[Solved] FREENAS OpenVPN server

Samples of working configurations.
Locked
Nico68
OpenVPN User
Posts: 12
Joined: Mon Dec 18, 2017 3:27 pm

[Solved] FREENAS OpenVPN server

Post by Nico68 » Sat Dec 23, 2017 11:14 am

Hello everyone

After 2 weeks I'm loosing all hope to get it working, I really wonder what I have done wrong. I can connect the VPN but no traffic goes trough the tunnel, even a single ping of the VPN server doesn't work. Disabled all firewal...nothing, tried it from my phone...nothing, tried to use DMZ...nothing.

I only wish I could access my FREENAS over VPN :!:

My topology :
https://share.orange.fr/#aEPb9TfATs35d59d2c8c

Code: Select all

[oconf=SERVER][/oconf]
port 1194
proto udp
dev tun
ca ca.crt
cert openvpn-server.crt #Server public key
key openvpn-server.key #Server private key
dh dh.pem #Diffie-Hellman parameters
server 172.16.8.0 255.255.255.0 #Purple network
ifconfig-pool-persist ipp.txt
route 192.168.1.0 255.255.255.0
push "route 192.168.1.0 255.255.255.0" #Yellow network
tls-auth ta.key 0
#crl-verify crl.pem
keepalive 10 120
cipher AES-256-CBC
auth SHA256
group nobody
user nobody
comp-lzo
persist-key
persist-tun
verb 6
status /var/log/openvpn/openvpn-status.log
log /var/log/openvpn/openvpn-log.log

Code: Select all

[oconf=CLIENT][/oconf]
client
dev tun
proto udp
remote mydomain.org 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert this.user.crt
key this.user.key
remote-cert-tls server
cipher AES-256-CBC
tls-auth ta.key 1
auth SHA256
#dhcp-option DNS 176.16.8.5
#redirect-gateway def1
comp-lzo
verb 4

Code: Select all

[oconf=]SERVER LOG[/oconf]
Sat Dec 23 00:35:01 2017 us=687443 WARNING: file 'ta.key' is group or others accessible
Sat Dec 23 00:35:01 2017 us=687715 Current Parameter Settings:
Sat Dec 23 00:35:01 2017 us=687729   config = '/mnt/keys/openvpn.conf'
Sat Dec 23 00:35:01 2017 us=687741   mode = 1
Sat Dec 23 00:35:01 2017 us=687753   show_ciphers = DISABLED
Sat Dec 23 00:35:01 2017 us=687765   show_digests = DISABLED
Sat Dec 23 00:35:01 2017 us=687775   show_engines = DISABLED
Sat Dec 23 00:35:01 2017 us=687787   genkey = DISABLED
Sat Dec 23 00:35:01 2017 us=687798   key_pass_file = '[UNDEF]'
Sat Dec 23 00:35:01 2017 us=687810   show_tls_ciphers = DISABLED
Sat Dec 23 00:35:01 2017 us=687821   connect_retry_max = 0
Sat Dec 23 00:35:01 2017 us=687833 Connection profiles [0]:
Sat Dec 23 00:35:01 2017 us=687845   proto = udp
Sat Dec 23 00:35:01 2017 us=687856   local = '[UNDEF]'
Sat Dec 23 00:35:01 2017 us=687867   local_port = '1194'
Sat Dec 23 00:35:01 2017 us=687879   remote = '[UNDEF]'
Sat Dec 23 00:35:01 2017 us=687890   remote_port = '1194'
Sat Dec 23 00:35:01 2017 us=687902   remote_float = DISABLED
Sat Dec 23 00:35:01 2017 us=687913   bind_defined = DISABLED
Sat Dec 23 00:35:01 2017 us=687924   bind_local = ENABLED
Sat Dec 23 00:35:01 2017 us=687936   bind_ipv6_only = DISABLED
Sat Dec 23 00:35:01 2017 us=687947   connect_retry_seconds = 5
Sat Dec 23 00:35:01 2017 us=687958   connect_timeout = 120
Sat Dec 23 00:35:01 2017 us=687969   socks_proxy_server = '[UNDEF]'
Sat Dec 23 00:35:01 2017 us=687981   socks_proxy_port = '[UNDEF]'
Sat Dec 23 00:35:01 2017 us=687992   tun_mtu = 1500
Sat Dec 23 00:35:01 2017 us=688003   tun_mtu_defined = ENABLED
Sat Dec 23 00:35:01 2017 us=688014   link_mtu = 1500
Sat Dec 23 00:35:01 2017 us=688026   link_mtu_defined = DISABLED
Sat Dec 23 00:35:01 2017 us=688037   tun_mtu_extra = 0
Sat Dec 23 00:35:01 2017 us=688048   tun_mtu_extra_defined = DISABLED
Sat Dec 23 00:35:01 2017 us=688059   mtu_discover_type = -1
Sat Dec 23 00:35:01 2017 us=688071   fragment = 0
Sat Dec 23 00:35:01 2017 us=688083   mssfix = 1450
Sat Dec 23 00:35:01 2017 us=688094   explicit_exit_notification = 0
Sat Dec 23 00:35:01 2017 us=688105 Connection profiles END
Sat Dec 23 00:35:01 2017 us=688117   remote_random = DISABLED
Sat Dec 23 00:35:01 2017 us=688128   ipchange = '[UNDEF]'
Sat Dec 23 00:35:01 2017 us=688140   dev = 'tun'
Sat Dec 23 00:35:01 2017 us=688151   dev_type = '[UNDEF]'
Sat Dec 23 00:35:01 2017 us=688162   dev_node = '[UNDEF]'
Sat Dec 23 00:35:01 2017 us=688173   lladdr = '[UNDEF]'
Sat Dec 23 00:35:01 2017 us=688185   topology = 1
Sat Dec 23 00:35:01 2017 us=688196   ifconfig_local = '172.16.8.1'
Sat Dec 23 00:35:01 2017 us=688208   ifconfig_remote_netmask = '172.16.8.2'
Sat Dec 23 00:35:01 2017 us=688219   ifconfig_noexec = DISABLED
Sat Dec 23 00:35:01 2017 us=688230   ifconfig_nowarn = DISABLED
Sat Dec 23 00:35:01 2017 us=688241   ifconfig_ipv6_local = '[UNDEF]'
Sat Dec 23 00:35:01 2017 us=688253   ifconfig_ipv6_netbits = 0
Sat Dec 23 00:35:01 2017 us=688264   ifconfig_ipv6_remote = '[UNDEF]'
Sat Dec 23 00:35:01 2017 us=688275   shaper = 0
Sat Dec 23 00:35:01 2017 us=688290   mtu_test = 0
Sat Dec 23 00:35:01 2017 us=688301   mlock = DISABLED
Sat Dec 23 00:35:01 2017 us=688313   keepalive_ping = 10
Sat Dec 23 00:35:01 2017 us=688324   keepalive_timeout = 120
Sat Dec 23 00:35:01 2017 us=688337   inactivity_timeout = 0
Sat Dec 23 00:35:01 2017 us=688348   ping_send_timeout = 10
Sat Dec 23 00:35:01 2017 us=688360   ping_rec_timeout = 240
Sat Dec 23 00:35:01 2017 us=688371   ping_rec_timeout_action = 2
Sat Dec 23 00:35:01 2017 us=688383   ping_timer_remote = DISABLED
Sat Dec 23 00:35:01 2017 us=688394   remap_sigusr1 = 0
Sat Dec 23 00:35:01 2017 us=688406   persist_tun = ENABLED
Sat Dec 23 00:35:01 2017 us=688416   persist_local_ip = DISABLED
Sat Dec 23 00:35:01 2017 us=688428   persist_remote_ip = DISABLED
Sat Dec 23 00:35:01 2017 us=688439   persist_key = ENABLED
Sat Dec 23 00:35:01 2017 us=688451   passtos = DISABLED
Sat Dec 23 00:35:01 2017 us=688462   resolve_retry_seconds = 1000000000
Sat Dec 23 00:35:01 2017 us=688473   resolve_in_advance = DISABLED
Sat Dec 23 00:35:01 2017 us=688485   username = 'nobody'
Sat Dec 23 00:35:01 2017 us=688496   groupname = 'nobody'
Sat Dec 23 00:35:01 2017 us=688507   chroot_dir = '[UNDEF]'
Sat Dec 23 00:35:01 2017 us=688518   cd_dir = '/mnt/keys'
Sat Dec 23 00:35:01 2017 us=688530   writepid = '/var/run/openvpn.pid'
Sat Dec 23 00:35:01 2017 us=688541   up_script = '[UNDEF]'
Sat Dec 23 00:35:01 2017 us=688552   down_script = '[UNDEF]'
Sat Dec 23 00:35:01 2017 us=688563   down_pre = DISABLED
Sat Dec 23 00:35:01 2017 us=688574   up_restart = DISABLED
Sat Dec 23 00:35:01 2017 us=688585   up_delay = DISABLED
Sat Dec 23 00:35:01 2017 us=688597   daemon = ENABLED
Sat Dec 23 00:35:01 2017 us=688608   inetd = 0
Sat Dec 23 00:35:01 2017 us=688619   log = ENABLED
Sat Dec 23 00:35:01 2017 us=688630   suppress_timestamps = DISABLED
Sat Dec 23 00:35:01 2017 us=688642   machine_readable_output = DISABLED
Sat Dec 23 00:35:01 2017 us=688653   nice = 0
Sat Dec 23 00:35:01 2017 us=688664   verbosity = 6
Sat Dec 23 00:35:01 2017 us=688676   mute = 0
Sat Dec 23 00:35:01 2017 us=688687   gremlin = 0
Sat Dec 23 00:35:01 2017 us=688699   status_file = '/var/log/openvpn/openvpn-status.log'
Sat Dec 23 00:35:01 2017 us=688710   status_file_version = 1
Sat Dec 23 00:35:01 2017 us=688721   status_file_update_freq = 60
Sat Dec 23 00:35:01 2017 us=688733   occ = ENABLED
Sat Dec 23 00:35:01 2017 us=688744   rcvbuf = 0
Sat Dec 23 00:35:01 2017 us=688756   sndbuf = 0
Sat Dec 23 00:35:01 2017 us=688767   sockflags = 0
Sat Dec 23 00:35:01 2017 us=688778   fast_io = DISABLED
Sat Dec 23 00:35:01 2017 us=688789   comp.alg = 2
Sat Dec 23 00:35:01 2017 us=688801   comp.flags = 1
Sat Dec 23 00:35:01 2017 us=688812   route_script = '[UNDEF]'
Sat Dec 23 00:35:01 2017 us=688823   route_default_gateway = '[UNDEF]'
Sat Dec 23 00:35:01 2017 us=688835   route_default_metric = 0
Sat Dec 23 00:35:01 2017 us=688846   route_noexec = DISABLED
Sat Dec 23 00:35:01 2017 us=688857   route_delay = 0
Sat Dec 23 00:35:01 2017 us=688869   route_delay_window = 30
Sat Dec 23 00:35:01 2017 us=688880   route_delay_defined = DISABLED
Sat Dec 23 00:35:01 2017 us=688891   route_nopull = DISABLED
Sat Dec 23 00:35:01 2017 us=688903   route_gateway_via_dhcp = DISABLED
Sat Dec 23 00:35:01 2017 us=688914   allow_pull_fqdn = DISABLED
Sat Dec 23 00:35:01 2017 us=688926   route 172.16.8.0/255.255.255.0/default (not set)/default (not set)
Sat Dec 23 00:35:01 2017 us=688938   route 192.168.1.0/255.255.255.0/default (not set)/default (not set)
Sat Dec 23 00:35:01 2017 us=688950   management_addr = '[UNDEF]'
Sat Dec 23 00:35:01 2017 us=688961   management_port = '[UNDEF]'
Sat Dec 23 00:35:01 2017 us=688972   management_user_pass = '[UNDEF]'
Sat Dec 23 00:35:01 2017 us=688983   management_log_history_cache = 250
Sat Dec 23 00:35:01 2017 us=688995   management_echo_buffer_size = 100
Sat Dec 23 00:35:01 2017 us=689006   management_write_peer_info_file = '[UNDEF]'
Sat Dec 23 00:35:01 2017 us=689017   management_client_user = '[UNDEF]'
Sat Dec 23 00:35:01 2017 us=689028   management_client_group = '[UNDEF]'
Sat Dec 23 00:35:01 2017 us=689040   management_flags = 0
Sat Dec 23 00:35:01 2017 us=689051   shared_secret_file = '[UNDEF]'
Sat Dec 23 00:35:01 2017 us=689063   key_direction = 1
Sat Dec 23 00:35:01 2017 us=689074   ciphername = 'AES-256-CBC'
Sat Dec 23 00:35:01 2017 us=689085   ncp_enabled = ENABLED
Sat Dec 23 00:35:01 2017 us=689097   ncp_ciphers = 'AES-256-GCM:AES-128-GCM'
Sat Dec 23 00:35:01 2017 us=689108   authname = 'SHA256'
Sat Dec 23 00:35:01 2017 us=689120   prng_hash = 'SHA1'
Sat Dec 23 00:35:01 2017 us=689131   prng_nonce_secret_len = 16
Sat Dec 23 00:35:01 2017 us=689143   keysize = 0
Sat Dec 23 00:35:01 2017 us=689154   engine = DISABLED
Sat Dec 23 00:35:01 2017 us=689165   replay = ENABLED
Sat Dec 23 00:35:01 2017 us=689177   mute_replay_warnings = DISABLED
Sat Dec 23 00:35:01 2017 us=689188   replay_window = 64
Sat Dec 23 00:35:01 2017 us=689199   replay_time = 15
Sat Dec 23 00:35:01 2017 us=689211   packet_id_file = '[UNDEF]'
Sat Dec 23 00:35:01 2017 us=689221   use_iv = ENABLED
Sat Dec 23 00:35:01 2017 us=689233   test_crypto = DISABLED
Sat Dec 23 00:35:01 2017 us=689244   tls_server = ENABLED
Sat Dec 23 00:35:01 2017 us=689255   tls_client = DISABLED
Sat Dec 23 00:35:01 2017 us=689267   key_method = 2
Sat Dec 23 00:35:01 2017 us=689280   ca_file = 'ca.crt'
Sat Dec 23 00:35:01 2017 us=689292   ca_path = '[UNDEF]'
Sat Dec 23 00:35:01 2017 us=689303   dh_file = 'dh.pem'
Sat Dec 23 00:35:01 2017 us=689314   cert_file = 'openvpn-server.crt'
Sat Dec 23 00:35:01 2017 us=689326   extra_certs_file = '[UNDEF]'
Sat Dec 23 00:35:01 2017 us=689337   priv_key_file = 'openvpn-server.key'
Sat Dec 23 00:35:01 2017 us=689349   pkcs12_file = '[UNDEF]'
Sat Dec 23 00:35:01 2017 us=689361   cipher_list = '[UNDEF]'
Sat Dec 23 00:35:01 2017 us=689372   tls_verify = '[UNDEF]'
Sat Dec 23 00:35:01 2017 us=689383   tls_export_cert = '[UNDEF]'
Sat Dec 23 00:35:01 2017 us=689395   verify_x509_type = 0
Sat Dec 23 00:35:01 2017 us=689406   verify_x509_name = '[UNDEF]'
Sat Dec 23 00:35:01 2017 us=689417   crl_file = '[UNDEF]'
Sat Dec 23 00:35:01 2017 us=689428   ns_cert_type = 0
Sat Dec 23 00:35:01 2017 us=689440   remote_cert_ku[i] = 0
Sat Dec 23 00:35:01 2017 us=689451   remote_cert_ku[i] = 0
Sat Dec 23 00:35:01 2017 us=689463   remote_cert_ku[i] = 0
Sat Dec 23 00:35:01 2017 us=689474   remote_cert_ku[i] = 0
Sat Dec 23 00:35:01 2017 us=689485   remote_cert_ku[i] = 0
Sat Dec 23 00:35:01 2017 us=689496   remote_cert_ku[i] = 0
Sat Dec 23 00:35:01 2017 us=689507   remote_cert_ku[i] = 0
Sat Dec 23 00:35:01 2017 us=689519   remote_cert_ku[i] = 0
Sat Dec 23 00:35:01 2017 us=689530   remote_cert_ku[i] = 0
Sat Dec 23 00:35:01 2017 us=689542   remote_cert_ku[i] = 0
Sat Dec 23 00:35:01 2017 us=689553   remote_cert_ku[i] = 0
Sat Dec 23 00:35:01 2017 us=689564   remote_cert_ku[i] = 0
Sat Dec 23 00:35:01 2017 us=689575   remote_cert_ku[i] = 0
Sat Dec 23 00:35:01 2017 us=689587   remote_cert_ku[i] = 0
Sat Dec 23 00:35:01 2017 us=689598   remote_cert_ku[i] = 0
Sat Dec 23 00:35:01 2017 us=689609   remote_cert_ku[i] = 0
Sat Dec 23 00:35:01 2017 us=689621   remote_cert_eku = '[UNDEF]'
Sat Dec 23 00:35:01 2017 us=689632   ssl_flags = 0
Sat Dec 23 00:35:01 2017 us=689643   tls_timeout = 2
Sat Dec 23 00:35:01 2017 us=689655   renegotiate_bytes = -1
Sat Dec 23 00:35:01 2017 us=689666   renegotiate_packets = 0
Sat Dec 23 00:35:01 2017 us=689677   renegotiate_seconds = 3600
Sat Dec 23 00:35:01 2017 us=689688   handshake_window = 60
Sat Dec 23 00:35:01 2017 us=689700   transition_window = 3600
Sat Dec 23 00:35:01 2017 us=689711   single_session = DISABLED
Sat Dec 23 00:35:01 2017 us=689723   push_peer_info = DISABLED
Sat Dec 23 00:35:01 2017 us=689734   tls_exit = DISABLED
Sat Dec 23 00:35:01 2017 us=689745   tls_auth_file = 'ta.key'
Sat Dec 23 00:35:01 2017 us=689756   tls_crypt_file = '[UNDEF]'
Sat Dec 23 00:35:01 2017 us=689769   server_network = 172.16.8.0
Sat Dec 23 00:35:01 2017 us=689781   server_netmask = 255.255.255.0
Sat Dec 23 00:35:01 2017 us=689795   server_network_ipv6 = ::
Sat Dec 23 00:35:01 2017 us=689807   server_netbits_ipv6 = 0
Sat Dec 23 00:35:01 2017 us=689818   server_bridge_ip = 0.0.0.0
Sat Dec 23 00:35:01 2017 us=689831   server_bridge_netmask = 0.0.0.0
Sat Dec 23 00:35:01 2017 us=689843   server_bridge_pool_start = 0.0.0.0
Sat Dec 23 00:35:01 2017 us=689855   server_bridge_pool_end = 0.0.0.0
Sat Dec 23 00:35:01 2017 us=689866   push_entry = 'route 192.168.1.0 255.255.255.0'
Sat Dec 23 00:35:01 2017 us=689878   push_entry = 'route 172.16.8.1'
Sat Dec 23 00:35:01 2017 us=689889   push_entry = 'topology net30'
Sat Dec 23 00:35:01 2017 us=689900   push_entry = 'ping 10'
Sat Dec 23 00:35:01 2017 us=689911   push_entry = 'ping-restart 120'
Sat Dec 23 00:35:01 2017 us=689923   ifconfig_pool_defined = ENABLED
Sat Dec 23 00:35:01 2017 us=689935   ifconfig_pool_start = 172.16.8.4
Sat Dec 23 00:35:01 2017 us=689947   ifconfig_pool_end = 172.16.8.251
Sat Dec 23 00:35:01 2017 us=689959   ifconfig_pool_netmask = 0.0.0.0
Sat Dec 23 00:35:01 2017 us=689970   ifconfig_pool_persist_filename = 'ipp.txt'
Sat Dec 23 00:35:01 2017 us=689982   ifconfig_pool_persist_refresh_freq = 600
Sat Dec 23 00:35:01 2017 us=689993   ifconfig_ipv6_pool_defined = DISABLED
Sat Dec 23 00:35:01 2017 us=690005   ifconfig_ipv6_pool_base = ::
Sat Dec 23 00:35:01 2017 us=690016   ifconfig_ipv6_pool_netbits = 0
Sat Dec 23 00:35:01 2017 us=690028   n_bcast_buf = 256
Sat Dec 23 00:35:01 2017 us=690039   tcp_queue_limit = 64
Sat Dec 23 00:35:01 2017 us=690050   real_hash_size = 256
Sat Dec 23 00:35:01 2017 us=690062   virtual_hash_size = 256
Sat Dec 23 00:35:01 2017 us=690073   client_connect_script = '[UNDEF]'
Sat Dec 23 00:35:01 2017 us=690085   learn_address_script = '[UNDEF]'
Sat Dec 23 00:35:01 2017 us=690097   client_disconnect_script = '[UNDEF]'
Sat Dec 23 00:35:01 2017 us=690108   client_config_dir = '[UNDEF]'
Sat Dec 23 00:35:01 2017 us=690119   ccd_exclusive = DISABLED
Sat Dec 23 00:35:01 2017 us=690130   tmp_dir = '/tmp'
Sat Dec 23 00:35:01 2017 us=690142   push_ifconfig_defined = DISABLED
Sat Dec 23 00:35:01 2017 us=690154   push_ifconfig_local = 0.0.0.0
Sat Dec 23 00:35:01 2017 us=690166   push_ifconfig_remote_netmask = 0.0.0.0
Sat Dec 23 00:35:01 2017 us=690177   push_ifconfig_ipv6_defined = DISABLED
Sat Dec 23 00:35:01 2017 us=690189   push_ifconfig_ipv6_local = ::/0
Sat Dec 23 00:35:01 2017 us=690201   push_ifconfig_ipv6_remote = ::
Sat Dec 23 00:35:01 2017 us=690212   enable_c2c = DISABLED
Sat Dec 23 00:35:01 2017 us=690224   duplicate_cn = DISABLED
Sat Dec 23 00:35:01 2017 us=690235   cf_max = 0
Sat Dec 23 00:35:01 2017 us=690246   cf_per = 0
Sat Dec 23 00:35:01 2017 us=690257   max_clients = 1024
Sat Dec 23 00:35:01 2017 us=690269   max_routes_per_client = 256
Sat Dec 23 00:35:01 2017 us=690282   auth_user_pass_verify_script = '[UNDEF]'
Sat Dec 23 00:35:01 2017 us=690294   auth_user_pass_verify_script_via_file = DISABLED
Sat Dec 23 00:35:01 2017 us=690305   auth_token_generate = DISABLED
Sat Dec 23 00:35:01 2017 us=690317   auth_token_lifetime = 0
Sat Dec 23 00:35:01 2017 us=690328   port_share_host = '[UNDEF]'
Sat Dec 23 00:35:01 2017 us=690339   port_share_port = '[UNDEF]'
Sat Dec 23 00:35:01 2017 us=690351   client = DISABLED
Sat Dec 23 00:35:01 2017 us=690362   pull = DISABLED
Sat Dec 23 00:35:01 2017 us=690373   auth_user_pass_file = '[UNDEF]'
Sat Dec 23 00:35:01 2017 us=690386 OpenVPN 2.4.4 amd64-portbld-freebsd11.1 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Dec 10 2017
Sat Dec 23 00:35:01 2017 us=690400 library versions: OpenSSL 1.0.2j-freebsd  26 Sep 2016, LZO 2.10
Sat Dec 23 00:35:01 2017 us=690834 NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x.  Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
Sat Dec 23 00:35:01 2017 us=691177 Diffie-Hellman initialized with 2048 bit key
Sat Dec 23 00:35:01 2017 us=691744 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Sat Dec 23 00:35:01 2017 us=691764 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Sat Dec 23 00:35:01 2017 us=691780 TLS-Auth MTU parms [ L:1622 D:1172 EF:78 EB:0 ET:0 EL:3 ]
Sat Dec 23 00:35:01 2017 us=691868 ROUTE_GATEWAY 192.168.1.1/255.255.255.0 IFACE=epair2b HWADDR=6e:cc:dc:b2:97:99
Sat Dec 23 00:35:01 2017 us=691923 TUN/TAP device /dev/tun0 opened
Sat Dec 23 00:35:01 2017 us=691937 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Sat Dec 23 00:35:01 2017 us=691958 /sbin/ifconfig tun0 172.16.8.1 172.16.8.2 mtu 1500 netmask 255.255.255.255 up
Sat Dec 23 00:35:01 2017 us=693319 /sbin/route add -net 192.168.1.0 172.16.8.2 255.255.255.0
add net 192.168.1.0: gateway 172.16.8.2 fib 0: route already in table
Sat Dec 23 00:35:01 2017 us=694313 ERROR: FreeBSD route add command failed: external program exited with error status: 1
Sat Dec 23 00:35:01 2017 us=694363 /sbin/route add -net 172.16.8.0 172.16.8.2 255.255.255.0
add net 172.16.8.0: gateway 172.16.8.2
Sat Dec 23 00:35:01 2017 us=695313 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 ]
Sat Dec 23 00:35:01 2017 us=695663 Could not determine IPv4/IPv6 protocol. Using AF_INET6
Sat Dec 23 00:35:01 2017 us=695687 Socket Buffers: R=[42080->42080] S=[9216->9216]
Sat Dec 23 00:35:01 2017 us=695700 setsockopt(IPV6_V6ONLY=0)
Sat Dec 23 00:35:01 2017 us=695726 UDPv6 link local (bound): [AF_INET6][undef]:1194
Sat Dec 23 00:35:01 2017 us=695738 UDPv6 link remote: [AF_UNSPEC]
Sat Dec 23 00:35:01 2017 us=695753 GID set to nobody
Sat Dec 23 00:35:01 2017 us=695770 UID set to nobody
Sat Dec 23 00:35:01 2017 us=695784 MULTI: multi_init called, r=256 v=256
Sat Dec 23 00:35:01 2017 us=695815 IFCONFIG POOL: base=172.16.8.4 size=62, ipv6=0
Sat Dec 23 00:35:01 2017 us=695852 ifconfig_pool_read(), in='this.user,172.16.8.4', TODO: IPv6
Sat Dec 23 00:35:01 2017 us=695867 succeeded -> ifconfig_pool_set()
Sat Dec 23 00:35:01 2017 us=695883 IFCONFIG POOL LIST
Sat Dec 23 00:35:01 2017 us=695895 this.user,172.16.8.4
Sat Dec 23 00:35:01 2017 us=695931 Initialization Sequence Completed
Sat Dec 23 00:35:14 2017 us=17872 MULTI: multi_create_instance called
Sat Dec 23 00:35:14 2017 us=17947 80.12.27.218 Re-using SSL/TLS context
Sat Dec 23 00:35:14 2017 us=17965 80.12.27.218 LZO compression initializing
Sat Dec 23 00:35:14 2017 us=18082 80.12.27.218 Control Channel MTU parms [ L:1622 D:1172 EF:78 EB:0 ET:0 EL:3 ]
Sat Dec 23 00:35:14 2017 us=18096 80.12.27.218 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 ]
Sat Dec 23 00:35:14 2017 us=18132 80.12.27.218 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1570,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA256,keysize 256,tls-auth,key-method 2,tls-server'
Sat Dec 23 00:35:14 2017 us=18143 80.12.27.218 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1570,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA256,keysize 256,tls-auth,key-method 2,tls-client'
Sat Dec 23 00:35:14 2017 us=18179 80.12.27.218 UDPv6 READ [54] from [AF_INET6]::ffff:80.12.27.218:60370: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #1 ] [ ] pid=0 DATA len=0
Sat Dec 23 00:35:14 2017 us=18197 80.12.27.218 TLS: Initial packet from [AF_INET6]::ffff:80.12.27.218:60370, sid=0a983611 6f70621a
Sat Dec 23 00:35:14 2017 us=18230 80.12.27.218 UDPv6 WRITE [66] to [AF_INET6]::ffff:80.12.27.218:60370: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 pid=[ #1 ] [ 0 ] pid=0 DATA len=0
Sat Dec 23 00:35:14 2017 us=101041 80.12.27.218 UDPv6 READ [62] from [AF_INET6]::ffff:80.12.27.218:60370: P_ACK_V1 kid=0 pid=[ #2 ] [ 0 ]
Sat Dec 23 00:35:14 2017 us=103022 80.12.27.218 UDPv6 READ [227] from [AF_INET6]::ffff:80.12.27.218:60370: P_CONTROL_V1 kid=0 pid=[ #3 ] [ ] pid=1 DATA len=173
Sat Dec 23 00:35:14 2017 us=105747 80.12.27.218 UDPv6 WRITE [1160] to [AF_INET6]::ffff:80.12.27.218:60370: P_CONTROL_V1 kid=0 pid=[ #2 ] [ 1 ] pid=1 DATA len=1094
Sat Dec 23 00:35:14 2017 us=105811 80.12.27.218 UDPv6 WRITE [1129] to [AF_INET6]::ffff:80.12.27.218:60370: P_CONTROL_V1 kid=0 pid=[ #3 ] [ ] pid=2 DATA len=1075
Sat Dec 23 00:35:14 2017 us=197134 80.12.27.218 UDPv6 READ [62] from [AF_INET6]::ffff:80.12.27.218:60370: P_ACK_V1 kid=0 pid=[ #4 ] [ 1 ]
Sat Dec 23 00:35:14 2017 us=252104 80.12.27.218 UDPv6 READ [1160] from [AF_INET6]::ffff:80.12.27.218:60370: P_CONTROL_V1 kid=0 pid=[ #5 ] [ 2 ] pid=2 DATA len=1094
Sat Dec 23 00:35:14 2017 us=252172 80.12.27.218 UDPv6 WRITE [62] to [AF_INET6]::ffff:80.12.27.218:60370: P_ACK_V1 kid=0 pid=[ #4 ] [ 2 ]
Sat Dec 23 00:35:14 2017 us=264660 80.12.27.218 UDPv6 READ [1040] from [AF_INET6]::ffff:80.12.27.218:60370: P_CONTROL_V1 kid=0 pid=[ #6 ] [ ] pid=3 DATA len=986
Sat Dec 23 00:35:14 2017 us=264933 80.12.27.218 VERIFY OK: depth=1, CN=FREENAS CA
Sat Dec 23 00:35:14 2017 us=265061 80.12.27.218 VERIFY OK: depth=0, CN=this.user
Sat Dec 23 00:35:14 2017 us=265466 80.12.27.218 UDPv6 WRITE [117] to [AF_INET6]::ffff:80.12.27.218:60370: P_CONTROL_V1 kid=0 pid=[ #5 ] [ 3 ] pid=3 DATA len=51
Sat Dec 23 00:35:14 2017 us=349645 80.12.27.218 UDPv6 READ [513] from [AF_INET6]::ffff:80.12.27.218:60370: P_CONTROL_V1 kid=0 pid=[ #7 ] [ 3 ] pid=4 DATA len=447
Sat Dec 23 00:35:14 2017 us=349698 80.12.27.218 peer info: IV_VER=2.4.4
Sat Dec 23 00:35:14 2017 us=349711 80.12.27.218 peer info: IV_PLAT=win
Sat Dec 23 00:35:14 2017 us=349722 80.12.27.218 peer info: IV_PROTO=2
Sat Dec 23 00:35:14 2017 us=349741 80.12.27.218 peer info: IV_NCP=2
Sat Dec 23 00:35:14 2017 us=349752 80.12.27.218 peer info: IV_LZ4=1
Sat Dec 23 00:35:14 2017 us=349763 80.12.27.218 peer info: IV_LZ4v2=1
Sat Dec 23 00:35:14 2017 us=349774 80.12.27.218 peer info: IV_LZO=1
Sat Dec 23 00:35:14 2017 us=349785 80.12.27.218 peer info: IV_COMP_STUB=1
Sat Dec 23 00:35:14 2017 us=349796 80.12.27.218 peer info: IV_COMP_STUBv2=1
Sat Dec 23 00:35:14 2017 us=349807 80.12.27.218 peer info: IV_TCPNL=1
Sat Dec 23 00:35:14 2017 us=349818 80.12.27.218 peer info: IV_GUI_VER=OpenVPN_GUI_11
Sat Dec 23 00:35:14 2017 us=349870 80.12.27.218 UDPv6 WRITE [321] to [AF_INET6]::ffff:80.12.27.218:60370: P_CONTROL_V1 kid=0 pid=[ #6 ] [ 4 ] pid=4 DATA len=255
Sat Dec 23 00:35:14 2017 us=417399 80.12.27.218 UDPv6 READ [62] from [AF_INET6]::ffff:80.12.27.218:60370: P_ACK_V1 kid=0 pid=[ #8 ] [ 4 ]
Sat Dec 23 00:35:14 2017 us=417446 80.12.27.218 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Sat Dec 23 00:35:14 2017 us=417465 80.12.27.218 [this.user] Peer Connection Initiated with [AF_INET6]::ffff:80.12.27.218:60370
Sat Dec 23 00:35:14 2017 us=417491 this.user/80.12.27.218 MULTI_sva: pool returned IPv4=172.16.8.6, IPv6=(Not enabled)
Sat Dec 23 00:35:14 2017 us=417525 this.user/80.12.27.218 MULTI: Learn: 172.16.8.6 -> this.user/80.12.27.218
Sat Dec 23 00:35:14 2017 us=417539 this.user/80.12.27.218 MULTI: primary virtual IP for this.user/80.12.27.218: 172.16.8.6
Sat Dec 23 00:35:15 2017 us=437662 this.user/80.12.27.218 UDPv6 READ [96] from [AF_INET6]::ffff:80.12.27.218:60370: P_CONTROL_V1 kid=0 pid=[ #9 ] [ ] pid=5 DATA len=42
Sat Dec 23 00:35:15 2017 us=437745 this.user/80.12.27.218 PUSH: Received control message: 'PUSH_REQUEST'
Sat Dec 23 00:35:15 2017 us=437789 this.user/80.12.27.218 SENT CONTROL [this.user]: 'PUSH_REPLY,route 192.168.1.0 255.255.255.0,route 172.16.8.1,topology net30,ping 10,ping-restart 120,ifconfig 172.16.8.6 172.16.8.5,peer-id 0,cipher AES-256-GCM' (status=1)
Sat Dec 23 00:35:15 2017 us=437803 this.user/80.12.27.218 Data Channel: using negotiated cipher 'AES-256-GCM'
Sat Dec 23 00:35:15 2017 us=437822 this.user/80.12.27.218 Data Channel MTU parms [ L:1550 D:1450 EF:50 EB:406 ET:0 EL:3 ]
Sat Dec 23 00:35:15 2017 us=437916 this.user/80.12.27.218 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Sat Dec 23 00:35:15 2017 us=437930 this.user/80.12.27.218 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Sat Dec 23 00:35:15 2017 us=437955 this.user/80.12.27.218 UDPv6 WRITE [62] to [AF_INET6]::ffff:80.12.27.218:60370: P_ACK_V1 kid=0 pid=[ #7 ] [ 5 ]
Sat Dec 23 00:35:15 2017 us=437998 this.user/80.12.27.218 UDPv6 WRITE [243] to [AF_INET6]::ffff:80.12.27.218:60370: P_CONTROL_V1 kid=0 pid=[ #8 ] [ ] pid=5 DATA len=189
Sat Dec 23 00:35:15 2017 us=511070 this.user/80.12.27.218 UDPv6 READ [62] from [AF_INET6]::ffff:80.12.27.218:60370: P_ACK_V1 kid=0 pid=[ #10 ] [ 5 ]
Sat Dec 23 00:35:15 2017 us=525354 this.user/80.12.27.218 UDPv6 READ [162] from [AF_INET6]::ffff:80.12.27.218:60370: P_DATA_V2 kid=0 DATA len=161
Sat Dec 23 00:35:15 2017 us=543091 this.user/80.12.27.218 UDPv6 READ [101] from [AF_INET6]::ffff:80.12.27.218:60370: P_DATA_V2 kid=0 DATA len=100
Sat Dec 23 00:35:15 2017 us=543255 this.user/80.12.27.218 UDPv6 READ [101] from [AF_INET6]::ffff:80.12.27.218:60370: P_DATA_V2 kid=0 DATA len=100
Sat Dec 23 00:35:15 2017 us=553188 this.user/80.12.27.218 UDPv6 READ [101] from [AF_INET6]::ffff:80.12.27.218:60370: P_DATA_V2 kid=0 DATA len=100
Sat Dec 23 00:35:15 2017 us=558865 this.user/80.12.27.218 UDPv6 READ [101] from [AF_INET6]::ffff:80.12.27.218:60370: P_DATA_V2 kid=0 DATA len=100
Sat Dec 23 00:35:15 2017 us=560576 this.user/80.12.27.218 UDPv6 READ [101] from [AF_INET6]::ffff:80.12.27.218:60370: P_DATA_V2 kid=0 DATA len=100
Sat Dec 23 00:35:15 2017 us=635975 this.user/80.12.27.218 UDPv6 READ [89] from [AF_INET6]::ffff:80.12.27.218:60370: P_DATA_V2 kid=0 DATA len=88
Sat Dec 23 00:35:15 2017 us=636015 this.user/80.12.27.218 MULTI: bad source address from client [::], packet dropped
Sat Dec 23 00:35:15 2017 us=636434 this.user/80.12.27.218 UDPv6 READ [73] from [AF_INET6]::ffff:80.12.27.218:60370: P_DATA_V2 kid=0 DATA len=72
Sat Dec 23 00:35:15 2017 us=636633 this.user/80.12.27.218 UDPv6 READ [121] from [AF_INET6]::ffff:80.12.27.218:60370: P_DATA_V2 kid=0 DATA len=120
Sat Dec 23 00:35:16 2017 us=117167 this.user/80.12.27.218 UDPv6 READ [101] from [AF_INET6]::ffff:80.12.27.218:60370: P_DATA_V2 kid=0 DATA len=100
Sat Dec 23 00:35:16 2017 us=399260 this.user/80.12.27.218 UDPv6 READ [485] from [AF_INET6]::ffff:80.12.27.218:60370: P_DATA_V2 kid=0 DATA len=484
Sat Dec 23 00:35:16 2017 us=514813 this.user/80.12.27.218 UDPv6 READ [485] from [AF_INET6]::ffff:80.12.27.218:60370: P_DATA_V2 kid=0 DATA len=484
Sat Dec 23 00:35:16 2017 us=524913 this.user/80.12.27.218 UDPv6 READ [163] from [AF_INET6]::ffff:80.12.27.218:60370: P_DATA_V2 kid=0 DATA len=162
Sat Dec 23 00:35:16 2017 us=616822 this.user/80.12.27.218 UDPv6 READ [97] from [AF_INET6]::ffff:80.12.27.218:60370: P_DATA_V2 kid=0 DATA len=96

Code: Select all

[oconf=]CLIENT LOG[/oconf]
Sat Dec 23 10:36:09 2017 us=505204 Current Parameter Settings:
Sat Dec 23 10:36:09 2017 us=505204   config = 'home-vpn.ovpn'
Sat Dec 23 10:36:09 2017 us=505204   mode = 0
Sat Dec 23 10:36:09 2017 us=505204   show_ciphers = DISABLED
Sat Dec 23 10:36:09 2017 us=505204   show_digests = DISABLED
Sat Dec 23 10:36:09 2017 us=505204   show_engines = DISABLED
Sat Dec 23 10:36:09 2017 us=505204   genkey = DISABLED
Sat Dec 23 10:36:09 2017 us=505204   key_pass_file = '[UNDEF]'
Sat Dec 23 10:36:09 2017 us=505204   show_tls_ciphers = DISABLED
Sat Dec 23 10:36:09 2017 us=505204   connect_retry_max = 0
Sat Dec 23 10:36:09 2017 us=505204 Connection profiles [0]:
Sat Dec 23 10:36:09 2017 us=505204   proto = udp
Sat Dec 23 10:36:09 2017 us=505204   local = '[UNDEF]'
Sat Dec 23 10:36:09 2017 us=505204   local_port = '[UNDEF]'
Sat Dec 23 10:36:09 2017 us=505204   remote = 'mydomain.org'
Sat Dec 23 10:36:09 2017 us=505204   remote_port = '1194'
Sat Dec 23 10:36:09 2017 us=505204   remote_float = DISABLED
Sat Dec 23 10:36:09 2017 us=505204   bind_defined = DISABLED
Sat Dec 23 10:36:09 2017 us=505204   bind_local = DISABLED
Sat Dec 23 10:36:09 2017 us=505204   bind_ipv6_only = DISABLED
Sat Dec 23 10:36:09 2017 us=505204   connect_retry_seconds = 5
Sat Dec 23 10:36:09 2017 us=505204   connect_timeout = 120
Sat Dec 23 10:36:09 2017 us=505204   socks_proxy_server = '[UNDEF]'
Sat Dec 23 10:36:09 2017 us=505204   socks_proxy_port = '[UNDEF]'
Sat Dec 23 10:36:09 2017 us=505204   tun_mtu = 1500
Sat Dec 23 10:36:09 2017 us=505204   tun_mtu_defined = ENABLED
Sat Dec 23 10:36:09 2017 us=505204   link_mtu = 1500
Sat Dec 23 10:36:09 2017 us=505204   link_mtu_defined = DISABLED
Sat Dec 23 10:36:09 2017 us=505204   tun_mtu_extra = 0
Sat Dec 23 10:36:09 2017 us=505204   tun_mtu_extra_defined = DISABLED
Sat Dec 23 10:36:09 2017 us=505204   mtu_discover_type = -1
Sat Dec 23 10:36:09 2017 us=505204   fragment = 0
Sat Dec 23 10:36:09 2017 us=505204   mssfix = 1450
Sat Dec 23 10:36:09 2017 us=505204   explicit_exit_notification = 0
Sat Dec 23 10:36:09 2017 us=505204 Connection profiles END
Sat Dec 23 10:36:09 2017 us=505204   remote_random = DISABLED
Sat Dec 23 10:36:09 2017 us=505204   ipchange = '[UNDEF]'
Sat Dec 23 10:36:09 2017 us=505204   dev = 'tun'
Sat Dec 23 10:36:09 2017 us=505204   dev_type = '[UNDEF]'
Sat Dec 23 10:36:09 2017 us=505204   dev_node = '[UNDEF]'
Sat Dec 23 10:36:09 2017 us=505204   lladdr = '[UNDEF]'
Sat Dec 23 10:36:09 2017 us=505204   topology = 1
Sat Dec 23 10:36:09 2017 us=505204   ifconfig_local = '[UNDEF]'
Sat Dec 23 10:36:09 2017 us=505204   ifconfig_remote_netmask = '[UNDEF]'
Sat Dec 23 10:36:09 2017 us=505204   ifconfig_noexec = DISABLED
Sat Dec 23 10:36:09 2017 us=505204   ifconfig_nowarn = DISABLED
Sat Dec 23 10:36:09 2017 us=505204   ifconfig_ipv6_local = '[UNDEF]'
Sat Dec 23 10:36:09 2017 us=505204   ifconfig_ipv6_netbits = 0
Sat Dec 23 10:36:09 2017 us=505204   ifconfig_ipv6_remote = '[UNDEF]'
Sat Dec 23 10:36:09 2017 us=505204   shaper = 0
Sat Dec 23 10:36:09 2017 us=505204   mtu_test = 0
Sat Dec 23 10:36:09 2017 us=505204   mlock = DISABLED
Sat Dec 23 10:36:09 2017 us=505204   keepalive_ping = 0
Sat Dec 23 10:36:09 2017 us=505204   keepalive_timeout = 0
Sat Dec 23 10:36:09 2017 us=505204   inactivity_timeout = 0
Sat Dec 23 10:36:09 2017 us=505204   ping_send_timeout = 0
Sat Dec 23 10:36:09 2017 us=505204   ping_rec_timeout = 0
Sat Dec 23 10:36:09 2017 us=505204   ping_rec_timeout_action = 0
Sat Dec 23 10:36:09 2017 us=505204   ping_timer_remote = DISABLED
Sat Dec 23 10:36:09 2017 us=505204   remap_sigusr1 = 0
Sat Dec 23 10:36:09 2017 us=505204   persist_tun = ENABLED
Sat Dec 23 10:36:09 2017 us=505204   persist_local_ip = DISABLED
Sat Dec 23 10:36:09 2017 us=505204   persist_remote_ip = DISABLED
Sat Dec 23 10:36:09 2017 us=505204   persist_key = ENABLED
Sat Dec 23 10:36:09 2017 us=505204   passtos = DISABLED
Sat Dec 23 10:36:09 2017 us=505204   resolve_retry_seconds = 1000000000
Sat Dec 23 10:36:09 2017 us=505204   resolve_in_advance = DISABLED
Sat Dec 23 10:36:09 2017 us=505204   username = '[UNDEF]'
Sat Dec 23 10:36:09 2017 us=505204   groupname = '[UNDEF]'
Sat Dec 23 10:36:09 2017 us=505204   chroot_dir = '[UNDEF]'
Sat Dec 23 10:36:09 2017 us=505204   cd_dir = '[UNDEF]'
Sat Dec 23 10:36:09 2017 us=505204   writepid = '[UNDEF]'
Sat Dec 23 10:36:09 2017 us=505204   up_script = '[UNDEF]'
Sat Dec 23 10:36:09 2017 us=505204   down_script = '[UNDEF]'
Sat Dec 23 10:36:09 2017 us=505204   down_pre = DISABLED
Sat Dec 23 10:36:09 2017 us=505204   up_restart = DISABLED
Sat Dec 23 10:36:09 2017 us=505204   up_delay = DISABLED
Sat Dec 23 10:36:09 2017 us=505204   daemon = DISABLED
Sat Dec 23 10:36:09 2017 us=505204   inetd = 0
Sat Dec 23 10:36:09 2017 us=505204   log = ENABLED
Sat Dec 23 10:36:09 2017 us=505204   suppress_timestamps = DISABLED
Sat Dec 23 10:36:09 2017 us=505204   machine_readable_output = DISABLED
Sat Dec 23 10:36:09 2017 us=505204   nice = 0
Sat Dec 23 10:36:09 2017 us=505204   verbosity = 4
Sat Dec 23 10:36:09 2017 us=505204   mute = 0
Sat Dec 23 10:36:09 2017 us=505204   gremlin = 0
Sat Dec 23 10:36:09 2017 us=505204   status_file = '[UNDEF]'
Sat Dec 23 10:36:09 2017 us=505204   status_file_version = 1
Sat Dec 23 10:36:09 2017 us=505204   status_file_update_freq = 60
Sat Dec 23 10:36:09 2017 us=505204   occ = ENABLED
Sat Dec 23 10:36:09 2017 us=505204   rcvbuf = 0
Sat Dec 23 10:36:09 2017 us=505204   sndbuf = 0
Sat Dec 23 10:36:09 2017 us=505204   sockflags = 0
Sat Dec 23 10:36:09 2017 us=505204   fast_io = DISABLED
Sat Dec 23 10:36:09 2017 us=505204   comp.alg = 2
Sat Dec 23 10:36:09 2017 us=505204   comp.flags = 1
Sat Dec 23 10:36:09 2017 us=505204   route_script = '[UNDEF]'
Sat Dec 23 10:36:09 2017 us=505204   route_default_gateway = '[UNDEF]'
Sat Dec 23 10:36:09 2017 us=505204   route_default_metric = 0
Sat Dec 23 10:36:09 2017 us=505204   route_noexec = DISABLED
Sat Dec 23 10:36:09 2017 us=505204   route_delay = 5
Sat Dec 23 10:36:09 2017 us=505204   route_delay_window = 30
Sat Dec 23 10:36:09 2017 us=505204   route_delay_defined = ENABLED
Sat Dec 23 10:36:09 2017 us=505204   route_nopull = DISABLED
Sat Dec 23 10:36:09 2017 us=505204   route_gateway_via_dhcp = DISABLED
Sat Dec 23 10:36:09 2017 us=505204   allow_pull_fqdn = DISABLED
Sat Dec 23 10:36:09 2017 us=505204   management_addr = '127.0.0.1'
Sat Dec 23 10:36:09 2017 us=505204   management_port = '25340'
Sat Dec 23 10:36:09 2017 us=505204   management_user_pass = 'stdin'
Sat Dec 23 10:36:09 2017 us=505204   management_log_history_cache = 250
Sat Dec 23 10:36:09 2017 us=505204   management_echo_buffer_size = 100
Sat Dec 23 10:36:09 2017 us=505204   management_write_peer_info_file = '[UNDEF]'
Sat Dec 23 10:36:09 2017 us=505204   management_client_user = '[UNDEF]'
Sat Dec 23 10:36:09 2017 us=505204   management_client_group = '[UNDEF]'
Sat Dec 23 10:36:09 2017 us=505204   management_flags = 6
Sat Dec 23 10:36:09 2017 us=505204   shared_secret_file = '[UNDEF]'
Sat Dec 23 10:36:09 2017 us=505204   key_direction = 2
Sat Dec 23 10:36:09 2017 us=505204   ciphername = 'AES-256-CBC'
Sat Dec 23 10:36:09 2017 us=505204   ncp_enabled = ENABLED
Sat Dec 23 10:36:09 2017 us=505204   ncp_ciphers = 'AES-256-GCM:AES-128-GCM'
Sat Dec 23 10:36:09 2017 us=505204   authname = 'SHA256'
Sat Dec 23 10:36:09 2017 us=505204   prng_hash = 'SHA1'
Sat Dec 23 10:36:09 2017 us=505204   prng_nonce_secret_len = 16
Sat Dec 23 10:36:09 2017 us=505204   keysize = 0
Sat Dec 23 10:36:09 2017 us=505204   engine = DISABLED
Sat Dec 23 10:36:09 2017 us=505204   replay = ENABLED
Sat Dec 23 10:36:09 2017 us=505204   mute_replay_warnings = DISABLED
Sat Dec 23 10:36:09 2017 us=505204   replay_window = 64
Sat Dec 23 10:36:09 2017 us=505204   replay_time = 15
Sat Dec 23 10:36:09 2017 us=505204   packet_id_file = '[UNDEF]'
Sat Dec 23 10:36:09 2017 us=505204   use_iv = ENABLED
Sat Dec 23 10:36:09 2017 us=505204   test_crypto = DISABLED
Sat Dec 23 10:36:09 2017 us=505204   tls_server = DISABLED
Sat Dec 23 10:36:09 2017 us=505204   tls_client = ENABLED
Sat Dec 23 10:36:09 2017 us=505204   key_method = 2
Sat Dec 23 10:36:09 2017 us=505204   ca_file = 'ca.crt'
Sat Dec 23 10:36:09 2017 us=505204   ca_path = '[UNDEF]'
Sat Dec 23 10:36:09 2017 us=505204   dh_file = '[UNDEF]'
Sat Dec 23 10:36:09 2017 us=505204   cert_file = 'this.user.crt'
Sat Dec 23 10:36:09 2017 us=505204   extra_certs_file = '[UNDEF]'
Sat Dec 23 10:36:09 2017 us=505204   priv_key_file = 'this.user.key'
Sat Dec 23 10:36:09 2017 us=505204   pkcs12_file = '[UNDEF]'
Sat Dec 23 10:36:09 2017 us=506216   cryptoapi_cert = '[UNDEF]'
Sat Dec 23 10:36:09 2017 us=506216   cipher_list = '[UNDEF]'
Sat Dec 23 10:36:09 2017 us=506216   tls_verify = '[UNDEF]'
Sat Dec 23 10:36:09 2017 us=506216   tls_export_cert = '[UNDEF]'
Sat Dec 23 10:36:09 2017 us=506216   verify_x509_type = 0
Sat Dec 23 10:36:09 2017 us=506216   verify_x509_name = '[UNDEF]'
Sat Dec 23 10:36:09 2017 us=506216   crl_file = '[UNDEF]'
Sat Dec 23 10:36:09 2017 us=506216   ns_cert_type = 0
Sat Dec 23 10:36:09 2017 us=506216   remote_cert_ku[i] = 65535
Sat Dec 23 10:36:09 2017 us=506216   remote_cert_ku[i] = 0
Sat Dec 23 10:36:09 2017 us=506216   remote_cert_ku[i] = 0
Sat Dec 23 10:36:09 2017 us=506216   remote_cert_ku[i] = 0
Sat Dec 23 10:36:09 2017 us=506216   remote_cert_ku[i] = 0
Sat Dec 23 10:36:09 2017 us=506216   remote_cert_ku[i] = 0
Sat Dec 23 10:36:09 2017 us=506216   remote_cert_ku[i] = 0
Sat Dec 23 10:36:09 2017 us=506216   remote_cert_ku[i] = 0
Sat Dec 23 10:36:09 2017 us=506216   remote_cert_ku[i] = 0
Sat Dec 23 10:36:09 2017 us=506216   remote_cert_ku[i] = 0
Sat Dec 23 10:36:09 2017 us=506216   remote_cert_ku[i] = 0
Sat Dec 23 10:36:09 2017 us=506216   remote_cert_ku[i] = 0
Sat Dec 23 10:36:09 2017 us=506216   remote_cert_ku[i] = 0
Sat Dec 23 10:36:09 2017 us=506216   remote_cert_ku[i] = 0
Sat Dec 23 10:36:09 2017 us=506216   remote_cert_ku[i] = 0
Sat Dec 23 10:36:09 2017 us=506216   remote_cert_ku[i] = 0
Sat Dec 23 10:36:09 2017 us=506216   remote_cert_eku = 'TLS Web Server Authentication'
Sat Dec 23 10:36:09 2017 us=506216   ssl_flags = 0
Sat Dec 23 10:36:09 2017 us=506216   tls_timeout = 2
Sat Dec 23 10:36:09 2017 us=506216   renegotiate_bytes = -1
Sat Dec 23 10:36:09 2017 us=506216   renegotiate_packets = 0
Sat Dec 23 10:36:09 2017 us=506216   renegotiate_seconds = 3600
Sat Dec 23 10:36:09 2017 us=506216   handshake_window = 60
Sat Dec 23 10:36:09 2017 us=506216   transition_window = 3600
Sat Dec 23 10:36:09 2017 us=506216   single_session = DISABLED
Sat Dec 23 10:36:09 2017 us=506216   push_peer_info = DISABLED
Sat Dec 23 10:36:09 2017 us=506216   tls_exit = DISABLED
Sat Dec 23 10:36:09 2017 us=506216   tls_auth_file = 'ta.key'
Sat Dec 23 10:36:09 2017 us=506216   tls_crypt_file = '[UNDEF]'
Sat Dec 23 10:36:09 2017 us=506216   pkcs11_protected_authentication = DISABLED
Sat Dec 23 10:36:09 2017 us=506216   pkcs11_protected_authentication = DISABLED
Sat Dec 23 10:36:09 2017 us=506216   pkcs11_protected_authentication = DISABLED
Sat Dec 23 10:36:09 2017 us=506216   pkcs11_protected_authentication = DISABLED
Sat Dec 23 10:36:09 2017 us=506216   pkcs11_protected_authentication = DISABLED
Sat Dec 23 10:36:09 2017 us=506216   pkcs11_protected_authentication = DISABLED
Sat Dec 23 10:36:09 2017 us=506216   pkcs11_protected_authentication = DISABLED
Sat Dec 23 10:36:09 2017 us=506216   pkcs11_protected_authentication = DISABLED
Sat Dec 23 10:36:09 2017 us=506216   pkcs11_protected_authentication = DISABLED
Sat Dec 23 10:36:09 2017 us=506216   pkcs11_protected_authentication = DISABLED
Sat Dec 23 10:36:09 2017 us=506216   pkcs11_protected_authentication = DISABLED
Sat Dec 23 10:36:09 2017 us=506216   pkcs11_protected_authentication = DISABLED
Sat Dec 23 10:36:09 2017 us=506216   pkcs11_protected_authentication = DISABLED
Sat Dec 23 10:36:09 2017 us=506216   pkcs11_protected_authentication = DISABLED
Sat Dec 23 10:36:09 2017 us=506216   pkcs11_protected_authentication = DISABLED
Sat Dec 23 10:36:09 2017 us=506216   pkcs11_protected_authentication = DISABLED
Sat Dec 23 10:36:09 2017 us=506216   pkcs11_private_mode = 00000000
Sat Dec 23 10:36:09 2017 us=506216   pkcs11_private_mode = 00000000
Sat Dec 23 10:36:09 2017 us=506216   pkcs11_private_mode = 00000000
Sat Dec 23 10:36:09 2017 us=506216   pkcs11_private_mode = 00000000
Sat Dec 23 10:36:09 2017 us=506216   pkcs11_private_mode = 00000000
Sat Dec 23 10:36:09 2017 us=506216   pkcs11_private_mode = 00000000
Sat Dec 23 10:36:09 2017 us=506216   pkcs11_private_mode = 00000000
Sat Dec 23 10:36:09 2017 us=506216   pkcs11_private_mode = 00000000
Sat Dec 23 10:36:09 2017 us=506216   pkcs11_private_mode = 00000000
Sat Dec 23 10:36:09 2017 us=506216   pkcs11_private_mode = 00000000
Sat Dec 23 10:36:09 2017 us=506216   pkcs11_private_mode = 00000000
Sat Dec 23 10:36:09 2017 us=506216   pkcs11_private_mode = 00000000
Sat Dec 23 10:36:09 2017 us=506216   pkcs11_private_mode = 00000000
Sat Dec 23 10:36:09 2017 us=506216   pkcs11_private_mode = 00000000
Sat Dec 23 10:36:09 2017 us=506216   pkcs11_private_mode = 00000000
Sat Dec 23 10:36:09 2017 us=506216   pkcs11_private_mode = 00000000
Sat Dec 23 10:36:09 2017 us=506216   pkcs11_cert_private = DISABLED
Sat Dec 23 10:36:09 2017 us=506216   pkcs11_cert_private = DISABLED
Sat Dec 23 10:36:09 2017 us=506216   pkcs11_cert_private = DISABLED
Sat Dec 23 10:36:09 2017 us=506216   pkcs11_cert_private = DISABLED
Sat Dec 23 10:36:09 2017 us=506216   pkcs11_cert_private = DISABLED
Sat Dec 23 10:36:09 2017 us=506216   pkcs11_cert_private = DISABLED
Sat Dec 23 10:36:09 2017 us=506216   pkcs11_cert_private = DISABLED
Sat Dec 23 10:36:09 2017 us=506216   pkcs11_cert_private = DISABLED
Sat Dec 23 10:36:09 2017 us=506216   pkcs11_cert_private = DISABLED
Sat Dec 23 10:36:09 2017 us=506216   pkcs11_cert_private = DISABLED
Sat Dec 23 10:36:09 2017 us=506216   pkcs11_cert_private = DISABLED
Sat Dec 23 10:36:09 2017 us=506216   pkcs11_cert_private = DISABLED
Sat Dec 23 10:36:09 2017 us=506216   pkcs11_cert_private = DISABLED
Sat Dec 23 10:36:09 2017 us=506216   pkcs11_cert_private = DISABLED
Sat Dec 23 10:36:09 2017 us=506216   pkcs11_cert_private = DISABLED
Sat Dec 23 10:36:09 2017 us=506216   pkcs11_cert_private = DISABLED
Sat Dec 23 10:36:09 2017 us=506216   pkcs11_pin_cache_period = -1
Sat Dec 23 10:36:09 2017 us=506216   pkcs11_id = '[UNDEF]'
Sat Dec 23 10:36:09 2017 us=506216   pkcs11_id_management = DISABLED
Sat Dec 23 10:36:09 2017 us=506216   server_network = 0.0.0.0
Sat Dec 23 10:36:09 2017 us=506216   server_netmask = 0.0.0.0
Sat Dec 23 10:36:09 2017 us=506216   server_network_ipv6 = ::
Sat Dec 23 10:36:09 2017 us=506216   server_netbits_ipv6 = 0
Sat Dec 23 10:36:09 2017 us=506216   server_bridge_ip = 0.0.0.0
Sat Dec 23 10:36:09 2017 us=506216   server_bridge_netmask = 0.0.0.0
Sat Dec 23 10:36:09 2017 us=506216   server_bridge_pool_start = 0.0.0.0
Sat Dec 23 10:36:09 2017 us=506216   server_bridge_pool_end = 0.0.0.0
Sat Dec 23 10:36:09 2017 us=506216   ifconfig_pool_defined = DISABLED
Sat Dec 23 10:36:09 2017 us=506216   ifconfig_pool_start = 0.0.0.0
Sat Dec 23 10:36:09 2017 us=506216   ifconfig_pool_end = 0.0.0.0
Sat Dec 23 10:36:09 2017 us=506216   ifconfig_pool_netmask = 0.0.0.0
Sat Dec 23 10:36:09 2017 us=506216   ifconfig_pool_persist_filename = '[UNDEF]'
Sat Dec 23 10:36:09 2017 us=506216   ifconfig_pool_persist_refresh_freq = 600
Sat Dec 23 10:36:09 2017 us=506216   ifconfig_ipv6_pool_defined = DISABLED
Sat Dec 23 10:36:09 2017 us=506216   ifconfig_ipv6_pool_base = ::
Sat Dec 23 10:36:09 2017 us=506216   ifconfig_ipv6_pool_netbits = 0
Sat Dec 23 10:36:09 2017 us=506216   n_bcast_buf = 256
Sat Dec 23 10:36:09 2017 us=506216   tcp_queue_limit = 64
Sat Dec 23 10:36:09 2017 us=506216   real_hash_size = 256
Sat Dec 23 10:36:09 2017 us=506216   virtual_hash_size = 256
Sat Dec 23 10:36:09 2017 us=506216   client_connect_script = '[UNDEF]'
Sat Dec 23 10:36:09 2017 us=506216   learn_address_script = '[UNDEF]'
Sat Dec 23 10:36:09 2017 us=506216   client_disconnect_script = '[UNDEF]'
Sat Dec 23 10:36:09 2017 us=506216   client_config_dir = '[UNDEF]'
Sat Dec 23 10:36:09 2017 us=506216   ccd_exclusive = DISABLED
Sat Dec 23 10:36:09 2017 us=506216   tmp_dir = 'C:\Users\BUREAU\AppData\Local\Temp\'
Sat Dec 23 10:36:09 2017 us=506216   push_ifconfig_defined = DISABLED
Sat Dec 23 10:36:09 2017 us=506216   push_ifconfig_local = 0.0.0.0
Sat Dec 23 10:36:09 2017 us=506216   push_ifconfig_remote_netmask = 0.0.0.0
Sat Dec 23 10:36:09 2017 us=506216   push_ifconfig_ipv6_defined = DISABLED
Sat Dec 23 10:36:09 2017 us=506216   push_ifconfig_ipv6_local = ::/0
Sat Dec 23 10:36:09 2017 us=506216   push_ifconfig_ipv6_remote = ::
Sat Dec 23 10:36:09 2017 us=506216   enable_c2c = DISABLED
Sat Dec 23 10:36:09 2017 us=506216   duplicate_cn = DISABLED
Sat Dec 23 10:36:09 2017 us=506216   cf_max = 0
Sat Dec 23 10:36:09 2017 us=506216   cf_per = 0
Sat Dec 23 10:36:09 2017 us=506216   max_clients = 1024
Sat Dec 23 10:36:09 2017 us=506216   max_routes_per_client = 256
Sat Dec 23 10:36:09 2017 us=506216   auth_user_pass_verify_script = '[UNDEF]'
Sat Dec 23 10:36:09 2017 us=506216   auth_user_pass_verify_script_via_file = DISABLED
Sat Dec 23 10:36:09 2017 us=506216   auth_token_generate = DISABLED
Sat Dec 23 10:36:09 2017 us=506216   auth_token_lifetime = 0
Sat Dec 23 10:36:09 2017 us=506216   client = ENABLED
Sat Dec 23 10:36:09 2017 us=506216   pull = ENABLED
Sat Dec 23 10:36:09 2017 us=506216   auth_user_pass_file = '[UNDEF]'
Sat Dec 23 10:36:09 2017 us=506216   show_net_up = DISABLED
Sat Dec 23 10:36:09 2017 us=506216   route_method = 0
Sat Dec 23 10:36:09 2017 us=506216   block_outside_dns = DISABLED
Sat Dec 23 10:36:09 2017 us=506216   ip_win32_defined = DISABLED
Sat Dec 23 10:36:09 2017 us=506216   ip_win32_type = 3
Sat Dec 23 10:36:09 2017 us=506216   dhcp_masq_offset = 0
Sat Dec 23 10:36:09 2017 us=506216   dhcp_lease_time = 31536000
Sat Dec 23 10:36:09 2017 us=506216   tap_sleep = 0
Sat Dec 23 10:36:09 2017 us=506216   dhcp_options = DISABLED
Sat Dec 23 10:36:09 2017 us=506216   dhcp_renew = DISABLED
Sat Dec 23 10:36:09 2017 us=506216   dhcp_pre_release = DISABLED
Sat Dec 23 10:36:09 2017 us=506216   domain = '[UNDEF]'
Sat Dec 23 10:36:09 2017 us=506216   netbios_scope = '[UNDEF]'
Sat Dec 23 10:36:09 2017 us=506216   netbios_node_type = 0
Sat Dec 23 10:36:09 2017 us=506216   disable_nbt = DISABLED
Sat Dec 23 10:36:09 2017 us=506216 OpenVPN 2.4.4 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Sep 26 2017
Sat Dec 23 10:36:09 2017 us=506216 Windows version 6.2 (Windows 8 or greater) 64bit
Sat Dec 23 10:36:09 2017 us=506216 library versions: OpenSSL 1.0.2l  25 May 2017, LZO 2.10
Enter Management Password:
Sat Dec 23 10:36:09 2017 us=507216 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Sat Dec 23 10:36:09 2017 us=507216 Need hold release from management interface, waiting...
Sat Dec 23 10:36:09 2017 us=998079 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Sat Dec 23 10:36:10 2017 us=99047 MANAGEMENT: CMD 'state on'
Sat Dec 23 10:36:10 2017 us=99047 MANAGEMENT: CMD 'log all on'
Sat Dec 23 10:36:10 2017 us=188062 MANAGEMENT: CMD 'echo all on'
Sat Dec 23 10:36:10 2017 us=189052 MANAGEMENT: CMD 'hold off'
Sat Dec 23 10:36:10 2017 us=190053 MANAGEMENT: CMD 'hold release'
Sat Dec 23 10:36:10 2017 us=297130 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Sat Dec 23 10:36:10 2017 us=297130 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Sat Dec 23 10:36:10 2017 us=297130 LZO compression initializing
Sat Dec 23 10:36:10 2017 us=297130 Control Channel MTU parms [ L:1622 D:1172 EF:78 EB:0 ET:0 EL:3 ]
Sat Dec 23 10:36:10 2017 us=297130 MANAGEMENT: >STATE:1514021770,RESOLVE,,,,,,
Sat Dec 23 10:36:10 2017 us=471310 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 ]
Sat Dec 23 10:36:10 2017 us=471310 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1570,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA256,keysize 256,tls-auth,key-method 2,tls-client'
Sat Dec 23 10:36:10 2017 us=471310 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1570,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA256,keysize 256,tls-auth,key-method 2,tls-server'
Sat Dec 23 10:36:10 2017 us=471310 TCP/UDP: Preserving recently used remote address: [AF_INET]86.197.18.180:1194
Sat Dec 23 10:36:10 2017 us=472297 Socket Buffers: R=[65536->65536] S=[65536->65536]
Sat Dec 23 10:36:10 2017 us=472297 UDP link local: (not bound)
Sat Dec 23 10:36:10 2017 us=472297 UDP link remote: [AF_INET]86.197.18.180:1194
Sat Dec 23 10:36:10 2017 us=472297 MANAGEMENT: >STATE:1514021770,WAIT,,,,,,
Sat Dec 23 10:36:10 2017 us=620256 MANAGEMENT: >STATE:1514021770,AUTH,,,,,,
Sat Dec 23 10:36:10 2017 us=621215 TLS: Initial packet from [AF_INET]86.197.18.180:1194, sid=27a40709 6d95b40e
Sat Dec 23 10:36:10 2017 us=763130 VERIFY OK: depth=1, CN=FREENAS CA
Sat Dec 23 10:36:10 2017 us=765121 VERIFY KU OK
Sat Dec 23 10:36:10 2017 us=765121 Validating certificate extended key usage
Sat Dec 23 10:36:10 2017 us=765121 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Sat Dec 23 10:36:10 2017 us=765121 VERIFY EKU OK
Sat Dec 23 10:36:10 2017 us=765121 VERIFY OK: depth=0, CN=openvpn-server
Sat Dec 23 10:36:10 2017 us=993210 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Sat Dec 23 10:36:10 2017 us=993210 [openvpn-server] Peer Connection Initiated with [AF_INET]86.197.18.180:1194
Sat Dec 23 10:36:12 2017 us=21250 MANAGEMENT: >STATE:1514021772,GET_CONFIG,,,,,,
Sat Dec 23 10:36:12 2017 us=22247 SENT CONTROL [openvpn-server]: 'PUSH_REQUEST' (status=1)
Sat Dec 23 10:36:12 2017 us=130387 PUSH: Received control message: 'PUSH_REPLY,route 192.168.1.0 255.255.255.0,route 172.16.8.1,topology net30,ping 10,ping-restart 120,ifconfig 172.16.8.6 172.16.8.5,peer-id 1,cipher AES-256-GCM'
Sat Dec 23 10:36:12 2017 us=132341 OPTIONS IMPORT: timers and/or timeouts modified
Sat Dec 23 10:36:12 2017 us=132341 OPTIONS IMPORT: --ifconfig/up options modified
Sat Dec 23 10:36:12 2017 us=132341 OPTIONS IMPORT: route options modified
Sat Dec 23 10:36:12 2017 us=132341 OPTIONS IMPORT: peer-id set
Sat Dec 23 10:36:12 2017 us=132341 OPTIONS IMPORT: adjusting link_mtu to 1625
Sat Dec 23 10:36:12 2017 us=132341 OPTIONS IMPORT: data channel crypto options modified
Sat Dec 23 10:36:12 2017 us=132341 Data Channel: using negotiated cipher 'AES-256-GCM'
Sat Dec 23 10:36:12 2017 us=132341 Data Channel MTU parms [ L:1553 D:1450 EF:53 EB:406 ET:0 EL:3 ]
Sat Dec 23 10:36:12 2017 us=132341 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Sat Dec 23 10:36:12 2017 us=132341 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Sat Dec 23 10:36:12 2017 us=132341 interactive service msg_channel=0
Sat Dec 23 10:36:12 2017 us=134343 ROUTE_GATEWAY 10.118.241.139/255.255.255.248 I=18 HWADDR=b0:83:95:53:5c:5a
Sat Dec 23 10:36:12 2017 us=134343 open_tun
Sat Dec 23 10:36:12 2017 us=135343 TAP-WIN32 device [Ethernet 6] opened: \\.\Global\{9E164C47-C680-4594-A42C-57FEBF4303F0}.tap
Sat Dec 23 10:36:12 2017 us=135343 TAP-Windows Driver Version 9.21 
Sat Dec 23 10:36:12 2017 us=136346 TAP-Windows MTU=1500
Sat Dec 23 10:36:12 2017 us=137345 Notified TAP-Windows driver to set a DHCP IP/netmask of 172.16.8.6/255.255.255.252 on interface {9E164C47-C680-4594-A42C-57FEBF4303F0} [DHCP-serv: 172.16.8.5, lease-time: 31536000]
Sat Dec 23 10:36:12 2017 us=137345 Successful ARP Flush on interface [13] {9E164C47-C680-4594-A42C-57FEBF4303F0}
Sat Dec 23 10:36:12 2017 us=141336 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Sat Dec 23 10:36:12 2017 us=141336 MANAGEMENT: >STATE:1514021772,ASSIGN_IP,,172.16.8.6,,,,
Sat Dec 23 10:36:17 2017 us=758879 TEST ROUTES: 2/2 succeeded len=2 ret=1 a=0 u/d=up
Sat Dec 23 10:36:17 2017 us=758879 MANAGEMENT: >STATE:1514021777,ADD_ROUTES,,,,,,
Sat Dec 23 10:36:17 2017 us=758879 C:\WINDOWS\system32\route.exe ADD 192.168.1.0 MASK 255.255.255.0 172.16.8.5
Sat Dec 23 10:36:17 2017 us=760872 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=35 and dwForwardType=4
Sat Dec 23 10:36:17 2017 us=760872 Route addition via IPAPI succeeded [adaptive]
Sat Dec 23 10:36:17 2017 us=760872 C:\WINDOWS\system32\route.exe ADD 172.16.8.1 MASK 255.255.255.255 172.16.8.5
Sat Dec 23 10:36:17 2017 us=762874 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=35 and dwForwardType=4
Sat Dec 23 10:36:17 2017 us=762874 Route addition via IPAPI succeeded [adaptive]
Sat Dec 23 10:36:17 2017 us=762874 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sat Dec 23 10:36:17 2017 us=762874 Initialization Sequence Completed
Sat Dec 23 10:36:17 2017 us=762874 MANAGEMENT: >STATE:1514021777,CONNECTED,SUCCESS,172.16.8.6,86.197.18.180,1194,,
Sat Dec 23 11:36:11 2017 us=59627 TLS: soft reset sec=-1 bytes=170360/-1 pkts=1505/0
Sat Dec 23 11:36:12 2017 us=575988 VERIFY OK: depth=1, CN=FREENAS CA
Sat Dec 23 11:36:12 2017 us=575988 VERIFY KU OK
Sat Dec 23 11:36:12 2017 us=575988 Validating certificate extended key usage
Sat Dec 23 11:36:12 2017 us=575988 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Sat Dec 23 11:36:12 2017 us=575988 VERIFY EKU OK
Sat Dec 23 11:36:12 2017 us=575988 VERIFY OK: depth=0, CN=openvpn-server
Sat Dec 23 11:36:12 2017 us=835873 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Sat Dec 23 11:36:12 2017 us=835873 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Sat Dec 23 11:36:12 2017 us=835873 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA

Code: Select all

[oconf=]ROUTE PRINT[/oconf]
IPv4 Table de routage
===========================================================================
Itin‚raires actifsÿ:
Destination r‚seau    Masque r‚seau  Adr. passerelle   Adr. interface M‚trique
          0.0.0.0          0.0.0.0   10.118.241.139   10.118.241.142    326
   10.118.241.136  255.255.255.248         On-link    10.118.241.142    326
   10.118.241.142  255.255.255.255         On-link    10.118.241.142    326
   10.118.241.143  255.255.255.255         On-link    10.118.241.142    326
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
       172.16.8.1  255.255.255.255       172.16.8.5       172.16.8.6     35
       172.16.8.4  255.255.255.252         On-link        172.16.8.6    291
       172.16.8.6  255.255.255.255         On-link        172.16.8.6    291
       172.16.8.7  255.255.255.255         On-link        172.16.8.6    291
      192.168.1.0    255.255.255.0       172.16.8.5       172.16.8.6     35
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link    10.118.241.142    326
        224.0.0.0        240.0.0.0         On-link        172.16.8.6    291
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link    10.118.241.142    326
  255.255.255.255  255.255.255.255         On-link        172.16.8.6    291
===========================================================================
Itin‚raires persistantsÿ:
  Aucun
Ping mydomain.org = WORKS
Ping 192.168.1.1 = DON'T WORK
ping 172.16.8.5 = DON'T WORK

Code: Select all

[oconf=]IPFW FREEBSD firewall[/oconf]
root@OpenVPN:/ # ipfw list
00100 nat 1 ip from 172.16.8.0/24 to any out via epair2b
00200 nat 1 ip from any to any in via epair2b
65535 allow ip from any to any

Code: Select all

[oconf=]SOCKSTAT[/oconf]
root@OpenVPN:/ # sockstat -4 -l
USER     COMMAND    PID   FD PROTO  LOCAL ADDRESS         FOREIGN ADDRESS
nobody   openvpn    39160 6  udp46  *:1194                *:*
root     syslogd    39121 7  udp4   *:514                 *:*

Code: Select all

[oconf=]IFCONFIG[/oconf]
root@OpenVPN:/ # ifconfig
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
        inet 127.0.0.1 netmask 0xff000000
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
        groups: lo
epair2b: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=8<VLAN_MTU>
        ether 6e:cc:dc:b2:97:99
        inet 192.168.1.39 netmask 0xffffff00 broadcast 192.168.1.255
        nd6 options=9<PERFORMNUD,IFDISABLED>
        media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
        status: active
        groups: epair
tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1500
        options=80000<LINKSTATE>
        inet 172.16.8.1 --> 172.16.8.2  netmask 0xffffffff
        nd6 options=9<PERFORMNUD,IFDISABLED>
        groups: tun
At 1 days from Xmas I consider this as a letter to Santa Claus, maybe I'm not too late :P

Thank you

Nico

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 5006
Joined: Fri Jun 03, 2016 1:17 pm

Re: Cannot get it working

Post by TinCanTech » Sun Dec 24, 2017 1:38 pm

Nico68 wrote:
Sat Dec 23, 2017 11:14 am
ping 172.16.8.5 = DON'T WORK
That is correct .. 172.16.8.5 is the client side end point and is not a usable address.

Can you ping 172.16.8.1 .. ie. the server VPN IP ?

Nico68
OpenVPN User
Posts: 12
Joined: Mon Dec 18, 2017 3:27 pm

Re: Cannot get it working

Post by Nico68 » Tue Dec 26, 2017 8:36 pm

TinCanTech wrote:
Sun Dec 24, 2017 1:38 pm
Nico68 wrote:
Sat Dec 23, 2017 11:14 am
ping 172.16.8.5 = DON'T WORK
That is correct .. 172.16.8.5 is the client side end point and is not a usable address.

Can you ping 172.16.8.1 .. ie. the server VPN IP ?
Hello TinCanTech and thank you for your reply, yes exactly 176.16.8.1 reply to ping. Does it mean the VPN is working correctly? how can I access the IP range 192.168.1.X ? no one in the range 192.168.1.X reply to ping.

Nico

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 5006
Joined: Fri Jun 03, 2016 1:17 pm

Re: Cannot get it working

Post by TinCanTech » Tue Dec 26, 2017 10:55 pm

HOWTO: Expanding the scope of the VPN to include additional machines

Also,
  • NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x. Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
:arrow: Never use 192.168.0.0/24 or 192.168.1.0/24 (or other common subnets) for your OpenVPN Server LAN :!:
  • You are advised to change your server LAN to a more unique RFC1918 compliant subnet.
    For example: 192.168.143.0/24
Also, ensure IP forwarding is enabled on your server.

Nico68
OpenVPN User
Posts: 12
Joined: Mon Dec 18, 2017 3:27 pm

Re: Cannot get it working

Post by Nico68 » Wed Dec 27, 2017 12:19 pm

TinCanTech wrote:
Tue Dec 26, 2017 10:55 pm
HOWTO: Expanding the scope of the VPN to include additional machines

Also,
  • NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x. Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
:arrow: Never use 192.168.0.0/24 or 192.168.1.0/24 (or other common subnets) for your OpenVPN Server LAN :!:
  • You are advised to change your server LAN to a more unique RFC1918 compliant subnet.
    For example: 192.168.143.0/24
Also, ensure IP forwarding is enabled on your server.
Hello TinCanTech and thanks again for you help :)

I'm aware about my actuel subnet and I thought I would try first if it works before to change all my home network configuration. I guess using 192.168.1.0 would not block the VPN to work, or I'm wrong?

I added this lines to the rc.conf to enable IP forwarding :

Code: Select all

openvpn_enable="YES"
openvpn_if="tun"
openvpn_configfile="/mnt/keys/openvpn.conf"
openvpn_dir="/mnt/keys"
cloned_interfaces="tun"
gateway_enable="YES"
firewall_enable="YES"
firewall_script="/usr/local/etc/ipfw.rules"
I already read this topic about how to add machines behind the VPN server and that's why you see [push "route 192.168.1.0 255.255.255.0"] in the server config file.

for example my FREENAS server has a local IP address : 192.168.1.38, should I be able to reach it, but ping doesn't work.

I look forward to your precious help because I'm not able to figure out what to do

Thanks

Nico

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 5006
Joined: Fri Jun 03, 2016 1:17 pm

Re: Cannot get it working

Post by TinCanTech » Wed Dec 27, 2017 7:54 pm

Nico68 wrote:
Wed Dec 27, 2017 12:19 pm
I added this lines to the rc.conf to enable IP forwarding
That does not look like you have enabled IP_Forwarding .. what machine do you run openvpn server on ?

Nico68
OpenVPN User
Posts: 12
Joined: Mon Dec 18, 2017 3:27 pm

Re: Cannot get it working

Post by Nico68 » Thu Dec 28, 2017 9:02 am

TinCanTech wrote:
Wed Dec 27, 2017 7:54 pm
Nico68 wrote:
Wed Dec 27, 2017 12:19 pm
I added this lines to the rc.conf to enable IP forwarding
That does not look like you have enabled IP_Forwarding .. what machine do you run openvpn server on ?
Hello TinCanTech, I run a FREENAS server (v11.1) 192.168.1.38/24 and the OpenVPN server is located into a jail 192.168.1.39/24 running with FreeBSD.

I used this post to build up my VPN server https://forums.freenas.org/index.php?th ... nat.22873/

thank you

Nico

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 5006
Joined: Fri Jun 03, 2016 1:17 pm

Re: Cannot get it working

Post by TinCanTech » Thu Dec 28, 2017 12:14 pm

I don't know enough about FreeNAS to be able to help you with that.

However, it looks like you have mis-configured your Jail so I suggest you work through your guide again ..

Nico68
OpenVPN User
Posts: 12
Joined: Mon Dec 18, 2017 3:27 pm

Re: Cannot get it working

Post by Nico68 » Fri Dec 29, 2017 12:36 pm

TinCanTech wrote:
Thu Dec 28, 2017 12:14 pm
I don't know enough about FreeNAS to be able to help you with that.

However, it looks like you have mis-configured your Jail so I suggest you work through your guide again ..
Hello TinCanTech, thank you for your help. I understand this configuration is a little bit exotic....but I worked on it and progressed a little bit.

I can see now the tunnel's traffic incoming and outgoing, the IP address are even transformed in their names.

if I ping my ISP box (yes still using 192.168.1.0^^), I get this

Code: Select all

13:30:42.843113 IP 10.8.0.6 > livebox.home: ICMP echo request, id 1, seq 305, length 40
but the ping fail

if I ask to access the shared folders from my FREENAS server I get this:

Code: Select all

13:25:44.488514 IP 10.8.0.6.64783 > freenas.home.microsoft-ds: Flags [S], seq 3074454156, win 64240, options [mss 1357,nop,wscale 8,nop,nop,sackOK], length 0
13:25:45.462377 IP 10.8.0.6.64784 > freenas.home.netbios-ssn: Flags [S], seq 1487921169, win 64240, options [mss 1357,nop,wscale 8,nop,nop,sackOK], length 0
13:25:47.498793 IP 10.8.0.6.64783 > freenas.home.microsoft-ds: Flags [S], seq 3074454156, win 64240, options [mss 1357,nop,wscale 8,nop,nop,sackOK], length 0
13:25:48.505807 IP 10.8.0.6.64784 > freenas.home.netbios-ssn: Flags [S], seq 1487921169, win 64240, options [mss 1357,nop,wscale 8,nop,nop,sackOK], length 0
13:25:53.913131 IP 10.8.0.6.64783 > freenas.home.microsoft-ds: Flags [S], seq 3074454156, win 64240, options [mss 1357,nop,wscale 8,nop,nop,sackOK], length 0
13:25:55.088671 IP 10.8.0.6.64784 > freenas.home.netbios-ssn: Flags [S], seq 1487921169, win 64240, options [mss 1357,nop,wscale 8,nop,nop,sackOK], length 0
13:26:01.746482 IP 10.8.0.6.svrloc > 192.168.1.56.svrloc: UDP, length 44
13:26:07.666828 IP 10.8.0.6.netbios-ns > freenas.home.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; UNICAST
13:26:08.020998 IP 10.8.0.6.netbios-ns > freenas.home.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; UNICAST
13:26:09.507470 IP 10.8.0.6.netbios-ns > freenas.home.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; UNICAST
13:26:11.002138 IP 10.8.0.6.64790 > freenas.home.http: Flags [S], seq 2065934172, win 64240, options [mss 1357,nop,wscale 8,nop,nop,sackOK], length 0
13:26:14.566206 IP 10.8.0.6.64790 > freenas.home.http: Flags [S], seq 2065934172, win 64240, options [mss 1357,nop,wscale 8,nop,nop,sackOK], length 0
13:26:20.597843 IP 10.8.0.6.64790 > freenas.home.http: Flags [S], seq 2065934172, win 64240, options [mss 1357,nop,wscale 8,nop,nop,sackOK], length 0
13:26:29.155576 IP 10.8.0.6.svrloc > 192.168.1.56.svrloc: UDP, length 44
13:26:56.139542 IP 10.8.0.6.svrloc > 192.168.1.56.svrloc: UDP, length 44
13:27:23.156773 IP 10.8.0.6.svrloc > 192.168.1.56.svrloc: UDP, length 44
13:27:50.264523 IP 10.8.0.6.svrloc > 192.168.1.56.svrloc: UDP, length 44
13:28:17.173609 IP 10.8.0.6.svrloc > 192.168.1.56.svrloc: UDP, length 44
13:28:44.237521 IP 10.8.0.6.svrloc > 192.168.1.56.svrloc: UDP, length 44
13:29:11.338721 IP 10.8.0.6.svrloc > 192.168.1.56.svrloc: UDP, length 44
13:29:38.260172 IP 10.8.0.6.svrloc > 192.168.1.56.svrloc: UDP, length 44
13:29:54.990996 IP 10.8.0.6.64808 > freenas.home.microsoft-ds: Flags [S], seq 1845055736, win 64240, options [mss 1357,nop,wscale 8,nop,nop,sackOK], length 0
13:29:55.720603 IP 10.8.0.6.64809 > freenas.home.netbios-ssn: Flags [S], seq 1379996826, win 64240, options [mss 1357,nop,wscale 8,nop,nop,sackOK], length 0
13:29:56.968522 IP 10.8.0.6.64808 > freenas.home.microsoft-ds: Flags [S], seq 1845055736, win 64240, options [mss 1357,nop,wscale 8,nop,nop,sackOK], length 0
13:29:57.979806 IP 10.8.0.6.64809 > freenas.home.netbios-ssn: Flags [S], seq 1379996826, win 64240, options [mss 1357,nop,wscale 8,nop,nop,sackOK], length 0
13:30:03.850529 IP 10.8.0.6.64808 > freenas.home.microsoft-ds: Flags [S], seq 1845055736, win 64240, options [mss 1357,nop,wscale 8,nop,nop,sackOK], length 0
13:30:04.757027 IP 10.8.0.6.64809 > freenas.home.netbios-ssn: Flags [S], seq 1379996826, win 64240, options [mss 1357,nop,wscale 8,nop,nop,sackOK], length 0
13:30:04.911095 IP 10.8.0.6.svrloc > 192.168.1.56.svrloc: UDP, length 44
13:30:16.591764 IP 10.8.0.6.netbios-ns > freenas.home.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; UNICAST
13:30:17.489713 IP 10.8.0.6.netbios-ns > freenas.home.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; UNICAST
13:30:19.003159 IP 10.8.0.6.netbios-ns > freenas.home.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; UNICAST
13:30:20.524001 IP 10.8.0.6.64815 > freenas.home.http: Flags [S], seq 2444678545, win 64240, options [mss 1357,nop,wscale 8,nop,nop,sackOK], length 0
13:30:23.812316 IP 10.8.0.6.64815 > freenas.home.http: Flags [S], seq 2444678545, win 64240, options [mss 1357,nop,wscale 8,nop,nop,sackOK], length 0
13:30:29.800389 IP 10.8.0.6.64815 > freenas.home.http: Flags [S], seq 2444678545, win 64240, options [mss 1357,nop,wscale 8,nop,nop,sackOK], length 0
it seems there is a communication but I cannot access the wished shared folder

Are the sent datas from the server side bloqued on the client side when incoming?

Thanks again for your help

Nico

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 5006
Joined: Fri Jun 03, 2016 1:17 pm

Re: Cannot get it working

Post by TinCanTech » Fri Dec 29, 2017 2:23 pm

Nico68 wrote:
Fri Dec 29, 2017 12:36 pm
if I ping my ISP box (yes still using 192.168.1.0^^), I get this

Code: Select all

13:30:42.843113 IP 10.8.0.6 > livebox.home: ICMP echo request, id 1, seq 305, length 40
but the ping fail
Your livebox.home does not have a route for the VPN IP.

Nico68
OpenVPN User
Posts: 12
Joined: Mon Dec 18, 2017 3:27 pm

Re: Cannot get it working

Post by Nico68 » Fri Dec 29, 2017 11:23 pm

TinCanTech wrote:
Fri Dec 29, 2017 2:23 pm
Nico68 wrote:
Fri Dec 29, 2017 12:36 pm
if I ping my ISP box (yes still using 192.168.1.0^^), I get this

Code: Select all

13:30:42.843113 IP 10.8.0.6 > livebox.home: ICMP echo request, id 1, seq 305, length 40
but the ping fail
Your livebox.home does not have a route for the VPN IP.
Hello TinCanTech, you was right, I had an issue with the routing, I added ccd file for the user because the declaration of the route to 192.168.1.0 in the server file wasn't enough.

Now I can ping everyone from the client side.

I wanted to access the shared folders from my NAS but that doesn't work (no idea if SMB need additional stuff), it's my next challenge!

thank you for your great help

Nico

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 5006
Joined: Fri Jun 03, 2016 1:17 pm

Re: Cannot get it working

Post by TinCanTech » Sat Dec 30, 2017 1:36 am

Sounds like you have it working now 8-)

To connect to Network Shares:

Code: Select all

> net use x: \\windows.host.ip.address\sharename

Nico68
OpenVPN User
Posts: 12
Joined: Mon Dec 18, 2017 3:27 pm

Re: Cannot get it working

Post by Nico68 » Mon Jan 01, 2018 4:49 pm

TinCanTech wrote:
Sat Dec 30, 2017 1:36 am
Sounds like you have it working now 8-)

To connect to Network Shares:

Code: Select all

> net use x: \\windows.host.ip.address\sharename
Hello TinCanTech

I fianally get it working, and thank you for your help

I needed to deal with the FREEBSD IPFW to build up the firewall feature and the routing, otherwise it wasn't able to leave the FREEBDSD jail.

It works from my PC using LTE or my mobile phone, amazing!

Thank you again

...and happy new year

Nico

Locked