Not able to connect to vpn having tls error

This forum is for admins who are looking to build or expand their OpenVPN setup.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
abhaysap
OpenVpn Newbie
Posts: 1
Joined: Tue Aug 01, 2023 7:44 am

Not able to connect to vpn having tls error

Post by abhaysap » Tue Aug 01, 2023 7:49 am

not able to connect to vpn having tls certificate error and all the configs seems osk
sunny@sunny-XPS-15-9510:~$ tail -f /var/log/syslog
2023-08-01T13:05:47.616949+05:30 sunny-XPS-15-9510 systemd[1]: Starting NetworkManager-dispatcher.service - Network Manager Script Dispatcher Service...
2023-08-01T13:05:47.619872+05:30 sunny-XPS-15-9510 dbus-daemon[1144]: [system] Successfully activated service 'org.freedesktop.nm_dispatcher'
2023-08-01T13:05:47.619993+05:30 sunny-XPS-15-9510 systemd[1]: Started NetworkManager-dispatcher.service - Network Manager Script Dispatcher Service.
2023-08-01T13:05:47.621243+05:30 sunny-XPS-15-9510 nm-openvpn[5813]: event_wait : Interrupted system call (fd=-1,code=4)
2023-08-01T13:05:47.621297+05:30 sunny-XPS-15-9510 nm-openvpn[5813]: SIGTERM[hard,] received, process exiting
2023-08-01T13:05:47.740590+05:30 sunny-XPS-15-9510 kernel: [ 1185.355463] audit: type=1400 audit(1690875347.736:325): apparmor="DENIED" operation="open" class="file" profile="snap.skype.skype" name="/sys/devices/virtual/net/lo/speed" pid=3503 comm="skypeforlinux" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
2023-08-01T13:05:47.740616+05:30 sunny-XPS-15-9510 kernel: [ 1185.355509] audit: type=1400 audit(1690875347.736:326): apparmor="DENIED" operation="open" class="file" profile="snap.skype.skype" name="/sys/devices/pci0000:00/0000:00:14.3/net/wlp0s20f3/speed" pid=3503 comm="skypeforlinux" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
2023-08-01T13:05:47.740620+05:30 sunny-XPS-15-9510 kernel: [ 1185.355562] audit: type=1400 audit(1690875347.736:327): apparmor="DENIED" operation="open" class="file" profile="snap.skype.skype" name="/sys/devices/virtual/net/virbr100/speed" pid=3503 comm="skypeforlinux" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
2023-08-01T13:05:47.740622+05:30 sunny-XPS-15-9510 kernel: [ 1185.355609] audit: type=1400 audit(1690875347.736:328): apparmor="DENIED" operation="open" class="file" profile="snap.skype.skype" name="/sys/devices/virtual/net/virbr0/speed" pid=3503 comm="skypeforlinux" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
2023-08-01T13:05:47.740625+05:30 sunny-XPS-15-9510 kernel: [ 1185.355656] audit: type=1400 audit(1690875347.736:329): apparmor="DENIED" operation="open" class="file" profile="snap.skype.skype" name="/sys/devices/virtual/net/virbr200/speed" pid=3503 comm="skypeforlinux" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
2023-08-01T13:05:53.711486+05:30 sunny-XPS-15-9510 NetworkManager[1230]: <info> [1690875353.7112] vpn[0x55974def22f0,ce6841ad-b9d7-42f6-9c99-38c080543e10,"ng4T-TXL"]: starting openvpn
2023-08-01T13:05:53.711572+05:30 sunny-XPS-15-9510 NetworkManager[1230]: <info> [1690875353.7113] audit: op="connection-activate" uuid="ce6841ad-b9d7-42f6-9c99-38c080543e10" name="ng4T-TXL" pid=2880 uid=1000 result="success"
2023-08-01T13:05:53.725645+05:30 sunny-XPS-15-9510 nm-openvpn[5917]: OpenVPN 2.6.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] [DCO]
2023-08-01T13:05:53.725734+05:30 sunny-XPS-15-9510 nm-openvpn[5917]: library versions: OpenSSL 3.0.9 30 May 2023, LZO 2.10
2023-08-01T13:05:53.725762+05:30 sunny-XPS-15-9510 nm-openvpn[5917]: DCO version: N/A
2023-08-01T13:05:53.725783+05:30 sunny-XPS-15-9510 nm-openvpn[5917]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2023-08-01T13:05:53.751663+05:30 sunny-XPS-15-9510 nm-openvpn[5917]: TCP/UDP: Preserving recently used remote address: [AF_INET]90.187.115.193:1294
2023-08-01T13:05:53.751869+05:30 sunny-XPS-15-9510 nm-openvpn[5917]: UDPv4 link local: (not bound)
2023-08-01T13:05:53.751942+05:30 sunny-XPS-15-9510 nm-openvpn[5917]: UDPv4 link remote: [AF_INET]90.187.115.193:1294
2023-08-01T13:05:53.752011+05:30 sunny-XPS-15-9510 nm-openvpn[5917]: NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
2023-08-01T13:05:55.488671+05:30 sunny-XPS-15-9510 kernel: [ 1193.103732] audit: type=1400 audit(1690875355.484:330): apparmor="DENIED" operation="open" class="file" profile="snap.skype.skype" name="/sys/devices/virtual/net/lo/speed" pid=3503 comm="skypeforlinux" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
2023-08-01T13:05:55.488699+05:30 sunny-XPS-15-9510 kernel: [ 1193.103745] audit: type=1400 audit(1690875355.484:331): apparmor="DENIED" operation="open" class="file" profile="snap.skype.skype" name="/sys/devices/pci0000:00/0000:00:14.3/net/wlp0s20f3/speed" pid=3503 comm="skypeforlinux" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
2023-08-01T13:05:55.488703+05:30 sunny-XPS-15-9510 kernel: [ 1193.103767] audit: type=1400 audit(1690875355.484:332): apparmor="DENIED" operation="open" class="file" profile="snap.skype.skype" name="/sys/devices/virtual/net/virbr100/speed" pid=3503 comm="skypeforlinux" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
2023-08-01T13:05:55.488705+05:30 sunny-XPS-15-9510 kernel: [ 1193.103866] audit: type=1400 audit(1690875355.484:333): apparmor="DENIED" operation="open" class="file" profile="snap.skype.skype" name="/sys/devices/virtual/net/virbr0/speed" pid=3503 comm="skypeforlinux" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
2023-08-01T13:05:55.488707+05:30 sunny-XPS-15-9510 kernel: [ 1193.103877] audit: type=1400 audit(1690875355.484:334): apparmor="DENIED" operation="open" class="file" profile="snap.skype.skype" name="/sys/devices/virtual/net/virbr200/speed" pid=3503 comm="skypeforlinux" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
2023-08-01T13:05:57.652142+05:30 sunny-XPS-15-9510 systemd[1]: NetworkManager-dispatcher.service: Deactivated successfully.
2023-08-01T13:06:42.188655+05:30 sunny-XPS-15-9510 kernel: [ 1239.803625] audit: type=1326 audit(1690875402.183:335): auid=4294967295 uid=1000 gid=1000 ses=4294967295 subj=snap.brave.brave pid=5937 comm="brave" exe="/snap/brave/254/opt/brave.com/brave/brave" sig=0 arch=c000003e syscall=330 compat=0 ip=0x7f5629aa811b code=0x50000
2023-08-01T13:06:53.065594+05:30 sunny-XPS-15-9510 nm-openvpn[5917]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2023-08-01T13:06:53.066294+05:30 sunny-XPS-15-9510 nm-openvpn[5917]: TLS Error: TLS handshake failed
2023-08-01T13:06:53.066386+05:30 sunny-XPS-15-9510 nm-openvpn[5917]: SIGUSR1[soft,tls-error] received, process restarting
2023-08-01T13:06:53.683947+05:30 sunny-XPS-15-9510 NetworkManager[1230]: <warn> [1690875413.6832] vpn[0x55974def22f0,ce6841ad-b9d7-42f6-9c99-38c080543e10,"ng4T-TXL"]: connect timeout exceeded
2023-08-01T13:06:53.685638+05:30 sunny-XPS-15-9510 nm-openvpn-serv[5912]: Connect timer expired, disconnecting.
2023-08-01T13:06:53.685825+05:30 sunny-XPS-15-9510 nm-openvpn[5917]: SIGTERM[hard,init_instance] received, process exiting
2023-08-01T13:08:17.456675+05:30 sunny-XPS-15-9510 kernel: [ 1335.074278] audit: type=1326 audit(1690875497.449:336): auid=4294967295 uid=1000 gid=1000 ses=4294967295 subj=snap.brave.brave pid=5975 comm="brave" exe="/snap/brave/254/opt/brave.com/brave/brave" sig=0 arch=c000003e syscall=330 compat=0 ip=0x7f5629aa811b code=0x50000
2023-08-01T13:08:55.156646+05:30 sunny-XPS-15-9510 kernel: [ 1372.776182] audit: type=1400 audit(1690875535.149:337): apparmor="DENIED" operation="open" class="file" profile="snap.brave.brave" name="/proc/pressure/cpu" pid=5041 comm="ThreadPoolForeg" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
2023-08-01T13:08:55.156676+05:30 sunny-XPS-15-9510 kernel: [ 1372.776200] audit: type=1400 audit(1690875535.149:338): apparmor="DENIED" operation="open" class="file" profile="snap.brave.brave" name="/proc/pressure/io" pid=5041 comm="ThreadPoolForeg" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
2023-08-01T13:08:55.156680+05:30 sunny-XPS-15-9510 kernel: [ 1372.776204] audit: type=1400 audit(1690875535.149:339): apparmor="DENIED" operation="open" class="file" profile="snap.brave.brave" name="/proc/pressure/memory" pid=5041 comm="ThreadPoolForeg" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
2023-08-01T13:09:58.960635+05:30 sunny-XPS-15-9510 kernel: [ 1436.579146] audit: type=1326 audit(1690875598.953:340): auid=4294967295 uid=1000 gid=1000 ses=4294967295 subj=snap.brave.brave pid=6003 comm="brave" exe="/snap/brave/254/opt/brave.com/brave/brave" sig=0 arch=c000003e syscall=330 compat=0 ip=0x7f5629aa811b code=0x50000


sunny@sunny-XPS-15-9510:~/Documents/security/openvpn/ng4T-TXL$ sudo openvpn --config OPNsense_OVPN_Srv_UDP_1294_abhays.ovpn
[sudo] password for sunny:
Sorry, try again.
[sudo] password for sunny:
2023-08-01 13:17:40 us=134477 Note: cipher 'AES-256-CBC' in --data-ciphers is not supported by ovpn-dco, disabling data channel offload.
2023-08-01 13:17:40 us=134501 Current Parameter Settings:
2023-08-01 13:17:40 us=134503 config = 'OPNsense_OVPN_Srv_UDP_1294_abhays.ovpn'
2023-08-01 13:17:40 us=134506 mode = 0
2023-08-01 13:17:40 us=134508 persist_config = DISABLED
2023-08-01 13:17:40 us=134510 persist_mode = 1
2023-08-01 13:17:40 us=134511 show_ciphers = DISABLED
2023-08-01 13:17:40 us=134513 show_digests = DISABLED
2023-08-01 13:17:40 us=134515 show_engines = DISABLED
2023-08-01 13:17:40 us=134517 genkey = DISABLED
2023-08-01 13:17:40 us=134519 genkey_filename = '[UNDEF]'
2023-08-01 13:17:40 us=134521 key_pass_file = '[UNDEF]'
2023-08-01 13:17:40 us=134523 show_tls_ciphers = DISABLED
2023-08-01 13:17:40 us=134525 connect_retry_max = 0
2023-08-01 13:17:40 us=134527 Connection profiles [0]:
2023-08-01 13:17:40 us=134529 proto = udp
2023-08-01 13:17:40 us=134531 local = '[UNDEF]'
2023-08-01 13:17:40 us=134533 local_port = '0'
2023-08-01 13:17:40 us=134535 remote = 'ng4t-dmz.selfhost.pro'
2023-08-01 13:17:40 us=134537 remote_port = '1294'
2023-08-01 13:17:40 us=134539 remote_float = DISABLED
2023-08-01 13:17:40 us=134540 bind_defined = DISABLED
2023-08-01 13:17:40 us=134542 bind_local = ENABLED
2023-08-01 13:17:40 us=134544 bind_ipv6_only = DISABLED
2023-08-01 13:17:40 us=134546 connect_retry_seconds = 1
2023-08-01 13:17:40 us=134548 connect_timeout = 120
2023-08-01 13:17:40 us=134551 socks_proxy_server = '[UNDEF]'
2023-08-01 13:17:40 us=134553 socks_proxy_port = '[UNDEF]'
2023-08-01 13:17:40 us=134555 tun_mtu = 1500
2023-08-01 13:17:40 us=134558 tun_mtu_defined = ENABLED
2023-08-01 13:17:40 us=134561 link_mtu = 1500
2023-08-01 13:17:40 us=134563 link_mtu_defined = DISABLED
2023-08-01 13:17:40 us=134566 tun_mtu_extra = 0
2023-08-01 13:17:40 us=134568 tun_mtu_extra_defined = DISABLED
2023-08-01 13:17:40 us=134571 tls_mtu = 1250
2023-08-01 13:17:40 us=134573 mtu_discover_type = -1
2023-08-01 13:17:40 us=134575 fragment = 0
2023-08-01 13:17:40 us=134577 mssfix = 1492
2023-08-01 13:17:40 us=134580 mssfix_encap = ENABLED
2023-08-01 13:17:40 us=134582 mssfix_fixed = DISABLED
2023-08-01 13:17:40 us=134584 explicit_exit_notification = 0
2023-08-01 13:17:40 us=134587 tls_auth_file = '[INLINE]'
2023-08-01 13:17:40 us=134589 key_direction = 1
2023-08-01 13:17:40 us=134591 tls_crypt_file = '[UNDEF]'
2023-08-01 13:17:40 us=134594 tls_crypt_v2_file = '[UNDEF]'
2023-08-01 13:17:40 us=134596 Connection profiles END
2023-08-01 13:17:40 us=134599 remote_random = DISABLED
2023-08-01 13:17:40 us=134601 ipchange = '[UNDEF]'
2023-08-01 13:17:40 us=134603 dev = 'tun'
2023-08-01 13:17:40 us=134606 dev_type = '[UNDEF]'
2023-08-01 13:17:40 us=134608 dev_node = '[UNDEF]'
2023-08-01 13:17:40 us=134610 tuntap_options.disable_dco = ENABLED
2023-08-01 13:17:40 us=134612 lladdr = '[UNDEF]'
2023-08-01 13:17:40 us=134620 topology = 1
2023-08-01 13:17:40 us=134621 ifconfig_local = '[UNDEF]'
2023-08-01 13:17:40 us=134624 ifconfig_remote_netmask = '[UNDEF]'
2023-08-01 13:17:40 us=134626 ifconfig_noexec = DISABLED
2023-08-01 13:17:40 us=134628 ifconfig_nowarn = DISABLED
2023-08-01 13:17:40 us=134631 ifconfig_ipv6_local = '[UNDEF]'
2023-08-01 13:17:40 us=134633 ifconfig_ipv6_netbits = 0
2023-08-01 13:17:40 us=134635 ifconfig_ipv6_remote = '[UNDEF]'
2023-08-01 13:17:40 us=134638 shaper = 0
2023-08-01 13:17:40 us=134640 mtu_test = 0
2023-08-01 13:17:40 us=134642 mlock = DISABLED
2023-08-01 13:17:40 us=134645 keepalive_ping = 0
2023-08-01 13:17:40 us=134647 keepalive_timeout = 0
2023-08-01 13:17:40 us=134650 inactivity_timeout = 0
2023-08-01 13:17:40 us=134652 session_timeout = 0
2023-08-01 13:17:40 us=134654 inactivity_minimum_bytes = 0
2023-08-01 13:17:40 us=134657 ping_send_timeout = 0
2023-08-01 13:17:40 us=134659 ping_rec_timeout = 0
2023-08-01 13:17:40 us=134661 ping_rec_timeout_action = 0
2023-08-01 13:17:40 us=134664 ping_timer_remote = DISABLED
2023-08-01 13:17:40 us=134666 remap_sigusr1 = 0
2023-08-01 13:17:40 us=134668 persist_tun = ENABLED
2023-08-01 13:17:40 us=134670 persist_local_ip = DISABLED
2023-08-01 13:17:40 us=134673 persist_remote_ip = DISABLED
2023-08-01 13:17:40 us=134675 persist_key = ENABLED
2023-08-01 13:17:40 us=134678 passtos = DISABLED
2023-08-01 13:17:40 us=134680 resolve_retry_seconds = 1000000000
2023-08-01 13:17:40 us=134682 resolve_in_advance = DISABLED
2023-08-01 13:17:40 us=134685 username = '[UNDEF]'
2023-08-01 13:17:40 us=134687 groupname = '[UNDEF]'
2023-08-01 13:17:40 us=134689 chroot_dir = '[UNDEF]'
2023-08-01 13:17:40 us=134692 cd_dir = '[UNDEF]'
2023-08-01 13:17:40 us=134694 writepid = '[UNDEF]'
2023-08-01 13:17:40 us=134697 up_script = '[UNDEF]'
2023-08-01 13:17:40 us=134699 down_script = '[UNDEF]'
2023-08-01 13:17:40 us=134701 down_pre = DISABLED
2023-08-01 13:17:40 us=134704 up_restart = DISABLED
2023-08-01 13:17:40 us=134706 up_delay = DISABLED
2023-08-01 13:17:40 us=134708 daemon = DISABLED
2023-08-01 13:17:40 us=134710 log = DISABLED
2023-08-01 13:17:40 us=134713 suppress_timestamps = DISABLED
2023-08-01 13:17:40 us=134716 machine_readable_output = DISABLED
2023-08-01 13:17:40 us=134718 nice = 0
2023-08-01 13:17:40 us=134739 verbosity = 4
2023-08-01 13:17:40 us=134741 mute = 0
2023-08-01 13:17:40 us=134744 gremlin = 0
2023-08-01 13:17:40 us=134746 status_file = '[UNDEF]'
2023-08-01 13:17:40 us=134749 status_file_version = 1
2023-08-01 13:17:40 us=134752 status_file_update_freq = 60
2023-08-01 13:17:40 us=134754 occ = ENABLED
2023-08-01 13:17:40 us=134757 rcvbuf = 0
2023-08-01 13:17:40 us=134759 sndbuf = 0
2023-08-01 13:17:40 us=134762 mark = 0
2023-08-01 13:17:40 us=134764 sockflags = 0
2023-08-01 13:17:40 us=134767 fast_io = DISABLED
2023-08-01 13:17:40 us=134769 comp.alg = 0
2023-08-01 13:17:40 us=134772 comp.flags = 24
2023-08-01 13:17:40 us=134774 route_script = '[UNDEF]'
2023-08-01 13:17:40 us=134779 route_default_gateway = '[UNDEF]'
2023-08-01 13:17:40 us=134781 route_default_metric = 0
2023-08-01 13:17:40 us=134784 route_noexec = DISABLED
2023-08-01 13:17:40 us=134786 route_delay = 0
2023-08-01 13:17:40 us=134789 route_delay_window = 30
2023-08-01 13:17:40 us=134791 route_delay_defined = DISABLED
2023-08-01 13:17:40 us=134794 route_nopull = DISABLED
2023-08-01 13:17:40 us=134796 route_gateway_via_dhcp = DISABLED
2023-08-01 13:17:40 us=134799 allow_pull_fqdn = DISABLED
2023-08-01 13:17:40 us=134802 management_addr = '[UNDEF]'
2023-08-01 13:17:40 us=134804 management_port = '[UNDEF]'
2023-08-01 13:17:40 us=134806 management_user_pass = '[UNDEF]'
2023-08-01 13:17:40 us=134809 management_log_history_cache = 250
2023-08-01 13:17:40 us=134811 management_echo_buffer_size = 100
2023-08-01 13:17:40 us=134814 management_client_user = '[UNDEF]'
2023-08-01 13:17:40 us=134816 management_client_group = '[UNDEF]'
2023-08-01 13:17:40 us=134819 management_flags = 0
2023-08-01 13:17:40 us=134821 shared_secret_file = '[UNDEF]'
2023-08-01 13:17:40 us=134832 key_direction = 1
2023-08-01 13:17:40 us=134835 ciphername = 'AES-256-CBC'
2023-08-01 13:17:40 us=134837 ncp_ciphers = 'AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:AES-256-CBC'
2023-08-01 13:17:40 us=134839 authname = 'SHA512'
2023-08-01 13:17:40 us=134842 engine = DISABLED
2023-08-01 13:17:40 us=134844 replay = ENABLED
2023-08-01 13:17:40 us=134848 mute_replay_warnings = DISABLED
2023-08-01 13:17:40 us=134868 replay_window = 64
2023-08-01 13:17:40 us=134871 replay_time = 15
2023-08-01 13:17:40 us=134873 packet_id_file = '[UNDEF]'
2023-08-01 13:17:40 us=134876 test_crypto = DISABLED
2023-08-01 13:17:40 us=134879 tls_server = DISABLED
2023-08-01 13:17:40 us=134881 tls_client = ENABLED
2023-08-01 13:17:40 us=134884 ca_file = '[INLINE]'
2023-08-01 13:17:40 us=134887 ca_path = '[UNDEF]'
2023-08-01 13:17:40 us=134889 dh_file = '[UNDEF]'
2023-08-01 13:17:40 us=134892 cert_file = '[INLINE]'
2023-08-01 13:17:40 us=134894 extra_certs_file = '[UNDEF]'
2023-08-01 13:17:40 us=134897 priv_key_file = '[INLINE]'
2023-08-01 13:17:40 us=134899 pkcs12_file = '[UNDEF]'
2023-08-01 13:17:40 us=134902 cipher_list = '[UNDEF]'
2023-08-01 13:17:40 us=134904 cipher_list_tls13 = '[UNDEF]'
2023-08-01 13:17:40 us=134907 tls_cert_profile = '[UNDEF]'
2023-08-01 13:17:40 us=134909 tls_verify = '[UNDEF]'
2023-08-01 13:17:40 us=134912 tls_export_cert = '[UNDEF]'
2023-08-01 13:17:40 us=134914 verify_x509_type = 1
2023-08-01 13:17:40 us=134922 verify_x509_name = 'C=DE, ST=Berlin, L=Berlin, O=ng4T GmbH, emailAddress=admin@ng4t.com, CN=OPNsense-SrvCert-ng4T'
2023-08-01 13:17:40 us=134926 crl_file = '[UNDEF]'
2023-08-01 13:17:40 us=134929 ns_cert_type = 0
2023-08-01 13:17:40 us=134931 remote_cert_ku = 65535
2023-08-01 13:17:40 us=134933 remote_cert_ku = 0
2023-08-01 13:17:40 us=134936 remote_cert_ku = 0
2023-08-01 13:17:40 us=134939 remote_cert_ku = 0
2023-08-01 13:17:40 us=134947 remote_cert_ku = 0
2023-08-01 13:17:40 us=134950 remote_cert_ku = 0
2023-08-01 13:17:40 us=134952 remote_cert_ku = 0
2023-08-01 13:17:40 us=134954 remote_cert_ku = 0
2023-08-01 13:17:40 us=134956 remote_cert_ku = 0
2023-08-01 13:17:40 us=134958 remote_cert_ku = 0
2023-08-01 13:17:40 us=134960 remote_cert_ku[i] = 0
2023-08-01 13:17:40 us=134963 remote_cert_ku[i] = 0
2023-08-01 13:17:40 us=134965 remote_cert_ku[i] = 0
2023-08-01 13:17:40 us=134968 remote_cert_ku[i] = 0
2023-08-01 13:17:40 us=134970 remote_cert_ku[i] = 0
2023-08-01 13:17:40 us=134972 remote_cert_ku[i] = 0
2023-08-01 13:17:40 us=134975 remote_cert_eku = 'TLS Web Server Authentication'
2023-08-01 13:17:40 us=134978 ssl_flags = 192
2023-08-01 13:17:40 us=134980 tls_timeout = 2
2023-08-01 13:17:40 us=134982 renegotiate_bytes = -1
2023-08-01 13:17:40 us=134985 renegotiate_packets = 0
2023-08-01 13:17:40 us=134988 renegotiate_seconds = 3600
2023-08-01 13:17:40 us=134990 handshake_window = 60
2023-08-01 13:17:40 us=134993 transition_window = 3600
2023-08-01 13:17:40 us=134995 single_session = DISABLED
2023-08-01 13:17:40 us=134998 push_peer_info = DISABLED
2023-08-01 13:17:40 us=135002 tls_exit = DISABLED
2023-08-01 13:17:40 us=135005 tls_crypt_v2_metadata = '[UNDEF]'
2023-08-01 13:17:40 us=135009 pkcs11_protected_authentication = DISABLED
2023-08-01 13:17:40 us=135012 pkcs11_protected_authentication = DISABLED
2023-08-01 13:17:40 us=135014 pkcs11_protected_authentication = DISABLED
2023-08-01 13:17:40 us=135018 pkcs11_protected_authentication = DISABLED
2023-08-01 13:17:40 us=135020 pkcs11_protected_authentication = DISABLED
2023-08-01 13:17:40 us=135028 pkcs11_protected_authentication = DISABLED
2023-08-01 13:17:40 us=135032 pkcs11_protected_authentication = DISABLED
2023-08-01 13:17:40 us=135034 pkcs11_protected_authentication = DISABLED
2023-08-01 13:17:40 us=135036 pkcs11_protected_authentication = DISABLED
2023-08-01 13:17:40 us=135039 pkcs11_protected_authentication = DISABLED
2023-08-01 13:17:40 us=135041 pkcs11_protected_authentication = DISABLED
2023-08-01 13:17:40 us=135044 pkcs11_protected_authentication = DISABLED
2023-08-01 13:17:40 us=135046 pkcs11_protected_authentication = DISABLED
2023-08-01 13:17:40 us=135048 pkcs11_protected_authentication = DISABLED
2023-08-01 13:17:40 us=135051 pkcs11_protected_authentication = DISABLED
2023-08-01 13:17:40 us=135053 pkcs11_protected_authentication = DISABLED
2023-08-01 13:17:40 us=135056 pkcs11_private_mode = 00000000
2023-08-01 13:17:40 us=135059 pkcs11_private_mode = 00000000
2023-08-01 13:17:40 us=135061 pkcs11_private_mode = 00000000
2023-08-01 13:17:40 us=135065 pkcs11_private_mode = 00000000
2023-08-01 13:17:40 us=135067 pkcs11_private_mode = 00000000
2023-08-01 13:17:40 us=135070 pkcs11_private_mode = 00000000
2023-08-01 13:17:40 us=135072 pkcs11_private_mode = 00000000
2023-08-01 13:17:40 us=135074 pkcs11_private_mode = 00000000
2023-08-01 13:17:40 us=135077 pkcs11_private_mode = 00000000
2023-08-01 13:17:40 us=135079 pkcs11_private_mode = 00000000
2023-08-01 13:17:40 us=135082 pkcs11_private_mode = 00000000
2023-08-01 13:17:40 us=135084 pkcs11_private_mode = 00000000
2023-08-01 13:17:40 us=135087 pkcs11_private_mode = 00000000
2023-08-01 13:17:40 us=135089 pkcs11_private_mode = 00000000
2023-08-01 13:17:40 us=135092 pkcs11_private_mode = 00000000
2023-08-01 13:17:40 us=135094 pkcs11_private_mode = 00000000
2023-08-01 13:17:40 us=135097 pkcs11_cert_private = DISABLED
2023-08-01 13:17:40 us=135099 pkcs11_cert_private = DISABLED
2023-08-01 13:17:40 us=135102 pkcs11_cert_private = DISABLED
2023-08-01 13:17:40 us=135104 pkcs11_cert_private = DISABLED
2023-08-01 13:17:40 us=135107 pkcs11_cert_private = DISABLED
2023-08-01 13:17:40 us=135109 pkcs11_cert_private = DISABLED
2023-08-01 13:17:40 us=135111 pkcs11_cert_private = DISABLED
2023-08-01 13:17:40 us=135113 pkcs11_cert_private = DISABLED
2023-08-01 13:17:40 us=135116 pkcs11_cert_private = DISABLED
2023-08-01 13:17:40 us=135118 pkcs11_cert_private = DISABLED
2023-08-01 13:17:40 us=135121 pkcs11_cert_private = DISABLED
2023-08-01 13:17:40 us=135123 pkcs11_cert_private = DISABLED
2023-08-01 13:17:40 us=135125 pkcs11_cert_private = DISABLED
2023-08-01 13:17:40 us=135128 pkcs11_cert_private = DISABLED
2023-08-01 13:17:40 us=135131 pkcs11_cert_private = DISABLED
2023-08-01 13:17:40 us=135133 pkcs11_cert_private = DISABLED
2023-08-01 13:17:40 us=135135 pkcs11_pin_cache_period = -1
2023-08-01 13:17:40 us=135138 pkcs11_id = '[UNDEF]'
2023-08-01 13:17:40 us=135140 pkcs11_id_management = DISABLED
2023-08-01 13:17:40 us=135143 server_network = 0.0.0.0
2023-08-01 13:17:40 us=135145 server_netmask = 0.0.0.0
2023-08-01 13:17:40 us=135152 server_network_ipv6 = ::
2023-08-01 13:17:40 us=135155 server_netbits_ipv6 = 0
2023-08-01 13:17:40 us=135158 server_bridge_ip = 0.0.0.0
2023-08-01 13:17:40 us=135160 server_bridge_netmask = 0.0.0.0
2023-08-01 13:17:40 us=135163 server_bridge_pool_start = 0.0.0.0
2023-08-01 13:17:40 us=135166 server_bridge_pool_end = 0.0.0.0
2023-08-01 13:17:40 us=135168 ifconfig_pool_defined = DISABLED
2023-08-01 13:17:40 us=135171 ifconfig_pool_start = 0.0.0.0
2023-08-01 13:17:40 us=135174 ifconfig_pool_end = 0.0.0.0
2023-08-01 13:17:40 us=135177 ifconfig_pool_netmask = 0.0.0.0
2023-08-01 13:17:40 us=135179 ifconfig_pool_persist_filename = '[UNDEF]'
2023-08-01 13:17:40 us=135182 ifconfig_pool_persist_refresh_freq = 600
2023-08-01 13:17:40 us=135185 ifconfig_ipv6_pool_defined = DISABLED
2023-08-01 13:17:40 us=135187 ifconfig_ipv6_pool_base = ::
2023-08-01 13:17:40 us=135190 ifconfig_ipv6_pool_netbits = 0
2023-08-01 13:17:40 us=135192 n_bcast_buf = 256
2023-08-01 13:17:40 us=135195 tcp_queue_limit = 64
2023-08-01 13:17:40 us=135197 real_hash_size = 256
2023-08-01 13:17:40 us=135200 virtual_hash_size = 256
2023-08-01 13:17:40 us=135203 client_connect_script = '[UNDEF]'
2023-08-01 13:17:40 us=135205 learn_address_script = '[UNDEF]'
2023-08-01 13:17:40 us=135207 client_disconnect_script = '[UNDEF]'
2023-08-01 13:17:40 us=135210 client_crresponse_script = '[UNDEF]'
2023-08-01 13:17:40 us=135212 client_config_dir = '[UNDEF]'
2023-08-01 13:17:40 us=135215 ccd_exclusive = DISABLED
2023-08-01 13:17:40 us=135217 tmp_dir = '/tmp'
2023-08-01 13:17:40 us=135220 push_ifconfig_defined = DISABLED
2023-08-01 13:17:40 us=135223 push_ifconfig_local = 0.0.0.0
2023-08-01 13:17:40 us=135225 push_ifconfig_remote_netmask = 0.0.0.0
2023-08-01 13:17:40 us=135228 push_ifconfig_ipv6_defined = DISABLED
2023-08-01 13:17:40 us=135230 push_ifconfig_ipv6_local = ::/0
2023-08-01 13:17:40 us=135233 push_ifconfig_ipv6_remote = ::
2023-08-01 13:17:40 us=135235 enable_c2c = DISABLED
2023-08-01 13:17:40 us=135238 duplicate_cn = DISABLED
2023-08-01 13:17:40 us=135240 cf_max = 0
2023-08-01 13:17:40 us=135243 cf_per = 0
2023-08-01 13:17:40 us=135245 cf_initial_max = 100
2023-08-01 13:17:40 us=135248 cf_initial_per = 10
2023-08-01 13:17:40 us=135250 max_clients = 1024
2023-08-01 13:17:40 us=135252 max_routes_per_client = 256
2023-08-01 13:17:40 us=135255 auth_user_pass_verify_script = '[UNDEF]'
2023-08-01 13:17:40 us=135257 auth_user_pass_verify_script_via_file = DISABLED
2023-08-01 13:17:40 us=135260 auth_token_generate = DISABLED
2023-08-01 13:17:40 us=135262 auth_token_lifetime = 0
2023-08-01 13:17:40 us=135264 auth_token_secret_file = '[UNDEF]'
2023-08-01 13:17:40 us=135267 port_share_host = '[UNDEF]'
2023-08-01 13:17:40 us=135269 port_share_port = '[UNDEF]'
2023-08-01 13:17:40 us=135272 vlan_tagging = DISABLED
2023-08-01 13:17:40 us=135275 vlan_accept = all
2023-08-01 13:17:40 us=135277 vlan_pvid = 1
2023-08-01 13:17:40 us=135280 client = ENABLED
2023-08-01 13:17:40 us=135282 pull = ENABLED
2023-08-01 13:17:40 us=135285 auth_user_pass_file = '[UNDEF]'
2023-08-01 13:17:40 us=135288 OpenVPN 2.6.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] [DCO]
2023-08-01 13:17:40 us=135293 library versions: OpenSSL 3.0.9 30 May 2023, LZO 2.10
2023-08-01 13:17:40 us=135299 DCO version: N/A
2023-08-01 13:17:40 us=136428 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2023-08-01 13:17:40 us=136445 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2023-08-01 13:17:40 us=136490 Control Channel MTU parms [ mss_fix:0 max_frag:0 tun_mtu:1250 tun_max_mtu:0 headroom:126 payload:1600 tailroom:126 ET:0 ]
2023-08-01 13:17:40 us=330405 Data Channel MTU parms [ mss_fix:0 max_frag:0 tun_mtu:1500 tun_max_mtu:1600 headroom:136 payload:1768 tailroom:562 ET:0 ]
2023-08-01 13:17:40 us=330561 TCP/UDP: Preserving recently used remote address: [AF_INET]90.187.115.193:1294
2023-08-01 13:17:40 us=330611 Socket Buffers: R=[212992->212992] S=[212992->212992]
2023-08-01 13:17:40 us=330639 UDPv4 link local (bound): [AF_INET][undef]:0
2023-08-01 13:17:40 us=330651 UDPv4 link remote: [AF_INET]90.187.115.193:1294
2023-08-01 13:17:40 us=507835 TLS: Initial packet from [AF_INET]90.187.115.193:1294, sid=9b8ebf5a 2835e05b
2023-08-01 13:17:40 us=691798 VERIFY OK: depth=1, C=DE, ST=Berlin, L=Berlin, O=ng4T GmbH, emailAddress=admin@ng4t.com, CN=OPNsense-CA-ng4T
2023-08-01 13:17:40 us=692166 VERIFY KU OK
2023-08-01 13:17:40 us=692189 Validating certificate extended key usage
2023-08-01 13:17:40 us=692199 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2023-08-01 13:17:40 us=692208 VERIFY EKU OK
2023-08-01 13:17:40 us=692216 VERIFY X509NAME OK: C=DE, ST=Berlin, L=Berlin, O=ng4T GmbH, emailAddress=admin@ng4t.com, CN=OPNsense-SrvCert-ng4T
2023-08-01 13:17:40 us=692225 VERIFY OK: depth=0, C=DE, ST=Berlin, L=Berlin, O=ng4T GmbH, emailAddress=admin@ng4t.com, CN=OPNsense-SrvCert-ng4T
2023-08-01 13:17:40 us=950836 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256
2023-08-01 13:17:40 us=950918 [OPNsense-SrvCert-ng4T] Peer Connection Initiated with [AF_INET]90.187.115.193:1294
2023-08-01 13:17:40 us=950949 TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1
2023-08-01 13:17:40 us=951033 TLS: tls_multi_process: initial untrusted session promoted to trusted
2023-08-01 13:17:41 us=207932 SENT CONTROL [OPNsense-SrvCert-ng4T]: 'PUSH_REQUEST' (status=1)
2023-08-01 13:17:41 us=208049 PUSH: Received control message: 'PUSH_REPLY,route 172.28.0.0 255.255.0.0,route 192.168.248.0 255.255.255.0,route 192.168.97.0 255.255.255.0,route 10.0.0.0 255.0.0.0,dhcp-option DOMAIN ng4t.loc,dhcp-option DOMAIN-SEARCH ng4t.loc,dhcp-option DOMAIN-SEARCH ds.jdsu.net,dhcp-option DOMAIN-SEARCH aeroflex.corp,dhcp-option DNS 172.28.0.251,dhcp-option DNS 9.9.9.9,dhcp-option DNS 192.168.99.1,dhcp-option DNS 8.8.8.8,dhcp-option NTP 192.168.248.1,dhcp-option NTP 130.149.4.18,route 192.168.99.0 255.255.255.0,topology net30,ping 10,ping-restart 60,ifconfig 192.168.99.22 192.168.99.21,peer-id 6,cipher AES-256-GCM'
2023-08-01 13:17:41 us=208267 OPTIONS IMPORT: --ifconfig/up options modified
2023-08-01 13:17:41 us=208288 OPTIONS IMPORT: route options modified
2023-08-01 13:17:41 us=208302 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2023-08-01 13:17:41 us=208337 net_route_v4_best_gw query: dst 0.0.0.0
2023-08-01 13:17:41 us=208482 net_route_v4_best_gw result: via 192.168.0.1 dev wlp0s20f3
2023-08-01 13:17:41 us=208553 ROUTE_GATEWAY 192.168.0.1/255.255.255.0 IFACE=wlp0s20f3 HWADDR=c4:23:60:a0:76:ed
2023-08-01 13:17:41 us=209030 TUN/TAP device tun0 opened
2023-08-01 13:17:41 us=209054 do_ifconfig, ipv4=1, ipv6=0
2023-08-01 13:17:41 us=209092 net_iface_mtu_set: mtu 1500 for tun0
2023-08-01 13:17:41 us=209160 net_iface_up: set tun0 up
2023-08-01 13:17:41 us=209656 net_addr_ptp_v4_add: 192.168.99.22 peer 192.168.99.21 dev tun0
2023-08-01 13:17:41 us=209935 net_route_v4_add: 172.28.0.0/16 via 192.168.99.21 dev [NULL] table 0 metric -1
2023-08-01 13:17:41 us=210088 net_route_v4_add: 192.168.248.0/24 via 192.168.99.21 dev [NULL] table 0 metric -1
2023-08-01 13:17:41 us=210172 net_route_v4_add: 192.168.97.0/24 via 192.168.99.21 dev [NULL] table 0 metric -1
2023-08-01 13:17:41 us=210366 net_route_v4_add: 10.0.0.0/8 via 192.168.99.21 dev [NULL] table 0 metric -1
2023-08-01 13:17:41 us=210573 net_route_v4_add: 192.168.99.0/24 via 192.168.99.21 dev [NULL] table 0 metric -1
2023-08-01 13:17:41 us=210785 Data Channel MTU parms [ mss_fix:1400 max_frag:0 tun_mtu:1500 tun_max_mtu:1600 headroom:136 payload:1768 tailroom:562 ET:0 ]
2023-08-01 13:17:41 us=211295 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2023-08-01 13:17:41 us=211344 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2023-08-01 13:17:41 us=211380 Initialization Sequence Completed
2023-08-01 13:17:41 us=211406 Data Channel: cipher 'AES-256-GCM', peer-id: 6
2023-08-01 13:17:41 us=211425 Timers: ping 10, ping-restart 60


network:
version: 2
nm-devices:
NM-ce6841ad-b9d7-42f6-9c99-38c080543e10:
renderer: NetworkManager
networkmanager:
uuid: "ce6841ad-b9d7-42f6-9c99-38c080543e10"
name: "ng4T-TXL"
passthrough:
connection.type: "vpn"
connection.autoconnect: "false"
vpn.allow-compression: "no"
vpn.auth: "SHA512"
vpn.ca: "/home/sunny/.cert/nm-openvpn/OPNsense_OVPN_Srv_UDP_1294_abhays-ca.pem"
vpn.cert: "/home/sunny/.cert/nm-openvpn/OPNsense_OVPN_Srv_UDP_1294_abhays-cert.pem"
vpn.cert-pass-flags: "0"
vpn.cipher: "AES-256-CBC"
vpn.connection-type: "tls"
vpn.dev: "tun"
vpn.dev-type: "tun"
vpn.key: "/home/sunny/.cert/nm-openvpn/OPNsense_OVPN_Srv_UDP_1294_abhays-key.pem"
vpn.remote: "ng4t-dmz.selfhost.pro:1294:udp"
vpn.remote-cert-tls: "server"
vpn.ta: "/home/sunny/.cert/nm-openvpn/OPNsense_OVPN_Srv_UDP_1294_abhays-tls-auth.pem"
vpn.verify-x509-name: "subject:C=DE, ST=Berlin, L=Berlin, O=ng4T GmbH, emailaddress=admin@ng4t.com,
CN=OPNsense-SrvCert-ng4T"
vpn.service-type: "org.freedesktop.NetworkManager.openvpn"
ipv4.method: "auto"
ipv6.addr-gen-mode: "stable-privacy"
ipv6.method: "auto"
proxy.method: "1"
~
~
Top
Post Reply

Return to “Server Administration”