Update:
However although there is a connection created no data there is no internet working. If somebody got a clue on why the connection is succesful but the data transmission is unsuccesfull?
Installing latest OpenSSL
Code: Select all
$ git clone https://github.com/openssl/openssl.git
$ find . -name tls1.h | xargs grep TLS1_3_VERSION_DRAFT_TXT
$ mkdir build; cd ./build
$ ../config -v --prefix=/opt/openssl --openssldir=$HOME/openssl enable-tls1_3 --debug
$ make
$ make install
$ export LD_LIBRARY_PATH=/build/openssl/build
$ ./apps/openssl
OpenSSL> version
OpenSSL 1.1.1-dev xx XXX xxxx
Installing latests OpenVPN
Code: Select all
$ wget https://swupdate.openvpn.org/community/releases/openvpn-2.4.6.tar.gz
$ tar xzf openvpn-2.4.6.tar.gz
$ cd openvpn-2.4.6
$ CFLAGS="-I/opt/openssl/include -Wl,-rpath=/opt/openssl/lib -L/opt/openssl/lib" ./configure --disable-lzo
$ make -j 4
$ ldd ./src/openvpn/openvpn
$ sudo make install
$ /usr/local/sbin/openvpn --version
gives me the following openvpn setup:
Code: Select all
/usr/local/sbin/openvpn --version
OpenVPN 2.4.6 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Jul 24 2018
library versions: OpenSSL 1.1.1-pre9-dev xx XXX xxxx
Originally developed by James Yonan
Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net>
Compile time defines: enable_async_push=no enable_comp_stub=no enable_crypto=yes enable_crypto_ofb_cfb=yes enable_debug=yes enable_def_auth=yes enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown enable_fast
_install=yes enable_fragment=yes enable_iproute2=no enable_libtool_lock=yes enable_lz4=yes enable_lzo=no enable_management=yes enable_multihome=yes enable_pam_dlopen=no enable_pedantic=no enable_pf=yes enable_pkcs11=no enable_plugin_auth_
pam=yes enable_plugin_down_root=yes enable_plugins=yes enable_port_share=yes enable_selinux=no enable_server=yes enable_shared=yes enable_shared_with_static_runtimes=no enable_small=no enable_static=yes enable_strict=no enable_strict_opti
ons=no enable_systemd=no enable_werror=no enable_win32_dll=yes enable_x509_alt_username=no with_aix_soname=aix with_crypto_library=openssl with_gnu_ld=yes with_mem_check=no with_sysroot=no
with the following client.ovp file:
Code: Select all
client
dev tun
proto tcp
remote <SERVER_IP> 1194
resolv-retry infinite
nobind
user nobody
group nogroup
tls-version-min 1.3
persist-key
persist-tun
remote-cert-tls server
key-direction 1
cipher AES-128-CBC
auth SHA256
comp-lzo
verb 3
#ca ca.crt
#cert client.crt
#key client.key
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
-----END OpenVPN Static key V1-----
</tls-auth>
Client Log output:
Code: Select all
Tue Jul 24 20:38:08 2018 OpenVPN 2.4.6 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Jul 24 2018
Tue Jul 24 20:38:08 2018 library versions: OpenSSL 1.1.1-pre9-dev xx XXX xxxx
Tue Jul 24 20:38:08 2018 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Tue Jul 24 20:38:08 2018 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Tue Jul 24 20:38:08 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]<server_IP>:1194
Tue Jul 24 20:38:08 2018 Socket Buffers: R=[87380->87380] S=[16384->16384]
Tue Jul 24 20:38:08 2018 Attempting to establish TCP connection with [AF_INET]<server_IP>:1194 [nonblock]
Tue Jul 24 20:38:09 2018 TCP connection established with [AF_INET]<server_IP>:1194
Tue Jul 24 20:38:09 2018 TCP_CLIENT link local: (not bound)
Tue Jul 24 20:38:09 2018 TCP_CLIENT link remote: [AF_INET]<server_IP>:1194
Tue Jul 24 20:38:09 2018 NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
Tue Jul 24 20:38:09 2018 TLS: Initial packet from [AF_INET]<server_IP>:1194, sid=2bdfc1e3 81d19792
Tue Jul 24 20:38:09 2018 VERIFY OK: depth=1, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=Fort-Funston CA, name=server, emailAddress=me@myhost.mydomain
Tue Jul 24 20:38:09 2018 VERIFY KU OK
Tue Jul 24 20:38:09 2018 Validating certificate extended key usage
Tue Jul 24 20:38:09 2018 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Tue Jul 24 20:38:09 2018 VERIFY EKU OK
Tue Jul 24 20:38:09 2018 VERIFY OK: depth=0, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=server, name=server, emailAddress=me@myhost.mydomain
Tue Jul 24 20:38:09 2018 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 2048 bit RSA
Tue Jul 24 20:38:09 2018 [server] Peer Connection Initiated with [AF_INET]<server_IP>:1194
Tue Jul 24 20:38:10 2018 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Tue Jul 24 20:38:10 2018 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 208.67.222.222,dhcp-option DNS 208.67.220.220,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5,peer-id 0,cipher AES-256-GCM'
Tue Jul 24 20:38:10 2018 OPTIONS IMPORT: timers and/or timeouts modified
Tue Jul 24 20:38:10 2018 OPTIONS IMPORT: --ifconfig/up options modified
Tue Jul 24 20:38:10 2018 OPTIONS IMPORT: route options modified
Tue Jul 24 20:38:10 2018 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Tue Jul 24 20:38:10 2018 OPTIONS IMPORT: peer-id set
Tue Jul 24 20:38:10 2018 OPTIONS IMPORT: adjusting link_mtu to 1627
Tue Jul 24 20:38:10 2018 OPTIONS IMPORT: data channel crypto options modified
Tue Jul 24 20:38:10 2018 Data Channel: using negotiated cipher 'AES-256-GCM'
Tue Jul 24 20:38:10 2018 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Tue Jul 24 20:38:10 2018 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Tue Jul 24 20:38:10 2018 ROUTE_GATEWAY 10.0.2.2/255.255.255.0 IFACE=enp0s3 HWADDR=08:00:27:5f:11:bf
Tue Jul 24 20:38:10 2018 TUN/TAP device tun0 opened
Tue Jul 24 20:38:10 2018 TUN/TAP TX queue length set to 100
Tue Jul 24 20:38:10 2018 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Tue Jul 24 20:38:10 2018 /sbin/ifconfig tun0 10.8.0.6 pointopoint 10.8.0.5 mtu 1500
Tue Jul 24 20:38:10 2018 /sbin/route add -net <server_IP> netmask 255.255.255.255 gw 10.0.2.2
SIOCADDRT: File exists
Tue Jul 24 20:38:10 2018 ERROR: Linux route add command failed: external program exited with error status: 7
Tue Jul 24 20:38:10 2018 /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 10.8.0.5
Tue Jul 24 20:38:10 2018 /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 10.8.0.5
Tue Jul 24 20:38:10 2018 /sbin/route add -net 10.8.0.1 netmask 255.255.255.255 gw 10.8.0.5
Tue Jul 24 20:38:10 2018 GID set to nogroup
Tue Jul 24 20:38:10 2018 UID set to nobody
Tue Jul 24 20:38:10 2018 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Tue Jul 24 20:38:10 2018 Initialization Sequence Completed
Server Log:
Code: Select all
Tue Jul 24 18:38:08 2018 TCP connection established with [AF_INET]<CLIENT_IP>:55655
Tue Jul 24 18:38:09 2018 CLIENT_IP>:55655 TLS: Initial packet from [AF_INET]<CLIENT_IP>:55655, sid=5152e782 47dec795
Tue Jul 24 18:38:09 2018 CLIENT_IP>:55655 VERIFY OK: depth=1, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=Fort-Funston CA, name=server, emailAddress=me@myhost.mydomain
Tue Jul 24 18:38:09 2018 <CLIENT_IP>:55655 VERIFY OK: depth=0, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=client1, name=server, emailAddress=me@myhost.mydomain
Tue Jul 24 18:38:09 2018 <CLIENT_IP>:55655 peer info: IV_VER=2.4.6
Tue Jul 24 18:38:09 2018 <CLIENT_IP>:55655 peer info: IV_PLAT=linux
Tue Jul 24 18:38:09 2018 <CLIENT_IP>:55655 peer info: IV_PROTO=2
Tue Jul 24 18:38:09 2018 <CLIENT_IP>:55655 peer info: IV_NCP=2
Tue Jul 24 18:38:09 2018 <CLIENT_IP>:55655 peer info: IV_LZ4=1
Tue Jul 24 18:38:09 2018 <CLIENT_IP>:55655 peer info: IV_LZ4v2=1
Tue Jul 24 18:38:09 2018 <CLIENT_IP>:55655 peer info: IV_LZO_STUB=1
Tue Jul 24 18:38:09 2018 <CLIENT_IP>:55655 peer info: IV_COMP_STUB=1
Tue Jul 24 18:38:09 2018 <CLIENT_IP>:55655 peer info: IV_COMP_STUBv2=1
Tue Jul 24 18:38:09 2018 <CLIENT_IP>:55655 peer info: IV_TCPNL=1
Tue Jul 24 18:38:09 2018 <CLIENT_IP>:55655 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 2048 bit RSA
Tue Jul 24 18:38:09 2018 <CLIENT_IP>:55655 [client1] Peer Connection Initiated with [AF_INET]<CLIENT_IP>:55655
Tue Jul 24 18:38:09 2018 client1/<CLIENT_IP>:55655 MULTI_sva: pool returned IPv4=10.8.0.6, IPv6=(Not enabled)
Tue Jul 24 18:38:09 2018 client1/<CLIENT_IP>:55655 MULTI: Learn: 10.8.0.6 -> client1/<CLIENT_IP>:55655
Tue Jul 24 18:38:09 2018 client1/<CLIENT_IP>:55655 MULTI: primary virtual IP for client1/<CLIENT_IP>:55655: 10.8.0.6
Tue Jul 24 18:38:10 2018 client1/<CLIENT_IP>:55655 PUSH: Received control message: 'PUSH_REQUEST'
Tue Jul 24 18:38:10 2018 client1/<CLIENT_IP>:55655 SENT CONTROL [client1]: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 208.67.222.222,dhcp-option DNS 208.67.220.220,route 10.8.0.1,topology net30,ping 10,ping-restart 1
20,ifconfig 10.8.0.6 10.8.0.5,peer-id 0,cipher AES-256-GCM' (status=1)
Tue Jul 24 18:38:10 2018 client1/<CLIENT_IP>:55655 Data Channel: using negotiated cipher 'AES-256-GCM'
Tue Jul 24 18:38:10 2018 client1/<CLIENT_IP>:55655 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Tue Jul 24 18:38:10 2018 client1/<CLIENT_IP>:55655 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Tue Jul 24 18:39:05 2018 client1/<CLIENT_IP>:55655 Connection reset, restarting [0]
Tue Jul 24 18:39:05 2018 client1/<CLIENT_IP>:55655 SIGUSR1[soft,connection-reset] received, client-instance restarting
However although there is a connection created no data there is no internet working. If somebody got a clue on why the connection is succesful but the data transmission is unsuccesfull?