I think routing is my issue...

Unca Xitron · Post by **Unca Xitron** » Sun Aug 30, 2009 3:10 am

My goal is to provide my road warriors access from outside the office in a secure manner. They are running Windows XP Pro. I am attempting to use routing rather than bridging, so tun rather than tap. On board firewalls disabled on client and server, port 1194 given full access on both perimeter firewalls.

I am running an Endian firewall, and using port forwarding from one of my externally available IP's to forward all port 1194 traffic coming to the firewall to port 1194 on a machine inside my firewall that is running openvpn on a Debian box. Once connected to that machine, I want my users to be able to do 2 basic things.
1. Map a network drive that they normally could map within the office on the private LAN
2. Route traffic to a few specific IP addresses through the tunnel so that when they depart the private LAN in the office for the internet, they are given our NAT address in the office which will allow them through the first level of security into these specific servers.

I'll have to fake the external IP addresses here for security reasons, and I'll be faking them with addresses which could not exist in the real world.

333.0.0.1 - External facing IP on firewall that will port forward to openvpn server inside private LAN
333.0.0.221 - NAT address assigned to all users in my office when the access the internet through the firewall
10.0.20.81 - Internal private IP of openvpn server
10.0.20.0 255.255.255.0 - Internal private LAN address scheme; one subnet off the 10.0.20 range
192.168.100.0 255.255.255.0 - Subnet created by openvpn server for users to be assigned as they connect
192.168.80.0 255.255.255.0 - Home network this is being tested from
69.145.333.18 - IP address assigned to home network cable modem, used as home NAT
333.10.0.1 - 1st server the users need to access on web through the tunnel and out via NAT
333.10.0.2 - 2nd server the users need to access on web through the tunnel and out via NAT
333.10.0.3 - 3rd server the users need to access on web through the tunnel and out via NAT

eth3 = wireless connection to home network

I've tried many many configurations on the servers and clients, so I'll post what I'm currently using for this server and my test client. For simplicity, tonight I'll be using my Ubuntu Jaunty notebook as the client, running the following command:
openvpn --config client_routed_20090826.ovpn

My "log" from the Linux client will be the output from the command line. I'd be using my XP notebook, but I've been having success with my Linux notebook, and when I tried it on XP this evening with the same exact client script it began complaining about the following, which is something I'll try to figure out after I get things routed correctly...
Sat Aug 29 19:46:48 2009 us=74197 UDPv4 WRITE [42] to 333.0.0.221:1194: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #22 ] [ ] pid=0 DATA len=0
Sat Aug 29 19:46:48 2009 us=76455 write UDPv4: Permision denied (WSAEACCES) (code=10013)

This new error has not happened till tonight. If anyone has a quick URL for that one, I'd appreciated it, but it is secondary to the real problem of routing.

### Begin Server config ###
proto udp
port 1194
dev tun0
mode server
server 192.168.100.0 255.255.255.0
dh /etc/openvpn/keys/dh1024.pem
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key # This file should be kept secret
tls-server
tls-auth /etc/openvpn/keys/ta.key 0 # This file is secret
mtu-test
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
user nobody
group nogroup
keepalive 10 120
push "ping 10"
push "ping-restart 60"
persist-key
persist-tun
push "route 10.0.20.0 255.255.255.0" # route to company network
comp-lzo
max-clients 20
status-version 2
status openvpn-status.log
log openvpn.log
cipher BF-CBC # Blowfish (default)
verb 6
mute 20
### End Server config ###

### Begin client config ###
proto udp
port 1194
dev tun
remote 333.0.0.221
ns-cert-type server
tls-client
tls-auth "/home/user/openvpn/ta.key" 1
ca "/home/user/openvpn/ca.crt"
cert "/home/user/openvpn/user.crt"
key "/home/user/openvpn/user.key"
mtu-test
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
pull
comp-lzo
route-gateway 192.168.100.5
cipher BF-CBC # Blowfish (default)
log openvpn.log
verb 6
### End client config ###

### Begin server 'route -n' output ###
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.100.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
192.168.100.0 192.168.100.2 255.255.255.0 UG 0 0 0 tun0
10.0.20.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.50.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
0.0.0.0 10.0.20.1 0.0.0.0 UG 0 0 0 eth0
### End server 'route -n' output ###

### Begin client 'route -n' output ###
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.100.1 192.168.100.5 255.255.255.255 UGH 0 0 0 tun0
192.168.100.5 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
333.0.0.221 192.168.80.1 255.255.255.255 UGH 0 0 0 eth3
10.0.20.0 192.168.100.5 255.255.255.0 UG 0 0 0 tun0
10.0.20.0 0.0.0.0 255.255.255.0 U 1000 0 0 eth3
192.168.80.0 0.0.0.0 255.255.255.0 U 2 0 0 eth3
0.0.0.0 192.168.100.5 128.0.0.0 UG 0 0 0 tun0
128.0.0.0 192.168.100.5 128.0.0.0 UG 0 0 0 tun0
0.0.0.0 192.168.80.1 0.0.0.0 UG 0 0 0 eth3
### End client 'route -n' output ###

### Begin server 'ifconfig' output ###
eth0 Link encap:Ethernet HWaddr 00:0c:29:xx:xx:xx
inet addr:10.0.20.81 Bcast:10.255.255.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:feb0:4f25/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:124010 errors:0 dropped:0 overruns:0 frame:0
TX packets:57227 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:16252868 (15.4 MiB) TX bytes:10190301 (9.7 MiB)
Interrupt:18 Base address:0x1400

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:12 errors:0 dropped:0 overruns:0 frame:0
TX packets:12 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:896 (896.0 B) TX bytes:896 (896.0 B)

tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:192.168.100.1 P-t-P:192.168.100.2 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:246 errors:0 dropped:0 overruns:0 frame:0
TX packets:44 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:15720 (15.3 KiB) TX bytes:6752 (6.5 KiB)
### End server 'ifconfig' output ###

### Begin client 'ifconfig' output ###
eth3 Link encap:Ethernet HWaddr 00:24:2c:xx:xx:xx
inet addr:192.168.80.23 Bcast:192.168.80.255 Mask:255.255.255.0
inet6 addr: fe80::224:2cff:fe08:64e1/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:84400 errors:0 dropped:0 overruns:0 frame:12524
TX packets:69793 errors:23 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:84174503 (84.1 MB) TX bytes:11658899 (11.6 MB)
Interrupt:17 Base address:0xc000

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:1855 errors:0 dropped:0 overruns:0 frame:0
TX packets:1855 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:150220 (150.2 KB) TX bytes:150220 (150.2 KB)

tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:192.168.100.6 P-t-P:192.168.100.5 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:44 errors:0 dropped:0 overruns:0 frame:0
TX packets:259 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:8304 (8.3 KB) TX bytes:23580 (23.5 KB)
### End client 'ifconfig' output ###

### Begin server log ###
Sat Aug 29 19:53:31 2009 us=329826 Current Parameter Settings:
Sat Aug 29 19:53:31 2009 us=330208 config = '/etc/openvpn/server.conf'
Sat Aug 29 19:53:31 2009 us=330270 mode = 1
Sat Aug 29 19:53:31 2009 us=330323 persist_config = DISABLED
Sat Aug 29 19:53:31 2009 us=330367 persist_mode = 1
Sat Aug 29 19:53:31 2009 us=330409 show_ciphers = DISABLED
Sat Aug 29 19:53:31 2009 us=330453 show_digests = DISABLED
Sat Aug 29 19:53:31 2009 us=330495 show_engines = DISABLED
Sat Aug 29 19:53:31 2009 us=330538 genkey = DISABLED
Sat Aug 29 19:53:31 2009 us=330585 key_pass_file = '[UNDEF]'
Sat Aug 29 19:53:31 2009 us=330629 show_tls_ciphers = DISABLED
Sat Aug 29 19:53:31 2009 us=330684 Connection profiles [default]:
Sat Aug 29 19:53:31 2009 us=330731 proto = udp
Sat Aug 29 19:53:31 2009 us=330773 local = '[UNDEF]'
Sat Aug 29 19:53:31 2009 us=330816 local_port = 1194
Sat Aug 29 19:53:31 2009 us=330868 remote = '[UNDEF]'
Sat Aug 29 19:53:31 2009 us=330912 remote_port = 1194
Sat Aug 29 19:53:31 2009 us=330955 remote_float = DISABLED
Sat Aug 29 19:53:31 2009 us=330999 bind_defined = DISABLED
Sat Aug 29 19:53:31 2009 us=331042 bind_local = ENABLED
Sat Aug 29 19:53:31 2009 us=331084 NOTE: --mute triggered...
Sat Aug 29 19:53:31 2009 us=331150 238 variation(s) on previous 20 message(s) suppressed by --mute
Sat Aug 29 19:53:31 2009 us=331209 OpenVPN 2.1_rc11 i486-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] built on Sep 18 2008
Sat Aug 29 19:53:31 2009 us=342117 Diffie-Hellman initialized with 1024 bit key
Sat Aug 29 19:53:31 2009 us=343955 /usr/bin/openssl-vulnkey -q -b 1024 -m <modulus omitted>
Sat Aug 29 19:53:32 2009 us=320384 Control Channel Authentication: using '/etc/openvpn/keys/ta.key' as a OpenVPN static key file
Sat Aug 29 19:53:32 2009 us=320550 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Aug 29 19:53:32 2009 us=320611 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Aug 29 19:53:32 2009 us=320709 TLS-Auth MTU parms [ L:1574 D:166 EF:66 EB:0 ET:0 EL:0 ]
Sat Aug 29 19:53:32 2009 us=321496 ROUTE default_gateway=10.0.20.1
Sat Aug 29 19:53:32 2009 us=332511 TUN/TAP device tun0 opened
Sat Aug 29 19:53:32 2009 us=332610 TUN/TAP TX queue length set to 100
Sat Aug 29 19:53:32 2009 us=332692 /sbin/ifconfig tun0 192.168.100.1 pointopoint 192.168.100.2 mtu 1500
Sat Aug 29 19:53:32 2009 us=342495 /sbin/route add -net 192.168.100.0 netmask 255.255.255.0 gw 192.168.100.2
Sat Aug 29 19:53:32 2009 us=347952 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
Sat Aug 29 19:53:32 2009 us=351472 GID set to nogroup
Sat Aug 29 19:53:32 2009 us=351830 UID set to nobody
Sat Aug 29 19:53:32 2009 us=351975 Socket Buffers: R=[111616->131072] S=[111616->131072]
Sat Aug 29 19:53:32 2009 us=352090 UDPv4 link local (bound): [undef]:1194
Sat Aug 29 19:53:32 2009 us=352135 UDPv4 link remote: [undef]
Sat Aug 29 19:53:32 2009 us=352211 MULTI: multi_init called, r=256 v=256
Sat Aug 29 19:53:32 2009 us=352550 IFCONFIG POOL: base=192.168.100.4 size=62
Sat Aug 29 19:53:32 2009 us=352696 Initialization Sequence Completed
Sat Aug 29 19:53:39 2009 us=117034 MULTI: multi_create_instance called
Sat Aug 29 19:53:39 2009 us=117233 69.145.333.18:1194 Re-using SSL/TLS context
Sat Aug 29 19:53:39 2009 us=117381 69.145.333.18:1194 LZO compression initialized
Sat Aug 29 19:53:39 2009 us=118151 69.145.333.18:1194 Control Channel MTU parms [ L:1574 D:166 EF:66 EB:0 ET:0 EL:0 ]
Sat Aug 29 19:53:39 2009 us=118210 69.145.333.18:1194 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
Sat Aug 29 19:53:39 2009 us=118451 69.145.333.18:1194 Local Options String: 'V4,dev-type tun,link-mtu 1574,tun-mtu 1532,proto UDPv4,comp-lzo,keydir 0,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server'
Sat Aug 29 19:53:39 2009 us=118497 69.145.333.18:1194 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1574,tun-mtu 1532,proto UDPv4,comp-lzo,keydir 1,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client'
Sat Aug 29 19:53:39 2009 us=118694 69.145.333.18:1194 Local Options hash (VER=V4): '7cd8ed90'
Sat Aug 29 19:53:39 2009 us=118748 69.145.333.18:1194 Expected Remote Options hash (VER=V4): 'ec497616'
Sat Aug 29 19:53:39 2009 us=118911 69.145.333.18:1194 UDPv4 READ [42] from 69.145.333.18:1194: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #1 ] [ ] pid=0 DATA len=0
Sat Aug 29 19:53:39 2009 us=119007 69.145.333.18:1194 TLS: Initial packet from 69.145.333.18:1194, sid=cc5e5df9 1cd43e49
Sat Aug 29 19:53:39 2009 us=119114 69.145.333.18:1194 UDPv4 WRITE [54] to 69.145.333.18:1194: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 pid=[ #1 ] [ 0 ] pid=0 DATA len=0
Sat Aug 29 19:53:39 2009 us=223981 69.145.333.18:1194 UDPv4 READ [50] from 69.145.333.18:1194: P_ACK_V1 kid=0 pid=[ #2 ] [ 0 ]
Sat Aug 29 19:53:39 2009 us=231138 69.145.333.18:1194 UDPv4 READ [135] from 69.145.333.18:1194: P_CONTROL_V1 kid=0 pid=[ #3 ] [ ] pid=1 DATA len=93
Sat Aug 29 19:53:39 2009 us=247037 69.145.333.18:1194 UDPv4 WRITE [154] to 69.145.333.18:1194: P_CONTROL_V1 kid=0 pid=[ #2 ] [ 1 ] pid=1 DATA len=100
Sat Aug 29 19:53:39 2009 us=247439 69.145.333.18:1194 UDPv4 WRITE [142] to 69.145.333.18:1194: P_CONTROL_V1 kid=0 pid=[ #3 ] [ ] pid=2 DATA len=100
Sat Aug 29 19:53:39 2009 us=247830 69.145.333.18:1194 UDPv4 WRITE [142] to 69.145.333.18:1194: P_CONTROL_V1 kid=0 pid=[ #4 ] [ ] pid=3 DATA len=100
Sat Aug 29 19:53:39 2009 us=248184 69.145.333.18:1194 UDPv4 WRITE [142] to 69.145.333.18:1194: P_CONTROL_V1 kid=0 pid=[ #5 ] [ ] pid=4 DATA len=100
Sat Aug 29 19:53:39 2009 us=350575 69.145.333.18:1194 UDPv4 READ [50] from 69.145.333.18:1194: P_ACK_V1 kid=0 pid=[ #4 ] [ 1 ]
Sat Aug 29 19:53:39 2009 us=350718 69.145.333.18:1194 UDPv4 WRITE [142] to 69.145.333.18:1194: P_CONTROL_V1 kid=0 pid=[ #6 ] [ ] pid=5 DATA len=100
Sat Aug 29 19:53:39 2009 us=354390 69.145.333.18:1194 UDPv4 READ [50] from 69.145.333.18:1194: P_ACK_V1 kid=0 pid=[ #5 ] [ 2 ]
Sat Aug 29 19:53:39 2009 us=354510 69.145.333.18:1194 UDPv4 WRITE [142] to 69.145.333.18:1194: P_CONTROL_V1 kid=0 pid=[ #7 ] [ ] pid=6 DATA len=100
Sat Aug 29 19:53:39 2009 us=355227 69.145.333.18:1194 UDPv4 READ [50] from 69.145.333.18:1194: P_ACK_V1 kid=0 pid=[ #6 ] [ 3 ]
Sat Aug 29 19:53:39 2009 us=355338 69.145.333.18:1194 UDPv4 WRITE [142] to 69.145.333.18:1194: P_CONTROL_V1 kid=0 pid=[ #8 ] [ ] pid=7 DATA len=100
Sat Aug 29 19:53:39 2009 us=358342 69.145.333.18:1194 UDPv4 READ [50] from 69.145.333.18:1194: P_ACK_V1 kid=0 pid=[ #7 ] [ 4 ]
Sat Aug 29 19:53:39 2009 us=358452 69.145.333.18:1194 UDPv4 WRITE [142] to 69.145.333.18:1194: P_CONTROL_V1 kid=0 pid=[ #9 ] [ ] pid=8 DATA len=100
Sat Aug 29 19:53:39 2009 us=452829 69.145.333.18:1194 UDPv4 READ [50] from 69.145.333.18:1194: P_ACK_V1 kid=0 pid=[ #8 ] [ 5 ]
Sat Aug 29 19:53:39 2009 us=452966 69.145.333.18:1194 UDPv4 WRITE [142] to 69.145.333.18:1194: P_CONTROL_V1 kid=0 pid=[ #10 ] [ ] pid=9 DATA len=100
Sat Aug 29 19:53:39 2009 us=461391 69.145.333.18:1194 UDPv4 READ [50] from 69.145.333.18:1194: P_ACK_V1 kid=0 pid=[ #9 ] [ 6 ]
Sat Aug 29 19:53:39 2009 us=461516 69.145.333.18:1194 UDPv4 WRITE [142] to 69.145.333.18:1194: P_CONTROL_V1 kid=0 pid=[ #11 ] [ ] pid=10 DATA len=100
Sat Aug 29 19:53:39 2009 us=462068 69.145.333.18:1194 UDPv4 READ [50] from 69.145.333.18:1194: P_ACK_V1 kid=0 pid=[ #10 ] [ 7 ]
Sat Aug 29 19:53:39 2009 us=462160 69.145.333.18:1194 NOTE: --mute triggered...
Sat Aug 29 19:53:40 2009 us=330297 69.145.333.18:1194 59 variation(s) on previous 20 message(s) suppressed by --mute
Sat Aug 29 19:53:40 2009 us=330379 69.145.333.18:1194 VERIFY OK: depth=1, /C=US/ST=MT/L=Location/O=MyEmployer/OU=Systems_Administration/CN=openvpn/emailAddress=user@myemployer.com
Sat Aug 29 19:53:40 2009 us=330694 69.145.333.18:1194 VERIFY OK: depth=0, /C=US/ST=MT/L=Location/O=MyEmployer/OU=Systems_Administration/CN=user/emailAddress=user@myemployer.com
Sat Aug 29 19:53:40 2009 us=330807 69.145.333.18:1194 UDPv4 WRITE [50] to 69.145.333.18:1194: P_ACK_V1 kid=0 pid=[ #40 ] [ 22 ]
Sat Aug 29 19:53:40 2009 us=333555 69.145.333.18:1194 UDPv4 READ [142] from 69.145.333.18:1194: P_CONTROL_V1 kid=0 pid=[ #42 ] [ ] pid=23 DATA len=100
Sat Aug 29 19:53:40 2009 us=344176 69.145.333.18:1194 UDPv4 WRITE [50] to 69.145.333.18:1194: P_ACK_V1 kid=0 pid=[ #41 ] [ 23 ]
Sat Aug 29 19:53:40 2009 us=344540 69.145.333.18:1194 UDPv4 READ [142] from 69.145.333.18:1194: P_CONTROL_V1 kid=0 pid=[ #43 ] [ ] pid=24 DATA len=100
Sat Aug 29 19:53:40 2009 us=344911 69.145.333.18:1194 UDPv4 WRITE [50] to 69.145.333.18:1194: P_ACK_V1 kid=0 pid=[ #42 ] [ 24 ]
Sat Aug 29 19:53:40 2009 us=345252 69.145.333.18:1194 UDPv4 READ [97] from 69.145.333.18:1194: P_CONTROL_V1 kid=0 pid=[ #44 ] [ ] pid=25 DATA len=55
Sat Aug 29 19:53:40 2009 us=348477 69.145.333.18:1194 UDPv4 WRITE [154] to 69.145.333.18:1194: P_CONTROL_V1 kid=0 pid=[ #43 ] [ 25 ] pid=19 DATA len=100
Sat Aug 29 19:53:40 2009 us=349084 69.145.333.18:1194 UDPv4 WRITE [142] to 69.145.333.18:1194: P_CONTROL_V1 kid=0 pid=[ #44 ] [ ] pid=20 DATA len=100
Sat Aug 29 19:53:40 2009 us=349483 69.145.333.18:1194 UDPv4 WRITE [142] to 69.145.333.18:1194: P_CONTROL_V1 kid=0 pid=[ #45 ] [ ] pid=21 DATA len=100
Sat Aug 29 19:53:40 2009 us=349837 69.145.333.18:1194 UDPv4 WRITE [142] to 69.145.333.18:1194: P_CONTROL_V1 kid=0 pid=[ #46 ] [ ] pid=22 DATA len=100
Sat Aug 29 19:53:40 2009 us=461316 69.145.333.18:1194 UDPv4 READ [50] from 69.145.333.18:1194: P_ACK_V1 kid=0 pid=[ #45 ] [ 19 ]
Sat Aug 29 19:53:40 2009 us=461451 69.145.333.18:1194 UDPv4 WRITE [142] to 69.145.333.18:1194: P_CONTROL_V1 kid=0 pid=[ #47 ] [ ] pid=23 DATA len=100
Sat Aug 29 19:53:40 2009 us=461812 69.145.333.18:1194 UDPv4 READ [50] from 69.145.333.18:1194: P_ACK_V1 kid=0 pid=[ #46 ] [ 20 ]
Sat Aug 29 19:53:40 2009 us=461905 69.145.333.18:1194 UDPv4 WRITE [142] to 69.145.333.18:1194: P_CONTROL_V1 kid=0 pid=[ #48 ] [ ] pid=24 DATA len=100
Sat Aug 29 19:53:40 2009 us=462460 69.145.333.18:1194 UDPv4 READ [50] from 69.145.333.18:1194: P_ACK_V1 kid=0 pid=[ #47 ] [ 21 ]
Sat Aug 29 19:53:40 2009 us=462554 69.145.333.18:1194 UDPv4 WRITE [142] to 69.145.333.18:1194: P_CONTROL_V1 kid=0 pid=[ #49 ] [ ] pid=25 DATA len=100
Sat Aug 29 19:53:40 2009 us=462897 69.145.333.18:1194 UDPv4 READ [50] from 69.145.333.18:1194: P_ACK_V1 kid=0 pid=[ #48 ] [ 22 ]
Sat Aug 29 19:53:40 2009 us=462987 69.145.333.18:1194 UDPv4 WRITE [142] to 69.145.333.18:1194: P_CONTROL_V1 kid=0 pid=[ #50 ] [ ] pid=26 DATA len=100
Sat Aug 29 19:53:40 2009 us=562440 69.145.333.18:1194 UDPv4 READ [50] from 69.145.333.18:1194: P_ACK_V1 kid=0 pid=[ #49 ] [ 23 ]
Sat Aug 29 19:53:40 2009 us=562579 69.145.333.18:1194 UDPv4 WRITE [142] to 69.145.333.18:1194: P_CONTROL_V1 kid=0 pid=[ #51 ] [ ] pid=27 DATA len=100
Sat Aug 29 19:53:40 2009 us=566932 69.145.333.18:1194 NOTE: --mute triggered...
Sat Aug 29 19:53:40 2009 us=780551 69.145.333.18:1194 18 variation(s) on previous 20 message(s) suppressed by --mute
Sat Aug 29 19:53:40 2009 us=780656 69.145.333.18:1194 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Aug 29 19:53:40 2009 us=780713 69.145.333.18:1194 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Aug 29 19:53:40 2009 us=780800 69.145.333.18:1194 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Aug 29 19:53:40 2009 us=780845 69.145.333.18:1194 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Aug 29 19:53:40 2009 us=781044 69.145.333.18:1194 UDPv4 WRITE [154] to 69.145.333.18:1194: P_CONTROL_V1 kid=0 pid=[ #59 ] [ 29 ] pid=32 DATA len=100
Sat Aug 29 19:53:40 2009 us=781491 69.145.333.18:1194 UDPv4 WRITE [142] to 69.145.333.18:1194: P_CONTROL_V1 kid=0 pid=[ #60 ] [ ] pid=33 DATA len=100
Sat Aug 29 19:53:40 2009 us=781874 69.145.333.18:1194 UDPv4 WRITE [124] to 69.145.333.18:1194: P_CONTROL_V1 kid=0 pid=[ #61 ] [ ] pid=34 DATA len=82
Sat Aug 29 19:53:40 2009 us=885260 69.145.333.18:1194 UDPv4 READ [50] from 69.145.333.18:1194: P_ACK_V1 kid=0 pid=[ #61 ] [ 32 ]
Sat Aug 29 19:53:40 2009 us=889218 69.145.333.18:1194 UDPv4 READ [50] from 69.145.333.18:1194: P_ACK_V1 kid=0 pid=[ #62 ] [ 33 ]
Sat Aug 29 19:53:40 2009 us=889778 69.145.333.18:1194 UDPv4 READ [50] from 69.145.333.18:1194: P_ACK_V1 kid=0 pid=[ #63 ] [ 34 ]
Sat Aug 29 19:53:40 2009 us=889914 69.145.333.18:1194 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Sat Aug 29 19:53:40 2009 us=889985 69.145.333.18:1194 [user] Peer Connection Initiated with 69.145.333.18:1194
Sat Aug 29 19:53:40 2009 us=890144 user/69.145.333.18:1194 MULTI: Learn: 192.168.100.6 -> user/69.145.333.18:1194
Sat Aug 29 19:53:40 2009 us=890193 user/69.145.333.18:1194 MULTI: primary virtual IP for user/69.145.333.18:1194: 192.168.100.6
Sat Aug 29 19:53:41 2009 us=944599 user/69.145.333.18:1194 UDPv4 READ [132] from 69.145.333.18:1194: P_CONTROL_V1 kid=0 pid=[ #64 ] [ ] pid=30 DATA len=90
Sat Aug 29 19:53:41 2009 us=944800 user/69.145.333.18:1194 PUSH: Received control message: 'PUSH_REQUEST'
Sat Aug 29 19:53:41 2009 us=944943 user/69.145.333.18:1194 SENT CONTROL [user]: 'PUSH_REPLY,ping 10,ping-restart 60,route 10.0.20.0 255.255.255.0,route 192.168.100.1,topology net30,ping 10,ping-restart 120,ifconfig 192.168.100.6 192.168.100.5' (status=1)
Sat Aug 29 19:53:41 2009 us=945011 user/69.145.333.18:1194 UDPv4 WRITE [50] to 69.145.333.18:1194: P_ACK_V1 kid=0 pid=[ #62 ] [ 30 ]
Sat Aug 29 19:53:41 2009 us=945359 user/69.145.333.18:1194 UDPv4 WRITE [142] to 69.145.333.18:1194: P_CONTROL_V1 kid=0 pid=[ #63 ] [ ] pid=35 DATA len=100
Sat Aug 29 19:53:41 2009 us=945687 user/69.145.333.18:1194 UDPv4 WRITE [112] to 69.145.333.18:1194: P_CONTROL_V1 kid=0 pid=[ #64 ] [ ] pid=36 DATA len=70
Sat Aug 29 19:53:41 2009 us=949497 user/69.145.333.18:1194 UDPv4 READ [61] from 69.145.333.18:1194: P_DATA_V1 kid=0 DATA len=60
Sat Aug 29 19:53:41 2009 us=950396 user/69.145.333.18:1194 UDPv4 WRITE [573] to 69.145.333.18:1194: P_DATA_V1 kid=0 DATA len=572
Sat Aug 29 19:53:42 2009 us=54854 user/69.145.333.18:1194 UDPv4 READ [50] from 69.145.333.18:1194: P_ACK_V1 kid=0 pid=[ #65 ] [ 35 ]
Sat Aug 29 19:53:42 2009 us=54953 user/69.145.333.18:1194 NOTE: Beginning empirical MTU test -- results should be available in 3 to 4 minutes.
Sat Aug 29 19:53:42 2009 us=55049 user/69.145.333.18:1194 UDPv4 WRITE [61] to 69.145.333.18:1194: P_DATA_V1 kid=0 DATA len=60
Sat Aug 29 19:53:42 2009 us=87300 user/69.145.333.18:1194 UDPv4 READ [50] from 69.145.333.18:1194: P_ACK_V1 kid=0 pid=[ #66 ] [ 36 ]
Sat Aug 29 19:53:42 2009 us=163198 user/69.145.333.18:1194 UDPv4 READ [573] from 69.145.333.18:1194: P_DATA_V1 kid=0 DATA len=572
Sat Aug 29 19:53:45 2009 us=216767 user/69.145.333.18:1194 UDPv4 WRITE [573] to 69.145.333.18:1194: P_DATA_V1 kid=0 DATA len=572
Sat Aug 29 19:53:45 2009 us=576004 user/69.145.333.18:1194 UDPv4 READ [573] from 69.145.333.18:1194: P_DATA_V1 kid=0 DATA len=572
Sat Aug 29 19:53:47 2009 us=909363 user/69.145.333.18:1194 UDPv4 READ [101] from 69.145.333.18:1194: P_DATA_V1 kid=0 DATA len=100
Sat Aug 29 19:53:47 2009 us=909518 user/69.145.333.18:1194 TUN WRITE [60]
Sat Aug 29 19:53:47 2009 us=915631 user/69.145.333.18:1194 UDPv4 READ [61] from 69.145.333.18:1194: P_DATA_V1 kid=0 DATA len=60
Sat Aug 29 19:53:47 2009 us=915945 user/69.145.333.18:1194 UDPv4 WRITE [573] to 69.145.333.18:1194: P_DATA_V1 kid=0 DATA len=572
Sat Aug 29 19:53:48 2009 us=282112 user/69.145.333.18:1194 UDPv4 READ [141] from 69.145.333.18:1194: P_DATA_V1 kid=0 DATA len=140
Sat Aug 29 19:53:48 2009 us=282268 user/69.145.333.18:1194 UDPv4 WRITE [61] to 69.145.333.18:1194: P_DATA_V1 kid=0 DATA len=60
Sat Aug 29 19:53:48 2009 us=282584 user/69.145.333.18:1194 TUN WRITE [100]
Sat Aug 29 19:53:48 2009 us=320724 user/69.145.333.18:1194 TUN READ [52]
Sat Aug 29 19:53:48 2009 us=320833 user/69.145.333.18:1194 UDPv4 WRITE [93] to 69.145.333.18:1194: P_DATA_V1 kid=0 DATA len=92
Sat Aug 29 19:53:48 2009 us=385148 user/69.145.333.18:1194 UDPv4 READ [573] from 69.145.333.18:1194: P_DATA_V1 kid=0 DATA len=572
Sat Aug 29 19:53:48 2009 us=673360 user/69.145.333.18:1194 UDPv4 READ [141] from 69.145.333.18:1194: P_DATA_V1 kid=0 DATA len=140
Sat Aug 29 19:53:48 2009 us=673466 user/69.145.333.18:1194 TUN WRITE [100]
Sat Aug 29 19:53:48 2009 us=674514 user/69.145.333.18:1194 TUN READ [52]
Sat Aug 29 19:53:48 2009 us=674668 user/69.145.333.18:1194 UDPv4 WRITE [93] to 69.145.333.18:1194: P_DATA_V1 kid=0 DATA len=92
Sat Aug 29 19:53:50 2009 us=320931 user/69.145.333.18:1194 TUN READ [228]
Sat Aug 29 19:53:50 2009 us=321084 user/69.145.333.18:1194 NOTE: --mute triggered...
Sat Aug 29 19:54:06 2009 us=657284 user/69.145.333.18:1194 20 variation(s) on previous 20 message(s) suppressed by --mute
Sat Aug 29 19:54:06 2009 us=657407 user/69.145.333.18:1194 TLS: new session incoming connection from 69.145.333.18:1194
Sat Aug 29 19:54:06 2009 us=657526 user/69.145.333.18:1194 UDPv4 WRITE [54] to 69.145.333.18:1194: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 pid=[ #1 ] [ 0 ] pid=0 DATA len=0
Sat Aug 29 19:54:06 2009 us=658138 user/69.145.333.18:1194 UDPv4 WRITE [61] to 69.145.333.18:1194: P_DATA_V1 kid=0 DATA len=60
Sat Aug 29 19:54:06 2009 us=764485 user/69.145.333.18:1194 UDPv4 READ [50] from 69.145.333.18:1194: P_ACK_V1 kid=0 pid=[ #2 ] [ 0 ]
Sat Aug 29 19:54:06 2009 us=769097 user/69.145.333.18:1194 UDPv4 READ [135] from 69.145.333.18:1194: P_CONTROL_V1 kid=0 pid=[ #3 ] [ ] pid=1 DATA len=93
Sat Aug 29 19:54:06 2009 us=782952 user/69.145.333.18:1194 UDPv4 WRITE [154] to 69.145.333.18:1194: P_CONTROL_V1 kid=0 pid=[ #2 ] [ 1 ] pid=1 DATA len=100
Sat Aug 29 19:54:06 2009 us=783380 user/69.145.333.18:1194 UDPv4 WRITE [142] to 69.145.333.18:1194: P_CONTROL_V1 kid=0 pid=[ #3 ] [ ] pid=2 DATA len=100
Sat Aug 29 19:54:06 2009 us=783724 user/69.145.333.18:1194 UDPv4 WRITE [142] to 69.145.333.18:1194: P_CONTROL_V1 kid=0 pid=[ #4 ] [ ] pid=3 DATA len=100
Sat Aug 29 19:54:06 2009 us=784083 user/69.145.333.18:1194 UDPv4 WRITE [142] to 69.145.333.18:1194: P_CONTROL_V1 kid=0 pid=[ #5 ] [ ] pid=4 DATA len=100
Sat Aug 29 19:54:06 2009 us=905508 user/69.145.333.18:1194 UDPv4 READ [50] from 69.145.333.18:1194: P_ACK_V1 kid=0 pid=[ #4 ] [ 1 ]
Sat Aug 29 19:54:06 2009 us=905715 user/69.145.333.18:1194 UDPv4 WRITE [142] to 69.145.333.18:1194: P_CONTROL_V1 kid=0 pid=[ #6 ] [ ] pid=5 DATA len=100
Sat Aug 29 19:54:06 2009 us=913712 user/69.145.333.18:1194 UDPv4 READ [50] from 69.145.333.18:1194: P_ACK_V1 kid=0 pid=[ #5 ] [ 2 ]
Sat Aug 29 19:54:06 2009 us=913843 user/69.145.333.18:1194 UDPv4 WRITE [142] to 69.145.333.18:1194: P_CONTROL_V1 kid=0 pid=[ #7 ] [ ] pid=6 DATA len=100
Sat Aug 29 19:54:06 2009 us=932742 user/69.145.333.18:1194 UDPv4 READ [50] from 69.145.333.18:1194: P_ACK_V1 kid=0 pid=[ #6 ] [ 3 ]
Sat Aug 29 19:54:06 2009 us=932872 user/69.145.333.18:1194 UDPv4 WRITE [142] to 69.145.333.18:1194: P_CONTROL_V1 kid=0 pid=[ #8 ] [ ] pid=7 DATA len=100
Sat Aug 29 19:54:06 2009 us=933439 user/69.145.333.18:1194 UDPv4 READ [50] from 69.145.333.18:1194: P_ACK_V1 kid=0 pid=[ #7 ] [ 4 ]
Sat Aug 29 19:54:06 2009 us=933551 user/69.145.333.18:1194 UDPv4 WRITE [142] to 69.145.333.18:1194: P_CONTROL_V1 kid=0 pid=[ #9 ] [ ] pid=8 DATA len=100
Sat Aug 29 19:54:07 2009 us=56052 user/69.145.333.18:1194 UDPv4 READ [50] from 69.145.333.18:1194: P_ACK_V1 kid=0 pid=[ #8 ] [ 5 ]
Sat Aug 29 19:54:07 2009 us=56230 user/69.145.333.18:1194 UDPv4 WRITE [142] to 69.145.333.18:1194: P_CONTROL_V1 kid=0 pid=[ #10 ] [ ] pid=9 DATA len=100
Sat Aug 29 19:54:07 2009 us=64439 user/69.145.333.18:1194 UDPv4 READ [50] from 69.145.333.18:1194: P_ACK_V1 kid=0 pid=[ #9 ] [ 6 ]
Sat Aug 29 19:54:07 2009 us=64562 user/69.145.333.18:1194 UDPv4 WRITE [142] to 69.145.333.18:1194: P_CONTROL_V1 kid=0 pid=[ #11 ] [ ] pid=10 DATA len=100
Sat Aug 29 19:54:07 2009 us=78871 user/69.145.333.18:1194 NOTE: --mute triggered...
Sat Aug 29 19:54:07 2009 us=961459 user/69.145.333.18:1194 60 variation(s) on previous 20 message(s) suppressed by --mute
<snipped a lot to get under the 60000 character limit>
Sat Aug 29 20:02:45 2009 us=596950 user/69.145.333.18:1194 NOTE: --mute triggered...
Sat Aug 29 20:04:12 2009 us=672180 user/69.145.333.18:1194 139 variation(s) on previous 20 message(s) suppressed by --mute
Sat Aug 29 20:04:12 2009 us=672305 user/69.145.333.18:1194 MULTI: bad source address from client [192.168.80.23], packet dropped
Sat Aug 29 20:04:12 2009 us=702677 user/69.145.333.18:1194 UDPv4 READ [101] from 69.145.333.18:1194: P_DATA_V1 kid=0 DATA len=100
Sat Aug 29 20:04:12 2009 us=702791 user/69.145.333.18:1194 TUN WRITE [60]
Sat Aug 29 20:04:15 2009 us=61880 user/69.145.333.18:1194 UDPv4 READ [101] from 69.145.333.18:1194: P_DATA_V1 kid=0 DATA len=100
Sat Aug 29 20:04:15 2009 us=62032 user/69.145.333.18:1194 TUN WRITE [60]
Sat Aug 29 20:04:15 2009 us=690890 user/69.145.333.18:1194 UDPv4 READ [101] from 69.145.333.18:1194: P_DATA_V1 kid=0 DATA len=100
Sat Aug 29 20:04:15 2009 us=691038 user/69.145.333.18:1194 TUN WRITE [60]
Sat Aug 29 20:04:16 2009 us=713444 user/69.145.333.18:1194 UDPv4 WRITE [53] to 69.145.333.18:1194: P_DATA_V1 kid=0 DATA len=52
Sat Aug 29 20:04:21 2009 us=692426 user/69.145.333.18:1194 UDPv4 READ [101] from 69.145.333.18:1194: P_DATA_V1 kid=0 DATA len=100
Sat Aug 29 20:04:21 2009 us=692587 user/69.145.333.18:1194 TUN WRITE [60]
Sat Aug 29 20:04:22 2009 us=709760 user/69.145.333.18:1194 UDPv4 READ [101] from 69.145.333.18:1194: P_DATA_V1 kid=0 DATA len=100
Sat Aug 29 20:04:22 2009 us=709905 user/69.145.333.18:1194 TUN WRITE [60]
Sat Aug 29 20:04:25 2009 us=712716 user/69.145.333.18:1194 UDPv4 READ [101] from 69.145.333.18:1194: P_DATA_V1 kid=0 DATA len=100
Sat Aug 29 20:04:25 2009 us=712867 user/69.145.333.18:1194 TUN WRITE [60]
Sat Aug 29 20:04:26 2009 us=832258 user/69.145.333.18:1194 UDPv4 WRITE [53] to 69.145.333.18:1194: P_DATA_V1 kid=0 DATA len=52
Sat Aug 29 20:04:27 2009 us=882308 user/69.145.333.18:1194 UDPv4 READ [101] from 69.145.333.18:1194: P_DATA_V1 kid=0 DATA len=100
Sat Aug 29 20:04:27 2009 us=882476 user/69.145.333.18:1194 TUN WRITE [60]
Sat Aug 29 20:04:27 2009 us=882872 user/69.145.333.18:1194 UDPv4 READ [101] from 69.145.333.18:1194: P_DATA_V1 kid=0 DATA len=100
Sat Aug 29 20:04:27 2009 us=882942 user/69.145.333.18:1194 TUN WRITE [60]
Sat Aug 29 20:04:31 2009 us=713789 user/69.145.333.18:1194 UDPv4 READ [101] from 69.145.333.18:1194: P_DATA_V1 kid=0 DATA len=100
Sat Aug 29 20:04:31 2009 us=713941 user/69.145.333.18:1194 TUN WRITE [60]
Sat Aug 29 20:04:36 2009 us=808719 user/69.145.333.18:1194 NOTE: --mute triggered...
### End server log ###

### Begin client log ###
Sat Aug 29 19:54:05 2009 us=958977 Current Parameter Settings:
Sat Aug 29 19:54:05 2009 us=959149 config = 'client_routed_20090826.ovpn'
Sat Aug 29 19:54:05 2009 us=959186 mode = 0
Sat Aug 29 19:54:05 2009 us=959217 persist_config = DISABLED
Sat Aug 29 19:54:05 2009 us=959248 persist_mode = 1
Sat Aug 29 19:54:05 2009 us=959277 show_ciphers = DISABLED
Sat Aug 29 19:54:05 2009 us=959307 show_digests = DISABLED
Sat Aug 29 19:54:05 2009 us=959336 show_engines = DISABLED
Sat Aug 29 19:54:05 2009 us=959365 genkey = DISABLED
Sat Aug 29 19:54:05 2009 us=959394 key_pass_file = '[UNDEF]'
Sat Aug 29 19:54:05 2009 us=959423 show_tls_ciphers = DISABLED
Sat Aug 29 19:54:05 2009 us=959457 Connection profiles [default]:
Sat Aug 29 19:54:05 2009 us=959488 proto = udp
Sat Aug 29 19:54:05 2009 us=959517 local = '[UNDEF]'
Sat Aug 29 19:54:05 2009 us=959546 local_port = 1194
Sat Aug 29 19:54:05 2009 us=959574 remote = '206.127.77.221'
Sat Aug 29 19:54:05 2009 us=959603 remote_port = 1194
Sat Aug 29 19:54:05 2009 us=959632 remote_float = DISABLED
Sat Aug 29 19:54:05 2009 us=959661 bind_defined = DISABLED
Sat Aug 29 19:54:05 2009 us=959690 bind_local = ENABLED
Sat Aug 29 19:54:05 2009 us=959718 connect_retry_seconds = 5
Sat Aug 29 19:54:05 2009 us=959746 connect_timeout = 10
Sat Aug 29 19:54:05 2009 us=959774 connect_retry_max = 0
Sat Aug 29 19:54:05 2009 us=959803 socks_proxy_server = '[UNDEF]'
Sat Aug 29 19:54:05 2009 us=959832 socks_proxy_port = 0
Sat Aug 29 19:54:05 2009 us=961002 socks_proxy_retry = DISABLED
Sat Aug 29 19:54:05 2009 us=961051 Connection profiles END
Sat Aug 29 19:54:05 2009 us=961082 remote_random = DISABLED
Sat Aug 29 19:54:05 2009 us=961109 ipchange = '[UNDEF]'
Sat Aug 29 19:54:05 2009 us=961135 dev = 'tun'
Sat Aug 29 19:54:05 2009 us=961161 dev_type = '[UNDEF]'
Sat Aug 29 19:54:05 2009 us=961186 dev_node = '[UNDEF]'
Sat Aug 29 19:54:05 2009 us=961212 lladdr = '[UNDEF]'
Sat Aug 29 19:54:05 2009 us=961237 topology = 1
Sat Aug 29 19:54:05 2009 us=961263 tun_ipv6 = DISABLED
Sat Aug 29 19:54:05 2009 us=961289 ifconfig_local = '[UNDEF]'
Sat Aug 29 19:54:05 2009 us=961315 ifconfig_remote_netmask = '[UNDEF]'
Sat Aug 29 19:54:05 2009 us=961340 ifconfig_noexec = DISABLED
Sat Aug 29 19:54:05 2009 us=961377 ifconfig_nowarn = DISABLED
Sat Aug 29 19:54:05 2009 us=961406 shaper = 0
Sat Aug 29 19:54:05 2009 us=961432 tun_mtu = 1500
Sat Aug 29 19:54:05 2009 us=961458 tun_mtu_defined = ENABLED
Sat Aug 29 19:54:05 2009 us=961483 link_mtu = 1500
Sat Aug 29 19:54:05 2009 us=961509 link_mtu_defined = DISABLED
Sat Aug 29 19:54:05 2009 us=961535 tun_mtu_extra = 32
Sat Aug 29 19:54:05 2009 us=961560 tun_mtu_extra_defined = ENABLED
Sat Aug 29 19:54:05 2009 us=961585 fragment = 0
Sat Aug 29 19:54:05 2009 us=961610 mtu_discover_type = -1
Sat Aug 29 19:54:05 2009 us=961635 mtu_test = 1
Sat Aug 29 19:54:05 2009 us=961660 mlock = DISABLED
Sat Aug 29 19:54:05 2009 us=961685 keepalive_ping = 0
Sat Aug 29 19:54:05 2009 us=961710 keepalive_timeout = 0
Sat Aug 29 19:54:05 2009 us=961734 inactivity_timeout = 0
Sat Aug 29 19:54:05 2009 us=961759 ping_send_timeout = 0
Sat Aug 29 19:54:05 2009 us=961784 ping_rec_timeout = 0
Sat Aug 29 19:54:05 2009 us=961809 ping_rec_timeout_action = 0
Sat Aug 29 19:54:05 2009 us=961833 ping_timer_remote = DISABLED
Sat Aug 29 19:54:05 2009 us=961859 remap_sigusr1 = 0
Sat Aug 29 19:54:05 2009 us=961884 explicit_exit_notification = 0
Sat Aug 29 19:54:05 2009 us=961909 persist_tun = DISABLED
Sat Aug 29 19:54:05 2009 us=961934 persist_local_ip = DISABLED
Sat Aug 29 19:54:05 2009 us=961959 persist_remote_ip = DISABLED
Sat Aug 29 19:54:05 2009 us=961983 persist_key = DISABLED
Sat Aug 29 19:54:05 2009 us=962008 mssfix = 1450
Sat Aug 29 19:54:05 2009 us=962033 passtos = DISABLED
Sat Aug 29 19:54:05 2009 us=962059 resolve_retry_seconds = 1000000000
Sat Aug 29 19:54:05 2009 us=962084 username = '[UNDEF]'
Sat Aug 29 19:54:05 2009 us=962109 groupname = '[UNDEF]'
Sat Aug 29 19:54:05 2009 us=962134 chroot_dir = '[UNDEF]'
Sat Aug 29 19:54:05 2009 us=962159 cd_dir = '[UNDEF]'
Sat Aug 29 19:54:05 2009 us=962183 writepid = '[UNDEF]'
Sat Aug 29 19:54:05 2009 us=962208 up_script = '[UNDEF]'
Sat Aug 29 19:54:05 2009 us=962233 down_script = '[UNDEF]'
Sat Aug 29 19:54:05 2009 us=962258 down_pre = DISABLED
Sat Aug 29 19:54:05 2009 us=962294 up_restart = DISABLED
Sat Aug 29 19:54:05 2009 us=962321 up_delay = DISABLED
Sat Aug 29 19:54:05 2009 us=962346 daemon = DISABLED
Sat Aug 29 19:54:05 2009 us=962372 inetd = 0
Sat Aug 29 19:54:05 2009 us=962397 log = DISABLED
Sat Aug 29 19:54:05 2009 us=962422 suppress_timestamps = DISABLED
Sat Aug 29 19:54:05 2009 us=962447 nice = 0
Sat Aug 29 19:54:05 2009 us=962472 verbosity = 5
Sat Aug 29 19:54:05 2009 us=962498 mute = 0
Sat Aug 29 19:54:05 2009 us=962522 gremlin = 0
Sat Aug 29 19:54:05 2009 us=962548 status_file = '[UNDEF]'
Sat Aug 29 19:54:05 2009 us=962573 status_file_version = 1
Sat Aug 29 19:54:05 2009 us=962598 status_file_update_freq = 60
Sat Aug 29 19:54:05 2009 us=962622 occ = ENABLED
Sat Aug 29 19:54:05 2009 us=962647 rcvbuf = 65536
Sat Aug 29 19:54:05 2009 us=962672 sndbuf = 65536
Sat Aug 29 19:54:05 2009 us=962697 sockflags = 0
Sat Aug 29 19:54:05 2009 us=962721 fast_io = DISABLED
Sat Aug 29 19:54:05 2009 us=962747 lzo = 7
Sat Aug 29 19:54:05 2009 us=962772 route_script = '[UNDEF]'
Sat Aug 29 19:54:05 2009 us=962797 route_default_gateway = '192.168.100.5'
Sat Aug 29 19:54:05 2009 us=964152 route_default_metric = 0
Sat Aug 29 19:54:05 2009 us=964186 route_noexec = DISABLED
Sat Aug 29 19:54:05 2009 us=964215 route_delay = 0
Sat Aug 29 19:54:05 2009 us=964244 route_delay_window = 30
Sat Aug 29 19:54:05 2009 us=964272 route_delay_defined = DISABLED
Sat Aug 29 19:54:05 2009 us=964301 route_nopull = DISABLED
Sat Aug 29 19:54:05 2009 us=964330 route_gateway_via_dhcp = DISABLED
Sat Aug 29 19:54:05 2009 us=964359 allow_pull_fqdn = DISABLED
Sat Aug 29 19:54:05 2009 us=964395 [redirect_default_gateway local=0]
Sat Aug 29 19:54:05 2009 us=964431 management_addr = '[UNDEF]'
Sat Aug 29 19:54:05 2009 us=964460 management_port = 0
Sat Aug 29 19:54:05 2009 us=964489 management_user_pass = '[UNDEF]'
Sat Aug 29 19:54:05 2009 us=964518 management_log_history_cache = 250
Sat Aug 29 19:54:05 2009 us=964547 management_echo_buffer_size = 100
Sat Aug 29 19:54:05 2009 us=964577 management_write_peer_info_file = '[UNDEF]'
Sat Aug 29 19:54:05 2009 us=964606 management_flags = 0
Sat Aug 29 19:54:05 2009 us=964635 shared_secret_file = '[UNDEF]'
Sat Aug 29 19:54:05 2009 us=964664 key_direction = 2
Sat Aug 29 19:54:05 2009 us=964693 ciphername_defined = ENABLED
Sat Aug 29 19:54:05 2009 us=964721 ciphername = 'BF-CBC'
Sat Aug 29 19:54:05 2009 us=964749 authname_defined = ENABLED
Sat Aug 29 19:54:05 2009 us=964777 authname = 'SHA1'
Sat Aug 29 19:54:05 2009 us=964806 keysize = 0
Sat Aug 29 19:54:05 2009 us=964835 engine = DISABLED
Sat Aug 29 19:54:05 2009 us=964887 replay = ENABLED
Sat Aug 29 19:54:05 2009 us=964917 mute_replay_warnings = DISABLED
Sat Aug 29 19:54:05 2009 us=964946 replay_window = 64
Sat Aug 29 19:54:05 2009 us=964974 replay_time = 15
Sat Aug 29 19:54:05 2009 us=965003 packet_id_file = '[UNDEF]'
Sat Aug 29 19:54:05 2009 us=965031 use_iv = ENABLED
Sat Aug 29 19:54:05 2009 us=965059 test_crypto = DISABLED
Sat Aug 29 19:54:05 2009 us=965087 tls_server = DISABLED
Sat Aug 29 19:54:05 2009 us=965115 tls_client = ENABLED
Sat Aug 29 19:54:05 2009 us=965143 key_method = 2
Sat Aug 29 19:54:05 2009 us=965173 ca_file = '/home/user/openvpn/ca.crt'
Sat Aug 29 19:54:05 2009 us=965202 ca_path = '[UNDEF]'
Sat Aug 29 19:54:05 2009 us=965229 dh_file = '[UNDEF]'
Sat Aug 29 19:54:05 2009 us=965258 cert_file = '/home/user/openvpn/user.crt'
Sat Aug 29 19:54:05 2009 us=965287 priv_key_file = '/home/user/openvpn/user.key'
Sat Aug 29 19:54:05 2009 us=965315 pkcs12_file = '[UNDEF]'
Sat Aug 29 19:54:05 2009 us=965343 cipher_list = '[UNDEF]'
Sat Aug 29 19:54:05 2009 us=965371 tls_verify = '[UNDEF]'
Sat Aug 29 19:54:05 2009 us=965399 tls_remote = '[UNDEF]'
Sat Aug 29 19:54:05 2009 us=965428 crl_file = '[UNDEF]'
Sat Aug 29 19:54:05 2009 us=965456 ns_cert_type = 64
Sat Aug 29 19:54:05 2009 us=965484 remote_cert_ku[i] = 0
Sat Aug 29 19:54:05 2009 us=965512 remote_cert_ku[i] = 0
Sat Aug 29 19:54:05 2009 us=965540 remote_cert_ku[i] = 0
Sat Aug 29 19:54:05 2009 us=965568 remote_cert_ku[i] = 0
Sat Aug 29 19:54:05 2009 us=965595 remote_cert_ku[i] = 0
Sat Aug 29 19:54:05 2009 us=965623 remote_cert_ku[i] = 0
Sat Aug 29 19:54:05 2009 us=965651 remote_cert_ku[i] = 0
Sat Aug 29 19:54:05 2009 us=965685 remote_cert_ku[i] = 0
Sat Aug 29 19:54:05 2009 us=965713 remote_cert_ku[i] = 0
Sat Aug 29 19:54:05 2009 us=965741 remote_cert_ku[i] = 0
Sat Aug 29 19:54:05 2009 us=965770 remote_cert_ku[i] = 0
Sat Aug 29 19:54:05 2009 us=965797 remote_cert_ku[i] = 0
Sat Aug 29 19:54:05 2009 us=965825 remote_cert_ku[i] = 0
Sat Aug 29 19:54:05 2009 us=965852 remote_cert_ku[i] = 0
Sat Aug 29 19:54:05 2009 us=965879 remote_cert_ku[i] = 0
Sat Aug 29 19:54:05 2009 us=965907 remote_cert_ku[i] = 0
Sat Aug 29 19:54:05 2009 us=965935 remote_cert_eku = '[UNDEF]'
Sat Aug 29 19:54:05 2009 us=965963 tls_timeout = 2
Sat Aug 29 19:54:05 2009 us=965992 renegotiate_bytes = 0
Sat Aug 29 19:54:05 2009 us=966020 renegotiate_packets = 0
Sat Aug 29 19:54:05 2009 us=977193 renegotiate_seconds = 3600
Sat Aug 29 19:54:05 2009 us=977230 handshake_window = 60
Sat Aug 29 19:54:05 2009 us=977257 transition_window = 3600
Sat Aug 29 19:54:05 2009 us=977283 single_session = DISABLED
Sat Aug 29 19:54:05 2009 us=977308 tls_exit = DISABLED
Sat Aug 29 19:54:05 2009 us=977334 tls_auth_file = '/home/benny/openvpn/ta.key'
Sat Aug 29 19:54:05 2009 us=977361 pkcs11_protected_authentication = DISABLED
Sat Aug 29 19:54:05 2009 us=977387 pkcs11_protected_authentication = DISABLED
Sat Aug 29 19:54:05 2009 us=977412 pkcs11_protected_authentication = DISABLED
Sat Aug 29 19:54:05 2009 us=977437 pkcs11_protected_authentication = DISABLED
Sat Aug 29 19:54:05 2009 us=977463 pkcs11_protected_authentication = DISABLED
Sat Aug 29 19:54:05 2009 us=977488 pkcs11_protected_authentication = DISABLED
Sat Aug 29 19:54:05 2009 us=977513 pkcs11_protected_authentication = DISABLED
Sat Aug 29 19:54:05 2009 us=977538 pkcs11_protected_authentication = DISABLED
Sat Aug 29 19:54:05 2009 us=977563 pkcs11_protected_authentication = DISABLED
Sat Aug 29 19:54:05 2009 us=977588 pkcs11_protected_authentication = DISABLED
Sat Aug 29 19:54:05 2009 us=977613 pkcs11_protected_authentication = DISABLED
Sat Aug 29 19:54:05 2009 us=977638 pkcs11_protected_authentication = DISABLED
Sat Aug 29 19:54:05 2009 us=977663 pkcs11_protected_authentication = DISABLED
Sat Aug 29 19:54:05 2009 us=977688 pkcs11_protected_authentication = DISABLED
Sat Aug 29 19:54:05 2009 us=977713 pkcs11_protected_authentication = DISABLED
Sat Aug 29 19:54:05 2009 us=977738 pkcs11_protected_authentication = DISABLED
Sat Aug 29 19:54:05 2009 us=977764 pkcs11_private_mode = 00000000
Sat Aug 29 19:54:05 2009 us=977789 pkcs11_private_mode = 00000000
Sat Aug 29 19:54:05 2009 us=977814 pkcs11_private_mode = 00000000
Sat Aug 29 19:54:05 2009 us=977839 pkcs11_private_mode = 00000000
Sat Aug 29 19:54:05 2009 us=977863 pkcs11_private_mode = 00000000
Sat Aug 29 19:54:05 2009 us=977888 pkcs11_private_mode = 00000000
Sat Aug 29 19:54:05 2009 us=977913 pkcs11_private_mode = 00000000
Sat Aug 29 19:54:05 2009 us=977938 pkcs11_private_mode = 00000000
Sat Aug 29 19:54:05 2009 us=977962 pkcs11_private_mode = 00000000
Sat Aug 29 19:54:05 2009 us=977987 pkcs11_private_mode = 00000000
Sat Aug 29 19:54:05 2009 us=978012 pkcs11_private_mode = 00000000
Sat Aug 29 19:54:05 2009 us=978037 pkcs11_private_mode = 00000000
Sat Aug 29 19:54:05 2009 us=978062 pkcs11_private_mode = 00000000
Sat Aug 29 19:54:05 2009 us=978087 pkcs11_private_mode = 00000000
Sat Aug 29 19:54:05 2009 us=978112 pkcs11_private_mode = 00000000
Sat Aug 29 19:54:05 2009 us=978137 pkcs11_private_mode = 00000000
Sat Aug 29 19:54:05 2009 us=978161 pkcs11_cert_private = DISABLED
Sat Aug 29 19:54:05 2009 us=978186 pkcs11_cert_private = DISABLED
Sat Aug 29 19:54:05 2009 us=978211 pkcs11_cert_private = DISABLED
Sat Aug 29 19:54:05 2009 us=978235 pkcs11_cert_private = DISABLED
Sat Aug 29 19:54:05 2009 us=978260 pkcs11_cert_private = DISABLED
Sat Aug 29 19:54:05 2009 us=978284 pkcs11_cert_private = DISABLED
Sat Aug 29 19:54:05 2009 us=978309 pkcs11_cert_private = DISABLED
Sat Aug 29 19:54:05 2009 us=978333 pkcs11_cert_private = DISABLED
Sat Aug 29 19:54:05 2009 us=978358 pkcs11_cert_private = DISABLED
Sat Aug 29 19:54:05 2009 us=978382 pkcs11_cert_private = DISABLED
Sat Aug 29 19:54:05 2009 us=978407 pkcs11_cert_private = DISABLED
Sat Aug 29 19:54:05 2009 us=978432 pkcs11_cert_private = DISABLED
Sat Aug 29 19:54:05 2009 us=978458 pkcs11_cert_private = DISABLED
Sat Aug 29 19:54:05 2009 us=978483 pkcs11_cert_private = DISABLED
Sat Aug 29 19:54:05 2009 us=978509 pkcs11_cert_private = DISABLED
Sat Aug 29 19:54:05 2009 us=978533 pkcs11_cert_private = DISABLED
Sat Aug 29 19:54:05 2009 us=978559 pkcs11_pin_cache_period = -1
Sat Aug 29 19:54:05 2009 us=978584 pkcs11_id = '[UNDEF]'
Sat Aug 29 19:54:05 2009 us=978610 pkcs11_id_management = DISABLED
Sat Aug 29 19:54:05 2009 us=995969 server_network = 0.0.0.0
Sat Aug 29 19:54:05 2009 us=996017 server_netmask = 0.0.0.0
Sat Aug 29 19:54:05 2009 us=996052 server_bridge_ip = 0.0.0.0
Sat Aug 29 19:54:05 2009 us=996085 server_bridge_netmask = 0.0.0.0
Sat Aug 29 19:54:05 2009 us=996118 server_bridge_pool_start = 0.0.0.0
Sat Aug 29 19:54:05 2009 us=996150 server_bridge_pool_end = 0.0.0.0
Sat Aug 29 19:54:05 2009 us=996180 ifconfig_pool_defined = DISABLED
Sat Aug 29 19:54:05 2009 us=996212 ifconfig_pool_start = 0.0.0.0
Sat Aug 29 19:54:05 2009 us=996244 ifconfig_pool_end = 0.0.0.0
Sat Aug 29 19:54:05 2009 us=996275 ifconfig_pool_netmask = 0.0.0.0
Sat Aug 29 19:54:05 2009 us=996305 ifconfig_pool_persist_filename = '[UNDEF]'
Sat Aug 29 19:54:05 2009 us=996334 ifconfig_pool_persist_refresh_freq = 600
Sat Aug 29 19:54:05 2009 us=996364 n_bcast_buf = 256
Sat Aug 29 19:54:05 2009 us=996392 tcp_queue_limit = 64
Sat Aug 29 19:54:05 2009 us=996421 real_hash_size = 256
Sat Aug 29 19:54:05 2009 us=996449 virtual_hash_size = 256
Sat Aug 29 19:54:05 2009 us=996478 client_connect_script = '[UNDEF]'
Sat Aug 29 19:54:05 2009 us=996507 learn_address_script = '[UNDEF]'
Sat Aug 29 19:54:05 2009 us=996536 client_disconnect_script = '[UNDEF]'
Sat Aug 29 19:54:05 2009 us=996565 client_config_dir = '[UNDEF]'
Sat Aug 29 19:54:05 2009 us=996593 ccd_exclusive = DISABLED
Sat Aug 29 19:54:05 2009 us=996621 tmp_dir = '[UNDEF]'
Sat Aug 29 19:54:05 2009 us=996648 push_ifconfig_defined = DISABLED
Sat Aug 29 19:54:05 2009 us=996680 push_ifconfig_local = 0.0.0.0
Sat Aug 29 19:54:05 2009 us=996712 push_ifconfig_remote_netmask = 0.0.0.0
Sat Aug 29 19:54:05 2009 us=996741 enable_c2c = DISABLED
Sat Aug 29 19:54:05 2009 us=996770 duplicate_cn = DISABLED
Sat Aug 29 19:54:05 2009 us=996798 cf_max = 0
Sat Aug 29 19:54:05 2009 us=996826 cf_per = 0
Sat Aug 29 19:54:05 2009 us=996855 max_clients = 1024
Sat Aug 29 19:54:05 2009 us=996883 max_routes_per_client = 256
Sat Aug 29 19:54:05 2009 us=996912 client_cert_not_required = DISABLED
Sat Aug 29 19:54:05 2009 us=996941 username_as_common_name = DISABLED
Sat Aug 29 19:54:05 2009 us=996970 auth_user_pass_verify_script = '[UNDEF]'
Sat Aug 29 19:54:05 2009 us=996999 auth_user_pass_verify_script_via_file = DISABLED
Sat Aug 29 19:54:05 2009 us=997028 port_share_host = '[UNDEF]'
Sat Aug 29 19:54:05 2009 us=997056 port_share_port = 0
Sat Aug 29 19:54:05 2009 us=997084 client = DISABLED
Sat Aug 29 19:54:05 2009 us=997112 pull = ENABLED
Sat Aug 29 19:54:05 2009 us=997140 auth_user_pass_file = '[UNDEF]'
Sat Aug 29 19:54:05 2009 us=997176 OpenVPN 2.1_rc11 i486-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] built on Mar 9 2009
Sat Aug 29 19:54:05 2009 us=999295 /usr/bin/openssl-vulnkey -q -b 1024 -m <modulus omitted>
Sat Aug 29 19:54:06 2009 us=141849 Control Channel Authentication: using '/home/benny/openvpn/ta.key' as a OpenVPN static key file
Sat Aug 29 19:54:06 2009 us=141933 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Aug 29 19:54:06 2009 us=141947 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Aug 29 19:54:06 2009 us=141990 LZO compression initialized
Sat Aug 29 19:54:06 2009 us=142087 Control Channel MTU parms [ L:1574 D:166 EF:66 EB:0 ET:0 EL:0 ]
Sat Aug 29 19:54:06 2009 us=142153 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
Sat Aug 29 19:54:06 2009 us=142181 Local Options String: 'V4,dev-type tun,link-mtu 1574,tun-mtu 1532,proto UDPv4,comp-lzo,keydir 1,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client'
Sat Aug 29 19:54:06 2009 us=142192 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1574,tun-mtu 1532,proto UDPv4,comp-lzo,keydir 0,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server'
Sat Aug 29 19:54:06 2009 us=142217 Local Options hash (VER=V4): 'ec497616'
Sat Aug 29 19:54:06 2009 us=142249 Expected Remote Options hash (VER=V4): '7cd8ed90'
Sat Aug 29 19:54:06 2009 us=142270 Socket Buffers: R=[112640->131072] S=[112640->131072]
Sat Aug 29 19:54:06 2009 us=142284 UDPv4 link local (bound): [undef]:1194
Sat Aug 29 19:54:06 2009 us=142296 UDPv4 link remote: 206.127.77.221:1194
WRSat Aug 29 19:54:06 2009 us=249967 TLS: Initial packet from 206.127.77.221:1194, sid=1d0d1303 076f66c5
WWRSat Aug 29 19:54:06 2009 us=253300 TLS Error: local/remote TLS keys are out of sync: 206.127.77.221:1194 [0]
RWRWRWRWRWRWRWRWRWRWRWRSat Aug 29 19:54:06 2009 us=688454 VERIFY OK: depth=1, /C=US/ST=MT/L=Location/O=MyEmployer/OU=Systems_Administration/CN=openvpn/emailAddress=user@myemployer.com
Sat Aug 29 19:54:06 2009 us=688973 VERIFY OK: nsCertType=SERVER
Sat Aug 29 19:54:06 2009 us=689016 VERIFY OK: depth=0, /C=US/ST=MT/L=Location/O=MyEmployer/OU=Systems_Administration/CN=openvpn/emailAddress=user@myemployer.com
WRWRWRWRWRWRWWWWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRRRRWRWRWRWRWRWRWRWRWRWRWRWRWWWWRRRRWRWRSat Aug 29 19:54:08 2009 us=84508 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Aug 29 19:54:08 2009 us=84578 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Aug 29 19:54:08 2009 us=84751 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Aug 29 19:54:08 2009 us=84788 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
WSat Aug 29 19:54:08 2009 us=85013 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Sat Aug 29 19:54:08 2009 us=85083 [openvpn] Peer Connection Initiated with 206.127.77.221:1194
Sat Aug 29 19:54:09 2009 us=160433 SENT CONTROL [openvpn]: 'PUSH_REQUEST' (status=1)
Sat Aug 29 19:54:09 2009 us=160518 NOTE: Beginning empirical MTU test -- results should be available in 3 to 4 minutes.
WWRRRWRSat Aug 29 19:54:09 2009 us=265491 PUSH: Received control message: 'PUSH_REPLY,ping 10,ping-restart 60,route 10.0.20.0 255.255.255.0,route 192.168.100.1,topology net30,ping 10,ping-restart 120,ifconfig 192.168.100.6 192.168.100.5'
Sat Aug 29 19:54:09 2009 us=265677 OPTIONS IMPORT: timers and/or timeouts modified
Sat Aug 29 19:54:09 2009 us=265715 OPTIONS IMPORT: --ifconfig/up options modified
Sat Aug 29 19:54:09 2009 us=265744 OPTIONS IMPORT: route options modified
Sat Aug 29 19:54:09 2009 us=266116 ROUTE default_gateway=192.168.80.1
Sat Aug 29 19:54:09 2009 us=268055 TUN/TAP device tun0 opened
Sat Aug 29 19:54:09 2009 us=268115 TUN/TAP TX queue length set to 100
Sat Aug 29 19:54:09 2009 us=268194 /sbin/ifconfig tun0 192.168.100.6 pointopoint 192.168.100.5 mtu 1500
Sat Aug 29 19:54:09 2009 us=273655 /sbin/route add -net 206.127.77.221 netmask 255.255.255.255 gw 192.168.80.1
Sat Aug 29 19:54:09 2009 us=275822 /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 192.168.100.5
Sat Aug 29 19:54:09 2009 us=277903 /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 192.168.100.5
Sat Aug 29 19:54:09 2009 us=280086 /sbin/route add -net 10.0.20.0 netmask 255.255.255.0 gw 192.168.100.5
Sat Aug 29 19:54:09 2009 us=282417 /sbin/route add -net 192.168.100.1 netmask 255.255.255.255 gw 192.168.100.5
Sat Aug 29 19:54:09 2009 us=284491 Initialization Sequence Completed
WRrWRWrWWrWRWRRWWrWRrWWRrWWRWrWrWrWWRRwRrWRwWRWrWrWRWRrWRWWWRRrWRwrWWRWRwr...etc...
Sat Aug 29 19:57:11 2009 us=782360 NOTE: Empirical MTU test completed [Tried,Actual] local->remote=[1573,1573] remote->local=[1573,1573]
rWrWRWrWRrWrWrWRrWrWRrWrWrWRrWrWrWrWrWRrWrWrWRrWrWrWrWRrWrWrWrWRrWrWRWRrWRrWrWrW...etc...
### End client log ###

The end result of all this is that from the linux notebook at home (the only place I can truly test from) I can ping the newly assigned IP of 192.168.100.6 which is on the notebook, I can ping 192.168.100.1 which is the IP the openvpn server assigned to itself, I can ping 10.0.20.81 which is the private IP assigned to the same openvpn server in the private LAN. But I cannot reach any other servers behind the openvpn server. I am very much NOT a network guru, and am having a heck of a time wrapping my mind around the routing statements, especially in the server and client configs. This *feels* like a routing issue, but I cannot figure out where or how to fix it.

I really need to be able to install the new certificates on the notebooks of each of my road warriors, install a working config file, and have it "just work" for them. They want to be able to mount 2 samba mounts I have on another Debian box in the private LAN using the standard Windows "Mount-Network-Drive" icon, and as stated before, access to our external servers needs to go through the tunnel and be NAT'd on the way out.

I've been working on this for over a month off and on (with frequent interruptions) and am getting pushed to hurry on it. I know I'm very close, and if anyone here can give me the lines in either conf file that I am missing, I'd be ever so grateful!

Thanks!

Post by **ecrist** » Mon Aug 31, 2009 12:40 pm

You are going to need to provide a return path to the clients on the OpenVPN server LAN. The 10 address on the OpenVPN server can be reached because you're properly pushing a route for that subnet to your VPN clients, and the VPN server knows how to do all the routing (in both directions). Now, you need to create a route on the default gateway for the LAN to direct all traffic to the OpenVPN client IP subnet to the OpenVPN server 10 address.

Unca Xitron · Post by **Unca Xitron** » Mon Aug 31, 2009 2:26 pm

Thank you very much, ecrist! I've added the following routing statement to my default gateway...

route add -net 192.168.100.0 netmask 255.255.255.0 gw 10.0.20.81

I'll be able to test it this evening. I'll post what happens here. Again, very much appreciated!

Unca Xitron

Unca Xitron · Post by **Unca Xitron** » Tue Sep 01, 2009 3:34 am

Having re-evaluated my line of thinking, your suggestion to put a route on the gateway made perfect sense. I was thinking only in terms of the openvpn server and the routing it would be doing, forgetting that I was trying to leave that server and other servers on the private LAN would not have those routing statements.

I've made the change and tested it, and still no joy. But it got me to thinking. This openvpn server is on a VMWare slice, and I'm going to look at the networking aspect of the VMWare host tomorrow. I think that may be the remaining routing issue.

Post by **ecrist** » Thu Sep 03, 2009 2:09 pm

Please post back here when you get it figured out, so others may benefit.

OpenVPN Support Forum

I think routing is my issue...

I think routing is my issue...

Re: I think routing is my issue...

Re: I think routing is my issue...

Re: I think routing is my issue...

Re: I think routing is my issue...