Thank you very much for your reply. You highlighted stuff I didn't really pay attention
I have indeed an issue with routing. I get the 2 followings error using ccd (see logs for details) :
1) RTNETLINK answers: Invalid argument
Mon Sep 3 14:16:28 2018 us=938143 ERROR: Linux route add command failed: external program exited with error status: 2
2) RTNETLINK answers: File exists
Mon Sep 3 14:14:09 2018 us=548180 ERROR: Linux route add command failed: external program exited with error status: 2
Here are my server logs in 3 situations :
without specified route
Code: Select all
Mon Sep 3 14:21:35 2018 us=356466 OpenVPN 2.4.0 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jul 18 2017
Mon Sep 3 14:21:35 2018 us=356482 library versions: OpenSSL 1.0.2l 25 May 2017, LZO 2.08
Mon Sep 3 14:21:35 2018 us=357576 Diffie-Hellman initialized with 4096 bit key
Mon Sep 3 14:21:35 2018 us=358093 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Mon Sep 3 14:21:35 2018 us=358111 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Mon Sep 3 14:21:35 2018 us=358126 TLS-Auth MTU parms [ L:1621 D:1140 EF:110 EB:0 ET:0 EL:3 ]
Mon Sep 3 14:21:35 2018 us=360543 TUN/TAP device tun0 opened
Mon Sep 3 14:21:35 2018 us=360573 TUN/TAP TX queue length set to 100
Mon Sep 3 14:21:35 2018 us=360590 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Mon Sep 3 14:21:35 2018 us=360610 /sbin/ip link set dev tun0 up mtu 1500
Mon Sep 3 14:21:35 2018 us=361992 /sbin/ip addr add dev tun0 10.8.0.1/24 broadcast 10.8.0.255
Mon Sep 3 14:21:35 2018 us=362878 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
Mon Sep 3 14:21:35 2018 us=363276 Could not determine IPv4/IPv6 protocol. Using AF_INET
Mon Sep 3 14:21:35 2018 us=363298 Socket Buffers: R=[212992->212992] S=[212992->212992]
Mon Sep 3 14:21:35 2018 us=363316 UDPv4 link local (bound): [AF_INET][undef]:1194
Mon Sep 3 14:21:35 2018 us=363328 UDPv4 link remote: [AF_UNSPEC]
Mon Sep 3 14:21:35 2018 us=363342 GID set to nogroup
Mon Sep 3 14:21:35 2018 us=363357 UID set to openvpn
Mon Sep 3 14:21:35 2018 us=363374 MULTI: multi_init called, r=256 v=256
Mon Sep 3 14:21:35 2018 us=363412 IFCONFIG POOL: base=10.8.0.2 size=252, ipv6=0
Mon Sep 3 14:21:35 2018 us=363432 ifconfig_pool_read(), in='thibclient,10.8.0.4', TODO: IPv6
Mon Sep 3 14:21:35 2018 us=363446 succeeded -> ifconfig_pool_set()
Mon Sep 3 14:21:35 2018 us=363459 IFCONFIG POOL LIST
Mon Sep 3 14:21:35 2018 us=363470 thibclient,10.8.0.4
Mon Sep 3 14:21:35 2018 us=363522 Initialization Sequence Completed
.
Mon Sep 3 14:23:28 2018 us=121912 MULTI: multi_create_instance called
Mon Sep 3 14:23:28 2018 us=121960 192.168.67.11:55375 Re-using SSL/TLS context
Mon Sep 3 14:23:28 2018 us=122063 192.168.67.11:55375 Control Channel MTU parms [ L:1621 D:1140 EF:110 EB:0 ET:0 EL:3 ]
Mon Sep 3 14:23:28 2018 us=122078 192.168.67.11:55375 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
Mon Sep 3 14:23:28 2018 us=122109 192.168.67.11:55375 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1601,tun-mtu 1500,proto UDPv4,keydir 0,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-server'
Mon Sep 3 14:23:28 2018 us=122122 192.168.67.11:55375 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1601,tun-mtu 1500,proto UDPv4,keydir 1,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-client'
Mon Sep 3 14:23:28 2018 us=122159 192.168.67.11:55375 TLS: Initial packet from [AF_INET]192.168.67.11:55375, sid=b2f31902 2ad85b45
Mon Sep 3 14:23:28 2018 us=283886 192.168.67.11:55375 VERIFY OK: depth=1, C=FR, ST=75, L=Paris, O=Thib, OU=TA, CN="Thib", name=Thib, emailAddress=xx@gmail.com
Mon Sep 3 14:23:28 2018 us=284277 192.168.67.11:55375 VERIFY OK: depth=0, C=FR, ST=75, L=Paris, O=Thib, OU=TA, CN=thibclient, name=Thib, emailAddress=xx@gmail.com
Mon Sep 3 14:23:28 2018 us=349261 192.168.67.11:55375 peer info: IV_VER=2.4.6
Mon Sep 3 14:23:28 2018 us=349291 192.168.67.11:55375 peer info: IV_PLAT=win
Mon Sep 3 14:23:28 2018 us=349304 192.168.67.11:55375 peer info: IV_PROTO=2
Mon Sep 3 14:23:28 2018 us=349317 192.168.67.11:55375 peer info: IV_NCP=2
Mon Sep 3 14:23:28 2018 us=349329 192.168.67.11:55375 peer info: IV_LZ4=1
Mon Sep 3 14:23:28 2018 us=349341 192.168.67.11:55375 peer info: IV_LZ4v2=1
Mon Sep 3 14:23:28 2018 us=349353 192.168.67.11:55375 peer info: IV_LZO=1
Mon Sep 3 14:23:28 2018 us=349365 192.168.67.11:55375 peer info: IV_COMP_STUB=1
Mon Sep 3 14:23:28 2018 us=349378 192.168.67.11:55375 peer info: IV_COMP_STUBv2=1
Mon Sep 3 14:23:28 2018 us=349390 192.168.67.11:55375 peer info: IV_TCPNL=1
Mon Sep 3 14:23:28 2018 us=349403 192.168.67.11:55375 peer info: IV_GUI_VER=OpenVPN_GUI_11
Mon Sep 3 14:23:28 2018 us=350297 192.168.67.11:55375 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 4096 bit RSA
Mon Sep 3 14:23:28 2018 us=350327 192.168.67.11:55375 [thibclient] Peer Connection Initiated with [AF_INET]192.168.67.11:55375
Mon Sep 3 14:23:28 2018 us=350358 thibclient/192.168.67.11:55375 MULTI_sva: pool returned IPv4=10.8.0.4, IPv6=(Not enabled)
Mon Sep 3 14:23:28 2018 us=350398 thibclient/192.168.67.11:55375 MULTI: Learn: 10.8.0.4 -> thibclient/192.168.67.11:55375
Mon Sep 3 14:23:28 2018 us=350412 thibclient/192.168.67.11:55375 MULTI: primary virtual IP for thibclient/192.168.67.11:55375: 10.8.0.4
Mon Sep 3 14:23:29 2018 us=504466 thibclient/192.168.67.11:55375 PUSH: Received control message: 'PUSH_REQUEST'
Mon Sep 3 14:23:29 2018 us=504517 thibclient/192.168.67.11:55375 SENT CONTROL [thibclient]: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 8.8.8.8,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.8.0.4 255.255.255.0,peer-id 0,cipher AES-256-GCM' (status=1)
Mon Sep 3 14:23:29 2018 us=504535 thibclient/192.168.67.11:55375 Data Channel MTU parms [ L:1549 D:1450 EF:49 EB:406 ET:0 EL:3 ]
Mon Sep 3 14:23:29 2018 us=504614 thibclient/192.168.67.11:55375 Data Channel Encrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
Mon Sep 3 14:23:29 2018 us=504629 thibclient/192.168.67.11:55375 Data Channel Decrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
Mon Sep 3 14:23:29 2018 us=864199 thibclient/192.168.67.11:55375 MULTI: bad source address from client [::], packet dropped
Mon Sep 3 14:23:34 2018 us=934868 thibclient/192.168.67.11:55375 MULTI: bad source address from client [192.168.67.11], packet dropped
Mon Sep 3 14:23:35 2018 us=14543 thibclient/192.168.67.11:55375 MULTI: bad source address from client [192.168.67.11], packet dropped
Mon Sep 3 14:23:35 2018 us=37370 thibclient/192.168.67.11:55375 MULTI: bad source address from client [192.168.67.11], packet dropped
Mon Sep 3 14:23:35 2018 us=635872 thibclient/192.168.67.11:55375 MULTI: bad source address from client [192.168.67.11], packet dropped
Mon Sep 3 14:23:35 2018 us=636410 thibclient/192.168.67.11:55375 MULTI: bad source address from client [192.168.67.11], packet dropped
Mon Sep 3 14:23:35 2018 us=636450 thibclient/192.168.67.11:55375 MULTI: bad source address from client [192.168.67.11], packet dropped
Mon Sep 3 14:23:35 2018 us=874169 thibclient/192.168.67.11:55375 MULTI: bad source address from client [192.168.67.11], packet dropped
Mon Sep 3 14:23:35 2018 us=889516 thibclient/192.168.67.11:55375 MULTI: bad source address from client [192.168.67.11], packet dropped
Mon Sep 3 14:23:35 2018 us=889719 thibclient/192.168.67.11:55375 MULTI: bad source address from client [192.168.67.11], packet dropped
2. routing to 192.168.67.11 - client address
Code: Select all
Mon Sep 3 14:16:28 2018 us=932816 OpenVPN 2.4.0 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jul 18 2017
Mon Sep 3 14:16:28 2018 us=932831 library versions: OpenSSL 1.0.2l 25 May 2017, LZO 2.08
Mon Sep 3 14:16:28 2018 us=934048 Diffie-Hellman initialized with 4096 bit key
Mon Sep 3 14:16:28 2018 us=934559 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Mon Sep 3 14:16:28 2018 us=934577 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Mon Sep 3 14:16:28 2018 us=934593 TLS-Auth MTU parms [ L:1621 D:1140 EF:110 EB:0 ET:0 EL:3 ]
Mon Sep 3 14:16:28 2018 us=934758 ROUTE_GATEWAY 192.168.67.1/255.255.255.0 IFACE=enp0s25 HWADDR=78:2b:cb:9d:98:4a
Mon Sep 3 14:16:28 2018 us=935069 TUN/TAP device tun0 opened
Mon Sep 3 14:16:28 2018 us=935089 TUN/TAP TX queue length set to 100
Mon Sep 3 14:16:28 2018 us=935106 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Mon Sep 3 14:16:28 2018 us=935125 /sbin/ip link set dev tun0 up mtu 1500
Mon Sep 3 14:16:28 2018 us=936215 /sbin/ip addr add dev tun0 10.8.0.1/24 broadcast 10.8.0.255
Mon Sep 3 14:16:28 2018 us=937315 /sbin/ip route add 192.168.67.11/24 via 10.8.0.2
RTNETLINK answers: Invalid argument
Mon Sep 3 14:16:28 2018 us=938143 ERROR: Linux route add command failed: external program exited with error status: 2
Mon Sep 3 14:16:28 2018 us=938175 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
Mon Sep 3 14:16:28 2018 us=938584 Could not determine IPv4/IPv6 protocol. Using AF_INET
Mon Sep 3 14:16:28 2018 us=938609 Socket Buffers: R=[212992->212992] S=[212992->212992]
Mon Sep 3 14:16:28 2018 us=938627 UDPv4 link local (bound): [AF_INET][undef]:1194
Mon Sep 3 14:16:28 2018 us=938638 UDPv4 link remote: [AF_UNSPEC]
Mon Sep 3 14:16:28 2018 us=938652 GID set to nogroup
Mon Sep 3 14:16:28 2018 us=938667 UID set to openvpn
Mon Sep 3 14:16:28 2018 us=938693 MULTI: multi_init called, r=256 v=256
Mon Sep 3 14:16:28 2018 us=938726 IFCONFIG POOL: base=10.8.0.2 size=252, ipv6=0
Mon Sep 3 14:16:28 2018 us=938744 ifconfig_pool_read(), in='thibclient,10.8.0.4', TODO: IPv6
Mon Sep 3 14:16:28 2018 us=938757 succeeded -> ifconfig_pool_set()
Mon Sep 3 14:16:28 2018 us=938770 IFCONFIG POOL LIST
Mon Sep 3 14:16:28 2018 us=938781 thibclient,10.8.0.4
Mon Sep 3 14:16:28 2018 us=938829 Initialization Sequence Completed
.
Mon Sep 3 14:24:39 2018 us=560022 MULTI: multi_create_instance called
Mon Sep 3 14:24:39 2018 us=560107 192.168.67.11:56174 Re-using SSL/TLS context
Mon Sep 3 14:24:39 2018 us=560229 192.168.67.11:56174 Control Channel MTU parms [ L:1621 D:1140 EF:110 EB:0 ET:0 EL:3 ]
Mon Sep 3 14:24:39 2018 us=560244 192.168.67.11:56174 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
Mon Sep 3 14:24:39 2018 us=560276 192.168.67.11:56174 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1601,tun-mtu 1500,proto UDPv4,keydir 0,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-server'
Mon Sep 3 14:24:39 2018 us=560288 192.168.67.11:56174 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1601,tun-mtu 1500,proto UDPv4,keydir 1,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-client'
Mon Sep 3 14:24:39 2018 us=560319 192.168.67.11:56174 TLS: Initial packet from [AF_INET]192.168.67.11:56174, sid=611d4c7f d5cd8c3a
Mon Sep 3 14:24:39 2018 us=740851 192.168.67.11:56174 VERIFY OK: depth=1, C=FR, ST=75, L=Paris, O=Thib, OU=TA, CN="Thib", name=Thib, emailAddress=xxx@gmail.com
Mon Sep 3 14:24:39 2018 us=741256 192.168.67.11:56174 VERIFY OK: depth=0, C=FR, ST=75, L=Paris, O=Thib, OU=TA, CN=thibclient, name=Thib, emailAddress=xxx@gmail.com
Mon Sep 3 14:24:39 2018 us=811517 192.168.67.11:56174 peer info: IV_VER=2.4.6
Mon Sep 3 14:24:39 2018 us=811543 192.168.67.11:56174 peer info: IV_PLAT=win
Mon Sep 3 14:24:39 2018 us=811557 192.168.67.11:56174 peer info: IV_PROTO=2
Mon Sep 3 14:24:39 2018 us=811569 192.168.67.11:56174 peer info: IV_NCP=2
Mon Sep 3 14:24:39 2018 us=811582 192.168.67.11:56174 peer info: IV_LZ4=1
Mon Sep 3 14:24:39 2018 us=811594 192.168.67.11:56174 peer info: IV_LZ4v2=1
Mon Sep 3 14:24:39 2018 us=811606 192.168.67.11:56174 peer info: IV_LZO=1
Mon Sep 3 14:24:39 2018 us=811619 192.168.67.11:56174 peer info: IV_COMP_STUB=1
Mon Sep 3 14:24:39 2018 us=811631 192.168.67.11:56174 peer info: IV_COMP_STUBv2=1
Mon Sep 3 14:24:39 2018 us=811644 192.168.67.11:56174 peer info: IV_TCPNL=1
Mon Sep 3 14:24:39 2018 us=811656 192.168.67.11:56174 peer info: IV_GUI_VER=OpenVPN_GUI_11
Mon Sep 3 14:24:39 2018 us=812752 192.168.67.11:56174 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 4096 bit RSA
Mon Sep 3 14:24:39 2018 us=812787 192.168.67.11:56174 [thibclient] Peer Connection Initiated with [AF_INET]192.168.67.11:56174
Mon Sep 3 14:24:39 2018 us=812824 thibclient/192.168.67.11:56174 OPTIONS IMPORT: reading client specific options from: /etc/openvpn/ccd/thibclient
Mon Sep 3 14:24:39 2018 us=812859 thibclient/192.168.67.11:56174 Options error: in --iroute 192.168.67.11 255.255.255.0 : Bad network/subnet specification
Mon Sep 3 14:24:39 2018 us=812878 thibclient/192.168.67.11:56174 MULTI_sva: pool returned IPv4=10.8.0.4, IPv6=(Not enabled)
Mon Sep 3 14:24:39 2018 us=812918 thibclient/192.168.67.11:56174 MULTI: Learn: 10.8.0.4 -> thibclient/192.168.67.11:56174
Mon Sep 3 14:24:39 2018 us=812932 thibclient/192.168.67.11:56174 MULTI: primary virtual IP for thibclient/192.168.67.11:56174: 10.8.0.4
Mon Sep 3 14:24:40 2018 us=247649 thibclient/192.168.67.11:56174 PUSH: Received control message: 'PUSH_REQUEST'
Mon Sep 3 14:24:40 2018 us=247692 thibclient/192.168.67.11:56174 SENT CONTROL [thibclient]: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 8.8.8.8,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.8.0.4 255.255.255.0,peer-id 0,cipher AES-256-GCM' (status=1)
Mon Sep 3 14:24:40 2018 us=247711 thibclient/192.168.67.11:56174 Data Channel MTU parms [ L:1549 D:1450 EF:49 EB:406 ET:0 EL:3 ]
Mon Sep 3 14:24:40 2018 us=247800 thibclient/192.168.67.11:56174 Data Channel Encrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
Mon Sep 3 14:24:40 2018 us=247815 thibclient/192.168.67.11:56174 Data Channel Decrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
Mon Sep 3 14:24:42 2018 us=142964 thibclient/192.168.67.11:56174 MULTI: bad source address from client [192.168.67.11], packet dropped
Mon Sep 3 14:24:42 2018 us=143031 thibclient/192.168.67.11:56174 MULTI: bad source address from client [192.168.67.11], packet dropped
Mon Sep 3 14:24:42 2018 us=176204 thibclient/192.168.67.11:56174 MULTI: bad source address from client [192.168.67.11], packet dropped
Mon Sep 3 14:24:42 2018 us=176305 thibclient/192.168.67.11:56174 MULTI: bad source address from client [192.168.67.11], packet dropped
Mon Sep 3 14:24:42 2018 us=254581 thibclient/192.168.67.11:56174 MULTI: bad source address from client [192.168.67.11], packet dropped
Mon Sep 3 14:24:42 2018 us=254643 thibclient/192.168.67.11:56174 MULTI: bad source address from client [192.168.67.11], packet dropped
Mon Sep 3 14:24:45 2018 us=177436 thibclient/192.168.67.11:56174 MULTI: bad source address from client [192.168.67.11], packet dropped
Mon Sep 3 14:24:45 2018 us=177669 thibclient/192.168.67.11:56174 MULTI: bad source address from client [192.168.67.11], packet dropped
3. routing to 192.168.67.0
Code: Select all
Server logs routing to 192.168.67.0
Mon Sep 3 14:14:09 2018 us=541798 OpenVPN 2.4.0 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jul 18 2017
Mon Sep 3 14:14:09 2018 us=541814 library versions: OpenSSL 1.0.2l 25 May 2017, LZO 2.08
Mon Sep 3 14:14:09 2018 us=543192 Diffie-Hellman initialized with 4096 bit key
Mon Sep 3 14:14:09 2018 us=543702 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Mon Sep 3 14:14:09 2018 us=543720 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Mon Sep 3 14:14:09 2018 us=543736 TLS-Auth MTU parms [ L:1621 D:1140 EF:110 EB:0 ET:0 EL:3 ]
Mon Sep 3 14:14:09 2018 us=543896 ROUTE_GATEWAY 192.168.67.1/255.255.255.0 IFACE=enp0s25 HWADDR=78:2b:cb:9d:98:4a
Mon Sep 3 14:14:09 2018 us=544150 TUN/TAP device tun0 opened
Mon Sep 3 14:14:09 2018 us=544169 TUN/TAP TX queue length set to 100
Mon Sep 3 14:14:09 2018 us=544185 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Mon Sep 3 14:14:09 2018 us=544205 /sbin/ip link set dev tun0 up mtu 1500
Mon Sep 3 14:14:09 2018 us=545470 /sbin/ip addr add dev tun0 10.8.0.1/24 broadcast 10.8.0.255
Mon Sep 3 14:14:09 2018 us=547265 /sbin/ip route add 192.168.67.0/24 via 10.8.0.2
RTNETLINK answers: File exists
Mon Sep 3 14:14:09 2018 us=548180 ERROR: Linux route add command failed: external program exited with error status: 2
Mon Sep 3 14:14:09 2018 us=548212 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
Mon Sep 3 14:14:09 2018 us=548621 Could not determine IPv4/IPv6 protocol. Using AF_INET
Mon Sep 3 14:14:09 2018 us=548644 Socket Buffers: R=[212992->212992] S=[212992->212992]
Mon Sep 3 14:14:09 2018 us=548663 UDPv4 link local (bound): [AF_INET][undef]:1194
Mon Sep 3 14:14:09 2018 us=548675 UDPv4 link remote: [AF_UNSPEC]
Mon Sep 3 14:14:09 2018 us=548690 GID set to nogroup
Mon Sep 3 14:14:09 2018 us=548705 UID set to openvpn
Mon Sep 3 14:14:09 2018 us=548733 MULTI: multi_init called, r=256 v=256
Mon Sep 3 14:14:09 2018 us=548773 IFCONFIG POOL: base=10.8.0.2 size=252, ipv6=0
Mon Sep 3 14:14:09 2018 us=548791 ifconfig_pool_read(), in='thibclient,10.8.0.4', TODO: IPv6
Mon Sep 3 14:14:09 2018 us=548805 succeeded -> ifconfig_pool_set()
Mon Sep 3 14:14:09 2018 us=548817 IFCONFIG POOL LIST
Mon Sep 3 14:14:09 2018 us=548829 thibclient,10.8.0.4
Mon Sep 3 14:14:09 2018 us=548877 Initialization Sequence Completed
.
Mon Sep 3 14:25:47 2018 us=406792 MULTI: multi_create_instance called
Mon Sep 3 14:25:47 2018 us=406841 192.168.67.11:57315 Re-using SSL/TLS context
Mon Sep 3 14:25:47 2018 us=406950 192.168.67.11:57315 Control Channel MTU parms [ L:1621 D:1140 EF:110 EB:0 ET:0 EL:3 ]
Mon Sep 3 14:25:47 2018 us=406965 192.168.67.11:57315 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
Mon Sep 3 14:25:47 2018 us=406997 192.168.67.11:57315 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1601,tun-mtu 1500,proto UDPv4,keydir 0,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-server'
Mon Sep 3 14:25:47 2018 us=407009 192.168.67.11:57315 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1601,tun-mtu 1500,proto UDPv4,keydir 1,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-client'
Mon Sep 3 14:25:47 2018 us=407040 192.168.67.11:57315 TLS: Initial packet from [AF_INET]192.168.67.11:57315, sid=f3e6619e 8a045777
Mon Sep 3 14:25:47 2018 us=595023 192.168.67.11:57315 VERIFY OK: depth=1, C=FR, ST=75, L=Paris, O=Thib, OU=TA, CN="Thib", name=Thib, emailAddress=xxx@gmail.com
Mon Sep 3 14:25:47 2018 us=595414 192.168.67.11:57315 VERIFY OK: depth=0, C=FR, ST=75, L=Paris, O=Thib, OU=TA, CN=thibclient, name=Thib, emailAddress=xxx@gmail.com
Mon Sep 3 14:25:47 2018 us=659967 192.168.67.11:57315 peer info: IV_VER=2.4.6
Mon Sep 3 14:25:47 2018 us=659996 192.168.67.11:57315 peer info: IV_PLAT=win
Mon Sep 3 14:25:47 2018 us=660009 192.168.67.11:57315 peer info: IV_PROTO=2
Mon Sep 3 14:25:47 2018 us=660021 192.168.67.11:57315 peer info: IV_NCP=2
Mon Sep 3 14:25:47 2018 us=660033 192.168.67.11:57315 peer info: IV_LZ4=1
Mon Sep 3 14:25:47 2018 us=660045 192.168.67.11:57315 peer info: IV_LZ4v2=1
Mon Sep 3 14:25:47 2018 us=660058 192.168.67.11:57315 peer info: IV_LZO=1
Mon Sep 3 14:25:47 2018 us=660070 192.168.67.11:57315 peer info: IV_COMP_STUB=1
Mon Sep 3 14:25:47 2018 us=660082 192.168.67.11:57315 peer info: IV_COMP_STUBv2=1
Mon Sep 3 14:25:47 2018 us=660095 192.168.67.11:57315 peer info: IV_TCPNL=1
Mon Sep 3 14:25:47 2018 us=660107 192.168.67.11:57315 peer info: IV_GUI_VER=OpenVPN_GUI_11
Mon Sep 3 14:25:47 2018 us=661295 192.168.67.11:57315 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 4096 bit RSA
Mon Sep 3 14:25:47 2018 us=661327 192.168.67.11:57315 [thibclient] Peer Connection Initiated with [AF_INET]192.168.67.11:57315
Mon Sep 3 14:25:47 2018 us=661369 thibclient/192.168.67.11:57315 OPTIONS IMPORT: reading client specific options from: /etc/openvpn/ccd/thibclient
Mon Sep 3 14:25:47 2018 us=661414 thibclient/192.168.67.11:57315 MULTI_sva: pool returned IPv4=10.8.0.4, IPv6=(Not enabled)
Mon Sep 3 14:25:47 2018 us=661454 thibclient/192.168.67.11:57315 MULTI: Learn: 10.8.0.4 -> thibclient/192.168.67.11:57315
Mon Sep 3 14:25:47 2018 us=661468 thibclient/192.168.67.11:57315 MULTI: primary virtual IP for thibclient/192.168.67.11:57315: 10.8.0.4
Mon Sep 3 14:25:47 2018 us=661483 thibclient/192.168.67.11:57315 MULTI: internal route 192.168.67.0/24 -> thibclient/192.168.67.11:57315
Mon Sep 3 14:25:47 2018 us=661497 thibclient/192.168.67.11:57315 MULTI: Learn: 192.168.67.0/24 -> thibclient/192.168.67.11:57315
Mon Sep 3 14:25:48 2018 us=718002 thibclient/192.168.67.11:57315 PUSH: Received control message: 'PUSH_REQUEST'
Mon Sep 3 14:25:48 2018 us=718075 thibclient/192.168.67.11:57315 SENT CONTROL [thibclient]: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 8.8.8.8,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.8.0.4 255.255.255.0,peer-id 0,cipher AES-256-GCM' (status=1)
Mon Sep 3 14:25:48 2018 us=718113 thibclient/192.168.67.11:57315 Data Channel MTU parms [ L:1549 D:1450 EF:49 EB:406 ET:0 EL:3 ]
Mon Sep 3 14:25:48 2018 us=718203 thibclient/192.168.67.11:57315 Data Channel Encrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
Mon Sep 3 14:25:48 2018 us=718217 thibclient/192.168.67.11:57315 Data Channel Decrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
Mon Sep 3 14:25:51 2018 us=174134 thibclient/192.168.67.11:57315 MULTI: Learn: 192.168.67.11 -> thibclient/192.168.67.11:57315
Mon Sep 3 14:30:24 2018 us=870167 thibclient/192.168.67.11:57315 MULTI: bad source address from client [192.168.56.1], packet dropped
Mon Sep 3 14:30:25 2018 us=361460 thibclient/192.168.67.11:57315 MULTI: bad source address from client [192.168.56.1], packet dropped
Mon Sep 3 14:30:28 2018 us=860429 thibclient/192.168.67.11:57315 MULTI: bad source address from client [192.168.56.1], packet dropped
Mon Sep 3 14:30:29 2018 us=362827 thibclient/192.168.67.11:57315 MULTI: bad source address from client [192.168.56.1], packet dropped
Mon Sep 3 14:30:32 2018 us=860885 thibclient/192.168.67.11:57315 MULTI: bad source address from client [192.168.56.1], packet dropped
Mon Sep 3 14:30:33 2018 us=361216 thibclient/192.168.67.11:57315 MULTI: bad source address from client [192.168.56.1], packet dropped
Mon Sep 3 14:30:36 2018 us=867287 thibclient/192.168.67.11:57315 MULTI: bad source address from client [192.168.56.1], packet dropped
Mon Sep 3 14:30:37 2018 us=368898 thibclient/192.168.67.11:57315 MULTI: bad source address from client [192.168.56.1], packet dropped
Mon Sep 3 14:38:36 2018 us=70137 thibclient/192.168.67.11:57315 MULTI: Learn: 192.168.67.11 -> thibclient/192.168.67.11:57315
Mon Sep 3 14:44:16 2018 us=777275 thibclient/192.168.67.11:57315 MULTI: Learn: 192.168.67.11 -> thibclient/192.168.67.11:57315
Mon Sep 3 14:45:36 2018 us=866679 thibclient/192.168.67.11:57315 MULTI: bad source address from client [192.168.56.1], packet dropped
Mon Sep 3 14:45:37 2018 us=369101 thibclient/192.168.67.11:57315 MULTI: bad source address from client [192.168.56.1], packet dropped
Mon Sep 3 14:45:40 2018 us=866819 thibclient/192.168.67.11:57315 MULTI: bad source address from client [192.168.56.1], packet dropped
Mon Sep 3 14:45:41 2018 us=368346 thibclient/192.168.67.11:57315 MULTI: bad source address from client [192.168.56.1], packet dropped
Mon Sep 3 14:45:44 2018 us=867965 thibclient/192.168.67.11:57315 MULTI: bad source address from client [192.168.56.1], packet dropped
Mon Sep 3 14:45:45 2018 us=368334 thibclient/192.168.67.11:57315 MULTI: bad source address from client [192.168.56.1], packet dropped
Mon Sep 3 14:45:48 2018 us=868156 thibclient/192.168.67.11:57315 MULTI: bad source address from client [192.168.56.1], packet dropped
Mon Sep 3 14:45:49 2018 us=368439 thibclient/192.168.67.11:57315 MULTI: bad source address from client [192.168.56.1], packet dropped
In the client side :
Client log of the third situation
Code: Select all
Mon Sep 03 14:25:45 2018 us=232037 Connection reset command was pushed by server ('')
Mon Sep 03 14:25:45 2018 us=232037 TCP/UDP: Closing socket
Mon Sep 03 14:25:45 2018 us=232037 SIGUSR1[soft,server-pushed-connection-reset] received, process restarting
Mon Sep 03 14:25:45 2018 us=232037 MANAGEMENT: >STATE:1535977545,RECONNECTING,server-pushed-connection-reset,,,,,
Mon Sep 03 14:25:45 2018 us=232037 Restart pause, 5 second(s)
Mon Sep 03 14:25:50 2018 us=232280 Re-using SSL/TLS context
Mon Sep 03 14:25:50 2018 us=232280 Control Channel MTU parms [ L:1621 D:1140 EF:110 EB:0 ET:0 EL:3 ]
Mon Sep 03 14:25:50 2018 us=232280 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
Mon Sep 03 14:25:50 2018 us=232280 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1601,tun-mtu 1500,proto UDPv4,keydir 1,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-client'
Mon Sep 03 14:25:50 2018 us=232280 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1601,tun-mtu 1500,proto UDPv4,keydir 0,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-server'
Mon Sep 03 14:25:50 2018 us=232280 TCP/UDP: Preserving recently used remote address: [AF_INET]192.168.67.10:1194
Mon Sep 03 14:25:50 2018 us=232280 Socket Buffers: R=[65536->65536] S=[65536->65536]
Mon Sep 03 14:25:50 2018 us=232280 UDP link local: (not bound)
Mon Sep 03 14:25:50 2018 us=232280 UDP link remote: [AF_INET]192.168.67.10:1194
Mon Sep 03 14:25:50 2018 us=232280 MANAGEMENT: >STATE:1535977550,WAIT,,,,,,
Mon Sep 03 14:25:50 2018 us=232280 MANAGEMENT: >STATE:1535977550,AUTH,,,,,,
Mon Sep 03 14:25:50 2018 us=232280 TLS: Initial packet from [AF_INET]192.168.67.10:1194, sid=c226b8fa 9dbc3e1d
Mon Sep 03 14:25:50 2018 us=310419 VERIFY OK: depth=1, C=FR, ST=75, L=Paris, O=Thib, OU=TA, CN="Thib", name=Thib, emailAddress=xxx@gmail.com
Mon Sep 03 14:25:50 2018 us=310419 VERIFY KU OK
Mon Sep 03 14:25:50 2018 us=310419 Validating certificate extended key usage
Mon Sep 03 14:25:50 2018 us=310419 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Mon Sep 03 14:25:50 2018 us=310419 VERIFY EKU OK
Mon Sep 03 14:25:50 2018 us=310419 VERIFY OK: depth=0, C=FR, ST=75, L=Paris, O=Thib, OU=TA, CN=server, name=Thib, emailAddress=xxx@gmail.com
Mon Sep 03 14:25:50 2018 us=482292 Control Channel: TLSv1.2, cipher TLSv1.2 DHE-RSA-AES256-GCM-SHA384, 4096 bit RSA
Mon Sep 03 14:25:50 2018 us=482292 [server] Peer Connection Initiated with [AF_INET]192.168.67.10:1194
Mon Sep 03 14:25:51 2018 us=544854 MANAGEMENT: >STATE:1535977551,GET_CONFIG,,,,,,
Mon Sep 03 14:25:51 2018 us=544854 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Mon Sep 03 14:25:51 2018 us=544854 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 8.8.8.8,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.8.0.4 255.255.255.0,peer-id 0,cipher AES-256-GCM'
Mon Sep 03 14:25:51 2018 us=544854 OPTIONS IMPORT: timers and/or timeouts modified
Mon Sep 03 14:25:51 2018 us=544854 OPTIONS IMPORT: --ifconfig/up options modified
Mon Sep 03 14:25:51 2018 us=544854 OPTIONS IMPORT: route options modified
Mon Sep 03 14:25:51 2018 us=544854 OPTIONS IMPORT: route-related options modified
Mon Sep 03 14:25:51 2018 us=544854 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Mon Sep 03 14:25:51 2018 us=544854 OPTIONS IMPORT: peer-id set
Mon Sep 03 14:25:51 2018 us=544854 OPTIONS IMPORT: adjusting link_mtu to 1624
Mon Sep 03 14:25:51 2018 us=544854 OPTIONS IMPORT: data channel crypto options modified
Mon Sep 03 14:25:51 2018 us=544854 Data Channel: using negotiated cipher 'AES-256-GCM'
Mon Sep 03 14:25:51 2018 us=544854 Data Channel MTU parms [ L:1552 D:1450 EF:52 EB:406 ET:0 EL:3 ]
Mon Sep 03 14:25:51 2018 us=544854 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Mon Sep 03 14:25:51 2018 us=544854 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Mon Sep 03 14:25:51 2018 us=544854 Preserving previous TUN/TAP instance: tap0
Mon Sep 03 14:25:51 2018 us=544854 Initialization Sequence Completed
Mon Sep 03 14:25:51 2018 us=544854 MANAGEMENT: >STATE:1535977551,CONNECTED,SUCCESS,10.8.0.4,192.168.67.10,1194,,
My server has an ethernet connexion with my internet box, and my client is using wi-fi. I didn't configure anything specific because of that, shall I ? I thought Iptables was enough.
Thanks