[Solved] client looses connection even if keepalive is set

Need help configuring your VPN? Just post here and you'll get that help.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Locked
TinCanTech
OpenVPN Protagonist
Posts: 11139
Joined: Fri Jun 03, 2016 1:17 pm

Re: client looses connection even if keepalive is set

Post by TinCanTech » Thu Sep 22, 2016 2:23 pm

If you set --verb 4 and -- reneg-sec 3600 then restart your vpn client your log should be ok here ..
or you can always paste it to a server like https://0paste.com/ if you prefer.
Top
prius
OpenVpn Newbie
Posts: 17
Joined: Mon Sep 12, 2016 8:37 am

Re: client looses connection even if keepalive is set

Post by prius » Thu Sep 22, 2016 2:30 pm

TinCanTech wrote:If you set --verb 4 and -- reneg-sec 3600 then restart your vpn client your log should be ok here ..
Done.


Here it is (Vpn tunnel is fine at the moment..)

Code: Select all

Thu Sep 22 16:14:12 2016 us=498808 Current Parameter Settings:
Thu Sep 22 16:14:12 2016 us=498892   config = '/etc/openvpn/client.conf'
Thu Sep 22 16:14:12 2016 us=498908   mode = 0
Thu Sep 22 16:14:12 2016 us=498919   persist_config = DISABLED
Thu Sep 22 16:14:12 2016 us=498930   persist_mode = 1
Thu Sep 22 16:14:12 2016 us=498940   show_ciphers = DISABLED
Thu Sep 22 16:14:12 2016 us=498950   show_digests = DISABLED
Thu Sep 22 16:14:12 2016 us=498960   show_engines = DISABLED
Thu Sep 22 16:14:12 2016 us=498971   genkey = DISABLED
Thu Sep 22 16:14:12 2016 us=498981   key_pass_file = '[UNDEF]'
Thu Sep 22 16:14:12 2016 us=498991   show_tls_ciphers = DISABLED
Thu Sep 22 16:14:12 2016 us=499001 Connection profiles [default]:
Thu Sep 22 16:14:12 2016 us=499011   proto = udp
Thu Sep 22 16:14:12 2016 us=499022   local = '[UNDEF]'
Thu Sep 22 16:14:12 2016 us=499032   local_port = 0
Thu Sep 22 16:14:12 2016 us=499042   remote = '78.194.92.54'
Thu Sep 22 16:14:12 2016 us=499053   remote_port = 1194
Thu Sep 22 16:14:12 2016 us=499063   remote_float = DISABLED
Thu Sep 22 16:14:12 2016 us=499073   bind_defined = DISABLED
Thu Sep 22 16:14:12 2016 us=499084   bind_local = ENABLED
Thu Sep 22 16:14:12 2016 us=499094   connect_retry_seconds = 5
Thu Sep 22 16:14:12 2016 us=499104   connect_timeout = 10
Thu Sep 22 16:14:12 2016 us=499115   connect_retry_max = 0
Thu Sep 22 16:14:12 2016 us=499125   socks_proxy_server = '[UNDEF]'
Thu Sep 22 16:14:12 2016 us=499136   socks_proxy_port = 0
Thu Sep 22 16:14:12 2016 us=499146   socks_proxy_retry = DISABLED
Thu Sep 22 16:14:12 2016 us=499157   tun_mtu = 1500
Thu Sep 22 16:14:12 2016 us=499167   tun_mtu_defined = ENABLED
Thu Sep 22 16:14:12 2016 us=499177   link_mtu = 1500
Thu Sep 22 16:14:12 2016 us=499187   link_mtu_defined = DISABLED
Thu Sep 22 16:14:12 2016 us=499198   tun_mtu_extra = 0
Thu Sep 22 16:14:12 2016 us=499208   tun_mtu_extra_defined = DISABLED
Thu Sep 22 16:14:12 2016 us=499219   mtu_discover_type = -1
Thu Sep 22 16:14:12 2016 us=499229   fragment = 0
Thu Sep 22 16:14:12 2016 us=499239   mssfix = 1450
Thu Sep 22 16:14:12 2016 us=499250   explicit_exit_notification = 0
Thu Sep 22 16:14:12 2016 us=499260 Connection profiles END
Thu Sep 22 16:14:12 2016 us=499270   remote_random = DISABLED
Thu Sep 22 16:14:12 2016 us=499281   ipchange = '[UNDEF]'
Thu Sep 22 16:14:12 2016 us=499291   dev = 'tun'
Thu Sep 22 16:14:12 2016 us=499301   dev_type = '[UNDEF]'
Thu Sep 22 16:14:12 2016 us=499311   dev_node = '[UNDEF]'
Thu Sep 22 16:14:12 2016 us=499321   lladdr = '[UNDEF]'
Thu Sep 22 16:14:12 2016 us=499331   topology = 1
Thu Sep 22 16:14:12 2016 us=499342   tun_ipv6 = DISABLED
Thu Sep 22 16:14:12 2016 us=499352   ifconfig_local = '[UNDEF]'
Thu Sep 22 16:14:12 2016 us=499362   ifconfig_remote_netmask = '[UNDEF]'
Thu Sep 22 16:14:12 2016 us=499372   ifconfig_noexec = DISABLED
Thu Sep 22 16:14:12 2016 us=499382   ifconfig_nowarn = DISABLED
Thu Sep 22 16:14:12 2016 us=499392   ifconfig_ipv6_local = '[UNDEF]'
Thu Sep 22 16:14:12 2016 us=499403   ifconfig_ipv6_netbits = 0
Thu Sep 22 16:14:12 2016 us=499413   ifconfig_ipv6_remote = '[UNDEF]'
Thu Sep 22 16:14:12 2016 us=499423   shaper = 0
Thu Sep 22 16:14:12 2016 us=499433   mtu_test = 0
Thu Sep 22 16:14:12 2016 us=499443   mlock = DISABLED
Thu Sep 22 16:14:12 2016 us=499454   keepalive_ping = 0
Thu Sep 22 16:14:12 2016 us=499464   keepalive_timeout = 0
Thu Sep 22 16:14:12 2016 us=499474   inactivity_timeout = 0
Thu Sep 22 16:14:12 2016 us=499484   ping_send_timeout = 0
Thu Sep 22 16:14:12 2016 us=499494   ping_rec_timeout = 0
Thu Sep 22 16:14:12 2016 us=499505   ping_rec_timeout_action = 0
Thu Sep 22 16:14:12 2016 us=499515   ping_timer_remote = DISABLED
Thu Sep 22 16:14:12 2016 us=499525   remap_sigusr1 = 0
Thu Sep 22 16:14:12 2016 us=499535   persist_tun = ENABLED
Thu Sep 22 16:14:12 2016 us=499545   persist_local_ip = DISABLED
Thu Sep 22 16:14:12 2016 us=499555   persist_remote_ip = DISABLED
Thu Sep 22 16:14:12 2016 us=499565   persist_key = ENABLED
Thu Sep 22 16:14:12 2016 us=499575   passtos = DISABLED
Thu Sep 22 16:14:12 2016 us=499591   resolve_retry_seconds = 1000000000
Thu Sep 22 16:14:12 2016 us=499608   username = '[UNDEF]'
Thu Sep 22 16:14:12 2016 us=499619   groupname = '[UNDEF]'
Thu Sep 22 16:14:12 2016 us=499629   chroot_dir = '[UNDEF]'
Thu Sep 22 16:14:12 2016 us=499639   cd_dir = '/etc/openvpn'
Thu Sep 22 16:14:12 2016 us=499649   writepid = '[UNDEF]'
Thu Sep 22 16:14:12 2016 us=499659   up_script = '[UNDEF]'
Thu Sep 22 16:14:12 2016 us=499669   down_script = '[UNDEF]'
Thu Sep 22 16:14:12 2016 us=499679   down_pre = DISABLED
Thu Sep 22 16:14:12 2016 us=499690   up_restart = DISABLED
Thu Sep 22 16:14:12 2016 us=499699   up_delay = DISABLED
Thu Sep 22 16:14:12 2016 us=499709   daemon = ENABLED
Thu Sep 22 16:14:12 2016 us=499720   inetd = 0
Thu Sep 22 16:14:12 2016 us=499730   log = ENABLED
Thu Sep 22 16:14:12 2016 us=499740   suppress_timestamps = DISABLED
Thu Sep 22 16:14:12 2016 us=499750   nice = 0
Thu Sep 22 16:14:12 2016 us=499761   verbosity = 4
Thu Sep 22 16:14:12 2016 us=499771   mute = 0
Thu Sep 22 16:14:12 2016 us=499781   gremlin = 0
Thu Sep 22 16:14:12 2016 us=499791   status_file = '/run/openvpn/client.status'
Thu Sep 22 16:14:12 2016 us=499802   status_file_version = 1
Thu Sep 22 16:14:12 2016 us=499812   status_file_update_freq = 10
Thu Sep 22 16:14:12 2016 us=499822   occ = ENABLED
Thu Sep 22 16:14:12 2016 us=499833   rcvbuf = 65536
Thu Sep 22 16:14:12 2016 us=499845   sndbuf = 65536
Thu Sep 22 16:14:12 2016 us=499855   mark = 0
Thu Sep 22 16:14:12 2016 us=499865   sockflags = 0
Thu Sep 22 16:14:12 2016 us=499875   fast_io = DISABLED
Thu Sep 22 16:14:12 2016 us=499885   lzo = 3
Thu Sep 22 16:14:12 2016 us=499894   route_script = '[UNDEF]'
Thu Sep 22 16:14:12 2016 us=499904   route_default_gateway = '[UNDEF]'
Thu Sep 22 16:14:12 2016 us=499914   route_default_metric = 0
Thu Sep 22 16:14:12 2016 us=499924   route_noexec = DISABLED
Thu Sep 22 16:14:12 2016 us=499934   route_delay = 0
Thu Sep 22 16:14:12 2016 us=499945   route_delay_window = 30
Thu Sep 22 16:14:12 2016 us=499955   route_delay_defined = DISABLED
Thu Sep 22 16:14:12 2016 us=499965   route_nopull = DISABLED
Thu Sep 22 16:14:12 2016 us=499974   route_gateway_via_dhcp = DISABLED
Thu Sep 22 16:14:12 2016 us=499985   max_routes = 100
Thu Sep 22 16:14:12 2016 us=499995   allow_pull_fqdn = DISABLED
Thu Sep 22 16:14:12 2016 us=500004   management_addr = '[UNDEF]'
Thu Sep 22 16:14:12 2016 us=500015   management_port = 0
Thu Sep 22 16:14:12 2016 us=500025   management_user_pass = '[UNDEF]'
Thu Sep 22 16:14:12 2016 us=500035   management_log_history_cache = 250
Thu Sep 22 16:14:12 2016 us=500045   management_echo_buffer_size = 100
Thu Sep 22 16:14:12 2016 us=500055   management_write_peer_info_file = '[UNDEF]'
Thu Sep 22 16:14:12 2016 us=500065   management_client_user = '[UNDEF]'
Thu Sep 22 16:14:12 2016 us=500075   management_client_group = '[UNDEF]'
Thu Sep 22 16:14:12 2016 us=500085   management_flags = 0
Thu Sep 22 16:14:12 2016 us=500095   shared_secret_file = '[UNDEF]'
Thu Sep 22 16:14:12 2016 us=500105   key_direction = 2
Thu Sep 22 16:14:12 2016 us=500115   ciphername_defined = ENABLED
Thu Sep 22 16:14:12 2016 us=500125   ciphername = 'AES-128-CBC'
Thu Sep 22 16:14:12 2016 us=500135   authname_defined = ENABLED
Thu Sep 22 16:14:12 2016 us=500145   authname = 'SHA1'
Thu Sep 22 16:14:12 2016 us=500155   prng_hash = 'SHA1'
Thu Sep 22 16:14:12 2016 us=500165   prng_nonce_secret_len = 16
Thu Sep 22 16:14:12 2016 us=500175   keysize = 0
Thu Sep 22 16:14:12 2016 us=500185   engine = DISABLED
Thu Sep 22 16:14:12 2016 us=500194   replay = ENABLED
Thu Sep 22 16:14:12 2016 us=500204   mute_replay_warnings = DISABLED
Thu Sep 22 16:14:12 2016 us=500214   replay_window = 64
Thu Sep 22 16:14:12 2016 us=500224   replay_time = 15
Thu Sep 22 16:14:12 2016 us=500234   packet_id_file = '[UNDEF]'
Thu Sep 22 16:14:12 2016 us=500244   use_iv = ENABLED
Thu Sep 22 16:14:12 2016 us=500254   test_crypto = DISABLED
Thu Sep 22 16:14:12 2016 us=500264   tls_server = DISABLED
Thu Sep 22 16:14:12 2016 us=500273   tls_client = ENABLED
Thu Sep 22 16:14:12 2016 us=500283   key_method = 2
Thu Sep 22 16:14:12 2016 us=500293   ca_file = '[UNDEF]'
Thu Sep 22 16:14:12 2016 us=500308   ca_path = '[UNDEF]'
Thu Sep 22 16:14:12 2016 us=500319   dh_file = '[UNDEF]'
Thu Sep 22 16:14:12 2016 us=500329   cert_file = '[UNDEF]'
Thu Sep 22 16:14:12 2016 us=500339   priv_key_file = '[UNDEF]'
Thu Sep 22 16:14:12 2016 us=500350   pkcs12_file = '/etc/openvpn/backup1303.p12'
Thu Sep 22 16:14:12 2016 us=500360   cipher_list = '[UNDEF]'
Thu Sep 22 16:14:12 2016 us=500370   tls_verify = '[UNDEF]'
Thu Sep 22 16:14:12 2016 us=500380   tls_export_cert = '[UNDEF]'
Thu Sep 22 16:14:12 2016 us=500391   verify_x509_type = 2
Thu Sep 22 16:14:12 2016 us=500401   verify_x509_name = 'donzat.fr'
Thu Sep 22 16:14:12 2016 us=500411   crl_file = '[UNDEF]'
Thu Sep 22 16:14:12 2016 us=500422   ns_cert_type = 1
Thu Sep 22 16:14:12 2016 us=500432   remote_cert_ku[i] = 0
Thu Sep 22 16:14:12 2016 us=500442   remote_cert_ku[i] = 0
Thu Sep 22 16:14:12 2016 us=500453   remote_cert_ku[i] = 0
Thu Sep 22 16:14:12 2016 us=500463   remote_cert_ku[i] = 0
Thu Sep 22 16:14:12 2016 us=500473   remote_cert_ku[i] = 0
Thu Sep 22 16:14:12 2016 us=500483   remote_cert_ku[i] = 0
Thu Sep 22 16:14:12 2016 us=500493   remote_cert_ku[i] = 0
Thu Sep 22 16:14:12 2016 us=500503   remote_cert_ku[i] = 0
Thu Sep 22 16:14:12 2016 us=500513   remote_cert_ku[i] = 0
Thu Sep 22 16:14:12 2016 us=500523   remote_cert_ku[i] = 0
Thu Sep 22 16:14:12 2016 us=500533   remote_cert_ku[i] = 0
Thu Sep 22 16:14:12 2016 us=500543   remote_cert_ku[i] = 0
Thu Sep 22 16:14:12 2016 us=500553   remote_cert_ku[i] = 0
Thu Sep 22 16:14:12 2016 us=500563   remote_cert_ku[i] = 0
Thu Sep 22 16:14:12 2016 us=500573   remote_cert_ku[i] = 0
Thu Sep 22 16:14:12 2016 us=500583   remote_cert_ku[i] = 0
Thu Sep 22 16:14:12 2016 us=500593   remote_cert_eku = '[UNDEF]'
Thu Sep 22 16:14:12 2016 us=500603   ssl_flags = 0
Thu Sep 22 16:14:12 2016 us=500613   tls_timeout = 2
Thu Sep 22 16:14:12 2016 us=500624   renegotiate_bytes = 0
Thu Sep 22 16:14:12 2016 us=500634   renegotiate_packets = 0
Thu Sep 22 16:14:12 2016 us=500644   renegotiate_seconds = 3600
Thu Sep 22 16:14:12 2016 us=500654   handshake_window = 60
Thu Sep 22 16:14:12 2016 us=500664   transition_window = 3600
Thu Sep 22 16:14:12 2016 us=500674   single_session = DISABLED
Thu Sep 22 16:14:12 2016 us=500684   push_peer_info = DISABLED
Thu Sep 22 16:14:12 2016 us=500695   tls_exit = DISABLED
Thu Sep 22 16:14:12 2016 us=500705   tls_auth_file = '/etc/openvpn/dfrfw1-udp-1194-backup1303-tls.key'
Thu Sep 22 16:14:12 2016 us=500715   pkcs11_protected_authentication = DISABLED
Thu Sep 22 16:14:12 2016 us=500726   pkcs11_protected_authentication = DISABLED
Thu Sep 22 16:14:12 2016 us=500736   pkcs11_protected_authentication = DISABLED
Thu Sep 22 16:14:12 2016 us=500746   pkcs11_protected_authentication = DISABLED
Thu Sep 22 16:14:12 2016 us=500756   pkcs11_protected_authentication = DISABLED
Thu Sep 22 16:14:12 2016 us=500766   pkcs11_protected_authentication = DISABLED
Thu Sep 22 16:14:12 2016 us=500776   pkcs11_protected_authentication = DISABLED
Thu Sep 22 16:14:12 2016 us=500786   pkcs11_protected_authentication = DISABLED
Thu Sep 22 16:14:12 2016 us=500796   pkcs11_protected_authentication = DISABLED
Thu Sep 22 16:14:12 2016 us=500806   pkcs11_protected_authentication = DISABLED
Thu Sep 22 16:14:12 2016 us=500816   pkcs11_protected_authentication = DISABLED
Thu Sep 22 16:14:12 2016 us=500826   pkcs11_protected_authentication = DISABLED
Thu Sep 22 16:14:12 2016 us=500837   pkcs11_protected_authentication = DISABLED
Thu Sep 22 16:14:12 2016 us=500847   pkcs11_protected_authentication = DISABLED
Thu Sep 22 16:14:12 2016 us=500857   pkcs11_protected_authentication = DISABLED
Thu Sep 22 16:14:12 2016 us=500867   pkcs11_protected_authentication = DISABLED
Thu Sep 22 16:14:12 2016 us=500878   pkcs11_private_mode = 00000000
Thu Sep 22 16:14:12 2016 us=500888   pkcs11_private_mode = 00000000
Thu Sep 22 16:14:12 2016 us=500898   pkcs11_private_mode = 00000000
Thu Sep 22 16:14:12 2016 us=500908   pkcs11_private_mode = 00000000
Thu Sep 22 16:14:12 2016 us=500918   pkcs11_private_mode = 00000000
Thu Sep 22 16:14:12 2016 us=500933   pkcs11_private_mode = 00000000
Thu Sep 22 16:14:12 2016 us=500944   pkcs11_private_mode = 00000000
Thu Sep 22 16:14:12 2016 us=500955   pkcs11_private_mode = 00000000
Thu Sep 22 16:14:12 2016 us=500965   pkcs11_private_mode = 00000000
Thu Sep 22 16:14:12 2016 us=500975   pkcs11_private_mode = 00000000
Thu Sep 22 16:14:12 2016 us=500985   pkcs11_private_mode = 00000000
Thu Sep 22 16:14:12 2016 us=500995   pkcs11_private_mode = 00000000
Thu Sep 22 16:14:12 2016 us=501005   pkcs11_private_mode = 00000000
Thu Sep 22 16:14:12 2016 us=501016   pkcs11_private_mode = 00000000
Thu Sep 22 16:14:12 2016 us=501026   pkcs11_private_mode = 00000000
Thu Sep 22 16:14:12 2016 us=501036   pkcs11_private_mode = 00000000
Thu Sep 22 16:14:12 2016 us=501046   pkcs11_cert_private = DISABLED
Thu Sep 22 16:14:12 2016 us=501056   pkcs11_cert_private = DISABLED
Thu Sep 22 16:14:12 2016 us=501066   pkcs11_cert_private = DISABLED
Thu Sep 22 16:14:12 2016 us=501076   pkcs11_cert_private = DISABLED
Thu Sep 22 16:14:12 2016 us=501086   pkcs11_cert_private = DISABLED
Thu Sep 22 16:14:12 2016 us=501097   pkcs11_cert_private = DISABLED
Thu Sep 22 16:14:12 2016 us=501107   pkcs11_cert_private = DISABLED
Thu Sep 22 16:14:12 2016 us=501117   pkcs11_cert_private = DISABLED
Thu Sep 22 16:14:12 2016 us=501127   pkcs11_cert_private = DISABLED
Thu Sep 22 16:14:12 2016 us=501137   pkcs11_cert_private = DISABLED
Thu Sep 22 16:14:12 2016 us=501147   pkcs11_cert_private = DISABLED
Thu Sep 22 16:14:12 2016 us=501157   pkcs11_cert_private = DISABLED
Thu Sep 22 16:14:12 2016 us=501167   pkcs11_cert_private = DISABLED
Thu Sep 22 16:14:12 2016 us=501177   pkcs11_cert_private = DISABLED
Thu Sep 22 16:14:12 2016 us=501187   pkcs11_cert_private = DISABLED
Thu Sep 22 16:14:12 2016 us=501197   pkcs11_cert_private = DISABLED
Thu Sep 22 16:14:12 2016 us=501207   pkcs11_pin_cache_period = -1
Thu Sep 22 16:14:12 2016 us=501218   pkcs11_id = '[UNDEF]'
Thu Sep 22 16:14:12 2016 us=501228   pkcs11_id_management = DISABLED
Thu Sep 22 16:14:12 2016 us=501241   server_network = 0.0.0.0
Thu Sep 22 16:14:12 2016 us=501253   server_netmask = 0.0.0.0
Thu Sep 22 16:14:12 2016 us=501275   server_network_ipv6 = ::
Thu Sep 22 16:14:12 2016 us=501286   server_netbits_ipv6 = 0
Thu Sep 22 16:14:12 2016 us=501297   server_bridge_ip = 0.0.0.0
Thu Sep 22 16:14:12 2016 us=501309   server_bridge_netmask = 0.0.0.0
Thu Sep 22 16:14:12 2016 us=501320   server_bridge_pool_start = 0.0.0.0
Thu Sep 22 16:14:12 2016 us=501331   server_bridge_pool_end = 0.0.0.0
Thu Sep 22 16:14:12 2016 us=501341   ifconfig_pool_defined = DISABLED
Thu Sep 22 16:14:12 2016 us=501352   ifconfig_pool_start = 0.0.0.0
Thu Sep 22 16:14:12 2016 us=501363   ifconfig_pool_end = 0.0.0.0
Thu Sep 22 16:14:12 2016 us=501374   ifconfig_pool_netmask = 0.0.0.0
Thu Sep 22 16:14:12 2016 us=501384   ifconfig_pool_persist_filename = '[UNDEF]'
Thu Sep 22 16:14:12 2016 us=501395   ifconfig_pool_persist_refresh_freq = 600
Thu Sep 22 16:14:12 2016 us=501405   ifconfig_ipv6_pool_defined = DISABLED
Thu Sep 22 16:14:12 2016 us=501416   ifconfig_ipv6_pool_base = ::
Thu Sep 22 16:14:12 2016 us=501426   ifconfig_ipv6_pool_netbits = 0
Thu Sep 22 16:14:12 2016 us=501437   n_bcast_buf = 256
Thu Sep 22 16:14:12 2016 us=501447   tcp_queue_limit = 64
Thu Sep 22 16:14:12 2016 us=501457   real_hash_size = 256
Thu Sep 22 16:14:12 2016 us=501467   virtual_hash_size = 256
Thu Sep 22 16:14:12 2016 us=501477   client_connect_script = '[UNDEF]'
Thu Sep 22 16:14:12 2016 us=501487   learn_address_script = '[UNDEF]'
Thu Sep 22 16:14:12 2016 us=501498   client_disconnect_script = '[UNDEF]'
Thu Sep 22 16:14:12 2016 us=501508   client_config_dir = '[UNDEF]'
Thu Sep 22 16:14:12 2016 us=501518   ccd_exclusive = DISABLED
Thu Sep 22 16:14:12 2016 us=501528   tmp_dir = '/tmp'
Thu Sep 22 16:14:12 2016 us=501539   push_ifconfig_defined = DISABLED
Thu Sep 22 16:14:12 2016 us=501550   push_ifconfig_local = 0.0.0.0
Thu Sep 22 16:14:12 2016 us=501561   push_ifconfig_remote_netmask = 0.0.0.0
Thu Sep 22 16:14:12 2016 us=501571   push_ifconfig_ipv6_defined = DISABLED
Thu Sep 22 16:14:12 2016 us=501591   push_ifconfig_ipv6_local = ::/0
Thu Sep 22 16:14:12 2016 us=501603   push_ifconfig_ipv6_remote = ::
Thu Sep 22 16:14:12 2016 us=501613   enable_c2c = DISABLED
Thu Sep 22 16:14:12 2016 us=501623   duplicate_cn = DISABLED
Thu Sep 22 16:14:12 2016 us=501634   cf_max = 0
Thu Sep 22 16:14:12 2016 us=501644   cf_per = 0
Thu Sep 22 16:14:12 2016 us=501654   max_clients = 1024
Thu Sep 22 16:14:12 2016 us=501664   max_routes_per_client = 256
Thu Sep 22 16:14:12 2016 us=501675   auth_user_pass_verify_script = '[UNDEF]'
Thu Sep 22 16:14:12 2016 us=501686   auth_user_pass_verify_script_via_file = DISABLED
Thu Sep 22 16:14:12 2016 us=501696   port_share_host = '[UNDEF]'
Thu Sep 22 16:14:12 2016 us=501707   port_share_port = 0
Thu Sep 22 16:14:12 2016 us=501717   client = ENABLED
Thu Sep 22 16:14:12 2016 us=501727   pull = ENABLED
Thu Sep 22 16:14:12 2016 us=501738   auth_user_pass_file = '[UNDEF]'
Thu Sep 22 16:14:12 2016 us=501749 OpenVPN 2.3.4 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Nov 12 2015
Thu Sep 22 16:14:12 2016 us=501773 library versions: OpenSSL 1.0.1t  3 May 2016, LZO 2.08
Thu Sep 22 16:14:12 2016 us=505030 WARNING: file '/etc/openvpn/backup1303.p12' is group or others accessible
Thu Sep 22 16:14:12 2016 us=505165 WARNING: file '/etc/openvpn/dfrfw1-udp-1194-backup1303-tls.key' is group or others accessible
Thu Sep 22 16:14:12 2016 us=505181 Control Channel Authentication: using '/etc/openvpn/dfrfw1-udp-1194-backup1303-tls.key' as a OpenVPN static key file
Thu Sep 22 16:14:12 2016 us=505196 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Sep 22 16:14:12 2016 us=505209 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Sep 22 16:14:12 2016 us=505234 LZO compression initialized
Thu Sep 22 16:14:12 2016 us=505315 Control Channel MTU parms [ L:1558 D:166 EF:66 EB:0 ET:0 EL:0 ]
Thu Sep 22 16:14:12 2016 us=505356 Socket Buffers: R=[212992->131072] S=[212992->131072]
Thu Sep 22 16:14:12 2016 us=505390 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ]
Thu Sep 22 16:14:12 2016 us=505411 Local Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-128-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client'
Thu Sep 22 16:14:12 2016 us=505423 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-128-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server'
Thu Sep 22 16:14:12 2016 us=505445 Local Options hash (VER=V4): '272f1b58'
Thu Sep 22 16:14:12 2016 us=505462 Expected Remote Options hash (VER=V4): 'a2e63101'
Thu Sep 22 16:14:12 2016 us=506234 UDPv4 link local (bound): [undef]
Thu Sep 22 16:14:12 2016 us=506311 UDPv4 link remote: [AF_INET]78.194.92.54:1194
Thu Sep 22 16:14:12 2016 us=509486 TLS: Initial packet from [AF_INET]78.194.92.54:1194, sid=0e9eac7c 451fdc23
Thu Sep 22 16:14:12 2016 us=586583 VERIFY OK: depth=1, C=FR, ST=Ile de France, L=Paris, O=Donzat, emailAddress=root@donzat.fr, CN=internal-ca
Thu Sep 22 16:14:12 2016 us=586876 VERIFY OK: nsCertType=SERVER
Thu Sep 22 16:14:12 2016 us=586896 VERIFY X509NAME OK: C=FR, ST=Ile de France, L=Paris, O=Donzat, emailAddress=root@donzat.fr, CN=donzat.fr
Thu Sep 22 16:14:12 2016 us=586907 VERIFY OK: depth=0, C=FR, ST=Ile de France, L=Paris, O=Donzat, emailAddress=root@donzat.fr, CN=donzat.fr
Thu Sep 22 16:14:12 2016 us=731274 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Thu Sep 22 16:14:12 2016 us=731301 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Sep 22 16:14:12 2016 us=731314 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Thu Sep 22 16:14:12 2016 us=731327 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Sep 22 16:14:12 2016 us=731362 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Thu Sep 22 16:14:12 2016 us=731391 [donzat.fr] Peer Connection Initiated with [AF_INET]78.194.92.54:1194
Thu Sep 22 16:14:15 2016 us=34025 SENT CONTROL [donzat.fr]: 'PUSH_REQUEST' (status=1)
Thu Sep 22 16:14:15 2016 us=37530 PUSH: Received control message: 'PUSH_REPLY,route 192.168.199.0 255.255.255.0,route 192.168.200.1,topology net30,ping 10,ping-restart 60,ifconfig 192.168.200.6 192.168.200.1'
Thu Sep 22 16:14:15 2016 us=47443 OPTIONS IMPORT: timers and/or timeouts modified
Thu Sep 22 16:14:15 2016 us=47463 OPTIONS IMPORT: --ifconfig/up options modified
Thu Sep 22 16:14:15 2016 us=47474 OPTIONS IMPORT: route options modified
Thu Sep 22 16:14:15 2016 us=47693 ROUTE_GATEWAY 172.17.10.1/255.255.255.0 IFACE=eth0 HWADDR=00:16:3e:11:0a:4b
Thu Sep 22 16:14:15 2016 us=47944 TUN/TAP device tun4 opened
Thu Sep 22 16:14:15 2016 us=47970 TUN/TAP TX queue length set to 100
Thu Sep 22 16:14:15 2016 us=47990 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Thu Sep 22 16:14:15 2016 us=48015 /sbin/ip link set dev tun4 up mtu 1500
Thu Sep 22 16:14:15 2016 us=50169 /sbin/ip addr add dev tun4 local 192.168.200.6 peer 192.168.200.1
Thu Sep 22 16:14:15 2016 us=52682 /sbin/ip route add 192.168.199.0/24 via 192.168.200.1
Thu Sep 22 16:14:15 2016 us=54510 /sbin/ip route add 192.168.200.1/32 via 192.168.200.1
RTNETLINK answers: File exists
Thu Sep 22 16:14:15 2016 us=56349 ERROR: Linux route add command failed: external program exited with error status: 2
Thu Sep 22 16:14:15 2016 us=56397 Initialization Sequence Completed
Top
TinCanTech
OpenVPN Protagonist
Posts: 11139
Joined: Fri Jun 03, 2016 1:17 pm

Re: client looses connection even if keepalive is set

Post by TinCanTech » Thu Sep 22, 2016 3:31 pm

And Finally I can give you an answer :mrgreen:

This is incorrect:
prius wrote:PUSH: Received control message: 'PUSH_REPLY,route 192.168.199.0 255.255.255.0,route 192.168.200.1,topology net30,ping 10,ping-restart 60,ifconfig 192.168.200.6 192.168.200.1'
The remote peer (ie. your server ip) is not the correct ip for use here.

This must have been set by you using:
prius wrote:client-config-dir /var/etc/openvpn-csc
in file backup1303 ,as that is your client common_name.

You have set this:

Code: Select all

ifconfig 192.168.200.6 192.168.200.1
but you need to set this instead:

Code: Select all

ifconfig 192.168.200.6 192.168.200.5
:geek:
Top
prius
OpenVpn Newbie
Posts: 17
Joined: Mon Sep 12, 2016 8:37 am

Re: client looses connection even if keepalive is set

Post by prius » Thu Sep 22, 2016 3:59 pm

thanks.

unfortunably that doesn't work.

changed ifconfig-push 192.168.200.6 192.168.200.1 to ifconfig-push 192.168.200.6 192.168.200.5, restarted the openvpn service on both server and client.

My openvpn client is not able to ping the lan (and is not reachable from the lan either)
log:

Code: Select all

Thu Sep 22 17:58:05 2016 us=161593 Current Parameter Settings:
Thu Sep 22 17:58:05 2016 us=161678   config = '/etc/openvpn/client.conf'
Thu Sep 22 17:58:05 2016 us=161693   mode = 0
Thu Sep 22 17:58:05 2016 us=161705   persist_config = DISABLED
Thu Sep 22 17:58:05 2016 us=161716   persist_mode = 1
Thu Sep 22 17:58:05 2016 us=161727   show_ciphers = DISABLED
Thu Sep 22 17:58:05 2016 us=161738   show_digests = DISABLED
Thu Sep 22 17:58:05 2016 us=161748   show_engines = DISABLED
Thu Sep 22 17:58:05 2016 us=161759   genkey = DISABLED
Thu Sep 22 17:58:05 2016 us=161769   key_pass_file = '[UNDEF]'
Thu Sep 22 17:58:05 2016 us=161780   show_tls_ciphers = DISABLED
Thu Sep 22 17:58:05 2016 us=161790 Connection profiles [default]:
Thu Sep 22 17:58:05 2016 us=161801   proto = udp
Thu Sep 22 17:58:05 2016 us=161812   local = '[UNDEF]'
Thu Sep 22 17:58:05 2016 us=161822   local_port = 0
Thu Sep 22 17:58:05 2016 us=161833   remote = '78.194.92.54'
Thu Sep 22 17:58:05 2016 us=161844   remote_port = 1194
Thu Sep 22 17:58:05 2016 us=161855   remote_float = DISABLED
Thu Sep 22 17:58:05 2016 us=161865   bind_defined = DISABLED
Thu Sep 22 17:58:05 2016 us=161876   bind_local = ENABLED
Thu Sep 22 17:58:05 2016 us=161887   connect_retry_seconds = 5
Thu Sep 22 17:58:05 2016 us=161897   connect_timeout = 10
Thu Sep 22 17:58:05 2016 us=161908   connect_retry_max = 0
Thu Sep 22 17:58:05 2016 us=161919   socks_proxy_server = '[UNDEF]'
Thu Sep 22 17:58:05 2016 us=161930   socks_proxy_port = 0
Thu Sep 22 17:58:05 2016 us=161940   socks_proxy_retry = DISABLED
Thu Sep 22 17:58:05 2016 us=161951   tun_mtu = 1500
Thu Sep 22 17:58:05 2016 us=161962   tun_mtu_defined = ENABLED
Thu Sep 22 17:58:05 2016 us=161972   link_mtu = 1500
Thu Sep 22 17:58:05 2016 us=161983   link_mtu_defined = DISABLED
Thu Sep 22 17:58:05 2016 us=161993   tun_mtu_extra = 0
Thu Sep 22 17:58:05 2016 us=162004   tun_mtu_extra_defined = DISABLED
Thu Sep 22 17:58:05 2016 us=162014   mtu_discover_type = -1
Thu Sep 22 17:58:05 2016 us=162025   fragment = 0
Thu Sep 22 17:58:05 2016 us=162036   mssfix = 1450
Thu Sep 22 17:58:05 2016 us=162046   explicit_exit_notification = 0
Thu Sep 22 17:58:05 2016 us=162057 Connection profiles END
Thu Sep 22 17:58:05 2016 us=162067   remote_random = DISABLED
Thu Sep 22 17:58:05 2016 us=162078   ipchange = '[UNDEF]'
Thu Sep 22 17:58:05 2016 us=162089   dev = 'tun'
Thu Sep 22 17:58:05 2016 us=162099   dev_type = '[UNDEF]'
Thu Sep 22 17:58:05 2016 us=162110   dev_node = '[UNDEF]'
Thu Sep 22 17:58:05 2016 us=162120   lladdr = '[UNDEF]'
Thu Sep 22 17:58:05 2016 us=162131   topology = 1
Thu Sep 22 17:58:05 2016 us=162141   tun_ipv6 = DISABLED
Thu Sep 22 17:58:05 2016 us=162152   ifconfig_local = '[UNDEF]'
Thu Sep 22 17:58:05 2016 us=162162   ifconfig_remote_netmask = '[UNDEF]'
Thu Sep 22 17:58:05 2016 us=162173   ifconfig_noexec = DISABLED
Thu Sep 22 17:58:05 2016 us=162183   ifconfig_nowarn = DISABLED
Thu Sep 22 17:58:05 2016 us=162194   ifconfig_ipv6_local = '[UNDEF]'
Thu Sep 22 17:58:05 2016 us=162204   ifconfig_ipv6_netbits = 0
Thu Sep 22 17:58:05 2016 us=162215   ifconfig_ipv6_remote = '[UNDEF]'
Thu Sep 22 17:58:05 2016 us=162225   shaper = 0
Thu Sep 22 17:58:05 2016 us=162236   mtu_test = 0
Thu Sep 22 17:58:05 2016 us=162246   mlock = DISABLED
Thu Sep 22 17:58:05 2016 us=162257   keepalive_ping = 0
Thu Sep 22 17:58:05 2016 us=162267   keepalive_timeout = 0
Thu Sep 22 17:58:05 2016 us=162278   inactivity_timeout = 0
Thu Sep 22 17:58:05 2016 us=162289   ping_send_timeout = 0
Thu Sep 22 17:58:05 2016 us=162299   ping_rec_timeout = 0
Thu Sep 22 17:58:05 2016 us=162310   ping_rec_timeout_action = 0
Thu Sep 22 17:58:05 2016 us=162320   ping_timer_remote = DISABLED
Thu Sep 22 17:58:05 2016 us=162331   remap_sigusr1 = 0
Thu Sep 22 17:58:05 2016 us=162341   persist_tun = ENABLED
Thu Sep 22 17:58:05 2016 us=162351   persist_local_ip = DISABLED
Thu Sep 22 17:58:05 2016 us=162362   persist_remote_ip = DISABLED
Thu Sep 22 17:58:05 2016 us=162372   persist_key = ENABLED
Thu Sep 22 17:58:05 2016 us=162383   passtos = DISABLED
Thu Sep 22 17:58:05 2016 us=162398   resolve_retry_seconds = 1000000000
Thu Sep 22 17:58:05 2016 us=162417   username = '[UNDEF]'
Thu Sep 22 17:58:05 2016 us=162429   groupname = '[UNDEF]'
Thu Sep 22 17:58:05 2016 us=162439   chroot_dir = '[UNDEF]'
Thu Sep 22 17:58:05 2016 us=162450   cd_dir = '/etc/openvpn'
Thu Sep 22 17:58:05 2016 us=162460   writepid = '[UNDEF]'
Thu Sep 22 17:58:05 2016 us=162471   up_script = '[UNDEF]'
Thu Sep 22 17:58:05 2016 us=162481   down_script = '[UNDEF]'
Thu Sep 22 17:58:05 2016 us=162492   down_pre = DISABLED
Thu Sep 22 17:58:05 2016 us=162502   up_restart = DISABLED
Thu Sep 22 17:58:05 2016 us=162513   up_delay = DISABLED
Thu Sep 22 17:58:05 2016 us=162523   daemon = ENABLED
Thu Sep 22 17:58:05 2016 us=162534   inetd = 0
Thu Sep 22 17:58:05 2016 us=162545   log = ENABLED
Thu Sep 22 17:58:05 2016 us=162555   suppress_timestamps = DISABLED
Thu Sep 22 17:58:05 2016 us=162566   nice = 0
Thu Sep 22 17:58:05 2016 us=162577   verbosity = 4
Thu Sep 22 17:58:05 2016 us=162587   mute = 0
Thu Sep 22 17:58:05 2016 us=162598   gremlin = 0
Thu Sep 22 17:58:05 2016 us=162609   status_file = '/run/openvpn/client.status'
Thu Sep 22 17:58:05 2016 us=162619   status_file_version = 1
Thu Sep 22 17:58:05 2016 us=162630   status_file_update_freq = 10
Thu Sep 22 17:58:05 2016 us=162640   occ = ENABLED
Thu Sep 22 17:58:05 2016 us=162651   rcvbuf = 65536
Thu Sep 22 17:58:05 2016 us=162662   sndbuf = 65536
Thu Sep 22 17:58:05 2016 us=162672   mark = 0
Thu Sep 22 17:58:05 2016 us=162683   sockflags = 0
Thu Sep 22 17:58:05 2016 us=162693   fast_io = DISABLED
Thu Sep 22 17:58:05 2016 us=162717   lzo = 3
Thu Sep 22 17:58:05 2016 us=162732   route_script = '[UNDEF]'
Thu Sep 22 17:58:05 2016 us=162743   route_default_gateway = '[UNDEF]'
Thu Sep 22 17:58:05 2016 us=162754   route_default_metric = 0
Thu Sep 22 17:58:05 2016 us=162765   route_noexec = DISABLED
Thu Sep 22 17:58:05 2016 us=162776   route_delay = 0
Thu Sep 22 17:58:05 2016 us=162786   route_delay_window = 30
Thu Sep 22 17:58:05 2016 us=162797   route_delay_defined = DISABLED
Thu Sep 22 17:58:05 2016 us=162808   route_nopull = DISABLED
Thu Sep 22 17:58:05 2016 us=162818   route_gateway_via_dhcp = DISABLED
Thu Sep 22 17:58:05 2016 us=162829   max_routes = 100
Thu Sep 22 17:58:05 2016 us=162840   allow_pull_fqdn = DISABLED
Thu Sep 22 17:58:05 2016 us=162851   management_addr = '[UNDEF]'
Thu Sep 22 17:58:05 2016 us=162862   management_port = 0
Thu Sep 22 17:58:05 2016 us=162873   management_user_pass = '[UNDEF]'
Thu Sep 22 17:58:05 2016 us=162883   management_log_history_cache = 250
Thu Sep 22 17:58:05 2016 us=162894   management_echo_buffer_size = 100
Thu Sep 22 17:58:05 2016 us=162905   management_write_peer_info_file = '[UNDEF]'
Thu Sep 22 17:58:05 2016 us=162916   management_client_user = '[UNDEF]'
Thu Sep 22 17:58:05 2016 us=162926   management_client_group = '[UNDEF]'
Thu Sep 22 17:58:05 2016 us=162937   management_flags = 0
Thu Sep 22 17:58:05 2016 us=162948   shared_secret_file = '[UNDEF]'
Thu Sep 22 17:58:05 2016 us=162959   key_direction = 2
Thu Sep 22 17:58:05 2016 us=162970   ciphername_defined = ENABLED
Thu Sep 22 17:58:05 2016 us=162980   ciphername = 'AES-128-CBC'
Thu Sep 22 17:58:05 2016 us=162991   authname_defined = ENABLED
Thu Sep 22 17:58:05 2016 us=163002   authname = 'SHA1'
Thu Sep 22 17:58:05 2016 us=163013   prng_hash = 'SHA1'
Thu Sep 22 17:58:05 2016 us=163023   prng_nonce_secret_len = 16
Thu Sep 22 17:58:05 2016 us=163034   keysize = 0
Thu Sep 22 17:58:05 2016 us=163045   engine = DISABLED
Thu Sep 22 17:58:05 2016 us=163055   replay = ENABLED
Thu Sep 22 17:58:05 2016 us=163066   mute_replay_warnings = DISABLED
Thu Sep 22 17:58:05 2016 us=163077   replay_window = 64
Thu Sep 22 17:58:05 2016 us=163087   replay_time = 15
Thu Sep 22 17:58:05 2016 us=163098   packet_id_file = '[UNDEF]'
Thu Sep 22 17:58:05 2016 us=163109   use_iv = ENABLED
Thu Sep 22 17:58:05 2016 us=163119   test_crypto = DISABLED
Thu Sep 22 17:58:05 2016 us=163130   tls_server = DISABLED
Thu Sep 22 17:58:05 2016 us=163140   tls_client = ENABLED
Thu Sep 22 17:58:05 2016 us=163151   key_method = 2
Thu Sep 22 17:58:05 2016 us=163161   ca_file = '[UNDEF]'
Thu Sep 22 17:58:05 2016 us=163182   ca_path = '[UNDEF]'
Thu Sep 22 17:58:05 2016 us=163193   dh_file = '[UNDEF]'
Thu Sep 22 17:58:05 2016 us=163204   cert_file = '[UNDEF]'
Thu Sep 22 17:58:05 2016 us=163215   priv_key_file = '[UNDEF]'
Thu Sep 22 17:58:05 2016 us=163225   pkcs12_file = '/etc/openvpn/backup1303.p12'
Thu Sep 22 17:58:05 2016 us=163236   cipher_list = '[UNDEF]'
Thu Sep 22 17:58:05 2016 us=163247   tls_verify = '[UNDEF]'
Thu Sep 22 17:58:05 2016 us=163257   tls_export_cert = '[UNDEF]'
Thu Sep 22 17:58:05 2016 us=163268   verify_x509_type = 2
Thu Sep 22 17:58:05 2016 us=163279   verify_x509_name = 'donzat.fr'
Thu Sep 22 17:58:05 2016 us=163289   crl_file = '[UNDEF]'
Thu Sep 22 17:58:05 2016 us=163300   ns_cert_type = 1
Thu Sep 22 17:58:05 2016 us=163311   remote_cert_ku[i] = 0
Thu Sep 22 17:58:05 2016 us=163321   remote_cert_ku[i] = 0
Thu Sep 22 17:58:05 2016 us=163332   remote_cert_ku[i] = 0
Thu Sep 22 17:58:05 2016 us=163342   remote_cert_ku[i] = 0
Thu Sep 22 17:58:05 2016 us=163353   remote_cert_ku[i] = 0
Thu Sep 22 17:58:05 2016 us=163363   remote_cert_ku[i] = 0
Thu Sep 22 17:58:05 2016 us=163374   remote_cert_ku[i] = 0
Thu Sep 22 17:58:05 2016 us=163384   remote_cert_ku[i] = 0
Thu Sep 22 17:58:05 2016 us=163395   remote_cert_ku[i] = 0
Thu Sep 22 17:58:05 2016 us=163405   remote_cert_ku[i] = 0
Thu Sep 22 17:58:05 2016 us=163416   remote_cert_ku[i] = 0
Thu Sep 22 17:58:05 2016 us=163426   remote_cert_ku[i] = 0
Thu Sep 22 17:58:05 2016 us=163437   remote_cert_ku[i] = 0
Thu Sep 22 17:58:05 2016 us=163447   remote_cert_ku[i] = 0
Thu Sep 22 17:58:05 2016 us=163457   remote_cert_ku[i] = 0
Thu Sep 22 17:58:05 2016 us=163468   remote_cert_ku[i] = 0
Thu Sep 22 17:58:05 2016 us=163478   remote_cert_eku = '[UNDEF]'
Thu Sep 22 17:58:05 2016 us=163489   ssl_flags = 0
Thu Sep 22 17:58:05 2016 us=163500   tls_timeout = 2
Thu Sep 22 17:58:05 2016 us=163510   renegotiate_bytes = 0
Thu Sep 22 17:58:05 2016 us=163521   renegotiate_packets = 0
Thu Sep 22 17:58:05 2016 us=163531   renegotiate_seconds = 3600
Thu Sep 22 17:58:05 2016 us=163542   handshake_window = 60
Thu Sep 22 17:58:05 2016 us=163553   transition_window = 3600
Thu Sep 22 17:58:05 2016 us=163563   single_session = DISABLED
Thu Sep 22 17:58:05 2016 us=163574   push_peer_info = DISABLED
Thu Sep 22 17:58:05 2016 us=163585   tls_exit = DISABLED
Thu Sep 22 17:58:05 2016 us=163596   tls_auth_file = '/etc/openvpn/dfrfw1-udp-1194-backup1303-tls.key'
Thu Sep 22 17:58:05 2016 us=163607   pkcs11_protected_authentication = DISABLED
Thu Sep 22 17:58:05 2016 us=163617   pkcs11_protected_authentication = DISABLED
Thu Sep 22 17:58:05 2016 us=163628   pkcs11_protected_authentication = DISABLED
Thu Sep 22 17:58:05 2016 us=163639   pkcs11_protected_authentication = DISABLED
Thu Sep 22 17:58:05 2016 us=163649   pkcs11_protected_authentication = DISABLED
Thu Sep 22 17:58:05 2016 us=163660   pkcs11_protected_authentication = DISABLED
Thu Sep 22 17:58:05 2016 us=163670   pkcs11_protected_authentication = DISABLED
Thu Sep 22 17:58:05 2016 us=163681   pkcs11_protected_authentication = DISABLED
Thu Sep 22 17:58:05 2016 us=163692   pkcs11_protected_authentication = DISABLED
Thu Sep 22 17:58:05 2016 us=163702   pkcs11_protected_authentication = DISABLED
Thu Sep 22 17:58:05 2016 us=163713   pkcs11_protected_authentication = DISABLED
Thu Sep 22 17:58:05 2016 us=163723   pkcs11_protected_authentication = DISABLED
Thu Sep 22 17:58:05 2016 us=163734   pkcs11_protected_authentication = DISABLED
Thu Sep 22 17:58:05 2016 us=163745   pkcs11_protected_authentication = DISABLED
Thu Sep 22 17:58:05 2016 us=163755   pkcs11_protected_authentication = DISABLED
Thu Sep 22 17:58:05 2016 us=163766   pkcs11_protected_authentication = DISABLED
Thu Sep 22 17:58:05 2016 us=163777   pkcs11_private_mode = 00000000
Thu Sep 22 17:58:05 2016 us=163787   pkcs11_private_mode = 00000000
Thu Sep 22 17:58:05 2016 us=163798   pkcs11_private_mode = 00000000
Thu Sep 22 17:58:05 2016 us=163809   pkcs11_private_mode = 00000000
Thu Sep 22 17:58:05 2016 us=163819   pkcs11_private_mode = 00000000
Thu Sep 22 17:58:05 2016 us=163835   pkcs11_private_mode = 00000000
Thu Sep 22 17:58:05 2016 us=163847   pkcs11_private_mode = 00000000
Thu Sep 22 17:58:05 2016 us=163857   pkcs11_private_mode = 00000000
Thu Sep 22 17:58:05 2016 us=163868   pkcs11_private_mode = 00000000
Thu Sep 22 17:58:05 2016 us=163878   pkcs11_private_mode = 00000000
Thu Sep 22 17:58:05 2016 us=163889   pkcs11_private_mode = 00000000
Thu Sep 22 17:58:05 2016 us=163900   pkcs11_private_mode = 00000000
Thu Sep 22 17:58:05 2016 us=163910   pkcs11_private_mode = 00000000
Thu Sep 22 17:58:05 2016 us=163921   pkcs11_private_mode = 00000000
Thu Sep 22 17:58:05 2016 us=163931   pkcs11_private_mode = 00000000
Thu Sep 22 17:58:05 2016 us=163942   pkcs11_private_mode = 00000000
Thu Sep 22 17:58:05 2016 us=163953   pkcs11_cert_private = DISABLED
Thu Sep 22 17:58:05 2016 us=163963   pkcs11_cert_private = DISABLED
Thu Sep 22 17:58:05 2016 us=163974   pkcs11_cert_private = DISABLED
Thu Sep 22 17:58:05 2016 us=163984   pkcs11_cert_private = DISABLED
Thu Sep 22 17:58:05 2016 us=163995   pkcs11_cert_private = DISABLED
Thu Sep 22 17:58:05 2016 us=164005   pkcs11_cert_private = DISABLED
Thu Sep 22 17:58:05 2016 us=164016   pkcs11_cert_private = DISABLED
Thu Sep 22 17:58:05 2016 us=164026   pkcs11_cert_private = DISABLED
Thu Sep 22 17:58:05 2016 us=164037   pkcs11_cert_private = DISABLED
Thu Sep 22 17:58:05 2016 us=164047   pkcs11_cert_private = DISABLED
Thu Sep 22 17:58:05 2016 us=164058   pkcs11_cert_private = DISABLED
Thu Sep 22 17:58:05 2016 us=164068   pkcs11_cert_private = DISABLED
Thu Sep 22 17:58:05 2016 us=164079   pkcs11_cert_private = DISABLED
Thu Sep 22 17:58:05 2016 us=164089   pkcs11_cert_private = DISABLED
Thu Sep 22 17:58:05 2016 us=164100   pkcs11_cert_private = DISABLED
Thu Sep 22 17:58:05 2016 us=164110   pkcs11_cert_private = DISABLED
Thu Sep 22 17:58:05 2016 us=164121   pkcs11_pin_cache_period = -1
Thu Sep 22 17:58:05 2016 us=164132   pkcs11_id = '[UNDEF]'
Thu Sep 22 17:58:05 2016 us=164142   pkcs11_id_management = DISABLED
Thu Sep 22 17:58:05 2016 us=164156   server_network = 0.0.0.0
Thu Sep 22 17:58:05 2016 us=164169   server_netmask = 0.0.0.0
Thu Sep 22 17:58:05 2016 us=164200   server_network_ipv6 = ::
Thu Sep 22 17:58:05 2016 us=164212   server_netbits_ipv6 = 0
Thu Sep 22 17:58:05 2016 us=164224   server_bridge_ip = 0.0.0.0
Thu Sep 22 17:58:05 2016 us=164236   server_bridge_netmask = 0.0.0.0
Thu Sep 22 17:58:05 2016 us=164247   server_bridge_pool_start = 0.0.0.0
Thu Sep 22 17:58:05 2016 us=164259   server_bridge_pool_end = 0.0.0.0
Thu Sep 22 17:58:05 2016 us=164270   ifconfig_pool_defined = DISABLED
Thu Sep 22 17:58:05 2016 us=164281   ifconfig_pool_start = 0.0.0.0
Thu Sep 22 17:58:05 2016 us=164293   ifconfig_pool_end = 0.0.0.0
Thu Sep 22 17:58:05 2016 us=164304   ifconfig_pool_netmask = 0.0.0.0
Thu Sep 22 17:58:05 2016 us=164315   ifconfig_pool_persist_filename = '[UNDEF]'
Thu Sep 22 17:58:05 2016 us=164326   ifconfig_pool_persist_refresh_freq = 600
Thu Sep 22 17:58:05 2016 us=164337   ifconfig_ipv6_pool_defined = DISABLED
Thu Sep 22 17:58:05 2016 us=164348   ifconfig_ipv6_pool_base = ::
Thu Sep 22 17:58:05 2016 us=164359   ifconfig_ipv6_pool_netbits = 0
Thu Sep 22 17:58:05 2016 us=164370   n_bcast_buf = 256
Thu Sep 22 17:58:05 2016 us=164381   tcp_queue_limit = 64
Thu Sep 22 17:58:05 2016 us=164391   real_hash_size = 256
Thu Sep 22 17:58:05 2016 us=164402   virtual_hash_size = 256
Thu Sep 22 17:58:05 2016 us=164413   client_connect_script = '[UNDEF]'
Thu Sep 22 17:58:05 2016 us=164423   learn_address_script = '[UNDEF]'
Thu Sep 22 17:58:05 2016 us=164434   client_disconnect_script = '[UNDEF]'
Thu Sep 22 17:58:05 2016 us=164445   client_config_dir = '[UNDEF]'
Thu Sep 22 17:58:05 2016 us=164456   ccd_exclusive = DISABLED
Thu Sep 22 17:58:05 2016 us=164466   tmp_dir = '/tmp'
Thu Sep 22 17:58:05 2016 us=164477   push_ifconfig_defined = DISABLED
Thu Sep 22 17:58:05 2016 us=164489   push_ifconfig_local = 0.0.0.0
Thu Sep 22 17:58:05 2016 us=164500   push_ifconfig_remote_netmask = 0.0.0.0
Thu Sep 22 17:58:05 2016 us=164511   push_ifconfig_ipv6_defined = DISABLED
Thu Sep 22 17:58:05 2016 us=164528   push_ifconfig_ipv6_local = ::/0
Thu Sep 22 17:58:05 2016 us=164540   push_ifconfig_ipv6_remote = ::
Thu Sep 22 17:58:05 2016 us=164551   enable_c2c = DISABLED
Thu Sep 22 17:58:05 2016 us=164562   duplicate_cn = DISABLED
Thu Sep 22 17:58:05 2016 us=164572   cf_max = 0
Thu Sep 22 17:58:05 2016 us=164583   cf_per = 0
Thu Sep 22 17:58:05 2016 us=164594   max_clients = 1024
Thu Sep 22 17:58:05 2016 us=164604   max_routes_per_client = 256
Thu Sep 22 17:58:05 2016 us=164615   auth_user_pass_verify_script = '[UNDEF]'
Thu Sep 22 17:58:05 2016 us=164626   auth_user_pass_verify_script_via_file = DISABLED
Thu Sep 22 17:58:05 2016 us=164637   port_share_host = '[UNDEF]'
Thu Sep 22 17:58:05 2016 us=164647   port_share_port = 0
Thu Sep 22 17:58:05 2016 us=164658   client = ENABLED
Thu Sep 22 17:58:05 2016 us=164669   pull = ENABLED
Thu Sep 22 17:58:05 2016 us=164679   auth_user_pass_file = '[UNDEF]'
Thu Sep 22 17:58:05 2016 us=164691 OpenVPN 2.3.4 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Nov 12 2015
Thu Sep 22 17:58:05 2016 us=164711 library versions: OpenSSL 1.0.1t  3 May 2016, LZO 2.08
Thu Sep 22 17:58:05 2016 us=168002 WARNING: file '/etc/openvpn/backup1303.p12' is group or others accessible
Thu Sep 22 17:58:05 2016 us=168126 WARNING: file '/etc/openvpn/dfrfw1-udp-1194-backup1303-tls.key' is group or others accessible
Thu Sep 22 17:58:05 2016 us=168142 Control Channel Authentication: using '/etc/openvpn/dfrfw1-udp-1194-backup1303-tls.key' as a OpenVPN static key file
Thu Sep 22 17:58:05 2016 us=168157 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Sep 22 17:58:05 2016 us=168170 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Sep 22 17:58:05 2016 us=168194 LZO compression initialized
Thu Sep 22 17:58:05 2016 us=168274 Control Channel MTU parms [ L:1558 D:166 EF:66 EB:0 ET:0 EL:0 ]
Thu Sep 22 17:58:05 2016 us=168315 Socket Buffers: R=[212992->131072] S=[212992->131072]
Thu Sep 22 17:58:05 2016 us=168341 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ]
Thu Sep 22 17:58:05 2016 us=168361 Local Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-128-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client'
Thu Sep 22 17:58:05 2016 us=168372 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-128-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server'
Thu Sep 22 17:58:05 2016 us=168394 Local Options hash (VER=V4): '272f1b58'
Thu Sep 22 17:58:05 2016 us=168411 Expected Remote Options hash (VER=V4): 'a2e63101'
Thu Sep 22 17:58:05 2016 us=169283 UDPv4 link local (bound): [undef]
Thu Sep 22 17:58:05 2016 us=169369 UDPv4 link remote: [AF_INET]78.194.92.54:1194
Thu Sep 22 17:58:05 2016 us=172838 TLS: Initial packet from [AF_INET]78.194.92.54:1194, sid=3d69276d ed3b1055
Thu Sep 22 17:58:05 2016 us=256152 VERIFY OK: depth=1, C=FR, ST=Ile de France, L=Paris, O=Donzat, emailAddress=root@donzat.fr, CN=internal-ca
Thu Sep 22 17:58:05 2016 us=256442 VERIFY OK: nsCertType=SERVER
Thu Sep 22 17:58:05 2016 us=256462 VERIFY X509NAME OK: C=FR, ST=Ile de France, L=Paris, O=Donzat, emailAddress=root@donzat.fr, CN=donzat.fr
Thu Sep 22 17:58:05 2016 us=256473 VERIFY OK: depth=0, C=FR, ST=Ile de France, L=Paris, O=Donzat, emailAddress=root@donzat.fr, CN=donzat.fr
Thu Sep 22 17:58:05 2016 us=404054 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Thu Sep 22 17:58:05 2016 us=404093 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Sep 22 17:58:05 2016 us=404107 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Thu Sep 22 17:58:05 2016 us=404120 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Sep 22 17:58:05 2016 us=404156 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Thu Sep 22 17:58:05 2016 us=404189 [donzat.fr] Peer Connection Initiated with [AF_INET]78.194.92.54:1194
Thu Sep 22 17:58:07 2016 us=680745 SENT CONTROL [donzat.fr]: 'PUSH_REQUEST' (status=1)
Thu Sep 22 17:58:07 2016 us=684428 PUSH: Received control message: 'PUSH_REPLY,route 192.168.199.0 255.255.255.0,route 192.168.200.1,topology net30,ping 10,ping-restart 60,ifconfig 192.168.200.6 192.168.200.5'
Thu Sep 22 17:58:07 2016 us=684496 OPTIONS IMPORT: timers and/or timeouts modified
Thu Sep 22 17:58:07 2016 us=684511 OPTIONS IMPORT: --ifconfig/up options modified
Thu Sep 22 17:58:07 2016 us=684521 OPTIONS IMPORT: route options modified
Thu Sep 22 17:58:07 2016 us=684739 ROUTE_GATEWAY 172.17.10.1/255.255.255.0 IFACE=eth0 HWADDR=00:16:3e:11:0a:4b
Thu Sep 22 17:58:07 2016 us=684998 TUN/TAP device tun4 opened
Thu Sep 22 17:58:07 2016 us=685024 TUN/TAP TX queue length set to 100
Thu Sep 22 17:58:07 2016 us=685043 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Thu Sep 22 17:58:07 2016 us=685068 /sbin/ip link set dev tun4 up mtu 1500
Thu Sep 22 17:58:07 2016 us=687283 /sbin/ip addr add dev tun4 local 192.168.200.6 peer 192.168.200.5
Thu Sep 22 17:58:07 2016 us=688997 /sbin/ip route add 192.168.199.0/24 via 192.168.200.5
Thu Sep 22 17:58:07 2016 us=692415 /sbin/ip route add 192.168.200.1/32 via 192.168.200.5
RTNETLINK answers: File exists
Thu Sep 22 17:58:07 2016 us=694106 ERROR: Linux route add command failed: external program exited with error status: 2
Thu Sep 22 17:58:07 2016 us=694153 Initialization Sequence Completed
root@backup1303:/home/rmq# ping 192.168.199.1
PING 192.168.199.1 (192.168.199.1) 56(84) bytes of data.
Top
TinCanTech
OpenVPN Protagonist
Posts: 11139
Joined: Fri Jun 03, 2016 1:17 pm

Re: client looses connection even if keepalive is set

Post by TinCanTech » Thu Sep 22, 2016 4:19 pm

Is the VPN connection still dropped or not ?
Top
prius
OpenVpn Newbie
Posts: 17
Joined: Mon Sep 12, 2016 8:37 am

Re: client looses connection even if keepalive is set

Post by prius » Fri Sep 23, 2016 7:05 am

yes (even if logs say the connection has succeeded..)
Top
TinCanTech
OpenVPN Protagonist
Posts: 11139
Joined: Fri Jun 03, 2016 1:17 pm

Re: client looses connection even if keepalive is set

Post by TinCanTech » Fri Sep 23, 2016 11:51 am

Show me the logs ..
Top
prius
OpenVpn Newbie
Posts: 17
Joined: Mon Sep 12, 2016 8:37 am

Re: client looses connection even if keepalive is set

Post by prius » Fri Sep 23, 2016 12:13 pm

Code: Select all

Fri Sep 23 09:03:47 2016 us=222777 Current Parameter Settings:
Fri Sep 23 09:03:47 2016 us=222858   config = '/etc/openvpn/client.conf'
Fri Sep 23 09:03:47 2016 us=222874   mode = 0
Fri Sep 23 09:03:47 2016 us=222886   persist_config = DISABLED
Fri Sep 23 09:03:47 2016 us=222897   persist_mode = 1
Fri Sep 23 09:03:47 2016 us=222908   show_ciphers = DISABLED
Fri Sep 23 09:03:47 2016 us=222919   show_digests = DISABLED
Fri Sep 23 09:03:47 2016 us=222930   show_engines = DISABLED
Fri Sep 23 09:03:47 2016 us=222941   genkey = DISABLED
Fri Sep 23 09:03:47 2016 us=222952   key_pass_file = '[UNDEF]'
Fri Sep 23 09:03:47 2016 us=222963   show_tls_ciphers = DISABLED
Fri Sep 23 09:03:47 2016 us=222974 Connection profiles [default]:
Fri Sep 23 09:03:47 2016 us=222985   proto = udp
Fri Sep 23 09:03:47 2016 us=222996   local = '[UNDEF]'
Fri Sep 23 09:03:47 2016 us=223007   local_port = 0
Fri Sep 23 09:03:47 2016 us=223018   remote = '78.194.92.54'
Fri Sep 23 09:03:47 2016 us=223029   remote_port = 1194
Fri Sep 23 09:03:47 2016 us=223041   remote_float = DISABLED
Fri Sep 23 09:03:47 2016 us=223052   bind_defined = DISABLED
Fri Sep 23 09:03:47 2016 us=223063   bind_local = ENABLED
Fri Sep 23 09:03:47 2016 us=223074   connect_retry_seconds = 5
Fri Sep 23 09:03:47 2016 us=223085   connect_timeout = 10
Fri Sep 23 09:03:47 2016 us=223096   connect_retry_max = 0
Fri Sep 23 09:03:47 2016 us=223108   socks_proxy_server = '[UNDEF]'
Fri Sep 23 09:03:47 2016 us=223119   socks_proxy_port = 0
Fri Sep 23 09:03:47 2016 us=223130   socks_proxy_retry = DISABLED
Fri Sep 23 09:03:47 2016 us=223141   tun_mtu = 1500
Fri Sep 23 09:03:47 2016 us=223151   tun_mtu_defined = ENABLED
Fri Sep 23 09:03:47 2016 us=223163   link_mtu = 1500
Fri Sep 23 09:03:47 2016 us=223173   link_mtu_defined = DISABLED
Fri Sep 23 09:03:47 2016 us=223184   tun_mtu_extra = 0
Fri Sep 23 09:03:47 2016 us=223195   tun_mtu_extra_defined = DISABLED
Fri Sep 23 09:03:47 2016 us=223206   mtu_discover_type = -1
Fri Sep 23 09:03:47 2016 us=223217   fragment = 0
Fri Sep 23 09:03:47 2016 us=223228   mssfix = 1450
Fri Sep 23 09:03:47 2016 us=223239   explicit_exit_notification = 0
Fri Sep 23 09:03:47 2016 us=223250 Connection profiles END
Fri Sep 23 09:03:47 2016 us=223261   remote_random = DISABLED
Fri Sep 23 09:03:47 2016 us=223272   ipchange = '[UNDEF]'
Fri Sep 23 09:03:47 2016 us=223283   dev = 'tun'
Fri Sep 23 09:03:47 2016 us=223298   dev_type = '[UNDEF]'
Fri Sep 23 09:03:47 2016 us=223310   dev_node = '[UNDEF]'
Fri Sep 23 09:03:47 2016 us=223321   lladdr = '[UNDEF]'
Fri Sep 23 09:03:47 2016 us=223331   topology = 1
Fri Sep 23 09:03:47 2016 us=223342   tun_ipv6 = DISABLED
Fri Sep 23 09:03:47 2016 us=223361   ifconfig_local = '[UNDEF]'
Fri Sep 23 09:03:47 2016 us=223382   ifconfig_remote_netmask = '[UNDEF]'
Fri Sep 23 09:03:47 2016 us=223401   ifconfig_noexec = DISABLED
Fri Sep 23 09:03:47 2016 us=223419   ifconfig_nowarn = DISABLED
Fri Sep 23 09:03:47 2016 us=223436   ifconfig_ipv6_local = '[UNDEF]'
Fri Sep 23 09:03:47 2016 us=223447   ifconfig_ipv6_netbits = 0
Fri Sep 23 09:03:47 2016 us=223458   ifconfig_ipv6_remote = '[UNDEF]'
Fri Sep 23 09:03:47 2016 us=223469   shaper = 0
Fri Sep 23 09:03:47 2016 us=223479   mtu_test = 0
Fri Sep 23 09:03:47 2016 us=223490   mlock = DISABLED
Fri Sep 23 09:03:47 2016 us=223501   keepalive_ping = 0
Fri Sep 23 09:03:47 2016 us=223512   keepalive_timeout = 0
Fri Sep 23 09:03:47 2016 us=223522   inactivity_timeout = 0
Fri Sep 23 09:03:47 2016 us=223533   ping_send_timeout = 0
Fri Sep 23 09:03:47 2016 us=223544   ping_rec_timeout = 0
Fri Sep 23 09:03:47 2016 us=223555   ping_rec_timeout_action = 0
Fri Sep 23 09:03:47 2016 us=223565   ping_timer_remote = DISABLED
Fri Sep 23 09:03:47 2016 us=223576   remap_sigusr1 = 0
Fri Sep 23 09:03:47 2016 us=223587   persist_tun = ENABLED
Fri Sep 23 09:03:47 2016 us=223597   persist_local_ip = DISABLED
Fri Sep 23 09:03:47 2016 us=223608   persist_remote_ip = DISABLED
Fri Sep 23 09:03:47 2016 us=223619   persist_key = ENABLED
Fri Sep 23 09:03:47 2016 us=223636   passtos = DISABLED
Fri Sep 23 09:03:47 2016 us=223649   resolve_retry_seconds = 1000000000
Fri Sep 23 09:03:47 2016 us=223667   username = '[UNDEF]'
Fri Sep 23 09:03:47 2016 us=223679   groupname = '[UNDEF]'
Fri Sep 23 09:03:47 2016 us=223690   chroot_dir = '[UNDEF]'
Fri Sep 23 09:03:47 2016 us=223700   cd_dir = '/etc/openvpn'
Fri Sep 23 09:03:47 2016 us=223711   writepid = '[UNDEF]'
Fri Sep 23 09:03:47 2016 us=223722   up_script = '[UNDEF]'
Fri Sep 23 09:03:47 2016 us=223732   down_script = '[UNDEF]'
Fri Sep 23 09:03:47 2016 us=223743   down_pre = DISABLED
Fri Sep 23 09:03:47 2016 us=223753   up_restart = DISABLED
Fri Sep 23 09:03:47 2016 us=223764   up_delay = DISABLED
Fri Sep 23 09:03:47 2016 us=223775   daemon = ENABLED
Fri Sep 23 09:03:47 2016 us=223785   inetd = 0
Fri Sep 23 09:03:47 2016 us=223796   log = ENABLED
Fri Sep 23 09:03:47 2016 us=223807   suppress_timestamps = DISABLED
Fri Sep 23 09:03:47 2016 us=223817   nice = 0
Fri Sep 23 09:03:47 2016 us=223828   verbosity = 4
Fri Sep 23 09:03:47 2016 us=223839   mute = 0
Fri Sep 23 09:03:47 2016 us=223850   gremlin = 0
Fri Sep 23 09:03:47 2016 us=223860   status_file = '/run/openvpn/client.status'
Fri Sep 23 09:03:47 2016 us=223871   status_file_version = 1
Fri Sep 23 09:03:47 2016 us=223882   status_file_update_freq = 10
Fri Sep 23 09:03:47 2016 us=223892   occ = ENABLED
Fri Sep 23 09:03:47 2016 us=223903   rcvbuf = 65536
Fri Sep 23 09:03:47 2016 us=223914   sndbuf = 65536
Fri Sep 23 09:03:47 2016 us=223924   mark = 0
Fri Sep 23 09:03:47 2016 us=223935   sockflags = 0
Fri Sep 23 09:03:47 2016 us=223945   fast_io = DISABLED
Fri Sep 23 09:03:47 2016 us=223956   lzo = 3
Fri Sep 23 09:03:47 2016 us=223967   route_script = '[UNDEF]'
Fri Sep 23 09:03:47 2016 us=223977   route_default_gateway = '[UNDEF]'
Fri Sep 23 09:03:47 2016 us=223988   route_default_metric = 0
Fri Sep 23 09:03:47 2016 us=223999   route_noexec = DISABLED
Fri Sep 23 09:03:47 2016 us=224010   route_delay = 0
Fri Sep 23 09:03:47 2016 us=224020   route_delay_window = 30
Fri Sep 23 09:03:47 2016 us=224031   route_delay_defined = DISABLED
Fri Sep 23 09:03:47 2016 us=224042   route_nopull = DISABLED
Fri Sep 23 09:03:47 2016 us=224053   route_gateway_via_dhcp = DISABLED
Fri Sep 23 09:03:47 2016 us=224064   max_routes = 100
Fri Sep 23 09:03:47 2016 us=224075   allow_pull_fqdn = DISABLED
Fri Sep 23 09:03:47 2016 us=224086   management_addr = '[UNDEF]'
Fri Sep 23 09:03:47 2016 us=224097   management_port = 0
Fri Sep 23 09:03:47 2016 us=224108   management_user_pass = '[UNDEF]'
Fri Sep 23 09:03:47 2016 us=224118   management_log_history_cache = 250
Fri Sep 23 09:03:47 2016 us=224129   management_echo_buffer_size = 100
Fri Sep 23 09:03:47 2016 us=224140   management_write_peer_info_file = '[UNDEF]'
Fri Sep 23 09:03:47 2016 us=224151   management_client_user = '[UNDEF]'
Fri Sep 23 09:03:47 2016 us=224162   management_client_group = '[UNDEF]'
Fri Sep 23 09:03:47 2016 us=224173   management_flags = 0
Fri Sep 23 09:03:47 2016 us=224184   shared_secret_file = '[UNDEF]'
Fri Sep 23 09:03:47 2016 us=224195   key_direction = 2
Fri Sep 23 09:03:47 2016 us=224206   ciphername_defined = ENABLED
Fri Sep 23 09:03:47 2016 us=224217   ciphername = 'AES-128-CBC'
Fri Sep 23 09:03:47 2016 us=224228   authname_defined = ENABLED
Fri Sep 23 09:03:47 2016 us=224239   authname = 'SHA1'
Fri Sep 23 09:03:47 2016 us=224249   prng_hash = 'SHA1'
Fri Sep 23 09:03:47 2016 us=224260   prng_nonce_secret_len = 16
Fri Sep 23 09:03:47 2016 us=224271   keysize = 0
Fri Sep 23 09:03:47 2016 us=224282   engine = DISABLED
Fri Sep 23 09:03:47 2016 us=224292   replay = ENABLED
Fri Sep 23 09:03:47 2016 us=224303   mute_replay_warnings = DISABLED
Fri Sep 23 09:03:47 2016 us=224314   replay_window = 64
Fri Sep 23 09:03:47 2016 us=224325   replay_time = 15
Fri Sep 23 09:03:47 2016 us=224336   packet_id_file = '[UNDEF]'
Fri Sep 23 09:03:47 2016 us=224346   use_iv = ENABLED
Fri Sep 23 09:03:47 2016 us=224357   test_crypto = DISABLED
Fri Sep 23 09:03:47 2016 us=224368   tls_server = DISABLED
Fri Sep 23 09:03:47 2016 us=224378   tls_client = ENABLED
Fri Sep 23 09:03:47 2016 us=224389   key_method = 2
Fri Sep 23 09:03:47 2016 us=224400   ca_file = '[UNDEF]'
Fri Sep 23 09:03:47 2016 us=224419   ca_path = '[UNDEF]'
Fri Sep 23 09:03:47 2016 us=224431   dh_file = '[UNDEF]'
Fri Sep 23 09:03:47 2016 us=224443   cert_file = '[UNDEF]'
Fri Sep 23 09:03:47 2016 us=224463   priv_key_file = '[UNDEF]'
Fri Sep 23 09:03:47 2016 us=224483   pkcs12_file = '/etc/openvpn/backup1303.p12'
Fri Sep 23 09:03:47 2016 us=224502   cipher_list = '[UNDEF]'
Fri Sep 23 09:03:47 2016 us=224521   tls_verify = '[UNDEF]'
Fri Sep 23 09:03:47 2016 us=224533   tls_export_cert = '[UNDEF]'
Fri Sep 23 09:03:47 2016 us=224545   verify_x509_type = 2
Fri Sep 23 09:03:47 2016 us=224555   verify_x509_name = 'my_company.fr'
Fri Sep 23 09:03:47 2016 us=224566   crl_file = '[UNDEF]'
Fri Sep 23 09:03:47 2016 us=224577   ns_cert_type = 1
Fri Sep 23 09:03:47 2016 us=224588   remote_cert_ku[i] = 0
Fri Sep 23 09:03:47 2016 us=224599   remote_cert_ku[i] = 0
Fri Sep 23 09:03:47 2016 us=224610   remote_cert_ku[i] = 0
Fri Sep 23 09:03:47 2016 us=224621   remote_cert_ku[i] = 0
Fri Sep 23 09:03:47 2016 us=224631   remote_cert_ku[i] = 0
Fri Sep 23 09:03:47 2016 us=224642   remote_cert_ku[i] = 0
Fri Sep 23 09:03:47 2016 us=224652   remote_cert_ku[i] = 0
Fri Sep 23 09:03:47 2016 us=224663   remote_cert_ku[i] = 0
Fri Sep 23 09:03:47 2016 us=224674   remote_cert_ku[i] = 0
Fri Sep 23 09:03:47 2016 us=224684   remote_cert_ku[i] = 0
Fri Sep 23 09:03:47 2016 us=224695   remote_cert_ku[i] = 0
Fri Sep 23 09:03:47 2016 us=224706   remote_cert_ku[i] = 0
Fri Sep 23 09:03:47 2016 us=224716   remote_cert_ku[i] = 0
Fri Sep 23 09:03:47 2016 us=224727   remote_cert_ku[i] = 0
Fri Sep 23 09:03:47 2016 us=224738   remote_cert_ku[i] = 0
Fri Sep 23 09:03:47 2016 us=224748   remote_cert_ku[i] = 0
Fri Sep 23 09:03:47 2016 us=224759   remote_cert_eku = '[UNDEF]'
Fri Sep 23 09:03:47 2016 us=224770   ssl_flags = 0
Fri Sep 23 09:03:47 2016 us=224780   tls_timeout = 2
Fri Sep 23 09:03:47 2016 us=224791   renegotiate_bytes = 0
Fri Sep 23 09:03:47 2016 us=224802   renegotiate_packets = 0
Fri Sep 23 09:03:47 2016 us=224813   renegotiate_seconds = 3600
Fri Sep 23 09:03:47 2016 us=224823   handshake_window = 60
Fri Sep 23 09:03:47 2016 us=224834   transition_window = 3600
Fri Sep 23 09:03:47 2016 us=224845   single_session = DISABLED
Fri Sep 23 09:03:47 2016 us=224856   push_peer_info = DISABLED
Fri Sep 23 09:03:47 2016 us=224867   tls_exit = DISABLED
Fri Sep 23 09:03:47 2016 us=224878   tls_auth_file = '/etc/openvpn/dfrfw1-udp-1194-backup1303-tls.key'
Fri Sep 23 09:03:47 2016 us=224889   pkcs11_protected_authentication = DISABLED
Fri Sep 23 09:03:47 2016 us=224900   pkcs11_protected_authentication = DISABLED
Fri Sep 23 09:03:47 2016 us=224911   pkcs11_protected_authentication = DISABLED
Fri Sep 23 09:03:47 2016 us=224921   pkcs11_protected_authentication = DISABLED
Fri Sep 23 09:03:47 2016 us=224932   pkcs11_protected_authentication = DISABLED
Fri Sep 23 09:03:47 2016 us=224943   pkcs11_protected_authentication = DISABLED
Fri Sep 23 09:03:47 2016 us=224954   pkcs11_protected_authentication = DISABLED
Fri Sep 23 09:03:47 2016 us=224964   pkcs11_protected_authentication = DISABLED
Fri Sep 23 09:03:47 2016 us=224975   pkcs11_protected_authentication = DISABLED
Fri Sep 23 09:03:47 2016 us=224986   pkcs11_protected_authentication = DISABLED
Fri Sep 23 09:03:47 2016 us=224997   pkcs11_protected_authentication = DISABLED
Fri Sep 23 09:03:47 2016 us=225008   pkcs11_protected_authentication = DISABLED
Fri Sep 23 09:03:47 2016 us=225019   pkcs11_protected_authentication = DISABLED
Fri Sep 23 09:03:47 2016 us=225030   pkcs11_protected_authentication = DISABLED
Fri Sep 23 09:03:47 2016 us=225040   pkcs11_protected_authentication = DISABLED
Fri Sep 23 09:03:47 2016 us=225051   pkcs11_protected_authentication = DISABLED
Fri Sep 23 09:03:47 2016 us=225062   pkcs11_private_mode = 00000000
Fri Sep 23 09:03:47 2016 us=225073   pkcs11_private_mode = 00000000
Fri Sep 23 09:03:47 2016 us=225084   pkcs11_private_mode = 00000000
Fri Sep 23 09:03:47 2016 us=225095   pkcs11_private_mode = 00000000
Fri Sep 23 09:03:47 2016 us=225106   pkcs11_private_mode = 00000000
Fri Sep 23 09:03:47 2016 us=225123   pkcs11_private_mode = 00000000
Fri Sep 23 09:03:47 2016 us=225135   pkcs11_private_mode = 00000000
Fri Sep 23 09:03:47 2016 us=225146   pkcs11_private_mode = 00000000
Fri Sep 23 09:03:47 2016 us=225157   pkcs11_private_mode = 00000000
Fri Sep 23 09:03:47 2016 us=225168   pkcs11_private_mode = 00000000
Fri Sep 23 09:03:47 2016 us=225179   pkcs11_private_mode = 00000000
Fri Sep 23 09:03:47 2016 us=225189   pkcs11_private_mode = 00000000
Fri Sep 23 09:03:47 2016 us=225200   pkcs11_private_mode = 00000000
Fri Sep 23 09:03:47 2016 us=225211   pkcs11_private_mode = 00000000
Fri Sep 23 09:03:47 2016 us=225222   pkcs11_private_mode = 00000000
Fri Sep 23 09:03:47 2016 us=225232   pkcs11_private_mode = 00000000
Fri Sep 23 09:03:47 2016 us=225243   pkcs11_cert_private = DISABLED
Fri Sep 23 09:03:47 2016 us=225254   pkcs11_cert_private = DISABLED
Fri Sep 23 09:03:47 2016 us=225264   pkcs11_cert_private = DISABLED
Fri Sep 23 09:03:47 2016 us=225275   pkcs11_cert_private = DISABLED
Fri Sep 23 09:03:47 2016 us=225286   pkcs11_cert_private = DISABLED
Fri Sep 23 09:03:47 2016 us=225296   pkcs11_cert_private = DISABLED
Fri Sep 23 09:03:47 2016 us=225307   pkcs11_cert_private = DISABLED
Fri Sep 23 09:03:47 2016 us=225318   pkcs11_cert_private = DISABLED
Fri Sep 23 09:03:47 2016 us=225329   pkcs11_cert_private = DISABLED
Fri Sep 23 09:03:47 2016 us=225339   pkcs11_cert_private = DISABLED
Fri Sep 23 09:03:47 2016 us=225350   pkcs11_cert_private = DISABLED
Fri Sep 23 09:03:47 2016 us=225361   pkcs11_cert_private = DISABLED
Fri Sep 23 09:03:47 2016 us=225372   pkcs11_cert_private = DISABLED
Fri Sep 23 09:03:47 2016 us=225382   pkcs11_cert_private = DISABLED
Fri Sep 23 09:03:47 2016 us=225393   pkcs11_cert_private = DISABLED
Fri Sep 23 09:03:47 2016 us=225404   pkcs11_cert_private = DISABLED
Fri Sep 23 09:03:47 2016 us=225415   pkcs11_pin_cache_period = -1
Fri Sep 23 09:03:47 2016 us=225426   pkcs11_id = '[UNDEF]'
Fri Sep 23 09:03:47 2016 us=225437   pkcs11_id_management = DISABLED
Fri Sep 23 09:03:47 2016 us=225451   server_network = 0.0.0.0
Fri Sep 23 09:03:47 2016 us=225463   server_netmask = 0.0.0.0
Fri Sep 23 09:03:47 2016 us=225487   server_network_ipv6 = ::
Fri Sep 23 09:03:47 2016 us=225499   server_netbits_ipv6 = 0
Fri Sep 23 09:03:47 2016 us=225510   server_bridge_ip = 0.0.0.0
Fri Sep 23 09:03:47 2016 us=225522   server_bridge_netmask = 0.0.0.0
Fri Sep 23 09:03:47 2016 us=225535   server_bridge_pool_start = 0.0.0.0
Fri Sep 23 09:03:47 2016 us=225556   server_bridge_pool_end = 0.0.0.0
Fri Sep 23 09:03:47 2016 us=225576   ifconfig_pool_defined = DISABLED
Fri Sep 23 09:03:47 2016 us=225596   ifconfig_pool_start = 0.0.0.0
Fri Sep 23 09:03:47 2016 us=225617   ifconfig_pool_end = 0.0.0.0
Fri Sep 23 09:03:47 2016 us=225637   ifconfig_pool_netmask = 0.0.0.0
Fri Sep 23 09:03:47 2016 us=225657   ifconfig_pool_persist_filename = '[UNDEF]'
Fri Sep 23 09:03:47 2016 us=225676   ifconfig_pool_persist_refresh_freq = 600
Fri Sep 23 09:03:47 2016 us=225697   ifconfig_ipv6_pool_defined = DISABLED
Fri Sep 23 09:03:47 2016 us=225711   ifconfig_ipv6_pool_base = ::
Fri Sep 23 09:03:47 2016 us=225722   ifconfig_ipv6_pool_netbits = 0
Fri Sep 23 09:03:47 2016 us=225733   n_bcast_buf = 256
Fri Sep 23 09:03:47 2016 us=225744   tcp_queue_limit = 64
Fri Sep 23 09:03:47 2016 us=225755   real_hash_size = 256
Fri Sep 23 09:03:47 2016 us=225766   virtual_hash_size = 256
Fri Sep 23 09:03:47 2016 us=225777   client_connect_script = '[UNDEF]'
Fri Sep 23 09:03:47 2016 us=225787   learn_address_script = '[UNDEF]'
Fri Sep 23 09:03:47 2016 us=225798   client_disconnect_script = '[UNDEF]'
Fri Sep 23 09:03:47 2016 us=225809   client_config_dir = '[UNDEF]'
Fri Sep 23 09:03:47 2016 us=225820   ccd_exclusive = DISABLED
Fri Sep 23 09:03:47 2016 us=225831   tmp_dir = '/tmp'
Fri Sep 23 09:03:47 2016 us=225842   push_ifconfig_defined = DISABLED
Fri Sep 23 09:03:47 2016 us=225853   push_ifconfig_local = 0.0.0.0
Fri Sep 23 09:03:47 2016 us=225865   push_ifconfig_remote_netmask = 0.0.0.0
Fri Sep 23 09:03:47 2016 us=225876   push_ifconfig_ipv6_defined = DISABLED
Fri Sep 23 09:03:47 2016 us=225895   push_ifconfig_ipv6_local = ::/0
Fri Sep 23 09:03:47 2016 us=225907   push_ifconfig_ipv6_remote = ::
Fri Sep 23 09:03:47 2016 us=225918   enable_c2c = DISABLED
Fri Sep 23 09:03:47 2016 us=225929   duplicate_cn = DISABLED
Fri Sep 23 09:03:47 2016 us=225940   cf_max = 0
Fri Sep 23 09:03:47 2016 us=225950   cf_per = 0
Fri Sep 23 09:03:47 2016 us=225961   max_clients = 1024
Fri Sep 23 09:03:47 2016 us=225972   max_routes_per_client = 256
Fri Sep 23 09:03:47 2016 us=225983   auth_user_pass_verify_script = '[UNDEF]'
Fri Sep 23 09:03:47 2016 us=225994   auth_user_pass_verify_script_via_file = DISABLED
Fri Sep 23 09:03:47 2016 us=226005   port_share_host = '[UNDEF]'
Fri Sep 23 09:03:47 2016 us=226016   port_share_port = 0
Fri Sep 23 09:03:47 2016 us=226026   client = ENABLED
Fri Sep 23 09:03:47 2016 us=226037   pull = ENABLED
Fri Sep 23 09:03:47 2016 us=226048   auth_user_pass_file = '[UNDEF]'
Fri Sep 23 09:03:47 2016 us=226060 OpenVPN 2.3.4 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Nov 12 2015
Fri Sep 23 09:03:47 2016 us=226080 library versions: OpenSSL 1.0.1t  3 May 2016, LZO 2.08
Fri Sep 23 09:03:47 2016 us=229490 WARNING: file '/etc/openvpn/backup1303.p12' is group or others accessible
Fri Sep 23 09:03:47 2016 us=229617 WARNING: file '/etc/openvpn/dfrfw1-udp-1194-backup1303-tls.key' is group or others accessible
Fri Sep 23 09:03:47 2016 us=229633 Control Channel Authentication: using '/etc/openvpn/dfrfw1-udp-1194-backup1303-tls.key' as a OpenVPN static key file
Fri Sep 23 09:03:47 2016 us=229649 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Sep 23 09:03:47 2016 us=229664 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Sep 23 09:03:47 2016 us=229690 LZO compression initialized
Fri Sep 23 09:03:47 2016 us=229777 Control Channel MTU parms [ L:1558 D:166 EF:66 EB:0 ET:0 EL:0 ]
Fri Sep 23 09:03:47 2016 us=229820 Socket Buffers: R=[212992->131072] S=[212992->131072]
Fri Sep 23 09:03:47 2016 us=229847 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ]
Fri Sep 23 09:03:47 2016 us=229868 Local Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-128-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client'
Fri Sep 23 09:03:47 2016 us=229880 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-128-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server'
Fri Sep 23 09:03:47 2016 us=229907 Local Options hash (VER=V4): '272f1b58'
Fri Sep 23 09:03:47 2016 us=229939 Expected Remote Options hash (VER=V4): 'a2e63101'
Fri Sep 23 09:03:47 2016 us=230804 UDPv4 link local (bound): [undef]
Fri Sep 23 09:03:47 2016 us=230903 UDPv4 link remote: [AF_INET]78.194.92.54:1194
Fri Sep 23 09:03:47 2016 us=234909 TLS: Initial packet from [AF_INET]78.194.92.54:1194, sid=b4a15819 2d5619ec
Fri Sep 23 09:03:47 2016 us=313596 VERIFY OK: depth=1, C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=internal-ca
Fri Sep 23 09:03:47 2016 us=313902 VERIFY OK: nsCertType=SERVER
Fri Sep 23 09:03:47 2016 us=313924 VERIFY X509NAME OK: C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=my_company.fr
Fri Sep 23 09:03:47 2016 us=313935 VERIFY OK: depth=0, C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=my_company.fr
Fri Sep 23 09:03:47 2016 us=461234 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Fri Sep 23 09:03:47 2016 us=461265 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Sep 23 09:03:47 2016 us=461281 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Fri Sep 23 09:03:47 2016 us=461294 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Sep 23 09:03:47 2016 us=461330 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Fri Sep 23 09:03:47 2016 us=461362 [my_company.fr] Peer Connection Initiated with [AF_INET]78.194.92.54:1194
Fri Sep 23 09:03:49 2016 us=685846 SENT CONTROL [my_company.fr]: 'PUSH_REQUEST' (status=1)
Fri Sep 23 09:03:49 2016 us=689623 PUSH: Received control message: 'PUSH_REPLY,route 192.168.199.0 255.255.255.0,route 192.168.200.1,topology net30,ping 10,ping-restart 60,ifconfig 192.168.200.6 192.168.200.5'
Fri Sep 23 09:03:49 2016 us=689690 OPTIONS IMPORT: timers and/or timeouts modified
Fri Sep 23 09:03:49 2016 us=689705 OPTIONS IMPORT: --ifconfig/up options modified
Fri Sep 23 09:03:49 2016 us=689716 OPTIONS IMPORT: route options modified
Fri Sep 23 09:03:49 2016 us=689935 ROUTE_GATEWAY 172.17.10.1/255.255.255.0 IFACE=eth0 HWADDR=00:16:3e:11:0a:4b
Fri Sep 23 09:03:49 2016 us=690194 TUN/TAP device tun4 opened
Fri Sep 23 09:03:49 2016 us=690222 TUN/TAP TX queue length set to 100
Fri Sep 23 09:03:49 2016 us=690242 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Fri Sep 23 09:03:49 2016 us=690268 /sbin/ip link set dev tun4 up mtu 1500
Fri Sep 23 09:03:49 2016 us=692524 /sbin/ip addr add dev tun4 local 192.168.200.6 peer 192.168.200.5
Fri Sep 23 09:03:49 2016 us=695126 /sbin/ip route add 192.168.199.0/24 via 192.168.200.5
Fri Sep 23 09:03:49 2016 us=696991 /sbin/ip route add 192.168.200.1/32 via 192.168.200.5
Fri Sep 23 09:03:49 2016 us=698988 Initialization Sequence Completed
Fri Sep 23 10:03:47 2016 us=625592 TLS: soft reset sec=0 bytes=49183/0 pkts=718/0
Fri Sep 23 10:03:47 2016 us=711703 VERIFY OK: depth=1, C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=internal-ca
Fri Sep 23 10:03:47 2016 us=711915 VERIFY OK: nsCertType=SERVER
Fri Sep 23 10:03:47 2016 us=711934 VERIFY X509NAME OK: C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=my_company.fr
Fri Sep 23 10:03:47 2016 us=711946 VERIFY OK: depth=0, C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=my_company.fr
Fri Sep 23 10:03:47 2016 us=859102 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Fri Sep 23 10:03:47 2016 us=859146 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Sep 23 10:03:47 2016 us=859169 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Fri Sep 23 10:03:47 2016 us=859191 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Sep 23 10:03:47 2016 us=859239 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Fri Sep 23 11:03:47 2016 us=836798 TLS: soft reset sec=0 bytes=48498/0 pkts=708/0
Fri Sep 23 11:03:47 2016 us=919294 VERIFY OK: depth=1, C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=internal-ca
Fri Sep 23 11:03:47 2016 us=919522 VERIFY OK: nsCertType=SERVER
Fri Sep 23 11:03:47 2016 us=919541 VERIFY X509NAME OK: C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=my_company.fr
Fri Sep 23 11:03:47 2016 us=919552 VERIFY OK: depth=0, C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=my_company.fr
Fri Sep 23 11:03:50 2016 us=287099 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Fri Sep 23 11:03:50 2016 us=287163 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Sep 23 11:03:50 2016 us=287178 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Fri Sep 23 11:03:50 2016 us=287192 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Sep 23 11:03:50 2016 us=287232 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Fri Sep 23 12:03:47 2016 us=452656 TLS: tls_process: killed expiring key
Fri Sep 23 12:03:50 2016 us=712270 TLS: soft reset sec=0 bytes=48567/0 pkts=709/0
Fri Sep 23 12:03:50 2016 us=793842 VERIFY OK: depth=1, C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=internal-ca
Fri Sep 23 12:03:50 2016 us=794051 VERIFY OK: nsCertType=SERVER
Fri Sep 23 12:03:50 2016 us=794070 VERIFY X509NAME OK: C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=my_company.fr
Fri Sep 23 12:03:50 2016 us=794099 VERIFY OK: depth=0, C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=my_company.fr
Fri Sep 23 12:03:50 2016 us=939685 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Fri Sep 23 12:03:50 2016 us=939730 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Sep 23 12:03:50 2016 us=939745 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Fri Sep 23 12:03:50 2016 us=939759 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Sep 23 12:03:50 2016 us=939795 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Fri Sep 23 13:03:50 2016 us=679772 TLS: soft reset sec=0 bytes=48498/0 pkts=708/0
Fri Sep 23 13:03:50 2016 us=761206 VERIFY OK: depth=1, C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=internal-ca
Fri Sep 23 13:03:50 2016 us=761416 VERIFY OK: nsCertType=SERVER
Fri Sep 23 13:03:50 2016 us=761435 VERIFY X509NAME OK: C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=my_company.fr
Fri Sep 23 13:03:50 2016 us=761447 VERIFY OK: depth=0, C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=my_company.fr
Fri Sep 23 13:03:50 2016 us=916306 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Fri Sep 23 13:03:50 2016 us=916366 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Sep 23 13:03:50 2016 us=916381 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Fri Sep 23 13:03:50 2016 us=916394 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Sep 23 13:03:50 2016 us=916433 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Fri Sep 23 14:03:50 2016 us=695374 VERIFY OK: depth=1, C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=internal-ca
Fri Sep 23 14:03:50 2016 us=695633 VERIFY OK: nsCertType=SERVER
Fri Sep 23 14:03:50 2016 us=695653 VERIFY X509NAME OK: C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=my_company.fr
Fri Sep 23 14:03:50 2016 us=695665 VERIFY OK: depth=0, C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=my_company.fr
Fri Sep 23 14:03:50 2016 us=841839 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Fri Sep 23 14:03:50 2016 us=841866 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Sep 23 14:03:50 2016 us=841881 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Fri Sep 23 14:03:50 2016 us=841894 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Sep 23 14:03:50 2016 us=841931 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Top
TinCanTech
OpenVPN Protagonist
Posts: 11139
Joined: Fri Jun 03, 2016 1:17 pm

Re: client looses connection even if keepalive is set

Post by TinCanTech » Fri Sep 23, 2016 12:56 pm

All I see is this:
prius wrote:Fri Sep 23 09:03:49 2016 us=698988 Initialization Sequence Completed
Fri Sep 23 10:03:47 2016 us=625592 TLS: soft reset sec=0 bytes=49183/0 pkts=718/0
which I have already explained. :roll:
Top
prius
OpenVpn Newbie
Posts: 17
Joined: Mon Sep 12, 2016 8:37 am

Re: client looses connection even if keepalive is set

Post by prius » Fri Sep 23, 2016 1:06 pm

not sure to understand...sorry
note this config (ifconfig 192.168.200.6 192.168.200.5) doesn't work at all unlike the former one (ifconfig 192.168.200.6 192.168.200.1) which dropped after a certain time
Top
TinCanTech
OpenVPN Protagonist
Posts: 11139
Joined: Fri Jun 03, 2016 1:17 pm

Re: client looses connection even if keepalive is set

Post by TinCanTech » Fri Sep 23, 2016 1:46 pm

TinCanTech wrote:All I see is this:
prius wrote:Fri Sep 23 09:03:49 2016 us=698988 Initialization Sequence Completed
Fri Sep 23 10:03:47 2016 us=625592 TLS: soft reset sec=0 bytes=49183/0 pkts=718/0
which I have already explained. :roll:
prius wrote:not sure to understand...sorry
This is --reneg-sec 3600 (1 hour default). If you want a longer renegotiation window set it as the manual explains.
prius wrote:note this config (ifconfig 192.168.200.6 192.168.200.5) doesn't work at all
This is the correct config for --topology net30 (which you are using, as per your posted log).
prius wrote:unlike the former one (ifconfig 192.168.200.6 192.168.200.1) which dropped after a certain time
This is the incorrect config for --topology net30 and was successfully identified to be the cause of your server dropping your client with --ping-timeout.

Your posted log shows that openvpn is functioning perfectly normally .. If you have a new problem please start a new thread and post complete configs/logs and a description of the problem (in full).

NOTE:
In this thread; All of your Openvpn issues have been resolved.
Please see your posted log which shows:
  • Fri Sep 23 09:03:49 2016 us=698988 Initialization Sequence Completed
This thread is now closed.
Top
Locked

Return to “Configuration”