I've been using the included OpenVPN server on my TrueNAS Core system for a few weeks now but I keep running into the same problem every few days. This usually happens while I am at university and try to connect to my server at home. The initial connect always works perfectly fine but then I cannot reach anything in the VPN (= my home) network and I get a KEEPALIVE_TIMEOUT after a few seconds. Then it reconnects just fine and the problem repeats.
As I am the only user of this server, I normally get assigned the IP 10.8.0.2. However, I noticed that every time I get this problem, I am assigned IP 10.8.0.3 instead. This makes it seem to me like an old connection or something is still open and preventing me from connecting again, but I don't know for sure if that's what is actually happening.
Here is an extract of the OpenVPN server log while the problem occurred:
Code: Select all
2022-11-26 11:04:42 X.X.X.X:58380 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2022-11-26 11:04:42 X.X.X.X:58380 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2022-11-26 11:04:42 X.X.X.X:58380 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2022-11-26 11:04:42 X.X.X.X:58380 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2022-11-26 11:04:42 X.X.X.X:58380 TLS: Initial packet from [AF_INET6]::ffff:X.X.X.X:58380, sid=fde33d37 bb1e4112
2022-11-26 11:04:42 X.X.X.X:58380 CRL: loaded 1 CRLs from file /etc/certificates/CA/openvpn_ca.crl
2022-11-26 11:04:42 X.X.X.X:58380 VERIFY OK: depth=1, CN=<censored>.dedyn.io, C=DE, ST=<censored>, L=<censored>, O=Private, emailAddress=<censored>
2022-11-26 11:04:42 X.X.X.X:58380 VERIFY KU OK
2022-11-26 11:04:42 X.X.X.X:58380 Validating certificate extended key usage
2022-11-26 11:04:42 X.X.X.X:58380 ++ Certificate has EKU (str) TLS Web Client Authentication, expects TLS Web Client Authentication
2022-11-26 11:04:42 X.X.X.X:58380 VERIFY EKU OK
2022-11-26 11:04:42 X.X.X.X:58380 VERIFY OK: depth=0, CN=<censored>.dedyn.io, C=DE, ST=<censored>, L=<censored>, O=Private, emailAddress=<censored>
2022-11-26 11:04:42 X.X.X.X:58380 peer info: IV_VER=2.5.8
2022-11-26 11:04:42 X.X.X.X:58380 peer info: IV_PLAT=win
2022-11-26 11:04:42 X.X.X.X:58380 peer info: IV_PROTO=6
2022-11-26 11:04:42 X.X.X.X:58380 peer info: IV_NCP=2
2022-11-26 11:04:42 X.X.X.X:58380 peer info: IV_CIPHERS=AES-256-GCM:AES-128-GCM
2022-11-26 11:04:42 X.X.X.X:58380 peer info: IV_LZ4=1
2022-11-26 11:04:42 X.X.X.X:58380 peer info: IV_LZ4v2=1
2022-11-26 11:04:42 X.X.X.X:58380 peer info: IV_LZO=1
2022-11-26 11:04:42 X.X.X.X:58380 peer info: IV_COMP_STUB=1
2022-11-26 11:04:42 X.X.X.X:58380 peer info: IV_COMP_STUBv2=1
2022-11-26 11:04:42 X.X.X.X:58380 peer info: IV_TCPNL=1
2022-11-26 11:04:42 X.X.X.X:58380 peer info: IV_GUI_VER=OpenVPN_GUI_11
2022-11-26 11:04:42 X.X.X.X:58380 peer info: IV_SSO=openurl,crtext
2022-11-26 11:04:42 X.X.X.X:58380 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256
2022-11-26 11:04:42 X.X.X.X:58380 [<censored>.dedyn.io] Peer Connection Initiated with [AF_INET6]::ffff:X.X.X.X:58380
2022-11-26 11:04:42 MULTI: new connection by client '<censored>.dedyn.io' will cause previous active sessions by this client to be dropped. Remember to use the --duplicate-cn option if you want multiple clients using the same certificate or username to concurrently connect.
2022-11-26 11:04:42 MULTI_sva: pool returned IPv4=10.8.0.2, IPv6=(Not enabled)
2022-11-26 11:04:42 MULTI: Learn: 10.8.0.2 -> <censored>.dedyn.io/X.X.X.X:58380
2022-11-26 11:04:42 MULTI: primary virtual IP for <censored>.dedyn.io/X.X.X.X:58380: 10.8.0.2
2022-11-26 11:04:42 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2022-11-26 11:04:42 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2022-11-26 11:04:42 SENT CONTROL [<censored>.dedyn.io]: 'PUSH_REPLY,route 192.168.2.0 255.255.255.0,dhcp-option DNS 192.168.2.4,route-gateway 10.8.0.1,topology subnet,ifconfig 10.8.0.2 255.255.255.0,peer-id 0,cipher AES-256-GCM' (status=1)
2022-11-26 11:09:45 X.X.X.X:60787 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2022-11-26 11:09:45 X.X.X.X:60787 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2022-11-26 11:09:45 X.X.X.X:60787 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2022-11-26 11:09:45 X.X.X.X:60787 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2022-11-26 11:09:45 X.X.X.X:60787 TLS: Initial packet from [AF_INET6]::ffff:X.X.X.X:60787, sid=09f84cd8 ba5cde0b
2022-11-26 11:09:45 X.X.X.X:60787 CRL: loaded 1 CRLs from file /etc/certificates/CA/openvpn_ca.crl
2022-11-26 11:09:45 X.X.X.X:60787 VERIFY OK: depth=1, CN=<censored>.dedyn.io, C=DE, ST=<censored>, L=<censored>, O=Private, emailAddress=<censored>
2022-11-26 11:09:45 X.X.X.X:60787 VERIFY KU OK
2022-11-26 11:09:45 X.X.X.X:60787 Validating certificate extended key usage
2022-11-26 11:09:45 X.X.X.X:60787 ++ Certificate has EKU (str) TLS Web Client Authentication, expects TLS Web Client Authentication
2022-11-26 11:09:45 X.X.X.X:60787 VERIFY EKU OK
2022-11-26 11:09:45 X.X.X.X:60787 VERIFY OK: depth=0, CN=<censored>.dedyn.io, C=DE, ST=<censored>, L=<censored>, O=Private, emailAddress=<censored>
2022-11-26 11:09:45 X.X.X.X:60787 peer info: IV_VER=2.5.8
2022-11-26 11:09:45 X.X.X.X:60787 peer info: IV_PLAT=win
2022-11-26 11:09:45 X.X.X.X:60787 peer info: IV_PROTO=6
2022-11-26 11:09:45 X.X.X.X:60787 peer info: IV_NCP=2
2022-11-26 11:09:45 X.X.X.X:60787 peer info: IV_CIPHERS=AES-256-GCM:AES-128-GCM
2022-11-26 11:09:45 X.X.X.X:60787 peer info: IV_LZ4=1
2022-11-26 11:09:45 X.X.X.X:60787 peer info: IV_LZ4v2=1
2022-11-26 11:09:45 X.X.X.X:60787 peer info: IV_LZO=1
2022-11-26 11:09:45 X.X.X.X:60787 peer info: IV_COMP_STUB=1
2022-11-26 11:09:45 X.X.X.X:60787 peer info: IV_COMP_STUBv2=1
2022-11-26 11:09:45 X.X.X.X:60787 peer info: IV_TCPNL=1
2022-11-26 11:09:45 X.X.X.X:60787 peer info: IV_GUI_VER=OpenVPN_GUI_11
2022-11-26 11:09:45 X.X.X.X:60787 peer info: IV_SSO=openurl,crtext
2022-11-26 11:09:45 X.X.X.X:60787 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256
2022-11-26 11:09:45 X.X.X.X:60787 [<censored>.dedyn.io] Peer Connection Initiated with [AF_INET6]::ffff:X.X.X.X:60787
2022-11-26 11:09:45 MULTI: new connection by client '<censored>.dedyn.io' will cause previous active sessions by this client to be dropped. Remember to use the --duplicate-cn option if you want multiple clients using the same certificate or username to concurrently connect.
2022-11-26 11:09:45 MULTI_sva: pool returned IPv4=10.8.0.2, IPv6=(Not enabled)
2022-11-26 11:09:45 MULTI: Learn: 10.8.0.2 -> <censored>.dedyn.io/X.X.X.X:60787
2022-11-26 11:09:45 MULTI: primary virtual IP for <censored>.dedyn.io/X.X.X.X:60787: 10.8.0.2
2022-11-26 11:09:45 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2022-11-26 11:09:45 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2022-11-26 11:09:45 SENT CONTROL [<censored>.dedyn.io]: 'PUSH_REPLY,route 192.168.2.0 255.255.255.0,dhcp-option DNS 192.168.2.4,route-gateway 10.8.0.1,topology subnet,ifconfig 10.8.0.2 255.255.255.0,peer-id 1,cipher AES-256-GCM' (status=1)
2022-11-26 12:09:22 <censored>.dedyn.io/X.X.X.X:60787 TLS: soft reset sec=3577/3577 bytes=1280269/-1 pkts=4311/0
2022-11-26 12:10:22 <censored>.dedyn.io/X.X.X.X:60787 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2022-11-26 12:10:22 <censored>.dedyn.io/X.X.X.X:60787 TLS Error: TLS handshake failed
2022-11-26 12:10:22 <censored>.dedyn.io/X.X.X.X:60787 TLS: move_session: dest=TM_LAME_DUCK src=TM_ACTIVE reinit_src=1
2022-11-26 12:11:38 <censored>.dedyn.io/X.X.X.X:60787 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2022-11-26 12:11:38 <censored>.dedyn.io/X.X.X.X:60787 TLS Error: TLS handshake failed
2022-11-26 12:12:53 <censored>.dedyn.io/X.X.X.X:60787 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2022-11-26 12:12:53 <censored>.dedyn.io/X.X.X.X:60787 TLS Error: TLS handshake failed
2022-11-26 12:14:09 <censored>.dedyn.io/X.X.X.X:60787 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2022-11-26 12:14:09 <censored>.dedyn.io/X.X.X.X:60787 TLS Error: TLS handshake failed
2022-11-26 12:15:16 tls-crypt unwrap error: packet too short
2022-11-26 12:15:16 TLS Error: tls-crypt unwrapping failed from [AF_INET6]::ffff:X.X.X.X:35563
2022-11-26 12:15:24 <censored>.dedyn.io/X.X.X.X:60787 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2022-11-26 12:15:24 <censored>.dedyn.io/X.X.X.X:60787 TLS Error: TLS handshake failed
2022-11-26 12:16:39 <censored>.dedyn.io/X.X.X.X:60787 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2022-11-26 12:16:39 <censored>.dedyn.io/X.X.X.X:60787 TLS Error: TLS handshake failed
2022-11-26 12:17:54 <censored>.dedyn.io/X.X.X.X:60787 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2022-11-26 12:17:54 <censored>.dedyn.io/X.X.X.X:60787 TLS Error: TLS handshake failed
2022-11-26 12:19:09 <censored>.dedyn.io/X.X.X.X:60787 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2022-11-26 12:19:09 <censored>.dedyn.io/X.X.X.X:60787 TLS Error: TLS handshake failed
2022-11-26 12:20:24 <censored>.dedyn.io/X.X.X.X:60787 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2022-11-26 12:20:24 <censored>.dedyn.io/X.X.X.X:60787 TLS Error: TLS handshake failed
2022-11-26 12:21:39 <censored>.dedyn.io/X.X.X.X:60787 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2022-11-26 12:21:39 <censored>.dedyn.io/X.X.X.X:60787 TLS Error: TLS handshake failed
2022-11-26 12:22:54 <censored>.dedyn.io/X.X.X.X:60787 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2022-11-26 12:22:54 <censored>.dedyn.io/X.X.X.X:60787 TLS Error: TLS handshake failed
2022-11-26 12:24:09 <censored>.dedyn.io/X.X.X.X:60787 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2022-11-26 12:24:09 <censored>.dedyn.io/X.X.X.X:60787 TLS Error: TLS handshake failed
2022-11-26 12:25:26 <censored>.dedyn.io/X.X.X.X:60787 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2022-11-26 12:25:26 <censored>.dedyn.io/X.X.X.X:60787 TLS Error: TLS handshake failed
2022-11-26 12:26:41 <censored>.dedyn.io/X.X.X.X:60787 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2022-11-26 12:26:41 <censored>.dedyn.io/X.X.X.X:60787 TLS Error: TLS handshake failed
2022-11-26 12:27:56 <censored>.dedyn.io/X.X.X.X:60787 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2022-11-26 12:27:56 <censored>.dedyn.io/X.X.X.X:60787 TLS Error: TLS handshake failed
2022-11-26 12:29:11 <censored>.dedyn.io/X.X.X.X:60787 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2022-11-26 12:29:11 <censored>.dedyn.io/X.X.X.X:60787 TLS Error: TLS handshake failed
2022-11-26 12:30:26 <censored>.dedyn.io/X.X.X.X:60787 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2022-11-26 12:30:26 <censored>.dedyn.io/X.X.X.X:60787 TLS Error: TLS handshake failed
2022-11-26 12:31:42 <censored>.dedyn.io/X.X.X.X:60787 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2022-11-26 12:31:42 <censored>.dedyn.io/X.X.X.X:60787 TLS Error: TLS handshake failed
2022-11-26 12:32:57 <censored>.dedyn.io/X.X.X.X:60787 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2022-11-26 12:32:57 <censored>.dedyn.io/X.X.X.X:60787 TLS Error: TLS handshake failed
2022-11-26 12:34:12 <censored>.dedyn.io/X.X.X.X:60787 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2022-11-26 12:34:12 <censored>.dedyn.io/X.X.X.X:60787 TLS Error: TLS handshake failed
2022-11-26 12:35:28 <censored>.dedyn.io/X.X.X.X:60787 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2022-11-26 12:35:28 <censored>.dedyn.io/X.X.X.X:60787 TLS Error: TLS handshake failed
2022-11-26 12:36:43 <censored>.dedyn.io/X.X.X.X:60787 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2022-11-26 12:36:43 <censored>.dedyn.io/X.X.X.X:60787 TLS Error: TLS handshake failed
2022-11-26 12:37:58 <censored>.dedyn.io/X.X.X.X:60787 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2022-11-26 12:37:58 <censored>.dedyn.io/X.X.X.X:60787 TLS Error: TLS handshake failed
2022-11-26 12:39:13 <censored>.dedyn.io/X.X.X.X:60787 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2022-11-26 12:39:13 <censored>.dedyn.io/X.X.X.X:60787 TLS Error: TLS handshake failed
2022-11-26 12:40:29 <censored>.dedyn.io/X.X.X.X:60787 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2022-11-26 12:40:29 <censored>.dedyn.io/X.X.X.X:60787 TLS Error: TLS handshake failed
2022-11-26 12:41:44 <censored>.dedyn.io/X.X.X.X:60787 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2022-11-26 12:41:44 <censored>.dedyn.io/X.X.X.X:60787 TLS Error: TLS handshake failed
2022-11-26 12:42:59 <censored>.dedyn.io/X.X.X.X:60787 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2022-11-26 12:42:59 <censored>.dedyn.io/X.X.X.X:60787 TLS Error: TLS handshake failed
2022-11-26 12:44:16 <censored>.dedyn.io/X.X.X.X:60787 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2022-11-26 12:44:16 <censored>.dedyn.io/X.X.X.X:60787 TLS Error: TLS handshake failed
2022-11-26 12:45:31 <censored>.dedyn.io/X.X.X.X:60787 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2022-11-26 12:45:31 <censored>.dedyn.io/X.X.X.X:60787 TLS Error: TLS handshake failed
2022-11-26 12:46:25 X.X.X.X:7702 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2022-11-26 12:46:25 X.X.X.X:7702 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2022-11-26 12:46:25 X.X.X.X:7702 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2022-11-26 12:46:25 X.X.X.X:7702 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2022-11-26 12:46:25 X.X.X.X:7702 TLS: Initial packet from [AF_INET6]::ffff:X.X.X.X:7702, sid=8246dfb2 aeb03c8f
2022-11-26 12:46:25 X.X.X.X:7702 CRL: loaded 1 CRLs from file /etc/certificates/CA/openvpn_ca.crl
2022-11-26 12:46:25 X.X.X.X:7702 VERIFY OK: depth=1, CN=<censored>.dedyn.io, C=DE, ST=<censored>, L=<censored>, O=Private, emailAddress=<censored>
2022-11-26 12:46:25 X.X.X.X:7702 VERIFY KU OK
2022-11-26 12:46:25 X.X.X.X:7702 Validating certificate extended key usage
2022-11-26 12:46:25 X.X.X.X:7702 ++ Certificate has EKU (str) TLS Web Client Authentication, expects TLS Web Client Authentication
2022-11-26 12:46:25 X.X.X.X:7702 VERIFY EKU OK
2022-11-26 12:46:25 X.X.X.X:7702 VERIFY OK: depth=0, CN=<censored>.dedyn.io, C=DE, ST=<censored>, L=<censored>, O=Private, emailAddress=<censored>
2022-11-26 12:46:25 X.X.X.X:7702 peer info: IV_VER=2.5.8
2022-11-26 12:46:25 X.X.X.X:7702 peer info: IV_PLAT=win
2022-11-26 12:46:25 X.X.X.X:7702 peer info: IV_PROTO=6
2022-11-26 12:46:25 X.X.X.X:7702 peer info: IV_NCP=2
2022-11-26 12:46:25 X.X.X.X:7702 peer info: IV_CIPHERS=AES-256-GCM:AES-128-GCM
2022-11-26 12:46:25 X.X.X.X:7702 peer info: IV_LZ4=1
2022-11-26 12:46:25 X.X.X.X:7702 peer info: IV_LZ4v2=1
2022-11-26 12:46:25 X.X.X.X:7702 peer info: IV_LZO=1
2022-11-26 12:46:25 X.X.X.X:7702 peer info: IV_COMP_STUB=1
2022-11-26 12:46:25 X.X.X.X:7702 peer info: IV_COMP_STUBv2=1
2022-11-26 12:46:25 X.X.X.X:7702 peer info: IV_TCPNL=1
2022-11-26 12:46:25 X.X.X.X:7702 peer info: IV_GUI_VER=OpenVPN_GUI_11
2022-11-26 12:46:25 X.X.X.X:7702 peer info: IV_SSO=openurl,crtext
2022-11-26 12:46:25 X.X.X.X:7702 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256
2022-11-26 12:46:25 X.X.X.X:7702 [<censored>.dedyn.io] Peer Connection Initiated with [AF_INET6]::ffff:X.X.X.X:7702
2022-11-26 12:46:25 <censored>.dedyn.io/X.X.X.X:7702 MULTI_sva: pool returned IPv4=10.8.0.3, IPv6=(Not enabled)
2022-11-26 12:46:25 <censored>.dedyn.io/X.X.X.X:7702 MULTI: Learn: 10.8.0.3 -> <censored>.dedyn.io/X.X.X.X:7702
2022-11-26 12:46:25 <censored>.dedyn.io/X.X.X.X:7702 MULTI: primary virtual IP for <censored>.dedyn.io/X.X.X.X:7702: 10.8.0.3
2022-11-26 12:46:25 <censored>.dedyn.io/X.X.X.X:7702 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2022-11-26 12:46:25 <censored>.dedyn.io/X.X.X.X:7702 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2022-11-26 12:46:25 <censored>.dedyn.io/X.X.X.X:7702 SENT CONTROL [<censored>.dedyn.io]: 'PUSH_REPLY,route 192.168.2.0 255.255.255.0,dhcp-option DNS 192.168.2.4,route-gateway 10.8.0.1,topology subnet,ifconfig 10.8.0.3 255.255.255.0,peer-id 0,cipher AES-256-GCM' (status=1)
2022-11-26 12:46:46 <censored>.dedyn.io/X.X.X.X:60787 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2022-11-26 12:46:46 <censored>.dedyn.io/X.X.X.X:60787 TLS Error: TLS handshake failed
2022-11-26 12:46:53 <censored>.dedyn.io/X.X.X.X:7702 TLS: new session incoming connection from [AF_INET6]::ffff:X.X.X.X:7702
2022-11-26 12:46:53 <censored>.dedyn.io/X.X.X.X:7702 VERIFY OK: depth=1, CN=<censored>.dedyn.io, C=DE, ST=<censored>, L=<censored>, O=Private, emailAddress=<censored>
2022-11-26 12:46:53 <censored>.dedyn.io/X.X.X.X:7702 VERIFY KU OK
2022-11-26 12:46:53 <censored>.dedyn.io/X.X.X.X:7702 Validating certificate extended key usage
2022-11-26 12:46:53 <censored>.dedyn.io/X.X.X.X:7702 ++ Certificate has EKU (str) TLS Web Client Authentication, expects TLS Web Client Authentication
2022-11-26 12:46:53 <censored>.dedyn.io/X.X.X.X:7702 VERIFY EKU OK
2022-11-26 12:46:53 <censored>.dedyn.io/X.X.X.X:7702 VERIFY OK: depth=0, CN=<censored>.dedyn.io, C=DE, ST=<censored>, L=<censored>, O=Private, emailAddress=<censored>
2022-11-26 12:46:53 <censored>.dedyn.io/X.X.X.X:7702 peer info: IV_VER=2.5.8
2022-11-26 12:46:53 <censored>.dedyn.io/X.X.X.X:7702 peer info: IV_PLAT=win
2022-11-26 12:46:53 <censored>.dedyn.io/X.X.X.X:7702 peer info: IV_PROTO=6
2022-11-26 12:46:53 <censored>.dedyn.io/X.X.X.X:7702 peer info: IV_NCP=2
2022-11-26 12:46:53 <censored>.dedyn.io/X.X.X.X:7702 peer info: IV_CIPHERS=AES-256-GCM:AES-128-GCM
2022-11-26 12:46:53 <censored>.dedyn.io/X.X.X.X:7702 peer info: IV_LZ4=1
2022-11-26 12:46:53 <censored>.dedyn.io/X.X.X.X:7702 peer info: IV_LZ4v2=1
2022-11-26 12:46:53 <censored>.dedyn.io/X.X.X.X:7702 peer info: IV_LZO=1
2022-11-26 12:46:53 <censored>.dedyn.io/X.X.X.X:7702 peer info: IV_COMP_STUB=1
2022-11-26 12:46:53 <censored>.dedyn.io/X.X.X.X:7702 peer info: IV_COMP_STUBv2=1
2022-11-26 12:46:53 <censored>.dedyn.io/X.X.X.X:7702 peer info: IV_TCPNL=1
2022-11-26 12:46:53 <censored>.dedyn.io/X.X.X.X:7702 peer info: IV_GUI_VER=OpenVPN_GUI_11
2022-11-26 12:46:53 <censored>.dedyn.io/X.X.X.X:7702 peer info: IV_SSO=openurl,crtext
2022-11-26 12:46:53 <censored>.dedyn.io/X.X.X.X:7702 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2022-11-26 12:46:53 <censored>.dedyn.io/X.X.X.X:7702 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2022-11-26 12:46:53 <censored>.dedyn.io/X.X.X.X:7702 TLS: move_session: dest=TM_ACTIVE src=TM_UNTRUSTED reinit_src=1
2022-11-26 12:46:53 <censored>.dedyn.io/X.X.X.X:7702 TLS: tls_multi_process: untrusted session promoted to semi-trusted
2022-11-26 12:46:54 <censored>.dedyn.io/X.X.X.X:7702 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256
2022-11-26 12:46:55 <censored>.dedyn.io/X.X.X.X:7702 PUSH: Received control message: 'PUSH_REQUEST'
2022-11-26 12:46:55 <censored>.dedyn.io/X.X.X.X:7702 SENT CONTROL [<censored>.dedyn.io]: 'PUSH_REPLY,route 192.168.2.0 255.255.255.0,dhcp-option DNS 192.168.2.4,route-gateway 10.8.0.1,topology subnet,ifconfig 10.8.0.3 255.255.255.0,peer-id 0,cipher AES-256-GCM' (status=1)
2022-11-26 12:48:01 <censored>.dedyn.io/X.X.X.X:60787 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2022-11-26 12:48:01 <censored>.dedyn.io/X.X.X.X:60787 TLS Error: TLS handshake failed
2022-11-26 12:48:03 X.X.X.X:31945 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2022-11-26 12:48:03 X.X.X.X:31945 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2022-11-26 12:48:03 X.X.X.X:31945 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2022-11-26 12:48:03 X.X.X.X:31945 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2022-11-26 12:48:03 X.X.X.X:31945 TLS: Initial packet from [AF_INET6]::ffff:X.X.X.X:31945, sid=c1f9a038 8fa93a57
2022-11-26 12:48:03 X.X.X.X:31945 CRL: loaded 1 CRLs from file /etc/certificates/CA/openvpn_ca.crl
2022-11-26 12:48:03 X.X.X.X:31945 VERIFY OK: depth=1, CN=<censored>.dedyn.io, C=DE, ST=<censored>, L=<censored>, O=Private, emailAddress=<censored>
2022-11-26 12:48:03 X.X.X.X:31945 VERIFY KU OK
2022-11-26 12:48:03 X.X.X.X:31945 Validating certificate extended key usage
2022-11-26 12:48:03 X.X.X.X:31945 ++ Certificate has EKU (str) TLS Web Client Authentication, expects TLS Web Client Authentication
2022-11-26 12:48:03 X.X.X.X:31945 VERIFY EKU OK
2022-11-26 12:48:03 X.X.X.X:31945 VERIFY OK: depth=0, CN=<censored>.dedyn.io, C=DE, ST=<censored>, L=<censored>, O=Private, emailAddress=<censored>
2022-11-26 12:48:03 X.X.X.X:31945 peer info: IV_VER=3.git::d3f8b18b:Release
2022-11-26 12:48:03 X.X.X.X:31945 peer info: IV_PLAT=android
2022-11-26 12:48:03 X.X.X.X:31945 peer info: IV_NCP=2
2022-11-26 12:48:03 X.X.X.X:31945 peer info: IV_TCPNL=1
2022-11-26 12:48:03 X.X.X.X:31945 peer info: IV_PROTO=30
2022-11-26 12:48:03 X.X.X.X:31945 peer info: IV_CIPHERS=AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305
2022-11-26 12:48:03 X.X.X.X:31945 peer info: IV_AUTO_SESS=1
2022-11-26 12:48:03 X.X.X.X:31945 peer info: IV_GUI_VER=net.openvpn.connect.android_3.3.0-8367
2022-11-26 12:48:03 X.X.X.X:31945 peer info: IV_SSO=webauth,openurl
2022-11-26 12:48:03 X.X.X.X:31945 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1549', remote='link-mtu 1521'
2022-11-26 12:48:03 X.X.X.X:31945 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256
2022-11-26 12:48:03 X.X.X.X:31945 [<censored>.dedyn.io] Peer Connection Initiated with [AF_INET6]::ffff:X.X.X.X:31945
2022-11-26 12:48:03 MULTI: new connection by client '<censored>.dedyn.io' will cause previous active sessions by this client to be dropped. Remember to use the --duplicate-cn option if you want multiple clients using the same certificate or username to concurrently connect.
2022-11-26 12:48:03 MULTI_sva: pool returned IPv4=10.8.0.3, IPv6=(Not enabled)
2022-11-26 12:48:03 MULTI: Learn: 10.8.0.3 -> <censored>.dedyn.io/X.X.X.X:31945
2022-11-26 12:48:03 MULTI: primary virtual IP for <censored>.dedyn.io/X.X.X.X:31945: 10.8.0.3
2022-11-26 12:48:03 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2022-11-26 12:48:03 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2022-11-26 12:48:03 SENT CONTROL [<censored>.dedyn.io]: 'PUSH_REPLY,route 192.168.2.0 255.255.255.0,dhcp-option DNS 192.168.2.4,route-gateway 10.8.0.1,topology subnet,ifconfig 10.8.0.3 255.255.255.0,peer-id 2,cipher AES-256-GCM' (status=1)
2022-11-26 12:48:03 <censored>.dedyn.io/X.X.X.X:31945 PUSH: Received control message: 'PUSH_REQUEST'
2022-11-26 12:48:11 <censored>.dedyn.io/X.X.X.X:31945 SIGTERM[soft,remote-exit] received, client-instance exiting
2022-11-26 12:48:12 X.X.X.X:32202 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2022-11-26 12:48:12 X.X.X.X:32202 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2022-11-26 12:48:12 X.X.X.X:32202 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2022-11-26 12:48:12 X.X.X.X:32202 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2022-11-26 12:48:12 X.X.X.X:32202 TLS: Initial packet from [AF_INET6]::ffff:X.X.X.X:32202, sid=e51110de 099fe0c9
2022-11-26 12:48:12 X.X.X.X:32202 CRL: loaded 1 CRLs from file /etc/certificates/CA/openvpn_ca.crl
2022-11-26 12:48:12 X.X.X.X:32202 VERIFY OK: depth=1, CN=<censored>.dedyn.io, C=DE, ST=<censored>, L=<censored>, O=Private, emailAddress=<censored>
2022-11-26 12:48:12 X.X.X.X:32202 VERIFY KU OK
2022-11-26 12:48:12 X.X.X.X:32202 Validating certificate extended key usage
2022-11-26 12:48:12 X.X.X.X:32202 ++ Certificate has EKU (str) TLS Web Client Authentication, expects TLS Web Client Authentication
2022-11-26 12:48:12 X.X.X.X:32202 VERIFY EKU OK
2022-11-26 12:48:12 X.X.X.X:32202 VERIFY OK: depth=0, CN=<censored>.dedyn.io, C=DE, ST=<censored>, L=<censored>, O=Private, emailAddress=<censored>
2022-11-26 12:48:12 X.X.X.X:32202 peer info: IV_VER=3.git::d3f8b18b:Release
2022-11-26 12:48:12 X.X.X.X:32202 peer info: IV_PLAT=android
2022-11-26 12:48:12 X.X.X.X:32202 peer info: IV_NCP=2
2022-11-26 12:48:12 X.X.X.X:32202 peer info: IV_TCPNL=1
2022-11-26 12:48:12 X.X.X.X:32202 peer info: IV_PROTO=30
2022-11-26 12:48:12 X.X.X.X:32202 peer info: IV_CIPHERS=AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305
2022-11-26 12:48:12 X.X.X.X:32202 peer info: IV_AUTO_SESS=1
2022-11-26 12:48:12 X.X.X.X:32202 peer info: IV_GUI_VER=net.openvpn.connect.android_3.3.0-8367
2022-11-26 12:48:12 X.X.X.X:32202 peer info: IV_SSO=webauth,openurl
2022-11-26 12:48:12 X.X.X.X:32202 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1549', remote='link-mtu 1521'
2022-11-26 12:48:12 X.X.X.X:32202 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256
2022-11-26 12:48:12 X.X.X.X:32202 [<censored>.dedyn.io] Peer Connection Initiated with [AF_INET6]::ffff:X.X.X.X:32202
2022-11-26 12:48:12 <censored>.dedyn.io/X.X.X.X:32202 MULTI_sva: pool returned IPv4=10.8.0.3, IPv6=(Not enabled)
2022-11-26 12:48:12 <censored>.dedyn.io/X.X.X.X:32202 MULTI: Learn: 10.8.0.3 -> <censored>.dedyn.io/X.X.X.X:32202
2022-11-26 12:48:12 <censored>.dedyn.io/X.X.X.X:32202 MULTI: primary virtual IP for <censored>.dedyn.io/X.X.X.X:32202: 10.8.0.3
2022-11-26 12:48:12 <censored>.dedyn.io/X.X.X.X:32202 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2022-11-26 12:48:12 <censored>.dedyn.io/X.X.X.X:32202 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2022-11-26 12:48:12 <censored>.dedyn.io/X.X.X.X:32202 SENT CONTROL [<censored>.dedyn.io]: 'PUSH_REPLY,route 192.168.2.0 255.255.255.0,dhcp-option DNS 192.168.2.4,route-gateway 10.8.0.1,topology subnet,ifconfig 10.8.0.3 255.255.255.0,peer-id 0,cipher AES-256-GCM' (status=1)
2022-11-26 12:48:12 <censored>.dedyn.io/X.X.X.X:32202 PUSH: Received control message: 'PUSH_REQUEST'
2022-11-26 12:48:17 <censored>.dedyn.io/X.X.X.X:32202 SIGTERM[soft,remote-exit] received, client-instance exiting
2022-11-26 12:49:16 <censored>.dedyn.io/X.X.X.X:60787 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2022-11-26 12:49:16 <censored>.dedyn.io/X.X.X.X:60787 TLS Error: TLS handshake failed
2022-11-26 12:50:31 <censored>.dedyn.io/X.X.X.X:60787 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2022-11-26 12:50:31 <censored>.dedyn.io/X.X.X.X:60787 TLS Error: TLS handshake failed
2022-11-26 12:51:46 <censored>.dedyn.io/X.X.X.X:60787 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2022-11-26 12:51:46 <censored>.dedyn.io/X.X.X.X:60787 TLS Error: TLS handshake failed
2022-11-26 12:53:02 <censored>.dedyn.io/X.X.X.X:60787 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2022-11-26 12:53:02 <censored>.dedyn.io/X.X.X.X:60787 TLS Error: TLS handshake failed
2022-11-26 12:54:17 <censored>.dedyn.io/X.X.X.X:60787 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2022-11-26 12:54:17 <censored>.dedyn.io/X.X.X.X:60787 TLS Error: TLS handshake failed
2022-11-26 12:55:32 <censored>.dedyn.io/X.X.X.X:60787 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2022-11-26 12:55:32 <censored>.dedyn.io/X.X.X.X:60787 TLS Error: TLS handshake failed
2022-11-26 12:56:47 <censored>.dedyn.io/X.X.X.X:60787 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2022-11-26 12:56:47 <censored>.dedyn.io/X.X.X.X:60787 TLS Error: TLS handshake failed
2022-11-26 12:57:58 tls-crypt unwrap error: packet too short
2022-11-26 12:57:58 TLS Error: tls-crypt unwrapping failed from [AF_INET6]::ffff:X.X.X.X:40898
2022-11-26 12:58:03 <censored>.dedyn.io/X.X.X.X:60787 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2022-11-26 12:58:03 <censored>.dedyn.io/X.X.X.X:60787 TLS Error: TLS handshake failed
2022-11-26 12:59:19 <censored>.dedyn.io/X.X.X.X:60787 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2022-11-26 12:59:19 <censored>.dedyn.io/X.X.X.X:60787 TLS Error: TLS handshake failed
2022-11-26 13:00:34 <censored>.dedyn.io/X.X.X.X:60787 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2022-11-26 13:00:34 <censored>.dedyn.io/X.X.X.X:60787 TLS Error: TLS handshake failed
2022-11-26 13:01:50 <censored>.dedyn.io/X.X.X.X:60787 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2022-11-26 13:01:50 <censored>.dedyn.io/X.X.X.X:60787 TLS Error: TLS handshake failed
2022-11-26 13:03:05 <censored>.dedyn.io/X.X.X.X:60787 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2022-11-26 13:03:05 <censored>.dedyn.io/X.X.X.X:60787 TLS Error: TLS handshake failed
2022-11-26 13:03:50 X.X.X.X:65397 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2022-11-26 13:03:50 X.X.X.X:65397 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2022-11-26 13:03:50 X.X.X.X:65397 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2022-11-26 13:03:50 X.X.X.X:65397 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2022-11-26 13:03:50 X.X.X.X:65397 TLS: Initial packet from [AF_INET6]::ffff:X.X.X.X:65397, sid=df9491ea 34d37e27
2022-11-26 13:03:50 X.X.X.X:65397 CRL: loaded 1 CRLs from file /etc/certificates/CA/openvpn_ca.crl
2022-11-26 13:03:50 X.X.X.X:65397 VERIFY OK: depth=1, CN=<censored>.dedyn.io, C=DE, ST=<censored>, L=<censored>, O=Private, emailAddress=<censored>
2022-11-26 13:03:50 X.X.X.X:65397 VERIFY KU OK
2022-11-26 13:03:50 X.X.X.X:65397 Validating certificate extended key usage
2022-11-26 13:03:50 X.X.X.X:65397 ++ Certificate has EKU (str) TLS Web Client Authentication, expects TLS Web Client Authentication
2022-11-26 13:03:50 X.X.X.X:65397 VERIFY EKU OK
2022-11-26 13:03:50 X.X.X.X:65397 VERIFY OK: depth=0, CN=<censored>.dedyn.io, C=DE, ST=<censored>, L=<censored>, O=Private, emailAddress=<censored>
2022-11-26 13:03:50 X.X.X.X:65397 peer info: IV_VER=2.5.8
2022-11-26 13:03:50 X.X.X.X:65397 peer info: IV_PLAT=win
2022-11-26 13:03:50 X.X.X.X:65397 peer info: IV_PROTO=6
2022-11-26 13:03:50 X.X.X.X:65397 peer info: IV_NCP=2
2022-11-26 13:03:50 X.X.X.X:65397 peer info: IV_CIPHERS=AES-256-GCM:AES-128-GCM
2022-11-26 13:03:50 X.X.X.X:65397 peer info: IV_LZ4=1
2022-11-26 13:03:50 X.X.X.X:65397 peer info: IV_LZ4v2=1
2022-11-26 13:03:50 X.X.X.X:65397 peer info: IV_LZO=1
2022-11-26 13:03:50 X.X.X.X:65397 peer info: IV_COMP_STUB=1
2022-11-26 13:03:50 X.X.X.X:65397 peer info: IV_COMP_STUBv2=1
2022-11-26 13:03:50 X.X.X.X:65397 peer info: IV_TCPNL=1
2022-11-26 13:03:50 X.X.X.X:65397 peer info: IV_GUI_VER=OpenVPN_GUI_11
2022-11-26 13:03:50 X.X.X.X:65397 peer info: IV_SSO=openurl,crtext
2022-11-26 13:03:50 X.X.X.X:65397 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256
2022-11-26 13:03:50 X.X.X.X:65397 [<censored>.dedyn.io] Peer Connection Initiated with [AF_INET6]::ffff:X.X.X.X:65397
2022-11-26 13:03:50 <censored>.dedyn.io/X.X.X.X:65397 MULTI_sva: pool returned IPv4=10.8.0.3, IPv6=(Not enabled)
2022-11-26 13:03:50 <censored>.dedyn.io/X.X.X.X:65397 MULTI: Learn: 10.8.0.3 -> <censored>.dedyn.io/X.X.X.X:65397
2022-11-26 13:03:50 <censored>.dedyn.io/X.X.X.X:65397 MULTI: primary virtual IP for <censored>.dedyn.io/X.X.X.X:65397: 10.8.0.3
2022-11-26 13:03:50 <censored>.dedyn.io/X.X.X.X:65397 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2022-11-26 13:03:50 <censored>.dedyn.io/X.X.X.X:65397 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2022-11-26 13:03:50 <censored>.dedyn.io/X.X.X.X:65397 SENT CONTROL [<censored>.dedyn.io]: 'PUSH_REPLY,route 192.168.2.0 255.255.255.0,dhcp-option DNS 192.168.2.4,route-gateway 10.8.0.1,topology subnet,ifconfig 10.8.0.3 255.255.255.0,peer-id 0,cipher AES-256-GCM' (status=1)
2022-11-26 13:04:20 <censored>.dedyn.io/X.X.X.X:60787 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2022-11-26 13:04:20 <censored>.dedyn.io/X.X.X.X:60787 TLS Error: TLS handshake failed
2022-11-26 13:04:21 <censored>.dedyn.io/X.X.X.X:65397 TLS: new session incoming connection from [AF_INET6]::ffff:X.X.X.X:65397
2022-11-26 13:04:22 <censored>.dedyn.io/X.X.X.X:65397 VERIFY OK: depth=1, CN=<censored>.dedyn.io, C=DE, ST=<censored>, L=<censored>, O=Private, emailAddress=<censored>
2022-11-26 13:04:22 <censored>.dedyn.io/X.X.X.X:65397 VERIFY KU OK
2022-11-26 13:04:22 <censored>.dedyn.io/X.X.X.X:65397 Validating certificate extended key usage
2022-11-26 13:04:22 <censored>.dedyn.io/X.X.X.X:65397 ++ Certificate has EKU (str) TLS Web Client Authentication, expects TLS Web Client Authentication
2022-11-26 13:04:22 <censored>.dedyn.io/X.X.X.X:65397 VERIFY EKU OK
2022-11-26 13:04:22 <censored>.dedyn.io/X.X.X.X:65397 VERIFY OK: depth=0, CN=<censored>.dedyn.io, C=DE, ST=<censored>, L=<censored>, O=Private, emailAddress=<censored>
2022-11-26 13:04:22 <censored>.dedyn.io/X.X.X.X:65397 peer info: IV_VER=2.5.8
2022-11-26 13:04:22 <censored>.dedyn.io/X.X.X.X:65397 peer info: IV_PLAT=win
2022-11-26 13:04:22 <censored>.dedyn.io/X.X.X.X:65397 peer info: IV_PROTO=6
2022-11-26 13:04:22 <censored>.dedyn.io/X.X.X.X:65397 peer info: IV_NCP=2
2022-11-26 13:04:22 <censored>.dedyn.io/X.X.X.X:65397 peer info: IV_CIPHERS=AES-256-GCM:AES-128-GCM
2022-11-26 13:04:22 <censored>.dedyn.io/X.X.X.X:65397 peer info: IV_LZ4=1
2022-11-26 13:04:22 <censored>.dedyn.io/X.X.X.X:65397 peer info: IV_LZ4v2=1
2022-11-26 13:04:22 <censored>.dedyn.io/X.X.X.X:65397 peer info: IV_LZO=1
2022-11-26 13:04:22 <censored>.dedyn.io/X.X.X.X:65397 peer info: IV_COMP_STUB=1
2022-11-26 13:04:22 <censored>.dedyn.io/X.X.X.X:65397 peer info: IV_COMP_STUBv2=1
2022-11-26 13:04:22 <censored>.dedyn.io/X.X.X.X:65397 peer info: IV_TCPNL=1
2022-11-26 13:04:22 <censored>.dedyn.io/X.X.X.X:65397 peer info: IV_GUI_VER=OpenVPN_GUI_11
2022-11-26 13:04:22 <censored>.dedyn.io/X.X.X.X:65397 peer info: IV_SSO=openurl,crtext
2022-11-26 13:04:22 <censored>.dedyn.io/X.X.X.X:65397 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2022-11-26 13:04:22 <censored>.dedyn.io/X.X.X.X:65397 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2022-11-26 13:04:22 <censored>.dedyn.io/X.X.X.X:65397 TLS: move_session: dest=TM_ACTIVE src=TM_UNTRUSTED reinit_src=1
2022-11-26 13:04:22 <censored>.dedyn.io/X.X.X.X:65397 TLS: tls_multi_process: untrusted session promoted to semi-trusted
2022-11-26 13:04:22 <censored>.dedyn.io/X.X.X.X:65397 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256
2022-11-26 13:04:23 <censored>.dedyn.io/X.X.X.X:65397 PUSH: Received control message: 'PUSH_REQUEST'
2022-11-26 13:04:23 <censored>.dedyn.io/X.X.X.X:65397 SENT CONTROL [<censored>.dedyn.io]: 'PUSH_REPLY,route 192.168.2.0 255.255.255.0,dhcp-option DNS 192.168.2.4,route-gateway 10.8.0.1,topology subnet,ifconfig 10.8.0.3 255.255.255.0,peer-id 0,cipher AES-256-GCM' (status=1)
2022-11-26 13:05:36 <censored>.dedyn.io/X.X.X.X:60787 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2022-11-26 13:05:36 <censored>.dedyn.io/X.X.X.X:60787 TLS Error: TLS handshake failed
2022-11-26 13:06:51 <censored>.dedyn.io/X.X.X.X:60787 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2022-11-26 13:06:51 <censored>.dedyn.io/X.X.X.X:60787 TLS Error: TLS handshake failed
2022-11-26 13:08:07 <censored>.dedyn.io/X.X.X.X:60787 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2022-11-26 13:08:07 <censored>.dedyn.io/X.X.X.X:60787 TLS Error: TLS handshake failed
2022-11-26 13:08:42 X.X.X.X:36506 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2022-11-26 13:08:42 X.X.X.X:36506 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2022-11-26 13:08:42 X.X.X.X:36506 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2022-11-26 13:08:42 X.X.X.X:36506 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2022-11-26 13:08:42 X.X.X.X:36506 TLS: Initial packet from [AF_INET6]::ffff:X.X.X.X:36506, sid=1d5c05c6 7a081fe4
2022-11-26 13:08:42 X.X.X.X:36506 CRL: loaded 1 CRLs from file /etc/certificates/CA/openvpn_ca.crl
2022-11-26 13:08:42 X.X.X.X:36506 VERIFY OK: depth=1, CN=<censored>.dedyn.io, C=DE, ST=<censored>, L=<censored>, O=Private, emailAddress=<censored>
2022-11-26 13:08:42 X.X.X.X:36506 VERIFY KU OK
2022-11-26 13:08:42 X.X.X.X:36506 Validating certificate extended key usage
2022-11-26 13:08:42 X.X.X.X:36506 ++ Certificate has EKU (str) TLS Web Client Authentication, expects TLS Web Client Authentication
2022-11-26 13:08:42 X.X.X.X:36506 VERIFY EKU OK
2022-11-26 13:08:42 X.X.X.X:36506 VERIFY OK: depth=0, CN=<censored>.dedyn.io, C=DE, ST=<censored>, L=<censored>, O=Private, emailAddress=<censored>
2022-11-26 13:08:42 X.X.X.X:36506 peer info: IV_VER=2.5.8
2022-11-26 13:08:42 X.X.X.X:36506 peer info: IV_PLAT=win
2022-11-26 13:08:42 X.X.X.X:36506 peer info: IV_PROTO=6
2022-11-26 13:08:42 X.X.X.X:36506 peer info: IV_NCP=2
2022-11-26 13:08:42 X.X.X.X:36506 peer info: IV_CIPHERS=AES-256-GCM:AES-128-GCM
2022-11-26 13:08:42 X.X.X.X:36506 peer info: IV_LZ4=1
2022-11-26 13:08:42 X.X.X.X:36506 peer info: IV_LZ4v2=1
2022-11-26 13:08:42 X.X.X.X:36506 peer info: IV_LZO=1
2022-11-26 13:08:42 X.X.X.X:36506 peer info: IV_COMP_STUB=1
2022-11-26 13:08:42 X.X.X.X:36506 peer info: IV_COMP_STUBv2=1
2022-11-26 13:08:42 X.X.X.X:36506 peer info: IV_TCPNL=1
2022-11-26 13:08:42 X.X.X.X:36506 peer info: IV_GUI_VER=OpenVPN_GUI_11
2022-11-26 13:08:42 X.X.X.X:36506 peer info: IV_SSO=openurl,crtext
2022-11-26 13:08:42 X.X.X.X:36506 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256
2022-11-26 13:08:42 X.X.X.X:36506 [<censored>.dedyn.io] Peer Connection Initiated with [AF_INET6]::ffff:X.X.X.X:36506
2022-11-26 13:08:42 MULTI: new connection by client '<censored>.dedyn.io' will cause previous active sessions by this client to be dropped. Remember to use the --duplicate-cn option if you want multiple clients using the same certificate or username to concurrently connect.
2022-11-26 13:08:42 MULTI_sva: pool returned IPv4=10.8.0.3, IPv6=(Not enabled)
2022-11-26 13:08:42 MULTI: Learn: 10.8.0.3 -> <censored>.dedyn.io/X.X.X.X:36506
2022-11-26 13:08:42 MULTI: primary virtual IP for <censored>.dedyn.io/X.X.X.X:36506: 10.8.0.3
2022-11-26 13:08:42 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2022-11-26 13:08:42 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2022-11-26 13:08:42 SENT CONTROL [<censored>.dedyn.io]: 'PUSH_REPLY,route 192.168.2.0 255.255.255.0,dhcp-option DNS 192.168.2.4,route-gateway 10.8.0.1,topology subnet,ifconfig 10.8.0.3 255.255.255.0,peer-id 2,cipher AES-256-GCM' (status=1)
2022-11-26 13:09:22 <censored>.dedyn.io/X.X.X.X:60787 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2022-11-26 13:09:22 <censored>.dedyn.io/X.X.X.X:60787 TLS Error: TLS handshake failed
2022-11-26 13:09:22 <censored>.dedyn.io/X.X.X.X:60787 TLS: tls_multi_process: killed expiring key
2022-11-26 13:09:22 <censored>.dedyn.io/X.X.X.X:60787 SIGUSR1[soft,tls-error] received, client-instance restarting
2022-11-26 13:12:15 X.X.X.X:3272 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2022-11-26 13:12:15 X.X.X.X:3272 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2022-11-26 13:12:15 X.X.X.X:3272 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2022-11-26 13:12:15 X.X.X.X:3272 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2022-11-26 13:12:15 X.X.X.X:3272 TLS: Initial packet from [AF_INET6]::ffff:X.X.X.X:3272, sid=67ddd9c2 90948f46
2022-11-26 13:12:15 X.X.X.X:3272 CRL: loaded 1 CRLs from file /etc/certificates/CA/openvpn_ca.crl
2022-11-26 13:12:15 X.X.X.X:3272 VERIFY OK: depth=1, CN=<censored>.dedyn.io, C=DE, ST=<censored>, L=<censored>, O=Private, emailAddress=<censored>
2022-11-26 13:12:15 X.X.X.X:3272 VERIFY KU OK
2022-11-26 13:12:15 X.X.X.X:3272 Validating certificate extended key usage
2022-11-26 13:12:15 X.X.X.X:3272 ++ Certificate has EKU (str) TLS Web Client Authentication, expects TLS Web Client Authentication
2022-11-26 13:12:15 X.X.X.X:3272 VERIFY EKU OK
2022-11-26 13:12:15 X.X.X.X:3272 VERIFY OK: depth=0, CN=<censored>.dedyn.io, C=DE, ST=<censored>, L=<censored>, O=Private, emailAddress=<censored>
2022-11-26 13:12:15 X.X.X.X:3272 peer info: IV_VER=2.5.8
2022-11-26 13:12:15 X.X.X.X:3272 peer info: IV_PLAT=win
2022-11-26 13:12:15 X.X.X.X:3272 peer info: IV_PROTO=6
2022-11-26 13:12:15 X.X.X.X:3272 peer info: IV_NCP=2
2022-11-26 13:12:15 X.X.X.X:3272 peer info: IV_CIPHERS=AES-256-GCM:AES-128-GCM
2022-11-26 13:12:15 X.X.X.X:3272 peer info: IV_LZ4=1
2022-11-26 13:12:15 X.X.X.X:3272 peer info: IV_LZ4v2=1
2022-11-26 13:12:15 X.X.X.X:3272 peer info: IV_LZO=1
2022-11-26 13:12:15 X.X.X.X:3272 peer info: IV_COMP_STUB=1
2022-11-26 13:12:15 X.X.X.X:3272 peer info: IV_COMP_STUBv2=1
2022-11-26 13:12:15 X.X.X.X:3272 peer info: IV_TCPNL=1
2022-11-26 13:12:15 X.X.X.X:3272 peer info: IV_GUI_VER=OpenVPN_GUI_11
2022-11-26 13:12:15 X.X.X.X:3272 peer info: IV_SSO=openurl,crtext
2022-11-26 13:12:15 X.X.X.X:3272 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256
2022-11-26 13:12:15 X.X.X.X:3272 [<censored>.dedyn.io] Peer Connection Initiated with [AF_INET6]::ffff:X.X.X.X:3272
2022-11-26 13:12:15 MULTI: new connection by client '<censored>.dedyn.io' will cause previous active sessions by this client to be dropped. Remember to use the --duplicate-cn option if you want multiple clients using the same certificate or username to concurrently connect.
2022-11-26 13:12:15 MULTI_sva: pool returned IPv4=10.8.0.2, IPv6=(Not enabled)
2022-11-26 13:12:15 MULTI: Learn: 10.8.0.2 -> <censored>.dedyn.io/X.X.X.X:3272
2022-11-26 13:12:15 MULTI: primary virtual IP for <censored>.dedyn.io/X.X.X.X:3272: 10.8.0.2
2022-11-26 13:12:15 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2022-11-26 13:12:15 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2022-11-26 13:12:15 SENT CONTROL [<censored>.dedyn.io]: 'PUSH_REPLY,route 192.168.2.0 255.255.255.0,dhcp-option DNS 192.168.2.4,route-gateway 10.8.0.1,topology subnet,ifconfig 10.8.0.2 255.255.255.0,peer-id 0,cipher AES-256-GCM' (status=1)
2022-11-26 14:11:20 <censored>.dedyn.io/X.X.X.X:3272 TLS: soft reset sec=3545/3545 bytes=7121085/-1 pkts=14135/0
2022-11-26 14:11:21 <censored>.dedyn.io/X.X.X.X:3272 VERIFY OK: depth=1, CN=<censored>.dedyn.io, C=DE, ST=<censored>, L=<censored>, O=Private, emailAddress=<censored>
2022-11-26 14:11:21 <censored>.dedyn.io/X.X.X.X:3272 VERIFY KU OK
2022-11-26 14:11:21 <censored>.dedyn.io/X.X.X.X:3272 Validating certificate extended key usage
2022-11-26 14:11:21 <censored>.dedyn.io/X.X.X.X:3272 ++ Certificate has EKU (str) TLS Web Client Authentication, expects TLS Web Client Authentication
2022-11-26 14:11:21 <censored>.dedyn.io/X.X.X.X:3272 VERIFY EKU OK
2022-11-26 14:11:21 <censored>.dedyn.io/X.X.X.X:3272 VERIFY OK: depth=0, CN=<censored>.dedyn.io, C=DE, ST=<censored>, L=<censored>, O=Private, emailAddress=<censored>
2022-11-26 14:11:21 <censored>.dedyn.io/X.X.X.X:3272 peer info: IV_VER=2.5.8
2022-11-26 14:11:21 <censored>.dedyn.io/X.X.X.X:3272 peer info: IV_PLAT=win
2022-11-26 14:11:21 <censored>.dedyn.io/X.X.X.X:3272 peer info: IV_PROTO=6
2022-11-26 14:11:21 <censored>.dedyn.io/X.X.X.X:3272 peer info: IV_NCP=2
2022-11-26 14:11:21 <censored>.dedyn.io/X.X.X.X:3272 peer info: IV_CIPHERS=AES-256-GCM:AES-128-GCM
2022-11-26 14:11:21 <censored>.dedyn.io/X.X.X.X:3272 peer info: IV_LZ4=1
2022-11-26 14:11:21 <censored>.dedyn.io/X.X.X.X:3272 peer info: IV_LZ4v2=1
2022-11-26 14:11:21 <censored>.dedyn.io/X.X.X.X:3272 peer info: IV_LZO=1
2022-11-26 14:11:21 <censored>.dedyn.io/X.X.X.X:3272 peer info: IV_COMP_STUB=1
2022-11-26 14:11:21 <censored>.dedyn.io/X.X.X.X:3272 peer info: IV_COMP_STUBv2=1
2022-11-26 14:11:21 <censored>.dedyn.io/X.X.X.X:3272 peer info: IV_TCPNL=1
2022-11-26 14:11:21 <censored>.dedyn.io/X.X.X.X:3272 peer info: IV_GUI_VER=OpenVPN_GUI_11
2022-11-26 14:11:21 <censored>.dedyn.io/X.X.X.X:3272 peer info: IV_SSO=openurl,crtext
2022-11-26 14:11:21 <censored>.dedyn.io/X.X.X.X:3272 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2022-11-26 14:11:21 <censored>.dedyn.io/X.X.X.X:3272 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2022-11-26 14:11:21 <censored>.dedyn.io/X.X.X.X:3272 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256
2022-11-26 14:31:30 X.X.X.X:1912 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2022-11-26 14:31:30 X.X.X.X:1912 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2022-11-26 14:31:30 X.X.X.X:1912 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2022-11-26 14:31:30 X.X.X.X:1912 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2022-11-26 14:31:30 X.X.X.X:1912 TLS: Initial packet from [AF_INET6]::ffff:X.X.X.X:1912, sid=e3dc4d52 c50751cc
2022-11-26 14:31:30 X.X.X.X:1912 CRL: loaded 1 CRLs from file /etc/certificates/CA/openvpn_ca.crl
2022-11-26 14:31:30 X.X.X.X:1912 VERIFY OK: depth=1, CN=<censored>.dedyn.io, C=DE, ST=<censored>, L=<censored>, O=Private, emailAddress=<censored>
2022-11-26 14:31:30 X.X.X.X:1912 VERIFY KU OK
2022-11-26 14:31:30 X.X.X.X:1912 Validating certificate extended key usage
2022-11-26 14:31:30 X.X.X.X:1912 ++ Certificate has EKU (str) TLS Web Client Authentication, expects TLS Web Client Authentication
2022-11-26 14:31:30 X.X.X.X:1912 VERIFY EKU OK
2022-11-26 14:31:30 X.X.X.X:1912 VERIFY OK: depth=0, CN=<censored>.dedyn.io, C=DE, ST=<censored>, L=<censored>, O=Private, emailAddress=<censored>
2022-11-26 14:31:30 X.X.X.X:1912 peer info: IV_VER=2.5.8
2022-11-26 14:31:30 X.X.X.X:1912 peer info: IV_PLAT=win
2022-11-26 14:31:30 X.X.X.X:1912 peer info: IV_PROTO=6
2022-11-26 14:31:30 X.X.X.X:1912 peer info: IV_NCP=2
2022-11-26 14:31:30 X.X.X.X:1912 peer info: IV_CIPHERS=AES-256-GCM:AES-128-GCM
2022-11-26 14:31:30 X.X.X.X:1912 peer info: IV_LZ4=1
2022-11-26 14:31:30 X.X.X.X:1912 peer info: IV_LZ4v2=1
2022-11-26 14:31:30 X.X.X.X:1912 peer info: IV_LZO=1
2022-11-26 14:31:30 X.X.X.X:1912 peer info: IV_COMP_STUB=1
2022-11-26 14:31:30 X.X.X.X:1912 peer info: IV_COMP_STUBv2=1
2022-11-26 14:31:30 X.X.X.X:1912 peer info: IV_TCPNL=1
2022-11-26 14:31:30 X.X.X.X:1912 peer info: IV_GUI_VER=OpenVPN_GUI_11
2022-11-26 14:31:30 X.X.X.X:1912 peer info: IV_SSO=openurl,crtext
2022-11-26 14:31:30 X.X.X.X:1912 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256
2022-11-26 14:31:30 X.X.X.X:1912 [<censored>.dedyn.io] Peer Connection Initiated with [AF_INET6]::ffff:X.X.X.X:1912
Here is my current server configuration:
port 1194
dev tun
#dev-type tun -FIXME: This does not work, it is an openvpn issue in FreeBSD
ca /etc/certificates/CA/openvpn_ca.crt
cert /etc/certificates/openvpn_server.crt
key /etc/certificates/openvpn_server.key
dh /data/dhparam.pem
crl-verify /etc/certificates/CA/openvpn_ca.crl
server 10.8.0.0 255.255.255.0
user nobody
group nobody
status /var/log/openvpn/openvpn-status.log
log-append /var/log/openvpn/openvpn.log
verb 3
persist-tun
persist-key
remote-cert-tls client
topology subnet
cipher AES-256-GCM
auth SHA512
push "route 192.168.2.0 255.255.255.0"
push "dhcp-option DNS 192.168.2.4"
server 10.8.0.0 255.255.255.0
And this is my client configuration:
dev tun
proto udp
port 1194
remote "<censored>.dedyn.io"
user nobody
group nobody
persist-key
persist-tun
verb 3
remote-cert-tls server
auth SHA512
cipher AES-256-GCM
What is going wrong here and how can I fix this permanently?
Any help is greatly appreciated.