I want to change the internal openvpn subnet from 10.8.0.0/24 to 10.12.11.0/24. I changed the line "server 10.8.0.0 255.255.255.0" to "server 10.12.11.0 255.255.255.0" in the server.conf, however it does not work.
Here are the important lines from the client log:
Fri Jun 26 16:33:11 2020 us=93183 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Fri Jun 26 16:33:11 2020 us=93218 /sbin/ip link set dev tun0 up mtu 1500
Fri Jun 26 16:33:11 2020 us=96553 /sbin/ip addr add dev tun0 10.8.0.3/24 broadcast 10.8.0.255
Fri Jun 26 16:33:11 2020 us=106503 /sbin/ip route add 10.12.12.0/24 via 10.12.11.1
As you can see, the client still adds the old subnet. What can I do to solve this problem? I tried adding (ifconfig 10.12.11.0 255.255.255.0" to the server.conf, but it did not change anything.
All logs (minus personal information):
Server log:
Code: Select all
Jun 26 16:42:19 Serpent ovpn-server[12326]: Current Parameter Settings:
Jun 26 16:42:19 Serpent ovpn-server[12326]: config = '/etc/openvpn/server.conf'
Jun 26 16:42:19 Serpent ovpn-server[12326]: mode = 1
Jun 26 16:42:19 Serpent ovpn-server[12326]: persist_config = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]: persist_mode = 1
Jun 26 16:42:19 Serpent ovpn-server[12326]: show_ciphers = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]: show_digests = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]: show_engines = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]: genkey = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]: key_pass_file = '[UNDEF]'
Jun 26 16:42:19 Serpent ovpn-server[12326]: show_tls_ciphers = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]: connect_retry_max = 0
Jun 26 16:42:19 Serpent ovpn-server[12326]: Connection profiles [0]:
Jun 26 16:42:19 Serpent ovpn-server[12326]: proto = udp
Jun 26 16:42:19 Serpent ovpn-server[12326]: local = '[UNDEF]'
Jun 26 16:42:19 Serpent ovpn-server[12326]: local_port = '1194'
Jun 26 16:42:19 Serpent ovpn-server[12326]: remote = '[UNDEF]'
Jun 26 16:42:19 Serpent ovpn-server[12326]: remote_port = '1194'
Jun 26 16:42:19 Serpent ovpn-server[12326]: remote_float = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]: bind_defined = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]: bind_local = ENABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]: bind_ipv6_only = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]: connect_retry_seconds = 5
Jun 26 16:42:19 Serpent ovpn-server[12326]: connect_timeout = 120
Jun 26 16:42:19 Serpent ovpn-server[12326]: socks_proxy_server = '[UNDEF]'
Jun 26 16:42:19 Serpent ovpn-server[12326]: socks_proxy_port = '[UNDEF]'
Jun 26 16:42:19 Serpent ovpn-server[12326]: tun_mtu = 1500
Jun 26 16:42:19 Serpent ovpn-server[12326]: tun_mtu_defined = ENABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]: link_mtu = 1500
Jun 26 16:42:19 Serpent ovpn-server[12326]: link_mtu_defined = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]: tun_mtu_extra = 0
Jun 26 16:42:19 Serpent ovpn-server[12326]: tun_mtu_extra_defined = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]: mtu_discover_type = -1
Jun 26 16:42:19 Serpent ovpn-server[12326]: fragment = 0
Jun 26 16:42:19 Serpent ovpn-server[12326]: mssfix = 1450
Jun 26 16:42:19 Serpent ovpn-server[12326]: explicit_exit_notification = 0
Jun 26 16:42:19 Serpent ovpn-server[12326]: Connection profiles END
Jun 26 16:42:19 Serpent ovpn-server[12326]: remote_random = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]: ipchange = '[UNDEF]'
Jun 26 16:42:19 Serpent ovpn-server[12326]: dev = 'tun'
Jun 26 16:42:19 Serpent ovpn-server[12326]: dev_type = '[UNDEF]'
Jun 26 16:42:19 Serpent ovpn-server[12326]: dev_node = '[UNDEF]'
Jun 26 16:42:19 Serpent ovpn-server[12326]: lladdr = '[UNDEF]'
Jun 26 16:42:19 Serpent ovpn-server[12326]: topology = 3
Jun 26 16:42:19 Serpent ovpn-server[12326]: ifconfig_local = '10.12.11.1'
Jun 26 16:42:19 Serpent ovpn-server[12326]: ifconfig_remote_netmask = '255.255.255.0'
Jun 26 16:42:19 Serpent ovpn-server[12326]: ifconfig_noexec = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]: ifconfig_nowarn = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]: ifconfig_ipv6_local = '[UNDEF]'
Jun 26 16:42:19 Serpent ovpn-server[12326]: ifconfig_ipv6_netbits = 0
Jun 26 16:42:19 Serpent ovpn-server[12326]: ifconfig_ipv6_remote = '[UNDEF]'
Jun 26 16:42:19 Serpent ovpn-server[12326]: shaper = 0
Jun 26 16:42:19 Serpent ovpn-server[12326]: mtu_test = 0
Jun 26 16:42:19 Serpent ovpn-server[12326]: mlock = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]: keepalive_ping = 15
Jun 26 16:42:19 Serpent ovpn-server[12326]: keepalive_timeout = 120
Jun 26 16:42:19 Serpent ovpn-server[12326]: inactivity_timeout = 0
Jun 26 16:42:19 Serpent ovpn-server[12326]: ping_send_timeout = 15
Jun 26 16:42:19 Serpent ovpn-server[12326]: ping_rec_timeout = 240
Jun 26 16:42:19 Serpent ovpn-server[12326]: ping_rec_timeout_action = 2
Jun 26 16:42:19 Serpent ovpn-server[12326]: ping_timer_remote = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]: remap_sigusr1 = 0
Jun 26 16:42:19 Serpent ovpn-server[12326]: persist_tun = ENABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]: persist_local_ip = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]: persist_remote_ip = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]: persist_key = ENABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]: passtos = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]: resolve_retry_seconds = 1000000000
Jun 26 16:42:19 Serpent ovpn-server[12326]: resolve_in_advance = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]: username = 'openvpn'
Jun 26 16:42:19 Serpent ovpn-server[12326]: groupname = 'openvpn'
Jun 26 16:42:19 Serpent ovpn-server[12326]: chroot_dir = '[UNDEF]'
Jun 26 16:42:19 Serpent ovpn-server[12326]: cd_dir = '/etc/openvpn'
Jun 26 16:42:19 Serpent ovpn-server[12326]: writepid = '/run/openvpn/server.pid'
Jun 26 16:42:19 Serpent ovpn-server[12326]: up_script = '[UNDEF]'
Jun 26 16:42:19 Serpent ovpn-server[12326]: down_script = '[UNDEF]'
Jun 26 16:42:19 Serpent ovpn-server[12326]: down_pre = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]: up_restart = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]: up_delay = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]: daemon = ENABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]: inetd = 0
Jun 26 16:42:19 Serpent ovpn-server[12326]: log = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]: suppress_timestamps = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]: machine_readable_output = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]: nice = 0
Jun 26 16:42:19 Serpent ovpn-server[12326]: verbosity = 5
Jun 26 16:42:19 Serpent ovpn-server[12326]: mute = 0
Jun 26 16:42:19 Serpent ovpn-server[12326]: gremlin = 0
Jun 26 16:42:19 Serpent ovpn-server[12326]: status_file = '/var/log/openvpn-status.log'
Jun 26 16:42:19 Serpent ovpn-server[12326]: status_file_version = 3
Jun 26 16:42:19 Serpent ovpn-server[12326]: status_file_update_freq = 20
Jun 26 16:42:19 Serpent ovpn-server[12326]: occ = ENABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]: rcvbuf = 0
Jun 26 16:42:19 Serpent ovpn-server[12326]: sndbuf = 0
Jun 26 16:42:19 Serpent ovpn-server[12326]: mark = 0
Jun 26 16:42:19 Serpent ovpn-server[12326]: sockflags = 0
Jun 26 16:42:19 Serpent ovpn-server[12326]: fast_io = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]: comp.alg = 0
Jun 26 16:42:19 Serpent ovpn-server[12326]: comp.flags = 0
Jun 26 16:42:19 Serpent ovpn-server[12326]: route_script = '[UNDEF]'
Jun 26 16:42:19 Serpent ovpn-server[12326]: route_default_gateway = '10.12.11.2'
Jun 26 16:42:19 Serpent ovpn-server[12326]: route_default_metric = 0
Jun 26 16:42:19 Serpent ovpn-server[12326]: route_noexec = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]: route_delay = 0
Jun 26 16:42:19 Serpent ovpn-server[12326]: route_delay_window = 30
Jun 26 16:42:19 Serpent ovpn-server[12326]: route_delay_defined = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]: route_nopull = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]: route_gateway_via_dhcp = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]: allow_pull_fqdn = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]: management_addr = '[UNDEF]'
Jun 26 16:42:19 Serpent ovpn-server[12326]: management_port = '[UNDEF]'
Jun 26 16:42:19 Serpent ovpn-server[12326]: management_user_pass = '[UNDEF]'
Jun 26 16:42:19 Serpent ovpn-server[12326]: management_log_history_cache = 250
Jun 26 16:42:19 Serpent ovpn-server[12326]: management_echo_buffer_size = 100
Jun 26 16:42:19 Serpent ovpn-server[12326]: management_write_peer_info_file = '[UNDEF]'
Jun 26 16:42:19 Serpent ovpn-server[12326]: management_client_user = '[UNDEF]'
Jun 26 16:42:19 Serpent ovpn-server[12326]: management_client_group = '[UNDEF]'
Jun 26 16:42:19 Serpent ovpn-server[12326]: management_flags = 0
Jun 26 16:42:19 Serpent ovpn-server[12326]: shared_secret_file = '[UNDEF]'
Jun 26 16:42:19 Serpent ovpn-server[12326]: key_direction = not set
Jun 26 16:42:19 Serpent ovpn-server[12326]: ciphername = 'AES-256-CBC'
Jun 26 16:42:19 Serpent ovpn-server[12326]: ncp_enabled = ENABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]: ncp_ciphers = 'AES-256-GCM:AES-128-GCM'
Jun 26 16:42:19 Serpent ovpn-server[12326]: authname = 'SHA256'
Jun 26 16:42:19 Serpent ovpn-server[12326]: prng_hash = 'SHA1'
Jun 26 16:42:19 Serpent ovpn-server[12326]: prng_nonce_secret_len = 16
Jun 26 16:42:19 Serpent ovpn-server[12326]: keysize = 0
Jun 26 16:42:19 Serpent ovpn-server[12326]: engine = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]: replay = ENABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]: mute_replay_warnings = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]: replay_window = 64
Jun 26 16:42:19 Serpent ovpn-server[12326]: replay_time = 15
Jun 26 16:42:19 Serpent ovpn-server[12326]: packet_id_file = '[UNDEF]'
Jun 26 16:42:19 Serpent ovpn-server[12326]: use_iv = ENABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]: test_crypto = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]: tls_server = ENABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]: tls_client = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]: key_method = 2
Jun 26 16:42:19 Serpent ovpn-server[12326]: ca_file = '/etc/openvpn/easy-rsa/pki/ca.crt'
Jun 26 16:42:19 Serpent ovpn-server[12326]: ca_path = '[UNDEF]'
Jun 26 16:42:19 Serpent ovpn-server[12326]: dh_file = '[UNDEF]'
Jun 26 16:42:19 Serpent ovpn-server[12326]: cert_file = '/etc/openvpn/easy-rsa/pki/issued/redacted.crt'
Jun 26 16:42:19 Serpent ovpn-server[12326]: extra_certs_file = '[UNDEF]'
Jun 26 16:42:19 Serpent ovpn-server[12326]: priv_key_file = '/etc/openvpn/easy-rsa/pki/private/redacted.key'
Jun 26 16:42:19 Serpent ovpn-server[12326]: pkcs12_file = '[UNDEF]'
Jun 26 16:42:19 Serpent ovpn-server[12326]: cipher_list = '[UNDEF]'
Jun 26 16:42:19 Serpent ovpn-server[12326]: cipher_list_tls13 = '[UNDEF]'
Jun 26 16:42:19 Serpent ovpn-server[12326]: tls_cert_profile = '[UNDEF]'
Jun 26 16:42:19 Serpent ovpn-server[12326]: tls_verify = '[UNDEF]'
Jun 26 16:42:19 Serpent ovpn-server[12326]: tls_export_cert = '[UNDEF]'
Jun 26 16:42:19 Serpent ovpn-server[12326]: verify_x509_type = 0
Jun 26 16:42:19 Serpent ovpn-server[12326]: verify_x509_name = '[UNDEF]'
Jun 26 16:42:19 Serpent ovpn-server[12326]: crl_file = '/etc/openvpn/crl.pem'
Jun 26 16:42:19 Serpent ovpn-server[12326]: ns_cert_type = 0
Jun 26 16:42:19 Serpent ovpn-server[12326]: remote_cert_ku[i] = 65535
Jun 26 16:42:19 Serpent ovpn-server[12326]: remote_cert_ku[i] = 0
Jun 26 16:42:19 Serpent ovpn-server[12326]: remote_cert_ku[i] = 0
Jun 26 16:42:19 Serpent ovpn-server[12326]: remote_cert_ku[i] = 0
Jun 26 16:42:19 Serpent ovpn-server[12326]: remote_cert_ku[i] = 0
Jun 26 16:42:19 Serpent ovpn-server[12326]: remote_cert_ku[i] = 0
Jun 26 16:42:19 Serpent ovpn-server[12326]: remote_cert_ku[i] = 0
Jun 26 16:42:19 Serpent ovpn-server[12326]: remote_cert_ku[i] = 0
Jun 26 16:42:19 Serpent ovpn-server[12326]: remote_cert_ku[i] = 0
Jun 26 16:42:19 Serpent ovpn-server[12326]: remote_cert_ku[i] = 0
Jun 26 16:42:19 Serpent ovpn-server[12326]: remote_cert_ku[i] = 0
Jun 26 16:42:19 Serpent ovpn-server[12326]: remote_cert_ku[i] = 0
Jun 26 16:42:19 Serpent ovpn-server[12326]: remote_cert_ku[i] = 0
Jun 26 16:42:19 Serpent ovpn-server[12326]: remote_cert_ku[i] = 0
Jun 26 16:42:19 Serpent ovpn-server[12326]: remote_cert_ku[i] = 0
Jun 26 16:42:19 Serpent ovpn-server[12326]: remote_cert_ku[i] = 0
Jun 26 16:42:19 Serpent ovpn-server[12326]: remote_cert_eku = 'TLS Web Client Authentication'
Jun 26 16:42:19 Serpent ovpn-server[12326]: ssl_flags = 192
Jun 26 16:42:19 Serpent ovpn-server[12326]: tls_timeout = 2
Jun 26 16:42:19 Serpent ovpn-server[12326]: renegotiate_bytes = -1
Jun 26 16:42:19 Serpent ovpn-server[12326]: renegotiate_packets = 0
Jun 26 16:42:19 Serpent ovpn-server[12326]: renegotiate_seconds = 3600
Jun 26 16:42:19 Serpent ovpn-server[12326]: handshake_window = 60
Jun 26 16:42:19 Serpent ovpn-server[12326]: transition_window = 3600
Jun 26 16:42:19 Serpent ovpn-server[12326]: single_session = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]: push_peer_info = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]: tls_exit = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]: tls_auth_file = '[UNDEF]'
Jun 26 16:42:19 Serpent ovpn-server[12326]: tls_crypt_file = '/etc/openvpn/easy-rsa/pki/ta.key'
Jun 26 16:42:19 Serpent ovpn-server[12326]: pkcs11_protected_authentication = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]: pkcs11_protected_authentication = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]: pkcs11_protected_authentication = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]: pkcs11_protected_authentication = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]: pkcs11_protected_authentication = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]: pkcs11_protected_authentication = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]: pkcs11_protected_authentication = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]: pkcs11_protected_authentication = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]: pkcs11_protected_authentication = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]: pkcs11_protected_authentication = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]: pkcs11_protected_authentication = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]: pkcs11_protected_authentication = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]: pkcs11_protected_authentication = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]: pkcs11_protected_authentication = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]: pkcs11_protected_authentication = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]: pkcs11_protected_authentication = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]: pkcs11_private_mode = 00000000
Jun 26 16:42:19 Serpent ovpn-server[12326]: pkcs11_private_mode = 00000000
Jun 26 16:42:19 Serpent ovpn-server[12326]: pkcs11_private_mode = 00000000
Jun 26 16:42:19 Serpent ovpn-server[12326]: pkcs11_private_mode = 00000000
Jun 26 16:42:19 Serpent ovpn-server[12326]: pkcs11_private_mode = 00000000
Jun 26 16:42:19 Serpent ovpn-server[12326]: pkcs11_private_mode = 00000000
Jun 26 16:42:19 Serpent ovpn-server[12326]: pkcs11_private_mode = 00000000
Jun 26 16:42:19 Serpent ovpn-server[12326]: pkcs11_private_mode = 00000000
Jun 26 16:42:19 Serpent ovpn-server[12326]: pkcs11_private_mode = 00000000
Jun 26 16:42:19 Serpent ovpn-server[12326]: pkcs11_private_mode = 00000000
Jun 26 16:42:19 Serpent ovpn-server[12326]: pkcs11_private_mode = 00000000
Jun 26 16:42:19 Serpent ovpn-server[12326]: pkcs11_private_mode = 00000000
Jun 26 16:42:19 Serpent ovpn-server[12326]: pkcs11_private_mode = 00000000
Jun 26 16:42:19 Serpent ovpn-server[12326]: pkcs11_private_mode = 00000000
Jun 26 16:42:19 Serpent ovpn-server[12326]: pkcs11_private_mode = 00000000
Jun 26 16:42:19 Serpent ovpn-server[12326]: pkcs11_private_mode = 00000000
Jun 26 16:42:19 Serpent ovpn-server[12326]: pkcs11_cert_private = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]: pkcs11_cert_private = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]: pkcs11_cert_private = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]: pkcs11_cert_private = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]: pkcs11_cert_private = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]: pkcs11_cert_private = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]: pkcs11_cert_private = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]: pkcs11_cert_private = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]: pkcs11_cert_private = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]: pkcs11_cert_private = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]: pkcs11_cert_private = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]: pkcs11_cert_private = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]: pkcs11_cert_private = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]: pkcs11_cert_private = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]: pkcs11_cert_private = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]: pkcs11_cert_private = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]: pkcs11_pin_cache_period = -1
Jun 26 16:42:19 Serpent ovpn-server[12326]: pkcs11_id = '[UNDEF]'
Jun 26 16:42:19 Serpent ovpn-server[12326]: pkcs11_id_management = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]: server_network = 10.12.11.0
Jun 26 16:42:19 Serpent ovpn-server[12326]: server_netmask = 255.255.255.0
Jun 26 16:42:19 Serpent ovpn-server[12326]: server_network_ipv6 = ::
Jun 26 16:42:19 Serpent ovpn-server[12326]: server_netbits_ipv6 = 0
Jun 26 16:42:19 Serpent ovpn-server[12326]: server_bridge_ip = 0.0.0.0
Jun 26 16:42:19 Serpent ovpn-server[12326]: server_bridge_netmask = 0.0.0.0
Jun 26 16:42:19 Serpent ovpn-server[12326]: server_bridge_pool_start = 0.0.0.0
Jun 26 16:42:19 Serpent ovpn-server[12326]: server_bridge_pool_end = 0.0.0.0
Jun 26 16:42:19 Serpent ovpn-server[12326]: push_entry = 'route 10.12.12.0 255.255.255.0'
Jun 26 16:42:19 Serpent ovpn-server[12326]: push_entry = 'route-gateway 10.12.11.1'
Jun 26 16:42:19 Serpent ovpn-server[12326]: push_entry = 'topology subnet'
Jun 26 16:42:19 Serpent ovpn-server[12326]: push_entry = 'ping 15'
Jun 26 16:42:19 Serpent ovpn-server[12326]: push_entry = 'ping-restart 120'
Jun 26 16:42:19 Serpent ovpn-server[12326]: ifconfig_pool_defined = ENABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]: ifconfig_pool_start = 10.12.11.2
Jun 26 16:42:19 Serpent ovpn-server[12326]: ifconfig_pool_end = 10.12.11.253
Jun 26 16:42:19 Serpent ovpn-server[12326]: ifconfig_pool_netmask = 255.255.255.0
Jun 26 16:42:19 Serpent ovpn-server[12326]: ifconfig_pool_persist_filename = '[UNDEF]'
Jun 26 16:42:19 Serpent ovpn-server[12326]: ifconfig_pool_persist_refresh_freq = 600
Jun 26 16:42:19 Serpent ovpn-server[12326]: ifconfig_ipv6_pool_defined = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]: ifconfig_ipv6_pool_base = ::
Jun 26 16:42:19 Serpent ovpn-server[12326]: ifconfig_ipv6_pool_netbits = 0
Jun 26 16:42:19 Serpent ovpn-server[12326]: n_bcast_buf = 256
Jun 26 16:42:19 Serpent ovpn-server[12326]: tcp_queue_limit = 64
Jun 26 16:42:19 Serpent ovpn-server[12326]: real_hash_size = 256
Jun 26 16:42:19 Serpent ovpn-server[12326]: virtual_hash_size = 256
Jun 26 16:42:19 Serpent ovpn-server[12326]: client_connect_script = '[UNDEF]'
Jun 26 16:42:19 Serpent ovpn-server[12326]: learn_address_script = '[UNDEF]'
Jun 26 16:42:19 Serpent ovpn-server[12326]: client_disconnect_script = '[UNDEF]'
Jun 26 16:42:19 Serpent ovpn-server[12326]: client_config_dir = '/etc/openvpn/ccd'
Jun 26 16:42:19 Serpent ovpn-server[12326]: ccd_exclusive = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]: tmp_dir = '/tmp'
Jun 26 16:42:19 Serpent ovpn-server[12326]: push_ifconfig_defined = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]: push_ifconfig_local = 0.0.0.0
Jun 26 16:42:19 Serpent ovpn-server[12326]: push_ifconfig_remote_netmask = 0.0.0.0
Jun 26 16:42:19 Serpent ovpn-server[12326]: push_ifconfig_ipv6_defined = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]: push_ifconfig_ipv6_local = ::/0
Jun 26 16:42:19 Serpent ovpn-server[12326]: push_ifconfig_ipv6_remote = ::
Jun 26 16:42:19 Serpent ovpn-server[12326]: enable_c2c = ENABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]: duplicate_cn = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]: cf_max = 0
Jun 26 16:42:19 Serpent ovpn-server[12326]: cf_per = 0
Jun 26 16:42:19 Serpent ovpn-server[12326]: max_clients = 1024
Jun 26 16:42:19 Serpent ovpn-server[12326]: max_routes_per_client = 256
Jun 26 16:42:19 Serpent ovpn-server[12326]: auth_user_pass_verify_script = '[UNDEF]'
Jun 26 16:42:19 Serpent ovpn-server[12326]: auth_user_pass_verify_script_via_file = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]: auth_token_generate = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]: auth_token_lifetime = 0
Jun 26 16:42:19 Serpent ovpn-server[12326]: port_share_host = '[UNDEF]'
Jun 26 16:42:19 Serpent ovpn-server[12326]: port_share_port = '[UNDEF]'
Jun 26 16:42:19 Serpent ovpn-server[12326]: client = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]: pull = DISABLED
Jun 26 16:42:19 Serpent ovpn-server[12326]: auth_user_pass_file = '[UNDEF]'
Jun 26 16:42:19 Serpent ovpn-server[12326]: OpenVPN 2.4.7 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 20 2019
Jun 26 16:42:19 Serpent ovpn-server[12326]: library versions: OpenSSL 1.1.1d 10 Sep 2019, LZO 2.10
Jun 26 16:42:19 Serpent ovpn-server[12326]: ECDH curve prime256v1 added
Jun 26 16:42:19 Serpent ovpn-server[12326]: Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Jun 26 16:42:19 Serpent ovpn-server[12326]: Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Jun 26 16:42:19 Serpent ovpn-server[12326]: Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Jun 26 16:42:19 Serpent ovpn-server[12326]: Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Jun 26 16:42:19 Serpent ovpn-server[12326]: TLS-Auth MTU parms [ L:1621 D:1156 EF:94 EB:0 ET:0 EL:3 ]
Jun 26 16:42:19 Serpent ovpn-server[12326]: TUN/TAP device tun0 opened
Jun 26 16:42:19 Serpent ovpn-server[12326]: TUN/TAP TX queue length set to 100
Jun 26 16:42:19 Serpent ovpn-server[12326]: do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Jun 26 16:42:19 Serpent ovpn-server[12326]: /sbin/ip link set dev tun0 up mtu 1500
Jun 26 16:42:19 Serpent ovpn-server[12326]: /sbin/ip addr add dev tun0 10.12.11.1/24 broadcast 10.12.11.255
Jun 26 16:42:19 Serpent ovpn-server[12326]: Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
Jun 26 16:42:19 Serpent ovpn-server[12326]: Could not determine IPv4/IPv6 protocol. Using AF_INET
Jun 26 16:42:19 Serpent ovpn-server[12326]: Socket Buffers: R=[163840->163840] S=[163840->163840]
Jun 26 16:42:19 Serpent ovpn-server[12326]: UDPv4 link local (bound): [AF_INET][undef]:1194
Jun 26 16:42:19 Serpent ovpn-server[12326]: UDPv4 link remote: [AF_UNSPEC]
Jun 26 16:42:19 Serpent ovpn-server[12326]: GID set to openvpn
Jun 26 16:42:19 Serpent ovpn-server[12326]: UID set to openvpn
Jun 26 16:42:19 Serpent ovpn-server[12326]: MULTI: multi_init called, r=256 v=256
Jun 26 16:42:19 Serpent ovpn-server[12326]: IFCONFIG POOL: base=10.12.11.2 size=252, ipv6=0
Jun 26 16:42:19 Serpent ovpn-server[12326]: Initialization Sequence Completed
Jun 26 16:42:30 Serpent ovpn-server[12326]: MULTI: multi_create_instance called
Jun 26 16:42:30 Serpent ovpn-server[12326]: myip:49469 Re-using SSL/TLS context
Jun 26 16:42:30 Serpent ovpn-server[12326]: myip:49469 Control Channel MTU parms [ L:1621 D:1156 EF:94 EB:0 ET:0 EL:3 ]
Jun 26 16:42:30 Serpent ovpn-server[12326]: myip:49469 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
Jun 26 16:42:30 Serpent ovpn-server[12326]: myip:49469 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1569,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA256,keysize 256,key-method 2,tls-server'
Jun 26 16:42:30 Serpent ovpn-server[12326]: myip:49469 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1569,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA256,keysize 256,key-method 2,tls-client'
Jun 26 16:42:30 Serpent ovpn-server[12326]: myip:49469 TLS: Initial packet from [AF_INET]myip:49469, sid=b9468b53 f5fe98c8
Jun 26 16:42:30 Serpent ovpn-server[12326]: myip:49469 VERIFY OK: depth=1, CN=ChangeMe
Jun 26 16:42:30 Serpent ovpn-server[12326]: myip:49469 VERIFY KU OK
Jun 26 16:42:30 Serpent ovpn-server[12326]: myip:49469 Validating certificate extended key usage
Jun 26 16:42:30 Serpent ovpn-server[12326]: myip:49469 ++ Certificate has EKU (str) TLS Web Client Authentication, expects TLS Web Client Authentication
Jun 26 16:42:30 Serpent ovpn-server[12326]: myip:49469 VERIFY EKU OK
Jun 26 16:42:30 Serpent ovpn-server[12326]: myip:49469 VERIFY OK: depth=0, CN=hashcat
Jun 26 16:42:30 Serpent ovpn-server[12326]: myip:49469 peer info: IV_VER=2.4.9
Jun 26 16:42:30 Serpent ovpn-server[12326]: myip:49469 peer info: IV_PLAT=linux
Jun 26 16:42:30 Serpent ovpn-server[12326]: myip:49469 peer info: IV_PROTO=2
Jun 26 16:42:30 Serpent ovpn-server[12326]: myip:49469 peer info: IV_NCP=2
Jun 26 16:42:30 Serpent ovpn-server[12326]: myip:49469 peer info: IV_LZ4=1
Jun 26 16:42:30 Serpent ovpn-server[12326]: myip:49469 peer info: IV_LZ4v2=1
Jun 26 16:42:30 Serpent ovpn-server[12326]: myip:49469 peer info: IV_LZO=1
Jun 26 16:42:30 Serpent ovpn-server[12326]: myip:49469 peer info: IV_COMP_STUB=1
Jun 26 16:42:30 Serpent ovpn-server[12326]: myip:49469 peer info: IV_COMP_STUBv2=1
Jun 26 16:42:30 Serpent ovpn-server[12326]: myip:49469 peer info: IV_TCPNL=1
Jun 26 16:42:30 Serpent ovpn-server[12326]: myip:49469 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384, 256 bit EC, curve: prime256v1
Jun 26 16:42:30 Serpent ovpn-server[12326]: myip:49469 [pc] Peer Connection Initiated with [AF_INET]myip:49469
Jun 26 16:42:30 Serpent ovpn-server[12326]: pc/myip:49469 OPTIONS IMPORT: reading client specific options from: /etc/openvpn/ccd/hashcat
Jun 26 16:42:30 Serpent ovpn-server[12326]: pc/myip:49469 MULTI ERROR: primary virtual IP for hashcat/myip:49469 (10.8.0.3) violates tunnel network/netmask constraint (10.12.11.0/255.255.255.0)
Jun 26 16:42:30 Serpent ovpn-server[12326]: pc/myip:49469 MULTI: Learn: 10.8.0.3 -> hashcat/myip:49469
Jun 26 16:42:30 Serpent ovpn-server[12326]: pc/myip:49469 MULTI: primary virtual IP for hashcat/myip:49469: 10.8.0.3
Jun 26 16:42:31 Serpent ovpn-server[12326]: pc/myip:49469 PUSH: Received control message: 'PUSH_REQUEST'
Jun 26 16:42:31 Serpent ovpn-server[12326]: pc/myip:49469 SENT CONTROL [hashcat]: 'PUSH_REPLY,route 10.12.12.0 255.255.255.0,route-gateway 10.12.11.1,topology subnet,ping 15,ping-restart 120,ifconfig 10.8.0.3 255.255.255.0,peer-id 0,cipher AES-256-GCM' (status=1)
Jun 26 16:42:31 Serpent ovpn-server[12326]: pc/myip:49469 Data Channel: using negotiated cipher 'AES-256-GCM'
Jun 26 16:42:31 Serpent ovpn-server[12326]: pc/myip:49469 Data Channel MTU parms [ L:1549 D:1450 EF:49 EB:406 ET:0 EL:3 ]
Jun 26 16:42:31 Serpent ovpn-server[12326]: pc/myip:49469 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Jun 26 16:42:31 Serpent ovpn-server[12326]: pc/myip:49469 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Code: Select all
Fri Jun 26 16:55:34 2020 us=198444 OpenVPN 2.4.9 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 16 2020
Fri Jun 26 16:55:34 2020 us=198473 library versions: OpenSSL 1.0.2g 1 Mar 2016, LZO 2.08
Fri Jun 26 16:55:34 2020 us=198672 WARNING: using --pull/--client and --ifconfig together is probably not what you want
Enter Private Key Password: **********
Fri Jun 26 16:55:36 2020 us=65829 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Fri Jun 26 16:55:36 2020 us=65900 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Fri Jun 26 16:55:36 2020 us=65925 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Fri Jun 26 16:55:36 2020 us=65955 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Fri Jun 26 16:55:36 2020 us=66105 Control Channel MTU parms [ L:1621 D:1156 EF:94 EB:0 ET:0 EL:3 ]
Fri Jun 26 16:55:36 2020 us=68663 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
Fri Jun 26 16:55:36 2020 us=68751 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1569,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA256,keysize 256,key-method 2,tls-client'
Fri Jun 26 16:55:36 2020 us=68777 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1569,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA256,keysize 256,key-method 2,tls-server'
Fri Jun 26 16:55:36 2020 us=68805 TCP/UDP: Preserving recently used remote address: [AF_INET]188.104.144.52:1194
Fri Jun 26 16:55:36 2020 us=68851 Socket Buffers: R=[212992->212992] S=[212992->212992]
Fri Jun 26 16:55:36 2020 us=68873 UDP link local: (not bound)
Fri Jun 26 16:55:36 2020 us=68891 UDP link remote: [AF_INET]remoteip:1194
WRFri Jun 26 16:55:36 2020 us=98206 TLS: Initial packet from [AF_INET]remoteip:1194, sid=23286c93 b1b5db01
WWRWRFri Jun 26 16:55:36 2020 us=140527 VERIFY OK: depth=1, CN=ChangeMe
Fri Jun 26 16:55:36 2020 us=141439 VERIFY KU OK
Fri Jun 26 16:55:36 2020 us=141481 Validating certificate extended key usage
Fri Jun 26 16:55:36 2020 us=141503 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Fri Jun 26 16:55:36 2020 us=141526 VERIFY EKU OK
Fri Jun 26 16:55:36 2020 us=141543 VERIFY X509NAME OK: CN=red.
Fri Jun 26 16:55:36 2020 us=141559 VERIFY OK: depth=0, CN=red
Fri Jun 26 16:55:36 2020 us=219532 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-ECDSA-AES256-GCM-SHA384, 256 bit EC, curve: prime256v1
Fri Jun 26 16:55:36 2020 us=219609 [red] Peer Connection Initiated with [AF_INET]remoteip:1194
Fri Jun 26 16:55:37 2020 us=389953 SENT CONTROL [red]: 'PUSH_REQUEST' (status=1)
Fri Jun 26 16:55:37 2020 us=420334 PUSH: Received control message: 'PUSH_REPLY,route 10.12.12.0 255.255.255.0,route-gateway 10.12.11.1,topology subnet,ping 15,ping-restart 120,ifconfig 10.8.0.3 255.255.255.0,peer-id 1,cipher AES-256-GCM'
Fri Jun 26 16:55:37 2020 us=420501 OPTIONS IMPORT: timers and/or timeouts modified
Fri Jun 26 16:55:37 2020 us=420529 OPTIONS IMPORT: --ifconfig/up options modified
Fri Jun 26 16:55:37 2020 us=420547 OPTIONS IMPORT: route options modified
Fri Jun 26 16:55:37 2020 us=420563 OPTIONS IMPORT: route-related options modified
Fri Jun 26 16:55:37 2020 us=420580 OPTIONS IMPORT: peer-id set
Fri Jun 26 16:55:37 2020 us=420597 OPTIONS IMPORT: adjusting link_mtu to 1624
Fri Jun 26 16:55:37 2020 us=420613 OPTIONS IMPORT: data channel crypto options modified
Fri Jun 26 16:55:37 2020 us=420631 Data Channel: using negotiated cipher 'AES-256-GCM'
Fri Jun 26 16:55:37 2020 us=420660 Data Channel MTU parms [ L:1552 D:1450 EF:52 EB:406 ET:0 EL:3 ]
Fri Jun 26 16:55:37 2020 us=420828 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Fri Jun 26 16:55:37 2020 us=420853 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Fri Jun 26 16:55:37 2020 us=421096 ROUTE_GATEWAY 10.11.11.1/255.255.255.0 IFACE=enp59s0 HWADDR=80:fa:5b:21:05:53
Fri Jun 26 16:55:37 2020 us=421730 TUN/TAP device tun0 opened
Fri Jun 26 16:55:37 2020 us=421817 TUN/TAP TX queue length set to 100
Fri Jun 26 16:55:37 2020 us=421856 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Fri Jun 26 16:55:37 2020 us=421891 /sbin/ip link set dev tun0 up mtu 1500
Fri Jun 26 16:55:37 2020 us=424710 /sbin/ip addr add dev tun0 10.8.0.3/24 broadcast 10.8.0.255
Fri Jun 26 16:55:37 2020 us=440392 /sbin/ip route add 10.12.12.0/24 via 10.12.11.1
RTNETLINK answers: Network is unreachable
Fri Jun 26 16:55:37 2020 us=443652 ERROR: Linux route add command failed: external program exited with error status: 2
Fri Jun 26 16:55:37 2020 us=443760 Initialization Sequence Completed
Fri Jun 26 16:55:39 2020 us=291818 event_wait : Interrupted system call (code=4)
Fri Jun 26 16:55:39 2020 us=292197 TCP/UDP: Closing socket
Fri Jun 26 16:55:39 2020 us=292310 Closing TUN/TAP interface
Fri Jun 26 16:55:39 2020 us=292348 /sbin/ip addr del dev tun0 10.8.0.3/24
Fri Jun 26 16:55:39 2020 us=324385 SIGINT[hard,] received, process exiting
server
dev tun
proto udp
port 1194
ca /etc/openvpn/easy-rsa/pki/ca.crt
cert /etc/openvpn/easy-rsa/pki/issued/red.crt
key /etc/openvpn/easy-rsa/pki/private/red.key
dh none
ecdh-curve prime256v1
topology subnet
server 10.12.11.0 255.255.255.0
# Set your primary domain name server address for clients
#push "dhcp-option DNS 10.8.0.1"
#push "block-outside-dns"
# Override the Client default gateway by using 0.0.0.0/1 and
# 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of
# overriding but not wiping out the original default gateway.
#push "redirect-gateway def1"
#push "route 10.11.12.1 255.255.255.255"
#push "route 10.11.12.0 255.255.255.0"
push "route 10.12.12.0 255.255.255.0"
client-to-client
client-config-dir /etc/openvpn/ccd
keepalive 15 120
remote-cert-tls client
tls-version-min 1.2
tls-crypt /etc/openvpn/easy-rsa/pki/ta.key
cipher AES-256-CBC
auth SHA256
user openvpn
group openvpn
persist-key
persist-tun
crl-verify /etc/openvpn/crl.pem
status /var/log/openvpn-status.log 20
status-version 3
syslog
verb 5
#DuplicateCNs allow access control on a less-granular, per user basis.
#Remove # if you will manage access by user instead of device.
#duplicate-cn
# Generated for use by PiVPN.io