Inqury about private key password verification failed

[hokj]

Dear staff,

I have encountered the following problem and I have tried everything I can do.

Please help to what is wrong with the code in the following.

Thanks for your time.

Regards,

HJ







Code on my vmware sever(using NAT with the same IP as my client):

Code: Select all

port 1194
proto udp
dev tap

ca /etc/openvpn/certs/ca.crt
cert /etc/openvpn/certs/pulsar.crt
key /etc/openvpn/certs/pulsar.key
dh /etc/openvpn/certs/dh1024.pem
tls-auth /etc/openvpn/certs/ta.key 0

server 192.168.88.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"

keepalive 1800 4000

cipher DES-EDE3-CBC # Triple-DES
comp-lzo


max-clients 10

user nobody
group nogroup

persist-key
persist-tun

#log openvpn.log
#status openvpn-status.log

Code on my windows 8 client:

Code: Select all

##############################################
# Sample client-side OpenVPN 2.0 config file #
# for connecting to multi-client server.     #
#                                            #
# This configuration can be used by multiple #
# clients, however each client should have   #
# its own cert and key files.                #
#                                            #
# On Windows, you might want to rename this  #
# file so it has a .ovpn extension           #
##############################################
# Specify that we are a client and that we
# will be pulling certain config file directives
# from the server.
script-security 3 system
client

# Use the same setting as you are using on
# the server.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
dev tap
;dev tun

# Windows needs the TAP-Win32 adapter name
# from the Network Connections panel
# if you have more than one.  On XP SP2,
# you may need to disable the firewall
# for the TAP adapter.
dev-node Ethernet 3

# Are we connecting to a TCP or
# UDP server?  Use the same setting as
# on the server.
;proto tcp
proto udp

# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
remote xx.xx.x.148 1194
;remote my-server-2 1194

# Choose a random host from the remote
# list for load-balancing.  Otherwise
# try hosts in the order specified.
;remote-random

# Keep trying indefinitely to resolve the
# host name of the OpenVPN server.  Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite

# Most clients don't need to bind to
# a specific local port number.
nobind

# Downgrade privileges after initialization (non-Windows only)
;user nobody
;group nobody

# Try to preserve some state across restarts.
persist-key
persist-tun

# If you are connecting through an
# HTTP proxy to reach the actual OpenVPN
# server, put the proxy server/IP and
# port number here.  See the man page
# if your proxy server requires
# authentication.
;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]

# Wireless networks often produce a lot
# of duplicate packets.  Set this flag
# to silence duplicate packet warnings.
;mute-replay-warnings

# SSL/TLS parms.
# See the server config file for more
# description.  It's best to use
# a separate .crt/.key file pair
# for each client.  A single ca
# file can be used for all clients.
ca "D:\\Program Files\\OpenVPN\\easy-rsa\\keys\\ca.crt"
cert "D:\\Program Files\\OpenVPN\\easy-rsa\\keys\\lightening.crt"
key "D:\\Program Files\\OpenVPN\\easy-rsa\\keys\\lightening.crt"

# Verify server certificate by checking
# that the certicate has the nsCertType
# field set to "server".  This is an
# important precaution to protect against
# a potential attack discussed here:
#  http://openvpn.net/howto.html#mitm
#
# To use this feature, you will need to generate
# your server certificates with the nsCertType
# field set to "server".  The build-key-server
# script in the easy-rsa folder will do this.
ns-cert-type server

# If a tls-auth key is used on the server
# then every client must also have the key.
tls-auth "D:\\Program Files\\OpenVPN\\easy-rsa\\keys\\ta.key" 1

# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
cipher DES-EDE3-CBC

# Enable compression on the VPN link.
# Don't enable this unless it is also
# enabled in the server config file.
comp-lzo

# Set log file verbosity.
verb 5

# Silence repeating messages
mute 20

debug log:

Code: Select all

Tue Oct 07 00:44:21 2014 us=323540 Current Parameter Settings:
Tue Oct 07 00:44:21 2014 us=324539   config = 'client.ovpn'
Tue Oct 07 00:44:21 2014 us=324539   mode = 0
Tue Oct 07 00:44:21 2014 us=324539   show_ciphers = DISABLED
Tue Oct 07 00:44:21 2014 us=324539   show_digests = DISABLED
Tue Oct 07 00:44:21 2014 us=324539   show_engines = DISABLED
Tue Oct 07 00:44:21 2014 us=324539   genkey = DISABLED
Tue Oct 07 00:44:21 2014 us=324539   key_pass_file = '[UNDEF]'
Tue Oct 07 00:44:21 2014 us=324539   show_tls_ciphers = DISABLED
Tue Oct 07 00:44:21 2014 us=324539 Connection profiles [default]:
Tue Oct 07 00:44:21 2014 us=324539   proto = udp
Tue Oct 07 00:44:21 2014 us=324539   local = '[UNDEF]'
Tue Oct 07 00:44:21 2014 us=324539   local_port = 0
Tue Oct 07 00:44:21 2014 us=324539   remote = '78.91.2.148'
Tue Oct 07 00:44:21 2014 us=324539   remote_port = 1194
Tue Oct 07 00:44:21 2014 us=324539   remote_float = DISABLED
Tue Oct 07 00:44:21 2014 us=324539   bind_defined = DISABLED
Tue Oct 07 00:44:21 2014 us=324539   bind_local = DISABLED
Tue Oct 07 00:44:21 2014 us=324539   connect_retry_seconds = 5
Tue Oct 07 00:44:21 2014 us=324539   connect_timeout = 10
Tue Oct 07 00:44:21 2014 us=324539 NOTE: --mute triggered...
Tue Oct 07 00:44:21 2014 us=324539 265 variation(s) on previous 20 message(s) suppressed by --mute
Tue Oct 07 00:44:21 2014 us=324539 OpenVPN 2.3.4 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Aug  7 2014
Tue Oct 07 00:44:21 2014 us=324539 library versions: OpenSSL 1.0.1i 6 Aug 2014, LZO 2.05
Enter Management Password:
Tue Oct 07 00:44:21 2014 us=327541 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Tue Oct 07 00:44:21 2014 us=327541 Need hold release from management interface, waiting...
Tue Oct 07 00:44:21 2014 us=791853 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Tue Oct 07 00:44:21 2014 us=893920 MANAGEMENT: CMD 'state on'
Tue Oct 07 00:44:21 2014 us=893920 MANAGEMENT: CMD 'log all on'
Tue Oct 07 00:44:21 2014 us=916935 MANAGEMENT: CMD 'hold off'
Tue Oct 07 00:44:21 2014 us=917935 MANAGEMENT: CMD 'hold release'
Tue Oct 07 00:44:22 2014 us=53027 SIGUSR1[soft,private-key-password-failure] received, process restarting
Tue Oct 07 00:44:22 2014 us=54027 MANAGEMENT: >STATE:1412635462,RECONNECTING,private-key-password-failure,,
Tue Oct 07 00:44:22 2014 us=54027 Restart pause, 2 second(s)
Tue Oct 07 00:44:22 2014 us=55027 MANAGEMENT: CMD 'auth-retry none'
Tue Oct 07 00:44:24 2014 us=56362 MANAGEMENT: Client disconnected
Tue Oct 07 00:44:24 2014 us=56362 Error: private key password verification failed
Tue Oct 07 00:44:24 2014 us=56362 Exiting due to fatal error

[maikcat]

Tue Oct 07 00:44:22 2014 us=53027 SIGUSR1[soft,private-key-password-failure] received, process restarting

did you protect the private key with a password?

Michael.

[hokj]

Tue Oct 07 00:44:22 2014 us=53027 SIGUSR1[soft,private-key-password-failure] received, process restarting

did you protect the private key with a password?

Michael.

No i didn't I just input the orders of generating keys.
I'm new to the Linux world and I followed the following two guides.
http://www.tecmint.com/install-openvpn-in-debian/
https://stavrovski.net/blog/how-to-inst ... n-7-wheezy

[hokj]

I just closed my vmware and use the client again. Same error.

Maybe I did not set the routing correctly?

[hokj]

i just found what happened for this error.

Code: Select all

cert "D:\\Program Files\\OpenVPN\\easy-rsa\\keys\\lightening.crt"
key "D:\\Program Files\\OpenVPN\\easy-rsa\\keys\\lightening.crt"

Here they are same.

But after my modification. The error log on my client is as follows.

Code: Select all

Tue Oct 07 23:35:33 2014 us=721027 Current Parameter Settings:
Tue Oct 07 23:35:33 2014 us=722030   config = 'client.ovpn'
Tue Oct 07 23:35:33 2014 us=722030   mode = 0
Tue Oct 07 23:35:33 2014 us=722030   show_ciphers = DISABLED
Tue Oct 07 23:35:33 2014 us=722030   show_digests = DISABLED
Tue Oct 07 23:35:33 2014 us=722030   show_engines = DISABLED
Tue Oct 07 23:35:33 2014 us=722030   genkey = DISABLED
Tue Oct 07 23:35:33 2014 us=722030   key_pass_file = '[UNDEF]'
Tue Oct 07 23:35:33 2014 us=722030   show_tls_ciphers = DISABLED
Tue Oct 07 23:35:33 2014 us=722030 Connection profiles [default]:
Tue Oct 07 23:35:33 2014 us=722030   proto = tcp-client
Tue Oct 07 23:35:33 2014 us=722030   local = '[UNDEF]'
Tue Oct 07 23:35:33 2014 us=722030   local_port = 0
Tue Oct 07 23:35:33 2014 us=722030   remote = '78.91.2.204'
Tue Oct 07 23:35:33 2014 us=722030   remote_port = 1194
Tue Oct 07 23:35:33 2014 us=722030   remote_float = DISABLED
Tue Oct 07 23:35:33 2014 us=722030   bind_defined = DISABLED
Tue Oct 07 23:35:33 2014 us=722030   bind_local = DISABLED
Tue Oct 07 23:35:33 2014 us=722030   connect_retry_seconds = 5
Tue Oct 07 23:35:33 2014 us=722030   connect_timeout = 10
Tue Oct 07 23:35:33 2014 us=722030 NOTE: --mute triggered...
Tue Oct 07 23:35:33 2014 us=722030 265 variation(s) on previous 20 message(s) suppressed by --mute
Tue Oct 07 23:35:33 2014 us=722030 OpenVPN 2.3.4 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Aug  7 2014
Tue Oct 07 23:35:33 2014 us=722030 library versions: OpenSSL 1.0.1i 6 Aug 2014, LZO 2.05
Enter Management Password:
Tue Oct 07 23:35:33 2014 us=724032 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Tue Oct 07 23:35:33 2014 us=724032 Need hold release from management interface, waiting...
Tue Oct 07 23:35:34 2014 us=194485 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Tue Oct 07 23:35:34 2014 us=296555 MANAGEMENT: CMD 'state on'
Tue Oct 07 23:35:34 2014 us=296555 MANAGEMENT: CMD 'log all on'
Tue Oct 07 23:35:34 2014 us=318567 MANAGEMENT: CMD 'hold off'
Tue Oct 07 23:35:34 2014 us=319568 MANAGEMENT: CMD 'hold release'
Tue Oct 07 23:35:34 2014 us=464666 Control Channel Authentication: using 'D:\Program Files\OpenVPN\easy-rsa\keys\ta.key' as a OpenVPN static key file
Tue Oct 07 23:35:34 2014 us=464666 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Oct 07 23:35:34 2014 us=464666 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Oct 07 23:35:34 2014 us=464666 LZO compression initialized
Tue Oct 07 23:35:34 2014 us=464666 Control Channel MTU parms [ L:1544 D:168 EF:68 EB:0 ET:0 EL:0 ]
Tue Oct 07 23:35:34 2014 us=464666 Socket Buffers: R=[65536->65536] S=[65536->65536]
Tue Oct 07 23:35:34 2014 us=464666 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ]
Tue Oct 07 23:35:34 2014 us=464666 Local Options String: 'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,keydir 1,cipher DES-EDE3-CBC,auth SHA1,keysize 192,tls-auth,key-method 2,tls-client'
Tue Oct 07 23:35:34 2014 us=464666 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,keydir 0,cipher DES-EDE3-CBC,auth SHA1,keysize 192,tls-auth,key-method 2,tls-server'
Tue Oct 07 23:35:34 2014 us=464666 Local Options hash (VER=V4): '2dcdad92'
Tue Oct 07 23:35:34 2014 us=464666 Expected Remote Options hash (VER=V4): '7c7a0a5e'
Tue Oct 07 23:35:34 2014 us=464666 Attempting to establish TCP connection with [AF_INET]78.91.2.204:1194
Tue Oct 07 23:35:34 2014 us=464666 MANAGEMENT: >STATE:1412717734,TCP_CONNECT,,,
Tue Oct 07 23:35:35 2014 us=465335 TCP: connect to [AF_INET]78.91.2.204:1194 failed, will try again in 5 seconds: Connection refused (WSAECONNREFUSED)
Tue Oct 07 23:35:40 2014 us=468375 MANAGEMENT: >STATE:1412717740,TCP_CONNECT,,,
Tue Oct 07 23:35:41 2014 us=465150 TCP: connect to [AF_INET]78.91.2.204:1194 failed, will try again in 5 seconds: Connection refused (WSAECONNREFUSED)
Tue Oct 07 23:35:45 2014 us=468518 SIGTERM[hard,init_instance] received, process exiting
Tue Oct 07 23:35:45 2014 us=468518 MANAGEMENT: >STATE:1412717745,EXITING,init_instance,,

It was udp before and I saw a thread to let me change to tcp. Then I checked the port as follows.

Code: Select all

lsof -i:1194

openvpn 10205 nobody    4u  IPv4  21260      0t0  UDP *:openvpn 
openvpn 10596 nobody    6u  IPv4  23990      0t0  TCP *:openvpn (LISTEN)

I used this code

Code: Select all

echo 1 > /proc/sys/net/ipv4/ip_forward

in the guide here: http://www.tecmint.com/install-openvpn-in-debian/

I did not use the one in here with iptables: https://stavrovski.net/blog/installing- ... rts-server Because the error comes as

Code: Select all

root@BavM:/home/bavm# iptables-save > /etc/iptables/iptables.rules
bash: /etc/iptables/iptables.rules: No such file or directory

[hokj]

I just updated the iptables.

Code: Select all

iptables -A INPUT -p udp -m state --state NEW -m udp --dport 1194 -j ACCEPT
iptables -A FORWARD -s 192.168.88.0/24 -j ACCEPT
iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -t nat -A POSTROUTING -s 192.168.88.0/24 -o eth0 -j MASQUERADE
# in openvz/vservers you may need the following instead
# iptables -t nat -A POSTROUTING -s 192.168.88.0/24 -j SNAT --to-source <PUBLIC_VPN_IP>

iptables-save > /etc/iptables.rules

And this is the result.

Code: Select all

root@BavM:/etc# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     udp  --  anywhere             anywhere             state NEW udp dpt:openvpn
ACCEPT     udp  --  anywhere             anywhere             state NEW udp dpt:openvpn

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  192.168.88.0/24      anywhere            
ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  192.168.88.0/24      anywhere            
ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED
ACCEPT     all  --  192.168.88.0/24      anywhere            
ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED
ACCEPT     all  --  192.168.88.0/24      anywhere            
ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination     

Still the same error

Code: Select all

Wed Oct 08 00:04:16 2014 us=984631 Current Parameter Settings:
Wed Oct 08 00:04:16 2014 us=985632   config = 'client.ovpn'
Wed Oct 08 00:04:16 2014 us=985632   mode = 0
Wed Oct 08 00:04:16 2014 us=985632   show_ciphers = DISABLED
Wed Oct 08 00:04:16 2014 us=985632   show_digests = DISABLED
Wed Oct 08 00:04:16 2014 us=985632   show_engines = DISABLED
Wed Oct 08 00:04:16 2014 us=985632   genkey = DISABLED
Wed Oct 08 00:04:16 2014 us=985632   key_pass_file = '[UNDEF]'
Wed Oct 08 00:04:16 2014 us=985632   show_tls_ciphers = DISABLED
Wed Oct 08 00:04:16 2014 us=985632 Connection profiles [default]:
Wed Oct 08 00:04:16 2014 us=985632   proto = tcp-client
Wed Oct 08 00:04:16 2014 us=985632   local = '[UNDEF]'
Wed Oct 08 00:04:16 2014 us=985632   local_port = 0
Wed Oct 08 00:04:16 2014 us=985632   remote = '78.91.2.204'
Wed Oct 08 00:04:16 2014 us=985632   remote_port = 1194
Wed Oct 08 00:04:16 2014 us=985632   remote_float = DISABLED
Wed Oct 08 00:04:16 2014 us=985632   bind_defined = DISABLED
Wed Oct 08 00:04:16 2014 us=985632   bind_local = DISABLED
Wed Oct 08 00:04:16 2014 us=985632   connect_retry_seconds = 5
Wed Oct 08 00:04:16 2014 us=985632   connect_timeout = 10
Wed Oct 08 00:04:16 2014 us=985632 NOTE: --mute triggered...
Wed Oct 08 00:04:16 2014 us=985632 265 variation(s) on previous 20 message(s) suppressed by --mute
Wed Oct 08 00:04:16 2014 us=985632 OpenVPN 2.3.4 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Aug  7 2014
Wed Oct 08 00:04:16 2014 us=985632 library versions: OpenSSL 1.0.1i 6 Aug 2014, LZO 2.05
Enter Management Password:
Wed Oct 08 00:04:16 2014 us=988634 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Wed Oct 08 00:04:16 2014 us=988634 Need hold release from management interface, waiting...
Wed Oct 08 00:04:17 2014 us=466954 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Wed Oct 08 00:04:17 2014 us=569021 MANAGEMENT: CMD 'state on'
Wed Oct 08 00:04:17 2014 us=569021 MANAGEMENT: CMD 'log all on'
Wed Oct 08 00:04:17 2014 us=590036 MANAGEMENT: CMD 'hold off'
Wed Oct 08 00:04:17 2014 us=591035 MANAGEMENT: CMD 'hold release'
Wed Oct 08 00:04:17 2014 us=740135 Control Channel Authentication: using 'D:\Program Files\OpenVPN\easy-rsa\keys\ta.key' as a OpenVPN static key file
Wed Oct 08 00:04:17 2014 us=740135 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Oct 08 00:04:17 2014 us=740135 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Oct 08 00:04:17 2014 us=740135 LZO compression initialized
Wed Oct 08 00:04:17 2014 us=740135 Control Channel MTU parms [ L:1544 D:168 EF:68 EB:0 ET:0 EL:0 ]
Wed Oct 08 00:04:17 2014 us=740135 Socket Buffers: R=[65536->65536] S=[65536->65536]
Wed Oct 08 00:04:17 2014 us=740135 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ]
Wed Oct 08 00:04:17 2014 us=740135 Local Options String: 'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,keydir 1,cipher DES-EDE3-CBC,auth SHA1,keysize 192,tls-auth,key-method 2,tls-client'
Wed Oct 08 00:04:17 2014 us=740135 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,keydir 0,cipher DES-EDE3-CBC,auth SHA1,keysize 192,tls-auth,key-method 2,tls-server'
Wed Oct 08 00:04:17 2014 us=740135 Local Options hash (VER=V4): '2dcdad92'
Wed Oct 08 00:04:17 2014 us=740135 Expected Remote Options hash (VER=V4): '7c7a0a5e'
Wed Oct 08 00:04:17 2014 us=740135 Attempting to establish TCP connection with [AF_INET]78.91.2.204:1194
Wed Oct 08 00:04:17 2014 us=740135 MANAGEMENT: >STATE:1412719457,TCP_CONNECT,,,
Wed Oct 08 00:04:18 2014 us=743806 TCP: connect to [AF_INET]78.91.2.204:1194 failed, will try again in 5 seconds: Connection refused (WSAECONNREFUSED)
Wed Oct 08 00:04:23 2014 us=746862 MANAGEMENT: >STATE:1412719463,TCP_CONNECT,,,
Wed Oct 08 00:04:24 2014 us=745748 TCP: connect to [AF_INET]78.91.2.204:1194 failed, will try again in 5 seconds: Connection refused (WSAECONNREFUSED)
Wed Oct 08 00:04:29 2014 us=749668 MANAGEMENT: >STATE:1412719469,TCP_CONNECT,,,
Wed Oct 08 00:04:30 2014 us=753517 TCP: connect to [AF_INET]78.91.2.204:1194 failed, will try again in 5 seconds: Connection refused (WSAECONNREFUSED)
Wed Oct 08 00:04:35 2014 us=756593 MANAGEMENT: >STATE:1412719475,TCP_CONNECT,,,
Wed Oct 08 00:04:36 2014 us=761591 TCP: connect to [AF_INET]78.91.2.204:1194 failed, will try again in 5 seconds: Connection refused (WSAECONNREFUSED)

[hokj]

maybe this is something with my vmware?

I just asked my friend to help to test the sever on my virtual machine.


Same error as the last post.

Maybe I should set something for the NAT connection between VMware and my laptop?

Code: Select all

Wed Oct 08 11:13:34 2014 us=913898 Current Parameter Settings:
Wed Oct 08 11:13:35 2014 us=40905   config = 'client.ovpn'
Wed Oct 08 11:13:35 2014 us=40905   mode = 0
Wed Oct 08 11:13:35 2014 us=40905   show_ciphers = DISABLED
Wed Oct 08 11:13:35 2014 us=40905   show_digests = DISABLED
Wed Oct 08 11:13:35 2014 us=40905   show_engines = DISABLED
Wed Oct 08 11:13:35 2014 us=40905   genkey = DISABLED
Wed Oct 08 11:13:35 2014 us=40905   key_pass_file = '[UNDEF]'
Wed Oct 08 11:13:35 2014 us=40905   show_tls_ciphers = DISABLED
Wed Oct 08 11:13:35 2014 us=40905 Connection profiles [default]:
Wed Oct 08 11:13:35 2014 us=40905   proto = tcp-client
Wed Oct 08 11:13:35 2014 us=41905   local = '[UNDEF]'
Wed Oct 08 11:13:35 2014 us=41905   local_port = 0
Wed Oct 08 11:13:35 2014 us=41905   remote = '78.91.2.204'
Wed Oct 08 11:13:35 2014 us=41905   remote_port = 1294
Wed Oct 08 11:13:35 2014 us=41905   remote_float = DISABLED
Wed Oct 08 11:13:35 2014 us=41905   bind_defined = DISABLED
Wed Oct 08 11:13:35 2014 us=41905   bind_local = DISABLED
Wed Oct 08 11:13:35 2014 us=41905   connect_retry_seconds = 5
Wed Oct 08 11:13:35 2014 us=41905   connect_timeout = 10
Wed Oct 08 11:13:35 2014 us=41905 NOTE: --mute triggered...
Wed Oct 08 11:13:35 2014 us=41905 265 variation(s) on previous 20 message(s) suppressed by --mute
Wed Oct 08 11:13:35 2014 us=41905 OpenVPN 2.3.4 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Aug  7 2014
Wed Oct 08 11:13:35 2014 us=41905 library versions: OpenSSL 1.0.1i 6 Aug 2014, LZO 2.05
Enter Management Password:
Wed Oct 08 11:13:35 2014 us=45906 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Wed Oct 08 11:13:35 2014 us=45906 Need hold release from management interface, waiting...
Wed Oct 08 11:13:35 2014 us=421927 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Wed Oct 08 11:13:35 2014 us=522933 MANAGEMENT: CMD 'state on'
Wed Oct 08 11:13:35 2014 us=522933 MANAGEMENT: CMD 'log all on'
Wed Oct 08 11:13:35 2014 us=604938 MANAGEMENT: CMD 'hold off'
Wed Oct 08 11:13:35 2014 us=605938 MANAGEMENT: CMD 'hold release'
Wed Oct 08 11:13:35 2014 us=857952 Control Channel Authentication: using 'C:\Program Files\OpenVPN\easy-rsa\keys\ta.key' as a OpenVPN static key file
Wed Oct 08 11:13:35 2014 us=858952 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Oct 08 11:13:35 2014 us=858952 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Oct 08 11:13:35 2014 us=859952 LZO compression initialized
Wed Oct 08 11:13:35 2014 us=877953 Control Channel MTU parms [ L:1544 D:168 EF:68 EB:0 ET:0 EL:0 ]
Wed Oct 08 11:13:35 2014 us=878953 Socket Buffers: R=[8192->8192] S=[8192->8192]
Wed Oct 08 11:13:35 2014 us=878953 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ]
Wed Oct 08 11:13:35 2014 us=878953 Local Options String: 'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,keydir 1,cipher DES-EDE3-CBC,auth SHA1,keysize 192,tls-auth,key-method 2,tls-client'
Wed Oct 08 11:13:35 2014 us=878953 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,keydir 0,cipher DES-EDE3-CBC,auth SHA1,keysize 192,tls-auth,key-method 2,tls-server'
Wed Oct 08 11:13:35 2014 us=878953 Local Options hash (VER=V4): '2dcdad92'
Wed Oct 08 11:13:35 2014 us=878953 Expected Remote Options hash (VER=V4): '7c7a0a5e'
Wed Oct 08 11:13:35 2014 us=878953 Attempting to establish TCP connection with [AF_INET]78.91.2.204:1294
Wed Oct 08 11:13:35 2014 us=878953 MANAGEMENT: >STATE:1412727215,TCP_CONNECT,,,
Wed Oct 08 11:13:56 2014 us=886155 TCP: connect to [AF_INET]78.91.2.204:1294 failed, will try again in 5 seconds: Connection timed out (WSAETIMEDOUT)
Wed Oct 08 11:14:01 2014 us=886441 MANAGEMENT: >STATE:1412727241,TCP_CONNECT,,,
Wed Oct 08 11:14:22 2014 us=895643 TCP: connect to [AF_INET]78.91.2.204:1294 failed, will try again in 5 seconds: Connection timed out (WSAETIMEDOUT)
Wed Oct 08 11:14:27 2014 us=895929 MANAGEMENT: >STATE:1412727267,TCP_CONNECT,,,

[maikcat]

when your vmware uses NAT is means that traffic originating from your vm to outside world
will be translated so outside world will think that traffic is originated from your host pc,

it doesnt mean that traffic TO your host will automatically forwarded to your VM though...

use bridge mode for your vm if you want to access it from your lan.

Michael.

[hokj]

Thanks Mike

I just get it work through Tap.

Seems always something wrong win 8