Hi!
This post is duplicated in the OPNsense Forum at
https://forum.opnsense.org/index.php?ac ... ic=24762.0
I am anyway posting this also here, as I do not know, if this problem originates from OPNsense or OpenVPN, so please be gracious regarding this "double post".
I am using OpenVPN in OPNsense in such a way, that I have an external VPN-Server, that OPNsense connects to. OPNsense acts as a router inside a LAN and provides this LAN to other OpenVPN clients.
What I see on OPNsense is the following routing table while being connected to the OpenVPN Server:
Code: Select all
root@OPNsense:~ # netstat -rn
Routing tables
Internet:
Destination Gateway Flags Netif Expire
default 192.168.178.1 UGS igb1
8.8.4.4 192.168.178.1 UGHS igb1
10.8.0.0/24 10.8.0.1 UGS ovpnc1
10.8.0.0&0xa080001 10.8.0.1 UGS ovpnc1
10.8.0.1 link#8 UH ovpnc1
10.8.0.10 link#8 UHS lo0
127.0.0.1 link#5 UH lo0
192.168.2.0/24 link#3 U igb2
192.168.2.1 link#3 UHS lo0
192.168.123.0/24 link#1 U igb0
192.168.123.1 link#1 UHS lo0
192.168.178.0/24 link#2 U igb1
192.168.178.1 00:0d:b9:5a:0e:69 UHS igb1
192.168.178.39 link#2 UHS lo0
Problematic is this route:
Code: Select all
10.8.0.0&0xa080001 10.8.0.1 UGS ovpnc1
This results in certain adresses being misrouted. Take for example IP-addresses from 142.x.x.x to 143.x.x.x, which in result will be misrouted to the VPN, although they should take the default route.
I do not know, why this route is created. On a Windows client, I do not see this route, only on the OPNsense machine.
This is the OpenVPN client config on the OPNsense machine:
View Original client
root@OPNsense:~ # cat /var/etc/openvpn/client1.conf
dev ovpnc1
verb 3
dev-type tun
tun-ipv6
dev-node /dev/tun1
writepid /var/run/openvpn_client1.pid
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto udp
cipher AES-256-CBC
auth SHA512
up /usr/local/etc/inc/plugins.inc.d/openvpn/ovpn-linkup
down /usr/local/etc/inc/plugins.inc.d/openvpn/ovpn-linkdown
local 192.168.178.39
tls-client
client
lport 0
management /var/etc/openvpn/client1.sock unix
remote x.x.x.x yyyyy
auth-user-pass /var/etc/openvpn/client1.up
ca /var/etc/openvpn/client1.ca
comp-lzo adaptive
verb 4
And this is the OpenVPN server config:
View Original server
client-to-client
topology subnet
push "route 10.8.0.0 255.255.255.0"
push "route 192.168.123.0 255.255.255.0"
push "dhcp-option DNS 192.168.123.1"
push "dhcp-option WINS 192.168.123.10"
route 192.168.123.0 255.255.255.0
dev tun
management 127.0.0.1 1195
server 10.8.0.0 255.255.255.0
dh /etc/openvpn/dh3072.pem
ca /etc/openvpn/ca.crt
cert /etc/openvpn/server.crt
key /etc/openvpn/server.key
client-config-dir /etc/openvpn/ccd
max-clients 20
comp-lzo
persist-tun
persist-key
verb 3
keepalive 10 60
reneg-sec 0
plugin /usr/lib/openvpn/openvpn-plugin-auth-pam.so login
verify-client-cert none
username-as-common-name
#duplicate-cn
status /tmp/ovpn_status_2_result 30
status-version 2
proto udp
port yyyyy
cipher AES-256-CBC
auth SHA512
mssfix 1431
verb 4
These are the logfiles. First the client-logfile:
Code: Select all
2021-09-20T13:36:45 openvpn[56034] WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
2021-09-20T13:36:45 openvpn[56034] DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
2021-09-20T13:36:45 openvpn[56034] WARNING: file '/var/etc/openvpn/client1.up' is group or others accessible
2021-09-20T13:36:45 openvpn[56034] OpenVPN 2.5.3 amd64-portbld-freebsd12.1 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Jul 22 2021
2021-09-20T13:36:45 openvpn[56034] library versions: OpenSSL 1.1.1k 25 Mar 2021, LZO 2.10
2021-09-20T13:36:45 openvpn[99375] MANAGEMENT: unix domain socket listening on /var/etc/openvpn/client1.sock
2021-09-20T13:36:45 openvpn[99375] WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
2021-09-20T13:36:45 openvpn[99375] NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2021-09-20T13:36:45 openvpn[99375] TCP/UDP: Preserving recently used remote address: [AF_INET]x.x.x.x:yyyyy
2021-09-20T13:36:45 openvpn[99375] Socket Buffers: R=[42080->42080] S=[57344->57344]
2021-09-20T13:36:45 openvpn[99375] UDP link local (bound): [AF_INET]192.168.178.39:0
2021-09-20T13:36:45 openvpn[99375] UDP link remote: [AF_INET]x.x.x.x:yyyyy
2021-09-20T13:36:45 openvpn[99375] TLS: Initial packet from [AF_INET]x.x.x.x:yyyyy, sid=e47a5967 1be52043
2021-09-20T13:36:45 openvpn[99375] VERIFY OK: depth=1, C=TW, L=Taipei, O=Synology Inc., CN=Synology Inc. CA
2021-09-20T13:36:45 openvpn[99375] VERIFY OK: depth=0, C=TW, L=Taipei, O=Synology Inc., CN=synology.com
2021-09-20T13:36:45 openvpn[99375] Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256
2021-09-20T13:36:45 openvpn[99375] [synology.com] Peer Connection Initiated with [AF_INET]x.x.x.x:yyyyy
2021-09-20T13:36:46 openvpn[99375] SENT CONTROL [synology.com]: 'PUSH_REQUEST' (status=1)
2021-09-20T13:36:46 openvpn[99375] PUSH: Received control message: 'PUSH_REPLY,route 10.8.0.0 255.255.255.0,dhcp-option DNS 192.168.123.1,dhcp-option WINS 192.168.123.10,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 60,ifconfig 10.8.0.10 10.8.0.1,peer-id 0,cipher AES-256-GCM'
2021-09-20T13:36:46 openvpn[99375] OPTIONS IMPORT: timers and/or timeouts modified
2021-09-20T13:36:46 openvpn[99375] OPTIONS IMPORT: --ifconfig/up options modified
2021-09-20T13:36:46 openvpn[99375] OPTIONS IMPORT: route options modified
2021-09-20T13:36:46 openvpn[99375] OPTIONS IMPORT: route-related options modified
2021-09-20T13:36:46 openvpn[99375] OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2021-09-20T13:36:46 openvpn[99375] OPTIONS IMPORT: peer-id set
2021-09-20T13:36:46 openvpn[99375] OPTIONS IMPORT: adjusting link_mtu to 1625
2021-09-20T13:36:46 openvpn[99375] OPTIONS IMPORT: data channel crypto options modified
2021-09-20T13:36:46 openvpn[99375] Data Channel: using negotiated cipher 'AES-256-GCM'
2021-09-20T13:36:46 openvpn[99375] Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2021-09-20T13:36:46 openvpn[99375] Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2021-09-20T13:36:46 openvpn[99375] Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2021-09-20T13:36:46 openvpn[99375] ROUTE_GATEWAY 192.168.178.1/255.255.255.0 IFACE=igb1 HWADDR=aa:bb:cc:dd:ee:ff
2021-09-20T13:36:46 openvpn[99375] TUN/TAP device ovpnc1 exists previously, keep at program end
2021-09-20T13:36:46 openvpn[99375] TUN/TAP device /dev/tun1 opened
2021-09-20T13:36:46 openvpn[99375] /sbin/ifconfig ovpnc1 10.8.0.10 10.8.0.1 mtu 1500 netmask 10.8.0.1 up
2021-09-20T13:36:46 openvpn[99375] /sbin/route add -net 10.8.0.0 10.8.0.1 10.8.0.1
2021-09-20T13:36:46 openvpn[99375] /usr/local/etc/inc/plugins.inc.d/openvpn/ovpn-linkup ovpnc1 1500 1553 10.8.0.10 10.8.0.1 init
2021-09-20T13:36:47 openvpn[99375] /sbin/route add -net 10.8.0.0 10.8.0.1 255.255.255.0
2021-09-20T13:36:47 openvpn[99375] WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2021-09-20T13:36:47 openvpn[99375] Initialization Sequence Completed
2021-09-20T13:36:47 openvpn[99375] MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock
2021-09-20T13:36:47 openvpn[99375] MANAGEMENT: CMD 'state all'
2021-09-20T13:36:47 openvpn[99375] MANAGEMENT: CMD 'status 2'
2021-09-20T13:36:47 openvpn[99375] MANAGEMENT: Client disconnected
2021-09-20T13:37:00 openvpn[99375] event_wait : Interrupted system call (code=4)
2021-09-20T13:37:00 openvpn[99375] /sbin/route delete -net 10.8.0.0 10.8.0.1 255.255.255.0
2021-09-20T13:37:00 openvpn[99375] Closing TUN/TAP interface
2021-09-20T13:37:00 openvpn[99375] /usr/local/etc/inc/plugins.inc.d/openvpn/ovpn-linkdown ovpnc1 1500 1553 10.8.0.10 10.8.0.1 init
2021-09-20T13:37:02 openvpn[99375] SIGTERM[hard,] received, process exiting
Then the server-logfile:
Code: Select all
Sep 20 13:36:34 server systemd[1]: Starting OpenVPN service...
Sep 20 13:36:34 server systemd[1]: Starting OpenVPN connection to client...
Sep 20 13:36:34 server systemd[1]: Starting OpenVPN connection to server...
Sep 20 13:36:34 server systemd[1]: Started OpenVPN service.
Sep 20 13:36:34 server ovpn-server[20755]: WARNING: POTENTIALLY DANGEROUS OPTION --verify-client-cert none|optional (or --client-cert-not-required) may accept clients which do not present a certificate
Sep 20 13:36:34 server ovpn-server[20755]: Current Parameter Settings:
Sep 20 13:36:34 server ovpn-client[20754]: Options error: --cert fails with 'client.crt': No such file or directory
Sep 20 13:36:34 server ovpn-server[20755]: config = '/etc/openvpn/server.conf'
Sep 20 13:36:34 server ovpn-server[20755]: mode = 1
Sep 20 13:36:34 server ovpn-server[20755]: persist_config = DISABLED
Sep 20 13:36:34 server ovpn-server[20755]: persist_mode = 1
Sep 20 13:36:34 server ovpn-server[20755]: show_ciphers = DISABLED
Sep 20 13:36:34 server ovpn-server[20755]: show_digests = DISABLED
Sep 20 13:36:34 server ovpn-server[20755]: show_engines = DISABLED
Sep 20 13:36:34 server ovpn-server[20755]: genkey = DISABLED
Sep 20 13:36:34 server ovpn-server[20755]: key_pass_file = '[UNDEF]'
Sep 20 13:36:34 server ovpn-server[20755]: show_tls_ciphers = DISABLED
Sep 20 13:36:34 server ovpn-server[20755]: connect_retry_max = 0
Sep 20 13:36:34 server ovpn-server[20755]: Connection profiles [0]:
Sep 20 13:36:34 server ovpn-server[20755]: proto = udp
Sep 20 13:36:34 server ovpn-server[20755]: local = '[UNDEF]'
Sep 20 13:36:34 server ovpn-server[20755]: local_port = 'yyyyy'
Sep 20 13:36:34 server ovpn-server[20755]: remote = '[UNDEF]'
Sep 20 13:36:34 server systemd[1]: openvpn@client.service: Control process exited, code=exited status=1
Sep 20 13:36:34 server ovpn-server[20755]: remote_port = 'yyyyy'
Sep 20 13:36:34 server systemd[1]: Failed to start OpenVPN connection to client.
Sep 20 13:36:34 server ovpn-server[20755]: remote_float = DISABLED
Sep 20 13:36:34 server systemd[1]: openvpn@client.service: Unit entered failed state.
Sep 20 13:36:34 server ovpn-server[20755]: bind_defined = DISABLED
Sep 20 13:36:34 server systemd[1]: openvpn@client.service: Failed with result 'exit-code'.
Sep 20 13:36:34 server ovpn-server[20755]: bind_local = ENABLED
Sep 20 13:36:34 server systemd[1]: openvpn@server.service: PID file /run/openvpn/server.pid not readable (yet?) after start: No such file or directory
Sep 20 13:36:34 server ovpn-server[20755]: bind_ipv6_only = DISABLED
Sep 20 13:36:34 server ovpn-server[20755]: connect_retry_seconds = 5
Sep 20 13:36:34 server ovpn-server[20755]: connect_timeout = 120
Sep 20 13:36:34 server ovpn-server[20755]: socks_proxy_server = '[UNDEF]'
Sep 20 13:36:34 server ovpn-server[20755]: socks_proxy_port = '[UNDEF]'
Sep 20 13:36:34 server ovpn-server[20755]: tun_mtu = 1500
Sep 20 13:36:34 server ovpn-server[20755]: tun_mtu_defined = ENABLED
Sep 20 13:36:34 server systemd[1]: Started OpenVPN connection to server.
Sep 20 13:36:34 server ovpn-server[20755]: link_mtu = 1500
Sep 20 13:36:34 server ovpn-server[20755]: link_mtu_defined = DISABLED
Sep 20 13:36:34 server ovpn-server[20755]: tun_mtu_extra = 0
Sep 20 13:36:34 server ovpn-server[20755]: tun_mtu_extra_defined = DISABLED
Sep 20 13:36:34 server ovpn-server[20755]: mtu_discover_type = -1
Sep 20 13:36:34 server ovpn-server[20755]: fragment = 0
Sep 20 13:36:34 server ovpn-server[20755]: mssfix = 1431
Sep 20 13:36:34 server ovpn-server[20755]: explicit_exit_notification = 0
Sep 20 13:36:34 server ovpn-server[20755]: Connection profiles END
Sep 20 13:36:34 server ovpn-server[20755]: remote_random = DISABLED
Sep 20 13:36:34 server ovpn-server[20755]: ipchange = '[UNDEF]'
Sep 20 13:36:34 server ovpn-server[20755]: dev = 'tun'
Sep 20 13:36:34 server ovpn-server[20755]: dev_type = '[UNDEF]'
Sep 20 13:36:34 server ovpn-server[20755]: dev_node = '[UNDEF]'
Sep 20 13:36:34 server ovpn-server[20755]: lladdr = '[UNDEF]'
Sep 20 13:36:34 server ovpn-server[20755]: topology = 3
Sep 20 13:36:34 server ovpn-server[20755]: ifconfig_local = '10.8.0.1'
Sep 20 13:36:34 server ovpn-server[20755]: ifconfig_remote_netmask = '255.255.255.0'
Sep 20 13:36:34 server ovpn-server[20755]: ifconfig_noexec = DISABLED
Sep 20 13:36:34 server ovpn-server[20755]: ifconfig_nowarn = DISABLED
Sep 20 13:36:34 server ovpn-server[20755]: ifconfig_ipv6_local = '[UNDEF]'
Sep 20 13:36:34 server ovpn-server[20755]: ifconfig_ipv6_netbits = 0
Sep 20 13:36:34 server ovpn-server[20755]: ifconfig_ipv6_remote = '[UNDEF]'
Sep 20 13:36:34 server ovpn-server[20755]: shaper = 0
Sep 20 13:36:34 server ovpn-server[20755]: mtu_test = 0
Sep 20 13:36:34 server ovpn-server[20755]: mlock = DISABLED
Sep 20 13:36:34 server ovpn-server[20755]: keepalive_ping = 10
Sep 20 13:36:34 server ovpn-server[20755]: keepalive_timeout = 60
Sep 20 13:36:34 server ovpn-server[20755]: inactivity_timeout = 0
Sep 20 13:36:34 server ovpn-server[20755]: ping_send_timeout = 10
Sep 20 13:36:34 server ovpn-server[20755]: ping_rec_timeout = 120
Sep 20 13:36:34 server ovpn-server[20755]: ping_rec_timeout_action = 2
Sep 20 13:36:34 server ovpn-server[20755]: ping_timer_remote = DISABLED
Sep 20 13:36:34 server ovpn-server[20755]: remap_sigusr1 = 0
Sep 20 13:36:34 server ovpn-server[20755]: persist_tun = ENABLED
Sep 20 13:36:34 server ovpn-server[20755]: persist_local_ip = DISABLED
Sep 20 13:36:34 server ovpn-server[20755]: persist_remote_ip = DISABLED
Sep 20 13:36:34 server ovpn-server[20755]: persist_key = ENABLED
Sep 20 13:36:34 server ovpn-server[20755]: passtos = DISABLED
Sep 20 13:36:34 server ovpn-server[20755]: resolve_retry_seconds = 1000000000
Sep 20 13:36:34 server ovpn-server[20755]: resolve_in_advance = DISABLED
Sep 20 13:36:34 server ovpn-server[20755]: username = '[UNDEF]'
Sep 20 13:36:34 server ovpn-server[20755]: groupname = '[UNDEF]'
Sep 20 13:36:34 server ovpn-server[20755]: chroot_dir = '[UNDEF]'
Sep 20 13:36:34 server ovpn-server[20755]: cd_dir = '/etc/openvpn'
Sep 20 13:36:34 server ovpn-server[20755]: writepid = '/run/openvpn/server.pid'
Sep 20 13:36:34 server ovpn-server[20755]: up_script = '[UNDEF]'
Sep 20 13:36:34 server ovpn-server[20755]: down_script = '[UNDEF]'
Sep 20 13:36:34 server ovpn-server[20755]: down_pre = DISABLED
Sep 20 13:36:34 server ovpn-server[20755]: up_restart = DISABLED
Sep 20 13:36:34 server ovpn-server[20755]: up_delay = DISABLED
Sep 20 13:36:34 server ovpn-server[20755]: daemon = ENABLED
Sep 20 13:36:34 server ovpn-server[20755]: inetd = 0
Sep 20 13:36:34 server ovpn-server[20755]: log = DISABLED
Sep 20 13:36:34 server ovpn-server[20755]: suppress_timestamps = DISABLED
Sep 20 13:36:34 server ovpn-server[20755]: machine_readable_output = DISABLED
Sep 20 13:36:34 server ovpn-server[20755]: nice = 0
Sep 20 13:36:34 server ovpn-server[20755]: verbosity = 4
Sep 20 13:36:34 server ovpn-server[20755]: mute = 0
Sep 20 13:36:34 server ovpn-server[20755]: gremlin = 0
Sep 20 13:36:34 server ovpn-server[20755]: status_file = '/tmp/ovpn_status_2_result'
Sep 20 13:36:34 server ovpn-server[20755]: status_file_version = 2
Sep 20 13:36:34 server ovpn-server[20755]: status_file_update_freq = 30
Sep 20 13:36:34 server ovpn-server[20755]: occ = ENABLED
Sep 20 13:36:34 server ovpn-server[20755]: rcvbuf = 0
Sep 20 13:36:34 server ovpn-server[20755]: sndbuf = 0
Sep 20 13:36:34 server ovpn-server[20755]: mark = 0
Sep 20 13:36:34 server ovpn-server[20755]: sockflags = 0
Sep 20 13:36:34 server ovpn-server[20755]: fast_io = DISABLED
Sep 20 13:36:34 server ovpn-server[20755]: comp.alg = 2
Sep 20 13:36:34 server ovpn-server[20755]: comp.flags = 1
Sep 20 13:36:34 server ovpn-server[20755]: route_script = '[UNDEF]'
Sep 20 13:36:34 server ovpn-server[20755]: route_default_gateway = '10.8.0.2'
Sep 20 13:36:34 server ovpn-server[20755]: route_default_metric = 0
Sep 20 13:36:34 server ovpn-server[20755]: route_noexec = DISABLED
Sep 20 13:36:34 server ovpn-server[20755]: route_delay = 0
Sep 20 13:36:34 server ovpn-server[20755]: route_delay_window = 30
Sep 20 13:36:34 server ovpn-server[20755]: route_delay_defined = DISABLED
Sep 20 13:36:34 server ovpn-server[20755]: route_nopull = DISABLED
Sep 20 13:36:34 server ovpn-server[20755]: route_gateway_via_dhcp = DISABLED
Sep 20 13:36:34 server ovpn-server[20755]: allow_pull_fqdn = DISABLED
Sep 20 13:36:34 server ovpn-server[20755]: route 192.168.123.0/255.255.255.0/default (not set)/default (not set)
Sep 20 13:36:34 server ovpn-server[20755]: management_addr = '127.0.0.1'
Sep 20 13:36:34 server ovpn-server[20755]: management_port = '1195'
Sep 20 13:36:34 server ovpn-server[20755]: management_user_pass = '[UNDEF]'
Sep 20 13:36:34 server ovpn-server[20755]: management_log_history_cache = 250
Sep 20 13:36:34 server ovpn-server[20755]: management_echo_buffer_size = 100
Sep 20 13:36:34 server ovpn-server[20755]: management_write_peer_info_file = '[UNDEF]'
Sep 20 13:36:34 server ovpn-server[20755]: management_client_user = '[UNDEF]'
Sep 20 13:36:34 server ovpn-server[20755]: management_client_group = '[UNDEF]'
Sep 20 13:36:34 server ovpn-server[20755]: management_flags = 0
Sep 20 13:36:34 server ovpn-server[20755]: plugin[0] /usr/lib/openvpn/openvpn-plugin-auth-pam.so '[/usr/lib/openvpn/openvpn-plugin-auth-pam.so] [login]'
Sep 20 13:36:34 server ovpn-server[20755]: shared_secret_file = '[UNDEF]'
Sep 20 13:36:34 server ovpn-server[20755]: key_direction = 0
Sep 20 13:36:34 server ovpn-server[20755]: ciphername = 'AES-256-CBC'
Sep 20 13:36:34 server ovpn-server[20755]: ncp_enabled = ENABLED
Sep 20 13:36:34 server ovpn-server[20755]: ncp_ciphers = 'AES-256-GCM:AES-128-GCM'
Sep 20 13:36:34 server ovpn-server[20755]: authname = 'SHA512'
Sep 20 13:36:34 server ovpn-server[20755]: prng_hash = 'SHA1'
Sep 20 13:36:34 server ovpn-server[20755]: prng_nonce_secret_len = 16
Sep 20 13:36:34 server ovpn-server[20755]: keysize = 0
Sep 20 13:36:34 server ovpn-server[20755]: engine = DISABLED
Sep 20 13:36:34 server ovpn-server[20755]: replay = ENABLED
Sep 20 13:36:34 server ovpn-server[20755]: mute_replay_warnings = DISABLED
Sep 20 13:36:34 server ovpn-server[20755]: replay_window = 64
Sep 20 13:36:34 server ovpn-server[20755]: replay_time = 15
Sep 20 13:36:34 server ovpn-server[20755]: packet_id_file = '[UNDEF]'
Sep 20 13:36:34 server ovpn-server[20755]: use_iv = ENABLED
Sep 20 13:36:34 server ovpn-server[20755]: test_crypto = DISABLED
Sep 20 13:36:34 server ovpn-server[20755]: tls_server = ENABLED
Sep 20 13:36:34 server ovpn-server[20755]: tls_client = DISABLED
Sep 20 13:36:34 server ovpn-server[20755]: key_method = 2
Sep 20 13:36:34 server ovpn-server[20755]: ca_file = '/etc/openvpn/ca.crt'
Sep 20 13:36:34 server ovpn-server[20755]: ca_path = '[UNDEF]'
Sep 20 13:36:34 server ovpn-server[20755]: dh_file = '/etc/openvpn/dh3072.pem'
Sep 20 13:36:34 server ovpn-server[20755]: cert_file = '/etc/openvpn/server.crt'
Sep 20 13:36:34 server ovpn-server[20755]: extra_certs_file = '[UNDEF]'
Sep 20 13:36:34 server ovpn-server[20755]: priv_key_file = '/etc/openvpn/server.key'
Sep 20 13:36:34 server ovpn-server[20755]: pkcs12_file = '[UNDEF]'
Sep 20 13:36:34 server ovpn-server[20755]: cipher_list = '[UNDEF]'
Sep 20 13:36:34 server ovpn-server[20755]: tls_verify = '[UNDEF]'
Sep 20 13:36:34 server ovpn-server[20755]: tls_export_cert = '[UNDEF]'
Sep 20 13:36:34 server ovpn-server[20755]: verify_x509_type = 0
Sep 20 13:36:34 server ovpn-server[20755]: verify_x509_name = '[UNDEF]'
Sep 20 13:36:34 server ovpn-server[20755]: crl_file = '[UNDEF]'
Sep 20 13:36:34 server ovpn-server[20755]: ns_cert_type = 0
Sep 20 13:36:34 server ovpn-server[20755]: remote_cert_ku[i] = 0
Sep 20 13:36:34 server ovpn-server[20755]: remote_cert_ku[i] = 0
Sep 20 13:36:34 server ovpn-server[20755]: remote_cert_ku[i] = 0
Sep 20 13:36:34 server ovpn-server[20755]: remote_cert_ku[i] = 0
Sep 20 13:36:34 server ovpn-server[20755]: remote_cert_ku[i] = 0
Sep 20 13:36:34 server ovpn-server[20755]: remote_cert_ku[i] = 0
Sep 20 13:36:34 server ovpn-server[20755]: remote_cert_ku[i] = 0
Sep 20 13:36:34 server ovpn-server[20755]: remote_cert_ku[i] = 0
Sep 20 13:36:34 server ovpn-server[20755]: remote_cert_ku[i] = 0
Sep 20 13:36:34 server ovpn-server[20755]: remote_cert_ku[i] = 0
Sep 20 13:36:34 server ovpn-server[20755]: remote_cert_ku[i] = 0
Sep 20 13:36:34 server ovpn-server[20755]: remote_cert_ku[i] = 0
Sep 20 13:36:34 server ovpn-server[20755]: remote_cert_ku[i] = 0
Sep 20 13:36:34 server ovpn-server[20755]: remote_cert_ku[i] = 0
Sep 20 13:36:34 server ovpn-server[20755]: remote_cert_ku[i] = 0
Sep 20 13:36:34 server ovpn-server[20755]: remote_cert_ku[i] = 0
Sep 20 13:36:34 server ovpn-server[20755]: remote_cert_eku = '[UNDEF]'
Sep 20 13:36:34 server ovpn-server[20755]: ssl_flags = 5
Sep 20 13:36:34 server ovpn-server[20755]: tls_timeout = 2
Sep 20 13:36:34 server ovpn-server[20755]: renegotiate_bytes = -1
Sep 20 13:36:34 server ovpn-server[20755]: renegotiate_packets = 0
Sep 20 13:36:34 server ovpn-server[20755]: renegotiate_seconds = 0
Sep 20 13:36:34 server ovpn-server[20755]: handshake_window = 60
Sep 20 13:36:34 server ovpn-server[20755]: transition_window = 3600
Sep 20 13:36:34 server ovpn-server[20755]: single_session = DISABLED
Sep 20 13:36:34 server ovpn-server[20755]: push_peer_info = DISABLED
Sep 20 13:36:34 server ovpn-server[20755]: tls_exit = DISABLED
Sep 20 13:36:34 server ovpn-server[20755]: tls_auth_file = '[UNDEF]'
Sep 20 13:36:34 server ovpn-server[20755]: tls_crypt_file = '[UNDEF]'
Sep 20 13:36:34 server ovpn-server[20755]: pkcs11_protected_authentication = DISABLED
Sep 20 13:36:34 server ovpn-server[20755]: pkcs11_protected_authentication = DISABLED
Sep 20 13:36:34 server ovpn-server[20755]: pkcs11_protected_authentication = DISABLED
Sep 20 13:36:34 server ovpn-server[20755]: pkcs11_protected_authentication = DISABLED
Sep 20 13:36:34 server ovpn-server[20755]: pkcs11_protected_authentication = DISABLED
Sep 20 13:36:34 server ovpn-server[20755]: pkcs11_protected_authentication = DISABLED
Sep 20 13:36:34 server ovpn-server[20755]: pkcs11_protected_authentication = DISABLED
Sep 20 13:36:34 server ovpn-server[20755]: pkcs11_protected_authentication = DISABLED
Sep 20 13:36:34 server ovpn-server[20755]: pkcs11_protected_authentication = DISABLED
Sep 20 13:36:34 server ovpn-server[20755]: pkcs11_protected_authentication = DISABLED
Sep 20 13:36:34 server ovpn-server[20755]: pkcs11_protected_authentication = DISABLED
Sep 20 13:36:34 server ovpn-server[20755]: pkcs11_protected_authentication = DISABLED
Sep 20 13:36:34 server ovpn-server[20755]: pkcs11_protected_authentication = DISABLED
Sep 20 13:36:34 server ovpn-server[20755]: pkcs11_protected_authentication = DISABLED
Sep 20 13:36:34 server ovpn-server[20755]: pkcs11_protected_authentication = DISABLED
Sep 20 13:36:34 server ovpn-server[20755]: pkcs11_protected_authentication = DISABLED
Sep 20 13:36:34 server ovpn-server[20755]: pkcs11_private_mode = 00000000
Sep 20 13:36:34 server ovpn-server[20755]: pkcs11_private_mode = 00000000
Sep 20 13:36:34 server ovpn-server[20755]: pkcs11_private_mode = 00000000
Sep 20 13:36:34 server ovpn-server[20755]: pkcs11_private_mode = 00000000
Sep 20 13:36:34 server ovpn-server[20755]: pkcs11_private_mode = 00000000
Sep 20 13:36:34 server ovpn-server[20755]: pkcs11_private_mode = 00000000
Sep 20 13:36:34 server ovpn-server[20755]: pkcs11_private_mode = 00000000
Sep 20 13:36:34 server ovpn-server[20755]: pkcs11_private_mode = 00000000
Sep 20 13:36:34 server ovpn-server[20755]: pkcs11_private_mode = 00000000
Sep 20 13:36:34 server ovpn-server[20755]: pkcs11_private_mode = 00000000
Sep 20 13:36:34 server ovpn-server[20755]: pkcs11_private_mode = 00000000
Sep 20 13:36:34 server ovpn-server[20755]: pkcs11_private_mode = 00000000
Sep 20 13:36:34 server ovpn-server[20755]: pkcs11_private_mode = 00000000
Sep 20 13:36:34 server ovpn-client[20754]: WARNING: cannot stat file 'client.key': No such file or directory (errno=2)
Sep 20 13:36:34 server ovpn-client[20754]: Options error: --key fails with 'client.key': No such file or directory
Sep 20 13:36:34 server ovpn-client[20754]: WARNING: cannot stat file 'ta.key': No such file or directory (errno=2)
Sep 20 13:36:34 server ovpn-client[20754]: Options error: --tls-auth fails with 'ta.key': No such file or directory
Sep 20 13:36:34 server ovpn-client[20754]: Options error: Please correct these errors.
Sep 20 13:36:34 server ovpn-client[20754]: Use --help for more information.
Sep 20 13:36:34 server ovpn-server[20755]: pkcs11_private_mode = 00000000
Sep 20 13:36:34 server ovpn-server[20755]: pkcs11_private_mode = 00000000
Sep 20 13:36:34 server ovpn-server[20755]: pkcs11_private_mode = 00000000
Sep 20 13:36:34 server ovpn-server[20755]: pkcs11_cert_private = DISABLED
Sep 20 13:36:34 server ovpn-server[20755]: pkcs11_cert_private = DISABLED
Sep 20 13:36:34 server ovpn-server[20755]: pkcs11_cert_private = DISABLED
Sep 20 13:36:34 server ovpn-server[20755]: pkcs11_cert_private = DISABLED
Sep 20 13:36:34 server ovpn-server[20755]: pkcs11_cert_private = DISABLED
Sep 20 13:36:34 server ovpn-server[20755]: pkcs11_cert_private = DISABLED
Sep 20 13:36:34 server ovpn-server[20755]: pkcs11_cert_private = DISABLED
Sep 20 13:36:34 server ovpn-server[20755]: pkcs11_cert_private = DISABLED
Sep 20 13:36:34 server ovpn-server[20755]: pkcs11_cert_private = DISABLED
Sep 20 13:36:34 server ovpn-server[20755]: pkcs11_cert_private = DISABLED
Sep 20 13:36:34 server ovpn-server[20755]: pkcs11_cert_private = DISABLED
Sep 20 13:36:34 server ovpn-server[20755]: pkcs11_cert_private = DISABLED
Sep 20 13:36:34 server ovpn-server[20755]: pkcs11_cert_private = DISABLED
Sep 20 13:36:34 server ovpn-server[20755]: pkcs11_cert_private = DISABLED
Sep 20 13:36:34 server ovpn-server[20755]: pkcs11_cert_private = DISABLED
Sep 20 13:36:34 server ovpn-server[20755]: pkcs11_cert_private = DISABLED
Sep 20 13:36:34 server ovpn-server[20755]: pkcs11_pin_cache_period = -1
Sep 20 13:36:34 server ovpn-server[20755]: pkcs11_id = '[UNDEF]'
Sep 20 13:36:34 server ovpn-server[20755]: pkcs11_id_management = DISABLED
Sep 20 13:36:34 server ovpn-server[20755]: server_network = 10.8.0.0
Sep 20 13:36:34 server ovpn-server[20755]: server_netmask = 255.255.255.0
Sep 20 13:36:34 server ovpn-server[20755]: server_network_ipv6 = ::
Sep 20 13:36:34 server ovpn-server[20755]: server_netbits_ipv6 = 0
Sep 20 13:36:34 server ovpn-server[20755]: server_bridge_ip = 0.0.0.0
Sep 20 13:36:34 server ovpn-server[20755]: server_bridge_netmask = 0.0.0.0
Sep 20 13:36:34 server ovpn-server[20755]: server_bridge_pool_start = 0.0.0.0
Sep 20 13:36:34 server ovpn-server[20755]: server_bridge_pool_end = 0.0.0.0
Sep 20 13:36:34 server ovpn-server[20755]: push_entry = 'route 10.8.0.0 255.255.255.0'
Sep 20 13:36:34 server ovpn-server[20755]: push_entry = 'route 192.168.123.0 255.255.255.0'
Sep 20 13:36:34 server ovpn-server[20755]: push_entry = 'dhcp-option DNS 192.168.123.1'
Sep 20 13:36:34 server ovpn-server[20755]: push_entry = 'dhcp-option WINS 192.168.123.10'
Sep 20 13:36:34 server ovpn-server[20755]: push_entry = 'route-gateway 10.8.0.1'
Sep 20 13:36:34 server ovpn-server[20755]: push_entry = 'topology subnet'
Sep 20 13:36:34 server ovpn-server[20755]: push_entry = 'ping 10'
Sep 20 13:36:34 server ovpn-server[20755]: push_entry = 'ping-restart 60'
Sep 20 13:36:34 server ovpn-server[20755]: ifconfig_pool_defined = ENABLED
Sep 20 13:36:34 server ovpn-server[20755]: ifconfig_pool_start = 10.8.0.2
Sep 20 13:36:34 server ovpn-server[20755]: ifconfig_pool_end = 10.8.0.253
Sep 20 13:36:34 server ovpn-server[20755]: ifconfig_pool_netmask = 255.255.255.0
Sep 20 13:36:34 server ovpn-server[20755]: ifconfig_pool_persist_filename = '[UNDEF]'
Sep 20 13:36:34 server ovpn-server[20755]: ifconfig_pool_persist_refresh_freq = 600
Sep 20 13:36:34 server ovpn-server[20755]: ifconfig_ipv6_pool_defined = DISABLED
Sep 20 13:36:34 server ovpn-server[20755]: ifconfig_ipv6_pool_base = ::
Sep 20 13:36:34 server ovpn-server[20755]: ifconfig_ipv6_pool_netbits = 0
Sep 20 13:36:34 server ovpn-server[20755]: n_bcast_buf = 256
Sep 20 13:36:34 server ovpn-server[20755]: tcp_queue_limit = 64
Sep 20 13:36:34 server ovpn-server[20755]: real_hash_size = 256
Sep 20 13:36:34 server ovpn-server[20755]: virtual_hash_size = 256
Sep 20 13:36:34 server ovpn-server[20755]: client_connect_script = '[UNDEF]'
Sep 20 13:36:34 server ovpn-server[20755]: learn_address_script = '[UNDEF]'
Sep 20 13:36:34 server ovpn-server[20755]: client_disconnect_script = '[UNDEF]'
Sep 20 13:36:34 server ovpn-server[20755]: client_config_dir = '/etc/openvpn/ccd'
Sep 20 13:36:34 server ovpn-server[20755]: ccd_exclusive = DISABLED
Sep 20 13:36:34 server ovpn-server[20755]: tmp_dir = '/tmp'
Sep 20 13:36:34 server ovpn-server[20755]: push_ifconfig_defined = DISABLED
Sep 20 13:36:34 server ovpn-server[20755]: push_ifconfig_local = 0.0.0.0
Sep 20 13:36:34 server ovpn-server[20755]: push_ifconfig_remote_netmask = 0.0.0.0
Sep 20 13:36:34 server ovpn-server[20755]: push_ifconfig_ipv6_defined = DISABLED
Sep 20 13:36:34 server ovpn-server[20755]: push_ifconfig_ipv6_local = ::/0
Sep 20 13:36:34 server ovpn-server[20755]: push_ifconfig_ipv6_remote = ::
Sep 20 13:36:34 server ovpn-server[20755]: enable_c2c = ENABLED
Sep 20 13:36:34 server ovpn-server[20755]: duplicate_cn = DISABLED
Sep 20 13:36:34 server ovpn-server[20755]: cf_max = 0
Sep 20 13:36:34 server ovpn-server[20755]: cf_per = 0
Sep 20 13:36:34 server ovpn-server[20755]: max_clients = 20
Sep 20 13:36:34 server ovpn-server[20755]: max_routes_per_client = 256
Sep 20 13:36:34 server ovpn-server[20755]: auth_user_pass_verify_script = '[UNDEF]'
Sep 20 13:36:34 server ovpn-server[20755]: auth_user_pass_verify_script_via_file = DISABLED
Sep 20 13:36:34 server ovpn-server[20755]: auth_token_generate = DISABLED
Sep 20 13:36:34 server ovpn-server[20755]: auth_token_lifetime = 0
Sep 20 13:36:34 server ovpn-server[20755]: port_share_host = '[UNDEF]'
Sep 20 13:36:34 server ovpn-server[20755]: port_share_port = '[UNDEF]'
Sep 20 13:36:34 server ovpn-server[20755]: client = DISABLED
Sep 20 13:36:34 server ovpn-server[20755]: pull = DISABLED
Sep 20 13:36:34 server ovpn-server[20755]: auth_user_pass_file = '[UNDEF]'
Sep 20 13:36:34 server ovpn-server[20755]: OpenVPN 2.4.0 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Oct 14 2018
Sep 20 13:36:34 server ovpn-server[20755]: library versions: OpenSSL 1.0.2l 25 May 2017, LZO 2.08
Sep 20 13:36:34 server ovpn-server[20761]: MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:1195
Sep 20 13:36:34 server ovpn-server[20761]: PLUGIN_INIT: POST /usr/lib/openvpn/openvpn-plugin-auth-pam.so '[/usr/lib/openvpn/openvpn-plugin-auth-pam.so] [login]' intercepted=PLUGIN_AUTH_USER_PASS_VERIFY
Sep 20 13:36:34 server ovpn-server[20761]: Diffie-Hellman initialized with 3072 bit key
Sep 20 13:36:34 server ovpn-server[20761]: TLS-Auth MTU parms [ L:1622 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Sep 20 13:36:34 server ovpn-server[20761]: ROUTE_GATEWAY x.x.x.x/255.255.255.192 IFACE=eth0 HWADDR=aa:bb:cc:dd:ee:ff
Sep 20 13:36:34 server ovpn-server[20761]: TUN/TAP device tun0 opened
Sep 20 13:36:34 server ovpn-server[20761]: TUN/TAP TX queue length set to 100
Sep 20 13:36:34 server ovpn-server[20761]: do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Sep 20 13:36:34 server ovpn-server[20761]: /sbin/ip link set dev tun0 up mtu 1500
Sep 20 13:36:34 server ovpn-server[20761]: /sbin/ip addr add dev tun0 10.8.0.1/24 broadcast 10.8.0.255
Sep 20 13:36:34 server ovpn-server[20761]: /sbin/ip route add 192.168.123.0/24 via 10.8.0.2
Sep 20 13:36:34 server ovpn-server[20761]: Data Channel MTU parms [ L:1622 D:1431 EF:122 EB:406 ET:0 EL:3 ]
Sep 20 13:36:34 server ovpn-server[20761]: Could not determine IPv4/IPv6 protocol. Using AF_INET
Sep 20 13:36:34 server ovpn-server[20761]: Socket Buffers: R=[212992->212992] S=[212992->212992]
Sep 20 13:36:34 server ovpn-server[20761]: UDPv4 link local (bound): [AF_INET][undef]:yyyyy
Sep 20 13:36:34 server ovpn-server[20761]: UDPv4 link remote: [AF_UNSPEC]
Sep 20 13:36:34 server ovpn-server[20761]: MULTI: multi_init called, r=256 v=256
Sep 20 13:36:34 server ovpn-server[20761]: IFCONFIG POOL: base=10.8.0.2 size=252, ipv6=0
Sep 20 13:36:34 server ovpn-server[20761]: Initialization Sequence Completed
Sep 20 13:36:45 server ovpn-server[20761]: MULTI: multi_create_instance called
Sep 20 13:36:45 server ovpn-server[20761]: z.z.z.z:31195 Re-using SSL/TLS context
Sep 20 13:36:45 server ovpn-server[20761]: z.z.z.z:31195 LZO compression initializing
Sep 20 13:36:45 server ovpn-server[20761]: z.z.z.z:31195 Control Channel MTU parms [ L:1622 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Sep 20 13:36:45 server ovpn-server[20761]: z.z.z.z:31195 Data Channel MTU parms [ L:1622 D:1431 EF:122 EB:406 ET:0 EL:3 ]
Sep 20 13:36:45 server ovpn-server[20761]: z.z.z.z:31195 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1602,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA512,keysize 256,key-method 2,tls-server'
Sep 20 13:36:45 server ovpn-server[20761]: z.z.z.z:31195 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1602,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA512,keysize 256,key-method 2,tls-client'
Sep 20 13:36:45 server ovpn-server[20761]: z.z.z.z:31195 TLS: Initial packet from [AF_INET]z.z.z.z:31195, sid=eb676579 8f3e5862
Sep 20 13:36:45 server ovpn-server[20761]: z.z.z.z:31195 peer info: IV_VER=2.5.3
Sep 20 13:36:45 server ovpn-server[20761]: z.z.z.z:31195 peer info: IV_PLAT=freebsd
Sep 20 13:36:45 server ovpn-server[20761]: z.z.z.z:31195 peer info: IV_PROTO=6
Sep 20 13:36:45 server ovpn-server[20761]: z.z.z.z:31195 peer info: IV_NCP=2
Sep 20 13:36:45 server ovpn-server[20761]: z.z.z.z:31195 peer info: IV_CIPHERS=AES-256-GCM:AES-128-GCM:AES-256-CBC
Sep 20 13:36:45 server ovpn-server[20761]: z.z.z.z:31195 peer info: IV_LZ4=1
Sep 20 13:36:45 server ovpn-server[20761]: z.z.z.z:31195 peer info: IV_LZ4v2=1
Sep 20 13:36:45 server ovpn-server[20761]: z.z.z.z:31195 peer info: IV_LZO=1
Sep 20 13:36:45 server ovpn-server[20761]: z.z.z.z:31195 peer info: IV_COMP_STUB=1
Sep 20 13:36:45 server ovpn-server[20761]: z.z.z.z:31195 peer info: IV_COMP_STUBv2=1
Sep 20 13:36:45 server ovpn-server[20761]: z.z.z.z:31195 peer info: IV_TCPNL=1
Sep 20 13:36:45 server ovpn-server[20761]: z.z.z.z:31195 PLUGIN_CALL: POST /usr/lib/openvpn/openvpn-plugin-auth-pam.so/PLUGIN_AUTH_USER_PASS_VERIFY status=0
Sep 20 13:36:45 server ovpn-server[20761]: z.z.z.z:31195 TLS: Username/Password authentication succeeded for username 'opnsense_router' [CN SET]
Sep 20 13:36:45 server ovpn-server[20761]: z.z.z.z:31195 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384
Sep 20 13:36:45 server ovpn-server[20761]: z.z.z.z:31195 [opnsense_router] Peer Connection Initiated with [AF_INET]z.z.z.z:31195
Sep 20 13:36:45 server ovpn-server[20761]: opnsense_router/z.z.z.z:31195 OPTIONS IMPORT: reading client specific options from: /etc/openvpn/ccd/opnsense_router
Sep 20 13:36:45 server ovpn-server[20761]: opnsense_router/z.z.z.z:31195 MULTI: Learn: 10.8.0.10 -> opnsense_router/z.z.z.z:31195
Sep 20 13:36:45 server ovpn-server[20761]: opnsense_router/z.z.z.z:31195 MULTI: primary virtual IP for opnsense_router/z.z.z.z:31195: 10.8.0.10
Sep 20 13:36:45 server ovpn-server[20761]: opnsense_router/z.z.z.z:31195 MULTI: internal route 192.168.123.0/24 -> opnsense_router/z.z.z.z:31195
Sep 20 13:36:45 server ovpn-server[20761]: opnsense_router/z.z.z.z:31195 MULTI: Learn: 192.168.123.0/24 -> opnsense_router/z.z.z.z:31195
Sep 20 13:36:45 server ovpn-server[20761]: opnsense_router/z.z.z.z:31195 REMOVE PUSH ROUTE: 'route 192.168.123.0 255.255.255.0'
Sep 20 13:36:46 server ovpn-server[20761]: opnsense_router/z.z.z.z:31195 PUSH: Received control message: 'PUSH_REQUEST'
Sep 20 13:36:46 server ovpn-server[20761]: opnsense_router/z.z.z.z:31195 SENT CONTROL [opnsense_router]: 'PUSH_REPLY,route 10.8.0.0 255.255.255.0,dhcp-option DNS 192.168.123.1,dhcp-option WINS 192.168.123.10,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 60,ifconfig 10.8.0.10 10.8.0.1,peer-id 0,cipher AES-256-GCM' (status=1)
Sep 20 13:36:46 server ovpn-server[20761]: opnsense_router/z.z.z.z:31195 Data Channel MTU parms [ L:1550 D:1431 EF:50 EB:406 ET:0 EL:3 ]
Sep 20 13:36:46 server ovpn-server[20761]: opnsense_router/z.z.z.z:31195 Data Channel Encrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
Sep 20 13:36:46 server ovpn-server[20761]: opnsense_router/z.z.z.z:31195 Data Channel Decrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
Sep 20 13:36:47 server ovpn-server[20761]: opnsense_router/z.z.z.z:31195 MULTI: bad source address from client [::], packet dropped
Sep 20 13:36:47 server ovpn-server[20761]: opnsense_router/z.z.z.z:31195 MULTI: bad source address from client [::], packet dropped
Sep 20 13:36:47 server ovpn-server[20761]: opnsense_router/z.z.z.z:31195 MULTI: bad source address from client [::], packet dropped
Sep 20 13:37:08 server ovpn-server[20761]: event_wait : Interrupted system call (code=4)
Sep 20 13:37:08 server ovpn-server[20761]: TCP/UDP: Closing socket
Sep 20 13:37:08 server ovpn-server[20761]: /sbin/ip route del 192.168.123.0/24
Sep 20 13:37:08 server systemd[1]: Stopping OpenVPN connection to server...
Sep 20 13:37:08 server systemd[1]: Stopped OpenVPN service.
Sep 20 13:37:08 server ovpn-server[20761]: Closing TUN/TAP interface
Sep 20 13:37:08 server ovpn-server[20761]: /sbin/ip addr del dev tun0 10.8.0.1/24
Sep 20 13:37:08 server ovpn-server[20761]: PLUGIN_CLOSE: /usr/lib/openvpn/openvpn-plugin-auth-pam.so
Sep 20 13:37:08 server ovpn-server[20761]: SIGTERM[hard,] received, process exiting
Sep 20 13:37:08 server systemd[1]: Stopped OpenVPN connection to server.
How can I get rid of this route?
Best regards and thanks in advance,
Dennis