Why can't I ping the local address of my OpenVPN gateway ?

Need help configuring your VPN? Just post here and you'll get that help.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Locked
cousinhub
OpenVpn Newbie
Posts: 11
Joined: Tue Jan 26, 2016 7:48 am

Why can't I ping the local address of my OpenVPN gateway ?

Post by cousinhub » Mon Feb 14, 2022 7:53 am

Hello,
I recently setup a OpenVPN (to replace a far too slow Softether VPN) between Office , Home and Internet rented dedicated servers. I have one question which puzzle me.
Office Server : Old reliable NAS DLink DNS320 with Alt-F (Linux kernel 4.4.86), OpenVPN server 2.4.8 (Package exists and so far, I have not been to compile Linux-pam for this distribution to be able to compile the latest 2.5.5). Network 192.168.5.x
Home Gateway: Old reliable NAS Synology DS213 (DSM 6.2.4 Linux kernel 2.6.32.12), OpenVPN client 2.5.5 (Compiled from sources). Network 192.18.5.x
Vpn tunnels : tun , proto udp4 , topology subnet, created with network 192.168.253.x (3 servers on Internet + Gateway) to server 192.168.253.1
All the routes and ip forwarding seem to be correctly configured as I can copy any file to any machine of the VPN
From all machine at home (192.168.5.x) included the gateway, I can ping any address 192.168.253.x (included the OpenVpn server) and any address 192.168.5.x (included the OpenVpn server)
From all machine at office or tunnelled (192.168.5.x and 192.168.253.x) included the OpenVPN server, I can ping any address 192.168.253.x (included the OpenVpn server and gateway) , any address 192.168.5.x (included the OpenVpn server) , any address 192.168.6.x APART FROM THE OpenVPN gateway.
It works ok because I can use the OpenVpn gateway address 192.168.253.x from anywhere to reach the Synology and the files it is holding, but as I am not a Linux specialist at all , I wonder and I would not like to have something wrong in my settings:
Is it a normal behaviour for a gateway ?
Is it because of the old kernel of the Synology ?
Am I missing something ?
Top
TinCanTech
OpenVPN Protagonist
Posts: 11139
Joined: Fri Jun 03, 2016 1:17 pm

Re: Why can't I ping the local address of my OpenVPN gateway ?

Post by TinCanTech » Mon Feb 14, 2022 1:34 pm

cousinhub wrote:
Mon Feb 14, 2022 7:53 am
 Am I missing something ?
viewtopic.php?f=30&t=22603
Top
cousinhub
OpenVpn Newbie
Posts: 11
Joined: Tue Jan 26, 2016 7:48 am

Re: Why can't I ping the local address of my OpenVPN gateway ?

Post by cousinhub » Tue Feb 22, 2022 8:01 am

Sorry about it. Took some time to retest a few thing and gather the correct information
Server config
server
1
port xxxx
2
proto udp4
3
topology subnet
4
dev tun
5
ca XX.crt
6
cert XX.crt
7
key XX.key
8
dh dh2048.pem
9
server 192.168.253.0 255.255.255.0
10
ifconfig-pool-persist ipp.txt
11
push "route 192.168.5.0 255.255.255.0"
12
push "route 192.168.6.0 255.255.255.0"
13
route 192.168.6.0 255.255.255.0
14
tun-mtu 1400
15
fragment 0
16
mssfix 0
17
cipher AES-256-CBC
18
data-ciphers AES-256-CBC
19
client-config-dir ccd
20
client-to-client
21
keepalive 10 60
22
persist-key
23
persist-tun
24
status log/status.log
25
log log/vpn.log
26
verb 4
27
explicit-exit-notify

Client/Gateway config
client
1
client
2
dev tun
3
proto udp4
4
remote xx.xx.xx.xx xxxx
5
resolv-retry infinite
6
persist-key
7
persist-tun
8
ca XX.crt
9
cert XX.crt
10
key XX.key
11
remote-cert-tls server
12
tun-mtu 1400
13
fragment 0
14
mssfix 0
15
cipher AES-256-CBC
16
data-ciphers AES-256-CBC
17
auth-nocache
18
verb 4
19
status /xxxxx/status.log
20
log /xxxxx/client.log

Log server side
server
1
2022-02-15 18:45:04 us=988694 Current Parameter Settings:
2
2022-02-15 18:45:04 us=989108 config = 'openvpn.conf'
3
2022-02-15 18:45:04 us=989340 mode = 1
4
2022-02-15 18:45:04 us=989546 persist_config = DISABLED
5
2022-02-15 18:45:04 us=989751 persist_mode = 1
6
2022-02-15 18:45:04 us=989952 show_ciphers = DISABLED
7
2022-02-15 18:45:04 us=990151 show_digests = DISABLED
8
2022-02-15 18:45:04 us=990350 show_engines = DISABLED
9
2022-02-15 18:45:04 us=990549 genkey = DISABLED
10
2022-02-15 18:45:04 us=990749 genkey_filename = '[UNDEF]'
11
2022-02-15 18:45:04 us=990949 key_pass_file = '[UNDEF]'
12
2022-02-15 18:45:04 us=991147 show_tls_ciphers = DISABLED
13
2022-02-15 18:45:04 us=991347 connect_retry_max = 0
14
2022-02-15 18:45:04 us=991549 Connection profiles [0]:
15
2022-02-15 18:45:04 us=991751 proto = udp4
16
2022-02-15 18:45:04 us=991952 local = '[UNDEF]'
17
2022-02-15 18:45:04 us=992151 local_port = 'xxxx'
18
2022-02-15 18:45:04 us=992350 remote = '[UNDEF]'
19
2022-02-15 18:45:04 us=992743 remote_port = 'xxxx'
20
2022-02-15 18:45:04 us=992960 remote_float = DISABLED
21
2022-02-15 18:45:04 us=993160 bind_defined = DISABLED
22
2022-02-15 18:45:04 us=993360 bind_local = ENABLED
23
2022-02-15 18:45:04 us=993557 bind_ipv6_only = DISABLED
24
2022-02-15 18:45:04 us=993756 connect_retry_seconds = 5
25
2022-02-15 18:45:04 us=993955 connect_timeout = 120
26
2022-02-15 18:45:04 us=994153 socks_proxy_server = '[UNDEF]'
27
2022-02-15 18:45:04 us=994352 socks_proxy_port = '[UNDEF]'
28
2022-02-15 18:45:04 us=994553 tun_mtu = 1400
29
2022-02-15 18:45:04 us=994751 tun_mtu_defined = ENABLED
30
2022-02-15 18:45:04 us=994952 link_mtu = 1500
31
2022-02-15 18:45:04 us=995150 link_mtu_defined = DISABLED
32
2022-02-15 18:45:04 us=995349 tun_mtu_extra = 0
33
2022-02-15 18:45:04 us=995547 tun_mtu_extra_defined = DISABLED
34
2022-02-15 18:45:04 us=995748 mtu_discover_type = -1
35
2022-02-15 18:45:04 us=995946 fragment = 0
36
2022-02-15 18:45:04 us=996144 mssfix = 0
37
2022-02-15 18:45:04 us=996342 explicit_exit_notification = 1
38
2022-02-15 18:45:04 us=996541 tls_auth_file = '[UNDEF]'
39
2022-02-15 18:45:04 us=996740 key_direction = not set
40
2022-02-15 18:45:04 us=996940 tls_crypt_file = '[UNDEF]'
41
2022-02-15 18:45:04 us=997140 tls_crypt_v2_file = '[UNDEF]'
42
2022-02-15 18:45:04 us=997335 Connection profiles END
43
2022-02-15 18:45:04 us=997534 remote_random = DISABLED
44
2022-02-15 18:45:04 us=997733 ipchange = '[UNDEF]'
45
2022-02-15 18:45:04 us=997931 dev = 'tun'
46
2022-02-15 18:45:04 us=998129 dev_type = '[UNDEF]'
47
2022-02-15 18:45:04 us=998329 dev_node = '[UNDEF]'
48
2022-02-15 18:45:04 us=998530 lladdr = '[UNDEF]'
49
2022-02-15 18:45:04 us=998728 topology = 3
50
2022-02-15 18:45:04 us=998927 ifconfig_local = '192.168.253.1'
51
2022-02-15 18:45:04 us=999127 ifconfig_remote_netmask = '255.255.255.0'
52
2022-02-15 18:45:04 us=999338 ifconfig_noexec = DISABLED
53
2022-02-15 18:45:04 us=999538 ifconfig_nowarn = DISABLED
54
2022-02-15 18:45:04 us=999737 ifconfig_ipv6_local = '[UNDEF]'
55
2022-02-15 18:45:04 us=999938 ifconfig_ipv6_netbits = 0
56
2022-02-15 18:45:05 us=138 ifconfig_ipv6_remote = '[UNDEF]'
57
2022-02-15 18:45:05 us=337 shaper = 0
58
2022-02-15 18:45:05 us=537 mtu_test = 0
59
2022-02-15 18:45:05 us=733 mlock = DISABLED
60
2022-02-15 18:45:05 us=933 keepalive_ping = 10
61
2022-02-15 18:45:05 us=1132 keepalive_timeout = 60
62
2022-02-15 18:45:05 us=1332 inactivity_timeout = 0
63
2022-02-15 18:45:05 us=1532 ping_send_timeout = 10
64
2022-02-15 18:45:05 us=1733 ping_rec_timeout = 120
65
2022-02-15 18:45:05 us=1933 ping_rec_timeout_action = 2
66
2022-02-15 18:45:05 us=2132 ping_timer_remote = DISABLED
67
2022-02-15 18:45:05 us=2336 remap_sigusr1 = 0
68
2022-02-15 18:45:05 us=2702 persist_tun = ENABLED
69
2022-02-15 18:45:05 us=2917 persist_local_ip = DISABLED
70
2022-02-15 18:45:05 us=3118 persist_remote_ip = DISABLED
71
2022-02-15 18:45:05 us=3318 persist_key = ENABLED
72
2022-02-15 18:45:05 us=3517 passtos = DISABLED
73
2022-02-15 18:45:05 us=3719 resolve_retry_seconds = 1000000000
74
2022-02-15 18:45:05 us=3919 resolve_in_advance = DISABLED
75
2022-02-15 18:45:05 us=4116 username = '[UNDEF]'
76
2022-02-15 18:45:05 us=4359 groupname = '[UNDEF]'
77
2022-02-15 18:45:05 us=4565 chroot_dir = '[UNDEF]'
78
2022-02-15 18:45:05 us=4763 cd_dir = '/xxxxx/openvpn'
79
2022-02-15 18:45:05 us=4959 writepid = '[UNDEF]'
80
2022-02-15 18:45:05 us=5157 up_script = '[UNDEF]'
81
2022-02-15 18:45:05 us=5354 down_script = '[UNDEF]'
82
2022-02-15 18:45:05 us=5551 down_pre = DISABLED
83
2022-02-15 18:45:05 us=5748 up_restart = DISABLED
84
2022-02-15 18:45:05 us=5944 up_delay = DISABLED
85
2022-02-15 18:45:05 us=6141 daemon = ENABLED
86
2022-02-15 18:45:05 us=6339 inetd = 0
87
2022-02-15 18:45:05 us=6534 log = ENABLED
88
2022-02-15 18:45:05 us=6731 suppress_timestamps = DISABLED
89
2022-02-15 18:45:05 us=6928 machine_readable_output = DISABLED
90
2022-02-15 18:45:05 us=7126 nice = 0
91
2022-02-15 18:45:05 us=7323 verbosity = 4
92
2022-02-15 18:45:05 us=7520 mute = 0
93
2022-02-15 18:45:05 us=7718 gremlin = 0
94
2022-02-15 18:45:05 us=7914 status_file = 'log/status.log'
95
2022-02-15 18:45:05 us=8113 status_file_version = 1
96
2022-02-15 18:45:05 us=8311 status_file_update_freq = 60
97
2022-02-15 18:45:05 us=8508 occ = ENABLED
98
2022-02-15 18:45:05 us=8705 rcvbuf = 0
99
2022-02-15 18:45:05 us=8902 sndbuf = 0
100
2022-02-15 18:45:05 us=9098 mark = 0
101
2022-02-15 18:45:05 us=9308 sockflags = 0
102
2022-02-15 18:45:05 us=9507 fast_io = DISABLED
103
2022-02-15 18:45:05 us=9709 comp.alg = 0
104
2022-02-15 18:45:05 us=9909 comp.flags = 0
105
2022-02-15 18:45:05 us=10109 route_script = '[UNDEF]'
106
2022-02-15 18:45:05 us=10309 route_default_gateway = '192.168.253.2'
107
2022-02-15 18:45:05 us=10509 route_default_metric = 0
108
2022-02-15 18:45:05 us=10707 route_noexec = DISABLED
109
2022-02-15 18:45:05 us=10905 route_delay = 0
110
2022-02-15 18:45:05 us=11105 route_delay_window = 30
111
2022-02-15 18:45:05 us=11307 route_delay_defined = DISABLED
112
2022-02-15 18:45:05 us=11507 route_nopull = DISABLED
113
2022-02-15 18:45:05 us=11707 route_gateway_via_dhcp = DISABLED
114
2022-02-15 18:45:05 us=11907 allow_pull_fqdn = DISABLED
115
2022-02-15 18:45:05 us=12116 route 192.168.6.0/255.255.255.0/default (not set)/default (not set)
116
2022-02-15 18:45:05 us=12319 management_addr = '[UNDEF]'
117
2022-02-15 18:45:05 us=12668 management_port = '[UNDEF]'
118
2022-02-15 18:45:05 us=12885 management_user_pass = '[UNDEF]'
119
2022-02-15 18:45:05 us=13092 management_log_history_cache = 250
120
2022-02-15 18:45:05 us=13294 management_echo_buffer_size = 100
121
2022-02-15 18:45:05 us=13496 management_write_peer_info_file = '[UNDEF]'
122
2022-02-15 18:45:05 us=13696 management_client_user = '[UNDEF]'
123
2022-02-15 18:45:05 us=13896 management_client_group = '[UNDEF]'
124
2022-02-15 18:45:05 us=14097 management_flags = 0
125
2022-02-15 18:45:05 us=14296 shared_secret_file = '[UNDEF]'
126
2022-02-15 18:45:05 us=14497 key_direction = not set
127
2022-02-15 18:45:05 us=14696 ciphername = 'AES-256-CBC'
128
2022-02-15 18:45:05 us=14898 ncp_enabled = ENABLED
129
2022-02-15 18:45:05 us=15097 ncp_ciphers = 'AES-256-CBC'
130
2022-02-15 18:45:05 us=15296 authname = 'SHA1'
131
2022-02-15 18:45:05 us=15497 prng_hash = 'SHA1'
132
2022-02-15 18:45:05 us=15697 prng_nonce_secret_len = 16
133
2022-02-15 18:45:05 us=15898 keysize = 0
134
2022-02-15 18:45:05 us=16096 engine = DISABLED
135
2022-02-15 18:45:05 us=16294 replay = ENABLED
136
2022-02-15 18:45:05 us=16493 mute_replay_warnings = DISABLED
137
2022-02-15 18:45:05 us=16694 replay_window = 64
138
2022-02-15 18:45:05 us=16896 replay_time = 15
139
2022-02-15 18:45:05 us=17097 packet_id_file = '[UNDEF]'
140
2022-02-15 18:45:05 us=17298 test_crypto = DISABLED
141
2022-02-15 18:45:05 us=17498 tls_server = ENABLED
142
2022-02-15 18:45:05 us=17696 tls_client = DISABLED
143
2022-02-15 18:45:05 us=17895 ca_file = 'XX.crt'
144
2022-02-15 18:45:05 us=18091 ca_path = '[UNDEF]'
145
2022-02-15 18:45:05 us=18290 dh_file = 'dh2048.pem'
146
2022-02-15 18:45:05 us=18490 cert_file = 'openserver.crt'
147
2022-02-15 18:45:05 us=18692 extra_certs_file = '[UNDEF]'
148
2022-02-15 18:45:05 us=18892 priv_key_file = 'XX.key'
149
2022-02-15 18:45:05 us=19090 pkcs12_file = '[UNDEF]'
150
2022-02-15 18:45:05 us=19288 cipher_list = '[UNDEF]'
151
2022-02-15 18:45:05 us=19499 cipher_list_tls13 = '[UNDEF]'
152
2022-02-15 18:45:05 us=19739 tls_cert_profile = '[UNDEF]'
153
2022-02-15 18:45:05 us=19944 tls_verify = '[UNDEF]'
154
2022-02-15 18:45:05 us=20145 tls_export_cert = '[UNDEF]'
155
2022-02-15 18:45:05 us=20346 verify_x509_type = 0
156
2022-02-15 18:45:05 us=20545 verify_x509_name = '[UNDEF]'
157
2022-02-15 18:45:05 us=20746 crl_file = '[UNDEF]'
158
2022-02-15 18:45:05 us=20946 ns_cert_type = 0
159
2022-02-15 18:45:05 us=21146 remote_cert_ku = 0
160
2022-02-15 18:45:05 us=21346 remote_cert_ku = 0
161
2022-02-15 18:45:05 us=21546 remote_cert_ku = 0
162
2022-02-15 18:45:05 us=21746 remote_cert_ku = 0
163
2022-02-15 18:45:05 us=21945 remote_cert_ku = 0
164
2022-02-15 18:45:05 us=22144 remote_cert_ku = 0
165
2022-02-15 18:45:05 us=22345 remote_cert_ku = 0
166
2022-02-15 18:45:05 us=22689 remote_cert_ku = 0
167
2022-02-15 18:45:05 us=22901 remote_cert_ku = 0
168
2022-02-15 18:45:05 us=23105 remote_cert_ku = 0
169
2022-02-15 18:45:05 us=23305 remote_cert_ku[i] = 0
170
2022-02-15 18:45:05 us=23507 remote_cert_ku[i] = 0
171
2022-02-15 18:45:05 us=23705 remote_cert_ku[i] = 0
172
2022-02-15 18:45:05 us=23904 remote_cert_ku[i] = 0
173
2022-02-15 18:45:05 us=24103 remote_cert_ku[i] = 0
174
2022-02-15 18:45:05 us=24301 remote_cert_ku[i] = 0
175
2022-02-15 18:45:05 us=24502 remote_cert_eku = '[UNDEF]'
176
2022-02-15 18:45:05 us=24702 ssl_flags = 0
177
2022-02-15 18:45:05 us=24903 tls_timeout = 2
178
2022-02-15 18:45:05 us=25104 renegotiate_bytes = -1
179
2022-02-15 18:45:05 us=25305 renegotiate_packets = 0
180
2022-02-15 18:45:05 us=25506 renegotiate_seconds = 3600
181
2022-02-15 18:45:05 us=25708 handshake_window = 60
182
2022-02-15 18:45:05 us=25908 transition_window = 3600
183
2022-02-15 18:45:05 us=26107 single_session = DISABLED
184
2022-02-15 18:45:05 us=26305 push_peer_info = DISABLED
185
2022-02-15 18:45:05 us=26505 tls_exit = DISABLED
186
2022-02-15 18:45:05 us=26705 tls_crypt_v2_metadata = '[UNDEF]'
187
2022-02-15 18:45:05 us=26921 server_network = 192.168.253.0
188
2022-02-15 18:45:05 us=27136 server_netmask = 255.255.255.0
189
2022-02-15 18:45:05 us=27382 server_network_ipv6 = ::
190
2022-02-15 18:45:05 us=27588 server_netbits_ipv6 = 0
191
2022-02-15 18:45:05 us=27801 server_bridge_ip = 0.0.0.0
192
2022-02-15 18:45:05 us=28014 server_bridge_netmask = 0.0.0.0
193
2022-02-15 18:45:05 us=28229 server_bridge_pool_start = 0.0.0.0
194
2022-02-15 18:45:05 us=28487 server_bridge_pool_end = 0.0.0.0
195
2022-02-15 18:45:05 us=28700 push_entry = 'route 192.168.5.0 255.255.255.0'
196
2022-02-15 18:45:05 us=28905 push_entry = 'route 192.168.6.0 255.255.255.0'
197
2022-02-15 18:45:05 us=29108 push_entry = 'route-gateway 192.168.253.1'
198
2022-02-15 18:45:05 us=29308 push_entry = 'topology subnet'
199
2022-02-15 18:45:05 us=29518 push_entry = 'ping 10'
200
2022-02-15 18:45:05 us=29717 push_entry = 'ping-restart 60'
201
2022-02-15 18:45:05 us=29919 ifconfig_pool_defined = ENABLED
202
2022-02-15 18:45:05 us=30134 ifconfig_pool_start = 192.168.253.2
203
2022-02-15 18:45:05 us=30355 ifconfig_pool_end = 192.168.253.254
204
2022-02-15 18:45:05 us=30576 ifconfig_pool_netmask = 255.255.255.0
205
2022-02-15 18:45:05 us=30777 ifconfig_pool_persist_filename = 'ipp.txt'
206
2022-02-15 18:45:05 us=30982 ifconfig_pool_persist_refresh_freq = 600
207
2022-02-15 18:45:05 us=31183 ifconfig_ipv6_pool_defined = DISABLED
208
2022-02-15 18:45:05 us=31393 ifconfig_ipv6_pool_base = ::
209
2022-02-15 18:45:05 us=31597 ifconfig_ipv6_pool_netbits = 0
210
2022-02-15 18:45:05 us=31799 n_bcast_buf = 256
211
2022-02-15 18:45:05 us=32000 tcp_queue_limit = 64
212
2022-02-15 18:45:05 us=32203 real_hash_size = 256
213
2022-02-15 18:45:05 us=32527 virtual_hash_size = 256
214
2022-02-15 18:45:05 us=32759 client_connect_script = '[UNDEF]'
215
2022-02-15 18:45:05 us=32968 learn_address_script = '[UNDEF]'
216
2022-02-15 18:45:05 us=33173 client_disconnect_script = '[UNDEF]'
217
2022-02-15 18:45:05 us=33374 client_config_dir = 'ccd'
218
2022-02-15 18:45:05 us=33575 ccd_exclusive = DISABLED
219
2022-02-15 18:45:05 us=33773 tmp_dir = '/tmp'
220
2022-02-15 18:45:05 us=33975 push_ifconfig_defined = DISABLED
221
2022-02-15 18:45:05 us=34190 push_ifconfig_local = 0.0.0.0
222
2022-02-15 18:45:05 us=34443 push_ifconfig_remote_netmask = 0.0.0.0
223
2022-02-15 18:45:05 us=34652 push_ifconfig_ipv6_defined = DISABLED
224
2022-02-15 18:45:05 us=34869 push_ifconfig_ipv6_local = ::/0
225
2022-02-15 18:45:05 us=35085 push_ifconfig_ipv6_remote = ::
226
2022-02-15 18:45:05 us=35285 enable_c2c = ENABLED
227
2022-02-15 18:45:05 us=35487 duplicate_cn = DISABLED
228
2022-02-15 18:45:05 us=35687 cf_max = 0
229
2022-02-15 18:45:05 us=35887 cf_per = 0
230
2022-02-15 18:45:05 us=36087 max_clients = 1024
231
2022-02-15 18:45:05 us=36291 max_routes_per_client = 256
232
2022-02-15 18:45:05 us=36491 auth_user_pass_verify_script = '[UNDEF]'
233
2022-02-15 18:45:05 us=36693 auth_user_pass_verify_script_via_file = DISABLED
234
2022-02-15 18:45:05 us=36893 auth_token_generate = DISABLED
235
2022-02-15 18:45:05 us=37095 auth_token_lifetime = 0
236
2022-02-15 18:45:05 us=37295 auth_token_secret_file = '[UNDEF]'
237
2022-02-15 18:45:05 us=37497 port_share_host = '[UNDEF]'
238
2022-02-15 18:45:05 us=37696 port_share_port = '[UNDEF]'
239
2022-02-15 18:45:05 us=37900 vlan_tagging = DISABLED
240
2022-02-15 18:45:05 us=38097 vlan_accept = all
241
2022-02-15 18:45:05 us=38300 vlan_pvid = 1
242
2022-02-15 18:45:05 us=38501 client = DISABLED
243
2022-02-15 18:45:05 us=38701 pull = DISABLED
244
2022-02-15 18:45:05 us=38902 auth_user_pass_file = '[UNDEF]'
245
2022-02-15 18:45:05 us=39126 OpenVPN 2.5.5 armv5tel-unknown-linux-uclibceabi [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Feb 14 2022
246
2022-02-15 18:45:05 us=39386 library versions: OpenSSL 1.1.1k 25 Mar 2021, LZO 2.10
247
2022-02-15 18:45:05 us=44129 net_route_v4_best_gw query: dst 0.0.0.0
248
2022-02-15 18:45:05 us=101254 net_route_v4_best_gw result: via 192.168.5.1 dev eth0
249
2022-02-15 18:45:05 us=107760 Diffie-Hellman initialized with 2048 bit key
250
2022-02-15 18:45:05 us=114495 TLS-Auth MTU parms [ L:1521 D:1212 EF:38 EB:0 ET:0 EL:3 ]
251
2022-02-15 18:45:05 us=115728 net_route_v4_best_gw query: dst 0.0.0.0
252
2022-02-15 18:45:05 us=172361 net_route_v4_best_gw result: via 192.168.5.1 dev eth0
253
2022-02-15 18:45:05 us=172976 ROUTE_GATEWAY 192.168.5.1/255.255.255.0 IFACE=eth0 HWADDR=28:10:7b:45:a4:11
254
2022-02-15 18:45:05 us=175383 TUN/TAP device tun0 opened
255
2022-02-15 18:45:05 us=175670 do_ifconfig, ipv4=1, ipv6=0
256
2022-02-15 18:45:05 us=244474 net_iface_mtu_set: mtu 1400 for tun0
257
2022-02-15 18:45:05 us=301017 net_iface_up: set tun0 up
258
2022-02-15 18:45:05 us=301611 net_addr_v4_add: 192.168.253.1/24 dev tun0
259
2022-02-15 18:45:05 us=358499 net_route_v4_add: 192.168.6.0/24 via 192.168.253.2 dev [NULL] table 0 metric -1
260
2022-02-15 18:45:05 us=359108 Data Channel MTU parms [ L:1521 D:1521 EF:121 EB:389 ET:0 EL:3 ]
261
2022-02-15 18:45:05 us=359428 Socket Buffers: R=[163840->163840] S=[163840->163840]
262
2022-02-15 18:45:05 us=359708 UDPv4 link local (bound): [AF_INET][undef]:19635
263
2022-02-15 18:45:05 us=359928 UDPv4 link remote: [AF_UNSPEC]
264
2022-02-15 18:45:05 us=360155 MULTI: multi_init called, r=256 v=256
265
2022-02-15 18:45:05 us=360488 IFCONFIG POOL IPv4: base=192.168.253.2 size=253
266
2022-02-15 18:45:05 us=360789 IFCONFIG POOL LIST
267
2022-02-15 18:45:05 us=361315 Initialization Sequence Completed
268
2022-02-15 18:45:05 us=996604 MULTI: multi_create_instance called
269
2022-02-15 18:45:05 us=998253 aa.aa.aa.aa:1194 Re-using SSL/TLS context
270
2022-02-15 18:45:06 us=3218 aa.aa.aa.aa:1194 Control Channel MTU parms [ L:1521 D:1212 EF:38 EB:0 ET:0 EL:3 ]
271
2022-02-15 18:45:06 us=4078 aa.aa.aa.aa:1194 Data Channel MTU parms [ L:1521 D:1521 EF:121 EB:389 ET:0 EL:3 ]
272
2022-02-15 18:45:06 us=9170 aa.aa.aa.aa:1194 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1457,tun-mtu 1400,proto UDPv4,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-server'
273
2022-02-15 18:45:06 us=9886 aa.aa.aa.aa:1194 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1457,tun-mtu 1400,proto UDPv4,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-client'
274
2022-02-15 18:45:06 us=11124 aa.aa.aa.aa:1194 TLS: Initial packet from [AF_INET]aa.aa.aa.aa:1194, sid=d399b521 8e4c78f1
275
2022-02-15 18:45:06 us=194944 MULTI: multi_create_instance called
276
2022-02-15 18:45:06 us=195616 xx.xx.xx.xx:1194 Re-using SSL/TLS context
277
2022-02-15 18:45:06 us=196864 xx.xx.xx.xx:1194 Control Channel MTU parms [ L:1521 D:1212 EF:38 EB:0 ET:0 EL:3 ]
278
2022-02-15 18:45:06 us=197141 xx.xx.xx.xx:1194 Data Channel MTU parms [ L:1521 D:1521 EF:121 EB:389 ET:0 EL:3 ]
279
2022-02-15 18:45:06 us=198853 xx.xx.xx.xx:1194 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1457,tun-mtu 1400,proto UDPv4,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-server'
280
2022-02-15 18:45:06 us=199102 xx.xx.xx.xx:1194 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1457,tun-mtu 1400,proto UDPv4,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-client'
281
2022-02-15 18:45:06 us=199504 xx.xx.xx.xx:1194 TLS: Initial packet from [AF_INET]xx.xx.xx.xx:1194, sid=c6046dcf e27af85d
282
2022-02-15 18:45:06 us=229360 aa.aa.aa.aa:1194 VERIFY OK: depth=1, C=XX, ST=XX, L=XX, O=XX, CN=XX, emailAddress=XX
283
2022-02-15 18:45:06 us=237020 aa.aa.aa.aa:1194 VERIFY OK: depth=0, C=XX, ST=XX, L=XX, O=XX, OU=XX, emailAddress=XX, CN=XX.XX
284
2022-02-15 18:45:06 us=245193 aa.aa.aa.aa:1194 peer info: IV_VER=2.5.5
285
2022-02-15 18:45:06 us=245516 aa.aa.aa.aa:1194 peer info: IV_PLAT=win
286
2022-02-15 18:45:06 us=245737 aa.aa.aa.aa:1194 peer info: IV_PROTO=6
287
2022-02-15 18:45:06 us=245950 aa.aa.aa.aa:1194 peer info: IV_CIPHERS=AES-256-CBC
288
2022-02-15 18:45:06 us=246153 aa.aa.aa.aa:1194 peer info: IV_LZ4=1
289
2022-02-15 18:45:06 us=246359 aa.aa.aa.aa:1194 peer info: IV_LZ4v2=1
290
2022-02-15 18:45:06 us=246560 aa.aa.aa.aa:1194 peer info: IV_LZO=1
291
2022-02-15 18:45:06 us=246765 aa.aa.aa.aa:1194 peer info: IV_COMP_STUB=1
292
2022-02-15 18:45:06 us=246965 aa.aa.aa.aa:1194 peer info: IV_COMP_STUBv2=1
293
2022-02-15 18:45:06 us=247169 aa.aa.aa.aa:1194 peer info: IV_TCPNL=1
294
2022-02-15 18:45:06 us=387592 aa.aa.aa.aa:1194 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256
295
2022-02-15 18:45:06 us=388073 aa.aa.aa.aa:1194 [one.vpn] Peer Connection Initiated with [AF_INET]aa.aa.aa.aa:1194
296
2022-02-15 18:45:06 us=388525 one.vpn/aa.aa.aa.aa:1194 MULTI_sva: pool returned IPv4=192.168.253.2, IPv6=(Not enabled)
297
2022-02-15 18:45:06 us=389297 one.vpn/aa.aa.aa.aa:1194 OPTIONS IMPORT: reading client specific options from: ccd/one.vpn
298
2022-02-15 18:45:06 us=390834 one.vpn/aa.aa.aa.aa:1194 MULTI: Learn: 192.168.253.253 -> xx.xx.xx.xx/xx.xx
299
2022-02-15 18:45:06 us=391111 one.vpn/aa.aa.aa.aa:1194 MULTI: primary virtual IP for xx.xx/xx.xx.xx.xx 192.168.253.253
300
2022-02-15 18:45:06 us=393120 one.vpn/aa.aa.aa.aa:1194 Outgoing Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
301
2022-02-15 18:45:06 us=393462 one.vpn/aa.aa.aa.aa:1194 Outgoing Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
302
2022-02-15 18:45:06 us=393733 one.vpn/aa.aa.aa.aa:1194 Incoming Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
303
2022-02-15 18:45:06 us=394017 one.vpn/aa.aa.aa.aa:1194 Incoming Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
304
2022-02-15 18:45:06 us=394645 one.vpn/aa.aa.aa.aa:1194 SENT CONTROL [one.vpn]: 'PUSH_REPLY,route 192.168.5.0 255.255.255.0,route 192.168.6.0 255.255.255.0,route-gateway 192.168.253.1,topology subnet,ping 10,ping-restart 60,ifconfig 192.168.253.253 255.255.255.0,peer-id 0,cipher AES-256-CBC' (status=1)
305
2022-02-15 18:45:06 us=463713 xx.xx.xx.xx:1194 VERIFY OK: depth=1, C=XX, ST=XX, L=XX, O=XX, OU=XX, emailAddress=XX
306
2022-02-15 18:45:06 us=469055 xx.xx.xx.xx:1194 VERIFY OK: depth=0, C=XX, ST=XX, L=XX, O=XX, OU=XX, emailAddress=XX, CN=XX.XX
307
2022-02-15 18:45:06 us=476893 xx.xx.xx.xx:1194 peer info: IV_VER=2.5.1
308
2022-02-15 18:45:06 us=477214 xx.xx.xx.xx:1194 peer info: IV_PLAT=linux
309
2022-02-15 18:45:06 us=477434 xx.xx.xx.xx:1194 peer info: IV_PROTO=6
310
2022-02-15 18:45:06 us=477643 xx.xx.xx.xx:1194 peer info: IV_CIPHERS=AES-256-CBC
311
2022-02-15 18:45:06 us=477849 xx.xx.xx.xx:1194 peer info: IV_LZ4=1
312
2022-02-15 18:45:06 us=478112 xx.xx.xx.xx:1194 peer info: IV_LZ4v2=1
313
2022-02-15 18:45:06 us=478326 xx.xx.xx.xx:1194 peer info: IV_LZO=1
314
2022-02-15 18:45:06 us=478534 xx.xx.xx.xx:1194 peer info: IV_COMP_STUB=1
315
2022-02-15 18:45:06 us=478740 xx.xx.xx.xx:1194 peer info: IV_COMP_STUBv2=1
316
2022-02-15 18:45:06 us=478947 xx.xx.xx.xx:1194 peer info: IV_TCPNL=1
317
2022-02-15 18:45:06 us=499827 xx.xx.xx.xx:1194 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256
318
2022-02-15 18:45:06 us=500259 xx.xx.xx.xx:1194 [sdns2.vpn] Peer Connection Initiated with [AF_INET]xx.xx.xx.xx:1194
319
2022-02-15 18:45:06 us=500707 sdns2.vpn/xx.xx.xx.xx:1194 MULTI_sva: pool returned IPv4=192.168.253.2, IPv6=(Not enabled)
320
2022-02-15 18:45:06 us=501478 sdns2.vpn/xx.xx.xx.xx:1194 OPTIONS IMPORT: reading client specific options from: ccd/sdns2.vpn
321
2022-02-15 18:45:06 us=504657 sdns2.vpn/xx.xx.xx.xx:1194 MULTI: Learn: 192.168.253.252 -> xx.xx/xx.xx.xx.xx:1194
322
2022-02-15 18:45:06 us=505552 sdns2.vpn/xx.xx.xx.xx:1194 MULTI: primary virtual IP for xx.xx/xx.xx.xx.xx 192.168.253.252
323
2022-02-15 18:45:06 us=511367 sdns2.vpn/xx.xx.xx.xx:1194 Outgoing Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
324
2022-02-15 18:45:06 us=512291 sdns2.vpn/xx.xx.xx.xx:1194 Outgoing Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
325
2022-02-15 18:45:06 us=512919 sdns2.vpn/xx.xx.xx.xx:1194 Incoming Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
326
2022-02-15 18:45:06 us=513218 sdns2.vpn/xx.xx.xx.xx:1194 Incoming Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
327
2022-02-15 18:45:06 us=513833 sdns2.vpn/xx.xx.xx.xx:1194 SENT CONTROL [sdns2.vpn]: 'PUSH_REPLY,route 192.168.5.0 255.255.255.0,route 192.168.6.0 255.255.255.0,route-gateway 192.168.253.1,topology subnet,ping 10,ping-restart 60,ifconfig 192.168.253.252 255.255.255.0,peer-id 1,cipher AES-256-CBC' (status=1)
328
2022-02-15 18:45:07 us=287602 MULTI: multi_create_instance called
329
2022-02-15 18:45:07 us=289202 bb.bb.bb.bb:1194 Re-using SSL/TLS context
330
2022-02-15 18:45:07 us=292026 bb.bb.bb.bb:1194 Control Channel MTU parms [ L:1521 D:1212 EF:38 EB:0 ET:0 EL:3 ]
331
2022-02-15 18:45:07 us=293093 bb.bb.bb.bb:1194 Data Channel MTU parms [ L:1521 D:1521 EF:121 EB:389 ET:0 EL:3 ]
332
2022-02-15 18:45:07 us=298074 bb.bb.bb.bb:1194 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1457,tun-mtu 1400,proto UDPv4,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-server'
333
2022-02-15 18:45:07 us=298792 bb.bb.bb.bb:1194 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1457,tun-mtu 1400,proto UDPv4,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-client'
334
2022-02-15 18:45:07 us=299982 bb.bb.bb.bb:1194 TLS: Initial packet from [AF_INET]xx.xx/xx.xx.xx.xx:1194, sid=08733ad1 6a822622
335
2022-02-15 18:45:07 us=496813 bb.bb.bb.bb:1194 VERIFY OK: depth=1, C=XX, ST=XX, L=XX, O=XX, OU=XX, emailAddress=XX
336
2022-02-15 18:45:07 us=502154 bb.bb.bb.bb:1194 VERIFY OK: depth=0, C=XX, ST=XX, L=XX, O=XX, OU=XX, emailAddress=XX, CN=XX.XX
337
2022-02-15 18:45:07 us=510060 bb.bb.bb.bb:1194 peer info: IV_VER=2.5.5
338
2022-02-15 18:45:07 us=510380 bb.bb.bb.bb:1194 peer info: IV_PLAT=win
339
2022-02-15 18:45:07 us=510602 bb.bb.bb.bb:1194 peer info: IV_PROTO=6
340
2022-02-15 18:45:07 us=510815 bb.bb.bb.bb:1194 peer info: IV_CIPHERS=AES-256-CBC
341
2022-02-15 18:45:07 us=511023 bb.bb.bb.bb:1194 peer info: IV_LZ4=1
342
2022-02-15 18:45:07 us=511230 bb.bb.bb.bb:1194 peer info: IV_LZ4v2=1
343
2022-02-15 18:45:07 us=511436 bb.bb.bb.bb:1194 peer info: IV_LZO=1
344
2022-02-15 18:45:07 us=511639 bb.bb.bb.bb:1194 peer info: IV_COMP_STUB=1
345
2022-02-15 18:45:07 us=511841 bb.bb.bb.bb:1194 peer info: IV_COMP_STUBv2=1
346
2022-02-15 18:45:07 us=512045 bb.bb.bb.bb:1194 peer info: IV_TCPNL=1
347
2022-02-15 18:45:07 us=531984 bb.bb.bb.bb:1194 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256
348
2022-02-15 18:45:07 us=532787 bb.bb.bb.bb:1194 [two.vpn] Peer Connection Initiated with [AF_INET]xx.xx.xx.xx:xxxx
349
2022-02-15 18:45:07 us=534156 two.vpn/bb.bb.bb.bb:1194 MULTI_sva: pool returned IPv4=192.168.253.2, IPv6=(Not enabled)
350
2022-02-15 18:45:07 us=536729 two.vpn/bb.bb.bb.bb:1194 OPTIONS IMPORT: reading client specific options from: ccd/two.vpn
351
2022-02-15 18:45:07 us=541327 two.vpn/bb.bb.bb.bb:1194 MULTI: Learn: 192.168.253.251 -> xx.xx/xx.xx.xx.xx:1194
352
2022-02-15 18:45:07 us=542221 two.vpn/bb.bb.bb.bb:1194 MULTI: primary virtual IP for xx.xx/xx.xx.xx.xx 192.168.253.251
353
2022-02-15 18:45:07 us=544250 two.vpn/bb.bb.bb.bb:1194 Outgoing Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
354
2022-02-15 18:45:07 us=544573 two.vpn/bb.bb.bb.bb:1194 Outgoing Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
355
2022-02-15 18:45:07 us=544844 two.vpn/bb.bb.bb.bb:1194 Incoming Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
356
2022-02-15 18:45:07 us=545127 two.vpn/bb.bb.bb.bb:1194 Incoming Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
357
2022-02-15 18:45:07 us=545743 two.vpn/bb.bb.bb.bb:1194 SENT CONTROL [two.vpn]: 'PUSH_REPLY,route 192.168.5.0 255.255.255.0,route 192.168.6.0 255.255.255.0,route-gateway 192.168.253.1,topology subnet,ping 10,ping-restart 60,ifconfig 192.168.253.251 255.255.255.0,peer-id 2,cipher AES-256-CBC' (status=1)
358
2022-02-15 18:48:29 us=234733 MULTI: multi_create_instance called
359
2022-02-15 18:48:29 us=236436 cc.cc.cc.cc:1194 Re-using SSL/TLS context
360
2022-02-15 18:48:29 us=239562 cc.cc.cc.cc:1194 Control Channel MTU parms [ L:1521 D:1212 EF:38 EB:0 ET:0 EL:3 ]
361
2022-02-15 18:48:29 us=240413 cc.cc.cc.cc:1194 Data Channel MTU parms [ L:1521 D:1521 EF:121 EB:389 ET:0 EL:3 ]
362
2022-02-15 18:48:29 us=245679 cc.cc.cc.cc:1194 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1457,tun-mtu 1400,proto UDPv4,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-server'
363
2022-02-15 18:48:29 us=246422 cc.cc.cc.cc:1194 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1457,tun-mtu 1400,proto UDPv4,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-client'
364
2022-02-15 18:48:29 us=247621 cc.cc.cc.cc:1194 TLS: Initial packet from [AF_INET]cc.cc.cc.cc:1194, sid=fd973417 a6d9fc94
365
2022-02-15 18:48:29 us=713162 cc.cc.cc.cc:1194 VERIFY OK: depth=1, C=XX, ST=XX, L=XX, O=XX, OU=XX, emailAddress=XX
366
2022-02-15 18:48:29 us=718534 cc.cc.cc.cc:1194 VERIFY OK: depth=0, C=XX, ST=XX, L=XX, O=XX, OU=XX, emailAddress=XX, CN=XX.XX
367
2022-02-15 18:48:29 us=726379 cc.cc.cc.cc:1194 peer info: IV_VER=2.5.5
368
2022-02-15 18:48:29 us=726702 cc.cc.cc.cc:1194 peer info: IV_PLAT=linux
369
2022-02-15 18:48:29 us=726927 cc.cc.cc.cc:1194 peer info: IV_PROTO=6
370
2022-02-15 18:48:29 us=727144 cc.cc.cc.cc:1194 peer info: IV_CIPHERS=AES-256-CBC
371
2022-02-15 18:48:29 us=727355 cc.cc.cc.cc:1194 peer info: IV_LZ4=1
372
2022-02-15 18:48:29 us=727568 cc.cc.cc.cc:1194 peer info: IV_LZ4v2=1
373
2022-02-15 18:48:29 us=727777 cc.cc.cc.cc:1194 peer info: IV_LZO=1
374
2022-02-15 18:48:29 us=727986 cc.cc.cc.cc:1194 peer info: IV_COMP_STUB=1
375
2022-02-15 18:48:29 us=728196 cc.cc.cc.cc:1194 peer info: IV_COMP_STUBv2=1
376
2022-02-15 18:48:29 us=728404 cc.cc.cc.cc:1194 peer info: IV_TCPNL=1
377
2022-02-15 18:48:29 us=737642 cc.cc.cc.cc:1194 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256
378
2022-02-15 18:48:29 us=738070 cc.cc.cc.cc:1194 [home.vpn] Peer Connection Initiated with [AF_INET]xx.xx.xx.xx:1194
379
2022-02-15 18:48:29 us=738525 home.vpn/cc.cc.cc.cc:1194 MULTI_sva: pool returned IPv4=192.168.253.2, IPv6=(Not enabled)
380
2022-02-15 18:48:29 us=739296 home.vpn/cc.cc.cc.cc:1194 OPTIONS IMPORT: reading client specific options from: ccd/home.vpn
381
2022-02-15 18:48:29 us=741367 home.vpn/cc.cc.cc.cc:1194 MULTI: Learn: 192.168.253.202 -> xx.xx/xx.xx.xx.xx
382
2022-02-15 18:48:29 us=741652 home.vpn/cc.cc.cc.cc:1194 MULTI: primary virtual IP for xx.xx/xx.xx.xx.xx 192.168.253.202
383
2022-02-15 18:48:29 us=741954 home.vpn/cc.cc.cc.cc:1194 MULTI: internal route 192.168.6.0/24 -> xx.xx/xx.xx.xx.xx:1194
384
2022-02-15 18:48:29 us=742241 home.vpn/cc.cc.cc.cc:1194 MULTI: Learn: 192.168.6.0/24 -> home.vpn/cc.cc.cc.cc:1194
385
2022-02-15 18:48:29 us=743594 home.vpn/cc.cc.cc.cc:1194 REMOVE PUSH ROUTE: 'route 192.168.6.0 255.255.255.0'
386
2022-02-15 18:48:29 us=745316 home.vpn/cc.cc.cc.cc:1194 Outgoing Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
387
2022-02-15 18:48:29 us=745627 home.vpn/cc.cc.cc.cc:1194 Outgoing Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
388
2022-02-15 18:48:29 us=745895 home.vpn/cc.cc.cc.cc:1194 Incoming Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
389
2022-02-15 18:48:29 us=746176 home.vpn/cc.cc.cc.cc:1194 Incoming Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
390
2022-02-15 18:48:29 us=746771 home.vpn/cc.cc.cc.cc:1194 SENT CONTROL [home.vpn]: 'PUSH_REPLY,route 192.168.5.0 255.255.255.0,route-gateway 192.168.253.1,topology subnet,ping 10,ping-restart 60,ifconfig 192.168.253.202 255.255.255.0,peer-id 3,cipher AES-256-CBC' (status=1)
391
2022-02-15 18:48:34 us=381595 home.vpn/cc.cc.cc.cc:1194 MULTI: Learn: 192.168.6.29 -> xx.xx/xx.xx.xx.xx

Log Client side
client
1
2022-02-15 18:48:29 us=205208 Current Parameter Settings:
2
2022-02-15 18:48:29 us=205458 config = 'home.ovpn'
3
2022-02-15 18:48:29 us=205522 mode = 0
4
2022-02-15 18:48:29 us=205576 persist_config = DISABLED
5
2022-02-15 18:48:29 us=205628 persist_mode = 1
6
2022-02-15 18:48:29 us=205678 show_ciphers = DISABLED
7
2022-02-15 18:48:29 us=205729 show_digests = DISABLED
8
2022-02-15 18:48:29 us=205780 show_engines = DISABLED
9
2022-02-15 18:48:29 us=205831 genkey = DISABLED
10
2022-02-15 18:48:29 us=205882 genkey_filename = '[UNDEF]'
11
2022-02-15 18:48:29 us=205933 key_pass_file = '[UNDEF]'
12
2022-02-15 18:48:29 us=205985 show_tls_ciphers = DISABLED
13
2022-02-15 18:48:29 us=206047 connect_retry_max = 0
14
2022-02-15 18:48:29 us=206101 Connection profiles [0]:
15
2022-02-15 18:48:29 us=206153 proto = udp4
16
2022-02-15 18:48:29 us=206204 local = '[UNDEF]'
17
2022-02-15 18:48:29 us=206255 local_port = '1194'
18
2022-02-15 18:48:29 us=206306 remote = 'xxxxxxx'
19
2022-02-15 18:48:29 us=206357 remote_port = 'xxxxxxx'
20
2022-02-15 18:48:29 us=206408 remote_float = DISABLED
21
2022-02-15 18:48:29 us=206458 bind_defined = DISABLED
22
2022-02-15 18:48:29 us=206509 bind_local = ENABLED
23
2022-02-15 18:48:29 us=206559 bind_ipv6_only = DISABLED
24
2022-02-15 18:48:29 us=206611 connect_retry_seconds = 5
25
2022-02-15 18:48:29 us=206663 connect_timeout = 120
26
2022-02-15 18:48:29 us=206714 socks_proxy_server = '[UNDEF]'
27
2022-02-15 18:48:29 us=206765 socks_proxy_port = '[UNDEF]'
28
2022-02-15 18:48:29 us=206817 tun_mtu = 1400
29
2022-02-15 18:48:29 us=206868 tun_mtu_defined = ENABLED
30
2022-02-15 18:48:29 us=206919 link_mtu = 1500
31
2022-02-15 18:48:29 us=206970 link_mtu_defined = DISABLED
32
2022-02-15 18:48:29 us=207021 tun_mtu_extra = 0
33
2022-02-15 18:48:29 us=207072 tun_mtu_extra_defined = DISABLED
34
2022-02-15 18:48:29 us=207124 mtu_discover_type = -1
35
2022-02-15 18:48:29 us=207176 fragment = 0
36
2022-02-15 18:48:29 us=207227 mssfix = 0
37
2022-02-15 18:48:29 us=207278 explicit_exit_notification = 0
38
2022-02-15 18:48:29 us=207329 tls_auth_file = '[UNDEF]'
39
2022-02-15 18:48:29 us=207381 key_direction = not set
40
2022-02-15 18:48:29 us=207432 tls_crypt_file = '[UNDEF]'
41
2022-02-15 18:48:29 us=207483 tls_crypt_v2_file = '[UNDEF]'
42
2022-02-15 18:48:29 us=207534 Connection profiles END
43
2022-02-15 18:48:29 us=207585 remote_random = DISABLED
44
2022-02-15 18:48:29 us=207635 ipchange = '[UNDEF]'
45
2022-02-15 18:48:29 us=207686 dev = 'tun'
46
2022-02-15 18:48:29 us=207737 dev_type = '[UNDEF]'
47
2022-02-15 18:48:29 us=207787 dev_node = '[UNDEF]'
48
2022-02-15 18:48:29 us=207846 lladdr = '[UNDEF]'
49
2022-02-15 18:48:29 us=207900 topology = 1
50
2022-02-15 18:48:29 us=207952 ifconfig_local = '[UNDEF]'
51
2022-02-15 18:48:29 us=208004 ifconfig_remote_netmask = '[UNDEF]'
52
2022-02-15 18:48:29 us=208055 ifconfig_noexec = DISABLED
53
2022-02-15 18:48:29 us=208106 ifconfig_nowarn = DISABLED
54
2022-02-15 18:48:29 us=208157 ifconfig_ipv6_local = '[UNDEF]'
55
2022-02-15 18:48:29 us=208209 ifconfig_ipv6_netbits = 0
56
2022-02-15 18:48:29 us=208260 ifconfig_ipv6_remote = '[UNDEF]'
57
2022-02-15 18:48:29 us=208312 shaper = 0
58
2022-02-15 18:48:29 us=208363 mtu_test = 0
59
2022-02-15 18:48:29 us=208414 mlock = DISABLED
60
2022-02-15 18:48:29 us=208465 keepalive_ping = 0
61
2022-02-15 18:48:29 us=208606 keepalive_timeout = 0
62
2022-02-15 18:48:29 us=208671 inactivity_timeout = 0
63
2022-02-15 18:48:29 us=208723 ping_send_timeout = 0
64
2022-02-15 18:48:29 us=208775 ping_rec_timeout = 0
65
2022-02-15 18:48:29 us=208828 ping_rec_timeout_action = 0
66
2022-02-15 18:48:29 us=208879 ping_timer_remote = DISABLED
67
2022-02-15 18:48:29 us=208931 remap_sigusr1 = 0
68
2022-02-15 18:48:29 us=208981 persist_tun = ENABLED
69
2022-02-15 18:48:29 us=209033 persist_local_ip = DISABLED
70
2022-02-15 18:48:29 us=209083 persist_remote_ip = DISABLED
71
2022-02-15 18:48:29 us=209134 persist_key = ENABLED
72
2022-02-15 18:48:29 us=209185 passtos = DISABLED
73
2022-02-15 18:48:29 us=209237 resolve_retry_seconds = 1000000000
74
2022-02-15 18:48:29 us=209287 resolve_in_advance = DISABLED
75
2022-02-15 18:48:29 us=209338 username = '[UNDEF]'
76
2022-02-15 18:48:29 us=209408 groupname = '[UNDEF]'
77
2022-02-15 18:48:29 us=209461 chroot_dir = '[UNDEF]'
78
2022-02-15 18:48:29 us=209513 cd_dir = '/xxxx/config'
79
2022-02-15 18:48:29 us=209565 writepid = '[UNDEF]'
80
2022-02-15 18:48:29 us=209616 up_script = '[UNDEF]'
81
2022-02-15 18:48:29 us=209667 down_script = '[UNDEF]'
82
2022-02-15 18:48:29 us=209719 down_pre = DISABLED
83
2022-02-15 18:48:29 us=209770 up_restart = DISABLED
84
2022-02-15 18:48:29 us=209820 up_delay = DISABLED
85
2022-02-15 18:48:29 us=209871 daemon = ENABLED
86
2022-02-15 18:48:29 us=209922 inetd = 0
87
2022-02-15 18:48:29 us=209972 log = ENABLED
88
2022-02-15 18:48:29 us=210023 suppress_timestamps = DISABLED
89
2022-02-15 18:48:29 us=210074 machine_readable_output = DISABLED
90
2022-02-15 18:48:29 us=210125 nice = 0
91
2022-02-15 18:48:29 us=210176 verbosity = 4
92
2022-02-15 18:48:29 us=210227 mute = 0
93
2022-02-15 18:48:29 us=210279 status_file = '/xxxx/status.log'
94
2022-02-15 18:48:29 us=210331 status_file_version = 1
95
2022-02-15 18:48:29 us=210383 status_file_update_freq = 60
96
2022-02-15 18:48:29 us=210434 occ = ENABLED
97
2022-02-15 18:48:29 us=210486 rcvbuf = 0
98
2022-02-15 18:48:29 us=210537 sndbuf = 0
99
2022-02-15 18:48:29 us=210589 mark = 0
100
2022-02-15 18:48:29 us=210640 sockflags = 0
101
2022-02-15 18:48:29 us=210692 fast_io = DISABLED
102
2022-02-15 18:48:29 us=210743 comp.alg = 0
103
2022-02-15 18:48:29 us=210806 comp.flags = 0
104
2022-02-15 18:48:29 us=210859 route_script = '[UNDEF]'
105
2022-02-15 18:48:29 us=210911 route_default_gateway = '[UNDEF]'
106
2022-02-15 18:48:29 us=210962 route_default_metric = 0
107
2022-02-15 18:48:29 us=211014 route_noexec = DISABLED
108
2022-02-15 18:48:29 us=211065 route_delay = 0
109
2022-02-15 18:48:29 us=211118 route_delay_window = 30
110
2022-02-15 18:48:29 us=211169 route_delay_defined = DISABLED
111
2022-02-15 18:48:29 us=211221 route_nopull = DISABLED
112
2022-02-15 18:48:29 us=211273 route_gateway_via_dhcp = DISABLED
113
2022-02-15 18:48:29 us=211324 allow_pull_fqdn = DISABLED
114
2022-02-15 18:48:29 us=211376 management_addr = '[UNDEF]'
115
2022-02-15 18:48:29 us=211428 management_port = '[UNDEF]'
116
2022-02-15 18:48:29 us=211481 management_user_pass = '[UNDEF]'
117
2022-02-15 18:48:29 us=211533 management_log_history_cache = 250
118
2022-02-15 18:48:29 us=211585 management_echo_buffer_size = 100
119
2022-02-15 18:48:29 us=211637 management_write_peer_info_file = '[UNDEF]'
120
2022-02-15 18:48:29 us=211688 management_client_user = '[UNDEF]'
121
2022-02-15 18:48:29 us=211740 management_client_group = '[UNDEF]'
122
2022-02-15 18:48:29 us=211793 management_flags = 0
123
2022-02-15 18:48:29 us=211844 shared_secret_file = '[UNDEF]'
124
2022-02-15 18:48:29 us=211897 key_direction = not set
125
2022-02-15 18:48:29 us=211948 ciphername = 'AES-256-CBC'
126
2022-02-15 18:48:29 us=212000 ncp_enabled = ENABLED
127
2022-02-15 18:48:29 us=212052 ncp_ciphers = 'AES-256-CBC'
128
2022-02-15 18:48:29 us=212103 authname = 'SHA1'
129
2022-02-15 18:48:29 us=212154 prng_hash = 'SHA1'
130
2022-02-15 18:48:29 us=212206 prng_nonce_secret_len = 16
131
2022-02-15 18:48:29 us=212258 keysize = 0
132
2022-02-15 18:48:29 us=212309 engine = DISABLED
133
2022-02-15 18:48:29 us=212361 replay = ENABLED
134
2022-02-15 18:48:29 us=212412 mute_replay_warnings = DISABLED
135
2022-02-15 18:48:29 us=212465 replay_window = 64
136
2022-02-15 18:48:29 us=212517 replay_time = 15
137
2022-02-15 18:48:29 us=212568 packet_id_file = '[UNDEF]'
138
2022-02-15 18:48:29 us=212619 test_crypto = DISABLED
139
2022-02-15 18:48:29 us=212670 tls_server = DISABLED
140
2022-02-15 18:48:29 us=212721 tls_client = ENABLED
141
2022-02-15 18:48:29 us=212773 ca_file = 'XX.crt'
142
2022-02-15 18:48:29 us=212825 ca_path = '[UNDEF]'
143
2022-02-15 18:48:29 us=212876 dh_file = '[UNDEF]'
144
2022-02-15 18:48:29 us=212928 cert_file = 'XX.crt'
145
2022-02-15 18:48:29 us=212980 extra_certs_file = '[UNDEF]'
146
2022-02-15 18:48:29 us=213032 priv_key_file = 'XX.key'
147
2022-02-15 18:48:29 us=213084 pkcs12_file = '[UNDEF]'
148
2022-02-15 18:48:29 us=213136 cipher_list = '[UNDEF]'
149
2022-02-15 18:48:29 us=213204 cipher_list_tls13 = '[UNDEF]'
150
2022-02-15 18:48:29 us=213258 tls_cert_profile = '[UNDEF]'
151
2022-02-15 18:48:29 us=213310 tls_verify = '[UNDEF]'
152
2022-02-15 18:48:29 us=213363 tls_export_cert = '[UNDEF]'
153
2022-02-15 18:48:29 us=213416 verify_x509_type = 0
154
2022-02-15 18:48:29 us=213468 verify_x509_name = '[UNDEF]'
155
2022-02-15 18:48:29 us=213520 crl_file = '[UNDEF]'
156
2022-02-15 18:48:29 us=213572 ns_cert_type = 0
157
2022-02-15 18:48:29 us=213624 remote_cert_ku[i] = 65535
158
2022-02-15 18:48:29 us=213677 remote_cert_ku[i] = 0
159
2022-02-15 18:48:29 us=213730 remote_cert_ku[i] = 0
160
2022-02-15 18:48:29 us=213782 remote_cert_ku[i] = 0
161
2022-02-15 18:48:29 us=213835 remote_cert_ku[i] = 0
162
2022-02-15 18:48:29 us=213887 remote_cert_ku[i] = 0
163
2022-02-15 18:48:29 us=213940 remote_cert_ku[i] = 0
164
2022-02-15 18:48:29 us=213992 remote_cert_ku[i] = 0
165
2022-02-15 18:48:29 us=214045 remote_cert_ku[i] = 0
166
2022-02-15 18:48:29 us=214098 remote_cert_ku[i] = 0
167
2022-02-15 18:48:29 us=214150 remote_cert_ku[i] = 0
168
2022-02-15 18:48:29 us=214203 remote_cert_ku[i] = 0
169
2022-02-15 18:48:29 us=214255 remote_cert_ku[i] = 0
170
2022-02-15 18:48:29 us=214308 remote_cert_ku[i] = 0
171
2022-02-15 18:48:29 us=214361 remote_cert_ku[i] = 0
172
2022-02-15 18:48:29 us=214412 remote_cert_ku[i] = 0
173
2022-02-15 18:48:29 us=214464 remote_cert_eku = 'TLS Web Server Authentication'
174
2022-02-15 18:48:29 us=214517 ssl_flags = 0
175
2022-02-15 18:48:29 us=214569 tls_timeout = 2
176
2022-02-15 18:48:29 us=214621 renegotiate_bytes = -1
177
2022-02-15 18:48:29 us=214673 renegotiate_packets = 0
178
2022-02-15 18:48:29 us=214726 renegotiate_seconds = 3600
179
2022-02-15 18:48:29 us=214779 handshake_window = 60
180
2022-02-15 18:48:29 us=214831 transition_window = 3600
181
2022-02-15 18:48:29 us=214883 single_session = DISABLED
182
2022-02-15 18:48:29 us=214935 push_peer_info = DISABLED
183
2022-02-15 18:48:29 us=214986 tls_exit = DISABLED
184
2022-02-15 18:48:29 us=215038 tls_crypt_v2_metadata = '[UNDEF]'
185
2022-02-15 18:48:29 us=215118 server_network = 0.0.0.0
186
2022-02-15 18:48:29 us=215180 server_netmask = 0.0.0.0
187
2022-02-15 18:48:29 us=215239 server_network_ipv6 = ::
188
2022-02-15 18:48:29 us=215293 server_netbits_ipv6 = 0
189
2022-02-15 18:48:29 us=215353 server_bridge_ip = 0.0.0.0
190
2022-02-15 18:48:29 us=215413 server_bridge_netmask = 0.0.0.0
191
2022-02-15 18:48:29 us=215473 server_bridge_pool_start = 0.0.0.0
192
2022-02-15 18:48:29 us=215533 server_bridge_pool_end = 0.0.0.0
193
2022-02-15 18:48:29 us=215586 ifconfig_pool_defined = DISABLED
194
2022-02-15 18:48:29 us=215646 ifconfig_pool_start = 0.0.0.0
195
2022-02-15 18:48:29 us=215705 ifconfig_pool_end = 0.0.0.0
196
2022-02-15 18:48:29 us=215765 ifconfig_pool_netmask = 0.0.0.0
197
2022-02-15 18:48:29 us=215818 ifconfig_pool_persist_filename = '[UNDEF]'
198
2022-02-15 18:48:29 us=215871 ifconfig_pool_persist_refresh_freq = 600
199
2022-02-15 18:48:29 us=215923 ifconfig_ipv6_pool_defined = DISABLED
200
2022-02-15 18:48:29 us=215980 ifconfig_ipv6_pool_base = ::
201
2022-02-15 18:48:29 us=216034 ifconfig_ipv6_pool_netbits = 0
202
2022-02-15 18:48:29 us=216086 n_bcast_buf = 256
203
2022-02-15 18:48:29 us=216138 tcp_queue_limit = 64
204
2022-02-15 18:48:29 us=216189 real_hash_size = 256
205
2022-02-15 18:48:29 us=216242 virtual_hash_size = 256
206
2022-02-15 18:48:29 us=216293 client_connect_script = '[UNDEF]'
207
2022-02-15 18:48:29 us=216345 learn_address_script = '[UNDEF]'
208
2022-02-15 18:48:29 us=216397 client_disconnect_script = '[UNDEF]'
209
2022-02-15 18:48:29 us=216448 client_config_dir = '[UNDEF]'
210
2022-02-15 18:48:29 us=216500 ccd_exclusive = DISABLED
211
2022-02-15 18:48:29 us=216551 tmp_dir = '/tmp'
212
2022-02-15 18:48:29 us=216603 push_ifconfig_defined = DISABLED
213
2022-02-15 18:48:29 us=216662 push_ifconfig_local = 0.0.0.0
214
2022-02-15 18:48:29 us=216720 push_ifconfig_remote_netmask = 0.0.0.0
215
2022-02-15 18:48:29 us=216774 push_ifconfig_ipv6_defined = DISABLED
216
2022-02-15 18:48:29 us=216832 push_ifconfig_ipv6_local = ::/0
217
2022-02-15 18:48:29 us=216890 push_ifconfig_ipv6_remote = ::
218
2022-02-15 18:48:29 us=216942 enable_c2c = DISABLED
219
2022-02-15 18:48:29 us=217009 duplicate_cn = DISABLED
220
2022-02-15 18:48:29 us=217062 cf_max = 0
221
2022-02-15 18:48:29 us=217114 cf_per = 0
222
2022-02-15 18:48:29 us=217167 max_clients = 1024
223
2022-02-15 18:48:29 us=217220 max_routes_per_client = 256
224
2022-02-15 18:48:29 us=217271 auth_user_pass_verify_script = '[UNDEF]'
225
2022-02-15 18:48:29 us=217323 auth_user_pass_verify_script_via_file = DISABLED
226
2022-02-15 18:48:29 us=217376 auth_token_generate = DISABLED
227
2022-02-15 18:48:29 us=217429 auth_token_lifetime = 0
228
2022-02-15 18:48:29 us=217481 auth_token_secret_file = '[UNDEF]'
229
2022-02-15 18:48:29 us=217533 port_share_host = '[UNDEF]'
230
2022-02-15 18:48:29 us=217585 port_share_port = '[UNDEF]'
231
2022-02-15 18:48:29 us=217637 vlan_tagging = DISABLED
232
2022-02-15 18:48:29 us=217688 vlan_accept = all
233
2022-02-15 18:48:29 us=217740 vlan_pvid = 1
234
2022-02-15 18:48:29 us=217791 client = ENABLED
235
2022-02-15 18:48:29 us=217843 pull = ENABLED
236
2022-02-15 18:48:29 us=217895 auth_user_pass_file = '[UNDEF]'
237
2022-02-15 18:48:29 us=217959 OpenVPN 2.5.5 arm-unknown-linux-gnueabi [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Feb 10 2022
238
2022-02-15 18:48:29 us=218029 library versions: OpenSSL 1.1.1m 14 Dec 2021, LZO 2.10
239
2022-02-15 18:48:29 us=226783 Control Channel MTU parms [ L:1521 D:1212 EF:38 EB:0 ET:0 EL:3 ]
240
2022-02-15 18:48:29 us=232891 Data Channel MTU parms [ L:1521 D:1521 EF:121 EB:389 ET:0 EL:3 ]
241
2022-02-15 18:48:29 us=233191 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1457,tun-mtu 1400,proto UDPv4,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-client'
242
2022-02-15 18:48:29 us=233255 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1457,tun-mtu 1400,proto UDPv4,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-server'
243
2022-02-15 18:48:29 us=233350 TCP/UDP: Preserving recently used remote address: [AF_INET]xx.xx.xx.xx:xxxx
244
2022-02-15 18:48:29 us=233432 Socket Buffers: R=[114688->114688] S=[114688->114688]
245
2022-02-15 18:48:29 us=233508 UDPv4 link local (bound): [AF_INET][undef]:1194
246
2022-02-15 18:48:29 us=233572 UDPv4 link remote: [AF_INET]xx.xx.xx.xx:xxxx
247
2022-02-15 18:48:29 us=260280 TLS: Initial packet from [AF_INET]xx.xx.xx.xx:xxxx, sid=e52b669d f19dae3d
248
2022-02-15 18:48:29 us=432031 VERIFY OK: C=XX, ST=XX, L=XX, O=XX, OU=XX, emailAddress=XX, CN=XX
249
2022-02-15 18:48:29 us=439087 VERIFY KU OK
250
2022-02-15 18:48:29 us=439198 Validating certificate extended key usage
251
2022-02-15 18:48:29 us=439261 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
252
2022-02-15 18:48:29 us=439315 VERIFY EKU OK
253
2022-02-15 18:48:29 us=439367 VERIFY OK: depth=0, C=XX, ST=XX, L=XX, O=XX, OU=XX, emailAddress=XX, CN=XX
254
2022-02-15 18:48:29 us=740417 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256
255
2022-02-15 18:48:29 us=740591 [xxx.xxx] Peer Connection Initiated with [AF_INET]xx.xx.xx.xx:xxxx
256
2022-02-15 18:48:29 us=758198 PUSH: Received control message: 'PUSH_REPLY,route 192.168.5.0 255.255.255.0,route-gateway 192.168.253.1,topology subnet,ping 10,ping-restart 60,ifconfig 192.168.253.202 255.255.255.0,peer-id 3,cipher AES-256-CBC'
257
2022-02-15 18:48:29 us=758858 OPTIONS IMPORT: timers and/or timeouts modified
258
2022-02-15 18:48:29 us=758936 OPTIONS IMPORT: --ifconfig/up options modified
259
2022-02-15 18:48:29 us=758988 OPTIONS IMPORT: route options modified
260
2022-02-15 18:48:29 us=759036 OPTIONS IMPORT: route-related options modified
261
2022-02-15 18:48:29 us=759083 OPTIONS IMPORT: peer-id set
262
2022-02-15 18:48:29 us=759133 OPTIONS IMPORT: adjusting link_mtu to 1524
263
2022-02-15 18:48:29 us=759179 OPTIONS IMPORT: data channel crypto options modified
264
2022-02-15 18:48:29 us=759917 Outgoing Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
265
2022-02-15 18:48:29 us=760025 Outgoing Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
266
2022-02-15 18:48:29 us=760110 Incoming Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
267
2022-02-15 18:48:29 us=760233 Incoming Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
268
2022-02-15 18:48:29 us=760412 net_route_v4_best_gw query: dst 0.0.0.0
269
2022-02-15 18:48:29 us=760729 net_route_v4_best_gw result: via 192.168.6.1 dev eth0
270
2022-02-15 18:48:29 us=768636 TUN/TAP device tun0 opened
271
2022-02-15 18:48:29 us=768747 do_ifconfig, ipv4=1, ipv6=0
272
2022-02-15 18:48:29 us=768838 net_iface_mtu_set: mtu 1400 for tun0
273
2022-02-15 18:48:29 us=768990 net_iface_up: set tun0 up
274
2022-02-15 18:48:29 us=772429 net_addr_v4_add: 192.168.253.202/24 dev tun0
275
2022-02-15 18:48:29 us=773237 net_route_v4_add: 192.168.5.0/24 via 192.168.253.1 dev [NULL] table 0 metric -1
276
2022-02-15 18:48:29 us=773523 Initialization Sequence Completed


Now comes what is surprising to me, I have done a tcpdump on the client gateway icmp packets when pinging from the server network. denon.home (mac 00:05:cd:4e:22:05) is a appliance on the network, photos.home (mac 00:11:32:15:4b:d7) is the client gateway machine, box (mac : e4:5d:51:38:fd:00) is the fiber/router.
This is the routing table of the client gateway

Code: Select all

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.6.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
192.168.5.0     192.168.253.1   255.255.255.0   UG    0      0        0 tun0
192.168.253.0   0.0.0.0         255.255.255.0   U     0      0        0 tun0
default         box             0.0.0.0         UG    0      0        0 eth0
These are the results :

Code: Select all

18:26:29.408294  In ethertype IPv4 (0x0800), length 76: hubert.xx > denon.home: ICMP echo request, id 1, seq 85, length 40
18:26:29.408348 Out 00:11:32:15:4b:d7 (oui Unknown) ethertype IPv4 (0x0800), length 76: hubert.xx > denon.home: ICMP echo request, id 1, seq 85, length 40
18:26:29.409983  In 00:05:cd:4e:22:05 (oui Unknown) ethertype IPv4 (0x0800), length 76: denon.home > hubert.xx: ICMP echo reply, id 1, seq 85, length 40
18:26:29.410028 Out ethertype IPv4 (0x0800), length 76: denon.home > hubert.xx: ICMP echo reply, id 1, seq 85, length 40

18:26:35.632910  In ethertype IPv4 (0x0800), length 76: hubert.xx > photos.home: ICMP echo request, id 1, seq 86, length 40
18:26:35.632985 Out 00:11:32:15:4b:d7 (oui Unknown) ethertype IPv4 (0x0800), length 76: photos.home > hubert.xx: ICMP echo reply, id 1, seq 86, length 40
18:26:35.633271  In e4:5d:51:38:fd:00 (oui Unknown) ethertype IPv4 (0x0800), length 104: box > photos.home: ICMP redirect hubert.xx to host photos.home, length 68
18:26:35.633468  In e4:5d:51:38:fd:00 (oui Unknown) ethertype IPv4 (0x0800), length 76: photos.home > hubert.xx: ICMP echo reply, id 1, seq 86, length 40
ICMP request to others machines are normally transfered to and answered by the machines
ICMP request to the ethernet address of directly answered AND transfered to the gateway. Therefore lost in space.
I personally do not see anything wrong in my configuration but I am not very knowledgeable on OpenVPN.
Anybody can help ?
Top
TinCanTech
OpenVPN Protagonist
Posts: 11139
Joined: Fri Jun 03, 2016 1:17 pm

Re: Why can't I ping the local address of my OpenVPN gateway ?

Post by TinCanTech » Tue Feb 22, 2022 12:36 pm

Run tcpdump on the server and client and try the ping which fails.

I expect you have a firewall issue.
Top
cousinhub
OpenVpn Newbie
Posts: 11
Joined: Tue Jan 26, 2016 7:48 am

Re: Why can't I ping the local address of my OpenVPN gateway ?

Post by cousinhub » Wed Feb 23, 2022 8:00 am

It cannot be firewall, test has been made firewalls disabled everywhere.

tcpdump server side does not indicate anything but that ping to client-gateway local network interface (192.168.6.202) does not return anything, that ping to any other local network address works
Please see :

Code: Select all

08:54:14.529382 IP 192.168.5.109 > 192.168.6.120: ICMP echo request, id 1, seq 36, length 40
08:54:14.541646 IP 192.168.6.120 > 192.168.5.109: ICMP echo reply, id 1, seq 36, length 40
08:54:15.546402 IP 192.168.5.109 > 192.168.6.120: ICMP echo request, id 1, seq 37, length 40
08:54:15.561338 IP 192.168.6.120 > 192.168.5.109: ICMP echo reply, id 1, seq 37, length 40
08:54:16.576261 IP 192.168.5.109 > 192.168.6.120: ICMP echo request, id 1, seq 38, length 40
08:54:16.589784 IP 192.168.6.120 > 192.168.5.109: ICMP echo reply, id 1, seq 38, length 40
08:54:17.601082 IP 192.168.5.109 > 192.168.6.120: ICMP echo request, id 1, seq 39, length 40
08:54:17.613875 IP 192.168.6.120 > 192.168.5.109: ICMP echo reply, id 1, seq 39, length 40

08:54:22.866606 IP 192.168.5.109 > 192.168.6.202: ICMP echo request, id 1, seq 40, length 40
08:54:27.878093 IP 192.168.5.109 > 192.168.6.202: ICMP echo request, id 1, seq 41, length 40
08:54:32.898184 IP 192.168.5.109 > 192.168.6.202: ICMP echo request, id 1, seq 42, length 40
08:54:37.899076 IP 192.168.5.109 > 192.168.6.202: ICMP echo request, id 1, seq 43, length 40
Top
TinCanTech
OpenVPN Protagonist
Posts: 11139
Joined: Fri Jun 03, 2016 1:17 pm

Re: Why can't I ping the local address of my OpenVPN gateway ?

Post by TinCanTech » Wed Feb 23, 2022 2:35 pm

You have not read this: https://community.openvpn.net/openvpn/w ... rversubnet
Top
cousinhub
OpenVpn Newbie
Posts: 11
Joined: Tue Jan 26, 2016 7:48 am

Re: Why can't I ping the local address of my OpenVPN gateway ?

Post by cousinhub » Wed Feb 23, 2022 5:15 pm

Why do you think I have not read it ? I have, of course, before asking if there is a problem.
My setup looks like it respect everything said in this document. Of course I might have done a error.
But don't you think that these lines are very strange ?

Code: Select all

18:26:35.632910  In ethertype IPv4 (0x0800), length 76: hubert.xx > photos.home: ICMP echo request, id 1, seq 86, length 40
18:26:35.632985 Out 00:11:32:15:4b:d7 (oui Unknown) ethertype IPv4 (0x0800), length 76: photos.home > hubert.xx: ICMP echo reply, id 1, seq 86, length 40
18:26:35.633271  In e4:5d:51:38:fd:00 (oui Unknown) ethertype IPv4 (0x0800), length 104: box > photos.home: ICMP redirect hubert.xx to host photos.home, length 68
18:26:35.633468  In e4:5d:51:38:fd:00 (oui Unknown) ethertype IPv4 (0x0800), length 76: photos.home > hubert.xx: ICMP echo reply, id 1, seq 86, length 40
If you look a little bit at the time frame, the ICMP is transmitted somehow to the box (network gateway) when it should not be, it has already been answered.
How come the box received the redirect ICMP packet when the IP address is on the OpenVPN gateway ?
What I am doing wrong ?
Top
Hamilleton
OpenVpn Newbie
Posts: 4
Joined: Tue Feb 22, 2022 3:31 am

Re: Why can't I ping the local address of my OpenVPN gateway ?

Post by Hamilleton » Thu Feb 24, 2022 8:39 am

Maybe try drawing a network topology diagram first? It kinda difficult to follow the network setup and problem just by glances at the texts.
Top
cousinhub
OpenVpn Newbie
Posts: 11
Joined: Tue Jan 26, 2016 7:48 am

Re: Why can't I ping the local address of my OpenVPN gateway ?

Post by cousinhub » Thu Feb 24, 2022 9:41 am

So my problem is
All machines on the VPN can ping anything (including 192.168.5.201) apart from 192.168.6.202 which can only be pinged from its own local network.
All others 192.168.6.x can be pinged from anywhere.
The only way to reach the OpenVPN client-gateway is to use 192.168.253.202. To my guess, it means that there is something wrong somewhere and I do not want to leave it like that.
Here is the diagram
Image
Top
cousinhub
OpenVpn Newbie
Posts: 11
Joined: Tue Jan 26, 2016 7:48 am

Re: Why can't I ping the local address of my OpenVPN gateway ?

Post by cousinhub » Wed Mar 02, 2022 9:49 am

Nobody has an idea ?
I have done a little more detailed tcpdump on the NAS client gateway, it is very surprising : it is the answer from 192.168.6.202 to 192.168.5.109 which is redirected to gateway 192.168.6.1 dev eth0 (id 24879). But I have clearly a route to 192.168.5.0/24 via 192.168.253.1 dev tun0.
Is it possible that there is a bug somewhere in OpenVPN Client ?
It does not happen in the OpenVPN server.
I carry on trying to solve it but any help will be more than welcomed.

Code: Select all

tcpdump
07:59:01.731479 IP (tos 0x0, ttl 126, id 10264, offset 0, flags [none], proto ICMP (1), length 60)
    192.168.5.109 > 192.168.6.202: ICMP echo request, id 1, seq 108, length 40
07:59:01.731566 IP (tos 0x0, ttl 64, id 24879, offset 0, flags [none], proto ICMP (1), length 60)
    192.168.6.202 > 192.168.5.109: ICMP echo reply, id 1, seq 108, length 40
07:59:01.731926 IP (tos 0xc0, ttl 64, id 9697, offset 0, flags [none], proto ICMP (1), length 88)
    192.168.6.1 > 192.168.6.202: ICMP redirect 192.168.5.109 to host 192.168.6.202, length 68
	IP (tos 0x0, ttl 63, id 24879, offset 0, flags [none], proto ICMP (1), length 60)
    192.168.6.202 > 192.168.5.109: ICMP echo reply, id 1, seq 108, length 40
07:59:01.732125 IP (tos 0x0, ttl 63, id 24879, offset 0, flags [none], proto ICMP (1), length 60)
    192.168.6.202 > 192.168.5.109: ICMP echo reply, id 1, seq 108, length 40

Code: Select all

ip route show
192.168.6.0/24 dev eth0  proto kernel  scope link  src 192.168.6.202
192.168.5.0/24 via 192.168.253.1 dev tun0
192.168.253.0/24 dev tun0  proto kernel  scope link  src 192.168.253.202
default via 192.168.6.1 dev eth0  src 192.168.6.202
Top
TinCanTech
OpenVPN Protagonist
Posts: 11139
Joined: Fri Jun 03, 2016 1:17 pm

Re: Why can't I ping the local address of my OpenVPN gateway ?

Post by TinCanTech » Wed Mar 02, 2022 3:46 pm

cousinhub wrote:
Mon Feb 14, 2022 7:53 am
 between Office , Home and Internet rented dedicated servers
If all else fails then you can contact me privately tincantech at protonmail dot com (Fees will apply)
Top
cousinhub
OpenVpn Newbie
Posts: 11
Joined: Tue Jan 26, 2016 7:48 am

Re: Why can't I ping the local address of my OpenVPN gateway ?

Post by cousinhub » Wed Mar 02, 2022 4:55 pm

To TinCanTech;
Sorry, you told me that I have not read such and such, when I had done, made me work quite a long time to supply information you ask for.
You have not answered one single question I asked so far.
The only suggestion you made was 100% wrong that it was due to a firewall when it was clear with the information that I had already supplied that no firewall could have done this.
And now you are telling me you want to get paid. What for ?
I thought I was speaking with a community. Quite disappointed.
Top
TinCanTech
OpenVPN Protagonist
Posts: 11139
Joined: Fri Jun 03, 2016 1:17 pm

Re: Why can't I ping the local address of my OpenVPN gateway ?

Post by TinCanTech » Wed Mar 02, 2022 5:00 pm

You have a complicated network issue, if you want help solving that then hire somebody who knows how a network works.

As for your VPNs, OpenVPN is doing what you asked it to.

Your question has been up for over two weeks, I am simply offering you an alternate route to a solution.
Top
cousinhub
OpenVpn Newbie
Posts: 11
Joined: Tue Jan 26, 2016 7:48 am

Re: Why can't I ping the local address of my OpenVPN gateway ?

Post by cousinhub » Thu Mar 03, 2022 8:45 am

Found it, I took the time to invert server and client and the problem was still on the same Synology machine which was now acting as a server.
On Synology : in DSM Control Panels -> Network -> Lan interface -> Advanced parameters, there is a parameter "Enable multiple gateways" which add a default route to the Lan Gateway in a specific routing table. In my case, this "hidden" route which you can only see with "ip route show table all" was causing the problem.
Unchecking it solved my problem and seemed to accelerate my pings by a few ms.
Maybe that will help someone one day.
Top
cousinhub
OpenVpn Newbie
Posts: 11
Joined: Tue Jan 26, 2016 7:48 am

Re: Why can't I ping the local address of my OpenVPN gateway ?

Post by cousinhub » Thu Mar 03, 2022 8:52 am

One last comment before closing the subject, I have nothing against you, TinCanTech, but I find very strange that a moderator of support forum of a community software edition offers payed support. I really think that if you want to offer these kind of services, there is nothing wrong about that but you should not be member of the "Forum Team".
Top
300000
OpenVPN Expert
Posts: 685
Joined: Tue May 01, 2012 9:30 pm

Re: Why can't I ping the local address of my OpenVPN gateway ?

Post by 300000 » Thu Mar 03, 2022 12:31 pm

You need create a folder name CCD and inside that folder create a file name as name of certificate of client NAS openvpn client.

Open that file name then plase in into it

iroute 192.168.6.9 255.255.255.0

At the moment your server dont have any infor how to route back to client network so you cant ping back any machine on client side. After this you can ping all machine and it shoul work for you.

You should research on how to use iroute as it will make and open pn point of connect become node so it is very quickly to deal and simple to correct it


Please make ipforward and NAT routing as you do in server on client side . You must do it in order to make it work for you
Top
cousinhub
OpenVpn Newbie
Posts: 11
Joined: Tue Jan 26, 2016 7:48 am

Re: Why can't I ping the local address of my OpenVPN gateway ?

Post by cousinhub » Thu Mar 03, 2022 1:34 pm

What ? Out of subject, you did not even read all of it before answering. Of course all that was done before even posting my first message.
How could I have ping the other machines if that was not the case ?
I said that I found the solution...
Top
TinCanTech
OpenVPN Protagonist
Posts: 11139
Joined: Fri Jun 03, 2016 1:17 pm

Re: Why can't I ping the local address of my OpenVPN gateway ?

Post by TinCanTech » Thu Mar 03, 2022 2:41 pm

cousinhub wrote:
Thu Mar 03, 2022 8:52 am
 One last comment before closing the subject, I have nothing against you, TinCanTech, but I find very strange that a moderator of support forum of a community software edition offers payed support. I really think that if you want to offer these kind of services, there is nothing wrong about that but you should not be member of the "Forum Team".
You run a company and you come here for free help with your network.

I find it very strange that people who run companies are so naive as to think they can get technical support for free.
Top
cousinhub
OpenVpn Newbie
Posts: 11
Joined: Tue Jan 26, 2016 7:48 am

Re: Why can't I ping the local address of my OpenVPN gateway ?

Post by cousinhub » Thu Mar 03, 2022 3:45 pm

I am not naïve at all. You juge people without knowing anything.
I run such a big company. I am alone !
I am obliged to sometimes buy a few software but I can hardly live on what I earn.
Please forgive to have dare asking a few questions on a public support forum (at least that's what the header says) which you have not answered but only kept being judgmental.
I am going now to juge you as well, you really look like taking advantage of your position as a forum moderator to gain contracts.
I wonder if that is the rule for this forum.

At last please note my last post :
I shared the solution adding "Maybe that will help someone one day".
Top
TinCanTech
OpenVPN Protagonist
Posts: 11139
Joined: Fri Jun 03, 2016 1:17 pm

Re: Why can't I ping the local address of my OpenVPN gateway ?

Post by TinCanTech » Thu Mar 03, 2022 4:06 pm

You simply do not understand, your problem was complex and not even related to openvpn.

I volunteer to help with openvpn where I can and if I want to..

I helped you and then it became clear that this was not a problem with openvpn.

So I offered you the choice to hire me to help, just like in the real world.
Top
Locked

Return to “Configuration”