Open Connect on a Samsung A10 mobile will not connect to a OVPN server

Official client software for OpenVPN Access Server and OpenVPN Cloud.
Post Reply
atvpnl
OpenVpn Newbie
Posts: 4
Joined: Wed Dec 18, 2019 8:13 am

Open Connect on a Samsung A10 mobile will not connect to a OVPN server

Post by atvpnl » Mon Dec 14, 2020 7:07 am

Hello and a Good Day to everyone,
My Samsung A10 mobile does not want to connect to my OVPN server. My config:
Openvpn in the flavour of pivpn is running on a Raspberrypi 24/7. The server utilizes dynamically assigned IP/4. It's connection to the internet is facilitated by an ZTE 4G surfstick. Via noip the address is broadcast and the server is reachable for all my other vpn-clients (win10, win7, a Samsung tablet with an ancient android running the open VPN connect app and a Sony D3 6600 with an more recent flavour of android). Each client has its own dedicated .ovpn config file. So far, so good. Now only my recently acquired mobile - a Samsung Galaxy A10 with android 10 and the ovpn connect app from the google store - just does not want to connect to my server. The crash report from the app says that the server could not be found "Server poll timeout". At the very same time my other devices can connect to my server. The A10 is connected with the internet the identical way my other devices use, namely via WiFi. All other apps that need a connection to the internet work flawlessly on this particular mobile. Just with open connect there is no luck.
So I am a bit lost. Please advise which and what further informations you would need to help me.
TIA
Peter

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Open Connect on a Samsung A10 mobile will not connect to a OVPN server

Post by TinCanTech » Mon Dec 14, 2020 4:00 pm

atvpnl wrote:
Mon Dec 14, 2020 7:07 am
Please advise which and what further informations you would need to help me
viewtopic.php?f=30&t=22603#p68963

atvpnl
OpenVpn Newbie
Posts: 4
Joined: Wed Dec 18, 2019 8:13 am

Re: Open Connect on a Samsung A10 mobile will not connect to a OVPN server

Post by atvpnl » Thu Dec 17, 2020 7:51 am

Thanks to @TinCanTech for pointing me in the right direction

So as advised:

server

dev tun
proto udp
port 1194
ca /etc/openvpn/easy-rsa/pki/ca.crt
cert /etc/openvpn/easy-rsa/pki/issued/raspberrypi-2_42ced604-1e66-4cd7-99f1-02d647c979d3.crt
key /etc/openvpn/easy-rsa/pki/private/raspberrypi-2_42ced604-1e66-4cd7-99f1-02d647c979d3.key
dh /etc/openvpn/easy-rsa/pki/dh2048.pem
topology subnet
server 10.8.0.0 255.255.255.0
# Set your primary domain name server address for clients
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
# Prevent DNS leaks on Windows
push "block-outside-dns"
# Override the Client default gateway by using 0.0.0.0/1 and
# 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of
# overriding but not wiping out the original default gateway.
push "redirect-gateway def1"
client-to-client
client-config-dir /etc/openvpn/ccd
keepalive 15 120
remote-cert-tls client
tls-version-min 1.2
tls-auth /etc/openvpn/easy-rsa/pki/ta.key 0
cipher AES-256-CBC
auth SHA256
user openvpn
group openvpn
persist-key
persist-tun
crl-verify /etc/openvpn/crl.pem
status /var/log/openvpn-status.log 20
status-version 3
syslog
verb 4
#DuplicateCNs allow access control on a less-granular, per user basis.
#Remove # if you will manage access by user instead of device.
#duplicate-cn
# Generated for use by PiVPN.io

Code: Select all

Dec 17 06:45:23 raspberrypi-2 ovpn-server[368]: 178.190.159.91:51484 TLS: Initial packet from [AF_INET]178.190.159.91:51484, sid=5a30971d 520e5365
Dec 17 06:45:24 raspberrypi-2 ovpn-server[368]: 178.190.159.91:51484 VERIFY OK: depth=1, CN=ChangeMe
Dec 17 06:45:24 raspberrypi-2 ovpn-server[368]: 178.190.159.91:51484 VERIFY KU OK
Dec 17 06:45:24 raspberrypi-2 ovpn-server[368]: 178.190.159.91:51484 Validating certificate extended key usage
Dec 17 06:45:24 raspberrypi-2 ovpn-server[368]: 178.190.159.91:51484 ++ Certificate has EKU (str) TLS Web Client Authentication, expects TLS Web Client Authentication
Dec 17 06:45:24 raspberrypi-2 ovpn-server[368]: 178.190.159.91:51484 VERIFY EKU OK
Dec 17 06:45:24 raspberrypi-2 ovpn-server[368]: 178.190.159.91:51484 VERIFY OK: depth=0, CN=rzr
Dec 17 06:45:24 raspberrypi-2 ovpn-server[368]: 178.190.159.91:51484 peer info: IV_VER=3.git::662eae9a
Dec 17 06:45:24 raspberrypi-2 ovpn-server[368]: 178.190.159.91:51484 peer info: IV_PLAT=win
Dec 17 06:45:24 raspberrypi-2 ovpn-server[368]: 178.190.159.91:51484 peer info: IV_NCP=2
Dec 17 06:45:24 raspberrypi-2 ovpn-server[368]: 178.190.159.91:51484 peer info: IV_TCPNL=1
Dec 17 06:45:24 raspberrypi-2 ovpn-server[368]: 178.190.159.91:51484 peer info: IV_PROTO=2
Dec 17 06:45:24 raspberrypi-2 ovpn-server[368]: 178.190.159.91:51484 peer info: IV_AUTO_SESS=1
Dec 17 06:45:24 raspberrypi-2 ovpn-server[368]: 178.190.159.91:51484 peer info: IV_GUI_VER=OCWindows_3.2.2-1455
Dec 17 06:45:24 raspberrypi-2 ovpn-server[368]: 178.190.159.91:51484 peer info: IV_SSO=openurl
Dec 17 06:45:24 raspberrypi-2 ovpn-server[368]: 178.190.159.91:51484 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 2048 bit RSA
Dec 17 06:45:24 raspberrypi-2 ovpn-server[368]: 178.190.159.91:51484 [rzr] Peer Connection Initiated with [AF_INET]178.190.159.91:51484
Dec 17 06:45:24 raspberrypi-2 ovpn-server[368]: rzr/178.190.159.91:51484 OPTIONS IMPORT: reading client specific options from: /etc/openvpn/ccd/rzr
Dec 17 06:45:24 raspberrypi-2 ovpn-server[368]: rzr/178.190.159.91:51484 MULTI: Learn: 10.8.0.2 -> rzr/178.190.159.91:51484
Dec 17 06:45:24 raspberrypi-2 ovpn-server[368]: rzr/178.190.159.91:51484 MULTI: primary virtual IP for rzr/178.190.159.91:51484: 10.8.0.2
Dec 17 06:45:24 raspberrypi-2 ovpn-server[368]: rzr/178.190.159.91:51484 PUSH: Received control message: 'PUSH_REQUEST'
Dec 17 06:45:24 raspberrypi-2 ovpn-server[368]: rzr/178.190.159.91:51484 SENT CONTROL [rzr]: 'PUSH_REPLY,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,block-outside-dns,redirect-gateway def1,route-gateway 10.8.0.1,topology subnet,ping 15,ping-restart 120,ifconfig 10.8.0.2 255.255.255.0,peer-id 0,cipher AES-256-GCM' (status=1)
Dec 17 06:45:24 raspberrypi-2 ovpn-server[368]: rzr/178.190.159.91:51484 Data Channel: using negotiated cipher 'AES-256-GCM'
Dec 17 06:45:24 raspberrypi-2 ovpn-server[368]: rzr/178.190.159.91:51484 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Dec 17 06:45:24 raspberrypi-2 ovpn-server[368]: rzr/178.190.159.91:51484 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Dec 17 06:59:32 raspberrypi-2 ovpn-server[368]: event_wait : Interrupted system call (code=4)
Dec 17 06:59:32 raspberrypi-2 ovpn-server[368]: Closing TUN/TAP interface
Dec 17 06:59:32 raspberrypi-2 ovpn-server[368]: /sbin/ip addr del dev tun0 10.8.0.1/24
Dec 17 06:59:32 raspberrypi-2 ovpn-server[368]: Linux ip addr del failed: external program exited with error status: 2
Dec 17 06:59:32 raspberrypi-2 ovpn-server[368]: SIGTERM[hard,] received, process exiting
Dec 17 06:59:32 raspberrypi-2 ovpn-server[29215]: Current Parameter Settings:
Dec 17 06:59:32 raspberrypi-2 ovpn-server[29215]:   config = '/etc/openvpn/server.conf'
Dec 17 06:59:32 raspberrypi-2 ovpn-server[29215]:   mode = 1
Dec 17 06:59:32 raspberrypi-2 ovpn-server[29215]:   persist_config = DISABLED
Dec 17 06:59:32 raspberrypi-2 ovpn-server[29215]:   persist_mode = 1
Dec 17 06:59:32 raspberrypi-2 ovpn-server[29215]:   show_ciphers = DISABLED
Dec 17 06:59:32 raspberrypi-2 ovpn-server[29215]:   show_digests = DISABLED
Dec 17 06:59:32 raspberrypi-2 ovpn-server[29215]:   show_engines = DISABLED
Dec 17 06:59:32 raspberrypi-2 ovpn-server[29215]:   genkey = DISABLED
Dec 17 06:59:32 raspberrypi-2 ovpn-server[29215]:   key_pass_file = '[UNDEF]'
Dec 17 06:59:32 raspberrypi-2 ovpn-server[29215]:   show_tls_ciphers = DISABLED
Dec 17 06:59:32 raspberrypi-2 ovpn-server[29215]:   connect_retry_max = 0
Dec 17 06:59:32 raspberrypi-2 ovpn-server[29215]: Connection profiles [0]:
Dec 17 06:59:32 raspberrypi-2 ovpn-server[29215]:   proto = udp
Dec 17 06:59:32 raspberrypi-2 ovpn-server[29215]:   local = '[UNDEF]'
Dec 17 06:59:32 raspberrypi-2 ovpn-server[29215]:   local_port = '1194'
Dec 17 06:59:32 raspberrypi-2 ovpn-server[29215]:   remote = '[UNDEF]'
Dec 17 06:59:32 raspberrypi-2 ovpn-server[29215]:   remote_port = '1194'
Dec 17 06:59:32 raspberrypi-2 ovpn-server[29215]:   remote_float = DISABLED
Dec 17 06:59:32 raspberrypi-2 ovpn-server[29215]:   bind_defined = DISABLED
Dec 17 06:59:32 raspberrypi-2 ovpn-server[29215]:   bind_local = ENABLED
Dec 17 06:59:32 raspberrypi-2 ovpn-server[29215]:   bind_ipv6_only = DISABLED
Dec 17 06:59:32 raspberrypi-2 ovpn-server[29215]:   connect_retry_seconds = 5
Dec 17 06:59:32 raspberrypi-2 ovpn-server[29215]:   connect_timeout = 120
Dec 17 06:59:32 raspberrypi-2 ovpn-server[29215]:   socks_proxy_server = '[UNDEF]'
Dec 17 06:59:32 raspberrypi-2 ovpn-server[29215]:   socks_proxy_port = '[UNDEF]'
Dec 17 06:59:32 raspberrypi-2 ovpn-server[29215]:   tun_mtu = 1500
Dec 17 06:59:32 raspberrypi-2 ovpn-server[29215]:   tun_mtu_defined = ENABLED
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   link_mtu = 1500
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   link_mtu_defined = DISABLED
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   tun_mtu_extra = 0
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   tun_mtu_extra_defined = DISABLED
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   mtu_discover_type = -1
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   fragment = 0
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   mssfix = 1450
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   explicit_exit_notification = 0
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]: Connection profiles END
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   remote_random = DISABLED
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   ipchange = '[UNDEF]'
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   dev = 'tun'
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   dev_type = '[UNDEF]'
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   dev_node = '[UNDEF]'
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   lladdr = '[UNDEF]'
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   topology = 3
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   ifconfig_local = '10.8.0.1'
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   ifconfig_remote_netmask = '255.255.255.0'
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   ifconfig_noexec = DISABLED
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   ifconfig_nowarn = DISABLED
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   ifconfig_ipv6_local = '[UNDEF]'
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   ifconfig_ipv6_netbits = 0
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   ifconfig_ipv6_remote = '[UNDEF]'
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   shaper = 0
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   mtu_test = 0
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   mlock = DISABLED
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   keepalive_ping = 15
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   keepalive_timeout = 120
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   inactivity_timeout = 0
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   ping_send_timeout = 15
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   ping_rec_timeout = 240
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   ping_rec_timeout_action = 2
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   ping_timer_remote = DISABLED
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   remap_sigusr1 = 0
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   persist_tun = ENABLED
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   persist_local_ip = DISABLED
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   persist_remote_ip = DISABLED
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   persist_key = ENABLED
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   passtos = DISABLED
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   resolve_retry_seconds = 1000000000
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   resolve_in_advance = DISABLED
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   username = 'openvpn'
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   groupname = 'openvpn'
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   chroot_dir = '[UNDEF]'
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   cd_dir = '/etc/openvpn'
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   writepid = '/run/openvpn/server.pid'
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   up_script = '[UNDEF]'
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   down_script = '[UNDEF]'
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   down_pre = DISABLED
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   up_restart = DISABLED
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   up_delay = DISABLED
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   daemon = ENABLED
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   inetd = 0
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   log = DISABLED
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   suppress_timestamps = DISABLED
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   machine_readable_output = DISABLED
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   nice = 0
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   verbosity = 4
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   mute = 0
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   gremlin = 0
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   status_file = '/var/log/openvpn-status.log'
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   status_file_version = 3
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   status_file_update_freq = 20
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   occ = ENABLED
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   rcvbuf = 0
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   sndbuf = 0
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   mark = 0
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   sockflags = 0
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   fast_io = DISABLED
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   comp.alg = 0
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   comp.flags = 0
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   route_script = '[UNDEF]'
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   route_default_gateway = '10.8.0.2'
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   route_default_metric = 0
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   route_noexec = DISABLED
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   route_delay = 0
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   route_delay_window = 30
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   route_delay_defined = DISABLED
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   route_nopull = DISABLED
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   route_gateway_via_dhcp = DISABLED
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   allow_pull_fqdn = DISABLED
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   management_addr = '[UNDEF]'
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   management_port = '[UNDEF]'
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   management_user_pass = '[UNDEF]'
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   management_log_history_cache = 250
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   management_echo_buffer_size = 100
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   management_write_peer_info_file = '[UNDEF]'
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   management_client_user = '[UNDEF]'
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   management_client_group = '[UNDEF]'
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   management_flags = 0
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   shared_secret_file = '[UNDEF]'
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   key_direction = 0
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   ciphername = 'AES-256-CBC'
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   ncp_enabled = ENABLED
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   ncp_ciphers = 'AES-256-GCM:AES-128-GCM'
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   authname = 'SHA256'
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   prng_hash = 'SHA1'
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   prng_nonce_secret_len = 16
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   keysize = 0
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   engine = DISABLED
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   replay = ENABLED
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   mute_replay_warnings = DISABLED
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   replay_window = 64
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   replay_time = 15
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   packet_id_file = '[UNDEF]'
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   use_iv = ENABLED
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   test_crypto = DISABLED
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   tls_server = ENABLED
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   tls_client = DISABLED
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   key_method = 2
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   ca_file = '/etc/openvpn/easy-rsa/pki/ca.crt'
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   ca_path = '[UNDEF]'
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   dh_file = '/etc/openvpn/easy-rsa/pki/dh2048.pem'
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   cert_file = '/etc/openvpn/easy-rsa/pki/issued/raspberrypi-2_42ced604-1e66-4cd7-99f1-02d647c979d3.crt'
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   extra_certs_file = '[UNDEF]'
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   priv_key_file = '/etc/openvpn/easy-rsa/pki/private/raspberrypi-2_42ced604-1e66-4cd7-99f1-02d647c979d3.key'
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   pkcs12_file = '[UNDEF]'
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   cipher_list = '[UNDEF]'
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   cipher_list_tls13 = '[UNDEF]'
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   tls_cert_profile = '[UNDEF]'
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   tls_verify = '[UNDEF]'
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   tls_export_cert = '[UNDEF]'
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   verify_x509_type = 0
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   verify_x509_name = '[UNDEF]'
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   crl_file = '/etc/openvpn/crl.pem'
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   ns_cert_type = 0
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   remote_cert_ku[i] = 65535
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   remote_cert_ku[i] = 0
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   remote_cert_ku[i] = 0
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   remote_cert_ku[i] = 0
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   remote_cert_ku[i] = 0
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   remote_cert_ku[i] = 0
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   remote_cert_ku[i] = 0
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   remote_cert_ku[i] = 0
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   remote_cert_ku[i] = 0
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   remote_cert_ku[i] = 0
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   remote_cert_ku[i] = 0
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   remote_cert_ku[i] = 0
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   remote_cert_ku[i] = 0
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   remote_cert_ku[i] = 0
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   remote_cert_ku[i] = 0
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   remote_cert_ku[i] = 0
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   remote_cert_eku = 'TLS Web Client Authentication'
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   ssl_flags = 192
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   tls_timeout = 2
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   renegotiate_bytes = -1
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   renegotiate_packets = 0
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   renegotiate_seconds = 3600
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   handshake_window = 60
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   transition_window = 3600
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   single_session = DISABLED
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   push_peer_info = DISABLED
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   tls_exit = DISABLED
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   tls_auth_file = '/etc/openvpn/easy-rsa/pki/ta.key'
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   tls_crypt_file = '[UNDEF]'
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   pkcs11_protected_authentication = DISABLED
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   pkcs11_protected_authentication = DISABLED
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   pkcs11_protected_authentication = DISABLED
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   pkcs11_protected_authentication = DISABLED
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   pkcs11_protected_authentication = DISABLED
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   pkcs11_protected_authentication = DISABLED
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   pkcs11_protected_authentication = DISABLED
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   pkcs11_protected_authentication = DISABLED
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   pkcs11_protected_authentication = DISABLED
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   pkcs11_protected_authentication = DISABLED
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   pkcs11_protected_authentication = DISABLED
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   pkcs11_protected_authentication = DISABLED
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   pkcs11_protected_authentication = DISABLED
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   pkcs11_protected_authentication = DISABLED
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   pkcs11_protected_authentication = DISABLED
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   pkcs11_protected_authentication = DISABLED
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   pkcs11_private_mode = 00000000
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   pkcs11_private_mode = 00000000
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   pkcs11_private_mode = 00000000
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   pkcs11_private_mode = 00000000
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   pkcs11_private_mode = 00000000
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   pkcs11_private_mode = 00000000
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   pkcs11_private_mode = 00000000
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   pkcs11_private_mode = 00000000
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   pkcs11_private_mode = 00000000
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   pkcs11_private_mode = 00000000
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   pkcs11_private_mode = 00000000
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   pkcs11_private_mode = 00000000
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   pkcs11_private_mode = 00000000
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   pkcs11_private_mode = 00000000
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   pkcs11_private_mode = 00000000
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   pkcs11_private_mode = 00000000
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   pkcs11_cert_private = DISABLED
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   pkcs11_cert_private = DISABLED
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   pkcs11_cert_private = DISABLED
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   pkcs11_cert_private = DISABLED
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   pkcs11_cert_private = DISABLED
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   pkcs11_cert_private = DISABLED
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   pkcs11_cert_private = DISABLED
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   pkcs11_cert_private = DISABLED
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   pkcs11_cert_private = DISABLED
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   pkcs11_cert_private = DISABLED
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   pkcs11_cert_private = DISABLED
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   pkcs11_cert_private = DISABLED
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   pkcs11_cert_private = DISABLED
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   pkcs11_cert_private = DISABLED
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   pkcs11_cert_private = DISABLED
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   pkcs11_cert_private = DISABLED
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   pkcs11_pin_cache_period = -1
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   pkcs11_id = '[UNDEF]'
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   pkcs11_id_management = DISABLED
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   server_network = 10.8.0.0
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   server_netmask = 255.255.255.0
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   server_network_ipv6 = ::
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   server_netbits_ipv6 = 0
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   server_bridge_ip = 0.0.0.0
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   server_bridge_netmask = 0.0.0.0
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   server_bridge_pool_start = 0.0.0.0
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   server_bridge_pool_end = 0.0.0.0
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   push_entry = 'dhcp-option DNS 8.8.8.8'
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   push_entry = 'dhcp-option DNS 8.8.4.4'
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   push_entry = 'block-outside-dns'
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   push_entry = 'redirect-gateway def1'
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   push_entry = 'route-gateway 10.8.0.1'
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   push_entry = 'topology subnet'
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   push_entry = 'ping 15'
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   push_entry = 'ping-restart 120'
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   ifconfig_pool_defined = ENABLED
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   ifconfig_pool_start = 10.8.0.2
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   ifconfig_pool_end = 10.8.0.253
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   ifconfig_pool_netmask = 255.255.255.0
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   ifconfig_pool_persist_filename = '[UNDEF]'
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   ifconfig_pool_persist_refresh_freq = 600
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   ifconfig_ipv6_pool_defined = DISABLED
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   ifconfig_ipv6_pool_base = ::
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   ifconfig_ipv6_pool_netbits = 0
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   n_bcast_buf = 256
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   tcp_queue_limit = 64
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   real_hash_size = 256
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   virtual_hash_size = 256
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   client_connect_script = '[UNDEF]'
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   learn_address_script = '[UNDEF]'
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   client_disconnect_script = '[UNDEF]'
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   client_config_dir = '/etc/openvpn/ccd'
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   ccd_exclusive = DISABLED
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   tmp_dir = '/tmp'
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   push_ifconfig_defined = DISABLED
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   push_ifconfig_local = 0.0.0.0
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   push_ifconfig_remote_netmask = 0.0.0.0
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   push_ifconfig_ipv6_defined = DISABLED
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   push_ifconfig_ipv6_local = ::/0
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   push_ifconfig_ipv6_remote = ::
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   enable_c2c = ENABLED
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   duplicate_cn = DISABLED
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   cf_max = 0
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   cf_per = 0
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   max_clients = 1024
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   max_routes_per_client = 256
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   auth_user_pass_verify_script = '[UNDEF]'
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   auth_user_pass_verify_script_via_file = DISABLED
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   auth_token_generate = DISABLED
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   auth_token_lifetime = 0
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   port_share_host = '[UNDEF]'
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   port_share_port = '[UNDEF]'
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   client = DISABLED
Dec 17 06:59:33 raspberrypi-2 ovpn-server[29215]:   pull = DISABLED
Dec 17 06:59:34 raspberrypi-2 ovpn-server[29215]:   auth_user_pass_file = '[UNDEF]'
Dec 17 06:59:34 raspberrypi-2 ovpn-server[29215]: OpenVPN 2.4.7 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 20 2019
Dec 17 06:59:34 raspberrypi-2 ovpn-server[29215]: library versions: OpenSSL 1.1.1d  10 Sep 2019, LZO 2.10
Dec 17 06:59:34 raspberrypi-2 ovpn-server[29215]: NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x.  Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
Dec 17 06:59:34 raspberrypi-2 ovpn-server[29215]: Diffie-Hellman initialized with 2048 bit key
Dec 17 06:59:34 raspberrypi-2 ovpn-server[29215]: Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Dec 17 06:59:34 raspberrypi-2 ovpn-server[29215]: Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Dec 17 06:59:34 raspberrypi-2 ovpn-server[29215]: TLS-Auth MTU parms [ L:1621 D:1172 EF:78 EB:0 ET:0 EL:3 ]
Dec 17 06:59:34 raspberrypi-2 ovpn-server[29215]: TUN/TAP device tun0 opened
Dec 17 06:59:34 raspberrypi-2 ovpn-server[29215]: TUN/TAP TX queue length set to 100
Dec 17 06:59:34 raspberrypi-2 ovpn-server[29215]: do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Dec 17 06:59:34 raspberrypi-2 ovpn-server[29215]: /sbin/ip link set dev tun0 up mtu 1500
Dec 17 06:59:34 raspberrypi-2 ovpn-server[29215]: /sbin/ip addr add dev tun0 10.8.0.1/24 broadcast 10.8.0.255
Dec 17 06:59:34 raspberrypi-2 ovpn-server[29215]: Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
Dec 17 06:59:34 raspberrypi-2 ovpn-server[29215]: Could not determine IPv4/IPv6 protocol. Using AF_INET
Dec 17 06:59:34 raspberrypi-2 ovpn-server[29215]: Socket Buffers: R=[163840->163840] S=[163840->163840]
Dec 17 06:59:34 raspberrypi-2 ovpn-server[29215]: UDPv4 link local (bound): [AF_INET][undef]:1194
Dec 17 06:59:34 raspberrypi-2 ovpn-server[29215]: UDPv4 link remote: [AF_UNSPEC]
Dec 17 06:59:34 raspberrypi-2 ovpn-server[29215]: GID set to openvpn
Dec 17 06:59:34 raspberrypi-2 ovpn-server[29215]: UID set to openvpn
Dec 17 06:59:34 raspberrypi-2 ovpn-server[29215]: MULTI: multi_init called, r=256 v=256
Dec 17 06:59:34 raspberrypi-2 ovpn-server[29215]: IFCONFIG POOL: base=10.8.0.2 size=252, ipv6=0
Dec 17 06:59:34 raspberrypi-2 ovpn-server[29215]: Initialization Sequence Completed
Dec 17 07:00:14 raspberrypi-2 ovpn-server[29215]: MULTI: multi_create_instance called
Dec 17 07:00:14 raspberrypi-2 ovpn-server[29215]: 178.190.159.91:62838 Re-using SSL/TLS context
Dec 17 07:00:14 raspberrypi-2 ovpn-server[29215]: 178.190.159.91:62838 Control Channel MTU parms [ L:1621 D:1172 EF:78 EB:0 ET:0 EL:3 ]
Dec 17 07:00:14 raspberrypi-2 ovpn-server[29215]: 178.190.159.91:62838 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
Dec 17 07:00:14 raspberrypi-2 ovpn-server[29215]: 178.190.159.91:62838 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1569,tun-mtu 1500,proto UDPv4,keydir 0,cipher AES-256-CBC,auth SHA256,keysize 256,tls-auth,key-method 2,tls-server'
Dec 17 07:00:14 raspberrypi-2 ovpn-server[29215]: 178.190.159.91:62838 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1569,tun-mtu 1500,proto UDPv4,keydir 1,cipher AES-256-CBC,auth SHA256,keysize 256,tls-auth,key-method 2,tls-client'
Dec 17 07:00:14 raspberrypi-2 ovpn-server[29215]: 178.190.159.91:62838 TLS: Initial packet from [AF_INET]178.190.159.91:62838, sid=8e719c7e 6de4b60f
Dec 17 07:00:14 raspberrypi-2 ovpn-server[29215]: 178.190.159.91:62838 VERIFY OK: depth=1, CN=ChangeMe
Dec 17 07:00:14 raspberrypi-2 ovpn-server[29215]: 178.190.159.91:62838 VERIFY KU OK
Dec 17 07:00:14 raspberrypi-2 ovpn-server[29215]: 178.190.159.91:62838 Validating certificate extended key usage
Dec 17 07:00:14 raspberrypi-2 ovpn-server[29215]: 178.190.159.91:62838 ++ Certificate has EKU (str) TLS Web Client Authentication, expects TLS Web Client Authentication
Dec 17 07:00:14 raspberrypi-2 ovpn-server[29215]: 178.190.159.91:62838 VERIFY EKU OK
Dec 17 07:00:14 raspberrypi-2 ovpn-server[29215]: 178.190.159.91:62838 VERIFY OK: depth=0, CN=rzr
Dec 17 07:00:14 raspberrypi-2 ovpn-server[29215]: 178.190.159.91:62838 peer info: IV_VER=3.git::662eae9a
Dec 17 07:00:14 raspberrypi-2 ovpn-server[29215]: 178.190.159.91:62838 peer info: IV_PLAT=win
Dec 17 07:00:14 raspberrypi-2 ovpn-server[29215]: 178.190.159.91:62838 peer info: IV_NCP=2
Dec 17 07:00:14 raspberrypi-2 ovpn-server[29215]: 178.190.159.91:62838 peer info: IV_TCPNL=1
Dec 17 07:00:14 raspberrypi-2 ovpn-server[29215]: 178.190.159.91:62838 peer info: IV_PROTO=2
Dec 17 07:00:14 raspberrypi-2 ovpn-server[29215]: 178.190.159.91:62838 peer info: IV_AUTO_SESS=1
Dec 17 07:00:14 raspberrypi-2 ovpn-server[29215]: 178.190.159.91:62838 peer info: IV_GUI_VER=OCWindows_3.2.2-1455
Dec 17 07:00:14 raspberrypi-2 ovpn-server[29215]: 178.190.159.91:62838 peer info: IV_SSO=openurl
Dec 17 07:00:14 raspberrypi-2 ovpn-server[29215]: 178.190.159.91:62838 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 2048 bit RSA
Dec 17 07:00:14 raspberrypi-2 ovpn-server[29215]: 178.190.159.91:62838 [rzr] Peer Connection Initiated with [AF_INET]178.190.159.91:62838
Dec 17 07:00:14 raspberrypi-2 ovpn-server[29215]: rzr/178.190.159.91:62838 OPTIONS IMPORT: reading client specific options from: /etc/openvpn/ccd/rzr
Dec 17 07:00:14 raspberrypi-2 ovpn-server[29215]: rzr/178.190.159.91:62838 MULTI: Learn: 10.8.0.2 -> rzr/178.190.159.91:62838
Dec 17 07:00:14 raspberrypi-2 ovpn-server[29215]: rzr/178.190.159.91:62838 MULTI: primary virtual IP for rzr/178.190.159.91:62838: 10.8.0.2
Dec 17 07:00:14 raspberrypi-2 ovpn-server[29215]: rzr/178.190.159.91:62838 PUSH: Received control message: 'PUSH_REQUEST'
Dec 17 07:00:14 raspberrypi-2 ovpn-server[29215]: rzr/178.190.159.91:62838 SENT CONTROL [rzr]: 'PUSH_REPLY,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,block-outside-dns,redirect-gateway def1,route-gateway 10.8.0.1,topology subnet,ping 15,ping-restart 120,ifconfig 10.8.0.2 255.255.255.0,peer-id 0,cipher AES-256-GCM' (status=1)
Dec 17 07:00:14 raspberrypi-2 ovpn-server[29215]: rzr/178.190.159.91:62838 Data Channel: using negotiated cipher 'AES-256-GCM'
Dec 17 07:00:14 raspberrypi-2 ovpn-server[29215]: rzr/178.190.159.91:62838 Data Channel MTU parms [ L:1549 D:1450 EF:49 EB:406 ET:0 EL:3 ]
Dec 17 07:00:14 raspberrypi-2 ovpn-server[29215]: rzr/178.190.159.91:62838 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Dec 17 07:00:14 raspberrypi-2 ovpn-server[29215]: rzr/178.190.159.91:62838 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Dec 17 07:00:16 raspberrypi-2 ovpn-server[29215]: rzr/178.190.159.91:62838 MULTI: bad source address from client [::], packet dropped
Dec 17 07:11:04 raspberrypi-2 ovpn-server[29215]: MULTI: multi_create_instance called
Dec 17 07:11:04 raspberrypi-2 ovpn-server[29215]: 10.13.173.90:40140 Re-using SSL/TLS context
Dec 17 07:11:04 raspberrypi-2 ovpn-server[29215]: 10.13.173.90:40140 Control Channel MTU parms [ L:1621 D:1172 EF:78 EB:0 ET:0 EL:3 ]
Dec 17 07:11:04 raspberrypi-2 ovpn-server[29215]: 10.13.173.90:40140 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
Dec 17 07:11:04 raspberrypi-2 ovpn-server[29215]: 10.13.173.90:40140 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1569,tun-mtu 1500,proto UDPv4,keydir 0,cipher AES-256-CBC,auth SHA256,keysize 256,tls-auth,key-method 2,tls-server'
Dec 17 07:11:04 raspberrypi-2 ovpn-server[29215]: 10.13.173.90:40140 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1569,tun-mtu 1500,proto UDPv4,keydir 1,cipher AES-256-CBC,auth SHA256,keysize 256,tls-auth,key-method 2,tls-client'
Dec 17 07:11:04 raspberrypi-2 ovpn-server[29215]: 10.13.173.90:40140 TLS: Initial packet from [AF_INET]10.13.173.90:40140, sid=d63b84b5 c09ff8d9
Dec 17 07:11:05 raspberrypi-2 ovpn-server[29215]: 10.13.173.90:40140 VERIFY OK: depth=1, CN=ChangeMe
Dec 17 07:11:05 raspberrypi-2 ovpn-server[29215]: 10.13.173.90:40140 VERIFY KU OK
Dec 17 07:11:05 raspberrypi-2 ovpn-server[29215]: 10.13.173.90:40140 Validating certificate extended key usage
Dec 17 07:11:05 raspberrypi-2 ovpn-server[29215]: 10.13.173.90:40140 ++ Certificate has EKU (str) TLS Web Client Authentication, expects TLS Web Client Authentication
Dec 17 07:11:05 raspberrypi-2 ovpn-server[29215]: 10.13.173.90:40140 VERIFY EKU OK
Dec 17 07:11:05 raspberrypi-2 ovpn-server[29215]: 10.13.173.90:40140 VERIFY OK: depth=0, CN=z3
Dec 17 07:11:05 raspberrypi-2 ovpn-server[29215]: 10.13.173.90:40140 peer info: IV_VER=3.git:released:662eae9a:Release
Dec 17 07:11:05 raspberrypi-2 ovpn-server[29215]: 10.13.173.90:40140 peer info: IV_PLAT=android
Dec 17 07:11:05 raspberrypi-2 ovpn-server[29215]: 10.13.173.90:40140 peer info: IV_NCP=2
Dec 17 07:11:05 raspberrypi-2 ovpn-server[29215]: 10.13.173.90:40140 peer info: IV_TCPNL=1
Dec 17 07:11:05 raspberrypi-2 ovpn-server[29215]: 10.13.173.90:40140 peer info: IV_PROTO=2
Dec 17 07:11:05 raspberrypi-2 ovpn-server[29215]: 10.13.173.90:40140 peer info: IV_AUTO_SESS=1
Dec 17 07:11:05 raspberrypi-2 ovpn-server[29215]: 10.13.173.90:40140 peer info: IV_GUI_VER=net.openvpn.connect.android_3.2.4-5891
Dec 17 07:11:05 raspberrypi-2 ovpn-server[29215]: 10.13.173.90:40140 peer info: IV_SSO=openurl
Dec 17 07:11:05 raspberrypi-2 ovpn-server[29215]: 10.13.173.90:40140 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 2048 bit RSA
Dec 17 07:11:05 raspberrypi-2 ovpn-server[29215]: 10.13.173.90:40140 [z3] Peer Connection Initiated with [AF_INET]10.13.173.90:40140
Dec 17 07:11:05 raspberrypi-2 ovpn-server[29215]: z3/10.13.173.90:40140 OPTIONS IMPORT: reading client specific options from: /etc/openvpn/ccd/z3
Dec 17 07:11:05 raspberrypi-2 ovpn-server[29215]: z3/10.13.173.90:40140 MULTI: Learn: 10.8.0.3 -> z3/10.13.173.90:40140
Dec 17 07:11:05 raspberrypi-2 ovpn-server[29215]: z3/10.13.173.90:40140 MULTI: primary virtual IP for z3/10.13.173.90:40140: 10.8.0.3
Dec 17 07:11:05 raspberrypi-2 ovpn-server[29215]: z3/10.13.173.90:40140 PUSH: Received control message: 'PUSH_REQUEST'
Dec 17 07:11:05 raspberrypi-2 ovpn-server[29215]: z3/10.13.173.90:40140 SENT CONTROL [z3]: 'PUSH_REPLY,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,block-outside-dns,redirect-gateway def1,route-gateway 10.8.0.1,topology subnet,ping 15,ping-restart 120,ifconfig 10.8.0.3 255.255.255.0,peer-id 1,cipher AES-256-GCM' (status=1)
Dec 17 07:11:05 raspberrypi-2 ovpn-server[29215]: z3/10.13.173.90:40140 Data Channel: using negotiated cipher 'AES-256-GCM'
Dec 17 07:11:05 raspberrypi-2 ovpn-server[29215]: z3/10.13.173.90:40140 Data Channel MTU parms [ L:1549 D:1450 EF:49 EB:406 ET:0 EL:3 ]
Dec 17 07:11:05 raspberrypi-2 ovpn-server[29215]: z3/10.13.173.90:40140 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Dec 17 07:11:05 raspberrypi-2 ovpn-server[29215]: z3/10.13.173.90:40140 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Dec 17 07:11:05 raspberrypi-2 ovpn-server[29215]: z3/10.13.173.90:40140 MULTI: bad source address from client [10.13.173.90], packet dropped
Dec 17 07:11:06 raspberrypi-2 ovpn-server[29215]: z3/10.13.173.90:40140 MULTI: bad source address from client [10.13.173.90], packet dropped
Dec 17 07:11:07 raspberrypi-2 ovpn-server[29215]: z3/10.13.173.90:40140 MULTI: bad source address from client [10.13.173.90], packet dropped
Dec 17 07:11:08 raspberrypi-2 ovpn-server[29215]: z3/10.13.173.90:40140 MULTI: bad source address from client [10.13.173.90], packet dropped
Dec 17 07:11:12 raspberrypi-2 ovpn-server[29215]: z3/10.13.173.90:40140 MULTI: bad source address from client [10.13.173.90], packet dropped
Dec 17 07:11:18 raspberrypi-2 ovpn-server[29215]: z3/10.13.173.90:40140 MULTI: bad source address from client [10.13.173.90], packet dropped
Dec 17 07:11:32 raspberrypi-2 ovpn-server[29215]: z3/10.13.173.90:40140 MULTI: bad source address from client [10.13.173.90], packet dropped
Dec 17 07:11:38 raspberrypi-2 ovpn-server[29215]: z3/10.13.173.90:40140 MULTI: bad source address from client [10.13.173.90], packet dropped
Dec 17 07:11:58 raspberrypi-2 ovpn-server[29215]: z3/10.13.173.90:40140 MULTI: bad source address from client [10.13.173.90], packet dropped
Dec 17 07:11:58 raspberrypi-2 ovpn-server[29215]: z3/10.13.173.90:40140 MULTI: bad source address from client [10.13.173.90], packet dropped
Dec 17 07:11:58 raspberrypi-2 ovpn-server[29215]: z3/10.13.173.90:40140 MULTI: bad source address from client [10.13.173.90], packet dropped
Dec 17 07:11:58 raspberrypi-2 ovpn-server[29215]: z3/10.13.173.90:40140 MULTI: bad source address from client [10.13.173.90], packet dropped
Dec 17 07:11:58 raspberrypi-2 ovpn-server[29215]: z3/10.13.173.90:40140 MULTI: bad source address from client [10.13.173.90], packet dropped
Dec 17 07:11:58 raspberrypi-2 ovpn-server[29215]: z3/10.13.173.90:40140 MULTI: bad source address from client [10.13.173.90], packet dropped
Dec 17 07:11:59 raspberrypi-2 ovpn-server[29215]: z3/10.13.173.90:40140 MULTI: bad source address from client [10.13.173.90], packet dropped
Dec 17 07:11:59 raspberrypi-2 ovpn-server[29215]: z3/10.13.173.90:40140 MULTI: bad source address from client [10.13.173.90], packet dropped
Dec 17 07:12:00 raspberrypi-2 ovpn-server[29215]: z3/10.13.173.90:40140 MULTI: bad source address from client [10.13.173.90], packet dropped
Dec 17 07:12:00 raspberrypi-2 ovpn-server[29215]: z3/10.13.173.90:40140 MULTI: bad source address from client [10.13.173.90], packet dropped
Dec 17 07:12:02 raspberrypi-2 ovpn-server[29215]: z3/10.13.173.90:40140 MULTI: bad source address from client [10.13.173.90], packet dropped
Dec 17 07:12:03 raspberrypi-2 ovpn-server[29215]: z3/10.13.173.90:40140 MULTI: bad source address from client [10.13.173.90], packet dropped
Dec 17 07:12:07 raspberrypi-2 ovpn-server[29215]: z3/10.13.173.90:40140 MULTI: bad source address from client [10.13.173.90], packet dropped
Dec 17 07:12:07 raspberrypi-2 ovpn-server[29215]: z3/10.13.173.90:40140 MULTI: bad source address from client [10.13.173.90], packet dropped
Dec 17 07:12:17 raspberrypi-2 ovpn-server[29215]: z3/10.13.173.90:40140 MULTI: bad source address from client [10.13.173.90], packet dropped
Dec 17 07:12:22 raspberrypi-2 ovpn-server[29215]: z3/10.13.173.90:40140 MULTI: bad source address from client [10.13.173.90], packet dropped
Dec 17 07:14:40 raspberrypi-2 ovpn-server[29215]: z3/10.13.173.90:40140 MULTI: bad source address from client [10.13.173.90], packet dropped
This log above shows the successful connect from clients rzr (Windows Client) and z3 (Sony Z3 Android mobile). Client A10 (the culprit) does not show at all in this log.

client Samsung Galaxy A10

client
dev tun
proto udp
remote X.X.X.X 1194
resolv-retry infinite
nobind
key-direction 1
remote-cert-tls server
tls-version-min 1.2
verify-x509-name raspberrypi-2_42ced604-1e66-4cd7-99f1-02d647c979d3 name
cipher AES-256-CBC
auth SHA256
auth-nocache
verb 4
<ca>
-----BEGIN CERTIFICATE-----
---snip---
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
---snip---
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
---snip---
-----END PRIVATE KEY-----
</key>
<tls-crypt>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
---snip---
-----END OpenVPN Static key V1-----
</tls-crypt>

Code: Select all

08:24:14.082 -- ----- OpenVPN Start -----
08:24:14.083 -- EVENT: CORE_THREAD_ACTIVE
08:24:14.088 -- OpenVPN core 3.git:released:662eae9a:Release android armv7a thumb2 32-bit PT_PROXY
08:24:14.089 -- Frame=512/2048/512 mssfix-ctrl=1250
08:24:14.089 -- UNUSED OPTIONS
4 [resolv-retry] [infinite] 
5 [nobind] 
9 [verify-x509-name] [raspberrypi-2_42ced604-1e66-4cd7-99f1-02d647c979d3] [name] 
12 [auth-nocache] 
13 [verb] [4] 
08:24:14.090 -- EVENT: RESOLVE
08:24:14.128 -- Contacting 185.81.210.144:1194 via UDP
08:24:14.129 -- EVENT: WAIT
08:24:14.132 -- Connecting to [X.X.X.X]:1194 (185.81.210.144) via UDPv4
08:24:24.090 -- Server poll timeout, trying next remote entry...
08:24:24.091 -- EVENT: RECONNECTING
08:24:24.110 -- EVENT: RESOLVE
08:24:24.126 -- Contacting 185.81.210.144:1194 via UDP
08:24:24.128 -- EVENT: WAIT
08:24:24.135 -- Connecting to [X.X.X.X]:1194 (185.81.210.144) via UDPv4
08:24:34.095 -- Server poll timeout, trying next remote entry...
08:24:34.098 -- EVENT: RECONNECTING
08:24:34.111 -- EVENT: RESOLVE
08:24:34.128 -- Contacting 185.81.210.144:1194 via UDP
08:24:34.130 -- EVENT: WAIT
08:24:34.145 -- Connecting to [X.X.X.X]:1194 (185.81.210.144) via UDPv4
08:24:44.091 -- EVENT: CONNECTION_TIMEOUT
08:24:44.113 -- EVENT: DISCONNECTED
08:24:44.115 -- Tunnel bytes per CPU second: 0
08:24:44.116 -- ----- OpenVPN Stop -----
client Sony Z3
client
dev tun
proto udp
remote X.X.X.X 1194
resolv-retry infinite
nobind
key-direction 1
remote-cert-tls server
tls-version-min 1.2
verify-x509-name raspberrypi-2_42ced604-1e66-4cd7-99f1-02d647c979d3 name
cipher AES-256-CBC
auth SHA256
auth-nocache
verb 3
<ca>
-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----

-----END PRIVATE KEY-----
</key>
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----

-----END OpenVPN Static key V1-----
</tls-auth>


So in a nutshell: Client's config files are quite the same on my two mobiles. Whereas the client with my Sony Z3 gives me a VPN tunnel on the other hand the client on the Galaxy A10 does not.

Addendum: I hope this is the right place/subforum to post my question.

Thanks for reading
Peter
Last edited by Pippin on Thu Dec 17, 2020 9:18 am, edited 1 time in total.
Reason: Formatting

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Open Connect on a Samsung A10 mobile will not connect to a OVPN server

Post by TinCanTech » Thu Dec 17, 2020 3:37 pm

atvpnl wrote:
Thu Dec 17, 2020 7:51 am
This log above shows the successful connect from clients rzr (Windows Client) and z3 (Sony Z3 Android mobile). Client A10 (the culprit) does not show at all in this log.
For some reason, your A10 cannot reach your server ..

atvpnl
OpenVpn Newbie
Posts: 4
Joined: Wed Dec 18, 2019 8:13 am

Re: Open Connect on a Samsung A10 mobile will not connect to a OVPN server

Post by atvpnl » Thu Dec 17, 2020 3:59 pm

.. and the reason might be?
Whom shall I ask next? The Sony mobile and the Samsung mobile are with the same telecom provider and have similar (in the essence identical) parameters in the config file. Is it possible that different versions of Android (V 8 vs V 10) make the difference?
Severely puzzeled
Peter

Post Reply