Hello. I'm ok with computers but not a techy by any stretch. In any event, I have somehow managed to set up and use OpenVpnGUI to connect to my office router from home and then to ultimately connect to computers in my office network. It has been functioning well for 3 years so I don't mess with things too much other than to periodically do the software updates. Recently I updated from version 2.5.8 to version 2.6.3 and now I get something called a TLS handshake error:
TLS 1.0+ instead of TLS 1.0 only
2023-02-03 14:25:02 us=843000 OpenSSL: error:0A000102:SSL routines::unsupported protocol
2023-02-03 14:25:02 us=843000 TLS_ERROR: BIO read tls_read_plaintext error
2023-02-03 14:25:02 us=843000 TLS Error: TLS object -> incoming plaintext read error
2023-02-03 14:25:02 us=843000 TLS Error: TLS handshake failed(see attached image).
When I then delete version 2.6.3 and reinstall and reconfigure 2.5.8 everything works fine again. Can anyone tell me what specific changes I would need to make to my home computer and/or office router in order to make version 2.6.3 work? I have tried to find an answer and there are some mentions of this type of error when I do an internet search but I have to admit that the instructions I have found for correcting the problem don't make much sense to me. Thank you. Matt
Computer: Lenovo ideapad 3-17IML05 Laptop - Type 81WC
OS: Windows10 Pro Version: 22H2/Build:19045.2546 all completely updated as of the date of this post.
Office Router: Netgear Nighthawk R7000 V1.0.11.136_10.2.120
OpenVpn Version: 11.31.0.0.
OpenVPN GUI 2.6.3 TLS Error
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
-
Dundee
- OpenVpn Newbie
- Posts: 1
- Joined: Sun Feb 05, 2023 3:04 pm
Re: OpenVPN GUI 2.6.3 TLS Error
Same issue here.
After I updated my OpenVPN Client from 2.5.8 to 2.6.0 (OpenVPN-2.6.0-I003-amd64.msi) via "Community Downloads" Page, I cannot use my Win 10 PC to connect my remote Netgear Router (Netgear R7000), similar TLS handshake error obtained.
Now I fallback my OpenVPN Client to 2.5.8 (OpenVPN-2.5.8-I604-amd64.msi), the OpenVPN connection between my Win 10 PC and remote Netgear Router can be established again and resume normal.
Computer: Lenovo PC
OpenVPN version: 2.6.0 (OpenVPN-2.6.0-I003-amd64.msi)
OS: Windows 10 Pro 22H2 x64
Remote Router: Netgear Nighthawk R7000 V1.0.9.42_10.2.44
====================================================================
My OpenVPN Config File
====================================================================
My OpenVPN Log:
2.6.0 (Unsuccessful Connection)
2.5.8 (Successful Connection)
After I updated my OpenVPN Client from 2.5.8 to 2.6.0 (OpenVPN-2.6.0-I003-amd64.msi) via "Community Downloads" Page, I cannot use my Win 10 PC to connect my remote Netgear Router (Netgear R7000), similar TLS handshake error obtained.
Now I fallback my OpenVPN Client to 2.5.8 (OpenVPN-2.5.8-I604-amd64.msi), the OpenVPN connection between my Win 10 PC and remote Netgear Router can be established again and resume normal.
Computer: Lenovo PC
OpenVPN version: 2.6.0 (OpenVPN-2.6.0-I003-amd64.msi)
OS: Windows 10 Pro 22H2 x64
Remote Router: Netgear Nighthawk R7000 V1.0.9.42_10.2.44
====================================================================
My OpenVPN Config File
Code: Select all
client
dev tap
proto udp
remote XYZ.com 12974
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
cipher AES-128-CBC
comp-lzo
verb 5
My OpenVPN Log:
2.6.0 (Unsuccessful Connection)
Code: Select all
2023-02-05 23:37:50 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
2023-02-05 23:37:50 us=828000 DEPRECATED OPTION: --cipher set to 'AES-128-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). OpenVPN ignores --cipher for cipher negotiations.
2023-02-05 23:37:50 us=828000 Note: '--allow-compression' is not set to 'no', disabling data channel offload.
2023-02-05 23:37:50 us=843000 Current Parameter Settings:
2023-02-05 23:37:50 us=843000 config = 'client1.ovpn'
2023-02-05 23:37:50 us=843000 mode = 0
2023-02-05 23:37:50 us=843000 show_ciphers = DISABLED
2023-02-05 23:37:50 us=843000 show_digests = DISABLED
2023-02-05 23:37:50 us=843000 show_engines = DISABLED
2023-02-05 23:37:50 us=843000 genkey = DISABLED
2023-02-05 23:37:50 us=843000 genkey_filename = '[UNDEF]'
2023-02-05 23:37:50 us=843000 key_pass_file = '[UNDEF]'
2023-02-05 23:37:50 us=843000 show_tls_ciphers = DISABLED
2023-02-05 23:37:50 us=843000 connect_retry_max = 0
2023-02-05 23:37:50 us=843000 Connection profiles [0]:
2023-02-05 23:37:50 us=843000 proto = udp
2023-02-05 23:37:50 us=843000 local = '[UNDEF]'
2023-02-05 23:37:50 us=843000 local_port = '[UNDEF]'
2023-02-05 23:37:50 us=843000 remote = 'XYZ.com'
2023-02-05 23:37:50 us=843000 remote_port = '12974'
2023-02-05 23:37:50 us=843000 remote_float = DISABLED
2023-02-05 23:37:50 us=843000 bind_defined = DISABLED
2023-02-05 23:37:50 us=843000 bind_local = DISABLED
2023-02-05 23:37:50 us=843000 bind_ipv6_only = DISABLED
2023-02-05 23:37:50 us=843000 connect_retry_seconds = 1
2023-02-05 23:37:50 us=843000 connect_timeout = 120
2023-02-05 23:37:50 us=843000 socks_proxy_server = '[UNDEF]'
2023-02-05 23:37:50 us=843000 socks_proxy_port = '[UNDEF]'
2023-02-05 23:37:50 us=843000 tun_mtu = 1500
2023-02-05 23:37:50 us=843000 tun_mtu_defined = ENABLED
2023-02-05 23:37:50 us=843000 link_mtu = 1500
2023-02-05 23:37:50 us=843000 link_mtu_defined = DISABLED
2023-02-05 23:37:50 us=843000 tun_mtu_extra = 32
2023-02-05 23:37:50 us=843000 tun_mtu_extra_defined = ENABLED
2023-02-05 23:37:50 us=843000 tls_mtu = 1250
2023-02-05 23:37:50 us=843000 mtu_discover_type = -1
2023-02-05 23:37:50 us=843000 fragment = 0
2023-02-05 23:37:50 us=843000 mssfix = 1492
2023-02-05 23:37:50 us=843000 mssfix_encap = ENABLED
2023-02-05 23:37:50 us=843000 mssfix_fixed = DISABLED
2023-02-05 23:37:50 us=843000 explicit_exit_notification = 0
2023-02-05 23:37:50 us=843000 tls_auth_file = '[UNDEF]'
2023-02-05 23:37:50 us=843000 key_direction = not set
2023-02-05 23:37:50 us=843000 tls_crypt_file = '[UNDEF]'
2023-02-05 23:37:50 us=843000 tls_crypt_v2_file = '[UNDEF]'
2023-02-05 23:37:50 us=843000 Connection profiles END
2023-02-05 23:37:50 us=843000 remote_random = DISABLED
2023-02-05 23:37:50 us=843000 ipchange = '[UNDEF]'
2023-02-05 23:37:50 us=843000 dev = 'tap'
2023-02-05 23:37:50 us=843000 dev_type = '[UNDEF]'
2023-02-05 23:37:50 us=843000 dev_node = '[UNDEF]'
2023-02-05 23:37:50 us=843000 tuntap_options.disable_dco = ENABLED
2023-02-05 23:37:50 us=843000 lladdr = '[UNDEF]'
2023-02-05 23:37:50 us=843000 topology = 1
2023-02-05 23:37:50 us=843000 ifconfig_local = '[UNDEF]'
2023-02-05 23:37:50 us=843000 ifconfig_remote_netmask = '[UNDEF]'
2023-02-05 23:37:50 us=843000 ifconfig_noexec = DISABLED
2023-02-05 23:37:50 us=843000 ifconfig_nowarn = DISABLED
2023-02-05 23:37:50 us=843000 ifconfig_ipv6_local = '[UNDEF]'
2023-02-05 23:37:50 us=843000 ifconfig_ipv6_netbits = 0
2023-02-05 23:37:50 us=843000 ifconfig_ipv6_remote = '[UNDEF]'
2023-02-05 23:37:50 us=843000 shaper = 0
2023-02-05 23:37:50 us=843000 mtu_test = 0
2023-02-05 23:37:50 us=843000 mlock = DISABLED
2023-02-05 23:37:50 us=843000 keepalive_ping = 0
2023-02-05 23:37:50 us=843000 keepalive_timeout = 0
2023-02-05 23:37:50 us=843000 inactivity_timeout = 0
2023-02-05 23:37:50 us=843000 session_timeout = 0
2023-02-05 23:37:50 us=843000 inactivity_minimum_bytes = 0
2023-02-05 23:37:50 us=843000 ping_send_timeout = 0
2023-02-05 23:37:50 us=843000 ping_rec_timeout = 0
2023-02-05 23:37:50 us=843000 ping_rec_timeout_action = 0
2023-02-05 23:37:50 us=843000 ping_timer_remote = DISABLED
2023-02-05 23:37:50 us=843000 remap_sigusr1 = 0
2023-02-05 23:37:50 us=843000 persist_tun = ENABLED
2023-02-05 23:37:50 us=843000 persist_local_ip = DISABLED
2023-02-05 23:37:50 us=843000 persist_remote_ip = DISABLED
2023-02-05 23:37:50 us=843000 persist_key = ENABLED
2023-02-05 23:37:50 us=843000 passtos = DISABLED
2023-02-05 23:37:50 us=843000 resolve_retry_seconds = 1000000000
2023-02-05 23:37:50 us=843000 resolve_in_advance = DISABLED
2023-02-05 23:37:50 us=843000 username = '[UNDEF]'
2023-02-05 23:37:50 us=843000 groupname = '[UNDEF]'
2023-02-05 23:37:50 us=843000 chroot_dir = '[UNDEF]'
2023-02-05 23:37:50 us=843000 cd_dir = '[UNDEF]'
2023-02-05 23:37:50 us=843000 writepid = '[UNDEF]'
2023-02-05 23:37:50 us=843000 up_script = '[UNDEF]'
2023-02-05 23:37:50 us=843000 down_script = '[UNDEF]'
2023-02-05 23:37:50 us=843000 down_pre = DISABLED
2023-02-05 23:37:50 us=843000 up_restart = DISABLED
2023-02-05 23:37:50 us=843000 up_delay = DISABLED
2023-02-05 23:37:50 us=843000 daemon = DISABLED
2023-02-05 23:37:50 us=843000 log = ENABLED
2023-02-05 23:37:50 us=843000 suppress_timestamps = DISABLED
2023-02-05 23:37:50 us=843000 machine_readable_output = DISABLED
2023-02-05 23:37:50 us=843000 nice = 0
2023-02-05 23:37:50 us=843000 verbosity = 5
2023-02-05 23:37:50 us=843000 mute = 0
2023-02-05 23:37:50 us=843000 status_file = '[UNDEF]'
2023-02-05 23:37:50 us=843000 status_file_version = 1
2023-02-05 23:37:50 us=843000 status_file_update_freq = 60
2023-02-05 23:37:50 us=843000 occ = ENABLED
2023-02-05 23:37:50 us=843000 rcvbuf = 0
2023-02-05 23:37:50 us=843000 sndbuf = 0
2023-02-05 23:37:50 us=843000 sockflags = 0
2023-02-05 23:37:50 us=843000 fast_io = DISABLED
2023-02-05 23:37:50 us=843000 comp.alg = 2
2023-02-05 23:37:50 us=843000 comp.flags = 1
2023-02-05 23:37:50 us=843000 route_script = '[UNDEF]'
2023-02-05 23:37:50 us=843000 route_default_gateway = '[UNDEF]'
2023-02-05 23:37:50 us=843000 route_default_metric = 0
2023-02-05 23:37:50 us=843000 route_noexec = DISABLED
2023-02-05 23:37:50 us=843000 route_delay = 5
2023-02-05 23:37:50 us=843000 route_delay_window = 30
2023-02-05 23:37:50 us=843000 route_delay_defined = ENABLED
2023-02-05 23:37:50 us=843000 route_nopull = DISABLED
2023-02-05 23:37:50 us=843000 route_gateway_via_dhcp = DISABLED
2023-02-05 23:37:50 us=843000 allow_pull_fqdn = DISABLED
2023-02-05 23:37:50 us=843000 Pull filters:
2023-02-05 23:37:50 us=843000 ignore "route-method"
2023-02-05 23:37:50 us=843000 management_addr = '127.0.0.1'
2023-02-05 23:37:50 us=843000 management_port = '25340'
2023-02-05 23:37:50 us=843000 management_user_pass = 'stdin'
2023-02-05 23:37:50 us=843000 management_log_history_cache = 250
2023-02-05 23:37:50 us=843000 management_echo_buffer_size = 100
2023-02-05 23:37:50 us=843000 management_client_user = '[UNDEF]'
2023-02-05 23:37:50 us=843000 management_client_group = '[UNDEF]'
2023-02-05 23:37:50 us=843000 management_flags = 6
2023-02-05 23:37:50 us=843000 shared_secret_file = '[UNDEF]'
2023-02-05 23:37:50 us=843000 key_direction = not set
2023-02-05 23:37:50 us=843000 ciphername = 'AES-128-CBC'
2023-02-05 23:37:50 us=843000 ncp_ciphers = 'AES-256-GCM:AES-128-GCM'
2023-02-05 23:37:50 us=843000 authname = 'SHA1'
2023-02-05 23:37:50 us=843000 engine = DISABLED
2023-02-05 23:37:50 us=843000 replay = ENABLED
2023-02-05 23:37:50 us=843000 mute_replay_warnings = DISABLED
2023-02-05 23:37:50 us=843000 replay_window = 64
2023-02-05 23:37:50 us=843000 replay_time = 15
2023-02-05 23:37:50 us=843000 packet_id_file = '[UNDEF]'
2023-02-05 23:37:50 us=843000 test_crypto = DISABLED
2023-02-05 23:37:50 us=843000 tls_server = DISABLED
2023-02-05 23:37:50 us=843000 tls_client = ENABLED
2023-02-05 23:37:50 us=843000 ca_file = 'ca.crt'
2023-02-05 23:37:50 us=843000 ca_path = '[UNDEF]'
2023-02-05 23:37:50 us=843000 dh_file = '[UNDEF]'
2023-02-05 23:37:50 us=843000 cert_file = 'client.crt'
2023-02-05 23:37:50 us=843000 extra_certs_file = '[UNDEF]'
2023-02-05 23:37:50 us=843000 priv_key_file = 'client.key'
2023-02-05 23:37:50 us=843000 pkcs12_file = '[UNDEF]'
2023-02-05 23:37:50 us=843000 cryptoapi_cert = '[UNDEF]'
2023-02-05 23:37:50 us=843000 cipher_list = '[UNDEF]'
2023-02-05 23:37:50 us=843000 cipher_list_tls13 = '[UNDEF]'
2023-02-05 23:37:50 us=843000 tls_cert_profile = '[UNDEF]'
2023-02-05 23:37:50 us=843000 tls_verify = '[UNDEF]'
2023-02-05 23:37:50 us=843000 tls_export_cert = '[UNDEF]'
2023-02-05 23:37:50 us=843000 verify_x509_type = 0
2023-02-05 23:37:50 us=843000 verify_x509_name = '[UNDEF]'
2023-02-05 23:37:50 us=843000 crl_file = '[UNDEF]'
2023-02-05 23:37:50 us=843000 ns_cert_type = 0
2023-02-05 23:37:50 us=843000 remote_cert_ku[i] = 0
2023-02-05 23:37:50 us=843000 remote_cert_ku[i] = 0
2023-02-05 23:37:50 us=843000 remote_cert_ku[i] = 0
2023-02-05 23:37:50 us=843000 remote_cert_ku[i] = 0
2023-02-05 23:37:50 us=843000 remote_cert_ku[i] = 0
2023-02-05 23:37:50 us=843000 remote_cert_ku[i] = 0
2023-02-05 23:37:50 us=843000 remote_cert_ku[i] = 0
2023-02-05 23:37:50 us=843000 remote_cert_ku[i] = 0
2023-02-05 23:37:50 us=843000 remote_cert_ku[i] = 0
2023-02-05 23:37:50 us=843000 remote_cert_ku[i] = 0
2023-02-05 23:37:50 us=843000 remote_cert_ku[i] = 0
2023-02-05 23:37:50 us=843000 remote_cert_ku[i] = 0
2023-02-05 23:37:50 us=843000 remote_cert_ku[i] = 0
2023-02-05 23:37:50 us=843000 remote_cert_ku[i] = 0
2023-02-05 23:37:50 us=843000 remote_cert_ku[i] = 0
2023-02-05 23:37:50 us=843000 remote_cert_ku[i] = 0
2023-02-05 23:37:50 us=843000 remote_cert_eku = '[UNDEF]'
2023-02-05 23:37:50 us=843000 ssl_flags = 192
2023-02-05 23:37:50 us=843000 tls_timeout = 2
2023-02-05 23:37:50 us=843000 renegotiate_bytes = -1
2023-02-05 23:37:50 us=843000 renegotiate_packets = 0
2023-02-05 23:37:50 us=843000 renegotiate_seconds = 3600
2023-02-05 23:37:50 us=843000 handshake_window = 60
2023-02-05 23:37:50 us=843000 transition_window = 3600
2023-02-05 23:37:50 us=843000 single_session = DISABLED
2023-02-05 23:37:50 us=843000 push_peer_info = DISABLED
2023-02-05 23:37:50 us=843000 tls_exit = DISABLED
2023-02-05 23:37:50 us=843000 tls_crypt_v2_metadata = '[UNDEF]'
2023-02-05 23:37:50 us=843000 pkcs11_protected_authentication = DISABLED
2023-02-05 23:37:50 us=843000 pkcs11_protected_authentication = DISABLED
2023-02-05 23:37:50 us=843000 pkcs11_protected_authentication = DISABLED
2023-02-05 23:37:50 us=843000 pkcs11_protected_authentication = DISABLED
2023-02-05 23:37:50 us=843000 pkcs11_protected_authentication = DISABLED
2023-02-05 23:37:50 us=843000 pkcs11_protected_authentication = DISABLED
2023-02-05 23:37:50 us=843000 pkcs11_protected_authentication = DISABLED
2023-02-05 23:37:50 us=843000 pkcs11_protected_authentication = DISABLED
2023-02-05 23:37:50 us=843000 pkcs11_protected_authentication = DISABLED
2023-02-05 23:37:50 us=843000 pkcs11_protected_authentication = DISABLED
2023-02-05 23:37:50 us=843000 pkcs11_protected_authentication = DISABLED
2023-02-05 23:37:50 us=843000 pkcs11_protected_authentication = DISABLED
2023-02-05 23:37:50 us=843000 pkcs11_protected_authentication = DISABLED
2023-02-05 23:37:50 us=843000 pkcs11_protected_authentication = DISABLED
2023-02-05 23:37:50 us=843000 pkcs11_protected_authentication = DISABLED
2023-02-05 23:37:50 us=843000 pkcs11_protected_authentication = DISABLED
2023-02-05 23:37:50 us=843000 pkcs11_private_mode = 00000000
2023-02-05 23:37:50 us=843000 pkcs11_private_mode = 00000000
2023-02-05 23:37:50 us=843000 pkcs11_private_mode = 00000000
2023-02-05 23:37:50 us=843000 pkcs11_private_mode = 00000000
2023-02-05 23:37:50 us=843000 pkcs11_private_mode = 00000000
2023-02-05 23:37:50 us=843000 pkcs11_private_mode = 00000000
2023-02-05 23:37:50 us=843000 pkcs11_private_mode = 00000000
2023-02-05 23:37:50 us=843000 pkcs11_private_mode = 00000000
2023-02-05 23:37:50 us=843000 pkcs11_private_mode = 00000000
2023-02-05 23:37:50 us=843000 pkcs11_private_mode = 00000000
2023-02-05 23:37:50 us=843000 pkcs11_private_mode = 00000000
2023-02-05 23:37:50 us=843000 pkcs11_private_mode = 00000000
2023-02-05 23:37:50 us=843000 pkcs11_private_mode = 00000000
2023-02-05 23:37:50 us=843000 pkcs11_private_mode = 00000000
2023-02-05 23:37:50 us=843000 pkcs11_private_mode = 00000000
2023-02-05 23:37:50 us=843000 pkcs11_private_mode = 00000000
2023-02-05 23:37:50 us=843000 pkcs11_cert_private = DISABLED
2023-02-05 23:37:50 us=843000 pkcs11_cert_private = DISABLED
2023-02-05 23:37:50 us=843000 pkcs11_cert_private = DISABLED
2023-02-05 23:37:50 us=843000 pkcs11_cert_private = DISABLED
2023-02-05 23:37:50 us=843000 pkcs11_cert_private = DISABLED
2023-02-05 23:37:50 us=843000 pkcs11_cert_private = DISABLED
2023-02-05 23:37:50 us=843000 pkcs11_cert_private = DISABLED
2023-02-05 23:37:50 us=843000 pkcs11_cert_private = DISABLED
2023-02-05 23:37:50 us=843000 pkcs11_cert_private = DISABLED
2023-02-05 23:37:50 us=843000 pkcs11_cert_private = DISABLED
2023-02-05 23:37:50 us=843000 pkcs11_cert_private = DISABLED
2023-02-05 23:37:50 us=843000 pkcs11_cert_private = DISABLED
2023-02-05 23:37:50 us=843000 pkcs11_cert_private = DISABLED
2023-02-05 23:37:50 us=843000 pkcs11_cert_private = DISABLED
2023-02-05 23:37:50 us=843000 pkcs11_cert_private = DISABLED
2023-02-05 23:37:50 us=843000 pkcs11_cert_private = DISABLED
2023-02-05 23:37:50 us=843000 pkcs11_pin_cache_period = -1
2023-02-05 23:37:50 us=843000 pkcs11_id = '[UNDEF]'
2023-02-05 23:37:50 us=843000 pkcs11_id_management = DISABLED
2023-02-05 23:37:50 us=843000 server_network = 0.0.0.0
2023-02-05 23:37:50 us=843000 server_netmask = 0.0.0.0
2023-02-05 23:37:50 us=843000 server_network_ipv6 = ::
2023-02-05 23:37:50 us=843000 server_netbits_ipv6 = 0
2023-02-05 23:37:50 us=843000 server_bridge_ip = 0.0.0.0
2023-02-05 23:37:50 us=843000 server_bridge_netmask = 0.0.0.0
2023-02-05 23:37:50 us=843000 server_bridge_pool_start = 0.0.0.0
2023-02-05 23:37:50 us=843000 server_bridge_pool_end = 0.0.0.0
2023-02-05 23:37:50 us=843000 ifconfig_pool_defined = DISABLED
2023-02-05 23:37:50 us=843000 ifconfig_pool_start = 0.0.0.0
2023-02-05 23:37:50 us=843000 ifconfig_pool_end = 0.0.0.0
2023-02-05 23:37:50 us=843000 ifconfig_pool_netmask = 0.0.0.0
2023-02-05 23:37:50 us=843000 ifconfig_pool_persist_filename = '[UNDEF]'
2023-02-05 23:37:50 us=843000 ifconfig_pool_persist_refresh_freq = 600
2023-02-05 23:37:50 us=843000 ifconfig_ipv6_pool_defined = DISABLED
2023-02-05 23:37:50 us=843000 ifconfig_ipv6_pool_base = ::
2023-02-05 23:37:50 us=843000 ifconfig_ipv6_pool_netbits = 0
2023-02-05 23:37:50 us=843000 n_bcast_buf = 256
2023-02-05 23:37:50 us=843000 tcp_queue_limit = 64
2023-02-05 23:37:50 us=843000 real_hash_size = 256
2023-02-05 23:37:50 us=843000 virtual_hash_size = 256
2023-02-05 23:37:50 us=843000 client_connect_script = '[UNDEF]'
2023-02-05 23:37:50 us=843000 learn_address_script = '[UNDEF]'
2023-02-05 23:37:50 us=843000 client_disconnect_script = '[UNDEF]'
2023-02-05 23:37:50 us=843000 client_crresponse_script = '[UNDEF]'
2023-02-05 23:37:50 us=843000 client_config_dir = '[UNDEF]'
2023-02-05 23:37:50 us=843000 ccd_exclusive = DISABLED
2023-02-05 23:37:50 us=843000 tmp_dir = 'F:\Temp\'
2023-02-05 23:37:50 us=843000 push_ifconfig_defined = DISABLED
2023-02-05 23:37:50 us=843000 push_ifconfig_local = 0.0.0.0
2023-02-05 23:37:50 us=843000 push_ifconfig_remote_netmask = 0.0.0.0
2023-02-05 23:37:50 us=843000 push_ifconfig_ipv6_defined = DISABLED
2023-02-05 23:37:50 us=843000 push_ifconfig_ipv6_local = ::/0
2023-02-05 23:37:50 us=843000 push_ifconfig_ipv6_remote = ::
2023-02-05 23:37:50 us=843000 enable_c2c = DISABLED
2023-02-05 23:37:50 us=843000 duplicate_cn = DISABLED
2023-02-05 23:37:50 us=843000 cf_max = 0
2023-02-05 23:37:50 us=843000 cf_per = 0
2023-02-05 23:37:50 us=843000 cf_initial_max = 100
2023-02-05 23:37:50 us=843000 cf_initial_per = 10
2023-02-05 23:37:50 us=843000 max_clients = 1024
2023-02-05 23:37:50 us=843000 max_routes_per_client = 256
2023-02-05 23:37:50 us=843000 auth_user_pass_verify_script = '[UNDEF]'
2023-02-05 23:37:50 us=843000 auth_user_pass_verify_script_via_file = DISABLED
2023-02-05 23:37:50 us=843000 auth_token_generate = DISABLED
2023-02-05 23:37:50 us=843000 auth_token_lifetime = 0
2023-02-05 23:37:50 us=843000 auth_token_secret_file = '[UNDEF]'
2023-02-05 23:37:50 us=843000 vlan_tagging = DISABLED
2023-02-05 23:37:50 us=843000 vlan_accept = all
2023-02-05 23:37:50 us=843000 vlan_pvid = 1
2023-02-05 23:37:50 us=843000 client = ENABLED
2023-02-05 23:37:50 us=843000 pull = ENABLED
2023-02-05 23:37:50 us=843000 auth_user_pass_file = '[UNDEF]'
2023-02-05 23:37:50 us=843000 show_net_up = DISABLED
2023-02-05 23:37:50 us=843000 route_method = 3
2023-02-05 23:37:50 us=843000 block_outside_dns = DISABLED
2023-02-05 23:37:50 us=843000 ip_win32_defined = DISABLED
2023-02-05 23:37:50 us=843000 ip_win32_type = 3
2023-02-05 23:37:50 us=843000 dhcp_masq_offset = 0
2023-02-05 23:37:50 us=843000 dhcp_lease_time = 31536000
2023-02-05 23:37:50 us=843000 tap_sleep = 0
2023-02-05 23:37:50 us=843000 dhcp_options = DISABLED
2023-02-05 23:37:50 us=843000 dhcp_renew = DISABLED
2023-02-05 23:37:50 us=843000 dhcp_pre_release = DISABLED
2023-02-05 23:37:50 us=843000 domain = '[UNDEF]'
2023-02-05 23:37:50 us=843000 netbios_scope = '[UNDEF]'
2023-02-05 23:37:50 us=843000 netbios_node_type = 0
2023-02-05 23:37:50 us=843000 disable_nbt = DISABLED
2023-02-05 23:37:50 us=843000 OpenVPN 2.6.0 [git:v2.6.0/b999466418dddb89] Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] [DCO] built on Jan 25 2023
2023-02-05 23:37:50 us=843000 Windows version 10.0 (Windows 10 or greater), amd64 executable
2023-02-05 23:37:50 us=843000 library versions: OpenSSL 3.0.7 1 Nov 2022, LZO 2.10
2023-02-05 23:37:50 us=843000 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
2023-02-05 23:37:50 us=843000 Need hold release from management interface, waiting...
2023-02-05 23:37:51 us=421000 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:52072
2023-02-05 23:37:51 us=531000 MANAGEMENT: CMD 'state on'
2023-02-05 23:37:51 us=531000 MANAGEMENT: CMD 'log on all'
2023-02-05 23:37:51 us=875000 MANAGEMENT: CMD 'echo on all'
2023-02-05 23:37:51 us=875000 MANAGEMENT: CMD 'bytecount 5'
2023-02-05 23:37:51 us=875000 MANAGEMENT: CMD 'state'
2023-02-05 23:37:51 us=875000 MANAGEMENT: CMD 'hold off'
2023-02-05 23:37:51 us=875000 MANAGEMENT: CMD 'hold release'
2023-02-05 23:37:51 us=875000 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
2023-02-05 23:37:51 us=890000 LZO compression initializing
2023-02-05 23:37:51 us=890000 Control Channel MTU parms [ mss_fix:0 max_frag:0 tun_mtu:1250 tun_max_mtu:0 headroom:126 payload:1600 tailroom:126 ET:0 ]
2023-02-05 23:37:51 us=890000 MANAGEMENT: >STATE:1675611471,RESOLVE,,,,,,
2023-02-05 23:37:52 us=187000 Data Channel MTU parms [ mss_fix:0 max_frag:0 tun_mtu:1500 tun_max_mtu:1600 headroom:136 payload:1800 tailroom:568 ET:32 ]
2023-02-05 23:37:52 us=187000 TCP/UDP: Preserving recently used remote address: [AF_INET]1.XX.YYY.ZZZ:12974
2023-02-05 23:37:52 us=187000 Socket Buffers: R=[65536->65536] S=[65536->65536]
2023-02-05 23:37:52 us=187000 UDPv4 link local: (not bound)
2023-02-05 23:37:52 us=187000 UDPv4 link remote: [AF_INET]1.XX.YYY.ZZZ:12974
2023-02-05 23:37:52 us=187000 MANAGEMENT: >STATE:1675611472,WAIT,,,,,,
WR2023-02-05 23:37:52 us=250000 MANAGEMENT: >STATE:1675611472,AUTH,,,,,,
2023-02-05 23:37:52 us=250000 TLS: Initial packet from [AF_INET]1.XX.YYY.ZZZ:12974, sid=dc56ef0b 5fa131bd
WRR2023-02-05 23:37:52 us=359000 TLS error: Unsupported protocol. This typically indicates that client and server have no common TLS version enabled. This can be caused by mismatched tls-version-min and tls-version-max options on client and server. If your OpenVPN client is between v2.3.6 and v2.3.2 try adding tls-version-min 1.0 to the client configuration to use TLS 1.0+ instead of TLS 1.0 only
2023-02-05 23:37:52 us=359000 OpenSSL: error:0A000102:SSL routines::unsupported protocol
2023-02-05 23:37:52 us=359000 TLS_ERROR: BIO read tls_read_plaintext error
2023-02-05 23:37:52 us=359000 TLS Error: TLS object -> incoming plaintext read error
2023-02-05 23:37:52 us=359000 TLS Error: TLS handshake failed
2023-02-05 23:37:52 us=359000 TCP/UDP: Closing socket
2023-02-05 23:37:52 us=359000 SIGUSR1[soft,tls-error] received, process restarting
2023-02-05 23:37:52 us=359000 MANAGEMENT: >STATE:1675611472,RECONNECTING,tls-error,,,,,
2023-02-05 23:37:52 us=359000 Restart pause, 1 second(s)
2023-02-05 23:37:53 us=359000 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
2023-02-05 23:37:53 us=359000 Re-using SSL/TLS context
2023-02-05 23:37:53 us=359000 LZO compression initializing
2023-02-05 23:37:53 us=359000 Control Channel MTU parms [ mss_fix:0 max_frag:0 tun_mtu:1250 tun_max_mtu:0 headroom:126 payload:1600 tailroom:126 ET:0 ]
2023-02-05 23:37:53 us=359000 MANAGEMENT: >STATE:1675611473,RESOLVE,,,,,,
2023-02-05 23:37:53 us=359000 Data Channel MTU parms [ mss_fix:0 max_frag:0 tun_mtu:1500 tun_max_mtu:1600 headroom:136 payload:1800 tailroom:568 ET:32 ]
2023-02-05 23:37:53 us=359000 TCP/UDP: Preserving recently used remote address: [AF_INET]1.XX.YYY.ZZZ:12974
2023-02-05 23:37:53 us=359000 Socket Buffers: R=[65536->65536] S=[65536->65536]
2023-02-05 23:37:53 us=359000 UDPv4 link local: (not bound)
2023-02-05 23:37:53 us=359000 UDPv4 link remote: [AF_INET]1.XX.YYY.ZZZ:12974
2023-02-05 23:37:53 us=359000 MANAGEMENT: >STATE:1675611473,WAIT,,,,,,
WR2023-02-05 23:37:53 us=437000 MANAGEMENT: >STATE:1675611473,AUTH,,,,,,
2023-02-05 23:37:53 us=437000 TLS: Initial packet from [AF_INET]1.XX.YYY.ZZZ:12974, sid=f670cda4 4aca066e
WRR2023-02-05 23:37:53 us=562000 TLS error: Unsupported protocol. This typically indicates that client and server have no common TLS version enabled. This can be caused by mismatched tls-version-min and tls-version-max options on client and server. If your OpenVPN client is between v2.3.6 and v2.3.2 try adding tls-version-min 1.0 to the client configuration to use TLS 1.0+ instead of TLS 1.0 only
2023-02-05 23:37:53 us=562000 OpenSSL: error:0A000102:SSL routines::unsupported protocol
2023-02-05 23:37:53 us=562000 TLS_ERROR: BIO read tls_read_plaintext error
2023-02-05 23:37:53 us=562000 TLS Error: TLS object -> incoming plaintext read error
2023-02-05 23:37:53 us=562000 TLS Error: TLS handshake failed
2023-02-05 23:37:53 us=562000 TCP/UDP: Closing socket
2023-02-05 23:37:53 us=562000 SIGUSR1[soft,tls-error] received, process restarting
2023-02-05 23:37:53 us=562000 MANAGEMENT: >STATE:1675611473,RECONNECTING,tls-error,,,,,
2023-02-05 23:37:53 us=562000 Restart pause, 1 second(s)Code: Select all
2023-02-05 23:43:13 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
2023-02-05 23:43:13 us=765000 DEPRECATED OPTION: --cipher set to 'AES-128-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-128-CBC' to --data-ciphers or change --cipher 'AES-128-CBC' to --data-ciphers-fallback 'AES-128-CBC' to silence this warning.
2023-02-05 23:43:13 us=765000 Current Parameter Settings:
2023-02-05 23:43:13 us=765000 config = 'client1.ovpn'
2023-02-05 23:43:13 us=765000 mode = 0
2023-02-05 23:43:13 us=765000 show_ciphers = DISABLED
2023-02-05 23:43:13 us=765000 show_digests = DISABLED
2023-02-05 23:43:13 us=765000 show_engines = DISABLED
2023-02-05 23:43:13 us=765000 genkey = DISABLED
2023-02-05 23:43:13 us=765000 genkey_filename = '[UNDEF]'
2023-02-05 23:43:13 us=765000 key_pass_file = '[UNDEF]'
2023-02-05 23:43:13 us=765000 show_tls_ciphers = DISABLED
2023-02-05 23:43:13 us=765000 connect_retry_max = 0
2023-02-05 23:43:13 us=765000 Connection profiles [0]:
2023-02-05 23:43:13 us=765000 proto = udp
2023-02-05 23:43:13 us=765000 local = '[UNDEF]'
2023-02-05 23:43:13 us=765000 local_port = '[UNDEF]'
2023-02-05 23:43:13 us=765000 remote = 'XYZ.com'
2023-02-05 23:43:13 us=765000 remote_port = '12974'
2023-02-05 23:43:13 us=765000 remote_float = DISABLED
2023-02-05 23:43:13 us=765000 bind_defined = DISABLED
2023-02-05 23:43:13 us=765000 bind_local = DISABLED
2023-02-05 23:43:13 us=765000 bind_ipv6_only = DISABLED
2023-02-05 23:43:13 us=765000 connect_retry_seconds = 5
2023-02-05 23:43:13 us=765000 connect_timeout = 120
2023-02-05 23:43:13 us=765000 socks_proxy_server = '[UNDEF]'
2023-02-05 23:43:13 us=765000 socks_proxy_port = '[UNDEF]'
2023-02-05 23:43:13 us=765000 tun_mtu = 1500
2023-02-05 23:43:13 us=765000 tun_mtu_defined = ENABLED
2023-02-05 23:43:13 us=765000 link_mtu = 1500
2023-02-05 23:43:13 us=765000 link_mtu_defined = DISABLED
2023-02-05 23:43:13 us=765000 tun_mtu_extra = 32
2023-02-05 23:43:13 us=765000 tun_mtu_extra_defined = ENABLED
2023-02-05 23:43:13 us=765000 mtu_discover_type = -1
2023-02-05 23:43:13 us=765000 fragment = 0
2023-02-05 23:43:13 us=765000 mssfix = 1450
2023-02-05 23:43:13 us=765000 explicit_exit_notification = 0
2023-02-05 23:43:13 us=765000 tls_auth_file = '[UNDEF]'
2023-02-05 23:43:13 us=765000 key_direction = not set
2023-02-05 23:43:13 us=765000 tls_crypt_file = '[UNDEF]'
2023-02-05 23:43:13 us=765000 tls_crypt_v2_file = '[UNDEF]'
2023-02-05 23:43:13 us=765000 Connection profiles END
2023-02-05 23:43:13 us=765000 remote_random = DISABLED
2023-02-05 23:43:13 us=765000 ipchange = '[UNDEF]'
2023-02-05 23:43:13 us=765000 dev = 'tap'
2023-02-05 23:43:13 us=765000 dev_type = '[UNDEF]'
2023-02-05 23:43:13 us=765000 dev_node = '[UNDEF]'
2023-02-05 23:43:13 us=765000 lladdr = '[UNDEF]'
2023-02-05 23:43:13 us=765000 topology = 1
2023-02-05 23:43:13 us=765000 ifconfig_local = '[UNDEF]'
2023-02-05 23:43:13 us=765000 ifconfig_remote_netmask = '[UNDEF]'
2023-02-05 23:43:13 us=765000 ifconfig_noexec = DISABLED
2023-02-05 23:43:13 us=765000 ifconfig_nowarn = DISABLED
2023-02-05 23:43:13 us=765000 ifconfig_ipv6_local = '[UNDEF]'
2023-02-05 23:43:13 us=765000 ifconfig_ipv6_netbits = 0
2023-02-05 23:43:13 us=765000 ifconfig_ipv6_remote = '[UNDEF]'
2023-02-05 23:43:13 us=765000 shaper = 0
2023-02-05 23:43:13 us=765000 mtu_test = 0
2023-02-05 23:43:13 us=765000 mlock = DISABLED
2023-02-05 23:43:13 us=765000 keepalive_ping = 0
2023-02-05 23:43:13 us=765000 keepalive_timeout = 0
2023-02-05 23:43:13 us=765000 inactivity_timeout = 0
2023-02-05 23:43:13 us=765000 inactivity_minimum_bytes = 0
2023-02-05 23:43:13 us=765000 ping_send_timeout = 0
2023-02-05 23:43:13 us=765000 ping_rec_timeout = 0
2023-02-05 23:43:13 us=765000 ping_rec_timeout_action = 0
2023-02-05 23:43:13 us=765000 ping_timer_remote = DISABLED
2023-02-05 23:43:13 us=765000 remap_sigusr1 = 0
2023-02-05 23:43:13 us=765000 persist_tun = ENABLED
2023-02-05 23:43:13 us=765000 persist_local_ip = DISABLED
2023-02-05 23:43:13 us=765000 persist_remote_ip = DISABLED
2023-02-05 23:43:13 us=765000 persist_key = ENABLED
2023-02-05 23:43:13 us=765000 passtos = DISABLED
2023-02-05 23:43:13 us=765000 resolve_retry_seconds = 1000000000
2023-02-05 23:43:13 us=765000 resolve_in_advance = DISABLED
2023-02-05 23:43:13 us=765000 username = '[UNDEF]'
2023-02-05 23:43:13 us=765000 groupname = '[UNDEF]'
2023-02-05 23:43:13 us=765000 chroot_dir = '[UNDEF]'
2023-02-05 23:43:13 us=765000 cd_dir = '[UNDEF]'
2023-02-05 23:43:13 us=765000 writepid = '[UNDEF]'
2023-02-05 23:43:13 us=765000 up_script = '[UNDEF]'
2023-02-05 23:43:13 us=765000 down_script = '[UNDEF]'
2023-02-05 23:43:13 us=765000 down_pre = DISABLED
2023-02-05 23:43:13 us=765000 up_restart = DISABLED
2023-02-05 23:43:13 us=765000 up_delay = DISABLED
2023-02-05 23:43:13 us=765000 daemon = DISABLED
2023-02-05 23:43:13 us=765000 inetd = 0
2023-02-05 23:43:13 us=765000 log = ENABLED
2023-02-05 23:43:13 us=765000 suppress_timestamps = DISABLED
2023-02-05 23:43:13 us=765000 machine_readable_output = DISABLED
2023-02-05 23:43:13 us=765000 nice = 0
2023-02-05 23:43:13 us=765000 verbosity = 5
2023-02-05 23:43:13 us=765000 mute = 0
2023-02-05 23:43:13 us=765000 status_file = '[UNDEF]'
2023-02-05 23:43:13 us=765000 status_file_version = 1
2023-02-05 23:43:13 us=765000 status_file_update_freq = 60
2023-02-05 23:43:13 us=765000 occ = ENABLED
2023-02-05 23:43:13 us=765000 rcvbuf = 0
2023-02-05 23:43:13 us=765000 sndbuf = 0
2023-02-05 23:43:13 us=765000 sockflags = 0
2023-02-05 23:43:13 us=765000 fast_io = DISABLED
2023-02-05 23:43:13 us=765000 comp.alg = 2
2023-02-05 23:43:13 us=765000 comp.flags = 1
2023-02-05 23:43:13 us=765000 route_script = '[UNDEF]'
2023-02-05 23:43:13 us=765000 route_default_gateway = '[UNDEF]'
2023-02-05 23:43:13 us=765000 route_default_metric = 0
2023-02-05 23:43:13 us=765000 route_noexec = DISABLED
2023-02-05 23:43:13 us=765000 route_delay = 5
2023-02-05 23:43:13 us=765000 route_delay_window = 30
2023-02-05 23:43:13 us=765000 route_delay_defined = ENABLED
2023-02-05 23:43:13 us=765000 route_nopull = DISABLED
2023-02-05 23:43:13 us=765000 route_gateway_via_dhcp = DISABLED
2023-02-05 23:43:13 us=765000 allow_pull_fqdn = DISABLED
2023-02-05 23:43:13 us=765000 Pull filters:
2023-02-05 23:43:13 us=765000 ignore "route-method"
2023-02-05 23:43:13 us=765000 management_addr = '127.0.0.1'
2023-02-05 23:43:13 us=765000 management_port = '25340'
2023-02-05 23:43:13 us=765000 management_user_pass = 'stdin'
2023-02-05 23:43:13 us=765000 management_log_history_cache = 250
2023-02-05 23:43:13 us=765000 management_echo_buffer_size = 100
2023-02-05 23:43:13 us=765000 management_write_peer_info_file = '[UNDEF]'
2023-02-05 23:43:13 us=765000 management_client_user = '[UNDEF]'
2023-02-05 23:43:13 us=765000 management_client_group = '[UNDEF]'
2023-02-05 23:43:13 us=765000 management_flags = 6
2023-02-05 23:43:13 us=765000 shared_secret_file = '[UNDEF]'
2023-02-05 23:43:13 us=765000 key_direction = not set
2023-02-05 23:43:13 us=765000 ciphername = 'AES-128-CBC'
2023-02-05 23:43:13 us=765000 ncp_enabled = ENABLED
2023-02-05 23:43:13 us=765000 ncp_ciphers = 'AES-256-GCM:AES-128-GCM:AES-128-CBC'
2023-02-05 23:43:13 us=765000 authname = 'SHA1'
2023-02-05 23:43:13 us=765000 prng_hash = 'SHA1'
2023-02-05 23:43:13 us=765000 prng_nonce_secret_len = 16
2023-02-05 23:43:13 us=765000 keysize = 0
2023-02-05 23:43:13 us=765000 engine = DISABLED
2023-02-05 23:43:13 us=765000 replay = ENABLED
2023-02-05 23:43:13 us=765000 mute_replay_warnings = DISABLED
2023-02-05 23:43:13 us=765000 replay_window = 64
2023-02-05 23:43:13 us=765000 replay_time = 15
2023-02-05 23:43:13 us=765000 packet_id_file = '[UNDEF]'
2023-02-05 23:43:13 us=765000 test_crypto = DISABLED
2023-02-05 23:43:13 us=765000 tls_server = DISABLED
2023-02-05 23:43:13 us=765000 tls_client = ENABLED
2023-02-05 23:43:13 us=765000 ca_file = 'ca.crt'
2023-02-05 23:43:13 us=765000 ca_path = '[UNDEF]'
2023-02-05 23:43:13 us=765000 dh_file = '[UNDEF]'
2023-02-05 23:43:13 us=765000 cert_file = 'client.crt'
2023-02-05 23:43:13 us=765000 extra_certs_file = '[UNDEF]'
2023-02-05 23:43:13 us=765000 priv_key_file = 'client.key'
2023-02-05 23:43:13 us=765000 pkcs12_file = '[UNDEF]'
2023-02-05 23:43:13 us=765000 cryptoapi_cert = '[UNDEF]'
2023-02-05 23:43:13 us=765000 cipher_list = '[UNDEF]'
2023-02-05 23:43:13 us=765000 cipher_list_tls13 = '[UNDEF]'
2023-02-05 23:43:13 us=765000 tls_cert_profile = '[UNDEF]'
2023-02-05 23:43:13 us=765000 tls_verify = '[UNDEF]'
2023-02-05 23:43:13 us=765000 tls_export_cert = '[UNDEF]'
2023-02-05 23:43:13 us=765000 verify_x509_type = 0
2023-02-05 23:43:13 us=765000 verify_x509_name = '[UNDEF]'
2023-02-05 23:43:13 us=765000 crl_file = '[UNDEF]'
2023-02-05 23:43:13 us=765000 ns_cert_type = 0
2023-02-05 23:43:13 us=765000 remote_cert_ku[i] = 0
2023-02-05 23:43:13 us=765000 remote_cert_ku[i] = 0
2023-02-05 23:43:13 us=765000 remote_cert_ku[i] = 0
2023-02-05 23:43:13 us=765000 remote_cert_ku[i] = 0
2023-02-05 23:43:13 us=765000 remote_cert_ku[i] = 0
2023-02-05 23:43:13 us=765000 remote_cert_ku[i] = 0
2023-02-05 23:43:13 us=765000 remote_cert_ku[i] = 0
2023-02-05 23:43:13 us=765000 remote_cert_ku[i] = 0
2023-02-05 23:43:13 us=765000 remote_cert_ku[i] = 0
2023-02-05 23:43:13 us=765000 remote_cert_ku[i] = 0
2023-02-05 23:43:13 us=765000 remote_cert_ku[i] = 0
2023-02-05 23:43:13 us=765000 remote_cert_ku[i] = 0
2023-02-05 23:43:13 us=765000 remote_cert_ku[i] = 0
2023-02-05 23:43:13 us=765000 remote_cert_ku[i] = 0
2023-02-05 23:43:13 us=765000 remote_cert_ku[i] = 0
2023-02-05 23:43:13 us=765000 remote_cert_ku[i] = 0
2023-02-05 23:43:13 us=765000 remote_cert_eku = '[UNDEF]'
2023-02-05 23:43:13 us=765000 ssl_flags = 0
2023-02-05 23:43:13 us=765000 tls_timeout = 2
2023-02-05 23:43:13 us=765000 renegotiate_bytes = -1
2023-02-05 23:43:13 us=765000 renegotiate_packets = 0
2023-02-05 23:43:13 us=765000 renegotiate_seconds = 3600
2023-02-05 23:43:13 us=765000 handshake_window = 60
2023-02-05 23:43:13 us=765000 transition_window = 3600
2023-02-05 23:43:13 us=765000 single_session = DISABLED
2023-02-05 23:43:13 us=765000 push_peer_info = DISABLED
2023-02-05 23:43:13 us=765000 tls_exit = DISABLED
2023-02-05 23:43:13 us=765000 tls_crypt_v2_metadata = '[UNDEF]'
2023-02-05 23:43:13 us=765000 pkcs11_protected_authentication = DISABLED
2023-02-05 23:43:13 us=765000 pkcs11_protected_authentication = DISABLED
2023-02-05 23:43:13 us=765000 pkcs11_protected_authentication = DISABLED
2023-02-05 23:43:13 us=765000 pkcs11_protected_authentication = DISABLED
2023-02-05 23:43:13 us=765000 pkcs11_protected_authentication = DISABLED
2023-02-05 23:43:13 us=765000 pkcs11_protected_authentication = DISABLED
2023-02-05 23:43:13 us=765000 pkcs11_protected_authentication = DISABLED
2023-02-05 23:43:13 us=765000 pkcs11_protected_authentication = DISABLED
2023-02-05 23:43:13 us=765000 pkcs11_protected_authentication = DISABLED
2023-02-05 23:43:13 us=765000 pkcs11_protected_authentication = DISABLED
2023-02-05 23:43:13 us=765000 pkcs11_protected_authentication = DISABLED
2023-02-05 23:43:13 us=765000 pkcs11_protected_authentication = DISABLED
2023-02-05 23:43:13 us=765000 pkcs11_protected_authentication = DISABLED
2023-02-05 23:43:13 us=765000 pkcs11_protected_authentication = DISABLED
2023-02-05 23:43:13 us=765000 pkcs11_protected_authentication = DISABLED
2023-02-05 23:43:13 us=765000 pkcs11_protected_authentication = DISABLED
2023-02-05 23:43:13 us=765000 pkcs11_private_mode = 00000000
2023-02-05 23:43:13 us=765000 pkcs11_private_mode = 00000000
2023-02-05 23:43:13 us=765000 pkcs11_private_mode = 00000000
2023-02-05 23:43:13 us=765000 pkcs11_private_mode = 00000000
2023-02-05 23:43:13 us=765000 pkcs11_private_mode = 00000000
2023-02-05 23:43:13 us=765000 pkcs11_private_mode = 00000000
2023-02-05 23:43:13 us=765000 pkcs11_private_mode = 00000000
2023-02-05 23:43:13 us=765000 pkcs11_private_mode = 00000000
2023-02-05 23:43:13 us=765000 pkcs11_private_mode = 00000000
2023-02-05 23:43:13 us=765000 pkcs11_private_mode = 00000000
2023-02-05 23:43:13 us=765000 pkcs11_private_mode = 00000000
2023-02-05 23:43:13 us=765000 pkcs11_private_mode = 00000000
2023-02-05 23:43:13 us=765000 pkcs11_private_mode = 00000000
2023-02-05 23:43:13 us=765000 pkcs11_private_mode = 00000000
2023-02-05 23:43:13 us=765000 pkcs11_private_mode = 00000000
2023-02-05 23:43:13 us=765000 pkcs11_private_mode = 00000000
2023-02-05 23:43:13 us=765000 pkcs11_cert_private = DISABLED
2023-02-05 23:43:13 us=765000 pkcs11_cert_private = DISABLED
2023-02-05 23:43:13 us=765000 pkcs11_cert_private = DISABLED
2023-02-05 23:43:13 us=765000 pkcs11_cert_private = DISABLED
2023-02-05 23:43:13 us=765000 pkcs11_cert_private = DISABLED
2023-02-05 23:43:13 us=765000 pkcs11_cert_private = DISABLED
2023-02-05 23:43:13 us=765000 pkcs11_cert_private = DISABLED
2023-02-05 23:43:13 us=765000 pkcs11_cert_private = DISABLED
2023-02-05 23:43:13 us=765000 pkcs11_cert_private = DISABLED
2023-02-05 23:43:13 us=765000 pkcs11_cert_private = DISABLED
2023-02-05 23:43:13 us=765000 pkcs11_cert_private = DISABLED
2023-02-05 23:43:13 us=765000 pkcs11_cert_private = DISABLED
2023-02-05 23:43:13 us=765000 pkcs11_cert_private = DISABLED
2023-02-05 23:43:13 us=765000 pkcs11_cert_private = DISABLED
2023-02-05 23:43:13 us=765000 pkcs11_cert_private = DISABLED
2023-02-05 23:43:13 us=765000 pkcs11_cert_private = DISABLED
2023-02-05 23:43:13 us=765000 pkcs11_pin_cache_period = -1
2023-02-05 23:43:13 us=765000 pkcs11_id = '[UNDEF]'
2023-02-05 23:43:13 us=765000 pkcs11_id_management = DISABLED
2023-02-05 23:43:13 us=765000 server_network = 0.0.0.0
2023-02-05 23:43:13 us=765000 server_netmask = 0.0.0.0
2023-02-05 23:43:13 us=765000 server_network_ipv6 = ::
2023-02-05 23:43:13 us=765000 server_netbits_ipv6 = 0
2023-02-05 23:43:13 us=765000 server_bridge_ip = 0.0.0.0
2023-02-05 23:43:13 us=765000 server_bridge_netmask = 0.0.0.0
2023-02-05 23:43:13 us=765000 server_bridge_pool_start = 0.0.0.0
2023-02-05 23:43:13 us=765000 server_bridge_pool_end = 0.0.0.0
2023-02-05 23:43:13 us=765000 ifconfig_pool_defined = DISABLED
2023-02-05 23:43:13 us=765000 ifconfig_pool_start = 0.0.0.0
2023-02-05 23:43:13 us=765000 ifconfig_pool_end = 0.0.0.0
2023-02-05 23:43:13 us=765000 ifconfig_pool_netmask = 0.0.0.0
2023-02-05 23:43:13 us=765000 ifconfig_pool_persist_filename = '[UNDEF]'
2023-02-05 23:43:13 us=765000 ifconfig_pool_persist_refresh_freq = 600
2023-02-05 23:43:13 us=765000 ifconfig_ipv6_pool_defined = DISABLED
2023-02-05 23:43:13 us=765000 ifconfig_ipv6_pool_base = ::
2023-02-05 23:43:13 us=765000 ifconfig_ipv6_pool_netbits = 0
2023-02-05 23:43:13 us=765000 n_bcast_buf = 256
2023-02-05 23:43:13 us=765000 tcp_queue_limit = 64
2023-02-05 23:43:13 us=765000 real_hash_size = 256
2023-02-05 23:43:13 us=765000 virtual_hash_size = 256
2023-02-05 23:43:13 us=765000 client_connect_script = '[UNDEF]'
2023-02-05 23:43:13 us=765000 learn_address_script = '[UNDEF]'
2023-02-05 23:43:13 us=765000 client_disconnect_script = '[UNDEF]'
2023-02-05 23:43:13 us=765000 client_config_dir = '[UNDEF]'
2023-02-05 23:43:13 us=765000 ccd_exclusive = DISABLED
2023-02-05 23:43:13 us=765000 tmp_dir = 'F:\Temp\'
2023-02-05 23:43:13 us=765000 push_ifconfig_defined = DISABLED
2023-02-05 23:43:13 us=765000 push_ifconfig_local = 0.0.0.0
2023-02-05 23:43:13 us=765000 push_ifconfig_remote_netmask = 0.0.0.0
2023-02-05 23:43:13 us=765000 push_ifconfig_ipv6_defined = DISABLED
2023-02-05 23:43:13 us=765000 push_ifconfig_ipv6_local = ::/0
2023-02-05 23:43:13 us=765000 push_ifconfig_ipv6_remote = ::
2023-02-05 23:43:13 us=765000 enable_c2c = DISABLED
2023-02-05 23:43:13 us=765000 duplicate_cn = DISABLED
2023-02-05 23:43:13 us=765000 cf_max = 0
2023-02-05 23:43:13 us=765000 cf_per = 0
2023-02-05 23:43:13 us=765000 max_clients = 1024
2023-02-05 23:43:13 us=765000 max_routes_per_client = 256
2023-02-05 23:43:13 us=765000 auth_user_pass_verify_script = '[UNDEF]'
2023-02-05 23:43:13 us=765000 auth_user_pass_verify_script_via_file = DISABLED
2023-02-05 23:43:13 us=765000 auth_token_generate = DISABLED
2023-02-05 23:43:13 us=765000 auth_token_lifetime = 0
2023-02-05 23:43:13 us=765000 auth_token_secret_file = '[UNDEF]'
2023-02-05 23:43:13 us=765000 vlan_tagging = DISABLED
2023-02-05 23:43:13 us=765000 vlan_accept = all
2023-02-05 23:43:13 us=765000 vlan_pvid = 1
2023-02-05 23:43:13 us=765000 client = ENABLED
2023-02-05 23:43:13 us=765000 pull = ENABLED
2023-02-05 23:43:13 us=765000 auth_user_pass_file = '[UNDEF]'
2023-02-05 23:43:13 us=765000 show_net_up = DISABLED
2023-02-05 23:43:13 us=765000 route_method = 3
2023-02-05 23:43:13 us=765000 block_outside_dns = DISABLED
2023-02-05 23:43:13 us=765000 ip_win32_defined = DISABLED
2023-02-05 23:43:13 us=765000 ip_win32_type = 3
2023-02-05 23:43:13 us=765000 dhcp_masq_offset = 0
2023-02-05 23:43:13 us=765000 dhcp_lease_time = 31536000
2023-02-05 23:43:13 us=765000 tap_sleep = 0
2023-02-05 23:43:13 us=765000 dhcp_options = DISABLED
2023-02-05 23:43:13 us=765000 dhcp_renew = DISABLED
2023-02-05 23:43:13 us=765000 dhcp_pre_release = DISABLED
2023-02-05 23:43:13 us=765000 domain = '[UNDEF]'
2023-02-05 23:43:13 us=765000 netbios_scope = '[UNDEF]'
2023-02-05 23:43:13 us=765000 netbios_node_type = 0
2023-02-05 23:43:13 us=765000 disable_nbt = DISABLED
2023-02-05 23:43:13 us=765000 OpenVPN 2.5.8 [git:none/0357ceb877687faa] Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Dec 2 2022
2023-02-05 23:43:13 us=765000 Windows version 10.0 (Windows 10 or greater) 64bit
2023-02-05 23:43:13 us=765000 library versions: OpenSSL 1.1.1s 1 Nov 2022, LZO 2.10
2023-02-05 23:43:13 us=765000 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
2023-02-05 23:43:13 us=765000 Need hold release from management interface, waiting...
2023-02-05 23:43:14 us=234000 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
2023-02-05 23:43:14 us=343000 MANAGEMENT: CMD 'state on'
2023-02-05 23:43:14 us=343000 MANAGEMENT: CMD 'log on all'
2023-02-05 23:43:14 us=640000 MANAGEMENT: CMD 'echo on all'
2023-02-05 23:43:14 us=640000 MANAGEMENT: CMD 'bytecount 5'
2023-02-05 23:43:14 us=656000 MANAGEMENT: CMD 'state'
2023-02-05 23:43:14 us=656000 MANAGEMENT: CMD 'hold off'
2023-02-05 23:43:14 us=656000 MANAGEMENT: CMD 'hold release'
2023-02-05 23:43:14 us=656000 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
2023-02-05 23:43:14 us=656000 LZO compression initializing
2023-02-05 23:43:14 us=656000 Control Channel MTU parms [ L:1654 D:1212 EF:38 EB:0 ET:0 EL:3 ]
2023-02-05 23:43:14 us=656000 MANAGEMENT: >STATE:1675611794,RESOLVE,,,,,,
2023-02-05 23:43:14 us=937000 Data Channel MTU parms [ L:1654 D:1450 EF:122 EB:411 ET:32 EL:3 ]
2023-02-05 23:43:14 us=937000 Local Options String (VER=V4): 'V4,dev-type tap,link-mtu 1590,tun-mtu 1532,proto UDPv4,comp-lzo,cipher AES-128-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
2023-02-05 23:43:14 us=937000 Expected Remote Options String (VER=V4): 'V4,dev-type tap,link-mtu 1590,tun-mtu 1532,proto UDPv4,comp-lzo,cipher AES-128-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
2023-02-05 23:43:14 us=937000 TCP/UDP: Preserving recently used remote address: [AF_INET]1.XX.YYY.ZZZ:12974
2023-02-05 23:43:14 us=937000 Socket Buffers: R=[65536->65536] S=[65536->65536]
2023-02-05 23:43:14 us=937000 UDP link local: (not bound)
2023-02-05 23:43:14 us=937000 UDP link remote: [AF_INET]1.XX.YYY.ZZZ:12974
2023-02-05 23:43:14 us=937000 MANAGEMENT: >STATE:1675611794,WAIT,,,,,,
WR2023-02-05 23:43:14 us=984000 MANAGEMENT: >STATE:1675611794,AUTH,,,,,,
2023-02-05 23:43:14 us=984000 TLS: Initial packet from [AF_INET]1.XX.YYY.ZZZ:12974, sid=9501946b 5451f6d6
WWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWR2023-02-05 23:43:15 us=281000 VERIFY OK: depth=1, C=TW, ST=TW, L=Taipei, O=netgear, OU=netgear, CN=netgear, emailAddress=mail@netgear.com
2023-02-05 23:43:15 us=281000 VERIFY OK: depth=0, C=TW, ST=TW, O=netgear, OU=netgear, CN=netgear, emailAddress=mail@netgear.com
WRWRWRWRWRWRWWRRWRWRWRW2023-02-05 23:43:15 us=609000 Control Channel: TLSv1, cipher SSLv3 DHE-RSA-AES256-SHA, peer certificate: 1024 bit RSA, signature: RSA-SHA256
2023-02-05 23:43:15 us=609000 [netgear] Peer Connection Initiated with [AF_INET]1.XX.YYY.ZZZ:12974
R2023-02-05 23:43:16 us=609000 Key [AF_INET]1.XX.YYY.ZZZ:12974 [0] not initialized (yet), dropping packet.
2023-02-05 23:43:16 us=609000 MANAGEMENT: >STATE:1675611796,GET_CONFIG,,,,,,
2023-02-05 23:43:16 us=609000 SENT CONTROL [netgear]: 'PUSH_REQUEST' (status=1)
WRRWR2023-02-05 23:43:16 us=671000 PUSH: Received control message: 'PUSH_REPLY,route 192.168.0.0 255.255.255.0,route-delay 5,redirect-gateway def1,route-gateway dhcp,ping 10,ping-restart 120'
2023-02-05 23:43:16 us=671000 OPTIONS IMPORT: timers and/or timeouts modified
2023-02-05 23:43:16 us=671000 OPTIONS IMPORT: route options modified
2023-02-05 23:43:16 us=671000 OPTIONS IMPORT: route-related options modified
2023-02-05 23:43:16 us=671000 Using peer cipher 'AES-128-CBC'
2023-02-05 23:43:16 us=671000 Outgoing Data Channel: Cipher 'AES-128-CBC' initialized with 128 bit key
2023-02-05 23:43:16 us=671000 Outgoing Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
2023-02-05 23:43:16 us=671000 Incoming Data Channel: Cipher 'AES-128-CBC' initialized with 128 bit key
2023-02-05 23:43:16 us=671000 Incoming Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
2023-02-05 23:43:16 us=671000 interactive service msg_channel=584
2023-02-05 23:43:16 us=703000 OpenVPN ROUTE: OpenVPN needs a gateway parameter for a --route option and no default was specified by either --route-gateway or --ifconfig options
2023-02-05 23:43:16 us=703000 OpenVPN ROUTE: failed to parse/resolve route for host/network: 192.168.0.0
2023-02-05 23:43:16 us=703000 open_tun
2023-02-05 23:43:16 us=718000 tap-windows6 device [OpenVPN TAP-Windows6] opened
2023-02-05 23:43:16 us=718000 TAP-Windows Driver Version 9.24
2023-02-05 23:43:16 us=718000 TAP-Windows MTU=1500
2023-02-05 23:43:16 us=718000 Successful ARP Flush on interface [21] {408E2D2F-7F21-4B18-8599-25A58EDDA76D}
2023-02-05 23:43:16 us=718000 do_ifconfig, ipv4=0, ipv6=0
2023-02-05 23:43:16 us=718000 MANAGEMENT: >STATE:1675611796,ASSIGN_IP,,,,,,
WrWrWrWrWrWrWRwRwrWR2023-02-05 23:43:17 us=265000 Extracted DHCP router address: 192.168.0.1
wrWrWrWrWrWrWrWrWrWrWrWrWrWrWrWrWrWrWrWrWrWrWrWrWrWrWrWrWrWrWrWrWrWrWrWrWrWrWrWrWrWrWrWrWrWrWrWRwrWRwrWrWrWrWrWr2023-02-05 23:43:21 TEST ROUTES: 0/0 succeeded len=-1 ret=1 a=0 u/d=up
2023-02-05 23:43:21 C:\Windows\system32\route.exe ADD 1.XX.YYY.ZZZ MASK 255.255.255.255 192.168.213.209
2023-02-05 23:43:21 Route addition via service succeeded
2023-02-05 23:43:21 C:\Windows\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 192.168.0.1
2023-02-05 23:43:21 us=15000 Route addition via service succeeded
2023-02-05 23:43:21 us=15000 C:\Windows\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 192.168.0.1
2023-02-05 23:43:21 us=15000 Route addition via service succeeded
2023-02-05 23:43:21 us=15000 Initialization Sequence Completed
2023-02-05 23:43:21 us=15000 MANAGEMENT: >STATE:1675611801,CONNECTED,SUCCESS,,1.XX.YYY.ZZZ,12974,,
WRwRwRwrWrWRwRwrWrWrWRwrWrWrWRwrWRwrWRwrWrWrWrWrWrWrWrWrWrWrWrWrWrWRwRwrWRwrWRwrWrWrWrWrWrWrWRwrWrWrWrWRwRwrWrWrWrWRwRwRwRwrWrWRwRwRwrWrWRwRwRwrWrWRwRwRwrWrWrWrWrWrWRwRwRwrWRwrWrWRwRwRwRwrWrWRwrWrWRwRwrWrWrWRwRwrWr-
mattw1
- OpenVpn Newbie
- Posts: 2
- Joined: Fri Feb 03, 2023 5:37 pm
Re: OpenVPN GUI 2.6.3 TLS Error
Not necessarily on topic per se, but what does the red warning banner on top of this post mean?
-
DaDave
- OpenVpn Newbie
- Posts: 3
- Joined: Wed Jun 03, 2015 9:48 pm
Re: OpenVPN GUI 2.6.3 TLS Error
Hi mattw1, hi Dundee,
i am looking on the exact same issue at the moment. I guess it is related to an update which does not allow the client to use TLS 1.0 anymore as this is deprecated due to security reasons since several years.
Upgrading the OpenVPN version on the server side to allow TLS 1.2 or 1.3 would be the desired way to make it work again.
Unfortunately my setup does not provide this option (using a Unifi Security Gateway as a OpenVPN Server), so I am stuck right now and still looking for a valid workaround (which hopefully is still somehow secure enough for my purposes).
cheers DaDave
i am looking on the exact same issue at the moment. I guess it is related to an update which does not allow the client to use TLS 1.0 anymore as this is deprecated due to security reasons since several years.
Upgrading the OpenVPN version on the server side to allow TLS 1.2 or 1.3 would be the desired way to make it work again.
Unfortunately my setup does not provide this option (using a Unifi Security Gateway as a OpenVPN Server), so I am stuck right now and still looking for a valid workaround (which hopefully is still somehow secure enough for my purposes).
cheers DaDave
-
becm
- OpenVPN User
- Posts: 39
- Joined: Tue Sep 01, 2020 1:27 pm
Re: OpenVPN GUI 2.6.3 TLS Error
See OpenVPN manual regarding tls-version-min:
default in 2.6.0 and later is "1.2"
TLS1.1 may be still fine to a degree, TLS1.0 can be considered broken.
The "red notice" likely refers OpenVPN config file content to be placed in a special BB tag, which sadly is still not followed by most users.
default in 2.6.0 and later is "1.2"
TLS1.1 may be still fine to a degree, TLS1.0 can be considered broken.
The "red notice" likely refers OpenVPN config file content to be placed in a special BB tag, which sadly is still not followed by most users.
-
hamzen
- OpenVPN User
- Posts: 20
- Joined: Mon Sep 26, 2011 11:20 pm
Re: OpenVPN GUI 2.6.3 TLS Error
Setting "tls-version-min 1.0" at client config does not help at all with 2.6.3 client.
Still:
OpenSSL: error:0A000102:SSL routines::unsupported protocol
I really do not understand the concept of this.
- Why is it good disabling working protocols on the client side?
- Why should we spend 5 hours of our time for searching solutions without any luck, just because we have upgraded the client from 2.5.2 to 2.6.3 ?
- How is anybody benefit from this?
- Why do You assume we have access to the server?
- And even if we would do, who said it is easy to re-generate, deploy, test, reconfigure and upgrade 100+ clients, and would not consume tens of hours of our time, while I can only sleep 3-4 hours pro day ?
- How should I connect to a new server with SSL3, if I can not connect to the old one at the same time?
- Should I really uninstall the 2.6.3 client within 2 second if an older customer is calling and install back the old client?
IMPOSSIBLE !!!
- Do we really need to forget about OpenVPN for good, and go back to the old "port forward VNC to open internet" method? Because that's what you guys are currently forcing us to do! Why would that be any more "secure" than 4096 bit based SHA256 cipers with SHA1 fingerprint keys + TLS 1.0 generated not even 2 years ago ?????????
Still:
OpenSSL: error:0A000102:SSL routines::unsupported protocol
I really do not understand the concept of this.
- Why is it good disabling working protocols on the client side?
- Why should we spend 5 hours of our time for searching solutions without any luck, just because we have upgraded the client from 2.5.2 to 2.6.3 ?
- How is anybody benefit from this?
- Why do You assume we have access to the server?
- And even if we would do, who said it is easy to re-generate, deploy, test, reconfigure and upgrade 100+ clients, and would not consume tens of hours of our time, while I can only sleep 3-4 hours pro day ?
- How should I connect to a new server with SSL3, if I can not connect to the old one at the same time?
- Should I really uninstall the 2.6.3 client within 2 second if an older customer is calling and install back the old client?
IMPOSSIBLE !!!
- Do we really need to forget about OpenVPN for good, and go back to the old "port forward VNC to open internet" method? Because that's what you guys are currently forcing us to do! Why would that be any more "secure" than 4096 bit based SHA256 cipers with SHA1 fingerprint keys + TLS 1.0 generated not even 2 years ago ?????????
-
becm
- OpenVPN User
- Posts: 39
- Joined: Tue Sep 01, 2020 1:27 pm
Re: OpenVPN GUI 2.6.3 TLS Error
TLS1.0 is broken (NOT "working"), so in the default security level OpenSSL 3 will still reject it.
Disabling broken protocols is to ensure no user data is leaked via only assumed-to-be secure channels.
NOBODY should connect to ANY (secured) server for WHATEVER reasons with anything below TLS1.1!
SHA256 is not a cipher.
SHA1 should not have been used as signature hash for several years by now.
TLS1.0 is NOT a secure protocol.
If the server can not be changed to use an actual secure protocol it's may indeed better to just NOT use it.
Disabling broken protocols is to ensure no user data is leaked via only assumed-to-be secure channels.
NOBODY should connect to ANY (secured) server for WHATEVER reasons with anything below TLS1.1!
SHA256 is not a cipher.
SHA1 should not have been used as signature hash for several years by now.
TLS1.0 is NOT a secure protocol.
If the server can not be changed to use an actual secure protocol it's may indeed better to just NOT use it.