Access to client local internet and vpn server local network

[bnmdmbrk]

When I connect to openvpn, I want to be able to access the devices in the openvpn local network and use my local internet. But I can only access local internet and openvpn server machine. Can't access devices in local network of openvpn server. I couldn't find where the problem is.

View OriginalServer.conf

1

2

3

local 13.131.31.36

4

5

port 35984

6

7

proto udp

8

9

dev tun

10

11

ca ca.crt

12

13

cert server.crt

14

15

key server.key

16

17

dh dh.pem

18

19

auth SHA512

20

21

tls-crypt tc.key

22

23

topology subnet

24

25

server 13.131.32.0 255.255.255.0

26

27

#push "redirect-gateway local"

28

29

#push "redirect-gateway def1 bypass-dhcp"

30

31

push "dhcp-option DNS 8.8.8.8"

32

33

push "dhcp-option DNS 8.8.4.4"

34

35

ifconfig-pool-persist ipp.txt

36

37

keepalive 10 120

38

39

data-ciphers AES-256-GCM:AES-256-CBC

40

41

user nobody

42

43

group nogroup

44

45

persist-key

46

47

persist-tun

48

49

verb 3

50

51

crl-verify crl.pem

52

53

explicit-exit-notify

54

55

auth-nocache

56

57

push "route 13.131.31.0 255.255.255.0 13.131.32.1"

58

59

push "route 13.131.30.0 255.255.255.0 13.131.32.1"

60

61

push "client-to-client"

62

1

local 13.131.31.36

2

port 35984

3

proto udp

4

dev tun

5

ca ca.crt

6

cert server.crt

7

key server.key

8

dh dh.pem

9

auth SHA512

10

tls-crypt tc.key

11

topology subnet

12

server 13.131.32.0 255.255.255.0

13

push "dhcp-option DNS 8.8.8.8"

14

push "dhcp-option DNS 8.8.4.4"

15

ifconfig-pool-persist ipp.txt

16

keepalive 10 120

17

data-ciphers AES-256-GCM:AES-256-CBC

18

user nobody

19

group nogroup

20

persist-key

21

persist-tun

22

verb 3

23

crl-verify crl.pem

24

explicit-exit-notify

25

auth-nocache

26

push "route 13.131.31.0 255.255.255.0 13.131.32.1"

27

push "route 13.131.30.0 255.255.255.0 13.131.32.1"

28

push "client-to-client"

View Originalclient.ovpn

1

2

3

client

4

5

dev tun

6

7

proto udp

8

9

remote 13.131.31.36 12345

10

11

resolv-retry infinite

12

13

nobind

14

15

persist-key

16

17

persist-tun

18

19

remote-cert-tls server

20

21

auth SHA512

22

23

cipher AES-256-CBC

24

25

verb 3

26

27

push "route 13.131.30.0 255.255.255.0 13.131.32.1"

28

29

push "route 13.131.31.0 255.255.255.0 13.131.32.1"

30

1

client

2

dev tun

3

proto udp

4

remote 13.131.31.36 12345

5

resolv-retry infinite

6

nobind

7

persist-key

8

persist-tun

9

remote-cert-tls server

10

auth SHA512

11

cipher AES-256-CBC

12

verb 3

13

push "route 13.131.30.0 255.255.255.0 13.131.32.1"

14

push "route 13.131.31.0 255.255.255.0 13.131.32.1"

View Originalserver - ip route

1

2

3

default via 13.131.31.1 dev eth0 proto dhcp src 13.131.31.36 metric 100

4

5

default via 13.131.30.1 dev wlan0 proto dhcp src 13.131.30.11 metric 600

6

7

8.8.8.8 via 13.131.30.1 dev wlan0 proto dhcp src 13.131.30.11 metric 600

8

9

13.131.30.0/24 dev wlan0 proto kernel scope link src 13.131.30.11 metric 600

10

11

13.131.30.1 via 13.131.31.1 dev eth0 proto dhcp src 13.131.31.36 metric 100

12

13

13.131.30.1 dev wlan0 proto dhcp scope link src 13.131.30.11 metric 600

14

15

13.131.31.0/24 dev eth0 proto kernel scope link src 13.131.31.36 metric 100

16

17

13.131.31.1 dev eth0 proto dhcp scope link src 13.131.31.36 metric 100

18

1

default via 13.131.31.1 dev eth0 proto dhcp src 13.131.31.36 metric 100

2

default via 13.131.30.1 dev wlan0 proto dhcp src 13.131.30.11 metric 600

3

8.8.8.8 via 13.131.30.1 dev wlan0 proto dhcp src 13.131.30.11 metric 600

4

13.131.30.0/24 dev wlan0 proto kernel scope link src 13.131.30.11 metric 600

5

13.131.30.1 via 13.131.31.1 dev eth0 proto dhcp src 13.131.31.36 metric 100

6

13.131.30.1 dev wlan0 proto dhcp scope link src 13.131.30.11 metric 600

7

13.131.31.0/24 dev eth0 proto kernel scope link src 13.131.31.36 metric 100

8

13.131.31.1 dev eth0 proto dhcp scope link src 13.131.31.36 metric 100

View OriginalClient.log

1

2

3

2023-08-22 14:19:09 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.

4

5

2023-08-22 14:19:09 OpenVPN 2.5.5 Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Dec 15 2021

6

7

2023-08-22 14:19:09 Windows version 10.0 (Windows 10 or greater) 64bit

8

9

2023-08-22 14:19:09 library versions: OpenSSL 1.1.1l 24 Aug 2021, LZO 2.10

10

11

2023-08-22 14:19:09 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340

12

13

2023-08-22 14:19:09 Need hold release from management interface, waiting...

14

15

2023-08-22 14:19:10 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340

16

17

2023-08-22 14:19:10 MANAGEMENT: CMD 'state on'

18

19

2023-08-22 14:19:10 MANAGEMENT: CMD 'log all on'

20

21

2023-08-22 14:19:10 MANAGEMENT: CMD 'echo all on'

22

23

2023-08-22 14:19:10 MANAGEMENT: CMD 'bytecount 5'

24

25

2023-08-22 14:19:10 MANAGEMENT: CMD 'hold off'

26

27

2023-08-22 14:19:10 MANAGEMENT: CMD 'hold release'

28

29

2023-08-22 14:19:10 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key

30

31

2023-08-22 14:19:10 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication

32

33

2023-08-22 14:19:10 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key

34

35

2023-08-22 14:19:10 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication

36

37

2023-08-22 14:19:10 TCP/UDP: Preserving recently used remote address: [AF_INET]XXX.XXX.XXX.XXX:12345

38

39

2023-08-22 14:19:10 Socket Buffers: R=[65536->65536] S=[65536->65536]

40

41

2023-08-22 14:19:10 UDP link local: (not bound)

42

43

2023-08-22 14:19:10 UDP link remote: [AF_INET]XXX.XXX.XXX.XXX:12345

44

45

2023-08-22 14:19:10 MANAGEMENT: >STATE:1692703150,WAIT,,,,,,

46

47

2023-08-22 14:19:10 MANAGEMENT: >STATE:1692703150,AUTH,,,,,,

48

49

2023-08-22 14:19:10 TLS: Initial packet from [AF_INET]XXX.XXX.XXX.XXX:12345, sid=4f0124e2 f953d9c4

50

51

2023-08-22 14:19:10 VERIFY OK: depth=1, CN=Easy-RSA CA

52

53

2023-08-22 14:19:10 VERIFY KU OK

54

55

2023-08-22 14:19:10 Validating certificate extended key usage

56

57

2023-08-22 14:19:10 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication

58

59

2023-08-22 14:19:10 VERIFY EKU OK

60

61

2023-08-22 14:19:10 VERIFY OK: depth=0, CN=server

62

63

2023-08-22 14:19:10 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1601', remote='link-mtu 1585'

64

65

2023-08-22 14:19:10 WARNING: 'keysize' is used inconsistently, local='keysize 256', remote='keysize 128'

66

67

2023-08-22 14:19:10 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256

68

69

2023-08-22 14:19:10 [server] Peer Connection Initiated with [AF_INET]XXX.XXX.XXX.XXX:12345

70

71

2023-08-22 14:19:10 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route 13.131.31.0 255.255.255.0 13.131.32.1,route 13.131.30.0 255.255.255.0 13.131.32.1,client-to-client,route-gateway 13.131.32.1,topology subnet,ping 10,ping-restart 120,ifconfig 13.131.32.2 255.255.255.0,peer-id 1,cipher AES-256-GCM'

72

73

2023-08-22 14:19:10 Options error: option 'client-to-client' cannot be used in this context ([PUSH-OPTIONS])

74

75

2023-08-22 14:19:10 OPTIONS IMPORT: timers and/or timeouts modified

76

77

2023-08-22 14:19:10 OPTIONS IMPORT: --ifconfig/up options modified

78

79

2023-08-22 14:19:10 OPTIONS IMPORT: route options modified

80

81

2023-08-22 14:19:10 OPTIONS IMPORT: route-related options modified

82

83

2023-08-22 14:19:10 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified

84

85

2023-08-22 14:19:10 OPTIONS IMPORT: peer-id set

86

87

2023-08-22 14:19:10 OPTIONS IMPORT: adjusting link_mtu to 1624

88

89

2023-08-22 14:19:10 OPTIONS IMPORT: data channel crypto options modified

90

91

2023-08-22 14:19:10 Data Channel: using negotiated cipher 'AES-256-GCM'

92

93

2023-08-22 14:19:10 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key

94

95

2023-08-22 14:19:10 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key

96

97

2023-08-22 14:19:10 interactive service msg_channel=1008

98

99

2023-08-22 14:19:10 open_tun

100

101

2023-08-22 14:19:10 tap-windows6 device [Yerel Ağ Bağlantısı] opened

102

103

2023-08-22 14:19:10 TAP-Windows Driver Version 9.24

104

105

2023-08-22 14:19:10 Set TAP-Windows TUN subnet mode network/local/netmask = 13.131.32.0/13.131.32.2/255.255.255.0 [SUCCEEDED]

106

107

2023-08-22 14:19:10 Notified TAP-Windows driver to set a DHCP IP/netmask of 13.131.32.2/255.255.255.0 on interface {269323C2-CA34-4A09-A10B-3C465C1A9832} [DHCP-serv: 13.131.32.0, lease-time: 31536000]

108

109

2023-08-22 14:19:10 Successful ARP Flush on interface [4] {269323C2-CA34-4A09-A10B-3C465C1A9832}

110

111

2023-08-22 14:19:10 MANAGEMENT: >STATE:1692703150,ASSIGN_IP,,13.131.32.2,,,,

112

113

2023-08-22 14:19:10 IPv4 MTU set to 1500 on interface 4 using service

114

115

2023-08-22 14:19:15 TEST ROUTES: 2/2 succeeded len=2 ret=1 a=0 u/d=up

116

117

2023-08-22 14:19:15 MANAGEMENT: >STATE:1692703155,ADD_ROUTES,,,,,,

118

119

2023-08-22 14:19:15 C:\WINDOWS\system32\route.exe ADD 13.131.31.0 MASK 255.255.255.0 13.131.32.1

120

121

2023-08-22 14:19:15 Route addition via service succeeded

122

123

2023-08-22 14:19:15 C:\WINDOWS\system32\route.exe ADD 13.131.30.0 MASK 255.255.255.0 13.131.32.1

124

125

2023-08-22 14:19:15 Route addition via service succeeded

126

127

2023-08-22 14:19:15 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this

128

129

2023-08-22 14:19:15 Initialization Sequence Completed

130

131

2023-08-22 14:19:15 MANAGEMENT: >STATE:1692703155,CONNECTED,SUCCESS,13.131.32.2,XXX.XXX.XXX.XXX,12345,,

132

133

2023-08-22 14:19:22 C:\WINDOWS\system32\route.exe DELETE 13.131.31.0 MASK 255.255.255.0 13.131.32.1

134

135

2023-08-22 14:19:22 Route deletion via service succeeded

136

137

2023-08-22 14:19:22 C:\WINDOWS\system32\route.exe DELETE 13.131.30.0 MASK 255.255.255.0 13.131.32.1

138

139

2023-08-22 14:19:22 Route deletion via service succeeded

140

141

2023-08-22 14:19:22 Closing TUN/TAP interface

142

143

2023-08-22 14:19:22 TAP: DHCP address released

144

145

2023-08-22 14:19:22 SIGTERM[hard,] received, process exiting

146

147

2023-08-22 14:19:22 MANAGEMENT: >STATE:1692703162,EXITING,SIGTERM,,,,,

148

149

2023-08-22 14:30:45 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.

150

151

2023-08-22 14:30:45 OpenVPN 2.5.5 Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Dec 15 2021

152

153

2023-08-22 14:30:45 Windows version 10.0 (Windows 10 or greater) 64bit

154

155

2023-08-22 14:30:45 library versions: OpenSSL 1.1.1l 24 Aug 2021, LZO 2.10

156

157

2023-08-22 14:30:45 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340

158

159

2023-08-22 14:30:45 Need hold release from management interface, waiting...

160

161

2023-08-22 14:30:46 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340

162

163

2023-08-22 14:30:46 MANAGEMENT: CMD 'state on'

164

165

2023-08-22 14:30:46 MANAGEMENT: CMD 'log all on'

166

167

2023-08-22 14:30:46 MANAGEMENT: CMD 'echo all on'

168

169

2023-08-22 14:30:46 MANAGEMENT: CMD 'bytecount 5'

170

171

2023-08-22 14:30:46 MANAGEMENT: CMD 'hold off'

172

173

2023-08-22 14:30:46 MANAGEMENT: CMD 'hold release'

174

175

2023-08-22 14:30:46 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key

176

177

2023-08-22 14:30:46 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication

178

179

2023-08-22 14:30:46 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key

180

181

2023-08-22 14:30:46 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication

182

183

2023-08-22 14:30:46 TCP/UDP: Preserving recently used remote address: [AF_INET]XXX.XXX.XXX.XXX:12345

184

185

2023-08-22 14:30:46 Socket Buffers: R=[65536->65536] S=[65536->65536]

186

187

2023-08-22 14:30:46 UDP link local: (not bound)

188

189

2023-08-22 14:30:46 UDP link remote: [AF_INET]XXX.XXX.XXX.XXX:12345

190

191

2023-08-22 14:30:46 MANAGEMENT: >STATE:1692703846,WAIT,,,,,,

192

193

2023-08-22 14:30:46 MANAGEMENT: >STATE:1692703846,AUTH,,,,,,

194

195

2023-08-22 14:30:46 TLS: Initial packet from [AF_INET]XXX.XXX.XXX.XXX:12345, sid=f8e69e29 22426885

196

197

2023-08-22 14:30:46 VERIFY OK: depth=1, CN=Easy-RSA CA

198

199

2023-08-22 14:30:46 VERIFY KU OK

200

201

2023-08-22 14:30:46 Validating certificate extended key usage

202

203

2023-08-22 14:30:46 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication

204

205

2023-08-22 14:30:46 VERIFY EKU OK

206

207

2023-08-22 14:30:46 VERIFY OK: depth=0, CN=server

208

209

2023-08-22 14:30:46 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1601', remote='link-mtu 1585'

210

211

2023-08-22 14:30:46 WARNING: 'keysize' is used inconsistently, local='keysize 256', remote='keysize 128'

212

213

2023-08-22 14:30:46 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256

214

215

2023-08-22 14:30:46 [server] Peer Connection Initiated with [AF_INET]XXX.XXX.XXX.XXX:12345

216

217

2023-08-22 14:30:46 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route 13.131.31.0 255.255.255.0 13.131.32.1,route 13.131.30.0 255.255.255.0 13.131.32.1,client-to-client,route-gateway 13.131.32.1,topology subnet,ping 10,ping-restart 120,ifconfig 13.131.32.2 255.255.255.0,peer-id 0,cipher AES-256-GCM'

218

219

2023-08-22 14:30:46 Options error: option 'client-to-client' cannot be used in this context ([PUSH-OPTIONS])

220

221

2023-08-22 14:30:46 OPTIONS IMPORT: timers and/or timeouts modified

222

223

2023-08-22 14:30:46 OPTIONS IMPORT: --ifconfig/up options modified

224

225

2023-08-22 14:30:46 OPTIONS IMPORT: route options modified

226

227

2023-08-22 14:30:46 OPTIONS IMPORT: route-related options modified

228

229

2023-08-22 14:30:46 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified

230

231

2023-08-22 14:30:46 OPTIONS IMPORT: peer-id set

232

233

2023-08-22 14:30:46 OPTIONS IMPORT: adjusting link_mtu to 1624

234

235

2023-08-22 14:30:46 OPTIONS IMPORT: data channel crypto options modified

236

237

2023-08-22 14:30:46 Data Channel: using negotiated cipher 'AES-256-GCM'

238

239

2023-08-22 14:30:46 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key

240

241

2023-08-22 14:30:46 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key

242

243

2023-08-22 14:30:46 interactive service msg_channel=664

244

245

2023-08-22 14:30:46 open_tun

246

247

2023-08-22 14:30:46 tap-windows6 device [Yerel Ağ Bağlantısı] opened

248

249

2023-08-22 14:30:46 TAP-Windows Driver Version 9.24

250

251

2023-08-22 14:30:46 Set TAP-Windows TUN subnet mode network/local/netmask = 13.131.32.0/13.131.32.2/255.255.255.0 [SUCCEEDED]

252

253

2023-08-22 14:30:46 Notified TAP-Windows driver to set a DHCP IP/netmask of 13.131.32.2/255.255.255.0 on interface {269323C2-CA34-4A09-A10B-3C465C1A9832} [DHCP-serv: 13.131.32.0, lease-time: 31536000]

254

255

2023-08-22 14:30:46 Successful ARP Flush on interface [4] {269323C2-CA34-4A09-A10B-3C465C1A9832}

256

257

2023-08-22 14:30:46 MANAGEMENT: >STATE:1692703846,ASSIGN_IP,,13.131.32.2,,,,

258

259

2023-08-22 14:30:46 IPv4 MTU set to 1500 on interface 4 using service

260

261

2023-08-22 14:30:51 TEST ROUTES: 2/2 succeeded len=2 ret=1 a=0 u/d=up

262

263

2023-08-22 14:30:51 MANAGEMENT: >STATE:1692703851,ADD_ROUTES,,,,,,

264

265

2023-08-22 14:30:51 C:\WINDOWS\system32\route.exe ADD 13.131.31.0 MASK 255.255.255.0 13.131.32.1

266

267

2023-08-22 14:30:51 Route addition via service succeeded

268

269

2023-08-22 14:30:51 C:\WINDOWS\system32\route.exe ADD 13.131.30.0 MASK 255.255.255.0 13.131.32.1

270

271

2023-08-22 14:30:51 Route addition via service succeeded

272

273

2023-08-22 14:30:51 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this

274

275

2023-08-22 14:30:51 Initialization Sequence Completed

276

277

2023-08-22 14:30:51 MANAGEMENT: >STATE:1692703851,CONNECTED,SUCCESS,13.131.32.2,XXX.XXX.XXX.XXX,12345,,

278

279

2023-08-22 14:36:00 C:\WINDOWS\system32\route.exe DELETE 13.131.31.0 MASK 255.255.255.0 13.131.32.1

280

281

2023-08-22 14:36:00 Route deletion via service succeeded

282

283

2023-08-22 14:36:00 C:\WINDOWS\system32\route.exe DELETE 13.131.30.0 MASK 255.255.255.0 13.131.32.1

284

285

2023-08-22 14:36:00 Route deletion via service succeeded

286

287

2023-08-22 14:36:00 Closing TUN/TAP interface

288

289

2023-08-22 14:36:00 TAP: DHCP address released

290

291

2023-08-22 14:36:00 SIGTERM[hard,] received, process exiting

292

293

2023-08-22 14:36:00 MANAGEMENT: >STATE:1692704160,EXITING,SIGTERM,,,,,

294

295

2023-08-22 14:46:30 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.

296

297

2023-08-22 14:46:30 OpenVPN 2.5.5 Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Dec 15 2021

298

299

2023-08-22 14:46:30 Windows version 10.0 (Windows 10 or greater) 64bit

300

301

2023-08-22 14:46:30 library versions: OpenSSL 1.1.1l 24 Aug 2021, LZO 2.10

302

303

2023-08-22 14:46:30 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340

304

305

2023-08-22 14:46:30 Need hold release from management interface, waiting...

306

307

2023-08-22 14:46:31 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340

308

309

2023-08-22 14:46:31 MANAGEMENT: CMD 'state on'

310

311

2023-08-22 14:46:31 MANAGEMENT: CMD 'log all on'

312

313

2023-08-22 14:46:31 MANAGEMENT: CMD 'echo all on'

314

315

2023-08-22 14:46:31 MANAGEMENT: CMD 'bytecount 5'

316

317

2023-08-22 14:46:31 MANAGEMENT: CMD 'hold off'

318

319

2023-08-22 14:46:31 MANAGEMENT: CMD 'hold release'

320

321

2023-08-22 14:46:31 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key

322

323

2023-08-22 14:46:31 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication

324

325

2023-08-22 14:46:31 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key

326

327

2023-08-22 14:46:31 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication

328

329

2023-08-22 14:46:31 TCP/UDP: Preserving recently used remote address: [AF_INET]XXX.XXX.XXX.XXX:12345

330

331

2023-08-22 14:46:31 Socket Buffers: R=[65536->65536] S=[65536->65536]

332

333

2023-08-22 14:46:31 UDP link local: (not bound)

334

335

2023-08-22 14:46:31 UDP link remote: [AF_INET]XXX.XXX.XXX.XXX:12345

336

337

2023-08-22 14:46:31 MANAGEMENT: >STATE:1692704791,WAIT,,,,,,

338

339

2023-08-22 14:46:31 MANAGEMENT: >STATE:1692704791,AUTH,,,,,,

340

341

2023-08-22 14:46:31 TLS: Initial packet from [AF_INET]XXX.XXX.XXX.XXX:12345, sid=162ab77b 83006b9d

342

343

2023-08-22 14:46:31 VERIFY OK: depth=1, CN=Easy-RSA CA

344

345

2023-08-22 14:46:31 VERIFY KU OK

346

347

2023-08-22 14:46:31 Validating certificate extended key usage

348

349

2023-08-22 14:46:31 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication

350

351

2023-08-22 14:46:31 VERIFY EKU OK

352

353

2023-08-22 14:46:31 VERIFY OK: depth=0, CN=server

354

355

2023-08-22 14:46:31 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1601', remote='link-mtu 1585'

356

357

2023-08-22 14:46:31 WARNING: 'keysize' is used inconsistently, local='keysize 256', remote='keysize 128'

358

359

2023-08-22 14:46:31 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256

360

361

2023-08-22 14:46:31 [server] Peer Connection Initiated with [AF_INET]XXX.XXX.XXX.XXX:12345

362

363

2023-08-22 14:46:31 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route 13.131.31.0 255.255.255.0 13.131.32.1,route 13.131.30.0 255.255.255.0 13.131.32.1,client-to-client,route-gateway 13.131.32.1,topology subnet,ping 10,ping-restart 120,ifconfig 13.131.32.2 255.255.255.0,peer-id 0,cipher AES-256-GCM'

364

365

2023-08-22 14:46:31 Options error: option 'client-to-client' cannot be used in this context ([PUSH-OPTIONS])

366

367

2023-08-22 14:46:31 OPTIONS IMPORT: timers and/or timeouts modified

368

369

2023-08-22 14:46:31 OPTIONS IMPORT: --ifconfig/up options modified

370

371

2023-08-22 14:46:31 OPTIONS IMPORT: route options modified

372

373

2023-08-22 14:46:31 OPTIONS IMPORT: route-related options modified

374

375

2023-08-22 14:46:31 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified

376

377

2023-08-22 14:46:31 OPTIONS IMPORT: peer-id set

378

379

2023-08-22 14:46:31 OPTIONS IMPORT: adjusting link_mtu to 1624

380

381

2023-08-22 14:46:31 OPTIONS IMPORT: data channel crypto options modified

382

383

2023-08-22 14:46:31 Data Channel: using negotiated cipher 'AES-256-GCM'

384

385

2023-08-22 14:46:31 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key

386

387

2023-08-22 14:46:31 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key

388

389

2023-08-22 14:46:31 interactive service msg_channel=880

390

391

2023-08-22 14:46:31 open_tun

392

393

2023-08-22 14:46:31 tap-windows6 device [Yerel Ağ Bağlantısı] opened

394

395

2023-08-22 14:46:31 TAP-Windows Driver Version 9.24

396

397

2023-08-22 14:46:31 Set TAP-Windows TUN subnet mode network/local/netmask = 13.131.32.0/13.131.32.2/255.255.255.0 [SUCCEEDED]

398

399

2023-08-22 14:46:31 Notified TAP-Windows driver to set a DHCP IP/netmask of 13.131.32.2/255.255.255.0 on interface {269323C2-CA34-4A09-A10B-3C465C1A9832} [DHCP-serv: 13.131.32.0, lease-time: 31536000]

400

401

2023-08-22 14:46:31 Successful ARP Flush on interface [4] {269323C2-CA34-4A09-A10B-3C465C1A9832}

402

403

2023-08-22 14:46:31 MANAGEMENT: >STATE:1692704791,ASSIGN_IP,,13.131.32.2,,,,

404

405

2023-08-22 14:46:31 IPv4 MTU set to 1500 on interface 4 using service

406

407

2023-08-22 14:46:36 TEST ROUTES: 2/2 succeeded len=2 ret=1 a=0 u/d=up

408

409

2023-08-22 14:46:36 MANAGEMENT: >STATE:1692704796,ADD_ROUTES,,,,,,

410

411

2023-08-22 14:46:36 C:\WINDOWS\system32\route.exe ADD 13.131.31.0 MASK 255.255.255.0 13.131.32.1

412

413

2023-08-22 14:46:36 Route addition via service succeeded

414

415

2023-08-22 14:46:36 C:\WINDOWS\system32\route.exe ADD 13.131.30.0 MASK 255.255.255.0 13.131.32.1

416

417

2023-08-22 14:46:36 Route addition via service succeeded

418

419

2023-08-22 14:46:36 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this

420

421

2023-08-22 14:46:36 Initialization Sequence Completed

422

423

2023-08-22 14:46:36 MANAGEMENT: >STATE:1692704796,CONNECTED,SUCCESS,13.131.32.2,XXX.XXX.XXX.XXX,12345,,

424

1

2023-08-22 14:19:09 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.

2

2023-08-22 14:19:09 OpenVPN 2.5.5 Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Dec 15 2021

3

2023-08-22 14:19:09 Windows version 10.0 (Windows 10 or greater) 64bit

4

2023-08-22 14:19:09 library versions: OpenSSL 1.1.1l 24 Aug 2021, LZO 2.10

5

2023-08-22 14:19:09 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340

6

2023-08-22 14:19:09 Need hold release from management interface, waiting...

7

2023-08-22 14:19:10 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340

8

2023-08-22 14:19:10 MANAGEMENT: CMD 'state on'

9

2023-08-22 14:19:10 MANAGEMENT: CMD 'log all on'

10

2023-08-22 14:19:10 MANAGEMENT: CMD 'echo all on'

11

2023-08-22 14:19:10 MANAGEMENT: CMD 'bytecount 5'

12

2023-08-22 14:19:10 MANAGEMENT: CMD 'hold off'

13

2023-08-22 14:19:10 MANAGEMENT: CMD 'hold release'

14

2023-08-22 14:19:10 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key

15

2023-08-22 14:19:10 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication

16

2023-08-22 14:19:10 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key

17

2023-08-22 14:19:10 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication

18

2023-08-22 14:19:10 TCP/UDP: Preserving recently used remote address: [AF_INET]XXX.XXX.XXX.XXX:12345

19

2023-08-22 14:19:10 Socket Buffers: R=[65536->65536] S=[65536->65536]

20

2023-08-22 14:19:10 UDP link local: (not bound)

21

2023-08-22 14:19:10 UDP link remote: [AF_INET]XXX.XXX.XXX.XXX:12345

22

2023-08-22 14:19:10 MANAGEMENT: >STATE:1692703150,WAIT,,,,,,

23

2023-08-22 14:19:10 MANAGEMENT: >STATE:1692703150,AUTH,,,,,,

24

2023-08-22 14:19:10 TLS: Initial packet from [AF_INET]XXX.XXX.XXX.XXX:12345, sid=4f0124e2 f953d9c4

25

2023-08-22 14:19:10 VERIFY OK: depth=1, CN=Easy-RSA CA

26

2023-08-22 14:19:10 VERIFY KU OK

27

2023-08-22 14:19:10 Validating certificate extended key usage

28

2023-08-22 14:19:10 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication

29

2023-08-22 14:19:10 VERIFY EKU OK

30

2023-08-22 14:19:10 VERIFY OK: depth=0, CN=server

31

2023-08-22 14:19:10 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1601', remote='link-mtu 1585'

32

2023-08-22 14:19:10 WARNING: 'keysize' is used inconsistently, local='keysize 256', remote='keysize 128'

33

2023-08-22 14:19:10 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256

34

2023-08-22 14:19:10 [server] Peer Connection Initiated with [AF_INET]XXX.XXX.XXX.XXX:12345

35

2023-08-22 14:19:10 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route 13.131.31.0 255.255.255.0 13.131.32.1,route 13.131.30.0 255.255.255.0 13.131.32.1,client-to-client,route-gateway 13.131.32.1,topology subnet,ping 10,ping-restart 120,ifconfig 13.131.32.2 255.255.255.0,peer-id 1,cipher AES-256-GCM'

36

2023-08-22 14:19:10 Options error: option 'client-to-client' cannot be used in this context ([PUSH-OPTIONS])

37

2023-08-22 14:19:10 OPTIONS IMPORT: timers and/or timeouts modified

38

2023-08-22 14:19:10 OPTIONS IMPORT: --ifconfig/up options modified

39

2023-08-22 14:19:10 OPTIONS IMPORT: route options modified

40

2023-08-22 14:19:10 OPTIONS IMPORT: route-related options modified

41

2023-08-22 14:19:10 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified

42

2023-08-22 14:19:10 OPTIONS IMPORT: peer-id set

43

2023-08-22 14:19:10 OPTIONS IMPORT: adjusting link_mtu to 1624

44

2023-08-22 14:19:10 OPTIONS IMPORT: data channel crypto options modified

45

2023-08-22 14:19:10 Data Channel: using negotiated cipher 'AES-256-GCM'

46

2023-08-22 14:19:10 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key

47

2023-08-22 14:19:10 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key

48

2023-08-22 14:19:10 interactive service msg_channel=1008

49

2023-08-22 14:19:10 open_tun

50

2023-08-22 14:19:10 tap-windows6 device [Yerel Ağ Bağlantısı] opened

51

2023-08-22 14:19:10 TAP-Windows Driver Version 9.24

52

2023-08-22 14:19:10 Set TAP-Windows TUN subnet mode network/local/netmask = 13.131.32.0/13.131.32.2/255.255.255.0 [SUCCEEDED]

53

2023-08-22 14:19:10 Notified TAP-Windows driver to set a DHCP IP/netmask of 13.131.32.2/255.255.255.0 on interface {269323C2-CA34-4A09-A10B-3C465C1A9832} [DHCP-serv: 13.131.32.0, lease-time: 31536000]

54

2023-08-22 14:19:10 Successful ARP Flush on interface [4] {269323C2-CA34-4A09-A10B-3C465C1A9832}

55

2023-08-22 14:19:10 MANAGEMENT: >STATE:1692703150,ASSIGN_IP,,13.131.32.2,,,,

56

2023-08-22 14:19:10 IPv4 MTU set to 1500 on interface 4 using service

57

2023-08-22 14:19:15 TEST ROUTES: 2/2 succeeded len=2 ret=1 a=0 u/d=up

58

2023-08-22 14:19:15 MANAGEMENT: >STATE:1692703155,ADD_ROUTES,,,,,,

59

2023-08-22 14:19:15 C:\WINDOWS\system32\route.exe ADD 13.131.31.0 MASK 255.255.255.0 13.131.32.1

60

2023-08-22 14:19:15 Route addition via service succeeded

61

2023-08-22 14:19:15 C:\WINDOWS\system32\route.exe ADD 13.131.30.0 MASK 255.255.255.0 13.131.32.1

62

2023-08-22 14:19:15 Route addition via service succeeded

63

2023-08-22 14:19:15 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this

64

2023-08-22 14:19:15 Initialization Sequence Completed

65

2023-08-22 14:19:15 MANAGEMENT: >STATE:1692703155,CONNECTED,SUCCESS,13.131.32.2,XXX.XXX.XXX.XXX,12345,,

66

2023-08-22 14:19:22 C:\WINDOWS\system32\route.exe DELETE 13.131.31.0 MASK 255.255.255.0 13.131.32.1

67

2023-08-22 14:19:22 Route deletion via service succeeded

68

2023-08-22 14:19:22 C:\WINDOWS\system32\route.exe DELETE 13.131.30.0 MASK 255.255.255.0 13.131.32.1

69

2023-08-22 14:19:22 Route deletion via service succeeded

70

2023-08-22 14:19:22 Closing TUN/TAP interface

71

2023-08-22 14:19:22 TAP: DHCP address released

72

2023-08-22 14:19:22 SIGTERM[hard,] received, process exiting

73

2023-08-22 14:19:22 MANAGEMENT: >STATE:1692703162,EXITING,SIGTERM,,,,,

74

2023-08-22 14:30:45 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.

75

2023-08-22 14:30:45 OpenVPN 2.5.5 Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Dec 15 2021

76

2023-08-22 14:30:45 Windows version 10.0 (Windows 10 or greater) 64bit

77

2023-08-22 14:30:45 library versions: OpenSSL 1.1.1l 24 Aug 2021, LZO 2.10

78

2023-08-22 14:30:45 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340

79

2023-08-22 14:30:45 Need hold release from management interface, waiting...

80

2023-08-22 14:30:46 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340

81

2023-08-22 14:30:46 MANAGEMENT: CMD 'state on'

82

2023-08-22 14:30:46 MANAGEMENT: CMD 'log all on'

83

2023-08-22 14:30:46 MANAGEMENT: CMD 'echo all on'

84

2023-08-22 14:30:46 MANAGEMENT: CMD 'bytecount 5'

85

2023-08-22 14:30:46 MANAGEMENT: CMD 'hold off'

86

2023-08-22 14:30:46 MANAGEMENT: CMD 'hold release'

87

2023-08-22 14:30:46 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key

88

2023-08-22 14:30:46 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication

89

2023-08-22 14:30:46 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key

90

2023-08-22 14:30:46 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication

91

2023-08-22 14:30:46 TCP/UDP: Preserving recently used remote address: [AF_INET]XXX.XXX.XXX.XXX:12345

92

2023-08-22 14:30:46 Socket Buffers: R=[65536->65536] S=[65536->65536]

93

2023-08-22 14:30:46 UDP link local: (not bound)

94

2023-08-22 14:30:46 UDP link remote: [AF_INET]XXX.XXX.XXX.XXX:12345

95

2023-08-22 14:30:46 MANAGEMENT: >STATE:1692703846,WAIT,,,,,,

96

2023-08-22 14:30:46 MANAGEMENT: >STATE:1692703846,AUTH,,,,,,

97

2023-08-22 14:30:46 TLS: Initial packet from [AF_INET]XXX.XXX.XXX.XXX:12345, sid=f8e69e29 22426885

98

2023-08-22 14:30:46 VERIFY OK: depth=1, CN=Easy-RSA CA

99

2023-08-22 14:30:46 VERIFY KU OK

100

2023-08-22 14:30:46 Validating certificate extended key usage

101

2023-08-22 14:30:46 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication

102

2023-08-22 14:30:46 VERIFY EKU OK

103

2023-08-22 14:30:46 VERIFY OK: depth=0, CN=server

104

2023-08-22 14:30:46 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1601', remote='link-mtu 1585'

105

2023-08-22 14:30:46 WARNING: 'keysize' is used inconsistently, local='keysize 256', remote='keysize 128'

106

2023-08-22 14:30:46 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256

107

2023-08-22 14:30:46 [server] Peer Connection Initiated with [AF_INET]XXX.XXX.XXX.XXX:12345

108

2023-08-22 14:30:46 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route 13.131.31.0 255.255.255.0 13.131.32.1,route 13.131.30.0 255.255.255.0 13.131.32.1,client-to-client,route-gateway 13.131.32.1,topology subnet,ping 10,ping-restart 120,ifconfig 13.131.32.2 255.255.255.0,peer-id 0,cipher AES-256-GCM'

109

2023-08-22 14:30:46 Options error: option 'client-to-client' cannot be used in this context ([PUSH-OPTIONS])

110

2023-08-22 14:30:46 OPTIONS IMPORT: timers and/or timeouts modified

111

2023-08-22 14:30:46 OPTIONS IMPORT: --ifconfig/up options modified

112

2023-08-22 14:30:46 OPTIONS IMPORT: route options modified

113

2023-08-22 14:30:46 OPTIONS IMPORT: route-related options modified

114

2023-08-22 14:30:46 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified

115

2023-08-22 14:30:46 OPTIONS IMPORT: peer-id set

116

2023-08-22 14:30:46 OPTIONS IMPORT: adjusting link_mtu to 1624

117

2023-08-22 14:30:46 OPTIONS IMPORT: data channel crypto options modified

118

2023-08-22 14:30:46 Data Channel: using negotiated cipher 'AES-256-GCM'

119

2023-08-22 14:30:46 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key

120

2023-08-22 14:30:46 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key

121

2023-08-22 14:30:46 interactive service msg_channel=664

122

2023-08-22 14:30:46 open_tun

123

2023-08-22 14:30:46 tap-windows6 device [Yerel Ağ Bağlantısı] opened

124

2023-08-22 14:30:46 TAP-Windows Driver Version 9.24

125

2023-08-22 14:30:46 Set TAP-Windows TUN subnet mode network/local/netmask = 13.131.32.0/13.131.32.2/255.255.255.0 [SUCCEEDED]

126

2023-08-22 14:30:46 Notified TAP-Windows driver to set a DHCP IP/netmask of 13.131.32.2/255.255.255.0 on interface {269323C2-CA34-4A09-A10B-3C465C1A9832} [DHCP-serv: 13.131.32.0, lease-time: 31536000]

127

2023-08-22 14:30:46 Successful ARP Flush on interface [4] {269323C2-CA34-4A09-A10B-3C465C1A9832}

128

2023-08-22 14:30:46 MANAGEMENT: >STATE:1692703846,ASSIGN_IP,,13.131.32.2,,,,

129

2023-08-22 14:30:46 IPv4 MTU set to 1500 on interface 4 using service

130

2023-08-22 14:30:51 TEST ROUTES: 2/2 succeeded len=2 ret=1 a=0 u/d=up

131

2023-08-22 14:30:51 MANAGEMENT: >STATE:1692703851,ADD_ROUTES,,,,,,

132

2023-08-22 14:30:51 C:\WINDOWS\system32\route.exe ADD 13.131.31.0 MASK 255.255.255.0 13.131.32.1

133

2023-08-22 14:30:51 Route addition via service succeeded

134

2023-08-22 14:30:51 C:\WINDOWS\system32\route.exe ADD 13.131.30.0 MASK 255.255.255.0 13.131.32.1

135

2023-08-22 14:30:51 Route addition via service succeeded

136

2023-08-22 14:30:51 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this

137

2023-08-22 14:30:51 Initialization Sequence Completed

138

2023-08-22 14:30:51 MANAGEMENT: >STATE:1692703851,CONNECTED,SUCCESS,13.131.32.2,XXX.XXX.XXX.XXX,12345,,

139

2023-08-22 14:36:00 C:\WINDOWS\system32\route.exe DELETE 13.131.31.0 MASK 255.255.255.0 13.131.32.1

140

2023-08-22 14:36:00 Route deletion via service succeeded

141

2023-08-22 14:36:00 C:\WINDOWS\system32\route.exe DELETE 13.131.30.0 MASK 255.255.255.0 13.131.32.1

142

2023-08-22 14:36:00 Route deletion via service succeeded

143

2023-08-22 14:36:00 Closing TUN/TAP interface

144

2023-08-22 14:36:00 TAP: DHCP address released

145

2023-08-22 14:36:00 SIGTERM[hard,] received, process exiting

146

2023-08-22 14:36:00 MANAGEMENT: >STATE:1692704160,EXITING,SIGTERM,,,,,

147

2023-08-22 14:46:30 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.

148

2023-08-22 14:46:30 OpenVPN 2.5.5 Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Dec 15 2021

149

2023-08-22 14:46:30 Windows version 10.0 (Windows 10 or greater) 64bit

150

2023-08-22 14:46:30 library versions: OpenSSL 1.1.1l 24 Aug 2021, LZO 2.10

151

2023-08-22 14:46:30 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340

152

2023-08-22 14:46:30 Need hold release from management interface, waiting...

153

2023-08-22 14:46:31 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340

154

2023-08-22 14:46:31 MANAGEMENT: CMD 'state on'

155

2023-08-22 14:46:31 MANAGEMENT: CMD 'log all on'

156

2023-08-22 14:46:31 MANAGEMENT: CMD 'echo all on'

157

2023-08-22 14:46:31 MANAGEMENT: CMD 'bytecount 5'

158

2023-08-22 14:46:31 MANAGEMENT: CMD 'hold off'

159

2023-08-22 14:46:31 MANAGEMENT: CMD 'hold release'

160

2023-08-22 14:46:31 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key

161

2023-08-22 14:46:31 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication

162

2023-08-22 14:46:31 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key

163

2023-08-22 14:46:31 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication

164

2023-08-22 14:46:31 TCP/UDP: Preserving recently used remote address: [AF_INET]XXX.XXX.XXX.XXX:12345

165

2023-08-22 14:46:31 Socket Buffers: R=[65536->65536] S=[65536->65536]

166

2023-08-22 14:46:31 UDP link local: (not bound)

167

2023-08-22 14:46:31 UDP link remote: [AF_INET]XXX.XXX.XXX.XXX:12345

168

2023-08-22 14:46:31 MANAGEMENT: >STATE:1692704791,WAIT,,,,,,

169

2023-08-22 14:46:31 MANAGEMENT: >STATE:1692704791,AUTH,,,,,,

170

2023-08-22 14:46:31 TLS: Initial packet from [AF_INET]XXX.XXX.XXX.XXX:12345, sid=162ab77b 83006b9d

171

2023-08-22 14:46:31 VERIFY OK: depth=1, CN=Easy-RSA CA

172

2023-08-22 14:46:31 VERIFY KU OK

173

2023-08-22 14:46:31 Validating certificate extended key usage

174

2023-08-22 14:46:31 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication

175

2023-08-22 14:46:31 VERIFY EKU OK

176

2023-08-22 14:46:31 VERIFY OK: depth=0, CN=server

177

2023-08-22 14:46:31 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1601', remote='link-mtu 1585'

178

2023-08-22 14:46:31 WARNING: 'keysize' is used inconsistently, local='keysize 256', remote='keysize 128'

179

2023-08-22 14:46:31 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256

180

2023-08-22 14:46:31 [server] Peer Connection Initiated with [AF_INET]XXX.XXX.XXX.XXX:12345

181

2023-08-22 14:46:31 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route 13.131.31.0 255.255.255.0 13.131.32.1,route 13.131.30.0 255.255.255.0 13.131.32.1,client-to-client,route-gateway 13.131.32.1,topology subnet,ping 10,ping-restart 120,ifconfig 13.131.32.2 255.255.255.0,peer-id 0,cipher AES-256-GCM'

182

2023-08-22 14:46:31 Options error: option 'client-to-client' cannot be used in this context ([PUSH-OPTIONS])

183

2023-08-22 14:46:31 OPTIONS IMPORT: timers and/or timeouts modified

184

2023-08-22 14:46:31 OPTIONS IMPORT: --ifconfig/up options modified

185

2023-08-22 14:46:31 OPTIONS IMPORT: route options modified

186

2023-08-22 14:46:31 OPTIONS IMPORT: route-related options modified

187

2023-08-22 14:46:31 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified

188

2023-08-22 14:46:31 OPTIONS IMPORT: peer-id set

189

2023-08-22 14:46:31 OPTIONS IMPORT: adjusting link_mtu to 1624

190

2023-08-22 14:46:31 OPTIONS IMPORT: data channel crypto options modified

191

2023-08-22 14:46:31 Data Channel: using negotiated cipher 'AES-256-GCM'

192

2023-08-22 14:46:31 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key

193

2023-08-22 14:46:31 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key

194

2023-08-22 14:46:31 interactive service msg_channel=880

195

2023-08-22 14:46:31 open_tun

196

2023-08-22 14:46:31 tap-windows6 device [Yerel Ağ Bağlantısı] opened

197

2023-08-22 14:46:31 TAP-Windows Driver Version 9.24

198

2023-08-22 14:46:31 Set TAP-Windows TUN subnet mode network/local/netmask = 13.131.32.0/13.131.32.2/255.255.255.0 [SUCCEEDED]

199

2023-08-22 14:46:31 Notified TAP-Windows driver to set a DHCP IP/netmask of 13.131.32.2/255.255.255.0 on interface {269323C2-CA34-4A09-A10B-3C465C1A9832} [DHCP-serv: 13.131.32.0, lease-time: 31536000]

200

2023-08-22 14:46:31 Successful ARP Flush on interface [4] {269323C2-CA34-4A09-A10B-3C465C1A9832}

201

2023-08-22 14:46:31 MANAGEMENT: >STATE:1692704791,ASSIGN_IP,,13.131.32.2,,,,

202

2023-08-22 14:46:31 IPv4 MTU set to 1500 on interface 4 using service

203

2023-08-22 14:46:36 TEST ROUTES: 2/2 succeeded len=2 ret=1 a=0 u/d=up

204

2023-08-22 14:46:36 MANAGEMENT: >STATE:1692704796,ADD_ROUTES,,,,,,

205

2023-08-22 14:46:36 C:\WINDOWS\system32\route.exe ADD 13.131.31.0 MASK 255.255.255.0 13.131.32.1

206

2023-08-22 14:46:36 Route addition via service succeeded

207

2023-08-22 14:46:36 C:\WINDOWS\system32\route.exe ADD 13.131.30.0 MASK 255.255.255.0 13.131.32.1

208

2023-08-22 14:46:36 Route addition via service succeeded

209

2023-08-22 14:46:36 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this

210

2023-08-22 14:46:36 Initialization Sequence Completed

211

2023-08-22 14:46:36 MANAGEMENT: >STATE:1692704796,CONNECTED,SUCCESS,13.131.32.2,XXX.XXX.XXX.XXX,12345,,

View OriginalWireshark

1

2

3

15785 8350.782454 13.131.31.36 13.131.32.2 TCP 60 22 → 58156 [ACK] Seq=15218 Ack=5106 Win=64128 Len=0

4

5

15786 8360.176615 13.131.32.2 13.131.32.255 BROWSER 243 Host Announcement PC-NAME, Workstation, Server, NT Workstation

6

7

15787 8378.458183 13.131.32.2 13.131.32.255 NBNS 92 Name query NB PC-NAME<1c>

8

9

15788 8379.215539 13.131.32.2 13.131.32.255 NBNS 92 Name query NB PC-NAME<1c>

10

11

15789 8379.976102 13.131.32.2 13.131.32.255 NBNS 92 Name query NB PC-NAME<1c>

12

13

15790 8419.924142 13.131.32.2 13.131.31.35 TCP 66 58504 → 22 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 WS=256 SACK_PERM

14

15

15791 8420.937567 13.131.32.2 13.131.31.35 TCP 66 [TCP Retransmission] 58504 → 22 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 WS=256 SACK_PERM

16

17

15792 8422.949701 13.131.32.2 13.131.31.35 TCP 66 [TCP Retransmission] 58504 → 22 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 WS=256 SACK_PERM

18

19

15793 8424.541076 00:ff:26:93:23:c2 00:ff:27:93:23:c2 ARP 42 Who has 13.131.32.1? Tell 13.131.32.2

20

21

15794 8425.530942 00:ff:26:93:23:c2 00:ff:27:93:23:c2 ARP 42 Who has 13.131.32.1? Tell 13.131.32.2

22

23

15795 8426.534205 00:ff:26:93:23:c2 00:ff:27:93:23:c2 ARP 42 Who has 13.131.32.1? Tell 13.131.32.2

24

25

15796 8426.952267 13.131.32.2 13.131.31.35 TCP 66 [TCP Retransmission] 58504 → 22 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 WS=256 SACK_PERM

26

27

15797 8434.964341 00:ff:26:93:23:c2 Broadcast ARP 42 Who has 13.131.32.1? Tell 13.131.32.2

28

29

15798 8434.964397 00:ff:27:93:23:c2 00:ff:26:93:23:c2 ARP 60 13.131.32.1 is at 00:ff:27:93:23:c2

30

31

15799 8434.964508 13.131.32.2 13.131.31.35 TCP 66 [TCP Retransmission] 58504 → 22 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 WS=256 SACK_PERM

32

1

15785 8350.782454 13.131.31.36 13.131.32.2 TCP 60 22 → 58156 [ACK] Seq=15218 Ack=5106 Win=64128 Len=0

2

15786 8360.176615 13.131.32.2 13.131.32.255 BROWSER 243 Host Announcement PC-NAME, Workstation, Server, NT Workstation

3

15787 8378.458183 13.131.32.2 13.131.32.255 NBNS 92 Name query NB PC-NAME<1c>

4

15788 8379.215539 13.131.32.2 13.131.32.255 NBNS 92 Name query NB PC-NAME<1c>

5

15789 8379.976102 13.131.32.2 13.131.32.255 NBNS 92 Name query NB PC-NAME<1c>

6

15790 8419.924142 13.131.32.2 13.131.31.35 TCP 66 58504 → 22 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 WS=256 SACK_PERM

7

15791 8420.937567 13.131.32.2 13.131.31.35 TCP 66 [TCP Retransmission] 58504 → 22 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 WS=256 SACK_PERM

8

15792 8422.949701 13.131.32.2 13.131.31.35 TCP 66 [TCP Retransmission] 58504 → 22 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 WS=256 SACK_PERM

9

15793 8424.541076 00:ff:26:93:23:c2 00:ff:27:93:23:c2 ARP 42 Who has 13.131.32.1? Tell 13.131.32.2

10

15794 8425.530942 00:ff:26:93:23:c2 00:ff:27:93:23:c2 ARP 42 Who has 13.131.32.1? Tell 13.131.32.2

11

15795 8426.534205 00:ff:26:93:23:c2 00:ff:27:93:23:c2 ARP 42 Who has 13.131.32.1? Tell 13.131.32.2

12

15796 8426.952267 13.131.32.2 13.131.31.35 TCP 66 [TCP Retransmission] 58504 → 22 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 WS=256 SACK_PERM

13

15797 8434.964341 00:ff:26:93:23:c2 Broadcast ARP 42 Who has 13.131.32.1? Tell 13.131.32.2

14

15798 8434.964397 00:ff:27:93:23:c2 00:ff:26:93:23:c2 ARP 60 13.131.32.1 is at 00:ff:27:93:23:c2

15

15799 8434.964508 13.131.32.2 13.131.31.35 TCP 66 [TCP Retransmission] 58504 → 22 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 WS=256 SACK_PERM

[pkkrusty]

Interested if you ever figure this out. I'm having a similar problem.

[pkkrusty]

Got it!

My trouble was in my iptables. Using a raspberry pi, but this might point you in the right direction. I had a working config, and a new 64-bit non-working config. I could connect to the OpenVPN server and access resources on the OpenVPN server itself, but not see the rest of the LAN that the server was on. So clearly a routing issue. In my iptables (/etc/iptables/rules.v4) I see the following key lines:
```
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -i eth0 -p tcp -m tcp --dport 1194 -m comment --comment openvpn-input-rule -j ACCEPT #note that my setup has to use TCP rather than the more common UDP
COMMIT

*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -s 10.12.243.0/24 -o eth0 -m comment --comment openvpn-nat-rule -j MASQUERADE #your IP will vary from mine obviously.
COMMIT
```
My problem was that I initially set up OpenVPN while the machine was on wifi. Then put it in its final place with ethernet cable plugged in. So the VPN tried to bridge traffic through wlan0, and didn't get anywhere. I needed to change `wlan0` to `eth0` in the -A POSTROUTING line.

Not sure if the OpenVPN *filter INPUT ACCEPT policy is necessary, since I already have ACCEPT as default. But I changed `wlan0` to `eth0` there too just in case.

[pkkrusty]

*update

I moved my system to Bookworm (Debian 12) which uses nftables instead of iptables for firewall. This required me to translate my iptable data to nftable. I used the following commands to do it, taken from https://www.server-world.info/en/note?o ... tables&f=1:

iptables-save > ufw-rules.dump
iptables-restore-translate -f ufw-rules.dump > ruleset.nft
nft flush ruleset
nft -f ruleset.nft
nft list ruleset > /etc/nftables.conf

May need to adjust permissions of nftables.conf file...