I'm coming back here for continuity.
After getting the nameservers to work I then looked into resolving an issue which I believed related to keepalive. That issue was resolved in
viewtopic.php?f=4&t=28018 but it flagged another issue which seems to be specific to linux (debian. Raspbian, Ubuntu) distributions and which became highlighted after TinCanTech shoved me over the line as indicated in post #3
It seems that the linux client functionality has a few issues which hopefully I can shake out in this thread. First of all my config files.
server.conf
Code: Select all
port 1194
proto udp
dev tun
user nobody
group nogroup
persist-key
persist-tun
keepalive 10 120
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
push "redirect-gateway def1 bypass-dhcp"
dh none
ecdh-curve prime256v1
tls-crypt tls-crypt.key 0
crl-verify crl.pem
ca ca.crt
cert server_baOUcI0m0z2674zq.crt
key server_baOUcI0m0z2674zq.key
auth SHA256
cipher AES-128-GCM
ncp-ciphers AES-128-GCM
tls-server
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
status /var/log/openvpn/status.log
verb 4
russell.ovpn
Code: Select all
client
proto udp
remote 159.69.7.156 1194
dev tun
resolv-retry infinite
nobind
persist-key
#persist-tun
remote-cert-tls server
verify-x509-name server_baOUcI0m0z2674zq name
auth SHA256
auth-nocache
cipher AES-128-GCM
tls-client
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
#setenv opt block-outside-dns # Prevent Windows 10 DNS leak
verb 3
script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
And the output of my client when set to verb 4 (It took 6 minutes to reconnect after briefly switching off the wifi...)
Code: Select all
Fri Mar 8 11:09:34 2019 us=407615 Current Parameter Settings:
Fri Mar 8 11:09:34 2019 us=408054 config = '/etc/openvpn/russell.ovpn'
Fri Mar 8 11:09:34 2019 us=408138 mode = 0
Fri Mar 8 11:09:34 2019 us=408313 persist_config = DISABLED
Fri Mar 8 11:09:34 2019 us=408379 persist_mode = 1
Fri Mar 8 11:09:34 2019 us=408441 show_ciphers = DISABLED
Fri Mar 8 11:09:34 2019 us=408542 show_digests = DISABLED
Fri Mar 8 11:09:34 2019 us=408605 show_engines = DISABLED
Fri Mar 8 11:09:34 2019 us=408668 genkey = DISABLED
Fri Mar 8 11:09:34 2019 us=408731 key_pass_file = '[UNDEF]'
Fri Mar 8 11:09:34 2019 us=408794 show_tls_ciphers = DISABLED
Fri Mar 8 11:09:34 2019 us=408859 connect_retry_max = 0
Fri Mar 8 11:09:34 2019 us=408923 Connection profiles [0]:
Fri Mar 8 11:09:34 2019 us=408988 proto = udp
Fri Mar 8 11:09:34 2019 us=409050 local = '[UNDEF]'
Fri Mar 8 11:09:34 2019 us=409113 local_port = '[UNDEF]'
Fri Mar 8 11:09:34 2019 us=409175 remote = '159.69.7.156'
Fri Mar 8 11:09:34 2019 us=409237 remote_port = '1194'
Fri Mar 8 11:09:34 2019 us=409299 remote_float = DISABLED
Fri Mar 8 11:09:34 2019 us=409362 bind_defined = DISABLED
Fri Mar 8 11:09:34 2019 us=409424 bind_local = DISABLED
Fri Mar 8 11:09:34 2019 us=409486 bind_ipv6_only = DISABLED
Fri Mar 8 11:09:34 2019 us=409549 connect_retry_seconds = 5
Fri Mar 8 11:09:34 2019 us=409611 connect_timeout = 120
Fri Mar 8 11:09:34 2019 us=409673 socks_proxy_server = '[UNDEF]'
Fri Mar 8 11:09:34 2019 us=409736 socks_proxy_port = '[UNDEF]'
Fri Mar 8 11:09:34 2019 us=409799 tun_mtu = 1500
Fri Mar 8 11:09:34 2019 us=409861 tun_mtu_defined = ENABLED
Fri Mar 8 11:09:34 2019 us=409924 link_mtu = 1500
Fri Mar 8 11:09:34 2019 us=409985 link_mtu_defined = DISABLED
Fri Mar 8 11:09:34 2019 us=410048 tun_mtu_extra = 0
Fri Mar 8 11:09:34 2019 us=410110 tun_mtu_extra_defined = DISABLED
Fri Mar 8 11:09:34 2019 us=410173 mtu_discover_type = -1
Fri Mar 8 11:09:34 2019 us=410236 fragment = 0
Fri Mar 8 11:09:34 2019 us=410298 mssfix = 1450
Fri Mar 8 11:09:34 2019 us=410360 explicit_exit_notification = 0
Fri Mar 8 11:09:34 2019 us=410424 Connection profiles END
Fri Mar 8 11:09:34 2019 us=410486 remote_random = DISABLED
Fri Mar 8 11:09:34 2019 us=410548 ipchange = '[UNDEF]'
Fri Mar 8 11:09:34 2019 us=410609 dev = 'tun'
Fri Mar 8 11:09:34 2019 us=410673 dev_type = '[UNDEF]'
Fri Mar 8 11:09:34 2019 us=410736 dev_node = '[UNDEF]'
Fri Mar 8 11:09:34 2019 us=410798 lladdr = '[UNDEF]'
Fri Mar 8 11:09:34 2019 us=410862 topology = 1
Fri Mar 8 11:09:34 2019 us=410923 ifconfig_local = '[UNDEF]'
Fri Mar 8 11:09:34 2019 us=410990 ifconfig_remote_netmask = '[UNDEF]'
Fri Mar 8 11:09:34 2019 us=411053 ifconfig_noexec = DISABLED
Fri Mar 8 11:09:34 2019 us=411115 ifconfig_nowarn = DISABLED
Fri Mar 8 11:09:34 2019 us=411180 ifconfig_ipv6_local = '[UNDEF]'
Fri Mar 8 11:09:34 2019 us=411243 ifconfig_ipv6_netbits = 0
Fri Mar 8 11:09:34 2019 us=411307 ifconfig_ipv6_remote = '[UNDEF]'
Fri Mar 8 11:09:34 2019 us=411372 shaper = 0
Fri Mar 8 11:09:34 2019 us=411434 mtu_test = 0
Fri Mar 8 11:09:34 2019 us=411495 mlock = DISABLED
Fri Mar 8 11:09:34 2019 us=411558 keepalive_ping = 0
Fri Mar 8 11:09:34 2019 us=411620 keepalive_timeout = 0
Fri Mar 8 11:09:34 2019 us=411684 inactivity_timeout = 0
Fri Mar 8 11:09:34 2019 us=411746 ping_send_timeout = 0
Fri Mar 8 11:09:34 2019 us=411809 ping_rec_timeout = 0
Fri Mar 8 11:09:34 2019 us=411873 ping_rec_timeout_action = 0
Fri Mar 8 11:09:34 2019 us=411936 ping_timer_remote = DISABLED
Fri Mar 8 11:09:34 2019 us=412000 remap_sigusr1 = 0
Fri Mar 8 11:09:34 2019 us=412062 persist_tun = DISABLED
Fri Mar 8 11:09:34 2019 us=412124 persist_local_ip = DISABLED
Fri Mar 8 11:09:34 2019 us=412189 persist_remote_ip = DISABLED
Fri Mar 8 11:09:34 2019 us=412250 persist_key = ENABLED
Fri Mar 8 11:09:34 2019 us=412312 passtos = DISABLED
Fri Mar 8 11:09:34 2019 us=412376 resolve_retry_seconds = 1000000000
Fri Mar 8 11:09:34 2019 us=412439 resolve_in_advance = DISABLED
Fri Mar 8 11:09:34 2019 us=412502 username = '[UNDEF]'
Fri Mar 8 11:09:34 2019 us=412565 groupname = '[UNDEF]'
Fri Mar 8 11:09:34 2019 us=412626 chroot_dir = '[UNDEF]'
Fri Mar 8 11:09:34 2019 us=412687 cd_dir = '[UNDEF]'
Fri Mar 8 11:09:34 2019 us=412749 writepid = '[UNDEF]'
Fri Mar 8 11:09:34 2019 us=412810 up_script = '/etc/openvpn/update-resolv-conf'
Fri Mar 8 11:09:34 2019 us=412873 down_script = '/etc/openvpn/update-resolv-conf'
Fri Mar 8 11:09:34 2019 us=412935 down_pre = DISABLED
Fri Mar 8 11:09:34 2019 us=412996 up_restart = DISABLED
Fri Mar 8 11:09:34 2019 us=413056 up_delay = DISABLED
Fri Mar 8 11:09:34 2019 us=413116 daemon = DISABLED
Fri Mar 8 11:09:34 2019 us=413176 inetd = 0
Fri Mar 8 11:09:34 2019 us=413235 log = DISABLED
Fri Mar 8 11:09:34 2019 us=413296 suppress_timestamps = DISABLED
Fri Mar 8 11:09:34 2019 us=413403 machine_readable_output = DISABLED
Fri Mar 8 11:09:34 2019 us=413464 nice = 0
Fri Mar 8 11:09:34 2019 us=413525 verbosity = 4
Fri Mar 8 11:09:34 2019 us=413586 mute = 0
Fri Mar 8 11:09:34 2019 us=413646 gremlin = 0
Fri Mar 8 11:09:34 2019 us=413706 status_file = '[UNDEF]'
Fri Mar 8 11:09:34 2019 us=413768 status_file_version = 1
Fri Mar 8 11:09:34 2019 us=413830 status_file_update_freq = 60
Fri Mar 8 11:09:34 2019 us=413891 occ = ENABLED
Fri Mar 8 11:09:34 2019 us=413951 rcvbuf = 0
Fri Mar 8 11:09:34 2019 us=414010 sndbuf = 0
Fri Mar 8 11:09:34 2019 us=414070 mark = 0
Fri Mar 8 11:09:34 2019 us=414130 sockflags = 0
Fri Mar 8 11:09:34 2019 us=414189 fast_io = DISABLED
Fri Mar 8 11:09:34 2019 us=414249 comp.alg = 0
Fri Mar 8 11:09:34 2019 us=414310 comp.flags = 0
Fri Mar 8 11:09:34 2019 us=414370 route_script = '[UNDEF]'
Fri Mar 8 11:09:34 2019 us=414431 route_default_gateway = '[UNDEF]'
Fri Mar 8 11:09:34 2019 us=414495 route_default_metric = 0
Fri Mar 8 11:09:34 2019 us=414557 route_noexec = DISABLED
Fri Mar 8 11:09:34 2019 us=414619 route_delay = 0
Fri Mar 8 11:09:34 2019 us=414681 route_delay_window = 30
Fri Mar 8 11:09:34 2019 us=414742 route_delay_defined = DISABLED
Fri Mar 8 11:09:34 2019 us=414806 route_nopull = DISABLED
Fri Mar 8 11:09:34 2019 us=414867 route_gateway_via_dhcp = DISABLED
Fri Mar 8 11:09:34 2019 us=414931 allow_pull_fqdn = DISABLED
Fri Mar 8 11:09:34 2019 us=414996 management_addr = '[UNDEF]'
Fri Mar 8 11:09:34 2019 us=415059 management_port = '[UNDEF]'
Fri Mar 8 11:09:34 2019 us=415123 management_user_pass = '[UNDEF]'
Fri Mar 8 11:09:34 2019 us=415186 management_log_history_cache = 250
Fri Mar 8 11:09:34 2019 us=415248 management_echo_buffer_size = 100
Fri Mar 8 11:09:34 2019 us=415312 management_write_peer_info_file = '[UNDEF]'
Fri Mar 8 11:09:34 2019 us=415377 management_client_user = '[UNDEF]'
Fri Mar 8 11:09:34 2019 us=415470 management_client_group = '[UNDEF]'
Fri Mar 8 11:09:34 2019 us=415563 management_flags = 0
Fri Mar 8 11:09:34 2019 us=415626 shared_secret_file = '[UNDEF]'
Fri Mar 8 11:09:34 2019 us=415688 key_direction = 0
Fri Mar 8 11:09:34 2019 us=415749 ciphername = 'AES-128-GCM'
Fri Mar 8 11:09:34 2019 us=415811 ncp_enabled = ENABLED
Fri Mar 8 11:09:34 2019 us=415873 ncp_ciphers = 'AES-256-GCM:AES-128-GCM'
Fri Mar 8 11:09:34 2019 us=415936 authname = 'SHA256'
Fri Mar 8 11:09:34 2019 us=415997 prng_hash = 'SHA1'
Fri Mar 8 11:09:34 2019 us=416059 prng_nonce_secret_len = 16
Fri Mar 8 11:09:34 2019 us=416121 keysize = 0
Fri Mar 8 11:09:34 2019 us=416182 engine = DISABLED
Fri Mar 8 11:09:34 2019 us=416247 replay = ENABLED
Fri Mar 8 11:09:34 2019 us=416309 mute_replay_warnings = DISABLED
Fri Mar 8 11:09:34 2019 us=416578 replay_window = 64
Fri Mar 8 11:09:34 2019 us=416655 replay_time = 15
Fri Mar 8 11:09:34 2019 us=416717 packet_id_file = '[UNDEF]'
Fri Mar 8 11:09:34 2019 us=416780 use_iv = ENABLED
Fri Mar 8 11:09:34 2019 us=416841 test_crypto = DISABLED
Fri Mar 8 11:09:34 2019 us=416902 tls_server = DISABLED
Fri Mar 8 11:09:34 2019 us=416963 tls_client = ENABLED
Fri Mar 8 11:09:34 2019 us=417026 key_method = 2
Fri Mar 8 11:09:34 2019 us=417086 ca_file = '[[INLINE]]'
Fri Mar 8 11:09:34 2019 us=417147 ca_path = '[UNDEF]'
Fri Mar 8 11:09:34 2019 us=417207 dh_file = '[UNDEF]'
Fri Mar 8 11:09:34 2019 us=417268 cert_file = '[[INLINE]]'
Fri Mar 8 11:09:34 2019 us=417330 extra_certs_file = '[UNDEF]'
Fri Mar 8 11:09:34 2019 us=417393 priv_key_file = '[[INLINE]]'
Fri Mar 8 11:09:34 2019 us=417457 pkcs12_file = '[UNDEF]'
Fri Mar 8 11:09:34 2019 us=417520 cipher_list = 'TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256'
Fri Mar 8 11:09:34 2019 us=417585 tls_verify = '[UNDEF]'
Fri Mar 8 11:09:34 2019 us=417647 tls_export_cert = '[UNDEF]'
Fri Mar 8 11:09:34 2019 us=417709 verify_x509_type = 2
Fri Mar 8 11:09:34 2019 us=417773 verify_x509_name = 'server_baOUcI0m0z2674zq'
Fri Mar 8 11:09:34 2019 us=417839 crl_file = '[UNDEF]'
Fri Mar 8 11:09:34 2019 us=417900 ns_cert_type = 0
Fri Mar 8 11:09:34 2019 us=417962 remote_cert_ku[i] = 160
Fri Mar 8 11:09:34 2019 us=418023 remote_cert_ku[i] = 136
Fri Mar 8 11:09:34 2019 us=418085 remote_cert_ku[i] = 0
<snip>
Fri Mar 8 11:09:34 2019 us=418876 remote_cert_ku[i] = 0
Fri Mar 8 11:09:34 2019 us=418938 remote_cert_eku = 'TLS Web Server Authentication'
Fri Mar 8 11:09:34 2019 us=419003 ssl_flags = 192
Fri Mar 8 11:09:34 2019 us=419064 tls_timeout = 2
Fri Mar 8 11:09:34 2019 us=419126 renegotiate_bytes = -1
Fri Mar 8 11:09:34 2019 us=419186 renegotiate_packets = 0
Fri Mar 8 11:09:34 2019 us=419248 renegotiate_seconds = 3600
Fri Mar 8 11:09:34 2019 us=419309 handshake_window = 60
Fri Mar 8 11:09:34 2019 us=419372 transition_window = 3600
Fri Mar 8 11:09:34 2019 us=419433 single_session = DISABLED
Fri Mar 8 11:09:34 2019 us=419493 push_peer_info = DISABLED
Fri Mar 8 11:09:34 2019 us=419554 tls_exit = DISABLED
Fri Mar 8 11:09:34 2019 us=419615 tls_auth_file = '[UNDEF]'
Fri Mar 8 11:09:34 2019 us=419677 tls_crypt_file = '[[INLINE]]'
Fri Mar 8 11:09:34 2019 us=419740 pkcs11_protected_authentication = DISABLED
<snip>
Fri Mar 8 11:09:34 2019 us=420686 pkcs11_protected_authentication = DISABLED
Fri Mar 8 11:09:34 2019 us=420751 pkcs11_private_mode = 00000000
<snip>
Fri Mar 8 11:09:34 2019 us=421691 pkcs11_private_mode = 00000000
Fri Mar 8 11:09:34 2019 us=421753 pkcs11_cert_private = DISABLED
Fri Mar 8 11:09:34 2019 us=421815 pkcs11_cert_private = DISABLED
<snip>
Fri Mar 8 11:09:34 2019 us=422679 pkcs11_cert_private = DISABLED
Fri Mar 8 11:09:34 2019 us=422740 pkcs11_pin_cache_period = -1
Fri Mar 8 11:09:34 2019 us=422802 pkcs11_id = '[UNDEF]'
Fri Mar 8 11:09:34 2019 us=422863 pkcs11_id_management = DISABLED
Fri Mar 8 11:09:34 2019 us=423032 server_network = 0.0.0.0
Fri Mar 8 11:09:34 2019 us=423156 server_netmask = 0.0.0.0
Fri Mar 8 11:09:34 2019 us=423229 server_network_ipv6 = ::
Fri Mar 8 11:09:34 2019 us=423293 server_netbits_ipv6 = 0
Fri Mar 8 11:09:34 2019 us=423361 server_bridge_ip = 0.0.0.0
Fri Mar 8 11:09:34 2019 us=423431 server_bridge_netmask = 0.0.0.0
Fri Mar 8 11:09:34 2019 us=423501 server_bridge_pool_start = 0.0.0.0
Fri Mar 8 11:09:34 2019 us=423570 server_bridge_pool_end = 0.0.0.0
Fri Mar 8 11:09:34 2019 us=423633 ifconfig_pool_defined = DISABLED
Fri Mar 8 11:09:34 2019 us=423703 ifconfig_pool_start = 0.0.0.0
Fri Mar 8 11:09:34 2019 us=423771 ifconfig_pool_end = 0.0.0.0
Fri Mar 8 11:09:34 2019 us=423840 ifconfig_pool_netmask = 0.0.0.0
Fri Mar 8 11:09:34 2019 us=423903 ifconfig_pool_persist_filename = '[UNDEF]'
Fri Mar 8 11:09:34 2019 us=423967 ifconfig_pool_persist_refresh_freq = 600
Fri Mar 8 11:09:34 2019 us=424031 ifconfig_ipv6_pool_defined = DISABLED
Fri Mar 8 11:09:34 2019 us=424098 ifconfig_ipv6_pool_base = ::
Fri Mar 8 11:09:34 2019 us=424161 ifconfig_ipv6_pool_netbits = 0
Fri Mar 8 11:09:34 2019 us=424224 n_bcast_buf = 256
Fri Mar 8 11:09:34 2019 us=424285 tcp_queue_limit = 64
Fri Mar 8 11:09:34 2019 us=424346 real_hash_size = 256
Fri Mar 8 11:09:34 2019 us=424408 virtual_hash_size = 256
Fri Mar 8 11:09:34 2019 us=424469 client_connect_script = '[UNDEF]'
Fri Mar 8 11:09:34 2019 us=424532 learn_address_script = '[UNDEF]'
Fri Mar 8 11:09:34 2019 us=424595 client_disconnect_script = '[UNDEF]'
Fri Mar 8 11:09:34 2019 us=424657 client_config_dir = '[UNDEF]'
Fri Mar 8 11:09:34 2019 us=424719 ccd_exclusive = DISABLED
Fri Mar 8 11:09:34 2019 us=424780 tmp_dir = '/tmp'
Fri Mar 8 11:09:34 2019 us=424844 push_ifconfig_defined = DISABLED
Fri Mar 8 11:09:34 2019 us=424912 push_ifconfig_local = 0.0.0.0
Fri Mar 8 11:09:34 2019 us=424981 push_ifconfig_remote_netmask = 0.0.0.0
Fri Mar 8 11:09:34 2019 us=425045 push_ifconfig_ipv6_defined = DISABLED
Fri Mar 8 11:09:34 2019 us=425113 push_ifconfig_ipv6_local = ::/0
Fri Mar 8 11:09:34 2019 us=425179 push_ifconfig_ipv6_remote = ::
Fri Mar 8 11:09:34 2019 us=425241 enable_c2c = DISABLED
Fri Mar 8 11:09:34 2019 us=425302 duplicate_cn = DISABLED
Fri Mar 8 11:09:34 2019 us=425363 cf_max = 0
Fri Mar 8 11:09:34 2019 us=425424 cf_per = 0
Fri Mar 8 11:09:34 2019 us=425484 max_clients = 1024
Fri Mar 8 11:09:34 2019 us=425545 max_routes_per_client = 256
Fri Mar 8 11:09:34 2019 us=425608 auth_user_pass_verify_script = '[UNDEF]'
Fri Mar 8 11:09:34 2019 us=425671 auth_user_pass_verify_script_via_file = DISABLED
Fri Mar 8 11:09:34 2019 us=425734 auth_token_generate = DISABLED
Fri Mar 8 11:09:34 2019 us=425798 auth_token_lifetime = 0
Fri Mar 8 11:09:34 2019 us=425859 port_share_host = '[UNDEF]'
Fri Mar 8 11:09:34 2019 us=425921 port_share_port = '[UNDEF]'
Fri Mar 8 11:09:34 2019 us=425982 client = ENABLED
Fri Mar 8 11:09:34 2019 us=426043 pull = ENABLED
Fri Mar 8 11:09:34 2019 us=426105 auth_user_pass_file = '[UNDEF]'
Fri Mar 8 11:09:34 2019 us=426175 OpenVPN 2.4.0 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Oct 14 2018
Fri Mar 8 11:09:34 2019 us=426278 library versions: OpenSSL 1.0.2r 26 Feb 2019, LZO 2.08
Fri Mar 8 11:09:34 2019 us=427196 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Fri Mar 8 11:09:34 2019 us=432201 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Fri Mar 8 11:09:34 2019 us=432388 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Fri Mar 8 11:09:34 2019 us=432476 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Fri Mar 8 11:09:34 2019 us=432563 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Fri Mar 8 11:09:34 2019 us=432932 Control Channel MTU parms [ L:1621 D:1156 EF:94 EB:0 ET:0 EL:3 ]
Fri Mar 8 11:09:34 2019 us=433084 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
Fri Mar 8 11:09:34 2019 us=433236 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1549,tun-mtu 1500,proto UDPv4,cipher AES-128-GCM,auth [null-digest],keysize 128,key-method 2,tls-client'
Fri Mar 8 11:09:34 2019 us=433304 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1549,tun-mtu 1500,proto UDPv4,cipher AES-128-GCM,auth [null-digest],keysize 128,key-method 2,tls-server'
Fri Mar 8 11:09:34 2019 us=433399 TCP/UDP: Preserving recently used remote address: [AF_INET]159.69.7.156:1194
Fri Mar 8 11:09:34 2019 us=433521 Socket Buffers: R=[163840->163840] S=[163840->163840]
Fri Mar 8 11:09:34 2019 us=433586 UDP link local: (not bound)
Fri Mar 8 11:09:34 2019 us=433656 UDP link remote: [AF_INET]159.69.7.156:1194
Fri Mar 8 11:09:34 2019 us=472458 TLS: Initial packet from [AF_INET]159.69.7.156:1194, sid=d25d54e6 6417c535
Fri Mar 8 11:09:34 2019 us=525092 VERIFY OK: depth=1, CN=cn_W0ulBoBQjyXgMUEw
Fri Mar 8 11:09:34 2019 us=530412 Validating certificate key usage
Fri Mar 8 11:09:34 2019 us=530554 ++ Certificate has key usage 00a0, expects 00a0
Fri Mar 8 11:09:34 2019 us=530592 VERIFY KU OK
Fri Mar 8 11:09:34 2019 us=530661 Validating certificate extended key usage
Fri Mar 8 11:09:34 2019 us=530772 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Fri Mar 8 11:09:34 2019 us=530814 VERIFY EKU OK
Fri Mar 8 11:09:34 2019 us=530841 VERIFY X509NAME OK: CN=server_baOUcI0m0z2674zq
Fri Mar 8 11:09:34 2019 us=530869 VERIFY OK: depth=0, CN=server_baOUcI0m0z2674zq
Fri Mar 8 11:09:34 2019 us=660282 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-ECDSA-AES128-GCM-SHA256
Fri Mar 8 11:09:34 2019 us=660415 [server_baOUcI0m0z2674zq] Peer Connection Initiated with [AF_INET]159.69.7.156:1194
Fri Mar 8 11:09:35 2019 us=808767 SENT CONTROL [server_baOUcI0m0z2674zq]: 'PUSH_REQUEST' (status=1)
Fri Mar 8 11:09:35 2019 us=847910 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,redirect-gateway def1 bypass-dhcp,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.8.0.2 255.255.255.0,peer-id 0,cipher AES-128-GCM'
Fri Mar 8 11:09:35 2019 us=848677 OPTIONS IMPORT: timers and/or timeouts modified
Fri Mar 8 11:09:35 2019 us=848860 OPTIONS IMPORT: --ifconfig/up options modified
Fri Mar 8 11:09:35 2019 us=848936 OPTIONS IMPORT: route options modified
Fri Mar 8 11:09:35 2019 us=849005 OPTIONS IMPORT: route-related options modified
Fri Mar 8 11:09:35 2019 us=849073 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Fri Mar 8 11:09:35 2019 us=849138 OPTIONS IMPORT: peer-id set
Fri Mar 8 11:09:35 2019 us=849201 OPTIONS IMPORT: adjusting link_mtu to 1624
Fri Mar 8 11:09:35 2019 us=849265 OPTIONS IMPORT: data channel crypto options modified
Fri Mar 8 11:09:35 2019 us=849393 Data Channel MTU parms [ L:1552 D:1450 EF:52 EB:406 ET:0 EL:3 ]
Fri Mar 8 11:09:35 2019 us=850128 Data Channel Encrypt: Cipher 'AES-128-GCM' initialized with 128 bit key
Fri Mar 8 11:09:35 2019 us=850331 Data Channel Decrypt: Cipher 'AES-128-GCM' initialized with 128 bit key
Fri Mar 8 11:09:35 2019 us=851167 ROUTE_GATEWAY 192.168.1.254/255.255.255.0 IFACE=wlan0 HWADDR=b8:27:eb:5c:71:46
Fri Mar 8 11:09:35 2019 us=853138 TUN/TAP device tun0 opened
Fri Mar 8 11:09:35 2019 us=853874 TUN/TAP TX queue length set to 100
Fri Mar 8 11:09:35 2019 us=854199 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Fri Mar 8 11:09:35 2019 us=854396 /sbin/ip link set dev tun0 up mtu 1500
Fri Mar 8 11:09:35 2019 us=869926 /sbin/ip addr add dev tun0 10.8.0.2/24 broadcast 10.8.0.255
Fri Mar 8 11:09:35 2019 us=883270 /etc/openvpn/update-resolv-conf tun0 1500 1552 10.8.0.2 255.255.255.0 init
dhcp-option DNS 8.8.8.8
dhcp-option DNS 8.8.4.4
Too few arguments.
Too few arguments.
Fri Mar 8 11:09:36 2019 us=30058 /sbin/ip route add 159.69.7.156/32 via 192.168.1.254
Fri Mar 8 11:09:36 2019 us=33171 /sbin/ip route add 0.0.0.0/1 via 10.8.0.1
Fri Mar 8 11:09:36 2019 us=43506 /sbin/ip route add 128.0.0.0/1 via 10.8.0.1
Fri Mar 8 11:09:36 2019 us=51810 Initialization Sequence Completed
Fri Mar 8 11:09:47 2019 us=219602 Recursive routing detected, drop tun packet to [AF_INET]159.69.7.156:1194
<snip>
Fri Mar 8 11:15:43 2019 us=995458 Recursive routing detected, drop tun packet to [AF_INET]159.69.7.156:1194
Fri Mar 8 11:15:44 2019 us=186497 [server_baOUcI0m0z2674zq] Inactivity timeout (--ping-restart), restarting
Fri Mar 8 11:15:44 2019 us=186937 TCP/UDP: Closing socket
Fri Mar 8 11:15:44 2019 us=187068 /sbin/ip route del 159.69.7.156/32
RTNETLINK answers: No such process
Fri Mar 8 11:15:44 2019 us=190059 ERROR: Linux route delete command failed: external program exited with error status: 2
Fri Mar 8 11:15:44 2019 us=190196 /sbin/ip route del 0.0.0.0/1
Fri Mar 8 11:15:44 2019 us=193257 /sbin/ip route del 128.0.0.0/1
Fri Mar 8 11:15:44 2019 us=196298 Closing TUN/TAP interface
Fri Mar 8 11:15:44 2019 us=196556 /sbin/ip addr del dev tun0 10.8.0.2/24
Fri Mar 8 11:15:44 2019 us=256649 /etc/openvpn/update-resolv-conf tun0 1500 1552 10.8.0.2 255.255.255.0 init
Too few arguments.
Too few arguments.
Fri Mar 8 11:15:44 2019 us=367017 SIGUSR1[soft,ping-restart] received, process restarting
Fri Mar 8 11:15:44 2019 us=367166 Restart pause, 5 second(s)
Fri Mar 8 11:15:49 2019 us=367367 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Fri Mar 8 11:15:49 2019 us=367552 Re-using SSL/TLS context
Fri Mar 8 11:15:49 2019 us=367970 Control Channel MTU parms [ L:1621 D:1156 EF:94 EB:0 ET:0 EL:3 ]
Fri Mar 8 11:15:49 2019 us=368110 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
Fri Mar 8 11:15:49 2019 us=368310 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1549,tun-mtu 1500,proto UDPv4,cipher AES-128-GCM,auth [null-digest],keysize 128,key-method 2,tls-client'
Fri Mar 8 11:15:49 2019 us=368384 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1549,tun-mtu 1500,proto UDPv4,cipher AES-128-GCM,auth [null-digest],keysize 128,key-method 2,tls-server'
Fri Mar 8 11:15:49 2019 us=368484 TCP/UDP: Preserving recently used remote address: [AF_INET]159.69.7.156:1194
Fri Mar 8 11:15:49 2019 us=368608 Socket Buffers: R=[163840->163840] S=[163840->163840]
Fri Mar 8 11:15:49 2019 us=368674 UDP link local: (not bound)
Fri Mar 8 11:15:49 2019 us=368747 UDP link remote: [AF_INET]159.69.7.156:1194
Fri Mar 8 11:15:49 2019 us=413864 TLS: Initial packet from [AF_INET]159.69.7.156:1194, sid=e10805d0 5c772b37
Fri Mar 8 11:15:49 2019 us=468788 VERIFY OK: depth=1, CN=cn_W0ulBoBQjyXgMUEw
Fri Mar 8 11:15:49 2019 us=474858 Validating certificate key usage
Fri Mar 8 11:15:49 2019 us=475067 ++ Certificate has key usage 00a0, expects 00a0
Fri Mar 8 11:15:49 2019 us=475175 VERIFY KU OK
Fri Mar 8 11:15:49 2019 us=475238 Validating certificate extended key usage
Fri Mar 8 11:15:49 2019 us=475278 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Fri Mar 8 11:15:49 2019 us=475309 VERIFY EKU OK
Fri Mar 8 11:15:49 2019 us=475335 VERIFY X509NAME OK: CN=server_baOUcI0m0z2674zq
Fri Mar 8 11:15:49 2019 us=475363 VERIFY OK: depth=0, CN=server_baOUcI0m0z2674zq
Fri Mar 8 11:15:49 2019 us=592489 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-ECDSA-AES128-GCM-SHA256
Fri Mar 8 11:15:49 2019 us=592648 [server_baOUcI0m0z2674zq] Peer Connection Initiated with [AF_INET]159.69.7.156:1194
Fri Mar 8 11:15:50 2019 us=805082 SENT CONTROL [server_baOUcI0m0z2674zq]: 'PUSH_REQUEST' (status=1)
Fri Mar 8 11:15:50 2019 us=848456 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,redirect-gateway def1 bypass-dhcp,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.8.0.2 255.255.255.0,peer-id 0,cipher AES-128-GCM'
Fri Mar 8 11:15:50 2019 us=849237 OPTIONS IMPORT: timers and/or timeouts modified
Fri Mar 8 11:15:50 2019 us=849458 OPTIONS IMPORT: --ifconfig/up options modified
Fri Mar 8 11:15:50 2019 us=849537 OPTIONS IMPORT: route options modified
Fri Mar 8 11:15:50 2019 us=849595 OPTIONS IMPORT: route-related options modified
Fri Mar 8 11:15:50 2019 us=849684 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Fri Mar 8 11:15:50 2019 us=849742 OPTIONS IMPORT: peer-id set
Fri Mar 8 11:15:50 2019 us=849798 OPTIONS IMPORT: adjusting link_mtu to 1624
Fri Mar 8 11:15:50 2019 us=849855 OPTIONS IMPORT: data channel crypto options modified
Fri Mar 8 11:15:50 2019 us=849973 Data Channel MTU parms [ L:1552 D:1450 EF:52 EB:406 ET:0 EL:3 ]
Fri Mar 8 11:15:50 2019 us=850701 Data Channel Encrypt: Cipher 'AES-128-GCM' initialized with 128 bit key
Fri Mar 8 11:15:50 2019 us=850846 Data Channel Decrypt: Cipher 'AES-128-GCM' initialized with 128 bit key
Fri Mar 8 11:15:50 2019 us=851674 ROUTE_GATEWAY 192.168.1.254/255.255.255.0 IFACE=wlan0 HWADDR=b8:27:eb:5c:71:46
Fri Mar 8 11:15:50 2019 us=853171 TUN/TAP device tun0 opened
Fri Mar 8 11:15:50 2019 us=853621 TUN/TAP TX queue length set to 100
Fri Mar 8 11:15:50 2019 us=853839 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Fri Mar 8 11:15:50 2019 us=854014 /sbin/ip link set dev tun0 up mtu 1500
Fri Mar 8 11:15:50 2019 us=869783 /sbin/ip addr add dev tun0 10.8.0.2/24 broadcast 10.8.0.255
Fri Mar 8 11:15:50 2019 us=882816 /etc/openvpn/update-resolv-conf tun0 1500 1552 10.8.0.2 255.255.255.0 init
dhcp-option DNS 8.8.8.8
dhcp-option DNS 8.8.4.4
Too few arguments.
Too few arguments.
Fri Mar 8 11:15:51 2019 us=47138 /sbin/ip route add 159.69.7.156/32 via 192.168.1.254
Fri Mar 8 11:15:51 2019 us=58299 /sbin/ip route add 0.0.0.0/1 via 10.8.0.1
Fri Mar 8 11:15:51 2019 us=64184 /sbin/ip route add 128.0.0.0/1 via 10.8.0.1
Fri Mar 8 11:15:51 2019 us=73179 Initialization Sequence Completed
I'm going to take a look at these links (which @Pippin pointed out) and will come back with any questions / test results
https://github.com/wknapik/vpnfailsafe/issues/23
https://forums.linuxmint.com/viewtopic.php?t=272446
https://github.com/angristan/openvpn-install/issues/149
https://bugs.debian.org/cgi-bin/bugrepo ... bug=881600
I'll be back...