Since a long time I run an OpenVPN Server on my own desktop. I use it to connect to it when I am in a different country.
OpenVPN 2.4.4 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Sep 26 2017
I can connect to it from my Notebook Client and everything works fine.
I have a Asus RT-AC88U Router set up as VPN Client. It used to run fine, but a firmware upgrade about a year ago stopped it. I tried to find what I have to changed in my config, but I failed. I did a firmware downgrade and all was find again. This router is behind another router and a firewall, so not direct danger. It is used for devices that can not install OpenVPN.
However, Asus brought out many versions of firmware since and has now forced new firmware on my router and does not let me downgrade anymore, so my VPN config does not work anymore. I urgently need it. The router allows me to activate the config and it looks like he routes through the VPN, but everything gets lost.
Can you see anything from that log?
Code: Select all
Aug 19 21:47:42 vpnclient5[2804]: OpenVPN 2.4.7 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Aug 11 2020
Aug 19 21:47:42 vpnclient5[2804]: library versions: OpenSSL 1.0.2u 20 Dec 2019, LZO 2.03
Aug 19 21:47:42 vpnclient5[2805]: WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
Aug 19 21:47:42 vpnclient5[2805]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Aug 19 21:47:42 vpnclient5[2805]: TCP/UDP: Preserving recently used remote address: [AF_INET]xx.xxx.xxx.xxx:1194
Aug 19 21:47:42 vpnclient5[2805]: Socket Buffers: R=[122880->122880] S=[122880->122880]
Aug 19 21:47:42 vpnclient5[2805]: UDP link local: (not bound)
Aug 19 21:47:42 vpnclient5[2805]: UDP link remote: [AF_INET]xx.xxx.xxx.xxx:1194
Aug 19 21:47:42 vpnclient5[2805]: TLS: Initial packet from [AF_INET]xx.xxx.xxx.xxx:1194, sid=64f3fd16 05b0e844
Aug 19 21:47:42 vpnclient5[2805]: VERIFY OK: depth=1, C=US, ST=CA, L=SanFrancisco, O=OpenVPN, OU=changeme, CN=changeme, name=changeme, emailAddress=mail@host.domain
Aug 19 21:47:42 vpnclient5[2805]: VERIFY OK: nsCertType=SERVER
Aug 19 21:47:42 vpnclient5[2805]: VERIFY OK: depth=0, C=US, ST=CA, L=SanFrancisco, O=OpenVPN, OU=changeme, CN=changeme, name=changeme, emailAddress=mail@host.domain
Aug 19 21:47:43 vpnclient5[2805]: Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 4096 bit RSA
Aug 19 21:47:43 vpnclient5[2805]: [changeme] Peer Connection Initiated with [AF_INET]xx.xxx.xxx.xxx:1194
Aug 19 21:47:44 vpnclient5[2805]: SENT CONTROL [changeme]: 'PUSH_REQUEST' (status=1)
Aug 19 21:47:44 vpnclient5[2805]: PUSH: Received control message: 'PUSH_REPLY,route 192.168.3.0 255.255.255.0,route 112.125.202.100 255.255.255.255 net_gateway,route 198.61.209.236 255.255.255.255 net_gateway,route 166.78.4.254 255.255.255.255 net_gateway,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5,peer-id 0,cipher AES-256-GCM'
Aug 19 21:47:44 vpnclient5[2805]: OPTIONS IMPORT: timers and/or timeouts modified
Aug 19 21:47:44 vpnclient5[2805]: OPTIONS IMPORT: --ifconfig/up options modified
Aug 19 21:47:44 vpnclient5[2805]: OPTIONS IMPORT: route options modified
Aug 19 21:47:44 vpnclient5[2805]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Aug 19 21:47:44 vpnclient5[2805]: OPTIONS IMPORT: peer-id set
Aug 19 21:47:44 vpnclient5[2805]: OPTIONS IMPORT: adjusting link_mtu to 1625
Aug 19 21:47:44 vpnclient5[2805]: OPTIONS IMPORT: data channel crypto options modified
Aug 19 21:47:44 vpnclient5[2805]: Data Channel: using negotiated cipher 'AES-256-GCM'
Aug 19 21:47:44 vpnclient5[2805]: Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Aug 19 21:47:44 vpnclient5[2805]: Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Aug 19 21:47:44 vpnclient5[2805]: TUN/TAP device tun15 opened
Aug 19 21:47:44 vpnclient5[2805]: TUN/TAP TX queue length set to 100
Aug 19 21:47:44 vpnclient5[2805]: /sbin/ifconfig tun15 10.8.0.6 pointopoint 10.8.0.5 mtu 1500
Aug 19 21:47:44 vpnclient5[2805]: /etc/openvpn/ovpn-up tun15 1500 1553 10.8.0.6 10.8.0.5 init
Aug 19 21:47:46 vpnclient5[2805]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Aug 19 21:47:46 vpnclient5[2805]: Initialization Sequence Completed