I am using OpenVPN on Linux. Same ovpn config works with openvpn 2.2 but not 2.3, would like to know why and how to fix under 2.3. I don't have the log from server side due it is a paid service.
ovpn client config
Code: Select all
verb 4
mute 3
client
dev tun
proto tcp
resolv-retry 0
nobind
persist-key
ns-cert-type server
tls-cipher RC4-MD5
tls-auth ta 1
comp-lzo
auth-user-pass vpnauth
connect-retry 1
connect-retry-max 2
max-routes 2500
remote localhost 1194
http-proxy SERVER 443 proxyauth
ca ca.cer
Code: Select all
Tue Oct 29 03:06:46 2013 us=624530 OpenVPN 2.2.1 x86_64-mandriva-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] built on Nov 8 2011
Tue Oct 29 03:06:46 2013 us=624721 WARNING: file 'vpnauth' is group or others accessible
Tue Oct 29 03:06:46 2013 us=624880 WARNING: file 'proxyauth' is group or others accessible
Tue Oct 29 03:06:46 2013 us=624985 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Tue Oct 29 03:06:46 2013 us=625562 WARNING: file 'ta' is group or others accessible
Tue Oct 29 03:06:46 2013 us=625614 Control Channel Authentication: using 'ta' as a OpenVPN static key file
Tue Oct 29 03:06:46 2013 us=625656 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Oct 29 03:06:46 2013 us=625689 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Oct 29 03:06:46 2013 us=625815 LZO compression initialized
Tue Oct 29 03:06:46 2013 us=625912 Control Channel MTU parms [ L:1544 D:168 EF:68 EB:0 ET:0 EL:0 ]
Tue Oct 29 03:06:46 2013 us=625979 Socket Buffers: R=[87380->131072] S=[16384->131072]
Tue Oct 29 03:06:46 2013 us=853271 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ]
Tue Oct 29 03:06:46 2013 us=853420 Local Options String: 'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,keydir 1,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client'
Tue Oct 29 03:06:46 2013 us=853459 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,keydir 0,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server'
Tue Oct 29 03:06:46 2013 us=853546 Local Options hash (VER=V4): 'ee93268d'
Tue Oct 29 03:06:46 2013 us=853592 Expected Remote Options hash (VER=V4): 'bd577cd1'
Tue Oct 29 03:06:46 2013 us=853724 Attempting to establish TCP connection with SERVER IP:443 [nonblock]
Tue Oct 29 03:06:47 2013 us=854406 TCP connection established with SERVER IP:443
Tue Oct 29 03:06:47 2013 us=854540 Send to HTTP proxy: 'CONNECT localhost:1194 HTTP/1.0'
Tue Oct 29 03:06:47 2013 us=855647 Attempting Basic Proxy-Authorization
Tue Oct 29 03:06:48 2013 us=241576 HTTP proxy returned: 'HTTP/1.0 200 Connection established'
Tue Oct 29 03:06:50 2013 us=243926 TCPv4_CLIENT link local: [undef]
Tue Oct 29 03:06:50 2013 us=243983 TCPv4_CLIENT link remote: SERVER IP:443
Tue Oct 29 03:06:50 2013 us=438084 TLS: Initial packet from SERVER IP:443, sid=28191058 7ec38ffa
Tue Oct 29 03:06:50 2013 us=438517 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Tue Oct 29 03:06:52 2013 us=927021 VERIFY OK: depth=1, AUTH INFO
Tue Oct 29 03:06:52 2013 us=927459 VERIFY OK: nsCertType=SERVER
Tue Oct 29 03:06:52 2013 us=927519 VERIFY OK: depth=0, AUTH INFO
Tue Oct 29 03:06:53 2013 us=865847 NOTE: --mute triggered...
Tue Oct 29 03:06:53 2013 us=866457 5 variation(s) on previous 3 message(s) suppressed by --mute
Tue Oct 29 03:06:53 2013 us=866505 [openvpn] Peer Connection Initiated with SERVER IP:443
Tue Oct 29 03:06:55 2013 us=983411 SENT CONTROL [openvpn]: 'PUSH_REQUEST' (status=1)
Tue Oct 29 03:06:56 2013 us=198118 PUSH: Received control message: 'PUSH_REPLY,route IP 255.255.254.0,redirect-gateway,dhcp-option DNS 8.8.8.8,route IP,topology net30,ifconfig IP'
Tue Oct 29 03:06:56 2013 us=198553 OPTIONS IMPORT: --ifconfig/up options modified
Tue Oct 29 03:06:56 2013 us=198594 NOTE: --mute triggered...
Tue Oct 29 03:06:56 2013 us=199376 2 variation(s) on previous 3 message(s) suppressed by --mute
Tue Oct 29 03:06:56 2013 us=199439 ROUTE default_gateway=10.0.2.2
Tue Oct 29 03:06:56 2013 us=200124 TUN/TAP device tun0 opened
Tue Oct 29 03:06:56 2013 us=200180 TUN/TAP TX queue length set to 100
Tue Oct 29 03:06:56 2013 us=200338 /sbin/ifconfig tun0 IP pointopoint IP mtu 1500
Tue Oct 29 03:06:56 2013 us=206987 /sbin/route add -net IP netmask 255.255.255.255 gw 10.0.2.2
Tue Oct 29 03:06:56 2013 us=218456 /sbin/route del -net 0.0.0.0 netmask 0.0.0.0
Tue Oct 29 03:06:56 2013 us=219695 /sbin/route add -net 0.0.0.0 netmask 0.0.0.0 gw IP
Tue Oct 29 03:06:56 2013 us=220756 WARNING: potential route subnet conflict between local LAN [IP/255.255.255.0] and remote VPN [IP/255.255.254.0]
Tue Oct 29 03:06:56 2013 us=220878 /sbin/route add -net IP netmask 255.255.254.0 gw IP
Tue Oct 29 03:06:56 2013 us=221826 WARNING: potential route subnet conflict between local LAN [IP/255.255.255.0] and remote VPN [IP/255.255.255.255]
Tue Oct 29 03:06:56 2013 us=221909 /sbin/route add -net IP netmask 255.255.255.255 gw IP
Tue Oct 29 03:06:56 2013 us=222749 Initialization Sequence Completed
Code: Select all
Tue Oct 29 11:11:49 2013 us=465390 OpenVPN 2.3.2 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [IPv6] built on Sep 12 2013
Tue Oct 29 11:11:49 2013 us=465551 WARNING: file 'vpnauth' is group or others accessible
Tue Oct 29 11:11:49 2013 us=465775 WARNING: file 'proxyauth' is group or others accessible
Tue Oct 29 11:11:49 2013 us=621743 Deprecated TLS cipher name 'RC4-MD5', please use IANA name 'TLS-RSA-WITH-RC4-128-MD5'
Tue Oct 29 11:11:49 2013 us=622014 WARNING: file 'ta' is group or others accessible
Tue Oct 29 11:11:49 2013 us=622042 Control Channel Authentication: using 'ta' as a OpenVPN static key file
Tue Oct 29 11:11:49 2013 us=627286 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Oct 29 11:11:49 2013 us=627352 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Oct 29 11:11:49 2013 us=627469 LZO compression initialized
Tue Oct 29 11:11:49 2013 us=627684 Control Channel MTU parms [ L:1544 D:168 EF:68 EB:0 ET:0 EL:0 ]
Tue Oct 29 11:11:49 2013 us=629349 Socket Buffers: R=[87380->131072] S=[16384->131072]
Tue Oct 29 11:11:50 2013 us=144215 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ]
Tue Oct 29 11:11:50 2013 us=144322 Local Options String: 'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,keydir 1,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client'
Tue Oct 29 11:11:50 2013 us=144350 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,keydir 0,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server'
Tue Oct 29 11:11:50 2013 us=144405 Local Options hash (VER=V4): 'ee93268d'
Tue Oct 29 11:11:50 2013 us=144444 Expected Remote Options hash (VER=V4): 'bd577cd1'
Tue Oct 29 11:11:50 2013 us=144536 Attempting to establish TCP connection with [AF_INET]SERVER IP:443 [nonblock]
Tue Oct 29 11:11:51 2013 us=144974 TCP connection established with [AF_INET]SERVER IP:443
Tue Oct 29 11:11:51 2013 us=145064 Send to HTTP proxy: 'CONNECT localhost:1194 HTTP/1.0'
Tue Oct 29 11:11:51 2013 us=145215 Attempting Basic Proxy-Authorization
Tue Oct 29 11:11:51 2013 us=531763 HTTP proxy returned: 'HTTP/1.0 407 Proxy Authentication Required'
Tue Oct 29 11:11:51 2013 us=531845 NOTE: --mute triggered...
Tue Oct 29 11:11:51 2013 us=538853 2 variation(s) on previous 3 message(s) suppressed by --mute
Tue Oct 29 11:11:51 2013 us=538922 TCP/UDP: Closing socket
Tue Oct 29 11:11:51 2013 us=539054 SIGTERM[soft,init_instance] received, process exiting
CWL