HTTP Traffic Slow

Tularis · Post by **Tularis** » Wed Feb 18, 2015 10:03 am

Hello,

I have been following the instructions to build an OpenVPN Server from [http://readwrite.com/2014/04/10/raspber ... b-browsing]
I'm not using a raspberry pi but a Debian 6.0.10 Linux VM.

I've managed to get the VPN to connect but browsing the internet over it is VERY slow.
Some websites will load e.g. "whatismyip.com" but others will not. [What is my IP shows my office WAN address so it seems to be setup correctly]

This seems to me like an MTU issue, however i have reduce the MTU to 1420 on both the Client and Server but this didn't fix anything.
I can remote desktop into a server on the LAN over the VPN and once it connects the speeds is fine, this seems to just be effecting HTTP traffic....

Code: Select all

Local LAN (To the VPN Server): 172.16.200.0 /24
VPN: 10.8.0.0 /24
Client LAN: 192.168.0.0 /24

SERVERCONF:

Code: Select all

local 172.16.200.117
dev tun
proto udp
port 1194
# MTU I ADDED TO TRY AND FIX IT
tun-mtu 1420

ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/OpenVPN.crt
key /etc/openvpn/easy-rsa/keys/OpenVPN.key
dh /etc/openvpn/easy-rsa/keys/dh2048.pem

server 10.8.0.0 255.255.255.0
ifconfig 10.8.0.1 10.8.0.2

push "route 10.8.0.1 255.255.255.255"
push "route 10.8.0.0 255.255.255.0"
push "route 172.16.200.0 255.255.255.0"
push "dhcp-option DNS 8.8.8.8" # This should already match your router address and not need to be changed.
push "redirect-gateway def1"

client-to-client
duplicate-cn
keepalive 10 120
tls-auth /etc/openvpn/easy-rsa/keys/ta.key 0
cipher AES-128-CBC
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status /var/log/openvpn-status.log 20
log /var/log/openvpn.log
verb 1

Client.ovpn

Code: Select all

client 
dev tun 
proto udp 
remote MY.WAN.ADDRESS 1194 
resolv-retry infinite 
nobind 
persist-key 
persist-tun 
mute-replay-warnings 
ns-cert-type server 
key-direction 1 
cipher AES-128-CBC 
comp-lzo 
verb 1 
mute 20

I don't think this is a performance issue as if I "TOP" the Linux server there is nothing on the CPU....

Please let me know if there is anything I can try or something I did wrong.

Traffic · Post by **Traffic** » Wed Feb 18, 2015 1:53 pm

Tularis wrote:I have been following the instructions to build an OpenVPN Server from [http://readwrite.com/2014/04/10/raspber ... b-browsing]
I'm not using a raspberry pi but a Debian 6.0.10 Linux VM.

Please see the official HOWTO:
HOWTO: For OpenVPN Community Edition

This section is specific to your requirement:
HOWTO: Routing all client traffic (including web-traffic) through the VPN

Tularis wrote:I've managed to get the VPN to connect but browsing the internet over it is VERY slow.

Please post server and client logs at --verb 4

Tularis wrote:I can remote desktop into a server on the LAN over the VPN and once it connects the speeds is fine, this seems to just be effecting HTTP traffic....

What is your VPN-SERVER ISP UP/Down speed ? .. Be aware that browsing the internet over your VPN means the VPN-SERVER upload speed of your internet connection is a bottle neck.

Tularis · Post by **Tularis** » Wed Feb 18, 2015 3:06 pm

Hello,

Yes I have also followed the HOWTO to make sure and everything is the same.

Can you explain a little oh how to "Post server logs at --Verb 4" ?

The WAN the VPN Server is on has a 48Mbps DOWN and a 3.79Mbps UP, and since most pages don't load at all I can't see this being a bandwidth issue.

Tularis · Post by **Tularis** » Wed Feb 18, 2015 3:41 pm

Nevermind, Worked out how to change the Verbs to 4 please see log file below:

This is from an iphone connecting in. (Please ignore the failed connection this was going over 3g)

Code: Select all

Wed Feb 18 15:20:38 2015 us=954224 Current Parameter Settings:
Wed Feb 18 15:20:38 2015 us=954368   config = '/etc/openvpn/server.conf'
Wed Feb 18 15:20:38 2015 us=954393   mode = 1
Wed Feb 18 15:20:38 2015 us=954411   persist_config = DISABLED
Wed Feb 18 15:20:38 2015 us=954427   persist_mode = 1
Wed Feb 18 15:20:38 2015 us=954443   show_ciphers = DISABLED
Wed Feb 18 15:20:38 2015 us=954458   show_digests = DISABLED
Wed Feb 18 15:20:38 2015 us=954474   show_engines = DISABLED
Wed Feb 18 15:20:38 2015 us=954489   genkey = DISABLED
Wed Feb 18 15:20:38 2015 us=954505   key_pass_file = '[UNDEF]'
Wed Feb 18 15:20:38 2015 us=954521   show_tls_ciphers = DISABLED
Wed Feb 18 15:20:38 2015 us=954537 Connection profiles [default]:
Wed Feb 18 15:20:38 2015 us=954554   proto = udp
Wed Feb 18 15:20:38 2015 us=954570   local = '172.16.200.117'
Wed Feb 18 15:20:38 2015 us=954598   local_port = 1194
Wed Feb 18 15:20:38 2015 us=954614   remote = '[UNDEF]'
Wed Feb 18 15:20:38 2015 us=954630   remote_port = 1194
Wed Feb 18 15:20:38 2015 us=954646   remote_float = DISABLED
Wed Feb 18 15:20:38 2015 us=954661   bind_defined = DISABLED
Wed Feb 18 15:20:38 2015 us=954677   bind_local = ENABLED
Wed Feb 18 15:20:38 2015 us=954693   connect_retry_seconds = 5
Wed Feb 18 15:20:38 2015 us=954708   connect_timeout = 10
Wed Feb 18 15:20:38 2015 us=954724   connect_retry_max = 0
Wed Feb 18 15:20:38 2015 us=954740   socks_proxy_server = '[UNDEF]'
Wed Feb 18 15:20:38 2015 us=954756   socks_proxy_port = 0
Wed Feb 18 15:20:38 2015 us=954771   socks_proxy_retry = DISABLED
Wed Feb 18 15:20:38 2015 us=954790 Connection profiles END
Wed Feb 18 15:20:38 2015 us=954806   remote_random = DISABLED
Wed Feb 18 15:20:38 2015 us=954821   ipchange = '[UNDEF]'
Wed Feb 18 15:20:38 2015 us=954837   dev = 'tun'
Wed Feb 18 15:20:38 2015 us=954852   dev_type = '[UNDEF]'
Wed Feb 18 15:20:38 2015 us=954867   dev_node = '[UNDEF]'
Wed Feb 18 15:20:38 2015 us=954883   lladdr = '[UNDEF]'
Wed Feb 18 15:20:38 2015 us=954898   topology = 1
Wed Feb 18 15:20:38 2015 us=954914   tun_ipv6 = DISABLED
Wed Feb 18 15:20:38 2015 us=954930   ifconfig_local = '10.8.0.1'
Wed Feb 18 15:20:38 2015 us=954945   ifconfig_remote_netmask = '10.8.0.2'
Wed Feb 18 15:20:38 2015 us=954966   ifconfig_noexec = DISABLED
Wed Feb 18 15:20:38 2015 us=954982   ifconfig_nowarn = DISABLED
Wed Feb 18 15:20:38 2015 us=954997   shaper = 0
Wed Feb 18 15:20:38 2015 us=955012   tun_mtu = 1420
Wed Feb 18 15:20:38 2015 us=955028   tun_mtu_defined = ENABLED
Wed Feb 18 15:20:38 2015 us=955043   link_mtu = 1500
Wed Feb 18 15:20:38 2015 us=955058   link_mtu_defined = DISABLED
Wed Feb 18 15:20:38 2015 us=955073   tun_mtu_extra = 0
Wed Feb 18 15:20:38 2015 us=955089   tun_mtu_extra_defined = DISABLED
Wed Feb 18 15:20:38 2015 us=955104   fragment = 0
Wed Feb 18 15:20:38 2015 us=955119   mtu_discover_type = -1
Wed Feb 18 15:20:38 2015 us=955134   mtu_test = 0
Wed Feb 18 15:20:38 2015 us=955149   mlock = DISABLED
Wed Feb 18 15:20:38 2015 us=955164   keepalive_ping = 10
Wed Feb 18 15:20:38 2015 us=955179   keepalive_timeout = 120
Wed Feb 18 15:20:38 2015 us=955195   inactivity_timeout = 0
Wed Feb 18 15:20:38 2015 us=955210   ping_send_timeout = 10
Wed Feb 18 15:20:38 2015 us=955225   ping_rec_timeout = 240
Wed Feb 18 15:20:38 2015 us=955240   ping_rec_timeout_action = 2
Wed Feb 18 15:20:38 2015 us=955255   ping_timer_remote = DISABLED
Wed Feb 18 15:20:38 2015 us=955270   remap_sigusr1 = 0
Wed Feb 18 15:20:38 2015 us=955285   explicit_exit_notification = 0
Wed Feb 18 15:20:38 2015 us=955300   persist_tun = ENABLED
Wed Feb 18 15:20:38 2015 us=955315   persist_local_ip = DISABLED
Wed Feb 18 15:20:38 2015 us=955330   persist_remote_ip = DISABLED
Wed Feb 18 15:20:38 2015 us=955344   persist_key = ENABLED
Wed Feb 18 15:20:38 2015 us=955360   mssfix = 1450
Wed Feb 18 15:20:38 2015 us=955375   passtos = DISABLED
Wed Feb 18 15:20:38 2015 us=955391   resolve_retry_seconds = 1000000000
Wed Feb 18 15:20:38 2015 us=955406   username = 'nobody'
Wed Feb 18 15:20:38 2015 us=955421   groupname = 'nogroup'
Wed Feb 18 15:20:38 2015 us=955436   chroot_dir = '[UNDEF]'
Wed Feb 18 15:20:38 2015 us=955465   cd_dir = '/etc/openvpn'
Wed Feb 18 15:20:38 2015 us=955481   writepid = '/var/run/openvpn.server.pid'
Wed Feb 18 15:20:38 2015 us=955497   up_script = '[UNDEF]'
Wed Feb 18 15:20:38 2015 us=955512   down_script = '[UNDEF]'
Wed Feb 18 15:20:38 2015 us=955527   down_pre = DISABLED
Wed Feb 18 15:20:38 2015 us=955542   up_restart = DISABLED
Wed Feb 18 15:20:38 2015 us=955557   up_delay = DISABLED
Wed Feb 18 15:20:38 2015 us=955572   daemon = ENABLED
Wed Feb 18 15:20:38 2015 us=955588   inetd = 0
Wed Feb 18 15:20:38 2015 us=955603   log = ENABLED
Wed Feb 18 15:20:38 2015 us=955618   suppress_timestamps = DISABLED
Wed Feb 18 15:20:38 2015 us=955634   nice = 0
Wed Feb 18 15:20:38 2015 us=955649   verbosity = 4
Wed Feb 18 15:20:38 2015 us=955757   mute = 0
Wed Feb 18 15:20:38 2015 us=955778   gremlin = 0
Wed Feb 18 15:20:38 2015 us=955794   status_file = '/var/log/openvpn-status.log'
Wed Feb 18 15:20:38 2015 us=955810   status_file_version = 1
Wed Feb 18 15:20:38 2015 us=955826   status_file_update_freq = 20
Wed Feb 18 15:20:38 2015 us=955841   occ = ENABLED
Wed Feb 18 15:20:38 2015 us=955856   rcvbuf = 65536
Wed Feb 18 15:20:38 2015 us=955872   sndbuf = 65536
Wed Feb 18 15:20:38 2015 us=955887   sockflags = 0
Wed Feb 18 15:20:38 2015 us=955902   fast_io = DISABLED
Wed Feb 18 15:20:38 2015 us=955918   lzo = 7
Wed Feb 18 15:20:38 2015 us=955933   route_script = '[UNDEF]'
Wed Feb 18 15:20:38 2015 us=955949   route_default_gateway = '[UNDEF]'
Wed Feb 18 15:20:38 2015 us=955964   route_default_metric = 0
Wed Feb 18 15:20:38 2015 us=955980   route_noexec = DISABLED
Wed Feb 18 15:20:38 2015 us=955995   route_delay = 0
Wed Feb 18 15:20:38 2015 us=956010   route_delay_window = 30
Wed Feb 18 15:20:38 2015 us=956026   route_delay_defined = DISABLED
Wed Feb 18 15:20:38 2015 us=956041   route_nopull = DISABLED
Wed Feb 18 15:20:38 2015 us=956057   route_gateway_via_dhcp = DISABLED
Wed Feb 18 15:20:38 2015 us=956073   max_routes = 100
Wed Feb 18 15:20:38 2015 us=956088   allow_pull_fqdn = DISABLED
Wed Feb 18 15:20:38 2015 us=956106   route 10.8.0.0/255.255.255.0/nil/nil
Wed Feb 18 15:20:38 2015 us=956122   management_addr = '[UNDEF]'
Wed Feb 18 15:20:38 2015 us=956138   management_port = 0
Wed Feb 18 15:20:38 2015 us=956154   management_user_pass = '[UNDEF]'
Wed Feb 18 15:20:38 2015 us=956170   management_log_history_cache = 250
Wed Feb 18 15:20:38 2015 us=956185   management_echo_buffer_size = 100
Wed Feb 18 15:20:38 2015 us=956201   management_write_peer_info_file = '[UNDEF]'
Wed Feb 18 15:20:38 2015 us=956217   management_client_user = '[UNDEF]'
Wed Feb 18 15:20:38 2015 us=956232   management_client_group = '[UNDEF]'
Wed Feb 18 15:20:38 2015 us=956248   management_flags = 0
Wed Feb 18 15:20:38 2015 us=956263   shared_secret_file = '[UNDEF]'
Wed Feb 18 15:20:38 2015 us=956278   key_direction = 1
Wed Feb 18 15:20:38 2015 us=956294   ciphername_defined = ENABLED
Wed Feb 18 15:20:38 2015 us=956309   ciphername = 'AES-128-CBC'
Wed Feb 18 15:20:38 2015 us=956325   authname_defined = ENABLED
Wed Feb 18 15:20:38 2015 us=956340   authname = 'SHA1'
Wed Feb 18 15:20:38 2015 us=956356   prng_hash = 'SHA1'
Wed Feb 18 15:20:38 2015 us=956371   prng_nonce_secret_len = 16
Wed Feb 18 15:20:38 2015 us=956387   keysize = 0
Wed Feb 18 15:20:38 2015 us=956402   engine = DISABLED
Wed Feb 18 15:20:38 2015 us=956418   replay = ENABLED
Wed Feb 18 15:20:38 2015 us=956433   mute_replay_warnings = DISABLED
Wed Feb 18 15:20:38 2015 us=956449   replay_window = 64
Wed Feb 18 15:20:38 2015 us=956465   replay_time = 15
Wed Feb 18 15:20:38 2015 us=956480   packet_id_file = '[UNDEF]'
Wed Feb 18 15:20:38 2015 us=956495   use_iv = ENABLED
Wed Feb 18 15:20:38 2015 us=956511   test_crypto = DISABLED
Wed Feb 18 15:20:38 2015 us=956526   tls_server = ENABLED
Wed Feb 18 15:20:38 2015 us=956541   tls_client = DISABLED
Wed Feb 18 15:20:38 2015 us=956556   key_method = 2
Wed Feb 18 15:20:38 2015 us=956572   ca_file = '/etc/openvpn/easy-rsa/keys/ca.crt'
Wed Feb 18 15:20:38 2015 us=956588   ca_path = '[UNDEF]'
Wed Feb 18 15:20:38 2015 us=956604   dh_file = '/etc/openvpn/easy-rsa/keys/dh2048.pem'
Wed Feb 18 15:20:38 2015 us=956635   cert_file = '/etc/openvpn/easy-rsa/keys/OpenVPN.crt'
Wed Feb 18 15:20:38 2015 us=956652   priv_key_file = '/etc/openvpn/easy-rsa/keys/OpenVPN.key'
Wed Feb 18 15:20:38 2015 us=956667   pkcs12_file = '[UNDEF]'
Wed Feb 18 15:20:38 2015 us=956682   cipher_list = '[UNDEF]'
Wed Feb 18 15:20:38 2015 us=956698   tls_verify = '[UNDEF]'
Wed Feb 18 15:20:38 2015 us=956713   tls_remote = '[UNDEF]'
Wed Feb 18 15:20:38 2015 us=956728   crl_file = '[UNDEF]'
Wed Feb 18 15:20:38 2015 us=956743   ns_cert_type = 0
Wed Feb 18 15:20:38 2015 us=956759   remote_cert_ku[i] = 0
Wed Feb 18 15:20:38 2015 us=956774   remote_cert_ku[i] = 0
Wed Feb 18 15:20:38 2015 us=956790   remote_cert_ku[i] = 0
Wed Feb 18 15:20:38 2015 us=956805   remote_cert_ku[i] = 0
Wed Feb 18 15:20:38 2015 us=956820   remote_cert_ku[i] = 0
Wed Feb 18 15:20:38 2015 us=956836   remote_cert_ku[i] = 0
Wed Feb 18 15:20:38 2015 us=956851   remote_cert_ku[i] = 0
Wed Feb 18 15:20:38 2015 us=956866   remote_cert_ku[i] = 0
Wed Feb 18 15:20:38 2015 us=956880   remote_cert_ku[i] = 0
Wed Feb 18 15:20:38 2015 us=956895   remote_cert_ku[i] = 0
Wed Feb 18 15:20:38 2015 us=956910   remote_cert_ku[i] = 0
Wed Feb 18 15:20:38 2015 us=956925   remote_cert_ku[i] = 0
Wed Feb 18 15:20:38 2015 us=956962   remote_cert_ku[i] = 0
Wed Feb 18 15:20:38 2015 us=956982   remote_cert_ku[i] = 0
Wed Feb 18 15:20:38 2015 us=956998   remote_cert_ku[i] = 0
Wed Feb 18 15:20:38 2015 us=957014   remote_cert_ku[i] = 0
Wed Feb 18 15:20:38 2015 us=957029   remote_cert_eku = '[UNDEF]'
Wed Feb 18 15:20:38 2015 us=957045   tls_timeout = 2
Wed Feb 18 15:20:38 2015 us=957060   renegotiate_bytes = 0
Wed Feb 18 15:20:38 2015 us=957076   renegotiate_packets = 0
Wed Feb 18 15:20:38 2015 us=957091   renegotiate_seconds = 3600
Wed Feb 18 15:20:38 2015 us=957107   handshake_window = 60
Wed Feb 18 15:20:38 2015 us=957122   transition_window = 3600
Wed Feb 18 15:20:38 2015 us=957137   single_session = DISABLED
Wed Feb 18 15:20:38 2015 us=957152   push_peer_info = DISABLED
Wed Feb 18 15:20:38 2015 us=957166   tls_exit = DISABLED
Wed Feb 18 15:20:38 2015 us=957182   tls_auth_file = '/etc/openvpn/easy-rsa/keys/ta.key'
Wed Feb 18 15:20:38 2015 us=957198   pkcs11_protected_authentication = DISABLED
Wed Feb 18 15:20:38 2015 us=957213   pkcs11_protected_authentication = DISABLED
Wed Feb 18 15:20:38 2015 us=957229   pkcs11_protected_authentication = DISABLED
Wed Feb 18 15:20:38 2015 us=957244   pkcs11_protected_authentication = DISABLED
Wed Feb 18 15:20:38 2015 us=957259   pkcs11_protected_authentication = DISABLED
Wed Feb 18 15:20:38 2015 us=957273   pkcs11_protected_authentication = DISABLED
Wed Feb 18 15:20:38 2015 us=957289   pkcs11_protected_authentication = DISABLED
Wed Feb 18 15:20:38 2015 us=957304   pkcs11_protected_authentication = DISABLED
Wed Feb 18 15:20:38 2015 us=957318   pkcs11_protected_authentication = DISABLED
Wed Feb 18 15:20:38 2015 us=957333   pkcs11_protected_authentication = DISABLED
Wed Feb 18 15:20:38 2015 us=957348   pkcs11_protected_authentication = DISABLED
Wed Feb 18 15:20:38 2015 us=957363   pkcs11_protected_authentication = DISABLED
Wed Feb 18 15:20:38 2015 us=957377   pkcs11_protected_authentication = DISABLED
Wed Feb 18 15:20:38 2015 us=957392   pkcs11_protected_authentication = DISABLED
Wed Feb 18 15:20:38 2015 us=957407   pkcs11_protected_authentication = DISABLED
Wed Feb 18 15:20:38 2015 us=957422   pkcs11_protected_authentication = DISABLED
Wed Feb 18 15:20:38 2015 us=957438   pkcs11_private_mode = 00000000
Wed Feb 18 15:20:38 2015 us=957454   pkcs11_private_mode = 00000000
Wed Feb 18 15:20:38 2015 us=957469   pkcs11_private_mode = 00000000
Wed Feb 18 15:20:38 2015 us=957484   pkcs11_private_mode = 00000000
Wed Feb 18 15:20:38 2015 us=957499   pkcs11_private_mode = 00000000
Wed Feb 18 15:20:38 2015 us=957515   pkcs11_private_mode = 00000000
Wed Feb 18 15:20:38 2015 us=957530   pkcs11_private_mode = 00000000
Wed Feb 18 15:20:38 2015 us=957545   pkcs11_private_mode = 00000000
Wed Feb 18 15:20:38 2015 us=957560   pkcs11_private_mode = 00000000
Wed Feb 18 15:20:38 2015 us=957587   pkcs11_private_mode = 00000000
Wed Feb 18 15:20:38 2015 us=957603   pkcs11_private_mode = 00000000
Wed Feb 18 15:20:38 2015 us=957619   pkcs11_private_mode = 00000000
Wed Feb 18 15:20:38 2015 us=957634   pkcs11_private_mode = 00000000
Wed Feb 18 15:20:38 2015 us=957651   pkcs11_private_mode = 00000000
Wed Feb 18 15:20:38 2015 us=957667   pkcs11_private_mode = 00000000
Wed Feb 18 15:20:38 2015 us=957682   pkcs11_private_mode = 00000000
Wed Feb 18 15:20:38 2015 us=957698   pkcs11_cert_private = DISABLED
Wed Feb 18 15:20:38 2015 us=957713   pkcs11_cert_private = DISABLED
Wed Feb 18 15:20:38 2015 us=957729   pkcs11_cert_private = DISABLED
Wed Feb 18 15:20:38 2015 us=957744   pkcs11_cert_private = DISABLED
Wed Feb 18 15:20:38 2015 us=957760   pkcs11_cert_private = DISABLED
Wed Feb 18 15:20:38 2015 us=957775   pkcs11_cert_private = DISABLED
Wed Feb 18 15:20:38 2015 us=957790   pkcs11_cert_private = DISABLED
Wed Feb 18 15:20:38 2015 us=957805   pkcs11_cert_private = DISABLED
Wed Feb 18 15:20:38 2015 us=957819   pkcs11_cert_private = DISABLED
Wed Feb 18 15:20:38 2015 us=957834   pkcs11_cert_private = DISABLED
Wed Feb 18 15:20:38 2015 us=957849   pkcs11_cert_private = DISABLED
Wed Feb 18 15:20:38 2015 us=957864   pkcs11_cert_private = DISABLED
Wed Feb 18 15:20:38 2015 us=957879   pkcs11_cert_private = DISABLED
Wed Feb 18 15:20:38 2015 us=957893   pkcs11_cert_private = DISABLED
Wed Feb 18 15:20:38 2015 us=957908   pkcs11_cert_private = DISABLED
Wed Feb 18 15:20:38 2015 us=957923   pkcs11_cert_private = DISABLED
Wed Feb 18 15:20:38 2015 us=957938   pkcs11_pin_cache_period = -1
Wed Feb 18 15:20:38 2015 us=957954   pkcs11_id = '[UNDEF]'
Wed Feb 18 15:20:38 2015 us=957969   pkcs11_id_management = DISABLED
Wed Feb 18 15:20:38 2015 us=957993   server_network = 10.8.0.0
Wed Feb 18 15:20:38 2015 us=958012   server_netmask = 255.255.255.0
Wed Feb 18 15:20:38 2015 us=958030   server_bridge_ip = 0.0.0.0
Wed Feb 18 15:20:38 2015 us=958047   server_bridge_netmask = 0.0.0.0
Wed Feb 18 15:20:38 2015 us=958064   server_bridge_pool_start = 0.0.0.0
Wed Feb 18 15:20:38 2015 us=958081   server_bridge_pool_end = 0.0.0.0
Wed Feb 18 15:20:38 2015 us=958097   push_entry = 'route 10.8.0.1 255.255.255.255'
Wed Feb 18 15:20:38 2015 us=958112   push_entry = 'route 10.8.0.0 255.255.255.0'
Wed Feb 18 15:20:38 2015 us=958127   push_entry = 'route 172.16.200.0 255.255.255.0'
Wed Feb 18 15:20:38 2015 us=958142   push_entry = 'dhcp-option DNS 8.8.8.8'
Wed Feb 18 15:20:38 2015 us=958157   push_entry = 'redirect-gateway def1'
Wed Feb 18 15:20:38 2015 us=958172   push_entry = 'route 10.8.0.0 255.255.255.0'
Wed Feb 18 15:20:38 2015 us=958187   push_entry = 'topology net30'
Wed Feb 18 15:20:38 2015 us=958202   push_entry = 'ping 10'
Wed Feb 18 15:20:38 2015 us=958218   push_entry = 'ping-restart 120'
Wed Feb 18 15:20:38 2015 us=958233   ifconfig_pool_defined = ENABLED
Wed Feb 18 15:20:38 2015 us=958250   ifconfig_pool_start = 10.8.0.4
Wed Feb 18 15:20:38 2015 us=958268   ifconfig_pool_end = 10.8.0.251
Wed Feb 18 15:20:38 2015 us=958285   ifconfig_pool_netmask = 0.0.0.0
Wed Feb 18 15:20:38 2015 us=958300   ifconfig_pool_persist_filename = '[UNDEF]'
Wed Feb 18 15:20:38 2015 us=958316   ifconfig_pool_persist_refresh_freq = 600
Wed Feb 18 15:20:38 2015 us=958331   n_bcast_buf = 256
Wed Feb 18 15:20:38 2015 us=958346   tcp_queue_limit = 64
Wed Feb 18 15:20:38 2015 us=958361   real_hash_size = 256
Wed Feb 18 15:20:38 2015 us=958376   virtual_hash_size = 256
Wed Feb 18 15:20:38 2015 us=958391   client_connect_script = '[UNDEF]'
Wed Feb 18 15:20:38 2015 us=958407   learn_address_script = '[UNDEF]'
Wed Feb 18 15:20:38 2015 us=958422   client_disconnect_script = '[UNDEF]'
Wed Feb 18 15:20:38 2015 us=958437   client_config_dir = '[UNDEF]'
Wed Feb 18 15:20:38 2015 us=958452   ccd_exclusive = DISABLED
Wed Feb 18 15:20:38 2015 us=958467   tmp_dir = '[UNDEF]'
Wed Feb 18 15:20:38 2015 us=958483   push_ifconfig_defined = DISABLED
Wed Feb 18 15:20:38 2015 us=958500   push_ifconfig_local = 0.0.0.0
Wed Feb 18 15:20:38 2015 us=958517   push_ifconfig_remote_netmask = 0.0.0.0
Wed Feb 18 15:20:38 2015 us=958544   enable_c2c = ENABLED
Wed Feb 18 15:20:38 2015 us=958560   duplicate_cn = ENABLED
Wed Feb 18 15:20:38 2015 us=958575   cf_max = 0
Wed Feb 18 15:20:38 2015 us=958622   cf_per = 0
Wed Feb 18 15:20:38 2015 us=958638   max_clients = 1024
Wed Feb 18 15:20:38 2015 us=958654   max_routes_per_client = 256
Wed Feb 18 15:20:38 2015 us=958669   auth_user_pass_verify_script = '[UNDEF]'
Wed Feb 18 15:20:38 2015 us=958685   auth_user_pass_verify_script_via_file = DISABLED
Wed Feb 18 15:20:38 2015 us=958701   ssl_flags = 0
Wed Feb 18 15:20:38 2015 us=958716   port_share_host = '[UNDEF]'
Wed Feb 18 15:20:38 2015 us=958731   port_share_port = 0
Wed Feb 18 15:20:38 2015 us=958746   client = DISABLED
Wed Feb 18 15:20:38 2015 us=958761   pull = DISABLED
Wed Feb 18 15:20:38 2015 us=958776   auth_user_pass_file = '[UNDEF]'
Wed Feb 18 15:20:38 2015 us=958798 OpenVPN 2.1.3 i486-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [MH] [PF_INET6] [eurephia] built on Jun  6 2013
Wed Feb 18 15:20:38 2015 us=959091 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Wed Feb 18 15:20:39 2015 us=13043 Diffie-Hellman initialized with 2048 bit key
Wed Feb 18 15:20:39 2015 us=14414 /usr/bin/openssl-vulnkey -q -b 2048 -m <modulus omitted>
Wed Feb 18 15:20:39 2015 us=165327 Control Channel Authentication: using '/etc/openvpn/easy-rsa/keys/ta.key' as a OpenVPN static key file
Wed Feb 18 15:20:39 2015 us=165414 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Feb 18 15:20:39 2015 us=165440 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Feb 18 15:20:39 2015 us=165477 WARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 1420)
Wed Feb 18 15:20:39 2015 us=165504 TLS-Auth MTU parms [ L:1478 D:166 EF:66 EB:0 ET:0 EL:0 ]
Wed Feb 18 15:20:39 2015 us=165557 Socket Buffers: R=[112640->131072] S=[112640->131072]
Wed Feb 18 15:20:39 2015 us=165813 ROUTE default_gateway=172.16.200.1
Wed Feb 18 15:20:39 2015 us=166966 TUN/TAP device tun0 opened
Wed Feb 18 15:20:39 2015 us=167936 TUN/TAP TX queue length set to 100
Wed Feb 18 15:20:39 2015 us=167996 /sbin/ifconfig tun0 10.8.0.1 pointopoint 10.8.0.2 mtu 1420
Wed Feb 18 15:20:39 2015 us=170786 /sbin/route add -net 10.8.0.0 netmask 255.255.255.0 gw 10.8.0.2
Wed Feb 18 15:20:39 2015 us=172115 Data Channel MTU parms [ L:1478 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ]
Wed Feb 18 15:20:39 2015 us=173452 GID set to nogroup
Wed Feb 18 15:20:39 2015 us=173557 UID set to nobody
Wed Feb 18 15:20:39 2015 us=173621 UDPv4 link local (bound): [AF_INET]172.16.200.117:1194
Wed Feb 18 15:20:39 2015 us=173641 UDPv4 link remote: [undef]
Wed Feb 18 15:20:39 2015 us=173671 MULTI: multi_init called, r=256 v=256
Wed Feb 18 15:20:39 2015 us=173813 IFCONFIG POOL: base=10.8.0.4 size=62
Wed Feb 18 15:20:39 2015 us=173874 Initialization Sequence Completed
Wed Feb 18 15:21:21 2015 us=25153 MULTI: multi_create_instance called
Wed Feb 18 15:21:21 2015 us=25285 82.132.234.80:52225 Re-using SSL/TLS context
Wed Feb 18 15:21:21 2015 us=25349 82.132.234.80:52225 LZO compression initialized
Wed Feb 18 15:21:21 2015 us=25374 82.132.234.80:52225 WARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 1420)
Wed Feb 18 15:21:21 2015 us=25729 82.132.234.80:52225 Control Channel MTU parms [ L:1478 D:166 EF:66 EB:0 ET:0 EL:0 ]
Wed Feb 18 15:21:21 2015 us=25760 82.132.234.80:52225 Data Channel MTU parms [ L:1478 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ]
Wed Feb 18 15:21:21 2015 us=25865 82.132.234.80:52225 Local Options String: 'V4,dev-type tun,link-mtu 1478,tun-mtu 1420,proto UDPv4,comp-lzo,keydir 0,cipher AES-128-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server'
Wed Feb 18 15:21:21 2015 us=25883 82.132.234.80:52225 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1478,tun-mtu 1420,proto UDPv4,comp-lzo,keydir 1,cipher AES-128-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client'
Wed Feb 18 15:21:21 2015 us=25964 82.132.234.80:52225 Local Options hash (VER=V4): 'f54f49db'
Wed Feb 18 15:21:21 2015 us=25992 82.132.234.80:52225 Expected Remote Options hash (VER=V4): '102cb293'
Wed Feb 18 15:21:21 2015 us=26099 82.132.234.80:52225 TLS: Initial packet from [AF_INET]82.132.234.80:52225, sid=a484e077 c916e441
Wed Feb 18 15:21:21 2015 us=123907 82.132.234.80:52225 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #1 / time = (1424273021) Wed Feb 18 15:23:41 2015 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Wed Feb 18 15:21:21 2015 us=123972 82.132.234.80:52225 TLS Error: incoming packet authentication failed from [AF_INET]82.132.234.80:52225
Wed Feb 18 15:21:21 2015 us=208083 82.132.234.80:52225 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #1 / time = (1424273021) Wed Feb 18 15:23:41 2015 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Wed Feb 18 15:21:21 2015 us=208139 82.132.234.80:52225 TLS Error: incoming packet authentication failed from [AF_INET]82.132.234.80:52225
Wed Feb 18 15:21:21 2015 us=245699 82.132.234.80:52225 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #1 / time = (1424273021) Wed Feb 18 15:23:41 2015 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Wed Feb 18 15:21:21 2015 us=245742 82.132.234.80:52225 TLS Error: incoming packet authentication failed from [AF_INET]82.132.234.80:52225
Wed Feb 18 15:21:22 2015 us=744420 82.132.234.80:52225 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #1 / time = (1424273021) Wed Feb 18 15:23:41 2015 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Wed Feb 18 15:21:22 2015 us=744488 82.132.234.80:52225 TLS Error: incoming packet authentication failed from [AF_INET]82.132.234.80:52225
Wed Feb 18 15:21:24 2015 us=745274 MULTI: multi_create_instance called
Wed Feb 18 15:21:24 2015 us=745398 82.132.234.80:10000 Re-using SSL/TLS context
Wed Feb 18 15:21:24 2015 us=745435 82.132.234.80:10000 LZO compression initialized
Wed Feb 18 15:21:24 2015 us=745454 82.132.234.80:10000 WARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 1420)
Wed Feb 18 15:21:24 2015 us=745626 82.132.234.80:10000 Control Channel MTU parms [ L:1478 D:166 EF:66 EB:0 ET:0 EL:0 ]
Wed Feb 18 15:21:24 2015 us=745653 82.132.234.80:10000 Data Channel MTU parms [ L:1478 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ]
Wed Feb 18 15:21:24 2015 us=745717 82.132.234.80:10000 Local Options String: 'V4,dev-type tun,link-mtu 1478,tun-mtu 1420,proto UDPv4,comp-lzo,keydir 0,cipher AES-128-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server'
Wed Feb 18 15:21:24 2015 us=745734 82.132.234.80:10000 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1478,tun-mtu 1420,proto UDPv4,comp-lzo,keydir 1,cipher AES-128-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client'
Wed Feb 18 15:21:24 2015 us=745765 82.132.234.80:10000 Local Options hash (VER=V4): 'f54f49db'
Wed Feb 18 15:21:24 2015 us=745790 82.132.234.80:10000 Expected Remote Options hash (VER=V4): '102cb293'
Wed Feb 18 15:21:24 2015 us=745842 82.132.234.80:10000 TLS: Initial packet from [AF_INET]82.132.234.80:10000, sid=3fe0e66a 466eec42
Wed Feb 18 15:21:26 2015 us=645504 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Wed Feb 18 15:21:26 2015 us=726582 82.132.234.80:10000 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #1 / time = (1424273031) Wed Feb 18 15:23:51 2015 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Wed Feb 18 15:21:26 2015 us=726645 82.132.234.80:10000 TLS Error: incoming packet authentication failed from [AF_INET]82.132.234.80:10000
Wed Feb 18 15:21:28 2015 us=786948 82.132.234.80:10000 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #1 / time = (1424273031) Wed Feb 18 15:23:51 2015 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Wed Feb 18 15:21:28 2015 us=787014 82.132.234.80:10000 TLS Error: incoming packet authentication failed from [AF_INET]82.132.234.80:10000
Wed Feb 18 15:21:33 2015 us=305268 82.132.234.80:10000 Replay-window backtrack occurred [3]
Wed Feb 18 15:21:33 2015 us=305357 82.132.234.80:10000 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #2 / time = (1424273031) Wed Feb 18 15:23:51 2015 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Wed Feb 18 15:21:33 2015 us=305389 82.132.234.80:10000 TLS Error: incoming packet authentication failed from [AF_INET]82.132.234.80:10000
Wed Feb 18 15:21:33 2015 us=385380 82.132.234.80:10000 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #3 / time = (1424273031) Wed Feb 18 15:23:51 2015 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Wed Feb 18 15:21:33 2015 us=385435 82.132.234.80:10000 TLS Error: incoming packet authentication failed from [AF_INET]82.132.234.80:10000
Wed Feb 18 15:21:35 2015 us=305282 82.132.234.80:10000 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #2 / time = (1424273031) Wed Feb 18 15:23:51 2015 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Wed Feb 18 15:21:35 2015 us=305362 82.132.234.80:10000 TLS Error: incoming packet authentication failed from [AF_INET]82.132.234.80:10000
Wed Feb 18 15:21:35 2015 us=504441 82.132.234.80:10000 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #3 / time = (1424273031) Wed Feb 18 15:23:51 2015 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Wed Feb 18 15:21:35 2015 us=504496 82.132.234.80:10000 TLS Error: incoming packet authentication failed from [AF_INET]82.132.234.80:10000
Wed Feb 18 15:22:16 2015 us=465238 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Wed Feb 18 15:22:16 2015 us=474778 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Wed Feb 18 15:22:16 2015 us=495496 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Wed Feb 18 15:22:20 2015 us=704804 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Wed Feb 18 15:22:21 2015 us=911297 82.132.234.80:52225 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Feb 18 15:22:21 2015 us=911375 82.132.234.80:52225 TLS Error: TLS handshake failed
Wed Feb 18 15:22:21 2015 us=911683 82.132.234.80:52225 SIGUSR1[soft,tls-error] received, client-instance restarting
Wed Feb 18 15:22:24 2015 us=951217 82.132.234.80:10000 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Feb 18 15:22:24 2015 us=951294 82.132.234.80:10000 TLS Error: TLS handshake failed
Wed Feb 18 15:22:24 2015 us=951526 82.132.234.80:10000 SIGUSR1[soft,tls-error] received, client-instance restarting
Wed Feb 18 15:26:09 2015 us=924328 MULTI: multi_create_instance called
Wed Feb 18 15:26:09 2015 us=924475 82.132.234.80:52280 Re-using SSL/TLS context
Wed Feb 18 15:26:09 2015 us=924508 82.132.234.80:52280 LZO compression initialized
Wed Feb 18 15:26:09 2015 us=924528 82.132.234.80:52280 WARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 1420)
Wed Feb 18 15:26:09 2015 us=924753 82.132.234.80:52280 Control Channel MTU parms [ L:1478 D:166 EF:66 EB:0 ET:0 EL:0 ]
Wed Feb 18 15:26:09 2015 us=924788 82.132.234.80:52280 Data Channel MTU parms [ L:1478 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ]
Wed Feb 18 15:26:09 2015 us=924910 82.132.234.80:52280 Local Options String: 'V4,dev-type tun,link-mtu 1478,tun-mtu 1420,proto UDPv4,comp-lzo,keydir 0,cipher AES-128-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server'
Wed Feb 18 15:26:09 2015 us=924932 82.132.234.80:52280 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1478,tun-mtu 1420,proto UDPv4,comp-lzo,keydir 1,cipher AES-128-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client'
Wed Feb 18 15:26:09 2015 us=924965 82.132.234.80:52280 Local Options hash (VER=V4): 'f54f49db'
Wed Feb 18 15:26:09 2015 us=924993 82.132.234.80:52280 Expected Remote Options hash (VER=V4): '102cb293'
Wed Feb 18 15:26:09 2015 us=925056 82.132.234.80:52280 TLS: Initial packet from [AF_INET]82.132.234.80:52280, sid=db13318e 3bf75d40
Wed Feb 18 15:26:12 2015 us=362879 82.132.234.80:52280 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #3 / time = (1424273315) Wed Feb 18 15:28:35 2015 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Wed Feb 18 15:26:12 2015 us=362975 82.132.234.80:52280 TLS Error: incoming packet authentication failed from [AF_INET]82.132.234.80:52280
Wed Feb 18 15:26:49 2015 us=712850 82.132.234.80:52280 VERIFY OK: depth=1, /C=UK/ST=Wiltshire/L=Trowbridge/O=PriorityIT/OU=HelpDesk/CN=OpenVPN/name=Peter_Hopkins/emailAddress=peter@priorityit.co.uk
Wed Feb 18 15:26:49 2015 us=713592 82.132.234.80:52280 VERIFY OK: depth=0, /C=UK/ST=Wiltshire/L=Trowbridge/O=PriorityIT/OU=HelpDesk/CN=PHopkins/name=Peter_Hopkins/emailAddress=Peter@priorityit.co.uk
Wed Feb 18 15:26:50 2015 us=975744 82.132.234.80:52280 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #64 / time = (1424273315) Wed Feb 18 15:28:35 2015 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Wed Feb 18 15:26:50 2015 us=975814 82.132.234.80:52280 TLS Error: incoming packet authentication failed from [AF_INET]82.132.234.80:52280
Wed Feb 18 15:26:51 2015 us=144087 82.132.234.80:52280 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #65 / time = (1424273315) Wed Feb 18 15:28:35 2015 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Wed Feb 18 15:26:51 2015 us=144150 82.132.234.80:52280 TLS Error: incoming packet authentication failed from [AF_INET]82.132.234.80:52280
Wed Feb 18 15:26:51 2015 us=505714 82.132.234.80:52280 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1478', remote='link-mtu 1558'
Wed Feb 18 15:26:51 2015 us=505785 82.132.234.80:52280 WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1420', remote='tun-mtu 1500'
Wed Feb 18 15:26:51 2015 us=506198 82.132.234.80:52280 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Wed Feb 18 15:26:51 2015 us=506226 82.132.234.80:52280 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Feb 18 15:26:51 2015 us=506248 82.132.234.80:52280 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Wed Feb 18 15:26:51 2015 us=506268 82.132.234.80:52280 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Feb 18 15:26:53 2015 us=582644 82.132.234.80:52280 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #68 / time = (1424273315) Wed Feb 18 15:28:35 2015 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Wed Feb 18 15:26:53 2015 us=582715 82.132.234.80:52280 TLS Error: incoming packet authentication failed from [AF_INET]82.132.234.80:52280
Wed Feb 18 15:26:55 2015 us=582842 82.132.234.80:52280 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #68 / time = (1424273315) Wed Feb 18 15:28:35 2015 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Wed Feb 18 15:26:55 2015 us=582883 82.132.234.80:52280 TLS Error: incoming packet authentication failed from [AF_INET]82.132.234.80:52280
Wed Feb 18 15:26:56 2015 us=153705 82.132.234.80:52280 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Wed Feb 18 15:26:56 2015 us=153800 82.132.234.80:52280 [PHopkins] Peer Connection Initiated with [AF_INET]82.132.234.80:52280
Wed Feb 18 15:26:56 2015 us=153913 PHopkins/82.132.234.80:52280 MULTI: Learn: 10.8.0.6 -> PHopkins/82.132.234.80:52280
Wed Feb 18 15:26:56 2015 us=153939 PHopkins/82.132.234.80:52280 MULTI: primary virtual IP for PHopkins/82.132.234.80:52280: 10.8.0.6
Wed Feb 18 15:26:56 2015 us=202841 PHopkins/82.132.234.80:52280 PUSH: Received control message: 'PUSH_REQUEST'
Wed Feb 18 15:26:56 2015 us=202937 PHopkins/82.132.234.80:52280 SENT CONTROL [PHopkins]: 'PUSH_REPLY,route 10.8.0.1 255.255.255.255,route 10.8.0.0 255.255.255.0,route 172.16.200.0 255.255.255.0,dhcp-option DNS 8.8.8.8,redirect-gateway def1,route 10.8.0.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5' (status=1)
Wed Feb 18 15:26:57 2015 us=132615 PHopkins/82.132.234.80:52280 PUSH: Received control message: 'PUSH_REQUEST'
Wed Feb 18 15:26:57 2015 us=132742 PHopkins/82.132.234.80:52280 SENT CONTROL [PHopkins]: 'PUSH_REPLY,route 10.8.0.1 255.255.255.255,route 10.8.0.0 255.255.255.0,route 172.16.200.0 255.255.255.0,dhcp-option DNS 8.8.8.8,redirect-gateway def1,route 10.8.0.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5' (status=1)
Wed Feb 18 15:26:58 2015 us=111823 PHopkins/82.132.234.80:52280 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #73 / time = (1424273315) Wed Feb 18 15:28:35 2015 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Wed Feb 18 15:26:58 2015 us=111893 PHopkins/82.132.234.80:52280 TLS Error: incoming packet authentication failed from [AF_INET]82.132.234.80:52280
Wed Feb 18 15:26:59 2015 us=153929 PHopkins/82.132.234.80:52280 PUSH: Received control message: 'PUSH_REQUEST'
Wed Feb 18 15:26:59 2015 us=154056 PHopkins/82.132.234.80:52280 SENT CONTROL [PHopkins]: 'PUSH_REPLY,route 10.8.0.1 255.255.255.255,route 10.8.0.0 255.255.255.0,route 172.16.200.0 255.255.255.0,dhcp-option DNS 8.8.8.8,redirect-gateway def1,route 10.8.0.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5' (status=1)
Wed Feb 18 15:26:59 2015 us=172853 PHopkins/82.132.234.80:52280 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #74 / time = (1424273315) Wed Feb 18 15:28:35 2015 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Wed Feb 18 15:26:59 2015 us=172923 PHopkins/82.132.234.80:52280 TLS Error: incoming packet authentication failed from [AF_INET]82.132.234.80:52280

Traffic · Post by **Traffic** » Wed Feb 18, 2015 9:33 pm

This:

Tularis wrote:Wed Feb 18 15:26:59 2015 us=172853 PHopkins/82.132.234.80:52280 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #74 / time = (1424273315) Wed Feb 18 15:28:35 2015 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings

Is most likely caused by this:

Tularis wrote:I'm not using a raspberry pi but a Debian 6.0.10 Linux VM

Simple answer .. don't use a VM ..

And use an up to date OpenVPN Version:

Tularis wrote:Wed Feb 18 15:20:38 2015 us=958798 OpenVPN 2.1.3 i486-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [MH] [PF_INET6] [eurephia] built on Jun 6 2013

Tularis wrote:I've managed to get the VPN to connect but browsing the internet over it is VERY slow.
Some websites will load e.g. "whatismyip.com" but others will not. [What is my IP shows my office WAN address so it seems to be setup correctly]

Check your office Firewall allows you to browse the websites that appear to be blocked. Note: OpenVPN does not do any blocking .. so if some http sites load while others do not, it is very unlikely that has anything to do with OpenVPN.

Tularis · Post by **Tularis** » Thu Feb 19, 2015 5:49 pm

Hi traffic,

The office is using a draytek router no advanced firewall just NAT, no websites are blocked.
For example Google.com will never complete it's load but whatismyip.com will. Which is what I think to be a MTU issue.

Why not run it in a VM I haven't found anything online to advised against it and the VM had more CPU resources then my Ras pi...

How would I update the VPN server ? As simple as apt-get update / upgrade ??

I think the log line your looking at is when my phone failed to connect te first time, im going to relocate this VPN so that I can test in the incoming connections from the office...... Cheers for the help

Traffic · Post by **Traffic** » Thu Feb 19, 2015 7:53 pm

Tularis wrote:For example Google.com will never complete it's load but whatismyip.com will

From your client can you trace route and/or ping google.com ?

OpenVPN Support Forum

HTTP Traffic Slow

HTTP Traffic Slow

Re: HTTP Traffic Slow

Re: HTTP Traffic Slow

Re: HTTP Traffic Slow

Re: HTTP Traffic Slow

Re: HTTP Traffic Slow

Re: HTTP Traffic Slow