TinCanTech
i am apologize to you.I will ask another question.i actived crl-pem configuration.
Unfortunately, I've had this problem again.
This problem has been happening for 1 hour in 2 of 8 branches connected with vpn.Vpn connection down-up frequently.
Center Location ip: 1.1.1.1 First Client location ip : 2.2.2.2 Second Client Location İp: 3.3.3.3
First Client open vpn version : 2.3.2
Second Client Open Vpn version: 2.2.1
1)i monitored 1.1.1.1 , 2.2.2.2 , 3.3.3.3 internet mrtg trafic,there is no problem.
2) i called ISP Company.they said there was no DoS attack.
3)i looked Open Vpn Client Log.
Code: Select all
root@xxxx:~# more /var/log/openvpn-status.log
OpenVPN STATISTICS
Updated,Tue Apr 3 16:04:18 2018
TUN/TAP read bytes,65570708
TUN/TAP write bytes,121305473
TCP/UDP read bytes,125192577
TCP/UDP write bytes,71766971
Auth read bytes,121306125
pre-compress bytes,4641286
post-compress bytes,4338030
pre-decompress bytes,7046156
post-decompress bytes,10740825
END
there is not much to see from here. Can I see more of this part?
4)i looked Open Vpn Server log.
Code: Select all
Tue Apr 3 12:47:26 2018 us=49893 2.2.2.2:48713 CRL CHECK OK: C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=Fort-Funston CA,
name=abcde, emailAddress=me@myhost.mydomain
Tue Apr 3 12:47:26 2018 us=50018 2.2.2.2:48713 VERIFY OK: depth=1, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=Fort-Funst
on CA, name=abcde, emailAddress=me@myhost.mydomain
Tue Apr 3 12:47:26 2018 us=50556 2.2.2.2:48713 CRL CHECK OK: C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=xxxxx, n
ame=abcde, emailAddress=me@myhost.mydomain
Tue Apr 3 12:47:26 2018 us=50618 2.2.2.2:48713 VERIFY OK: depth=0, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=xxxxx, name=abcde, emailAddress=me@myhost.mydomain
Tue Apr 3 12:47:26 2018 us=424879 2.2.2.2:48713 Data Channel [b]Encrypt[/b]: Cipher 'BF-CBC' initialized with 128 bit key
Tue Apr 3 12:47:26 2018 us=424897 2.2.2.2:48713 Data Channel [b]Encrypt[/b]: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Apr 3 12:47:26 2018 us=424937 2.2.2.2:48713 Data Channel [b]Decrypt[/b]: Cipher 'BF-CBC' initialized with 128 bit key
Tue Apr 3 12:47:26 2018 us=424942 2.2.2.2:48713 Data Channel [b]Decrypt[/b]: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Apr 3 12:47:26 2018 us=548704 2.2.2.2:48713 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Tue Apr 3 12:47:26 2018 us=548728 2.2.2.2:48713 [xxxxx] Peer Connection Initiated with [AF_INET]2.2.2.2:48713
Tue Apr 3 12:47:26 2018 us=548760 xxxxx/2.2.2.2:48713 OPTIONS IMPORT: reading client specific options from: /etc/openvpn/ccd/xxxxx
Tue Apr 3 12:47:26 2018 us=550753 xxxxx/2.2.2.2:48713 MULTI: Learn: 10.2.1.21 -> xxxxx/2.2.2.2:48713
Tue Apr 3 12:47:26 2018 us=550770 xxxxx/2.2.2.2:48713 MULTI: primary virtual IP for xxxxx/2.2.2.2:48713: 10.2.1.21
Tue Apr 3 12:47:26 2018 us=550777 xxxxx/2.2.2.2:48713 MULTI: internal route 192.168.4.0/24 -> xxxxx/2.2.2.2:48713
Tue Apr 3 12:47:26 2018 us=550784 xxxxx/2.2.2.2:48713 MULTI: Learn: 192.168.4.0/24 -> xxxxx/2.2.2.2:48713
Above it encrpt,decrpt mean "Could it be that the meaning of the password is stolen" ?
And 12:22 Log
Code: Select all
Tue Apr 3 12:22:00 2018 us=215418 bbb/3.3.3.3:43722 [bbb] Inactivity timeout (--ping-restart), restarting
Tue Apr 3 12:22:00 2018 us=215498 bbb/3.3.3.3:43722 SIGUSR1[soft,ping-restart] received, client-instance restarting
Tue Apr 3 12:22:00 2018 us=215943 TCP/UDP: Closing socket
and another log
Code: Select all
Tue Apr 3 12:22:05 2018 us=281448 MULTI: multi_create_instance called
Tue Apr 3 12:22:05 2018 us=281566 Re-using SSL/TLS context
Tue Apr 3 12:22:05 2018 us=281599 LZO compression initialized
Tue Apr 3 12:22:05 2018 us=281619 WARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 1400)
Tue Apr 3 12:22:05 2018 us=281746 Control Channel MTU parms [ L:1444 D:140 EF:40 EB:0 ET:0 EL:0 ]
Tue Apr 3 12:22:05 2018 us=281789 Data Channel MTU parms [ L:1444 D:1444 EF:44 EB:135 ET:0 EL:0 AF:3/1 ]
Tue Apr 3 12:22:05 2018 us=281846 Local Options String: 'V4,dev-type tun,link-mtu 1444,tun-mtu 1400,proto TCPv4_SERVER,comp-lzo,cipher BF-CBC,auth SHA1,keys
ize 128,key-method 2,tls-server'
Tue Apr 3 12:22:05 2018 us=281865 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1444,tun-mtu 1400,proto TCPv4_CLIENT,comp-lzo,cipher BF-CBC,auth
SHA1,keysize 128,key-method 2,tls-client'
Tue Apr 3 12:22:05 2018 us=281900 Local Options hash (VER=V4): '347277f0'
Tue Apr 3 12:22:05 2018 us=281929 Expected Remote Options hash (VER=V4): '7dfc3732'
Tue Apr 3 12:22:05 2018 us=281968 TCP connection established with [AF_INET]3.3.3.3:44651
Tue Apr 3 12:22:05 2018 us=281990 TCPv4_SERVER link local: [undef]
Tue Apr 3 12:22:05 2018 us=282011 TCPv4_SERVER link remote: [AF_INET]3.3.3.3:44651
Tue Apr 3 12:22:06 2018 us=264507 3.3.3.3:44651 TLS: Initial packet from [AF_INET]3.3.3.3:44651, sid=203ffa8c 3e501bf1
My server verb is 4, should you increased this value for more log ?
Do i change vpn password ? Vpn passwords are not weak but may be stolen ?
because there are only problems in these two places .
Please help me,thank you very much