This forum is for admins who are looking to build or expand their OpenVPN setup.
Moderators: TinCanTech , TinCanTech , TinCanTech , TinCanTech , TinCanTech , TinCanTech
doman
OpenVpn Newbie
Posts: 18 Joined: Mon Mar 20, 2017 2:51 pm
Post
by doman » Wed Jul 06, 2022 1:36 pm
As title says.
Windows with Openvpn Connect - can open links like https://cms.prod.int
Windows with Community openvpn - site not found
Ubuntu 20.04 + openvpn - site not found
View Original server.conf
server 10.1.1.0 255.255.255.0
verb 3
crl-verify /etc/openvpn/certs/crl.pem
key /etc/openvpn/certs/pki/private/server.key
ca /etc/openvpn/certs/pki/ca.crt
cert /etc/openvpn/certs/pki/issued/server.crt
dh /etc/openvpn/certs/pki/dh.pem
cipher AES-256-CBC
key-direction 0
keepalive 10 60
persist-key
persist-tun
proto udp
port 443
dev tun0
status /tmp/openvpn-status.log
user nobody
group nogroup
push "route 10.1.16.0 255.255.240.0"
push "route 10.1.16.0 255.255.240.0"
push "route 10.1.32.0 255.255.240.0"
push "dhcp-option DNS 10.1.32.10"
push "route 10.1.0.0 255.255.255.0"
push "route 1.2.3.4 255.255.255.255"
View Original client.conf
client
nobind
dev tun
remote vpn.mysite.com 443 udp
cipher AES-256-CBC
script-security 2
up /etc/openvpn/update-systemd-resolved
up-restart
down /etc/openvpn/update-systemd-resolved
down-pre
...(keys and certs)
Code: Select all
$ ls -la /etc/openvpn
drwxr-xr-x 2 root root 4096 lip 19 2021 client
-rw-r--r-- 1 root root 7432 lip 1 10:49 client.conf
drwxr-xr-x 2 root root 4096 lip 19 2021 server
-rwxr-xr-x 1 root root 1468 lip 19 2021 update-resolv-conf
-rwxr-xr-x 1 root root 12009 maj 19 2019 update-systemd-resolved
To show you the logs i stop openvpn@client service and run the file manually ....
Code: Select all
$ sudo openvpn Insync/dominik.panda@mycompany.com/ENVs/prod/vpn/client.ovpn
Wed Jul 6 15:28:52 2022 OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Mar 22 2022
Wed Jul 6 15:28:52 2022 library versions: OpenSSL 1.1.1f 31 Mar 2020, LZO 2.10
Wed Jul 6 15:28:52 2022 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Wed Jul 6 15:28:52 2022 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Wed Jul 6 15:28:52 2022 TCP/UDP: Preserving recently used remote address: [AF_INET]vpn.mysite.com:443
Wed Jul 6 15:28:52 2022 UDP link local: (not bound)
Wed Jul 6 15:28:52 2022 UDP link remote: [AF_INET]vpn.mysite.com:443
Wed Jul 6 15:28:53 2022 [server] Peer Connection Initiated with [AF_INET]vpn.mysite.com:443
Wed Jul 6 15:28:54 2022 TUN/TAP device tun0 opened
Wed Jul 6 15:28:54 2022 /sbin/ip link set dev tun0 up mtu 1500
Wed Jul 6 15:28:54 2022 /sbin/ip addr add dev tun0 local 10.1.1.26 peer 10.1.1.25
Wed Jul 6 15:28:54 2022 /etc/openvpn/update-systemd-resolved tun0 1500 1557 10.1.1.26 10.1.1.25 init
<14>Jul 6 15:28:54 update-systemd-resolved: Link 'tun0' coming up
<14>Jul 6 15:28:54 update-systemd-resolved: Adding IPv4 DNS Server 10.1.32.10
<14>Jul 6 15:28:54 update-systemd-resolved: SetLinkDNS(102 1 2 4 10 1 32 10)
RTNETLINK answers: File exists
Wed Jul 6 15:28:54 2022 ERROR: Linux route add command failed: external program exited with error status: 2
Wed Jul 6 15:28:54 2022 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
TinCanTech
OpenVPN Protagonist
Posts: 11137 Joined: Fri Jun 03, 2016 1:17 pm
Post
by TinCanTech » Thu Jul 07, 2022 1:50 am
Please use --topology subnet in your server config.
For debugging, use --verb 4
doman
OpenVpn Newbie
Posts: 18 Joined: Mon Mar 20, 2017 2:51 pm
Post
by doman » Thu Jul 07, 2022 12:47 pm
My supervisor disagreed to change topology. It claims thats my problem only (because others dont have this problem).
As workarround for now i used scripts like this
/etc/systemd/resolved.conf.d/myproject_qa.conf
Code: Select all
\[Resolve\]
DNS=10.3.32.10
Domains=qa.int
But anyway i paste the full connection log with --verb 4 parameter
Code: Select all
hu Jul 7 14:37:47 2022 us=422080 Current Parameter Settings:
Thu Jul 7 14:37:47 2022 us=422113 config = 'Insync/dominik.panda@mycompany/myproject/ENVs/prod/vpn/myproject-prod-panda.ovpn'
Thu Jul 7 14:37:47 2022 us=422117 mode = 0
Thu Jul 7 14:37:47 2022 us=422121 persist_config = DISABLED
Thu Jul 7 14:37:47 2022 us=422124 persist_mode = 1
Thu Jul 7 14:37:47 2022 us=422127 show_ciphers = DISABLED
Thu Jul 7 14:37:47 2022 us=422131 show_digests = DISABLED
Thu Jul 7 14:37:47 2022 us=422134 show_engines = DISABLED
Thu Jul 7 14:37:47 2022 us=422137 genkey = DISABLED
Thu Jul 7 14:37:47 2022 us=422140 key_pass_file = '[UNDEF]'
Thu Jul 7 14:37:47 2022 us=422143 show_tls_ciphers = DISABLED
Thu Jul 7 14:37:47 2022 us=422146 connect_retry_max = 0
Thu Jul 7 14:37:47 2022 us=422149 Connection profiles [0]:
Thu Jul 7 14:37:47 2022 us=422153 proto = udp
Thu Jul 7 14:37:47 2022 us=422156 local = '[UNDEF]'
Thu Jul 7 14:37:47 2022 us=422159 local_port = '[UNDEF]'
Thu Jul 7 14:37:47 2022 us=422162 remote = 'vpn.meine-myproject.de'
Thu Jul 7 14:37:47 2022 us=422165 remote_port = '443'
Thu Jul 7 14:37:47 2022 us=422169 remote_float = DISABLED
Thu Jul 7 14:37:47 2022 us=422172 bind_defined = DISABLED
Thu Jul 7 14:37:47 2022 us=422175 bind_local = DISABLED
Thu Jul 7 14:37:47 2022 us=422178 bind_ipv6_only = DISABLED
Thu Jul 7 14:37:47 2022 us=422181 connect_retry_seconds = 5
Thu Jul 7 14:37:47 2022 us=422184 connect_timeout = 120
Thu Jul 7 14:37:47 2022 us=422188 socks_proxy_server = '[UNDEF]'
Thu Jul 7 14:37:47 2022 us=422191 socks_proxy_port = '[UNDEF]'
Thu Jul 7 14:37:47 2022 us=422194 tun_mtu = 1500
Thu Jul 7 14:37:47 2022 us=422197 tun_mtu_defined = ENABLED
Thu Jul 7 14:37:47 2022 us=422200 link_mtu = 1500
Thu Jul 7 14:37:47 2022 us=422203 link_mtu_defined = DISABLED
Thu Jul 7 14:37:47 2022 us=422207 tun_mtu_extra = 0
Thu Jul 7 14:37:47 2022 us=422210 tun_mtu_extra_defined = DISABLED
Thu Jul 7 14:37:47 2022 us=422213 mtu_discover_type = -1
Thu Jul 7 14:37:47 2022 us=422216 fragment = 0
Thu Jul 7 14:37:47 2022 us=422219 mssfix = 1450
Thu Jul 7 14:37:47 2022 us=422222 explicit_exit_notification = 0
Thu Jul 7 14:37:47 2022 us=422226 Connection profiles END
Thu Jul 7 14:37:47 2022 us=422229 remote_random = DISABLED
Thu Jul 7 14:37:47 2022 us=422232 ipchange = '[UNDEF]'
Thu Jul 7 14:37:47 2022 us=422235 dev = 'tun'
Thu Jul 7 14:37:47 2022 us=422238 dev_type = '[UNDEF]'
Thu Jul 7 14:37:47 2022 us=422241 dev_node = '[UNDEF]'
Thu Jul 7 14:37:47 2022 us=422244 lladdr = '[UNDEF]'
Thu Jul 7 14:37:47 2022 us=422248 topology = 1
Thu Jul 7 14:37:47 2022 us=422251 ifconfig_local = '[UNDEF]'
Thu Jul 7 14:37:47 2022 us=422254 ifconfig_remote_netmask = '[UNDEF]'
Thu Jul 7 14:37:47 2022 us=422257 ifconfig_noexec = DISABLED
Thu Jul 7 14:37:47 2022 us=422260 ifconfig_nowarn = DISABLED
Thu Jul 7 14:37:47 2022 us=422263 ifconfig_ipv6_local = '[UNDEF]'
Thu Jul 7 14:37:47 2022 us=422266 ifconfig_ipv6_netbits = 0
Thu Jul 7 14:37:47 2022 us=422270 ifconfig_ipv6_remote = '[UNDEF]'
Thu Jul 7 14:37:47 2022 us=422273 shaper = 0
Thu Jul 7 14:37:47 2022 us=422276 mtu_test = 0
Thu Jul 7 14:37:47 2022 us=422279 mlock = DISABLED
Thu Jul 7 14:37:47 2022 us=422282 keepalive_ping = 0
Thu Jul 7 14:37:47 2022 us=422285 keepalive_timeout = 0
Thu Jul 7 14:37:47 2022 us=422288 inactivity_timeout = 0
Thu Jul 7 14:37:47 2022 us=422291 ping_send_timeout = 0
Thu Jul 7 14:37:47 2022 us=422294 ping_rec_timeout = 0
Thu Jul 7 14:37:47 2022 us=422298 ping_rec_timeout_action = 0
Thu Jul 7 14:37:47 2022 us=422301 ping_timer_remote = DISABLED
Thu Jul 7 14:37:47 2022 us=422304 remap_sigusr1 = 0
Thu Jul 7 14:37:47 2022 us=422307 persist_tun = DISABLED
Thu Jul 7 14:37:47 2022 us=422310 persist_local_ip = DISABLED
Thu Jul 7 14:37:47 2022 us=422313 persist_remote_ip = DISABLED
Thu Jul 7 14:37:47 2022 us=422316 persist_key = DISABLED
Thu Jul 7 14:37:47 2022 us=422320 passtos = DISABLED
Thu Jul 7 14:37:47 2022 us=422323 resolve_retry_seconds = 1000000000
Thu Jul 7 14:37:47 2022 us=422326 resolve_in_advance = DISABLED
Thu Jul 7 14:37:47 2022 us=422329 username = '[UNDEF]'
Thu Jul 7 14:37:47 2022 us=422332 groupname = '[UNDEF]'
Thu Jul 7 14:37:47 2022 us=422335 chroot_dir = '[UNDEF]'
Thu Jul 7 14:37:47 2022 us=422338 cd_dir = '[UNDEF]'
Thu Jul 7 14:37:47 2022 us=422341 writepid = '[UNDEF]'
Thu Jul 7 14:37:47 2022 us=422345 up_script = '/etc/openvpn/update-systemd-resolved'
Thu Jul 7 14:37:47 2022 us=422348 down_script = '/etc/openvpn/update-systemd-resolved'
Thu Jul 7 14:37:47 2022 us=422351 down_pre = ENABLED
Thu Jul 7 14:37:47 2022 us=422354 up_restart = ENABLED
Thu Jul 7 14:37:47 2022 us=422357 up_delay = DISABLED
Thu Jul 7 14:37:47 2022 us=422360 daemon = DISABLED
Thu Jul 7 14:37:47 2022 us=422363 inetd = 0
Thu Jul 7 14:37:47 2022 us=422366 log = DISABLED
Thu Jul 7 14:37:47 2022 us=422370 suppress_timestamps = DISABLED
Thu Jul 7 14:37:47 2022 us=422373 machine_readable_output = DISABLED
Thu Jul 7 14:37:47 2022 us=422376 nice = 0
Thu Jul 7 14:37:47 2022 us=422379 verbosity = 4
Thu Jul 7 14:37:47 2022 us=422382 mute = 0
Thu Jul 7 14:37:47 2022 us=422385 gremlin = 0
Thu Jul 7 14:37:47 2022 us=422388 status_file = '[UNDEF]'
Thu Jul 7 14:37:47 2022 us=422391 status_file_version = 1
Thu Jul 7 14:37:47 2022 us=422394 status_file_update_freq = 60
Thu Jul 7 14:37:47 2022 us=422398 occ = ENABLED
Thu Jul 7 14:37:47 2022 us=422401 rcvbuf = 0
Thu Jul 7 14:37:47 2022 us=422404 sndbuf = 0
Thu Jul 7 14:37:47 2022 us=422407 mark = 0
Thu Jul 7 14:37:47 2022 us=422410 sockflags = 0
Thu Jul 7 14:37:47 2022 us=422413 fast_io = DISABLED
Thu Jul 7 14:37:47 2022 us=422416 comp.alg = 0
Thu Jul 7 14:37:47 2022 us=422419 comp.flags = 0
Thu Jul 7 14:37:47 2022 us=422422 route_script = '[UNDEF]'
Thu Jul 7 14:37:47 2022 us=422426 route_default_gateway = '[UNDEF]'
Thu Jul 7 14:37:47 2022 us=422429 route_default_metric = 0
Thu Jul 7 14:37:47 2022 us=422432 route_noexec = DISABLED
Thu Jul 7 14:37:47 2022 us=422435 route_delay = 0
Thu Jul 7 14:37:47 2022 us=422438 route_delay_window = 30
Thu Jul 7 14:37:47 2022 us=422442 route_delay_defined = DISABLED
Thu Jul 7 14:37:47 2022 us=422445 route_nopull = DISABLED
Thu Jul 7 14:37:47 2022 us=422448 route_gateway_via_dhcp = DISABLED
Thu Jul 7 14:37:47 2022 us=422451 allow_pull_fqdn = DISABLED
Thu Jul 7 14:37:47 2022 us=422454 management_addr = '[UNDEF]'
Thu Jul 7 14:37:47 2022 us=422457 management_port = '[UNDEF]'
Thu Jul 7 14:37:47 2022 us=422460 management_user_pass = '[UNDEF]'
Thu Jul 7 14:37:47 2022 us=422464 management_log_history_cache = 250
Thu Jul 7 14:37:47 2022 us=422467 management_echo_buffer_size = 100
Thu Jul 7 14:37:47 2022 us=422470 management_write_peer_info_file = '[UNDEF]'
Thu Jul 7 14:37:47 2022 us=422473 management_client_user = '[UNDEF]'
Thu Jul 7 14:37:47 2022 us=422476 management_client_group = '[UNDEF]'
Thu Jul 7 14:37:47 2022 us=422479 management_flags = 0
Thu Jul 7 14:37:47 2022 us=422482 shared_secret_file = '[UNDEF]'
Thu Jul 7 14:37:47 2022 us=422486 key_direction = not set
Thu Jul 7 14:37:47 2022 us=422489 ciphername = 'AES-256-CBC'
Thu Jul 7 14:37:47 2022 us=422492 ncp_enabled = ENABLED
Thu Jul 7 14:37:47 2022 us=422495 ncp_ciphers = 'AES-256-GCM:AES-128-GCM'
Thu Jul 7 14:37:47 2022 us=422499 authname = 'SHA1'
Thu Jul 7 14:37:47 2022 us=422502 prng_hash = 'SHA1'
Thu Jul 7 14:37:47 2022 us=422505 prng_nonce_secret_len = 16
Thu Jul 7 14:37:47 2022 us=422508 keysize = 0
Thu Jul 7 14:37:47 2022 us=422511 engine = DISABLED
Thu Jul 7 14:37:47 2022 us=422514 replay = ENABLED
Thu Jul 7 14:37:47 2022 us=422517 mute_replay_warnings = DISABLED
Thu Jul 7 14:37:47 2022 us=422521 replay_window = 64
Thu Jul 7 14:37:47 2022 us=422524 replay_time = 15
Thu Jul 7 14:37:47 2022 us=422527 packet_id_file = '[UNDEF]'
Thu Jul 7 14:37:47 2022 us=422530 use_iv = ENABLED
Thu Jul 7 14:37:47 2022 us=422533 test_crypto = DISABLED
Thu Jul 7 14:37:47 2022 us=422536 tls_server = DISABLED
Thu Jul 7 14:37:47 2022 us=422540 tls_client = ENABLED
Thu Jul 7 14:37:47 2022 us=422543 key_method = 2
Thu Jul 7 14:37:47 2022 us=422546 ca_file = '[[INLINE]]'
Thu Jul 7 14:37:47 2022 us=422549 ca_path = '[UNDEF]'
Thu Jul 7 14:37:47 2022 us=422552 dh_file = '[UNDEF]'
Thu Jul 7 14:37:47 2022 us=422555 cert_file = '[[INLINE]]'
Thu Jul 7 14:37:47 2022 us=422559 extra_certs_file = '[UNDEF]'
Thu Jul 7 14:37:47 2022 us=422562 priv_key_file = '[[INLINE]]'
Thu Jul 7 14:37:47 2022 us=422565 pkcs12_file = '[UNDEF]'
Thu Jul 7 14:37:47 2022 us=422568 cipher_list = '[UNDEF]'
Thu Jul 7 14:37:47 2022 us=422571 cipher_list_tls13 = '[UNDEF]'
Thu Jul 7 14:37:47 2022 us=422575 tls_cert_profile = '[UNDEF]'
Thu Jul 7 14:37:47 2022 us=422578 tls_verify = '[UNDEF]'
Thu Jul 7 14:37:47 2022 us=422581 tls_export_cert = '[UNDEF]'
Thu Jul 7 14:37:47 2022 us=422584 verify_x509_type = 0
Thu Jul 7 14:37:47 2022 us=422587 verify_x509_name = '[UNDEF]'
Thu Jul 7 14:37:47 2022 us=422590 crl_file = '[UNDEF]'
Thu Jul 7 14:37:47 2022 us=422593 ns_cert_type = 0
Thu Jul 7 14:37:47 2022 us=422597 remote_cert_ku[i] = 0
Thu Jul 7 14:37:47 2022 us=422600 remote_cert_ku[i] = 0
Thu Jul 7 14:37:47 2022 us=422603 remote_cert_ku[i] = 0
Thu Jul 7 14:37:47 2022 us=422606 remote_cert_ku[i] = 0
Thu Jul 7 14:37:47 2022 us=422609 remote_cert_ku[i] = 0
Thu Jul 7 14:37:47 2022 us=422612 remote_cert_ku[i] = 0
Thu Jul 7 14:37:47 2022 us=422615 remote_cert_ku[i] = 0
Thu Jul 7 14:37:47 2022 us=422618 remote_cert_ku[i] = 0
Thu Jul 7 14:37:47 2022 us=422622 remote_cert_ku[i] = 0
Thu Jul 7 14:37:47 2022 us=422625 remote_cert_ku[i] = 0
Thu Jul 7 14:37:47 2022 us=422628 remote_cert_ku[i] = 0
Thu Jul 7 14:37:47 2022 us=422631 remote_cert_ku[i] = 0
Thu Jul 7 14:37:47 2022 us=422634 remote_cert_ku[i] = 0
Thu Jul 7 14:37:47 2022 us=422637 remote_cert_ku[i] = 0
Thu Jul 7 14:37:47 2022 us=422640 remote_cert_ku[i] = 0
Thu Jul 7 14:37:47 2022 us=422643 remote_cert_ku[i] = 0
Thu Jul 7 14:37:47 2022 us=422646 remote_cert_eku = '[UNDEF]'
Thu Jul 7 14:37:47 2022 us=422649 ssl_flags = 0
Thu Jul 7 14:37:47 2022 us=422653 tls_timeout = 2
Thu Jul 7 14:37:47 2022 us=422656 renegotiate_bytes = -1
Thu Jul 7 14:37:47 2022 us=422659 renegotiate_packets = 0
Thu Jul 7 14:37:47 2022 us=422662 renegotiate_seconds = 3600
Thu Jul 7 14:37:47 2022 us=422665 handshake_window = 60
Thu Jul 7 14:37:47 2022 us=422668 transition_window = 3600
Thu Jul 7 14:37:47 2022 us=422671 single_session = DISABLED
Thu Jul 7 14:37:47 2022 us=422675 push_peer_info = DISABLED
Thu Jul 7 14:37:47 2022 us=422678 tls_exit = DISABLED
Thu Jul 7 14:37:47 2022 us=422681 tls_auth_file = '[UNDEF]'
Thu Jul 7 14:37:47 2022 us=422684 tls_crypt_file = '[UNDEF]'
Thu Jul 7 14:37:47 2022 us=422687 pkcs11_protected_authentication = DISABLED
Thu Jul 7 14:37:47 2022 us=422690 pkcs11_protected_authentication = DISABLED
Thu Jul 7 14:37:47 2022 us=422693 pkcs11_protected_authentication = DISABLED
Thu Jul 7 14:37:47 2022 us=422696 pkcs11_protected_authentication = DISABLED
Thu Jul 7 14:37:47 2022 us=422700 pkcs11_protected_authentication = DISABLED
Thu Jul 7 14:37:47 2022 us=422703 pkcs11_protected_authentication = DISABLED
Thu Jul 7 14:37:47 2022 us=422706 pkcs11_protected_authentication = DISABLED
Thu Jul 7 14:37:47 2022 us=422709 pkcs11_protected_authentication = DISABLED
Thu Jul 7 14:37:47 2022 us=422712 pkcs11_protected_authentication = DISABLED
Thu Jul 7 14:37:47 2022 us=422715 pkcs11_protected_authentication = DISABLED
Thu Jul 7 14:37:47 2022 us=422718 pkcs11_protected_authentication = DISABLED
Thu Jul 7 14:37:47 2022 us=422721 pkcs11_protected_authentication = DISABLED
Thu Jul 7 14:37:47 2022 us=422724 pkcs11_protected_authentication = DISABLED
Thu Jul 7 14:37:47 2022 us=422727 pkcs11_protected_authentication = DISABLED
Thu Jul 7 14:37:47 2022 us=422730 pkcs11_protected_authentication = DISABLED
Thu Jul 7 14:37:47 2022 us=422734 pkcs11_protected_authentication = DISABLED
Thu Jul 7 14:37:47 2022 us=422737 pkcs11_private_mode = 00000000
Thu Jul 7 14:37:47 2022 us=422740 pkcs11_private_mode = 00000000
Thu Jul 7 14:37:47 2022 us=422743 pkcs11_private_mode = 00000000
Thu Jul 7 14:37:47 2022 us=422746 pkcs11_private_mode = 00000000
Thu Jul 7 14:37:47 2022 us=422749 pkcs11_private_mode = 00000000
Thu Jul 7 14:37:47 2022 us=422753 pkcs11_private_mode = 00000000
Thu Jul 7 14:37:47 2022 us=422756 pkcs11_private_mode = 00000000
Thu Jul 7 14:37:47 2022 us=422759 pkcs11_private_mode = 00000000
Thu Jul 7 14:37:47 2022 us=422762 pkcs11_private_mode = 00000000
Thu Jul 7 14:37:47 2022 us=422765 pkcs11_private_mode = 00000000
Thu Jul 7 14:37:47 2022 us=422768 pkcs11_private_mode = 00000000
Thu Jul 7 14:37:47 2022 us=422771 pkcs11_private_mode = 00000000
Thu Jul 7 14:37:47 2022 us=422774 pkcs11_private_mode = 00000000
Thu Jul 7 14:37:47 2022 us=422777 pkcs11_private_mode = 00000000
Thu Jul 7 14:37:47 2022 us=422780 pkcs11_private_mode = 00000000
Thu Jul 7 14:37:47 2022 us=422783 pkcs11_private_mode = 00000000
Thu Jul 7 14:37:47 2022 us=422786 pkcs11_cert_private = DISABLED
Thu Jul 7 14:37:47 2022 us=422789 pkcs11_cert_private = DISABLED
Thu Jul 7 14:37:47 2022 us=422792 pkcs11_cert_private = DISABLED
Thu Jul 7 14:37:47 2022 us=422795 pkcs11_cert_private = DISABLED
Thu Jul 7 14:37:47 2022 us=422798 pkcs11_cert_private = DISABLED
Thu Jul 7 14:37:47 2022 us=422801 pkcs11_cert_private = DISABLED
Thu Jul 7 14:37:47 2022 us=422804 pkcs11_cert_private = DISABLED
Thu Jul 7 14:37:47 2022 us=422807 pkcs11_cert_private = DISABLED
Thu Jul 7 14:37:47 2022 us=422811 pkcs11_cert_private = DISABLED
Thu Jul 7 14:37:47 2022 us=422814 pkcs11_cert_private = DISABLED
Thu Jul 7 14:37:47 2022 us=422817 pkcs11_cert_private = DISABLED
Thu Jul 7 14:37:47 2022 us=422820 pkcs11_cert_private = DISABLED
Thu Jul 7 14:37:47 2022 us=422823 pkcs11_cert_private = DISABLED
Thu Jul 7 14:37:47 2022 us=422826 pkcs11_cert_private = DISABLED
Thu Jul 7 14:37:47 2022 us=422829 pkcs11_cert_private = DISABLED
Thu Jul 7 14:37:47 2022 us=422832 pkcs11_cert_private = DISABLED
Thu Jul 7 14:37:47 2022 us=422835 pkcs11_pin_cache_period = -1
Thu Jul 7 14:37:47 2022 us=422838 pkcs11_id = '[UNDEF]'
Thu Jul 7 14:37:47 2022 us=422841 pkcs11_id_management = DISABLED
Thu Jul 7 14:37:47 2022 us=422845 server_network = 0.0.0.0
Thu Jul 7 14:37:47 2022 us=422848 server_netmask = 0.0.0.0
Thu Jul 7 14:37:47 2022 us=422854 server_network_ipv6 = ::
Thu Jul 7 14:37:47 2022 us=422857 server_netbits_ipv6 = 0
Thu Jul 7 14:37:47 2022 us=422861 server_bridge_ip = 0.0.0.0
Thu Jul 7 14:37:47 2022 us=422864 server_bridge_netmask = 0.0.0.0
Thu Jul 7 14:37:47 2022 us=422868 server_bridge_pool_start = 0.0.0.0
Thu Jul 7 14:37:47 2022 us=422871 server_bridge_pool_end = 0.0.0.0
Thu Jul 7 14:37:47 2022 us=422874 ifconfig_pool_defined = DISABLED
Thu Jul 7 14:37:47 2022 us=422878 ifconfig_pool_start = 0.0.0.0
Thu Jul 7 14:37:47 2022 us=422881 ifconfig_pool_end = 0.0.0.0
Thu Jul 7 14:37:47 2022 us=422885 ifconfig_pool_netmask = 0.0.0.0
Thu Jul 7 14:37:47 2022 us=422888 ifconfig_pool_persist_filename = '[UNDEF]'
Thu Jul 7 14:37:47 2022 us=422891 ifconfig_pool_persist_refresh_freq = 600
Thu Jul 7 14:37:47 2022 us=422894 ifconfig_ipv6_pool_defined = DISABLED
Thu Jul 7 14:37:47 2022 us=422898 ifconfig_ipv6_pool_base = ::
Thu Jul 7 14:37:47 2022 us=422901 ifconfig_ipv6_pool_netbits = 0
Thu Jul 7 14:37:47 2022 us=422904 n_bcast_buf = 256
Thu Jul 7 14:37:47 2022 us=422907 tcp_queue_limit = 64
Thu Jul 7 14:37:47 2022 us=422911 real_hash_size = 256
Thu Jul 7 14:37:47 2022 us=422914 virtual_hash_size = 256
Thu Jul 7 14:37:47 2022 us=422917 client_connect_script = '[UNDEF]'
Thu Jul 7 14:37:47 2022 us=422920 learn_address_script = '[UNDEF]'
Thu Jul 7 14:37:47 2022 us=422923 client_disconnect_script = '[UNDEF]'
Thu Jul 7 14:37:47 2022 us=422926 client_config_dir = '[UNDEF]'
Thu Jul 7 14:37:47 2022 us=422930 ccd_exclusive = DISABLED
Thu Jul 7 14:37:47 2022 us=422933 tmp_dir = '/tmp'
Thu Jul 7 14:37:47 2022 us=422936 push_ifconfig_defined = DISABLED
Thu Jul 7 14:37:47 2022 us=422940 push_ifconfig_local = 0.0.0.0
Thu Jul 7 14:37:47 2022 us=422943 push_ifconfig_remote_netmask = 0.0.0.0
Thu Jul 7 14:37:47 2022 us=422946 push_ifconfig_ipv6_defined = DISABLED
Thu Jul 7 14:37:47 2022 us=422950 push_ifconfig_ipv6_local = ::/0
Thu Jul 7 14:37:47 2022 us=422953 push_ifconfig_ipv6_remote = ::
Thu Jul 7 14:37:47 2022 us=422956 enable_c2c = DISABLED
Thu Jul 7 14:37:47 2022 us=422959 duplicate_cn = DISABLED
Thu Jul 7 14:37:47 2022 us=422963 cf_max = 0
Thu Jul 7 14:37:47 2022 us=422966 cf_per = 0
Thu Jul 7 14:37:47 2022 us=422969 max_clients = 1024
Thu Jul 7 14:37:47 2022 us=422972 max_routes_per_client = 256
Thu Jul 7 14:37:47 2022 us=422975 auth_user_pass_verify_script = '[UNDEF]'
Thu Jul 7 14:37:47 2022 us=422979 auth_user_pass_verify_script_via_file = DISABLED
Thu Jul 7 14:37:47 2022 us=422982 auth_token_generate = DISABLED
Thu Jul 7 14:37:47 2022 us=422985 auth_token_lifetime = 0
Thu Jul 7 14:37:47 2022 us=422988 port_share_host = '[UNDEF]'
Thu Jul 7 14:37:47 2022 us=422991 port_share_port = '[UNDEF]'
Thu Jul 7 14:37:47 2022 us=422994 client = ENABLED
Thu Jul 7 14:37:47 2022 us=422997 pull = ENABLED
Thu Jul 7 14:37:47 2022 us=423001 auth_user_pass_file = '[UNDEF]'
Thu Jul 7 14:37:47 2022 us=423004 OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Mar 22 2022
Thu Jul 7 14:37:47 2022 us=423010 library versions: OpenSSL 1.1.1f 31 Mar 2020, LZO 2.10
Thu Jul 7 14:37:47 2022 us=423056 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Thu Jul 7 14:37:47 2022 us=423060 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Thu Jul 7 14:37:47 2022 us=423282 Control Channel MTU parms [ L:1621 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Thu Jul 7 14:37:48 2022 us=91042 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
Thu Jul 7 14:37:48 2022 us=91137 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-client'
Thu Jul 7 14:37:48 2022 us=91157 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-server'
Thu Jul 7 14:37:48 2022 us=91179 TCP/UDP: Preserving recently used remote address: [AF_INET]vpn.mysite.com:443
Thu Jul 7 14:37:48 2022 us=91267 Socket Buffers: R=[212992->212992] S=[212992->212992]
Thu Jul 7 14:37:48 2022 us=91285 UDP link local: (not bound)
Thu Jul 7 14:37:48 2022 us=91297 UDP link remote: [AF_INET]vpn.mysite.com:443
Thu Jul 7 14:37:48 2022 us=137508 TLS: Initial packet from [AF_INET]vpn.mysite.com:443, sid=426e223b bf851a1e
Thu Jul 7 14:37:48 2022 us=245162 VERIFY OK: depth=1, CN=ca\\n
Thu Jul 7 14:37:48 2022 us=245431 VERIFY OK: depth=0, CN=server
Thu Jul 7 14:37:48 2022 us=354893 Control Channel: TLSv1.2, cipher TLSv1.2 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Thu Jul 7 14:37:48 2022 us=354970 [server] Peer Connection Initiated with [AF_INET]vpn.mysite.com:443
Thu Jul 7 14:37:49 2022 us=384070 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Thu Jul 7 14:37:49 2022 us=436175 PUSH: Received control message: 'PUSH_REPLY,route 10.1.16.0 255.255.240.0,route 10.1.16.0 255.255.240.0,route 10.1.32.0 255.255.240.0,dhcp-option DNS 10.1.32.10,route 10.1.0.0 255.255.255.0,route 1.2.3.4 255.255.255.255,route 10.1.1.1,topology net30,ping 10,ping-restart 60,ifconfig 10.1.1.26 10.1.1.25'
Thu Jul 7 14:37:49 2022 us=436350 OPTIONS IMPORT: timers and/or timeouts modified
Thu Jul 7 14:37:49 2022 us=436370 OPTIONS IMPORT: --ifconfig/up options modified
Thu Jul 7 14:37:49 2022 us=436389 OPTIONS IMPORT: route options modified
Thu Jul 7 14:37:49 2022 us=436402 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Thu Jul 7 14:37:49 2022 us=436428 Data Channel MTU parms [ L:1557 D:1450 EF:57 EB:406 ET:0 EL:3 ]
Thu Jul 7 14:37:49 2022 us=436528 Outgoing Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
Thu Jul 7 14:37:49 2022 us=436546 Outgoing Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Jul 7 14:37:49 2022 us=436568 Incoming Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
Thu Jul 7 14:37:49 2022 us=436583 Incoming Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Jul 7 14:37:49 2022 us=436832 ROUTE_GATEWAY 192.168.5.1/255.255.255.0 IFACE=wlp0s20f3 HWADDR=2c:6d:c1:a6:88:f3
Thu Jul 7 14:37:49 2022 us=437806 TUN/TAP device tun0 opened
Thu Jul 7 14:37:49 2022 us=438446 TUN/TAP TX queue length set to 100
Thu Jul 7 14:37:49 2022 us=438495 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Thu Jul 7 14:37:49 2022 us=438528 /sbin/ip link set dev tun0 up mtu 1500
Thu Jul 7 14:37:49 2022 us=444946 /sbin/ip addr add dev tun0 local 10.1.1.26 peer 10.1.1.25
Thu Jul 7 14:37:49 2022 us=448055 /etc/openvpn/update-systemd-resolved tun0 1500 1557 10.1.1.26 10.1.1.25 init
<14>Jul 7 14:37:49 update-systemd-resolved: Link 'tun0' coming up
<14>Jul 7 14:37:49 update-systemd-resolved: Adding IPv4 DNS Server 10.1.32.10
<14>Jul 7 14:37:49 update-systemd-resolved: SetLinkDNS(38 1 2 4 10 1 32 10)
Thu Jul 7 14:37:49 2022 us=470787 /sbin/ip route add 10.1.16.0/20 via 10.1.1.25
Thu Jul 7 14:37:49 2022 us=472132 /sbin/ip route add 10.1.16.0/20 via 10.1.1.25
RTNETLINK answers: File exists
Thu Jul 7 14:37:49 2022 us=473499 ERROR: Linux route add command failed: external program exited with error status: 2
Thu Jul 7 14:37:49 2022 us=473531 /sbin/ip route add 10.1.32.0/20 via 10.1.1.25
Thu Jul 7 14:37:49 2022 us=475209 /sbin/ip route add 10.1.0.0/24 via 10.1.1.25
Thu Jul 7 14:37:49 2022 us=477279 /sbin/ip route add 1.2.3.4/32 via 10.1.1.25
Thu Jul 7 14:37:49 2022 us=479859 /sbin/ip route add 10.1.1.1/32 via 10.1.1.25
Thu Jul 7 14:37:49 2022 us=482535 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Thu Jul 7 14:37:49 2022 us=482565 Initialization Sequence Completed
TinCanTech
OpenVPN Protagonist
Posts: 11137 Joined: Fri Jun 03, 2016 1:17 pm
Post
by TinCanTech » Thu Jul 07, 2022 7:56 pm
doman wrote: ↑ Thu Jul 07, 2022 12:47 pm
My supervisor disagreed to change topology
NET30 topology is deprecated and will soon be removed.
doman
OpenVpn Newbie
Posts: 18 Joined: Mon Mar 20, 2017 2:51 pm
Post
by doman » Fri Jul 08, 2022 6:42 am
Ok i will tell him. But is this directly releated to my problem? And what topology will be used (after dropping NET30) by default, when no topology setting is set as in my case?
doman
OpenVpn Newbie
Posts: 18 Joined: Mon Mar 20, 2017 2:51 pm
Post
by doman » Mon Jul 11, 2022 7:21 am
Ok i will tell him. But is this directly releated to my problem? And what topology will be used (after dropping NET30) by default, when no topology setting is set as in my case?
EDIT
As workarround for now i used scripts like this
/etc/systemd/resolved.conf.d/myproject_qa.conf
Well this seems to not work with all connections on (when i throw all configs to /etc/openvpn/ directory). I have switch between them to make it work.