Limited LAN network for clients and browse with Public IP

This forum is for admins who are looking to build or expand their OpenVPN setup.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
Federicogpp
OpenVpn Newbie
Posts: 5
Joined: Tue Oct 20, 2020 5:33 pm

Limited LAN network for clients and browse with Public IP

Post by Federicogpp » Wed Mar 03, 2021 7:16 pm

Hi all,
I'm running into a problem and didn't figure how to solve it yet.

Goal: let my clients browse with my public IP but limited access to my LAN. I want them to see just a few servers and even just some protocols, like Samba or RDP.

Problem: I can get it working but without the limited part.

Some extra info:
I know that 192.168.1.0/24 is a commmon network, this is a lab.
Got the static route on my FW (pfsense) to get traffic back on clients.
I tried differents IPTables configs but i will post the one that let my browse but didnt limited LAN access at all.

Server config

port 1195
proto udp4
dev tun1
ca ca.crt
cert server.crt
key server.key  # This file should be kept secret
dh dh.pem
topology subnet
server 10.8.1.0 255.255.255.0 'nopool'
ifconfig-pool-persist /var/log/openvpn/ipp.txt
ifconfig-pool 10.8.1.50 10.8.1.100
push "route X.X.X.X 255.255.255.0"
push "redirect-gateway autolocal def1"
keepalive 10 120
reneg-sec 36000
tls-auth ta.key 0 # This file is secret
cipher AES-256-CBC
user nobody
group nogroup
persist-key
persist-tun
status /var/log/openvpn/openvpn-status.log
log         /var/log/openvpn/openvpn.log
verb 4
explicit-exit-notify 1
auth SHA256
crl-verify crl.pem
script-security 2
auth-user-pass-verify "/scripts/somescript.sh" via-env
plugin /usr/lib/x86_64-linux-gnu/openvpn/plugins/openvpn-plugin-auth-pam.so "medium_openvpn login USERNAME password PASSWORD pin OTP"
auth-nocache
push "dhcp-option DNS 8.8.4.4"
push "dhcp-option DNS 8.8.8.8"


Client config

client
dev tun
proto udp4
remote X.X.X.X PORT
resolv-retry infinite
nobind
user nobody
group nobody
persist-key
persist-tun
remote-cert-tls server
cipher AES-256-CBC
auth SHA256
verb 4
key-direction 1
reneg-sec 36000
ns-cert-type server
auth-user-pass


Code: Select all

Tue Mar  2 13:30:24 2021 us=347410 Current Parameter Settings:
Tue Mar  2 13:30:24 2021 us=347478   config = '/etc/openvpn/server.conf'
Tue Mar  2 13:30:24 2021 us=347492   mode = 1
Tue Mar  2 13:30:24 2021 us=347502   persist_config = DISABLED
Tue Mar  2 13:30:24 2021 us=347511   persist_mode = 1
Tue Mar  2 13:30:24 2021 us=347519   show_ciphers = DISABLED
Tue Mar  2 13:30:24 2021 us=347528   show_digests = DISABLED
Tue Mar  2 13:30:24 2021 us=347536   show_engines = DISABLED
Tue Mar  2 13:30:24 2021 us=347545   genkey = DISABLED
Tue Mar  2 13:30:24 2021 us=347554   key_pass_file = '[UNDEF]'
Tue Mar  2 13:30:24 2021 us=347562   show_tls_ciphers = DISABLED
Tue Mar  2 13:30:24 2021 us=347571   connect_retry_max = 0
Tue Mar  2 13:30:24 2021 us=347580 Connection profiles [0]:
Tue Mar  2 13:30:24 2021 us=347589   proto = udp4
Tue Mar  2 13:30:24 2021 us=347598   local = '[UNDEF]'
Tue Mar  2 13:30:24 2021 us=347607   local_port = '1195'
Tue Mar  2 13:30:24 2021 us=347615   remote = '[UNDEF]'
Tue Mar  2 13:30:24 2021 us=347624   remote_port = '1195'
Tue Mar  2 13:30:24 2021 us=347632   remote_float = DISABLED
Tue Mar  2 13:30:24 2021 us=347641   bind_defined = DISABLED
Tue Mar  2 13:30:24 2021 us=347650   bind_local = ENABLED
Tue Mar  2 13:30:24 2021 us=347658   bind_ipv6_only = DISABLED
Tue Mar  2 13:30:24 2021 us=347667   connect_retry_seconds = 5
Tue Mar  2 13:30:24 2021 us=347675   connect_timeout = 120
Tue Mar  2 13:30:24 2021 us=347684   socks_proxy_server = '[UNDEF]'
Tue Mar  2 13:30:24 2021 us=347693   socks_proxy_port = '[UNDEF]'
Tue Mar  2 13:30:24 2021 us=347701   tun_mtu = 1500
Tue Mar  2 13:30:24 2021 us=347710   tun_mtu_defined = ENABLED
Tue Mar  2 13:30:24 2021 us=347719   link_mtu = 1500
Tue Mar  2 13:30:24 2021 us=347727   link_mtu_defined = DISABLED
Tue Mar  2 13:30:24 2021 us=347736   tun_mtu_extra = 0
Tue Mar  2 13:30:24 2021 us=347745   tun_mtu_extra_defined = DISABLED
Tue Mar  2 13:30:24 2021 us=347753   mtu_discover_type = -1
Tue Mar  2 13:30:24 2021 us=347762   fragment = 0
Tue Mar  2 13:30:24 2021 us=347771   mssfix = 1450
Tue Mar  2 13:30:24 2021 us=347780   explicit_exit_notification = 1
Tue Mar  2 13:30:24 2021 us=347788 Connection profiles END
Tue Mar  2 13:30:24 2021 us=347797   remote_random = DISABLED
Tue Mar  2 13:30:24 2021 us=347806   ipchange = '[UNDEF]'
Tue Mar  2 13:30:24 2021 us=347814   dev = 'tun1'
Tue Mar  2 13:30:24 2021 us=347823   dev_type = '[UNDEF]'
Tue Mar  2 13:30:24 2021 us=347832   dev_node = '[UNDEF]'
Tue Mar  2 13:30:24 2021 us=347840   lladdr = '[UNDEF]'
Tue Mar  2 13:30:24 2021 us=347849   topology = 3
Tue Mar  2 13:30:24 2021 us=347858   ifconfig_local = '10.8.1.1'
Tue Mar  2 13:30:24 2021 us=347867   ifconfig_remote_netmask = '255.255.255.0'
Tue Mar  2 13:30:24 2021 us=347875   ifconfig_noexec = DISABLED
Tue Mar  2 13:30:24 2021 us=347884   ifconfig_nowarn = DISABLED
Tue Mar  2 13:30:24 2021 us=347892   ifconfig_ipv6_local = '[UNDEF]'
Tue Mar  2 13:30:24 2021 us=347901   ifconfig_ipv6_netbits = 0
Tue Mar  2 13:30:24 2021 us=347910   ifconfig_ipv6_remote = '[UNDEF]'
Tue Mar  2 13:30:24 2021 us=347919   shaper = 0
Tue Mar  2 13:30:24 2021 us=347927   mtu_test = 0
Tue Mar  2 13:30:24 2021 us=347936   mlock = DISABLED
Tue Mar  2 13:30:24 2021 us=347945   keepalive_ping = 10
Tue Mar  2 13:30:24 2021 us=347954   keepalive_timeout = 120
Tue Mar  2 13:30:24 2021 us=347963   inactivity_timeout = 0
Tue Mar  2 13:30:24 2021 us=347971   ping_send_timeout = 10
Tue Mar  2 13:30:24 2021 us=347980   ping_rec_timeout = 240
Tue Mar  2 13:30:24 2021 us=347989   ping_rec_timeout_action = 2
Tue Mar  2 13:30:24 2021 us=348073   ping_timer_remote = DISABLED
Tue Mar  2 13:30:24 2021 us=348083   remap_sigusr1 = 0
Tue Mar  2 13:30:24 2021 us=348092   persist_tun = ENABLED
Tue Mar  2 13:30:24 2021 us=348101   persist_local_ip = DISABLED
Tue Mar  2 13:30:24 2021 us=348109   persist_remote_ip = DISABLED
Tue Mar  2 13:30:24 2021 us=348118   persist_key = ENABLED
Tue Mar  2 13:30:24 2021 us=348126   passtos = DISABLED
Tue Mar  2 13:30:24 2021 us=348135   resolve_retry_seconds = 1000000000
Tue Mar  2 13:30:24 2021 us=348144   resolve_in_advance = DISABLED
Tue Mar  2 13:30:24 2021 us=348182   username = 'nobody'
Tue Mar  2 13:30:24 2021 us=348193   groupname = 'nogroup'
Tue Mar  2 13:30:24 2021 us=348202   chroot_dir = '[UNDEF]'
Tue Mar  2 13:30:24 2021 us=348211   cd_dir = '/etc/openvpn'
Tue Mar  2 13:30:24 2021 us=348219   writepid = '/run/openvpn/server.pid'
Tue Mar  2 13:30:24 2021 us=348228   up_script = '[UNDEF]'
Tue Mar  2 13:30:24 2021 us=348237   down_script = '[UNDEF]'
Tue Mar  2 13:30:24 2021 us=348245   down_pre = DISABLED
Tue Mar  2 13:30:24 2021 us=348254   up_restart = DISABLED
Tue Mar  2 13:30:24 2021 us=348262   up_delay = DISABLED
Tue Mar  2 13:30:24 2021 us=348271   daemon = ENABLED
Tue Mar  2 13:30:24 2021 us=348280   inetd = 0
Tue Mar  2 13:30:24 2021 us=348288   log = ENABLED
Tue Mar  2 13:30:24 2021 us=348297   suppress_timestamps = DISABLED
Tue Mar  2 13:30:24 2021 us=348306   machine_readable_output = DISABLED
Tue Mar  2 13:30:24 2021 us=348314   nice = 0
Tue Mar  2 13:30:24 2021 us=348323   verbosity = 4
Tue Mar  2 13:30:24 2021 us=348332   mute = 0
Tue Mar  2 13:30:24 2021 us=348344   gremlin = 0
Tue Mar  2 13:30:24 2021 us=348353   status_file = '/var/log/openvpn/openvpn-status.log'
Tue Mar  2 13:30:24 2021 us=348362   status_file_version = 1
Tue Mar  2 13:30:24 2021 us=348371   status_file_update_freq = 10
Tue Mar  2 13:30:24 2021 us=348379   occ = ENABLED
Tue Mar  2 13:30:24 2021 us=348388   rcvbuf = 0
Tue Mar  2 13:30:24 2021 us=348397   sndbuf = 0
Tue Mar  2 13:30:24 2021 us=348406   mark = 0
Tue Mar  2 13:30:24 2021 us=348414   sockflags = 0
Tue Mar  2 13:30:24 2021 us=348423   fast_io = DISABLED
Tue Mar  2 13:30:24 2021 us=348431   comp.alg = 0
Tue Mar  2 13:30:24 2021 us=348440   comp.flags = 0
Tue Mar  2 13:30:24 2021 us=348449   route_script = '[UNDEF]'
Tue Mar  2 13:30:24 2021 us=348457   route_default_gateway = '10.8.1.2'
Tue Mar  2 13:30:24 2021 us=348466   route_default_metric = 0
Tue Mar  2 13:30:24 2021 us=348475   route_noexec = DISABLED
Tue Mar  2 13:30:24 2021 us=348484   route_delay = 0
Tue Mar  2 13:30:24 2021 us=348493   route_delay_window = 30
Tue Mar  2 13:30:24 2021 us=348502   route_delay_defined = DISABLED
Tue Mar  2 13:30:24 2021 us=348510   route_nopull = DISABLED
Tue Mar  2 13:30:24 2021 us=348519   route_gateway_via_dhcp = DISABLED
Tue Mar  2 13:30:24 2021 us=348528   allow_pull_fqdn = DISABLED
Tue Mar  2 13:30:24 2021 us=348537   management_addr = '[UNDEF]'
Tue Mar  2 13:30:24 2021 us=348545   management_port = '[UNDEF]'
Tue Mar  2 13:30:24 2021 us=348554   management_user_pass = '[UNDEF]'
Tue Mar  2 13:30:24 2021 us=348563   management_log_history_cache = 250
Tue Mar  2 13:30:24 2021 us=348572   management_echo_buffer_size = 100
Tue Mar  2 13:30:24 2021 us=348580   management_write_peer_info_file = '[UNDEF]'
Tue Mar  2 13:30:24 2021 us=348589   management_client_user = '[UNDEF]'
Tue Mar  2 13:30:24 2021 us=348598   management_client_group = '[UNDEF]'
Tue Mar  2 13:30:24 2021 us=348607   management_flags = 0
Tue Mar  2 13:30:24 2021 us=348621   plugin[0] /usr/lib/x86_64-linux-gnu/openvpn/plugins/openvpn-plugin-auth-pam.so '[/usr/lib/x86_64-linux-gnu/openvpn/plugins/openvpn-plugin-auth-pam.so] [medium_openvpn] [login] [USERNAME] [password] [PASSWORD] [pin] [OTP]'
Tue Mar  2 13:30:24 2021 us=348631   shared_secret_file = '[UNDEF]'
Tue Mar  2 13:30:24 2021 us=348640   key_direction = 0
Tue Mar  2 13:30:24 2021 us=348649   ciphername = 'AES-256-CBC'
Tue Mar  2 13:30:24 2021 us=348658   ncp_enabled = ENABLED
Tue Mar  2 13:30:24 2021 us=348666   ncp_ciphers = 'AES-256-GCM:AES-128-GCM'
Tue Mar  2 13:30:24 2021 us=348675   authname = 'SHA256'
Tue Mar  2 13:30:24 2021 us=348683   prng_hash = 'SHA1'
Tue Mar  2 13:30:24 2021 us=348692   prng_nonce_secret_len = 16
Tue Mar  2 13:30:24 2021 us=348700   keysize = 0
Tue Mar  2 13:30:24 2021 us=348709   engine = DISABLED
Tue Mar  2 13:30:24 2021 us=348718   replay = ENABLED
Tue Mar  2 13:30:24 2021 us=348726   mute_replay_warnings = DISABLED
Tue Mar  2 13:30:24 2021 us=348735   replay_window = 64
Tue Mar  2 13:30:24 2021 us=348743   replay_time = 15
Tue Mar  2 13:30:24 2021 us=348757   packet_id_file = '[UNDEF]'
Tue Mar  2 13:30:24 2021 us=348766   use_iv = ENABLED
Tue Mar  2 13:30:24 2021 us=348775   test_crypto = DISABLED
Tue Mar  2 13:30:24 2021 us=348783   tls_server = ENABLED
Tue Mar  2 13:30:24 2021 us=348792   tls_client = DISABLED
Tue Mar  2 13:30:24 2021 us=348800   key_method = 2
Tue Mar  2 13:30:24 2021 us=348809   ca_file = 'ca.crt'
Tue Mar  2 13:30:24 2021 us=348817   ca_path = '[UNDEF]'
Tue Mar  2 13:30:24 2021 us=348826   dh_file = 'dh.pem'
Tue Mar  2 13:30:24 2021 us=348835   cert_file = 'server.crt'
Tue Mar  2 13:30:24 2021 us=348843   extra_certs_file = '[UNDEF]'
Tue Mar  2 13:30:24 2021 us=348852   priv_key_file = 'server.key'
Tue Mar  2 13:30:24 2021 us=348861   pkcs12_file = '[UNDEF]'
Tue Mar  2 13:30:24 2021 us=348869   cipher_list = '[UNDEF]'
Tue Mar  2 13:30:24 2021 us=348878   cipher_list_tls13 = '[UNDEF]'
Tue Mar  2 13:30:24 2021 us=348886   tls_cert_profile = '[UNDEF]'
Tue Mar  2 13:30:24 2021 us=348895   tls_verify = '[UNDEF]'
Tue Mar  2 13:30:24 2021 us=348903   tls_export_cert = '[UNDEF]'
Tue Mar  2 13:30:24 2021 us=348912   verify_x509_type = 0
Tue Mar  2 13:30:24 2021 us=348920   verify_x509_name = '[UNDEF]'
Tue Mar  2 13:30:24 2021 us=348929   crl_file = 'crl.pem'
Tue Mar  2 13:30:24 2021 us=348938   ns_cert_type = 0
Tue Mar  2 13:30:24 2021 us=348946   remote_cert_ku[i] = 0
Tue Mar  2 13:30:24 2021 us=348955   remote_cert_ku[i] = 0
Tue Mar  2 13:30:24 2021 us=348963   remote_cert_ku[i] = 0
Tue Mar  2 13:30:24 2021 us=348972   remote_cert_ku[i] = 0
Tue Mar  2 13:30:24 2021 us=348980   remote_cert_ku[i] = 0
Tue Mar  2 13:30:24 2021 us=348989   remote_cert_ku[i] = 0
Tue Mar  2 13:30:24 2021 us=348997   remote_cert_ku[i] = 0
Tue Mar  2 13:30:24 2021 us=349005   remote_cert_ku[i] = 0
Tue Mar  2 13:30:24 2021 us=349014   remote_cert_ku[i] = 0
Tue Mar  2 13:30:24 2021 us=349022   remote_cert_ku[i] = 0
Tue Mar  2 13:30:24 2021 us=349031   remote_cert_ku[i] = 0
Tue Mar  2 13:30:24 2021 us=349039   remote_cert_ku[i] = 0
Tue Mar  2 13:30:24 2021 us=349047   remote_cert_ku[i] = 0
Tue Mar  2 13:30:24 2021 us=349056   remote_cert_ku[i] = 0
Tue Mar  2 13:30:24 2021 us=349064   remote_cert_ku[i] = 0
Tue Mar  2 13:30:24 2021 us=349072   remote_cert_ku[i] = 0
Tue Mar  2 13:30:24 2021 us=349081   remote_cert_eku = '[UNDEF]'
Tue Mar  2 13:30:24 2021 us=349089   ssl_flags = 0
Tue Mar  2 13:30:24 2021 us=349098   tls_timeout = 2
Tue Mar  2 13:30:24 2021 us=349107   renegotiate_bytes = -1
Tue Mar  2 13:30:24 2021 us=349115   renegotiate_packets = 0
Tue Mar  2 13:30:24 2021 us=349124   renegotiate_seconds = 36000
Tue Mar  2 13:30:24 2021 us=349132   handshake_window = 60
Tue Mar  2 13:30:24 2021 us=349141   transition_window = 3600
Tue Mar  2 13:30:24 2021 us=349150   single_session = DISABLED
Tue Mar  2 13:30:24 2021 us=349158   push_peer_info = DISABLED
Tue Mar  2 13:30:24 2021 us=349167   tls_exit = DISABLED
Tue Mar  2 13:30:24 2021 us=349176   tls_auth_file = 'ta.key'
Tue Mar  2 13:30:24 2021 us=349184   tls_crypt_file = '[UNDEF]'
Tue Mar  2 13:30:24 2021 us=349333   pkcs11_private_mode = 00000000
Tue Mar  2 13:30:24 2021 us=349602   pkcs11_pin_cache_period = -1
Tue Mar  2 13:30:24 2021 us=349610   pkcs11_id = '[UNDEF]'
Tue Mar  2 13:30:24 2021 us=349619   pkcs11_id_management = DISABLED
Tue Mar  2 13:30:24 2021 us=349628   server_network = 10.8.1.0
Tue Mar  2 13:30:24 2021 us=349638   server_netmask = 255.255.255.0
Tue Mar  2 13:30:24 2021 us=349648   server_network_ipv6 = ::
Tue Mar  2 13:30:24 2021 us=349657   server_netbits_ipv6 = 0
Tue Mar  2 13:30:24 2021 us=349666   server_bridge_ip = 0.0.0.0
Tue Mar  2 13:30:24 2021 us=349676   server_bridge_netmask = 0.0.0.0
Tue Mar  2 13:30:24 2021 us=349685   server_bridge_pool_start = 0.0.0.0
Tue Mar  2 13:30:24 2021 us=349694   server_bridge_pool_end = 0.0.0.0
Tue Mar  2 13:30:24 2021 us=349703   push_entry = 'route X.X.X.X LAN 255.255.255.0'
Tue Mar  2 13:30:24 2021 us=349712   push_entry = 'redirect-gateway autolocal def1'
Tue Mar  2 13:30:24 2021 us=349721   push_entry = 'dhcp-option DNS 8.8.8.8'
Tue Mar  2 13:30:24 2021 us=349729   push_entry = 'dhcp-option DNS 8.8.4.4'
Tue Mar  2 13:30:24 2021 us=349746   push_entry = 'route-gateway 10.8.1.1'
Tue Mar  2 13:30:24 2021 us=349755   push_entry = 'topology subnet'
Tue Mar  2 13:30:24 2021 us=349764   push_entry = 'ping 10'
Tue Mar  2 13:30:24 2021 us=349772   push_entry = 'ping-restart 120'
Tue Mar  2 13:30:24 2021 us=349781   ifconfig_pool_defined = ENABLED
Tue Mar  2 13:30:24 2021 us=349790   ifconfig_pool_start = 10.8.1.50
Tue Mar  2 13:30:24 2021 us=349800   ifconfig_pool_end = 10.8.1.100
Tue Mar  2 13:30:24 2021 us=349809   ifconfig_pool_netmask = 255.255.255.0
Tue Mar  2 13:30:24 2021 us=349823   ifconfig_pool_persist_filename = '/var/log/openvpn/ipp.txt'
Tue Mar  2 13:30:24 2021 us=349832   ifconfig_pool_persist_refresh_freq = 600
Tue Mar  2 13:30:24 2021 us=349841   ifconfig_ipv6_pool_defined = DISABLED
Tue Mar  2 13:30:24 2021 us=349850   ifconfig_ipv6_pool_base = ::
Tue Mar  2 13:30:24 2021 us=349859   ifconfig_ipv6_pool_netbits = 0
Tue Mar  2 13:30:24 2021 us=349868   n_bcast_buf = 256
Tue Mar  2 13:30:24 2021 us=349876   tcp_queue_limit = 64
Tue Mar  2 13:30:24 2021 us=349885   real_hash_size = 256
Tue Mar  2 13:30:24 2021 us=349893   virtual_hash_size = 256
Tue Mar  2 13:30:24 2021 us=349902   client_connect_script = '[UNDEF]'
Tue Mar  2 13:30:24 2021 us=349910   learn_address_script = '[UNDEF]'
Tue Mar  2 13:30:24 2021 us=349919   client_disconnect_script = '[UNDEF]'
Tue Mar  2 13:30:24 2021 us=349927   client_config_dir = '[UNDEF]'
Tue Mar  2 13:30:24 2021 us=349936   ccd_exclusive = DISABLED
Tue Mar  2 13:30:24 2021 us=349944   tmp_dir = '/tmp'
Tue Mar  2 13:30:24 2021 us=349953   push_ifconfig_defined = DISABLED
Tue Mar  2 13:30:24 2021 us=349962   push_ifconfig_local = 0.0.0.0
Tue Mar  2 13:30:24 2021 us=349972   push_ifconfig_remote_netmask = 0.0.0.0
Tue Mar  2 13:30:24 2021 us=349980   push_ifconfig_ipv6_defined = DISABLED
Tue Mar  2 13:30:24 2021 us=349989   push_ifconfig_ipv6_local = ::/0
Tue Mar  2 13:30:24 2021 us=349999   push_ifconfig_ipv6_remote = ::
Tue Mar  2 13:30:24 2021 us=350007   enable_c2c = DISABLED
Tue Mar  2 13:30:24 2021 us=350016   duplicate_cn = DISABLED
Tue Mar  2 13:30:24 2021 us=350024   cf_max = 0
Tue Mar  2 13:30:24 2021 us=350033   cf_per = 0
Tue Mar  2 13:30:24 2021 us=350042   max_clients = 1024
Tue Mar  2 13:30:24 2021 us=350050   max_routes_per_client = 256
Tue Mar  2 13:30:24 2021 us=350059   auth_user_pass_verify_script = '/scripts/somescript.sh'
Tue Mar  2 13:30:24 2021 us=350068   auth_user_pass_verify_script_via_file = DISABLED
Tue Mar  2 13:30:24 2021 us=350077   auth_token_generate = DISABLED
Tue Mar  2 13:30:24 2021 us=350085   auth_token_lifetime = 0
Tue Mar  2 13:30:24 2021 us=350094   port_share_host = '[UNDEF]'
Tue Mar  2 13:30:24 2021 us=350102   port_share_port = '[UNDEF]'
Tue Mar  2 13:30:24 2021 us=350111   client = DISABLED
Tue Mar  2 13:30:24 2021 us=350120   pull = DISABLED
Tue Mar  2 13:30:24 2021 us=350128   auth_user_pass_file = '[UNDEF]'
Tue Mar  2 13:30:24 2021 us=350138 OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 20 2019
Tue Mar  2 13:30:24 2021 us=350151 library versions: OpenSSL 1.1.1d  10 Sep 2019, LZO 2.10
Tue Mar  2 13:30:24 2021 us=354141 NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x.  Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
Tue Mar  2 13:30:24 2021 us=354163 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
AUTH-PAM: BACKGROUND: INIT service='medium_openvpn'
Tue Mar  2 13:30:24 2021 us=354529 PLUGIN_INIT: POST /usr/lib/x86_64-linux-gnu/openvpn/plugins/openvpn-plugin-auth-pam.so '[/usr/lib/x86_64-linux-gnu/openvpn/plugins/openvpn-plugin-auth-pam.so] [medium_openvpn] [login] [USERNAME] [password] [PASSWORD] [pin] [OTP]' intercepted=PLUGIN_AUTH_USER_PASS_VERIFY 
Tue Mar  2 13:30:24 2021 us=354862 Diffie-Hellman initialized with 2048 bit key
Tue Mar  2 13:30:24 2021 us=355316 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Tue Mar  2 13:30:24 2021 us=355338 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Tue Mar  2 13:30:24 2021 us=355352 TLS-Auth MTU parms [ L:1621 D:1172 EF:78 EB:0 ET:0 EL:3 ]
Tue Mar  2 13:30:24 2021 us=355582 TUN/TAP device tun1 opened
Tue Mar  2 13:30:24 2021 us=355632 TUN/TAP TX queue length set to 100
Tue Mar  2 13:30:24 2021 us=355652 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Tue Mar  2 13:30:24 2021 us=355675 /sbin/ip link set dev tun1 up mtu 1500
Tue Mar  2 13:30:24 2021 us=360046 /sbin/ip addr add dev tun1 10.8.1.1/24 broadcast 10.8.1.255
Tue Mar  2 13:30:24 2021 us=362041 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
Tue Mar  2 13:30:24 2021 us=362303 Socket Buffers: R=[212992->212992] S=[212992->212992]
Tue Mar  2 13:30:24 2021 us=362327 UDPv4 link local (bound): [AF_INET][undef]:1195
Tue Mar  2 13:30:24 2021 us=362339 UDPv4 link remote: [AF_UNSPEC]
Tue Mar  2 13:30:24 2021 us=362353 GID set to nogroup
Tue Mar  2 13:30:24 2021 us=362369 UID set to nobody
Tue Mar  2 13:30:24 2021 us=362390 MULTI: multi_init called, r=256 v=256
Tue Mar  2 13:30:24 2021 us=362426 IFCONFIG POOL: base=10.8.1.50 size=51, ipv6=0
Tue Mar  2 13:30:24 2021 us=362444 ifconfig_pool_read(), in='client2,10.8.1.50', TODO: IPv6
Tue Mar  2 13:30:24 2021 us=362455 succeeded -> ifconfig_pool_set()
Tue Mar  2 13:30:24 2021 us=362466 IFCONFIG POOL LIST
Tue Mar  2 13:30:24 2021 us=362476 client2,10.8.1.50
Tue Mar  2 13:30:24 2021 us=362526 Initialization Sequence Completed
Tue Mar  2 13:31:24 2021 us=1072 MULTI: multi_create_instance called
Tue Mar  2 13:31:24 2021 us=1227 X.X.X.X SOMEIP:60248 Re-using SSL/TLS context
Tue Mar  2 13:31:24 2021 us=1455 X.X.X.X SOMEIP:60248 Control Channel MTU parms [ L:1621 D:1172 EF:78 EB:0 ET:0 EL:3 ]
Tue Mar  2 13:31:24 2021 us=1489 X.X.X.X SOMEIP:60248 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
Tue Mar  2 13:31:24 2021 us=1576 X.X.X.X SOMEIP:60248 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1569,tun-mtu 1500,proto UDPv4,keydir 0,cipher AES-256-CBC,auth SHA256,keysize 256,tls-auth,key-method 2,tls-server'
Tue Mar  2 13:31:24 2021 us=1601 X.X.X.X SOMEIP:60248 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1569,tun-mtu 1500,proto UDPv4,keydir 1,cipher AES-256-CBC,auth SHA256,keysize 256,tls-auth,key-method 2,tls-client'
Tue Mar  2 13:31:24 2021 us=1654 X.X.X.X SOMEIP:60248 TLS: Initial packet from [AF_INET]X.X.X.X SOMEIP:60248, sid=3d8ca7cc 188f96b9
Tue Mar  2 13:31:24 2021 us=181732 X.X.X.X SOMEIP:60248 VERIFY OK: depth=1, CN=Easy-RSA CA
Tue Mar  2 13:31:24 2021 us=182037 X.X.X.X SOMEIP:60248 VERIFY OK: depth=0, CN=client2
Tue Mar  2 13:31:24 2021 us=182575 X.X.X.X SOMEIP:60248 peer info: IV_VER=2.4.9
Tue Mar  2 13:31:24 2021 us=182619 X.X.X.X SOMEIP:60248 peer info: IV_PLAT=win
Tue Mar  2 13:31:24 2021 us=182642 X.X.X.X SOMEIP:60248 peer info: IV_PROTO=2
Tue Mar  2 13:31:24 2021 us=182662 X.X.X.X SOMEIP:60248 peer info: IV_NCP=2
Tue Mar  2 13:31:24 2021 us=182683 X.X.X.X SOMEIP:60248 peer info: IV_LZ4=1
Tue Mar  2 13:31:24 2021 us=182703 X.X.X.X SOMEIP:60248 peer info: IV_LZ4v2=1
Tue Mar  2 13:31:24 2021 us=182723 X.X.X.X SOMEIP:60248 peer info: IV_LZO=1
Tue Mar  2 13:31:24 2021 us=182743 X.X.X.X SOMEIP:60248 peer info: IV_COMP_STUB=1
Tue Mar  2 13:31:24 2021 us=182764 X.X.X.X SOMEIP:60248 peer info: IV_COMP_STUBv2=1
Tue Mar  2 13:31:24 2021 us=182784 X.X.X.X SOMEIP:60248 peer info: IV_TCPNL=1
Tue Mar  2 13:31:24 2021 us=182805 X.X.X.X SOMEIP:60248 peer info: IV_GUI_VER=OpenVPN_GUI_11
AUTH-PAM: BACKGROUND: received command code: 0
AUTH-PAM: BACKGROUND: USER: client2
AUTH-PAM: BACKGROUND: my_conv[0] query='login:' style=2
AUTH-PAM: BACKGROUND: name match found, query/match-string ['login:', 'login'] = 'USERNAME'
AUTH-PAM: BACKGROUND: my_conv[0] query='Password & verification code: ' style=1
AUTH-PAM: BACKGROUND: name match found, query/match-string ['Password & verification code: ', 'password'] = 'PASSWORD'
Tue Mar  2 13:31:24 2021 us=240827 X.X.X.X SOMEIP:60248 PLUGIN_CALL: POST /usr/lib/x86_64-linux-gnu/openvpn/plugins/openvpn-plugin-auth-pam.so/PLUGIN_AUTH_USER_PASS_VERIFY status=0
/scripts/somescript.sh: line 10: /var/log/openvpn/openvpn-access.log: Permission denied
Tue Mar  2 13:31:24 2021 us=246855 X.X.X.X SOMEIP:60248 TLS: Username/Password authentication succeeded for username 'client2' 
Tue Mar  2 13:31:24 2021 us=288296 X.X.X.X SOMEIP:60248 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 2048 bit RSA
Tue Mar  2 13:31:24 2021 us=288343 X.X.X.X SOMEIP:60248 [client2] Peer Connection Initiated with [AF_INET]X.X.X.X SOMEIP:60248
Tue Mar  2 13:31:24 2021 us=288372 client2/X.X.X.X SOMEIP:60248 MULTI_sva: pool returned IPv4=10.8.1.50, IPv6=(Not enabled)
Tue Mar  2 13:31:24 2021 us=288411 client2/X.X.X.X SOMEIP:60248 MULTI: Learn: 10.8.1.50 -> client2/X.X.X.X SOMEIP:60248
Tue Mar  2 13:31:24 2021 us=288423 client2/X.X.X.X SOMEIP:60248 MULTI: primary virtual IP for client2/X.X.X.X SOMEIP:60248: 10.8.1.50
Tue Mar  2 13:31:24 2021 us=871256 client2/X.X.X.X SOMEIP:60248 PUSH: Received control message: 'PUSH_REQUEST'
Tue Mar  2 13:31:24 2021 us=871399 client2/X.X.X.X SOMEIP:60248 SENT CONTROL [client2]: 'PUSH_REPLY,route X.X.X.X LAN 255.255.255.0,redirect-gateway autolocal def1,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,dhcp-option DNS 8.8.8.8,route-gateway 10.8.1.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.8.1.50 255.255.255.0,peer-id 0,cipher AES-256-GCM' (status=1)
Tue Mar  2 13:31:24 2021 us=871431 client2/X.X.X.X SOMEIP:60248 Data Channel: using negotiated cipher 'AES-256-GCM'
Tue Mar  2 13:31:24 2021 us=871471 client2/X.X.X.X SOMEIP:60248 Data Channel MTU parms [ L:1549 D:1450 EF:49 EB:406 ET:0 EL:3 ]
Tue Mar  2 13:31:24 2021 us=871653 client2/X.X.X.X SOMEIP:60248 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Tue Mar  2 13:31:24 2021 us=871686 client2/X.X.X.X SOMEIP:60248 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Tue Mar  2 13:31:28 2021 us=488260 client2/X.X.X.X SOMEIP:60248 MULTI: bad source address from client [::], packet dropped
Tue Mar  2 13:37:23 2021 us=294646 client2/X.X.X.X SOMEIP:60248 [client2] Inactivity timeout (--ping-restart), restarting
Tue Mar  2 13:37:23 2021 us=294754 client2/X.X.X.X SOMEIP:60248 SIGUSR1[soft,ping-restart] received, client-instance restarting
Tue Mar  2 13:57:03 2021 us=499118 MULTI: multi_create_instance called
Tue Mar  2 13:57:03 2021 us=499225 X.X.X.X SOMEIP:16079 Re-using SSL/TLS context
Tue Mar  2 13:57:03 2021 us=499334 X.X.X.X SOMEIP:16079 Control Channel MTU parms [ L:1621 D:1172 EF:78 EB:0 ET:0 EL:3 ]
Tue Mar  2 13:57:03 2021 us=499360 X.X.X.X SOMEIP:16079 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
Tue Mar  2 13:57:03 2021 us=499418 X.X.X.X SOMEIP:16079 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1569,tun-mtu 1500,proto UDPv4,keydir 0,cipher AES-256-CBC,auth SHA256,keysize 256,tls-auth,key-method 2,tls-server'
Tue Mar  2 13:57:03 2021 us=499437 X.X.X.X SOMEIP:16079 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1569,tun-mtu 1500,proto UDPv4,keydir 1,cipher AES-256-CBC,auth SHA256,keysize 256,tls-auth,key-method 2,tls-client'
Tue Mar  2 13:57:03 2021 us=499481 X.X.X.X SOMEIP:16079 TLS: Initial packet from [AF_INET]X.X.X.X SOMEIP:16079, sid=d0120338 839b0cee
Tue Mar  2 13:57:05 2021 us=368706 X.X.X.X SOMEIP:16079 VERIFY OK: depth=1, CN=Easy-RSA CA
Tue Mar  2 13:57:05 2021 us=368871 X.X.X.X SOMEIP:16079 VERIFY OK: depth=0, CN=client2
Tue Mar  2 13:57:05 2021 us=369137 X.X.X.X SOMEIP:16079 peer info: IV_VER=2.4.9
Tue Mar  2 13:57:05 2021 us=369158 X.X.X.X SOMEIP:16079 peer info: IV_PLAT=win
Tue Mar  2 13:57:05 2021 us=369169 X.X.X.X SOMEIP:16079 peer info: IV_PROTO=2
Tue Mar  2 13:57:05 2021 us=369178 X.X.X.X SOMEIP:16079 peer info: IV_NCP=2
Tue Mar  2 13:57:05 2021 us=369200 X.X.X.X SOMEIP:16079 peer info: IV_LZ4=1
Tue Mar  2 13:57:05 2021 us=369212 X.X.X.X SOMEIP:16079 peer info: IV_LZ4v2=1
Tue Mar  2 13:57:05 2021 us=369221 X.X.X.X SOMEIP:16079 peer info: IV_LZO=1
Tue Mar  2 13:57:05 2021 us=369231 X.X.X.X SOMEIP:16079 peer info: IV_COMP_STUB=1
Tue Mar  2 13:57:05 2021 us=369240 X.X.X.X SOMEIP:16079 peer info: IV_COMP_STUBv2=1
Tue Mar  2 13:57:05 2021 us=369250 X.X.X.X SOMEIP:16079 peer info: IV_TCPNL=1
Tue Mar  2 13:57:05 2021 us=369260 X.X.X.X SOMEIP:16079 peer info: IV_GUI_VER=OpenVPN_GUI_11
AUTH-PAM: BACKGROUND: received command code: 0
AUTH-PAM: BACKGROUND: USER: client2
AUTH-PAM: BACKGROUND: my_conv[0] query='login:' style=2
AUTH-PAM: BACKGROUND: name match found, query/match-string ['login:', 'login'] = 'USERNAME'
AUTH-PAM: BACKGROUND: my_conv[0] query='Password & verification code: ' style=1
AUTH-PAM: BACKGROUND: name match found, query/match-string ['Password & verification code: ', 'password'] = 'PASSWORD'
Tue Mar  2 13:57:05 2021 us=438156 X.X.X.X SOMEIP:16079 PLUGIN_CALL: POST /usr/lib/x86_64-linux-gnu/openvpn/plugins/openvpn-plugin-auth-pam.so/PLUGIN_AUTH_USER_PASS_VERIFY status=0
/scripts/somescript.sh: line 10: /var/log/openvpn/openvpn-access.log: Permission denied
Tue Mar  2 13:57:05 2021 us=441060 X.X.X.X SOMEIP:16079 TLS: Username/Password authentication succeeded for username 'client2' 
Tue Mar  2 13:57:05 2021 us=542530 X.X.X.X SOMEIP:16079 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 2048 bit RSA
Tue Mar  2 13:57:05 2021 us=542579 X.X.X.X SOMEIP:16079 [client2] Peer Connection Initiated with [AF_INET]X.X.X.X SOMEIP:16079
Tue Mar  2 13:57:05 2021 us=542606 client2/X.X.X.X SOMEIP:16079 MULTI_sva: pool returned IPv4=10.8.1.50, IPv6=(Not enabled)
Tue Mar  2 13:57:05 2021 us=542646 client2/X.X.X.X SOMEIP:16079 MULTI: Learn: 10.8.1.50 -> client2/X.X.X.X SOMEIP:16079
Tue Mar  2 13:57:05 2021 us=542658 client2/X.X.X.X SOMEIP:16079 MULTI: primary virtual IP for client2/X.X.X.X SOMEIP:16079: 10.8.1.50
Tue Mar  2 13:57:07 2021 us=184557 client2/X.X.X.X SOMEIP:16079 PUSH: Received control message: 'PUSH_REQUEST'
Tue Mar  2 13:57:07 2021 us=184700 client2/X.X.X.X SOMEIP:16079 SENT CONTROL [client2]: 'PUSH_REPLY,route X.X.X.X LAN 255.255.255.0,redirect-gateway autolocal def1,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,dhcp-option DNS 8.8.8.8,route-gateway 10.8.1.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.8.1.50 255.255.255.0,peer-id 0,cipher AES-256-GCM' (status=1)
Tue Mar  2 13:57:07 2021 us=184732 client2/X.X.X.X SOMEIP:16079 Data Channel: using negotiated cipher 'AES-256-GCM'
Tue Mar  2 13:57:07 2021 us=184774 client2/X.X.X.X SOMEIP:16079 Data Channel MTU parms [ L:1549 D:1450 EF:49 EB:406 ET:0 EL:3 ]
Tue Mar  2 13:57:07 2021 us=184948 client2/X.X.X.X SOMEIP:16079 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Tue Mar  2 13:57:07 2021 us=184980 client2/X.X.X.X SOMEIP:16079 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Tue Mar  2 13:57:07 2021 us=579709 client2/X.X.X.X SOMEIP:16079 MULTI: bad source address from client [::], packet dropped
Tue Mar  2 14:06:19 2021 us=971798 client2/X.X.X.X SOMEIP:16079 [client2] Inactivity timeout (--ping-restart), restarting
Tue Mar  2 14:06:19 2021 us=971906 client2/X.X.X.X SOMEIP:16079 SIGUSR1[soft,ping-restart] received, client-instance restarting

Code: Select all

Tue Mar 02 16:54:56 2021 NOTE: --user option is not implemented on Windows
Tue Mar 02 16:54:56 2021 NOTE: --group option is not implemented on Windows
Tue Mar 02 16:54:56 2021 us=501569 Current Parameter Settings:
Tue Mar 02 16:54:56 2021 us=501569   config = 'client2.ovpn'
Tue Mar 02 16:54:56 2021 us=501569   mode = 0
Tue Mar 02 16:54:56 2021 us=501569   show_ciphers = DISABLED
Tue Mar 02 16:54:56 2021 us=501569   show_digests = DISABLED
Tue Mar 02 16:54:56 2021 us=501569   show_engines = DISABLED
Tue Mar 02 16:54:56 2021 us=501569   genkey = DISABLED
Tue Mar 02 16:54:56 2021 us=501569   key_pass_file = '[UNDEF]'
Tue Mar 02 16:54:56 2021 us=501569   show_tls_ciphers = DISABLED
Tue Mar 02 16:54:56 2021 us=501569   connect_retry_max = 0
Tue Mar 02 16:54:56 2021 us=501569 Connection profiles [0]:
Tue Mar 02 16:54:56 2021 us=502568   proto = udp4
Tue Mar 02 16:54:56 2021 us=502568   local = '[UNDEF]'
Tue Mar 02 16:54:56 2021 us=502568   local_port = '[UNDEF]'
Tue Mar 02 16:54:56 2021 us=502568   remote = 'REMOTE'
Tue Mar 02 16:54:56 2021 us=502568   remote_port = 'PORT'
Tue Mar 02 16:54:56 2021 us=502568   remote_float = DISABLED
Tue Mar 02 16:54:56 2021 us=502568   bind_defined = DISABLED
Tue Mar 02 16:54:56 2021 us=502568   bind_local = DISABLED
Tue Mar 02 16:54:56 2021 us=502568   bind_ipv6_only = DISABLED
Tue Mar 02 16:54:56 2021 us=502568   connect_retry_seconds = 5
Tue Mar 02 16:54:56 2021 us=502568   connect_timeout = 120
Tue Mar 02 16:54:56 2021 us=502568   socks_proxy_server = '[UNDEF]'
Tue Mar 02 16:54:56 2021 us=502568   socks_proxy_port = '[UNDEF]'
Tue Mar 02 16:54:56 2021 us=502568   tun_mtu = 1500
Tue Mar 02 16:54:56 2021 us=502568   tun_mtu_defined = ENABLED
Tue Mar 02 16:54:56 2021 us=502568   link_mtu = 1500
Tue Mar 02 16:54:56 2021 us=502568   link_mtu_defined = DISABLED
Tue Mar 02 16:54:56 2021 us=502568   tun_mtu_extra = 0
Tue Mar 02 16:54:56 2021 us=502568   tun_mtu_extra_defined = DISABLED
Tue Mar 02 16:54:56 2021 us=502568   mtu_discover_type = -1
Tue Mar 02 16:54:56 2021 us=502568   fragment = 0
Tue Mar 02 16:54:56 2021 us=502568   mssfix = 1450
Tue Mar 02 16:54:56 2021 us=502568   explicit_exit_notification = 0
Tue Mar 02 16:54:56 2021 us=502568 Connection profiles END
Tue Mar 02 16:54:56 2021 us=502568   remote_random = DISABLED
Tue Mar 02 16:54:56 2021 us=502568   ipchange = '[UNDEF]'
Tue Mar 02 16:54:56 2021 us=502568   dev = 'tun'
Tue Mar 02 16:54:56 2021 us=502568   dev_type = '[UNDEF]'
Tue Mar 02 16:54:56 2021 us=502568   dev_node = '[UNDEF]'
Tue Mar 02 16:54:56 2021 us=502568   lladdr = '[UNDEF]'
Tue Mar 02 16:54:56 2021 us=503569   topology = 1
Tue Mar 02 16:54:56 2021 us=503569   ifconfig_local = '[UNDEF]'
Tue Mar 02 16:54:56 2021 us=503569   ifconfig_remote_netmask = '[UNDEF]'
Tue Mar 02 16:54:56 2021 us=503569   ifconfig_noexec = DISABLED
Tue Mar 02 16:54:56 2021 us=503569   ifconfig_nowarn = DISABLED
Tue Mar 02 16:54:56 2021 us=503569   ifconfig_ipv6_local = '[UNDEF]'
Tue Mar 02 16:54:56 2021 us=503569   ifconfig_ipv6_netbits = 0
Tue Mar 02 16:54:56 2021 us=503569   ifconfig_ipv6_remote = '[UNDEF]'
Tue Mar 02 16:54:56 2021 us=503569   shaper = 0
Tue Mar 02 16:54:56 2021 us=503569   mtu_test = 0
Tue Mar 02 16:54:56 2021 us=503569   mlock = DISABLED
Tue Mar 02 16:54:56 2021 us=503569   keepalive_ping = 0
Tue Mar 02 16:54:56 2021 us=503569   keepalive_timeout = 0
Tue Mar 02 16:54:56 2021 us=503569   inactivity_timeout = 0
Tue Mar 02 16:54:56 2021 us=503569   ping_send_timeout = 0
Tue Mar 02 16:54:56 2021 us=503569   ping_rec_timeout = 0
Tue Mar 02 16:54:56 2021 us=503569   ping_rec_timeout_action = 0
Tue Mar 02 16:54:56 2021 us=503569   ping_timer_remote = DISABLED
Tue Mar 02 16:54:56 2021 us=503569   remap_sigusr1 = 0
Tue Mar 02 16:54:56 2021 us=503569   persist_tun = ENABLED
Tue Mar 02 16:54:56 2021 us=503569   persist_local_ip = DISABLED
Tue Mar 02 16:54:56 2021 us=503569   persist_remote_ip = DISABLED
Tue Mar 02 16:54:56 2021 us=503569   persist_key = ENABLED
Tue Mar 02 16:54:56 2021 us=503569   passtos = DISABLED
Tue Mar 02 16:54:56 2021 us=503569   resolve_retry_seconds = 1000000000
Tue Mar 02 16:54:56 2021 us=504569   resolve_in_advance = DISABLED
Tue Mar 02 16:54:56 2021 us=504569   username = '[UNDEF]'
Tue Mar 02 16:54:56 2021 us=504569   groupname = '[UNDEF]'
Tue Mar 02 16:54:56 2021 us=504569   chroot_dir = '[UNDEF]'
Tue Mar 02 16:54:56 2021 us=504569   cd_dir = '[UNDEF]'
Tue Mar 02 16:54:56 2021 us=504569   writepid = '[UNDEF]'
Tue Mar 02 16:54:56 2021 us=504569   up_script = '[UNDEF]'
Tue Mar 02 16:54:56 2021 us=504569   down_script = '[UNDEF]'
Tue Mar 02 16:54:56 2021 us=504569   down_pre = DISABLED
Tue Mar 02 16:54:56 2021 us=504569   up_restart = DISABLED
Tue Mar 02 16:54:56 2021 us=504569   up_delay = DISABLED
Tue Mar 02 16:54:56 2021 us=504569   daemon = DISABLED
Tue Mar 02 16:54:56 2021 us=504569   inetd = 0
Tue Mar 02 16:54:56 2021 us=504569   log = ENABLED
Tue Mar 02 16:54:56 2021 us=504569   suppress_timestamps = DISABLED
Tue Mar 02 16:54:56 2021 us=504569   machine_readable_output = DISABLED
Tue Mar 02 16:54:56 2021 us=504569   nice = 0
Tue Mar 02 16:54:56 2021 us=504569   verbosity = 4
Tue Mar 02 16:54:56 2021 us=504569   mute = 0
Tue Mar 02 16:54:56 2021 us=504569   gremlin = 0
Tue Mar 02 16:54:56 2021 us=504569   status_file = '[UNDEF]'
Tue Mar 02 16:54:56 2021 us=504569   status_file_version = 1
Tue Mar 02 16:54:56 2021 us=504569   status_file_update_freq = 60
Tue Mar 02 16:54:56 2021 us=504569   occ = ENABLED
Tue Mar 02 16:54:56 2021 us=505570   rcvbuf = 0
Tue Mar 02 16:54:56 2021 us=505570   sndbuf = 0
Tue Mar 02 16:54:56 2021 us=505570   sockflags = 0
Tue Mar 02 16:54:56 2021 us=505570   fast_io = DISABLED
Tue Mar 02 16:54:56 2021 us=505570   comp.alg = 0
Tue Mar 02 16:54:56 2021 us=505570   comp.flags = 0
Tue Mar 02 16:54:56 2021 us=505570   route_script = '[UNDEF]'
Tue Mar 02 16:54:56 2021 us=505570   route_default_gateway = '[UNDEF]'
Tue Mar 02 16:54:56 2021 us=505570   route_default_metric = 0
Tue Mar 02 16:54:56 2021 us=505570   route_noexec = DISABLED
Tue Mar 02 16:54:56 2021 us=505570   route_delay = 5
Tue Mar 02 16:54:56 2021 us=505570   route_delay_window = 30
Tue Mar 02 16:54:56 2021 us=505570   route_delay_defined = ENABLED
Tue Mar 02 16:54:56 2021 us=505570   route_nopull = DISABLED
Tue Mar 02 16:54:56 2021 us=505570   route_gateway_via_dhcp = DISABLED
Tue Mar 02 16:54:56 2021 us=505570   allow_pull_fqdn = DISABLED
Tue Mar 02 16:54:56 2021 us=505570   Pull filters:
Tue Mar 02 16:54:56 2021 us=505570     ignore "route-method"
Tue Mar 02 16:54:56 2021 us=505570   management_addr = '127.0.0.1'
Tue Mar 02 16:54:56 2021 us=505570   management_port = '25342'
Tue Mar 02 16:54:56 2021 us=505570   management_user_pass = 'stdin'
Tue Mar 02 16:54:56 2021 us=505570   management_log_history_cache = 250
Tue Mar 02 16:54:56 2021 us=505570   management_echo_buffer_size = 100
Tue Mar 02 16:54:56 2021 us=505570   management_write_peer_info_file = '[UNDEF]'
Tue Mar 02 16:54:56 2021 us=505570   management_client_user = '[UNDEF]'
Tue Mar 02 16:54:56 2021 us=505570   management_client_group = '[UNDEF]'
Tue Mar 02 16:54:56 2021 us=505570   management_flags = 6
Tue Mar 02 16:54:56 2021 us=505570   shared_secret_file = '[UNDEF]'
Tue Mar 02 16:54:56 2021 us=505570   key_direction = 1
Tue Mar 02 16:54:56 2021 us=506571   ciphername = 'AES-256-CBC'
Tue Mar 02 16:54:56 2021 us=506571   ncp_enabled = ENABLED
Tue Mar 02 16:54:56 2021 us=506571   ncp_ciphers = 'AES-256-GCM:AES-128-GCM'
Tue Mar 02 16:54:56 2021 us=506571   authname = 'SHA256'
Tue Mar 02 16:54:56 2021 us=506571   prng_hash = 'SHA1'
Tue Mar 02 16:54:56 2021 us=506571   prng_nonce_secret_len = 16
Tue Mar 02 16:54:56 2021 us=506571   keysize = 0
Tue Mar 02 16:54:56 2021 us=506571   engine = DISABLED
Tue Mar 02 16:54:56 2021 us=506571   replay = ENABLED
Tue Mar 02 16:54:56 2021 us=506571   mute_replay_warnings = DISABLED
Tue Mar 02 16:54:56 2021 us=506571   replay_window = 64
Tue Mar 02 16:54:56 2021 us=506571   replay_time = 15
Tue Mar 02 16:54:56 2021 us=506571   packet_id_file = '[UNDEF]'
Tue Mar 02 16:54:56 2021 us=506571   use_iv = ENABLED
Tue Mar 02 16:54:56 2021 us=506571   test_crypto = DISABLED
Tue Mar 02 16:54:56 2021 us=506571   tls_server = DISABLED
Tue Mar 02 16:54:56 2021 us=506571   tls_client = ENABLED
Tue Mar 02 16:54:56 2021 us=506571   key_method = 2
Tue Mar 02 16:54:56 2021 us=506571   ca_file = '[[INLINE]]'
Tue Mar 02 16:54:56 2021 us=506571   ca_path = '[UNDEF]'
Tue Mar 02 16:54:56 2021 us=506571   dh_file = '[UNDEF]'
Tue Mar 02 16:54:56 2021 us=506571   cert_file = '[[INLINE]]'
Tue Mar 02 16:54:56 2021 us=506571   extra_certs_file = '[UNDEF]'
Tue Mar 02 16:54:56 2021 us=506571   priv_key_file = '[[INLINE]]'
Tue Mar 02 16:54:56 2021 us=506571   pkcs12_file = '[UNDEF]'
Tue Mar 02 16:54:56 2021 us=506571   cryptoapi_cert = '[UNDEF]'
Tue Mar 02 16:54:56 2021 us=506571   cipher_list = '[UNDEF]'
Tue Mar 02 16:54:56 2021 us=506571   cipher_list_tls13 = '[UNDEF]'
Tue Mar 02 16:54:56 2021 us=506571   tls_cert_profile = '[UNDEF]'
Tue Mar 02 16:54:56 2021 us=507572   tls_verify = '[UNDEF]'
Tue Mar 02 16:54:56 2021 us=507572   tls_export_cert = '[UNDEF]'
Tue Mar 02 16:54:56 2021 us=507572   verify_x509_type = 0
Tue Mar 02 16:54:56 2021 us=507572   verify_x509_name = '[UNDEF]'
Tue Mar 02 16:54:56 2021 us=507572   crl_file = '[UNDEF]'
Tue Mar 02 16:54:56 2021 us=507572   ns_cert_type = 1
Tue Mar 02 16:54:56 2021 us=507572   remote_cert_ku[i] = 65535
Tue Mar 02 16:54:56 2021 us=507572   remote_cert_eku = 'TLS Web Server Authentication'
Tue Mar 02 16:54:56 2021 us=507572   ssl_flags = 0
Tue Mar 02 16:54:56 2021 us=507572   tls_timeout = 2
Tue Mar 02 16:54:56 2021 us=507572   renegotiate_bytes = -1
Tue Mar 02 16:54:56 2021 us=507572   renegotiate_packets = 0
Tue Mar 02 16:54:56 2021 us=507572   renegotiate_seconds = 36000
Tue Mar 02 16:54:56 2021 us=507572   handshake_window = 60
Tue Mar 02 16:54:56 2021 us=507572   transition_window = 3600
Tue Mar 02 16:54:56 2021 us=507572   single_session = DISABLED
Tue Mar 02 16:54:56 2021 us=508572   push_peer_info = DISABLED
Tue Mar 02 16:54:56 2021 us=508572   tls_exit = DISABLED
Tue Mar 02 16:54:56 2021 us=508572   tls_auth_file = '[[INLINE]]'
Tue Mar 02 16:54:56 2021 us=508572   tls_crypt_file = '[UNDEF]'
Tue Mar 02 16:54:56 2021 us=509573   pkcs11_pin_cache_period = -1
Tue Mar 02 16:54:56 2021 us=509573   pkcs11_id = '[UNDEF]'
Tue Mar 02 16:54:56 2021 us=509573   pkcs11_id_management = DISABLED
Tue Mar 02 16:54:56 2021 us=510573   server_network = 0.0.0.0
Tue Mar 02 16:54:56 2021 us=510573   server_netmask = 0.0.0.0
Tue Mar 02 16:54:56 2021 us=510573   server_network_ipv6 = ::
Tue Mar 02 16:54:56 2021 us=510573   server_netbits_ipv6 = 0
Tue Mar 02 16:54:56 2021 us=510573   server_bridge_ip = 0.0.0.0
Tue Mar 02 16:54:56 2021 us=510573   server_bridge_netmask = 0.0.0.0
Tue Mar 02 16:54:56 2021 us=510573   server_bridge_pool_start = 0.0.0.0
Tue Mar 02 16:54:56 2021 us=510573   server_bridge_pool_end = 0.0.0.0
Tue Mar 02 16:54:56 2021 us=510573   ifconfig_pool_defined = DISABLED
Tue Mar 02 16:54:56 2021 us=510573   ifconfig_pool_start = 0.0.0.0
Tue Mar 02 16:54:56 2021 us=510573   ifconfig_pool_end = 0.0.0.0
Tue Mar 02 16:54:56 2021 us=510573   ifconfig_pool_netmask = 0.0.0.0
Tue Mar 02 16:54:56 2021 us=510573   ifconfig_pool_persist_filename = '[UNDEF]'
Tue Mar 02 16:54:56 2021 us=510573   ifconfig_pool_persist_refresh_freq = 600
Tue Mar 02 16:54:56 2021 us=510573   ifconfig_ipv6_pool_defined = DISABLED
Tue Mar 02 16:54:56 2021 us=510573   ifconfig_ipv6_pool_base = ::
Tue Mar 02 16:54:56 2021 us=510573   ifconfig_ipv6_pool_netbits = 0
Tue Mar 02 16:54:56 2021 us=510573   n_bcast_buf = 256
Tue Mar 02 16:54:56 2021 us=510573   tcp_queue_limit = 64
Tue Mar 02 16:54:56 2021 us=512575   real_hash_size = 256
Tue Mar 02 16:54:56 2021 us=512575   virtual_hash_size = 256
Tue Mar 02 16:54:56 2021 us=512575   client_connect_script = '[UNDEF]'
Tue Mar 02 16:54:56 2021 us=512575   learn_address_script = '[UNDEF]'
Tue Mar 02 16:54:56 2021 us=512575   client_disconnect_script = '[UNDEF]'
Tue Mar 02 16:54:56 2021 us=512575   client_config_dir = '[UNDEF]'
Tue Mar 02 16:54:56 2021 us=512575   ccd_exclusive = DISABLED
Tue Mar 02 16:54:56 2021 us=512575   tmp_dir = 'C:\Users\FPLAST~1\AppData\Local\Temp\'
Tue Mar 02 16:54:56 2021 us=512575   push_ifconfig_defined = DISABLED
Tue Mar 02 16:54:56 2021 us=512575   push_ifconfig_local = 0.0.0.0
Tue Mar 02 16:54:56 2021 us=512575   push_ifconfig_remote_netmask = 0.0.0.0
Tue Mar 02 16:54:56 2021 us=512575   push_ifconfig_ipv6_defined = DISABLED
Tue Mar 02 16:54:56 2021 us=512575   push_ifconfig_ipv6_local = ::/0
Tue Mar 02 16:54:56 2021 us=512575   push_ifconfig_ipv6_remote = ::
Tue Mar 02 16:54:56 2021 us=512575   enable_c2c = DISABLED
Tue Mar 02 16:54:56 2021 us=512575   duplicate_cn = DISABLED
Tue Mar 02 16:54:56 2021 us=512575   cf_max = 0
Tue Mar 02 16:54:56 2021 us=512575   cf_per = 0
Tue Mar 02 16:54:56 2021 us=512575   max_clients = 1024
Tue Mar 02 16:54:56 2021 us=512575   max_routes_per_client = 256
Tue Mar 02 16:54:56 2021 us=512575   auth_user_pass_verify_script = '[UNDEF]'
Tue Mar 02 16:54:56 2021 us=512575   auth_user_pass_verify_script_via_file = DISABLED
Tue Mar 02 16:54:56 2021 us=512575   auth_token_generate = DISABLED
Tue Mar 02 16:54:56 2021 us=513576   auth_token_lifetime = 0
Tue Mar 02 16:54:56 2021 us=513576   client = ENABLED
Tue Mar 02 16:54:56 2021 us=513576   pull = ENABLED
Tue Mar 02 16:54:56 2021 us=513576   auth_user_pass_file = 'stdin'
Tue Mar 02 16:54:56 2021 us=513576   show_net_up = DISABLED
Tue Mar 02 16:54:56 2021 us=513576   route_method = 3
Tue Mar 02 16:54:56 2021 us=513576   block_outside_dns = DISABLED
Tue Mar 02 16:54:56 2021 us=513576   ip_win32_defined = DISABLED
Tue Mar 02 16:54:56 2021 us=513576   ip_win32_type = 3
Tue Mar 02 16:54:56 2021 us=513576   dhcp_masq_offset = 0
Tue Mar 02 16:54:56 2021 us=513576   dhcp_lease_time = 31536000
Tue Mar 02 16:54:56 2021 us=513576   tap_sleep = 0
Tue Mar 02 16:54:56 2021 us=513576   dhcp_options = DISABLED
Tue Mar 02 16:54:56 2021 us=513576   dhcp_renew = DISABLED
Tue Mar 02 16:54:56 2021 us=513576   dhcp_pre_release = DISABLED
Tue Mar 02 16:54:56 2021 us=513576   domain = '[UNDEF]'
Tue Mar 02 16:54:56 2021 us=513576   netbios_scope = '[UNDEF]'
Tue Mar 02 16:54:56 2021 us=513576   netbios_node_type = 0
Tue Mar 02 16:54:56 2021 us=513576   disable_nbt = DISABLED
Tue Mar 02 16:54:56 2021 us=513576 OpenVPN 2.4.9 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Apr 16 2020
Tue Mar 02 16:54:56 2021 us=513576 Windows version 6.2 (Windows 8 or greater) 32bit
Tue Mar 02 16:54:56 2021 us=513576 library versions: OpenSSL 1.1.1f  31 Mar 2020, LZO 2.10
Enter Management Password:
Tue Mar 02 16:54:56 2021 us=518579 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25342
Tue Mar 02 16:54:56 2021 us=518579 Need hold release from management interface, waiting...
Tue Mar 02 16:54:56 2021 us=868812 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25342
Tue Mar 02 16:54:56 2021 us=970880 MANAGEMENT: CMD 'state on'
Tue Mar 02 16:54:56 2021 us=971881 MANAGEMENT: CMD 'log all on'
Tue Mar 02 16:55:01 2021 us=893165 MANAGEMENT: CMD 'echo all on'
Tue Mar 02 16:55:01 2021 us=930189 MANAGEMENT: CMD 'bytecount 5'
Tue Mar 02 16:55:01 2021 us=971217 MANAGEMENT: CMD 'hold off'
Tue Mar 02 16:55:02 2021 us=14245 MANAGEMENT: CMD 'hold release'
Tue Mar 02 16:55:13 2021 us=269797 MANAGEMENT: CMD 'username "Auth" "client2"'
Tue Mar 02 16:55:13 2021 us=365861 MANAGEMENT: CMD 'password [...]'
Tue Mar 02 16:55:13 2021 us=367863 WARNING: --ns-cert-type is DEPRECATED.  Use --remote-cert-tls instead.
Tue Mar 02 16:55:13 2021 us=405888 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Tue Mar 02 16:55:13 2021 us=405888 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Tue Mar 02 16:55:13 2021 us=407889 Control Channel MTU parms [ L:1621 D:1172 EF:78 EB:0 ET:0 EL:3 ]
Tue Mar 02 16:55:13 2021 us=407889 MANAGEMENT: >STATE:1614714913,RESOLVE,,,,,,
Tue Mar 02 16:55:14 2021 us=25301 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
Tue Mar 02 16:55:14 2021 us=25301 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1569,tun-mtu 1500,proto UDPv4,keydir 1,cipher AES-256-CBC,auth SHA256,keysize 256,tls-auth,key-method 2,tls-client'
Tue Mar 02 16:55:14 2021 us=25301 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1569,tun-mtu 1500,proto UDPv4,keydir 0,cipher AES-256-CBC,auth SHA256,keysize 256,tls-auth,key-method 2,tls-server'
Tue Mar 02 16:55:14 2021 us=26301 TCP/UDP: Preserving recently used remote address: [AF_INET]SOMEIP2:PORT
Tue Mar 02 16:55:14 2021 us=26301 Socket Buffers: R=[65536->65536] S=[65536->65536]
Tue Mar 02 16:55:14 2021 us=26301 UDPv4 link local: (not bound)
Tue Mar 02 16:55:14 2021 us=26301 UDPv4 link remote: [AF_INET]SOMEIP2:PORT
Tue Mar 02 16:55:14 2021 us=26301 MANAGEMENT: >STATE:1614714914,WAIT,,,,,,
Tue Mar 02 16:55:14 2021 us=67329 MANAGEMENT: >STATE:1614714914,AUTH,,,,,,
Tue Mar 02 16:55:14 2021 us=67329 TLS: Initial packet from [AF_INET]SOMEIP2:PORT, sid=37a27804 d2f2bead
Tue Mar 02 16:55:14 2021 us=68331 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Tue Mar 02 16:55:14 2021 us=130372 VERIFY OK: depth=1, CN=Easy-RSA CA
Tue Mar 02 16:55:14 2021 us=132373 VERIFY OK: nsCertType=SERVER
Tue Mar 02 16:55:14 2021 us=132373 VERIFY KU OK
Tue Mar 02 16:55:14 2021 us=132373 Validating certificate extended key usage
Tue Mar 02 16:55:14 2021 us=132373 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Tue Mar 02 16:55:14 2021 us=132373 VERIFY EKU OK
Tue Mar 02 16:55:14 2021 us=132373 VERIFY OK: depth=0, CN=server
Tue Mar 02 16:55:14 2021 us=372533 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 2048 bit RSA
Tue Mar 02 16:55:14 2021 us=372533 [server] Peer Connection Initiated with [AF_INET]SOMEIP2:PORT
Tue Mar 02 16:55:15 2021 us=561326 MANAGEMENT: >STATE:1614714915,GET_CONFIG,,,,,,
Tue Mar 02 16:55:15 2021 us=561326 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Tue Mar 02 16:55:15 2021 us=629371 PUSH: Received control message: 'PUSH_REPLY,route 192.168.1.0 255.255.255.0,redirect-gateway autolocal def1,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,dhcp-option DNS 8.8.8.8,route-gateway 10.8.1.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.8.1.50 255.255.255.0,peer-id 0,cipher AES-256-GCM'
Tue Mar 02 16:55:15 2021 us=629371 OPTIONS IMPORT: timers and/or timeouts modified
Tue Mar 02 16:55:15 2021 us=629371 OPTIONS IMPORT: --ifconfig/up options modified
Tue Mar 02 16:55:15 2021 us=630372 OPTIONS IMPORT: route options modified
Tue Mar 02 16:55:15 2021 us=630372 OPTIONS IMPORT: route-related options modified
Tue Mar 02 16:55:15 2021 us=630372 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Tue Mar 02 16:55:15 2021 us=630372 OPTIONS IMPORT: peer-id set
Tue Mar 02 16:55:15 2021 us=630372 OPTIONS IMPORT: adjusting link_mtu to 1624
Tue Mar 02 16:55:15 2021 us=630372 OPTIONS IMPORT: data channel crypto options modified
Tue Mar 02 16:55:15 2021 us=630372 Data Channel: using negotiated cipher 'AES-256-GCM'
Tue Mar 02 16:55:15 2021 us=630372 Data Channel MTU parms [ L:1552 D:1450 EF:52 EB:406 ET:0 EL:3 ]
Tue Mar 02 16:55:15 2021 us=630372 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Tue Mar 02 16:55:15 2021 us=630372 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Tue Mar 02 16:55:15 2021 us=630372 interactive service msg_channel=424
Tue Mar 02 16:55:15 2021 us=639377 ROUTE_GATEWAY 192.168.43.1/255.255.255.0 I=4 HWADDR=48:d2:24:65:54:ca
Tue Mar 02 16:55:15 2021 us=828503 open_tun
Tue Mar 02 16:55:15 2021 us=833507 TAP-WIN32 device [Conexión de área local 2] opened: \\.\Global\{867E4E4C-32C4-4606-AAC4-91E784EECFC1}.tap
Tue Mar 02 16:55:15 2021 us=834508 TAP-Windows Driver Version 9.24 
Tue Mar 02 16:55:15 2021 us=834508 TAP-Windows MTU=1500
Tue Mar 02 16:55:15 2021 us=840511 Set TAP-Windows TUN subnet mode network/local/netmask = 10.8.1.0/10.8.1.50/255.255.255.0 [SUCCEEDED]
Tue Mar 02 16:55:15 2021 us=840511 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.8.1.50/255.255.255.0 on interface {867E4E4C-32C4-4606-AAC4-91E784EECFC1} [DHCP-serv: 10.8.1.254, lease-time: 31536000]
Tue Mar 02 16:55:15 2021 us=841512 DHCP option string: 060cc0a8 01c8c0a8 01ce0808 0808
Tue Mar 02 16:55:15 2021 us=841512 Successful ARP Flush on interface [30] {867E4E4C-32C4-4606-AAC4-91E784EECFC1}
Tue Mar 02 16:55:15 2021 us=848517 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Tue Mar 02 16:55:15 2021 us=848517 MANAGEMENT: >STATE:1614714915,ASSIGN_IP,,10.8.1.50,,,,
Tue Mar 02 16:55:15 2021 us=849518 PID_ERR replay-window backtrack occurred [1] [TLS_WRAP-0] [0_1111111] 1614714899:9 1614714899:8 t=1614714915[0] r=[-1,64,15,1,1] sl=[55,9,64,272]
Tue Mar 02 16:55:20 2021 us=119394 TEST ROUTES: 2/2 succeeded len=1 ret=1 a=0 u/d=up
Tue Mar 02 16:55:20 2021 us=119394 ROUTE remote_host is NOT LOCAL
Tue Mar 02 16:55:20 2021 us=119394 C:\Windows\system32\route.exe ADD SOMEIP2 MASK 255.255.255.255 192.168.43.1
Tue Mar 02 16:55:20 2021 us=124399 Route addition via service succeeded
Tue Mar 02 16:55:20 2021 us=124399 C:\Windows\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.8.1.1
Tue Mar 02 16:55:20 2021 us=130402 Route addition via service succeeded
Tue Mar 02 16:55:20 2021 us=130402 C:\Windows\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.8.1.1
Tue Mar 02 16:55:20 2021 us=135405 Route addition via service succeeded
Tue Mar 02 16:55:20 2021 us=135405 MANAGEMENT: >STATE:1614714920,ADD_ROUTES,,,,,,
Tue Mar 02 16:55:20 2021 us=135405 C:\Windows\system32\route.exe ADD 192.168.1.0 MASK 255.255.255.0 10.8.1.1
Tue Mar 02 16:55:20 2021 us=140408 Route addition via service succeeded
Tue Mar 02 16:55:20 2021 us=140408 Initialization Sequence Completed
Tue Mar 02 16:55:20 2021 us=140408 MANAGEMENT: >STATE:1614714920,CONNECTED,SUCCESS,10.8.1.50,SOMEIP2,PORT,,
IPTables config (this works to browse with public IP but allows everything in LAN)

Code: Select all

  #! /bin/sh
  
   # Clean previuos rules
   iptables -F
   iptables -X
   iptables -Z
   iptables -t nat -F
   
   iptables -A INPUT -i lo -j ACCEPT
   iptables -A OUTPUT -o lo -j ACCEPT
  
   # Allow everything for testing.
   iptables --policy INPUT ACCEPT
   iptables --policy OUTPUT ACCEPT
   iptables --policy FORWARD ACCEPT
  
   # Rules to Forward and MASQUERADE
   iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
   iptables -A FORWARD -s 10.8.1.0/24 -j ACCEPT
   iptables -A FORWARD -j REJECT
   iptables -t nat -A POSTROUTING -s 10.8.1.0/24 -o eth0 -j MASQUERADE
Route print output:

Code: Select all

IPv4 Tabla de enrutamiento
===========================================================================
Rutas activas:
Destino de red        M scara de red   Puerta de enlace   Interfaz  M‚trica
          0.0.0.0          0.0.0.0     192.168.43.1   192.168.43.202     25
          0.0.0.0        128.0.0.0         10.8.1.1        10.8.1.50    266
         10.8.1.0    255.255.255.0      En v¡nculo         10.8.1.50    266
        10.8.1.50  255.255.255.255      En v¡nculo         10.8.1.50    266
       10.8.1.255  255.255.255.255      En v¡nculo         10.8.1.50    266
        127.0.0.0        255.0.0.0      En v¡nculo         127.0.0.1    306
        127.0.0.1  255.255.255.255      En v¡nculo         127.0.0.1    306
  127.255.255.255  255.255.255.255      En v¡nculo         127.0.0.1    306
        128.0.0.0        128.0.0.0         10.8.1.1        10.8.1.50    266
    179.41.18.225  255.255.255.255     192.168.43.1   192.168.43.202    281
      192.168.1.0    255.255.255.0         10.8.1.1        10.8.1.50    266
     192.168.43.0    255.255.255.0      En v¡nculo    192.168.43.202    281
   192.168.43.202  255.255.255.255      En v¡nculo    192.168.43.202    281
   192.168.43.255  255.255.255.255      En v¡nculo    192.168.43.202    281
        224.0.0.0        240.0.0.0      En v¡nculo         127.0.0.1    306
        224.0.0.0        240.0.0.0      En v¡nculo         10.8.1.50    266
        224.0.0.0        240.0.0.0      En v¡nculo    192.168.43.202    281
  255.255.255.255  255.255.255.255      En v¡nculo         127.0.0.1    306
  255.255.255.255  255.255.255.255      En v¡nculo         10.8.1.50    266
  255.255.255.255  255.255.255.255      En v¡nculo    192.168.43.202    281
===========================================================================
Rutas persistentes:
  Ninguno

IPv6 Tabla de enrutamiento
===========================================================================
Rutas activas:
 Cuando destino de red m‚trica      Puerta de enlace
  1    306 ::1/128                  En v¡nculo
 30    266 fe80::/64                En v¡nculo
  4    281 fe80::/64                En v¡nculo
 30    266 fe80::97b:7043:a7b:7011/128
                                    En v¡nculo
  4    281 fe80::dc4c:c9e8:1327:75c7/128
                                    En v¡nculo
  1    306 ff00::/8                 En v¡nculo
 30    266 ff00::/8                 En v¡nculo
  4    281 ff00::/8                 En v¡nculo
===========================================================================
Rutas persistentes: 
  Ninguno
Top
Post Reply

Return to “Server Administration”