I want to make connections to a GIRA X1 device. This device has an embedded OpenVPN server, there are 2 profiles available:
profile user
remote xxxx.giradns.com 1195
client
dev tun
proto udp
nobind
persist-key
persist-tun
verb 3
resolv-retry 60
remote-cert-tls server
auth-user-pass
comp-lzo
auth-nocache
cipher AES-256-CBC
<ca>
-----BEGIN CERTIFICATE-----
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
-----END PRIVATE KEY-----
</key>
Profile installer
remote xxxx.giradns.com 1194
client
dev tap
proto udp
nobind
persist-key
persist-tun
verb 3
resolv-retry 60
remote-cert-tls server
auth-user-pass
comp-lzo
auth-nocache
cipher AES-256-CBC
<ca>
-----BEGIN CERTIFICATE-----
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
-----END PRIVATE KEY-----
</key>
I'm able to connect with profile user, the connection works. But there is no connection possible with profile installer! Here is the Log from a connection attempt as installer:
installer Log
2021-11-19 12:16:06 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
2021-11-19 12:16:06 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
2021-11-19 12:16:06 OpenVPN 2.5.4 Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Oct 20 2021
2021-11-19 12:16:06 Windows version 6.1 (Windows 7) 64bit
2021-11-19 12:16:06 library versions: OpenSSL 1.1.1l 24 Aug 2021, LZO 2.10
2021-11-19 12:16:06 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
2021-11-19 12:16:06 Need hold release from management interface, waiting...
2021-11-19 12:16:06 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
2021-11-19 12:16:07 MANAGEMENT: CMD 'state on'
2021-11-19 12:16:07 MANAGEMENT: CMD 'log all on'
2021-11-19 12:16:07 MANAGEMENT: CMD 'echo all on'
2021-11-19 12:16:07 MANAGEMENT: CMD 'bytecount 5'
2021-11-19 12:16:07 MANAGEMENT: CMD 'hold off'
2021-11-19 12:16:07 MANAGEMENT: CMD 'hold release'
2021-11-19 12:16:09 MANAGEMENT: CMD 'username "Auth" "Administrator"'
2021-11-19 12:16:09 MANAGEMENT: CMD 'password [...]'
2021-11-19 12:16:09 MANAGEMENT: >STATE:1637320569,RESOLVE,,,,,,
2021-11-19 12:16:09 TCP/UDP: Preserving recently used remote address: [AF_INET]46.124.70.14:1194
2021-11-19 12:16:09 Socket Buffers: R=[8192->8192] S=[8192->8192]
2021-11-19 12:16:09 UDP link local: (not bound)
2021-11-19 12:16:09 UDP link remote: [AF_INET]46.124.70.14:1194
2021-11-19 12:16:09 MANAGEMENT: >STATE:1637320569,WAIT,,,,,,
2021-11-19 12:16:09 MANAGEMENT: >STATE:1637320569,AUTH,,,,,,
2021-11-19 12:16:09 TLS: Initial packet from [AF_INET]46.124.70.14:1194, sid=d2db3894 d76f9682
2021-11-19 12:16:09 VERIFY OK: depth=1, CN=GSRVKX02-000ab3297c95 CA
2021-11-19 12:16:09 VERIFY KU OK
2021-11-19 12:16:09 Validating certificate extended key usage
2021-11-19 12:16:09 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2021-11-19 12:16:09 VERIFY EKU OK
2021-11-19 12:16:09 VERIFY OK: depth=0, CN=GSRVKX02-000ab3297c95 CA
2021-11-19 12:16:09 WARNING: 'dev-type' is used inconsistently, local='dev-type tap', remote='dev-type tun'
2021-11-19 12:16:09 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1590', remote='link-mtu 1542'
2021-11-19 12:16:09 WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1532', remote='tun-mtu 1500'
2021-11-19 12:16:09 WARNING: 'keysize' is used inconsistently, local='keysize 256', remote='keysize 128'
2021-11-19 12:16:09 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256
2021-11-19 12:16:09 [GSRVKX02-000ab3297c95 CA] Peer Connection Initiated with [AF_INET]46.124.70.14:1194
2021-11-19 12:16:10 MANAGEMENT: >STATE:1637320570,GET_CONFIG,,,,,,
2021-11-19 12:16:10 SENT CONTROL [GSRVKX02-000ab3297c95 CA]: 'PUSH_REQUEST' (status=1)
2021-11-19 12:16:11 PUSH: Received control message: 'PUSH_REPLY,route 192.168.1.0 255.255.255.0,route 10.8.13.1,topology net30,ping 10,ping-restart 60,ifconfig 10.8.13.10 10.8.13.9,peer-id 1,cipher AES-256-GCM'
2021-11-19 12:16:11 OPTIONS IMPORT: timers and/or timeouts modified
2021-11-19 12:16:11 OPTIONS IMPORT: --ifconfig/up options modified
2021-11-19 12:16:11 OPTIONS IMPORT: route options modified
2021-11-19 12:16:11 OPTIONS IMPORT: peer-id set
2021-11-19 12:16:11 OPTIONS IMPORT: adjusting link_mtu to 1657
2021-11-19 12:16:11 OPTIONS IMPORT: data channel crypto options modified
2021-11-19 12:16:11 Data Channel: using negotiated cipher 'AES-256-GCM'
2021-11-19 12:16:11 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2021-11-19 12:16:11 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2021-11-19 12:16:11 WARNING: Since you are using --dev tap, the second argument to --ifconfig must be a netmask, for example something like 255.255.255.0. (silence this warning with --ifconfig-nowarn)
2021-11-19 12:16:11 interactive service msg_channel=392
2021-11-19 12:16:11 OpenVPN ROUTE: OpenVPN needs a gateway parameter for a --route option and no default was specified by either --route-gateway or --ifconfig options
2021-11-19 12:16:11 OpenVPN ROUTE: failed to parse/resolve route for host/network: 10.8.13.1
2021-11-19 12:16:11 OpenVPN ROUTE: OpenVPN needs a gateway parameter for a --route option and no default was specified by either --route-gateway or --ifconfig options
2021-11-19 12:16:11 OpenVPN ROUTE: failed to parse/resolve route for host/network: 192.168.1.0
2021-11-19 12:16:11 open_tun
2021-11-19 12:16:11 tap-windows6 device [OpenVPN TAP-Windows6] opened
2021-11-19 12:16:11 TAP-Windows Driver Version 9.24
2021-11-19 12:16:11 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.8.13.10/10.8.13.9 on interface {F4F6B314-BF80-4A0C-89A3-F1B192491757} [DHCP-serv: 10.8.13.8, lease-time: 31536000]
2021-11-19 12:16:11 Successful ARP Flush on interface [20] {F4F6B314-BF80-4A0C-89A3-F1B192491757}
2021-11-19 12:16:11 MANAGEMENT: >STATE:1637320571,ASSIGN_IP,,10.8.13.10,,,,
2021-11-19 12:16:11 IPv4 MTU set to 1500 on interface 20 using service
2021-11-19 12:16:16 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
2021-11-19 12:16:16 Route: Waiting for TUN/TAP interface to come up...
2021-11-19 12:16:21 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
2021-11-19 12:16:21 Route: Waiting for TUN/TAP interface to come up...
2021-11-19 12:16:22 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
2021-11-19 12:16:22 Route: Waiting for TUN/TAP interface to come up...
2021-11-19 12:16:23 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
2021-11-19 12:16:23 Route: Waiting for TUN/TAP interface to come up...
2021-11-19 12:16:24 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
2021-11-19 12:16:24 Route: Waiting for TUN/TAP interface to come up...
2021-11-19 12:16:25 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
2021-11-19 12:16:25 Route: Waiting for TUN/TAP interface to come up...
2021-11-19 12:16:26 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
2021-11-19 12:16:26 Route: Waiting for TUN/TAP interface to come up...
2021-11-19 12:16:27 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
2021-11-19 12:16:27 Route: Waiting for TUN/TAP interface to come up...
2021-11-19 12:16:28 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
2021-11-19 12:16:28 Route: Waiting for TUN/TAP interface to come up...
2021-11-19 12:16:29 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
2021-11-19 12:16:29 Route: Waiting for TUN/TAP interface to come up...
2021-11-19 12:16:30 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
2021-11-19 12:16:30 Route: Waiting for TUN/TAP interface to come up...
2021-11-19 12:16:31 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
2021-11-19 12:16:31 Route: Waiting for TUN/TAP interface to come up...
2021-11-19 12:16:32 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
2021-11-19 12:16:32 Route: Waiting for TUN/TAP interface to come up...
2021-11-19 12:16:33 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
2021-11-19 12:16:33 Route: Waiting for TUN/TAP interface to come up...
2021-11-19 12:16:34 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
2021-11-19 12:16:34 Route: Waiting for TUN/TAP interface to come up...
2021-11-19 12:16:35 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
2021-11-19 12:16:35 Route: Waiting for TUN/TAP interface to come up...
2021-11-19 12:16:36 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
2021-11-19 12:16:36 Route: Waiting for TUN/TAP interface to come up...
2021-11-19 12:16:37 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
2021-11-19 12:16:37 Route: Waiting for TUN/TAP interface to come up...
2021-11-19 12:16:38 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
2021-11-19 12:16:38 Route: Waiting for TUN/TAP interface to come up...
2021-11-19 12:16:39 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
2021-11-19 12:16:39 Route: Waiting for TUN/TAP interface to come up...
2021-11-19 12:16:40 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
2021-11-19 12:16:40 Route: Waiting for TUN/TAP interface to come up...
2021-11-19 12:16:41 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
2021-11-19 12:16:41 Route: Waiting for TUN/TAP interface to come up...
2021-11-19 12:16:42 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
2021-11-19 12:16:42 Route: Waiting for TUN/TAP interface to come up...
2021-11-19 12:16:43 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
2021-11-19 12:16:43 Route: Waiting for TUN/TAP interface to come up...
2021-11-19 12:16:44 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
2021-11-19 12:16:44 Route: Waiting for TUN/TAP interface to come up...
2021-11-19 12:16:45 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
2021-11-19 12:16:45 Route: Waiting for TUN/TAP interface to come up...
2021-11-19 12:16:46 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
SYSTEM ROUTING TABLE
0.0.0.0 0.0.0.0 192.168.0.200 p=0 i=11 t=4 pr=3 a=1204 h=0 m=10/0/0/0/0
127.0.0.0 255.0.0.0 127.0.0.1 p=0 i=1 t=3 pr=3 a=1218 h=0 m=306/0/0/0/0
127.0.0.1 255.255.255.255 127.0.0.1 p=0 i=1 t=3 pr=3 a=1218 h=0 m=306/0/0/0/0
127.255.255.255 255.255.255.255 127.0.0.1 p=0 i=1 t=3 pr=3 a=1218 h=0 m=306/0/0/0/0
192.168.0.0 255.255.255.0 192.168.0.26 p=0 i=11 t=3 pr=3 a=1204 h=0 m=266/0/0/0/0
192.168.0.26 255.255.255.255 192.168.0.26 p=0 i=11 t=3 pr=3 a=1204 h=0 m=266/0/0/0/0
192.168.0.255 255.255.255.255 192.168.0.26 p=0 i=11 t=3 pr=3 a=1204 h=0 m=266/0/0/0/0
224.0.0.0 240.0.0.0 127.0.0.1 p=0 i=1 t=3 pr=3 a=1218 h=0 m=306/0/0/0/0
224.0.0.0 240.0.0.0 192.168.0.26 p=0 i=11 t=3 pr=3 a=1207 h=0 m=266/0/0/0/0
224.0.0.0 240.0.0.0 0.0.0.0 p=0 i=20 t=3 pr=3 a=1052 h=0 m=266/0/0/0/0
255.255.255.255 255.255.255.255 127.0.0.1 p=0 i=1 t=3 pr=3 a=1218 h=0 m=306/0/0/0/0
255.255.255.255 255.255.255.255 192.168.0.26 p=0 i=11 t=3 pr=3 a=1207 h=0 m=266/0/0/0/0
255.255.255.255 255.255.255.255 0.0.0.0 p=0 i=20 t=3 pr=3 a=1052 h=0 m=266/0/0/0/0
SYSTEM ADAPTER LIST
TAP-Windows Adapter V9
Index = 20
GUID = {F4F6B314-BF80-4A0C-89A3-F1B192491757}
IP = 0.0.0.0/0.0.0.0
MAC = 00:ff:f4:f6:b3:14
GATEWAY = 0.0.0.0/255.255.255.255
DHCP SERV = 0.0.0.0/255.255.255.255
DHCP LEASE OBTAINED = 2021-11-19 12:16:46
DHCP LEASE EXPIRES = 2021-11-19 12:16:46
DNS SERV =
Wintun Userspace Tunnel
Index = 19
GUID = {617B47D6-785B-451B-95CC-0D91B49DACF8}
IP = 0.0.0.0/0.0.0.0
MAC =
GATEWAY = 0.0.0.0/255.255.255.255
DNS SERV =
Intel(R) PRO/1000 MT-Netzwerkverbindung
Index = 11
GUID = {1C239BCB-0CBE-4C87-8131-729C451D0DC1}
IP = 192.168.0.26/255.255.255.0
MAC = 00:0c:29:00:00:26
GATEWAY = 192.168.0.200/255.255.255.255
DHCP SERV = 192.168.0.101/255.255.255.255
DHCP LEASE OBTAINED = 2021-11-19 11:56:41
DHCP LEASE EXPIRES = 2021-11-19 15:56:41
PRI WINS = 192.168.0.101/255.255.255.255
SEC WINS =
DNS SERV = 192.168.0.101/255.255.255.255
2021-11-19 12:16:46 Initialization Sequence Completed With Errors ( see http://openvpn.net/faq.html#dhcpclientserv )
2021-11-19 12:16:46 MANAGEMENT: >STATE:1637320606,CONNECTED,ERROR,10.8.13.10,46.124.70.14,1194,,
[oconf]
I do not understand the Log, are there any hints to solve the problem?
GKap