Client configuration on windows vs android

This forum is for general conversation and user-user networking.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
pico977
OpenVpn Newbie
Posts: 2
Joined: Wed Jan 20, 2021 4:10 pm

Client configuration on windows vs android

Post by pico977 » Wed Jan 20, 2021 4:33 pm

Hi guys

I'm newby and I need help
I have a little server where I installed OPNSENSE whit OPENVPN server. I have configured all, so I can generate certificate for external connection.
My server has a dynamic pubblic IP, and I Have configured OPNSENSE to works with DUCKDNS.ORG, and it goes very well.

In the client side, I have an android phone and a Windows 10 PC. They are capable to connect to my server.
This is the ovpn file on my clients:

Code: Select all

dev tun
persist-tun
persist-key
cipher AES-256-CBC
auth SHA512
client
resolv-retry infinite
remote MYSITE.duckdns.org 1194 udp
lport 0
verify-x509-name "C=IT, ST=Italia, L=Roma, O=MYSITE, emailAddress=spam@opnsense.org, CN=SSLVPN Server Certificate" subject
remote-cert-tls server
auth-user-pass
comp-lzo adaptive
pkcs12 FILE.p12
tls-auth FILE-tls.key 1
verb 4
Now I setup LETSENCRYPT on my server to validate my certificate.
So, when I access to https://MYSITE.duckdns.org from my lan, I have a secure connection
But, when I try to connect to the same URL throught VPN connection....
- From android it's all rigth!!!
- From windows I have only a timeout (but I can connect to my server using my local IP 192.168.9.1)

Could someone help me to resolve on windows connection?

Here the client log on windows:

Code: Select all

Wed Jan 20 17:06:04 2021 us=461977 Current Parameter Settings:
Wed Jan 20 17:06:04 2021 us=461977   config = 'FILE.ovpn'
Wed Jan 20 17:06:04 2021 us=461977   mode = 0
Wed Jan 20 17:06:04 2021 us=461977   show_ciphers = DISABLED
Wed Jan 20 17:06:04 2021 us=461977   show_digests = DISABLED
Wed Jan 20 17:06:04 2021 us=461977   show_engines = DISABLED
Wed Jan 20 17:06:04 2021 us=461977   genkey = DISABLED
Wed Jan 20 17:06:04 2021 us=461977   key_pass_file = '[UNDEF]'
Wed Jan 20 17:06:04 2021 us=461977   show_tls_ciphers = DISABLED
Wed Jan 20 17:06:04 2021 us=461977   connect_retry_max = 0
Wed Jan 20 17:06:04 2021 us=461977 Connection profiles [0]:
Wed Jan 20 17:06:04 2021 us=461977   proto = udp
Wed Jan 20 17:06:04 2021 us=461977   local = '[UNDEF]'
Wed Jan 20 17:06:04 2021 us=461977   local_port = '0'
Wed Jan 20 17:06:04 2021 us=461977   remote = 'MYSITE.duckdns.org'
Wed Jan 20 17:06:04 2021 us=461977   remote_port = '1194'
Wed Jan 20 17:06:04 2021 us=461977   remote_float = DISABLED
Wed Jan 20 17:06:04 2021 us=461977   bind_defined = DISABLED
Wed Jan 20 17:06:04 2021 us=461977   bind_local = ENABLED
Wed Jan 20 17:06:04 2021 us=461977   bind_ipv6_only = DISABLED
Wed Jan 20 17:06:04 2021 us=461977   connect_retry_seconds = 5
Wed Jan 20 17:06:04 2021 us=461977   connect_timeout = 120
Wed Jan 20 17:06:04 2021 us=461977   socks_proxy_server = '[UNDEF]'
Wed Jan 20 17:06:04 2021 us=461977   socks_proxy_port = '[UNDEF]'
Wed Jan 20 17:06:04 2021 us=461977   tun_mtu = 1500
Wed Jan 20 17:06:04 2021 us=461977   tun_mtu_defined = ENABLED
Wed Jan 20 17:06:04 2021 us=461977   link_mtu = 1500
Wed Jan 20 17:06:04 2021 us=461977   link_mtu_defined = DISABLED
Wed Jan 20 17:06:04 2021 us=461977   tun_mtu_extra = 0
Wed Jan 20 17:06:04 2021 us=461977   tun_mtu_extra_defined = DISABLED
Wed Jan 20 17:06:04 2021 us=461977   mtu_discover_type = -1
Wed Jan 20 17:06:04 2021 us=461977   fragment = 0
Wed Jan 20 17:06:04 2021 us=461977   mssfix = 1450
Wed Jan 20 17:06:04 2021 us=461977   explicit_exit_notification = 0
Wed Jan 20 17:06:04 2021 us=461977 Connection profiles END
Wed Jan 20 17:06:04 2021 us=461977   remote_random = DISABLED
Wed Jan 20 17:06:04 2021 us=461977   ipchange = '[UNDEF]'
Wed Jan 20 17:06:04 2021 us=461977   dev = 'tun'
Wed Jan 20 17:06:04 2021 us=461977   dev_type = '[UNDEF]'
Wed Jan 20 17:06:04 2021 us=461977   dev_node = '[UNDEF]'
Wed Jan 20 17:06:04 2021 us=461977   lladdr = '[UNDEF]'
Wed Jan 20 17:06:04 2021 us=461977   topology = 1
Wed Jan 20 17:06:04 2021 us=461977   ifconfig_local = '[UNDEF]'
Wed Jan 20 17:06:04 2021 us=461977   ifconfig_remote_netmask = '[UNDEF]'
Wed Jan 20 17:06:04 2021 us=461977   ifconfig_noexec = DISABLED
Wed Jan 20 17:06:04 2021 us=461977   ifconfig_nowarn = DISABLED
Wed Jan 20 17:06:04 2021 us=461977   ifconfig_ipv6_local = '[UNDEF]'
Wed Jan 20 17:06:04 2021 us=461977   ifconfig_ipv6_netbits = 0
Wed Jan 20 17:06:04 2021 us=461977   ifconfig_ipv6_remote = '[UNDEF]'
Wed Jan 20 17:06:04 2021 us=461977   shaper = 0
Wed Jan 20 17:06:04 2021 us=461977   mtu_test = 0
Wed Jan 20 17:06:04 2021 us=461977   mlock = DISABLED
Wed Jan 20 17:06:04 2021 us=461977   keepalive_ping = 0
Wed Jan 20 17:06:04 2021 us=461977   keepalive_timeout = 0
Wed Jan 20 17:06:04 2021 us=461977   inactivity_timeout = 0
Wed Jan 20 17:06:04 2021 us=461977   ping_send_timeout = 0
Wed Jan 20 17:06:04 2021 us=461977   ping_rec_timeout = 0
Wed Jan 20 17:06:04 2021 us=461977   ping_rec_timeout_action = 0
Wed Jan 20 17:06:04 2021 us=461977   ping_timer_remote = DISABLED
Wed Jan 20 17:06:04 2021 us=461977   remap_sigusr1 = 0
Wed Jan 20 17:06:04 2021 us=461977   persist_tun = ENABLED
Wed Jan 20 17:06:04 2021 us=461977   persist_local_ip = DISABLED
Wed Jan 20 17:06:04 2021 us=461977   persist_remote_ip = DISABLED
Wed Jan 20 17:06:04 2021 us=461977   persist_key = ENABLED
Wed Jan 20 17:06:04 2021 us=461977   passtos = DISABLED
Wed Jan 20 17:06:04 2021 us=461977   resolve_retry_seconds = 1000000000
Wed Jan 20 17:06:04 2021 us=461977   resolve_in_advance = DISABLED
Wed Jan 20 17:06:04 2021 us=461977   username = '[UNDEF]'
Wed Jan 20 17:06:04 2021 us=461977   groupname = '[UNDEF]'
Wed Jan 20 17:06:04 2021 us=461977   chroot_dir = '[UNDEF]'
Wed Jan 20 17:06:04 2021 us=461977   cd_dir = '[UNDEF]'
Wed Jan 20 17:06:04 2021 us=461977   writepid = '[UNDEF]'
Wed Jan 20 17:06:04 2021 us=461977   up_script = '[UNDEF]'
Wed Jan 20 17:06:04 2021 us=461977   down_script = '[UNDEF]'
Wed Jan 20 17:06:04 2021 us=461977   down_pre = DISABLED
Wed Jan 20 17:06:04 2021 us=461977   up_restart = DISABLED
Wed Jan 20 17:06:04 2021 us=461977   up_delay = DISABLED
Wed Jan 20 17:06:04 2021 us=461977   daemon = DISABLED
Wed Jan 20 17:06:04 2021 us=461977   inetd = 0
Wed Jan 20 17:06:04 2021 us=461977   log = ENABLED
Wed Jan 20 17:06:04 2021 us=461977   suppress_timestamps = DISABLED
Wed Jan 20 17:06:04 2021 us=461977   machine_readable_output = DISABLED
Wed Jan 20 17:06:04 2021 us=461977   nice = 0
Wed Jan 20 17:06:04 2021 us=461977   verbosity = 4
Wed Jan 20 17:06:04 2021 us=461977   mute = 0
Wed Jan 20 17:06:04 2021 us=461977   gremlin = 0
Wed Jan 20 17:06:04 2021 us=461977   status_file = '[UNDEF]'
Wed Jan 20 17:06:04 2021 us=461977   status_file_version = 1
Wed Jan 20 17:06:04 2021 us=461977   status_file_update_freq = 60
Wed Jan 20 17:06:04 2021 us=461977   occ = ENABLED
Wed Jan 20 17:06:04 2021 us=461977   rcvbuf = 0
Wed Jan 20 17:06:04 2021 us=461977   sndbuf = 0
Wed Jan 20 17:06:04 2021 us=461977   sockflags = 0
Wed Jan 20 17:06:04 2021 us=461977   fast_io = DISABLED
Wed Jan 20 17:06:04 2021 us=461977   comp.alg = 2
Wed Jan 20 17:06:04 2021 us=461977   comp.flags = 1
Wed Jan 20 17:06:04 2021 us=461977   route_script = '[UNDEF]'
Wed Jan 20 17:06:04 2021 us=461977   route_default_gateway = '[UNDEF]'
Wed Jan 20 17:06:04 2021 us=461977   route_default_metric = 0
Wed Jan 20 17:06:04 2021 us=461977   route_noexec = DISABLED
Wed Jan 20 17:06:04 2021 us=461977   route_delay = 5
Wed Jan 20 17:06:04 2021 us=461977   route_delay_window = 30
Wed Jan 20 17:06:04 2021 us=461977   route_delay_defined = ENABLED
Wed Jan 20 17:06:04 2021 us=461977   route_nopull = DISABLED
Wed Jan 20 17:06:04 2021 us=461977   route_gateway_via_dhcp = DISABLED
Wed Jan 20 17:06:04 2021 us=461977   allow_pull_fqdn = DISABLED
Wed Jan 20 17:06:04 2021 us=461977   Pull filters:
Wed Jan 20 17:06:04 2021 us=461977     ignore "route-method"
Wed Jan 20 17:06:04 2021 us=461977   management_addr = '127.0.0.1'
Wed Jan 20 17:06:04 2021 us=461977   management_port = '25340'
Wed Jan 20 17:06:04 2021 us=461977   management_user_pass = 'stdin'
Wed Jan 20 17:06:04 2021 us=461977   management_log_history_cache = 250
Wed Jan 20 17:06:04 2021 us=461977   management_echo_buffer_size = 100
Wed Jan 20 17:06:04 2021 us=461977   management_write_peer_info_file = '[UNDEF]'
Wed Jan 20 17:06:04 2021 us=461977   management_client_user = '[UNDEF]'
Wed Jan 20 17:06:04 2021 us=461977   management_client_group = '[UNDEF]'
Wed Jan 20 17:06:04 2021 us=461977   management_flags = 6
Wed Jan 20 17:06:04 2021 us=461977   shared_secret_file = '[UNDEF]'
Wed Jan 20 17:06:04 2021 us=461977   key_direction = 1
Wed Jan 20 17:06:04 2021 us=461977   ciphername = 'AES-256-CBC'
Wed Jan 20 17:06:04 2021 us=461977   ncp_enabled = ENABLED
Wed Jan 20 17:06:04 2021 us=461977   ncp_ciphers = 'AES-256-GCM:AES-128-GCM'
Wed Jan 20 17:06:04 2021 us=461977   authname = 'SHA512'
Wed Jan 20 17:06:04 2021 us=461977   prng_hash = 'SHA1'
Wed Jan 20 17:06:04 2021 us=461977   prng_nonce_secret_len = 16
Wed Jan 20 17:06:04 2021 us=461977   keysize = 0
Wed Jan 20 17:06:04 2021 us=461977   engine = DISABLED
Wed Jan 20 17:06:04 2021 us=461977   replay = ENABLED
Wed Jan 20 17:06:04 2021 us=461977   mute_replay_warnings = DISABLED
Wed Jan 20 17:06:04 2021 us=461977   replay_window = 64
Wed Jan 20 17:06:04 2021 us=461977   replay_time = 15
Wed Jan 20 17:06:04 2021 us=461977   packet_id_file = '[UNDEF]'
Wed Jan 20 17:06:04 2021 us=461977   use_iv = ENABLED
Wed Jan 20 17:06:04 2021 us=461977   test_crypto = DISABLED
Wed Jan 20 17:06:04 2021 us=461977   tls_server = DISABLED
Wed Jan 20 17:06:04 2021 us=461977   tls_client = ENABLED
Wed Jan 20 17:06:04 2021 us=461977   key_method = 2
Wed Jan 20 17:06:04 2021 us=461977   ca_file = '[UNDEF]'
Wed Jan 20 17:06:04 2021 us=461977   ca_path = '[UNDEF]'
Wed Jan 20 17:06:04 2021 us=461977   dh_file = '[UNDEF]'
Wed Jan 20 17:06:04 2021 us=461977   cert_file = '[UNDEF]'
Wed Jan 20 17:06:04 2021 us=461977   extra_certs_file = '[UNDEF]'
Wed Jan 20 17:06:04 2021 us=461977   priv_key_file = '[UNDEF]'
Wed Jan 20 17:06:04 2021 us=461977   pkcs12_file = 'FILE.p12'
Wed Jan 20 17:06:04 2021 us=461977   cryptoapi_cert = '[UNDEF]'
Wed Jan 20 17:06:04 2021 us=461977   cipher_list = '[UNDEF]'
Wed Jan 20 17:06:04 2021 us=461977   cipher_list_tls13 = '[UNDEF]'
Wed Jan 20 17:06:04 2021 us=461977   tls_cert_profile = '[UNDEF]'
Wed Jan 20 17:06:04 2021 us=461977   tls_verify = '[UNDEF]'
Wed Jan 20 17:06:04 2021 us=461977   tls_export_cert = '[UNDEF]'
Wed Jan 20 17:06:04 2021 us=461977   verify_x509_type = 1
Wed Jan 20 17:06:04 2021 us=461977   verify_x509_name = 'C=IT, ST=Italia, L=Roma, O=MYSITE, emailAddress=spam@opnsense.org, CN=SSLVPN Server Certificate'
Wed Jan 20 17:06:04 2021 us=461977   crl_file = '[UNDEF]'
Wed Jan 20 17:06:04 2021 us=461977   ns_cert_type = 0
Wed Jan 20 17:06:04 2021 us=461977   remote_cert_ku[i] = 65535
Wed Jan 20 17:06:04 2021 us=461977   remote_cert_ku[i] = 0
Wed Jan 20 17:06:04 2021 us=461977   remote_cert_ku[i] = 0
Wed Jan 20 17:06:04 2021 us=461977   remote_cert_ku[i] = 0
Wed Jan 20 17:06:04 2021 us=461977   remote_cert_ku[i] = 0
Wed Jan 20 17:06:04 2021 us=461977   remote_cert_ku[i] = 0
Wed Jan 20 17:06:04 2021 us=461977   remote_cert_ku[i] = 0
Wed Jan 20 17:06:04 2021 us=461977   remote_cert_ku[i] = 0
Wed Jan 20 17:06:04 2021 us=461977   remote_cert_ku[i] = 0
Wed Jan 20 17:06:04 2021 us=461977   remote_cert_ku[i] = 0
Wed Jan 20 17:06:04 2021 us=461977   remote_cert_ku[i] = 0
Wed Jan 20 17:06:04 2021 us=461977   remote_cert_ku[i] = 0
Wed Jan 20 17:06:04 2021 us=461977   remote_cert_ku[i] = 0
Wed Jan 20 17:06:04 2021 us=461977   remote_cert_ku[i] = 0
Wed Jan 20 17:06:04 2021 us=461977   remote_cert_ku[i] = 0
Wed Jan 20 17:06:04 2021 us=461977   remote_cert_ku[i] = 0
Wed Jan 20 17:06:04 2021 us=461977   remote_cert_eku = 'TLS Web Server Authentication'
Wed Jan 20 17:06:04 2021 us=461977   ssl_flags = 0
Wed Jan 20 17:06:04 2021 us=461977   tls_timeout = 2
Wed Jan 20 17:06:04 2021 us=461977   renegotiate_bytes = -1
Wed Jan 20 17:06:04 2021 us=461977   renegotiate_packets = 0
Wed Jan 20 17:06:04 2021 us=461977   renegotiate_seconds = 3600
Wed Jan 20 17:06:04 2021 us=461977   handshake_window = 60
Wed Jan 20 17:06:04 2021 us=461977   transition_window = 3600
Wed Jan 20 17:06:04 2021 us=461977   single_session = DISABLED
Wed Jan 20 17:06:04 2021 us=461977   push_peer_info = DISABLED
Wed Jan 20 17:06:04 2021 us=461977   tls_exit = DISABLED
Wed Jan 20 17:06:04 2021 us=461977   tls_auth_file = 'FILE-tls.key'
Wed Jan 20 17:06:04 2021 us=461977   tls_crypt_file = '[UNDEF]'
Wed Jan 20 17:06:04 2021 us=461977   pkcs11_protected_authentication = DISABLED
Wed Jan 20 17:06:04 2021 us=461977   pkcs11_protected_authentication = DISABLED
Wed Jan 20 17:06:04 2021 us=461977   pkcs11_protected_authentication = DISABLED
Wed Jan 20 17:06:04 2021 us=461977   pkcs11_protected_authentication = DISABLED
Wed Jan 20 17:06:04 2021 us=461977   pkcs11_protected_authentication = DISABLED
Wed Jan 20 17:06:04 2021 us=461977   pkcs11_protected_authentication = DISABLED
Wed Jan 20 17:06:04 2021 us=461977   pkcs11_protected_authentication = DISABLED
Wed Jan 20 17:06:04 2021 us=461977   pkcs11_protected_authentication = DISABLED
Wed Jan 20 17:06:04 2021 us=461977   pkcs11_protected_authentication = DISABLED
Wed Jan 20 17:06:04 2021 us=461977   pkcs11_protected_authentication = DISABLED
Wed Jan 20 17:06:04 2021 us=461977   pkcs11_protected_authentication = DISABLED
Wed Jan 20 17:06:04 2021 us=461977   pkcs11_protected_authentication = DISABLED
Wed Jan 20 17:06:04 2021 us=461977   pkcs11_protected_authentication = DISABLED
Wed Jan 20 17:06:04 2021 us=461977   pkcs11_protected_authentication = DISABLED
Wed Jan 20 17:06:04 2021 us=461977   pkcs11_protected_authentication = DISABLED
Wed Jan 20 17:06:04 2021 us=461977   pkcs11_protected_authentication = DISABLED
Wed Jan 20 17:06:04 2021 us=461977   pkcs11_private_mode = 00000000
Wed Jan 20 17:06:04 2021 us=461977   pkcs11_private_mode = 00000000
Wed Jan 20 17:06:04 2021 us=461977   pkcs11_private_mode = 00000000
Wed Jan 20 17:06:04 2021 us=461977   pkcs11_private_mode = 00000000
Wed Jan 20 17:06:04 2021 us=461977   pkcs11_private_mode = 00000000
Wed Jan 20 17:06:04 2021 us=461977   pkcs11_private_mode = 00000000
Wed Jan 20 17:06:04 2021 us=461977   pkcs11_private_mode = 00000000
Wed Jan 20 17:06:04 2021 us=461977   pkcs11_private_mode = 00000000
Wed Jan 20 17:06:04 2021 us=461977   pkcs11_private_mode = 00000000
Wed Jan 20 17:06:04 2021 us=461977   pkcs11_private_mode = 00000000
Wed Jan 20 17:06:04 2021 us=461977   pkcs11_private_mode = 00000000
Wed Jan 20 17:06:04 2021 us=461977   pkcs11_private_mode = 00000000
Wed Jan 20 17:06:04 2021 us=461977   pkcs11_private_mode = 00000000
Wed Jan 20 17:06:04 2021 us=461977   pkcs11_private_mode = 00000000
Wed Jan 20 17:06:04 2021 us=461977   pkcs11_private_mode = 00000000
Wed Jan 20 17:06:04 2021 us=461977   pkcs11_private_mode = 00000000
Wed Jan 20 17:06:04 2021 us=461977   pkcs11_cert_private = DISABLED
Wed Jan 20 17:06:04 2021 us=461977   pkcs11_cert_private = DISABLED
Wed Jan 20 17:06:04 2021 us=461977   pkcs11_cert_private = DISABLED
Wed Jan 20 17:06:04 2021 us=461977   pkcs11_cert_private = DISABLED
Wed Jan 20 17:06:04 2021 us=461977   pkcs11_cert_private = DISABLED
Wed Jan 20 17:06:04 2021 us=461977   pkcs11_cert_private = DISABLED
Wed Jan 20 17:06:04 2021 us=461977   pkcs11_cert_private = DISABLED
Wed Jan 20 17:06:04 2021 us=461977   pkcs11_cert_private = DISABLED
Wed Jan 20 17:06:04 2021 us=461977   pkcs11_cert_private = DISABLED
Wed Jan 20 17:06:04 2021 us=461977   pkcs11_cert_private = DISABLED
Wed Jan 20 17:06:04 2021 us=461977   pkcs11_cert_private = DISABLED
Wed Jan 20 17:06:04 2021 us=461977   pkcs11_cert_private = DISABLED
Wed Jan 20 17:06:04 2021 us=461977   pkcs11_cert_private = DISABLED
Wed Jan 20 17:06:04 2021 us=461977   pkcs11_cert_private = DISABLED
Wed Jan 20 17:06:04 2021 us=461977   pkcs11_cert_private = DISABLED
Wed Jan 20 17:06:04 2021 us=461977   pkcs11_cert_private = DISABLED
Wed Jan 20 17:06:04 2021 us=461977   pkcs11_pin_cache_period = -1
Wed Jan 20 17:06:04 2021 us=461977   pkcs11_id = '[UNDEF]'
Wed Jan 20 17:06:04 2021 us=461977   pkcs11_id_management = DISABLED
Wed Jan 20 17:06:04 2021 us=461977   server_network = 0.0.0.0
Wed Jan 20 17:06:04 2021 us=461977   server_netmask = 0.0.0.0
Wed Jan 20 17:06:04 2021 us=461977   server_network_ipv6 = ::
Wed Jan 20 17:06:04 2021 us=461977   server_netbits_ipv6 = 0
Wed Jan 20 17:06:04 2021 us=461977   server_bridge_ip = 0.0.0.0
Wed Jan 20 17:06:04 2021 us=461977   server_bridge_netmask = 0.0.0.0
Wed Jan 20 17:06:04 2021 us=461977   server_bridge_pool_start = 0.0.0.0
Wed Jan 20 17:06:04 2021 us=461977   server_bridge_pool_end = 0.0.0.0
Wed Jan 20 17:06:04 2021 us=461977   ifconfig_pool_defined = DISABLED
Wed Jan 20 17:06:04 2021 us=461977   ifconfig_pool_start = 0.0.0.0
Wed Jan 20 17:06:04 2021 us=461977   ifconfig_pool_end = 0.0.0.0
Wed Jan 20 17:06:04 2021 us=461977   ifconfig_pool_netmask = 0.0.0.0
Wed Jan 20 17:06:04 2021 us=461977   ifconfig_pool_persist_filename = '[UNDEF]'
Wed Jan 20 17:06:04 2021 us=461977   ifconfig_pool_persist_refresh_freq = 600
Wed Jan 20 17:06:04 2021 us=461977   ifconfig_ipv6_pool_defined = DISABLED
Wed Jan 20 17:06:04 2021 us=461977   ifconfig_ipv6_pool_base = ::
Wed Jan 20 17:06:04 2021 us=461977   ifconfig_ipv6_pool_netbits = 0
Wed Jan 20 17:06:04 2021 us=461977   n_bcast_buf = 256
Wed Jan 20 17:06:04 2021 us=461977   tcp_queue_limit = 64
Wed Jan 20 17:06:04 2021 us=461977   real_hash_size = 256
Wed Jan 20 17:06:04 2021 us=461977   virtual_hash_size = 256
Wed Jan 20 17:06:04 2021 us=461977   client_connect_script = '[UNDEF]'
Wed Jan 20 17:06:04 2021 us=461977   learn_address_script = '[UNDEF]'
Wed Jan 20 17:06:04 2021 us=461977   client_disconnect_script = '[UNDEF]'
Wed Jan 20 17:06:04 2021 us=461977   client_config_dir = '[UNDEF]'
Wed Jan 20 17:06:04 2021 us=461977   ccd_exclusive = DISABLED
Wed Jan 20 17:06:04 2021 us=461977   tmp_dir = 'C:\Users\gianl\AppData\Local\Temp\'
Wed Jan 20 17:06:04 2021 us=461977   push_ifconfig_defined = DISABLED
Wed Jan 20 17:06:04 2021 us=461977   push_ifconfig_local = 0.0.0.0
Wed Jan 20 17:06:04 2021 us=461977   push_ifconfig_remote_netmask = 0.0.0.0
Wed Jan 20 17:06:04 2021 us=461977   push_ifconfig_ipv6_defined = DISABLED
Wed Jan 20 17:06:04 2021 us=461977   push_ifconfig_ipv6_local = ::/0
Wed Jan 20 17:06:04 2021 us=461977   push_ifconfig_ipv6_remote = ::
Wed Jan 20 17:06:04 2021 us=461977   enable_c2c = DISABLED
Wed Jan 20 17:06:04 2021 us=461977   duplicate_cn = DISABLED
Wed Jan 20 17:06:04 2021 us=461977   cf_max = 0
Wed Jan 20 17:06:04 2021 us=461977   cf_per = 0
Wed Jan 20 17:06:04 2021 us=461977   max_clients = 1024
Wed Jan 20 17:06:04 2021 us=461977   max_routes_per_client = 256
Wed Jan 20 17:06:04 2021 us=461977   auth_user_pass_verify_script = '[UNDEF]'
Wed Jan 20 17:06:04 2021 us=461977   auth_user_pass_verify_script_via_file = DISABLED
Wed Jan 20 17:06:04 2021 us=461977   auth_token_generate = DISABLED
Wed Jan 20 17:06:04 2021 us=461977   auth_token_lifetime = 0
Wed Jan 20 17:06:04 2021 us=461977   client = ENABLED
Wed Jan 20 17:06:04 2021 us=461977   pull = ENABLED
Wed Jan 20 17:06:04 2021 us=461977   auth_user_pass_file = 'stdin'
Wed Jan 20 17:06:04 2021 us=461977   show_net_up = DISABLED
Wed Jan 20 17:06:04 2021 us=461977   route_method = 3
Wed Jan 20 17:06:04 2021 us=461977   block_outside_dns = DISABLED
Wed Jan 20 17:06:04 2021 us=461977   ip_win32_defined = DISABLED
Wed Jan 20 17:06:04 2021 us=461977   ip_win32_type = 3
Wed Jan 20 17:06:04 2021 us=461977   dhcp_masq_offset = 0
Wed Jan 20 17:06:04 2021 us=461977   dhcp_lease_time = 31536000
Wed Jan 20 17:06:04 2021 us=461977   tap_sleep = 0
Wed Jan 20 17:06:04 2021 us=461977   dhcp_options = DISABLED
Wed Jan 20 17:06:04 2021 us=461977   dhcp_renew = DISABLED
Wed Jan 20 17:06:04 2021 us=461977   dhcp_pre_release = DISABLED
Wed Jan 20 17:06:04 2021 us=461977   domain = '[UNDEF]'
Wed Jan 20 17:06:04 2021 us=461977   netbios_scope = '[UNDEF]'
Wed Jan 20 17:06:04 2021 us=461977   netbios_node_type = 0
Wed Jan 20 17:06:04 2021 us=461977   disable_nbt = DISABLED
Wed Jan 20 17:06:04 2021 us=461977 OpenVPN 2.4.9 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Apr 16 2020
Wed Jan 20 17:06:04 2021 us=461977 Windows version 6.2 (Windows 8 or greater) 64bit
Wed Jan 20 17:06:04 2021 us=461977 library versions: OpenSSL 1.1.1f  31 Mar 2020, LZO 2.10
Enter Management Password:
Wed Jan 20 17:06:04 2021 us=461977 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Wed Jan 20 17:06:04 2021 us=461977 Need hold release from management interface, waiting...
Wed Jan 20 17:06:04 2021 us=964035 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Wed Jan 20 17:06:05 2021 us=79904 MANAGEMENT: CMD 'state on'
Wed Jan 20 17:06:05 2021 us=79904 MANAGEMENT: CMD 'log all on'
Wed Jan 20 17:06:05 2021 us=318708 MANAGEMENT: CMD 'echo all on'
Wed Jan 20 17:06:05 2021 us=318708 MANAGEMENT: CMD 'bytecount 5'
Wed Jan 20 17:06:05 2021 us=318708 MANAGEMENT: CMD 'hold off'
Wed Jan 20 17:06:05 2021 us=334334 MANAGEMENT: CMD 'hold release'
Wed Jan 20 17:06:06 2021 us=369015 MANAGEMENT: CMD 'username "Auth" "gianluca-lenovo-C930"'
Wed Jan 20 17:06:06 2021 us=384339 MANAGEMENT: CMD 'password [...]'
Wed Jan 20 17:06:06 2021 us=399956 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Wed Jan 20 17:06:06 2021 us=399956 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Wed Jan 20 17:06:06 2021 us=399956 LZO compression initializing
Wed Jan 20 17:06:06 2021 us=399956 Control Channel MTU parms [ L:1622 D:1140 EF:110 EB:0 ET:0 EL:3 ]
Wed Jan 20 17:06:06 2021 us=399956 MANAGEMENT: >STATE:1611158766,RESOLVE,,,,,,
Wed Jan 20 17:06:06 2021 us=606090 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 ]
Wed Jan 20 17:06:06 2021 us=606090 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1602,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-client'
Wed Jan 20 17:06:06 2021 us=606090 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1602,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-server'
Wed Jan 20 17:06:06 2021 us=606090 TCP/UDP: Preserving recently used remote address: [AF_INET]%%MY_PUBLIC_IP%%:1194
Wed Jan 20 17:06:06 2021 us=606090 Socket Buffers: R=[65536->65536] S=[65536->65536]
Wed Jan 20 17:06:06 2021 us=606090 UDP link local (bound): [AF_INET][undef]:0
Wed Jan 20 17:06:06 2021 us=606090 UDP link remote: [AF_INET]%%MY_PUBLIC_IP%%:1194
Wed Jan 20 17:06:06 2021 us=606090 MANAGEMENT: >STATE:1611158766,WAIT,,,,,,
Wed Jan 20 17:06:06 2021 us=639255 MANAGEMENT: >STATE:1611158766,AUTH,,,,,,
Wed Jan 20 17:06:06 2021 us=639255 TLS: Initial packet from [AF_INET]%%MY_PUBLIC_IP%%:1194, sid=2007e79b 6d267ff3
Wed Jan 20 17:06:06 2021 us=639255 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Wed Jan 20 17:06:06 2021 us=739444 VERIFY OK: depth=1, C=IT, ST=Italia, L=Roma, O=MYSITE, emailAddress=spam@opnsense.org, CN=internal-sslvpn-ca
Wed Jan 20 17:06:06 2021 us=739444 VERIFY KU OK
Wed Jan 20 17:06:06 2021 us=739444 Validating certificate extended key usage
Wed Jan 20 17:06:06 2021 us=739444 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Wed Jan 20 17:06:06 2021 us=739444 VERIFY EKU OK
Wed Jan 20 17:06:06 2021 us=739444 VERIFY X509NAME OK: C=IT, ST=Italia, L=Roma, O=MYSITE, emailAddress=spam@opnsense.org, CN=SSLVPN Server Certificate
Wed Jan 20 17:06:06 2021 us=739444 VERIFY OK: depth=0, C=IT, ST=Italia, L=Roma, O=MYSITE, emailAddress=spam@opnsense.org, CN=SSLVPN Server Certificate
Wed Jan 20 17:06:07 2021 us=161392 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 4096 bit RSA
Wed Jan 20 17:06:07 2021 us=161392 [SSLVPN Server Certificate] Peer Connection Initiated with [AF_INET]%%MY_PUBLIC_IP%%:1194
Wed Jan 20 17:06:08 2021 us=377502 MANAGEMENT: >STATE:1611158768,GET_CONFIG,,,,,,
Wed Jan 20 17:06:08 2021 us=377502 SENT CONTROL [SSLVPN Server Certificate]: 'PUSH_REQUEST' (status=1)
Wed Jan 20 17:06:08 2021 us=408921 PUSH: Received control message: 'PUSH_REPLY,route 192.168.9.0 255.255.255.0,dhcp-option DNS 192.168.9.1,register-dns,redirect-gateway def1,route 10.10.2.0 255.255.255.0,topology net30,ping 10,ping-restart 60,ifconfig 10.10.2.6 10.10.2.5,peer-id 0,cipher AES-256-GCM'
Wed Jan 20 17:06:08 2021 us=408921 OPTIONS IMPORT: timers and/or timeouts modified
Wed Jan 20 17:06:08 2021 us=408921 OPTIONS IMPORT: --ifconfig/up options modified
Wed Jan 20 17:06:08 2021 us=408921 OPTIONS IMPORT: route options modified
Wed Jan 20 17:06:08 2021 us=408921 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Wed Jan 20 17:06:08 2021 us=408921 OPTIONS IMPORT: peer-id set
Wed Jan 20 17:06:08 2021 us=408921 OPTIONS IMPORT: adjusting link_mtu to 1625
Wed Jan 20 17:06:08 2021 us=408921 OPTIONS IMPORT: data channel crypto options modified
Wed Jan 20 17:06:08 2021 us=408921 Data Channel: using negotiated cipher 'AES-256-GCM'
Wed Jan 20 17:06:08 2021 us=408921 Data Channel MTU parms [ L:1553 D:1450 EF:53 EB:406 ET:0 EL:3 ]
Wed Jan 20 17:06:08 2021 us=408921 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Wed Jan 20 17:06:08 2021 us=408921 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Wed Jan 20 17:06:08 2021 us=408921 interactive service msg_channel=872
Wed Jan 20 17:06:08 2021 us=408921 ROUTE_GATEWAY 192.168.8.1/255.255.255.0 I=24 HWADDR=58:a0:23:7c:30:08
Wed Jan 20 17:06:08 2021 us=430381 open_tun
Wed Jan 20 17:06:08 2021 us=430381 TAP-WIN32 device [Connessione alla rete locale (LAN)] opened: \\.\Global\{419570FB-DACB-43C8-8E58-FB626CBBBA67}.tap
Wed Jan 20 17:06:08 2021 us=430381 TAP-Windows Driver Version 9.24 
Wed Jan 20 17:06:08 2021 us=430381 TAP-Windows MTU=1500
Wed Jan 20 17:06:08 2021 us=430381 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.10.2.6/255.255.255.252 on interface {419570FB-DACB-43C8-8E58-FB626CBBBA67} [DHCP-serv: 10.10.2.5, lease-time: 31536000]
Wed Jan 20 17:06:08 2021 us=430381 DHCP option string: 0604c0a8 0901
Wed Jan 20 17:06:08 2021 us=430381 Successful ARP Flush on interface [13] {419570FB-DACB-43C8-8E58-FB626CBBBA67}
Wed Jan 20 17:06:08 2021 us=446008 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Wed Jan 20 17:06:08 2021 us=446008 MANAGEMENT: >STATE:1611158768,ASSIGN_IP,,10.10.2.6,,,,
Wed Jan 20 17:06:13 2021 us=448436 TEST ROUTES: 3/3 succeeded len=2 ret=1 a=0 u/d=up
Wed Jan 20 17:06:13 2021 us=448436 C:\WINDOWS\system32\route.exe ADD %%MY_PUBLIC_IP%% MASK 255.255.255.255 192.168.8.1
Wed Jan 20 17:06:13 2021 us=448436 Route addition via service succeeded
Wed Jan 20 17:06:13 2021 us=448436 C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.10.2.5
Wed Jan 20 17:06:13 2021 us=448436 Route addition via service succeeded
Wed Jan 20 17:06:13 2021 us=448436 C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.10.2.5
Wed Jan 20 17:06:13 2021 us=464066 Route addition via service succeeded
Wed Jan 20 17:06:13 2021 us=464066 MANAGEMENT: >STATE:1611158773,ADD_ROUTES,,,,,,
Wed Jan 20 17:06:13 2021 us=464066 C:\WINDOWS\system32\route.exe ADD 192.168.9.0 MASK 255.255.255.0 10.10.2.5
Wed Jan 20 17:06:13 2021 us=464066 Route addition via service succeeded
Wed Jan 20 17:06:13 2021 us=464066 C:\WINDOWS\system32\route.exe ADD 10.10.2.0 MASK 255.255.255.0 10.10.2.5
Wed Jan 20 17:06:13 2021 us=464066 Route addition via service succeeded
Wed Jan 20 17:06:13 2021 us=464066 Initialization Sequence Completed
Wed Jan 20 17:06:13 2021 us=464066 Register_dns request sent to the service
Wed Jan 20 17:06:13 2021 us=464066 MANAGEMENT: >STATE:1611158773,CONNECTED,SUCCESS,10.10.2.6,%%MY_PUBLIC_IP%%,1194,,
Wed Jan 20 17:06:14 2021 us=615295 PID_ERR replay-window backtrack occurred [1] [SSL-0] [0_00] 0:4 0:3 t=1611158774[0] r=[0,64,15,1,1] sl=[60,4,64,528]
Wed Jan 20 17:06:19 2021 us=310799 PID_ERR replay-window backtrack occurred [2] [SSL-0] [00_011555555] 0:12 0:10 t=1611158779[0] r=[0,64,15,2,1] sl=[52,12,64,528]
Wed Jan 20 17:06:24 2021 us=626606 PID_ERR replay-window backtrack occurred [3] [SSL-0] [0___001122222222222222222333333333444_44445555555555555555566>>>] 0:67 0:64 t=1611158784[0] r=[0,64,15,3,1] sl=[61,64,64,528]
Wed Jan 20 17:07:03 2021 us=888875 PID_ERR replay-window backtrack occurred [4] [SSL-0] [0000_000012>>EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE] 0:98 0:94 t=1611158823[0] r=[-2,64,15,4,1] sl=[30,64,64,528]
Wed Jan 20 17:07:14 2021 us=610874 TCP/UDP: Closing socket
Wed Jan 20 17:07:14 2021 us=610874 C:\WINDOWS\system32\route.exe DELETE 192.168.9.0 MASK 255.255.255.0 10.10.2.5
Wed Jan 20 17:07:14 2021 us=610874 Route deletion via service succeeded
Wed Jan 20 17:07:14 2021 us=610874 C:\WINDOWS\system32\route.exe DELETE 10.10.2.0 MASK 255.255.255.0 10.10.2.5
Wed Jan 20 17:07:14 2021 us=610874 Route deletion via service succeeded
Wed Jan 20 17:07:14 2021 us=610874 C:\WINDOWS\system32\route.exe DELETE %%MY_PUBLIC_IP%% MASK 255.255.255.255 192.168.8.1
Wed Jan 20 17:07:14 2021 us=625996 Route deletion via service succeeded
Wed Jan 20 17:07:14 2021 us=625996 C:\WINDOWS\system32\route.exe DELETE 0.0.0.0 MASK 128.0.0.0 10.10.2.5
Wed Jan 20 17:07:14 2021 us=625996 Route deletion via service succeeded
Wed Jan 20 17:07:14 2021 us=625996 C:\WINDOWS\system32\route.exe DELETE 128.0.0.0 MASK 128.0.0.0 10.10.2.5
Wed Jan 20 17:07:14 2021 us=625996 Route deletion via service succeeded
Wed Jan 20 17:07:14 2021 us=625996 Closing TUN/TAP interface
Wed Jan 20 17:07:14 2021 us=644826 TAP: DHCP address released
Wed Jan 20 17:07:14 2021 us=644826 SIGTERM[hard,] received, process exiting
Wed Jan 20 17:07:14 2021 us=644826 MANAGEMENT: >STATE:1611158834,EXITING,SIGTERM,,,,,
where 192.168.9.0 is my lan and 10.10.2.0 is the vpn zone
Many thanks
Top
TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Client configuration on windows vs android

Post by TinCanTech » Wed Jan 20, 2021 5:15 pm

According to the log you posted, there is nothing wrong with your Windows connection.
Top
pico977
OpenVpn Newbie
Posts: 2
Joined: Wed Jan 20, 2021 4:10 pm

Re: Client configuration on windows vs android

Post by pico977 » Thu Jan 21, 2021 8:38 am

There are four errors from 17:06:14 to 17:07:03

Code: Select all

Wed Jan 20 17:06:14 2021 us=615295 PID_ERR replay-window backtrack occurred [1] [SSL-0] [0_00] 0:4 0:3 t=1611158774[0] r=[0,64,15,1,1] sl=[60,4,64,528]
Wed Jan 20 17:06:19 2021 us=310799 PID_ERR replay-window backtrack occurred [2] [SSL-0] [00_011555555] 0:12 0:10 t=1611158779[0] r=[0,64,15,2,1] sl=[52,12,64,528]
Wed Jan 20 17:06:24 2021 us=626606 PID_ERR replay-window backtrack occurred [3] [SSL-0] [0___001122222222222222222333333333444_44445555555555555555566>>>] 0:67 0:64 t=1611158784[0] r=[0,64,15,3,1] sl=[61,64,64,528]
Wed Jan 20 17:07:03 2021 us=888875 PID_ERR replay-window backtrack occurred [4] [SSL-0] [0000_000012>>EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE] 0:98 0:94 t=1611158823[0] r=[-2,64,15,4,1] sl=[30,64,64,528]
Top
TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Client configuration on windows vs android

Post by TinCanTech » Thu Jan 21, 2021 3:38 pm

They are not errors, you have a network problem.
Top
Post Reply

Return to “Off Topic, Related”