Bridge client on Ubuntu not working
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
-
- OpenVpn Newbie
- Posts: 5
- Joined: Fri May 14, 2021 4:24 am
Bridge client on Ubuntu not working
I have had that frustrating experience for weeks.
OpenVPN server 2.5.1 on FreeBSD 12.2, configured as a bridge. Clients get a dynamic IP from some DHCP server on my network.
Windows clients is working out of the box. So that validates that the server is running fine and I have no issue with my username/password/TLS auth.
But I cannot make the Ubuntu client work:
- the connection can be established with no issue;
- as soon as I ifconfig tap0 up, I can see various packets coming in tcpdump;
- dhclient tap0 gets me a proper IP address;
- but then no other poackets seem to cross the interfaces, On the server I see no packet coming from the client, and on the client I see no packet comming from the server.
I must be doing something horibly wrong, but I cannot find any information on my problem.
TIA.
Olivier
OpenVPN server 2.5.1 on FreeBSD 12.2, configured as a bridge. Clients get a dynamic IP from some DHCP server on my network.
Windows clients is working out of the box. So that validates that the server is running fine and I have no issue with my username/password/TLS auth.
But I cannot make the Ubuntu client work:
- the connection can be established with no issue;
- as soon as I ifconfig tap0 up, I can see various packets coming in tcpdump;
- dhclient tap0 gets me a proper IP address;
- but then no other poackets seem to cross the interfaces, On the server I see no packet coming from the client, and on the client I see no packet comming from the server.
I must be doing something horibly wrong, but I cannot find any information on my problem.
TIA.
Olivier
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: Bridge client on Ubuntu not working
-
- OpenVpn Newbie
- Posts: 5
- Joined: Fri May 14, 2021 4:24 am
Re: Bridge client on Ubuntu not working
Here is the full configuration:
Server: FreeBSD 12.2 running as a VMware guest on ESXi 6.5 (I already set the virtual switch in promiscuous mode).
Operating system:
Network:
Configuration:
local 192.41.XX.YY
port 1194
proto udp
dev tap0
ca /usr/local/etc/openvpn/pki/ca.crt
cert /usr/local/etc/openvpn/pki/issued/server.crt
key /usr/local/etc/openvpn/pki/private/server.key # This file should be kept secret
dh /usr/local/ssl/dh/dh2048.pem
server-bridge
client-to-client
keepalive 10 120
tls-auth /usr/local/ssl/ta/ta.key 0 # This file is secret
data-ciphers-fallback AES-256-CBC # because deprecated?
user openvpn
group openvpn
persist-key
persist-tun
status openvpn-status.log
verb 4
explicit-exit-notify 1
plugin /usr/local/lib/openvpn/plugins/openvpn-plugin-auth-pam.so openvpn
verify-client-cert require
tun-mtu 1500
script-security 2 # must be 2 to allow the script bellow
up /usr/local/etc/openvpn/script/up # stoping openvpn down the interface
crl-verify /usr/local/etc/openvpn/crl.pem
chroot /var/chroot/openvpn
Log:
Client: Ubuntu 20.04
Operating system:
Network configuration (before launching OpenVPN):
Client configuration:
olivier@olivier:~$ cat ~/Downloads/CSIM-on.ovpn
# --------------------------------------------------------
# CSIM VPN | https://cs.ait.ac.th/laboratory/vpn/
# Created on: 2021/4/7 15:7
# OpenVPN Client Configuration
# Client on@cs.ait.ac.th
# --------------------------------------------------------
client
dev tap
remote aa.bb.ac.th 1194
resolv-retry infinite
nobind
persist-key
persist-tun
auth-nocache
route-delay 5
verb 4
remote-cert-tls server
#data-ciphers-fallback AES-256-CBC
proto udp
key-direction 1
# link-mtu 1589
tun-mtu 1500
auth-user-pass
explicit-exit-notify 1
keepalive 10 120
keysize 256
# client: on
<ca>
-----BEGIN CERTIFICATE-----
M...
-----END CERTIFICATE-----
</ca>
<cert>
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
...
-----BEGIN CERTIFICATE-----
M...
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN ENCRYPTED PRIVATE KEY-----
M...
-----END ENCRYPTED PRIVATE KEY-----
</key>
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
9...
-----END OpenVPN Static key V1-----
</tls-auth>
olivier@olivier:~$
Launching OpenVPN on client:
The last line of the log is after I started DHCP on tap0.
Then I bring the tap0 interface up and request an IP:
Server log after the client connection:
I think the server is not an issue because the Windows client is working fine. But I get no "network" on Ubuntu:
I suspect a stupid routing thing on Ubuntu, but I cannot see it.
TIA
Olivier
Server: FreeBSD 12.2 running as a VMware guest on ESXi 6.5 (I already set the virtual switch in promiscuous mode).
Operating system:
Code: Select all
vpn<on>73: uname -a
FreeBSD aa.bb.ac.th 12.2-RELEASE-p6 FreeBSD 12.2-RELEASE-p6 r369585 GENERIC amd64
vpn<on>74: openvpn --version
OpenVPN 2.5.1 amd64-portbld-freebsd12.2 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Mar 23 2021
library versions: OpenSSL 1.1.1h-freebsd 22 Sep 2020, LZO 2.10
Originally developed by James Yonan
Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net>
Compile time defines: enable_async_push=no enable_comp_stub=no enable_crypto_ofb_cfb=yes enable_debug=yes enable_def_auth=yes enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown enable_fast_install=needless enable_fragment=yes enable_iproute2=no enable_libtool_lock=yes enable_lz4=yes enable_lzo=yes enable_management=yes enable_multihome=yes enable_pam_dlopen=no enable_pedantic=no enable_pf=yes enable_pkcs11=no enable_plugin_auth_pam=yes enable_plugin_down_root=yes enable_plugins=yes enable_port_share=yes enable_selinux=no enable_shared=yes enable_shared_with_static_runtimes=no enable_silent_rules=no enable_small=no enable_static=yes enable_strict=yes enable_strict_options=no enable_systemd=no enable_werror=no enable_win32_dll=yes enable_x509_alt_username=no with_aix_soname=aix with_crypto_library=openssl with_gnu_ld=yes with_mem_check=no with_sysroot=no
vpn<on>75:
Code: Select all
vpn<on>68: ifconfig -a
vmx0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=a400b9<RXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,VLAN_HWTSO,RXCSUM_IPV6>
ether 00:0c:29:90:ec:84
inet 192.41.XX.YY netmask 0xffffff00 broadcast 192.41.XX.YY
status: active
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
vmx1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=e403bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,VLAN_HWTSO,RXCSUM_IPV6,TXCSUM_IPV6>
ether 00:0c:29:90:ec:8e
inet 10.41.XX.YY netmask 0xffffff00 broadcast 10.41.XX.YY
media: Ethernet autoselect
status: active
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
inet 127.0.0.1 netmask 0xff000000
groups: lo
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
tap0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=80000<LINKSTATE>
ether 58:9c:fc:10:d9:6b
groups: tap
media: Ethernet autoselect
status: active
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
Opened by PID 9329
bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
ether 02:06:66:fd:9a:00
id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
maxage 20 holdcnt 6 proto stp-rstp maxaddr 2000 timeout 1200
root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
member: tap0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
ifmaxaddr 0 port 4 priority 128 path cost 2000000
member: vmx0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
ifmaxaddr 0 port 1 priority 128 path cost 2000
groups: bridge
nd6 options=9<PERFORMNUD,IFDISABLED>
vpn<on>69:
server
local 192.41.XX.YY
port 1194
proto udp
dev tap0
ca /usr/local/etc/openvpn/pki/ca.crt
cert /usr/local/etc/openvpn/pki/issued/server.crt
key /usr/local/etc/openvpn/pki/private/server.key # This file should be kept secret
dh /usr/local/ssl/dh/dh2048.pem
server-bridge
client-to-client
keepalive 10 120
tls-auth /usr/local/ssl/ta/ta.key 0 # This file is secret
data-ciphers-fallback AES-256-CBC # because deprecated?
user openvpn
group openvpn
persist-key
persist-tun
status openvpn-status.log
verb 4
explicit-exit-notify 1
plugin /usr/local/lib/openvpn/plugins/openvpn-plugin-auth-pam.so openvpn
verify-client-cert require
tun-mtu 1500
script-security 2 # must be 2 to allow the script bellow
up /usr/local/etc/openvpn/script/up # stoping openvpn down the interface
crl-verify /usr/local/etc/openvpn/crl.pem
chroot /var/chroot/openvpn
Log:
Code: Select all
Operating system:
Code: Select all
olivier@olivier:~$ openvpn --version
OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 27 2021
library versions: OpenSSL 1.1.1f 31 Mar 2020, LZO 2.10
Originally developed by James Yonan
Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net>
Compile time defines: enable_async_push=no enable_comp_stub=no enable_crypto=yes enable_crypto_ofb_cfb=yes enable_debug=yes enable_def_auth=yes enable_dependency_tracking=no enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown enable_fast_install=needless enable_fragment=yes enable_iproute2=yes enable_libtool_lock=yes enable_lz4=yes enable_lzo=yes enable_maintainer_mode=no enable_management=yes enable_multihome=yes enable_pam_dlopen=no enable_pedantic=no enable_pf=yes enable_pkcs11=yes enable_plugin_auth_pam=yes enable_plugin_down_root=yes enable_plugins=yes enable_port_share=yes enable_selinux=no enable_server=yes enable_shared=yes enable_shared_with_static_runtimes=no enable_silent_rules=no enable_small=no enable_static=yes enable_strict=no enable_strict_options=no enable_systemd=yes enable_werror=no enable_win32_dll=yes enable_x509_alt_username=yes with_aix_soname=aix with_crypto_library=openssl with_gnu_ld=yes with_mem_check=no with_sysroot=no
olivier@olivier:~$
Code: Select all
olivier@olivier:~$ ifconfig -a
enp8s0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
ether 34:64:a9:be:6d:4a txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 81838 bytes 47875842 (47.8 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 81838 bytes 47875842 (47.8 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
wlo1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.0.50 netmask 255.255.255.0 broadcast 192.168.0.255
inet6 fe80::4dc7:da1:f67f:fb2d prefixlen 64 scopeid 0x20<link>
ether 30:3a:64:5a:46:50 txqueuelen 1000 (Ethernet)
RX packets 14618253 bytes 19314444536 (19.3 GB)
RX errors 0 dropped 581 overruns 0 frame 0
TX packets 2208285 bytes 359788640 (359.7 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
olivier@olivier:~$
[code]
Serverlog before connection:
[code]
May 28 15:35:00 vpn openvpn[9328]: Current Parameter Settings:
May 28 15:35:00 vpn openvpn[9328]: config = '/usr/local/etc/openvpn/openvpn.conf'
May 28 15:35:00 vpn openvpn[9328]: mode = 1
May 28 15:35:00 vpn openvpn[9328]: show_ciphers = DISABLED
May 28 15:35:00 vpn openvpn[9328]: show_digests = DISABLED
May 28 15:35:00 vpn openvpn[9328]: show_engines = DISABLED
May 28 15:35:00 vpn openvpn[9328]: genkey = DISABLED
May 28 15:35:00 vpn openvpn[9328]: genkey_filename = '[UNDEF]'
May 28 15:35:00 vpn openvpn[9328]: key_pass_file = '[UNDEF]'
May 28 15:35:00 vpn openvpn[9328]: show_tls_ciphers = DISABLED
May 28 15:35:00 vpn openvpn[9328]: connect_retry_max = 0
May 28 15:35:00 vpn openvpn[9328]: Connection profiles [0]:
May 28 15:35:00 vpn openvpn[9328]: proto = udp
May 28 15:35:00 vpn openvpn[9328]: local = '192.41.XX.YY'
May 28 15:35:00 vpn openvpn[9328]: local_port = '1194'
May 28 15:35:00 vpn openvpn[9328]: remote = '[UNDEF]'
May 28 15:35:00 vpn openvpn[9328]: remote_port = '1194'
May 28 15:35:00 vpn openvpn[9328]: remote_float = DISABLED
May 28 15:35:00 vpn openvpn[9328]: bind_defined = DISABLED
May 28 15:35:00 vpn openvpn[9328]: bind_local = ENABLED
May 28 15:35:00 vpn openvpn[9328]: bind_ipv6_only = DISABLED
May 28 15:35:00 vpn openvpn[9328]: connect_retry_seconds = 5
May 28 15:35:00 vpn openvpn[9328]: connect_timeout = 120
May 28 15:35:00 vpn openvpn[9328]: socks_proxy_server = '[UNDEF]'
May 28 15:35:00 vpn openvpn[9328]: socks_proxy_port = '[UNDEF]'
May 28 15:35:00 vpn openvpn[9328]: tun_mtu = 1500
May 28 15:35:00 vpn openvpn[9328]: tun_mtu_defined = ENABLED
May 28 15:35:00 vpn openvpn[9328]: link_mtu = 1500
May 28 15:35:00 vpn openvpn[9328]: link_mtu_defined = DISABLED
May 28 15:35:00 vpn openvpn[9328]: tun_mtu_extra = 32
May 28 15:35:00 vpn openvpn[9328]: tun_mtu_extra_defined = ENABLED
May 28 15:35:00 vpn openvpn[9328]: mtu_discover_type = -1
May 28 15:35:00 vpn openvpn[9328]: fragment = 0
May 28 15:35:00 vpn openvpn[9328]: mssfix = 1450
May 28 15:35:00 vpn openvpn[9328]: explicit_exit_notification = 1
May 28 15:35:00 vpn openvpn[9328]: tls_auth_file = '[INLINE]'
May 28 15:35:00 vpn openvpn[9328]: key_direction = 0
May 28 15:35:00 vpn openvpn[9328]: tls_crypt_file = '[UNDEF]'
May 28 15:35:00 vpn openvpn[9328]: tls_crypt_v2_file = '[UNDEF]'
May 28 15:35:00 vpn openvpn[9328]: Connection profiles END
May 28 15:35:00 vpn openvpn[9328]: remote_random = DISABLED
May 28 15:35:00 vpn openvpn[9328]: ipchange = '[UNDEF]'
May 28 15:35:00 vpn openvpn[9328]: dev = 'tap0'
May 28 15:35:00 vpn openvpn[9328]: dev_type = '[UNDEF]'
May 28 15:35:00 vpn openvpn[9328]: dev_node = '[UNDEF]'
May 28 15:35:00 vpn openvpn[9328]: lladdr = '[UNDEF]'
May 28 15:35:00 vpn openvpn[9328]: topology = 1
May 28 15:35:00 vpn openvpn[9328]: ifconfig_local = '[UNDEF]'
May 28 15:35:00 vpn openvpn[9328]: ifconfig_remote_netmask = '[UNDEF]'
May 28 15:35:00 vpn openvpn[9328]: ifconfig_noexec = DISABLED
May 28 15:35:00 vpn openvpn[9328]: ifconfig_nowarn = DISABLED
May 28 15:35:00 vpn openvpn[9328]: ifconfig_ipv6_local = '[UNDEF]'
May 28 15:35:00 vpn openvpn[9328]: ifconfig_ipv6_netbits = 0
May 28 15:35:00 vpn openvpn[9328]: ifconfig_ipv6_remote = '[UNDEF]'
May 28 15:35:00 vpn openvpn[9328]: shaper = 0
May 28 15:35:00 vpn openvpn[9328]: mtu_test = 0
May 28 15:35:00 vpn openvpn[9328]: mlock = DISABLED
May 28 15:35:00 vpn openvpn[9328]: keepalive_ping = 10
May 28 15:35:00 vpn openvpn[9328]: keepalive_timeout = 120
May 28 15:35:00 vpn openvpn[9328]: inactivity_timeout = 0
May 28 15:35:00 vpn openvpn[9328]: ping_send_timeout = 10
May 28 15:35:00 vpn openvpn[9328]: ping_rec_timeout = 240
May 28 15:35:00 vpn openvpn[9328]: ping_rec_timeout_action = 2
May 28 15:35:00 vpn openvpn[9328]: ping_timer_remote = DISABLED
May 28 15:35:00 vpn openvpn[9328]: remap_sigusr1 = 0
May 28 15:35:00 vpn openvpn[9328]: persist_tun = ENABLED
May 28 15:35:00 vpn openvpn[9328]: persist_local_ip = DISABLED
May 28 15:35:00 vpn openvpn[9328]: persist_remote_ip = DISABLED
May 28 15:35:00 vpn openvpn[9328]: persist_key = ENABLED
May 28 15:35:00 vpn openvpn[9328]: passtos = DISABLED
May 28 15:35:00 vpn openvpn[9328]: resolve_retry_seconds = 1000000000
May 28 15:35:00 vpn openvpn[9328]: resolve_in_advance = DISABLED
May 28 15:35:00 vpn openvpn[9328]: username = 'openvpn'
May 28 15:35:00 vpn openvpn[9328]: groupname = 'openvpn'
May 28 15:35:00 vpn openvpn[9328]: chroot_dir = '/var/chroot/openvpn'
May 28 15:35:00 vpn openvpn[9328]: cd_dir = '/usr/local/etc/openvpn'
May 28 15:35:00 vpn openvpn[9328]: writepid = '/var/run/openvpn.pid'
May 28 15:35:00 vpn openvpn[9328]: up_script = '/usr/local/etc/openvpn/script/up'
May 28 15:35:00 vpn openvpn[9328]: down_script = '[UNDEF]'
May 28 15:35:00 vpn openvpn[9328]: down_pre = DISABLED
May 28 15:35:00 vpn openvpn[9328]: up_restart = DISABLED
May 28 15:35:00 vpn openvpn[9328]: up_delay = DISABLED
May 28 15:35:00 vpn openvpn[9328]: daemon = ENABLED
May 28 15:35:00 vpn openvpn[9328]: inetd = 0
May 28 15:35:00 vpn openvpn[9328]: log = DISABLED
May 28 15:35:00 vpn openvpn[9328]: suppress_timestamps = DISABLED
May 28 15:35:00 vpn openvpn[9328]: machine_readable_output = DISABLED
May 28 15:35:00 vpn openvpn[9328]: nice = 0
May 28 15:35:00 vpn openvpn[9328]: verbosity = 4
May 28 15:35:00 vpn openvpn[9328]: mute = 0
May 28 15:35:00 vpn openvpn[9328]: gremlin = 0
May 28 15:35:00 vpn openvpn[9328]: status_file = 'openvpn-status.log'
May 28 15:35:00 vpn openvpn[9328]: status_file_version = 1
May 28 15:35:00 vpn openvpn[9328]: status_file_update_freq = 60
May 28 15:35:00 vpn openvpn[9328]: occ = ENABLED
May 28 15:35:00 vpn openvpn[9328]: rcvbuf = 0
May 28 15:35:00 vpn openvpn[9328]: sndbuf = 0
May 28 15:35:00 vpn openvpn[9328]: sockflags = 0
May 28 15:35:00 vpn openvpn[9328]: fast_io = DISABLED
May 28 15:35:00 vpn openvpn[9328]: comp.alg = 0
May 28 15:35:00 vpn openvpn[9328]: comp.flags = 0
May 28 15:35:00 vpn openvpn[9328]: route_script = '[UNDEF]'
May 28 15:35:00 vpn openvpn[9328]: route_default_gateway = '[UNDEF]'
May 28 15:35:00 vpn openvpn[9328]: route_default_metric = 0
May 28 15:35:00 vpn openvpn[9328]: route_noexec = DISABLED
May 28 15:35:00 vpn openvpn[9328]: route_delay = 0
May 28 15:35:00 vpn openvpn[9328]: route_delay_window = 30
May 28 15:35:00 vpn openvpn[9328]: route_delay_defined = DISABLED
May 28 15:35:00 vpn openvpn[9328]: route_nopull = DISABLED
May 28 15:35:00 vpn openvpn[9328]: route_gateway_via_dhcp = DISABLED
May 28 15:35:00 vpn openvpn[9328]: allow_pull_fqdn = DISABLED
May 28 15:35:00 vpn openvpn[9328]: management_addr = '[UNDEF]'
May 28 15:35:00 vpn openvpn[9328]: management_port = '[UNDEF]'
May 28 15:35:00 vpn openvpn[9328]: management_user_pass = '[UNDEF]'
May 28 15:35:00 vpn openvpn[9328]: management_log_history_cache = 250
May 28 15:35:00 vpn openvpn[9328]: management_echo_buffer_size = 100
May 28 15:35:00 vpn openvpn[9328]: management_write_peer_info_file = '[UNDEF]'
May 28 15:35:00 vpn openvpn[9328]: management_client_user = '[UNDEF]'
May 28 15:35:00 vpn openvpn[9328]: management_client_group = '[UNDEF]'
May 28 15:35:00 vpn openvpn[9328]: management_flags = 0
May 28 15:35:00 vpn openvpn[9328]: plugin[0] /usr/local/lib/openvpn/plugins/openvpn-plugin-auth-pam.so '[/usr/local/lib/openvpn/plugins/openvpn-plugin-auth-pam.so] [openvpn]'
May 28 15:35:00 vpn openvpn[9328]: shared_secret_file = '[UNDEF]'
May 28 15:35:00 vpn openvpn[9328]: key_direction = 0
May 28 15:35:00 vpn openvpn[9328]: ciphername = 'AES-256-CBC'
May 28 15:35:00 vpn openvpn[9328]: ncp_enabled = ENABLED
May 28 15:35:00 vpn openvpn[9328]: ncp_ciphers = 'AES-256-GCM:AES-128-GCM'
May 28 15:35:00 vpn openvpn[9328]: authname = 'SHA1'
May 28 15:35:00 vpn openvpn[9328]: prng_hash = 'SHA1'
May 28 15:35:00 vpn openvpn[9328]: prng_nonce_secret_len = 16
May 28 15:35:00 vpn openvpn[9328]: keysize = 0
May 28 15:35:00 vpn openvpn[9328]: engine = DISABLED
May 28 15:35:00 vpn openvpn[9328]: replay = ENABLED
May 28 15:35:00 vpn openvpn[9328]: mute_replay_warnings = DISABLED
May 28 15:35:00 vpn openvpn[9328]: replay_window = 64
May 28 15:35:00 vpn openvpn[9328]: replay_time = 15
May 28 15:35:00 vpn openvpn[9328]: packet_id_file = '[UNDEF]'
May 28 15:35:00 vpn openvpn[9328]: test_crypto = DISABLED
May 28 15:35:00 vpn openvpn[9328]: tls_server = ENABLED
May 28 15:35:00 vpn openvpn[9328]: tls_client = DISABLED
May 28 15:35:00 vpn openvpn[9328]: ca_file = '/usr/local/etc/openvpn/pki/ca.crt'
May 28 15:35:00 vpn openvpn[9328]: ca_path = '[UNDEF]'
May 28 15:35:00 vpn openvpn[9328]: dh_file = '/usr/local/ssl/dh/dh2048.pem'
May 28 15:35:00 vpn openvpn[9328]: cert_file = '/usr/local/etc/openvpn/pki/issued/server.crt'
May 28 15:35:00 vpn openvpn[9328]: extra_certs_file = '[UNDEF]'
May 28 15:35:00 vpn openvpn[9328]: priv_key_file = '/usr/local/etc/openvpn/pki/private/server.key'
May 28 15:35:00 vpn openvpn[9328]: pkcs12_file = '[UNDEF]'
May 28 15:35:00 vpn openvpn[9328]: cipher_list = '[UNDEF]'
May 28 15:35:00 vpn openvpn[9328]: cipher_list_tls13 = '[UNDEF]'
May 28 15:35:00 vpn openvpn[9328]: tls_cert_profile = '[UNDEF]'
May 28 15:35:00 vpn openvpn[9328]: tls_verify = '[UNDEF]'
May 28 15:35:00 vpn openvpn[9328]: tls_export_cert = '[UNDEF]'
May 28 15:35:00 vpn openvpn[9328]: verify_x509_type = 0
May 28 15:35:00 vpn openvpn[9328]: verify_x509_name = '[UNDEF]'
May 28 15:35:00 vpn openvpn[9328]: crl_file = '/usr/local/etc/openvpn/crl.pem'
May 28 15:35:00 vpn openvpn[9328]: ns_cert_type = 0
May 28 15:35:00 vpn openvpn[9328]: remote_cert_ku[i] = 0
May 28 15:35:00 vpn openvpn[9328]: remote_cert_eku = '[UNDEF]'
May 28 15:35:00 vpn openvpn[9328]: ssl_flags = 0
May 28 15:35:00 vpn openvpn[9328]: tls_timeout = 2
May 28 15:35:00 vpn openvpn[9328]: renegotiate_bytes = -1
May 28 15:35:00 vpn openvpn[9328]: renegotiate_packets = 0
May 28 15:35:00 vpn openvpn[9328]: renegotiate_seconds = 3600
May 28 15:35:00 vpn openvpn[9328]: handshake_window = 60
May 28 15:35:00 vpn openvpn[9328]: transition_window = 3600
May 28 15:35:00 vpn openvpn[9328]: single_session = DISABLED
May 28 15:35:00 vpn openvpn[9328]: push_peer_info = DISABLED
May 28 15:35:00 vpn openvpn[9328]: tls_exit = DISABLED
May 28 15:35:00 vpn openvpn[9328]: tls_crypt_v2_metadata = '[UNDEF]'
May 28 15:35:00 vpn openvpn[9328]: server_network = 0.0.0.0
May 28 15:35:00 vpn openvpn[9328]: server_netmask = 0.0.0.0
May 28 15:35:00 vpn openvpn[9328]: server_network_ipv6 = ::
May 28 15:35:00 vpn openvpn[9328]: server_netbits_ipv6 = 0
May 28 15:35:00 vpn openvpn[9328]: server_bridge_ip = 0.0.0.0
May 28 15:35:00 vpn openvpn[9328]: server_bridge_netmask = 0.0.0.0
May 28 15:35:00 vpn openvpn[9328]: server_bridge_pool_start = 0.0.0.0
May 28 15:35:00 vpn openvpn[9328]: server_bridge_pool_end = 0.0.0.0
May 28 15:35:00 vpn openvpn[9328]: push_entry = 'route-gateway dhcp'
May 28 15:35:00 vpn openvpn[9328]: push_entry = 'ping 10'
May 28 15:35:00 vpn openvpn[9328]: push_entry = 'ping-restart 120'
May 28 15:35:00 vpn openvpn[9328]: ifconfig_pool_defined = DISABLED
May 28 15:35:00 vpn openvpn[9328]: ifconfig_pool_start = 0.0.0.0
May 28 15:35:00 vpn openvpn[9328]: ifconfig_pool_end = 0.0.0.0
May 28 15:35:00 vpn openvpn[9328]: ifconfig_pool_netmask = 0.0.0.0
May 28 15:35:00 vpn openvpn[9328]: ifconfig_pool_persist_filename = '[UNDEF]'
May 28 15:35:00 vpn openvpn[9328]: ifconfig_pool_persist_refresh_freq = 600
May 28 15:35:00 vpn openvpn[9328]: ifconfig_ipv6_pool_defined = DISABLED
May 28 15:35:00 vpn openvpn[9328]: ifconfig_ipv6_pool_base = ::
May 28 15:35:00 vpn openvpn[9328]: ifconfig_ipv6_pool_netbits = 0
May 28 15:35:00 vpn openvpn[9328]: n_bcast_buf = 256
May 28 15:35:00 vpn openvpn[9328]: tcp_queue_limit = 64
May 28 15:35:00 vpn openvpn[9328]: real_hash_size = 256
May 28 15:35:00 vpn openvpn[9328]: virtual_hash_size = 256
May 28 15:35:00 vpn openvpn[9328]: client_connect_script = '[UNDEF]'
May 28 15:35:00 vpn openvpn[9328]: learn_address_script = '[UNDEF]'
May 28 15:35:00 vpn openvpn[9328]: client_disconnect_script = '[UNDEF]'
May 28 15:35:00 vpn openvpn[9328]: client_config_dir = '[UNDEF]'
May 28 15:35:00 vpn openvpn[9328]: ccd_exclusive = DISABLED
May 28 15:35:00 vpn openvpn[9328]: tmp_dir = '/tmp'
May 28 15:35:00 vpn openvpn[9328]: push_ifconfig_defined = DISABLED
May 28 15:35:00 vpn openvpn[9328]: push_ifconfig_local = 0.0.0.0
May 28 15:35:00 vpn openvpn[9328]: push_ifconfig_remote_netmask = 0.0.0.0
May 28 15:35:00 vpn openvpn[9328]: push_ifconfig_ipv6_defined = DISABLED
May 28 15:35:00 vpn openvpn[9328]: push_ifconfig_ipv6_local = ::/0
May 28 15:35:00 vpn openvpn[9328]: push_ifconfig_ipv6_remote = ::
May 28 15:35:00 vpn openvpn[9328]: enable_c2c = ENABLED
May 28 15:35:00 vpn openvpn[9328]: duplicate_cn = DISABLED
May 28 15:35:00 vpn openvpn[9328]: cf_max = 0
May 28 15:35:00 vpn openvpn[9328]: cf_per = 0
May 28 15:35:00 vpn openvpn[9328]: max_clients = 1024
May 28 15:35:00 vpn openvpn[9328]: max_routes_per_client = 256
May 28 15:35:00 vpn openvpn[9328]: auth_user_pass_verify_script = '[UNDEF]'
May 28 15:35:00 vpn openvpn[9328]: auth_user_pass_verify_script_via_file = DISABLED
May 28 15:35:00 vpn openvpn[9328]: auth_token_generate = DISABLED
May 28 15:35:00 vpn openvpn[9328]: auth_token_lifetime = 0
May 28 15:35:00 vpn openvpn[9328]: auth_token_secret_file = '[UNDEF]'
May 28 15:35:00 vpn openvpn[9328]: port_share_host = '[UNDEF]'
May 28 15:35:00 vpn openvpn[9328]: port_share_port = '[UNDEF]'
May 28 15:35:00 vpn openvpn[9328]: vlan_tagging = DISABLED
May 28 15:35:00 vpn openvpn[9328]: vlan_accept = all
May 28 15:35:00 vpn openvpn[9328]: vlan_pvid = 1
May 28 15:35:00 vpn openvpn[9328]: client = DISABLED
May 28 15:35:00 vpn openvpn[9328]: pull = DISABLED
May 28 15:35:00 vpn openvpn[9328]: auth_user_pass_file = '[UNDEF]'
May 28 15:35:00 vpn openvpn[9328]: OpenVPN 2.5.1 amd64-portbld-freebsd12.2 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Mar 23 2021
May 28 15:35:00 vpn openvpn[9328]: library versions: OpenSSL 1.1.1h-freebsd 22 Sep 2020, LZO 2.10
May 28 15:35:00 vpn openvpn[9329]: NOTE: when bridging your LAN adapter with the TAP adapter, note that the new bridge adapter will often take on its own IP address that is different from what the LAN adapter was previously set to
May 28 15:35:00 vpn openvpn[9329]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
May 28 15:35:00 vpn openvpn[9330]: PLUGIN AUTH-PAM: BACKGROUND: INIT service='openvpn'
May 28 15:35:00 vpn openvpn[9329]: PLUGIN AUTH-PAM: initialization succeeded (fg)
May 28 15:35:00 vpn openvpn[9329]: PLUGIN_INIT: POST /usr/local/lib/openvpn/plugins/openvpn-plugin-auth-pam.so '[/usr/local/lib/openvpn/plugins/openvpn-plugin-auth-pam.so] [openvpn]' intercepted=PLUGIN_AUTH_USER_PASS_VERIFY
May 28 15:35:00 vpn openvpn[9330]: PLUGIN AUTH-PAM: BACKGROUND: initialization succeeded
May 28 15:35:00 vpn openvpn[9329]: Diffie-Hellman initialized with 2048 bit key
May 28 15:35:00 vpn openvpn[9329]: CRL: loaded 1 CRLs from file /usr/local/etc/openvpn/crl.pem
May 28 15:35:00 vpn openvpn[9329]: Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
May 28 15:35:00 vpn openvpn[9329]: Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
May 28 15:35:00 vpn openvpn[9329]: TLS-Auth MTU parms [ L:1653 D:1184 EF:66 EB:0 ET:0 EL:3 ]
May 28 15:35:00 vpn openvpn[9329]: TUN/TAP device tap0 exists previously, keep at program end
May 28 15:35:00 vpn openvpn[9329]: TUN/TAP device /dev/tap0 opened
May 28 15:35:00 vpn openvpn[9329]: do_ifconfig, ipv4=0, ipv6=0
May 28 15:35:00 vpn openvpn[9329]: /usr/local/etc/openvpn/script/up tap0 1500 1653 init
May 28 15:35:00 vpn openvpn[9329]: Data Channel MTU parms [ L:1653 D:1450 EF:121 EB:411 ET:32 EL:3 ]
May 28 15:35:00 vpn openvpn[9329]: Could not determine IPv4/IPv6 protocol. Using AF_INET
May 28 15:35:00 vpn openvpn[9329]: Socket Buffers: R=[42080->42080] S=[9216->9216]
May 28 15:35:00 vpn openvpn[9329]: UDPv4 link local (bound): [AF_INET]192.41.XX.YY:1194
May 28 15:35:00 vpn openvpn[9329]: UDPv4 link remote: [AF_UNSPEC]
May 28 15:35:00 vpn openvpn[9329]: chroot to '/var/chroot/openvpn' and cd to '/' succeeded
May 28 15:35:00 vpn openvpn[9329]: GID set to openvpn
May 28 15:35:00 vpn openvpn[9329]: UID set to openvpn
May 28 15:35:00 vpn openvpn[9329]: MULTI: multi_init called, r=256 v=256
May 28 15:35:00 vpn openvpn[9329]: Initialization Sequence Completed
client
olivier@olivier:~$ cat ~/Downloads/CSIM-on.ovpn
# --------------------------------------------------------
# CSIM VPN | https://cs.ait.ac.th/laboratory/vpn/
# Created on: 2021/4/7 15:7
# OpenVPN Client Configuration
# Client on@cs.ait.ac.th
# --------------------------------------------------------
client
dev tap
remote aa.bb.ac.th 1194
resolv-retry infinite
nobind
persist-key
persist-tun
auth-nocache
route-delay 5
verb 4
remote-cert-tls server
#data-ciphers-fallback AES-256-CBC
proto udp
key-direction 1
# link-mtu 1589
tun-mtu 1500
auth-user-pass
explicit-exit-notify 1
keepalive 10 120
keysize 256
# client: on
<ca>
-----BEGIN CERTIFICATE-----
M...
-----END CERTIFICATE-----
</ca>
<cert>
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
...
-----BEGIN CERTIFICATE-----
M...
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN ENCRYPTED PRIVATE KEY-----
M...
-----END ENCRYPTED PRIVATE KEY-----
</key>
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
9...
-----END OpenVPN Static key V1-----
</tls-auth>
olivier@olivier:~$
Launching OpenVPN on client:
Code: Select all
olivier@olivier:~$ sudo openvpn --config Downloads/CSIM-on.ovpn
[sudo] password for olivier:
Fri May 28 16:09:48 2021 us=99648 WARNING: --keysize is DEPRECATED and will be removed in OpenVPN 2.6
Fri May 28 16:09:48 2021 us=99683 Current Parameter Settings:
Fri May 28 16:09:48 2021 us=99704 config = 'Downloads/CSIM-on.ovpn'
Fri May 28 16:09:48 2021 us=99714 mode = 0
Fri May 28 16:09:48 2021 us=99722 persist_config = DISABLED
Fri May 28 16:09:48 2021 us=99731 persist_mode = 1
Fri May 28 16:09:48 2021 us=99740 show_ciphers = DISABLED
Fri May 28 16:09:48 2021 us=99748 show_digests = DISABLED
Fri May 28 16:09:48 2021 us=99756 show_engines = DISABLED
Fri May 28 16:09:48 2021 us=99765 genkey = DISABLED
Fri May 28 16:09:48 2021 us=99774 key_pass_file = '[UNDEF]'
Fri May 28 16:09:48 2021 us=99783 show_tls_ciphers = DISABLED
Fri May 28 16:09:48 2021 us=99793 connect_retry_max = 0
Fri May 28 16:09:48 2021 us=99802 Connection profiles [0]:
Fri May 28 16:09:48 2021 us=99811 proto = udp
Fri May 28 16:09:48 2021 us=99820 local = '[UNDEF]'
Fri May 28 16:09:48 2021 us=99829 local_port = '[UNDEF]'
Fri May 28 16:09:48 2021 us=99838 remote = 'aa.bb.ac.th'
Fri May 28 16:09:48 2021 us=99847 remote_port = '1194'
Fri May 28 16:09:48 2021 us=99857 remote_float = DISABLED
Fri May 28 16:09:48 2021 us=99866 bind_defined = DISABLED
Fri May 28 16:09:48 2021 us=99875 bind_local = DISABLED
Fri May 28 16:09:48 2021 us=99883 bind_ipv6_only = DISABLED
Fri May 28 16:09:48 2021 us=99893 connect_retry_seconds = 5
Fri May 28 16:09:48 2021 us=99900 connect_timeout = 120
Fri May 28 16:09:48 2021 us=99905 socks_proxy_server = '[UNDEF]'
Fri May 28 16:09:48 2021 us=99911 socks_proxy_port = '[UNDEF]'
Fri May 28 16:09:48 2021 us=99917 tun_mtu = 1500
Fri May 28 16:09:48 2021 us=99925 tun_mtu_defined = ENABLED
Fri May 28 16:09:48 2021 us=99932 link_mtu = 1500
Fri May 28 16:09:48 2021 us=99940 link_mtu_defined = DISABLED
Fri May 28 16:09:48 2021 us=99948 tun_mtu_extra = 32
Fri May 28 16:09:48 2021 us=99956 tun_mtu_extra_defined = ENABLED
Fri May 28 16:09:48 2021 us=99964 mtu_discover_type = -1
Fri May 28 16:09:48 2021 us=99973 fragment = 0
Fri May 28 16:09:48 2021 us=99980 mssfix = 1450
Fri May 28 16:09:48 2021 us=99988 explicit_exit_notification = 1
Fri May 28 16:09:48 2021 us=99996 Connection profiles END
Fri May 28 16:09:48 2021 us=100005 remote_random = DISABLED
Fri May 28 16:09:48 2021 us=100014 ipchange = '[UNDEF]'
Fri May 28 16:09:48 2021 us=100023 dev = 'tap'
Fri May 28 16:09:48 2021 us=100031 dev_type = '[UNDEF]'
Fri May 28 16:09:48 2021 us=100037 dev_node = '[UNDEF]'
Fri May 28 16:09:48 2021 us=100043 lladdr = '[UNDEF]'
Fri May 28 16:09:48 2021 us=100051 topology = 1
Fri May 28 16:09:48 2021 us=100061 ifconfig_local = '[UNDEF]'
Fri May 28 16:09:48 2021 us=100070 ifconfig_remote_netmask = '[UNDEF]'
Fri May 28 16:09:48 2021 us=100079 ifconfig_noexec = DISABLED
Fri May 28 16:09:48 2021 us=100088 ifconfig_nowarn = DISABLED
Fri May 28 16:09:48 2021 us=100096 ifconfig_ipv6_local = '[UNDEF]'
Fri May 28 16:09:48 2021 us=100103 ifconfig_ipv6_netbits = 0
Fri May 28 16:09:48 2021 us=100112 ifconfig_ipv6_remote = '[UNDEF]'
Fri May 28 16:09:48 2021 us=100121 shaper = 0
Fri May 28 16:09:48 2021 us=100129 mtu_test = 0
Fri May 28 16:09:48 2021 us=100138 mlock = DISABLED
Fri May 28 16:09:48 2021 us=100147 keepalive_ping = 10
Fri May 28 16:09:48 2021 us=100156 keepalive_timeout = 120
Fri May 28 16:09:48 2021 us=100165 inactivity_timeout = 0
Fri May 28 16:09:48 2021 us=100175 ping_send_timeout = 10
Fri May 28 16:09:48 2021 us=100184 ping_rec_timeout = 120
Fri May 28 16:09:48 2021 us=100193 ping_rec_timeout_action = 2
Fri May 28 16:09:48 2021 us=100203 ping_timer_remote = DISABLED
Fri May 28 16:09:48 2021 us=100212 remap_sigusr1 = 0
Fri May 28 16:09:48 2021 us=100221 persist_tun = ENABLED
Fri May 28 16:09:48 2021 us=100230 persist_local_ip = DISABLED
Fri May 28 16:09:48 2021 us=100239 persist_remote_ip = DISABLED
Fri May 28 16:09:48 2021 us=100249 persist_key = ENABLED
Fri May 28 16:09:48 2021 us=100258 passtos = DISABLED
Fri May 28 16:09:48 2021 us=100267 resolve_retry_seconds = 1000000000
Fri May 28 16:09:48 2021 us=100277 resolve_in_advance = DISABLED
Fri May 28 16:09:48 2021 us=100286 username = '[UNDEF]'
Fri May 28 16:09:48 2021 us=100295 groupname = '[UNDEF]'
Fri May 28 16:09:48 2021 us=100304 chroot_dir = '[UNDEF]'
Fri May 28 16:09:48 2021 us=100313 cd_dir = '[UNDEF]'
Fri May 28 16:09:48 2021 us=100323 writepid = '[UNDEF]'
Fri May 28 16:09:48 2021 us=100332 up_script = '[UNDEF]'
Fri May 28 16:09:48 2021 us=100341 down_script = '[UNDEF]'
Fri May 28 16:09:48 2021 us=100351 down_pre = DISABLED
Fri May 28 16:09:48 2021 us=100359 up_restart = DISABLED
Fri May 28 16:09:48 2021 us=100368 up_delay = DISABLED
Fri May 28 16:09:48 2021 us=100377 daemon = DISABLED
Fri May 28 16:09:48 2021 us=100386 inetd = 0
Fri May 28 16:09:48 2021 us=100396 log = DISABLED
Fri May 28 16:09:48 2021 us=100405 suppress_timestamps = DISABLED
Fri May 28 16:09:48 2021 us=100414 machine_readable_output = DISABLED
Fri May 28 16:09:48 2021 us=100423 nice = 0
Fri May 28 16:09:48 2021 us=100432 verbosity = 4
Fri May 28 16:09:48 2021 us=100441 mute = 0
Fri May 28 16:09:48 2021 us=100450 gremlin = 0
Fri May 28 16:09:48 2021 us=100460 status_file = '[UNDEF]'
Fri May 28 16:09:48 2021 us=100469 status_file_version = 1
Fri May 28 16:09:48 2021 us=100476 status_file_update_freq = 60
Fri May 28 16:09:48 2021 us=100482 occ = ENABLED
Fri May 28 16:09:48 2021 us=100488 rcvbuf = 0
Fri May 28 16:09:48 2021 us=100494 sndbuf = 0
Fri May 28 16:09:48 2021 us=100499 mark = 0
Fri May 28 16:09:48 2021 us=100505 sockflags = 0
Fri May 28 16:09:48 2021 us=100514 fast_io = DISABLED
Fri May 28 16:09:48 2021 us=100523 comp.alg = 0
Fri May 28 16:09:48 2021 us=100532 comp.flags = 0
Fri May 28 16:09:48 2021 us=100541 route_script = '[UNDEF]'
Fri May 28 16:09:48 2021 us=100549 route_default_gateway = '[UNDEF]'
Fri May 28 16:09:48 2021 us=100557 route_default_metric = 0
Fri May 28 16:09:48 2021 us=100564 route_noexec = DISABLED
Fri May 28 16:09:48 2021 us=100570 route_delay = 5
Fri May 28 16:09:48 2021 us=100576 route_delay_window = 30
Fri May 28 16:09:48 2021 us=100582 route_delay_defined = ENABLED
Fri May 28 16:09:48 2021 us=100588 route_nopull = DISABLED
Fri May 28 16:09:48 2021 us=100594 route_gateway_via_dhcp = DISABLED
Fri May 28 16:09:48 2021 us=100600 allow_pull_fqdn = DISABLED
Fri May 28 16:09:48 2021 us=100606 management_addr = '[UNDEF]'
Fri May 28 16:09:48 2021 us=100612 management_port = '[UNDEF]'
Fri May 28 16:09:48 2021 us=100618 management_user_pass = '[UNDEF]'
Fri May 28 16:09:48 2021 us=100624 management_log_history_cache = 250
Fri May 28 16:09:48 2021 us=100630 management_echo_buffer_size = 100
Fri May 28 16:09:48 2021 us=100637 management_write_peer_info_file = '[UNDEF]'
Fri May 28 16:09:48 2021 us=100643 management_client_user = '[UNDEF]'
Fri May 28 16:09:48 2021 us=100649 management_client_group = '[UNDEF]'
Fri May 28 16:09:48 2021 us=100655 management_flags = 0
Fri May 28 16:09:48 2021 us=100661 shared_secret_file = '[UNDEF]'
Fri May 28 16:09:48 2021 us=100667 key_direction = 1
Fri May 28 16:09:48 2021 us=100673 ciphername = 'BF-CBC'
Fri May 28 16:09:48 2021 us=100679 ncp_enabled = ENABLED
Fri May 28 16:09:48 2021 us=100685 ncp_ciphers = 'AES-256-GCM:AES-128-GCM'
Fri May 28 16:09:48 2021 us=100691 authname = 'SHA1'
Fri May 28 16:09:48 2021 us=100697 prng_hash = 'SHA1'
Fri May 28 16:09:48 2021 us=100703 prng_nonce_secret_len = 16
Fri May 28 16:09:48 2021 us=100708 keysize = 32
Fri May 28 16:09:48 2021 us=100714 engine = DISABLED
Fri May 28 16:09:48 2021 us=100719 replay = ENABLED
Fri May 28 16:09:48 2021 us=100725 mute_replay_warnings = DISABLED
Fri May 28 16:09:48 2021 us=100731 replay_window = 64
Fri May 28 16:09:48 2021 us=100737 replay_time = 15
Fri May 28 16:09:48 2021 us=100743 packet_id_file = '[UNDEF]'
Fri May 28 16:09:48 2021 us=100749 use_iv = ENABLED
Fri May 28 16:09:48 2021 us=100754 test_crypto = DISABLED
Fri May 28 16:09:48 2021 us=100760 tls_server = DISABLED
Fri May 28 16:09:48 2021 us=100766 tls_client = ENABLED
Fri May 28 16:09:48 2021 us=100772 key_method = 2
Fri May 28 16:09:48 2021 us=100778 ca_file = '[[INLINE]]'
Fri May 28 16:09:48 2021 us=100784 ca_path = '[UNDEF]'
Fri May 28 16:09:48 2021 us=100790 dh_file = '[UNDEF]'
Fri May 28 16:09:48 2021 us=100795 cert_file = '[[INLINE]]'
Fri May 28 16:09:48 2021 us=100801 extra_certs_file = '[UNDEF]'
Fri May 28 16:09:48 2021 us=100807 priv_key_file = '[[INLINE]]'
Fri May 28 16:09:48 2021 us=100812 pkcs12_file = '[UNDEF]'
Fri May 28 16:09:48 2021 us=100817 cipher_list = '[UNDEF]'
Fri May 28 16:09:48 2021 us=100823 cipher_list_tls13 = '[UNDEF]'
Fri May 28 16:09:48 2021 us=100829 tls_cert_profile = '[UNDEF]'
Fri May 28 16:09:48 2021 us=100835 tls_verify = '[UNDEF]'
Fri May 28 16:09:48 2021 us=100841 tls_export_cert = '[UNDEF]'
Fri May 28 16:09:48 2021 us=100847 verify_x509_type = 0
Fri May 28 16:09:48 2021 us=100852 verify_x509_name = '[UNDEF]'
Fri May 28 16:09:48 2021 us=100858 crl_file = '[UNDEF]'
Fri May 28 16:09:48 2021 us=100864 ns_cert_type = 0
Fri May 28 16:09:48 2021 us=100870 remote_cert_ku[i] = 65535
Fri May 28 16:09:48 2021 us=100875 remote_cert_ku[i] = 0
Fri May 28 16:09:48 2021 us=100881 remote_cert_ku[i] = 0
Fri May 28 16:09:48 2021 us=100887 remote_cert_ku[i] = 0
Fri May 28 16:09:48 2021 us=100891 remote_cert_ku[i] = 0
Fri May 28 16:09:48 2021 us=100897 remote_cert_ku[i] = 0
Fri May 28 16:09:48 2021 us=100903 remote_cert_ku[i] = 0
Fri May 28 16:09:48 2021 us=100909 remote_cert_ku[i] = 0
Fri May 28 16:09:48 2021 us=100914 remote_cert_ku[i] = 0
Fri May 28 16:09:48 2021 us=100920 remote_cert_ku[i] = 0
Fri May 28 16:09:48 2021 us=100926 remote_cert_ku[i] = 0
Fri May 28 16:09:48 2021 us=100932 remote_cert_ku[i] = 0
Fri May 28 16:09:48 2021 us=100937 remote_cert_ku[i] = 0
Fri May 28 16:09:48 2021 us=100943 remote_cert_ku[i] = 0
Fri May 28 16:09:48 2021 us=100949 remote_cert_ku[i] = 0
Fri May 28 16:09:48 2021 us=100954 remote_cert_ku[i] = 0
Fri May 28 16:09:48 2021 us=100960 remote_cert_eku = 'TLS Web Server Authentication'
Fri May 28 16:09:48 2021 us=100966 ssl_flags = 0
Fri May 28 16:09:48 2021 us=100971 tls_timeout = 2
Fri May 28 16:09:48 2021 us=100977 renegotiate_bytes = -1
Fri May 28 16:09:48 2021 us=100983 renegotiate_packets = 0
Fri May 28 16:09:48 2021 us=100989 renegotiate_seconds = 3600
Fri May 28 16:09:48 2021 us=100994 handshake_window = 60
Fri May 28 16:09:48 2021 us=101000 transition_window = 3600
Fri May 28 16:09:48 2021 us=101006 single_session = DISABLED
Fri May 28 16:09:48 2021 us=101012 push_peer_info = DISABLED
Fri May 28 16:09:48 2021 us=101018 tls_exit = DISABLED
Fri May 28 16:09:48 2021 us=101024 tls_auth_file = '[[INLINE]]'
Fri May 28 16:09:48 2021 us=101030 tls_crypt_file = '[UNDEF]'
Fri May 28 16:09:48 2021 us=101035 pkcs11_protected_authentication = DISABLED
Fri May 28 16:09:48 2021 us=101041 pkcs11_protected_authentication = DISABLED
Fri May 28 16:09:48 2021 us=101047 pkcs11_protected_authentication = DISABLED
Fri May 28 16:09:48 2021 us=101052 pkcs11_protected_authentication = DISABLED
Fri May 28 16:09:48 2021 us=101058 pkcs11_protected_authentication = DISABLED
Fri May 28 16:09:48 2021 us=101063 pkcs11_protected_authentication = DISABLED
Fri May 28 16:09:48 2021 us=101069 pkcs11_protected_authentication = DISABLED
Fri May 28 16:09:48 2021 us=101075 pkcs11_protected_authentication = DISABLED
Fri May 28 16:09:48 2021 us=101081 pkcs11_protected_authentication = DISABLED
Fri May 28 16:09:48 2021 us=101087 pkcs11_protected_authentication = DISABLED
Fri May 28 16:09:48 2021 us=101093 pkcs11_protected_authentication = DISABLED
Fri May 28 16:09:48 2021 us=101099 pkcs11_protected_authentication = DISABLED
Fri May 28 16:09:48 2021 us=101105 pkcs11_protected_authentication = DISABLED
Fri May 28 16:09:48 2021 us=101111 pkcs11_protected_authentication = DISABLED
Fri May 28 16:09:48 2021 us=101117 pkcs11_protected_authentication = DISABLED
Fri May 28 16:09:48 2021 us=101122 pkcs11_protected_authentication = DISABLED
Fri May 28 16:09:48 2021 us=101128 pkcs11_private_mode = 00000000
Fri May 28 16:09:48 2021 us=101134 pkcs11_private_mode = 00000000
Fri May 28 16:09:48 2021 us=101139 pkcs11_private_mode = 00000000
Fri May 28 16:09:48 2021 us=101144 pkcs11_private_mode = 00000000
Fri May 28 16:09:48 2021 us=101149 pkcs11_private_mode = 00000000
Fri May 28 16:09:48 2021 us=101155 pkcs11_private_mode = 00000000
Fri May 28 16:09:48 2021 us=101161 pkcs11_private_mode = 00000000
Fri May 28 16:09:48 2021 us=101166 pkcs11_private_mode = 00000000
Fri May 28 16:09:48 2021 us=101172 pkcs11_private_mode = 00000000
Fri May 28 16:09:48 2021 us=101178 pkcs11_private_mode = 00000000
Fri May 28 16:09:48 2021 us=101183 pkcs11_private_mode = 00000000
Fri May 28 16:09:48 2021 us=101190 pkcs11_private_mode = 00000000
Fri May 28 16:09:48 2021 us=101195 pkcs11_private_mode = 00000000
Fri May 28 16:09:48 2021 us=101201 pkcs11_private_mode = 00000000
Fri May 28 16:09:48 2021 us=101207 pkcs11_private_mode = 00000000
Fri May 28 16:09:48 2021 us=101213 pkcs11_private_mode = 00000000
Fri May 28 16:09:48 2021 us=101218 pkcs11_cert_private = DISABLED
Fri May 28 16:09:48 2021 us=101223 pkcs11_cert_private = DISABLED
Fri May 28 16:09:48 2021 us=101229 pkcs11_cert_private = DISABLED
Fri May 28 16:09:48 2021 us=101234 pkcs11_cert_private = DISABLED
Fri May 28 16:09:48 2021 us=101240 pkcs11_cert_private = DISABLED
Fri May 28 16:09:48 2021 us=101246 pkcs11_cert_private = DISABLED
Fri May 28 16:09:48 2021 us=101251 pkcs11_cert_private = DISABLED
Fri May 28 16:09:48 2021 us=101257 pkcs11_cert_private = DISABLED
Fri May 28 16:09:48 2021 us=101263 pkcs11_cert_private = DISABLED
Fri May 28 16:09:48 2021 us=101269 pkcs11_cert_private = DISABLED
Fri May 28 16:09:48 2021 us=101274 pkcs11_cert_private = DISABLED
Fri May 28 16:09:48 2021 us=101280 pkcs11_cert_private = DISABLED
Fri May 28 16:09:48 2021 us=101286 pkcs11_cert_private = DISABLED
Fri May 28 16:09:48 2021 us=101292 pkcs11_cert_private = DISABLED
Fri May 28 16:09:48 2021 us=101298 pkcs11_cert_private = DISABLED
Fri May 28 16:09:48 2021 us=101303 pkcs11_cert_private = DISABLED
Fri May 28 16:09:48 2021 us=101310 pkcs11_pin_cache_period = -1
Fri May 28 16:09:48 2021 us=101316 pkcs11_id = '[UNDEF]'
Fri May 28 16:09:48 2021 us=101321 pkcs11_id_management = DISABLED
Fri May 28 16:09:48 2021 us=101327 server_network = 0.0.0.0
Fri May 28 16:09:48 2021 us=101333 server_netmask = 0.0.0.0
Fri May 28 16:09:48 2021 us=101343 server_network_ipv6 = ::
Fri May 28 16:09:48 2021 us=101349 server_netbits_ipv6 = 0
Fri May 28 16:09:48 2021 us=101355 server_bridge_ip = 0.0.0.0
Fri May 28 16:09:48 2021 us=101361 server_bridge_netmask = 0.0.0.0
Fri May 28 16:09:48 2021 us=101368 server_bridge_pool_start = 0.0.0.0
Fri May 28 16:09:48 2021 us=101374 server_bridge_pool_end = 0.0.0.0
Fri May 28 16:09:48 2021 us=101380 ifconfig_pool_defined = DISABLED
Fri May 28 16:09:48 2021 us=101387 ifconfig_pool_start = 0.0.0.0
Fri May 28 16:09:48 2021 us=101393 ifconfig_pool_end = 0.0.0.0
Fri May 28 16:09:48 2021 us=101399 ifconfig_pool_netmask = 0.0.0.0
Fri May 28 16:09:48 2021 us=101405 ifconfig_pool_persist_filename = '[UNDEF]'
Fri May 28 16:09:48 2021 us=101412 ifconfig_pool_persist_refresh_freq = 600
Fri May 28 16:09:48 2021 us=101418 ifconfig_ipv6_pool_defined = DISABLED
Fri May 28 16:09:48 2021 us=101424 ifconfig_ipv6_pool_base = ::
Fri May 28 16:09:48 2021 us=101430 ifconfig_ipv6_pool_netbits = 0
Fri May 28 16:09:48 2021 us=101436 n_bcast_buf = 256
Fri May 28 16:09:48 2021 us=101442 tcp_queue_limit = 64
Fri May 28 16:09:48 2021 us=101448 real_hash_size = 256
Fri May 28 16:09:48 2021 us=101454 virtual_hash_size = 256
Fri May 28 16:09:48 2021 us=101460 client_connect_script = '[UNDEF]'
Fri May 28 16:09:48 2021 us=101466 learn_address_script = '[UNDEF]'
Fri May 28 16:09:48 2021 us=101472 client_disconnect_script = '[UNDEF]'
Fri May 28 16:09:48 2021 us=101477 client_config_dir = '[UNDEF]'
Fri May 28 16:09:48 2021 us=101484 ccd_exclusive = DISABLED
Fri May 28 16:09:48 2021 us=101490 tmp_dir = '/tmp'
Fri May 28 16:09:48 2021 us=101496 push_ifconfig_defined = DISABLED
Fri May 28 16:09:48 2021 us=101502 push_ifconfig_local = 0.0.0.0
Fri May 28 16:09:48 2021 us=101509 push_ifconfig_remote_netmask = 0.0.0.0
Fri May 28 16:09:48 2021 us=101515 push_ifconfig_ipv6_defined = DISABLED
Fri May 28 16:09:48 2021 us=101521 push_ifconfig_ipv6_local = ::/0
Fri May 28 16:09:48 2021 us=101528 push_ifconfig_ipv6_remote = ::
Fri May 28 16:09:48 2021 us=101534 enable_c2c = DISABLED
Fri May 28 16:09:48 2021 us=101539 duplicate_cn = DISABLED
Fri May 28 16:09:48 2021 us=101546 cf_max = 0
Fri May 28 16:09:48 2021 us=101551 cf_per = 0
Fri May 28 16:09:48 2021 us=101557 max_clients = 1024
Fri May 28 16:09:48 2021 us=101563 max_routes_per_client = 256
Fri May 28 16:09:48 2021 us=101569 auth_user_pass_verify_script = '[UNDEF]'
Fri May 28 16:09:48 2021 us=101575 auth_user_pass_verify_script_via_file = DISABLED
Fri May 28 16:09:48 2021 us=101581 auth_token_generate = DISABLED
Fri May 28 16:09:48 2021 us=101587 auth_token_lifetime = 0
Fri May 28 16:09:48 2021 us=101593 port_share_host = '[UNDEF]'
Fri May 28 16:09:48 2021 us=101599 port_share_port = '[UNDEF]'
Fri May 28 16:09:48 2021 us=101605 client = ENABLED
Fri May 28 16:09:48 2021 us=101610 pull = ENABLED
Fri May 28 16:09:48 2021 us=101616 auth_user_pass_file = 'stdin'
Fri May 28 16:09:48 2021 us=101623 OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 27 2021
Fri May 28 16:09:48 2021 us=101635 library versions: OpenSSL 1.1.1f 31 Mar 2020, LZO 2.10
Enter Auth Username: me
Enter Auth Password: ****************************
Enter Private Key Password: ************************************
Fri May 28 16:09:56 2021 us=794937 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri May 28 16:09:56 2021 us=794974 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri May 28 16:09:56 2021 us=795107 Control Channel MTU parms [ L:1653 D:1184 EF:66 EB:0 ET:0 EL:3 ]
Fri May 28 16:09:56 2021 us=826175 Data Channel MTU parms [ L:1653 D:1450 EF:121 EB:411 ET:32 EL:3 ]
Fri May 28 16:09:56 2021 us=826276 Local Options String (VER=V4): 'V4,dev-type tap,link-mtu 1573,tun-mtu 1532,proto UDPv4,keydir 1,cipher BF-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
Fri May 28 16:09:56 2021 us=826302 Expected Remote Options String (VER=V4): 'V4,dev-type tap,link-mtu 1573,tun-mtu 1532,proto UDPv4,keydir 0,cipher BF-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
Fri May 28 16:09:56 2021 us=826336 TCP/UDP: Preserving recently used remote address: [AF_INET]192.41.XX.YY:1194
Fri May 28 16:09:56 2021 us=826397 Socket Buffers: R=[212992->212992] S=[212992->212992]
Fri May 28 16:09:56 2021 us=826420 UDP link local: (not bound)
Fri May 28 16:09:56 2021 us=826440 UDP link remote: [AF_INET]192.41.XX.YY:1194
Fri May 28 16:09:56 2021 us=857241 TLS: Initial packet from [AF_INET]192.41.XX.YY:1194, sid=958390e0 1596e67c
Fri May 28 16:09:57 2021 us=90674 VERIFY OK: depth=1, CN=aa.bb.ac.th
Fri May 28 16:09:57 2021 us=91266 VERIFY KU OK
Fri May 28 16:09:57 2021 us=91328 Validating certificate extended key usage
Fri May 28 16:09:57 2021 us=91360 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Fri May 28 16:09:57 2021 us=91387 VERIFY EKU OK
Fri May 28 16:09:57 2021 us=91413 VERIFY OK: depth=0, CN=server
Fri May 28 16:09:57 2021 us=192810 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1573', remote='link-mtu 1589'
Fri May 28 16:09:57 2021 us=192902 WARNING: 'cipher' is present in local config but missing in remote config, local='cipher BF-CBC'
Fri May 28 16:09:57 2021 us=193088 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 2048 bit RSA
Fri May 28 16:09:57 2021 us=193144 [server] Peer Connection Initiated with [AF_INET]192.XX.YY:1194
Fri May 28 16:09:57 2021 us=449457 Key [AF_INET]192.41.XX.YY:1194 [0] not initialized (yet), dropping packet.
Fri May 28 16:09:57 2021 us=449722 Key [AF_INET]192.41.XX.YY:1194 [0] not initialized (yet), dropping packet.
Fri May 28 16:09:57 2021 us=499448 Key [AF_INET]192.41.XX,YY:1194 [0] not initialized (yet), dropping packet.
Fri May 28 16:09:57 2021 us=751722 Key [AF_INET]192.41.XX,YY:1194 [0] not initialized (yet), dropping packet.
Fri May 28 16:09:57 2021 us=752008 Key [AF_INET]192.41.XX,YY:1194 [0] not initialized (yet), dropping packet.
Fri May 28 16:09:57 2021 us=806421 Key [AF_INET]192.41.XX,YY6:1194 [0] not initialized (yet), dropping packet.
Fri May 28 16:09:58 2021 us=53799 Key [AF_INET]192.41.XX,YY:1194 [0] not initialized (yet), dropping packet.
Fri May 28 16:09:58 2021 us=53900 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Fri May 28 16:09:58 2021 us=61033 Key [AF_INET]192.41.XX,YY:1194 [0] not initialized (yet), dropping packet.
Fri May 28 16:09:58 2021 us=69395 PUSH: Received control message: 'PUSH_REPLY,route-gateway dhcp,ping 10,ping-restart 120,peer-id 1,cipher AES-256-GCM'
Fri May 28 16:09:58 2021 us=69496 OPTIONS IMPORT: timers and/or timeouts modified
Fri May 28 16:09:58 2021 us=69515 OPTIONS IMPORT: route-related options modified
Fri May 28 16:09:58 2021 us=69531 OPTIONS IMPORT: peer-id set
Fri May 28 16:09:58 2021 us=69547 OPTIONS IMPORT: adjusting link_mtu to 1656
Fri May 28 16:09:58 2021 us=69564 OPTIONS IMPORT: data channel crypto options modified
Fri May 28 16:09:58 2021 us=69581 Data Channel: using negotiated cipher 'AES-256-GCM'
Fri May 28 16:09:58 2021 us=69594 NCP: overriding user-set keysize with default
Fri May 28 16:09:58 2021 us=69620 Data Channel MTU parms [ L:1584 D:1450 EF:52 EB:411 ET:32 EL:3 ]
Fri May 28 16:09:58 2021 us=69718 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Fri May 28 16:09:58 2021 us=69733 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Fri May 28 16:09:58 2021 us=70138 TUN/TAP device tap0 opened
Fri May 28 16:09:58 2021 us=70220 TUN/TAP TX queue length set to 100
Fri May 28 16:10:03 2021 us=427702 Initialization Sequence Completed
Fri May 28 16:10:50 2021 us=597878 Extracted DHCP router address: 192.41.XX,YY
Then I bring the tap0 interface up and request an IP:
Code: Select all
olivier@olivier:~/Downloads$ sudo ifconfig tap0 up
olivier@olivier:~/Downloads$ sudo dhclient tap0
olivier@olivier:~/Downloads$ netstat -nr
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 wlo1
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 wlo1
192.41.XX.YY 0.0.0.0 255.255.XX.YY U 0 0 0 tap0
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 wlo1
olivier@olivier:~/Downloads$ ifconfig -a
enp8s0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
ether 34:64:a9:be:6d:4a txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 83868 bytes 48098759 (48.0 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 83868 bytes 48098759 (48.0 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
tap0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.41.XX.YY netmask 255.255.255.0 broadcast 192.41.XX.YY
inet6 fe80::7c6f:7bff:fee0:5847 prefixlen 64 scopeid 0x20<link>
ether 7e:6f:7b:e0:58:47 txqueuelen 100 (Ethernet)
RX packets 748 bytes 56024 (56.0 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 244 bytes 17073 (17.0 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
wlo1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.0.50 netmask 255.255.255.0 broadcast 192.168.0.255
inet6 fe80::4dc7:da1:f67f:fb2d prefixlen 64 scopeid 0x20<link>
ether 30:3a:64:5a:46:50 txqueuelen 1000 (Ethernet)
RX packets 14625837 bytes 19316293424 (19.3 GB)
RX errors 0 dropped 581 overruns 0 frame 0
TX packets 2210577 bytes 360350551 (360.3 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
olivier@olivier:~/Downloads$
Code: Select all
May 28 16:09:56 vpn openvpn[9329]: MULTI: multi_create_instance called
May 28 16:09:56 vpn openvpn[9329]: 113.53.211.204:13723 Re-using SSL/TLS context
May 28 16:09:56 vpn openvpn[9329]: 113.53.211.204:13723 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
May 28 16:09:56 vpn openvpn[9329]: 113.53.211.204:13723 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
May 28 16:09:56 vpn openvpn[9329]: 113.53.211.204:13723 Control Channel MTU parms [ L:1653 D:1184 EF:66 EB:0 ET:0 EL:3 ]
May 28 16:09:56 vpn openvpn[9329]: 113.53.211.204:13723 Data Channel MTU parms [ L:1653 D:1450 EF:121 EB:411 ET:32 EL:3 ]
May 28 16:09:56 vpn openvpn[9329]: 113.53.211.204:13723 Local Options String (VER=V4): 'V4,dev-type tap,link-mtu 1589,tun-mtu 1532,proto UDPv4,keydir 0,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
May 28 16:09:56 vpn openvpn[9329]: 113.53.211.204:13723 Expected Remote Options String (VER=V4): 'V4,dev-type tap,link-mtu 1589,tun-mtu 1532,proto UDPv4,keydir 1,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
May 28 16:09:56 vpn openvpn[9329]: 113.53.211.204:13723 TLS: Initial packet from [AF_INET]113.53.211.204:13723, sid=74654603 7252c401
May 28 16:09:56 vpn openvpn[9329]: 113.53.211.204:13723 CRL: loaded 1 CRLs from file /usr/local/etc/openvpn/crl.pem
May 28 16:09:57 vpn openvpn[9329]: 113.53.211.204:13723 VERIFY OK: depth=0, CN=on
May 28 16:09:57 vpn openvpn[9329]: 113.53.211.204:13723 peer info: IV_VER=2.4.7
May 28 16:09:57 vpn openvpn[9329]: 113.53.211.204:13723 peer info: IV_PLAT=linux
May 28 16:09:57 vpn openvpn[9329]: 113.53.211.204:13723 peer info: IV_PROTO=2
May 28 16:09:57 vpn openvpn[9329]: 113.53.211.204:13723 peer info: IV_NCP=2
May 28 16:09:57 vpn openvpn[9329]: 113.53.211.204:13723 peer info: IV_LZ4=1
May 28 16:09:57 vpn openvpn[9329]: 113.53.211.204:13723 peer info: IV_LZ4v2=1
May 28 16:09:57 vpn openvpn[9329]: 113.53.211.204:13723 peer info: IV_LZO=1
May 28 16:09:57 vpn openvpn[9329]: 113.53.211.204:13723 peer info: IV_COMP_STUB=1
May 28 16:09:57 vpn openvpn[9329]: 113.53.211.204:13723 peer info: IV_COMP_STUBv2=1
May 28 16:09:57 vpn openvpn[9329]: 113.53.211.204:13723 peer info: IV_TCPNL=1
May 28 16:09:57 vpn openvpn[9330]: PLUGIN AUTH-PAM: BACKGROUND: received command code: 0
May 28 16:09:57 vpn openvpn[9330]: PLUGIN AUTH-PAM: BACKGROUND: USER: me
May 28 16:09:57 vpn openvpn[9330]: PLUGIN AUTH-PAM: BACKGROUND: my_conv[0] query='Password:' style=1
May 28 16:09:57 vpn openvpn[9329]: 113.53.211.204:13723 PLUGIN_CALL: POST /usr/local/lib/openvpn/plugins/openvpn-plugin-auth-pam.so/PLUGIN_AUTH_USER_PASS_VERIFY status=0
May 28 16:09:57 vpn openvpn[9329]: 113.53.211.204:13723 TLS: Username/Password authentication succeeded for username 'me'
May 28 16:09:57 vpn openvpn[9329]: 113.53.211.204:13723 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1589', remote='link-mtu 1573'
May 28 16:09:57 vpn openvpn[9329]: 113.53.211.204:13723 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 2048 bit RSA
May 28 16:09:57 vpn openvpn[9329]: 113.53.211.204:13723 [me] Peer Connection Initiated with [AF_INET]113.53.211.204:13723
May 28 16:09:57 vpn openvpn[9329]: MULTI: new connection by client 'me' will cause previous active sessions by this client to be dropped. Remember to use the --duplicate-cn option if you want multiple clients using the same certificate or username to concurrently connect.
May 28 16:09:57 vpn openvpn[9329]: MULTI: no dynamic or static remote--ifconfig address is available for on/113.53.211.204:13723
May 28 16:09:57 vpn openvpn[9329]: Data Channel: using negotiated cipher 'AES-256-GCM'
May 28 16:09:57 vpn openvpn[9329]: Data Channel MTU parms [ L:1581 D:1450 EF:49 EB:411 ET:32 EL:3 ]
May 28 16:09:57 vpn openvpn[9329]: Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
May 28 16:09:57 vpn openvpn[9329]: Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
May 28 16:09:58 vpn openvpn[9329]: me/113.53.211.204:13723 PUSH: Received control message: 'PUSH_REQUEST'
May 28 16:09:58 vpn openvpn[9329]: me/113.53.211.204:13723 SENT CONTROL [me]: 'PUSH_REPLY,route-gateway dhcp,ping 10,ping-restart 120,peer-id 1,cipher AES-256-GCM' (status=1)
May 28 16:10:16 vpn openvpn[9329]: me/113.53.211.204:13723 MULTI: Learn: 7e:6f:7b:e0:58:47@0 -> me/113.53.211.204:13723
Code: Select all
olivier@olivier:~/Downloads$ ping 192.41.XX.YY
PING 192.41.XX.YY (192.41.XX.YY) 56(84) bytes of data.
From 192.41.XX.YY icmp_seq=1 Destination Host Unreachable
etc.
^C
--- 192.41.XX.YY ping statistics ---
7 packets transmitted, 0 received, +6 errors, 100% packet loss, time 6137ms
pipe 4
olivier@olivier:~/Downloads$
TIA
Olivier
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: Bridge client on Ubuntu not working
Try doing that in your --up script.
-
- OpenVpn Newbie
- Posts: 3
- Joined: Sat May 29, 2021 6:34 pm
Re: Bridge client on Ubuntu not working
This cannot be done. You cannot bridge a WiFi client connection. If you could, we wouldn't need WDS, we'd just bridge.
The problem is very simple -- an access point is prohibited by the WiFi specifaction from broadcasting traffic over the WiFi network unless something authorizes that transmission. This is largely a relic from the days when WiFi networks were very slow and had poor, if any, security.
The bridge only has a client connection to the access point. This only authorizes the access point to transmit traffic bound for the bridge. Because any machines connected to the bridge are not clients of the access point, the access point has no reason to send traffic bound for them over the WiFi link. So it will not do so.
Unfortunately, WiFi is enough like Ethernet that it's easy to expect it to act like Ethernet. But it's just different enough to bite you.
WDS configuration is a specific authorization for an access point to send traffic not bound for any of its clients. When both ends support WDS, they include the address of the bridging endpoint as well as the address of the destination, authorizing the access point to send the traffic.
You have to use something other than bridging to do this. Routing with NAT, for example. You can also use four address mode, if both ends of the WiFi link support it.
The problem is very simple -- an access point is prohibited by the WiFi specifaction from broadcasting traffic over the WiFi network unless something authorizes that transmission. This is largely a relic from the days when WiFi networks were very slow and had poor, if any, security.
The bridge only has a client connection to the access point. This only authorizes the access point to transmit traffic bound for the bridge. Because any machines connected to the bridge are not clients of the access point, the access point has no reason to send traffic bound for them over the WiFi link. So it will not do so.
Unfortunately, WiFi is enough like Ethernet that it's easy to expect it to act like Ethernet. But it's just different enough to bite you.
WDS configuration is a specific authorization for an access point to send traffic not bound for any of its clients. When both ends support WDS, they include the address of the bridging endpoint as well as the address of the destination, authorizing the access point to send the traffic.
You have to use something other than bridging to do this. Routing with NAT, for example. You can also use four address mode, if both ends of the WiFi link support it.
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: Bridge client on Ubuntu not working
I don't see a bridge on the client side .. ?
-
- OpenVpn Newbie
- Posts: 5
- Joined: Fri May 14, 2021 4:24 am
-
- OpenVpn Newbie
- Posts: 5
- Joined: Fri May 14, 2021 4:24 am
Re: Bridge client on Ubuntu not working
Thank you, I think it boils down to this: what should be in the --up script for a bridge client on Ubuntu. I don't even know if I need a bridge or if a tap is enough.
What I want is that the client can still access Internet trough the ISP, but that traffic to my work network is routed through the VPN.
TIA.
Olivier
-
- OpenVpn Newbie
- Posts: 5
- Joined: Fri May 14, 2021 4:24 am
Re: Bridge client on Ubuntu not working
I found the issue. It was a routing problem as I was suspecting, only it took me a very long time to notice my mistake:Olivier2564 wrote: ↑Mon May 31, 2021 5:29 amThank you, I think it boils down to this: what should be in the --up script for a bridge client on Ubuntu. I don't even know if I need a bridge or if a tap is enough.
What I want is that the client can still access Internet trough the ISP, but that traffic to my work network is routed through the VPN.
TIA.
Olivier
Code: Select all
olivier@olivier:~/Downloads$ netstat -nr
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 wlo1
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 wlo1
192.41.XX.YY 0.0.0.0 255.255.XX.YY U 0 0 0 tap0
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 wlo1
olivier@olivier:~/Downloads$
Code: Select all
ip route add to 192.41.XX.YY via 192.168.0.1
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: Bridge client on Ubuntu not working
FYI: 192.168.0.0/24 is the worse choice of subnet that you can choose..