.0.5
Tue Jun 27 17:00:29 2017 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=35 and dwForwardType=4
Tue Jun 27 17:00:29 2017 Route addition via IPAPI succeeded [adaptive]
Tue Jun 27 17:00:29 2017 env_block: add PATH=C:\WINDOWS\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
Tue Jun 27 17:00:29 2017 Initialization Sequence Completed
Tue Jun 27 17:00:29 2017 MANAGEMENT: >STATE:1498575629,CONNECTED,SUCCESS,10.0.0.6,1.1.1.2,1194,,
I am not that into the routing. While I am somewhat connected, I can't load any pages, so what to do now? (did test with and without route-method exe)
Top
asweo
OpenVpn Newbie
Posts: 5
Joined: Sat Jun 24, 2017 10:19 am

Re: Turn off management / ECDSA under windows

Post by asweo » Wed Jun 28, 2017 10:38 pm

I reread and reread above given config link, as well as f.e. http://forum.openvpn.eu/viewtopic.php?f=1&t=741

I think the error before was in the subnet, changed last digit to 255 too, but now I got another error "No Route to Host".

I also tried to set "netsh interface ipv4 set int "VPN" forwarding=enabled" (for both interfaces) on the server. But I just can't connect to the internet when I'm connected with the server (but I can connect to the server). Best result in log would be:

Code: Select all

Thu Jun 29 00:15:57 2017 us=193628   route 1.1.1.2/255.255.255.255/default (not set)/default (not set)
..........
Thu Jun 29 00:18:27 2017 us=186986 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,route 10.0.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.0.0.6 10.0.0.5,peer-id 0,cipher AES-256-GCM'

Thu Jun 29 00:18:27 2017 us=192000 ROUTE_GATEWAY 192.168.0.1/255.255.255.0 I=8 HWADDR=00:00:00:00:00:00

Thu Jun 29 00:18:27 2017 us=207000 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.0.0.6/255.255.255.252 on interface {23CF8B3E-9252-497A-8379-EDB3D1437619} [DHCP-serv: 10.0.0.5, lease-time: 31536000]
Thu Jun 29 00:18:27 2017 us=208001 Successful ARP Flush on interface [3] {23C****}
Thu Jun 29 00:18:27 2017 us=211001 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Thu Jun 29 00:18:27 2017 us=211001 MANAGEMENT: >STATE:1498688307,ASSIGN_IP,,10.0.0.6,,,,
Thu Jun 29 00:18:27 2017 us=228001 write UDPv4: No Route to Host (WSAEHOSTUNREACH) (code=10065)
Thu Jun 29 00:18:29 2017 us=261992 TEST ROUTES: 3/3 succeeded len=2 ret=1 a=0 u/d=up
Thu Jun 29 00:18:29 2017 us=262993 C:\WINDOWS\system32\route.exe ADD 1.1.1.2 MASK 255.255.255.255 192.168.0.1
Thu Jun 29 00:18:29 2017 us=265994 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=25 and dwForwardType=4
Thu Jun 29 00:18:29 2017 us=265994 Route addition via IPAPI succeeded [adaptive]
Thu Jun 29 00:18:29 2017 us=265994 C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.0.0.5
Thu Jun 29 00:18:29 2017 us=268993 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=35 and dwForwardType=4
Thu Jun 29 00:18:29 2017 us=268993 Route addition via IPAPI succeeded [adaptive]
Thu Jun 29 00:18:29 2017 us=268993 C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.0.0.5
Thu Jun 29 00:18:29 2017 us=271999 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=35 and dwForwardType=4
Thu Jun 29 00:18:29 2017 us=271999 Route addition via IPAPI succeeded [adaptive]
Thu Jun 29 00:18:29 2017 us=271999 MANAGEMENT: >STATE:1498688309,ADD_ROUTES,,,,,,
Thu Jun 29 00:18:29 2017 us=271999 C:\WINDOWS\system32\route.exe ADD 1.1.1.2 MASK 255.255.255.255 10.0.0.5
Thu Jun 29 00:18:29 2017 us=274997 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=35 and dwForwardType=4
Thu Jun 29 00:18:29 2017 us=274997 Route addition via IPAPI succeeded [adaptive]
Thu Jun 29 00:18:29 2017 us=274997 C:\WINDOWS\system32\route.exe ADD 10.0.0.1 MASK 255.255.255.255 10.0.0.5
Thu Jun 29 00:18:29 2017 us=277994 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=35 and dwForwardType=4
Thu Jun 29 00:18:29 2017 us=277994 Route addition via IPAPI succeeded [adaptive]
Thu Jun 29 00:18:29 2017 us=277994 Initialization Sequence Completed
Thu Jun 29 00:18:29 2017 us=277994 MANAGEMENT: >STATE:1498688309,CONNECTED,SUCCESS,10.0.0.6,1.1.1.2,1194,,
I rly don't get the routing. Any tips? Or is not the client/servercfg. but something that might be missing on server (it's win 2016)?
Top
asweo
OpenVpn Newbie
Posts: 5
Joined: Sat Jun 24, 2017 10:19 am

Re: Turn off management / ECDSA under windows

Post by asweo » Fri Jun 30, 2017 8:30 pm

If I would not add the route manually but just let the gateway option handle it, I wouldn't get a error. But I still can't connect to WAN from clients. (I can on hosts).

Code: Select all

Fri Jun 30 22:20:31 2017 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Fri Jun 30 22:20:31 2017 MANAGEMENT: >STATE:1498854031,ASSIGN_IP,,10.0.0.6,,,,
Fri Jun 30 22:20:33 2017 TEST ROUTES: 2/2 succeeded len=1 ret=1 a=0 u/d=up
Fri Jun 30 22:20:33 2017 C:\WINDOWS\system32\route.exe ADD 1.1.1.2 MASK 255.255.255.255 192.168.0.1
Fri Jun 30 22:20:33 2017 Route addition via service succeeded
Fri Jun 30 22:20:33 2017 C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.0.0.5
Fri Jun 30 22:20:33 2017 Route addition via service succeeded
Fri Jun 30 22:20:33 2017 C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.0.0.5
Fri Jun 30 22:20:33 2017 Route addition via service succeeded
Fri Jun 30 22:20:33 2017 MANAGEMENT: >STATE:1498854033,ADD_ROUTES,,,,,,
Fri Jun 30 22:20:33 2017 C:\WINDOWS\system32\route.exe ADD 10.0.0.1 MASK 255.255.255.255 10.0.0.5
Fri Jun 30 22:20:33 2017 Route addition via service succeeded
Fri Jun 30 22:20:33 2017 Initialization Sequence Completed
Fri Jun 30 22:20:33 2017 MANAGEMENT: >STATE:1498854033,CONNECTED,SUCCESS,10.0.0.6,1.1.1.2,1194,,
I think that last route might be faulty, but where does it take that subnet? The server still has the "server 10.0.0.0 255.255.255.0" rule. And both only have "redirect-gateway def1".
Top
asweo
OpenVpn Newbie
Posts: 5
Joined: Sat Jun 24, 2017 10:19 am

Re: Turn off management / ECDSA under windows

Post by asweo » Fri Jul 07, 2017 6:52 pm

What might be important is the client and server OS info. I mean it is somewhat in the logs, but not fully:

*Client*

Code: Select all

C:\WINDOWS\system32>systeminfo
Betriebssystemname:                            Microsoft Windows 10 Pro Insider Preview
Betriebssystemversion:                         10.0.16232 Nicht zutreffend Build 16232
C:\WINDOWS\system32>ipconfig /all
   Knotentyp . . . . . . . . . . . . : Hybrid
   IP-Routing aktiviert  . . . . . . : Nein
*Server*

Code: Select all

C:\WINDOWS\system32>systeminfo
Betriebssystemname:                            Microsoft Windows Server 2016 Datacenter
Betriebssystemversion:                         10.0.14393 Nicht zutreffend Build 14393
C:\Windows\system32>ipconfig /all
   Knotentyp . . . . . . . . . . . . : Hybrid
   IP-Routing aktiviert  . . . . . . : Nein
Ethernet-Adapter *vpn:
   Verbindungsspezifisches DNS-Suffix:
   Beschreibung. . . . . . . . . . . : TAP-Windows Adapter V9
   Physische Adresse . . . . . . . . : 00-00-00-00-00-00
   DHCP aktiviert. . . . . . . . . . : Ja
   Autokonfiguration aktiviert . . . : Ja
   IPv4-Adresse  . . . . . . . . . . : 10.0.0.1(Bevorzugt)
   Subnetzmaske  . . . . . . . . . . : 255.255.255.252
   Lease erhalten. . . . . . . . . . : Samstag, 1. Juli 2017 17:20:33
   Lease läuft ab. . . . . . . . . . : Sonntag, 1. Juli 2018 17:20:37
   Standardgateway . . . . . . . . . :
   DHCP-Server . . . . . . . . . . . : 10.0.0.2
   NetBIOS über TCP/IP . . . . . . . : Deaktiviert
Hm, I just activated forwarding for 2 of 3 adapters on server. Any way to check if that went well?
Top
Post Reply

Return to “Configuration”