Can connect to lan via WiFi but not mobile data over VPN
-
kamikaze2112
- OpenVpn Newbie
- Posts: 5
- Joined: Wed Dec 18, 2019 2:21 am
Can connect to lan via WiFi but not mobile data over VPN
I can connect to my openvpn server at home via mobile data, but can't seem to access anything on the lan when I do so. Today I decided to try testing from my gf's place on her WiFi and it works fine. No issues at all connecting to the server, just can't seem to use anything when on mobile data. This used to work fine, but not exactly sure when it stopped cause I use it rather infrequently. I've reinstalled the server, to no avail. It's running on a debian 10 box, ports are open on my router. Phone is a oneplus 7 pro on android 10. It's rooted on the stock rom.
-
TinCanTech
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
-
kamikaze2112
- OpenVpn Newbie
- Posts: 5
- Joined: Wed Dec 18, 2019 2:21 am
Re: Can connect to lan via WiFi but not mobile data over VPN
Here's my logs and config files. Ideally I'd like this thing to just use the DHCP server to give the clients IP addresses. Not sure why it works when the client is on wifi but not mobile data. Funny thing is if I use my phone as a hotspot for my laptop, it works. Just can't get it working from the phone directly.
Client log file at Verb 4 (with FQDN and IP's stripped out):
18:24:13.439 -- ----- OpenVPN Start -----
18:24:13.439 -- EVENT: CORE_THREAD_ACTIVE
18:24:13.440 -- OpenVPN core 3.git::728733ae:Release android arm64 64-bit PT_PROXY built on Aug 14 2019 14:13:26
18:24:13.440 -- Frame=512/2048/512 mssfix-ctrl=1250
18:24:13.440 -- UNUSED OPTIONS
4 [resolv-retry] [infinite]
5 [nobind]
6 [persist-key]
7 [persist-tun]
9 [verify-x509-name] [server_y769lTviWWO2sQvq] [name]
11 [auth-nocache]
13 [tls-client]
15 [tls-cipher] [TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256]
16 [block-outside-dns]
17 [verb] [4]
18:24:13.440 -- EVENT: RESOLVE
18:24:13.651 -- Contacting server_ip:1194 via UDP
18:24:13.652 -- EVENT: WAIT
18:24:13.657 -- Connecting to [server_fqdn]:1194 (server_ip) via UDPv4
18:24:13.706 -- EVENT: CONNECTING
18:24:13.709 -- Tunnel Options:V4,dev-type tun,link-mtu 1521,tun-mtu 1500,proto UDPv4,cipher AES-128-GCM,auth SHA256,keysize 128,key-method 2,tls-client
18:24:13.710 -- Creds: UsernameEmpty/PasswordEmpty
18:24:13.710 -- Peer Info:
IV_GUI_VER=OC30Android
IV_VER=3.git::728733ae:Release
IV_PLAT=android
IV_NCP=2
IV_TCPNL=1
IV_PROTO=2
IV_IPv6=0
IV_AUTO_SESS=1
18:24:13.777 -- VERIFY OK : depth=1
cert. version : 3
serial number : 2C:72:2D:25:5D:69:3E:BD:79:2C:6E:E7:20:56:E6:7C:A2:01:3B:B8
issuer name : CN=cn_4HeNIn9zYfPiVTY8
subject name : CN=cn_4HeNIn9zYfPiVTY8
issued on : 2020-01-08 00:47:20
expires on : 2030-01-05 00:47:20
signed using : ECDSA with SHA256
EC key size : 256 bits
basic constraints : CA=true
key usage : Key Cert Sign, CRL Sign
18:24:13.777 -- VERIFY OK : depth=0
cert. version : 3
serial number : 31:F5:AC:80:6F:8F:72:5B:F7:34:A2:E8:E5:0A:D3:37
issuer name : CN=cn_4HeNIn9zYfPiVTY8
subject name : CN=server_y769lTviWWO2sQvq
issued on : 2020-01-08 00:47:20
expires on : 2022-12-23 00:47:20
signed using : ECDSA with SHA256
EC key size : 256 bits
basic constraints : CA=false
subject alt name : server_y769lTviWWO2sQvq
key usage : Digital Signature, Key Encipherment
ext key usage : TLS Web Server Authentication
18:24:13.936 -- SSL Handshake: TLSv1.2/TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
18:24:13.936 -- Session is ACTIVE
18:24:13.937 -- EVENT: GET_CONFIG
18:24:13.938 -- Sending PUSH_REQUEST to server...
18:24:14.008 -- OPTIONS:
0 [dhcp-option] [DNS] [9.9.9.10]
1 [dhcp-option] [DNS] [149.112.112.10]
2 [redirect-gateway] [def1] [bypass-dhcp]
3 [route] [10.0.1.0] [255.255.255.0]
4 [route-gateway] [10.8.0.1]
5 [topology] [subnet]
6 [ping] [10]
7 [ping-restart] [120]
8 [ifconfig] [10.8.0.2] [255.255.255.0]
9 [peer-id] [0]
10 [cipher] [AES-128-GCM]
11 [block-ipv6]
18:24:14.008 -- PROTOCOL OPTIONS:
cipher: AES-128-GCM
digest: SHA256
compress: NONE
peer ID: 0
18:24:14.009 -- EVENT: ASSIGN_IP
18:24:14.040 -- Connected via tun
18:24:14.040 -- EVENT: CONNECTED info='server_fqdn:1194 (server_ip) via /UDPv4 on tun/10.8.0.2/ gw=[10.8.0.1/]'
Server Log file at Verb 4 (again with public ip's stripped/edited):
Client Conf with keys/ip's/FQDN's stripped/edited:
client
proto udp
remote server_fqdn 1194
dev tun
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
verify-x509-name server_y769lTviWWO2sQvq name
auth SHA256
auth-nocache
cipher AES-128-GCM
tls-client
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
setenv opt block-outside-dns # Prevent Windows 10 DNS leak
verb 4
<ca>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
-----END PRIVATE KEY-----
</key>
<tls-crypt>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
-----END OpenVPN Static key V1-----
</tls-crypt>
And lastly the Server conf file:
port 1194
proto udp
dev tun
user nobody
group nogroup
persist-key
persist-tun
keepalive 10 120
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS 9.9.9.10"
push "dhcp-option DNS 149.112.112.10"
push "redirect-gateway def1 bypass-dhcp"
push "route 10.0.1.0 255.255.255.0"
dh none
ecdh-curve prime256v1
tls-crypt tls-crypt.key 0
crl-verify crl.pem
ca ca.crt
cert server_y769lTviWWO2sQvq.crt
key server_y769lTviWWO2sQvq.key
auth SHA256
cipher AES-128-GCM
ncp-ciphers AES-128-GCM
tls-server
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
status /var/log/openvpn/status.log
log /var/log/openvpn.log
verb 4
Client log file at Verb 4 (with FQDN and IP's stripped out):
Client Log
18:24:13.439 -- ----- OpenVPN Start -----
18:24:13.439 -- EVENT: CORE_THREAD_ACTIVE
18:24:13.440 -- OpenVPN core 3.git::728733ae:Release android arm64 64-bit PT_PROXY built on Aug 14 2019 14:13:26
18:24:13.440 -- Frame=512/2048/512 mssfix-ctrl=1250
18:24:13.440 -- UNUSED OPTIONS
4 [resolv-retry] [infinite]
5 [nobind]
6 [persist-key]
7 [persist-tun]
9 [verify-x509-name] [server_y769lTviWWO2sQvq] [name]
11 [auth-nocache]
13 [tls-client]
15 [tls-cipher] [TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256]
16 [block-outside-dns]
17 [verb] [4]
18:24:13.440 -- EVENT: RESOLVE
18:24:13.651 -- Contacting server_ip:1194 via UDP
18:24:13.652 -- EVENT: WAIT
18:24:13.657 -- Connecting to [server_fqdn]:1194 (server_ip) via UDPv4
18:24:13.706 -- EVENT: CONNECTING
18:24:13.709 -- Tunnel Options:V4,dev-type tun,link-mtu 1521,tun-mtu 1500,proto UDPv4,cipher AES-128-GCM,auth SHA256,keysize 128,key-method 2,tls-client
18:24:13.710 -- Creds: UsernameEmpty/PasswordEmpty
18:24:13.710 -- Peer Info:
IV_GUI_VER=OC30Android
IV_VER=3.git::728733ae:Release
IV_PLAT=android
IV_NCP=2
IV_TCPNL=1
IV_PROTO=2
IV_IPv6=0
IV_AUTO_SESS=1
18:24:13.777 -- VERIFY OK : depth=1
cert. version : 3
serial number : 2C:72:2D:25:5D:69:3E:BD:79:2C:6E:E7:20:56:E6:7C:A2:01:3B:B8
issuer name : CN=cn_4HeNIn9zYfPiVTY8
subject name : CN=cn_4HeNIn9zYfPiVTY8
issued on : 2020-01-08 00:47:20
expires on : 2030-01-05 00:47:20
signed using : ECDSA with SHA256
EC key size : 256 bits
basic constraints : CA=true
key usage : Key Cert Sign, CRL Sign
18:24:13.777 -- VERIFY OK : depth=0
cert. version : 3
serial number : 31:F5:AC:80:6F:8F:72:5B:F7:34:A2:E8:E5:0A:D3:37
issuer name : CN=cn_4HeNIn9zYfPiVTY8
subject name : CN=server_y769lTviWWO2sQvq
issued on : 2020-01-08 00:47:20
expires on : 2022-12-23 00:47:20
signed using : ECDSA with SHA256
EC key size : 256 bits
basic constraints : CA=false
subject alt name : server_y769lTviWWO2sQvq
key usage : Digital Signature, Key Encipherment
ext key usage : TLS Web Server Authentication
18:24:13.936 -- SSL Handshake: TLSv1.2/TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
18:24:13.936 -- Session is ACTIVE
18:24:13.937 -- EVENT: GET_CONFIG
18:24:13.938 -- Sending PUSH_REQUEST to server...
18:24:14.008 -- OPTIONS:
0 [dhcp-option] [DNS] [9.9.9.10]
1 [dhcp-option] [DNS] [149.112.112.10]
2 [redirect-gateway] [def1] [bypass-dhcp]
3 [route] [10.0.1.0] [255.255.255.0]
4 [route-gateway] [10.8.0.1]
5 [topology] [subnet]
6 [ping] [10]
7 [ping-restart] [120]
8 [ifconfig] [10.8.0.2] [255.255.255.0]
9 [peer-id] [0]
10 [cipher] [AES-128-GCM]
11 [block-ipv6]
18:24:14.008 -- PROTOCOL OPTIONS:
cipher: AES-128-GCM
digest: SHA256
compress: NONE
peer ID: 0
18:24:14.009 -- EVENT: ASSIGN_IP
18:24:14.040 -- Connected via tun
18:24:14.040 -- EVENT: CONNECTED info='server_fqdn:1194 (server_ip) via /UDPv4 on tun/10.8.0.2/ gw=[10.8.0.1/]'
Server Log file at Verb 4 (again with public ip's stripped/edited):
Server Log
Tue Jan 7 18:31:31 2020 us=851262 Current Parameter Settings:
Tue Jan 7 18:31:31 2020 us=851356 config = '/etc/openvpn/server.conf'
Tue Jan 7 18:31:31 2020 us=851374 mode = 1
Tue Jan 7 18:31:31 2020 us=851388 persist_config = DISABLED
Tue Jan 7 18:31:31 2020 us=851402 persist_mode = 1
Tue Jan 7 18:31:31 2020 us=851416 show_ciphers = DISABLED
Tue Jan 7 18:31:31 2020 us=851429 show_digests = DISABLED
Tue Jan 7 18:31:31 2020 us=851443 show_engines = DISABLED
Tue Jan 7 18:31:31 2020 us=851456 genkey = DISABLED
Tue Jan 7 18:31:31 2020 us=851470 key_pass_file = '[UNDEF]'
Tue Jan 7 18:31:31 2020 us=851483 show_tls_ciphers = DISABLED
Tue Jan 7 18:31:31 2020 us=851497 connect_retry_max = 0
Tue Jan 7 18:31:31 2020 us=851511 Connection profiles [0]:
Tue Jan 7 18:31:31 2020 us=851525 proto = udp
Tue Jan 7 18:31:31 2020 us=851538 local = '[UNDEF]'
Tue Jan 7 18:31:31 2020 us=851552 local_port = '1194'
Tue Jan 7 18:31:31 2020 us=851565 remote = '[UNDEF]'
Tue Jan 7 18:31:31 2020 us=851579 remote_port = '1194'
Tue Jan 7 18:31:31 2020 us=851593 remote_float = DISABLED
Tue Jan 7 18:31:31 2020 us=851606 bind_defined = DISABLED
Tue Jan 7 18:31:31 2020 us=851620 bind_local = ENABLED
Tue Jan 7 18:31:31 2020 us=851633 bind_ipv6_only = DISABLED
Tue Jan 7 18:31:31 2020 us=851647 connect_retry_seconds = 5
Tue Jan 7 18:31:31 2020 us=851661 connect_timeout = 120
Tue Jan 7 18:31:31 2020 us=851675 socks_proxy_server = '[UNDEF]'
Tue Jan 7 18:31:31 2020 us=851689 socks_proxy_port = '[UNDEF]'
Tue Jan 7 18:31:31 2020 us=851703 tun_mtu = 1500
Tue Jan 7 18:31:31 2020 us=851720 tun_mtu_defined = ENABLED
Tue Jan 7 18:31:31 2020 us=851734 link_mtu = 1500
Tue Jan 7 18:31:31 2020 us=851748 link_mtu_defined = DISABLED
Tue Jan 7 18:31:31 2020 us=851762 tun_mtu_extra = 0
Tue Jan 7 18:31:31 2020 us=851775 tun_mtu_extra_defined = DISABLED
Tue Jan 7 18:31:31 2020 us=851789 mtu_discover_type = -1
Tue Jan 7 18:31:31 2020 us=851803 fragment = 0
Tue Jan 7 18:31:31 2020 us=851817 mssfix = 1450
Tue Jan 7 18:31:31 2020 us=851830 explicit_exit_notification = 0
Tue Jan 7 18:31:31 2020 us=851844 Connection profiles END
Tue Jan 7 18:31:31 2020 us=851858 remote_random = DISABLED
Tue Jan 7 18:31:31 2020 us=851871 ipchange = '[UNDEF]'
Tue Jan 7 18:31:31 2020 us=851885 dev = 'tun'
Tue Jan 7 18:31:31 2020 us=851899 dev_type = '[UNDEF]'
Tue Jan 7 18:31:31 2020 us=851912 dev_node = '[UNDEF]'
Tue Jan 7 18:31:31 2020 us=851926 lladdr = '[UNDEF]'
Tue Jan 7 18:31:31 2020 us=851939 topology = 3
Tue Jan 7 18:31:31 2020 us=851953 ifconfig_local = '10.8.0.1'
Tue Jan 7 18:31:31 2020 us=851967 ifconfig_remote_netmask = '255.255.255.0'
Tue Jan 7 18:31:31 2020 us=851980 ifconfig_noexec = DISABLED
Tue Jan 7 18:31:31 2020 us=851994 ifconfig_nowarn = DISABLED
Tue Jan 7 18:31:31 2020 us=852007 ifconfig_ipv6_local = '[UNDEF]'
Tue Jan 7 18:31:31 2020 us=852021 ifconfig_ipv6_netbits = 0
Tue Jan 7 18:31:31 2020 us=852035 ifconfig_ipv6_remote = '[UNDEF]'
Tue Jan 7 18:31:31 2020 us=852048 shaper = 0
Tue Jan 7 18:31:31 2020 us=852062 mtu_test = 0
Tue Jan 7 18:31:31 2020 us=852076 mlock = DISABLED
Tue Jan 7 18:31:31 2020 us=852089 keepalive_ping = 10
Tue Jan 7 18:31:31 2020 us=852103 keepalive_timeout = 120
Tue Jan 7 18:31:31 2020 us=852116 inactivity_timeout = 0
Tue Jan 7 18:31:31 2020 us=852130 ping_send_timeout = 10
Tue Jan 7 18:31:31 2020 us=852144 ping_rec_timeout = 240
Tue Jan 7 18:31:31 2020 us=852157 ping_rec_timeout_action = 2
Tue Jan 7 18:31:31 2020 us=852171 ping_timer_remote = DISABLED
Tue Jan 7 18:31:31 2020 us=852185 remap_sigusr1 = 0
Tue Jan 7 18:31:31 2020 us=852198 persist_tun = ENABLED
Tue Jan 7 18:31:31 2020 us=852212 persist_local_ip = DISABLED
Tue Jan 7 18:31:31 2020 us=852225 persist_remote_ip = DISABLED
Tue Jan 7 18:31:31 2020 us=852239 persist_key = ENABLED
Tue Jan 7 18:31:31 2020 us=852252 passtos = DISABLED
Tue Jan 7 18:31:31 2020 us=852266 resolve_retry_seconds = 1000000000
Tue Jan 7 18:31:31 2020 us=852280 resolve_in_advance = DISABLED
Tue Jan 7 18:31:31 2020 us=852316 username = 'nobody'
Tue Jan 7 18:31:31 2020 us=852331 groupname = 'nogroup'
Tue Jan 7 18:31:31 2020 us=852345 chroot_dir = '[UNDEF]'
Tue Jan 7 18:31:31 2020 us=852359 cd_dir = '/etc/openvpn'
Tue Jan 7 18:31:31 2020 us=852372 writepid = '/run/openvpn/server.pid'
Tue Jan 7 18:31:31 2020 us=852386 up_script = '[UNDEF]'
Tue Jan 7 18:31:31 2020 us=852399 down_script = '[UNDEF]'
Tue Jan 7 18:31:31 2020 us=852413 down_pre = DISABLED
Tue Jan 7 18:31:31 2020 us=852427 up_restart = DISABLED
Tue Jan 7 18:31:31 2020 us=852440 up_delay = DISABLED
Tue Jan 7 18:31:31 2020 us=852454 daemon = ENABLED
Tue Jan 7 18:31:31 2020 us=852468 inetd = 0
Tue Jan 7 18:31:31 2020 us=852481 log = ENABLED
Tue Jan 7 18:31:31 2020 us=852495 suppress_timestamps = DISABLED
Tue Jan 7 18:31:31 2020 us=852508 machine_readable_output = DISABLED
Tue Jan 7 18:31:31 2020 us=852522 nice = 0
Tue Jan 7 18:31:31 2020 us=852536 verbosity = 4
Tue Jan 7 18:31:31 2020 us=852550 mute = 0
Tue Jan 7 18:31:31 2020 us=852564 gremlin = 0
Tue Jan 7 18:31:31 2020 us=852577 status_file = '/var/log/openvpn/status.log'
Tue Jan 7 18:31:31 2020 us=852591 status_file_version = 1
Tue Jan 7 18:31:31 2020 us=852605 status_file_update_freq = 10
Tue Jan 7 18:31:31 2020 us=852618 occ = ENABLED
Tue Jan 7 18:31:31 2020 us=852632 rcvbuf = 0
Tue Jan 7 18:31:31 2020 us=852646 sndbuf = 0
Tue Jan 7 18:31:31 2020 us=852659 mark = 0
Tue Jan 7 18:31:31 2020 us=852673 sockflags = 0
Tue Jan 7 18:31:31 2020 us=852687 fast_io = DISABLED
Tue Jan 7 18:31:31 2020 us=852700 comp.alg = 0
Tue Jan 7 18:31:31 2020 us=852714 comp.flags = 0
Tue Jan 7 18:31:31 2020 us=852727 route_script = '[UNDEF]'
Tue Jan 7 18:31:31 2020 us=852741 route_default_gateway = '10.8.0.2'
Tue Jan 7 18:31:31 2020 us=852755 route_default_metric = 0
Tue Jan 7 18:31:31 2020 us=852768 route_noexec = DISABLED
Tue Jan 7 18:31:31 2020 us=852782 route_delay = 0
Tue Jan 7 18:31:31 2020 us=852796 route_delay_window = 30
Tue Jan 7 18:31:31 2020 us=852810 route_delay_defined = DISABLED
Tue Jan 7 18:31:31 2020 us=852823 route_nopull = DISABLED
Tue Jan 7 18:31:31 2020 us=852837 route_gateway_via_dhcp = DISABLED
Tue Jan 7 18:31:31 2020 us=852851 allow_pull_fqdn = DISABLED
Tue Jan 7 18:31:31 2020 us=852865 management_addr = '[UNDEF]'
Tue Jan 7 18:31:31 2020 us=852878 management_port = '[UNDEF]'
Tue Jan 7 18:31:31 2020 us=852892 management_user_pass = '[UNDEF]'
Tue Jan 7 18:31:31 2020 us=852906 management_log_history_cache = 250
Tue Jan 7 18:31:31 2020 us=852920 management_echo_buffer_size = 100
Tue Jan 7 18:31:31 2020 us=852934 management_write_peer_info_file = '[UNDEF]'
Tue Jan 7 18:31:31 2020 us=852948 management_client_user = '[UNDEF]'
Tue Jan 7 18:31:31 2020 us=852962 management_client_group = '[UNDEF]'
Tue Jan 7 18:31:31 2020 us=852976 management_flags = 0
Tue Jan 7 18:31:31 2020 us=852990 shared_secret_file = '[UNDEF]'
Tue Jan 7 18:31:31 2020 us=853004 key_direction = not set
Tue Jan 7 18:31:31 2020 us=853018 ciphername = 'AES-128-GCM'
Tue Jan 7 18:31:31 2020 us=853032 ncp_enabled = ENABLED
Tue Jan 7 18:31:31 2020 us=853046 ncp_ciphers = 'AES-128-GCM'
Tue Jan 7 18:31:31 2020 us=853060 authname = 'SHA256'
Tue Jan 7 18:31:31 2020 us=853073 prng_hash = 'SHA1'
Tue Jan 7 18:31:31 2020 us=853087 prng_nonce_secret_len = 16
Tue Jan 7 18:31:31 2020 us=853101 keysize = 0
Tue Jan 7 18:31:31 2020 us=853115 engine = DISABLED
Tue Jan 7 18:31:31 2020 us=853129 replay = ENABLED
Tue Jan 7 18:31:31 2020 us=853143 mute_replay_warnings = DISABLED
Tue Jan 7 18:31:31 2020 us=853157 replay_window = 64
Tue Jan 7 18:31:31 2020 us=853171 replay_time = 15
Tue Jan 7 18:31:31 2020 us=853184 packet_id_file = '[UNDEF]'
Tue Jan 7 18:31:31 2020 us=853198 use_iv = ENABLED
Tue Jan 7 18:31:31 2020 us=853212 test_crypto = DISABLED
Tue Jan 7 18:31:31 2020 us=853226 tls_server = ENABLED
Tue Jan 7 18:31:31 2020 us=853240 tls_client = DISABLED
Tue Jan 7 18:31:31 2020 us=853260 key_method = 2
Tue Jan 7 18:31:31 2020 us=853275 ca_file = 'ca.crt'
Tue Jan 7 18:31:31 2020 us=853288 ca_path = '[UNDEF]'
Tue Jan 7 18:31:31 2020 us=853302 dh_file = '[UNDEF]'
Tue Jan 7 18:31:31 2020 us=853316 cert_file = 'server_y769lTviWWO2sQvq.crt'
Tue Jan 7 18:31:31 2020 us=853330 extra_certs_file = '[UNDEF]'
Tue Jan 7 18:31:31 2020 us=853344 priv_key_file = 'server_y769lTviWWO2sQvq.key'
Tue Jan 7 18:31:31 2020 us=853358 pkcs12_file = '[UNDEF]'
Tue Jan 7 18:31:31 2020 us=853372 cipher_list = 'TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256'
Tue Jan 7 18:31:31 2020 us=853386 cipher_list_tls13 = '[UNDEF]'
Tue Jan 7 18:31:31 2020 us=853400 tls_cert_profile = '[UNDEF]'
Tue Jan 7 18:31:31 2020 us=853414 tls_verify = '[UNDEF]'
Tue Jan 7 18:31:31 2020 us=853427 tls_export_cert = '[UNDEF]'
Tue Jan 7 18:31:31 2020 us=853441 verify_x509_type = 0
Tue Jan 7 18:31:31 2020 us=853455 verify_x509_name = '[UNDEF]'
Tue Jan 7 18:31:31 2020 us=853469 crl_file = 'crl.pem'
Tue Jan 7 18:31:31 2020 us=853483 ns_cert_type = 0
Tue Jan 7 18:31:31 2020 us=853497 remote_cert_ku = 0
Tue Jan 7 18:31:31 2020 us=853510 remote_cert_ku = 0
Tue Jan 7 18:31:31 2020 us=853524 remote_cert_ku = 0
Tue Jan 7 18:31:31 2020 us=853538 remote_cert_ku = 0
Tue Jan 7 18:31:31 2020 us=853552 remote_cert_ku = 0
Tue Jan 7 18:31:31 2020 us=853566 remote_cert_ku = 0
Tue Jan 7 18:31:31 2020 us=853580 remote_cert_ku = 0
Tue Jan 7 18:31:31 2020 us=853594 remote_cert_ku = 0
Tue Jan 7 18:31:31 2020 us=853607 remote_cert_ku = 0
Tue Jan 7 18:31:31 2020 us=853621 remote_cert_ku = 0
Tue Jan 7 18:31:31 2020 us=853635 remote_cert_ku[i] = 0
Tue Jan 7 18:31:31 2020 us=853649 remote_cert_ku[i] = 0
Tue Jan 7 18:31:31 2020 us=853663 remote_cert_ku[i] = 0
Tue Jan 7 18:31:31 2020 us=853676 remote_cert_ku[i] = 0
Tue Jan 7 18:31:31 2020 us=853690 remote_cert_ku[i] = 0
Tue Jan 7 18:31:31 2020 us=853704 remote_cert_ku[i] = 0
Tue Jan 7 18:31:31 2020 us=853718 remote_cert_eku = '[UNDEF]'
Tue Jan 7 18:31:31 2020 us=853732 ssl_flags = 192
Tue Jan 7 18:31:31 2020 us=853746 tls_timeout = 2
Tue Jan 7 18:31:31 2020 us=853760 renegotiate_bytes = -1
Tue Jan 7 18:31:31 2020 us=853774 renegotiate_packets = 0
Tue Jan 7 18:31:31 2020 us=853788 renegotiate_seconds = 3600
Tue Jan 7 18:31:31 2020 us=853802 handshake_window = 60
Tue Jan 7 18:31:31 2020 us=853816 transition_window = 3600
Tue Jan 7 18:31:31 2020 us=853830 single_session = DISABLED
Tue Jan 7 18:31:31 2020 us=853843 push_peer_info = DISABLED
Tue Jan 7 18:31:31 2020 us=853857 tls_exit = DISABLED
Tue Jan 7 18:31:31 2020 us=853871 tls_auth_file = '[UNDEF]'
Tue Jan 7 18:31:31 2020 us=853885 tls_crypt_file = 'tls-crypt.key'
Tue Jan 7 18:31:31 2020 us=853899 pkcs11_protected_authentication = DISABLED
Tue Jan 7 18:31:31 2020 us=853913 pkcs11_protected_authentication = DISABLED
Tue Jan 7 18:31:31 2020 us=853927 pkcs11_protected_authentication = DISABLED
Tue Jan 7 18:31:31 2020 us=853940 pkcs11_protected_authentication = DISABLED
Tue Jan 7 18:31:31 2020 us=853954 pkcs11_protected_authentication = DISABLED
Tue Jan 7 18:31:31 2020 us=853968 pkcs11_protected_authentication = DISABLED
Tue Jan 7 18:31:31 2020 us=853985 pkcs11_protected_authentication = DISABLED
Tue Jan 7 18:31:31 2020 us=854000 pkcs11_protected_authentication = DISABLED
Tue Jan 7 18:31:31 2020 us=854014 pkcs11_protected_authentication = DISABLED
Tue Jan 7 18:31:31 2020 us=854028 pkcs11_protected_authentication = DISABLED
Tue Jan 7 18:31:31 2020 us=854041 pkcs11_protected_authentication = DISABLED
Tue Jan 7 18:31:31 2020 us=854055 pkcs11_protected_authentication = DISABLED
Tue Jan 7 18:31:31 2020 us=854069 pkcs11_protected_authentication = DISABLED
Tue Jan 7 18:31:31 2020 us=854083 pkcs11_protected_authentication = DISABLED
Tue Jan 7 18:31:31 2020 us=854097 pkcs11_protected_authentication = DISABLED
Tue Jan 7 18:31:31 2020 us=854111 pkcs11_protected_authentication = DISABLED
Tue Jan 7 18:31:31 2020 us=854131 pkcs11_private_mode = 00000000
Tue Jan 7 18:31:31 2020 us=854145 pkcs11_private_mode = 00000000
Tue Jan 7 18:31:31 2020 us=854159 pkcs11_private_mode = 00000000
Tue Jan 7 18:31:31 2020 us=854173 pkcs11_private_mode = 00000000
Tue Jan 7 18:31:31 2020 us=854187 pkcs11_private_mode = 00000000
Tue Jan 7 18:31:31 2020 us=854201 pkcs11_private_mode = 00000000
Tue Jan 7 18:31:31 2020 us=854214 pkcs11_private_mode = 00000000
Tue Jan 7 18:31:31 2020 us=854228 pkcs11_private_mode = 00000000
Tue Jan 7 18:31:31 2020 us=854242 pkcs11_private_mode = 00000000
Tue Jan 7 18:31:31 2020 us=854256 pkcs11_private_mode = 00000000
Tue Jan 7 18:31:31 2020 us=854269 pkcs11_private_mode = 00000000
Tue Jan 7 18:31:31 2020 us=854283 pkcs11_private_mode = 00000000
Tue Jan 7 18:31:31 2020 us=854297 pkcs11_private_mode = 00000000
Tue Jan 7 18:31:31 2020 us=854311 pkcs11_private_mode = 00000000
Tue Jan 7 18:31:31 2020 us=854324 pkcs11_private_mode = 00000000
Tue Jan 7 18:31:31 2020 us=854338 pkcs11_private_mode = 00000000
Tue Jan 7 18:31:31 2020 us=854352 pkcs11_cert_private = DISABLED
Tue Jan 7 18:31:31 2020 us=854365 pkcs11_cert_private = DISABLED
Tue Jan 7 18:31:31 2020 us=854379 pkcs11_cert_private = DISABLED
Tue Jan 7 18:31:31 2020 us=854393 pkcs11_cert_private = DISABLED
Tue Jan 7 18:31:31 2020 us=854406 pkcs11_cert_private = DISABLED
Tue Jan 7 18:31:31 2020 us=854420 pkcs11_cert_private = DISABLED
Tue Jan 7 18:31:31 2020 us=854434 pkcs11_cert_private = DISABLED
Tue Jan 7 18:31:31 2020 us=854448 pkcs11_cert_private = DISABLED
Tue Jan 7 18:31:31 2020 us=854461 pkcs11_cert_private = DISABLED
Tue Jan 7 18:31:31 2020 us=854475 pkcs11_cert_private = DISABLED
Tue Jan 7 18:31:31 2020 us=854489 pkcs11_cert_private = DISABLED
Tue Jan 7 18:31:31 2020 us=854502 pkcs11_cert_private = DISABLED
Tue Jan 7 18:31:31 2020 us=854516 pkcs11_cert_private = DISABLED
Tue Jan 7 18:31:31 2020 us=854530 pkcs11_cert_private = DISABLED
Tue Jan 7 18:31:31 2020 us=854544 pkcs11_cert_private = DISABLED
Tue Jan 7 18:31:31 2020 us=854557 pkcs11_cert_private = DISABLED
Tue Jan 7 18:31:31 2020 us=854571 pkcs11_pin_cache_period = -1
Tue Jan 7 18:31:31 2020 us=854585 pkcs11_id = '[UNDEF]'
Tue Jan 7 18:31:31 2020 us=854599 pkcs11_id_management = DISABLED
Tue Jan 7 18:31:31 2020 us=854614 server_network = 10.8.0.0
Tue Jan 7 18:31:31 2020 us=854629 server_netmask = 255.255.255.0
Tue Jan 7 18:31:31 2020 us=854644 server_network_ipv6 = ::
Tue Jan 7 18:31:31 2020 us=854658 server_netbits_ipv6 = 0
Tue Jan 7 18:31:31 2020 us=854673 server_bridge_ip = 0.0.0.0
Tue Jan 7 18:31:31 2020 us=854687 server_bridge_netmask = 0.0.0.0
Tue Jan 7 18:31:31 2020 us=854702 server_bridge_pool_start = 0.0.0.0
Tue Jan 7 18:31:31 2020 us=854716 server_bridge_pool_end = 0.0.0.0
Tue Jan 7 18:31:31 2020 us=854730 push_entry = 'dhcp-option DNS 9.9.9.10'
Tue Jan 7 18:31:31 2020 us=854744 push_entry = 'dhcp-option DNS 149.112.112.10'
Tue Jan 7 18:31:31 2020 us=854758 push_entry = 'redirect-gateway def1 bypass-dhcp'
Tue Jan 7 18:31:31 2020 us=854772 push_entry = 'route 10.0.1.0 255.255.255.0'
Tue Jan 7 18:31:31 2020 us=854786 push_entry = 'route-gateway 10.8.0.1'
Tue Jan 7 18:31:31 2020 us=854799 push_entry = 'topology subnet'
Tue Jan 7 18:31:31 2020 us=854813 push_entry = 'ping 10'
Tue Jan 7 18:31:31 2020 us=854827 push_entry = 'ping-restart 120'
Tue Jan 7 18:31:31 2020 us=854840 ifconfig_pool_defined = ENABLED
Tue Jan 7 18:31:31 2020 us=854855 ifconfig_pool_start = 10.8.0.2
Tue Jan 7 18:31:31 2020 us=854870 ifconfig_pool_end = 10.8.0.253
Tue Jan 7 18:31:31 2020 us=854885 ifconfig_pool_netmask = 255.255.255.0
Tue Jan 7 18:31:31 2020 us=854899 ifconfig_pool_persist_filename = 'ipp.txt'
Tue Jan 7 18:31:31 2020 us=854913 ifconfig_pool_persist_refresh_freq = 600
Tue Jan 7 18:31:31 2020 us=854927 ifconfig_ipv6_pool_defined = DISABLED
Tue Jan 7 18:31:31 2020 us=854941 ifconfig_ipv6_pool_base = ::
Tue Jan 7 18:31:31 2020 us=854961 ifconfig_ipv6_pool_netbits = 0
Tue Jan 7 18:31:31 2020 us=854976 n_bcast_buf = 256
Tue Jan 7 18:31:31 2020 us=854990 tcp_queue_limit = 64
Tue Jan 7 18:31:31 2020 us=855004 real_hash_size = 256
Tue Jan 7 18:31:31 2020 us=855018 virtual_hash_size = 256
Tue Jan 7 18:31:31 2020 us=855031 client_connect_script = '[UNDEF]'
Tue Jan 7 18:31:31 2020 us=855045 learn_address_script = '[UNDEF]'
Tue Jan 7 18:31:31 2020 us=855059 client_disconnect_script = '[UNDEF]'
Tue Jan 7 18:31:31 2020 us=855073 client_config_dir = '[UNDEF]'
Tue Jan 7 18:31:31 2020 us=855087 ccd_exclusive = DISABLED
Tue Jan 7 18:31:31 2020 us=855100 tmp_dir = '/tmp'
Tue Jan 7 18:31:31 2020 us=855114 push_ifconfig_defined = DISABLED
Tue Jan 7 18:31:31 2020 us=855129 push_ifconfig_local = 0.0.0.0
Tue Jan 7 18:31:31 2020 us=855144 push_ifconfig_remote_netmask = 0.0.0.0
Tue Jan 7 18:31:31 2020 us=855157 push_ifconfig_ipv6_defined = DISABLED
Tue Jan 7 18:31:31 2020 us=855172 push_ifconfig_ipv6_local = ::/0
Tue Jan 7 18:31:31 2020 us=855187 push_ifconfig_ipv6_remote = ::
Tue Jan 7 18:31:31 2020 us=855200 enable_c2c = DISABLED
Tue Jan 7 18:31:31 2020 us=855214 duplicate_cn = DISABLED
Tue Jan 7 18:31:31 2020 us=855228 cf_max = 0
Tue Jan 7 18:31:31 2020 us=855243 cf_per = 0
Tue Jan 7 18:31:31 2020 us=855257 max_clients = 1024
Tue Jan 7 18:31:31 2020 us=855271 max_routes_per_client = 256
Tue Jan 7 18:31:31 2020 us=855284 auth_user_pass_verify_script = '[UNDEF]'
Tue Jan 7 18:31:31 2020 us=855298 auth_user_pass_verify_script_via_file = DISABLED
Tue Jan 7 18:31:31 2020 us=855312 auth_token_generate = DISABLED
Tue Jan 7 18:31:31 2020 us=855353 auth_token_lifetime = 0
Tue Jan 7 18:31:31 2020 us=855368 port_share_host = '[UNDEF]'
Tue Jan 7 18:31:31 2020 us=855382 port_share_port = '[UNDEF]'
Tue Jan 7 18:31:31 2020 us=855396 client = DISABLED
Tue Jan 7 18:31:31 2020 us=855410 pull = DISABLED
Tue Jan 7 18:31:31 2020 us=855424 auth_user_pass_file = '[UNDEF]'
Tue Jan 7 18:31:31 2020 us=855439 OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 20 2019
Tue Jan 7 18:31:31 2020 us=855460 library versions: OpenSSL 1.1.1d 10 Sep 2019, LZO 2.10
Tue Jan 7 18:31:31 2020 us=857095 ECDH curve prime256v1 added
Tue Jan 7 18:31:31 2020 us=857199 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Tue Jan 7 18:31:31 2020 us=857223 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Tue Jan 7 18:31:31 2020 us=857240 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Tue Jan 7 18:31:31 2020 us=857260 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Tue Jan 7 18:31:31 2020 us=857279 TLS-Auth MTU parms [ L:1621 D:1156 EF:94 EB:0 ET:0 EL:3 ]
Tue Jan 7 18:31:31 2020 us=857679 TUN/TAP device tun0 opened
Tue Jan 7 18:31:31 2020 us=857727 TUN/TAP TX queue length set to 100
Tue Jan 7 18:31:31 2020 us=857751 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Tue Jan 7 18:31:31 2020 us=857773 /sbin/ip link set dev tun0 up mtu 1500
Tue Jan 7 18:31:31 2020 us=859810 /sbin/ip addr add dev tun0 10.8.0.1/24 broadcast 10.8.0.255
Tue Jan 7 18:31:31 2020 us=862256 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
Tue Jan 7 18:31:31 2020 us=862596 Could not determine IPv4/IPv6 protocol. Using AF_INET
Tue Jan 7 18:31:31 2020 us=862629 Socket Buffers: R=[212992->212992] S=[212992->212992]
Tue Jan 7 18:31:31 2020 us=862654 UDPv4 link local (bound): [AF_INET][undef]:1194
Tue Jan 7 18:31:31 2020 us=862672 UDPv4 link remote: [AF_UNSPEC]
Tue Jan 7 18:31:31 2020 us=862693 GID set to nogroup
Tue Jan 7 18:31:31 2020 us=862742 UID set to nobody
Tue Jan 7 18:31:31 2020 us=862764 MULTI: multi_init called, r=256 v=256
Tue Jan 7 18:31:31 2020 us=862811 IFCONFIG POOL: base=10.8.0.2 size=252, ipv6=0
Tue Jan 7 18:31:31 2020 us=862835 ifconfig_pool_read(), in='phone,10.8.0.2', TODO: IPv6
Tue Jan 7 18:31:31 2020 us=862877 succeeded -> ifconfig_pool_set()
Tue Jan 7 18:31:31 2020 us=862893 IFCONFIG POOL LIST
Tue Jan 7 18:31:31 2020 us=862908 phone,10.8.0.2
Tue Jan 7 18:31:31 2020 us=862995 Initialization Sequence Completed
Tue Jan 7 18:32:38 2020 us=348270 MULTI: multi_create_instance called
Tue Jan 7 18:32:38 2020 us=348393 207.x.x.x:37683 Re-using SSL/TLS context
Tue Jan 7 18:32:38 2020 us=348548 207.x.x.x:37683 Control Channel MTU parms [ L:1621 D:1156 EF:94 EB:0 ET:0 EL:3 ]
Tue Jan 7 18:32:38 2020 us=348571 207.x.x.x:37683 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
Tue Jan 7 18:32:38 2020 us=348620 207.x.x.x:37683 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1549,tun-mtu 1500,proto UDPv4,cipher AES-128-GCM,auth [null-digest],keysize 128,key-method 2,tls-server'
Tue Jan 7 18:32:38 2020 us=348643 207.x.x.x:37683 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1549,tun-mtu 1500,proto UDPv4,cipher AES-128-GCM,auth [null-digest],keysize 128,key-method 2,tls-client'
Tue Jan 7 18:32:38 2020 us=348687 207.x.x.x:37683 TLS: Initial packet from [AF_INET]207.x.x.x:37683, sid=b9ac5f02 25cca7fb
Tue Jan 7 18:32:38 2020 us=517001 207.x.x.x:37683 VERIFY OK: depth=1, CN=cn_4HeNIn9zYfPiVTY8
Tue Jan 7 18:32:38 2020 us=517455 207.x.x.x:37683 VERIFY OK: depth=0, CN=phone
Tue Jan 7 18:32:38 2020 us=567623 207.x.x.x:37683 peer info: IV_GUI_VER=OC30Android
Tue Jan 7 18:32:38 2020 us=567675 207.x.x.x:37683 peer info: IV_VER=3.git::728733ae:Release
Tue Jan 7 18:32:38 2020 us=567695 207.x.x.x:37683 peer info: IV_PLAT=android
Tue Jan 7 18:32:38 2020 us=567715 207.x.x.x:37683 peer info: IV_NCP=2
Tue Jan 7 18:32:38 2020 us=567734 207.x.x.x:37683 peer info: IV_TCPNL=1
Tue Jan 7 18:32:38 2020 us=567753 207.x.x.x:37683 peer info: IV_PROTO=2
Tue Jan 7 18:32:38 2020 us=567772 207.x.x.x:37683 peer info: IV_IPv6=0
Tue Jan 7 18:32:38 2020 us=567791 207.x.x.x:37683 peer info: IV_AUTO_SESS=1
Tue Jan 7 18:32:38 2020 us=567830 207.x.x.x:37683 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1549', remote='link-mtu 1521'
Tue Jan 7 18:32:38 2020 us=567861 207.x.x.x:37683 WARNING: 'auth' is used inconsistently, local='auth [null-digest]', remote='auth SHA256'
Tue Jan 7 18:32:38 2020 us=627761 207.x.x.x:37683 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit EC, curve: prime256v1
Tue Jan 7 18:32:38 2020 us=627813 207.x.x.x:37683 [phone] Peer Connection Initiated with [AF_INET]207.x.x.x:37683
Tue Jan 7 18:32:38 2020 us=627853 phone/207.x.x.x:37683 MULTI_sva: pool returned IPv4=10.8.0.2, IPv6=(Not enabled)
Tue Jan 7 18:32:38 2020 us=627909 phone/207.x.x.x:37683 MULTI: Learn: 10.8.0.2 -> phone/207.x.x.x:37683
Tue Jan 7 18:32:38 2020 us=627930 phone/207.x.x.x:37683 MULTI: primary virtual IP for phone/207.x.x.x
10.8.0.2
Tue Jan 7 18:32:38 2020 us=627988 phone/207.x.x.x:37683 PUSH: Received control message: 'PUSH_REQUEST'
Tue Jan 7 18:32:38 2020 us=628040 phone/207.x.x.x:37683 SENT CONTROL [phone]: 'PUSH_REPLY,dhcp-option DNS 9.9.9.10,dhcp-option DNS 149.112.112.10,redirect-gateway def1 bypass-dhcp,route 10.0.1.0 255.255.255.0,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.8.0.2 255.255.255.0,peer-id 0,cipher AES-128-GCM' (status=1)
Tue Jan 7 18:32:38 2020 us=628073 phone/207.x.x.x:37683 Data Channel MTU parms [ L:1549 D:1450 EF:49 EB:406 ET:0 EL:3 ]
Tue Jan 7 18:32:38 2020 us=628202 phone/207.x.x.x:37683 Outgoing Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
Tue Jan 7 18:32:38 2020 us=628227 phone/207.x.x.x:37683 Incoming Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
Tue Jan 7 18:32:39 2020 us=5528 phone/207.x.x.x:37683 MULTI: bad source address from client [25.50.39.37], packet dropped
Tue Jan 7 18:32:39 2020 us=51083 phone/207.x.x.x:37683 PID_ERR replay-window backtrack occurred [3] [SSL-0] [00__0000001111111111111111111] 0:29 0:26 t=1578447159[0] r=[-1,64,15,3,1] sl=[35,29,64,528]
Tue Jan 7 18:32:39 2020 us=53447 phone/207.x.x.x:37683 PID_ERR replay-window backtrack occurred [5] [SSL-0] [00000_00000001111111111111111111] 0:32 0:27 t=1578447159[0] r=[-1,64,15,5,1] sl=[32,32,64,528]
Tue Jan 7 18:32:39 2020 us=226399 phone/207.x.x.x:37683 MULTI: bad source address from client [25.50.39.37], packet dropped
Tue Jan 7 18:32:39 2020 us=725188 phone/207.x.x.x:37683 MULTI: bad source address from client [25.50.39.37], packet dropped
Tue Jan 7 18:32:40 2020 us=706236 phone/207.x.x.x:37683 MULTI: bad source address from client [25.50.39.37], packet dropped
Tue Jan 7 18:31:31 2020 us=851356 config = '/etc/openvpn/server.conf'
Tue Jan 7 18:31:31 2020 us=851374 mode = 1
Tue Jan 7 18:31:31 2020 us=851388 persist_config = DISABLED
Tue Jan 7 18:31:31 2020 us=851402 persist_mode = 1
Tue Jan 7 18:31:31 2020 us=851416 show_ciphers = DISABLED
Tue Jan 7 18:31:31 2020 us=851429 show_digests = DISABLED
Tue Jan 7 18:31:31 2020 us=851443 show_engines = DISABLED
Tue Jan 7 18:31:31 2020 us=851456 genkey = DISABLED
Tue Jan 7 18:31:31 2020 us=851470 key_pass_file = '[UNDEF]'
Tue Jan 7 18:31:31 2020 us=851483 show_tls_ciphers = DISABLED
Tue Jan 7 18:31:31 2020 us=851497 connect_retry_max = 0
Tue Jan 7 18:31:31 2020 us=851511 Connection profiles [0]:
Tue Jan 7 18:31:31 2020 us=851525 proto = udp
Tue Jan 7 18:31:31 2020 us=851538 local = '[UNDEF]'
Tue Jan 7 18:31:31 2020 us=851552 local_port = '1194'
Tue Jan 7 18:31:31 2020 us=851565 remote = '[UNDEF]'
Tue Jan 7 18:31:31 2020 us=851579 remote_port = '1194'
Tue Jan 7 18:31:31 2020 us=851593 remote_float = DISABLED
Tue Jan 7 18:31:31 2020 us=851606 bind_defined = DISABLED
Tue Jan 7 18:31:31 2020 us=851620 bind_local = ENABLED
Tue Jan 7 18:31:31 2020 us=851633 bind_ipv6_only = DISABLED
Tue Jan 7 18:31:31 2020 us=851647 connect_retry_seconds = 5
Tue Jan 7 18:31:31 2020 us=851661 connect_timeout = 120
Tue Jan 7 18:31:31 2020 us=851675 socks_proxy_server = '[UNDEF]'
Tue Jan 7 18:31:31 2020 us=851689 socks_proxy_port = '[UNDEF]'
Tue Jan 7 18:31:31 2020 us=851703 tun_mtu = 1500
Tue Jan 7 18:31:31 2020 us=851720 tun_mtu_defined = ENABLED
Tue Jan 7 18:31:31 2020 us=851734 link_mtu = 1500
Tue Jan 7 18:31:31 2020 us=851748 link_mtu_defined = DISABLED
Tue Jan 7 18:31:31 2020 us=851762 tun_mtu_extra = 0
Tue Jan 7 18:31:31 2020 us=851775 tun_mtu_extra_defined = DISABLED
Tue Jan 7 18:31:31 2020 us=851789 mtu_discover_type = -1
Tue Jan 7 18:31:31 2020 us=851803 fragment = 0
Tue Jan 7 18:31:31 2020 us=851817 mssfix = 1450
Tue Jan 7 18:31:31 2020 us=851830 explicit_exit_notification = 0
Tue Jan 7 18:31:31 2020 us=851844 Connection profiles END
Tue Jan 7 18:31:31 2020 us=851858 remote_random = DISABLED
Tue Jan 7 18:31:31 2020 us=851871 ipchange = '[UNDEF]'
Tue Jan 7 18:31:31 2020 us=851885 dev = 'tun'
Tue Jan 7 18:31:31 2020 us=851899 dev_type = '[UNDEF]'
Tue Jan 7 18:31:31 2020 us=851912 dev_node = '[UNDEF]'
Tue Jan 7 18:31:31 2020 us=851926 lladdr = '[UNDEF]'
Tue Jan 7 18:31:31 2020 us=851939 topology = 3
Tue Jan 7 18:31:31 2020 us=851953 ifconfig_local = '10.8.0.1'
Tue Jan 7 18:31:31 2020 us=851967 ifconfig_remote_netmask = '255.255.255.0'
Tue Jan 7 18:31:31 2020 us=851980 ifconfig_noexec = DISABLED
Tue Jan 7 18:31:31 2020 us=851994 ifconfig_nowarn = DISABLED
Tue Jan 7 18:31:31 2020 us=852007 ifconfig_ipv6_local = '[UNDEF]'
Tue Jan 7 18:31:31 2020 us=852021 ifconfig_ipv6_netbits = 0
Tue Jan 7 18:31:31 2020 us=852035 ifconfig_ipv6_remote = '[UNDEF]'
Tue Jan 7 18:31:31 2020 us=852048 shaper = 0
Tue Jan 7 18:31:31 2020 us=852062 mtu_test = 0
Tue Jan 7 18:31:31 2020 us=852076 mlock = DISABLED
Tue Jan 7 18:31:31 2020 us=852089 keepalive_ping = 10
Tue Jan 7 18:31:31 2020 us=852103 keepalive_timeout = 120
Tue Jan 7 18:31:31 2020 us=852116 inactivity_timeout = 0
Tue Jan 7 18:31:31 2020 us=852130 ping_send_timeout = 10
Tue Jan 7 18:31:31 2020 us=852144 ping_rec_timeout = 240
Tue Jan 7 18:31:31 2020 us=852157 ping_rec_timeout_action = 2
Tue Jan 7 18:31:31 2020 us=852171 ping_timer_remote = DISABLED
Tue Jan 7 18:31:31 2020 us=852185 remap_sigusr1 = 0
Tue Jan 7 18:31:31 2020 us=852198 persist_tun = ENABLED
Tue Jan 7 18:31:31 2020 us=852212 persist_local_ip = DISABLED
Tue Jan 7 18:31:31 2020 us=852225 persist_remote_ip = DISABLED
Tue Jan 7 18:31:31 2020 us=852239 persist_key = ENABLED
Tue Jan 7 18:31:31 2020 us=852252 passtos = DISABLED
Tue Jan 7 18:31:31 2020 us=852266 resolve_retry_seconds = 1000000000
Tue Jan 7 18:31:31 2020 us=852280 resolve_in_advance = DISABLED
Tue Jan 7 18:31:31 2020 us=852316 username = 'nobody'
Tue Jan 7 18:31:31 2020 us=852331 groupname = 'nogroup'
Tue Jan 7 18:31:31 2020 us=852345 chroot_dir = '[UNDEF]'
Tue Jan 7 18:31:31 2020 us=852359 cd_dir = '/etc/openvpn'
Tue Jan 7 18:31:31 2020 us=852372 writepid = '/run/openvpn/server.pid'
Tue Jan 7 18:31:31 2020 us=852386 up_script = '[UNDEF]'
Tue Jan 7 18:31:31 2020 us=852399 down_script = '[UNDEF]'
Tue Jan 7 18:31:31 2020 us=852413 down_pre = DISABLED
Tue Jan 7 18:31:31 2020 us=852427 up_restart = DISABLED
Tue Jan 7 18:31:31 2020 us=852440 up_delay = DISABLED
Tue Jan 7 18:31:31 2020 us=852454 daemon = ENABLED
Tue Jan 7 18:31:31 2020 us=852468 inetd = 0
Tue Jan 7 18:31:31 2020 us=852481 log = ENABLED
Tue Jan 7 18:31:31 2020 us=852495 suppress_timestamps = DISABLED
Tue Jan 7 18:31:31 2020 us=852508 machine_readable_output = DISABLED
Tue Jan 7 18:31:31 2020 us=852522 nice = 0
Tue Jan 7 18:31:31 2020 us=852536 verbosity = 4
Tue Jan 7 18:31:31 2020 us=852550 mute = 0
Tue Jan 7 18:31:31 2020 us=852564 gremlin = 0
Tue Jan 7 18:31:31 2020 us=852577 status_file = '/var/log/openvpn/status.log'
Tue Jan 7 18:31:31 2020 us=852591 status_file_version = 1
Tue Jan 7 18:31:31 2020 us=852605 status_file_update_freq = 10
Tue Jan 7 18:31:31 2020 us=852618 occ = ENABLED
Tue Jan 7 18:31:31 2020 us=852632 rcvbuf = 0
Tue Jan 7 18:31:31 2020 us=852646 sndbuf = 0
Tue Jan 7 18:31:31 2020 us=852659 mark = 0
Tue Jan 7 18:31:31 2020 us=852673 sockflags = 0
Tue Jan 7 18:31:31 2020 us=852687 fast_io = DISABLED
Tue Jan 7 18:31:31 2020 us=852700 comp.alg = 0
Tue Jan 7 18:31:31 2020 us=852714 comp.flags = 0
Tue Jan 7 18:31:31 2020 us=852727 route_script = '[UNDEF]'
Tue Jan 7 18:31:31 2020 us=852741 route_default_gateway = '10.8.0.2'
Tue Jan 7 18:31:31 2020 us=852755 route_default_metric = 0
Tue Jan 7 18:31:31 2020 us=852768 route_noexec = DISABLED
Tue Jan 7 18:31:31 2020 us=852782 route_delay = 0
Tue Jan 7 18:31:31 2020 us=852796 route_delay_window = 30
Tue Jan 7 18:31:31 2020 us=852810 route_delay_defined = DISABLED
Tue Jan 7 18:31:31 2020 us=852823 route_nopull = DISABLED
Tue Jan 7 18:31:31 2020 us=852837 route_gateway_via_dhcp = DISABLED
Tue Jan 7 18:31:31 2020 us=852851 allow_pull_fqdn = DISABLED
Tue Jan 7 18:31:31 2020 us=852865 management_addr = '[UNDEF]'
Tue Jan 7 18:31:31 2020 us=852878 management_port = '[UNDEF]'
Tue Jan 7 18:31:31 2020 us=852892 management_user_pass = '[UNDEF]'
Tue Jan 7 18:31:31 2020 us=852906 management_log_history_cache = 250
Tue Jan 7 18:31:31 2020 us=852920 management_echo_buffer_size = 100
Tue Jan 7 18:31:31 2020 us=852934 management_write_peer_info_file = '[UNDEF]'
Tue Jan 7 18:31:31 2020 us=852948 management_client_user = '[UNDEF]'
Tue Jan 7 18:31:31 2020 us=852962 management_client_group = '[UNDEF]'
Tue Jan 7 18:31:31 2020 us=852976 management_flags = 0
Tue Jan 7 18:31:31 2020 us=852990 shared_secret_file = '[UNDEF]'
Tue Jan 7 18:31:31 2020 us=853004 key_direction = not set
Tue Jan 7 18:31:31 2020 us=853018 ciphername = 'AES-128-GCM'
Tue Jan 7 18:31:31 2020 us=853032 ncp_enabled = ENABLED
Tue Jan 7 18:31:31 2020 us=853046 ncp_ciphers = 'AES-128-GCM'
Tue Jan 7 18:31:31 2020 us=853060 authname = 'SHA256'
Tue Jan 7 18:31:31 2020 us=853073 prng_hash = 'SHA1'
Tue Jan 7 18:31:31 2020 us=853087 prng_nonce_secret_len = 16
Tue Jan 7 18:31:31 2020 us=853101 keysize = 0
Tue Jan 7 18:31:31 2020 us=853115 engine = DISABLED
Tue Jan 7 18:31:31 2020 us=853129 replay = ENABLED
Tue Jan 7 18:31:31 2020 us=853143 mute_replay_warnings = DISABLED
Tue Jan 7 18:31:31 2020 us=853157 replay_window = 64
Tue Jan 7 18:31:31 2020 us=853171 replay_time = 15
Tue Jan 7 18:31:31 2020 us=853184 packet_id_file = '[UNDEF]'
Tue Jan 7 18:31:31 2020 us=853198 use_iv = ENABLED
Tue Jan 7 18:31:31 2020 us=853212 test_crypto = DISABLED
Tue Jan 7 18:31:31 2020 us=853226 tls_server = ENABLED
Tue Jan 7 18:31:31 2020 us=853240 tls_client = DISABLED
Tue Jan 7 18:31:31 2020 us=853260 key_method = 2
Tue Jan 7 18:31:31 2020 us=853275 ca_file = 'ca.crt'
Tue Jan 7 18:31:31 2020 us=853288 ca_path = '[UNDEF]'
Tue Jan 7 18:31:31 2020 us=853302 dh_file = '[UNDEF]'
Tue Jan 7 18:31:31 2020 us=853316 cert_file = 'server_y769lTviWWO2sQvq.crt'
Tue Jan 7 18:31:31 2020 us=853330 extra_certs_file = '[UNDEF]'
Tue Jan 7 18:31:31 2020 us=853344 priv_key_file = 'server_y769lTviWWO2sQvq.key'
Tue Jan 7 18:31:31 2020 us=853358 pkcs12_file = '[UNDEF]'
Tue Jan 7 18:31:31 2020 us=853372 cipher_list = 'TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256'
Tue Jan 7 18:31:31 2020 us=853386 cipher_list_tls13 = '[UNDEF]'
Tue Jan 7 18:31:31 2020 us=853400 tls_cert_profile = '[UNDEF]'
Tue Jan 7 18:31:31 2020 us=853414 tls_verify = '[UNDEF]'
Tue Jan 7 18:31:31 2020 us=853427 tls_export_cert = '[UNDEF]'
Tue Jan 7 18:31:31 2020 us=853441 verify_x509_type = 0
Tue Jan 7 18:31:31 2020 us=853455 verify_x509_name = '[UNDEF]'
Tue Jan 7 18:31:31 2020 us=853469 crl_file = 'crl.pem'
Tue Jan 7 18:31:31 2020 us=853483 ns_cert_type = 0
Tue Jan 7 18:31:31 2020 us=853497 remote_cert_ku = 0
Tue Jan 7 18:31:31 2020 us=853510 remote_cert_ku = 0
Tue Jan 7 18:31:31 2020 us=853524 remote_cert_ku = 0
Tue Jan 7 18:31:31 2020 us=853538 remote_cert_ku = 0
Tue Jan 7 18:31:31 2020 us=853552 remote_cert_ku = 0
Tue Jan 7 18:31:31 2020 us=853566 remote_cert_ku = 0
Tue Jan 7 18:31:31 2020 us=853580 remote_cert_ku = 0
Tue Jan 7 18:31:31 2020 us=853594 remote_cert_ku = 0
Tue Jan 7 18:31:31 2020 us=853607 remote_cert_ku = 0
Tue Jan 7 18:31:31 2020 us=853621 remote_cert_ku = 0
Tue Jan 7 18:31:31 2020 us=853635 remote_cert_ku[i] = 0
Tue Jan 7 18:31:31 2020 us=853649 remote_cert_ku[i] = 0
Tue Jan 7 18:31:31 2020 us=853663 remote_cert_ku[i] = 0
Tue Jan 7 18:31:31 2020 us=853676 remote_cert_ku[i] = 0
Tue Jan 7 18:31:31 2020 us=853690 remote_cert_ku[i] = 0
Tue Jan 7 18:31:31 2020 us=853704 remote_cert_ku[i] = 0
Tue Jan 7 18:31:31 2020 us=853718 remote_cert_eku = '[UNDEF]'
Tue Jan 7 18:31:31 2020 us=853732 ssl_flags = 192
Tue Jan 7 18:31:31 2020 us=853746 tls_timeout = 2
Tue Jan 7 18:31:31 2020 us=853760 renegotiate_bytes = -1
Tue Jan 7 18:31:31 2020 us=853774 renegotiate_packets = 0
Tue Jan 7 18:31:31 2020 us=853788 renegotiate_seconds = 3600
Tue Jan 7 18:31:31 2020 us=853802 handshake_window = 60
Tue Jan 7 18:31:31 2020 us=853816 transition_window = 3600
Tue Jan 7 18:31:31 2020 us=853830 single_session = DISABLED
Tue Jan 7 18:31:31 2020 us=853843 push_peer_info = DISABLED
Tue Jan 7 18:31:31 2020 us=853857 tls_exit = DISABLED
Tue Jan 7 18:31:31 2020 us=853871 tls_auth_file = '[UNDEF]'
Tue Jan 7 18:31:31 2020 us=853885 tls_crypt_file = 'tls-crypt.key'
Tue Jan 7 18:31:31 2020 us=853899 pkcs11_protected_authentication = DISABLED
Tue Jan 7 18:31:31 2020 us=853913 pkcs11_protected_authentication = DISABLED
Tue Jan 7 18:31:31 2020 us=853927 pkcs11_protected_authentication = DISABLED
Tue Jan 7 18:31:31 2020 us=853940 pkcs11_protected_authentication = DISABLED
Tue Jan 7 18:31:31 2020 us=853954 pkcs11_protected_authentication = DISABLED
Tue Jan 7 18:31:31 2020 us=853968 pkcs11_protected_authentication = DISABLED
Tue Jan 7 18:31:31 2020 us=853985 pkcs11_protected_authentication = DISABLED
Tue Jan 7 18:31:31 2020 us=854000 pkcs11_protected_authentication = DISABLED
Tue Jan 7 18:31:31 2020 us=854014 pkcs11_protected_authentication = DISABLED
Tue Jan 7 18:31:31 2020 us=854028 pkcs11_protected_authentication = DISABLED
Tue Jan 7 18:31:31 2020 us=854041 pkcs11_protected_authentication = DISABLED
Tue Jan 7 18:31:31 2020 us=854055 pkcs11_protected_authentication = DISABLED
Tue Jan 7 18:31:31 2020 us=854069 pkcs11_protected_authentication = DISABLED
Tue Jan 7 18:31:31 2020 us=854083 pkcs11_protected_authentication = DISABLED
Tue Jan 7 18:31:31 2020 us=854097 pkcs11_protected_authentication = DISABLED
Tue Jan 7 18:31:31 2020 us=854111 pkcs11_protected_authentication = DISABLED
Tue Jan 7 18:31:31 2020 us=854131 pkcs11_private_mode = 00000000
Tue Jan 7 18:31:31 2020 us=854145 pkcs11_private_mode = 00000000
Tue Jan 7 18:31:31 2020 us=854159 pkcs11_private_mode = 00000000
Tue Jan 7 18:31:31 2020 us=854173 pkcs11_private_mode = 00000000
Tue Jan 7 18:31:31 2020 us=854187 pkcs11_private_mode = 00000000
Tue Jan 7 18:31:31 2020 us=854201 pkcs11_private_mode = 00000000
Tue Jan 7 18:31:31 2020 us=854214 pkcs11_private_mode = 00000000
Tue Jan 7 18:31:31 2020 us=854228 pkcs11_private_mode = 00000000
Tue Jan 7 18:31:31 2020 us=854242 pkcs11_private_mode = 00000000
Tue Jan 7 18:31:31 2020 us=854256 pkcs11_private_mode = 00000000
Tue Jan 7 18:31:31 2020 us=854269 pkcs11_private_mode = 00000000
Tue Jan 7 18:31:31 2020 us=854283 pkcs11_private_mode = 00000000
Tue Jan 7 18:31:31 2020 us=854297 pkcs11_private_mode = 00000000
Tue Jan 7 18:31:31 2020 us=854311 pkcs11_private_mode = 00000000
Tue Jan 7 18:31:31 2020 us=854324 pkcs11_private_mode = 00000000
Tue Jan 7 18:31:31 2020 us=854338 pkcs11_private_mode = 00000000
Tue Jan 7 18:31:31 2020 us=854352 pkcs11_cert_private = DISABLED
Tue Jan 7 18:31:31 2020 us=854365 pkcs11_cert_private = DISABLED
Tue Jan 7 18:31:31 2020 us=854379 pkcs11_cert_private = DISABLED
Tue Jan 7 18:31:31 2020 us=854393 pkcs11_cert_private = DISABLED
Tue Jan 7 18:31:31 2020 us=854406 pkcs11_cert_private = DISABLED
Tue Jan 7 18:31:31 2020 us=854420 pkcs11_cert_private = DISABLED
Tue Jan 7 18:31:31 2020 us=854434 pkcs11_cert_private = DISABLED
Tue Jan 7 18:31:31 2020 us=854448 pkcs11_cert_private = DISABLED
Tue Jan 7 18:31:31 2020 us=854461 pkcs11_cert_private = DISABLED
Tue Jan 7 18:31:31 2020 us=854475 pkcs11_cert_private = DISABLED
Tue Jan 7 18:31:31 2020 us=854489 pkcs11_cert_private = DISABLED
Tue Jan 7 18:31:31 2020 us=854502 pkcs11_cert_private = DISABLED
Tue Jan 7 18:31:31 2020 us=854516 pkcs11_cert_private = DISABLED
Tue Jan 7 18:31:31 2020 us=854530 pkcs11_cert_private = DISABLED
Tue Jan 7 18:31:31 2020 us=854544 pkcs11_cert_private = DISABLED
Tue Jan 7 18:31:31 2020 us=854557 pkcs11_cert_private = DISABLED
Tue Jan 7 18:31:31 2020 us=854571 pkcs11_pin_cache_period = -1
Tue Jan 7 18:31:31 2020 us=854585 pkcs11_id = '[UNDEF]'
Tue Jan 7 18:31:31 2020 us=854599 pkcs11_id_management = DISABLED
Tue Jan 7 18:31:31 2020 us=854614 server_network = 10.8.0.0
Tue Jan 7 18:31:31 2020 us=854629 server_netmask = 255.255.255.0
Tue Jan 7 18:31:31 2020 us=854644 server_network_ipv6 = ::
Tue Jan 7 18:31:31 2020 us=854658 server_netbits_ipv6 = 0
Tue Jan 7 18:31:31 2020 us=854673 server_bridge_ip = 0.0.0.0
Tue Jan 7 18:31:31 2020 us=854687 server_bridge_netmask = 0.0.0.0
Tue Jan 7 18:31:31 2020 us=854702 server_bridge_pool_start = 0.0.0.0
Tue Jan 7 18:31:31 2020 us=854716 server_bridge_pool_end = 0.0.0.0
Tue Jan 7 18:31:31 2020 us=854730 push_entry = 'dhcp-option DNS 9.9.9.10'
Tue Jan 7 18:31:31 2020 us=854744 push_entry = 'dhcp-option DNS 149.112.112.10'
Tue Jan 7 18:31:31 2020 us=854758 push_entry = 'redirect-gateway def1 bypass-dhcp'
Tue Jan 7 18:31:31 2020 us=854772 push_entry = 'route 10.0.1.0 255.255.255.0'
Tue Jan 7 18:31:31 2020 us=854786 push_entry = 'route-gateway 10.8.0.1'
Tue Jan 7 18:31:31 2020 us=854799 push_entry = 'topology subnet'
Tue Jan 7 18:31:31 2020 us=854813 push_entry = 'ping 10'
Tue Jan 7 18:31:31 2020 us=854827 push_entry = 'ping-restart 120'
Tue Jan 7 18:31:31 2020 us=854840 ifconfig_pool_defined = ENABLED
Tue Jan 7 18:31:31 2020 us=854855 ifconfig_pool_start = 10.8.0.2
Tue Jan 7 18:31:31 2020 us=854870 ifconfig_pool_end = 10.8.0.253
Tue Jan 7 18:31:31 2020 us=854885 ifconfig_pool_netmask = 255.255.255.0
Tue Jan 7 18:31:31 2020 us=854899 ifconfig_pool_persist_filename = 'ipp.txt'
Tue Jan 7 18:31:31 2020 us=854913 ifconfig_pool_persist_refresh_freq = 600
Tue Jan 7 18:31:31 2020 us=854927 ifconfig_ipv6_pool_defined = DISABLED
Tue Jan 7 18:31:31 2020 us=854941 ifconfig_ipv6_pool_base = ::
Tue Jan 7 18:31:31 2020 us=854961 ifconfig_ipv6_pool_netbits = 0
Tue Jan 7 18:31:31 2020 us=854976 n_bcast_buf = 256
Tue Jan 7 18:31:31 2020 us=854990 tcp_queue_limit = 64
Tue Jan 7 18:31:31 2020 us=855004 real_hash_size = 256
Tue Jan 7 18:31:31 2020 us=855018 virtual_hash_size = 256
Tue Jan 7 18:31:31 2020 us=855031 client_connect_script = '[UNDEF]'
Tue Jan 7 18:31:31 2020 us=855045 learn_address_script = '[UNDEF]'
Tue Jan 7 18:31:31 2020 us=855059 client_disconnect_script = '[UNDEF]'
Tue Jan 7 18:31:31 2020 us=855073 client_config_dir = '[UNDEF]'
Tue Jan 7 18:31:31 2020 us=855087 ccd_exclusive = DISABLED
Tue Jan 7 18:31:31 2020 us=855100 tmp_dir = '/tmp'
Tue Jan 7 18:31:31 2020 us=855114 push_ifconfig_defined = DISABLED
Tue Jan 7 18:31:31 2020 us=855129 push_ifconfig_local = 0.0.0.0
Tue Jan 7 18:31:31 2020 us=855144 push_ifconfig_remote_netmask = 0.0.0.0
Tue Jan 7 18:31:31 2020 us=855157 push_ifconfig_ipv6_defined = DISABLED
Tue Jan 7 18:31:31 2020 us=855172 push_ifconfig_ipv6_local = ::/0
Tue Jan 7 18:31:31 2020 us=855187 push_ifconfig_ipv6_remote = ::
Tue Jan 7 18:31:31 2020 us=855200 enable_c2c = DISABLED
Tue Jan 7 18:31:31 2020 us=855214 duplicate_cn = DISABLED
Tue Jan 7 18:31:31 2020 us=855228 cf_max = 0
Tue Jan 7 18:31:31 2020 us=855243 cf_per = 0
Tue Jan 7 18:31:31 2020 us=855257 max_clients = 1024
Tue Jan 7 18:31:31 2020 us=855271 max_routes_per_client = 256
Tue Jan 7 18:31:31 2020 us=855284 auth_user_pass_verify_script = '[UNDEF]'
Tue Jan 7 18:31:31 2020 us=855298 auth_user_pass_verify_script_via_file = DISABLED
Tue Jan 7 18:31:31 2020 us=855312 auth_token_generate = DISABLED
Tue Jan 7 18:31:31 2020 us=855353 auth_token_lifetime = 0
Tue Jan 7 18:31:31 2020 us=855368 port_share_host = '[UNDEF]'
Tue Jan 7 18:31:31 2020 us=855382 port_share_port = '[UNDEF]'
Tue Jan 7 18:31:31 2020 us=855396 client = DISABLED
Tue Jan 7 18:31:31 2020 us=855410 pull = DISABLED
Tue Jan 7 18:31:31 2020 us=855424 auth_user_pass_file = '[UNDEF]'
Tue Jan 7 18:31:31 2020 us=855439 OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 20 2019
Tue Jan 7 18:31:31 2020 us=855460 library versions: OpenSSL 1.1.1d 10 Sep 2019, LZO 2.10
Tue Jan 7 18:31:31 2020 us=857095 ECDH curve prime256v1 added
Tue Jan 7 18:31:31 2020 us=857199 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Tue Jan 7 18:31:31 2020 us=857223 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Tue Jan 7 18:31:31 2020 us=857240 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Tue Jan 7 18:31:31 2020 us=857260 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Tue Jan 7 18:31:31 2020 us=857279 TLS-Auth MTU parms [ L:1621 D:1156 EF:94 EB:0 ET:0 EL:3 ]
Tue Jan 7 18:31:31 2020 us=857679 TUN/TAP device tun0 opened
Tue Jan 7 18:31:31 2020 us=857727 TUN/TAP TX queue length set to 100
Tue Jan 7 18:31:31 2020 us=857751 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Tue Jan 7 18:31:31 2020 us=857773 /sbin/ip link set dev tun0 up mtu 1500
Tue Jan 7 18:31:31 2020 us=859810 /sbin/ip addr add dev tun0 10.8.0.1/24 broadcast 10.8.0.255
Tue Jan 7 18:31:31 2020 us=862256 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
Tue Jan 7 18:31:31 2020 us=862596 Could not determine IPv4/IPv6 protocol. Using AF_INET
Tue Jan 7 18:31:31 2020 us=862629 Socket Buffers: R=[212992->212992] S=[212992->212992]
Tue Jan 7 18:31:31 2020 us=862654 UDPv4 link local (bound): [AF_INET][undef]:1194
Tue Jan 7 18:31:31 2020 us=862672 UDPv4 link remote: [AF_UNSPEC]
Tue Jan 7 18:31:31 2020 us=862693 GID set to nogroup
Tue Jan 7 18:31:31 2020 us=862742 UID set to nobody
Tue Jan 7 18:31:31 2020 us=862764 MULTI: multi_init called, r=256 v=256
Tue Jan 7 18:31:31 2020 us=862811 IFCONFIG POOL: base=10.8.0.2 size=252, ipv6=0
Tue Jan 7 18:31:31 2020 us=862835 ifconfig_pool_read(), in='phone,10.8.0.2', TODO: IPv6
Tue Jan 7 18:31:31 2020 us=862877 succeeded -> ifconfig_pool_set()
Tue Jan 7 18:31:31 2020 us=862893 IFCONFIG POOL LIST
Tue Jan 7 18:31:31 2020 us=862908 phone,10.8.0.2
Tue Jan 7 18:31:31 2020 us=862995 Initialization Sequence Completed
Tue Jan 7 18:32:38 2020 us=348270 MULTI: multi_create_instance called
Tue Jan 7 18:32:38 2020 us=348393 207.x.x.x:37683 Re-using SSL/TLS context
Tue Jan 7 18:32:38 2020 us=348548 207.x.x.x:37683 Control Channel MTU parms [ L:1621 D:1156 EF:94 EB:0 ET:0 EL:3 ]
Tue Jan 7 18:32:38 2020 us=348571 207.x.x.x:37683 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
Tue Jan 7 18:32:38 2020 us=348620 207.x.x.x:37683 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1549,tun-mtu 1500,proto UDPv4,cipher AES-128-GCM,auth [null-digest],keysize 128,key-method 2,tls-server'
Tue Jan 7 18:32:38 2020 us=348643 207.x.x.x:37683 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1549,tun-mtu 1500,proto UDPv4,cipher AES-128-GCM,auth [null-digest],keysize 128,key-method 2,tls-client'
Tue Jan 7 18:32:38 2020 us=348687 207.x.x.x:37683 TLS: Initial packet from [AF_INET]207.x.x.x:37683, sid=b9ac5f02 25cca7fb
Tue Jan 7 18:32:38 2020 us=517001 207.x.x.x:37683 VERIFY OK: depth=1, CN=cn_4HeNIn9zYfPiVTY8
Tue Jan 7 18:32:38 2020 us=517455 207.x.x.x:37683 VERIFY OK: depth=0, CN=phone
Tue Jan 7 18:32:38 2020 us=567623 207.x.x.x:37683 peer info: IV_GUI_VER=OC30Android
Tue Jan 7 18:32:38 2020 us=567675 207.x.x.x:37683 peer info: IV_VER=3.git::728733ae:Release
Tue Jan 7 18:32:38 2020 us=567695 207.x.x.x:37683 peer info: IV_PLAT=android
Tue Jan 7 18:32:38 2020 us=567715 207.x.x.x:37683 peer info: IV_NCP=2
Tue Jan 7 18:32:38 2020 us=567734 207.x.x.x:37683 peer info: IV_TCPNL=1
Tue Jan 7 18:32:38 2020 us=567753 207.x.x.x:37683 peer info: IV_PROTO=2
Tue Jan 7 18:32:38 2020 us=567772 207.x.x.x:37683 peer info: IV_IPv6=0
Tue Jan 7 18:32:38 2020 us=567791 207.x.x.x:37683 peer info: IV_AUTO_SESS=1
Tue Jan 7 18:32:38 2020 us=567830 207.x.x.x:37683 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1549', remote='link-mtu 1521'
Tue Jan 7 18:32:38 2020 us=567861 207.x.x.x:37683 WARNING: 'auth' is used inconsistently, local='auth [null-digest]', remote='auth SHA256'
Tue Jan 7 18:32:38 2020 us=627761 207.x.x.x:37683 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256, 256 bit EC, curve: prime256v1
Tue Jan 7 18:32:38 2020 us=627813 207.x.x.x:37683 [phone] Peer Connection Initiated with [AF_INET]207.x.x.x:37683
Tue Jan 7 18:32:38 2020 us=627853 phone/207.x.x.x:37683 MULTI_sva: pool returned IPv4=10.8.0.2, IPv6=(Not enabled)
Tue Jan 7 18:32:38 2020 us=627909 phone/207.x.x.x:37683 MULTI: Learn: 10.8.0.2 -> phone/207.x.x.x:37683
Tue Jan 7 18:32:38 2020 us=627930 phone/207.x.x.x:37683 MULTI: primary virtual IP for phone/207.x.x.x
10.8.0.2Tue Jan 7 18:32:38 2020 us=627988 phone/207.x.x.x:37683 PUSH: Received control message: 'PUSH_REQUEST'
Tue Jan 7 18:32:38 2020 us=628040 phone/207.x.x.x:37683 SENT CONTROL [phone]: 'PUSH_REPLY,dhcp-option DNS 9.9.9.10,dhcp-option DNS 149.112.112.10,redirect-gateway def1 bypass-dhcp,route 10.0.1.0 255.255.255.0,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.8.0.2 255.255.255.0,peer-id 0,cipher AES-128-GCM' (status=1)
Tue Jan 7 18:32:38 2020 us=628073 phone/207.x.x.x:37683 Data Channel MTU parms [ L:1549 D:1450 EF:49 EB:406 ET:0 EL:3 ]
Tue Jan 7 18:32:38 2020 us=628202 phone/207.x.x.x:37683 Outgoing Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
Tue Jan 7 18:32:38 2020 us=628227 phone/207.x.x.x:37683 Incoming Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
Tue Jan 7 18:32:39 2020 us=5528 phone/207.x.x.x:37683 MULTI: bad source address from client [25.50.39.37], packet dropped
Tue Jan 7 18:32:39 2020 us=51083 phone/207.x.x.x:37683 PID_ERR replay-window backtrack occurred [3] [SSL-0] [00__0000001111111111111111111] 0:29 0:26 t=1578447159[0] r=[-1,64,15,3,1] sl=[35,29,64,528]
Tue Jan 7 18:32:39 2020 us=53447 phone/207.x.x.x:37683 PID_ERR replay-window backtrack occurred [5] [SSL-0] [00000_00000001111111111111111111] 0:32 0:27 t=1578447159[0] r=[-1,64,15,5,1] sl=[32,32,64,528]
Tue Jan 7 18:32:39 2020 us=226399 phone/207.x.x.x:37683 MULTI: bad source address from client [25.50.39.37], packet dropped
Tue Jan 7 18:32:39 2020 us=725188 phone/207.x.x.x:37683 MULTI: bad source address from client [25.50.39.37], packet dropped
Tue Jan 7 18:32:40 2020 us=706236 phone/207.x.x.x:37683 MULTI: bad source address from client [25.50.39.37], packet dropped
Client Conf with keys/ip's/FQDN's stripped/edited:
Client Conf
client
proto udp
remote server_fqdn 1194
dev tun
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
verify-x509-name server_y769lTviWWO2sQvq name
auth SHA256
auth-nocache
cipher AES-128-GCM
tls-client
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
setenv opt block-outside-dns # Prevent Windows 10 DNS leak
verb 4
<ca>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
-----END PRIVATE KEY-----
</key>
<tls-crypt>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
-----END OpenVPN Static key V1-----
</tls-crypt>
And lastly the Server conf file:
Server Conf
port 1194
proto udp
dev tun
user nobody
group nogroup
persist-key
persist-tun
keepalive 10 120
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS 9.9.9.10"
push "dhcp-option DNS 149.112.112.10"
push "redirect-gateway def1 bypass-dhcp"
push "route 10.0.1.0 255.255.255.0"
dh none
ecdh-curve prime256v1
tls-crypt tls-crypt.key 0
crl-verify crl.pem
ca ca.crt
cert server_y769lTviWWO2sQvq.crt
key server_y769lTviWWO2sQvq.key
auth SHA256
cipher AES-128-GCM
ncp-ciphers AES-128-GCM
tls-server
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
status /var/log/openvpn/status.log
log /var/log/openvpn.log
verb 4
-
TinCanTech
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: Can connect to lan via WiFi but not mobile data over VPN
One possible cause is that your server LAN uses 10.0.1.0/24 subnet and, perhaps, this is conflicting with your client IP address also.
-
kamikaze2112
- OpenVpn Newbie
- Posts: 5
- Joined: Wed Dec 18, 2019 2:21 am
Re: Can connect to lan via WiFi but not mobile data over VPN
when I'm on mobile data my phone ip is 207.228.x.x so i'm not sure how that would conflict. do you mean conflicting with the 10.8.0.0 network?TinCanTech wrote: ↑Wed Jan 08, 2020 11:35 amOne possible cause is that your server LAN uses 10.0.1.0/24 subnet and, perhaps, this is conflicting with your client IP address also.
-
TinCanTech
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: Can connect to lan via WiFi but not mobile data over VPN
No, I mean 10.0.1.0/24 but I don't expect that is a real issue. Sorry but I cannot see any problems ..
-
kamikaze2112
- OpenVpn Newbie
- Posts: 5
- Joined: Wed Dec 18, 2019 2:21 am
Re: Can connect to lan via WiFi but not mobile data over VPN
Just for kicks I decided to pop my sim in my old phone, and everything works as it should. Only difference is Android 9 vs Android 10. They're both OnePlus phones (old one is a 3T, new is a 7 Pro) running stock albeit rooted firmwares. Could there be something with the openvpn connect client that isn't working properly with Android 10?TinCanTech wrote: ↑Wed Jan 08, 2020 4:40 pmNo, I mean 10.0.1.0/24 but I don't expect that is a real issue. Sorry but I cannot see any problems ..
Also, I can't browse anything on the A10 phone when the VPN is connected. No internet, no LAN, although I can ping lan ip's, and resolve domain names for web servers from a terminal on the device.
-
TinCanTech
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: Can connect to lan via WiFi but not mobile data over VPN
I rarely say this but .. check your server firewall.
-
kamikaze2112
- OpenVpn Newbie
- Posts: 5
- Joined: Wed Dec 18, 2019 2:21 am
Re: Can connect to lan via WiFi but not mobile data over VPN
Works fine on my old phone though. Also tried a friend's Samsung android 10 device and it worked fine, same server and ovpn file, so it's something with my new phone.