Classic problem: server-lan can't ping client-lan

Need help configuring your VPN? Just post here and you'll get that help.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
thenob
OpenVpn Newbie
Posts: 1
Joined: Wed Nov 22, 2017 10:19 am

Classic problem: server-lan can't ping client-lan

Post by thenob » Wed Nov 22, 2017 11:08 am

It seems to me that I stumbled on a classic problem: server can't reach client.
I've followed the HOWTO, tried also topology subnet, but also didn't work.

We have 2 seperate locations, every IP on Location A should be able to reach every IP on Location B, and vice versa.
For now only all clients on the server-netwerk Location A can be reached.


1. Location A (server)
Lan 192.168.0.0/24
vpnserver, Synology 192.168.0.161

Server Config

dev tun
management 127.0.0.1 1195
mode server
tls-server
server 10.8.0.0 255.255.255.0
client-config-dir /var/packages/VPNCenter/etc/openvpn/ccd
route 192.168.1.0 255.255.255.0
client-to-client
push "route 192.168.0.0 255.255.255.0"
push "route 192.168.1.0 255.255.255.0"
dh /var/packages/VPNCenter/target/etc/openvpn/keys/dh3072.pem
ca /var/packages/VPNCenter/target/etc/openvpn/keys/ca.crt
cert /var/packages/VPNCenter/target/etc/openvpn/keys/server.crt
key /var/packages/VPNCenter/target/etc/openvpn/keys/server.key
max-clients 5
persist-tun
persist-key
verb 4
log-append /var/log/openvpn.log
keepalive 10 60
reneg-sec 0
plugin /var/packages/VPNCenter/target/lib/radiusplugin.so /var/packages/VPNCenter/target/etc/openvpn/radiusplugin.cnf
client-cert-not-required
username-as-common-name
#duplicate-cn
status /tmp/ovpn_status_2_result 30
status-version 2
proto udp
port 1194
cipher BF-CBC
auth SHA1


config ccd/VPN-server03
Server

iroute 192.168.1.0 255.255.255.0


Route on server:

Code: Select all

# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.0.1     0.0.0.0         UG    0      0        0 eth0
10.8.0.0        10.8.0.2        255.255.255.0   UG    0      0        0 tun0
10.8.0.2        0.0.0.0         255.255.255.255 UH    0      0        0 tun0
192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
192.168.1.0     10.8.0.2        255.255.255.0   UG    0      0        0 tun0

IP-tables on server:

Code: Select all

# iptables -t nat --list
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination         
DEFAULT_POSTROUTING  all  --  anywhere             anywhere            

Chain DEFAULT_POSTROUTING (1 references)
target     prot opt source               destination         
MASQUERADE  all  --  10.8.0.0/24
IP-forwarding on server:

Code: Select all

# cat /proc/sys/net/ipv4/ip_forward
1


2. Location B (client)
Lan 192.168.1.0/24
vpnserver, Qnap 192.168.1.16

server-config part 1 /etc/config/openvpn
client

Enable = TRUE
Mask = 24
Index = 1
Last Error = 0
Allow Connect = 1
Gateway = 1
Imported = 1
Reconnect = 1
Custom Mask = FALSE
Profile File = <cut FQDN Synology-server>
Name = VPN-server03
AccessCode = <cut passwd>
Server Address = <cut FQDN Synology-server>
Real Address = <cut Real IP Synology-server>
LocalIP = 10.8.0.6
Country Code = BE
Status = 1
Time Stamp = 1511345604
Up =
Down =
Vendor =
VPN Port = 1194
VPN Proto Type = udp
Enable compressed VPN link = 0
Auth User Pass = TRUE
Encryption = 1


server-config part 2 /etc/config/openvpn/clients/client1
Client Config

auth SHA1
auth-retry nointeract
auth-user-pass
cipher BF-CBC
client
connect-retry-max 1
daemon openvpn-client
dev tun2001
down /etc/openvpn/openvpn_down
explicit-exit-notify 1
#log /dev/null
log /share/MD0_DATA/vpn.log
verb 4
management /tmp/openvpn.client1.sock unix
management-query-passwords
nobind
plugin /usr/lib/vpn_ext.so 1
pull
remap-usr1 SIGTERM
remote <cut FQDN synology-server> 1194 udp
reneg-sec 0
resolv-retry infinite
script-security 3
tls-client
tls-exit
up /etc/openvpn/openvpn_up
<ca>
-----BEGIN CERTIFICATE-----
MIIDdTCCAl2gAwIBAgIJAIRoG4XcRuQmMA0GCSqGSIb3DQEBCwUAMFExCzAJBgNV
BAYTAlRXMQ8wDQYDVQQHDAZUYWlwZWkxFjAUBgNVBAoMDVN5bm9sb2d5IEluYy4x
GTAXBgNVBAMMEFN5bm9sb2d5IEluYy4gQ0EwHhcNMTcwNjA4MTEzNzU2WhcNMzcw
MjIzMTEzNzU2WjBRMQswCQYDVQQGEwJUVzEPMA0GA1UEBwwGVGFpcGVpMRYwFAYD
VQQKDA1TeW5vbG9neSBJbmMuMRkwFwYDVQQDDBBTeW5vbG9neSBJbmMuIENBMIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsWahvyHe3G1roVcbuPH6q+IJ
9M7VIwwSt1+IQZlF3YXUzW4DLslQTAY95bbv6EEDDBowpJoxklw2Q2b1cbVixsuC
ZLixFuBwBHXMbvOzPqxdZdTDWXTDex7ifGtrV3jNJ3zO5YfXY3GiX18OwyXc5oDi
zpYgFpuEVCxgOFv7n0zfLemALJRSNqhH39Pin1ZkjwjT4ABjDAOVuMRbGGtKbf29
vMLRFN51DRXKKA/+44IVGEjS/1dQtp3cDoe2YMlRB2vaJnMNWMgsRwPcqAO1+fM1
//3w5ntClbJLQ8iJNISway3o7ST9985BdQkEH7fkizt11RY1Dmy9K2kWix+GvwID
AQABo1AwTjAdBgNVHQ4EFgQUhBlKYAXlmf2uoojXhZH9Avcd8AswHwYDVR0jBBgw
FoAUhBlKYAXlmf2uoojXhZH9Avcd8AswDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0B
AQsFAAOCAQEAF1DV0IaXPYNcqWiTiiDjsT11TNNnfn3ps6r8nNEDGNm3Vp76Uz8N
n+hUZq5Ez/jFcPAXz3xbLZDZj9aDWKLR0c4csPrqMEU30XImJHzII89+UsTtQHma
2tsYza+mYbHft/gx/nEmLppfJl3e2XqVmv58h+VFh1LHE+iZvJ2EvYY6qZhIaQWv
he3XGZ3PvafPs7tjqVbrBSxWwVqajxqXsYoRLmGv84JGGmFSdBoWgXaElWg+QAyC
zHNlnEDkrHObRdzRJtbZuHa57uVtvMTlcPag/QYod1qQcKpyV8Jby1W+XF4QO5xK
Msz5qyyoQaVEX9RHkimZ68PNXoyJcNSiIw==
-----END CERTIFICATE-----
</ca>


Note on config.
when gateway=1 there is a default gateway to the tunnel (--redirect-gateway def1).
when gateway=0 there are no routes imported (--route-noexec)
So I commented in /etc/init.d/vpn_openvpn_client.sh --redirect-gateway, so client is running
/usr/sbin/openvpnclient --config /etc/config/openvpn/clients/client1 --cd /etc/config/openvpn/clients


Route on client:

Code: Select all

# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.1.1     0.0.0.0         UG    1      0        0 eth0
10.8.0.0        10.8.0.5        255.255.255.0   UG    0      0        0 tun2001
10.8.0.0        0.0.0.0         255.255.255.0   U     0      0        0 tun2001
10.8.0.5        0.0.0.0         255.255.255.255 UH    0      0        0 tun2001
127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
192.168.0.0     10.8.0.5        255.255.255.0   UG    0      0        0 tun2001
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
192.168.1.16    0.0.0.0         255.255.255.255 UH    0      0        0 eth0
224.0.0.0       0.0.0.0         240.0.0.0       U     0      0        0 eth0
255.255.255.255 0.0.0.0         255.255.255.255 UH    0      0        0 eth0

IP-tables on client:

Code: Select all

# cat /proc/sys/net/ipv4/ip_forward
1
[/etc/config/openvpn] # iptables -t nat --list
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination         
MASQUERADE  all  --  anywhere             anywhere    

IP-forwarding on client:

Code: Select all

# cat /proc/sys/net/ipv4/ip_forward
1


3 log server

Code: Select all

Wed Nov 22 11:12:49 2017 us=86251 Current Parameter Settings:
Wed Nov 22 11:12:49 2017 us=86534   config = 'openvpn.conf'
Wed Nov 22 11:12:49 2017 us=86579   mode = 1
Wed Nov 22 11:12:49 2017 us=86615   persist_config = DISABLED
Wed Nov 22 11:12:49 2017 us=86651   persist_mode = 1
Wed Nov 22 11:12:49 2017 us=86686   show_ciphers = DISABLED
Wed Nov 22 11:12:49 2017 us=86722   show_digests = DISABLED
Wed Nov 22 11:12:49 2017 us=86756   show_engines = DISABLED
Wed Nov 22 11:12:49 2017 us=86791   genkey = DISABLED
Wed Nov 22 11:12:49 2017 us=86825   key_pass_file = '[UNDEF]'
Wed Nov 22 11:12:49 2017 us=86860   show_tls_ciphers = DISABLED
Wed Nov 22 11:12:49 2017 us=86894 Connection profiles [default]:
Wed Nov 22 11:12:49 2017 us=86930   proto = udp
Wed Nov 22 11:12:49 2017 us=86965   local = '[UNDEF]'
Wed Nov 22 11:12:49 2017 us=87000   local_port = 1194
Wed Nov 22 11:12:49 2017 us=87035   remote = '[UNDEF]'
Wed Nov 22 11:12:49 2017 us=87070   remote_port = 1194
Wed Nov 22 11:12:49 2017 us=87104   remote_float = DISABLED
Wed Nov 22 11:12:49 2017 us=87139   bind_defined = DISABLED
Wed Nov 22 11:12:49 2017 us=87174   bind_local = ENABLED
Wed Nov 22 11:12:49 2017 us=87208   connect_retry_seconds = 5
Wed Nov 22 11:12:49 2017 us=87243   connect_timeout = 10
Wed Nov 22 11:12:49 2017 us=87278   connect_retry_max = 0
Wed Nov 22 11:12:49 2017 us=87313   socks_proxy_server = '[UNDEF]'
Wed Nov 22 11:12:49 2017 us=87347   socks_proxy_port = 0
Wed Nov 22 11:12:49 2017 us=87382   socks_proxy_retry = DISABLED
Wed Nov 22 11:12:49 2017 us=87417   tun_mtu = 1500
Wed Nov 22 11:12:49 2017 us=87451   tun_mtu_defined = ENABLED
Wed Nov 22 11:12:49 2017 us=87485   link_mtu = 1500
Wed Nov 22 11:12:49 2017 us=87520   link_mtu_defined = DISABLED
Wed Nov 22 11:12:49 2017 us=87554   tun_mtu_extra = 0
Wed Nov 22 11:12:49 2017 us=87588   tun_mtu_extra_defined = DISABLED
Wed Nov 22 11:12:49 2017 us=87623   mtu_discover_type = -1
Wed Nov 22 11:12:49 2017 us=87657   fragment = 0
Wed Nov 22 11:12:49 2017 us=87718   mssfix = 1450
Wed Nov 22 11:12:49 2017 us=87756   explicit_exit_notification = 0
Wed Nov 22 11:12:49 2017 us=87791 Connection profiles END
Wed Nov 22 11:12:49 2017 us=87825   remote_random = DISABLED
Wed Nov 22 11:12:49 2017 us=87860   ipchange = '[UNDEF]'
Wed Nov 22 11:12:49 2017 us=87894   dev = 'tun'
Wed Nov 22 11:12:49 2017 us=87929   dev_type = '[UNDEF]'
Wed Nov 22 11:12:49 2017 us=87963   dev_node = '[UNDEF]'
Wed Nov 22 11:12:49 2017 us=87998   lladdr = '[UNDEF]'
Wed Nov 22 11:12:49 2017 us=88032   topology = 1
Wed Nov 22 11:12:49 2017 us=88067   tun_ipv6 = DISABLED
Wed Nov 22 11:12:49 2017 us=88101   ifconfig_local = '10.8.0.1'
Wed Nov 22 11:12:49 2017 us=88136   ifconfig_remote_netmask = '10.8.0.2'
Wed Nov 22 11:12:49 2017 us=88171   ifconfig_noexec = DISABLED
Wed Nov 22 11:12:49 2017 us=88205   ifconfig_nowarn = DISABLED
Wed Nov 22 11:12:49 2017 us=88240   ifconfig_ipv6_local = '[UNDEF]'
Wed Nov 22 11:12:49 2017 us=88275   ifconfig_ipv6_netbits = 0
Wed Nov 22 11:12:49 2017 us=88310   ifconfig_ipv6_remote = '[UNDEF]'
Wed Nov 22 11:12:49 2017 us=88345   shaper = 0
Wed Nov 22 11:12:49 2017 us=88379   mtu_test = 0
Wed Nov 22 11:12:49 2017 us=88414   mlock = DISABLED
Wed Nov 22 11:12:49 2017 us=88452   keepalive_ping = 10
Wed Nov 22 11:12:49 2017 us=88488   keepalive_timeout = 60
Wed Nov 22 11:12:49 2017 us=88523   inactivity_timeout = 0
Wed Nov 22 11:12:49 2017 us=88557   ping_send_timeout = 10
Wed Nov 22 11:12:49 2017 us=88592   ping_rec_timeout = 120
Wed Nov 22 11:12:49 2017 us=88627   ping_rec_timeout_action = 2
Wed Nov 22 11:12:49 2017 us=88662   ping_timer_remote = DISABLED
Wed Nov 22 11:12:49 2017 us=88697   remap_sigusr1 = 0
Wed Nov 22 11:12:49 2017 us=88731   persist_tun = ENABLED
Wed Nov 22 11:12:49 2017 us=88766   persist_local_ip = DISABLED
Wed Nov 22 11:12:49 2017 us=88800   persist_remote_ip = DISABLED
Wed Nov 22 11:12:49 2017 us=88835   persist_key = ENABLED
Wed Nov 22 11:12:49 2017 us=88869   passtos = DISABLED
Wed Nov 22 11:12:49 2017 us=88904   resolve_retry_seconds = 1000000000
Wed Nov 22 11:12:49 2017 us=88939   username = '[UNDEF]'
Wed Nov 22 11:12:49 2017 us=88974   groupname = '[UNDEF]'
Wed Nov 22 11:12:49 2017 us=89042   chroot_dir = '[UNDEF]'
Wed Nov 22 11:12:49 2017 us=89081   cd_dir = '/usr/syno/etc/packages/VPNCenter/openvpn'
Wed Nov 22 11:12:49 2017 us=89116   writepid = '/var/run/ovpn_server.pid'
Wed Nov 22 11:12:49 2017 us=89151   up_script = '[UNDEF]'
Wed Nov 22 11:12:49 2017 us=89186   down_script = '[UNDEF]'
Wed Nov 22 11:12:49 2017 us=89220   down_pre = DISABLED
Wed Nov 22 11:12:49 2017 us=89255   up_restart = DISABLED
Wed Nov 22 11:12:49 2017 us=89289   up_delay = DISABLED
Wed Nov 22 11:12:49 2017 us=89324   daemon = ENABLED
Wed Nov 22 11:12:49 2017 us=89358   inetd = 0
Wed Nov 22 11:12:49 2017 us=89392   log = ENABLED
Wed Nov 22 11:12:49 2017 us=89426   suppress_timestamps = DISABLED
Wed Nov 22 11:12:49 2017 us=89461   nice = 0
Wed Nov 22 11:12:49 2017 us=89495   verbosity = 4
Wed Nov 22 11:12:49 2017 us=89530   mute = 0
Wed Nov 22 11:12:49 2017 us=89564   gremlin = 0
Wed Nov 22 11:12:49 2017 us=89599   status_file = '/tmp/ovpn_status_2_result'
Wed Nov 22 11:12:49 2017 us=89634   status_file_version = 2
Wed Nov 22 11:12:49 2017 us=89668   status_file_update_freq = 30
Wed Nov 22 11:12:49 2017 us=89703   occ = ENABLED
Wed Nov 22 11:12:49 2017 us=89737   rcvbuf = 0
Wed Nov 22 11:12:49 2017 us=89772   sndbuf = 0
Wed Nov 22 11:12:49 2017 us=89807   mark = 0
Wed Nov 22 11:12:49 2017 us=89841   sockflags = 0
Wed Nov 22 11:12:49 2017 us=89876   fast_io = DISABLED
Wed Nov 22 11:12:49 2017 us=89911   lzo = 0
Wed Nov 22 11:12:49 2017 us=89945   route_script = '[UNDEF]'
Wed Nov 22 11:12:49 2017 us=89980   route_default_gateway = '[UNDEF]'
Wed Nov 22 11:12:49 2017 us=90015   route_default_metric = 0
Wed Nov 22 11:12:49 2017 us=90050   route_noexec = DISABLED
Wed Nov 22 11:12:49 2017 us=90085   route_delay = 0
Wed Nov 22 11:12:49 2017 us=90120   route_delay_window = 30
Wed Nov 22 11:12:49 2017 us=90155   route_delay_defined = DISABLED
Wed Nov 22 11:12:49 2017 us=90190   route_nopull = DISABLED
Wed Nov 22 11:12:49 2017 us=90242   route_gateway_via_dhcp = DISABLED
Wed Nov 22 11:12:49 2017 us=90278   max_routes = 100
Wed Nov 22 11:12:49 2017 us=90313   allow_pull_fqdn = DISABLED
Wed Nov 22 11:12:49 2017 us=90354   route 192.168.1.0/255.255.255.0/nil/nil
Wed Nov 22 11:12:49 2017 us=90392   route 10.8.0.0/255.255.255.0/nil/nil
Wed Nov 22 11:12:49 2017 us=90429   management_addr = '127.0.0.1'
Wed Nov 22 11:12:49 2017 us=90464   management_port = 1195
Wed Nov 22 11:12:49 2017 us=90500   management_user_pass = '[UNDEF]'
Wed Nov 22 11:12:49 2017 us=90536   management_log_history_cache = 250
Wed Nov 22 11:12:49 2017 us=90571   management_echo_buffer_size = 100
Wed Nov 22 11:12:49 2017 us=90606   management_write_peer_info_file = '[UNDEF]'
Wed Nov 22 11:12:49 2017 us=90641   management_client_user = '[UNDEF]'
Wed Nov 22 11:12:49 2017 us=90677   management_client_group = '[UNDEF]'
Wed Nov 22 11:12:49 2017 us=90712   management_flags = 0
Wed Nov 22 11:12:49 2017 us=90753   plugin[0] /var/packages/VPNCenter/target/lib/radiusplugin.so '[/var/packages/VPNCenter/target/lib/radiusplugin.so] [/var/packages/VPNCenter/target/etc/openvpn/radiusplugin.cnf]'
Wed Nov 22 11:12:49 2017 us=90790   shared_secret_file = '[UNDEF]'
Wed Nov 22 11:12:49 2017 us=90825   key_direction = 0
Wed Nov 22 11:12:49 2017 us=90861   ciphername_defined = ENABLED
Wed Nov 22 11:12:49 2017 us=90897   ciphername = 'BF-CBC'
Wed Nov 22 11:12:49 2017 us=90932   authname_defined = ENABLED
Wed Nov 22 11:12:49 2017 us=90967   authname = 'SHA1'
Wed Nov 22 11:12:49 2017 us=91002   prng_hash = 'SHA1'
Wed Nov 22 11:12:49 2017 us=91038   prng_nonce_secret_len = 16
Wed Nov 22 11:12:49 2017 us=91073   keysize = 0
Wed Nov 22 11:12:49 2017 us=91108   engine = DISABLED
Wed Nov 22 11:12:49 2017 us=91143   replay = ENABLED
Wed Nov 22 11:12:49 2017 us=91178   mute_replay_warnings = DISABLED
Wed Nov 22 11:12:49 2017 us=91213   replay_window = 64
Wed Nov 22 11:12:49 2017 us=91248   replay_time = 15
Wed Nov 22 11:12:49 2017 us=91282   packet_id_file = '[UNDEF]'
Wed Nov 22 11:12:49 2017 us=91317   use_iv = ENABLED
Wed Nov 22 11:12:49 2017 us=91353   test_crypto = DISABLED
Wed Nov 22 11:12:49 2017 us=91387   tls_server = ENABLED
Wed Nov 22 11:12:49 2017 us=91422   tls_client = DISABLED
Wed Nov 22 11:12:49 2017 us=91458   key_method = 2
Wed Nov 22 11:12:49 2017 us=91493   ca_file = '/var/packages/VPNCenter/target/etc/openvpn/keys/ca.crt'
Wed Nov 22 11:12:49 2017 us=91528   ca_path = '[UNDEF]'
Wed Nov 22 11:12:49 2017 us=91563   dh_file = '/var/packages/VPNCenter/target/etc/openvpn/keys/dh3072.pem'
Wed Nov 22 11:12:49 2017 us=91599   cert_file = '/var/packages/VPNCenter/target/etc/openvpn/keys/server.crt'
Wed Nov 22 11:12:49 2017 us=91634   extra_certs_file = '[UNDEF]'
Wed Nov 22 11:12:49 2017 us=91670   priv_key_file = '/var/packages/VPNCenter/target/etc/openvpn/keys/server.key'
Wed Nov 22 11:12:49 2017 us=91705   pkcs12_file = '[UNDEF]'
Wed Nov 22 11:12:49 2017 us=91788   cipher_list = '[UNDEF]'
Wed Nov 22 11:12:49 2017 us=91854   tls_verify = '[UNDEF]'
Wed Nov 22 11:12:49 2017 us=91893   tls_export_cert = '[UNDEF]'
Wed Nov 22 11:12:49 2017 us=91929   verify_x509_type = 0
Wed Nov 22 11:12:49 2017 us=91964   verify_x509_name = '[UNDEF]'
Wed Nov 22 11:12:49 2017 us=91999   crl_file = '[UNDEF]'
Wed Nov 22 11:12:49 2017 us=92034   ns_cert_type = 0
Wed Nov 22 11:12:49 2017 us=92069   remote_cert_ku[i] = 0
Wed Nov 22 11:12:49 2017 us=92104   remote_cert_ku[i] = 0
Wed Nov 22 11:12:49 2017 us=92138   remote_cert_ku[i] = 0
Wed Nov 22 11:12:49 2017 us=92173   remote_cert_ku[i] = 0
Wed Nov 22 11:12:49 2017 us=92208   remote_cert_ku[i] = 0
Wed Nov 22 11:12:49 2017 us=92242   remote_cert_ku[i] = 0
Wed Nov 22 11:12:49 2017 us=92277   remote_cert_ku[i] = 0
Wed Nov 22 11:12:49 2017 us=92312   remote_cert_ku[i] = 0
Wed Nov 22 11:12:49 2017 us=92347   remote_cert_ku[i] = 0
Wed Nov 22 11:12:49 2017 us=92382   remote_cert_ku[i] = 0
Wed Nov 22 11:12:49 2017 us=92417   remote_cert_ku[i] = 0
Wed Nov 22 11:12:49 2017 us=92452   remote_cert_ku[i] = 0
Wed Nov 22 11:12:49 2017 us=92487   remote_cert_ku[i] = 0
Wed Nov 22 11:12:49 2017 us=92536   remote_cert_ku[i] = 0
Wed Nov 22 11:12:49 2017 us=92574   remote_cert_ku[i] = 0
Wed Nov 22 11:12:49 2017 us=92609   remote_cert_ku[i] = 0
Wed Nov 22 11:12:49 2017 us=92643   remote_cert_eku = '[UNDEF]'
Wed Nov 22 11:12:49 2017 us=92678   ssl_flags = 3
Wed Nov 22 11:12:49 2017 us=92713   tls_timeout = 2
Wed Nov 22 11:12:49 2017 us=92748   renegotiate_bytes = 0
Wed Nov 22 11:12:49 2017 us=92783   renegotiate_packets = 0
Wed Nov 22 11:12:49 2017 us=92818   renegotiate_seconds = 0
Wed Nov 22 11:12:49 2017 us=92853   handshake_window = 60
Wed Nov 22 11:12:49 2017 us=92889   transition_window = 3600
Wed Nov 22 11:12:49 2017 us=92923   single_session = DISABLED
Wed Nov 22 11:12:49 2017 us=92958   push_peer_info = DISABLED
Wed Nov 22 11:12:49 2017 us=92993   tls_exit = DISABLED
Wed Nov 22 11:12:49 2017 us=93028   tls_auth_file = '[UNDEF]'
Wed Nov 22 11:12:49 2017 us=93067   server_network = 10.8.0.0
Wed Nov 22 11:12:49 2017 us=93106   server_netmask = 255.255.255.0
Wed Nov 22 11:12:49 2017 us=93161   server_network_ipv6 = ::
Wed Nov 22 11:12:49 2017 us=93200   server_netbits_ipv6 = 0
Wed Nov 22 11:12:49 2017 us=93239   server_bridge_ip = 0.0.0.0
Wed Nov 22 11:12:49 2017 us=93277   server_bridge_netmask = 0.0.0.0
Wed Nov 22 11:12:49 2017 us=93315   server_bridge_pool_start = 0.0.0.0
Wed Nov 22 11:12:49 2017 us=93353   server_bridge_pool_end = 0.0.0.0
Wed Nov 22 11:12:49 2017 us=93388   push_entry = 'route 192.168.0.0 255.255.255.0'
Wed Nov 22 11:12:49 2017 us=93423   push_entry = 'route 192.168.1.0 255.255.255.0'
Wed Nov 22 11:12:49 2017 us=93459   push_entry = 'route 10.8.0.0 255.255.255.0'
Wed Nov 22 11:12:49 2017 us=93494   push_entry = 'topology net30'
Wed Nov 22 11:12:49 2017 us=93528   push_entry = 'ping 10'
Wed Nov 22 11:12:49 2017 us=93563   push_entry = 'ping-restart 60'
Wed Nov 22 11:12:49 2017 us=93668   ifconfig_pool_defined = ENABLED
Wed Nov 22 11:12:49 2017 us=93754   ifconfig_pool_start = 10.8.0.4
Wed Nov 22 11:12:49 2017 us=93843   ifconfig_pool_end = 10.8.0.251
Wed Nov 22 11:12:49 2017 us=93883   ifconfig_pool_netmask = 0.0.0.0
Wed Nov 22 11:12:49 2017 us=93958   ifconfig_pool_persist_filename = '[UNDEF]'
Wed Nov 22 11:12:49 2017 us=93995   ifconfig_pool_persist_refresh_freq = 600
Wed Nov 22 11:12:49 2017 us=94069   ifconfig_ipv6_pool_defined = DISABLED
Wed Nov 22 11:12:49 2017 us=94151   ifconfig_ipv6_pool_base = ::
Wed Nov 22 11:12:49 2017 us=94225   ifconfig_ipv6_pool_netbits = 0
Wed Nov 22 11:12:49 2017 us=94262   n_bcast_buf = 256
Wed Nov 22 11:12:49 2017 us=94336   tcp_queue_limit = 64
Wed Nov 22 11:12:49 2017 us=94469   real_hash_size = 256
Wed Nov 22 11:12:49 2017 us=94542   virtual_hash_size = 256
Wed Nov 22 11:12:49 2017 us=94604   client_connect_script = '[UNDEF]'
Wed Nov 22 11:12:49 2017 us=94642   learn_address_script = '[UNDEF]'
Wed Nov 22 11:12:49 2017 us=94677   client_disconnect_script = '[UNDEF]'
Wed Nov 22 11:12:49 2017 us=94713   client_config_dir = '/var/packages/VPNCenter/etc/openvpn/ccd'
Wed Nov 22 11:12:49 2017 us=94748   ccd_exclusive = DISABLED
Wed Nov 22 11:12:49 2017 us=94784   tmp_dir = '/tmp'
Wed Nov 22 11:12:49 2017 us=94819   push_ifconfig_defined = DISABLED
Wed Nov 22 11:12:49 2017 us=94857   push_ifconfig_local = 0.0.0.0
Wed Nov 22 11:12:49 2017 us=94896   push_ifconfig_remote_netmask = 0.0.0.0
Wed Nov 22 11:12:49 2017 us=94931   push_ifconfig_ipv6_defined = DISABLED
Wed Nov 22 11:12:49 2017 us=94970   push_ifconfig_ipv6_local = ::/0
Wed Nov 22 11:12:49 2017 us=95007   push_ifconfig_ipv6_remote = ::
Wed Nov 22 11:12:49 2017 us=95042   enable_c2c = ENABLED
Wed Nov 22 11:12:49 2017 us=95077   duplicate_cn = DISABLED
Wed Nov 22 11:12:49 2017 us=95112   cf_max = 0
Wed Nov 22 11:12:49 2017 us=95147   cf_per = 0
Wed Nov 22 11:12:49 2017 us=95182   max_clients = 5
Wed Nov 22 11:12:49 2017 us=95218   max_routes_per_client = 256
Wed Nov 22 11:12:49 2017 us=95253   auth_user_pass_verify_script = '[UNDEF]'
Wed Nov 22 11:12:49 2017 us=95289   auth_user_pass_verify_script_via_file = DISABLED
Wed Nov 22 11:12:49 2017 us=95324   port_share_host = '[UNDEF]'
Wed Nov 22 11:12:49 2017 us=95376   port_share_port = 0
Wed Nov 22 11:12:49 2017 us=95412   client = DISABLED
Wed Nov 22 11:12:49 2017 us=95447   pull = DISABLED
Wed Nov 22 11:12:49 2017 us=95482   auth_user_pass_file = '[UNDEF]'
Wed Nov 22 11:12:49 2017 us=95520 OpenVPN 2.3.11 armle-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Aug  1 2017
Wed Nov 22 11:12:49 2017 us=95580 library versions: OpenSSL 1.0.2l-fips  25 May 2017, LZO 2.09
Wed Nov 22 11:12:49 2017 us=97248 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:1195
Wed Nov 22 11:12:49 2017 us=97834 NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x.  Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
Wed Nov 22 11:12:49 2017 RADIUS-PLUGIN: Configfile name: /var/packages/VPNCenter/target/etc/openvpn/radiusplugin.cnf.
Wed Nov 22 11:12:49 2017 us=99716 PLUGIN_INIT: POST /var/packages/VPNCenter/target/lib/radiusplugin.so '[/var/packages/VPNCenter/target/lib/radiusplugin.so] [/var/packages/VPNCenter/target/etc/openvpn/radiusplugin.cnf]' intercepted=PLUGIN_AUTH_USER_PASS_VERIFY|PLUGIN_CLIENT_CONNECT|PLUGIN_CLIENT_DISCONNECT 
Wed Nov 22 11:12:49 2017 us=100976 Diffie-Hellman initialized with 3072 bit key
Wed Nov 22 11:12:49 2017 us=101074 WARNING: POTENTIALLY DANGEROUS OPTION --client-cert-not-required may accept clients which do not present a certificate
Wed Nov 22 11:12:49 2017 us=102571 TLS-Auth MTU parms [ L:1541 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Wed Nov 22 11:12:49 2017 us=102690 Socket Buffers: R=[163840->163840] S=[163840->163840]
Wed Nov 22 11:12:49 2017 us=103016 ROUTE_GATEWAY 192.168.0.1/255.255.255.0 IFACE=eth0 HWADDR=00:11:32:71:52:65
Wed Nov 22 11:12:49 2017 us=103946 TUN/TAP device tun0 opened
Wed Nov 22 11:12:49 2017 us=104065 TUN/TAP TX queue length set to 100
Wed Nov 22 11:12:49 2017 us=104776 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Wed Nov 22 11:12:49 2017 us=104909 /sbin/ifconfig tun0 10.8.0.1 pointopoint 10.8.0.2 mtu 1500
Wed Nov 22 11:12:49 2017 us=109784 /sbin/route add -net 192.168.1.0 netmask 255.255.255.0 gw 10.8.0.2
Wed Nov 22 11:12:49 2017 us=119790 /sbin/route add -net 10.8.0.0 netmask 255.255.255.0 gw 10.8.0.2
Wed Nov 22 11:12:49 2017 us=122963 Data Channel MTU parms [ L:1541 D:1450 EF:41 EB:12 ET:0 EL:3 ]
Wed Nov 22 11:12:49 2017 us=123096 UDPv4 link local (bound): [undef]
Wed Nov 22 11:12:49 2017 us=123148 UDPv4 link remote: [undef]
Wed Nov 22 11:12:49 2017 us=123213 MULTI: multi_init called, r=256 v=256
Wed Nov 22 11:12:49 2017 us=123322 IFCONFIG POOL: base=10.8.0.4 size=62, ipv6=0
Wed Nov 22 11:12:49 2017 us=123436 Initialization Sequence Completed
Wed Nov 22 11:13:12 2017 us=408601 MULTI: multi_create_instance called
Wed Nov 22 11:13:12 2017 us=408827 <cut real IP client>:44599 Re-using SSL/TLS context
Wed Nov 22 11:13:12 2017 us=409123 <cut real IP client>:44599 Control Channel MTU parms [ L:1541 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Wed Nov 22 11:13:12 2017 us=409209 <cut real IP client>:44599 Data Channel MTU parms [ L:1541 D:1450 EF:41 EB:12 ET:0 EL:3 ]
Wed Nov 22 11:13:12 2017 us=409330 <cut real IP client>8:44599 Local Options String: 'V4,dev-type tun,link-mtu 1541,tun-mtu 1500,proto UDPv4,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Wed Nov 22 11:13:12 2017 us=409385 <cut real IP client>:44599 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1541,tun-mtu 1500,proto UDPv4,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Wed Nov 22 11:13:12 2017 us=409469 <cut real IP client>:44599 Local Options hash (VER=V4): '239669a8'
Wed Nov 22 11:13:12 2017 us=409539 <cut real IP client>:44599 Expected Remote Options hash (VER=V4): '3514370b'
Wed Nov 22 11:13:12 2017 us=409665 <cut real IP client>:44599 TLS: Initial packet from [AF_INET]<cut real IP client>:44599, sid=e3d81dab e7f7316a
Wed Nov 22 11:13:22 2017 RADIUS-PLUGIN: FOREGROUND THREAD: Auth_user_pass_verify thread started.
Wed Nov 22 11:13:22 2017 RADIUS-PLUGIN: FOREGROUND THREAD: New user.
Wed Nov 22 11:13:22 2017 RADIUS-PLUGIN: No attributes Acct Interim Interval or bad length.
Wed Nov 22 11:13:22 2017 RADIUS-PLUGIN: Client config file was not written, overwriteccfiles is false 
.Wed Nov 22 11:13:22 2017 RADIUS-PLUGIN: FOREGROUND THREAD: Add user to map.
Wed Nov 22 11:13:22 2017 us=402170 <cut real IP client>:44599 PLUGIN_CALL: POST /var/packages/VPNCenter/target/lib/radiusplugin.so/PLUGIN_AUTH_USER_PASS_VERIFY status=0
Wed Nov 22 11:13:22 2017 us=402304 <cut real IP client>8:44599 TLS: Username/Password authentication succeeded for username 'VPN-server03' [CN SET]
Wed Nov 22 11:13:22 2017 us=402765 <cut real IP client>:44599 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Nov 22 11:13:22 2017 us=402827 <cut real IP client>:44599 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Nov 22 11:13:22 2017 us=402956 <cut real IP client>:44599 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Nov 22 11:13:22 2017 us=403004 <cut real IP client>:44599 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Nov 22 11:13:22 2017 us=435197 <cut real IP client>:44599 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384
Wed Nov 22 11:13:22 2017 us=435357 <cut real IP client>8:44599 [VPN-server03] Peer Connection Initiated with [AF_INET]<cut real IP client>8:44599
Wed Nov 22 11:13:22 2017 us=435515 VPN-server03/<cut real IP client>:44599 OPTIONS IMPORT: reading client specific options from: /var/packages/VPNCenter/etc/openvpn/ccd/VPN-server03
Wed Nov 22 11:13:22 2017 us=435724 VPN-server03/<cut real IP client>:44599 MULTI_sva: pool returned IPv4=10.8.0.6, IPv6=(Not enabled)
Wed Nov 22 11:13:22 2017 us=438713 VPN-server03/<cut real IP client>:44599 PLUGIN_CALL: POST /var/packages/VPNCenter/target/lib/radiusplugin.so/PLUGIN_CLIENT_CONNECT status=0
Wed Nov 22 11:13:22 2017 us=438848 VPN-server03/<cut real IP client>:44599 OPTIONS IMPORT: reading client specific options from: /tmp/openvpn_cc_941c3417435962d52f7fb5e892f66af0.tmp
Wed Nov 22 11:13:22 2017 us=439021 VPN-server03/<cut real IP client>:44599 MULTI: Learn: 10.8.0.6 -> VPN-server03/<cut real IP client>:44599
Wed Nov 22 11:13:22 2017 us=439076 VPN-server03/<cut real IP client>:44599 MULTI: primary virtual IP for VPN-server03/<cut real IP client>:44599: 10.8.0.6
Wed Nov 22 11:13:22 2017 us=439123 VPN-server03/<cut real IP client>:44599 MULTI: internal route 192.168.1.0/24 -> VPN-server03/<cut real IP client>:44599
Wed Nov 22 11:13:22 2017 us=439177 VPN-server03/<cut real IP client>:44599 MULTI: Learn: 192.168.1.0/24 -> VPN-server03/<cut real IP client>:44599
Wed Nov 22 11:13:22 2017 us=439234 VPN-server03/<cut real IP client>:44599 REMOVE PUSH ROUTE: 'route 192.168.1.0 255.255.255.0'
Wed Nov 22 11:13:23 2017 us=527986 VPN-server03/<cut real IP client>:44599 PUSH: Received control message: 'PUSH_REQUEST'
Wed Nov 22 11:13:23 2017 us=528117 VPN-server03/<cut real IP client>:44599 send_push_reply(): safe_cap=940
Wed Nov 22 11:13:23 2017 us=528205 VPN-server03/<cut real IP client>:44599 SENT CONTROL [VPN-server03]: 'PUSH_REPLY,route 192.168.0.0 255.255.255.0,route 10.8.0.0 255.255.255.0,topology net30,ping 10,ping-restart 60,ifconfig 10.8.0.6 10.8.0.5' (status=1)
Wed Nov 22 11:14:11 2017 us=341925 MULTI: Learn: 192.168.1.16 -> VPN-server03/<cut real IP client>:44599

4 client log

Code: Select all

Wed Nov 22 11:13:10 2017 us=216033 Current Parameter Settings:
Wed Nov 22 11:13:10 2017 us=216632   config = '/etc/config/openvpn/clients/client1'
Wed Nov 22 11:13:10 2017 us=216724   mode = 0
Wed Nov 22 11:13:10 2017 us=216803   persist_config = DISABLED
Wed Nov 22 11:13:10 2017 us=216882   persist_mode = 1
Wed Nov 22 11:13:10 2017 us=216958   show_ciphers = DISABLED
Wed Nov 22 11:13:10 2017 us=217048   show_digests = DISABLED
Wed Nov 22 11:13:10 2017 us=217127   show_engines = DISABLED
Wed Nov 22 11:13:10 2017 us=217205   genkey = DISABLED
Wed Nov 22 11:13:10 2017 us=217283   key_pass_file = '[UNDEF]'
Wed Nov 22 11:13:10 2017 us=217361   show_tls_ciphers = DISABLED
Wed Nov 22 11:13:10 2017 us=217439   connect_retry_max = 1
Wed Nov 22 11:13:10 2017 us=217516 Connection profiles [0]:
Wed Nov 22 11:13:10 2017 us=217595   proto = udp
Wed Nov 22 11:13:10 2017 us=217671   local = '[UNDEF]'
Wed Nov 22 11:13:10 2017 us=217747   local_port = '[UNDEF]'
Wed Nov 22 11:13:10 2017 us=217824   remote = '<cut real FQDN server>'
Wed Nov 22 11:13:10 2017 us=217899   remote_port = '1194'
Wed Nov 22 11:13:10 2017 us=217975   remote_float = DISABLED
Wed Nov 22 11:13:10 2017 us=218052   bind_defined = DISABLED
Wed Nov 22 11:13:10 2017 us=218128   bind_local = DISABLED
Wed Nov 22 11:13:10 2017 us=218204   bind_ipv6_only = DISABLED
Wed Nov 22 11:13:10 2017 us=218282   connect_retry_seconds = 5
Wed Nov 22 11:13:10 2017 us=218359   connect_timeout = 120
Wed Nov 22 11:13:10 2017 us=218436   socks_proxy_server = '[UNDEF]'
Wed Nov 22 11:13:10 2017 us=218512   socks_proxy_port = '[UNDEF]'
Wed Nov 22 11:13:10 2017 us=218589   tun_mtu = 1500
Wed Nov 22 11:13:10 2017 us=218664   tun_mtu_defined = ENABLED
Wed Nov 22 11:13:10 2017 us=218740   link_mtu = 1500
Wed Nov 22 11:13:10 2017 us=218816   link_mtu_defined = DISABLED
Wed Nov 22 11:13:10 2017 us=218893   tun_mtu_extra = 0
Wed Nov 22 11:13:10 2017 us=218968   tun_mtu_extra_defined = DISABLED
Wed Nov 22 11:13:10 2017 us=219045   mtu_discover_type = -1
Wed Nov 22 11:13:10 2017 us=219122   fragment = 0
Wed Nov 22 11:13:10 2017 us=219197   mssfix = 1450
Wed Nov 22 11:13:10 2017 us=219274   explicit_exit_notification = 1
Wed Nov 22 11:13:10 2017 us=219350 Connection profiles END
Wed Nov 22 11:13:10 2017 us=219426   remote_random = DISABLED
Wed Nov 22 11:13:10 2017 us=219503   ipchange = '[UNDEF]'
Wed Nov 22 11:13:10 2017 us=219579   dev = 'tun2001'
Wed Nov 22 11:13:10 2017 us=219656   dev_type = '[UNDEF]'
Wed Nov 22 11:13:10 2017 us=219731   dev_node = '[UNDEF]'
Wed Nov 22 11:13:10 2017 us=219808   lladdr = '[UNDEF]'
Wed Nov 22 11:13:10 2017 us=219884   topology = 1
Wed Nov 22 11:13:10 2017 us=219960   ifconfig_local = '[UNDEF]'
Wed Nov 22 11:13:10 2017 us=220037   ifconfig_remote_netmask = '[UNDEF]'
Wed Nov 22 11:13:10 2017 us=220113   ifconfig_noexec = DISABLED
Wed Nov 22 11:13:10 2017 us=220191   ifconfig_nowarn = DISABLED
Wed Nov 22 11:13:10 2017 us=220266   ifconfig_ipv6_local = '[UNDEF]'
Wed Nov 22 11:13:10 2017 us=220344   ifconfig_ipv6_netbits = 0
Wed Nov 22 11:13:10 2017 us=220420   ifconfig_ipv6_remote = '[UNDEF]'
Wed Nov 22 11:13:10 2017 us=220496   shaper = 0
Wed Nov 22 11:13:10 2017 us=220572   mtu_test = 0
Wed Nov 22 11:13:10 2017 us=220646   mlock = DISABLED
Wed Nov 22 11:13:10 2017 us=220723   keepalive_ping = 0
Wed Nov 22 11:13:10 2017 us=220800   keepalive_timeout = 0
Wed Nov 22 11:13:10 2017 us=220877   inactivity_timeout = 0
Wed Nov 22 11:13:10 2017 us=220953   ping_send_timeout = 0
Wed Nov 22 11:13:10 2017 us=221030   ping_rec_timeout = 0
Wed Nov 22 11:13:10 2017 us=221106   ping_rec_timeout_action = 0
Wed Nov 22 11:13:10 2017 us=221182   ping_timer_remote = DISABLED
Wed Nov 22 11:13:10 2017 us=222788   remap_sigusr1 = 15
Wed Nov 22 11:13:10 2017 us=222899   persist_tun = DISABLED
Wed Nov 22 11:13:10 2017 us=222981   persist_local_ip = DISABLED
Wed Nov 22 11:13:10 2017 us=223059   persist_remote_ip = DISABLED
Wed Nov 22 11:13:10 2017 us=223136   persist_key = DISABLED
Wed Nov 22 11:13:10 2017 us=223212   passtos = DISABLED
Wed Nov 22 11:13:10 2017 us=223290   resolve_retry_seconds = 1000000000
Wed Nov 22 11:13:10 2017 us=223400   resolve_in_advance = DISABLED
Wed Nov 22 11:13:10 2017 us=223479   username = '[UNDEF]'
Wed Nov 22 11:13:10 2017 us=223556   groupname = '[UNDEF]'
Wed Nov 22 11:13:10 2017 us=223632   chroot_dir = '[UNDEF]'
Wed Nov 22 11:13:10 2017 us=223709   cd_dir = '/etc/config/openvpn/clients'
Wed Nov 22 11:13:10 2017 us=223800   writepid = '[UNDEF]'
Wed Nov 22 11:13:10 2017 us=223882   up_script = '/etc/openvpn/openvpn_up'
Wed Nov 22 11:13:10 2017 us=223959   down_script = '/etc/openvpn/openvpn_down'
Wed Nov 22 11:13:10 2017 us=224035   down_pre = DISABLED
Wed Nov 22 11:13:10 2017 us=224111   up_restart = DISABLED
Wed Nov 22 11:13:10 2017 us=224187   up_delay = DISABLED
Wed Nov 22 11:13:10 2017 us=224263   daemon = ENABLED
Wed Nov 22 11:13:10 2017 us=224339   inetd = 0
Wed Nov 22 11:13:10 2017 us=224415   log = ENABLED
Wed Nov 22 11:13:10 2017 us=224491   suppress_timestamps = DISABLED
Wed Nov 22 11:13:10 2017 us=224567   machine_readable_output = DISABLED
Wed Nov 22 11:13:10 2017 us=224644   nice = 0
Wed Nov 22 11:13:10 2017 us=224720   verbosity = 4
Wed Nov 22 11:13:10 2017 us=224795   mute = 0
Wed Nov 22 11:13:10 2017 us=224871   gremlin = 0
Wed Nov 22 11:13:10 2017 us=224959   status_file = '[UNDEF]'
Wed Nov 22 11:13:10 2017 us=225040   status_file_version = 1
Wed Nov 22 11:13:10 2017 us=225118   status_file_update_freq = 60
Wed Nov 22 11:13:10 2017 us=225195   occ = ENABLED
Wed Nov 22 11:13:10 2017 us=225272   rcvbuf = 0
Wed Nov 22 11:13:10 2017 us=225349   sndbuf = 0
Wed Nov 22 11:13:10 2017 us=225426   sockflags = 0
Wed Nov 22 11:13:10 2017 us=225501   fast_io = DISABLED
Wed Nov 22 11:13:10 2017 us=225578   comp.alg = 0
Wed Nov 22 11:13:10 2017 us=225655   comp.flags = 0
Wed Nov 22 11:13:10 2017 us=225731   route_script = '[UNDEF]'
Wed Nov 22 11:13:10 2017 us=225808   route_default_gateway = '[UNDEF]'
Wed Nov 22 11:13:10 2017 us=225887   route_default_metric = 0
Wed Nov 22 11:13:10 2017 us=225964   route_noexec = DISABLED
Wed Nov 22 11:13:10 2017 us=226043   route_delay = 0
Wed Nov 22 11:13:10 2017 us=226121   route_delay_window = 30
Wed Nov 22 11:13:10 2017 us=226198   route_delay_defined = DISABLED
Wed Nov 22 11:13:10 2017 us=226275   route_nopull = DISABLED
Wed Nov 22 11:13:10 2017 us=226354   route_gateway_via_dhcp = DISABLED
Wed Nov 22 11:13:10 2017 us=226431   allow_pull_fqdn = DISABLED
Wed Nov 22 11:13:10 2017 us=226510   management_addr = '/tmp/openvpn.client1.sock'
Wed Nov 22 11:13:10 2017 us=226588   management_port = 'unix'
Wed Nov 22 11:13:10 2017 us=226665   management_user_pass = '[UNDEF]'
Wed Nov 22 11:13:10 2017 us=226744   management_log_history_cache = 250
Wed Nov 22 11:13:10 2017 us=226823   management_echo_buffer_size = 100
Wed Nov 22 11:13:10 2017 us=226900   management_write_peer_info_file = '[UNDEF]'
Wed Nov 22 11:13:10 2017 us=226979   management_client_user = '[UNDEF]'
Wed Nov 22 11:13:10 2017 us=227057   management_client_group = '[UNDEF]'
Wed Nov 22 11:13:10 2017 us=227136   management_flags = 258
Wed Nov 22 11:13:10 2017 us=227229   plugin[0] /usr/lib/vpn_ext.so '[/usr/lib/vpn_ext.so] [1]'
Wed Nov 22 11:13:10 2017 us=227308   shared_secret_file = '[UNDEF]'
Wed Nov 22 11:13:10 2017 us=227387   key_direction = 0
Wed Nov 22 11:13:10 2017 us=227464   ciphername = 'BF-CBC'
Wed Nov 22 11:13:10 2017 us=227542   ncp_enabled = ENABLED
Wed Nov 22 11:13:10 2017 us=227621   ncp_ciphers = 'AES-256-GCM:AES-128-GCM'
Wed Nov 22 11:13:10 2017 us=227698   authname = 'SHA1'
Wed Nov 22 11:13:10 2017 us=227776   prng_hash = 'SHA1'
Wed Nov 22 11:13:10 2017 us=227855   prng_nonce_secret_len = 16
Wed Nov 22 11:13:10 2017 us=227933   keysize = 0
Wed Nov 22 11:13:10 2017 us=228010   engine = DISABLED
Wed Nov 22 11:13:10 2017 us=228087   replay = ENABLED
Wed Nov 22 11:13:10 2017 us=228164   mute_replay_warnings = DISABLED
Wed Nov 22 11:13:10 2017 us=228243   replay_window = 64
Wed Nov 22 11:13:10 2017 us=228321   replay_time = 15
Wed Nov 22 11:13:10 2017 us=228398   packet_id_file = '[UNDEF]'
Wed Nov 22 11:13:10 2017 us=228475   use_iv = ENABLED
Wed Nov 22 11:13:10 2017 us=228551   test_crypto = DISABLED
Wed Nov 22 11:13:10 2017 us=228655   tls_server = DISABLED
Wed Nov 22 11:13:10 2017 us=228735   tls_client = ENABLED
Wed Nov 22 11:13:10 2017 us=228814   key_method = 2
Wed Nov 22 11:13:10 2017 us=228891   ca_file = '[[INLINE]]'
Wed Nov 22 11:13:10 2017 us=228968   ca_path = '[UNDEF]'
Wed Nov 22 11:13:10 2017 us=229045   dh_file = '[UNDEF]'
Wed Nov 22 11:13:10 2017 us=229122   cert_file = '[UNDEF]'
Wed Nov 22 11:13:10 2017 us=229199   extra_certs_file = '[UNDEF]'
Wed Nov 22 11:13:10 2017 us=229277   priv_key_file = '[UNDEF]'
Wed Nov 22 11:13:10 2017 us=229355   pkcs12_file = '[UNDEF]'
Wed Nov 22 11:13:10 2017 us=229433   cipher_list = '[UNDEF]'
Wed Nov 22 11:13:10 2017 us=229512   tls_verify = '[UNDEF]'
Wed Nov 22 11:13:10 2017 us=229590   tls_export_cert = '[UNDEF]'
Wed Nov 22 11:13:10 2017 us=229670   verify_x509_type = 0
Wed Nov 22 11:13:10 2017 us=229747   verify_x509_name = '[UNDEF]'
Wed Nov 22 11:13:10 2017 us=229824   crl_file = '[UNDEF]'
Wed Nov 22 11:13:10 2017 us=229902   ns_cert_type = 0
Wed Nov 22 11:13:10 2017 us=229981   remote_cert_ku[i] = 0
Wed Nov 22 11:13:10 2017 us=230059   remote_cert_ku[i] = 0
Wed Nov 22 11:13:10 2017 us=230137   remote_cert_ku[i] = 0
Wed Nov 22 11:13:10 2017 us=230215   remote_cert_ku[i] = 0
Wed Nov 22 11:13:10 2017 us=230293   remote_cert_ku[i] = 0
Wed Nov 22 11:13:10 2017 us=230371   remote_cert_ku[i] = 0
Wed Nov 22 11:13:10 2017 us=230448   remote_cert_ku[i] = 0
Wed Nov 22 11:13:10 2017 us=230526   remote_cert_ku[i] = 0
Wed Nov 22 11:13:10 2017 us=230603   remote_cert_ku[i] = 0
Wed Nov 22 11:13:10 2017 us=230681   remote_cert_ku[i] = 0
Wed Nov 22 11:13:10 2017 us=230757   remote_cert_ku[i] = 0
Wed Nov 22 11:13:10 2017 us=230835   remote_cert_ku[i] = 0
Wed Nov 22 11:13:10 2017 us=230914   remote_cert_ku[i] = 0
Wed Nov 22 11:13:10 2017 us=230991   remote_cert_ku[i] = 0
Wed Nov 22 11:13:10 2017 us=231069   remote_cert_ku[i] = 0
Wed Nov 22 11:13:10 2017 us=231148   remote_cert_ku[i] = 0
Wed Nov 22 11:13:10 2017 us=231372   remote_cert_eku = '[UNDEF]'
Wed Nov 22 11:13:10 2017 us=231470   ssl_flags = 0
Wed Nov 22 11:13:10 2017 us=231549   tls_timeout = 2
Wed Nov 22 11:13:10 2017 us=231627   renegotiate_bytes = -1
Wed Nov 22 11:13:10 2017 us=231706   renegotiate_packets = 0
Wed Nov 22 11:13:10 2017 us=231784   renegotiate_seconds = 0
Wed Nov 22 11:13:10 2017 us=231862   handshake_window = 60
Wed Nov 22 11:13:10 2017 us=231941   transition_window = 3600
Wed Nov 22 11:13:10 2017 us=232018   single_session = DISABLED
Wed Nov 22 11:13:10 2017 us=232095   push_peer_info = DISABLED
Wed Nov 22 11:13:10 2017 us=232173   tls_exit = ENABLED
Wed Nov 22 11:13:10 2017 us=232250   tls_auth_file = '[UNDEF]'
Wed Nov 22 11:13:10 2017 us=232329   tls_crypt_file = '[UNDEF]'
Wed Nov 22 11:13:10 2017 us=232534   server_network = 0.0.0.0
Wed Nov 22 11:13:10 2017 us=232636   server_netmask = 0.0.0.0
Wed Nov 22 11:13:10 2017 us=232748   server_network_ipv6 = ::
Wed Nov 22 11:13:10 2017 us=232831   server_netbits_ipv6 = 0
Wed Nov 22 11:13:10 2017 us=232922   server_bridge_ip = 0.0.0.0
Wed Nov 22 11:13:10 2017 us=233009   server_bridge_netmask = 0.0.0.0
Wed Nov 22 11:13:10 2017 us=233096   server_bridge_pool_start = 0.0.0.0
Wed Nov 22 11:13:10 2017 us=233184   server_bridge_pool_end = 0.0.0.0
Wed Nov 22 11:13:10 2017 us=233261   ifconfig_pool_defined = DISABLED
Wed Nov 22 11:13:10 2017 us=233349   ifconfig_pool_start = 0.0.0.0
Wed Nov 22 11:13:10 2017 us=233436   ifconfig_pool_end = 0.0.0.0
Wed Nov 22 11:13:10 2017 us=233524   ifconfig_pool_netmask = 0.0.0.0
Wed Nov 22 11:13:10 2017 us=233601   ifconfig_pool_persist_filename = '[UNDEF]'
Wed Nov 22 11:13:10 2017 us=233681   ifconfig_pool_persist_refresh_freq = 600
Wed Nov 22 11:13:10 2017 us=233758   ifconfig_ipv6_pool_defined = DISABLED
Wed Nov 22 11:13:10 2017 us=233843   ifconfig_ipv6_pool_base = ::
Wed Nov 22 11:13:10 2017 us=233920   ifconfig_ipv6_pool_netbits = 0
Wed Nov 22 11:13:10 2017 us=233998   n_bcast_buf = 256
Wed Nov 22 11:13:10 2017 us=234075   tcp_queue_limit = 64
Wed Nov 22 11:13:10 2017 us=234153   real_hash_size = 256
Wed Nov 22 11:13:10 2017 us=234263   virtual_hash_size = 256
Wed Nov 22 11:13:10 2017 us=234341   client_connect_script = '[UNDEF]'
Wed Nov 22 11:13:10 2017 us=234419   learn_address_script = '[UNDEF]'
Wed Nov 22 11:13:10 2017 us=234496   client_disconnect_script = '[UNDEF]'
Wed Nov 22 11:13:10 2017 us=234574   client_config_dir = '[UNDEF]'
Wed Nov 22 11:13:10 2017 us=234651   ccd_exclusive = DISABLED
Wed Nov 22 11:13:10 2017 us=234728   tmp_dir = '/tmp'
Wed Nov 22 11:13:10 2017 us=234805   push_ifconfig_defined = DISABLED
Wed Nov 22 11:13:10 2017 us=234893   push_ifconfig_local = 0.0.0.0
Wed Nov 22 11:13:10 2017 us=234980   push_ifconfig_remote_netmask = 0.0.0.0
Wed Nov 22 11:13:10 2017 us=235057   push_ifconfig_ipv6_defined = DISABLED
Wed Nov 22 11:13:10 2017 us=235141   push_ifconfig_ipv6_local = ::/0
Wed Nov 22 11:13:10 2017 us=235223   push_ifconfig_ipv6_remote = ::
Wed Nov 22 11:13:10 2017 us=235301   enable_c2c = DISABLED
Wed Nov 22 11:13:10 2017 us=235378   duplicate_cn = DISABLED
Wed Nov 22 11:13:10 2017 us=235455   cf_max = 0
Wed Nov 22 11:13:10 2017 us=235532   cf_per = 0
Wed Nov 22 11:13:10 2017 us=235609   max_clients = 1024
Wed Nov 22 11:13:10 2017 us=235688   max_routes_per_client = 256
Wed Nov 22 11:13:10 2017 us=235764   auth_user_pass_verify_script = '[UNDEF]'
Wed Nov 22 11:13:10 2017 us=235842   auth_user_pass_verify_script_via_file = DISABLED
Wed Nov 22 11:13:10 2017 us=235920   auth_token_generate = DISABLED
Wed Nov 22 11:13:10 2017 us=235998   auth_token_lifetime = 0
Wed Nov 22 11:13:10 2017 us=236074   port_share_host = '[UNDEF]'
Wed Nov 22 11:13:10 2017 us=236150   port_share_port = '[UNDEF]'
Wed Nov 22 11:13:10 2017 us=236226   client = ENABLED
Wed Nov 22 11:13:10 2017 us=236301   pull = ENABLED
Wed Nov 22 11:13:10 2017 us=236378   auth_user_pass_file = 'stdin'
Wed Nov 22 11:13:10 2017 us=236475 OpenVPN 2.4.3 arm-none-linux-gnueabi [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Aug  1 2017
Wed Nov 22 11:13:10 2017 us=236637 library versions: OpenSSL 1.0.2k  26 Jan 2017, LZO 2.05
Wed Nov 22 11:13:10 2017 us=243812 MANAGEMENT: unix domain socket listening on /tmp/openvpn.client1.sock
Wed Nov 22 11:13:10 2017 us=244318 Need password(s) from management interface, waiting...
Wed Nov 22 11:13:12 2017 us=312139 MANAGEMENT: Client connected from /tmp/openvpn.client1.sock
Wed Nov 22 11:13:12 2017 us=312843 MANAGEMENT: CMD 'username Auth "VPN-server03"'
Wed Nov 22 11:13:12 2017 us=313162 MANAGEMENT: CMD 'password [...]'
Wed Nov 22 11:13:12 2017 us=313706 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Wed Nov 22 11:13:12 2017 us=313802 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Wed Nov 22 11:13:12 2017 us=313989 PLUGIN_INIT: POST /usr/lib/vpn_ext.so '[/usr/lib/vpn_ext.so] [1]' intercepted=PLUGIN_UP 
Wed Nov 22 11:13:12 2017 us=322345 Control Channel MTU parms [ L:1621 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Wed Nov 22 11:13:12 2017 us=372713 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
Wed Nov 22 11:13:12 2017 us=373101 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1541,tun-mtu 1500,proto UDPv4,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Wed Nov 22 11:13:12 2017 us=373199 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1541,tun-mtu 1500,proto UDPv4,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Wed Nov 22 11:13:12 2017 us=373412 TCP/UDP: Preserving recently used remote address: [AF_INET]<cut real IP server>:1194
Wed Nov 22 11:13:12 2017 us=373562 Socket Buffers: R=[163840->163840] S=[163840->163840]
Wed Nov 22 11:13:12 2017 us=373658 UDP link local: (not bound)
Wed Nov 22 11:13:12 2017 us=373767 UDP link remote: [AF_INET]<cut real IP server>:1194
Wed Nov 22 11:13:12 2017 us=374216 MANAGEMENT: CMD 'quit'
Wed Nov 22 11:13:12 2017 us=377528 MANAGEMENT: Client disconnected
Wed Nov 22 11:13:12 2017 us=423673 TLS: Initial packet from [AF_INET]<cut real IP server>:1194, sid=fcf7dde8 26dddc19
Wed Nov 22 11:13:12 2017 us=424525 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Wed Nov 22 11:13:12 2017 us=769620 VERIFY OK: depth=1, C=TW, L=Taipei, O=Synology Inc., CN=Synology Inc. CA
Wed Nov 22 11:13:12 2017 us=790988 VERIFY OK: depth=0, C=TW, L=Taipei, O=Synology Inc., CN=synology.com
Wed Nov 22 11:13:22 2017 us=409794 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Wed Nov 22 11:13:22 2017 us=410075 [synology.com] Peer Connection Initiated with [AF_INET]<cut real IP server>:1194
Wed Nov 22 11:13:23 2017 us=501477 SENT CONTROL [synology.com]: 'PUSH_REQUEST' (status=1)
Wed Nov 22 11:13:23 2017 us=539079 PUSH: Received control message: 'PUSH_REPLY,route 192.168.0.0 255.255.255.0,route 10.8.0.0 255.255.255.0,topology net30,ping 10,ping-restart 60,ifconfig 10.8.0.6 10.8.0.5'
Wed Nov 22 11:13:23 2017 us=539932 OPTIONS IMPORT: timers and/or timeouts modified
Wed Nov 22 11:13:23 2017 us=540047 OPTIONS IMPORT: --ifconfig/up options modified
Wed Nov 22 11:13:23 2017 us=540135 OPTIONS IMPORT: route options modified
Wed Nov 22 11:13:23 2017 us=540281 Data Channel MTU parms [ L:1541 D:1450 EF:41 EB:406 ET:0 EL:3 ]
Wed Nov 22 11:13:23 2017 us=542847 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Nov 22 11:13:23 2017 us=542996 WARNING: INSECURE cipher with block size less than 128 bit (64 bit).  This allows attacks like SWEET32.  Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
Wed Nov 22 11:13:23 2017 us=543139 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Nov 22 11:13:23 2017 us=543631 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Nov 22 11:13:23 2017 us=543743 WARNING: INSECURE cipher with block size less than 128 bit (64 bit).  This allows attacks like SWEET32.  Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
Wed Nov 22 11:13:23 2017 us=543879 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Nov 22 11:13:23 2017 us=543995 WARNING: cipher with small block size in use, reducing reneg-bytes to 64MB to mitigate SWEET32 attacks.
Wed Nov 22 11:13:23 2017 us=544801 ROUTE_GATEWAY 192.168.1.1/255.255.255.0 IFACE=eth0 HWADDR=00:08:9b:c1:e4:1b
Wed Nov 22 11:13:23 2017 us=551976 TUN/TAP device tun2001 opened
Wed Nov 22 11:13:23 2017 us=552160 TUN/TAP TX queue length set to 100
Wed Nov 22 11:13:23 2017 us=552283 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Wed Nov 22 11:13:23 2017 us=552448 /sbin/ifconfig tun2001 10.8.0.6 pointopoint 10.8.0.5 mtu 1500
Wed Nov 22 11:13:23 2017 us=594151 PLUGIN_CALL: POST /usr/lib/vpn_ext.so/PLUGIN_UP status=0
Wed Nov 22 11:13:23 2017 us=594405 /etc/openvpn/openvpn_up tun2001 1500 1541 10.8.0.6 10.8.0.5 init
Wed Nov 22 11:13:24 2017 us=426337 /sbin/route add -net 192.168.0.0 netmask 255.255.255.0 gw 10.8.0.5
Wed Nov 22 11:13:24 2017 us=447516 /sbin/route add -net 10.8.0.0 netmask 255.255.255.0 gw 10.8.0.5
Wed Nov 22 11:13:24 2017 us=472064 Initialization Sequence Completed

If I ping from the server to the client, I can see that it arrives at the client (RX-packets go-up in ifconfig on client).
However I don't have a tcpdump (and can't compile one due to old libs), so I can't see which addresses are used.
ping from server to 10.8.0.6 (client) works

Anyone seeing the problem?

Post Reply