Amazon EC2 OpenVPN Bridged Mode No Ping....

Need help configuring your VPN? Just post here and you'll get that help.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
daisedNconfused
OpenVpn Newbie
Posts: 10
Joined: Fri Aug 05, 2011 8:12 pm

Amazon EC2 OpenVPN Bridged Mode No Ping....

Post by daisedNconfused » Fri Aug 05, 2011 9:15 pm

Hi,

I have been working on getting my first openvpn install working for literally days now. It is based off a Ubuntu 10.04 install on an Amazon EC2 micro instance. I have everything set up to the best of my abilities. Currently the server runs and the clients can connect but it seems like there is nothing happening. I can't ping the server (which I assume takes on the ip address 172.16.1.1 based on my configuration below) and I can't ping the clients and the clients can't ping themselves or the server. The main client I have been doing the testing on is a laptop running Windows 7 Professional x64. The server is fully updated and the laptop is fully updated. The laptop is running OpenVPN GUI 2.1 rc22. I have the app running as an administrator and in Windows Vista compatibility mode.

One last note before I paste in the configs and logs is that I have the amazon ec2 instance security group firewall set to open the udp port listed in the configs and nothing else (except ssh).

server.conf

Code: Select all

status open-vpn-status.log
log-append openvpn.log
verb 6
;local 172.18.100.1
port 1194
proto udp
dev tap0
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
ifconfig-pool-persist ipp.txt
server-bridge 172.16.1.1 255.255.255.0 172.16.1.100 172.16.1.140
;push "route 172.16.1.0 255.255.255.0"
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
client-to-client
keepalive 10 120
tls-auth ta.key 0
cipher AES-128-CBC   # AES
comp-lzo
user nobody
group nogroup
persist-key
persist-tun


bridge.sh

Code: Select all

#!/bin/bash  
# Create global variables   
# Define Bridge Interface 
br="br0" 
# Define list of TAP interfaces to be bridged, 
# for example tap="tap0 tap1 tap2". 
tap="tap0"
# Define physical ethernet interface to be bridged 
# with TAP interface(s) above. 
eth="eth0"
eth_ip="10.210.161.219"
eth_netmask="255.255.255.0"
eth_broadcast="10.210.161.255"
gw="10.210.161.1"
start_bridge () {
#################################   
# Set up Ethernet bridge on Linux   
# Requires: bridge-utils   
#################################    
for t in $tap; do
openvpn --mktun --dev $t
done
for t in $tap; do
ifconfig $t 0.0.0.0 promisc up
done
ifconfig $eth 0.0.0.0 promisc up
brctl addbr $br
brctl addif $br $eth
for t in $tap; do
brctl addif $br $t
done
ifconfig $br $eth_ip netmask $eth_netmask broadcast $eth_broadcast up
route add default gw $gw $br
}
stop_bridge () {
####################################   
# Tear Down Ethernet bridge on Linux   
####################################    
ifconfig $br down
brctl delbr $br
for t in $tap; do
openvpn --rmtun --dev $t
done
ifconfig $eth $eth_ip netmask $eth_netmask broadcast $eth_broadcast up
route add default gw $gw $eth
}
case "$1" in
start)
echo -n "Starting Bridge "
start_bridge
;;
stop)
echo -n "Stopping Bridge "
stop_bridge
;;
restart)
stop_bridge
sleep 2
start_bridge
;;
*)
echo "Usage: $0 {start|stop|restart}" >&2
exit 1
;;
esac
client.ovpn

Code: Select all

client
dev tap
proto udp
remote xxx.xxx.xxx.xxx 1194
resolv-retry infinite
persist-key
persist-tun
ca ca.crt
cert laptop-client.crt
key laptop-client.key
tls-auth ta.key 1
cipher AES-128-CBC
comp-lzo
verb 6
openvpn.log (server)

Code: Select all

Fri Aug  5 20:37:25 2011 us=994585 Current Parameter Settings:
Fri Aug  5 20:37:25 2011 us=994684   config = '/etc/openvpn/server.conf'
Fri Aug  5 20:37:25 2011 us=994696   mode = 1
Fri Aug  5 20:37:25 2011 us=994707   persist_config = DISABLED
Fri Aug  5 20:37:25 2011 us=994717   persist_mode = 1
Fri Aug  5 20:37:25 2011 us=994728   show_ciphers = DISABLED
Fri Aug  5 20:37:25 2011 us=994738   show_digests = DISABLED
Fri Aug  5 20:37:25 2011 us=994748   show_engines = DISABLED
Fri Aug  5 20:37:25 2011 us=994758   genkey = DISABLED
Fri Aug  5 20:37:25 2011 us=994768   key_pass_file = '[UNDEF]'
Fri Aug  5 20:37:25 2011 us=994778   show_tls_ciphers = DISABLED
Fri Aug  5 20:37:25 2011 us=994788 Connection profiles [default]:
Fri Aug  5 20:37:25 2011 us=994799   proto = udp
Fri Aug  5 20:37:25 2011 us=994809   local = '[UNDEF]'
Fri Aug  5 20:37:25 2011 us=994819   local_port = 1194
Fri Aug  5 20:37:25 2011 us=994829   remote = '[UNDEF]'
Fri Aug  5 20:37:25 2011 us=994840   remote_port = 1194
Fri Aug  5 20:37:25 2011 us=994849   remote_float = DISABLED
Fri Aug  5 20:37:25 2011 us=994860   bind_defined = DISABLED
Fri Aug  5 20:37:25 2011 us=994870   bind_local = ENABLED
Fri Aug  5 20:37:25 2011 us=994880   connect_retry_seconds = 5
Fri Aug  5 20:37:25 2011 us=994890   connect_timeout = 10
Fri Aug  5 20:37:25 2011 us=994900   connect_retry_max = 0
Fri Aug  5 20:37:25 2011 us=994910   socks_proxy_server = '[UNDEF]'
Fri Aug  5 20:37:25 2011 us=994920   socks_proxy_port = 0
Fri Aug  5 20:37:25 2011 us=994930   socks_proxy_retry = DISABLED
Fri Aug  5 20:37:25 2011 us=994944 Connection profiles END
Fri Aug  5 20:37:25 2011 us=994954   remote_random = DISABLED
Fri Aug  5 20:37:25 2011 us=994964   ipchange = '[UNDEF]'
Fri Aug  5 20:37:25 2011 us=994974   dev = 'tap0'
Fri Aug  5 20:37:25 2011 us=994984   dev_type = '[UNDEF]'
Fri Aug  5 20:37:25 2011 us=994994   dev_node = '[UNDEF]'
Fri Aug  5 20:37:25 2011 us=995004   lladdr = '[UNDEF]'
Fri Aug  5 20:37:25 2011 us=995014   topology = 1
Fri Aug  5 20:37:25 2011 us=995024   tun_ipv6 = DISABLED
Fri Aug  5 20:37:25 2011 us=995035   ifconfig_local = '[UNDEF]'
Fri Aug  5 20:37:25 2011 us=995045   ifconfig_remote_netmask = '[UNDEF]'
Fri Aug  5 20:37:25 2011 us=995055   ifconfig_noexec = DISABLED
Fri Aug  5 20:37:25 2011 us=995065   ifconfig_nowarn = DISABLED
Fri Aug  5 20:37:25 2011 us=995075   shaper = 0
Fri Aug  5 20:37:25 2011 us=995085   tun_mtu = 1500
Fri Aug  5 20:37:25 2011 us=995095   tun_mtu_defined = ENABLED
Fri Aug  5 20:37:25 2011 us=995105   link_mtu = 1500
Fri Aug  5 20:37:25 2011 us=995115   link_mtu_defined = DISABLED
Fri Aug  5 20:37:25 2011 us=995126   tun_mtu_extra = 32
Fri Aug  5 20:37:25 2011 us=995136   tun_mtu_extra_defined = ENABLED
Fri Aug  5 20:37:25 2011 us=995146   fragment = 0
Fri Aug  5 20:37:25 2011 us=995156   mtu_discover_type = -1
Fri Aug  5 20:37:25 2011 us=995166   mtu_test = 0
Fri Aug  5 20:37:25 2011 us=995176   mlock = DISABLED
Fri Aug  5 20:37:25 2011 us=995186   keepalive_ping = 10
Fri Aug  5 20:37:25 2011 us=995196   keepalive_timeout = 120
Fri Aug  5 20:37:25 2011 us=995206   inactivity_timeout = 0
Fri Aug  5 20:37:25 2011 us=995216   ping_send_timeout = 10
Fri Aug  5 20:37:25 2011 us=995226   ping_rec_timeout = 240
Fri Aug  5 20:37:25 2011 us=995236   ping_rec_timeout_action = 2
Fri Aug  5 20:37:25 2011 us=995246   ping_timer_remote = DISABLED
Fri Aug  5 20:37:25 2011 us=995257   remap_sigusr1 = 0
Fri Aug  5 20:37:25 2011 us=995267   explicit_exit_notification = 0
Fri Aug  5 20:37:25 2011 us=995277   persist_tun = ENABLED
Fri Aug  5 20:37:25 2011 us=995287   persist_local_ip = DISABLED
Fri Aug  5 20:37:25 2011 us=995297   persist_remote_ip = DISABLED
Fri Aug  5 20:37:25 2011 us=995307   persist_key = ENABLED
Fri Aug  5 20:37:25 2011 us=995317   mssfix = 1450
Fri Aug  5 20:37:25 2011 us=995327   passtos = DISABLED
Fri Aug  5 20:37:25 2011 us=995337   resolve_retry_seconds = 1000000000
Fri Aug  5 20:37:25 2011 us=995347   username = 'nobody'
Fri Aug  5 20:37:25 2011 us=995357   groupname = 'nogroup'
Fri Aug  5 20:37:25 2011 us=995367   chroot_dir = '[UNDEF]'
Fri Aug  5 20:37:25 2011 us=995384   cd_dir = '/etc/openvpn'
Fri Aug  5 20:37:25 2011 us=995395   writepid = '/var/run/openvpn.server.pid'
Fri Aug  5 20:37:25 2011 us=995405   up_script = '[UNDEF]'
Fri Aug  5 20:37:25 2011 us=995415   down_script = '[UNDEF]'
Fri Aug  5 20:37:25 2011 us=995426   down_pre = DISABLED
Fri Aug  5 20:37:25 2011 us=995436   up_restart = DISABLED
Fri Aug  5 20:37:25 2011 us=995446   up_delay = DISABLED
Fri Aug  5 20:37:25 2011 us=995456   daemon = ENABLED
Fri Aug  5 20:37:25 2011 us=995466   inetd = 0
Fri Aug  5 20:37:25 2011 us=995476   log = ENABLED
Fri Aug  5 20:37:25 2011 us=995486   suppress_timestamps = DISABLED
Fri Aug  5 20:37:25 2011 us=995496   nice = 0
Fri Aug  5 20:37:25 2011 us=995506   verbosity = 6
Fri Aug  5 20:37:25 2011 us=995517   mute = 0
Fri Aug  5 20:37:25 2011 us=995526   gremlin = 0
Fri Aug  5 20:37:25 2011 us=995537   status_file = 'open-vpn-status.log'
Fri Aug  5 20:37:25 2011 us=995547   status_file_version = 1
Fri Aug  5 20:37:25 2011 us=995557   status_file_update_freq = 60
Fri Aug  5 20:37:25 2011 us=995567   occ = ENABLED
Fri Aug  5 20:37:25 2011 us=995577   rcvbuf = 65536
Fri Aug  5 20:37:25 2011 us=995587   sndbuf = 65536
Fri Aug  5 20:37:25 2011 us=995597   sockflags = 0
Fri Aug  5 20:37:25 2011 us=995607   fast_io = DISABLED
Fri Aug  5 20:37:25 2011 us=995617   lzo = 7
Fri Aug  5 20:37:25 2011 us=995627   route_script = '[UNDEF]'
Fri Aug  5 20:37:25 2011 us=995637   route_default_gateway = '[UNDEF]'
Fri Aug  5 20:37:25 2011 us=995647   route_default_metric = 0
Fri Aug  5 20:37:25 2011 us=995657   route_noexec = DISABLED
Fri Aug  5 20:37:25 2011 us=995667   route_delay = 0
Fri Aug  5 20:37:25 2011 us=995677   route_delay_window = 30
Fri Aug  5 20:37:25 2011 us=995687   route_delay_defined = DISABLED
Fri Aug  5 20:37:25 2011 us=995697   route_nopull = DISABLED
Fri Aug  5 20:37:25 2011 us=995707   route_gateway_via_dhcp = DISABLED
Fri Aug  5 20:37:25 2011 us=995717   max_routes = 100
Fri Aug  5 20:37:25 2011 us=995728   allow_pull_fqdn = DISABLED
Fri Aug  5 20:37:25 2011 us=995738   management_addr = '[UNDEF]'
Fri Aug  5 20:37:25 2011 us=995748   management_port = 0
Fri Aug  5 20:37:25 2011 us=995758   management_user_pass = '[UNDEF]'
Fri Aug  5 20:37:25 2011 us=995769   management_log_history_cache = 250
Fri Aug  5 20:37:25 2011 us=995779   management_echo_buffer_size = 100
Fri Aug  5 20:37:25 2011 us=995789   management_write_peer_info_file = '[UNDEF]'
Fri Aug  5 20:37:25 2011 us=995799   management_client_user = '[UNDEF]'
Fri Aug  5 20:37:25 2011 us=995810   management_client_group = '[UNDEF]'
Fri Aug  5 20:37:25 2011 us=995820   management_flags = 0
Fri Aug  5 20:37:25 2011 us=995832   shared_secret_file = '[UNDEF]'
Fri Aug  5 20:37:25 2011 us=995843   key_direction = 1
Fri Aug  5 20:37:25 2011 us=995853   ciphername_defined = ENABLED
Fri Aug  5 20:37:25 2011 us=995863   ciphername = 'AES-128-CBC'
Fri Aug  5 20:37:25 2011 us=995873   authname_defined = ENABLED
Fri Aug  5 20:37:25 2011 us=995883   authname = 'SHA1'
Fri Aug  5 20:37:25 2011 us=995893   prng_hash = 'SHA1'
Fri Aug  5 20:37:25 2011 us=995904   prng_nonce_secret_len = 16
Fri Aug  5 20:37:25 2011 us=995914   keysize = 0
Fri Aug  5 20:37:25 2011 us=995924   engine = DISABLED
Fri Aug  5 20:37:25 2011 us=995934   replay = ENABLED
Fri Aug  5 20:37:25 2011 us=995944   mute_replay_warnings = DISABLED
Fri Aug  5 20:37:25 2011 us=995954   replay_window = 64
Fri Aug  5 20:37:25 2011 us=995964   replay_time = 15
Fri Aug  5 20:37:25 2011 us=995974   packet_id_file = '[UNDEF]'
Fri Aug  5 20:37:25 2011 us=995984   use_iv = ENABLED
Fri Aug  5 20:37:25 2011 us=995995   test_crypto = DISABLED
Fri Aug  5 20:37:25 2011 us=996005   tls_server = ENABLED
Fri Aug  5 20:37:25 2011 us=996015   tls_client = DISABLED
Fri Aug  5 20:37:25 2011 us=996025   key_method = 2
Fri Aug  5 20:37:25 2011 us=996035   ca_file = 'ca.crt'
Fri Aug  5 20:37:25 2011 us=996045   ca_path = '[UNDEF]'
Fri Aug  5 20:37:25 2011 us=996055   dh_file = 'dh1024.pem'
Fri Aug  5 20:37:25 2011 us=996065   cert_file = 'server.crt'
Fri Aug  5 20:37:25 2011 us=996075   priv_key_file = 'server.key'
Fri Aug  5 20:37:25 2011 us=996091   pkcs12_file = '[UNDEF]'
Fri Aug  5 20:37:25 2011 us=996102   cipher_list = '[UNDEF]'
Fri Aug  5 20:37:25 2011 us=996112   tls_verify = '[UNDEF]'
Fri Aug  5 20:37:25 2011 us=996122   tls_remote = '[UNDEF]'
Fri Aug  5 20:37:25 2011 us=996132   crl_file = '[UNDEF]'
Fri Aug  5 20:37:25 2011 us=996142   ns_cert_type = 0
Fri Aug  5 20:37:25 2011 us=996152   remote_cert_ku[i] = 0
Fri Aug  5 20:37:25 2011 us=996162   remote_cert_ku[i] = 0
Fri Aug  5 20:37:25 2011 us=996173   remote_cert_ku[i] = 0
Fri Aug  5 20:37:25 2011 us=996182   remote_cert_ku[i] = 0
Fri Aug  5 20:37:25 2011 us=996192   remote_cert_ku[i] = 0
Fri Aug  5 20:37:25 2011 us=996202   remote_cert_ku[i] = 0
Fri Aug  5 20:37:25 2011 us=996212   remote_cert_ku[i] = 0
Fri Aug  5 20:37:25 2011 us=996222   remote_cert_ku[i] = 0
Fri Aug  5 20:37:25 2011 us=996232   remote_cert_ku[i] = 0
Fri Aug  5 20:37:25 2011 us=996242   remote_cert_ku[i] = 0
Fri Aug  5 20:37:25 2011 us=996252   remote_cert_ku[i] = 0
Fri Aug  5 20:37:25 2011 us=996262   remote_cert_ku[i] = 0
Fri Aug  5 20:37:25 2011 us=996272   remote_cert_ku[i] = 0
Fri Aug  5 20:37:25 2011 us=996282   remote_cert_ku[i] = 0
Fri Aug  5 20:37:25 2011 us=996292   remote_cert_ku[i] = 0
Fri Aug  5 20:37:25 2011 us=996302   remote_cert_ku[i] = 0
Fri Aug  5 20:37:25 2011 us=996312   remote_cert_eku = '[UNDEF]'
Fri Aug  5 20:37:25 2011 us=996322   tls_timeout = 2
Fri Aug  5 20:37:25 2011 us=996332   renegotiate_bytes = 0
Fri Aug  5 20:37:25 2011 us=996342   renegotiate_packets = 0
Fri Aug  5 20:37:25 2011 us=996352   renegotiate_seconds = 3600
Fri Aug  5 20:37:25 2011 us=996362   handshake_window = 60
Fri Aug  5 20:37:25 2011 us=996372   transition_window = 3600
Fri Aug  5 20:37:25 2011 us=996382   single_session = DISABLED
Fri Aug  5 20:37:25 2011 us=996393   tls_exit = DISABLED
Fri Aug  5 20:37:25 2011 us=996403   tls_auth_file = 'ta.key'
Fri Aug  5 20:37:25 2011 us=996413   pkcs11_protected_authentication = DISABLED
Fri Aug  5 20:37:25 2011 us=996423   pkcs11_protected_authentication = DISABLED
Fri Aug  5 20:37:25 2011 us=996433   pkcs11_protected_authentication = DISABLED
Fri Aug  5 20:37:25 2011 us=996444   pkcs11_protected_authentication = DISABLED
Fri Aug  5 20:37:25 2011 us=996454   pkcs11_protected_authentication = DISABLED
Fri Aug  5 20:37:25 2011 us=996464   pkcs11_protected_authentication = DISABLED
Fri Aug  5 20:37:25 2011 us=996474   pkcs11_protected_authentication = DISABLED
Fri Aug  5 20:37:25 2011 us=996484   pkcs11_protected_authentication = DISABLED
Fri Aug  5 20:37:25 2011 us=996494   pkcs11_protected_authentication = DISABLED
Fri Aug  5 20:37:25 2011 us=996505   pkcs11_protected_authentication = DISABLED
Fri Aug  5 20:37:25 2011 us=996519   pkcs11_protected_authentication = DISABLED
Fri Aug  5 20:37:25 2011 us=996530   pkcs11_protected_authentication = DISABLED
Fri Aug  5 20:37:25 2011 us=996540   pkcs11_protected_authentication = DISABLED
Fri Aug  5 20:37:25 2011 us=996550   pkcs11_protected_authentication = DISABLED
Fri Aug  5 20:37:25 2011 us=996602   pkcs11_protected_authentication = DISABLED
Fri Aug  5 20:37:25 2011 us=996660   pkcs11_protected_authentication = DISABLED
Fri Aug  5 20:37:25 2011 us=996673   pkcs11_private_mode = 00000000
Fri Aug  5 20:37:25 2011 us=996684   pkcs11_private_mode = 00000000
Fri Aug  5 20:37:25 2011 us=996694   pkcs11_private_mode = 00000000
Fri Aug  5 20:37:25 2011 us=996705   pkcs11_private_mode = 00000000
Fri Aug  5 20:37:25 2011 us=996716   pkcs11_private_mode = 00000000
Fri Aug  5 20:37:25 2011 us=996726   pkcs11_private_mode = 00000000
Fri Aug  5 20:37:25 2011 us=996736   pkcs11_private_mode = 00000000
Fri Aug  5 20:37:25 2011 us=996747   pkcs11_private_mode = 00000000
Fri Aug  5 20:37:25 2011 us=996757   pkcs11_private_mode = 00000000
Fri Aug  5 20:37:25 2011 us=996768   pkcs11_private_mode = 00000000
Fri Aug  5 20:37:25 2011 us=996778   pkcs11_private_mode = 00000000
Fri Aug  5 20:37:25 2011 us=996788   pkcs11_private_mode = 00000000
Fri Aug  5 20:37:25 2011 us=996799   pkcs11_private_mode = 00000000
Fri Aug  5 20:37:25 2011 us=996831   pkcs11_private_mode = 00000000
Fri Aug  5 20:37:25 2011 us=996842   pkcs11_private_mode = 00000000
Fri Aug  5 20:37:25 2011 us=996852   pkcs11_private_mode = 00000000
Fri Aug  5 20:37:25 2011 us=996863   pkcs11_cert_private = DISABLED
Fri Aug  5 20:37:25 2011 us=996873   pkcs11_cert_private = DISABLED
Fri Aug  5 20:37:25 2011 us=996884   pkcs11_cert_private = DISABLED
Fri Aug  5 20:37:25 2011 us=996894   pkcs11_cert_private = DISABLED
Fri Aug  5 20:37:25 2011 us=996904   pkcs11_cert_private = DISABLED
Fri Aug  5 20:37:25 2011 us=996914   pkcs11_cert_private = DISABLED
Fri Aug  5 20:37:25 2011 us=996924   pkcs11_cert_private = DISABLED
Fri Aug  5 20:37:25 2011 us=996935   pkcs11_cert_private = DISABLED
Fri Aug  5 20:37:25 2011 us=996945   pkcs11_cert_private = DISABLED
Fri Aug  5 20:37:25 2011 us=996955   pkcs11_cert_private = DISABLED
Fri Aug  5 20:37:25 2011 us=996965   pkcs11_cert_private = DISABLED
Fri Aug  5 20:37:25 2011 us=996976   pkcs11_cert_private = DISABLED
Fri Aug  5 20:37:25 2011 us=996986   pkcs11_cert_private = DISABLED
Fri Aug  5 20:37:25 2011 us=996996   pkcs11_cert_private = DISABLED
Fri Aug  5 20:37:25 2011 us=997006   pkcs11_cert_private = DISABLED
Fri Aug  5 20:37:25 2011 us=997016   pkcs11_cert_private = DISABLED
Fri Aug  5 20:37:25 2011 us=997027   pkcs11_pin_cache_period = -1
Fri Aug  5 20:37:25 2011 us=997037   pkcs11_id = '[UNDEF]'
Fri Aug  5 20:37:25 2011 us=997048   pkcs11_id_management = DISABLED
Fri Aug  5 20:37:25 2011 us=997060   server_network = 0.0.0.0
Fri Aug  5 20:37:25 2011 us=997071   server_netmask = 0.0.0.0
Fri Aug  5 20:37:25 2011 us=997082   server_bridge_ip = 172.16.1.1
Fri Aug  5 20:37:25 2011 us=997093   server_bridge_netmask = 255.255.255.0
Fri Aug  5 20:37:25 2011 us=997111   server_bridge_pool_start = 172.16.1.100
Fri Aug  5 20:37:25 2011 us=997124   server_bridge_pool_end = 172.16.1.140
Fri Aug  5 20:37:25 2011 us=997134   push_entry = 'redirect-gateway def1 bypass-dhcp'
Fri Aug  5 20:37:25 2011 us=997145   push_entry = 'dhcp-option DNS 208.67.222.222'
Fri Aug  5 20:37:25 2011 us=997155   push_entry = 'dhcp-option DNS 208.67.220.220'
Fri Aug  5 20:37:25 2011 us=997170   push_entry = 'route-gateway 172.16.1.1'
Fri Aug  5 20:37:25 2011 us=997181   push_entry = 'ping 10'
Fri Aug  5 20:37:25 2011 us=997191   push_entry = 'ping-restart 120'
Fri Aug  5 20:37:25 2011 us=997202   ifconfig_pool_defined = ENABLED
Fri Aug  5 20:37:25 2011 us=997213   ifconfig_pool_start = 172.16.1.100
Fri Aug  5 20:37:25 2011 us=997225   ifconfig_pool_end = 172.16.1.140
Fri Aug  5 20:37:25 2011 us=997236   ifconfig_pool_netmask = 255.255.255.0
Fri Aug  5 20:37:25 2011 us=997246   ifconfig_pool_persist_filename = 'ipp.txt'
Fri Aug  5 20:37:25 2011 us=997257   ifconfig_pool_persist_refresh_freq = 600
Fri Aug  5 20:37:25 2011 us=997267   n_bcast_buf = 256
Fri Aug  5 20:37:25 2011 us=997277   tcp_queue_limit = 64
Fri Aug  5 20:37:25 2011 us=997287   real_hash_size = 256
Fri Aug  5 20:37:25 2011 us=997297   virtual_hash_size = 256
Fri Aug  5 20:37:25 2011 us=997307   client_connect_script = '[UNDEF]'
Fri Aug  5 20:37:25 2011 us=997318   learn_address_script = '[UNDEF]'
Fri Aug  5 20:37:25 2011 us=997328   client_disconnect_script = '[UNDEF]'
Fri Aug  5 20:37:25 2011 us=997338   client_config_dir = '[UNDEF]'
Fri Aug  5 20:37:25 2011 us=997349   ccd_exclusive = DISABLED
Fri Aug  5 20:37:25 2011 us=997359   tmp_dir = '[UNDEF]'
Fri Aug  5 20:37:25 2011 us=997369   push_ifconfig_defined = DISABLED
Fri Aug  5 20:37:25 2011 us=997380   push_ifconfig_local = 0.0.0.0
Fri Aug  5 20:37:25 2011 us=997392   push_ifconfig_remote_netmask = 0.0.0.0
Fri Aug  5 20:37:25 2011 us=997402   enable_c2c = ENABLED
Fri Aug  5 20:37:25 2011 us=997413   duplicate_cn = DISABLED
Fri Aug  5 20:37:25 2011 us=997423   cf_max = 0
Fri Aug  5 20:37:25 2011 us=997433   cf_per = 0
Fri Aug  5 20:37:25 2011 us=997443   max_clients = 1024
Fri Aug  5 20:37:25 2011 us=997454   max_routes_per_client = 256
Fri Aug  5 20:37:25 2011 us=997464   auth_user_pass_verify_script = '[UNDEF]'
Fri Aug  5 20:37:25 2011 us=997474   auth_user_pass_verify_script_via_file = DISABLED
Fri Aug  5 20:37:25 2011 us=997491   ssl_flags = 0
Fri Aug  5 20:37:25 2011 us=997502   port_share_host = '[UNDEF]'
Fri Aug  5 20:37:25 2011 us=997512   port_share_port = 0
Fri Aug  5 20:37:25 2011 us=997522   client = DISABLED
Fri Aug  5 20:37:25 2011 us=997532   pull = DISABLED
Fri Aug  5 20:37:25 2011 us=997542   auth_user_pass_file = '[UNDEF]'
Fri Aug  5 20:37:25 2011 us=997558 OpenVPN 2.1.0 x86_64-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [MH] [PF_INET6] [eurephia] built on Jul 20 2010
Fri Aug  5 20:37:25 2011 us=997698 NOTE: when bridging your LAN adapter with the TAP adapter, note that the new bridge adapter will often take on its own IP address that is different from what the LAN adapter was previously set to
Fri Aug  5 20:37:25 2011 us=997852 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Fri Aug  5 20:37:26 2011 us=35 Diffie-Hellman initialized with 1024 bit key
Fri Aug  5 20:37:26 2011 us=552 /usr/bin/openssl-vulnkey -q -b 1024 -m <modulus omitted>
Fri Aug  5 20:37:26 2011 us=108925 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
Fri Aug  5 20:37:26 2011 us=109012 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Aug  5 20:37:26 2011 us=109026 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Aug  5 20:37:26 2011 us=109068 TLS-Auth MTU parms [ L:1590 D:166 EF:66 EB:0 ET:0 EL:0 ]
Fri Aug  5 20:37:26 2011 us=109165 TUN/TAP device tap0 opened
Fri Aug  5 20:37:26 2011 us=109193 TUN/TAP TX queue length set to 100
Fri Aug  5 20:37:26 2011 us=109234 Data Channel MTU parms [ L:1590 D:1450 EF:58 EB:135 ET:32 EL:0 AF:3/1 ]
Fri Aug  5 20:37:26 2011 us=113003 GID set to nogroup
Fri Aug  5 20:37:26 2011 us=113070 UID set to nobody
Fri Aug  5 20:37:26 2011 us=113109 Socket Buffers: R=[124928->131072] S=[124928->131072]
Fri Aug  5 20:37:26 2011 us=113133 UDPv4 link local (bound): [undef]
Fri Aug  5 20:37:26 2011 us=113144 UDPv4 link remote: [undef]
Fri Aug  5 20:37:26 2011 us=113166 MULTI: multi_init called, r=256 v=256
Fri Aug  5 20:37:26 2011 us=113271 IFCONFIG POOL: base=172.16.1.100 size=41
Fri Aug  5 20:37:26 2011 us=113315 IFCONFIG POOL LIST
Fri Aug  5 20:37:26 2011 us=113331 laptop-client,172.16.1.100
Fri Aug  5 20:37:26 2011 us=113368 Initialization Sequence Completed
Fri Aug  5 20:38:05 2011 us=113535 MULTI: multi_create_instance called
Fri Aug  5 20:38:05 2011 us=113650 xxx.xxx.xxx.xxx:1194 Re-using SSL/TLS context
Fri Aug  5 20:38:05 2011 us=113696 xxx.xxx.xxx.xxx:1194 LZO compression initialized
Fri Aug  5 20:38:05 2011 us=113933 xxx.xxx.xxx.xxx:1194 Control Channel MTU parms [ L:1590 D:166 EF:66 EB:0 ET:0 EL:0 ]
Fri Aug  5 20:38:05 2011 us=113948 xxx.xxx.xxx.xxx:1194 Data Channel MTU parms [ L:1590 D:1450 EF:58 EB:135 ET:32 EL:0 AF:3/1 ]
Fri Aug  5 20:38:05 2011 us=113983 xxx.xxx.xxx.xxx:1194 Local Options String: 'V4,dev-type tap,link-mtu 1590,tun-mtu 1532,proto UDPv4,comp-lzo,keydir 0,cipher AES-128-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server'
Fri Aug  5 20:38:05 2011 us=113997 xxx.xxx.xxx.xxx:1194 Expected Remote Options String: 'V4,dev-type tap,link-mtu 1590,tun-mtu 1532,proto UDPv4,comp-lzo,keydir 1,cipher AES-128-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client'
Fri Aug  5 20:38:05 2011 us=114030 xxx.xxx.xxx.xxx:1194 Local Options hash (VER=V4): 'c5677ab3'
Fri Aug  5 20:38:05 2011 us=114044 xxx.xxx.xxx.xxx:1194 Expected Remote Options hash (VER=V4): 'a7133b47'
Fri Aug  5 20:38:05 2011 us=114116 xxx.xxx.xxx.xxx:1194 UDPv4 READ [42] from [AF_INET]xxx.xxx.xxx.xxx:1194: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #1 ] [ ] pid=0 DATA len=0
Fri Aug  5 20:38:05 2011 us=114149 xxx.xxx.xxx.xxx:1194 TLS: Initial packet from [AF_INET]xxx.xxx.xxx.xxx:1194, sid=e74e3af8 a12b4cf9
Fri Aug  5 20:38:05 2011 us=114196 xxx.xxx.xxx.xxx:1194 UDPv4 WRITE [54] to [AF_INET]xxx.xxx.xxx.xxx:1194: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 pid=[ #1 ] [ 0 ] pid=0 DATA len=0
Fri Aug  5 20:38:05 2011 us=157251 xxx.xxx.xxx.xxx:1194 UDPv4 READ [50] from [AF_INET]xxx.xxx.xxx.xxx:1194: P_ACK_V1 kid=0 pid=[ #2 ] [ 0 ]
Fri Aug  5 20:38:05 2011 us=161325 xxx.xxx.xxx.xxx:1194 UDPv4 READ [134] from [AF_INET]xxx.xxx.xxx.xxx:1194: P_CONTROL_V1 kid=0 pid=[ #3 ] [ ] pid=1 DATA len=92
...
Fri Aug  5 20:38:05 2011 us=672762 xxx.xxx.xxx.xxx:1194 UDPv4 WRITE [50] to [AF_INET]xxx.xxx.xxx.xxx:1194: P_ACK_V1 kid=0 pid=[ #44 ] [ 18 ]
Fri Aug  5 20:38:05 2011 us=677350 xxx.xxx.xxx.xxx:1194 UDPv4 READ [142] from [AF_INET]xxx.xxx.xxx.xxx:1194: P_CONTROL_V1 kid=0 pid=[ #46 ] [ ] pid=19 DATA len=100
Fri Aug  5 20:38:05 2011 us=677400 xxx.xxx.xxx.xxx:1194 UDPv4 WRITE [50] to [AF_INET]xxx.xxx.xxx.xxx:1194: P_ACK_V1 kid=0 pid=[ #45 ] [ 19 ]
Fri Aug  5 20:38:05 2011 us=682701 xxx.xxx.xxx.xxx:1194 UDPv4 READ [142] from [AF_INET]xxx.xxx.xxx.xxx:1194: P_CONTROL_V1 kid=0 pid=[ #47 ] [ ] pid=20 DATA len=100
Fri Aug  5 20:38:05 2011 us=683125 xxx.xxx.xxx.xxx:1194 VERIFY OK: depth=1, /C=US/ST=STATE/L=CITY/O=COMPANY-NAME/CN=COMPANY-NAME_CA/emailAddress=fred@example.com
Fri Aug  5 20:38:05 2011 us=683268 xxx.xxx.xxx.xxx:1194 VERIFY OK: depth=0, /C=US/ST=STATE/L=CITY/O=COMPANY-NAME/CN=laptop-client/emailAddress=fred@example.com
Fri Aug  5 20:38:05 2011 us=683303 xxx.xxx.xxx.xxx:1194 UDPv4 WRITE [50] to [AF_INET]xxx.xxx.xxx.xxx:1194: P_ACK_V1 kid=0 pid=[ #46 ] [ 20 ]
Fri Aug  5 20:38:05 2011 us=687382 xxx.xxx.xxx.xxx:1194 UDPv4 READ [142] from [AF_INET]xxx.xxx.xxx.xxx:1194: P_CONTROL_V1 kid=0 pid=[ #48 ] [ ] pid=21 DATA len=100
...
Fri Aug  5 20:38:05 2011 us=867899 xxx.xxx.xxx.xxx:1194 UDPv4 WRITE [50] to [AF_INET]xxx.xxx.xxx.xxx:1194: P_ACK_V1 kid=0 pid=[ #64 ] [ 27 ]
Fri Aug  5 20:38:05 2011 us=871223 xxx.xxx.xxx.xxx:1194 UDPv4 READ [72] from [AF_INET]xxx.xxx.xxx.xxx:1194: P_CONTROL_V1 kid=0 pid=[ #66 ] [ ] pid=28 DATA len=30
Fri Aug  5 20:38:05 2011 us=871364 xxx.xxx.xxx.xxx:1194 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Fri Aug  5 20:38:05 2011 us=871378 xxx.xxx.xxx.xxx:1194 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Aug  5 20:38:05 2011 us=871390 xxx.xxx.xxx.xxx:1194 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Fri Aug  5 20:38:05 2011 us=871401 xxx.xxx.xxx.xxx:1194 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Aug  5 20:38:05 2011 us=871435 xxx.xxx.xxx.xxx:1194 UDPv4 WRITE [154] to [AF_INET]xxx.xxx.xxx.xxx:1194: P_CONTROL_V1 kid=0 pid=[ #65 ] [ 28 ] pid=39 DATA len=100
Fri Aug  5 20:38:05 2011 us=871471 xxx.xxx.xxx.xxx:1194 UDPv4 WRITE [142] to [AF_INET]xxx.xxx.xxx.xxx:1194: P_CONTROL_V1 kid=0 pid=[ #66 ] [ ] pid=40 DATA len=100
Fri Aug  5 20:38:05 2011 us=871509 xxx.xxx.xxx.xxx:1194 UDPv4 WRITE [124] to [AF_INET]xxx.xxx.xxx.xxx:1194: P_CONTROL_V1 kid=0 pid=[ #67 ] [ ] pid=41 DATA len=82
Fri Aug  5 20:38:05 2011 us=915184 xxx.xxx.xxx.xxx:1194 UDPv4 READ [50] from [AF_INET]xxx.xxx.xxx.xxx:1194: P_ACK_V1 kid=0 pid=[ #67 ] [ 39 ]
Fri Aug  5 20:38:05 2011 us=919321 xxx.xxx.xxx.xxx:1194 UDPv4 READ [50] from [AF_INET]xxx.xxx.xxx.xxx:1194: P_ACK_V1 kid=0 pid=[ #68 ] [ 40 ]
Fri Aug  5 20:38:05 2011 us=919359 xxx.xxx.xxx.xxx:1194 UDPv4 READ [50] from [AF_INET]xxx.xxx.xxx.xxx:1194: P_ACK_V1 kid=0 pid=[ #69 ] [ 41 ]
Fri Aug  5 20:38:05 2011 us=919386 xxx.xxx.xxx.xxx:1194 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Fri Aug  5 20:38:05 2011 us=919408 xxx.xxx.xxx.xxx:1194 [laptop-client] Peer Connection Initiated with [AF_INET]xxx.xxx.xxx.xxx:1194
Fri Aug  5 20:38:08 2011 us=113245 laptop-client/xxx.xxx.xxx.xxx:1194 UDPv4 READ [132] from [AF_INET]xxx.xxx.xxx.xxx:1194: P_CONTROL_V1 kid=0 pid=[ #70 ] [ ] pid=29 DATA len=90
Fri Aug  5 20:38:08 2011 us=113369 laptop-client/xxx.xxx.xxx.xxx:1194 PUSH: Received control message: 'PUSH_REQUEST'
Fri Aug  5 20:38:08 2011 us=113402 laptop-client/xxx.xxx.xxx.xxx:1194 SENT CONTROL [laptop-client]: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 208.67.222.222,dhcp-option DNS 208.67.220.220,route-gateway 172.16.1.1,ping 10,ping-restart 120,ifconfig 172.16.1.100 255.255.255.0' (status=1)
Fri Aug  5 20:38:08 2011 us=113425 laptop-client/xxx.xxx.xxx.xxx:1194 UDPv4 WRITE [50] to [AF_INET]xxx.xxx.xxx.xxx:1194: P_ACK_V1 kid=0 pid=[ #68 ] [ 29 ]
Fri Aug  5 20:38:08 2011 us=113484 laptop-client/xxx.xxx.xxx.xxx:1194 UDPv4 WRITE [142] to [AF_INET]xxx.xxx.xxx.xxx:1194: P_CONTROL_V1 kid=0 pid=[ #69 ] [ ] pid=42 DATA len=100
Fri Aug  5 20:38:08 2011 us=113524 laptop-client/xxx.xxx.xxx.xxx:1194 UDPv4 WRITE [142] to [AF_INET]xxx.xxx.xxx.xxx:1194: P_CONTROL_V1 kid=0 pid=[ #70 ] [ ] pid=43 DATA len=100
Fri Aug  5 20:38:08 2011 us=113562 laptop-client/xxx.xxx.xxx.xxx:1194 UDPv4 WRITE [108] to [AF_INET]xxx.xxx.xxx.xxx:1194: P_CONTROL_V1 kid=0 pid=[ #71 ] [ ] pid=44 DATA len=66
Fri Aug  5 20:38:08 2011 us=157021 laptop-client/xxx.xxx.xxx.xxx:1194 UDPv4 READ [50] from [AF_INET]xxx.xxx.xxx.xxx:1194: P_ACK_V1 kid=0 pid=[ #71 ] [ 42 ]
Fri Aug  5 20:38:08 2011 us=161007 laptop-client/xxx.xxx.xxx.xxx:1194 UDPv4 READ [50] from [AF_INET]xxx.xxx.xxx.xxx:1194: P_ACK_V1 kid=0 pid=[ #72 ] [ 43 ]
Fri Aug  5 20:38:08 2011 us=207209 laptop-client/xxx.xxx.xxx.xxx:1194 UDPv4 READ [50] from [AF_INET]xxx.xxx.xxx.xxx:1194: P_ACK_V1 kid=0 pid=[ #73 ] [ 44 ]
Fri Aug  5 20:38:08 2011 us=213364 laptop-client/xxx.xxx.xxx.xxx:1194 UDPv4 READ [133] from [AF_INET]xxx.xxx.xxx.xxx:1194: P_DATA_V1 kid=0 DATA len=132
Fri Aug  5 20:38:08 2011 us=213418 laptop-client/xxx.xxx.xxx.xxx:1194 MULTI: Learn: 00:ff:30:75:83:21 -> laptop-client/xxx.xxx.xxx.xxx:1194
Fri Aug  5 20:38:08 2011 us=213443 laptop-client/xxx.xxx.xxx.xxx:1194 TUN WRITE [90]
Fri Aug  5 20:38:08 2011 us=251161 laptop-client/xxx.xxx.xxx.xxx:1194 UDPv4 READ [133] from [AF_INET]xxx.xxx.xxx.xxx:1194: P_DATA_V1 kid=0 DATA len=132
Fri Aug  5 20:38:08 2011 us=251188 laptop-client/xxx.xxx.xxx.xxx:1194 TUN WRITE [89]
...
Fri Aug  5 20:38:21 2011 us=256934 laptop-client/xxx.xxx.xxx.xxx:1194 TUN WRITE [208]
Fri Aug  5 20:38:21 2011 us=312930 laptop-client/xxx.xxx.xxx.xxx:1194 UDPv4 READ [277] from [AF_INET]xxx.xxx.xxx.xxx:1194: P_DATA_V1 kid=0 DATA len=276
Fri Aug  5 20:38:21 2011 us=313030 laptop-client/xxx.xxx.xxx.xxx:1194 TUN WRITE [234]
Fri Aug  5 20:38:22 2011 us=493683 laptop-client/xxx.xxx.xxx.xxx:1194 UDPv4 WRITE [69] to [AF_INET]xxx.xxx.xxx.xxx:1194: P_DATA_V1 kid=0 DATA len=68
Fri Aug  5 20:38:32 2011 us=863606 laptop-client/xxx.xxx.xxx.xxx:1194 UDPv4 WRITE [69] to [AF_INET]xxx.xxx.xxx.xxx:1194: P_DATA_V1 kid=0 DATA len=68
Fri Aug  5 20:38:38 2011 us=91193 event_wait : Interrupted system call (code=4)
Fri Aug  5 20:38:38 2011 us=91453 TCP/UDP: Closing socket
Fri Aug  5 20:38:38 2011 us=91477 Closing TUN/TAP interface
Fri Aug  5 20:38:38 2011 us=91515 SIGTERM[hard,] received, process exiting
open-vpn-status.log (server)

Code: Select all

OpenVPN CLIENT LIST
Updated,Fri Aug  5 20:37:36 2011
Common Name,Real Address,Bytes Received,Bytes Sent,Connected Since
ROUTING TABLE
Virtual Address,Common Name,Real Address,Last Ref
GLOBAL STATS
Max bcast/mcast queue length,0
END
vpn.example.com.ovpn.log (client)

Code: Select all

Fri Aug 05 15:56:06 2011 us=410000 Current Parameter Settings:
Fri Aug 05 15:56:06 2011 us=410000   config = 'vpn.example.com.ovpn'
Fri Aug 05 15:56:06 2011 us=410000   mode = 0
Fri Aug 05 15:56:06 2011 us=410000   show_ciphers = DISABLED
Fri Aug 05 15:56:06 2011 us=410000   show_digests = DISABLED
Fri Aug 05 15:56:06 2011 us=410000   show_engines = DISABLED
Fri Aug 05 15:56:06 2011 us=410000   genkey = DISABLED
Fri Aug 05 15:56:06 2011 us=410000   key_pass_file = '[UNDEF]'
Fri Aug 05 15:56:06 2011 us=410000   show_tls_ciphers = DISABLED
Fri Aug 05 15:56:06 2011 us=410000 Connection profiles [default]:
Fri Aug 05 15:56:06 2011 us=410000   proto = udp
Fri Aug 05 15:56:06 2011 us=410000   local = '[UNDEF]'
Fri Aug 05 15:56:06 2011 us=410000   local_port = 1194
Fri Aug 05 15:56:06 2011 us=410000   remote = 'vpn.example.com'
Fri Aug 05 15:56:06 2011 us=410000   remote_port = 1194
Fri Aug 05 15:56:06 2011 us=410000   remote_float = DISABLED
Fri Aug 05 15:56:06 2011 us=410000   bind_defined = DISABLED
Fri Aug 05 15:56:06 2011 us=410000   bind_local = ENABLED
Fri Aug 05 15:56:06 2011 us=410000   connect_retry_seconds = 5
Fri Aug 05 15:56:06 2011 us=410000   connect_timeout = 10
Fri Aug 05 15:56:06 2011 us=410000   connect_retry_max = 0
Fri Aug 05 15:56:06 2011 us=410000   socks_proxy_server = '[UNDEF]'
Fri Aug 05 15:56:06 2011 us=410000   socks_proxy_port = 0
Fri Aug 05 15:56:06 2011 us=410000   socks_proxy_retry = DISABLED
Fri Aug 05 15:56:06 2011 us=410000 Connection profiles END
Fri Aug 05 15:56:06 2011 us=410000   remote_random = DISABLED
Fri Aug 05 15:56:06 2011 us=410000   ipchange = '[UNDEF]'
Fri Aug 05 15:56:06 2011 us=410000   dev = 'tap'
Fri Aug 05 15:56:06 2011 us=410000   dev_type = '[UNDEF]'
Fri Aug 05 15:56:06 2011 us=410000   dev_node = '[UNDEF]'
Fri Aug 05 15:56:06 2011 us=410000   lladdr = '[UNDEF]'
Fri Aug 05 15:56:06 2011 us=410000   topology = 1
Fri Aug 05 15:56:06 2011 us=410000   tun_ipv6 = DISABLED
Fri Aug 05 15:56:06 2011 us=410000   ifconfig_local = '[UNDEF]'
Fri Aug 05 15:56:06 2011 us=410000   ifconfig_remote_netmask = '[UNDEF]'
Fri Aug 05 15:56:06 2011 us=410000   ifconfig_noexec = DISABLED
Fri Aug 05 15:56:06 2011 us=410000   ifconfig_nowarn = DISABLED
Fri Aug 05 15:56:06 2011 us=410000   shaper = 0
Fri Aug 05 15:56:06 2011 us=410000   tun_mtu = 1500
Fri Aug 05 15:56:06 2011 us=410000   tun_mtu_defined = ENABLED
Fri Aug 05 15:56:06 2011 us=410000   link_mtu = 1500
Fri Aug 05 15:56:06 2011 us=410000   link_mtu_defined = DISABLED
Fri Aug 05 15:56:06 2011 us=410000   tun_mtu_extra = 32
Fri Aug 05 15:56:06 2011 us=410000   tun_mtu_extra_defined = ENABLED
Fri Aug 05 15:56:06 2011 us=410000   fragment = 0
Fri Aug 05 15:56:06 2011 us=410000   mtu_discover_type = -1
Fri Aug 05 15:56:06 2011 us=410000   mtu_test = 0
Fri Aug 05 15:56:06 2011 us=410000   mlock = DISABLED
Fri Aug 05 15:56:06 2011 us=410000   keepalive_ping = 0
Fri Aug 05 15:56:06 2011 us=410000   keepalive_timeout = 0
Fri Aug 05 15:56:06 2011 us=410000   inactivity_timeout = 0
Fri Aug 05 15:56:06 2011 us=410000   ping_send_timeout = 0
Fri Aug 05 15:56:06 2011 us=410000   ping_rec_timeout = 0
Fri Aug 05 15:56:06 2011 us=410000   ping_rec_timeout_action = 0
Fri Aug 05 15:56:06 2011 us=410000   ping_timer_remote = DISABLED
Fri Aug 05 15:56:06 2011 us=410000   remap_sigusr1 = 0
Fri Aug 05 15:56:06 2011 us=410000   explicit_exit_notification = 0
Fri Aug 05 15:56:06 2011 us=410000   persist_tun = ENABLED
Fri Aug 05 15:56:06 2011 us=410000   persist_local_ip = DISABLED
Fri Aug 05 15:56:06 2011 us=410000   persist_remote_ip = DISABLED
Fri Aug 05 15:56:06 2011 us=410000   persist_key = ENABLED
Fri Aug 05 15:56:06 2011 us=410000   mssfix = 1450
Fri Aug 05 15:56:06 2011 us=410000   resolve_retry_seconds = 1000000000
Fri Aug 05 15:56:06 2011 us=410000   username = '[UNDEF]'
Fri Aug 05 15:56:06 2011 us=410000   groupname = '[UNDEF]'
Fri Aug 05 15:56:06 2011 us=410000   chroot_dir = '[UNDEF]'
Fri Aug 05 15:56:06 2011 us=410000   cd_dir = '[UNDEF]'
Fri Aug 05 15:56:06 2011 us=410000   writepid = '[UNDEF]'
Fri Aug 05 15:56:06 2011 us=566000   up_script = '[UNDEF]'
Fri Aug 05 15:56:06 2011 us=566000   down_script = '[UNDEF]'
Fri Aug 05 15:56:06 2011 us=566000   down_pre = DISABLED
Fri Aug 05 15:56:06 2011 us=566000   up_restart = DISABLED
Fri Aug 05 15:56:06 2011 us=566000   up_delay = DISABLED
Fri Aug 05 15:56:06 2011 us=566000   daemon = DISABLED
Fri Aug 05 15:56:06 2011 us=566000   inetd = 0
Fri Aug 05 15:56:06 2011 us=566000   log = DISABLED
Fri Aug 05 15:56:06 2011 us=566000   suppress_timestamps = DISABLED
Fri Aug 05 15:56:06 2011 us=566000   nice = 0
Fri Aug 05 15:56:06 2011 us=566000   verbosity = 6
Fri Aug 05 15:56:06 2011 us=566000   mute = 0
Fri Aug 05 15:56:06 2011 us=566000   gremlin = 0
Fri Aug 05 15:56:06 2011 us=566000   status_file = '[UNDEF]'
Fri Aug 05 15:56:06 2011 us=566000   status_file_version = 1
Fri Aug 05 15:56:06 2011 us=566000   status_file_update_freq = 60
Fri Aug 05 15:56:06 2011 us=566000   occ = ENABLED
Fri Aug 05 15:56:06 2011 us=566000   rcvbuf = 0
Fri Aug 05 15:56:06 2011 us=582000   sndbuf = 0
Fri Aug 05 15:56:06 2011 us=582000   sockflags = 0
Fri Aug 05 15:56:06 2011 us=582000   fast_io = DISABLED
Fri Aug 05 15:56:06 2011 us=582000   lzo = 7
Fri Aug 05 15:56:06 2011 us=582000   route_script = '[UNDEF]'
Fri Aug 05 15:56:06 2011 us=582000   route_default_gateway = '[UNDEF]'
Fri Aug 05 15:56:06 2011 us=582000   route_default_metric = 0
Fri Aug 05 15:56:06 2011 us=582000   route_noexec = DISABLED
Fri Aug 05 15:56:06 2011 us=582000   route_delay = 5
Fri Aug 05 15:56:06 2011 us=582000   route_delay_window = 30
Fri Aug 05 15:56:06 2011 us=582000   route_delay_defined = ENABLED
Fri Aug 05 15:56:06 2011 us=582000   route_nopull = DISABLED
Fri Aug 05 15:56:06 2011 us=582000   route_gateway_via_dhcp = DISABLED
Fri Aug 05 15:56:06 2011 us=582000   max_routes = 100
Fri Aug 05 15:56:06 2011 us=582000   allow_pull_fqdn = DISABLED
Fri Aug 05 15:56:06 2011 us=582000   management_addr = '[UNDEF]'
Fri Aug 05 15:56:06 2011 us=597000   management_port = 0
Fri Aug 05 15:56:06 2011 us=597000   management_user_pass = '[UNDEF]'
Fri Aug 05 15:56:06 2011 us=597000   management_log_history_cache = 250
Fri Aug 05 15:56:06 2011 us=597000   management_echo_buffer_size = 100
Fri Aug 05 15:56:06 2011 us=597000   management_write_peer_info_file = '[UNDEF]'
Fri Aug 05 15:56:06 2011 us=597000   management_client_user = '[UNDEF]'
Fri Aug 05 15:56:06 2011 us=597000   management_client_group = '[UNDEF]'
Fri Aug 05 15:56:06 2011 us=597000   management_flags = 0
Fri Aug 05 15:56:06 2011 us=597000   shared_secret_file = '[UNDEF]'
Fri Aug 05 15:56:06 2011 us=597000   key_direction = 2
Fri Aug 05 15:56:06 2011 us=597000   ciphername_defined = ENABLED
Fri Aug 05 15:56:06 2011 us=597000   ciphername = 'AES-128-CBC'
Fri Aug 05 15:56:06 2011 us=597000   authname_defined = ENABLED
Fri Aug 05 15:56:06 2011 us=597000   authname = 'SHA1'
Fri Aug 05 15:56:06 2011 us=597000   prng_hash = 'SHA1'
Fri Aug 05 15:56:06 2011 us=597000   prng_nonce_secret_len = 16
Fri Aug 05 15:56:06 2011 us=613000   keysize = 0
Fri Aug 05 15:56:06 2011 us=613000   engine = DISABLED
Fri Aug 05 15:56:06 2011 us=613000   replay = ENABLED
Fri Aug 05 15:56:06 2011 us=613000   mute_replay_warnings = DISABLED
Fri Aug 05 15:56:06 2011 us=613000   replay_window = 64
Fri Aug 05 15:56:06 2011 us=613000   replay_time = 15
Fri Aug 05 15:56:06 2011 us=613000   packet_id_file = '[UNDEF]'
Fri Aug 05 15:56:06 2011 us=613000   use_iv = ENABLED
Fri Aug 05 15:56:06 2011 us=613000   test_crypto = DISABLED
Fri Aug 05 15:56:06 2011 us=613000   tls_server = DISABLED
Fri Aug 05 15:56:06 2011 us=613000   tls_client = ENABLED
Fri Aug 05 15:56:06 2011 us=613000   key_method = 2
Fri Aug 05 15:56:06 2011 us=613000   ca_file = 'ca.crt'
Fri Aug 05 15:56:06 2011 us=613000   ca_path = '[UNDEF]'
Fri Aug 05 15:56:06 2011 us=613000   dh_file = '[UNDEF]'
Fri Aug 05 15:56:06 2011 us=613000   cert_file = 'laptop-client.crt'
Fri Aug 05 15:56:06 2011 us=613000   priv_key_file = 'laptop-client.key'
Fri Aug 05 15:56:06 2011 us=613000   pkcs12_file = '[UNDEF]'
Fri Aug 05 15:56:06 2011 us=613000   cryptoapi_cert = '[UNDEF]'
Fri Aug 05 15:56:06 2011 us=613000   cipher_list = '[UNDEF]'
Fri Aug 05 15:56:06 2011 us=613000   tls_verify = '[UNDEF]'
Fri Aug 05 15:56:06 2011 us=613000   tls_remote = '[UNDEF]'
Fri Aug 05 15:56:06 2011 us=613000   crl_file = '[UNDEF]'
Fri Aug 05 15:56:06 2011 us=613000   ns_cert_type = 0
Fri Aug 05 15:56:06 2011 us=613000   remote_cert_ku[i] = 0
Fri Aug 05 15:56:06 2011 us=613000   remote_cert_ku[i] = 0
Fri Aug 05 15:56:06 2011 us=613000   remote_cert_ku[i] = 0
Fri Aug 05 15:56:06 2011 us=613000   remote_cert_ku[i] = 0
Fri Aug 05 15:56:06 2011 us=613000   remote_cert_ku[i] = 0
Fri Aug 05 15:56:06 2011 us=613000   remote_cert_ku[i] = 0
Fri Aug 05 15:56:06 2011 us=613000   remote_cert_ku[i] = 0
Fri Aug 05 15:56:06 2011 us=613000   remote_cert_ku[i] = 0
Fri Aug 05 15:56:06 2011 us=613000   remote_cert_ku[i] = 0
Fri Aug 05 15:56:06 2011 us=628000   remote_cert_ku[i] = 0
Fri Aug 05 15:56:06 2011 us=628000   remote_cert_ku[i] = 0
Fri Aug 05 15:56:06 2011 us=628000   remote_cert_ku[i] = 0
Fri Aug 05 15:56:06 2011 us=628000   remote_cert_ku[i] = 0
Fri Aug 05 15:56:06 2011 us=628000   remote_cert_ku[i] = 0
Fri Aug 05 15:56:06 2011 us=628000   remote_cert_ku[i] = 0
Fri Aug 05 15:56:06 2011 us=628000   remote_cert_ku[i] = 0
Fri Aug 05 15:56:06 2011 us=628000   remote_cert_eku = '[UNDEF]'
Fri Aug 05 15:56:06 2011 us=628000   tls_timeout = 2
Fri Aug 05 15:56:06 2011 us=628000   renegotiate_bytes = 0
Fri Aug 05 15:56:06 2011 us=628000   renegotiate_packets = 0
Fri Aug 05 15:56:06 2011 us=628000   renegotiate_seconds = 3600
Fri Aug 05 15:56:06 2011 us=628000   handshake_window = 60
Fri Aug 05 15:56:06 2011 us=628000   transition_window = 3600
Fri Aug 05 15:56:06 2011 us=628000   single_session = DISABLED
Fri Aug 05 15:56:06 2011 us=628000   tls_exit = DISABLED
Fri Aug 05 15:56:06 2011 us=644000   tls_auth_file = 'ta.key'
Fri Aug 05 15:56:06 2011 us=644000   pkcs11_protected_authentication = DISABLED
Fri Aug 05 15:56:06 2011 us=644000   pkcs11_protected_authentication = DISABLED
Fri Aug 05 15:56:06 2011 us=644000   pkcs11_protected_authentication = DISABLED
Fri Aug 05 15:56:06 2011 us=644000   pkcs11_protected_authentication = DISABLED
Fri Aug 05 15:56:06 2011 us=644000   pkcs11_protected_authentication = DISABLED
Fri Aug 05 15:56:06 2011 us=644000   pkcs11_protected_authentication = DISABLED
Fri Aug 05 15:56:06 2011 us=644000   pkcs11_protected_authentication = DISABLED
Fri Aug 05 15:56:06 2011 us=644000   pkcs11_protected_authentication = DISABLED
Fri Aug 05 15:56:06 2011 us=644000   pkcs11_protected_authentication = DISABLED
Fri Aug 05 15:56:06 2011 us=644000   pkcs11_protected_authentication = DISABLED
Fri Aug 05 15:56:06 2011 us=644000   pkcs11_protected_authentication = DISABLED
Fri Aug 05 15:56:06 2011 us=644000   pkcs11_protected_authentication = DISABLED
Fri Aug 05 15:56:06 2011 us=660000   pkcs11_protected_authentication = DISABLED
Fri Aug 05 15:56:06 2011 us=660000   pkcs11_protected_authentication = DISABLED
Fri Aug 05 15:56:06 2011 us=660000   pkcs11_protected_authentication = DISABLED
Fri Aug 05 15:56:06 2011 us=660000   pkcs11_protected_authentication = DISABLED
Fri Aug 05 15:56:06 2011 us=660000   pkcs11_private_mode = 00000000
Fri Aug 05 15:56:06 2011 us=660000   pkcs11_private_mode = 00000000
Fri Aug 05 15:56:06 2011 us=660000   pkcs11_private_mode = 00000000
Fri Aug 05 15:56:06 2011 us=660000   pkcs11_private_mode = 00000000
Fri Aug 05 15:56:06 2011 us=660000   pkcs11_private_mode = 00000000
Fri Aug 05 15:56:06 2011 us=660000   pkcs11_private_mode = 00000000
Fri Aug 05 15:56:06 2011 us=660000   pkcs11_private_mode = 00000000
Fri Aug 05 15:56:06 2011 us=660000   pkcs11_private_mode = 00000000
Fri Aug 05 15:56:06 2011 us=660000   pkcs11_private_mode = 00000000
Fri Aug 05 15:56:06 2011 us=660000   pkcs11_private_mode = 00000000
Fri Aug 05 15:56:06 2011 us=675000   pkcs11_private_mode = 00000000
Fri Aug 05 15:56:06 2011 us=675000   pkcs11_private_mode = 00000000
Fri Aug 05 15:56:06 2011 us=675000   pkcs11_private_mode = 00000000
Fri Aug 05 15:56:06 2011 us=675000   pkcs11_private_mode = 00000000
Fri Aug 05 15:56:06 2011 us=675000   pkcs11_private_mode = 00000000
Fri Aug 05 15:56:06 2011 us=675000   pkcs11_private_mode = 00000000
Fri Aug 05 15:56:06 2011 us=675000   pkcs11_cert_private = DISABLED
Fri Aug 05 15:56:06 2011 us=675000   pkcs11_cert_private = DISABLED
Fri Aug 05 15:56:06 2011 us=675000   pkcs11_cert_private = DISABLED
Fri Aug 05 15:56:06 2011 us=675000   pkcs11_cert_private = DISABLED
Fri Aug 05 15:56:06 2011 us=675000   pkcs11_cert_private = DISABLED
Fri Aug 05 15:56:06 2011 us=675000   pkcs11_cert_private = DISABLED
Fri Aug 05 15:56:06 2011 us=675000   pkcs11_cert_private = DISABLED
Fri Aug 05 15:56:06 2011 us=675000   pkcs11_cert_private = DISABLED
Fri Aug 05 15:56:06 2011 us=691000   pkcs11_cert_private = DISABLED
Fri Aug 05 15:56:06 2011 us=691000   pkcs11_cert_private = DISABLED
Fri Aug 05 15:56:06 2011 us=691000   pkcs11_cert_private = DISABLED
Fri Aug 05 15:56:06 2011 us=691000   pkcs11_cert_private = DISABLED
Fri Aug 05 15:56:06 2011 us=691000   pkcs11_cert_private = DISABLED
Fri Aug 05 15:56:06 2011 us=691000   pkcs11_cert_private = DISABLED
Fri Aug 05 15:56:06 2011 us=691000   pkcs11_cert_private = DISABLED
Fri Aug 05 15:56:06 2011 us=691000   pkcs11_cert_private = DISABLED
Fri Aug 05 15:56:06 2011 us=691000   pkcs11_pin_cache_period = -1
Fri Aug 05 15:56:06 2011 us=691000   pkcs11_id = '[UNDEF]'
Fri Aug 05 15:56:06 2011 us=691000   pkcs11_id_management = DISABLED
Fri Aug 05 15:56:06 2011 us=691000   server_network = 0.0.0.0
Fri Aug 05 15:56:06 2011 us=691000   server_netmask = 0.0.0.0
Fri Aug 05 15:56:06 2011 us=691000   server_bridge_ip = 0.0.0.0
Fri Aug 05 15:56:06 2011 us=691000   server_bridge_netmask = 0.0.0.0
Fri Aug 05 15:56:06 2011 us=691000   server_bridge_pool_start = 0.0.0.0
Fri Aug 05 15:56:06 2011 us=691000   server_bridge_pool_end = 0.0.0.0
Fri Aug 05 15:56:06 2011 us=691000   ifconfig_pool_defined = DISABLED
Fri Aug 05 15:56:06 2011 us=691000   ifconfig_pool_start = 0.0.0.0
Fri Aug 05 15:56:06 2011 us=691000   ifconfig_pool_end = 0.0.0.0
Fri Aug 05 15:56:06 2011 us=691000   ifconfig_pool_netmask = 0.0.0.0
Fri Aug 05 15:56:06 2011 us=691000   ifconfig_pool_persist_filename = '[UNDEF]'
Fri Aug 05 15:56:06 2011 us=691000   ifconfig_pool_persist_refresh_freq = 600
Fri Aug 05 15:56:06 2011 us=691000   n_bcast_buf = 256
Fri Aug 05 15:56:06 2011 us=691000   tcp_queue_limit = 64
Fri Aug 05 15:56:06 2011 us=691000   real_hash_size = 256
Fri Aug 05 15:56:06 2011 us=691000   virtual_hash_size = 256
Fri Aug 05 15:56:06 2011 us=691000   client_connect_script = '[UNDEF]'
Fri Aug 05 15:56:06 2011 us=691000   learn_address_script = '[UNDEF]'
Fri Aug 05 15:56:06 2011 us=706000   client_disconnect_script = '[UNDEF]'
Fri Aug 05 15:56:06 2011 us=706000   client_config_dir = '[UNDEF]'
Fri Aug 05 15:56:06 2011 us=706000   ccd_exclusive = DISABLED
Fri Aug 05 15:56:06 2011 us=706000   tmp_dir = '[UNDEF]'
Fri Aug 05 15:56:06 2011 us=706000   push_ifconfig_defined = DISABLED
Fri Aug 05 15:56:06 2011 us=706000   push_ifconfig_local = 0.0.0.0
Fri Aug 05 15:56:06 2011 us=706000   push_ifconfig_remote_netmask = 0.0.0.0
Fri Aug 05 15:56:06 2011 us=706000   enable_c2c = DISABLED
Fri Aug 05 15:56:06 2011 us=706000   duplicate_cn = DISABLED
Fri Aug 05 15:56:06 2011 us=706000   cf_max = 0
Fri Aug 05 15:56:06 2011 us=706000   cf_per = 0
Fri Aug 05 15:56:06 2011 us=706000   max_clients = 1024
Fri Aug 05 15:56:06 2011 us=706000   max_routes_per_client = 256
Fri Aug 05 15:56:06 2011 us=706000   auth_user_pass_verify_script = '[UNDEF]'
Fri Aug 05 15:56:06 2011 us=706000   auth_user_pass_verify_script_via_file = DISABLED
Fri Aug 05 15:56:06 2011 us=722000   ssl_flags = 0
Fri Aug 05 15:56:06 2011 us=722000   client = ENABLED
Fri Aug 05 15:56:06 2011 us=722000   pull = ENABLED
Fri Aug 05 15:56:06 2011 us=722000   auth_user_pass_file = '[UNDEF]'
Fri Aug 05 15:56:06 2011 us=722000   show_net_up = DISABLED
Fri Aug 05 15:56:06 2011 us=722000   route_method = 0
Fri Aug 05 15:56:06 2011 us=722000   ip_win32_defined = DISABLED
Fri Aug 05 15:56:06 2011 us=722000   ip_win32_type = 3
Fri Aug 05 15:56:06 2011 us=722000   dhcp_masq_offset = 0
Fri Aug 05 15:56:06 2011 us=722000   dhcp_lease_time = 31536000
Fri Aug 05 15:56:06 2011 us=722000   tap_sleep = 0
Fri Aug 05 15:56:06 2011 us=722000   dhcp_options = DISABLED
Fri Aug 05 15:56:06 2011 us=722000   dhcp_renew = DISABLED
Fri Aug 05 15:56:06 2011 us=722000   dhcp_pre_release = DISABLED
Fri Aug 05 15:56:06 2011 us=722000   dhcp_release = DISABLED
Fri Aug 05 15:56:06 2011 us=722000   domain = '[UNDEF]'
Fri Aug 05 15:56:06 2011 us=722000   netbios_scope = '[UNDEF]'
Fri Aug 05 15:56:06 2011 us=722000   netbios_node_type = 0
Fri Aug 05 15:56:06 2011 us=722000   disable_nbt = DISABLED
Fri Aug 05 15:56:06 2011 us=722000 OpenVPN 2.1_rc22 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Nov 20 2009
Fri Aug 05 15:56:06 2011 us=722000 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA.  OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Fri Aug 05 15:56:06 2011 us=722000 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Fri Aug 05 15:56:06 2011 us=722000 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Fri Aug 05 15:56:07 2011 us=112000 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
Fri Aug 05 15:56:07 2011 us=112000 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Aug 05 15:56:07 2011 us=112000 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Aug 05 15:56:07 2011 us=112000 LZO compression initialized
Fri Aug 05 15:56:07 2011 us=112000 Control Channel MTU parms [ L:1590 D:166 EF:66 EB:0 ET:0 EL:0 ]
Fri Aug 05 15:56:07 2011 us=221000 Data Channel MTU parms [ L:1590 D:1450 EF:58 EB:135 ET:32 EL:0 AF:3/1 ]
Fri Aug 05 15:56:07 2011 us=221000 Local Options String: 'V4,dev-type tap,link-mtu 1590,tun-mtu 1532,proto UDPv4,comp-lzo,keydir 1,cipher AES-128-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client'
Fri Aug 05 15:56:07 2011 us=221000 Expected Remote Options String: 'V4,dev-type tap,link-mtu 1590,tun-mtu 1532,proto UDPv4,comp-lzo,keydir 0,cipher AES-128-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server'
Fri Aug 05 15:56:07 2011 us=221000 Local Options hash (VER=V4): 'a7133b47'
Fri Aug 05 15:56:07 2011 us=221000 Expected Remote Options hash (VER=V4): 'c5677ab3'
Fri Aug 05 15:56:07 2011 us=221000 Socket Buffers: R=[8192->8192] S=[8192->8192]
Fri Aug 05 15:56:07 2011 us=221000 UDPv4 link local (bound): [undef]:1194
Fri Aug 05 15:56:07 2011 us=221000 UDPv4 link remote: 107.20.33.71:1194
Fri Aug 05 15:56:07 2011 us=221000 UDPv4 WRITE [42] to 107.20.33.71:1194: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #1 ] [ ] pid=0 DATA len=0
Fri Aug 05 15:56:07 2011 us=268000 UDPv4 READ [54] from 107.20.33.71:1194: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 pid=[ #1 ] [ 0 ] pid=0 DATA len=0
Fri Aug 05 15:56:07 2011 us=268000 TLS: Initial packet from 107.20.33.71:1194, sid=bc3257de 2fa74570
Fri Aug 05 15:56:07 2011 us=268000 UDPv4 WRITE [50] to 107.20.33.71:1194: P_ACK_V1 kid=0 pid=[ #2 ] [ 0 ]
Fri Aug 05 15:56:07 2011 us=268000 UDPv4 WRITE [134] to 107.20.33.71:1194: P_CONTROL_V1 kid=0 pid=[ #3 ] [ ] pid=1 DATA len=92
Fri Aug 05 15:56:07 2011 us=315000 UDPv4 READ [154] from 107.20.33.71:1194: P_CONTROL_V1 kid=0 pid=[ #2 ] [ 1 ] pid=1 DATA len=100
Fri Aug 05 15:56:07 2011 us=315000 UDPv4 WRITE [50] to 107.20.33.71:1194: P_ACK_V1 kid=0 pid=[ #4 ] [ 1 ]
...
Fri Aug 05 15:56:07 2011 us=502000 UDPv4 WRITE [50] to 107.20.33.71:1194: P_ACK_V1 kid=0 pid=[ #22 ] [ 19 ]
Fri Aug 05 15:56:07 2011 us=518000 UDPv4 READ [142] from 107.20.33.71:1194: P_CONTROL_V1 kid=0 pid=[ #21 ] [ ] pid=20 DATA len=100
Fri Aug 05 15:56:07 2011 us=518000 VERIFY OK: depth=1, /C=US/ST=STATE/L=MADISON/O=COMPANY/CN=COMPANY_CA/emailAddress=FRED@EXAMPLE.COM
Fri Aug 05 15:56:07 2011 us=518000 VERIFY OK: depth=0, /C=US/ST=STATE/L=MADISON/O=COMPANY/CN=server/emailAddress=FRED@EXAMPLE.COM
Fri Aug 05 15:56:07 2011 us=518000 UDPv4 WRITE [50] to 107.20.33.71:1194: P_ACK_V1 kid=0 pid=[ #23 ] [ 20 ]
Fri Aug 05 15:56:07 2011 us=549000 UDPv4 READ [142] from 107.20.33.71:1194: P_CONTROL_V1 kid=0 pid=[ #22 ] [ ] pid=21 DATA len=100
....
Fri Aug 05 15:56:08 2011 us=48000 UDPv4 READ [124] from 107.20.33.71:1194: P_CONTROL_V1 kid=0 pid=[ #67 ] [ ] pid=41 DATA len=82
Fri Aug 05 15:56:08 2011 us=48000 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Fri Aug 05 15:56:08 2011 us=48000 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Aug 05 15:56:08 2011 us=48000 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Fri Aug 05 15:56:08 2011 us=48000 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Aug 05 15:56:08 2011 us=48000 UDPv4 WRITE [50] to 107.20.33.71:1194: P_ACK_V1 kid=0 pid=[ #69 ] [ 41 ]
Fri Aug 05 15:56:08 2011 us=48000 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Fri Aug 05 15:56:08 2011 us=48000 [server] Peer Connection Initiated with 107.20.33.71:1194
Fri Aug 05 15:56:10 2011 us=92000 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Fri Aug 05 15:56:10 2011 us=92000 UDPv4 WRITE [132] to 107.20.33.71:1194: P_CONTROL_V1 kid=0 pid=[ #70 ] [ ] pid=29 DATA len=90
Fri Aug 05 15:56:10 2011 us=139000 UDPv4 READ [50] from 107.20.33.71:1194: P_ACK_V1 kid=0 pid=[ #68 ] [ 29 ]
Fri Aug 05 15:56:10 2011 us=139000 UDPv4 READ [142] from 107.20.33.71:1194: P_CONTROL_V1 kid=0 pid=[ #69 ] [ ] pid=42 DATA len=100
Fri Aug 05 15:56:10 2011 us=139000 UDPv4 WRITE [50] to 107.20.33.71:1194: P_ACK_V1 kid=0 pid=[ #71 ] [ 42 ]
Fri Aug 05 15:56:10 2011 us=139000 UDPv4 READ [142] from 107.20.33.71:1194: P_CONTROL_V1 kid=0 pid=[ #70 ] [ ] pid=43 DATA len=100
Fri Aug 05 15:56:10 2011 us=139000 UDPv4 WRITE [50] to 107.20.33.71:1194: P_ACK_V1 kid=0 pid=[ #72 ] [ 43 ]
Fri Aug 05 15:56:10 2011 us=139000 UDPv4 READ [108] from 107.20.33.71:1194: P_CONTROL_V1 kid=0 pid=[ #71 ] [ ] pid=44 DATA len=66
Fri Aug 05 15:56:10 2011 us=139000 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 208.67.222.222,dhcp-option DNS 208.67.220.220,route-gateway 172.16.1.1,ping 10,ping-restart 120,ifconfig 172.16.1.100 255.255.255.0'
Fri Aug 05 15:56:10 2011 us=139000 OPTIONS IMPORT: timers and/or timeouts modified
Fri Aug 05 15:56:10 2011 us=139000 OPTIONS IMPORT: --ifconfig/up options modified
Fri Aug 05 15:56:10 2011 us=139000 OPTIONS IMPORT: route options modified
Fri Aug 05 15:56:10 2011 us=139000 OPTIONS IMPORT: route-related options modified
Fri Aug 05 15:56:10 2011 us=139000 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Fri Aug 05 15:56:10 2011 us=154000 ROUTE default_gateway=10.0.0.1
Fri Aug 05 15:56:10 2011 us=185000 TAP-WIN32 device [Local Area Connection] opened: \\.\Global\{30758321-F55B-4FCE-BE21-193D2ACFF9D2}.tap
Fri Aug 05 15:56:10 2011 us=185000 TAP-Win32 Driver Version 9.6 
Fri Aug 05 15:56:10 2011 us=185000 TAP-Win32 MTU=1500
Fri Aug 05 15:56:10 2011 us=185000 Notified TAP-Win32 driver to set a DHCP IP/netmask of 172.16.1.100/255.255.255.0 on interface {30758321-F55B-4FCE-BE21-193D2ACFF9D2} [DHCP-serv: 172.16.1.0, lease-time: 31536000]
Fri Aug 05 15:56:10 2011 us=185000 DHCP option string: 0608d043 deded043 dcdc
Fri Aug 05 15:56:10 2011 us=185000 Successful ARP Flush on interface [17] {30758321-F55B-4FCE-BE21-193D2ACFF9D2}
Fri Aug 05 15:56:10 2011 us=185000 UDPv4 WRITE [50] to 107.20.33.71:1194: P_ACK_V1 kid=0 pid=[ #73 ] [ 44 ]
Fri Aug 05 15:56:10 2011 us=217000 TUN READ [151]
Fri Aug 05 15:56:10 2011 us=217000 UDPv4 WRITE [197] to 107.20.33.71:1194: P_DATA_V1 kid=0 DATA len=196
Fri Aug 05 15:56:10 2011 us=232000 TUN READ [90]
...
Fri Aug 05 15:56:14 2011 us=990000 UDPv4 WRITE [261] to 107.20.33.71:1194: P_DATA_V1 kid=0 DATA len=260
Fri Aug 05 15:56:15 2011 us=443000 TUN READ [86]
Fri Aug 05 15:56:15 2011 us=458000 TEST ROUTES: 1/1 succeeded len=0 ret=1 a=0 u/d=up
Fri Aug 05 15:56:15 2011 us=458000 C:\WINDOWS\system32\route.exe ADD 107.20.33.71 MASK 255.255.255.255 10.0.0.1
Fri Aug 05 15:56:15 2011 us=458000 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=25 and dwForwardType=4
Fri Aug 05 15:56:15 2011 us=458000 Route addition via IPAPI succeeded [adaptive]
Fri Aug 05 15:56:15 2011 us=458000 C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 172.16.1.1
Fri Aug 05 15:56:15 2011 us=474000 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Fri Aug 05 15:56:15 2011 us=474000 Route addition via IPAPI succeeded [adaptive]
Fri Aug 05 15:56:15 2011 us=474000 C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 172.16.1.1
Fri Aug 05 15:56:15 2011 us=474000 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Fri Aug 05 15:56:15 2011 us=474000 Route addition via IPAPI succeeded [adaptive]
Fri Aug 05 15:56:15 2011 us=474000 Initialization Sequence Completed
Fri Aug 05 15:56:15 2011 us=474000 UDPv4 WRITE [133] to 107.20.33.71:1194: P_DATA_V1 kid=0 DATA len=132
Fri Aug 05 15:56:15 2011 us=474000 TUN READ [42]
Fri Aug 05 15:56:15 2011 us=474000 UDPv4 WRITE [85] to 107.20.33.71:1194: P_DATA_V1 kid=0 DATA len=84
Fri Aug 05 15:56:15 2011 us=536000 UDPv4 READ [85] from 107.20.33.71:1194: P_DATA_V1 kid=0 DATA len=84
Fri Aug 05 15:56:15 2011 us=536000 TUN WRITE [42]
Fri Aug 05 15:56:15 2011 us=536000 TUN READ [85]
Fri Aug 05 15:56:15 2011 us=536000 UDPv4 WRITE [133] to 107.20.33.71:1194: P_DATA_V1 kid=0 DATA len=132
Fri Aug 05 15:56:15 2011 us=552000 TUN READ [110]
Fri Aug 05 15:56:15 2011 us=552000 UDPv4 WRITE [149] to 107.20.33.71:1194: P_DATA_V1 kid=0 DATA len=148
Fri Aug 05 15:56:15 2011 us=552000 TUN READ [86]
Fri Aug 05 15:56:15 2011 us=552000 UDPv4 WRITE [133] to 107.20.33.71:1194: P_DATA_V1 kid=0 DATA len=132
....
Fri Aug 05 15:56:20 2011 us=871000 UDPv4 WRITE [149] to 107.20.33.71:1194: P_DATA_V1 kid=0 DATA len=148
Fri Aug 05 15:56:21 2011 us=620000 TUN READ [92]
Fri Aug 05 15:56:21 2011 us=620000 UDPv4 WRITE [149] to 107.20.33.71:1194: P_DATA_V1 kid=0 DATA len=148
Fri Aug 05 15:56:22 2011 us=166000 TCP/UDP: Closing socket
Fri Aug 05 15:56:22 2011 us=166000 C:\WINDOWS\system32\route.exe DELETE 107.20.33.71 MASK 255.255.255.255 10.0.0.1
Fri Aug 05 15:56:22 2011 us=166000 Route deletion via IPAPI succeeded [adaptive]
Fri Aug 05 15:56:22 2011 us=166000 C:\WINDOWS\system32\route.exe DELETE 0.0.0.0 MASK 128.0.0.0 172.16.1.1
Fri Aug 05 15:56:22 2011 us=166000 Route deletion via IPAPI succeeded [adaptive]
Fri Aug 05 15:56:22 2011 us=166000 C:\WINDOWS\system32\route.exe DELETE 128.0.0.0 MASK 128.0.0.0 172.16.1.1
Fri Aug 05 15:56:22 2011 us=166000 Route deletion via IPAPI succeeded [adaptive]
Fri Aug 05 15:56:22 2011 us=166000 Closing TUN/TAP interface
Fri Aug 05 15:56:22 2011 us=166000 SIGTERM[hard,] received, process exiting
How I installed and configured the instance.

under sudo -s I did an

apt-get update; apt-get upgrade;

then I did a restart and ran

apt-get install openvpn bridge-utils

once that copied the server config file from the samples directory to /etc/openvpn/

next I built the certificates and the keys by running

Code: Select all

. ./vars
./clean-all
./build-ca
./build-dh
./pkitool --initca
./pkitool --server server
cd keys
openvpn --genkey --secret ta.key
cp server.crt server.key ca.crt dh1024.pem ta.key /etc/openvpn/
after this I generated the client files by running

Code: Select all

cd /etc/openvpn/easy-rsa/
source vars
./pkitool hostname
where hostname is the name of the host I configured. (much of the above is from https://help.ubuntu.com/10.04/servergui ... envpn.html)

After this in the /etc/openvpn folder I run a ./bridge.sh start which starts up the interfaces then I run a /etc/init.d/openvpn start which starts openvpn. Both commands yield no visible errors when run.

I run the following iptables commands.

Code: Select all

iptables -A INPUT -i tap0 -j ACCEPT
iptables -A INPUT -i br0 -j ACCEPT
iptables -A FORWARD -i br0 -j ACCEPT
iptables -t nat -A POSTROUTING -s 172.16.1.0/24 -o eth0 -j MASQUERADE
I feel I am so close but I don't know where or what I am doing wrong. If it is not listed above I have not done it but I am willing to try anything!

Lastly if I connect to the server on the client it seems like traffic is getting forwarded because I can't get on the internet and I cant get e-mail, etc. as soon as I disconnect everything works like normal (obvisouly not through the vpn).
Top
User avatar
Bebop
Forum Team
Posts: 301
Joined: Wed Dec 15, 2010 9:24 pm

Re: Amazon EC2 OpenVPN Bridged Mode No Ping....

Post by Bebop » Sat Aug 06, 2011 1:56 am

daisedNconfused wrote:Currently the server runs and the clients can connect but it seems like there is nothing happening. I can't ping the server

How tight is the default policy on the server iptables?

Is it set to allow responses to pings and to see responses to pings?

Sometimes a full flush of iptables, and removing and default 'drop' policies can fix it.

Some example code here: Scripting and Customizations » Routing and Firewall Scripts » IPTABLES secure Internet tunnel

I haven't anlyzed all the info you provided, simply trying for a quick and lucky fix here. If anyone else want to help out, feel free.
The cure for boredom is curiosity
Top
daisedNconfused
OpenVpn Newbie
Posts: 10
Joined: Fri Aug 05, 2011 8:12 pm

Re: Amazon EC2 OpenVPN Bridged Mode No Ping....

Post by daisedNconfused » Sat Aug 06, 2011 3:34 am

I will give it a try. I have not done that much research into how amazon does their nat firewall for the cloud or how they isolate instances on the network but I did an iptables -L -v before I added the four rules I listed in my first post and it didnt have any entries in it.
Top
daisedNconfused
OpenVpn Newbie
Posts: 10
Joined: Fri Aug 05, 2011 8:12 pm

Re: Amazon EC2 OpenVPN Bridged Mode No Ping....

Post by daisedNconfused » Sat Aug 06, 2011 4:37 am

Ok, I tried running the entire (first) script and things have stayed the same. I can connect just fine. But I can not ping, tracert/traceroute, or connect over the internet to any website when the connection is established and ongoing.
Top
User avatar
Bebop
Forum Team
Posts: 301
Joined: Wed Dec 15, 2010 9:24 pm

Re: Amazon EC2 OpenVPN Bridged Mode No Ping....

Post by Bebop » Sat Aug 06, 2011 6:44 am

This suggestion is borrowed from Mimiko in another thread. A quick checklist basically:

everything-seems-to-be-configured-correctly-but-i-cant-ping-across-the-tunnel

See if there's something been missed.
The cure for boredom is curiosity
Top
User avatar
Mimiko
Forum Team
Posts: 1564
Joined: Wed Sep 22, 2010 3:18 am

Re: Amazon EC2 OpenVPN Bridged Mode No Ping....

Post by Mimiko » Sat Aug 06, 2011 7:44 am

For general rule on creating bridged VPN see this link http://www.openvpn.net/index.php/open-s ... dging.html.

When creating the bridge interface, you use this IP:
eth_ip="10.210.161.219"
But in OpenVPN server's config you define another pool:
server-bridge 172.16.1.1 255.255.255.0 172.16.1.100 172.16.1.140
In OpenVPN server's config you must use same IP pool as when creating the bridge interface:
server-bridge 10.210.161.219 255.255.255.0 10.210.161.x1 10.210.161.x2
where x1<x2, and is IPs that will get clients, and this IPs are not in the pool of any HP server on your server's LAN. If you have a DHCP server on OpenVPN server LAN side, then use only:
server-bridge
If you need yor clients to access internet via OpenVPN server's side LAN (as you use push "redirect-gateway def1 bypass-dhcp"), then use:
server-bridge 10.210.161.1 255.255.255.0 10.210.161.x1 10.210.161.x2
Also you don't need masquarding:
iptables -t nat -A POSTROUTING -s 172.16.1.0/24 -o eth0 -j MASQUERADE
Remove this from your iptables.
Top
daisedNconfused
OpenVpn Newbie
Posts: 10
Joined: Fri Aug 05, 2011 8:12 pm

Re: Amazon EC2 OpenVPN Bridged Mode No Ping....

Post by daisedNconfused » Sat Aug 06, 2011 8:32 am

Ok well then it seems by what you are saying the server will be sending out ip addresses to connecting clients, right? if so how do I know those ip addresses arn't being used already. I don't control what ip addresses amazon ec2 sends to instances so I would very well be sending out already used addresses.
Top
daisedNconfused
OpenVpn Newbie
Posts: 10
Joined: Fri Aug 05, 2011 8:12 pm

Re: Amazon EC2 OpenVPN Bridged Mode No Ping....

Post by daisedNconfused » Sat Aug 06, 2011 8:38 am

the whole point is to be able to send out addresses of a selected pool of addresses and have the server bridge the two interfaces.... this has to be possible.
Top
User avatar
Mimiko
Forum Team
Posts: 1564
Joined: Wed Sep 22, 2010 3:18 am

Re: Amazon EC2 OpenVPN Bridged Mode No Ping....

Post by Mimiko » Sat Aug 06, 2011 8:43 am

daisedNconfused wrote:I don't control what ip addresses amazon ec2 sends to instances so I would very well be sending out already used addresses.
Oh. I just don't knwo how your amazon ec2 works. Then don't use bridging. Use routing insteed.
Top
daisedNconfused
OpenVpn Newbie
Posts: 10
Joined: Fri Aug 05, 2011 8:12 pm

Re: Amazon EC2 OpenVPN Bridged Mode No Ping....

Post by daisedNconfused » Sat Aug 06, 2011 9:01 am

yeah the problem is that I want clients to be able to see each other and at the same time I want to be able to move non-tcp traffic ie samba shares voip iptv etc.
Top
User avatar
Mimiko
Forum Team
Posts: 1564
Joined: Wed Sep 22, 2010 3:18 am

Re: Amazon EC2 OpenVPN Bridged Mode No Ping....

Post by Mimiko » Sat Aug 06, 2011 9:51 am

I want clients to be able to see each other
Use client-to-client option in OpenVPN server config file.
I want to be able to move non-tcp traffic ie samba shares voip iptv etc.
All of this is done other TCP protocol. Where do you want to move that traffic?
Top
daisedNconfused
OpenVpn Newbie
Posts: 10
Joined: Fri Aug 05, 2011 8:12 pm

Re: Amazon EC2 OpenVPN Bridged Mode No Ping....

Post by daisedNconfused » Sat Aug 06, 2011 10:35 am

by "move" i mean transfer over the vpn tunnel. The bridge faq states that you can only do this over a bridge using tap not over the normal connection using tun. Is this right?
Top
User avatar
Mimiko
Forum Team
Posts: 1564
Joined: Wed Sep 22, 2010 3:18 am

Re: Amazon EC2 OpenVPN Bridged Mode No Ping....

Post by Mimiko » Sat Aug 06, 2011 1:11 pm

You use this
push "redirect-gateway def1 bypass-dhcp"
to redirect client access to internet thru tunnel.
Top
daisedNconfused
OpenVpn Newbie
Posts: 10
Joined: Fri Aug 05, 2011 8:12 pm

Re: Amazon EC2 OpenVPN Bridged Mode No Ping....

Post by daisedNconfused » Sat Aug 06, 2011 9:18 pm

well I will try configuring it as routed and see if it works. is it possible to create a second ethernet card that is virtual?
Top
User avatar
Mimiko
Forum Team
Posts: 1564
Joined: Wed Sep 22, 2010 3:18 am

Re: Amazon EC2 OpenVPN Bridged Mode No Ping....

Post by Mimiko » Sun Aug 07, 2011 6:00 am

is it possible to create a second ethernet card that is virtual?
I think so. You can create virtual ethernet cards.
Top
daisedNconfused
OpenVpn Newbie
Posts: 10
Joined: Fri Aug 05, 2011 8:12 pm

Re: Amazon EC2 OpenVPN Bridged Mode No Ping....

Post by daisedNconfused » Sun Aug 07, 2011 6:49 am

So far here is the update. I renamed my server.conf to server.conf.bridged so I can come back to it. I then copied over a new original conf file and configured it for routed tun and I can ping just fine but I can not get traffic to go through the machine to the internet ie I can not ping google.com and yes I checked google.com does respond to pings.

I think this is an iptables routing problem. Any thoughts?

Also on a side note if I could create a virtual Ethernet card on the server and configure it for use as part of the bridge and then some how route any traffic that is not part of the subnet back to the actual "physical" Ethernet card (eth0) then wouldn't that work for my situation?
Top
User avatar
Mimiko
Forum Team
Posts: 1564
Joined: Wed Sep 22, 2010 3:18 am

Re: Amazon EC2 OpenVPN Bridged Mode No Ping....

Post by Mimiko » Sun Aug 07, 2011 7:08 am

I think this is an iptables routing problem. Any thoughts?
Read this http://www.openvpn.net/index.php/open-s ... l#redirect
Also on a side note if I could create a virtual Ethernet card on the server and configure it for use as part of the bridge and then some how route any traffic that is not part of the subnet back to the actual "physical" Ethernet card (eth0) then wouldn't that work for my situation?
For your needs - its redundant and more complex.
Top
daisedNconfused
OpenVpn Newbie
Posts: 10
Joined: Fri Aug 05, 2011 8:12 pm

Re: Amazon EC2 OpenVPN Bridged Mode No Ping....

Post by daisedNconfused » Sun Aug 07, 2011 8:03 am

Yeah but for what I need it to do if it is possible I want to try it.
Top
Post Reply

Return to “Configuration”