[Solved] TLS handshake timeout (failed to occur in 60 second

[shamil]

I know you guys have seen this problem a lot. I spent weeks of lurking around here in my off time to try to figure this out. I'm stumped. Haven't found a solution for "tls handshake failed to occur in 60 seconds". In my server config you'll see commented out "hand-window" and "tls-timeout" commented out as i have tried those. Perhaps there's something going on with my firewall that i need to change and have been unable to find an answer for. All of the files are where they are all supposed to be for the server and the client (this part was not hard, hell, none of this was hard, just this damned timeout is).

My setup is configured to work through a ddns domain name that gets updated once every few hours. I even switched to tcp temporarily to see if that yielded anything different; i still couldn't connect, so went immediately back to preferred udp.

I have tested this configuration on a computer outside of the network. It was my work computer where with a basic vpn connection setup works; how i know where i work, that port 1194 is not blocked. I went for a move for better security.

My router has 1194 port forwarded to my server, local network addressing is 192.168.1.xxx/24.

Server config

Code: Select all

#################################################
# Sample OpenVPN 2.0 config file for            #
# multi-client server.                          #
#                                               #
# This file is for the server side              #
# of a many-clients <-> one-server              #
# OpenVPN configuration.                        #
#                                               #
# OpenVPN also supports                         #
# single-machine <-> single-machine             #
# configurations (See the Examples page         #
# on the web site for more info).               #
#                                               #
# This config should work on Windows            #
# or Linux/BSD systems.  Remember on            #
# Windows to quote pathnames and use            #
# double backslashes, e.g.:                     #
# "C:\\Program Files\\OpenVPN\\config\\foo.key" #
#                                               #
# Comments are preceded with '#' or ';'         #
#################################################

# Which local IP address should OpenVPN
# listen on? (optional)
;local a.b.c.d

# Which TCP/UDP port should OpenVPN listen on?
# If you want to run multiple OpenVPN instances
# on the same machine, use a different port
# number for each one.  You will need to
# open up this port on your firewall.
port 1194

# TCP or UDP server?
;proto tcp
proto udp

# "dev tun" will create a routed IP tunnel,
# "dev tap" will create an ethernet tunnel.
# Use "dev tap0" if you are ethernet bridging
# and have precreated a tap0 virtual interface
# and bridged it with your ethernet interface.
# If you want to control access policies
# over the VPN, you must create firewall
# rules for the the TUN/TAP interface.
# On non-Windows systems, you can give
# an explicit unit number, such as tun0.
# On Windows, use "dev-node" for this.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
;dev tap
dev tun

# Windows needs the TAP-Win32 adapter name
# from the Network Connections panel if you
# have more than one.  On XP SP2 or higher,
# you may need to selectively disable the
# Windows firewall for the TAP adapter.
# Non-Windows systems usually don't need this.
;dev-node MyTap

##Minimum tls version
tls-version-min 1.2

# SSL/TLS root certificate (ca), certificate
# (cert), and private key (key).  Each client
# and the server must have their own cert and
# key file.  The server and all clients will
# use the same ca file.
#
# See the "easy-rsa" directory for a series
# of scripts for generating RSA certificates
# and private keys.  Remember to use
# a unique Common Name for the server
# and each of the client certificates.
#
# Any X509 key management system can be used.
# OpenVPN can also use a PKCS #12 formatted key file
# (see "pkcs12" directive in man page).
ca ca.crt
cert server.crt
key server.key  # This file should be kept secret

##Remote certification tls web server authentication
remote-cert-eku "TLS Web Server Authentication"

# Diffie hellman parameters.
# Generate your own with:
#   openssl dhparam -out dh1024.pem 1024
# Substitute 2048 for 1024 if you are using
# 2048 bit keys. 
dh dh4096.pem

# Configure server mode and supply a VPN subnet
# for OpenVPN to draw client addresses from.
# The server will take 10.8.0.1 for itself,
# the rest will be made available to clients.
# Each client will be able to reach the server
# on 10.8.0.1. Comment this line out if you are
# ethernet bridging. See the man page for more info.
server 10.8.0.0 255.255.255.0

# Maintain a record of client <-> virtual IP address
# associations in this file.  If OpenVPN goes down or
# is restarted, reconnecting clients can be assigned
# the same virtual IP address from the pool that was
# previously assigned.
ifconfig-pool-persist ipp.txt

# Configure server mode for ethernet bridging.
# You must first use your OS's bridging capability
# to bridge the TAP interface with the ethernet
# NIC interface.  Then you must manually set the
# IP/netmask on the bridge interface, here we
# assume 10.8.0.4/255.255.255.0.  Finally we
# must set aside an IP range in this subnet
# (start=10.8.0.50 end=10.8.0.100) to allocate
# to connecting clients.  Leave this line commented
# out unless you are ethernet bridging.
;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100

# Configure server mode for ethernet bridging
# using a DHCP-proxy, where clients talk
# to the OpenVPN server-side DHCP server
# to receive their IP address allocation
# and DNS server addresses.  You must first use
# your OS's bridging capability to bridge the TAP
# interface with the ethernet NIC interface.
# Note: this mode only works on clients (such as
# Windows), where the client-side TAP adapter is
# bound to a DHCP client.
;server-bridge

# Push routes to the client to allow it
# to reach other private subnets behind
# the server.  Remember that these
# private subnets will also need
# to know to route the OpenVPN client
# address pool (10.8.0.0/255.255.255.0)
# back to the OpenVPN server.
;push "route 192.168.10.0 255.255.255.0"
;push "route 192.168.20.0 255.255.255.0"

# To assign specific IP addresses to specific
# clients or if a connecting client has a private
# subnet behind it that should also have VPN access,
# use the subdirectory "ccd" for client-specific
# configuration files (see man page for more info).

# EXAMPLE: Suppose the client
# having the certificate common name "Thelonious"
# also has a small subnet behind his connecting
# machine, such as 192.168.40.128/255.255.255.248.
# First, uncomment out these lines:
;client-config-dir ccd
;route 192.168.40.128 255.255.255.248
# Then create a file ccd/Thelonious with this line:
#   iroute 192.168.40.128 255.255.255.248
# This will allow Thelonious' private subnet to
# access the VPN.  This example will only work
# if you are routing, not bridging, i.e. you are
# using "dev tun" and "server" directives.

# EXAMPLE: Suppose you want to give
# Thelonious a fixed VPN IP address of 10.9.0.1.
# First uncomment out these lines:
;client-config-dir ccd
;route 10.9.0.0 255.255.255.252
# Then add this line to ccd/Thelonious:
#   ifconfig-push 10.9.0.1 10.9.0.2

# Suppose that you want to enable different
# firewall access policies for different groups
# of clients.  There are two methods:
# (1) Run multiple OpenVPN daemons, one for each
#     group, and firewall the TUN/TAP interface
#     for each group/daemon appropriately.
# (2) (Advanced) Create a script to dynamically
#     modify the firewall in response to access
#     from different clients.  See man
#     page for more info on learn-address script.
;learn-address ./script

# If enabled, this directive will configure
# all clients to redirect their default
# network gateway through the VPN, causing
# all IP traffic such as web browsing and
# and DNS lookups to go through the VPN
# (The OpenVPN server machine may need to NAT
# or bridge the TUN/TAP interface to the internet
# in order for this to work properly).
push "redirect-gateway def1 bypass-dhcp"

# Certain Windows-specific network settings
# can be pushed to clients, such as DNS
# or WINS server addresses.  CAVEAT:
# http://openvpn.net/faq.html#dhcpcaveats
# The addresses below refer to the public
# DNS servers provided by opendns.com.
push "dhcp-option DNS 10.8.0.1"
;push "dhcp-option DNS 208.67.220.220"

# Uncomment this directive to allow different
# clients to be able to "see" each other.
# By default, clients will only see the server.
# To force clients to only see the server, you
# will also need to appropriately firewall the
# server's TUN/TAP interface.
;client-to-client

# Uncomment this directive if multiple clients
# might connect with the same certificate/key
# files or common names.  This is recommended
# only for testing purposes.  For production use,
# each client should have its own certificate/key
# pair.
#
# IF YOU HAVE NOT GENERATED INDIVIDUAL
# CERTIFICATE/KEY PAIRS FOR EACH CLIENT,
# EACH HAVING ITS OWN UNIQUE "COMMON NAME",
# UNCOMMENT THIS LINE OUT.
;duplicate-cn

# The keepalive directive causes ping-like
# messages to be sent back and forth over
# the link so that each side knows when
# the other side has gone down.
# Ping every 10 seconds, assume that remote
# peer is down if no ping received during
# a 120 second time period.
keepalive 10 120

##sha2 authorization
auth SHA512

##supported ciphers
tls-cipher TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256

##tls server
tls-server

##hand-window
;hand-window 120

##tls timeout
;tls-timeout=240

# For extra security beyond that provided
# by SSL/TLS, create an "HMAC firewall"
# to help block DoS attacks and UDP port flooding.
#
# Generate with:
#   openvpn --genkey --secret ta.key
#
# The server and each client must have
# a copy of this key.
# The second parameter should be '0'
# on the server and '1' on the clients.
tls-auth ta.key 0 # This file is secret

# Select a cryptographic cipher.
# This config item must be copied to
# the client config file as well.
;cipher BF-CBC        # Blowfish (default)
cipher AES-256-CBC   # AES
;cipher DES-EDE3-CBC  # Triple-DES

# Enable compression on the VPN link.
# If you enable it here, you must also
# enable it in the client config file.
comp-lzo

# The maximum number of concurrently connected
# clients we want to allow.
;max-clients 100

# It's a good idea to reduce the OpenVPN
# daemon's privileges after initialization.
#
# You can uncomment this out on
# non-Windows systems.
user nobody
group nogroup

# The persist options will try to avoid
# accessing certain resources on restart
# that may no longer be accessible because
# of the privilege downgrade.
persist-key
persist-tun

# Output a short status file showing
# current connections, truncated
# and rewritten every minute.
status openvpn-status.log

# By default, log messages will go to the syslog (or
# on Windows, if running as a service, they will go to
# the "\Program Files\OpenVPN\log" directory).
# Use log or log-append to override this default.
# "log" will truncate the log file on OpenVPN startup,
# while "log-append" will append to it.  Use one
# or the other (but not both).
;log         openvpn.log
;log-append  openvpn.log

# Set the appropriate level of log
# file verbosity.
#
# 0 is silent, except for fatal errors
# 4 is reasonable for general usage
# 5 and 6 can help to debug connection problems
# 9 is extremely verbose
verb 5

# Silence repeating messages.  At most 20
# sequential messages of the same message
# category will be output to the log.
;mute 20

Client config

Code: Select all

##############################################
# Sample client-side OpenVPN 2.0 config file #
# for connecting to multi-client server.     #
#                                            #
# This configuration can be used by multiple #
# clients, however each client should have   #
# its own cert and key files.                #
#                                            #
# On Windows, you might want to rename this  #
# file so it has a .ovpn extension           #
##############################################

# Specify that we are a client and that we
# will be pulling certain config file directives
# from the server.
client

# Use the same setting as you are using on
# the server.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
;dev tap
dev tun

##Minimum tls version
tls-version-min 1.2

# Windows needs the TAP-Win32 adapter name
# from the Network Connections panel
# if you have more than one.  On XP SP2,
# you may need to disable the firewall
# for the TAP adapter.
;dev-node MyTap

# Are we connecting to a TCP or
# UDP server?  Use the same setting as
# on the server.
;proto tcp
proto udp

# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
remote temp-server 1194

# Choose a random host from the remote
# list for load-balancing.  Otherwise
# try hosts in the order specified.
;remote-random

# Keep trying indefinitely to resolve the
# host name of the OpenVPN server.  Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite

# Most clients don't need to bind to
# a specific local port number.
nobind

# Downgrade privileges after initialization (non-Windows only)
;user nobody
;group nogroup

# Try to preserve some state across restarts.
persist-key
persist-tun

# If you are connecting through an
# HTTP proxy to reach the actual OpenVPN
# server, put the proxy server/IP and
# port number here.  See the man page
# if your proxy server requires
# authentication.
;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]

# Wireless networks often produce a lot
# of duplicate packets.  Set this flag
# to silence duplicate packet warnings.
mute-replay-warnings

# SSL/TLS parms.
# See the server config file for more
# description.  It's best to use
# a separate .crt/.key file pair
# for each client.  A single ca
# file can be used for all clients.
ca ca.crt
cert harcong.crt
key harcong.key

##Remote certification tls web server authentication
remote-cert-eku "TLS Web Server Authentication"

##sha2 authorization
auth SHA512

##tls client
tls-client

##supported ciphers
tls-cipher TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256

# Verify server certificate by checking
# that the certicate has the nsCertType
# field set to "server".  This is an
# important precaution to protect against
# a potential attack discussed here:
#  http://openvpn.net/howto.html#mitm
#
# To use this feature, you will need to generate
# your server certificates with the nsCertType
# field set to "server".  The build-key-server
# script in the easy-rsa folder will do this.
ns-cert-type server

##hand-window
;hand-window 120

##tls timeout
;tls-timeout=240

# If a tls-auth key is used on the server
# then every client must also have the key.
tls-auth ta.key 1

# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
cipher AES-256-CBC   # AES

# Enable compression on the VPN link.
# Don't enable this unless it is also
# enabled in the server config file.
comp-lzo

# Set log file verbosity.
verb 5

# Silence repeating messages
;mute 20

client log

Code: Select all

Thu Jun 25 22:20:34 2015 us=875968 Current Parameter Settings:
Thu Jun 25 22:20:34 2015 us=875968   config = 'temp_vpn.ovpn'
Thu Jun 25 22:20:34 2015 us=875968   mode = 0
Thu Jun 25 22:20:34 2015 us=875968   show_ciphers = DISABLED
Thu Jun 25 22:20:34 2015 us=875968   show_digests = DISABLED
Thu Jun 25 22:20:34 2015 us=875968   show_engines = DISABLED
Thu Jun 25 22:20:34 2015 us=875968   genkey = DISABLED
Thu Jun 25 22:20:34 2015 us=875968   key_pass_file = '[UNDEF]'
Thu Jun 25 22:20:34 2015 us=875968   show_tls_ciphers = DISABLED
Thu Jun 25 22:20:34 2015 us=875968 Connection profiles [default]:
Thu Jun 25 22:20:34 2015 us=875968   proto = udp
Thu Jun 25 22:20:34 2015 us=875968   local = '[UNDEF]'
Thu Jun 25 22:20:34 2015 us=875968   local_port = 0
Thu Jun 25 22:20:34 2015 us=875968   remote = 'temp-server'
Thu Jun 25 22:20:34 2015 us=875968   remote_port = 1194
Thu Jun 25 22:20:34 2015 us=875968   remote_float = DISABLED
Thu Jun 25 22:20:34 2015 us=875968   bind_defined = DISABLED
Thu Jun 25 22:20:34 2015 us=875968   bind_local = DISABLED
Thu Jun 25 22:20:34 2015 us=875968   connect_retry_seconds = 5
Thu Jun 25 22:20:34 2015 us=875968   connect_timeout = 10
Thu Jun 25 22:20:34 2015 us=875968   connect_retry_max = 0
Thu Jun 25 22:20:34 2015 us=875968   socks_proxy_server = '[UNDEF]'
Thu Jun 25 22:20:34 2015 us=875968   socks_proxy_port = 0
Thu Jun 25 22:20:34 2015 us=875968   socks_proxy_retry = DISABLED
Thu Jun 25 22:20:34 2015 us=875968   tun_mtu = 1500
Thu Jun 25 22:20:34 2015 us=875968   tun_mtu_defined = ENABLED
Thu Jun 25 22:20:34 2015 us=875968   link_mtu = 1500
Thu Jun 25 22:20:34 2015 us=875968   link_mtu_defined = DISABLED
Thu Jun 25 22:20:34 2015 us=875968   tun_mtu_extra = 0
Thu Jun 25 22:20:34 2015 us=875968   tun_mtu_extra_defined = DISABLED
Thu Jun 25 22:20:34 2015 us=875968   mtu_discover_type = -1
Thu Jun 25 22:20:34 2015 us=875968   fragment = 0
Thu Jun 25 22:20:34 2015 us=875968   mssfix = 1450
Thu Jun 25 22:20:34 2015 us=875968   explicit_exit_notification = 0
Thu Jun 25 22:20:34 2015 us=875968 Connection profiles END
Thu Jun 25 22:20:34 2015 us=875968   remote_random = DISABLED
Thu Jun 25 22:20:34 2015 us=875968   ipchange = '[UNDEF]'
Thu Jun 25 22:20:34 2015 us=875968   dev = 'tun'
Thu Jun 25 22:20:34 2015 us=875968   dev_type = '[UNDEF]'
Thu Jun 25 22:20:34 2015 us=875968   dev_node = '[UNDEF]'
Thu Jun 25 22:20:34 2015 us=875968   lladdr = '[UNDEF]'
Thu Jun 25 22:20:34 2015 us=875968   topology = 1
Thu Jun 25 22:20:34 2015 us=875968   tun_ipv6 = DISABLED
Thu Jun 25 22:20:34 2015 us=875968   ifconfig_local = '[UNDEF]'
Thu Jun 25 22:20:34 2015 us=875968   ifconfig_remote_netmask = '[UNDEF]'
Thu Jun 25 22:20:34 2015 us=875968   ifconfig_noexec = DISABLED
Thu Jun 25 22:20:34 2015 us=875968   ifconfig_nowarn = DISABLED
Thu Jun 25 22:20:34 2015 us=875968   ifconfig_ipv6_local = '[UNDEF]'
Thu Jun 25 22:20:34 2015 us=875968   ifconfig_ipv6_netbits = 0
Thu Jun 25 22:20:34 2015 us=875968   ifconfig_ipv6_remote = '[UNDEF]'
Thu Jun 25 22:20:34 2015 us=876968   shaper = 0
Thu Jun 25 22:20:34 2015 us=876968   mtu_test = 0
Thu Jun 25 22:20:34 2015 us=876968   mlock = DISABLED
Thu Jun 25 22:20:34 2015 us=876968   keepalive_ping = 0
Thu Jun 25 22:20:34 2015 us=876968   keepalive_timeout = 0
Thu Jun 25 22:20:34 2015 us=876968   inactivity_timeout = 0
Thu Jun 25 22:20:34 2015 us=876968   ping_send_timeout = 0
Thu Jun 25 22:20:34 2015 us=876968   ping_rec_timeout = 0
Thu Jun 25 22:20:34 2015 us=876968   ping_rec_timeout_action = 0
Thu Jun 25 22:20:34 2015 us=876968   ping_timer_remote = DISABLED
Thu Jun 25 22:20:34 2015 us=876968   remap_sigusr1 = 0
Thu Jun 25 22:20:34 2015 us=876968   persist_tun = ENABLED
Thu Jun 25 22:20:34 2015 us=876968   persist_local_ip = DISABLED
Thu Jun 25 22:20:34 2015 us=876968   persist_remote_ip = DISABLED
Thu Jun 25 22:20:34 2015 us=876968   persist_key = ENABLED
Thu Jun 25 22:20:34 2015 us=876968   passtos = DISABLED
Thu Jun 25 22:20:34 2015 us=876968   resolve_retry_seconds = 1000000000
Thu Jun 25 22:20:34 2015 us=876968   username = '[UNDEF]'
Thu Jun 25 22:20:34 2015 us=876968   groupname = '[UNDEF]'
Thu Jun 25 22:20:34 2015 us=876968   chroot_dir = '[UNDEF]'
Thu Jun 25 22:20:34 2015 us=876968   cd_dir = '[UNDEF]'
Thu Jun 25 22:20:34 2015 us=876968   writepid = '[UNDEF]'
Thu Jun 25 22:20:34 2015 us=876968   up_script = '[UNDEF]'
Thu Jun 25 22:20:34 2015 us=876968   down_script = '[UNDEF]'
Thu Jun 25 22:20:34 2015 us=876968   down_pre = DISABLED
Thu Jun 25 22:20:34 2015 us=876968   up_restart = DISABLED
Thu Jun 25 22:20:34 2015 us=876968   up_delay = DISABLED
Thu Jun 25 22:20:34 2015 us=876968   daemon = DISABLED
Thu Jun 25 22:20:34 2015 us=876968   inetd = 0
Thu Jun 25 22:20:34 2015 us=876968   log = ENABLED
Thu Jun 25 22:20:34 2015 us=876968   suppress_timestamps = DISABLED
Thu Jun 25 22:20:34 2015 us=876968   nice = 0
Thu Jun 25 22:20:34 2015 us=876968   verbosity = 5
Thu Jun 25 22:20:34 2015 us=876968   mute = 0
Thu Jun 25 22:20:34 2015 us=876968   status_file = '[UNDEF]'
Thu Jun 25 22:20:34 2015 us=876968   status_file_version = 1
Thu Jun 25 22:20:34 2015 us=876968   status_file_update_freq = 60
Thu Jun 25 22:20:34 2015 us=876968   occ = ENABLED
Thu Jun 25 22:20:34 2015 us=876968   rcvbuf = 0
Thu Jun 25 22:20:34 2015 us=876968   sndbuf = 0
Thu Jun 25 22:20:34 2015 us=876968   sockflags = 0
Thu Jun 25 22:20:34 2015 us=876968   fast_io = DISABLED
Thu Jun 25 22:20:34 2015 us=876968   lzo = 7
Thu Jun 25 22:20:34 2015 us=876968   route_script = '[UNDEF]'
Thu Jun 25 22:20:34 2015 us=876968   route_default_gateway = '[UNDEF]'
Thu Jun 25 22:20:34 2015 us=876968   route_default_metric = 0
Thu Jun 25 22:20:34 2015 us=876968   route_noexec = DISABLED
Thu Jun 25 22:20:34 2015 us=876968   route_delay = 5
Thu Jun 25 22:20:34 2015 us=876968   route_delay_window = 30
Thu Jun 25 22:20:34 2015 us=876968   route_delay_defined = ENABLED
Thu Jun 25 22:20:34 2015 us=876968   route_nopull = DISABLED
Thu Jun 25 22:20:34 2015 us=876968   route_gateway_via_dhcp = DISABLED
Thu Jun 25 22:20:34 2015 us=876968   max_routes = 100
Thu Jun 25 22:20:34 2015 us=876968   allow_pull_fqdn = DISABLED
Thu Jun 25 22:20:34 2015 us=876968   management_addr = '127.0.0.1'
Thu Jun 25 22:20:34 2015 us=876968   management_port = 25340
Thu Jun 25 22:20:34 2015 us=876968   management_user_pass = 'stdin'
Thu Jun 25 22:20:34 2015 us=876968   management_log_history_cache = 250
Thu Jun 25 22:20:34 2015 us=876968   management_echo_buffer_size = 100
Thu Jun 25 22:20:34 2015 us=876968   management_write_peer_info_file = '[UNDEF]'
Thu Jun 25 22:20:34 2015 us=876968   management_client_user = '[UNDEF]'
Thu Jun 25 22:20:34 2015 us=876968   management_client_group = '[UNDEF]'
Thu Jun 25 22:20:34 2015 us=876968   management_flags = 6
Thu Jun 25 22:20:34 2015 us=876968   shared_secret_file = '[UNDEF]'
Thu Jun 25 22:20:34 2015 us=876968   key_direction = 2
Thu Jun 25 22:20:34 2015 us=876968   ciphername_defined = ENABLED
Thu Jun 25 22:20:34 2015 us=876968   ciphername = 'AES-256-CBC'
Thu Jun 25 22:20:34 2015 us=876968   authname_defined = ENABLED
Thu Jun 25 22:20:34 2015 us=876968   authname = 'SHA512'
Thu Jun 25 22:20:34 2015 us=876968   prng_hash = 'SHA1'
Thu Jun 25 22:20:34 2015 us=876968   prng_nonce_secret_len = 16
Thu Jun 25 22:20:34 2015 us=876968   keysize = 0
Thu Jun 25 22:20:34 2015 us=876968   engine = DISABLED
Thu Jun 25 22:20:34 2015 us=876968   replay = ENABLED
Thu Jun 25 22:20:34 2015 us=876968   mute_replay_warnings = ENABLED
Thu Jun 25 22:20:34 2015 us=876968   replay_window = 64
Thu Jun 25 22:20:34 2015 us=876968   replay_time = 15
Thu Jun 25 22:20:34 2015 us=876968   packet_id_file = '[UNDEF]'
Thu Jun 25 22:20:34 2015 us=876968   use_iv = ENABLED
Thu Jun 25 22:20:34 2015 us=876968   test_crypto = DISABLED
Thu Jun 25 22:20:34 2015 us=876968   tls_server = DISABLED
Thu Jun 25 22:20:34 2015 us=876968   tls_client = ENABLED
Thu Jun 25 22:20:34 2015 us=876968   key_method = 2
Thu Jun 25 22:20:34 2015 us=876968   ca_file = 'ca.crt'
Thu Jun 25 22:20:34 2015 us=876968   ca_path = '[UNDEF]'
Thu Jun 25 22:20:34 2015 us=876968   dh_file = '[UNDEF]'
Thu Jun 25 22:20:34 2015 us=876968   cert_file = 'harcong.crt'
Thu Jun 25 22:20:34 2015 us=876968   priv_key_file = 'harcong.key'
Thu Jun 25 22:20:34 2015 us=876968   pkcs12_file = '[UNDEF]'
Thu Jun 25 22:20:34 2015 us=876968   cryptoapi_cert = '[UNDEF]'
Thu Jun 25 22:20:34 2015 us=876968   cipher_list = 'TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256'
Thu Jun 25 22:20:34 2015 us=876968   tls_verify = '[UNDEF]'
Thu Jun 25 22:20:34 2015 us=876968   tls_export_cert = '[UNDEF]'
Thu Jun 25 22:20:34 2015 us=876968   verify_x509_type = 0
Thu Jun 25 22:20:34 2015 us=876968   verify_x509_name = '[UNDEF]'
Thu Jun 25 22:20:34 2015 us=876968   crl_file = '[UNDEF]'
Thu Jun 25 22:20:34 2015 us=876968   ns_cert_type = 1
Thu Jun 25 22:20:34 2015 us=876968   remote_cert_ku[i] = 0
Thu Jun 25 22:20:34 2015 us=876968   remote_cert_ku[i] = 0
Thu Jun 25 22:20:34 2015 us=876968   remote_cert_ku[i] = 0
Thu Jun 25 22:20:34 2015 us=876968   remote_cert_ku[i] = 0
Thu Jun 25 22:20:34 2015 us=876968   remote_cert_ku[i] = 0
Thu Jun 25 22:20:34 2015 us=876968   remote_cert_ku[i] = 0
Thu Jun 25 22:20:34 2015 us=876968   remote_cert_ku[i] = 0
Thu Jun 25 22:20:34 2015 us=876968   remote_cert_ku[i] = 0
Thu Jun 25 22:20:34 2015 us=876968   remote_cert_ku[i] = 0
Thu Jun 25 22:20:34 2015 us=876968   remote_cert_ku[i] = 0
Thu Jun 25 22:20:34 2015 us=876968   remote_cert_ku[i] = 0
Thu Jun 25 22:20:34 2015 us=876968   remote_cert_ku[i] = 0
Thu Jun 25 22:20:34 2015 us=876968   remote_cert_ku[i] = 0
Thu Jun 25 22:20:34 2015 us=876968   remote_cert_ku[i] = 0
Thu Jun 25 22:20:34 2015 us=876968   remote_cert_ku[i] = 0
Thu Jun 25 22:20:34 2015 us=876968   remote_cert_ku[i] = 0
Thu Jun 25 22:20:34 2015 us=876968   remote_cert_eku = 'TLS Web Server Authentication'
Thu Jun 25 22:20:34 2015 us=876968   ssl_flags = 192
Thu Jun 25 22:20:34 2015 us=876968   tls_timeout = 2
Thu Jun 25 22:20:34 2015 us=876968   renegotiate_bytes = 0
Thu Jun 25 22:20:34 2015 us=876968   renegotiate_packets = 0
Thu Jun 25 22:20:34 2015 us=876968   renegotiate_seconds = 3600
Thu Jun 25 22:20:34 2015 us=876968   handshake_window = 60
Thu Jun 25 22:20:34 2015 us=876968   transition_window = 3600
Thu Jun 25 22:20:34 2015 us=876968   single_session = DISABLED
Thu Jun 25 22:20:34 2015 us=876968   push_peer_info = DISABLED
Thu Jun 25 22:20:34 2015 us=876968   tls_exit = DISABLED
Thu Jun 25 22:20:34 2015 us=876968   tls_auth_file = 'ta.key'
Thu Jun 25 22:20:34 2015 us=876968   pkcs11_protected_authentication = DISABLED
Thu Jun 25 22:20:34 2015 us=876968   pkcs11_protected_authentication = DISABLED
Thu Jun 25 22:20:34 2015 us=876968   pkcs11_protected_authentication = DISABLED
Thu Jun 25 22:20:34 2015 us=876968   pkcs11_protected_authentication = DISABLED
Thu Jun 25 22:20:34 2015 us=876968   pkcs11_protected_authentication = DISABLED
Thu Jun 25 22:20:34 2015 us=876968   pkcs11_protected_authentication = DISABLED
Thu Jun 25 22:20:34 2015 us=876968   pkcs11_protected_authentication = DISABLED
Thu Jun 25 22:20:34 2015 us=876968   pkcs11_protected_authentication = DISABLED
Thu Jun 25 22:20:34 2015 us=876968   pkcs11_protected_authentication = DISABLED
Thu Jun 25 22:20:34 2015 us=876968   pkcs11_protected_authentication = DISABLED
Thu Jun 25 22:20:34 2015 us=876968   pkcs11_protected_authentication = DISABLED
Thu Jun 25 22:20:34 2015 us=876968   pkcs11_protected_authentication = DISABLED
Thu Jun 25 22:20:34 2015 us=876968   pkcs11_protected_authentication = DISABLED
Thu Jun 25 22:20:34 2015 us=876968   pkcs11_protected_authentication = DISABLED
Thu Jun 25 22:20:34 2015 us=876968   pkcs11_protected_authentication = DISABLED
Thu Jun 25 22:20:34 2015 us=876968   pkcs11_protected_authentication = DISABLED
Thu Jun 25 22:20:34 2015 us=876968   pkcs11_private_mode = 00000000
Thu Jun 25 22:20:34 2015 us=876968   pkcs11_private_mode = 00000000
Thu Jun 25 22:20:34 2015 us=876968   pkcs11_private_mode = 00000000
Thu Jun 25 22:20:34 2015 us=876968   pkcs11_private_mode = 00000000
Thu Jun 25 22:20:34 2015 us=876968   pkcs11_private_mode = 00000000
Thu Jun 25 22:20:34 2015 us=876968   pkcs11_private_mode = 00000000
Thu Jun 25 22:20:34 2015 us=876968   pkcs11_private_mode = 00000000
Thu Jun 25 22:20:34 2015 us=876968   pkcs11_private_mode = 00000000
Thu Jun 25 22:20:34 2015 us=876968   pkcs11_private_mode = 00000000
Thu Jun 25 22:20:34 2015 us=876968   pkcs11_private_mode = 00000000
Thu Jun 25 22:20:34 2015 us=876968   pkcs11_private_mode = 00000000
Thu Jun 25 22:20:34 2015 us=876968   pkcs11_private_mode = 00000000
Thu Jun 25 22:20:34 2015 us=876968   pkcs11_private_mode = 00000000
Thu Jun 25 22:20:34 2015 us=876968   pkcs11_private_mode = 00000000
Thu Jun 25 22:20:34 2015 us=876968   pkcs11_private_mode = 00000000
Thu Jun 25 22:20:34 2015 us=876968   pkcs11_private_mode = 00000000
Thu Jun 25 22:20:34 2015 us=876968   pkcs11_cert_private = DISABLED
Thu Jun 25 22:20:34 2015 us=876968   pkcs11_cert_private = DISABLED
Thu Jun 25 22:20:34 2015 us=876968   pkcs11_cert_private = DISABLED
Thu Jun 25 22:20:34 2015 us=876968   pkcs11_cert_private = DISABLED
Thu Jun 25 22:20:34 2015 us=876968   pkcs11_cert_private = DISABLED
Thu Jun 25 22:20:34 2015 us=876968   pkcs11_cert_private = DISABLED
Thu Jun 25 22:20:34 2015 us=876968   pkcs11_cert_private = DISABLED
Thu Jun 25 22:20:34 2015 us=876968   pkcs11_cert_private = DISABLED
Thu Jun 25 22:20:34 2015 us=876968   pkcs11_cert_private = DISABLED
Thu Jun 25 22:20:34 2015 us=876968   pkcs11_cert_private = DISABLED
Thu Jun 25 22:20:34 2015 us=876968   pkcs11_cert_private = DISABLED
Thu Jun 25 22:20:34 2015 us=876968   pkcs11_cert_private = DISABLED
Thu Jun 25 22:20:34 2015 us=876968   pkcs11_cert_private = DISABLED
Thu Jun 25 22:20:34 2015 us=876968   pkcs11_cert_private = DISABLED
Thu Jun 25 22:20:34 2015 us=876968   pkcs11_cert_private = DISABLED
Thu Jun 25 22:20:34 2015 us=876968   pkcs11_cert_private = DISABLED
Thu Jun 25 22:20:34 2015 us=876968   pkcs11_pin_cache_period = -1
Thu Jun 25 22:20:34 2015 us=876968   pkcs11_id = '[UNDEF]'
Thu Jun 25 22:20:34 2015 us=876968   pkcs11_id_management = DISABLED
Thu Jun 25 22:20:34 2015 us=876968   server_network = 0.0.0.0
Thu Jun 25 22:20:34 2015 us=876968   server_netmask = 0.0.0.0
Thu Jun 25 22:20:34 2015 us=876968   server_network_ipv6 = ::
Thu Jun 25 22:20:34 2015 us=876968   server_netbits_ipv6 = 0
Thu Jun 25 22:20:34 2015 us=876968   server_bridge_ip = 0.0.0.0
Thu Jun 25 22:20:34 2015 us=876968   server_bridge_netmask = 0.0.0.0
Thu Jun 25 22:20:34 2015 us=876968   server_bridge_pool_start = 0.0.0.0
Thu Jun 25 22:20:34 2015 us=876968   server_bridge_pool_end = 0.0.0.0
Thu Jun 25 22:20:34 2015 us=876968   ifconfig_pool_defined = DISABLED
Thu Jun 25 22:20:34 2015 us=876968   ifconfig_pool_start = 0.0.0.0
Thu Jun 25 22:20:34 2015 us=876968   ifconfig_pool_end = 0.0.0.0
Thu Jun 25 22:20:34 2015 us=876968   ifconfig_pool_netmask = 0.0.0.0
Thu Jun 25 22:20:34 2015 us=876968   ifconfig_pool_persist_filename = '[UNDEF]'
Thu Jun 25 22:20:34 2015 us=876968   ifconfig_pool_persist_refresh_freq = 600
Thu Jun 25 22:20:34 2015 us=876968   ifconfig_ipv6_pool_defined = DISABLED
Thu Jun 25 22:20:34 2015 us=876968   ifconfig_ipv6_pool_base = ::
Thu Jun 25 22:20:34 2015 us=876968   ifconfig_ipv6_pool_netbits = 0
Thu Jun 25 22:20:34 2015 us=876968   n_bcast_buf = 256
Thu Jun 25 22:20:34 2015 us=876968   tcp_queue_limit = 64
Thu Jun 25 22:20:34 2015 us=876968   real_hash_size = 256
Thu Jun 25 22:20:34 2015 us=876968   virtual_hash_size = 256
Thu Jun 25 22:20:34 2015 us=876968   client_connect_script = '[UNDEF]'
Thu Jun 25 22:20:34 2015 us=876968   learn_address_script = '[UNDEF]'
Thu Jun 25 22:20:34 2015 us=876968   client_disconnect_script = '[UNDEF]'
Thu Jun 25 22:20:34 2015 us=876968   client_config_dir = '[UNDEF]'
Thu Jun 25 22:20:34 2015 us=876968   ccd_exclusive = DISABLED
Thu Jun 25 22:20:34 2015 us=877968   tmp_dir = 'C:\Users\ADMINI~1\AppData\Local\Temp\'
Thu Jun 25 22:20:34 2015 us=877968   push_ifconfig_defined = DISABLED
Thu Jun 25 22:20:34 2015 us=877968   push_ifconfig_local = 0.0.0.0
Thu Jun 25 22:20:34 2015 us=877968   push_ifconfig_remote_netmask = 0.0.0.0
Thu Jun 25 22:20:34 2015 us=877968   push_ifconfig_ipv6_defined = DISABLED
Thu Jun 25 22:20:34 2015 us=877968   push_ifconfig_ipv6_local = ::/0
Thu Jun 25 22:20:34 2015 us=877968   push_ifconfig_ipv6_remote = ::
Thu Jun 25 22:20:34 2015 us=877968   enable_c2c = DISABLED
Thu Jun 25 22:20:34 2015 us=877968   duplicate_cn = DISABLED
Thu Jun 25 22:20:34 2015 us=877968   cf_max = 0
Thu Jun 25 22:20:34 2015 us=877968   cf_per = 0
Thu Jun 25 22:20:34 2015 us=877968   max_clients = 1024
Thu Jun 25 22:20:34 2015 us=877968   max_routes_per_client = 256
Thu Jun 25 22:20:34 2015 us=877968   auth_user_pass_verify_script = '[UNDEF]'
Thu Jun 25 22:20:34 2015 us=877968   auth_user_pass_verify_script_via_file = DISABLED
Thu Jun 25 22:20:34 2015 us=877968   client = ENABLED
Thu Jun 25 22:20:34 2015 us=877968   pull = ENABLED
Thu Jun 25 22:20:34 2015 us=877968   auth_user_pass_file = '[UNDEF]'
Thu Jun 25 22:20:34 2015 us=877968   show_net_up = DISABLED
Thu Jun 25 22:20:34 2015 us=877968   route_method = 0
Thu Jun 25 22:20:34 2015 us=877968   ip_win32_defined = DISABLED
Thu Jun 25 22:20:34 2015 us=877968   ip_win32_type = 3
Thu Jun 25 22:20:34 2015 us=877968   dhcp_masq_offset = 0
Thu Jun 25 22:20:34 2015 us=877968   dhcp_lease_time = 31536000
Thu Jun 25 22:20:34 2015 us=877968   tap_sleep = 0
Thu Jun 25 22:20:34 2015 us=877968   dhcp_options = DISABLED
Thu Jun 25 22:20:34 2015 us=877968   dhcp_renew = DISABLED
Thu Jun 25 22:20:34 2015 us=877968   dhcp_pre_release = DISABLED
Thu Jun 25 22:20:34 2015 us=877968   dhcp_release = DISABLED
Thu Jun 25 22:20:34 2015 us=877968   domain = '[UNDEF]'
Thu Jun 25 22:20:34 2015 us=877968   netbios_scope = '[UNDEF]'
Thu Jun 25 22:20:34 2015 us=877968   netbios_node_type = 0
Thu Jun 25 22:20:34 2015 us=877968   disable_nbt = DISABLED
Thu Jun 25 22:20:34 2015 us=877968 OpenVPN 2.3.6 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Mar 19 2015
Thu Jun 25 22:20:34 2015 us=877968 library versions: OpenSSL 1.0.1m 19 Mar 2015, LZO 2.08
Enter Management Password:
Thu Jun 25 22:20:34 2015 us=877968 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Thu Jun 25 22:20:34 2015 us=877968 Need hold release from management interface, waiting...
Thu Jun 25 22:20:35 2015 us=369996 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Thu Jun 25 22:20:35 2015 us=471002 MANAGEMENT: CMD 'state on'
Thu Jun 25 22:20:35 2015 us=471002 MANAGEMENT: CMD 'log all on'
Thu Jun 25 22:20:35 2015 us=544006 MANAGEMENT: CMD 'hold off'
Thu Jun 25 22:20:35 2015 us=544006 MANAGEMENT: CMD 'hold release'
Thu Jun 25 22:20:35 2015 us=622011 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
Thu Jun 25 22:20:35 2015 us=622011 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Thu Jun 25 22:20:35 2015 us=622011 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Thu Jun 25 22:20:35 2015 us=622011 LZO compression initialized
Thu Jun 25 22:20:35 2015 us=622011 Control Channel MTU parms [ L:1602 D:210 EF:110 EB:0 ET:0 EL:0 ]
Thu Jun 25 22:20:35 2015 us=622011 Socket Buffers: R=[8192->8192] S=[8192->8192]
Thu Jun 25 22:20:35 2015 us=622011 MANAGEMENT: >STATE:1435285235,RESOLVE,,,
Thu Jun 25 22:20:35 2015 us=623011 Data Channel MTU parms [ L:1602 D:1450 EF:102 EB:135 ET:0 EL:0 AF:3/1 ]
Thu Jun 25 22:20:35 2015 us=623011 Local Options String: 'V4,dev-type tun,link-mtu 1602,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-client'
Thu Jun 25 22:20:35 2015 us=623011 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1602,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-server'
Thu Jun 25 22:20:35 2015 us=624011 Local Options hash (VER=V4): 'a5d50645'
Thu Jun 25 22:20:35 2015 us=624011 Expected Remote Options hash (VER=V4): '14d315e7'
Thu Jun 25 22:20:35 2015 us=624011 UDPv4 link local: [undef]
Thu Jun 25 22:20:35 2015 us=624011 UDPv4 link remote: [AF_INET]192.168.1.79:1194
Thu Jun 25 22:20:35 2015 us=624011 MANAGEMENT: >STATE:1435285235,WAIT,,,
Thu Jun 25 22:20:35 2015 us=713016 MANAGEMENT: >STATE:1435285235,AUTH,,,
Thu Jun 25 22:20:35 2015 us=713016 TLS: Initial packet from [AF_INET]192.168.1.79:1194, sid=375a47cf 96da7561
Thu Jun 25 22:20:37 2015 us=436114 VERIFY OK: depth=1, C=US, ST=AK, L=Juneau, O=temp.net, OU=temp_vpn, CN=temp.net CA, name=server, emailAddress=admin@temp.net
Thu Jun 25 22:20:37 2015 us=437115 VERIFY OK: nsCertType=SERVER
Thu Jun 25 22:20:37 2015 us=437115 Validating certificate extended key usage
Thu Jun 25 22:20:37 2015 us=437115 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Thu Jun 25 22:20:37 2015 us=437115 VERIFY EKU OK
Thu Jun 25 22:20:37 2015 us=437115 VERIFY OK: depth=0, C=US, ST=AK, L=Juneau, O=temp.net, OU=temp_vpn, CN=server, name=server, emailAddress=admin@temp.net
Thu Jun 25 22:21:35 2015 us=637443 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Thu Jun 25 22:21:35 2015 us=637443 TLS Error: TLS handshake failed
Thu Jun 25 22:21:35 2015 us=637443 TCP/UDP: Closing socket
Thu Jun 25 22:21:35 2015 us=637443 SIGUSR1[soft,tls-error] received, process restarting
Thu Jun 25 22:21:35 2015 us=638443 MANAGEMENT: >STATE:1435285295,RECONNECTING,tls-error,,
Thu Jun 25 22:21:35 2015 us=638443 Restart pause, 2 second(s)
Thu Jun 25 22:21:37 2015 us=638558 Re-using SSL/TLS context
Thu Jun 25 22:21:37 2015 us=638558 LZO compression initialized
Thu Jun 25 22:21:37 2015 us=638558 Control Channel MTU parms [ L:1602 D:210 EF:110 EB:0 ET:0 EL:0 ]
Thu Jun 25 22:21:37 2015 us=638558 Socket Buffers: R=[8192->8192] S=[8192->8192]
Thu Jun 25 22:21:37 2015 us=638558 MANAGEMENT: >STATE:1435285297,RESOLVE,,,
Thu Jun 25 22:21:37 2015 us=639558 Data Channel MTU parms [ L:1602 D:1450 EF:102 EB:135 ET:0 EL:0 AF:3/1 ]
Thu Jun 25 22:21:37 2015 us=639558 Local Options String: 'V4,dev-type tun,link-mtu 1602,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-client'
Thu Jun 25 22:21:37 2015 us=639558 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1602,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-server'
Thu Jun 25 22:21:37 2015 us=639558 Local Options hash (VER=V4): 'a5d50645'
Thu Jun 25 22:21:37 2015 us=639558 Expected Remote Options hash (VER=V4): '14d315e7'
Thu Jun 25 22:21:37 2015 us=639558 UDPv4 link local: [undef]
Thu Jun 25 22:21:37 2015 us=639558 UDPv4 link remote: [AF_INET]192.168.1.79:1194
Thu Jun 25 22:21:37 2015 us=639558 MANAGEMENT: >STATE:1435285297,WAIT,,,
Thu Jun 25 22:21:37 2015 us=644558 MANAGEMENT: >STATE:1435285297,AUTH,,,
Thu Jun 25 22:21:37 2015 us=644558 TLS: Initial packet from [AF_INET]192.168.1.79:1194, sid=0a64280e d01ce89c
Thu Jun 25 22:21:38 2015 us=292595 TCP/UDP: Closing socket
Thu Jun 25 22:21:38 2015 us=292595 SIGTERM[hard,] received, process exiting
Thu Jun 25 22:21:38 2015 us=292595 MANAGEMENT: >STATE:1435285298,EXITING,SIGTERM,,
<..>

It does the same procedure, no difference when even trying to connect on my local network (the tls timeout). I grabbed log files from trying to connect locally since i knew it was going to do the same thing, and i'm home right now.
Put simply, what do wrong?

[Traffic]

Why no server log ?

[shamil]

oops, forgot that one.

server log

Code: Select all

Wed Jun 24 22:20:25 2015 us=583186 Current Parameter Settings:
Wed Jun 24 22:20:25 2015 us=583364   config = '/etc/openvpn/server.conf'
Wed Jun 24 22:20:25 2015 us=583406   mode = 1
Wed Jun 24 22:20:25 2015 us=583445   persist_config = DISABLED
Wed Jun 24 22:20:25 2015 us=583482   persist_mode = 1
Wed Jun 24 22:20:25 2015 us=583518   show_ciphers = DISABLED
Wed Jun 24 22:20:25 2015 us=583555   show_digests = DISABLED
Wed Jun 24 22:20:25 2015 us=583591   show_engines = DISABLED
Wed Jun 24 22:20:25 2015 us=583627   genkey = DISABLED
Wed Jun 24 22:20:25 2015 us=583663   key_pass_file = '[UNDEF]'
Wed Jun 24 22:20:25 2015 us=583701   show_tls_ciphers = DISABLED
Wed Jun 24 22:20:25 2015 us=583737 Connection profiles [default]:
Wed Jun 24 22:20:25 2015 us=583775   proto = udp
Wed Jun 24 22:20:25 2015 us=583811   local = '[UNDEF]'
Wed Jun 24 22:20:25 2015 us=583848   local_port = 1194
Wed Jun 24 22:20:25 2015 us=583884   remote = '[UNDEF]'
Wed Jun 24 22:20:25 2015 us=583921   remote_port = 1194
Wed Jun 24 22:20:25 2015 us=583957   remote_float = DISABLED
Wed Jun 24 22:20:25 2015 us=583993   bind_defined = DISABLED
Wed Jun 24 22:20:25 2015 us=584029   bind_local = ENABLED
Wed Jun 24 22:20:25 2015 us=584066   connect_retry_seconds = 5
Wed Jun 24 22:20:25 2015 us=584103   connect_timeout = 10
Wed Jun 24 22:20:25 2015 us=584139   connect_retry_max = 0
Wed Jun 24 22:20:25 2015 us=584176   socks_proxy_server = '[UNDEF]'
Wed Jun 24 22:20:25 2015 us=584213   socks_proxy_port = 0
Wed Jun 24 22:20:25 2015 us=584249   socks_proxy_retry = DISABLED
Wed Jun 24 22:20:25 2015 us=584286   tun_mtu = 1500
Wed Jun 24 22:20:25 2015 us=584322   tun_mtu_defined = ENABLED
Wed Jun 24 22:20:25 2015 us=584358   link_mtu = 1500
Wed Jun 24 22:20:25 2015 us=584394   link_mtu_defined = DISABLED
Wed Jun 24 22:20:25 2015 us=584431   tun_mtu_extra = 0
Wed Jun 24 22:20:25 2015 us=584467   tun_mtu_extra_defined = DISABLED
Wed Jun 24 22:20:25 2015 us=584504   mtu_discover_type = -1
Wed Jun 24 22:20:25 2015 us=584540   fragment = 0
Wed Jun 24 22:20:25 2015 us=584576   mssfix = 1450
Wed Jun 24 22:20:25 2015 us=584613   explicit_exit_notification = 0
Wed Jun 24 22:20:25 2015 us=584649 Connection profiles END
Wed Jun 24 22:20:25 2015 us=584686   remote_random = DISABLED
Wed Jun 24 22:20:25 2015 us=584722   ipchange = '[UNDEF]'
Wed Jun 24 22:20:25 2015 us=584758   dev = 'tun'
Wed Jun 24 22:20:25 2015 us=584794   dev_type = '[UNDEF]'
Wed Jun 24 22:20:25 2015 us=584831   dev_node = '[UNDEF]'
Wed Jun 24 22:20:25 2015 us=584867   lladdr = '[UNDEF]'
Wed Jun 24 22:20:25 2015 us=584903   topology = 1
Wed Jun 24 22:20:25 2015 us=584940   tun_ipv6 = DISABLED
Wed Jun 24 22:20:25 2015 us=584976   ifconfig_local = '10.8.0.1'
Wed Jun 24 22:20:25 2015 us=585013   ifconfig_remote_netmask = '10.8.0.2'
Wed Jun 24 22:20:25 2015 us=585050   ifconfig_noexec = DISABLED
Wed Jun 24 22:20:25 2015 us=585093   ifconfig_nowarn = DISABLED
Wed Jun 24 22:20:25 2015 us=585131   ifconfig_ipv6_local = '[UNDEF]'
Wed Jun 24 22:20:25 2015 us=585168   ifconfig_ipv6_netbits = 0
Wed Jun 24 22:20:25 2015 us=585205   ifconfig_ipv6_remote = '[UNDEF]'
Wed Jun 24 22:20:25 2015 us=585250   shaper = 0
Wed Jun 24 22:20:25 2015 us=585286   mtu_test = 0
Wed Jun 24 22:20:25 2015 us=585323   mlock = DISABLED
Wed Jun 24 22:20:25 2015 us=585444   keepalive_ping = 10
Wed Jun 24 22:20:25 2015 us=585494   keepalive_timeout = 120
Wed Jun 24 22:20:25 2015 us=585531   inactivity_timeout = 0
Wed Jun 24 22:20:25 2015 us=585572   ping_send_timeout = 10
Wed Jun 24 22:20:25 2015 us=585621   ping_rec_timeout = 240
Wed Jun 24 22:20:25 2015 us=585669   ping_rec_timeout_action = 2
Wed Jun 24 22:20:25 2015 us=585715   ping_timer_remote = DISABLED
Wed Jun 24 22:20:25 2015 us=585766   remap_sigusr1 = 0
Wed Jun 24 22:20:25 2015 us=585816   persist_tun = ENABLED
Wed Jun 24 22:20:25 2015 us=585864   persist_local_ip = DISABLED
Wed Jun 24 22:20:25 2015 us=585912   persist_remote_ip = DISABLED
Wed Jun 24 22:20:25 2015 us=585955   persist_key = ENABLED
Wed Jun 24 22:20:25 2015 us=585992   passtos = DISABLED
Wed Jun 24 22:20:25 2015 us=586030   resolve_retry_seconds = 1000000000
Wed Jun 24 22:20:25 2015 us=586091   username = 'nobody'
Wed Jun 24 22:20:25 2015 us=586129   groupname = 'nogroup'
Wed Jun 24 22:20:25 2015 us=586166   chroot_dir = '[UNDEF]'
Wed Jun 24 22:20:25 2015 us=586203   cd_dir = '/etc/openvpn'
Wed Jun 24 22:20:25 2015 us=586245   writepid = '[UNDEF]'
Wed Jun 24 22:20:25 2015 us=586295   up_script = '[UNDEF]'
Wed Jun 24 22:20:25 2015 us=586343   down_script = '[UNDEF]'
Wed Jun 24 22:20:25 2015 us=586390   down_pre = DISABLED
Wed Jun 24 22:20:25 2015 us=586440   up_restart = DISABLED
Wed Jun 24 22:20:25 2015 us=586488   up_delay = DISABLED
Wed Jun 24 22:20:25 2015 us=586537   daemon = ENABLED
Wed Jun 24 22:20:25 2015 us=586588   inetd = 0
Wed Jun 24 22:20:25 2015 us=586637   log = ENABLED
Wed Jun 24 22:20:25 2015 us=586686   suppress_timestamps = DISABLED
Wed Jun 24 22:20:25 2015 us=586737   nice = 0
Wed Jun 24 22:20:25 2015 us=586785   verbosity = 5
Wed Jun 24 22:20:25 2015 us=586834   mute = 0
Wed Jun 24 22:20:25 2015 us=586883   gremlin = 0
Wed Jun 24 22:20:25 2015 us=586934   status_file = 'openvpn-status.log'
Wed Jun 24 22:20:25 2015 us=586983   status_file_version = 1
Wed Jun 24 22:20:25 2015 us=587033   status_file_update_freq = 10
Wed Jun 24 22:20:25 2015 us=587083   occ = ENABLED
Wed Jun 24 22:20:25 2015 us=587133   rcvbuf = 65536
Wed Jun 24 22:20:25 2015 us=587182   sndbuf = 65536
Wed Jun 24 22:20:25 2015 us=587230   mark = 0
Wed Jun 24 22:20:25 2015 us=587281   sockflags = 0
Wed Jun 24 22:20:25 2015 us=587328   fast_io = DISABLED
Wed Jun 24 22:20:25 2015 us=587379   lzo = 7
Wed Jun 24 22:20:25 2015 us=587429   route_script = '[UNDEF]'
Wed Jun 24 22:20:25 2015 us=587478   route_default_gateway = '[UNDEF]'
Wed Jun 24 22:20:25 2015 us=587528   route_default_metric = 0
Wed Jun 24 22:20:25 2015 us=587576   route_noexec = DISABLED
Wed Jun 24 22:20:25 2015 us=587624   route_delay = 0
Wed Jun 24 22:20:25 2015 us=587674   route_delay_window = 30
Wed Jun 24 22:20:25 2015 us=587724   route_delay_defined = DISABLED
Wed Jun 24 22:20:25 2015 us=587772   route_nopull = DISABLED
Wed Jun 24 22:20:25 2015 us=587819   route_gateway_via_dhcp = DISABLED
Wed Jun 24 22:20:25 2015 us=587866   max_routes = 100
Wed Jun 24 22:20:25 2015 us=587916   allow_pull_fqdn = DISABLED
Wed Jun 24 22:20:25 2015 us=587966   route 10.8.0.0/255.255.255.0/nil/nil
Wed Jun 24 22:20:25 2015 us=588016   management_addr = '[UNDEF]'
Wed Jun 24 22:20:25 2015 us=588065   management_port = 0
Wed Jun 24 22:20:25 2015 us=588113   management_user_pass = '[UNDEF]'
Wed Jun 24 22:20:25 2015 us=588164   management_log_history_cache = 250
Wed Jun 24 22:20:25 2015 us=588214   management_echo_buffer_size = 100
Wed Jun 24 22:20:25 2015 us=588264   management_write_peer_info_file = '[UNDEF]'
Wed Jun 24 22:20:25 2015 us=588314   management_client_user = '[UNDEF]'
Wed Jun 24 22:20:25 2015 us=588365   management_client_group = '[UNDEF]'
Wed Jun 24 22:20:25 2015 us=588413   management_flags = 0
Wed Jun 24 22:20:25 2015 us=588463   shared_secret_file = '[UNDEF]'
Wed Jun 24 22:20:25 2015 us=588511   key_direction = 1
Wed Jun 24 22:20:25 2015 us=588559   ciphername_defined = ENABLED
Wed Jun 24 22:20:25 2015 us=588605   ciphername = 'AES-256-CBC'
Wed Jun 24 22:20:25 2015 us=588652   authname_defined = ENABLED
Wed Jun 24 22:20:25 2015 us=588699   authname = 'SHA512'
Wed Jun 24 22:20:25 2015 us=588746   prng_hash = 'SHA1'
Wed Jun 24 22:20:25 2015 us=588794   prng_nonce_secret_len = 16
Wed Jun 24 22:20:25 2015 us=588842   keysize = 0
Wed Jun 24 22:20:25 2015 us=588889   engine = DISABLED
Wed Jun 24 22:20:25 2015 us=588935   replay = ENABLED
Wed Jun 24 22:20:25 2015 us=588982   mute_replay_warnings = DISABLED
Wed Jun 24 22:20:25 2015 us=589029   replay_window = 64
Wed Jun 24 22:20:25 2015 us=589075   replay_time = 15
Wed Jun 24 22:20:25 2015 us=589122   packet_id_file = '[UNDEF]'
Wed Jun 24 22:20:25 2015 us=589178   use_iv = ENABLED
Wed Jun 24 22:20:25 2015 us=589229   test_crypto = DISABLED
Wed Jun 24 22:20:25 2015 us=589279   tls_server = ENABLED
Wed Jun 24 22:20:25 2015 us=589329   tls_client = DISABLED
Wed Jun 24 22:20:25 2015 us=589474   key_method = 2
Wed Jun 24 22:20:25 2015 us=589565   ca_file = 'ca.crt'
Wed Jun 24 22:20:25 2015 us=589616   ca_path = '[UNDEF]'
Wed Jun 24 22:20:25 2015 us=589667   dh_file = 'dh4096.pem'
Wed Jun 24 22:20:25 2015 us=589717   cert_file = 'server.crt'
Wed Jun 24 22:20:25 2015 us=589765   priv_key_file = 'server.key'
Wed Jun 24 22:20:25 2015 us=589815   pkcs12_file = '[UNDEF]'
Wed Jun 24 22:20:25 2015 us=589866   cipher_list = 'TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256'
Wed Jun 24 22:20:25 2015 us=589917   tls_verify = '[UNDEF]'
Wed Jun 24 22:20:25 2015 us=589966   tls_export_cert = '[UNDEF]'
Wed Jun 24 22:20:25 2015 us=590015   verify_x509_type = 0
Wed Jun 24 22:20:25 2015 us=590064   verify_x509_name = '[UNDEF]'
Wed Jun 24 22:20:25 2015 us=590113   crl_file = '[UNDEF]'
Wed Jun 24 22:20:25 2015 us=590161   ns_cert_type = 0
Wed Jun 24 22:20:25 2015 us=590212   remote_cert_ku[i] = 0
Wed Jun 24 22:20:25 2015 us=590251   remote_cert_ku[i] = 0
Wed Jun 24 22:20:25 2015 us=590289   remote_cert_ku[i] = 0
Wed Jun 24 22:20:25 2015 us=590325   remote_cert_ku[i] = 0
Wed Jun 24 22:20:25 2015 us=590362   remote_cert_ku[i] = 0
Wed Jun 24 22:20:25 2015 us=590398   remote_cert_ku[i] = 0
Wed Jun 24 22:20:25 2015 us=590435   remote_cert_ku[i] = 0
Wed Jun 24 22:20:25 2015 us=590471   remote_cert_ku[i] = 0
Wed Jun 24 22:20:25 2015 us=590507   remote_cert_ku[i] = 0
Wed Jun 24 22:20:25 2015 us=590544   remote_cert_ku[i] = 0
Wed Jun 24 22:20:25 2015 us=590581   remote_cert_ku[i] = 0
Wed Jun 24 22:20:25 2015 us=590617   remote_cert_ku[i] = 0
Wed Jun 24 22:20:25 2015 us=590654   remote_cert_ku[i] = 0
Wed Jun 24 22:20:25 2015 us=590690   remote_cert_ku[i] = 0
Wed Jun 24 22:20:25 2015 us=590737   remote_cert_ku[i] = 0
Wed Jun 24 22:20:25 2015 us=590785   remote_cert_ku[i] = 0
Wed Jun 24 22:20:25 2015 us=590836   remote_cert_eku = 'TLS Web Server Authentication'
Wed Jun 24 22:20:25 2015 us=590885   ssl_flags = 192
Wed Jun 24 22:20:25 2015 us=590936   tls_timeout = 2
Wed Jun 24 22:20:25 2015 us=590986   renegotiate_bytes = 0
Wed Jun 24 22:20:25 2015 us=591035   renegotiate_packets = 0
Wed Jun 24 22:20:25 2015 us=591085   renegotiate_seconds = 3600
Wed Jun 24 22:20:25 2015 us=591136   handshake_window = 60
Wed Jun 24 22:20:25 2015 us=591186   transition_window = 3600
Wed Jun 24 22:20:25 2015 us=591235   single_session = DISABLED
Wed Jun 24 22:20:25 2015 us=591285   push_peer_info = DISABLED
Wed Jun 24 22:20:25 2015 us=591335   tls_exit = DISABLED
Wed Jun 24 22:20:25 2015 us=591385   tls_auth_file = 'ta.key'
Wed Jun 24 22:20:25 2015 us=591437   pkcs11_protected_authentication = DISABLED
Wed Jun 24 22:20:25 2015 us=591488   pkcs11_protected_authentication = DISABLED
Wed Jun 24 22:20:25 2015 us=591540   pkcs11_protected_authentication = DISABLED
Wed Jun 24 22:20:25 2015 us=591592   pkcs11_protected_authentication = DISABLED
Wed Jun 24 22:20:25 2015 us=591643   pkcs11_protected_authentication = DISABLED
Wed Jun 24 22:20:25 2015 us=591694   pkcs11_protected_authentication = DISABLED
Wed Jun 24 22:20:25 2015 us=591745   pkcs11_protected_authentication = DISABLED
Wed Jun 24 22:20:25 2015 us=591797   pkcs11_protected_authentication = DISABLED
Wed Jun 24 22:20:25 2015 us=591849   pkcs11_protected_authentication = DISABLED
Wed Jun 24 22:20:25 2015 us=591899   pkcs11_protected_authentication = DISABLED
Wed Jun 24 22:20:25 2015 us=591951   pkcs11_protected_authentication = DISABLED
Wed Jun 24 22:20:25 2015 us=592002   pkcs11_protected_authentication = DISABLED
Wed Jun 24 22:20:25 2015 us=592053   pkcs11_protected_authentication = DISABLED
Wed Jun 24 22:20:25 2015 us=592104   pkcs11_protected_authentication = DISABLED
Wed Jun 24 22:20:25 2015 us=592154   pkcs11_protected_authentication = DISABLED
Wed Jun 24 22:20:25 2015 us=592205   pkcs11_protected_authentication = DISABLED
Wed Jun 24 22:20:25 2015 us=592258   pkcs11_private_mode = 00000000
Wed Jun 24 22:20:25 2015 us=592311   pkcs11_private_mode = 00000000
Wed Jun 24 22:20:25 2015 us=592363   pkcs11_private_mode = 00000000
Wed Jun 24 22:20:25 2015 us=592467   pkcs11_private_mode = 00000000
Wed Jun 24 22:20:25 2015 us=592524   pkcs11_private_mode = 00000000
Wed Jun 24 22:20:25 2015 us=592581   pkcs11_private_mode = 00000000
Wed Jun 24 22:20:25 2015 us=592635   pkcs11_private_mode = 00000000
Wed Jun 24 22:20:25 2015 us=592687   pkcs11_private_mode = 00000000
Wed Jun 24 22:20:25 2015 us=592726   pkcs11_private_mode = 00000000
Wed Jun 24 22:20:25 2015 us=592764   pkcs11_private_mode = 00000000
Wed Jun 24 22:20:25 2015 us=592802   pkcs11_private_mode = 00000000
Wed Jun 24 22:20:25 2015 us=592839   pkcs11_private_mode = 00000000
Wed Jun 24 22:20:25 2015 us=592876   pkcs11_private_mode = 00000000
Wed Jun 24 22:20:25 2015 us=592913   pkcs11_private_mode = 00000000
Wed Jun 24 22:20:25 2015 us=592951   pkcs11_private_mode = 00000000
Wed Jun 24 22:20:25 2015 us=592987   pkcs11_private_mode = 00000000
Wed Jun 24 22:20:25 2015 us=593024   pkcs11_cert_private = DISABLED
Wed Jun 24 22:20:25 2015 us=593061   pkcs11_cert_private = DISABLED
Wed Jun 24 22:20:25 2015 us=593097   pkcs11_cert_private = DISABLED
Wed Jun 24 22:20:25 2015 us=593134   pkcs11_cert_private = DISABLED
Wed Jun 24 22:20:25 2015 us=593182   pkcs11_cert_private = DISABLED
Wed Jun 24 22:20:25 2015 us=593224   pkcs11_cert_private = DISABLED
Wed Jun 24 22:20:25 2015 us=593261   pkcs11_cert_private = DISABLED
Wed Jun 24 22:20:25 2015 us=593297   pkcs11_cert_private = DISABLED
Wed Jun 24 22:20:25 2015 us=593334   pkcs11_cert_private = DISABLED
Wed Jun 24 22:20:25 2015 us=593421   pkcs11_cert_private = DISABLED
Wed Jun 24 22:20:25 2015 us=593463   pkcs11_cert_private = DISABLED
Wed Jun 24 22:20:25 2015 us=593500   pkcs11_cert_private = DISABLED
Wed Jun 24 22:20:25 2015 us=593537   pkcs11_cert_private = DISABLED
Wed Jun 24 22:20:25 2015 us=593573   pkcs11_cert_private = DISABLED
Wed Jun 24 22:20:25 2015 us=593610   pkcs11_cert_private = DISABLED
Wed Jun 24 22:20:25 2015 us=593646   pkcs11_cert_private = DISABLED
Wed Jun 24 22:20:25 2015 us=593685   pkcs11_pin_cache_period = -1
Wed Jun 24 22:20:25 2015 us=593723   pkcs11_id = '[UNDEF]'
Wed Jun 24 22:20:25 2015 us=593760   pkcs11_id_management = DISABLED
Wed Jun 24 22:20:25 2015 us=593812   server_network = 10.8.0.0
Wed Jun 24 22:20:25 2015 us=593854   server_netmask = 255.255.255.0
Wed Jun 24 22:20:25 2015 us=593896   server_network_ipv6 = ::
Wed Jun 24 22:20:25 2015 us=593934   server_netbits_ipv6 = 0
Wed Jun 24 22:20:25 2015 us=593975   server_bridge_ip = 0.0.0.0
Wed Jun 24 22:20:25 2015 us=594015   server_bridge_netmask = 0.0.0.0
Wed Jun 24 22:20:25 2015 us=594055   server_bridge_pool_start = 0.0.0.0
Wed Jun 24 22:20:25 2015 us=594096   server_bridge_pool_end = 0.0.0.0
Wed Jun 24 22:20:25 2015 us=594134   push_entry = 'redirect-gateway def1 bypass-dhcp'
Wed Jun 24 22:20:25 2015 us=594171   push_entry = 'dhcp-option DNS 10.8.0.1'
Wed Jun 24 22:20:25 2015 us=594208   push_entry = 'route 10.8.0.1'
Wed Jun 24 22:20:25 2015 us=594245   push_entry = 'topology net30'
Wed Jun 24 22:20:25 2015 us=594282   push_entry = 'ping 10'
Wed Jun 24 22:20:25 2015 us=594318   push_entry = 'ping-restart 120'
Wed Jun 24 22:20:25 2015 us=594355   ifconfig_pool_defined = ENABLED
Wed Jun 24 22:20:25 2015 us=594396   ifconfig_pool_start = 10.8.0.4
Wed Jun 24 22:20:25 2015 us=594436   ifconfig_pool_end = 10.8.0.251
Wed Jun 24 22:20:25 2015 us=594476   ifconfig_pool_netmask = 0.0.0.0
Wed Jun 24 22:20:25 2015 us=594513   ifconfig_pool_persist_filename = 'ipp.txt'
Wed Jun 24 22:20:25 2015 us=594551   ifconfig_pool_persist_refresh_freq = 600
Wed Jun 24 22:20:25 2015 us=594588   ifconfig_ipv6_pool_defined = DISABLED
Wed Jun 24 22:20:25 2015 us=594628   ifconfig_ipv6_pool_base = ::
Wed Jun 24 22:20:25 2015 us=594665   ifconfig_ipv6_pool_netbits = 0
Wed Jun 24 22:20:25 2015 us=594702   n_bcast_buf = 256
Wed Jun 24 22:20:25 2015 us=594739   tcp_queue_limit = 64
Wed Jun 24 22:20:25 2015 us=594775   real_hash_size = 256
Wed Jun 24 22:20:25 2015 us=594811   virtual_hash_size = 256
Wed Jun 24 22:20:25 2015 us=594848   client_connect_script = '[UNDEF]'
Wed Jun 24 22:20:25 2015 us=594913   learn_address_script = '[UNDEF]'
Wed Jun 24 22:20:25 2015 us=594952   client_disconnect_script = '[UNDEF]'
Wed Jun 24 22:20:25 2015 us=594989   client_config_dir = '[UNDEF]'
Wed Jun 24 22:20:25 2015 us=595026   ccd_exclusive = DISABLED
Wed Jun 24 22:20:25 2015 us=595063   tmp_dir = '/tmp'
Wed Jun 24 22:20:25 2015 us=595099   push_ifconfig_defined = DISABLED
Wed Jun 24 22:20:25 2015 us=595140   push_ifconfig_local = 0.0.0.0
Wed Jun 24 22:20:25 2015 us=595190   push_ifconfig_remote_netmask = 0.0.0.0
Wed Jun 24 22:20:25 2015 us=595240   push_ifconfig_ipv6_defined = DISABLED
Wed Jun 24 22:20:25 2015 us=595292   push_ifconfig_ipv6_local = ::/0
Wed Jun 24 22:20:25 2015 us=595342   push_ifconfig_ipv6_remote = ::
Wed Jun 24 22:20:25 2015 us=595381   enable_c2c = DISABLED
Wed Jun 24 22:20:25 2015 us=595418   duplicate_cn = DISABLED
Wed Jun 24 22:20:25 2015 us=595454   cf_max = 0
Wed Jun 24 22:20:25 2015 us=595491   cf_per = 0
Wed Jun 24 22:20:25 2015 us=595527   max_clients = 1024
Wed Jun 24 22:20:25 2015 us=595564   max_routes_per_client = 256
Wed Jun 24 22:20:25 2015 us=595601   auth_user_pass_verify_script = '[UNDEF]'
Wed Jun 24 22:20:25 2015 us=595638   auth_user_pass_verify_script_via_file = DISABLED
Wed Jun 24 22:20:25 2015 us=595675   port_share_host = '[UNDEF]'
Wed Jun 24 22:20:25 2015 us=595712   port_share_port = 0
Wed Jun 24 22:20:25 2015 us=595748   client = DISABLED
Wed Jun 24 22:20:25 2015 us=595784   pull = DISABLED
Wed Jun 24 22:20:25 2015 us=595821   auth_user_pass_file = '[UNDEF]'
Wed Jun 24 22:20:25 2015 us=595861 OpenVPN 2.3.4 i586-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Dec  1 2014
Wed Jun 24 22:20:25 2015 us=595925 library versions: OpenSSL 1.0.2a 19 Mar 2015, LZO 2.08
Wed Jun 24 22:20:28 2015 us=515042 Diffie-Hellman initialized with 4096 bit key
Wed Jun 24 22:20:29 2015 us=308317 WARNING: file 'server.key' is group or others accessible
Wed Jun 24 22:20:29 2015 us=316140 WARNING: file 'ta.key' is group or others accessible
Wed Jun 24 22:20:29 2015 us=316238 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
Wed Jun 24 22:20:29 2015 us=316345 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Wed Jun 24 22:20:29 2015 us=316420 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Wed Jun 24 22:20:29 2015 us=316492 TLS-Auth MTU parms [ L:1602 D:210 EF:110 EB:0 ET:0 EL:0 ]
Wed Jun 24 22:20:29 2015 us=316598 Socket Buffers: R=[163840->131072] S=[163840->131072]
Wed Jun 24 22:20:29 2015 us=316992 ROUTE: default_gateway=UNDEF
Wed Jun 24 22:20:29 2015 us=353478 TUN/TAP device tun0 opened
Wed Jun 24 22:20:29 2015 us=353608 TUN/TAP TX queue length set to 100
Wed Jun 24 22:20:29 2015 us=353686 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Wed Jun 24 22:20:29 2015 us=353786 /sbin/ip link set dev tun0 up mtu 1500
Wed Jun 24 22:20:29 2015 us=371747 /sbin/ip addr add dev tun0 local 10.8.0.1 peer 10.8.0.2
Wed Jun 24 22:20:29 2015 us=394135 /sbin/ip route add 10.8.0.0/24 via 10.8.0.2
Wed Jun 24 22:20:29 2015 us=403418 Data Channel MTU parms [ L:1602 D:1450 EF:102 EB:135 ET:0 EL:0 AF:3/1 ]
Wed Jun 24 22:20:29 2015 us=413909 GID set to nogroup
Wed Jun 24 22:20:29 2015 us=414077 UID set to nobody
Wed Jun 24 22:20:29 2015 us=414153 UDPv4 link local (bound): [undef]
Wed Jun 24 22:20:29 2015 us=414207 UDPv4 link remote: [undef]
Wed Jun 24 22:20:29 2015 us=414281 MULTI: multi_init called, r=256 v=256
Wed Jun 24 22:20:29 2015 us=414484 IFCONFIG POOL: base=10.8.0.4 size=62, ipv6=0
Wed Jun 24 22:20:29 2015 us=414567 IFCONFIG POOL LIST
Wed Jun 24 22:20:29 2015 us=414677 Initialization Sequence Completed
Wed Jun 24 22:21:22 2015 us=818232 MULTI: multi_create_instance called
Wed Jun 24 22:21:22 2015 us=818544 192.168.1.76:51672 Re-using SSL/TLS context
Wed Jun 24 22:21:22 2015 us=818753 192.168.1.76:51672 LZO compression initialized
Wed Jun 24 22:21:22 2015 us=819427 192.168.1.76:51672 Control Channel MTU parms [ L:1602 D:210 EF:110 EB:0 ET:0 EL:0 ]
Wed Jun 24 22:21:22 2015 us=819647 192.168.1.76:51672 Data Channel MTU parms [ L:1602 D:1450 EF:102 EB:135 ET:0 EL:0 AF:3/1 ]
Wed Jun 24 22:21:22 2015 us=819934 192.168.1.76:51672 Local Options String: 'V4,dev-type tun,link-mtu 1602,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-server'
Wed Jun 24 22:21:22 2015 us=820038 192.168.1.76:51672 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1602,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-client'
Wed Jun 24 22:21:22 2015 us=820217 192.168.1.76:51672 Local Options hash (VER=V4): '14d315e7'
Wed Jun 24 22:21:22 2015 us=820362 192.168.1.76:51672 Expected Remote Options hash (VER=V4): 'a5d50645'
RWed Jun 24 22:21:22 2015 us=820608 192.168.1.76:51672 TLS: Initial packet from [AF_INET]192.168.1.76:51672, sid=7f12217e aee0ffa7
<..>
Wed Jun 24 22:21:24 2015 us=711778 192.168.1.76:51672 VERIFY OK: depth=1, C=US, ST=AK, L=Juneau, O=temp.net, OU=temp_vpn, CN=temp.net CA, name=server, emailAddress=admin@temp.net
Wed Jun 24 22:21:24 2015 us=718702 192.168.1.76:51672 Validating certificate extended key usage
Wed Jun 24 22:21:24 2015 us=718781 192.168.1.76:51672 ++ Certificate has EKU (str) TLS Web Client Authentication, expects TLS Web Server Authentication
Wed Jun 24 22:21:24 2015 us=718828 192.168.1.76:51672 ++ Certificate has EKU (oid) 1.3.6.1.5.5.7.3.2, expects TLS Web Server Authentication
Wed Jun 24 22:21:24 2015 us=718866 192.168.1.76:51672 VERIFY EKU ERROR
Wed Jun 24 22:21:24 2015 us=719134 192.168.1.76:51672 TLS_ERROR: BIO read tls_read_plaintext error: error:14089086:SSL routines:ssl3_get_client_certificate:certificate verify failed
Wed Jun 24 22:21:24 2015 us=719179 192.168.1.76:51672 TLS Error: TLS object -> incoming plaintext read error
Wed Jun 24 22:21:24 2015 us=719218 192.168.1.76:51672 TLS Error: TLS handshake failed
Wed Jun 24 22:21:24 2015 us=719440 192.168.1.76:51672 SIGUSR1[soft,tls-error] received, client-instance restarting
Wed Jun 24 22:22:24 2015 us=749786 MULTI: multi_create_instance called
Wed Jun 24 22:22:24 2015 us=750133 192.168.1.76:58437 Re-using SSL/TLS context
Wed Jun 24 22:22:24 2015 us=750289 192.168.1.76:58437 LZO compression initialized
Wed Jun 24 22:22:24 2015 us=750711 192.168.1.76:58437 Control Channel MTU parms [ L:1602 D:210 EF:110 EB:0 ET:0 EL:0 ]
Wed Jun 24 22:22:24 2015 us=750827 192.168.1.76:58437 Data Channel MTU parms [ L:1602 D:1450 EF:102 EB:135 ET:0 EL:0 AF:3/1 ]
Wed Jun 24 22:22:24 2015 us=751031 192.168.1.76:58437 Local Options String: 'V4,dev-type tun,link-mtu 1602,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-server'
Wed Jun 24 22:22:24 2015 us=751109 192.168.1.76:58437 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1602,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-client'
Wed Jun 24 22:22:24 2015 us=751237 192.168.1.76:58437 Local Options hash (VER=V4): '14d315e7'
Wed Jun 24 22:22:24 2015 us=751356 192.168.1.76:58437 Expected Remote Options hash (VER=V4): 'a5d50645'
RWed Jun 24 22:22:24 2015 us=751573 192.168.1.76:58437 TLS: Initial packet from [AF_INET]192.168.1.76:58437, sid=40ed8203 911e7575
WRRWRWWWWWWWWWWWWWWWWWWWWWed Jun 24 22:23:24 2015 us=178407 192.168.1.76:58437 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Jun 24 22:23:24 2015 us=178566 192.168.1.76:58437 TLS Error: TLS handshake failed
Wed Jun 24 22:23:24 2015 us=178910 192.168.1.76:58437 SIGUSR1[soft,tls-error] received, client-instance restarting

[Traffic]

Server config
Code:
#################################################
# Sample OpenVPN 2.0 config file for #
# multi-client server. #
# #
# This file is for the server side #
# of a many-clients <-> one-server #
# OpenVPN configuration. #
# #
# OpenVPN also supports #
# single-machine <-> single-machine #
# configurations (See the Examples page #
# on the web site for more info). #
# #
# This config should work on Windows #
# or Linux/BSD systems. Remember on #
# Windows to quote pathnames and use #
# double backslashes, e.g.: #
# "C:\\Program Files\\OpenVPN\\config\\foo.key" #
# #
# Comments are preceded with '#' or ';' #
#################################################

# Which local IP address should OpenVPN
# listen on? (optional)
;local a.b.c.d

# Which TCP/UDP port should OpenVPN listen on?
# If you want to run multiple OpenVPN instances
# on the same machine, use a different port
# number for each one. You will need to
# open up this port on your firewall.
port 1194

# TCP or UDP server?
;proto tcp
proto udp

# "dev tun" will create a routed IP tunnel,
# "dev tap" will create an ethernet tunnel.
# Use "dev tap0" if you are ethernet bridging
# and have precreated a tap0 virtual interface
# and bridged it with your ethernet interface.
# If you want to control access policies
# over the VPN, you must create firewall
# rules for the the TUN/TAP interface.
# On non-Windows systems, you can give
# an explicit unit number, such as tun0.
# On Windows, use "dev-node" for this.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
;dev tap
dev tun

# Windows needs the TAP-Win32 adapter name
# from the Network Connections panel if you
# have more than one. On XP SP2 or higher,
# you may need to selectively disable the
# Windows firewall for the TAP adapter.
# Non-Windows systems usually don't need this.
;dev-node MyTap

##Minimum tls version
tls-version-min 1.2

# SSL/TLS root certificate (ca), certificate
# (cert), and private key (key). Each client
# and the server must have their own cert and
# key file. The server and all clients will
# use the same ca file.
#
# See the "easy-rsa" directory for a series
# of scripts for generating RSA certificates
# and private keys. Remember to use
# a unique Common Name for the server
# and each of the client certificates.
#
# Any X509 key management system can be used.
# OpenVPN can also use a PKCS #12 formatted key file
# (see "pkcs12" directive in man page).
ca ca.crt
cert server.crt
key server.key # This file should be kept secret

##Remote certification tls web server authentication
# remote-cert-eku "TLS Web Server Authentication"

# Diffie hellman parameters.
# Generate your own with:
# openssl dhparam -out dh1024.pem 1024
# Substitute 2048 for 1024 if you are using
# 2048 bit keys.
dh dh4096.pem

# Configure server mode and supply a VPN subnet
# for OpenVPN to draw client addresses from.
# The server will take 10.8.0.1 for itself,
# the rest will be made available to clients.
# Each client will be able to reach the server
# on 10.8.0.1. Comment this line out if you are
# ethernet bridging. See the man page for more info.
server 10.8.0.0 255.255.255.0

# Maintain a record of client <-> virtual IP address
# associations in this file. If OpenVPN goes down or
# is restarted, reconnecting clients can be assigned
# the same virtual IP address from the pool that was
# previously assigned.
ifconfig-pool-persist ipp.txt

# Configure server mode for ethernet bridging.
# You must first use your OS's bridging capability
# to bridge the TAP interface with the ethernet
# NIC interface. Then you must manually set the
# IP/netmask on the bridge interface, here we
# assume 10.8.0.4/255.255.255.0. Finally we
# must set aside an IP range in this subnet
# (start=10.8.0.50 end=10.8.0.100) to allocate
# to connecting clients. Leave this line commented
# out unless you are ethernet bridging.
;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100

# Configure server mode for ethernet bridging
# using a DHCP-proxy, where clients talk
# to the OpenVPN server-side DHCP server
# to receive their IP address allocation
# and DNS server addresses. You must first use
# your OS's bridging capability to bridge the TAP
# interface with the ethernet NIC interface.
# Note: this mode only works on clients (such as
# Windows), where the client-side TAP adapter is
# bound to a DHCP client.
;server-bridge

# Push routes to the client to allow it
# to reach other private subnets behind
# the server. Remember that these
# private subnets will also need
# to know to route the OpenVPN client
# address pool (10.8.0.0/255.255.255.0)
# back to the OpenVPN server.
;push "route 192.168.10.0 255.255.255.0"
;push "route 192.168.20.0 255.255.255.0"

# To assign specific IP addresses to specific
# clients or if a connecting client has a private
# subnet behind it that should also have VPN access,
# use the subdirectory "ccd" for client-specific
# configuration files (see man page for more info).

# EXAMPLE: Suppose the client
# having the certificate common name "Thelonious"
# also has a small subnet behind his connecting
# machine, such as 192.168.40.128/255.255.255.248.
# First, uncomment out these lines:
;client-config-dir ccd
;route 192.168.40.128 255.255.255.248
# Then create a file ccd/Thelonious with this line:
# iroute 192.168.40.128 255.255.255.248
# This will allow Thelonious' private subnet to
# access the VPN. This example will only work
# if you are routing, not bridging, i.e. you are
# using "dev tun" and "server" directives.

# EXAMPLE: Suppose you want to give
# Thelonious a fixed VPN IP address of 10.9.0.1.
# First uncomment out these lines:
;client-config-dir ccd
;route 10.9.0.0 255.255.255.252
# Then add this line to ccd/Thelonious:
# ifconfig-push 10.9.0.1 10.9.0.2

# Suppose that you want to enable different
# firewall access policies for different groups
# of clients. There are two methods:
# (1) Run multiple OpenVPN daemons, one for each
# group, and firewall the TUN/TAP interface
# for each group/daemon appropriately.
# (2) (Advanced) Create a script to dynamically
# modify the firewall in response to access
# from different clients. See man
# page for more info on learn-address script.
;learn-address ./script

# If enabled, this directive will configure
# all clients to redirect their default
# network gateway through the VPN, causing
# all IP traffic such as web browsing and
# and DNS lookups to go through the VPN
# (The OpenVPN server machine may need to NAT
# or bridge the TUN/TAP interface to the internet
# in order for this to work properly).
push "redirect-gateway def1 bypass-dhcp"

# Certain Windows-specific network settings
# can be pushed to clients, such as DNS
# or WINS server addresses. CAVEAT:
# http://openvpn.net/faq.html#dhcpcaveats
# The addresses below refer to the public
# DNS servers provided by opendns.com.
push "dhcp-option DNS 10.8.0.1"
;push "dhcp-option DNS 208.67.220.220"

# Uncomment this directive to allow different
# clients to be able to "see" each other.
# By default, clients will only see the server.
# To force clients to only see the server, you
# will also need to appropriately firewall the
# server's TUN/TAP interface.
;client-to-client

# Uncomment this directive if multiple clients
# might connect with the same certificate/key
# files or common names. This is recommended
# only for testing purposes. For production use,
# each client should have its own certificate/key
# pair.
#
# IF YOU HAVE NOT GENERATED INDIVIDUAL
# CERTIFICATE/KEY PAIRS FOR EACH CLIENT,
# EACH HAVING ITS OWN UNIQUE "COMMON NAME",
# UNCOMMENT THIS LINE OUT.
;duplicate-cn

# The keepalive directive causes ping-like
# messages to be sent back and forth over
# the link so that each side knows when
# the other side has gone down.
# Ping every 10 seconds, assume that remote
# peer is down if no ping received during
# a 120 second time period.
keepalive 10 120

##sha2 authorization
auth SHA512

##supported ciphers
tls-cipher TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256

##tls server
tls-server

##hand-window
;hand-window 120

##tls timeout
;tls-timeout=240

# For extra security beyond that provided
# by SSL/TLS, create an "HMAC firewall"
# to help block DoS attacks and UDP port flooding.
#
# Generate with:
# openvpn --genkey --secret ta.key
#
# The server and each client must have
# a copy of this key.
# The second parameter should be '0'
# on the server and '1' on the clients.
tls-auth ta.key 0 # This file is secret

# Select a cryptographic cipher.
# This config item must be copied to
# the client config file as well.
;cipher BF-CBC # Blowfish (default)
cipher AES-256-CBC # AES
;cipher DES-EDE3-CBC # Triple-DES

# Enable compression on the VPN link.
# If you enable it here, you must also
# enable it in the client config file.
comp-lzo

# The maximum number of concurrently connected
# clients we want to allow.
;max-clients 100

# It's a good idea to reduce the OpenVPN
# daemon's privileges after initialization.
#
# You can uncomment this out on
# non-Windows systems.
user nobody
group nogroup

# The persist options will try to avoid
# accessing certain resources on restart
# that may no longer be accessible because
# of the privilege downgrade.
persist-key
persist-tun

# Output a short status file showing
# current connections, truncated
# and rewritten every minute.
status openvpn-status.log

# By default, log messages will go to the syslog (or
# on Windows, if running as a service, they will go to
# the "\Program Files\OpenVPN\log" directory).
# Use log or log-append to override this default.
# "log" will truncate the log file on OpenVPN startup,
# while "log-append" will append to it. Use one
# or the other (but not both).
;log openvpn.log
;log-append openvpn.log

# Set the appropriate level of log
# file verbosity.
#
# 0 is silent, except for fatal errors
# 4 is reasonable for general usage
# 5 and 6 can help to debug connection problems
# 9 is extremely verbose
verb 5

# Silence repeating messages. At most 20
# sequential messages of the same message
# category will be output to the log.
;mute 20

try this ...

[shamil]

I see what you did there. I saw my mistake and changed the server to have "TLS Web Client Authentication". Among correcting that, i still left that commented out including web authentication on the client, since i really don't believe that to be a quick fix to my problem. Also on this revelation, I completely got rid of "ns-cert-type server" since i'm not using ns.

New logs with tls web authentication disabled and no trace of ns.

Client log

Code: Select all

Mon Jun 29 18:13:34 2015 us=74353 Current Parameter Settings:
Mon Jun 29 18:13:34 2015 us=74353   config = 'temp_vpn.ovpn'
Mon Jun 29 18:13:34 2015 us=74353   mode = 0
Mon Jun 29 18:13:34 2015 us=74353   show_ciphers = DISABLED
Mon Jun 29 18:13:34 2015 us=74353   show_digests = DISABLED
Mon Jun 29 18:13:34 2015 us=74353   show_engines = DISABLED
Mon Jun 29 18:13:34 2015 us=74353   genkey = DISABLED
Mon Jun 29 18:13:34 2015 us=74353   key_pass_file = '[UNDEF]'
Mon Jun 29 18:13:34 2015 us=74353   show_tls_ciphers = DISABLED
Mon Jun 29 18:13:34 2015 us=74353 Connection profiles [default]:
Mon Jun 29 18:13:34 2015 us=74353   proto = udp
Mon Jun 29 18:13:34 2015 us=74353   local = '[UNDEF]'
Mon Jun 29 18:13:34 2015 us=74353   local_port = 1194
Mon Jun 29 18:13:34 2015 us=74353   remote = 'temp-server'
Mon Jun 29 18:13:34 2015 us=74353   remote_port = 1194
Mon Jun 29 18:13:34 2015 us=74353   remote_float = DISABLED
Mon Jun 29 18:13:34 2015 us=74353   bind_defined = DISABLED
Mon Jun 29 18:13:34 2015 us=74353   bind_local = ENABLED
Mon Jun 29 18:13:34 2015 us=74353   connect_retry_seconds = 5
Mon Jun 29 18:13:34 2015 us=74353   connect_timeout = 10
Mon Jun 29 18:13:34 2015 us=74353   connect_retry_max = 0
Mon Jun 29 18:13:34 2015 us=74353   socks_proxy_server = '[UNDEF]'
Mon Jun 29 18:13:34 2015 us=74353   socks_proxy_port = 0
Mon Jun 29 18:13:34 2015 us=74353   socks_proxy_retry = DISABLED
Mon Jun 29 18:13:34 2015 us=74353   tun_mtu = 1500
Mon Jun 29 18:13:34 2015 us=74353   tun_mtu_defined = ENABLED
Mon Jun 29 18:13:34 2015 us=74353   link_mtu = 1500
Mon Jun 29 18:13:34 2015 us=74353   link_mtu_defined = DISABLED
Mon Jun 29 18:13:34 2015 us=74353   tun_mtu_extra = 0
Mon Jun 29 18:13:34 2015 us=74353   tun_mtu_extra_defined = DISABLED
Mon Jun 29 18:13:34 2015 us=74353   mtu_discover_type = -1
Mon Jun 29 18:13:34 2015 us=74353   fragment = 0
Mon Jun 29 18:13:34 2015 us=74353   mssfix = 1450
Mon Jun 29 18:13:34 2015 us=74353   explicit_exit_notification = 0
Mon Jun 29 18:13:34 2015 us=74353 Connection profiles END
Mon Jun 29 18:13:34 2015 us=74353   remote_random = DISABLED
Mon Jun 29 18:13:34 2015 us=74353   ipchange = '[UNDEF]'
Mon Jun 29 18:13:34 2015 us=74353   dev = 'tun'
Mon Jun 29 18:13:34 2015 us=74353   dev_type = '[UNDEF]'
Mon Jun 29 18:13:34 2015 us=74353   dev_node = '[UNDEF]'
Mon Jun 29 18:13:34 2015 us=74353   lladdr = '[UNDEF]'
Mon Jun 29 18:13:34 2015 us=74353   topology = 1
Mon Jun 29 18:13:34 2015 us=74353   tun_ipv6 = DISABLED
Mon Jun 29 18:13:34 2015 us=74353   ifconfig_local = '[UNDEF]'
Mon Jun 29 18:13:34 2015 us=74353   ifconfig_remote_netmask = '[UNDEF]'
Mon Jun 29 18:13:34 2015 us=74353   ifconfig_noexec = DISABLED
Mon Jun 29 18:13:34 2015 us=74353   ifconfig_nowarn = DISABLED
Mon Jun 29 18:13:34 2015 us=74353   ifconfig_ipv6_local = '[UNDEF]'
Mon Jun 29 18:13:34 2015 us=74353   ifconfig_ipv6_netbits = 0
Mon Jun 29 18:13:34 2015 us=74353   ifconfig_ipv6_remote = '[UNDEF]'
Mon Jun 29 18:13:34 2015 us=74353   shaper = 0
Mon Jun 29 18:13:34 2015 us=74353   mtu_test = 0
Mon Jun 29 18:13:34 2015 us=74353   mlock = DISABLED
Mon Jun 29 18:13:34 2015 us=74353   keepalive_ping = 0
Mon Jun 29 18:13:34 2015 us=74353   keepalive_timeout = 0
Mon Jun 29 18:13:34 2015 us=74353   inactivity_timeout = 0
Mon Jun 29 18:13:34 2015 us=74353   ping_send_timeout = 0
Mon Jun 29 18:13:34 2015 us=74353   ping_rec_timeout = 0
Mon Jun 29 18:13:34 2015 us=74353   ping_rec_timeout_action = 0
Mon Jun 29 18:13:34 2015 us=74353   ping_timer_remote = DISABLED
Mon Jun 29 18:13:34 2015 us=74353   remap_sigusr1 = 0
Mon Jun 29 18:13:34 2015 us=74353   persist_tun = ENABLED
Mon Jun 29 18:13:34 2015 us=74353   persist_local_ip = DISABLED
Mon Jun 29 18:13:34 2015 us=74353   persist_remote_ip = DISABLED
Mon Jun 29 18:13:34 2015 us=74353   persist_key = ENABLED
Mon Jun 29 18:13:34 2015 us=74353   passtos = DISABLED
Mon Jun 29 18:13:34 2015 us=74353   resolve_retry_seconds = 1000000000
Mon Jun 29 18:13:34 2015 us=74353   username = '[UNDEF]'
Mon Jun 29 18:13:34 2015 us=74353   groupname = '[UNDEF]'
Mon Jun 29 18:13:34 2015 us=74353   chroot_dir = '[UNDEF]'
Mon Jun 29 18:13:34 2015 us=74353   cd_dir = '[UNDEF]'
Mon Jun 29 18:13:34 2015 us=74353   writepid = '[UNDEF]'
Mon Jun 29 18:13:34 2015 us=74353   up_script = '[UNDEF]'
Mon Jun 29 18:13:34 2015 us=74353   down_script = '[UNDEF]'
Mon Jun 29 18:13:34 2015 us=74353   down_pre = DISABLED
Mon Jun 29 18:13:34 2015 us=74353   up_restart = DISABLED
Mon Jun 29 18:13:34 2015 us=74353   up_delay = DISABLED
Mon Jun 29 18:13:34 2015 us=74353   daemon = DISABLED
Mon Jun 29 18:13:34 2015 us=74353   inetd = 0
Mon Jun 29 18:13:34 2015 us=74353   log = ENABLED
Mon Jun 29 18:13:34 2015 us=74353   suppress_timestamps = DISABLED
Mon Jun 29 18:13:34 2015 us=74353   nice = 0
Mon Jun 29 18:13:34 2015 us=74353   verbosity = 5
Mon Jun 29 18:13:34 2015 us=74353   mute = 0
Mon Jun 29 18:13:34 2015 us=74353   status_file = '[UNDEF]'
Mon Jun 29 18:13:34 2015 us=74353   status_file_version = 1
Mon Jun 29 18:13:34 2015 us=74353   status_file_update_freq = 60
Mon Jun 29 18:13:34 2015 us=74353   occ = ENABLED
Mon Jun 29 18:13:34 2015 us=74353   rcvbuf = 0
Mon Jun 29 18:13:34 2015 us=74353   sndbuf = 0
Mon Jun 29 18:13:34 2015 us=74353   sockflags = 0
Mon Jun 29 18:13:34 2015 us=74353   fast_io = DISABLED
Mon Jun 29 18:13:34 2015 us=74353   lzo = 7
Mon Jun 29 18:13:34 2015 us=74353   route_script = '[UNDEF]'
Mon Jun 29 18:13:34 2015 us=74353   route_default_gateway = '[UNDEF]'
Mon Jun 29 18:13:34 2015 us=74353   route_default_metric = 0
Mon Jun 29 18:13:34 2015 us=74353   route_noexec = DISABLED
Mon Jun 29 18:13:34 2015 us=74353   route_delay = 5
Mon Jun 29 18:13:34 2015 us=74353   route_delay_window = 30
Mon Jun 29 18:13:34 2015 us=74353   route_delay_defined = ENABLED
Mon Jun 29 18:13:34 2015 us=74353   route_nopull = DISABLED
Mon Jun 29 18:13:34 2015 us=74353   route_gateway_via_dhcp = DISABLED
Mon Jun 29 18:13:34 2015 us=74353   max_routes = 100
Mon Jun 29 18:13:34 2015 us=74353   allow_pull_fqdn = DISABLED
Mon Jun 29 18:13:34 2015 us=74353   management_addr = '127.0.0.1'
Mon Jun 29 18:13:34 2015 us=74353   management_port = 25340
Mon Jun 29 18:13:34 2015 us=74353   management_user_pass = 'stdin'
Mon Jun 29 18:13:34 2015 us=74353   management_log_history_cache = 250
Mon Jun 29 18:13:34 2015 us=74353   management_echo_buffer_size = 100
Mon Jun 29 18:13:34 2015 us=74353   management_write_peer_info_file = '[UNDEF]'
Mon Jun 29 18:13:34 2015 us=74353   management_client_user = '[UNDEF]'
Mon Jun 29 18:13:34 2015 us=74353   management_client_group = '[UNDEF]'
Mon Jun 29 18:13:34 2015 us=74353   management_flags = 6
Mon Jun 29 18:13:34 2015 us=74353   shared_secret_file = '[UNDEF]'
Mon Jun 29 18:13:34 2015 us=74353   key_direction = 2
Mon Jun 29 18:13:34 2015 us=74353   ciphername_defined = ENABLED
Mon Jun 29 18:13:34 2015 us=74353   ciphername = 'AES-256-CBC'
Mon Jun 29 18:13:34 2015 us=74353   authname_defined = ENABLED
Mon Jun 29 18:13:34 2015 us=74353   authname = 'SHA512'
Mon Jun 29 18:13:34 2015 us=74353   prng_hash = 'SHA1'
Mon Jun 29 18:13:34 2015 us=74353   prng_nonce_secret_len = 16
Mon Jun 29 18:13:34 2015 us=74353   keysize = 0
Mon Jun 29 18:13:34 2015 us=74353   engine = DISABLED
Mon Jun 29 18:13:34 2015 us=74353   replay = ENABLED
Mon Jun 29 18:13:34 2015 us=74353   mute_replay_warnings = ENABLED
Mon Jun 29 18:13:34 2015 us=74353   replay_window = 64
Mon Jun 29 18:13:34 2015 us=74353   replay_time = 15
Mon Jun 29 18:13:34 2015 us=74353   packet_id_file = '[UNDEF]'
Mon Jun 29 18:13:34 2015 us=74353   use_iv = ENABLED
Mon Jun 29 18:13:34 2015 us=74353   test_crypto = DISABLED
Mon Jun 29 18:13:34 2015 us=74353   tls_server = DISABLED
Mon Jun 29 18:13:34 2015 us=74353   tls_client = ENABLED
Mon Jun 29 18:13:34 2015 us=74353   key_method = 2
Mon Jun 29 18:13:34 2015 us=74353   ca_file = 'ca.crt'
Mon Jun 29 18:13:34 2015 us=74353   ca_path = '[UNDEF]'
Mon Jun 29 18:13:34 2015 us=74353   dh_file = '[UNDEF]'
Mon Jun 29 18:13:34 2015 us=74353   cert_file = 'harcong.crt'
Mon Jun 29 18:13:34 2015 us=74353   priv_key_file = 'harcong.key'
Mon Jun 29 18:13:34 2015 us=74353   pkcs12_file = '[UNDEF]'
Mon Jun 29 18:13:34 2015 us=74353   cryptoapi_cert = '[UNDEF]'
Mon Jun 29 18:13:34 2015 us=75353   cipher_list = 'TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256'
Mon Jun 29 18:13:34 2015 us=75353   tls_verify = '[UNDEF]'
Mon Jun 29 18:13:34 2015 us=75353   tls_export_cert = '[UNDEF]'
Mon Jun 29 18:13:34 2015 us=75353   verify_x509_type = 0
Mon Jun 29 18:13:34 2015 us=75353   verify_x509_name = '[UNDEF]'
Mon Jun 29 18:13:34 2015 us=75353   crl_file = '[UNDEF]'
Mon Jun 29 18:13:34 2015 us=75353   ns_cert_type = 0
Mon Jun 29 18:13:34 2015 us=75353   remote_cert_ku[i] = 0
Mon Jun 29 18:13:34 2015 us=75353   remote_cert_ku[i] = 0
Mon Jun 29 18:13:34 2015 us=75353   remote_cert_ku[i] = 0
Mon Jun 29 18:13:34 2015 us=75353   remote_cert_ku[i] = 0
Mon Jun 29 18:13:34 2015 us=75353   remote_cert_ku[i] = 0
Mon Jun 29 18:13:34 2015 us=75353   remote_cert_ku[i] = 0
Mon Jun 29 18:13:34 2015 us=75353   remote_cert_ku[i] = 0
Mon Jun 29 18:13:34 2015 us=75353   remote_cert_ku[i] = 0
Mon Jun 29 18:13:34 2015 us=75353   remote_cert_ku[i] = 0
Mon Jun 29 18:13:34 2015 us=75353   remote_cert_ku[i] = 0
Mon Jun 29 18:13:34 2015 us=75353   remote_cert_ku[i] = 0
Mon Jun 29 18:13:34 2015 us=75353   remote_cert_ku[i] = 0
Mon Jun 29 18:13:34 2015 us=75353   remote_cert_ku[i] = 0
Mon Jun 29 18:13:34 2015 us=75353   remote_cert_ku[i] = 0
Mon Jun 29 18:13:34 2015 us=75353   remote_cert_ku[i] = 0
Mon Jun 29 18:13:34 2015 us=75353   remote_cert_ku[i] = 0
Mon Jun 29 18:13:34 2015 us=75353   remote_cert_eku = '[UNDEF]'
Mon Jun 29 18:13:34 2015 us=75353   ssl_flags = 192
Mon Jun 29 18:13:34 2015 us=75353   tls_timeout = 2
Mon Jun 29 18:13:34 2015 us=75353   renegotiate_bytes = 0
Mon Jun 29 18:13:34 2015 us=75353   renegotiate_packets = 0
Mon Jun 29 18:13:34 2015 us=75353   renegotiate_seconds = 3600
Mon Jun 29 18:13:34 2015 us=75353   handshake_window = 60
Mon Jun 29 18:13:34 2015 us=75353   transition_window = 3600
Mon Jun 29 18:13:34 2015 us=75353   single_session = DISABLED
Mon Jun 29 18:13:34 2015 us=75353   push_peer_info = DISABLED
Mon Jun 29 18:13:34 2015 us=75353   tls_exit = DISABLED
Mon Jun 29 18:13:34 2015 us=75353   tls_auth_file = 'ta.key'
Mon Jun 29 18:13:34 2015 us=75353   pkcs11_protected_authentication = DISABLED
Mon Jun 29 18:13:34 2015 us=75353   pkcs11_protected_authentication = DISABLED
Mon Jun 29 18:13:34 2015 us=75353   pkcs11_protected_authentication = DISABLED
Mon Jun 29 18:13:34 2015 us=75353   pkcs11_protected_authentication = DISABLED
Mon Jun 29 18:13:34 2015 us=75353   pkcs11_protected_authentication = DISABLED
Mon Jun 29 18:13:34 2015 us=75353   pkcs11_protected_authentication = DISABLED
Mon Jun 29 18:13:34 2015 us=75353   pkcs11_protected_authentication = DISABLED
Mon Jun 29 18:13:34 2015 us=75353   pkcs11_protected_authentication = DISABLED
Mon Jun 29 18:13:34 2015 us=75353   pkcs11_protected_authentication = DISABLED
Mon Jun 29 18:13:34 2015 us=75353   pkcs11_protected_authentication = DISABLED
Mon Jun 29 18:13:34 2015 us=75353   pkcs11_protected_authentication = DISABLED
Mon Jun 29 18:13:34 2015 us=75353   pkcs11_protected_authentication = DISABLED
Mon Jun 29 18:13:34 2015 us=75353   pkcs11_protected_authentication = DISABLED
Mon Jun 29 18:13:34 2015 us=75353   pkcs11_protected_authentication = DISABLED
Mon Jun 29 18:13:34 2015 us=75353   pkcs11_protected_authentication = DISABLED
Mon Jun 29 18:13:34 2015 us=75353   pkcs11_protected_authentication = DISABLED
Mon Jun 29 18:13:34 2015 us=75353   pkcs11_private_mode = 00000000
Mon Jun 29 18:13:34 2015 us=75353   pkcs11_private_mode = 00000000
Mon Jun 29 18:13:34 2015 us=75353   pkcs11_private_mode = 00000000
Mon Jun 29 18:13:34 2015 us=75353   pkcs11_private_mode = 00000000
Mon Jun 29 18:13:34 2015 us=75353   pkcs11_private_mode = 00000000
Mon Jun 29 18:13:34 2015 us=75353   pkcs11_private_mode = 00000000
Mon Jun 29 18:13:34 2015 us=75353   pkcs11_private_mode = 00000000
Mon Jun 29 18:13:34 2015 us=75353   pkcs11_private_mode = 00000000
Mon Jun 29 18:13:34 2015 us=75353   pkcs11_private_mode = 00000000
Mon Jun 29 18:13:34 2015 us=75353   pkcs11_private_mode = 00000000
Mon Jun 29 18:13:34 2015 us=75353   pkcs11_private_mode = 00000000
Mon Jun 29 18:13:34 2015 us=75353   pkcs11_private_mode = 00000000
Mon Jun 29 18:13:34 2015 us=75353   pkcs11_private_mode = 00000000
Mon Jun 29 18:13:34 2015 us=75353   pkcs11_private_mode = 00000000
Mon Jun 29 18:13:34 2015 us=75353   pkcs11_private_mode = 00000000
Mon Jun 29 18:13:34 2015 us=75353   pkcs11_private_mode = 00000000
Mon Jun 29 18:13:34 2015 us=75353   pkcs11_cert_private = DISABLED
Mon Jun 29 18:13:34 2015 us=75353   pkcs11_cert_private = DISABLED
Mon Jun 29 18:13:34 2015 us=75353   pkcs11_cert_private = DISABLED
Mon Jun 29 18:13:34 2015 us=75353   pkcs11_cert_private = DISABLED
Mon Jun 29 18:13:34 2015 us=75353   pkcs11_cert_private = DISABLED
Mon Jun 29 18:13:34 2015 us=75353   pkcs11_cert_private = DISABLED
Mon Jun 29 18:13:34 2015 us=75353   pkcs11_cert_private = DISABLED
Mon Jun 29 18:13:34 2015 us=75353   pkcs11_cert_private = DISABLED
Mon Jun 29 18:13:34 2015 us=75353   pkcs11_cert_private = DISABLED
Mon Jun 29 18:13:34 2015 us=75353   pkcs11_cert_private = DISABLED
Mon Jun 29 18:13:34 2015 us=75353   pkcs11_cert_private = DISABLED
Mon Jun 29 18:13:34 2015 us=75353   pkcs11_cert_private = DISABLED
Mon Jun 29 18:13:34 2015 us=75353   pkcs11_cert_private = DISABLED
Mon Jun 29 18:13:34 2015 us=75353   pkcs11_cert_private = DISABLED
Mon Jun 29 18:13:34 2015 us=75353   pkcs11_cert_private = DISABLED
Mon Jun 29 18:13:34 2015 us=75353   pkcs11_cert_private = DISABLED
Mon Jun 29 18:13:34 2015 us=75353   pkcs11_pin_cache_period = -1
Mon Jun 29 18:13:34 2015 us=75353   pkcs11_id = '[UNDEF]'
Mon Jun 29 18:13:34 2015 us=75353   pkcs11_id_management = DISABLED
Mon Jun 29 18:13:34 2015 us=75353   server_network = 0.0.0.0
Mon Jun 29 18:13:34 2015 us=75353   server_netmask = 0.0.0.0
Mon Jun 29 18:13:34 2015 us=75353   server_network_ipv6 = ::
Mon Jun 29 18:13:34 2015 us=75353   server_netbits_ipv6 = 0
Mon Jun 29 18:13:34 2015 us=75353   server_bridge_ip = 0.0.0.0
Mon Jun 29 18:13:34 2015 us=75353   server_bridge_netmask = 0.0.0.0
Mon Jun 29 18:13:34 2015 us=75353   server_bridge_pool_start = 0.0.0.0
Mon Jun 29 18:13:34 2015 us=75353   server_bridge_pool_end = 0.0.0.0
Mon Jun 29 18:13:34 2015 us=75353   ifconfig_pool_defined = DISABLED
Mon Jun 29 18:13:34 2015 us=75353   ifconfig_pool_start = 0.0.0.0
Mon Jun 29 18:13:34 2015 us=75353   ifconfig_pool_end = 0.0.0.0
Mon Jun 29 18:13:34 2015 us=75353   ifconfig_pool_netmask = 0.0.0.0
Mon Jun 29 18:13:34 2015 us=75353   ifconfig_pool_persist_filename = '[UNDEF]'
Mon Jun 29 18:13:34 2015 us=75353   ifconfig_pool_persist_refresh_freq = 600
Mon Jun 29 18:13:34 2015 us=75353   ifconfig_ipv6_pool_defined = DISABLED
Mon Jun 29 18:13:34 2015 us=75353   ifconfig_ipv6_pool_base = ::
Mon Jun 29 18:13:34 2015 us=75353   ifconfig_ipv6_pool_netbits = 0
Mon Jun 29 18:13:34 2015 us=75353   n_bcast_buf = 256
Mon Jun 29 18:13:34 2015 us=75353   tcp_queue_limit = 64
Mon Jun 29 18:13:34 2015 us=75353   real_hash_size = 256
Mon Jun 29 18:13:34 2015 us=75353   virtual_hash_size = 256
Mon Jun 29 18:13:34 2015 us=75353   client_connect_script = '[UNDEF]'
Mon Jun 29 18:13:34 2015 us=75353   learn_address_script = '[UNDEF]'
Mon Jun 29 18:13:34 2015 us=75353   client_disconnect_script = '[UNDEF]'
Mon Jun 29 18:13:34 2015 us=75353   client_config_dir = '[UNDEF]'
Mon Jun 29 18:13:34 2015 us=75353   ccd_exclusive = DISABLED
Mon Jun 29 18:13:34 2015 us=75353   tmp_dir = 'C:\Users\ADMINI~1\AppData\Local\Temp\'
Mon Jun 29 18:13:34 2015 us=75353   push_ifconfig_defined = DISABLED
Mon Jun 29 18:13:34 2015 us=75353   push_ifconfig_local = 0.0.0.0
Mon Jun 29 18:13:34 2015 us=75353   push_ifconfig_remote_netmask = 0.0.0.0
Mon Jun 29 18:13:34 2015 us=75353   push_ifconfig_ipv6_defined = DISABLED
Mon Jun 29 18:13:34 2015 us=75353   push_ifconfig_ipv6_local = ::/0
Mon Jun 29 18:13:34 2015 us=75353   push_ifconfig_ipv6_remote = ::
Mon Jun 29 18:13:34 2015 us=75353   enable_c2c = DISABLED
Mon Jun 29 18:13:34 2015 us=75353   duplicate_cn = DISABLED
Mon Jun 29 18:13:34 2015 us=75353   cf_max = 0
Mon Jun 29 18:13:34 2015 us=75353   cf_per = 0
Mon Jun 29 18:13:34 2015 us=75353   max_clients = 1024
Mon Jun 29 18:13:34 2015 us=75353   max_routes_per_client = 256
Mon Jun 29 18:13:34 2015 us=75353   auth_user_pass_verify_script = '[UNDEF]'
Mon Jun 29 18:13:34 2015 us=75353   auth_user_pass_verify_script_via_file = DISABLED
Mon Jun 29 18:13:34 2015 us=75353   client = ENABLED
Mon Jun 29 18:13:34 2015 us=75353   pull = ENABLED
Mon Jun 29 18:13:34 2015 us=75353   auth_user_pass_file = '[UNDEF]'
Mon Jun 29 18:13:34 2015 us=75353   show_net_up = DISABLED
Mon Jun 29 18:13:34 2015 us=75353   route_method = 0
Mon Jun 29 18:13:34 2015 us=75353   ip_win32_defined = DISABLED
Mon Jun 29 18:13:34 2015 us=75353   ip_win32_type = 3
Mon Jun 29 18:13:34 2015 us=75353   dhcp_masq_offset = 0
Mon Jun 29 18:13:34 2015 us=75353   dhcp_lease_time = 31536000
Mon Jun 29 18:13:34 2015 us=75353   tap_sleep = 0
Mon Jun 29 18:13:34 2015 us=75353   dhcp_options = DISABLED
Mon Jun 29 18:13:34 2015 us=75353   dhcp_renew = DISABLED
Mon Jun 29 18:13:34 2015 us=75353   dhcp_pre_release = DISABLED
Mon Jun 29 18:13:34 2015 us=75353   dhcp_release = DISABLED
Mon Jun 29 18:13:34 2015 us=75353   domain = '[UNDEF]'
Mon Jun 29 18:13:34 2015 us=75353   netbios_scope = '[UNDEF]'
Mon Jun 29 18:13:34 2015 us=75353   netbios_node_type = 0
Mon Jun 29 18:13:34 2015 us=75353   disable_nbt = DISABLED
Mon Jun 29 18:13:34 2015 us=75353 OpenVPN 2.3.6 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Mar 19 2015
Mon Jun 29 18:13:34 2015 us=75353 library versions: OpenSSL 1.0.1m 19 Mar 2015, LZO 2.08
Enter Management Password:
Mon Jun 29 18:13:34 2015 us=76353 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Mon Jun 29 18:13:34 2015 us=76353 Need hold release from management interface, waiting...
Mon Jun 29 18:13:34 2015 us=564381 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Mon Jun 29 18:13:34 2015 us=665387 MANAGEMENT: CMD 'state on'
Mon Jun 29 18:13:34 2015 us=665387 MANAGEMENT: CMD 'log all on'
Mon Jun 29 18:13:34 2015 us=729390 MANAGEMENT: CMD 'hold off'
Mon Jun 29 18:13:34 2015 us=730390 MANAGEMENT: CMD 'hold release'
Mon Jun 29 18:13:34 2015 us=730390 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Mon Jun 29 18:13:34 2015 us=810395 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
Mon Jun 29 18:13:34 2015 us=810395 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Mon Jun 29 18:13:34 2015 us=810395 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Mon Jun 29 18:13:34 2015 us=810395 LZO compression initialized
Mon Jun 29 18:13:34 2015 us=810395 Control Channel MTU parms [ L:1602 D:210 EF:110 EB:0 ET:0 EL:0 ]
Mon Jun 29 18:13:34 2015 us=810395 Socket Buffers: R=[8192->8192] S=[8192->8192]
Mon Jun 29 18:13:34 2015 us=810395 MANAGEMENT: >STATE:1435616014,RESOLVE,,,
Mon Jun 29 18:13:34 2015 us=811395 Data Channel MTU parms [ L:1602 D:1450 EF:102 EB:135 ET:0 EL:0 AF:3/1 ]
Mon Jun 29 18:13:34 2015 us=811395 Local Options String: 'V4,dev-type tun,link-mtu 1602,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-client'
Mon Jun 29 18:13:34 2015 us=811395 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1602,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-server'
Mon Jun 29 18:13:34 2015 us=811395 Local Options hash (VER=V4): 'a5d50645'
Mon Jun 29 18:13:34 2015 us=811395 Expected Remote Options hash (VER=V4): '14d315e7'
Mon Jun 29 18:13:34 2015 us=811395 UDPv4 link local (bound): [undef]
Mon Jun 29 18:13:34 2015 us=811395 UDPv4 link remote: [AF_INET]192.168.1.79:1194
Mon Jun 29 18:13:34 2015 us=811395 MANAGEMENT: >STATE:1435616014,WAIT,,,
Mon Jun 29 18:14:34 2015 us=871830 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Mon Jun 29 18:14:34 2015 us=871830 TLS Error: TLS handshake failed
Mon Jun 29 18:14:34 2015 us=871830 TCP/UDP: Closing socket
Mon Jun 29 18:14:34 2015 us=871830 SIGUSR1[soft,tls-error] received, process restarting
Mon Jun 29 18:14:34 2015 us=871830 MANAGEMENT: >STATE:1435616074,RECONNECTING,tls-error,,
Mon Jun 29 18:14:34 2015 us=871830 Restart pause, 2 second(s)
Mon Jun 29 18:14:36 2015 us=871945 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Mon Jun 29 18:14:36 2015 us=871945 Re-using SSL/TLS context
Mon Jun 29 18:14:36 2015 us=871945 LZO compression initialized
Mon Jun 29 18:14:36 2015 us=871945 Control Channel MTU parms [ L:1602 D:210 EF:110 EB:0 ET:0 EL:0 ]
Mon Jun 29 18:14:36 2015 us=871945 Socket Buffers: R=[8192->8192] S=[8192->8192]
Mon Jun 29 18:14:36 2015 us=871945 MANAGEMENT: >STATE:1435616076,RESOLVE,,,
Mon Jun 29 18:14:36 2015 us=872945 Data Channel MTU parms [ L:1602 D:1450 EF:102 EB:135 ET:0 EL:0 AF:3/1 ]
Mon Jun 29 18:14:36 2015 us=872945 Local Options String: 'V4,dev-type tun,link-mtu 1602,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-client'
Mon Jun 29 18:14:36 2015 us=872945 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1602,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-server'
Mon Jun 29 18:14:36 2015 us=872945 Local Options hash (VER=V4): 'a5d50645'
Mon Jun 29 18:14:36 2015 us=872945 Expected Remote Options hash (VER=V4): '14d315e7'
Mon Jun 29 18:14:36 2015 us=872945 UDPv4 link local (bound): [undef]
Mon Jun 29 18:14:36 2015 us=872945 UDPv4 link remote: [AF_INET]192.168.1.79:1194
Mon Jun 29 18:14:36 2015 us=872945 MANAGEMENT: >STATE:1435616076,WAIT,,,
Mon Jun 29 18:14:38 2015 us=118016 TCP/UDP: Closing socket
Mon Jun 29 18:14:38 2015 us=118016 SIGTERM[hard,] received, process exiting
Mon Jun 29 18:14:38 2015 us=118016 MANAGEMENT: >STATE:1435616078,EXITING,SIGTERM,,
WWWWWW

server log.

Code: Select all

Mon Jun 29 18:13:50 2015 us=849645 Current Parameter Settings:
Mon Jun 29 18:13:50 2015 us=849871   config = '/etc/openvpn/server.conf'
Mon Jun 29 18:13:50 2015 us=849925   mode = 1
Mon Jun 29 18:13:50 2015 us=849973   persist_config = DISABLED
Mon Jun 29 18:13:50 2015 us=850020   persist_mode = 1
Mon Jun 29 18:13:50 2015 us=850068   show_ciphers = DISABLED
Mon Jun 29 18:13:50 2015 us=850115   show_digests = DISABLED
Mon Jun 29 18:13:50 2015 us=850162   show_engines = DISABLED
Mon Jun 29 18:13:50 2015 us=850218   genkey = DISABLED
Mon Jun 29 18:13:50 2015 us=850266   key_pass_file = '[UNDEF]'
Mon Jun 29 18:13:50 2015 us=850314   show_tls_ciphers = DISABLED
Mon Jun 29 18:13:50 2015 us=850657 Connection profiles [default]:
Mon Jun 29 18:13:50 2015 us=850731   proto = udp
Mon Jun 29 18:13:50 2015 us=850780   local = '[UNDEF]'
Mon Jun 29 18:13:50 2015 us=850828   local_port = 1194
Mon Jun 29 18:13:50 2015 us=850876   remote = '[UNDEF]'
Mon Jun 29 18:13:50 2015 us=850923   remote_port = 1194
Mon Jun 29 18:13:50 2015 us=850971   remote_float = DISABLED
Mon Jun 29 18:13:50 2015 us=851017   bind_defined = DISABLED
Mon Jun 29 18:13:50 2015 us=851065   bind_local = ENABLED
Mon Jun 29 18:13:50 2015 us=851114   connect_retry_seconds = 5
Mon Jun 29 18:13:50 2015 us=851161   connect_timeout = 10
Mon Jun 29 18:13:50 2015 us=851210   connect_retry_max = 0
Mon Jun 29 18:13:50 2015 us=851257   socks_proxy_server = '[UNDEF]'
Mon Jun 29 18:13:50 2015 us=851305   socks_proxy_port = 0
Mon Jun 29 18:13:50 2015 us=851352   socks_proxy_retry = DISABLED
Mon Jun 29 18:13:50 2015 us=851399   tun_mtu = 1500
Mon Jun 29 18:13:50 2015 us=851447   tun_mtu_defined = ENABLED
Mon Jun 29 18:13:50 2015 us=851494   link_mtu = 1500
Mon Jun 29 18:13:50 2015 us=851541   link_mtu_defined = DISABLED
Mon Jun 29 18:13:50 2015 us=851589   tun_mtu_extra = 0
Mon Jun 29 18:13:50 2015 us=851637   tun_mtu_extra_defined = DISABLED
Mon Jun 29 18:13:50 2015 us=851685   mtu_discover_type = -1
Mon Jun 29 18:13:50 2015 us=851732   fragment = 0
Mon Jun 29 18:13:50 2015 us=851780   mssfix = 1450
Mon Jun 29 18:13:50 2015 us=851828   explicit_exit_notification = 0
Mon Jun 29 18:13:50 2015 us=851876 Connection profiles END
Mon Jun 29 18:13:50 2015 us=851924   remote_random = DISABLED
Mon Jun 29 18:13:50 2015 us=851971   ipchange = '[UNDEF]'
Mon Jun 29 18:13:50 2015 us=852018   dev = 'tun'
Mon Jun 29 18:13:50 2015 us=852066   dev_type = '[UNDEF]'
Mon Jun 29 18:13:50 2015 us=852113   dev_node = '[UNDEF]'
Mon Jun 29 18:13:50 2015 us=852160   lladdr = '[UNDEF]'
Mon Jun 29 18:13:50 2015 us=852207   topology = 1
Mon Jun 29 18:13:50 2015 us=852254   tun_ipv6 = DISABLED
Mon Jun 29 18:13:50 2015 us=852303   ifconfig_local = '10.8.0.1'
Mon Jun 29 18:13:50 2015 us=852364   ifconfig_remote_netmask = '10.8.0.2'
Mon Jun 29 18:13:50 2015 us=852418   ifconfig_noexec = DISABLED
Mon Jun 29 18:13:50 2015 us=852468   ifconfig_nowarn = DISABLED
Mon Jun 29 18:13:50 2015 us=852517   ifconfig_ipv6_local = '[UNDEF]'
Mon Jun 29 18:13:50 2015 us=852567   ifconfig_ipv6_netbits = 0
Mon Jun 29 18:13:50 2015 us=852619   ifconfig_ipv6_remote = '[UNDEF]'
Mon Jun 29 18:13:50 2015 us=852673   shaper = 0
Mon Jun 29 18:13:50 2015 us=852725   mtu_test = 0
Mon Jun 29 18:13:50 2015 us=852775   mlock = DISABLED
Mon Jun 29 18:13:50 2015 us=852825   keepalive_ping = 10
Mon Jun 29 18:13:50 2015 us=852876   keepalive_timeout = 120
Mon Jun 29 18:13:50 2015 us=852929   inactivity_timeout = 0
Mon Jun 29 18:13:50 2015 us=852979   ping_send_timeout = 10
Mon Jun 29 18:13:50 2015 us=853031   ping_rec_timeout = 240
Mon Jun 29 18:13:50 2015 us=853082   ping_rec_timeout_action = 2
Mon Jun 29 18:13:50 2015 us=853131   ping_timer_remote = DISABLED
Mon Jun 29 18:13:50 2015 us=853182   remap_sigusr1 = 0
Mon Jun 29 18:13:50 2015 us=853234   persist_tun = ENABLED
Mon Jun 29 18:13:50 2015 us=853285   persist_local_ip = DISABLED
Mon Jun 29 18:13:50 2015 us=853332   persist_remote_ip = DISABLED
Mon Jun 29 18:13:50 2015 us=853380   persist_key = ENABLED
Mon Jun 29 18:13:50 2015 us=853429   passtos = DISABLED
Mon Jun 29 18:13:50 2015 us=853481   resolve_retry_seconds = 1000000000
Mon Jun 29 18:13:50 2015 us=853572   username = 'nobody'
Mon Jun 29 18:13:50 2015 us=853626   groupname = 'nogroup'
Mon Jun 29 18:13:50 2015 us=853677   chroot_dir = '[UNDEF]'
Mon Jun 29 18:13:50 2015 us=853726   cd_dir = '/etc/openvpn'
Mon Jun 29 18:13:50 2015 us=853776   writepid = '[UNDEF]'
Mon Jun 29 18:13:50 2015 us=853824   up_script = '[UNDEF]'
Mon Jun 29 18:13:50 2015 us=853873   down_script = '[UNDEF]'
Mon Jun 29 18:13:50 2015 us=853924   down_pre = DISABLED
Mon Jun 29 18:13:50 2015 us=853975   up_restart = DISABLED
Mon Jun 29 18:13:50 2015 us=854022   up_delay = DISABLED
Mon Jun 29 18:13:50 2015 us=854070   daemon = ENABLED
Mon Jun 29 18:13:50 2015 us=854120   inetd = 0
Mon Jun 29 18:13:50 2015 us=854169   log = ENABLED
Mon Jun 29 18:13:50 2015 us=854231   suppress_timestamps = DISABLED
Mon Jun 29 18:13:50 2015 us=854281   nice = 0
Mon Jun 29 18:13:50 2015 us=854331   verbosity = 5
Mon Jun 29 18:13:50 2015 us=854518   mute = 0
Mon Jun 29 18:13:50 2015 us=854580   gremlin = 0
Mon Jun 29 18:13:50 2015 us=854630   status_file = 'openvpn-status.log'
Mon Jun 29 18:13:50 2015 us=854680   status_file_version = 1
Mon Jun 29 18:13:50 2015 us=854730   status_file_update_freq = 10
Mon Jun 29 18:13:50 2015 us=855355   occ = ENABLED
Mon Jun 29 18:13:50 2015 us=855420   rcvbuf = 65536
Mon Jun 29 18:13:50 2015 us=855470   sndbuf = 65536
Mon Jun 29 18:13:50 2015 us=855522   mark = 0
Mon Jun 29 18:13:50 2015 us=855573   sockflags = 0
Mon Jun 29 18:13:50 2015 us=855624   fast_io = DISABLED
Mon Jun 29 18:13:50 2015 us=855675   lzo = 7
Mon Jun 29 18:13:50 2015 us=855723   route_script = '[UNDEF]'
Mon Jun 29 18:13:50 2015 us=855770   route_default_gateway = '[UNDEF]'
Mon Jun 29 18:13:50 2015 us=855894   route_default_metric = 0
Mon Jun 29 18:13:50 2015 us=855949   route_noexec = DISABLED
Mon Jun 29 18:13:50 2015 us=855999   route_delay = 0
Mon Jun 29 18:13:50 2015 us=856047   route_delay_window = 30
Mon Jun 29 18:13:50 2015 us=856098   route_delay_defined = DISABLED
Mon Jun 29 18:13:50 2015 us=856149   route_nopull = DISABLED
Mon Jun 29 18:13:50 2015 us=856201   route_gateway_via_dhcp = DISABLED
Mon Jun 29 18:13:50 2015 us=856253   max_routes = 100
Mon Jun 29 18:13:50 2015 us=856304   allow_pull_fqdn = DISABLED
Mon Jun 29 18:13:50 2015 us=856355   route 10.8.0.0/255.255.255.0/nil/nil
Mon Jun 29 18:13:50 2015 us=856404   management_addr = '[UNDEF]'
Mon Jun 29 18:13:50 2015 us=856454   management_port = 0
Mon Jun 29 18:13:50 2015 us=856505   management_user_pass = '[UNDEF]'
Mon Jun 29 18:13:50 2015 us=856556   management_log_history_cache = 250
Mon Jun 29 18:13:50 2015 us=856608   management_echo_buffer_size = 100
Mon Jun 29 18:13:50 2015 us=856659   management_write_peer_info_file = '[UNDEF]'
Mon Jun 29 18:13:50 2015 us=856709   management_client_user = '[UNDEF]'
Mon Jun 29 18:13:50 2015 us=856759   management_client_group = '[UNDEF]'
Mon Jun 29 18:13:50 2015 us=856809   management_flags = 0
Mon Jun 29 18:13:50 2015 us=856857   shared_secret_file = '[UNDEF]'
Mon Jun 29 18:13:50 2015 us=856908   key_direction = 1
Mon Jun 29 18:13:50 2015 us=856959   ciphername_defined = ENABLED
Mon Jun 29 18:13:50 2015 us=857010   ciphername = 'AES-256-CBC'
Mon Jun 29 18:13:50 2015 us=857060   authname_defined = ENABLED
Mon Jun 29 18:13:50 2015 us=857109   authname = 'SHA512'
Mon Jun 29 18:13:50 2015 us=857158   prng_hash = 'SHA1'
Mon Jun 29 18:13:50 2015 us=857208   prng_nonce_secret_len = 16
Mon Jun 29 18:13:50 2015 us=857256   keysize = 0
Mon Jun 29 18:13:50 2015 us=857303   engine = DISABLED
Mon Jun 29 18:13:50 2015 us=857350   replay = ENABLED
Mon Jun 29 18:13:50 2015 us=857406   mute_replay_warnings = DISABLED
Mon Jun 29 18:13:50 2015 us=857455   replay_window = 64
Mon Jun 29 18:13:50 2015 us=857504   replay_time = 15
Mon Jun 29 18:13:50 2015 us=857726   packet_id_file = '[UNDEF]'
Mon Jun 29 18:13:50 2015 us=857778   use_iv = ENABLED
Mon Jun 29 18:13:50 2015 us=857825   test_crypto = DISABLED
Mon Jun 29 18:13:50 2015 us=857873   tls_server = ENABLED
Mon Jun 29 18:13:50 2015 us=857922   tls_client = DISABLED
Mon Jun 29 18:13:50 2015 us=857971   key_method = 2
Mon Jun 29 18:13:50 2015 us=858064   ca_file = 'ca.crt'
Mon Jun 29 18:13:50 2015 us=858115   ca_path = '[UNDEF]'
Mon Jun 29 18:13:50 2015 us=858165   dh_file = 'dh4096.pem'
Mon Jun 29 18:13:50 2015 us=858214   cert_file = 'server.crt'
Mon Jun 29 18:13:50 2015 us=858264   priv_key_file = 'server.key'
Mon Jun 29 18:13:50 2015 us=858311   pkcs12_file = '[UNDEF]'
Mon Jun 29 18:13:50 2015 us=858442   cipher_list = 'TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256'
Mon Jun 29 18:13:50 2015 us=858499   tls_verify = '[UNDEF]'
Mon Jun 29 18:13:50 2015 us=858547   tls_export_cert = '[UNDEF]'
Mon Jun 29 18:13:50 2015 us=858596   verify_x509_type = 0
Mon Jun 29 18:13:50 2015 us=858644   verify_x509_name = '[UNDEF]'
Mon Jun 29 18:13:50 2015 us=858692   crl_file = '[UNDEF]'
Mon Jun 29 18:13:50 2015 us=858739   ns_cert_type = 0
Mon Jun 29 18:13:50 2015 us=858787   remote_cert_ku[i] = 0
Mon Jun 29 18:13:50 2015 us=858835   remote_cert_ku[i] = 0
Mon Jun 29 18:13:50 2015 us=858884   remote_cert_ku[i] = 0
Mon Jun 29 18:13:50 2015 us=858934   remote_cert_ku[i] = 0
Mon Jun 29 18:13:50 2015 us=858983   remote_cert_ku[i] = 0
Mon Jun 29 18:13:50 2015 us=859032   remote_cert_ku[i] = 0
Mon Jun 29 18:13:50 2015 us=859081   remote_cert_ku[i] = 0
Mon Jun 29 18:13:50 2015 us=859131   remote_cert_ku[i] = 0
Mon Jun 29 18:13:50 2015 us=859179   remote_cert_ku[i] = 0
Mon Jun 29 18:13:50 2015 us=859229   remote_cert_ku[i] = 0
Mon Jun 29 18:13:50 2015 us=859278   remote_cert_ku[i] = 0
Mon Jun 29 18:13:50 2015 us=860227   remote_cert_ku[i] = 0
Mon Jun 29 18:13:50 2015 us=860325   remote_cert_ku[i] = 0
Mon Jun 29 18:13:50 2015 us=860375   remote_cert_ku[i] = 0
Mon Jun 29 18:13:50 2015 us=860422   remote_cert_ku[i] = 0
Mon Jun 29 18:13:50 2015 us=860469   remote_cert_ku[i] = 0
Mon Jun 29 18:13:50 2015 us=860517   remote_cert_eku = '[UNDEF]'
Mon Jun 29 18:13:50 2015 us=860564   ssl_flags = 192
Mon Jun 29 18:13:50 2015 us=860611   tls_timeout = 2
Mon Jun 29 18:13:50 2015 us=860657   renegotiate_bytes = 0
Mon Jun 29 18:13:50 2015 us=860704   renegotiate_packets = 0
Mon Jun 29 18:13:50 2015 us=860752   renegotiate_seconds = 3600
Mon Jun 29 18:13:50 2015 us=860798   handshake_window = 60
Mon Jun 29 18:13:50 2015 us=860845   transition_window = 3600
Mon Jun 29 18:13:50 2015 us=860892   single_session = DISABLED
Mon Jun 29 18:13:50 2015 us=860937   push_peer_info = DISABLED
Mon Jun 29 18:13:50 2015 us=860984   tls_exit = DISABLED
Mon Jun 29 18:13:50 2015 us=861030   tls_auth_file = 'ta.key'
Mon Jun 29 18:13:50 2015 us=861078   pkcs11_protected_authentication = DISABLED
Mon Jun 29 18:13:50 2015 us=861125   pkcs11_protected_authentication = DISABLED
Mon Jun 29 18:13:50 2015 us=861172   pkcs11_protected_authentication = DISABLED
Mon Jun 29 18:13:50 2015 us=861219   pkcs11_protected_authentication = DISABLED
Mon Jun 29 18:13:50 2015 us=861266   pkcs11_protected_authentication = DISABLED
Mon Jun 29 18:13:50 2015 us=861313   pkcs11_protected_authentication = DISABLED
Mon Jun 29 18:13:50 2015 us=861362   pkcs11_protected_authentication = DISABLED
Mon Jun 29 18:13:50 2015 us=861413   pkcs11_protected_authentication = DISABLED
Mon Jun 29 18:13:50 2015 us=861463   pkcs11_protected_authentication = DISABLED
Mon Jun 29 18:13:50 2015 us=861513   pkcs11_protected_authentication = DISABLED
Mon Jun 29 18:13:50 2015 us=861562   pkcs11_protected_authentication = DISABLED
Mon Jun 29 18:13:50 2015 us=861611   pkcs11_protected_authentication = DISABLED
Mon Jun 29 18:13:50 2015 us=861661   pkcs11_protected_authentication = DISABLED
Mon Jun 29 18:13:50 2015 us=861711   pkcs11_protected_authentication = DISABLED
Mon Jun 29 18:13:50 2015 us=861760   pkcs11_protected_authentication = DISABLED
Mon Jun 29 18:13:50 2015 us=861810   pkcs11_protected_authentication = DISABLED
Mon Jun 29 18:13:50 2015 us=861861   pkcs11_private_mode = 00000000
Mon Jun 29 18:13:50 2015 us=861911   pkcs11_private_mode = 00000000
Mon Jun 29 18:13:50 2015 us=861961   pkcs11_private_mode = 00000000
Mon Jun 29 18:13:50 2015 us=862053   pkcs11_private_mode = 00000000
Mon Jun 29 18:13:50 2015 us=862104   pkcs11_private_mode = 00000000
Mon Jun 29 18:13:50 2015 us=862155   pkcs11_private_mode = 00000000
Mon Jun 29 18:13:50 2015 us=862216   pkcs11_private_mode = 00000000
Mon Jun 29 18:13:50 2015 us=862267   pkcs11_private_mode = 00000000
Mon Jun 29 18:13:50 2015 us=862318   pkcs11_private_mode = 00000000
Mon Jun 29 18:13:50 2015 us=862452   pkcs11_private_mode = 00000000
Mon Jun 29 18:13:50 2015 us=862510   pkcs11_private_mode = 00000000
Mon Jun 29 18:13:50 2015 us=862560   pkcs11_private_mode = 00000000
Mon Jun 29 18:13:50 2015 us=862610   pkcs11_private_mode = 00000000
Mon Jun 29 18:13:50 2015 us=862661   pkcs11_private_mode = 00000000
Mon Jun 29 18:13:50 2015 us=862711   pkcs11_private_mode = 00000000
Mon Jun 29 18:13:50 2015 us=862762   pkcs11_private_mode = 00000000
Mon Jun 29 18:13:50 2015 us=862812   pkcs11_cert_private = DISABLED
Mon Jun 29 18:13:50 2015 us=862862   pkcs11_cert_private = DISABLED
Mon Jun 29 18:13:50 2015 us=862912   pkcs11_cert_private = DISABLED
Mon Jun 29 18:13:50 2015 us=862961   pkcs11_cert_private = DISABLED
Mon Jun 29 18:13:50 2015 us=863011   pkcs11_cert_private = DISABLED
Mon Jun 29 18:13:50 2015 us=863061   pkcs11_cert_private = DISABLED
Mon Jun 29 18:13:50 2015 us=863110   pkcs11_cert_private = DISABLED
Mon Jun 29 18:13:50 2015 us=863159   pkcs11_cert_private = DISABLED
Mon Jun 29 18:13:50 2015 us=863208   pkcs11_cert_private = DISABLED
Mon Jun 29 18:13:50 2015 us=863258   pkcs11_cert_private = DISABLED
Mon Jun 29 18:13:50 2015 us=863306   pkcs11_cert_private = DISABLED
Mon Jun 29 18:13:50 2015 us=863356   pkcs11_cert_private = DISABLED
Mon Jun 29 18:13:50 2015 us=863406   pkcs11_cert_private = DISABLED
Mon Jun 29 18:13:50 2015 us=863457   pkcs11_cert_private = DISABLED
Mon Jun 29 18:13:50 2015 us=863506   pkcs11_cert_private = DISABLED
Mon Jun 29 18:13:50 2015 us=863555   pkcs11_cert_private = DISABLED
Mon Jun 29 18:13:50 2015 us=863607   pkcs11_pin_cache_period = -1
Mon Jun 29 18:13:50 2015 us=863658   pkcs11_id = '[UNDEF]'
Mon Jun 29 18:13:50 2015 us=863708   pkcs11_id_management = DISABLED
Mon Jun 29 18:13:50 2015 us=863782   server_network = 10.8.0.0
Mon Jun 29 18:13:50 2015 us=863842   server_netmask = 255.255.255.0
Mon Jun 29 18:13:50 2015 us=863899   server_network_ipv6 = ::
Mon Jun 29 18:13:50 2015 us=863951   server_netbits_ipv6 = 0
Mon Jun 29 18:13:50 2015 us=864010   server_bridge_ip = 0.0.0.0
Mon Jun 29 18:13:50 2015 us=864065   server_bridge_netmask = 0.0.0.0
Mon Jun 29 18:13:50 2015 us=864125   server_bridge_pool_start = 0.0.0.0
Mon Jun 29 18:13:50 2015 us=864182   server_bridge_pool_end = 0.0.0.0
Mon Jun 29 18:13:50 2015 us=864240   push_entry = 'redirect-gateway def1 bypass-dhcp'
Mon Jun 29 18:13:50 2015 us=864292   push_entry = 'dhcp-option DNS 10.8.0.1'
Mon Jun 29 18:13:50 2015 us=864346   push_entry = 'route 10.8.0.1'
Mon Jun 29 18:13:50 2015 us=864400   push_entry = 'topology net30'
Mon Jun 29 18:13:50 2015 us=864451   push_entry = 'ping 10'
Mon Jun 29 18:13:50 2015 us=864502   push_entry = 'ping-restart 120'
Mon Jun 29 18:13:50 2015 us=864551   ifconfig_pool_defined = ENABLED
Mon Jun 29 18:13:50 2015 us=864607   ifconfig_pool_start = 10.8.0.4
Mon Jun 29 18:13:50 2015 us=864662   ifconfig_pool_end = 10.8.0.251
Mon Jun 29 18:13:50 2015 us=864718   ifconfig_pool_netmask = 0.0.0.0
Mon Jun 29 18:13:50 2015 us=864771   ifconfig_pool_persist_filename = 'ipp.txt'
Mon Jun 29 18:13:50 2015 us=864823   ifconfig_pool_persist_refresh_freq = 600
Mon Jun 29 18:13:50 2015 us=864876   ifconfig_ipv6_pool_defined = DISABLED
Mon Jun 29 18:13:50 2015 us=864931   ifconfig_ipv6_pool_base = ::
Mon Jun 29 18:13:50 2015 us=864980   ifconfig_ipv6_pool_netbits = 0
Mon Jun 29 18:13:50 2015 us=865034   n_bcast_buf = 256
Mon Jun 29 18:13:50 2015 us=865085   tcp_queue_limit = 64
Mon Jun 29 18:13:50 2015 us=865134   real_hash_size = 256
Mon Jun 29 18:13:50 2015 us=865185   virtual_hash_size = 256
Mon Jun 29 18:13:50 2015 us=865237   client_connect_script = '[UNDEF]'
Mon Jun 29 18:13:50 2015 us=865291   learn_address_script = '[UNDEF]'
Mon Jun 29 18:13:50 2015 us=865384   client_disconnect_script = '[UNDEF]'
Mon Jun 29 18:13:50 2015 us=865439   client_config_dir = '[UNDEF]'
Mon Jun 29 18:13:50 2015 us=865490   ccd_exclusive = DISABLED
Mon Jun 29 18:13:50 2015 us=865546   tmp_dir = '/tmp'
Mon Jun 29 18:13:50 2015 us=865598   push_ifconfig_defined = DISABLED
Mon Jun 29 18:13:50 2015 us=865658   push_ifconfig_local = 0.0.0.0
Mon Jun 29 18:13:50 2015 us=865718   push_ifconfig_remote_netmask = 0.0.0.0
Mon Jun 29 18:13:50 2015 us=865769   push_ifconfig_ipv6_defined = DISABLED
Mon Jun 29 18:13:50 2015 us=865823   push_ifconfig_ipv6_local = ::/0
Mon Jun 29 18:13:50 2015 us=865875   push_ifconfig_ipv6_remote = ::
Mon Jun 29 18:13:50 2015 us=865922   enable_c2c = DISABLED
Mon Jun 29 18:13:50 2015 us=865971   duplicate_cn = DISABLED
Mon Jun 29 18:13:50 2015 us=866019   cf_max = 0
Mon Jun 29 18:13:50 2015 us=866067   cf_per = 0
Mon Jun 29 18:13:50 2015 us=866115   max_clients = 1024
Mon Jun 29 18:13:50 2015 us=866164   max_routes_per_client = 256
Mon Jun 29 18:13:50 2015 us=866221   auth_user_pass_verify_script = '[UNDEF]'
Mon Jun 29 18:13:50 2015 us=866270   auth_user_pass_verify_script_via_file = DISABLED
Mon Jun 29 18:13:50 2015 us=866318   port_share_host = '[UNDEF]'
Mon Jun 29 18:13:50 2015 us=868881   port_share_port = 0
Mon Jun 29 18:13:50 2015 us=868985   client = DISABLED
Mon Jun 29 18:13:50 2015 us=869036   pull = DISABLED
Mon Jun 29 18:13:50 2015 us=869085   auth_user_pass_file = '[UNDEF]'
Mon Jun 29 18:13:50 2015 us=869140 OpenVPN 2.3.4 i586-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Dec  1 2014
Mon Jun 29 18:13:50 2015 us=869206 library versions: OpenSSL 1.0.2c 12 Jun 2015, LZO 2.08
Mon Jun 29 18:13:50 2015 us=869911 NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x.  Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
Mon Jun 29 18:13:52 2015 us=184773 Diffie-Hellman initialized with 4096 bit key
Mon Jun 29 18:13:52 2015 us=185960 WARNING: file 'server.key' is group or others accessible
Mon Jun 29 18:13:52 2015 us=187290 WARNING: file 'ta.key' is group or others accessible
Mon Jun 29 18:13:52 2015 us=187364 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
Mon Jun 29 18:13:52 2015 us=187451 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Mon Jun 29 18:13:52 2015 us=187507 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Mon Jun 29 18:13:52 2015 us=187559 TLS-Auth MTU parms [ L:1602 D:210 EF:110 EB:0 ET:0 EL:0 ]
Mon Jun 29 18:13:52 2015 us=187629 Socket Buffers: R=[163840->131072] S=[163840->131072]
Mon Jun 29 18:13:52 2015 us=187963 ROUTE_GATEWAY 192.168.1.254/255.255.255.0 IFACE=wlan0 HWADDR=00:15:af:bd:51:c4
Mon Jun 29 18:13:52 2015 us=188097 ERROR: Cannot open TUN/TAP dev /dev/net/tun: No such file or directory (errno=2)
Mon Jun 29 18:13:52 2015 us=188132 Exiting due to fatal error

The log files got interesting.

[Traffic]

Mon Jun 29 18:13:52 2015 us=188097 ERROR: Cannot open TUN/TAP dev /dev/net/tun: No such file or directory (errno=2)
Mon Jun 29 18:13:52 2015 us=188132 Exiting due to fatal error


The log files got interesting.

Did you install the TAP adapter ?

[thak]

I'm having the same exact error. When we bump our AS from TLS 1.0 to 1.2, I cannot connect from my Win7 VM. Here's the relevant error.

Tue Jun 30 12:14:29 2015 TLS: Initial packet from [AF_INET]52.5.2.40:1194, sid=42660130 0004b4cb
Tue Jun 30 12:15:29 2015 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Tue Jun 30 12:15:29 2015 TLS Error: TLS handshake failed
Tue Jun 30 12:15:29 2015 SIGUSR1[soft,tls-error] received, process restarting
Tue Jun 30 12:15:29 2015 MANAGEMENT: >STATE:1435680929,RECONNECTING,tls-error,,
Tue Jun 30 12:15:29 2015 Restart pause, 2 second(s)
Tue Jun 30 12:15:29 2015 MANAGEMENT: CMD 'exit'
Tue Jun 30 12:15:29 2015 MANAGEMENT: Client disconnected
Tue Jun 30 12:15:29 2015 MANAGEMENT: Triggering management exit
Tue Jun 30 12:15:29 2015 SIGTERM[soft,management-exit] received, process exiting
Tue Jun 30 12:15:29 2015 MANAGEMENT: >STATE:1435680929,EXITING,management-exit,,

Strangely enough, connecting from my OS X desktop works just fine. I have no idea why the Windows OpenVPN client would be rejecting this and not the Mac.

Any ideas?

[shamil]

Apparently debian has made a change as i am running nothing but testing on all of my hardware. Disabling tls web authentication was the only thing to bring up the no tun interface. I'm used to scouring log files. But, hey, you pointed me in the right direction. I have since re-enabled tls web authentication.

Back to debian, tun in linux is not normally a module, but, apparently now it is. modprobe tun immediately added to rc.local.

But, just for the hell of it, before i revert things back to a lower verbage. Here's the log files of a successful connection. If you don't mind critiquing. Idk what else i might be doing wrong or the order I have things in my config files.

Cleaned up client config.

Code: Select all

client
dev tun
tls-version-min 1.2
proto udp
remote temp-server 1194
resolv-retry infinite
;nobind
persist-key
persist-tun
mute-replay-warnings
ca ca.crt
cert harcong.crt
key harcong.key
auth SHA512
tls-client
tls-cipher TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256
remote-cert-eku "TLS Web Server Authentication"
tls-auth ta.key 1
cipher AES-256-CBC   # AES
comp-lzo
verb 5

Cleaned up server config.

Code: Select all

port 1194
proto udp
dev tun
tls-version-min 1.2
ca ca.crt
cert server.crt
key server.key  # This file should be kept secret
dh dh4096.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 10.8.0.1"
keepalive 10 120
auth SHA512
tls-cipher TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256
remote-cert-eku "TLS Web Client Authentication"
tls-server
tls-auth ta.key 0
cipher AES-256-CBC   # AES
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
log         openvpn.log
verb 5

[shamil]

Client log.

Code: Select all

Tue Jun 30 21:47:45 2015 us=797090 Current Parameter Settings:
Tue Jun 30 21:47:45 2015 us=798090   config = 'temp_vpn.ovpn'
Tue Jun 30 21:47:45 2015 us=798090   mode = 0
Tue Jun 30 21:47:45 2015 us=798090   show_ciphers = DISABLED
Tue Jun 30 21:47:45 2015 us=798090   show_digests = DISABLED
Tue Jun 30 21:47:45 2015 us=798090   show_engines = DISABLED
Tue Jun 30 21:47:45 2015 us=798090   genkey = DISABLED
Tue Jun 30 21:47:45 2015 us=798090   key_pass_file = '[UNDEF]'
Tue Jun 30 21:47:45 2015 us=798090   show_tls_ciphers = DISABLED
Tue Jun 30 21:47:45 2015 us=798090 Connection profiles [default]:
Tue Jun 30 21:47:45 2015 us=798090   proto = udp
Tue Jun 30 21:47:45 2015 us=798090   local = '[UNDEF]'
Tue Jun 30 21:47:45 2015 us=798090   local_port = 1194
Tue Jun 30 21:47:45 2015 us=798090   remote = 'temp-server'
Tue Jun 30 21:47:45 2015 us=798090   remote_port = 1194
Tue Jun 30 21:47:45 2015 us=798090   remote_float = DISABLED
Tue Jun 30 21:47:45 2015 us=798090   bind_defined = DISABLED
Tue Jun 30 21:47:45 2015 us=798090   bind_local = ENABLED
Tue Jun 30 21:47:45 2015 us=798090   connect_retry_seconds = 5
Tue Jun 30 21:47:45 2015 us=798090   connect_timeout = 10
Tue Jun 30 21:47:45 2015 us=798090   connect_retry_max = 0
Tue Jun 30 21:47:45 2015 us=798090   socks_proxy_server = '[UNDEF]'
Tue Jun 30 21:47:45 2015 us=798090   socks_proxy_port = 0
Tue Jun 30 21:47:45 2015 us=798090   socks_proxy_retry = DISABLED
Tue Jun 30 21:47:45 2015 us=798090   tun_mtu = 1500
Tue Jun 30 21:47:45 2015 us=798090   tun_mtu_defined = ENABLED
Tue Jun 30 21:47:45 2015 us=798090   link_mtu = 1500
Tue Jun 30 21:47:45 2015 us=798090   link_mtu_defined = DISABLED
Tue Jun 30 21:47:45 2015 us=798090   tun_mtu_extra = 0
Tue Jun 30 21:47:45 2015 us=798090   tun_mtu_extra_defined = DISABLED
Tue Jun 30 21:47:45 2015 us=798090   mtu_discover_type = -1
Tue Jun 30 21:47:45 2015 us=798090   fragment = 0
Tue Jun 30 21:47:45 2015 us=798090   mssfix = 1450
Tue Jun 30 21:47:45 2015 us=798090   explicit_exit_notification = 0
Tue Jun 30 21:47:45 2015 us=798090 Connection profiles END
Tue Jun 30 21:47:45 2015 us=798090   remote_random = DISABLED
Tue Jun 30 21:47:45 2015 us=798090   ipchange = '[UNDEF]'
Tue Jun 30 21:47:45 2015 us=798090   dev = 'tun'
Tue Jun 30 21:47:45 2015 us=798090   dev_type = '[UNDEF]'
Tue Jun 30 21:47:45 2015 us=798090   dev_node = '[UNDEF]'
Tue Jun 30 21:47:45 2015 us=798090   lladdr = '[UNDEF]'
Tue Jun 30 21:47:45 2015 us=798090   topology = 1
Tue Jun 30 21:47:45 2015 us=798090   tun_ipv6 = DISABLED
Tue Jun 30 21:47:45 2015 us=798090   ifconfig_local = '[UNDEF]'
Tue Jun 30 21:47:45 2015 us=798090   ifconfig_remote_netmask = '[UNDEF]'
Tue Jun 30 21:47:45 2015 us=798090   ifconfig_noexec = DISABLED
Tue Jun 30 21:47:45 2015 us=798090   ifconfig_nowarn = DISABLED
Tue Jun 30 21:47:45 2015 us=798090   ifconfig_ipv6_local = '[UNDEF]'
Tue Jun 30 21:47:45 2015 us=798090   ifconfig_ipv6_netbits = 0
Tue Jun 30 21:47:45 2015 us=798090   ifconfig_ipv6_remote = '[UNDEF]'
Tue Jun 30 21:47:45 2015 us=798090   shaper = 0
Tue Jun 30 21:47:45 2015 us=798090   mtu_test = 0
Tue Jun 30 21:47:45 2015 us=798090   mlock = DISABLED
Tue Jun 30 21:47:45 2015 us=798090   keepalive_ping = 0
Tue Jun 30 21:47:45 2015 us=798090   keepalive_timeout = 0
Tue Jun 30 21:47:45 2015 us=798090   inactivity_timeout = 0
Tue Jun 30 21:47:45 2015 us=798090   ping_send_timeout = 0
Tue Jun 30 21:47:45 2015 us=798090   ping_rec_timeout = 0
Tue Jun 30 21:47:45 2015 us=798090   ping_rec_timeout_action = 0
Tue Jun 30 21:47:45 2015 us=798090   ping_timer_remote = DISABLED
Tue Jun 30 21:47:45 2015 us=798090   remap_sigusr1 = 0
Tue Jun 30 21:47:45 2015 us=798090   persist_tun = ENABLED
Tue Jun 30 21:47:45 2015 us=798090   persist_local_ip = DISABLED
Tue Jun 30 21:47:45 2015 us=798090   persist_remote_ip = DISABLED
Tue Jun 30 21:47:45 2015 us=798090   persist_key = ENABLED
Tue Jun 30 21:47:45 2015 us=798090   passtos = DISABLED
Tue Jun 30 21:47:45 2015 us=798090   resolve_retry_seconds = 1000000000
Tue Jun 30 21:47:45 2015 us=798090   username = '[UNDEF]'
Tue Jun 30 21:47:45 2015 us=798090   groupname = '[UNDEF]'
Tue Jun 30 21:47:45 2015 us=798090   chroot_dir = '[UNDEF]'
Tue Jun 30 21:47:45 2015 us=798090   cd_dir = '[UNDEF]'
Tue Jun 30 21:47:45 2015 us=798090   writepid = '[UNDEF]'
Tue Jun 30 21:47:45 2015 us=798090   up_script = '[UNDEF]'
Tue Jun 30 21:47:45 2015 us=798090   down_script = '[UNDEF]'
Tue Jun 30 21:47:45 2015 us=798090   down_pre = DISABLED
Tue Jun 30 21:47:45 2015 us=798090   up_restart = DISABLED
Tue Jun 30 21:47:45 2015 us=798090   up_delay = DISABLED
Tue Jun 30 21:47:45 2015 us=798090   daemon = DISABLED
Tue Jun 30 21:47:45 2015 us=798090   inetd = 0
Tue Jun 30 21:47:45 2015 us=798090   log = ENABLED
Tue Jun 30 21:47:45 2015 us=798090   suppress_timestamps = DISABLED
Tue Jun 30 21:47:45 2015 us=798090   nice = 0
Tue Jun 30 21:47:45 2015 us=798090   verbosity = 5
Tue Jun 30 21:47:45 2015 us=798090   mute = 0
Tue Jun 30 21:47:45 2015 us=798090   status_file = '[UNDEF]'
Tue Jun 30 21:47:45 2015 us=798090   status_file_version = 1
Tue Jun 30 21:47:45 2015 us=798090   status_file_update_freq = 60
Tue Jun 30 21:47:45 2015 us=798090   occ = ENABLED
Tue Jun 30 21:47:45 2015 us=798090   rcvbuf = 0
Tue Jun 30 21:47:45 2015 us=798090   sndbuf = 0
Tue Jun 30 21:47:45 2015 us=798090   sockflags = 0
Tue Jun 30 21:47:45 2015 us=798090   fast_io = DISABLED
Tue Jun 30 21:47:45 2015 us=798090   lzo = 7
Tue Jun 30 21:47:45 2015 us=798090   route_script = '[UNDEF]'
Tue Jun 30 21:47:45 2015 us=798090   route_default_gateway = '[UNDEF]'
Tue Jun 30 21:47:45 2015 us=798090   route_default_metric = 0
Tue Jun 30 21:47:45 2015 us=798090   route_noexec = DISABLED
Tue Jun 30 21:47:45 2015 us=798090   route_delay = 5
Tue Jun 30 21:47:45 2015 us=798090   route_delay_window = 30
Tue Jun 30 21:47:45 2015 us=798090   route_delay_defined = ENABLED
Tue Jun 30 21:47:45 2015 us=798090   route_nopull = DISABLED
Tue Jun 30 21:47:45 2015 us=798090   route_gateway_via_dhcp = DISABLED
Tue Jun 30 21:47:45 2015 us=798090   max_routes = 100
Tue Jun 30 21:47:45 2015 us=798090   allow_pull_fqdn = DISABLED
Tue Jun 30 21:47:45 2015 us=798090   management_addr = '127.0.0.1'
Tue Jun 30 21:47:45 2015 us=798090   management_port = 25340
Tue Jun 30 21:47:45 2015 us=798090   management_user_pass = 'stdin'
Tue Jun 30 21:47:45 2015 us=798090   management_log_history_cache = 250
Tue Jun 30 21:47:45 2015 us=798090   management_echo_buffer_size = 100
Tue Jun 30 21:47:45 2015 us=798090   management_write_peer_info_file = '[UNDEF]'
Tue Jun 30 21:47:45 2015 us=798090   management_client_user = '[UNDEF]'
Tue Jun 30 21:47:45 2015 us=798090   management_client_group = '[UNDEF]'
Tue Jun 30 21:47:45 2015 us=798090   management_flags = 6
Tue Jun 30 21:47:45 2015 us=798090   shared_secret_file = '[UNDEF]'
Tue Jun 30 21:47:45 2015 us=798090   key_direction = 2
Tue Jun 30 21:47:45 2015 us=798090   ciphername_defined = ENABLED
Tue Jun 30 21:47:45 2015 us=798090   ciphername = 'AES-256-CBC'
Tue Jun 30 21:47:45 2015 us=798090   authname_defined = ENABLED
Tue Jun 30 21:47:45 2015 us=798090   authname = 'SHA512'
Tue Jun 30 21:47:45 2015 us=798090   prng_hash = 'SHA1'
Tue Jun 30 21:47:45 2015 us=798090   prng_nonce_secret_len = 16
Tue Jun 30 21:47:45 2015 us=798090   keysize = 0
Tue Jun 30 21:47:45 2015 us=798090   engine = DISABLED
Tue Jun 30 21:47:45 2015 us=798090   replay = ENABLED
Tue Jun 30 21:47:45 2015 us=798090   mute_replay_warnings = ENABLED
Tue Jun 30 21:47:45 2015 us=798090   replay_window = 64
Tue Jun 30 21:47:45 2015 us=798090   replay_time = 15
Tue Jun 30 21:47:45 2015 us=798090   packet_id_file = '[UNDEF]'
Tue Jun 30 21:47:45 2015 us=798090   use_iv = ENABLED
Tue Jun 30 21:47:45 2015 us=798090   test_crypto = DISABLED
Tue Jun 30 21:47:45 2015 us=798090   tls_server = DISABLED
Tue Jun 30 21:47:45 2015 us=798090   tls_client = ENABLED
Tue Jun 30 21:47:45 2015 us=798090   key_method = 2
Tue Jun 30 21:47:45 2015 us=798090   ca_file = 'ca.crt'
Tue Jun 30 21:47:45 2015 us=798090   ca_path = '[UNDEF]'
Tue Jun 30 21:47:45 2015 us=798090   dh_file = '[UNDEF]'
Tue Jun 30 21:47:45 2015 us=798090   cert_file = 'harcong.crt'
Tue Jun 30 21:47:45 2015 us=798090   priv_key_file = 'harcong.key'
Tue Jun 30 21:47:45 2015 us=798090   pkcs12_file = '[UNDEF]'
Tue Jun 30 21:47:45 2015 us=798090   cryptoapi_cert = '[UNDEF]'
Tue Jun 30 21:47:45 2015 us=798090   cipher_list = 'TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256'
Tue Jun 30 21:47:45 2015 us=798090   tls_verify = '[UNDEF]'
Tue Jun 30 21:47:45 2015 us=798090   tls_export_cert = '[UNDEF]'
Tue Jun 30 21:47:45 2015 us=798090   verify_x509_type = 0
Tue Jun 30 21:47:45 2015 us=798090   verify_x509_name = '[UNDEF]'
Tue Jun 30 21:47:45 2015 us=798090   crl_file = '[UNDEF]'
Tue Jun 30 21:47:45 2015 us=798090   ns_cert_type = 0
Tue Jun 30 21:47:45 2015 us=798090   remote_cert_ku[i] = 0
Tue Jun 30 21:47:45 2015 us=798090   remote_cert_ku[i] = 0
Tue Jun 30 21:47:45 2015 us=798090   remote_cert_ku[i] = 0
Tue Jun 30 21:47:45 2015 us=798090   remote_cert_ku[i] = 0
Tue Jun 30 21:47:45 2015 us=798090   remote_cert_ku[i] = 0
Tue Jun 30 21:47:45 2015 us=798090   remote_cert_ku[i] = 0
Tue Jun 30 21:47:45 2015 us=798090   remote_cert_ku[i] = 0
Tue Jun 30 21:47:45 2015 us=798090   remote_cert_ku[i] = 0
Tue Jun 30 21:47:45 2015 us=798090   remote_cert_ku[i] = 0
Tue Jun 30 21:47:45 2015 us=798090   remote_cert_ku[i] = 0
Tue Jun 30 21:47:45 2015 us=798090   remote_cert_ku[i] = 0
Tue Jun 30 21:47:45 2015 us=798090   remote_cert_ku[i] = 0
Tue Jun 30 21:47:45 2015 us=798090   remote_cert_ku[i] = 0
Tue Jun 30 21:47:45 2015 us=798090   remote_cert_ku[i] = 0
Tue Jun 30 21:47:45 2015 us=798090   remote_cert_ku[i] = 0
Tue Jun 30 21:47:45 2015 us=798090   remote_cert_ku[i] = 0
Tue Jun 30 21:47:45 2015 us=798090   remote_cert_eku = 'TLS Web Server Authentication'
Tue Jun 30 21:47:45 2015 us=798090   ssl_flags = 192
Tue Jun 30 21:47:45 2015 us=798090   tls_timeout = 2
Tue Jun 30 21:47:45 2015 us=798090   renegotiate_bytes = 0
Tue Jun 30 21:47:45 2015 us=798090   renegotiate_packets = 0
Tue Jun 30 21:47:45 2015 us=798090   renegotiate_seconds = 3600
Tue Jun 30 21:47:45 2015 us=798090   handshake_window = 60
Tue Jun 30 21:47:45 2015 us=798090   transition_window = 3600
Tue Jun 30 21:47:45 2015 us=798090   single_session = DISABLED
Tue Jun 30 21:47:45 2015 us=798090   push_peer_info = DISABLED
Tue Jun 30 21:47:45 2015 us=798090   tls_exit = DISABLED
Tue Jun 30 21:47:45 2015 us=798090   tls_auth_file = 'ta.key'
Tue Jun 30 21:47:45 2015 us=798090   pkcs11_protected_authentication = DISABLED
Tue Jun 30 21:47:45 2015 us=798090   pkcs11_protected_authentication = DISABLED
Tue Jun 30 21:47:45 2015 us=798090   pkcs11_protected_authentication = DISABLED
Tue Jun 30 21:47:45 2015 us=798090   pkcs11_protected_authentication = DISABLED
Tue Jun 30 21:47:45 2015 us=798090   pkcs11_protected_authentication = DISABLED
Tue Jun 30 21:47:45 2015 us=798090   pkcs11_protected_authentication = DISABLED
Tue Jun 30 21:47:45 2015 us=798090   pkcs11_protected_authentication = DISABLED
Tue Jun 30 21:47:45 2015 us=798090   pkcs11_protected_authentication = DISABLED
Tue Jun 30 21:47:45 2015 us=798090   pkcs11_protected_authentication = DISABLED
Tue Jun 30 21:47:45 2015 us=798090   pkcs11_protected_authentication = DISABLED
Tue Jun 30 21:47:45 2015 us=798090   pkcs11_protected_authentication = DISABLED
Tue Jun 30 21:47:45 2015 us=798090   pkcs11_protected_authentication = DISABLED
Tue Jun 30 21:47:45 2015 us=798090   pkcs11_protected_authentication = DISABLED
Tue Jun 30 21:47:45 2015 us=798090   pkcs11_protected_authentication = DISABLED
Tue Jun 30 21:47:45 2015 us=798090   pkcs11_protected_authentication = DISABLED
Tue Jun 30 21:47:45 2015 us=798090   pkcs11_protected_authentication = DISABLED
Tue Jun 30 21:47:45 2015 us=798090   pkcs11_private_mode = 00000000
Tue Jun 30 21:47:45 2015 us=798090   pkcs11_private_mode = 00000000
Tue Jun 30 21:47:45 2015 us=798090   pkcs11_private_mode = 00000000
Tue Jun 30 21:47:45 2015 us=798090   pkcs11_private_mode = 00000000
Tue Jun 30 21:47:45 2015 us=798090   pkcs11_private_mode = 00000000
Tue Jun 30 21:47:45 2015 us=798090   pkcs11_private_mode = 00000000
Tue Jun 30 21:47:45 2015 us=798090   pkcs11_private_mode = 00000000
Tue Jun 30 21:47:45 2015 us=799090   pkcs11_private_mode = 00000000
Tue Jun 30 21:47:45 2015 us=799090   pkcs11_private_mode = 00000000
Tue Jun 30 21:47:45 2015 us=799090   pkcs11_private_mode = 00000000
Tue Jun 30 21:47:45 2015 us=799090   pkcs11_private_mode = 00000000
Tue Jun 30 21:47:45 2015 us=799090   pkcs11_private_mode = 00000000
Tue Jun 30 21:47:45 2015 us=799090   pkcs11_private_mode = 00000000
Tue Jun 30 21:47:45 2015 us=799090   pkcs11_private_mode = 00000000
Tue Jun 30 21:47:45 2015 us=799090   pkcs11_private_mode = 00000000
Tue Jun 30 21:47:45 2015 us=799090   pkcs11_private_mode = 00000000
Tue Jun 30 21:47:45 2015 us=799090   pkcs11_cert_private = DISABLED
Tue Jun 30 21:47:45 2015 us=799090   pkcs11_cert_private = DISABLED
Tue Jun 30 21:47:45 2015 us=799090   pkcs11_cert_private = DISABLED
Tue Jun 30 21:47:45 2015 us=799090   pkcs11_cert_private = DISABLED
Tue Jun 30 21:47:45 2015 us=799090   pkcs11_cert_private = DISABLED
Tue Jun 30 21:47:45 2015 us=799090   pkcs11_cert_private = DISABLED
Tue Jun 30 21:47:45 2015 us=799090   pkcs11_cert_private = DISABLED
Tue Jun 30 21:47:45 2015 us=799090   pkcs11_cert_private = DISABLED
Tue Jun 30 21:47:45 2015 us=799090   pkcs11_cert_private = DISABLED
Tue Jun 30 21:47:45 2015 us=799090   pkcs11_cert_private = DISABLED
Tue Jun 30 21:47:45 2015 us=799090   pkcs11_cert_private = DISABLED
Tue Jun 30 21:47:45 2015 us=799090   pkcs11_cert_private = DISABLED
Tue Jun 30 21:47:45 2015 us=799090   pkcs11_cert_private = DISABLED
Tue Jun 30 21:47:45 2015 us=799090   pkcs11_cert_private = DISABLED
Tue Jun 30 21:47:45 2015 us=799090   pkcs11_cert_private = DISABLED
Tue Jun 30 21:47:45 2015 us=799090   pkcs11_cert_private = DISABLED
Tue Jun 30 21:47:45 2015 us=799090   pkcs11_pin_cache_period = -1
Tue Jun 30 21:47:45 2015 us=799090   pkcs11_id = '[UNDEF]'
Tue Jun 30 21:47:45 2015 us=799090   pkcs11_id_management = DISABLED
Tue Jun 30 21:47:45 2015 us=799090   server_network = 0.0.0.0
Tue Jun 30 21:47:45 2015 us=799090   server_netmask = 0.0.0.0
Tue Jun 30 21:47:45 2015 us=799090   server_network_ipv6 = ::
Tue Jun 30 21:47:45 2015 us=799090   server_netbits_ipv6 = 0
Tue Jun 30 21:47:45 2015 us=799090   server_bridge_ip = 0.0.0.0
Tue Jun 30 21:47:45 2015 us=799090   server_bridge_netmask = 0.0.0.0
Tue Jun 30 21:47:45 2015 us=799090   server_bridge_pool_start = 0.0.0.0
Tue Jun 30 21:47:45 2015 us=799090   server_bridge_pool_end = 0.0.0.0
Tue Jun 30 21:47:45 2015 us=799090   ifconfig_pool_defined = DISABLED
Tue Jun 30 21:47:45 2015 us=799090   ifconfig_pool_start = 0.0.0.0
Tue Jun 30 21:47:45 2015 us=799090   ifconfig_pool_end = 0.0.0.0
Tue Jun 30 21:47:45 2015 us=799090   ifconfig_pool_netmask = 0.0.0.0
Tue Jun 30 21:47:45 2015 us=799090   ifconfig_pool_persist_filename = '[UNDEF]'
Tue Jun 30 21:47:45 2015 us=799090   ifconfig_pool_persist_refresh_freq = 600
Tue Jun 30 21:47:45 2015 us=799090   ifconfig_ipv6_pool_defined = DISABLED
Tue Jun 30 21:47:45 2015 us=799090   ifconfig_ipv6_pool_base = ::
Tue Jun 30 21:47:45 2015 us=799090   ifconfig_ipv6_pool_netbits = 0
Tue Jun 30 21:47:45 2015 us=799090   n_bcast_buf = 256
Tue Jun 30 21:47:45 2015 us=799090   tcp_queue_limit = 64
Tue Jun 30 21:47:45 2015 us=799090   real_hash_size = 256
Tue Jun 30 21:47:45 2015 us=799090   virtual_hash_size = 256
Tue Jun 30 21:47:45 2015 us=799090   client_connect_script = '[UNDEF]'
Tue Jun 30 21:47:45 2015 us=799090   learn_address_script = '[UNDEF]'
Tue Jun 30 21:47:45 2015 us=799090   client_disconnect_script = '[UNDEF]'
Tue Jun 30 21:47:45 2015 us=799090   client_config_dir = '[UNDEF]'
Tue Jun 30 21:47:45 2015 us=799090   ccd_exclusive = DISABLED
Tue Jun 30 21:47:45 2015 us=799090   tmp_dir = 'C:\Users\ADMINI~1\AppData\Local\Temp\'
Tue Jun 30 21:47:45 2015 us=799090   push_ifconfig_defined = DISABLED
Tue Jun 30 21:47:45 2015 us=799090   push_ifconfig_local = 0.0.0.0
Tue Jun 30 21:47:45 2015 us=799090   push_ifconfig_remote_netmask = 0.0.0.0
Tue Jun 30 21:47:45 2015 us=799090   push_ifconfig_ipv6_defined = DISABLED
Tue Jun 30 21:47:45 2015 us=799090   push_ifconfig_ipv6_local = ::/0
Tue Jun 30 21:47:45 2015 us=799090   push_ifconfig_ipv6_remote = ::
Tue Jun 30 21:47:45 2015 us=799090   enable_c2c = DISABLED
Tue Jun 30 21:47:45 2015 us=799090   duplicate_cn = DISABLED
Tue Jun 30 21:47:45 2015 us=799090   cf_max = 0
Tue Jun 30 21:47:45 2015 us=799090   cf_per = 0
Tue Jun 30 21:47:45 2015 us=799090   max_clients = 1024
Tue Jun 30 21:47:45 2015 us=799090   max_routes_per_client = 256
Tue Jun 30 21:47:45 2015 us=799090   auth_user_pass_verify_script = '[UNDEF]'
Tue Jun 30 21:47:45 2015 us=799090   auth_user_pass_verify_script_via_file = DISABLED
Tue Jun 30 21:47:45 2015 us=799090   client = ENABLED
Tue Jun 30 21:47:45 2015 us=799090   pull = ENABLED
Tue Jun 30 21:47:45 2015 us=799090   auth_user_pass_file = '[UNDEF]'
Tue Jun 30 21:47:45 2015 us=799090   show_net_up = DISABLED
Tue Jun 30 21:47:45 2015 us=799090   route_method = 0
Tue Jun 30 21:47:45 2015 us=799090   ip_win32_defined = DISABLED
Tue Jun 30 21:47:45 2015 us=799090   ip_win32_type = 3
Tue Jun 30 21:47:45 2015 us=799090   dhcp_masq_offset = 0
Tue Jun 30 21:47:45 2015 us=799090   dhcp_lease_time = 31536000
Tue Jun 30 21:47:45 2015 us=799090   tap_sleep = 0
Tue Jun 30 21:47:45 2015 us=799090   dhcp_options = DISABLED
Tue Jun 30 21:47:45 2015 us=799090   dhcp_renew = DISABLED
Tue Jun 30 21:47:45 2015 us=799090   dhcp_pre_release = DISABLED
Tue Jun 30 21:47:45 2015 us=799090   dhcp_release = DISABLED
Tue Jun 30 21:47:45 2015 us=799090   domain = '[UNDEF]'
Tue Jun 30 21:47:45 2015 us=799090   netbios_scope = '[UNDEF]'
Tue Jun 30 21:47:45 2015 us=799090   netbios_node_type = 0
Tue Jun 30 21:47:45 2015 us=799090   disable_nbt = DISABLED
Tue Jun 30 21:47:45 2015 us=799090 OpenVPN 2.3.6 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Mar 19 2015
Tue Jun 30 21:47:45 2015 us=799090 library versions: OpenSSL 1.0.1m 19 Mar 2015, LZO 2.08
Enter Management Password:
Tue Jun 30 21:47:45 2015 us=799090 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Tue Jun 30 21:47:45 2015 us=799090 Need hold release from management interface, waiting...
Tue Jun 30 21:47:46 2015 us=281118 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Tue Jun 30 21:47:46 2015 us=381124 MANAGEMENT: CMD 'state on'
Tue Jun 30 21:47:46 2015 us=381124 MANAGEMENT: CMD 'log all on'
Tue Jun 30 21:47:46 2015 us=465128 MANAGEMENT: CMD 'hold off'
Tue Jun 30 21:47:46 2015 us=466128 MANAGEMENT: CMD 'hold release'
Tue Jun 30 21:47:46 2015 us=546133 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
Tue Jun 30 21:47:46 2015 us=546133 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Tue Jun 30 21:47:46 2015 us=546133 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Tue Jun 30 21:47:46 2015 us=546133 LZO compression initialized
Tue Jun 30 21:47:46 2015 us=546133 Control Channel MTU parms [ L:1602 D:210 EF:110 EB:0 ET:0 EL:0 ]
Tue Jun 30 21:47:46 2015 us=546133 Socket Buffers: R=[8192->8192] S=[8192->8192]
Tue Jun 30 21:47:46 2015 us=546133 MANAGEMENT: >STATE:1435715266,RESOLVE,,,
Tue Jun 30 21:47:46 2015 us=556134 Data Channel MTU parms [ L:1602 D:1450 EF:102 EB:135 ET:0 EL:0 AF:3/1 ]
Tue Jun 30 21:47:46 2015 us=556134 Local Options String: 'V4,dev-type tun,link-mtu 1602,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-client'
Tue Jun 30 21:47:46 2015 us=556134 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1602,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-server'
Tue Jun 30 21:47:46 2015 us=556134 Local Options hash (VER=V4): 'a5d50645'
Tue Jun 30 21:47:46 2015 us=556134 Expected Remote Options hash (VER=V4): '14d315e7'
Tue Jun 30 21:47:46 2015 us=556134 UDPv4 link local (bound): [undef]
Tue Jun 30 21:47:46 2015 us=556134 UDPv4 link remote: [AF_INET]192.168.1.79:1194
Tue Jun 30 21:47:46 2015 us=556134 MANAGEMENT: >STATE:1435715266,WAIT,,,
Tue Jun 30 21:47:53 2015 us=647539 MANAGEMENT: >STATE:1435715273,AUTH,,,
Tue Jun 30 21:47:53 2015 us=647539 TLS: Initial packet from [AF_INET]192.168.1.79:1194, sid=96f277ca 52118ade
Tue Jun 30 21:47:55 2015 us=360637 VERIFY OK: depth=1, C=US, ST=AK, L=Juneau, O=temp.net, OU=temp_vpn, CN=temp.net CA, name=server, emailAddress=admin@temp.net
Tue Jun 30 21:47:55 2015 us=361637 Validating certificate extended key usage
Tue Jun 30 21:47:55 2015 us=361637 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Tue Jun 30 21:47:55 2015 us=361637 VERIFY EKU OK
Tue Jun 30 21:47:55 2015 us=361637 VERIFY OK: depth=0, C=US, ST=AK, L=Juneau, O=temp.net, OU=temp_vpn, CN=server, name=server, emailAddress=admin@temp.net
Tue Jun 30 21:47:56 2015 us=831721 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Tue Jun 30 21:47:56 2015 us=831721 Data Channel Encrypt: Using 512 bit message hash 'SHA512' for HMAC authentication
Tue Jun 30 21:47:56 2015 us=831721 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Tue Jun 30 21:47:56 2015 us=831721 Data Channel Decrypt: Using 512 bit message hash 'SHA512' for HMAC authentication
Tue Jun 30 21:47:56 2015 us=831721 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA256, 4096 bit RSA
Tue Jun 30 21:47:56 2015 us=832721 [server] Peer Connection Initiated with [AF_INET]192.168.1.79:1194
Tue Jun 30 21:47:57 2015 us=863780 MANAGEMENT: >STATE:1435715277,GET_CONFIG,,,
Tue Jun 30 21:47:58 2015 us=894839 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Tue Jun 30 21:47:58 2015 us=899840 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 10.8.0.1,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5'
Tue Jun 30 21:47:58 2015 us=899840 OPTIONS IMPORT: timers and/or timeouts modified
Tue Jun 30 21:47:58 2015 us=899840 OPTIONS IMPORT: --ifconfig/up options modified
Tue Jun 30 21:47:58 2015 us=899840 OPTIONS IMPORT: route options modified
Tue Jun 30 21:47:58 2015 us=899840 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Tue Jun 30 21:47:58 2015 us=926841 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Tue Jun 30 21:47:58 2015 us=926841 MANAGEMENT: >STATE:1435715278,ASSIGN_IP,,10.8.0.6,
Tue Jun 30 21:47:58 2015 us=926841 open_tun, tt->ipv6=0
Tue Jun 30 21:47:58 2015 us=927841 TAP-WIN32 device [Local Area Connection 2] opened: \\.\Global\{72A1087F-9F57-464D-86A8-464CEF000EFA}.tap
Tue Jun 30 21:47:58 2015 us=927841 TAP-Windows Driver Version 9.21 
Tue Jun 30 21:47:58 2015 us=927841 TAP-Windows MTU=1500
Tue Jun 30 21:47:58 2015 us=928841 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.8.0.6/255.255.255.252 on interface {72A1087F-9F57-464D-86A8-464CEF000EFA} [DHCP-serv: 10.8.0.5, lease-time: 31536000]
Tue Jun 30 21:47:58 2015 us=928841 DHCP option string: 06040a08 0001
Tue Jun 30 21:47:58 2015 us=928841 Successful ARP Flush on interface [27] {72A1087F-9F57-464D-86A8-464CEF000EFA}
Tue Jun 30 21:48:03 2015 us=340094 TEST ROUTES: 2/2 succeeded len=1 ret=1 a=0 u/d=up
Tue Jun 30 21:48:03 2015 us=340094 C:\Windows\system32\route.exe ADD 192.168.1.79 MASK 255.255.255.255 192.168.1.254 IF 11
Tue Jun 30 21:48:03 2015 us=341094 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
Tue Jun 30 21:48:03 2015 us=341094 Route addition via IPAPI succeeded [adaptive]
Tue Jun 30 21:48:03 2015 us=341094 C:\Windows\system32\route.exe ADD 192.168.1.254 MASK 255.255.255.255 192.168.1.254 IF 11
Tue Jun 30 21:48:03 2015 us=342094 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
Tue Jun 30 21:48:03 2015 us=342094 Route addition via IPAPI succeeded [adaptive]
Tue Jun 30 21:48:03 2015 us=342094 C:\Windows\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.8.0.5
Tue Jun 30 21:48:03 2015 us=347094 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
Tue Jun 30 21:48:03 2015 us=347094 Route addition via IPAPI succeeded [adaptive]
Tue Jun 30 21:48:03 2015 us=347094 C:\Windows\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.8.0.5
Tue Jun 30 21:48:03 2015 us=351094 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
Tue Jun 30 21:48:03 2015 us=351094 Route addition via IPAPI succeeded [adaptive]
Tue Jun 30 21:48:03 2015 us=351094 MANAGEMENT: >STATE:1435715283,ADD_ROUTES,,,
Tue Jun 30 21:48:03 2015 us=352094 C:\Windows\system32\route.exe ADD 10.8.0.1 MASK 255.255.255.255 10.8.0.5
Tue Jun 30 21:48:03 2015 us=361095 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
Tue Jun 30 21:48:03 2015 us=361095 Route addition via IPAPI succeeded [adaptive]
Tue Jun 30 21:48:03 2015 us=361095 Initialization Sequence Completed
Tue Jun 30 21:48:03 2015 us=361095 MANAGEMENT: >STATE:1435715283,CONNECTED,SUCCESS,10.8.0.6,192.168.1.79
Tue Jun 30 21:54:10 2015 us=463092 TCP/UDP: Closing socket
Tue Jun 30 21:54:10 2015 us=466092 C:\Windows\system32\route.exe DELETE 10.8.0.1 MASK 255.255.255.255 10.8.0.5
Tue Jun 30 21:54:10 2015 us=470092 Route deletion via IPAPI succeeded [adaptive]
Tue Jun 30 21:54:10 2015 us=471092 C:\Windows\system32\route.exe DELETE 192.168.1.79 MASK 255.255.255.255 192.168.1.254
Tue Jun 30 21:54:10 2015 us=476093 Route deletion via IPAPI succeeded [adaptive]
Tue Jun 30 21:54:10 2015 us=476093 C:\Windows\system32\route.exe DELETE 192.168.1.254 MASK 255.255.255.255 192.168.1.254
Tue Jun 30 21:54:10 2015 us=477093 Route deletion via IPAPI succeeded [adaptive]
Tue Jun 30 21:54:10 2015 us=477093 C:\Windows\system32\route.exe DELETE 0.0.0.0 MASK 128.0.0.0 10.8.0.5
Tue Jun 30 21:54:10 2015 us=478093 Route deletion via IPAPI succeeded [adaptive]
Tue Jun 30 21:54:10 2015 us=478093 C:\Windows\system32\route.exe DELETE 128.0.0.0 MASK 128.0.0.0 10.8.0.5
Tue Jun 30 21:54:10 2015 us=479093 Route deletion via IPAPI succeeded [adaptive]
Tue Jun 30 21:54:10 2015 us=479093 Closing TUN/TAP interface
Tue Jun 30 21:54:10 2015 us=479093 SIGTERM[hard,] received, process exiting
Tue Jun 30 21:54:10 2015 us=479093 MANAGEMENT: >STATE:1435715650,EXITING,SIGTERM,,
WWWRWWWRRWRWR

[shamil]

Server log.

Code: Select all

Tue Jun 30 21:47:57 2015 us=204913 Current Parameter Settings:
Tue Jun 30 21:47:57 2015 us=205123   config = '/etc/openvpn/server.conf'
Tue Jun 30 21:47:57 2015 us=205165   mode = 1
Tue Jun 30 21:47:57 2015 us=205203   persist_config = DISABLED
Tue Jun 30 21:47:57 2015 us=205240   persist_mode = 1
Tue Jun 30 21:47:57 2015 us=205276   show_ciphers = DISABLED
Tue Jun 30 21:47:57 2015 us=205313   show_digests = DISABLED
Tue Jun 30 21:47:57 2015 us=205349   show_engines = DISABLED
Tue Jun 30 21:47:57 2015 us=205385   genkey = DISABLED
Tue Jun 30 21:47:57 2015 us=205421   key_pass_file = '[UNDEF]'
Tue Jun 30 21:47:57 2015 us=205458   show_tls_ciphers = DISABLED
Tue Jun 30 21:47:57 2015 us=205493 Connection profiles [default]:
Tue Jun 30 21:47:57 2015 us=205531   proto = udp
Tue Jun 30 21:47:57 2015 us=205567   local = '[UNDEF]'
Tue Jun 30 21:47:57 2015 us=205604   local_port = 1194
Tue Jun 30 21:47:57 2015 us=205640   remote = '[UNDEF]'
Tue Jun 30 21:47:57 2015 us=205676   remote_port = 1194
Tue Jun 30 21:47:57 2015 us=205712   remote_float = DISABLED
Tue Jun 30 21:47:57 2015 us=205748   bind_defined = DISABLED
Tue Jun 30 21:47:57 2015 us=205784   bind_local = ENABLED
Tue Jun 30 21:47:57 2015 us=205820   connect_retry_seconds = 5
Tue Jun 30 21:47:57 2015 us=205857   connect_timeout = 10
Tue Jun 30 21:47:57 2015 us=205893   connect_retry_max = 0
Tue Jun 30 21:47:57 2015 us=205929   socks_proxy_server = '[UNDEF]'
Tue Jun 30 21:47:57 2015 us=205966   socks_proxy_port = 0
Tue Jun 30 21:47:57 2015 us=206002   socks_proxy_retry = DISABLED
Tue Jun 30 21:47:57 2015 us=206038   tun_mtu = 1500
Tue Jun 30 21:47:57 2015 us=206074   tun_mtu_defined = ENABLED
Tue Jun 30 21:47:57 2015 us=206110   link_mtu = 1500
Tue Jun 30 21:47:57 2015 us=206146   link_mtu_defined = DISABLED
Tue Jun 30 21:47:57 2015 us=206183   tun_mtu_extra = 0
Tue Jun 30 21:47:57 2015 us=206218   tun_mtu_extra_defined = DISABLED
Tue Jun 30 21:47:57 2015 us=206255   mtu_discover_type = -1
Tue Jun 30 21:47:57 2015 us=206291   fragment = 0
Tue Jun 30 21:47:57 2015 us=206327   mssfix = 1450
Tue Jun 30 21:47:57 2015 us=206363   explicit_exit_notification = 0
Tue Jun 30 21:47:57 2015 us=206399 Connection profiles END
Tue Jun 30 21:47:57 2015 us=206435   remote_random = DISABLED
Tue Jun 30 21:47:57 2015 us=206472   ipchange = '[UNDEF]'
Tue Jun 30 21:47:57 2015 us=206507   dev = 'tun'
Tue Jun 30 21:47:57 2015 us=206544   dev_type = '[UNDEF]'
Tue Jun 30 21:47:57 2015 us=206580   dev_node = '[UNDEF]'
Tue Jun 30 21:47:57 2015 us=206615   lladdr = '[UNDEF]'
Tue Jun 30 21:47:57 2015 us=206652   topology = 1
Tue Jun 30 21:47:57 2015 us=206694   tun_ipv6 = DISABLED
Tue Jun 30 21:47:57 2015 us=206731   ifconfig_local = '10.8.0.1'
Tue Jun 30 21:47:57 2015 us=206768   ifconfig_remote_netmask = '10.8.0.2'
Tue Jun 30 21:47:57 2015 us=206804   ifconfig_noexec = DISABLED
Tue Jun 30 21:47:57 2015 us=206841   ifconfig_nowarn = DISABLED
Tue Jun 30 21:47:57 2015 us=206877   ifconfig_ipv6_local = '[UNDEF]'
Tue Jun 30 21:47:57 2015 us=206914   ifconfig_ipv6_netbits = 0
Tue Jun 30 21:47:57 2015 us=206950   ifconfig_ipv6_remote = '[UNDEF]'
Tue Jun 30 21:47:57 2015 us=206987   shaper = 0
Tue Jun 30 21:47:57 2015 us=207024   mtu_test = 0
Tue Jun 30 21:47:57 2015 us=207060   mlock = DISABLED
Tue Jun 30 21:47:57 2015 us=207096   keepalive_ping = 10
Tue Jun 30 21:47:57 2015 us=207133   keepalive_timeout = 120
Tue Jun 30 21:47:57 2015 us=207169   inactivity_timeout = 0
Tue Jun 30 21:47:57 2015 us=207206   ping_send_timeout = 10
Tue Jun 30 21:47:57 2015 us=207242   ping_rec_timeout = 240
Tue Jun 30 21:47:57 2015 us=207278   ping_rec_timeout_action = 2
Tue Jun 30 21:47:57 2015 us=207314   ping_timer_remote = DISABLED
Tue Jun 30 21:47:57 2015 us=207350   remap_sigusr1 = 0
Tue Jun 30 21:47:57 2015 us=207393   persist_tun = ENABLED
Tue Jun 30 21:47:57 2015 us=207438   persist_local_ip = DISABLED
Tue Jun 30 21:47:57 2015 us=207475   persist_remote_ip = DISABLED
Tue Jun 30 21:47:57 2015 us=207511   persist_key = ENABLED
Tue Jun 30 21:47:57 2015 us=207586   passtos = DISABLED
Tue Jun 30 21:47:57 2015 us=207646   resolve_retry_seconds = 1000000000
Tue Jun 30 21:47:57 2015 us=207731   username = 'nobody'
Tue Jun 30 21:47:57 2015 us=207783   groupname = 'nogroup'
Tue Jun 30 21:47:57 2015 us=207832   chroot_dir = '[UNDEF]'
Tue Jun 30 21:47:57 2015 us=207880   cd_dir = '/etc/openvpn'
Tue Jun 30 21:47:57 2015 us=207929   writepid = '[UNDEF]'
Tue Jun 30 21:47:57 2015 us=207978   up_script = '[UNDEF]'
Tue Jun 30 21:47:57 2015 us=208027   down_script = '[UNDEF]'
Tue Jun 30 21:47:57 2015 us=208074   down_pre = DISABLED
Tue Jun 30 21:47:57 2015 us=208123   up_restart = DISABLED
Tue Jun 30 21:47:57 2015 us=208170   up_delay = DISABLED
Tue Jun 30 21:47:57 2015 us=208218   daemon = ENABLED
Tue Jun 30 21:47:57 2015 us=208264   inetd = 0
Tue Jun 30 21:47:57 2015 us=208314   log = ENABLED
Tue Jun 30 21:47:57 2015 us=208363   suppress_timestamps = DISABLED
Tue Jun 30 21:47:57 2015 us=208412   nice = 0
Tue Jun 30 21:47:57 2015 us=208458   verbosity = 5
Tue Jun 30 21:47:57 2015 us=208508   mute = 0
Tue Jun 30 21:47:57 2015 us=208558   gremlin = 0
Tue Jun 30 21:47:57 2015 us=208607   status_file = 'openvpn-status.log'
Tue Jun 30 21:47:57 2015 us=208655   status_file_version = 1
Tue Jun 30 21:47:57 2015 us=208704   status_file_update_freq = 10
Tue Jun 30 21:47:57 2015 us=208754   occ = ENABLED
Tue Jun 30 21:47:57 2015 us=208803   rcvbuf = 65536
Tue Jun 30 21:47:57 2015 us=208852   sndbuf = 65536
Tue Jun 30 21:47:57 2015 us=208897   mark = 0
Tue Jun 30 21:47:57 2015 us=208944   sockflags = 0
Tue Jun 30 21:47:57 2015 us=208993   fast_io = DISABLED
Tue Jun 30 21:47:57 2015 us=209043   lzo = 7
Tue Jun 30 21:47:57 2015 us=209092   route_script = '[UNDEF]'
Tue Jun 30 21:47:57 2015 us=209139   route_default_gateway = '[UNDEF]'
Tue Jun 30 21:47:57 2015 us=209188   route_default_metric = 0
Tue Jun 30 21:47:57 2015 us=209237   route_noexec = DISABLED
Tue Jun 30 21:47:57 2015 us=209283   route_delay = 0
Tue Jun 30 21:47:57 2015 us=209330   route_delay_window = 30
Tue Jun 30 21:47:57 2015 us=209380   route_delay_defined = DISABLED
Tue Jun 30 21:47:57 2015 us=209427   route_nopull = DISABLED
Tue Jun 30 21:47:57 2015 us=209476   route_gateway_via_dhcp = DISABLED
Tue Jun 30 21:47:57 2015 us=209528   max_routes = 100
Tue Jun 30 21:47:57 2015 us=209575   allow_pull_fqdn = DISABLED
Tue Jun 30 21:47:57 2015 us=209625   route 10.8.0.0/255.255.255.0/nil/nil
Tue Jun 30 21:47:57 2015 us=209672   management_addr = '[UNDEF]'
Tue Jun 30 21:47:57 2015 us=209722   management_port = 0
Tue Jun 30 21:47:57 2015 us=209772   management_user_pass = '[UNDEF]'
Tue Jun 30 21:47:57 2015 us=209824   management_log_history_cache = 250
Tue Jun 30 21:47:57 2015 us=209874   management_echo_buffer_size = 100
Tue Jun 30 21:47:57 2015 us=209923   management_write_peer_info_file = '[UNDEF]'
Tue Jun 30 21:47:57 2015 us=209972   management_client_user = '[UNDEF]'
Tue Jun 30 21:47:57 2015 us=210022   management_client_group = '[UNDEF]'
Tue Jun 30 21:47:57 2015 us=210073   management_flags = 0
Tue Jun 30 21:47:57 2015 us=210122   shared_secret_file = '[UNDEF]'
Tue Jun 30 21:47:57 2015 us=210173   key_direction = 1
Tue Jun 30 21:47:57 2015 us=210223   ciphername_defined = ENABLED
Tue Jun 30 21:47:57 2015 us=210274   ciphername = 'AES-256-CBC'
Tue Jun 30 21:47:57 2015 us=210323   authname_defined = ENABLED
Tue Jun 30 21:47:57 2015 us=210372   authname = 'SHA512'
Tue Jun 30 21:47:57 2015 us=210419   prng_hash = 'SHA1'
Tue Jun 30 21:47:57 2015 us=210468   prng_nonce_secret_len = 16
Tue Jun 30 21:47:57 2015 us=210517   keysize = 0
Tue Jun 30 21:47:57 2015 us=210566   engine = DISABLED
Tue Jun 30 21:47:57 2015 us=210616   replay = ENABLED
Tue Jun 30 21:47:57 2015 us=210665   mute_replay_warnings = DISABLED
Tue Jun 30 21:47:57 2015 us=210716   replay_window = 64
Tue Jun 30 21:47:57 2015 us=210765   replay_time = 15
Tue Jun 30 21:47:57 2015 us=210813   packet_id_file = '[UNDEF]'
Tue Jun 30 21:47:57 2015 us=210863   use_iv = ENABLED
Tue Jun 30 21:47:57 2015 us=210912   test_crypto = DISABLED
Tue Jun 30 21:47:57 2015 us=210963   tls_server = ENABLED
Tue Jun 30 21:47:57 2015 us=211014   tls_client = DISABLED
Tue Jun 30 21:47:57 2015 us=211063   key_method = 2
Tue Jun 30 21:47:57 2015 us=211154   ca_file = 'ca.crt'
Tue Jun 30 21:47:57 2015 us=211208   ca_path = '[UNDEF]'
Tue Jun 30 21:47:57 2015 us=211256   dh_file = 'dh4096.pem'
Tue Jun 30 21:47:57 2015 us=211306   cert_file = 'server.crt'
Tue Jun 30 21:47:57 2015 us=211358   priv_key_file = 'server.key'
Tue Jun 30 21:47:57 2015 us=211418   pkcs12_file = '[UNDEF]'
Tue Jun 30 21:47:57 2015 us=211470   cipher_list = 'TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256'
Tue Jun 30 21:47:57 2015 us=211519   tls_verify = '[UNDEF]'
Tue Jun 30 21:47:57 2015 us=211613   tls_export_cert = '[UNDEF]'
Tue Jun 30 21:47:57 2015 us=211671   verify_x509_type = 0
Tue Jun 30 21:47:57 2015 us=211719   verify_x509_name = '[UNDEF]'
Tue Jun 30 21:47:57 2015 us=211768   crl_file = '[UNDEF]'
Tue Jun 30 21:47:57 2015 us=211816   ns_cert_type = 0
Tue Jun 30 21:47:57 2015 us=211866   remote_cert_ku[i] = 0
Tue Jun 30 21:47:57 2015 us=211915   remote_cert_ku[i] = 0
Tue Jun 30 21:47:57 2015 us=211963   remote_cert_ku[i] = 0
Tue Jun 30 21:47:57 2015 us=212013   remote_cert_ku[i] = 0
Tue Jun 30 21:47:57 2015 us=212063   remote_cert_ku[i] = 0
Tue Jun 30 21:47:57 2015 us=212113   remote_cert_ku[i] = 0
Tue Jun 30 21:47:57 2015 us=212161   remote_cert_ku[i] = 0
Tue Jun 30 21:47:57 2015 us=212209   remote_cert_ku[i] = 0
Tue Jun 30 21:47:57 2015 us=212261   remote_cert_ku[i] = 0
Tue Jun 30 21:47:57 2015 us=218072   remote_cert_ku[i] = 0
Tue Jun 30 21:47:57 2015 us=218155   remote_cert_ku[i] = 0
Tue Jun 30 21:47:57 2015 us=218207   remote_cert_ku[i] = 0
Tue Jun 30 21:47:57 2015 us=218258   remote_cert_ku[i] = 0
Tue Jun 30 21:47:57 2015 us=218311   remote_cert_ku[i] = 0
Tue Jun 30 21:47:57 2015 us=218362   remote_cert_ku[i] = 0
Tue Jun 30 21:47:57 2015 us=218411   remote_cert_ku[i] = 0
Tue Jun 30 21:47:57 2015 us=218460   remote_cert_eku = 'TLS Web Client Authentication'
Tue Jun 30 21:47:57 2015 us=218511   ssl_flags = 192
Tue Jun 30 21:47:57 2015 us=218563   tls_timeout = 2
Tue Jun 30 21:47:57 2015 us=218612   renegotiate_bytes = 0
Tue Jun 30 21:47:57 2015 us=218663   renegotiate_packets = 0
Tue Jun 30 21:47:57 2015 us=218713   renegotiate_seconds = 3600
Tue Jun 30 21:47:57 2015 us=218763   handshake_window = 60
Tue Jun 30 21:47:57 2015 us=218811   transition_window = 3600
Tue Jun 30 21:47:57 2015 us=218860   single_session = DISABLED
Tue Jun 30 21:47:57 2015 us=218907   push_peer_info = DISABLED
Tue Jun 30 21:47:57 2015 us=218955   tls_exit = DISABLED
Tue Jun 30 21:47:57 2015 us=219004   tls_auth_file = 'ta.key'
Tue Jun 30 21:47:57 2015 us=219055   pkcs11_protected_authentication = DISABLED
Tue Jun 30 21:47:57 2015 us=219104   pkcs11_protected_authentication = DISABLED
Tue Jun 30 21:47:57 2015 us=219154   pkcs11_protected_authentication = DISABLED
Tue Jun 30 21:47:57 2015 us=219202   pkcs11_protected_authentication = DISABLED
Tue Jun 30 21:47:57 2015 us=219251   pkcs11_protected_authentication = DISABLED
Tue Jun 30 21:47:57 2015 us=219301   pkcs11_protected_authentication = DISABLED
Tue Jun 30 21:47:57 2015 us=219350   pkcs11_protected_authentication = DISABLED
Tue Jun 30 21:47:57 2015 us=219407   pkcs11_protected_authentication = DISABLED
Tue Jun 30 21:47:57 2015 us=219453   pkcs11_protected_authentication = DISABLED
Tue Jun 30 21:47:57 2015 us=219503   pkcs11_protected_authentication = DISABLED
Tue Jun 30 21:47:57 2015 us=219614   pkcs11_protected_authentication = DISABLED
Tue Jun 30 21:47:57 2015 us=219673   pkcs11_protected_authentication = DISABLED
Tue Jun 30 21:47:57 2015 us=219723   pkcs11_protected_authentication = DISABLED
Tue Jun 30 21:47:57 2015 us=219772   pkcs11_protected_authentication = DISABLED
Tue Jun 30 21:47:57 2015 us=219822   pkcs11_protected_authentication = DISABLED
Tue Jun 30 21:47:57 2015 us=219873   pkcs11_protected_authentication = DISABLED
Tue Jun 30 21:47:57 2015 us=219925   pkcs11_private_mode = 00000000
Tue Jun 30 21:47:57 2015 us=219977   pkcs11_private_mode = 00000000
Tue Jun 30 21:47:57 2015 us=220026   pkcs11_private_mode = 00000000
Tue Jun 30 21:47:57 2015 us=220115   pkcs11_private_mode = 00000000
Tue Jun 30 21:47:57 2015 us=220170   pkcs11_private_mode = 00000000
Tue Jun 30 21:47:57 2015 us=220220   pkcs11_private_mode = 00000000
Tue Jun 30 21:47:57 2015 us=220273   pkcs11_private_mode = 00000000
Tue Jun 30 21:47:57 2015 us=220326   pkcs11_private_mode = 00000000
Tue Jun 30 21:47:57 2015 us=220375   pkcs11_private_mode = 00000000
Tue Jun 30 21:47:57 2015 us=220424   pkcs11_private_mode = 00000000
Tue Jun 30 21:47:57 2015 us=220474   pkcs11_private_mode = 00000000
Tue Jun 30 21:47:57 2015 us=220525   pkcs11_private_mode = 00000000
Tue Jun 30 21:47:57 2015 us=220575   pkcs11_private_mode = 00000000
Tue Jun 30 21:47:57 2015 us=220623   pkcs11_private_mode = 00000000
Tue Jun 30 21:47:57 2015 us=220672   pkcs11_private_mode = 00000000
Tue Jun 30 21:47:57 2015 us=220721   pkcs11_private_mode = 00000000
Tue Jun 30 21:47:57 2015 us=220769   pkcs11_cert_private = DISABLED
Tue Jun 30 21:47:57 2015 us=220818   pkcs11_cert_private = DISABLED
Tue Jun 30 21:47:57 2015 us=220870   pkcs11_cert_private = DISABLED
Tue Jun 30 21:47:57 2015 us=220919   pkcs11_cert_private = DISABLED
Tue Jun 30 21:47:57 2015 us=220968   pkcs11_cert_private = DISABLED
Tue Jun 30 21:47:57 2015 us=221015   pkcs11_cert_private = DISABLED
Tue Jun 30 21:47:57 2015 us=221065   pkcs11_cert_private = DISABLED
Tue Jun 30 21:47:57 2015 us=221114   pkcs11_cert_private = DISABLED
Tue Jun 30 21:47:57 2015 us=221162   pkcs11_cert_private = DISABLED
Tue Jun 30 21:47:57 2015 us=221210   pkcs11_cert_private = DISABLED
Tue Jun 30 21:47:57 2015 us=221260   pkcs11_cert_private = DISABLED
Tue Jun 30 21:47:57 2015 us=221309   pkcs11_cert_private = DISABLED
Tue Jun 30 21:47:57 2015 us=221358   pkcs11_cert_private = DISABLED
Tue Jun 30 21:47:57 2015 us=221405   pkcs11_cert_private = DISABLED
Tue Jun 30 21:47:57 2015 us=221450   pkcs11_cert_private = DISABLED
Tue Jun 30 21:47:57 2015 us=221498   pkcs11_cert_private = DISABLED
Tue Jun 30 21:47:57 2015 us=221548   pkcs11_pin_cache_period = -1
Tue Jun 30 21:47:57 2015 us=221599   pkcs11_id = '[UNDEF]'
Tue Jun 30 21:47:57 2015 us=221647   pkcs11_id_management = DISABLED
Tue Jun 30 21:47:57 2015 us=221715   server_network = 10.8.0.0
Tue Jun 30 21:47:57 2015 us=221767   server_netmask = 255.255.255.0
Tue Jun 30 21:47:57 2015 us=221818   server_network_ipv6 = ::
Tue Jun 30 21:47:57 2015 us=221868   server_netbits_ipv6 = 0
Tue Jun 30 21:47:57 2015 us=221925   server_bridge_ip = 0.0.0.0
Tue Jun 30 21:47:57 2015 us=221982   server_bridge_netmask = 0.0.0.0
Tue Jun 30 21:47:57 2015 us=222039   server_bridge_pool_start = 0.0.0.0
Tue Jun 30 21:47:57 2015 us=222095   server_bridge_pool_end = 0.0.0.0
Tue Jun 30 21:47:57 2015 us=222146   push_entry = 'redirect-gateway def1 bypass-dhcp'
Tue Jun 30 21:47:57 2015 us=222196   push_entry = 'dhcp-option DNS 10.8.0.1'
Tue Jun 30 21:47:57 2015 us=222246   push_entry = 'route 10.8.0.1'
Tue Jun 30 21:47:57 2015 us=222296   push_entry = 'topology net30'
Tue Jun 30 21:47:57 2015 us=222345   push_entry = 'ping 10'
Tue Jun 30 21:47:57 2015 us=222396   push_entry = 'ping-restart 120'
Tue Jun 30 21:47:57 2015 us=222446   ifconfig_pool_defined = ENABLED
Tue Jun 30 21:47:57 2015 us=222502   ifconfig_pool_start = 10.8.0.4
Tue Jun 30 21:47:57 2015 us=222557   ifconfig_pool_end = 10.8.0.251
Tue Jun 30 21:47:57 2015 us=222610   ifconfig_pool_netmask = 0.0.0.0
Tue Jun 30 21:47:57 2015 us=222660   ifconfig_pool_persist_filename = 'ipp.txt'
Tue Jun 30 21:47:57 2015 us=222711   ifconfig_pool_persist_refresh_freq = 600
Tue Jun 30 21:47:57 2015 us=222762   ifconfig_ipv6_pool_defined = DISABLED
Tue Jun 30 21:47:57 2015 us=222815   ifconfig_ipv6_pool_base = ::
Tue Jun 30 21:47:57 2015 us=222865   ifconfig_ipv6_pool_netbits = 0
Tue Jun 30 21:47:57 2015 us=222915   n_bcast_buf = 256
Tue Jun 30 21:47:57 2015 us=222965   tcp_queue_limit = 64
Tue Jun 30 21:47:57 2015 us=223015   real_hash_size = 256
Tue Jun 30 21:47:57 2015 us=223065   virtual_hash_size = 256
Tue Jun 30 21:47:57 2015 us=223115   client_connect_script = '[UNDEF]'
Tue Jun 30 21:47:57 2015 us=223204   learn_address_script = '[UNDEF]'
Tue Jun 30 21:47:57 2015 us=223256   client_disconnect_script = '[UNDEF]'
Tue Jun 30 21:47:57 2015 us=223307   client_config_dir = '[UNDEF]'
Tue Jun 30 21:47:57 2015 us=223357   ccd_exclusive = DISABLED
Tue Jun 30 21:47:57 2015 us=223417   tmp_dir = '/tmp'
Tue Jun 30 21:47:57 2015 us=223469   push_ifconfig_defined = DISABLED
Tue Jun 30 21:47:57 2015 us=223710   push_ifconfig_local = 0.0.0.0
Tue Jun 30 21:47:57 2015 us=223792   push_ifconfig_remote_netmask = 0.0.0.0
Tue Jun 30 21:47:57 2015 us=223843   push_ifconfig_ipv6_defined = DISABLED
Tue Jun 30 21:47:57 2015 us=223899   push_ifconfig_ipv6_local = ::/0
Tue Jun 30 21:47:57 2015 us=223952   push_ifconfig_ipv6_remote = ::
Tue Jun 30 21:47:57 2015 us=224004   enable_c2c = DISABLED
Tue Jun 30 21:47:57 2015 us=224052   duplicate_cn = DISABLED
Tue Jun 30 21:47:57 2015 us=224100   cf_max = 0
Tue Jun 30 21:47:57 2015 us=224149   cf_per = 0
Tue Jun 30 21:47:57 2015 us=224800   max_clients = 1024
Tue Jun 30 21:47:57 2015 us=224864   max_routes_per_client = 256
Tue Jun 30 21:47:57 2015 us=224916   auth_user_pass_verify_script = '[UNDEF]'
Tue Jun 30 21:47:57 2015 us=224967   auth_user_pass_verify_script_via_file = DISABLED
Tue Jun 30 21:47:57 2015 us=225017   port_share_host = '[UNDEF]'
Tue Jun 30 21:47:57 2015 us=225067   port_share_port = 0
Tue Jun 30 21:47:57 2015 us=225113   client = DISABLED
Tue Jun 30 21:47:57 2015 us=225160   pull = DISABLED
Tue Jun 30 21:47:57 2015 us=225210   auth_user_pass_file = '[UNDEF]'
Tue Jun 30 21:47:57 2015 us=225266 OpenVPN 2.3.4 i586-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Dec  1 2014
Tue Jun 30 21:47:57 2015 us=225335 library versions: OpenSSL 1.0.2c 12 Jun 2015, LZO 2.08
Tue Jun 30 21:48:00 2015 us=145416 Diffie-Hellman initialized with 4096 bit key
Tue Jun 30 21:48:00 2015 us=397875 WARNING: file 'server.key' is group or others accessible
Tue Jun 30 21:48:00 2015 us=400790 WARNING: file 'ta.key' is group or others accessible
Tue Jun 30 21:48:00 2015 us=400890 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
Tue Jun 30 21:48:00 2015 us=401021 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Tue Jun 30 21:48:00 2015 us=401101 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Tue Jun 30 21:48:00 2015 us=401174 TLS-Auth MTU parms [ L:1602 D:210 EF:110 EB:0 ET:0 EL:0 ]
Tue Jun 30 21:48:00 2015 us=401263 Socket Buffers: R=[163840->131072] S=[163840->131072]
Tue Jun 30 21:48:00 2015 us=401738 ROUTE: default_gateway=UNDEF
Tue Jun 30 21:48:00 2015 us=403025 TUN/TAP device tun0 opened
Tue Jun 30 21:48:00 2015 us=403150 TUN/TAP TX queue length set to 100
Tue Jun 30 21:48:00 2015 us=403228 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Tue Jun 30 21:48:00 2015 us=403331 /sbin/ip link set dev tun0 up mtu 1500
Tue Jun 30 21:48:00 2015 us=417506 /sbin/ip addr add dev tun0 local 10.8.0.1 peer 10.8.0.2
Tue Jun 30 21:48:00 2015 us=439776 /sbin/ip route add 10.8.0.0/24 via 10.8.0.2
Tue Jun 30 21:48:00 2015 us=447172 Data Channel MTU parms [ L:1602 D:1450 EF:102 EB:135 ET:0 EL:0 AF:3/1 ]
Tue Jun 30 21:48:00 2015 us=464108 GID set to nogroup
Tue Jun 30 21:48:00 2015 us=464289 UID set to nobody
Tue Jun 30 21:48:00 2015 us=464370 UDPv4 link local (bound): [undef]
Tue Jun 30 21:48:00 2015 us=464427 UDPv4 link remote: [undef]
Tue Jun 30 21:48:00 2015 us=464504 MULTI: multi_init called, r=256 v=256
Tue Jun 30 21:48:00 2015 us=464730 IFCONFIG POOL: base=10.8.0.4 size=62, ipv6=0
Tue Jun 30 21:48:00 2015 us=684205 ifconfig_pool_read(), in='harcong,10.8.0.4', TODO: IPv6
Tue Jun 30 21:48:00 2015 us=684299 succeeded -> ifconfig_pool_set()
Tue Jun 30 21:48:00 2015 us=684354 IFCONFIG POOL LIST
Tue Jun 30 21:48:00 2015 us=684397 harcong,10.8.0.4
Tue Jun 30 21:48:00 2015 us=684477 Initialization Sequence Completed
Tue Jun 30 21:48:23 2015 us=252270 MULTI: multi_create_instance called
Tue Jun 30 21:48:23 2015 us=252441 192.168.1.76:1194 Re-using SSL/TLS context
Tue Jun 30 21:48:23 2015 us=252607 192.168.1.76:1194 LZO compression initialized
Tue Jun 30 21:48:23 2015 us=253012 192.168.1.76:1194 Control Channel MTU parms [ L:1602 D:210 EF:110 EB:0 ET:0 EL:0 ]
Tue Jun 30 21:48:23 2015 us=253117 192.168.1.76:1194 Data Channel MTU parms [ L:1602 D:1450 EF:102 EB:135 ET:0 EL:0 AF:3/1 ]
Tue Jun 30 21:48:23 2015 us=253256 192.168.1.76:1194 Local Options String: 'V4,dev-type tun,link-mtu 1602,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-server'
Tue Jun 30 21:48:23 2015 us=253313 192.168.1.76:1194 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1602,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-client'
Tue Jun 30 21:48:23 2015 us=253440 192.168.1.76:1194 Local Options hash (VER=V4): '14d315e7'
Tue Jun 30 21:48:23 2015 us=253527 192.168.1.76:1194 Expected Remote Options hash (VER=V4): 'a5d50645'
RTue Jun 30 21:48:23 2015 us=253674 192.168.1.76:1194 TLS: Initial packet from [AF_INET]192.168.1.76:1194, sid=241b5e78 7ce9876e
<..>
Tue Jun 30 21:48:25 2015 us=96918 192.168.1.76:1194 VERIFY OK: depth=1, C=US, ST=AK, L=Juneau, O=temp.net, OU=temp_vpn, CN=temp.net CA, name=server, emailAddress=admin@temp.net
Tue Jun 30 21:48:25 2015 us=102805 192.168.1.76:1194 Validating certificate extended key usage
Tue Jun 30 21:48:25 2015 us=102880 192.168.1.76:1194 ++ Certificate has EKU (str) TLS Web Client Authentication, expects TLS Web Client Authentication
Tue Jun 30 21:48:25 2015 us=102921 192.168.1.76:1194 VERIFY EKU OK
Tue Jun 30 21:48:25 2015 us=102957 192.168.1.76:1194 VERIFY OK: depth=0, C=US, ST=AK, L=Juneau, O=temp.net, OU=temp_vpn, CN=harcong, name=server, emailAddress=admin@temp.net
<..>
Tue Jun 30 21:48:26 2015 us=436035 192.168.1.76:1194 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Tue Jun 30 21:48:26 2015 us=436140 192.168.1.76:1194 Data Channel Encrypt: Using 512 bit message hash 'SHA512' for HMAC authentication
Tue Jun 30 21:48:26 2015 us=436185 192.168.1.76:1194 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Tue Jun 30 21:48:26 2015 us=436239 192.168.1.76:1194 Data Channel Decrypt: Using 512 bit message hash 'SHA512' for HMAC authentication
WWWRRRTue Jun 30 21:48:26 2015 us=440727 192.168.1.76:1194 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA256, 4096 bit RSA
Tue Jun 30 21:48:26 2015 us=440827 192.168.1.76:1194 [harcong] Peer Connection Initiated with [AF_INET]192.168.1.76:1194
Tue Jun 30 21:48:26 2015 us=440917 harcong/192.168.1.76:1194 MULTI_sva: pool returned IPv4=10.8.0.6, IPv6=(Not enabled)
Tue Jun 30 21:48:26 2015 us=441056 harcong/192.168.1.76:1194 MULTI: Learn: 10.8.0.6 -> harcong/192.168.1.76:1194
Tue Jun 30 21:48:26 2015 us=441103 harcong/192.168.1.76:1194 MULTI: primary virtual IP for harcong/192.168.1.76:1194: 10.8.0.6
RTue Jun 30 21:48:28 2015 us=503646 harcong/192.168.1.76:1194 PUSH: Received control message: 'PUSH_REQUEST'
Tue Jun 30 21:48:28 2015 us=503767 harcong/192.168.1.76:1194 send_push_reply(): safe_cap=940
Tue Jun 30 21:48:28 2015 us=504005 harcong/192.168.1.76:1194 SENT CONTROL [harcong]: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 10.8.0.1,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5' (status=1)
<..>
Tue Jun 30 21:48:28 2015 us=579973 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
RTue Jun 30 21:48:28 2015 us=580344 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
RTue Jun 30 21:48:28 2015 us=586789 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
RTue Jun 30 21:48:28 2015 us=605974 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
RTue Jun 30 21:48:28 2015 us=647543 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
RTue Jun 30 21:48:28 2015 us=665709 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
RTue Jun 30 21:48:28 2015 us=666164 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
RTue Jun 30 21:48:28 2015 us=666707 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
RTue Jun 30 21:48:28 2015 us=677739 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
RTue Jun 30 21:48:28 2015 us=678199 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
RTue Jun 30 21:48:28 2015 us=686310 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
RTue Jun 30 21:48:28 2015 us=693339 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
RTue Jun 30 21:48:28 2015 us=728442 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
RTue Jun 30 21:48:28 2015 us=737742 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
RTue Jun 30 21:48:28 2015 us=751242 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
RTue Jun 30 21:48:28 2015 us=758487 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
RTue Jun 30 21:48:28 2015 us=775194 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
RTue Jun 30 21:48:28 2015 us=786707 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
RTue Jun 30 21:48:28 2015 us=795308 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
RTue Jun 30 21:48:28 2015 us=879811 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
RTue Jun 30 21:48:28 2015 us=880190 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
RTue Jun 30 21:48:28 2015 us=880484 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
RTue Jun 30 21:48:28 2015 us=946211 harcong/192.168.1.76:1194 MULTI: bad source address from client [::], packet dropped
RTue Jun 30 21:48:28 2015 us=946700 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
RTue Jun 30 21:48:28 2015 us=947375 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
RTue Jun 30 21:48:28 2015 us=977201 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
RTue Jun 30 21:48:29 2015 us=445002 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
RTue Jun 30 21:48:29 2015 us=587172 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
RTue Jun 30 21:48:29 2015 us=945133 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
RTue Jun 30 21:48:29 2015 us=950501 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
RTue Jun 30 21:48:29 2015 us=980768 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
RTue Jun 30 21:48:29 2015 us=981140 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
RTue Jun 30 21:48:30 2015 us=82063 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
RTue Jun 30 21:48:30 2015 us=446493 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
RTue Jun 30 21:48:31 2015 us=123799 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
RTue Jun 30 21:48:31 2015 us=224084 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
RTue Jun 30 21:48:31 2015 us=590074 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
RTue Jun 30 21:48:31 2015 us=617127 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
RTue Jun 30 21:48:31 2015 us=617582 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
RTue Jun 30 21:48:31 2015 us=618113 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
RTue Jun 30 21:48:31 2015 us=628153 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
RTue Jun 30 21:48:31 2015 us=635877 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
RTue Jun 30 21:48:31 2015 us=644154 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
RTue Jun 30 21:48:31 2015 us=652574 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
RTue Jun 30 21:48:31 2015 us=696824 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
RTue Jun 30 21:48:31 2015 us=704605 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
RTue Jun 30 21:48:31 2015 us=710580 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
RTue Jun 30 21:48:31 2015 us=725865 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
RTue Jun 30 21:48:31 2015 us=735056 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
RTue Jun 30 21:48:31 2015 us=743730 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
RTue Jun 30 21:48:31 2015 us=751659 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
RTue Jun 30 21:48:31 2015 us=963757 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
RTue Jun 30 21:48:31 2015 us=979651 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
RTue Jun 30 21:48:31 2015 us=980233 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
RTue Jun 30 21:48:32 2015 us=79348 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
RTue Jun 30 21:48:32 2015 us=446216 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
RTue Jun 30 21:48:32 2015 us=971262 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
RTue Jun 30 21:48:33 2015 us=681539 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
RTue Jun 30 21:48:33 2015 us=781435 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
RTue Jun 30 21:48:35 2015 us=587502 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
RTue Jun 30 21:48:36 2015 us=239504 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
RTue Jun 30 21:48:36 2015 us=340629 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
RTue Jun 30 21:48:36 2015 us=945650 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
RWwrWRTue Jun 30 21:48:38 2015 us=822547 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
RTue Jun 30 21:48:38 2015 us=921995 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
RwrWRTue Jun 30 21:48:42 2015 us=96685 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
RTue Jun 30 21:48:42 2015 us=197725 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
RwRwRwRwRTue Jun 30 21:48:43 2015 us=588227 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
RwrWRTue Jun 30 21:48:44 2015 us=667378 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
RTue Jun 30 21:48:44 2015 us=768066 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
RwRwRwRwRwrWRTue Jun 30 21:48:47 2015 us=239442 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
RTue Jun 30 21:48:47 2015 us=340561 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
RwrWRTue Jun 30 21:48:49 2015 us=814022 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
RTue Jun 30 21:48:49 2015 us=915880 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
RwRwRwRwRwrWRTue Jun 30 21:48:52 2015 us=385937 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
RTue Jun 30 21:48:52 2015 us=487687 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
RwRwRwrWRTue Jun 30 21:48:54 2015 us=958383 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
RTue Jun 30 21:48:55 2015 us=59389 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
RwRwRwrWRTue Jun 30 21:48:57 2015 us=530847 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
RTue Jun 30 21:48:57 2015 us=632331 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
RTue Jun 30 21:48:58 2015 us=83359 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
RTue Jun 30 21:48:58 2015 us=100859 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
RTue Jun 30 21:48:58 2015 us=109049 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
RTue Jun 30 21:48:58 2015 us=117485 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
RTue Jun 30 21:48:58 2015 us=128020 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
RTue Jun 30 21:48:58 2015 us=134958 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
RTue Jun 30 21:48:58 2015 us=182028 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
RTue Jun 30 21:48:58 2015 us=196518 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
RTue Jun 30 21:48:58 2015 us=205977 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
RTue Jun 30 21:48:58 2015 us=216469 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
RTue Jun 30 21:48:58 2015 us=226786 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
RTue Jun 30 21:48:58 2015 us=235429 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
RTue Jun 30 21:48:59 2015 us=589247 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
<..>
Tue Jun 30 21:49:09 2015 us=757579 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
RTue Jun 30 21:49:09 2015 us=857006 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
<..>
Tue Jun 30 21:49:27 2015 us=484865 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
RTue Jun 30 21:49:27 2015 us=485080 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
RwRwRwRwRwRwRTue Jun 30 21:49:31 2015 us=588942 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
<..>
Tue Jun 30 21:50:00 2015 us=701307 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
RTue Jun 30 21:50:00 2015 us=701587 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
RTue Jun 30 21:50:00 2015 us=703899 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
RTue Jun 30 21:50:00 2015 us=710669 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
RTue Jun 30 21:50:00 2015 us=716710 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
RTue Jun 30 21:50:00 2015 us=779030 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
RTue Jun 30 21:50:00 2015 us=784771 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
RTue Jun 30 21:50:00 2015 us=795383 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
RTue Jun 30 21:50:00 2015 us=806657 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
RTue Jun 30 21:50:00 2015 us=817011 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
<..>
Tue Jun 30 21:50:29 2015 us=948428 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
RTue Jun 30 21:50:30 2015 us=49169 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
<..>
Tue Jun 30 21:50:51 2015 us=898176 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
RTue Jun 30 21:50:51 2015 us=997183 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
<..>
Tue Jun 30 21:51:09 2015 us=512974 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
RTue Jun 30 21:51:09 2015 us=613884 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
<..>
Tue Jun 30 21:52:12 2015 us=92896 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
RTue Jun 30 21:52:12 2015 us=192931 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
<..>
Tue Jun 30 21:52:33 2015 us=896022 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
RwRTue Jun 30 21:52:33 2015 us=909129 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
RTue Jun 30 21:52:33 2015 us=996561 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
RTue Jun 30 21:52:34 2015 us=9036 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
RwRwRwRwRTue Jun 30 21:52:36 2015 us=471878 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
RTue Jun 30 21:52:36 2015 us=571259 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
RwRwRwRwRwRwrWRTue Jun 30 21:52:39 2015 us=226971 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
RTue Jun 30 21:52:39 2015 us=327977 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
RwRwRTue Jun 30 21:52:41 2015 us=795850 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
RwRwRTue Jun 30 21:52:41 2015 us=896679 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
RwRwRwRwRwRwrWRwRwRwRwRTue Jun 30 21:52:51 2015 us=502168 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
RTue Jun 30 21:52:51 2015 us=602226 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
<..>
Tue Jun 30 21:53:54 2015 us=74060 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
RTue Jun 30 21:53:54 2015 us=173722 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
<..>
Tue Jun 30 21:54:15 2015 us=926475 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
RTue Jun 30 21:54:16 2015 us=27352 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
<..>
Tue Jun 30 21:54:33 2015 us=537829 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
RwRTue Jun 30 21:54:33 2015 us=640971 harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped
<..>
Tue Jun 30 21:58:40 2015 us=569044 harcong/192.168.1.76:1194 [harcong] Inactivity timeout (--ping-restart), restarting
Tue Jun 30 21:58:40 2015 us=569272 harcong/192.168.1.76:1194 SIGUSR1[soft,ping-restart] received, client-instance restarting

I connected once with these settings. And here are the logs.

[Traffic]

All looks good ..

Server log:

harcong/192.168.1.76:1194 MULTI: bad source address from client [fe80::84f8:f9dc:b505:63b4], packet dropped

this can be ignored and you can use --mute to stop having your log file spammed by it or

• Configure your server with the relative --client-config-dir & --iroute-ipv6 directives so the server knows where it is from
  • This will probably require more IPv6 related options to be enabled .. eg: --tun-ipv6 --route-ipv6 etc ...
    I am not totally sure as it is a link-local address fe80 .. trust Windows to do it wrong, I bet it is an NTP request ...
• use your client firewall to block these packets completely
• disable IPv6 on your client

Server log:

harcong/192.168.1.76:1194 MULTI: bad source address from client [::], packet dropped

this is slightly odd .. but probably just windows doing it wrong again ...

Finally, you may want to use --explicit-exit-notify so that the server knows when the client has disconnected.

[shamil]

Been a while, too much rl. I added in some --mute and --explicit-exit-notify.

Thank you very much for your help

[shamil]

Marking this as solved.

[shamil]

nevermind, marking a post as solved is not obvious.