The server side has been built, and the client is verified by smart card. Is it possible to write a pin code in the client configuration without the need for interactive input each time ? How to configure ?
Thank you !
current configuration:
~~
client
dev tun
proto udp
remote x.x.x.x 1194
persist-key
persist-tun
route-method exe
route-delay 2
comp-lzo
verb 3
ca ca.crt
pkcs11-providers e2acsp11.dll
pkcs11-id 'Feitian\x20Technologies\x20Co\x2E\x2C\x20Ltd\x2E/ePass2000Auto/062D531801140415/ePass\x20Token/42334432424546372D423932342D343533342D423838442D3236454145323245324234373100'
~~
Best,
Leo
Is it possible to write a pin code in the client configuration without the need for interactive input each time ?
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
-
leo.liyu
- OpenVpn Newbie
- Posts: 10
- Joined: Wed Oct 17, 2018 7:13 am
-
TinCanTech
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: Is it possible to write a pin code in the client configuration without the need for interactive input each time ?
You could try --askpass but I don't know if it works for a PIN ..
-
leo.liyu
- OpenVpn Newbie
- Posts: 10
- Joined: Wed Oct 17, 2018 7:13 am
Re: Is it possible to write a pin code in the client configuration without the need for interactive input each time ?
test , don't work . Thanks!
~~~
[root@localhost openvpn]# openvpn --askpass p openvpn.log
Options error: Unrecognized option or missing or extra parameter(s) in [CMD-LINE]:1: askpass (2.4.6)
Use --help for more information.
[root@localhost openvpn]# openvpn --askpass zhcx openvpn.log
Options error: Unrecognized option or missing or extra parameter(s) in [CMD-LINE]:1: askpass (2.4.6)
Use --help for more information.
[root@localhost openvpn]# openvpn --askpass /etc/openvpn/p openvpn.log
Options error: Unrecognized option or missing or extra parameter(s) in [CMD-LINE]:1: askpass (2.4.6)
Use --help for more information.
[root@localhost openvpn]# openvpn --askpass [/etc/openvpn/p] openvpn.log
Options error: Unrecognized option or missing or extra parameter(s) in [CMD-LINE]:1: askpass (2.4.6)
Use --help for more information.
[root@localhost openvpn]#
~~~
~~~
[root@localhost openvpn]# openvpn --askpass p openvpn.log
Options error: Unrecognized option or missing or extra parameter(s) in [CMD-LINE]:1: askpass (2.4.6)
Use --help for more information.
[root@localhost openvpn]# openvpn --askpass zhcx openvpn.log
Options error: Unrecognized option or missing or extra parameter(s) in [CMD-LINE]:1: askpass (2.4.6)
Use --help for more information.
[root@localhost openvpn]# openvpn --askpass /etc/openvpn/p openvpn.log
Options error: Unrecognized option or missing or extra parameter(s) in [CMD-LINE]:1: askpass (2.4.6)
Use --help for more information.
[root@localhost openvpn]# openvpn --askpass [/etc/openvpn/p] openvpn.log
Options error: Unrecognized option or missing or extra parameter(s) in [CMD-LINE]:1: askpass (2.4.6)
Use --help for more information.
[root@localhost openvpn]#
~~~
-
leo.liyu
- OpenVpn Newbie
- Posts: 10
- Joined: Wed Oct 17, 2018 7:13 am
Re: Is it possible to write a pin code in the client configuration without the need for interactive input each time ?
how to use the command line to start VPN with smart card ? No place to enter pin code. Is it a bug? Thanks!
-
leo.liyu
- OpenVpn Newbie
- Posts: 10
- Joined: Wed Oct 17, 2018 7:13 am
Re: Is it possible to write a pin code in the client configuration without the need for interactive input each time ?
~~~log~~~
Thu Oct 18 16:39:26 2018 us=460024 cf_per = 0
Thu Oct 18 16:39:26 2018 us=460039 max_clients = 1024
Thu Oct 18 16:39:26 2018 us=460053 max_routes_per_client = 256
Thu Oct 18 16:39:26 2018 us=460067 auth_user_pass_verify_script = '[UNDEF]'
Thu Oct 18 16:39:26 2018 us=460081 auth_user_pass_verify_script_via_file = DISABLED
Thu Oct 18 16:39:26 2018 us=460095 auth_token_generate = DISABLED
Thu Oct 18 16:39:26 2018 us=460109 auth_token_lifetime = 0
Thu Oct 18 16:39:26 2018 us=460124 port_share_host = '[UNDEF]'
Thu Oct 18 16:39:26 2018 us=460137 port_share_port = '[UNDEF]'
Thu Oct 18 16:39:26 2018 us=460151 client = ENABLED
Thu Oct 18 16:39:26 2018 us=460165 pull = ENABLED
Thu Oct 18 16:39:26 2018 us=460179 auth_user_pass_file = '[UNDEF]'
Thu Oct 18 16:39:26 2018 us=460200 OpenVPN 2.4.6 x86_64-redhat-linux-gnu [Fedora EPEL patched] [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 26 2018
Thu Oct 18 16:39:26 2018 us=460223 library versions: OpenSSL 1.0.2k-fips 26 Jan 2017, LZO 2.06
Thu Oct 18 16:39:26 2018 us=461102 PKCS#11: Adding PKCS#11 provider 'libcastle.so.1.0.0'
Thu Oct 18 16:39:26 2018 us=970167 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Thu Oct 18 16:39:27 2018 us=905093 LZO compression initializing
Thu Oct 18 16:39:27 2018 us=905280 Control Channel MTU parms [ L:1622 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Thu Oct 18 16:39:32 2018 us=927180 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 ]
Thu Oct 18 16:39:32 2018 us=927254 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Thu Oct 18 16:39:32 2018 us=927273 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Thu Oct 18 16:39:32 2018 us=927308 TCP/UDP: Preserving recently used remote address: [AF_INET]218.xxx:21194
Thu Oct 18 16:39:32 2018 us=927355 Socket Buffers: R=[212992->212992] S=[212992->212992]
Thu Oct 18 16:39:32 2018 us=927378 UDP link local: (not bound)
Thu Oct 18 16:39:32 2018 us=927396 UDP link remote: [AF_INET]xxxx:21194
Thu Oct 18 16:39:32 2018 us=930054 TLS: Initial packet from [AF_INET]xxxx:21194, sid=10fffb4b 5527ad28
Thu Oct 18 16:39:32 2018 us=936978 VERIFY OK: depth=1, CN=brain
Thu Oct 18 16:39:32 2018 us=937302 VERIFY OK: depth=0, CN=server
~~~log~~~
Centos 7.5
The command line has no chance to enter the pin Code for Smart card In the openvpn client ?
Thu Oct 18 16:39:26 2018 us=460024 cf_per = 0
Thu Oct 18 16:39:26 2018 us=460039 max_clients = 1024
Thu Oct 18 16:39:26 2018 us=460053 max_routes_per_client = 256
Thu Oct 18 16:39:26 2018 us=460067 auth_user_pass_verify_script = '[UNDEF]'
Thu Oct 18 16:39:26 2018 us=460081 auth_user_pass_verify_script_via_file = DISABLED
Thu Oct 18 16:39:26 2018 us=460095 auth_token_generate = DISABLED
Thu Oct 18 16:39:26 2018 us=460109 auth_token_lifetime = 0
Thu Oct 18 16:39:26 2018 us=460124 port_share_host = '[UNDEF]'
Thu Oct 18 16:39:26 2018 us=460137 port_share_port = '[UNDEF]'
Thu Oct 18 16:39:26 2018 us=460151 client = ENABLED
Thu Oct 18 16:39:26 2018 us=460165 pull = ENABLED
Thu Oct 18 16:39:26 2018 us=460179 auth_user_pass_file = '[UNDEF]'
Thu Oct 18 16:39:26 2018 us=460200 OpenVPN 2.4.6 x86_64-redhat-linux-gnu [Fedora EPEL patched] [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 26 2018
Thu Oct 18 16:39:26 2018 us=460223 library versions: OpenSSL 1.0.2k-fips 26 Jan 2017, LZO 2.06
Thu Oct 18 16:39:26 2018 us=461102 PKCS#11: Adding PKCS#11 provider 'libcastle.so.1.0.0'
Thu Oct 18 16:39:26 2018 us=970167 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Thu Oct 18 16:39:27 2018 us=905093 LZO compression initializing
Thu Oct 18 16:39:27 2018 us=905280 Control Channel MTU parms [ L:1622 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Thu Oct 18 16:39:32 2018 us=927180 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 ]
Thu Oct 18 16:39:32 2018 us=927254 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Thu Oct 18 16:39:32 2018 us=927273 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Thu Oct 18 16:39:32 2018 us=927308 TCP/UDP: Preserving recently used remote address: [AF_INET]218.xxx:21194
Thu Oct 18 16:39:32 2018 us=927355 Socket Buffers: R=[212992->212992] S=[212992->212992]
Thu Oct 18 16:39:32 2018 us=927378 UDP link local: (not bound)
Thu Oct 18 16:39:32 2018 us=927396 UDP link remote: [AF_INET]xxxx:21194
Thu Oct 18 16:39:32 2018 us=930054 TLS: Initial packet from [AF_INET]xxxx:21194, sid=10fffb4b 5527ad28
Thu Oct 18 16:39:32 2018 us=936978 VERIFY OK: depth=1, CN=brain
Thu Oct 18 16:39:32 2018 us=937302 VERIFY OK: depth=0, CN=server
~~~log~~~
Centos 7.5
The command line has no chance to enter the pin Code for Smart card In the openvpn client ?
-
TinCanTech
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: Is it possible to write a pin code in the client configuration without the need for interactive input each time ?
I don't know what you are trying to do and neither does openvpn.
Try adding "askpass" to the config file.
-
leo.liyu
- OpenVpn Newbie
- Posts: 10
- Joined: Wed Oct 17, 2018 7:13 am
Re: Is it possible to write a pin code in the client configuration without the need for interactive input each time ?
I had added in config file and test , don't work too .
I use epass2003 ( Smartcard ) . Does Linux's OpenVPN do not support smart card verification ?
There is no place to enter pin code.
[oconf=]Fri Oct 19 18:56:58 2018 us=791456 push_ifconfig_ipv6_remote = ::
Fri Oct 19 18:56:58 2018 us=791480 enable_c2c = DISABLED
Fri Oct 19 18:56:58 2018 us=791502 duplicate_cn = DISABLED
Fri Oct 19 18:56:58 2018 us=791525 cf_max = 0
Fri Oct 19 18:56:58 2018 us=791549 cf_per = 0
Fri Oct 19 18:56:58 2018 us=791574 max_clients = 1024
Fri Oct 19 18:56:58 2018 us=791596 max_routes_per_client = 256
Fri Oct 19 18:56:58 2018 us=791620 auth_user_pass_verify_script = '[UNDEF]'
Fri Oct 19 18:56:58 2018 us=791645 auth_user_pass_verify_script_via_file = DISABLED
Fri Oct 19 18:56:58 2018 us=791667 auth_token_generate = DISABLED
Fri Oct 19 18:56:58 2018 us=791690 auth_token_lifetime = 0
Fri Oct 19 18:56:58 2018 us=791714 port_share_host = '[UNDEF]'
Fri Oct 19 18:56:58 2018 us=791737 port_share_port = '[UNDEF]'
Fri Oct 19 18:56:58 2018 us=791760 client = ENABLED
Fri Oct 19 18:56:58 2018 us=791784 pull = ENABLED
Fri Oct 19 18:56:58 2018 us=791806 auth_user_pass_file = '[UNDEF]'
Fri Oct 19 18:56:58 2018 us=791836 OpenVPN 2.4.6 x86_64-redhat-linux-gnu [Fedora EPEL patched] [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 26 2018
Fri Oct 19 18:56:58 2018 us=791873 library versions: OpenSSL 1.0.2k-fips 26 Jan 2017, LZO 2.06
Fri Oct 19 18:56:58 2018 us=792028 PKCS#11: Adding PKCS#11 provider 'libcastle.so.1.0.0'
Fri Oct 19 18:56:59 2018 us=301755 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Fri Oct 19 18:57:00 2018 us=234706 LZO compression initializing
Fri Oct 19 18:57:00 2018 us=234890 Control Channel MTU parms [ L:1622 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Fri Oct 19 18:57:00 2018 us=259400 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 ]
Fri Oct 19 18:57:00 2018 us=259471 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Fri Oct 19 18:57:00 2018 us=259508 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Fri Oct 19 18:57:00 2018 us=259545 TCP/UDP: Preserving recently used remote address: [AF_INET]218.xxxx:1194
Fri Oct 19 18:57:00 2018 us=259603 Socket Buffers: R=[212992->212992] S=[212992->212992]
Fri Oct 19 18:57:00 2018 us=259636 UDP link local: (not bound)
Fri Oct 19 18:57:00 2018 us=259662 UDP link remote: [AF_INET]2xxx:1194
Fri Oct 19 18:57:00 2018 us=262337 TLS: Initial packet from [AF_INET]21xxxx:1194, sid=53e3ad5e 3217ddca
Fri Oct 19 18:57:00 2018 us=268535 VERIFY OK: depth=1, CN=brain
Fri Oct 19 18:57:00 2018 us=268876 VERIFY OK: depth=0, CN=server[/oconf]
I use epass2003 ( Smartcard ) . Does Linux's OpenVPN do not support smart card verification ?
There is no place to enter pin code.
[oconf=]Fri Oct 19 18:56:58 2018 us=791456 push_ifconfig_ipv6_remote = ::
Fri Oct 19 18:56:58 2018 us=791480 enable_c2c = DISABLED
Fri Oct 19 18:56:58 2018 us=791502 duplicate_cn = DISABLED
Fri Oct 19 18:56:58 2018 us=791525 cf_max = 0
Fri Oct 19 18:56:58 2018 us=791549 cf_per = 0
Fri Oct 19 18:56:58 2018 us=791574 max_clients = 1024
Fri Oct 19 18:56:58 2018 us=791596 max_routes_per_client = 256
Fri Oct 19 18:56:58 2018 us=791620 auth_user_pass_verify_script = '[UNDEF]'
Fri Oct 19 18:56:58 2018 us=791645 auth_user_pass_verify_script_via_file = DISABLED
Fri Oct 19 18:56:58 2018 us=791667 auth_token_generate = DISABLED
Fri Oct 19 18:56:58 2018 us=791690 auth_token_lifetime = 0
Fri Oct 19 18:56:58 2018 us=791714 port_share_host = '[UNDEF]'
Fri Oct 19 18:56:58 2018 us=791737 port_share_port = '[UNDEF]'
Fri Oct 19 18:56:58 2018 us=791760 client = ENABLED
Fri Oct 19 18:56:58 2018 us=791784 pull = ENABLED
Fri Oct 19 18:56:58 2018 us=791806 auth_user_pass_file = '[UNDEF]'
Fri Oct 19 18:56:58 2018 us=791836 OpenVPN 2.4.6 x86_64-redhat-linux-gnu [Fedora EPEL patched] [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 26 2018
Fri Oct 19 18:56:58 2018 us=791873 library versions: OpenSSL 1.0.2k-fips 26 Jan 2017, LZO 2.06
Fri Oct 19 18:56:58 2018 us=792028 PKCS#11: Adding PKCS#11 provider 'libcastle.so.1.0.0'
Fri Oct 19 18:56:59 2018 us=301755 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Fri Oct 19 18:57:00 2018 us=234706 LZO compression initializing
Fri Oct 19 18:57:00 2018 us=234890 Control Channel MTU parms [ L:1622 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Fri Oct 19 18:57:00 2018 us=259400 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 ]
Fri Oct 19 18:57:00 2018 us=259471 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Fri Oct 19 18:57:00 2018 us=259508 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Fri Oct 19 18:57:00 2018 us=259545 TCP/UDP: Preserving recently used remote address: [AF_INET]218.xxxx:1194
Fri Oct 19 18:57:00 2018 us=259603 Socket Buffers: R=[212992->212992] S=[212992->212992]
Fri Oct 19 18:57:00 2018 us=259636 UDP link local: (not bound)
Fri Oct 19 18:57:00 2018 us=259662 UDP link remote: [AF_INET]2xxx:1194
Fri Oct 19 18:57:00 2018 us=262337 TLS: Initial packet from [AF_INET]21xxxx:1194, sid=53e3ad5e 3217ddca
Fri Oct 19 18:57:00 2018 us=268535 VERIFY OK: depth=1, CN=brain
Fri Oct 19 18:57:00 2018 us=268876 VERIFY OK: depth=0, CN=server[/oconf]
-
TinCanTech
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: Is it possible to write a pin code in the client configuration without the need for interactive input each time ?
Please post your complete log .. I would expect there to be some error.
Also,
Do you want to be able to pre-configure the PIN so you do not have to type it in ?
Your post does not make good sense ..
Please do not start new threads or add your comments to unrelated threads.
Also,
Does openvpn prompt you for the PIN ?Is it possible to write a pin code in the client configuration without the need for interactive input each time ?
Do you want to be able to pre-configure the PIN so you do not have to type it in ?
Your post does not make good sense ..
Please do not start new threads or add your comments to unrelated threads.
-
leo.liyu
- OpenVpn Newbie
- Posts: 10
- Joined: Wed Oct 17, 2018 7:13 am
Re: Is it possible to write a pin code in the client configuration without the need for interactive input each time ?
If OS use Win , work ! but linux 
all log of client in centos7.5
server
all log of client in centos7.5
Code: Select all
Fri Oct 19 18:56:58 2018 us=784843 Current Parameter Settings:
Fri Oct 19 18:56:58 2018 us=784999 config = 'ukey1_tt.ovpn'
Fri Oct 19 18:56:58 2018 us=785032 mode = 0
Fri Oct 19 18:56:58 2018 us=785057 persist_config = DISABLED
Fri Oct 19 18:56:58 2018 us=785094 persist_mode = 1
Fri Oct 19 18:56:58 2018 us=785118 show_ciphers = DISABLED
Fri Oct 19 18:56:58 2018 us=785149 show_digests = DISABLED
Fri Oct 19 18:56:58 2018 us=785177 show_engines = DISABLED
Fri Oct 19 18:56:58 2018 us=785204 genkey = DISABLED
Fri Oct 19 18:56:58 2018 us=785233 key_pass_file = '[UNDEF]'
Fri Oct 19 18:56:58 2018 us=785256 show_tls_ciphers = DISABLED
Fri Oct 19 18:56:58 2018 us=785280 connect_retry_max = 0
Fri Oct 19 18:56:58 2018 us=785304 Connection profiles [0]:
Fri Oct 19 18:56:58 2018 us=785328 proto = udp
Fri Oct 19 18:56:58 2018 us=785357 local = '[UNDEF]'
Fri Oct 19 18:56:58 2018 us=785382 local_port = '[UNDEF]'
Fri Oct 19 18:56:58 2018 us=785406 remote = 'onecardvpn.123cx.com'
Fri Oct 19 18:56:58 2018 us=785432 remote_port = '21194'
Fri Oct 19 18:56:58 2018 us=785455 remote_float = DISABLED
Fri Oct 19 18:56:58 2018 us=785482 bind_defined = DISABLED
Fri Oct 19 18:56:58 2018 us=785505 bind_local = DISABLED
Fri Oct 19 18:56:58 2018 us=785532 bind_ipv6_only = DISABLED
Fri Oct 19 18:56:58 2018 us=785556 connect_retry_seconds = 5
Fri Oct 19 18:56:58 2018 us=785580 connect_timeout = 120
Fri Oct 19 18:56:58 2018 us=785603 socks_proxy_server = '[UNDEF]'
Fri Oct 19 18:56:58 2018 us=785627 socks_proxy_port = '[UNDEF]'
Fri Oct 19 18:56:58 2018 us=785650 tun_mtu = 1500
Fri Oct 19 18:56:58 2018 us=785673 tun_mtu_defined = ENABLED
Fri Oct 19 18:56:58 2018 us=785696 link_mtu = 1500
Fri Oct 19 18:56:58 2018 us=785720 link_mtu_defined = DISABLED
Fri Oct 19 18:56:58 2018 us=785744 tun_mtu_extra = 0
Fri Oct 19 18:56:58 2018 us=785771 tun_mtu_extra_defined = DISABLED
Fri Oct 19 18:56:58 2018 us=785795 mtu_discover_type = -1
Fri Oct 19 18:56:58 2018 us=785818 fragment = 0
Fri Oct 19 18:56:58 2018 us=785844 mssfix = 1450
Fri Oct 19 18:56:58 2018 us=785872 explicit_exit_notification = 0
Fri Oct 19 18:56:58 2018 us=785903 Connection profiles END
Fri Oct 19 18:56:58 2018 us=785929 remote_random = DISABLED
Fri Oct 19 18:56:58 2018 us=785955 ipchange = '[UNDEF]'
Fri Oct 19 18:56:58 2018 us=785978 dev = 'tun'
Fri Oct 19 18:56:58 2018 us=786005 dev_type = '[UNDEF]'
Fri Oct 19 18:56:58 2018 us=786028 dev_node = '[UNDEF]'
Fri Oct 19 18:56:58 2018 us=786052 lladdr = '[UNDEF]'
Fri Oct 19 18:56:58 2018 us=786077 topology = 1
Fri Oct 19 18:56:58 2018 us=786101 ifconfig_local = '[UNDEF]'
Fri Oct 19 18:56:58 2018 us=786127 ifconfig_remote_netmask = '[UNDEF]'
Fri Oct 19 18:56:58 2018 us=786153 ifconfig_noexec = DISABLED
Fri Oct 19 18:56:58 2018 us=786180 ifconfig_nowarn = DISABLED
Fri Oct 19 18:56:58 2018 us=786203 ifconfig_ipv6_local = '[UNDEF]'
Fri Oct 19 18:56:58 2018 us=786226 ifconfig_ipv6_netbits = 0
Fri Oct 19 18:56:58 2018 us=786250 ifconfig_ipv6_remote = '[UNDEF]'
Fri Oct 19 18:56:58 2018 us=786276 shaper = 0
Fri Oct 19 18:56:58 2018 us=786300 mtu_test = 0
Fri Oct 19 18:56:58 2018 us=786325 mlock = DISABLED
Fri Oct 19 18:56:58 2018 us=786351 keepalive_ping = 0
Fri Oct 19 18:56:58 2018 us=786378 keepalive_timeout = 0
Fri Oct 19 18:56:58 2018 us=786400 inactivity_timeout = 0
Fri Oct 19 18:56:58 2018 us=786424 ping_send_timeout = 0
Fri Oct 19 18:56:58 2018 us=786450 ping_rec_timeout = 0
Fri Oct 19 18:56:58 2018 us=786473 ping_rec_timeout_action = 0
Fri Oct 19 18:56:58 2018 us=786497 ping_timer_remote = DISABLED
Fri Oct 19 18:56:58 2018 us=786520 remap_sigusr1 = 0
Fri Oct 19 18:56:58 2018 us=786545 persist_tun = ENABLED
Fri Oct 19 18:56:58 2018 us=786571 persist_local_ip = DISABLED
Fri Oct 19 18:56:58 2018 us=786594 persist_remote_ip = DISABLED
Fri Oct 19 18:56:58 2018 us=786617 persist_key = ENABLED
Fri Oct 19 18:56:58 2018 us=786640 passtos = DISABLED
Fri Oct 19 18:56:58 2018 us=786665 resolve_retry_seconds = 1000000000
Fri Oct 19 18:56:58 2018 us=786689 resolve_in_advance = DISABLED
Fri Oct 19 18:56:58 2018 us=786711 username = '[UNDEF]'
Fri Oct 19 18:56:58 2018 us=786736 groupname = '[UNDEF]'
Fri Oct 19 18:56:58 2018 us=786759 chroot_dir = '[UNDEF]'
Fri Oct 19 18:56:58 2018 us=786789 cd_dir = '[UNDEF]'
Fri Oct 19 18:56:58 2018 us=786815 selinux_context = '[UNDEF]'
Fri Oct 19 18:56:58 2018 us=786839 writepid = '[UNDEF]'
Fri Oct 19 18:56:58 2018 us=786864 up_script = '[UNDEF]'
Fri Oct 19 18:56:58 2018 us=786889 down_script = '[UNDEF]'
Fri Oct 19 18:56:58 2018 us=786923 down_pre = DISABLED
Fri Oct 19 18:56:58 2018 us=786955 up_restart = DISABLED
Fri Oct 19 18:56:58 2018 us=786977 up_delay = DISABLED
Fri Oct 19 18:56:58 2018 us=787000 daemon = DISABLED
Fri Oct 19 18:56:58 2018 us=787023 inetd = 0
Fri Oct 19 18:56:58 2018 us=787045 log = DISABLED
Fri Oct 19 18:56:58 2018 us=787069 suppress_timestamps = DISABLED
Fri Oct 19 18:56:58 2018 us=787091 machine_readable_output = DISABLED
Fri Oct 19 18:56:58 2018 us=787113 nice = 0
Fri Oct 19 18:56:58 2018 us=787137 verbosity = 4
Fri Oct 19 18:56:58 2018 us=787159 mute = 0
Fri Oct 19 18:56:58 2018 us=787184 gremlin = 0
Fri Oct 19 18:56:58 2018 us=787206 status_file = '[UNDEF]'
Fri Oct 19 18:56:58 2018 us=787228 status_file_version = 1
Fri Oct 19 18:56:58 2018 us=787250 status_file_update_freq = 60
Fri Oct 19 18:56:58 2018 us=787271 occ = ENABLED
Fri Oct 19 18:56:58 2018 us=787293 rcvbuf = 0
Fri Oct 19 18:56:58 2018 us=787317 sndbuf = 0
Fri Oct 19 18:56:58 2018 us=787341 mark = 0
Fri Oct 19 18:56:58 2018 us=787363 sockflags = 0
Fri Oct 19 18:56:58 2018 us=787384 fast_io = DISABLED
Fri Oct 19 18:56:58 2018 us=787408 comp.alg = 2
Fri Oct 19 18:56:58 2018 us=787432 comp.flags = 1
Fri Oct 19 18:56:58 2018 us=787456 route_script = '[UNDEF]'
Fri Oct 19 18:56:58 2018 us=787480 route_default_gateway = '[UNDEF]'
Fri Oct 19 18:56:58 2018 us=787505 route_default_metric = 0
Fri Oct 19 18:56:58 2018 us=787531 route_noexec = DISABLED
Fri Oct 19 18:56:58 2018 us=787555 route_delay = 0
Fri Oct 19 18:56:58 2018 us=787578 route_delay_window = 30
Fri Oct 19 18:56:58 2018 us=787599 route_delay_defined = DISABLED
Fri Oct 19 18:56:58 2018 us=787623 route_nopull = DISABLED
Fri Oct 19 18:56:58 2018 us=787648 route_gateway_via_dhcp = DISABLED
Fri Oct 19 18:56:58 2018 us=787673 allow_pull_fqdn = DISABLED
Fri Oct 19 18:56:58 2018 us=787695 management_addr = '[UNDEF]'
Fri Oct 19 18:56:58 2018 us=787718 management_port = '[UNDEF]'
Fri Oct 19 18:56:58 2018 us=787743 management_user_pass = '[UNDEF]'
Fri Oct 19 18:56:58 2018 us=787768 management_log_history_cache = 250
Fri Oct 19 18:56:58 2018 us=787790 management_echo_buffer_size = 100
Fri Oct 19 18:56:58 2018 us=787814 management_write_peer_info_file = '[UNDEF]'
Fri Oct 19 18:56:58 2018 us=787838 management_client_user = '[UNDEF]'
Fri Oct 19 18:56:58 2018 us=787863 management_client_group = '[UNDEF]'
Fri Oct 19 18:56:58 2018 us=787888 management_flags = 0
Fri Oct 19 18:56:58 2018 us=787920 shared_secret_file = '[UNDEF]'
Fri Oct 19 18:56:58 2018 us=787947 key_direction = not set
Fri Oct 19 18:56:58 2018 us=787971 ciphername = 'BF-CBC'
Fri Oct 19 18:56:58 2018 us=787993 ncp_enabled = ENABLED
Fri Oct 19 18:56:58 2018 us=788015 ncp_ciphers = 'AES-256-GCM:AES-128-GCM'
Fri Oct 19 18:56:58 2018 us=788038 authname = 'SHA1'
Fri Oct 19 18:56:58 2018 us=788061 prng_hash = 'SHA1'
Fri Oct 19 18:56:58 2018 us=788085 prng_nonce_secret_len = 16
Fri Oct 19 18:56:58 2018 us=788110 keysize = 0
Fri Oct 19 18:56:58 2018 us=788132 engine = DISABLED
Fri Oct 19 18:56:58 2018 us=788154 replay = ENABLED
Fri Oct 19 18:56:58 2018 us=788179 mute_replay_warnings = DISABLED
Fri Oct 19 18:56:58 2018 us=788204 replay_window = 64
Fri Oct 19 18:56:58 2018 us=788230 replay_time = 15
Fri Oct 19 18:56:58 2018 us=788252 packet_id_file = '[UNDEF]'
Fri Oct 19 18:56:58 2018 us=788274 use_iv = ENABLED
Fri Oct 19 18:56:58 2018 us=788300 test_crypto = DISABLED
Fri Oct 19 18:56:58 2018 us=788325 tls_server = DISABLED
Fri Oct 19 18:56:58 2018 us=788348 tls_client = ENABLED
Fri Oct 19 18:56:58 2018 us=788370 key_method = 2
Fri Oct 19 18:56:58 2018 us=788392 ca_file = 'ca.crt'
Fri Oct 19 18:56:58 2018 us=788414 ca_path = '[UNDEF]'
Fri Oct 19 18:56:58 2018 us=788436 dh_file = '[UNDEF]'
Fri Oct 19 18:56:58 2018 us=788458 cert_file = '[UNDEF]'
Fri Oct 19 18:56:58 2018 us=788482 extra_certs_file = '[UNDEF]'
Fri Oct 19 18:56:58 2018 us=788506 priv_key_file = '[UNDEF]'
Fri Oct 19 18:56:58 2018 us=788529 pkcs12_file = '[UNDEF]'
Fri Oct 19 18:56:58 2018 us=788552 cipher_list = '[UNDEF]'
Fri Oct 19 18:56:58 2018 us=788577 tls_cert_profile = '[UNDEF]'
Fri Oct 19 18:56:58 2018 us=788599 tls_verify = '[UNDEF]'
Fri Oct 19 18:56:58 2018 us=788620 tls_export_cert = '[UNDEF]'
Fri Oct 19 18:56:58 2018 us=788644 verify_x509_type = 0
Fri Oct 19 18:56:58 2018 us=788669 verify_x509_name = '[UNDEF]'
Fri Oct 19 18:56:58 2018 us=788691 crl_file = '[UNDEF]'
Fri Oct 19 18:56:58 2018 us=788716 ns_cert_type = 0
Fri Oct 19 18:56:58 2018 us=788740 remote_cert_ku[i] = 0
Fri Oct 19 18:56:58 2018 us=788764 remote_cert_ku[i] = 0
Fri Oct 19 18:56:58 2018 us=788789 remote_cert_ku[i] = 0
Fri Oct 19 18:56:58 2018 us=788811 remote_cert_ku[i] = 0
Fri Oct 19 18:56:58 2018 us=788835 remote_cert_ku[i] = 0
Fri Oct 19 18:56:58 2018 us=788858 remote_cert_ku[i] = 0
Fri Oct 19 18:56:58 2018 us=788883 remote_cert_ku[i] = 0
Fri Oct 19 18:56:58 2018 us=788912 remote_cert_ku[i] = 0
Fri Oct 19 18:56:58 2018 us=788936 remote_cert_ku[i] = 0
Fri Oct 19 18:56:58 2018 us=788961 remote_cert_ku[i] = 0
Fri Oct 19 18:56:58 2018 us=788985 remote_cert_ku[i] = 0
Fri Oct 19 18:56:58 2018 us=789008 remote_cert_ku[i] = 0
Fri Oct 19 18:56:58 2018 us=789030 remote_cert_ku[i] = 0
Fri Oct 19 18:56:58 2018 us=789052 remote_cert_ku[i] = 0
Fri Oct 19 18:56:58 2018 us=789074 remote_cert_ku[i] = 0
Fri Oct 19 18:56:58 2018 us=789098 remote_cert_ku[i] = 0
Fri Oct 19 18:56:58 2018 us=789120 remote_cert_eku = '[UNDEF]'
Fri Oct 19 18:56:58 2018 us=789142 ssl_flags = 0
Fri Oct 19 18:56:58 2018 us=789165 tls_timeout = 2
Fri Oct 19 18:56:58 2018 us=789189 renegotiate_bytes = -1
Fri Oct 19 18:56:58 2018 us=789214 renegotiate_packets = 0
Fri Oct 19 18:56:58 2018 us=789237 renegotiate_seconds = 3600
Fri Oct 19 18:56:58 2018 us=789261 handshake_window = 60
Fri Oct 19 18:56:58 2018 us=789285 transition_window = 3600
Fri Oct 19 18:56:58 2018 us=789309 single_session = DISABLED
Fri Oct 19 18:56:58 2018 us=789334 push_peer_info = DISABLED
Fri Oct 19 18:56:58 2018 us=789357 tls_exit = DISABLED
Fri Oct 19 18:56:58 2018 us=789381 tls_auth_file = '[UNDEF]'
Fri Oct 19 18:56:58 2018 us=789405 tls_crypt_file = '[UNDEF]'
Fri Oct 19 18:56:58 2018 us=789429 pkcs11_providers = libcastle.so.1.0.0
Fri Oct 19 18:56:58 2018 us=789451 pkcs11_protected_authentication = DISABLED
Fri Oct 19 18:56:58 2018 us=789475 pkcs11_protected_authentication = DISABLED
Fri Oct 19 18:56:58 2018 us=789497 pkcs11_protected_authentication = DISABLED
Fri Oct 19 18:56:58 2018 us=789521 pkcs11_protected_authentication = DISABLED
Fri Oct 19 18:56:58 2018 us=789546 pkcs11_protected_authentication = DISABLED
Fri Oct 19 18:56:58 2018 us=789571 pkcs11_protected_authentication = DISABLED
Fri Oct 19 18:56:58 2018 us=789593 pkcs11_protected_authentication = DISABLED
Fri Oct 19 18:56:58 2018 us=789615 pkcs11_protected_authentication = DISABLED
Fri Oct 19 18:56:58 2018 us=789640 pkcs11_protected_authentication = DISABLED
Fri Oct 19 18:56:58 2018 us=789662 pkcs11_protected_authentication = DISABLED
Fri Oct 19 18:56:58 2018 us=789684 pkcs11_protected_authentication = DISABLED
Fri Oct 19 18:56:58 2018 us=789709 pkcs11_protected_authentication = DISABLED
Fri Oct 19 18:56:58 2018 us=789733 pkcs11_protected_authentication = DISABLED
Fri Oct 19 18:56:58 2018 us=789755 pkcs11_protected_authentication = DISABLED
Fri Oct 19 18:56:58 2018 us=789777 pkcs11_protected_authentication = DISABLED
Fri Oct 19 18:56:58 2018 us=789801 pkcs11_protected_authentication = DISABLED
Fri Oct 19 18:56:58 2018 us=789823 pkcs11_private_mode = 00000000
Fri Oct 19 18:56:58 2018 us=789846 pkcs11_private_mode = 00000000
Fri Oct 19 18:56:58 2018 us=789868 pkcs11_private_mode = 00000000
Fri Oct 19 18:56:58 2018 us=789890 pkcs11_private_mode = 00000000
Fri Oct 19 18:56:58 2018 us=789918 pkcs11_private_mode = 00000000
Fri Oct 19 18:56:58 2018 us=789940 pkcs11_private_mode = 00000000
Fri Oct 19 18:56:58 2018 us=789964 pkcs11_private_mode = 00000000
Fri Oct 19 18:56:58 2018 us=789986 pkcs11_private_mode = 00000000
Fri Oct 19 18:56:58 2018 us=790009 pkcs11_private_mode = 00000000
Fri Oct 19 18:56:58 2018 us=790032 pkcs11_private_mode = 00000000
Fri Oct 19 18:56:58 2018 us=790056 pkcs11_private_mode = 00000000
Fri Oct 19 18:56:58 2018 us=790081 pkcs11_private_mode = 00000000
Fri Oct 19 18:56:58 2018 us=790104 pkcs11_private_mode = 00000000
Fri Oct 19 18:56:58 2018 us=790128 pkcs11_private_mode = 00000000
Fri Oct 19 18:56:58 2018 us=790151 pkcs11_private_mode = 00000000
Fri Oct 19 18:56:58 2018 us=790176 pkcs11_private_mode = 00000000
Fri Oct 19 18:56:58 2018 us=790199 pkcs11_cert_private = DISABLED
Fri Oct 19 18:56:58 2018 us=790223 pkcs11_cert_private = DISABLED
Fri Oct 19 18:56:58 2018 us=790246 pkcs11_cert_private = DISABLED
Fri Oct 19 18:56:58 2018 us=790271 pkcs11_cert_private = DISABLED
Fri Oct 19 18:56:58 2018 us=790294 pkcs11_cert_private = DISABLED
Fri Oct 19 18:56:58 2018 us=790316 pkcs11_cert_private = DISABLED
Fri Oct 19 18:56:58 2018 us=790340 pkcs11_cert_private = DISABLED
Fri Oct 19 18:56:58 2018 us=790362 pkcs11_cert_private = DISABLED
Fri Oct 19 18:56:58 2018 us=790384 pkcs11_cert_private = DISABLED
Fri Oct 19 18:56:58 2018 us=790408 pkcs11_cert_private = DISABLED
Fri Oct 19 18:56:58 2018 us=790430 pkcs11_cert_private = DISABLED
Fri Oct 19 18:56:58 2018 us=790454 pkcs11_cert_private = DISABLED
Fri Oct 19 18:56:58 2018 us=790478 pkcs11_cert_private = DISABLED
Fri Oct 19 18:56:58 2018 us=790503 pkcs11_cert_private = DISABLED
Fri Oct 19 18:56:58 2018 us=790526 pkcs11_cert_private = DISABLED
Fri Oct 19 18:56:58 2018 us=790548 pkcs11_cert_private = DISABLED
Fri Oct 19 18:56:58 2018 us=790575 pkcs11_pin_cache_period = -1
Fri Oct 19 18:56:58 2018 us=790602 pkcs11_id = 'EnterSafe/ePass2003/24984C29001E002C/ePass2003/44333338424146362D464339362D344246352D383933322D4538464435453243343442393100'
Fri Oct 19 18:56:58 2018 us=790629 pkcs11_id_management = DISABLED
Fri Oct 19 18:56:58 2018 us=790659 server_network = 0.0.0.0
Fri Oct 19 18:56:58 2018 us=790684 server_netmask = 0.0.0.0
Fri Oct 19 18:56:58 2018 us=790715 server_network_ipv6 = ::
Fri Oct 19 18:56:58 2018 us=790740 server_netbits_ipv6 = 0
Fri Oct 19 18:56:58 2018 us=790765 server_bridge_ip = 0.0.0.0
Fri Oct 19 18:56:58 2018 us=790792 server_bridge_netmask = 0.0.0.0
Fri Oct 19 18:56:58 2018 us=790818 server_bridge_pool_start = 0.0.0.0
Fri Oct 19 18:56:58 2018 us=790841 server_bridge_pool_end = 0.0.0.0
Fri Oct 19 18:56:58 2018 us=790863 ifconfig_pool_defined = DISABLED
Fri Oct 19 18:56:58 2018 us=790887 ifconfig_pool_start = 0.0.0.0
Fri Oct 19 18:56:58 2018 us=790920 ifconfig_pool_end = 0.0.0.0
Fri Oct 19 18:56:58 2018 us=790946 ifconfig_pool_netmask = 0.0.0.0
Fri Oct 19 18:56:58 2018 us=790968 ifconfig_pool_persist_filename = '[UNDEF]'
Fri Oct 19 18:56:58 2018 us=790994 ifconfig_pool_persist_refresh_freq = 600
Fri Oct 19 18:56:58 2018 us=791019 ifconfig_ipv6_pool_defined = DISABLED
Fri Oct 19 18:56:58 2018 us=791050 ifconfig_ipv6_pool_base = ::
Fri Oct 19 18:56:58 2018 us=791076 ifconfig_ipv6_pool_netbits = 0
Fri Oct 19 18:56:58 2018 us=791102 n_bcast_buf = 256
Fri Oct 19 18:56:58 2018 us=791126 tcp_queue_limit = 64
Fri Oct 19 18:56:58 2018 us=791151 real_hash_size = 256
Fri Oct 19 18:56:58 2018 us=791173 virtual_hash_size = 256
Fri Oct 19 18:56:58 2018 us=791195 client_connect_script = '[UNDEF]'
Fri Oct 19 18:56:58 2018 us=791218 learn_address_script = '[UNDEF]'
Fri Oct 19 18:56:58 2018 us=791241 client_disconnect_script = '[UNDEF]'
Fri Oct 19 18:56:58 2018 us=791265 client_config_dir = '[UNDEF]'
Fri Oct 19 18:56:58 2018 us=791287 ccd_exclusive = DISABLED
Fri Oct 19 18:56:58 2018 us=791311 tmp_dir = '/tmp'
Fri Oct 19 18:56:58 2018 us=791333 push_ifconfig_defined = DISABLED
Fri Oct 19 18:56:58 2018 us=791359 push_ifconfig_local = 0.0.0.0
Fri Oct 19 18:56:58 2018 us=791383 push_ifconfig_remote_netmask = 0.0.0.0
Fri Oct 19 18:56:58 2018 us=791406 push_ifconfig_ipv6_defined = DISABLED
Fri Oct 19 18:56:58 2018 us=791431 push_ifconfig_ipv6_local = ::/0
Fri Oct 19 18:56:58 2018 us=791456 push_ifconfig_ipv6_remote = ::
Fri Oct 19 18:56:58 2018 us=791480 enable_c2c = DISABLED
Fri Oct 19 18:56:58 2018 us=791502 duplicate_cn = DISABLED
Fri Oct 19 18:56:58 2018 us=791525 cf_max = 0
Fri Oct 19 18:56:58 2018 us=791549 cf_per = 0
Fri Oct 19 18:56:58 2018 us=791574 max_clients = 1024
Fri Oct 19 18:56:58 2018 us=791596 max_routes_per_client = 256
Fri Oct 19 18:56:58 2018 us=791620 auth_user_pass_verify_script = '[UNDEF]'
Fri Oct 19 18:56:58 2018 us=791645 auth_user_pass_verify_script_via_file = DISABLED
Fri Oct 19 18:56:58 2018 us=791667 auth_token_generate = DISABLED
Fri Oct 19 18:56:58 2018 us=791690 auth_token_lifetime = 0
Fri Oct 19 18:56:58 2018 us=791714 port_share_host = '[UNDEF]'
Fri Oct 19 18:56:58 2018 us=791737 port_share_port = '[UNDEF]'
Fri Oct 19 18:56:58 2018 us=791760 client = ENABLED
Fri Oct 19 18:56:58 2018 us=791784 pull = ENABLED
Fri Oct 19 18:56:58 2018 us=791806 auth_user_pass_file = '[UNDEF]'
Fri Oct 19 18:56:58 2018 us=791836 OpenVPN 2.4.6 x86_64-redhat-linux-gnu [Fedora EPEL patched] [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 26 2018
Fri Oct 19 18:56:58 2018 us=791873 library versions: OpenSSL 1.0.2k-fips 26 Jan 2017, LZO 2.06
Fri Oct 19 18:56:58 2018 us=792028 PKCS#11: Adding PKCS#11 provider 'libcastle.so.1.0.0'
Fri Oct 19 18:56:59 2018 us=301755 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Fri Oct 19 18:57:00 2018 us=234706 LZO compression initializing
Fri Oct 19 18:57:00 2018 us=234890 Control Channel MTU parms [ L:1622 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Fri Oct 19 18:57:00 2018 us=259400 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 ]
Fri Oct 19 18:57:00 2018 us=259471 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Fri Oct 19 18:57:00 2018 us=259508 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Fri Oct 19 18:57:00 2018 us=259545 TCP/UDP: Preserving recently used remote address: [AF_INET]2xxxx:1194
Fri Oct 19 18:57:00 2018 us=259603 Socket Buffers: R=[212992->212992] S=[212992->212992]
Fri Oct 19 18:57:00 2018 us=259636 UDP link local: (not bound)
Fri Oct 19 18:57:00 2018 us=259662 UDP link remote: [AF_INET]2xxxx:21194
Fri Oct 19 18:57:00 2018 us=262337 TLS: Initial packet from [AF_INET]2xxx:1194, sid=53e3ad5e 3217ddca
Fri Oct 19 18:57:00 2018 us=268535 VERIFY OK: depth=1, CN=brain
Fri Oct 19 18:57:00 2018 us=268876 VERIFY OK: depth=0, CN=server
server
Code: Select all
Fri Oct 19 18:56:59 2018 xxxx:51492 TLS: Initial packet from [AF_INET]124.233.3.58:51492, sid=f4a4a159 f62f2335
Fri Oct 19 18:57:59 2018 xxxx:51492 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Fri Oct 19 18:57:59 2018 xxxx:51492 TLS Error: TLS handshake failed
Fri Oct 19 18:57:59 2018 xxx:51492 SIGUSR1[soft,tls-error] received, client-instance restarting
-
TinCanTech
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: Is it possible to write a pin code in the client configuration without the need for interactive input each time ?
Please post the output from "openvpn --version"
-
leo.liyu
- OpenVpn Newbie
- Posts: 10
- Joined: Wed Oct 17, 2018 7:13 am
Re: Is it possible to write a pin code in the client configuration without the need for interactive input each time ?
Does openvpn prompt you for the PIN ? No
Do you want to be able to pre-configure the PIN so you do not have to type it in ? yes
Now, I just want it to work under linux !
Do you want to be able to pre-configure the PIN so you do not have to type it in ? yes
Now, I just want it to work under linux !
-
leo.liyu
- OpenVpn Newbie
- Posts: 10
- Joined: Wed Oct 17, 2018 7:13 am
Re: Is it possible to write a pin code in the client configuration without the need for interactive input each time ?
Ver is OpenVPN 2.4.6 x86_64-redhat-linux-gnu
Code: Select all
Fri Oct 19 18:56:58 2018 us=791836 OpenVPN 2.4.6 x86_64-redhat-linux-gnu [Fedora EPEL patched] [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 26 2018
Fri Oct 19 18:56:58 2018 us=791873 library versions: OpenSSL 1.0.2k-fips 26 Jan 2017, LZO 2.06
-
leo.liyu
- OpenVpn Newbie
- Posts: 10
- Joined: Wed Oct 17, 2018 7:13 am
Re: Is it possible to write a pin code in the client configuration without the need for interactive input each time ?
[root@localhost openvpn]# openvpn --version
OpenVPN 2.4.6 x86_64-redhat-linux-gnu [Fedora EPEL patched] [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 26 2018
library versions: OpenSSL 1.0.2k-fips 26 Jan 2017, LZO 2.06
Originally developed by James Yonan
Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net>
Compile time defines: enable_async_push=no enable_comp_stub=no enable_crypto=yes enable_crypto_ofb_cfb=yes enable_debug=yes enable_def_auth=yes enable_dependency_tracking=no enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown enable_fast_install=yes enable_fragment=yes enable_iproute2=yes enable_libtool_lock=yes enable_lz4=yes enable_lzo=yes enable_management=yes enable_multihome=yes enable_pam_dlopen=no enable_pedantic=no enable_pf=yes enable_pkcs11=yes enable_plugin_auth_pam=yes enable_plugin_down_root=yes enable_plugins=yes enable_port_share=yes enable_selinux=yes enable_server=yes enable_shared=yes enable_shared_with_static_runtimes=no enable_small=no enable_static=yes enable_strict=no enable_strict_options=no enable_systemd=yes enable_werror=no enable_win32_dll=yes enable_x509_alt_username=yes with_aix_soname=aix with_crypto_library=openssl with_gnu_ld=yes with_mem_check=no with_sysroot=no
[root@localhost openvpn]#
OpenVPN 2.4.6 x86_64-redhat-linux-gnu [Fedora EPEL patched] [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 26 2018
library versions: OpenSSL 1.0.2k-fips 26 Jan 2017, LZO 2.06
Originally developed by James Yonan
Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net>
Compile time defines: enable_async_push=no enable_comp_stub=no enable_crypto=yes enable_crypto_ofb_cfb=yes enable_debug=yes enable_def_auth=yes enable_dependency_tracking=no enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown enable_fast_install=yes enable_fragment=yes enable_iproute2=yes enable_libtool_lock=yes enable_lz4=yes enable_lzo=yes enable_management=yes enable_multihome=yes enable_pam_dlopen=no enable_pedantic=no enable_pf=yes enable_pkcs11=yes enable_plugin_auth_pam=yes enable_plugin_down_root=yes enable_plugins=yes enable_port_share=yes enable_selinux=yes enable_server=yes enable_shared=yes enable_shared_with_static_runtimes=no enable_small=no enable_static=yes enable_strict=no enable_strict_options=no enable_systemd=yes enable_werror=no enable_win32_dll=yes enable_x509_alt_username=yes with_aix_soname=aix with_crypto_library=openssl with_gnu_ld=yes with_mem_check=no with_sysroot=no
[root@localhost openvpn]#
-
TinCanTech
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: Is it possible to write a pin code in the client configuration without the need for interactive input each time ?
This appears to be something which has been lingering for some time.
https://community.openvpn.net/openvpn/ticket/538
If openvpn does not prompt for the PIN then this will not work either.
Currently, it seems that Openvpn on Linux does not support your smart card.
-
leo.liyu
- OpenVpn Newbie
- Posts: 10
- Joined: Wed Oct 17, 2018 7:13 am
Re: Is it possible to write a pin code in the client configuration without the need for interactive input each time ?
Got it
Thank you for your reply !
Thank you for your reply !