OpenVPN Support Forum

Hi fellas,

I am extensively using vpn on Android over LTE and Wi-Fi.

My setup is that an openvpn server on Linux has clients on any OS, so I have one regular server and a fragment server for openvpn connections that not work so well.

I have a global dns with private addresses that are only available when vpn active (I plan to have inside vpn-dns, too)

What I encounter is that when OpenVpn Connect is running, there is significant leakage of packets which make several services and sometimes browsing unusable. I detect this by tcpdump on the default gateway: packets arrive in the clear with private vpn ips that cannot be successfully routed anywhere instead of being routed through vpn.

Why does this happen? Is the Android vpn api buggy, are apps including Android OS poorly written, or am I doing something not intended.

Do I need to clear the routing cache or use some other trick.
the ip route show routing table isn't modified by OpenVPN Connect, so I can't use regular openvpn tricks. I haven't found a directive trick for route configuration from the server that remedies the problem.

Please post server config and log at verb 4

Here is server .ovpn:

# Access
port 1235
dev tun16
server 10.250.0.0 255.255.255.128

# Security
tls-server
remote-cert-tls client
ca ca.crt
cert c3.crt
key c3.key
dh dh2048.pem
persist-key
persist-tun
user nobody
group nogroup

# Client configuration
client-config-dir /etc/ovpnccd/c3entry
#push "redirect-gateway def1"
#push "dhcp-option DNS 8.8.8.8"
#push "dhcp-option DNS 8.8.4.4"
keepalive 20 61

# Features
comp-lzo
verb 3

Here is the .ovpn I import to OpenVPN Connect

# Access
dev tun

# Security
pull
tls-client
remote-cert-tls server
ca ca.crt
cert gngsm.crt
key gngsm.key
persist-key
persist-tun

# Server Connection
remote [ipv4 address] 1235
resolv-retry infinite
nobind
keepalive 10 60
explicit-exit-notify 3

# Features
#mtu-test
comp-lzo
verb 1 # default 1

Here's the server log verb 4 (replaced public ip with 1.2.3.4)

What I have seen before having the openvpn server's ip the same as the public ip of clients is sometimes trouble. I have that.
At the end you see bad source addressess. That is packets coming through the tunnel with the client's local ip address as source.
Likewise, as I noticed on the client's default gateway, packets intended for the vpn tunnel ends up there and you get martian source kernel messages.
Android is not routing right, it seems to be somewhat random. Some apps work, others do not. Per Android app, it may or may not be consistent.
OpenVPN Connect 1.1.14 (build 56)

Tue Mar 24 06:17:37 2015 us=752463 Current Parameter Settings:
Tue Mar 24 06:17:37 2015 us=752722 config = 'c3entry.ovpn'
Tue Mar 24 06:17:37 2015 us=752826 mode = 1
Tue Mar 24 06:17:37 2015 us=752925 persist_config = DISABLED
Tue Mar 24 06:17:37 2015 us=752974 persist_mode = 1
Tue Mar 24 06:17:37 2015 us=753010 show_ciphers = DISABLED
Tue Mar 24 06:17:37 2015 us=753043 show_digests = DISABLED
Tue Mar 24 06:17:37 2015 us=753076 show_engines = DISABLED
Tue Mar 24 06:17:37 2015 us=753108 genkey = DISABLED
Tue Mar 24 06:17:37 2015 us=753141 key_pass_file = '[UNDEF]'
Tue Mar 24 06:17:37 2015 us=753174 show_tls_ciphers = DISABLED
Tue Mar 24 06:17:37 2015 us=753207 Connection profiles [default]:
Tue Mar 24 06:17:37 2015 us=753240 proto = udp
Tue Mar 24 06:17:37 2015 us=753295 local = '[UNDEF]'
Tue Mar 24 06:17:37 2015 us=753340 local_port = 1235
Tue Mar 24 06:17:37 2015 us=753376 remote = '[UNDEF]'
Tue Mar 24 06:17:37 2015 us=753409 remote_port = 1235
Tue Mar 24 06:17:37 2015 us=753447 remote_float = DISABLED
Tue Mar 24 06:17:37 2015 us=753482 bind_defined = DISABLED
Tue Mar 24 06:17:37 2015 us=753519 bind_local = ENABLED
Tue Mar 24 06:17:37 2015 us=753552 connect_retry_seconds = 5
Tue Mar 24 06:17:37 2015 us=753586 connect_timeout = 10
Tue Mar 24 06:17:37 2015 us=753618 connect_retry_max = 0
Tue Mar 24 06:17:37 2015 us=753651 socks_proxy_server = '[UNDEF]'
Tue Mar 24 06:17:37 2015 us=753684 socks_proxy_port = 0
Tue Mar 24 06:17:37 2015 us=753716 socks_proxy_retry = DISABLED
Tue Mar 24 06:17:37 2015 us=753749 tun_mtu = 1500
Tue Mar 24 06:17:37 2015 us=753787 tun_mtu_defined = ENABLED
Tue Mar 24 06:17:37 2015 us=753821 link_mtu = 1500
Tue Mar 24 06:17:37 2015 us=753856 link_mtu_defined = DISABLED
Tue Mar 24 06:17:37 2015 us=753889 tun_mtu_extra = 0
Tue Mar 24 06:17:37 2015 us=753924 tun_mtu_extra_defined = DISABLED
Tue Mar 24 06:17:37 2015 us=753959 mtu_discover_type = -1
Tue Mar 24 06:17:37 2015 us=753992 fragment = 0
Tue Mar 24 06:17:37 2015 us=754024 mssfix = 1450
Tue Mar 24 06:17:37 2015 us=754057 explicit_exit_notification = 0
Tue Mar 24 06:17:37 2015 us=754093 Connection profiles END
Tue Mar 24 06:17:37 2015 us=754128 remote_random = DISABLED
Tue Mar 24 06:17:37 2015 us=754160 ipchange = '[UNDEF]'
Tue Mar 24 06:17:37 2015 us=754193 dev = 'tun16'
Tue Mar 24 06:17:37 2015 us=754225 dev_type = '[UNDEF]'
Tue Mar 24 06:17:37 2015 us=754257 dev_node = '[UNDEF]'
Tue Mar 24 06:17:37 2015 us=754290 lladdr = '[UNDEF]'
Tue Mar 24 06:17:37 2015 us=754323 topology = 1
Tue Mar 24 06:17:37 2015 us=754497 tun_ipv6 = DISABLED
Tue Mar 24 06:17:37 2015 us=754532 ifconfig_local = '10.250.0.1'
Tue Mar 24 06:17:37 2015 us=754565 ifconfig_remote_netmask = '10.250.0.2'
Tue Mar 24 06:17:37 2015 us=754602 ifconfig_noexec = DISABLED
Tue Mar 24 06:17:37 2015 us=754636 ifconfig_nowarn = DISABLED
Tue Mar 24 06:17:37 2015 us=754669 ifconfig_ipv6_local = '[UNDEF]'
Tue Mar 24 06:17:37 2015 us=754702 ifconfig_ipv6_netbits = 0
Tue Mar 24 06:17:37 2015 us=754735 ifconfig_ipv6_remote = '[UNDEF]'
Tue Mar 24 06:17:37 2015 us=754767 shaper = 0
Tue Mar 24 06:17:37 2015 us=754800 mtu_test = 0
Tue Mar 24 06:17:37 2015 us=754832 mlock = DISABLED
Tue Mar 24 06:17:37 2015 us=754871 keepalive_ping = 20
Tue Mar 24 06:17:37 2015 us=754906 keepalive_timeout = 61
Tue Mar 24 06:17:37 2015 us=754939 inactivity_timeout = 0
Tue Mar 24 06:17:37 2015 us=754972 ping_send_timeout = 20
Tue Mar 24 06:17:37 2015 us=755004 ping_rec_timeout = 122
Tue Mar 24 06:17:37 2015 us=755037 ping_rec_timeout_action = 2
Tue Mar 24 06:17:37 2015 us=755070 ping_timer_remote = DISABLED
Tue Mar 24 06:17:37 2015 us=755102 remap_sigusr1 = 0
Tue Mar 24 06:17:37 2015 us=755135 persist_tun = ENABLED
Tue Mar 24 06:17:37 2015 us=755167 persist_local_ip = DISABLED
Tue Mar 24 06:17:37 2015 us=755200 persist_remote_ip = DISABLED
Tue Mar 24 06:17:37 2015 us=755233 persist_key = ENABLED
Tue Mar 24 06:17:37 2015 us=755265 passtos = DISABLED
Tue Mar 24 06:17:37 2015 us=755298 resolve_retry_seconds = 1000000000
Tue Mar 24 06:17:37 2015 us=755347 username = 'nobody'
Tue Mar 24 06:17:37 2015 us=755383 groupname = 'nogroup'
Tue Mar 24 06:17:37 2015 us=755416 chroot_dir = '[UNDEF]'
Tue Mar 24 06:17:37 2015 us=755448 cd_dir = '[UNDEF]'
Tue Mar 24 06:17:37 2015 us=755481 writepid = '[UNDEF]'
Tue Mar 24 06:17:37 2015 us=755514 up_script = '[UNDEF]'
Tue Mar 24 06:17:37 2015 us=755546 down_script = '[UNDEF]'
Tue Mar 24 06:17:37 2015 us=755579 down_pre = DISABLED
Tue Mar 24 06:17:37 2015 us=755611 up_restart = DISABLED
Tue Mar 24 06:17:37 2015 us=755643 up_delay = DISABLED
Tue Mar 24 06:17:37 2015 us=755676 daemon = DISABLED
Tue Mar 24 06:17:37 2015 us=755708 inetd = 0
Tue Mar 24 06:17:37 2015 us=755742 log = DISABLED
Tue Mar 24 06:17:37 2015 us=755775 suppress_timestamps = DISABLED
Tue Mar 24 06:17:37 2015 us=755807 nice = 0
Tue Mar 24 06:17:37 2015 us=755844 verbosity = 4
Tue Mar 24 06:17:37 2015 us=755876 mute = 0
Tue Mar 24 06:17:37 2015 us=755909 gremlin = 0
Tue Mar 24 06:17:37 2015 us=755944 status_file = '[UNDEF]'
Tue Mar 24 06:17:37 2015 us=755979 status_file_version = 1
Tue Mar 24 06:17:37 2015 us=756012 status_file_update_freq = 60
Tue Mar 24 06:17:37 2015 us=756044 occ = ENABLED
Tue Mar 24 06:17:37 2015 us=756081 rcvbuf = 65536
Tue Mar 24 06:17:37 2015 us=756115 sndbuf = 65536
Tue Mar 24 06:17:37 2015 us=756147 mark = 0
Tue Mar 24 06:17:37 2015 us=756180 sockflags = 0
Tue Mar 24 06:17:37 2015 us=756212 fast_io = DISABLED
Tue Mar 24 06:17:37 2015 us=756245 lzo = 7
Tue Mar 24 06:17:37 2015 us=756283 route_script = '[UNDEF]'
Tue Mar 24 06:17:37 2015 us=756317 route_default_gateway = '[UNDEF]'
Tue Mar 24 06:17:37 2015 us=756359 route_default_metric = 0
Tue Mar 24 06:17:37 2015 us=756393 route_noexec = DISABLED
Tue Mar 24 06:17:37 2015 us=756427 route_delay = 0
Tue Mar 24 06:17:37 2015 us=756459 route_delay_window = 30
Tue Mar 24 06:17:37 2015 us=756492 route_delay_defined = DISABLED
Tue Mar 24 06:17:37 2015 us=756525 route_nopull = DISABLED
Tue Mar 24 06:17:37 2015 us=756558 route_gateway_via_dhcp = DISABLED
Tue Mar 24 06:17:37 2015 us=756591 max_routes = 100
Tue Mar 24 06:17:37 2015 us=756629 allow_pull_fqdn = DISABLED
Tue Mar 24 06:17:37 2015 us=756664 route 10.250.0.0/255.255.255.128/nil/nil
Tue Mar 24 06:17:37 2015 us=756698 management_addr = '[UNDEF]'
Tue Mar 24 06:17:37 2015 us=756730 management_port = 0
Tue Mar 24 06:17:37 2015 us=756762 management_user_pass = '[UNDEF]'
Tue Mar 24 06:17:37 2015 us=756795 management_log_history_cache = 250
Tue Mar 24 06:17:37 2015 us=756828 management_echo_buffer_size = 100
Tue Mar 24 06:17:37 2015 us=756865 management_write_peer_info_file = '[UNDEF]'
Tue Mar 24 06:17:37 2015 us=756900 management_client_user = '[UNDEF]'
Tue Mar 24 06:17:37 2015 us=756957 management_client_group = '[UNDEF]'
Tue Mar 24 06:17:37 2015 us=756990 management_flags = 0
Tue Mar 24 06:17:37 2015 us=757048 shared_secret_file = '[UNDEF]'
Tue Mar 24 06:17:37 2015 us=757084 key_direction = 0
Tue Mar 24 06:17:37 2015 us=757117 ciphername_defined = ENABLED
Tue Mar 24 06:17:37 2015 us=757149 ciphername = 'BF-CBC'
Tue Mar 24 06:17:37 2015 us=757182 authname_defined = ENABLED
Tue Mar 24 06:17:37 2015 us=757215 authname = 'SHA1'
Tue Mar 24 06:17:37 2015 us=757265 prng_hash = 'SHA1'
Tue Mar 24 06:17:37 2015 us=757304 prng_nonce_secret_len = 16
Tue Mar 24 06:17:37 2015 us=757344 keysize = 0
Tue Mar 24 06:17:37 2015 us=757378 engine = DISABLED
Tue Mar 24 06:17:37 2015 us=757411 replay = ENABLED
Tue Mar 24 06:17:37 2015 us=757443 mute_replay_warnings = DISABLED
Tue Mar 24 06:17:37 2015 us=757476 replay_window = 64
Tue Mar 24 06:17:37 2015 us=757510 replay_time = 15
Tue Mar 24 06:17:37 2015 us=757543 packet_id_file = '[UNDEF]'
Tue Mar 24 06:17:37 2015 us=757592 use_iv = ENABLED
Tue Mar 24 06:17:37 2015 us=757628 test_crypto = DISABLED
Tue Mar 24 06:17:37 2015 us=757660 tls_server = ENABLED
Tue Mar 24 06:17:37 2015 us=757692 tls_client = DISABLED
Tue Mar 24 06:17:37 2015 us=757724 key_method = 2
Tue Mar 24 06:17:37 2015 us=757766 ca_file = 'ca.crt'
Tue Mar 24 06:17:37 2015 us=757799 ca_path = '[UNDEF]'
Tue Mar 24 06:17:37 2015 us=757832 dh_file = 'dh2048.pem'
Tue Mar 24 06:17:37 2015 us=757864 cert_file = 'c3.crt'
Tue Mar 24 06:17:37 2015 us=757897 priv_key_file = 'c3.key'
Tue Mar 24 06:17:37 2015 us=757939 pkcs12_file = '[UNDEF]'
Tue Mar 24 06:17:37 2015 us=757980 cipher_list = '[UNDEF]'
Tue Mar 24 06:17:37 2015 us=758013 tls_verify = '[UNDEF]'
Tue Mar 24 06:17:37 2015 us=758045 tls_export_cert = '[UNDEF]'
Tue Mar 24 06:17:37 2015 us=758078 verify_x509_type = 0
Tue Mar 24 06:17:37 2015 us=758111 verify_x509_name = '[UNDEF]'
Tue Mar 24 06:17:37 2015 us=758143 crl_file = '[UNDEF]'
Tue Mar 24 06:17:37 2015 us=758176 ns_cert_type = 0
Tue Mar 24 06:17:37 2015 us=758208 remote_cert_ku = 128
Tue Mar 24 06:17:37 2015 us=758240 remote_cert_ku = 8
Tue Mar 24 06:17:37 2015 us=758273 remote_cert_ku = 136
Tue Mar 24 06:17:37 2015 us=758306 remote_cert_ku = 0
Tue Mar 24 06:17:37 2015 us=758345 remote_cert_ku = 0
Tue Mar 24 06:17:37 2015 us=758379 remote_cert_ku = 0
Tue Mar 24 06:17:37 2015 us=758412 remote_cert_ku = 0
Tue Mar 24 06:17:37 2015 us=758451 remote_cert_ku = 0
Tue Mar 24 06:17:37 2015 us=758485 remote_cert_ku = 0
Tue Mar 24 06:17:37 2015 us=758518 remote_cert_ku = 0
Tue Mar 24 06:17:37 2015 us=758550 remote_cert_ku[i] = 0
Tue Mar 24 06:17:37 2015 us=758582 remote_cert_ku[i] = 0
Tue Mar 24 06:17:37 2015 us=758615 remote_cert_ku[i] = 0
Tue Mar 24 06:17:37 2015 us=758647 remote_cert_ku[i] = 0
Tue Mar 24 06:17:37 2015 us=758679 remote_cert_ku[i] = 0
Tue Mar 24 06:17:37 2015 us=758712 remote_cert_ku[i] = 0
Tue Mar 24 06:17:37 2015 us=758744 remote_cert_eku = 'TLS Web Client Authentication'
Tue Mar 24 06:17:37 2015 us=758778 ssl_flags = 0
Tue Mar 24 06:17:37 2015 us=758814 tls_timeout = 2
Tue Mar 24 06:17:37 2015 us=758847 renegotiate_bytes = 0
Tue Mar 24 06:17:37 2015 us=758879 renegotiate_packets = 0
Tue Mar 24 06:17:37 2015 us=758911 renegotiate_seconds = 3600
Tue Mar 24 06:17:37 2015 us=758944 handshake_window = 60
Tue Mar 24 06:17:37 2015 us=758976 transition_window = 3600
Tue Mar 24 06:17:37 2015 us=759008 single_session = DISABLED
Tue Mar 24 06:17:37 2015 us=759045 push_peer_info = DISABLED
Tue Mar 24 06:17:37 2015 us=759078 tls_exit = DISABLED
Tue Mar 24 06:17:37 2015 us=759112 tls_auth_file = '[UNDEF]'
Tue Mar 24 06:17:37 2015 us=759144 pkcs11_protected_authentication = DISABLED
Tue Mar 24 06:17:37 2015 us=759177 pkcs11_protected_authentication = DISABLED
Tue Mar 24 06:17:37 2015 us=759210 pkcs11_protected_authentication = DISABLED
Tue Mar 24 06:17:37 2015 us=759243 pkcs11_protected_authentication = DISABLED
Tue Mar 24 06:17:37 2015 us=759277 pkcs11_protected_authentication = DISABLED
Tue Mar 24 06:17:37 2015 us=759310 pkcs11_protected_authentication = DISABLED
Tue Mar 24 06:17:37 2015 us=759349 pkcs11_protected_authentication = DISABLED
Tue Mar 24 06:17:37 2015 us=759383 pkcs11_protected_authentication = DISABLED
Tue Mar 24 06:17:37 2015 us=759416 pkcs11_protected_authentication = DISABLED
Tue Mar 24 06:17:37 2015 us=759449 pkcs11_protected_authentication = DISABLED
Tue Mar 24 06:17:37 2015 us=759482 pkcs11_protected_authentication = DISABLED
Tue Mar 24 06:17:37 2015 us=759514 pkcs11_protected_authentication = DISABLED
Tue Mar 24 06:17:37 2015 us=759547 pkcs11_protected_authentication = DISABLED
Tue Mar 24 06:17:37 2015 us=759580 pkcs11_protected_authentication = DISABLED
Tue Mar 24 06:17:37 2015 us=759613 pkcs11_protected_authentication = DISABLED
Tue Mar 24 06:17:37 2015 us=759646 pkcs11_protected_authentication = DISABLED
Tue Mar 24 06:17:37 2015 us=759680 pkcs11_private_mode = 00000000
Tue Mar 24 06:17:37 2015 us=759713 pkcs11_private_mode = 00000000
Tue Mar 24 06:17:37 2015 us=759746 pkcs11_private_mode = 00000000
Tue Mar 24 06:17:37 2015 us=759779 pkcs11_private_mode = 00000000
Tue Mar 24 06:17:37 2015 us=759812 pkcs11_private_mode = 00000000
Tue Mar 24 06:17:37 2015 us=759851 pkcs11_private_mode = 00000000
Tue Mar 24 06:17:37 2015 us=759885 pkcs11_private_mode = 00000000
Tue Mar 24 06:17:37 2015 us=759917 pkcs11_private_mode = 00000000
Tue Mar 24 06:17:37 2015 us=759950 pkcs11_private_mode = 00000000
Tue Mar 24 06:17:37 2015 us=759984 pkcs11_private_mode = 00000000
Tue Mar 24 06:17:37 2015 us=760016 pkcs11_private_mode = 00000000
Tue Mar 24 06:17:37 2015 us=760049 pkcs11_private_mode = 00000000
Tue Mar 24 06:17:37 2015 us=760081 pkcs11_private_mode = 00000000
Tue Mar 24 06:17:37 2015 us=760113 pkcs11_private_mode = 00000000
Tue Mar 24 06:17:37 2015 us=760146 pkcs11_private_mode = 00000000
Tue Mar 24 06:17:37 2015 us=760178 pkcs11_private_mode = 00000000
Tue Mar 24 06:17:37 2015 us=760210 pkcs11_cert_private = DISABLED
Tue Mar 24 06:17:37 2015 us=760242 pkcs11_cert_private = DISABLED
Tue Mar 24 06:17:37 2015 us=760274 pkcs11_cert_private = DISABLED
Tue Mar 24 06:17:37 2015 us=760306 pkcs11_cert_private = DISABLED
Tue Mar 24 06:17:37 2015 us=760345 pkcs11_cert_private = DISABLED
Tue Mar 24 06:17:37 2015 us=760379 pkcs11_cert_private = DISABLED
Tue Mar 24 06:17:37 2015 us=760412 pkcs11_cert_private = DISABLED
Tue Mar 24 06:17:37 2015 us=760445 pkcs11_cert_private = DISABLED
Tue Mar 24 06:17:37 2015 us=760477 pkcs11_cert_private = DISABLED
Tue Mar 24 06:17:37 2015 us=760509 pkcs11_cert_private = DISABLED
Tue Mar 24 06:17:37 2015 us=760542 pkcs11_cert_private = DISABLED
Tue Mar 24 06:17:37 2015 us=760574 pkcs11_cert_private = DISABLED
Tue Mar 24 06:17:37 2015 us=760607 pkcs11_cert_private = DISABLED
Tue Mar 24 06:17:37 2015 us=760639 pkcs11_cert_private = DISABLED
Tue Mar 24 06:17:37 2015 us=760672 pkcs11_cert_private = DISABLED
Tue Mar 24 06:17:37 2015 us=760704 pkcs11_cert_private = DISABLED
Tue Mar 24 06:17:37 2015 us=760736 pkcs11_pin_cache_period = -1
Tue Mar 24 06:17:37 2015 us=760773 pkcs11_id = '[UNDEF]'
Tue Mar 24 06:17:37 2015 us=760806 pkcs11_id_management = DISABLED
Tue Mar 24 06:17:37 2015 us=760840 server_network = 10.250.0.0
Tue Mar 24 06:17:37 2015 us=760874 server_netmask = 255.255.255.128
Tue Mar 24 06:17:37 2015 us=760938 server_network_ipv6 = ::
Tue Mar 24 06:17:37 2015 us=760973 server_netbits_ipv6 = 0
Tue Mar 24 06:17:37 2015 us=761007 server_bridge_ip = 0.0.0.0
Tue Mar 24 06:17:37 2015 us=761041 server_bridge_netmask = 0.0.0.0
Tue Mar 24 06:17:37 2015 us=761074 server_bridge_pool_start = 0.0.0.0
Tue Mar 24 06:17:37 2015 us=761107 server_bridge_pool_end = 0.0.0.0
Tue Mar 24 06:17:37 2015 us=761140 push_entry = 'route 10.250.0.1'
Tue Mar 24 06:17:37 2015 us=761173 push_entry = 'topology net30'
Tue Mar 24 06:17:37 2015 us=761206 push_entry = 'ping 20'
Tue Mar 24 06:17:37 2015 us=761238 push_entry = 'ping-restart 61'
Tue Mar 24 06:17:37 2015 us=761291 ifconfig_pool_defined = ENABLED
Tue Mar 24 06:17:37 2015 us=761332 ifconfig_pool_start = 10.250.0.4
Tue Mar 24 06:17:37 2015 us=761369 ifconfig_pool_end = 10.250.0.123
Tue Mar 24 06:17:37 2015 us=761403 ifconfig_pool_netmask = 0.0.0.0
Tue Mar 24 06:17:37 2015 us=761436 ifconfig_pool_persist_filename = '[UNDEF]'
Tue Mar 24 06:17:37 2015 us=761481 ifconfig_pool_persist_refresh_freq = 600
Tue Mar 24 06:17:37 2015 us=761524 ifconfig_ipv6_pool_defined = DISABLED
Tue Mar 24 06:17:37 2015 us=761558 ifconfig_ipv6_pool_base = ::
Tue Mar 24 06:17:37 2015 us=761591 ifconfig_ipv6_pool_netbits = 0
Tue Mar 24 06:17:37 2015 us=761625 n_bcast_buf = 256
Tue Mar 24 06:17:37 2015 us=761677 tcp_queue_limit = 64
Tue Mar 24 06:17:37 2015 us=761712 real_hash_size = 256
Tue Mar 24 06:17:37 2015 us=761745 virtual_hash_size = 256
Tue Mar 24 06:17:37 2015 us=761787 client_connect_script = '[UNDEF]'
Tue Mar 24 06:17:37 2015 us=761821 learn_address_script = '[UNDEF]'
Tue Mar 24 06:17:37 2015 us=761854 client_disconnect_script = '[UNDEF]'
Tue Mar 24 06:17:37 2015 us=761886 client_config_dir = '/etc/ovpnccd/c3entry'
Tue Mar 24 06:17:37 2015 us=761919 ccd_exclusive = DISABLED
Tue Mar 24 06:17:37 2015 us=761952 tmp_dir = '/tmp'
Tue Mar 24 06:17:37 2015 us=761991 push_ifconfig_defined = DISABLED
Tue Mar 24 06:17:37 2015 us=762026 push_ifconfig_local = 0.0.0.0
Tue Mar 24 06:17:37 2015 us=762060 push_ifconfig_remote_netmask = 0.0.0.0
Tue Mar 24 06:17:37 2015 us=762093 push_ifconfig_ipv6_defined = DISABLED
Tue Mar 24 06:17:37 2015 us=762127 push_ifconfig_ipv6_local = ::/0
Tue Mar 24 06:17:37 2015 us=762160 push_ifconfig_ipv6_remote = ::
Tue Mar 24 06:17:37 2015 us=762193 enable_c2c = DISABLED
Tue Mar 24 06:17:37 2015 us=762226 duplicate_cn = DISABLED
Tue Mar 24 06:17:37 2015 us=762258 cf_max = 0
Tue Mar 24 06:17:37 2015 us=762291 cf_per = 0
Tue Mar 24 06:17:37 2015 us=762323 max_clients = 1024
Tue Mar 24 06:17:37 2015 us=762366 max_routes_per_client = 256
Tue Mar 24 06:17:37 2015 us=762400 auth_user_pass_verify_script = '[UNDEF]'
Tue Mar 24 06:17:37 2015 us=762433 auth_user_pass_verify_script_via_file = DISABLED
Tue Mar 24 06:17:37 2015 us=762476 port_share_host = '[UNDEF]'
Tue Mar 24 06:17:37 2015 us=762511 port_share_port = 0
Tue Mar 24 06:17:37 2015 us=762544 client = DISABLED
Tue Mar 24 06:17:37 2015 us=762577 pull = DISABLED
Tue Mar 24 06:17:37 2015 us=762609 auth_user_pass_file = '[UNDEF]'
Tue Mar 24 06:17:37 2015 us=762647 OpenVPN 2.3.2 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [IPv6] built on Dec 2 2014
Tue Mar 24 06:17:37 2015 us=767959 Diffie-Hellman initialized with 2048 bit key
Tue Mar 24 06:17:37 2015 us=768286 TLS-Auth MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Tue Mar 24 06:17:37 2015 us=768347 Socket Buffers: R=[212992->131072] S=[212992->131072]
Tue Mar 24 06:17:37 2015 us=768489 ROUTE_GATEWAY 10.240.0.1
Tue Mar 24 06:17:37 2015 us=769176 TUN/TAP device tun16 opened
Tue Mar 24 06:17:37 2015 us=769233 TUN/TAP TX queue length set to 100
Tue Mar 24 06:17:37 2015 us=769294 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Tue Mar 24 06:17:37 2015 us=769344 /sbin/ip link set dev tun16 up mtu 1500
Tue Mar 24 06:17:37 2015 us=770554 /sbin/ip addr add dev tun16 local 10.250.0.1 peer 10.250.0.2
Tue Mar 24 06:17:37 2015 us=772087 /sbin/ip route add 10.250.0.0/25 via 10.250.0.2
Tue Mar 24 06:17:37 2015 us=773057 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Tue Mar 24 06:17:37 2015 us=773546 GID set to nogroup
Tue Mar 24 06:17:37 2015 us=773561 UID set to nobody
Tue Mar 24 06:17:37 2015 us=773568 UDPv4 link local (bound): [undef]
Tue Mar 24 06:17:37 2015 us=773572 UDPv4 link remote: [undef]
Tue Mar 24 06:17:37 2015 us=773579 MULTI: multi_init called, r=256 v=256
Tue Mar 24 06:17:37 2015 us=773600 IFCONFIG POOL: base=10.250.0.4 size=30, ipv6=0
Tue Mar 24 06:17:37 2015 us=773616 Initialization Sequence Completed
Tue Mar 24 06:18:09 2015 us=666929 MULTI: multi_create_instance called
Tue Mar 24 06:18:09 2015 us=667005 1.2.3.4:44021 Re-using SSL/TLS context
Tue Mar 24 06:18:09 2015 us=667059 1.2.3.4:44021 LZO compression initialized
Tue Mar 24 06:18:09 2015 us=667181 1.2.3.4:44021 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Tue Mar 24 06:18:09 2015 us=667191 1.2.3.4:44021 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Tue Mar 24 06:18:09 2015 us=667529 1.2.3.4:44021 Local Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Tue Mar 24 06:18:09 2015 us=667551 1.2.3.4:44021 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Tue Mar 24 06:18:09 2015 us=667577 1.2.3.4:44021 Local Options hash (VER=V4): '530fdded'
Tue Mar 24 06:18:09 2015 us=667586 1.2.3.4:44021 Expected Remote Options hash (VER=V4): '41690919'
Tue Mar 24 06:18:09 2015 us=667617 1.2.3.4:44021 TLS: Initial packet from [AF_INET]1.2.3.4:44021, sid=1457376b 5061ac00
Tue Mar 24 06:18:10 2015 us=791961 1.2.3.4:44021 VERIFY OK: depth=1, C=US, CN=IP:1.2.3.4
Tue Mar 24 06:18:10 2015 us=792089 1.2.3.4:44021 Validating certificate key usage
Tue Mar 24 06:18:10 2015 us=792097 1.2.3.4:44021 ++ Certificate has key usage 0080, expects 0080
Tue Mar 24 06:18:10 2015 us=792101 1.2.3.4:44021 VERIFY KU OK
Tue Mar 24 06:18:10 2015 us=792107 1.2.3.4:44021 Validating certificate extended key usage
Tue Mar 24 06:18:10 2015 us=792113 1.2.3.4:44021 ++ Certificate has EKU (str) TLS Web Client Authentication, expects TLS Web Client Authentication
Tue Mar 24 06:18:10 2015 us=792117 1.2.3.4:44021 VERIFY EKU OK
Tue Mar 24 06:18:10 2015 us=792120 1.2.3.4:44021 VERIFY OK: depth=0, C=US, CN=gngsm
Tue Mar 24 06:18:10 2015 us=851231 1.2.3.4:44021 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Mar 24 06:18:10 2015 us=851425 1.2.3.4:44021 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Mar 24 06:18:10 2015 us=851565 1.2.3.4:44021 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Mar 24 06:18:10 2015 us=851663 1.2.3.4:44021 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Mar 24 06:18:10 2015 us=915567 1.2.3.4:44021 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Tue Mar 24 06:18:10 2015 us=915727 1.2.3.4:44021 [gngsm] Peer Connection Initiated with [AF_INET]1.2.3.4:44021
Tue Mar 24 06:18:10 2015 us=915871 gngsm/1.2.3.4:44021 OPTIONS IMPORT: reading client specific options from: /etc/ovpnccd/c3entry/DEFAULT
Tue Mar 24 06:18:10 2015 us=916034 gngsm/1.2.3.4:44021 MULTI_sva: pool returned IPv4=10.250.0.6, IPv6=(Not enabled)
Tue Mar 24 06:18:10 2015 us=916162 gngsm/1.2.3.4:44021 MULTI: Learn: 10.250.0.6 -> gngsm/1.2.3.4:44021
Tue Mar 24 06:18:10 2015 us=916258 gngsm/1.2.3.4:44021 MULTI: primary virtual IP for gngsm/1.2.3.4:44021: 10.250.0.6
Tue Mar 24 06:18:11 2015 us=922415 gngsm/1.2.3.4:44021 PUSH: Received control message: 'PUSH_REQUEST'
Tue Mar 24 06:18:11 2015 us=922449 gngsm/1.2.3.4:44021 send_push_reply(): safe_cap=940
Tue Mar 24 06:18:11 2015 us=922470 gngsm/1.2.3.4:44021 SENT CONTROL [gngsm]: 'PUSH_REPLY,route 10.250.0.1,topology net30,ping 20,ping-restart 61,redirect-gateway def1,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,ifconfig 10.250.0.6 10.250.0.5' (status=1)
Tue Mar 24 06:18:15 2015 us=274240 gngsm/1.2.3.4:44021 MULTI: bad source address from client [192.168.1.138], packet dropped
Tue Mar 24 06:18:24 2015 us=519301 gngsm/1.2.3.4:44021 MULTI: bad source address from client [192.168.1.138], packet dropped
Tue Mar 24 06:18:31 2015 us=308889 gngsm/1.2.3.4:44021 MULTI: bad source address from client [192.168.1.138], packet dropped
Tue Mar 24 06:18:40 2015 us=858467 gngsm/1.2.3.4:44021 MULTI: bad source address from client [192.168.1.138], packet dropped
Tue Mar 24 06:18:47 2015 us=235239 gngsm/1.2.3.4:44021 MULTI: bad source address from client [192.168.1.138], packet dropped

that was intended for topic Android vpn api leakage

Here's the server log verb 4 (replaced public ip with 1.2.3.4)

What I have seen before having the openvpn server's ip the same as the public ip of clients is sometimes trouble. I have that.
At the end there are bad source addresses. Those are packets coming through the tunnel with the client's local ip address as source.
Likewise, as I noticed on the client's default gateway, packets intended for the vpn tunnel ends up there and you get martian source kernel messages.
Android is not routing right, it seems to be somewhat random. Some apps work, others do not, I am not sure if it is consistent per app.
OpenVPN Connect 1.1.14 (build 56)

Tue Mar 24 06:17:37 2015 us=752463 Current Parameter Settings:
Tue Mar 24 06:17:37 2015 us=752722 config = 'c3entry.ovpn'
Tue Mar 24 06:17:37 2015 us=752826 mode = 1
Tue Mar 24 06:17:37 2015 us=752925 persist_config = DISABLED
Tue Mar 24 06:17:37 2015 us=752974 persist_mode = 1
Tue Mar 24 06:17:37 2015 us=753010 show_ciphers = DISABLED
Tue Mar 24 06:17:37 2015 us=753043 show_digests = DISABLED
Tue Mar 24 06:17:37 2015 us=753076 show_engines = DISABLED
Tue Mar 24 06:17:37 2015 us=753108 genkey = DISABLED
Tue Mar 24 06:17:37 2015 us=753141 key_pass_file = '[UNDEF]'
Tue Mar 24 06:17:37 2015 us=753174 show_tls_ciphers = DISABLED
Tue Mar 24 06:17:37 2015 us=753207 Connection profiles [default]:
Tue Mar 24 06:17:37 2015 us=753240 proto = udp
Tue Mar 24 06:17:37 2015 us=753295 local = '[UNDEF]'
Tue Mar 24 06:17:37 2015 us=753340 local_port = 1235
Tue Mar 24 06:17:37 2015 us=753376 remote = '[UNDEF]'
Tue Mar 24 06:17:37 2015 us=753409 remote_port = 1235
Tue Mar 24 06:17:37 2015 us=753447 remote_float = DISABLED
Tue Mar 24 06:17:37 2015 us=753482 bind_defined = DISABLED
Tue Mar 24 06:17:37 2015 us=753519 bind_local = ENABLED
Tue Mar 24 06:17:37 2015 us=753552 connect_retry_seconds = 5
Tue Mar 24 06:17:37 2015 us=753586 connect_timeout = 10
Tue Mar 24 06:17:37 2015 us=753618 connect_retry_max = 0
Tue Mar 24 06:17:37 2015 us=753651 socks_proxy_server = '[UNDEF]'
Tue Mar 24 06:17:37 2015 us=753684 socks_proxy_port = 0
Tue Mar 24 06:17:37 2015 us=753716 socks_proxy_retry = DISABLED
Tue Mar 24 06:17:37 2015 us=753749 tun_mtu = 1500
Tue Mar 24 06:17:37 2015 us=753787 tun_mtu_defined = ENABLED
Tue Mar 24 06:17:37 2015 us=753821 link_mtu = 1500
Tue Mar 24 06:17:37 2015 us=753856 link_mtu_defined = DISABLED
Tue Mar 24 06:17:37 2015 us=753889 tun_mtu_extra = 0
Tue Mar 24 06:17:37 2015 us=753924 tun_mtu_extra_defined = DISABLED
Tue Mar 24 06:17:37 2015 us=753959 mtu_discover_type = -1
Tue Mar 24 06:17:37 2015 us=753992 fragment = 0
Tue Mar 24 06:17:37 2015 us=754024 mssfix = 1450
Tue Mar 24 06:17:37 2015 us=754057 explicit_exit_notification = 0
Tue Mar 24 06:17:37 2015 us=754093 Connection profiles END
Tue Mar 24 06:17:37 2015 us=754128 remote_random = DISABLED
Tue Mar 24 06:17:37 2015 us=754160 ipchange = '[UNDEF]'
Tue Mar 24 06:17:37 2015 us=754193 dev = 'tun16'
Tue Mar 24 06:17:37 2015 us=754225 dev_type = '[UNDEF]'
Tue Mar 24 06:17:37 2015 us=754257 dev_node = '[UNDEF]'
Tue Mar 24 06:17:37 2015 us=754290 lladdr = '[UNDEF]'
Tue Mar 24 06:17:37 2015 us=754323 topology = 1
Tue Mar 24 06:17:37 2015 us=754497 tun_ipv6 = DISABLED
Tue Mar 24 06:17:37 2015 us=754532 ifconfig_local = '10.250.0.1'
Tue Mar 24 06:17:37 2015 us=754565 ifconfig_remote_netmask = '10.250.0.2'
Tue Mar 24 06:17:37 2015 us=754602 ifconfig_noexec = DISABLED
Tue Mar 24 06:17:37 2015 us=754636 ifconfig_nowarn = DISABLED
Tue Mar 24 06:17:37 2015 us=754669 ifconfig_ipv6_local = '[UNDEF]'
Tue Mar 24 06:17:37 2015 us=754702 ifconfig_ipv6_netbits = 0
Tue Mar 24 06:17:37 2015 us=754735 ifconfig_ipv6_remote = '[UNDEF]'
Tue Mar 24 06:17:37 2015 us=754767 shaper = 0
Tue Mar 24 06:17:37 2015 us=754800 mtu_test = 0
Tue Mar 24 06:17:37 2015 us=754832 mlock = DISABLED
Tue Mar 24 06:17:37 2015 us=754871 keepalive_ping = 20
Tue Mar 24 06:17:37 2015 us=754906 keepalive_timeout = 61
Tue Mar 24 06:17:37 2015 us=754939 inactivity_timeout = 0
Tue Mar 24 06:17:37 2015 us=754972 ping_send_timeout = 20
Tue Mar 24 06:17:37 2015 us=755004 ping_rec_timeout = 122
Tue Mar 24 06:17:37 2015 us=755037 ping_rec_timeout_action = 2
Tue Mar 24 06:17:37 2015 us=755070 ping_timer_remote = DISABLED
Tue Mar 24 06:17:37 2015 us=755102 remap_sigusr1 = 0
Tue Mar 24 06:17:37 2015 us=755135 persist_tun = ENABLED
Tue Mar 24 06:17:37 2015 us=755167 persist_local_ip = DISABLED
Tue Mar 24 06:17:37 2015 us=755200 persist_remote_ip = DISABLED
Tue Mar 24 06:17:37 2015 us=755233 persist_key = ENABLED
Tue Mar 24 06:17:37 2015 us=755265 passtos = DISABLED
Tue Mar 24 06:17:37 2015 us=755298 resolve_retry_seconds = 1000000000
Tue Mar 24 06:17:37 2015 us=755347 username = 'nobody'
Tue Mar 24 06:17:37 2015 us=755383 groupname = 'nogroup'
Tue Mar 24 06:17:37 2015 us=755416 chroot_dir = '[UNDEF]'
Tue Mar 24 06:17:37 2015 us=755448 cd_dir = '[UNDEF]'
Tue Mar 24 06:17:37 2015 us=755481 writepid = '[UNDEF]'
Tue Mar 24 06:17:37 2015 us=755514 up_script = '[UNDEF]'
Tue Mar 24 06:17:37 2015 us=755546 down_script = '[UNDEF]'
Tue Mar 24 06:17:37 2015 us=755579 down_pre = DISABLED
Tue Mar 24 06:17:37 2015 us=755611 up_restart = DISABLED
Tue Mar 24 06:17:37 2015 us=755643 up_delay = DISABLED
Tue Mar 24 06:17:37 2015 us=755676 daemon = DISABLED
Tue Mar 24 06:17:37 2015 us=755708 inetd = 0
Tue Mar 24 06:17:37 2015 us=755742 log = DISABLED
Tue Mar 24 06:17:37 2015 us=755775 suppress_timestamps = DISABLED
Tue Mar 24 06:17:37 2015 us=755807 nice = 0
Tue Mar 24 06:17:37 2015 us=755844 verbosity = 4
Tue Mar 24 06:17:37 2015 us=755876 mute = 0
Tue Mar 24 06:17:37 2015 us=755909 gremlin = 0
Tue Mar 24 06:17:37 2015 us=755944 status_file = '[UNDEF]'
Tue Mar 24 06:17:37 2015 us=755979 status_file_version = 1
Tue Mar 24 06:17:37 2015 us=756012 status_file_update_freq = 60
Tue Mar 24 06:17:37 2015 us=756044 occ = ENABLED
Tue Mar 24 06:17:37 2015 us=756081 rcvbuf = 65536
Tue Mar 24 06:17:37 2015 us=756115 sndbuf = 65536
Tue Mar 24 06:17:37 2015 us=756147 mark = 0
Tue Mar 24 06:17:37 2015 us=756180 sockflags = 0
Tue Mar 24 06:17:37 2015 us=756212 fast_io = DISABLED
Tue Mar 24 06:17:37 2015 us=756245 lzo = 7
Tue Mar 24 06:17:37 2015 us=756283 route_script = '[UNDEF]'
Tue Mar 24 06:17:37 2015 us=756317 route_default_gateway = '[UNDEF]'
Tue Mar 24 06:17:37 2015 us=756359 route_default_metric = 0
Tue Mar 24 06:17:37 2015 us=756393 route_noexec = DISABLED
Tue Mar 24 06:17:37 2015 us=756427 route_delay = 0
Tue Mar 24 06:17:37 2015 us=756459 route_delay_window = 30
Tue Mar 24 06:17:37 2015 us=756492 route_delay_defined = DISABLED
Tue Mar 24 06:17:37 2015 us=756525 route_nopull = DISABLED
Tue Mar 24 06:17:37 2015 us=756558 route_gateway_via_dhcp = DISABLED
Tue Mar 24 06:17:37 2015 us=756591 max_routes = 100
Tue Mar 24 06:17:37 2015 us=756629 allow_pull_fqdn = DISABLED
Tue Mar 24 06:17:37 2015 us=756664 route 10.250.0.0/255.255.255.128/nil/nil
Tue Mar 24 06:17:37 2015 us=756698 management_addr = '[UNDEF]'
Tue Mar 24 06:17:37 2015 us=756730 management_port = 0
Tue Mar 24 06:17:37 2015 us=756762 management_user_pass = '[UNDEF]'
Tue Mar 24 06:17:37 2015 us=756795 management_log_history_cache = 250
Tue Mar 24 06:17:37 2015 us=756828 management_echo_buffer_size = 100
Tue Mar 24 06:17:37 2015 us=756865 management_write_peer_info_file = '[UNDEF]'
Tue Mar 24 06:17:37 2015 us=756900 management_client_user = '[UNDEF]'
Tue Mar 24 06:17:37 2015 us=756957 management_client_group = '[UNDEF]'
Tue Mar 24 06:17:37 2015 us=756990 management_flags = 0
Tue Mar 24 06:17:37 2015 us=757048 shared_secret_file = '[UNDEF]'
Tue Mar 24 06:17:37 2015 us=757084 key_direction = 0
Tue Mar 24 06:17:37 2015 us=757117 ciphername_defined = ENABLED
Tue Mar 24 06:17:37 2015 us=757149 ciphername = 'BF-CBC'
Tue Mar 24 06:17:37 2015 us=757182 authname_defined = ENABLED
Tue Mar 24 06:17:37 2015 us=757215 authname = 'SHA1'
Tue Mar 24 06:17:37 2015 us=757265 prng_hash = 'SHA1'
Tue Mar 24 06:17:37 2015 us=757304 prng_nonce_secret_len = 16
Tue Mar 24 06:17:37 2015 us=757344 keysize = 0
Tue Mar 24 06:17:37 2015 us=757378 engine = DISABLED
Tue Mar 24 06:17:37 2015 us=757411 replay = ENABLED
Tue Mar 24 06:17:37 2015 us=757443 mute_replay_warnings = DISABLED
Tue Mar 24 06:17:37 2015 us=757476 replay_window = 64
Tue Mar 24 06:17:37 2015 us=757510 replay_time = 15
Tue Mar 24 06:17:37 2015 us=757543 packet_id_file = '[UNDEF]'
Tue Mar 24 06:17:37 2015 us=757592 use_iv = ENABLED
Tue Mar 24 06:17:37 2015 us=757628 test_crypto = DISABLED
Tue Mar 24 06:17:37 2015 us=757660 tls_server = ENABLED
Tue Mar 24 06:17:37 2015 us=757692 tls_client = DISABLED
Tue Mar 24 06:17:37 2015 us=757724 key_method = 2
Tue Mar 24 06:17:37 2015 us=757766 ca_file = 'ca.crt'
Tue Mar 24 06:17:37 2015 us=757799 ca_path = '[UNDEF]'
Tue Mar 24 06:17:37 2015 us=757832 dh_file = 'dh2048.pem'
Tue Mar 24 06:17:37 2015 us=757864 cert_file = 'c3.crt'
Tue Mar 24 06:17:37 2015 us=757897 priv_key_file = 'c3.key'
Tue Mar 24 06:17:37 2015 us=757939 pkcs12_file = '[UNDEF]'
Tue Mar 24 06:17:37 2015 us=757980 cipher_list = '[UNDEF]'
Tue Mar 24 06:17:37 2015 us=758013 tls_verify = '[UNDEF]'
Tue Mar 24 06:17:37 2015 us=758045 tls_export_cert = '[UNDEF]'
Tue Mar 24 06:17:37 2015 us=758078 verify_x509_type = 0
Tue Mar 24 06:17:37 2015 us=758111 verify_x509_name = '[UNDEF]'
Tue Mar 24 06:17:37 2015 us=758143 crl_file = '[UNDEF]'
Tue Mar 24 06:17:37 2015 us=758176 ns_cert_type = 0
Tue Mar 24 06:17:37 2015 us=758208 remote_cert_ku = 128
Tue Mar 24 06:17:37 2015 us=758240 remote_cert_ku = 8
Tue Mar 24 06:17:37 2015 us=758273 remote_cert_ku = 136
Tue Mar 24 06:17:37 2015 us=758306 remote_cert_ku = 0
Tue Mar 24 06:17:37 2015 us=758345 remote_cert_ku = 0
Tue Mar 24 06:17:37 2015 us=758379 remote_cert_ku = 0
Tue Mar 24 06:17:37 2015 us=758412 remote_cert_ku = 0
Tue Mar 24 06:17:37 2015 us=758451 remote_cert_ku = 0
Tue Mar 24 06:17:37 2015 us=758485 remote_cert_ku = 0
Tue Mar 24 06:17:37 2015 us=758518 remote_cert_ku = 0
Tue Mar 24 06:17:37 2015 us=758550 remote_cert_ku[i] = 0
Tue Mar 24 06:17:37 2015 us=758582 remote_cert_ku[i] = 0
Tue Mar 24 06:17:37 2015 us=758615 remote_cert_ku[i] = 0
Tue Mar 24 06:17:37 2015 us=758647 remote_cert_ku[i] = 0
Tue Mar 24 06:17:37 2015 us=758679 remote_cert_ku[i] = 0
Tue Mar 24 06:17:37 2015 us=758712 remote_cert_ku[i] = 0
Tue Mar 24 06:17:37 2015 us=758744 remote_cert_eku = 'TLS Web Client Authentication'
Tue Mar 24 06:17:37 2015 us=758778 ssl_flags = 0
Tue Mar 24 06:17:37 2015 us=758814 tls_timeout = 2
Tue Mar 24 06:17:37 2015 us=758847 renegotiate_bytes = 0
Tue Mar 24 06:17:37 2015 us=758879 renegotiate_packets = 0
Tue Mar 24 06:17:37 2015 us=758911 renegotiate_seconds = 3600
Tue Mar 24 06:17:37 2015 us=758944 handshake_window = 60
Tue Mar 24 06:17:37 2015 us=758976 transition_window = 3600
Tue Mar 24 06:17:37 2015 us=759008 single_session = DISABLED
Tue Mar 24 06:17:37 2015 us=759045 push_peer_info = DISABLED
Tue Mar 24 06:17:37 2015 us=759078 tls_exit = DISABLED
Tue Mar 24 06:17:37 2015 us=759112 tls_auth_file = '[UNDEF]'
Tue Mar 24 06:17:37 2015 us=759144 pkcs11_protected_authentication = DISABLED
Tue Mar 24 06:17:37 2015 us=759177 pkcs11_protected_authentication = DISABLED
Tue Mar 24 06:17:37 2015 us=759210 pkcs11_protected_authentication = DISABLED
Tue Mar 24 06:17:37 2015 us=759243 pkcs11_protected_authentication = DISABLED
Tue Mar 24 06:17:37 2015 us=759277 pkcs11_protected_authentication = DISABLED
Tue Mar 24 06:17:37 2015 us=759310 pkcs11_protected_authentication = DISABLED
Tue Mar 24 06:17:37 2015 us=759349 pkcs11_protected_authentication = DISABLED
Tue Mar 24 06:17:37 2015 us=759383 pkcs11_protected_authentication = DISABLED
Tue Mar 24 06:17:37 2015 us=759416 pkcs11_protected_authentication = DISABLED
Tue Mar 24 06:17:37 2015 us=759449 pkcs11_protected_authentication = DISABLED
Tue Mar 24 06:17:37 2015 us=759482 pkcs11_protected_authentication = DISABLED
Tue Mar 24 06:17:37 2015 us=759514 pkcs11_protected_authentication = DISABLED
Tue Mar 24 06:17:37 2015 us=759547 pkcs11_protected_authentication = DISABLED
Tue Mar 24 06:17:37 2015 us=759580 pkcs11_protected_authentication = DISABLED
Tue Mar 24 06:17:37 2015 us=759613 pkcs11_protected_authentication = DISABLED
Tue Mar 24 06:17:37 2015 us=759646 pkcs11_protected_authentication = DISABLED
Tue Mar 24 06:17:37 2015 us=759680 pkcs11_private_mode = 00000000
Tue Mar 24 06:17:37 2015 us=759713 pkcs11_private_mode = 00000000
Tue Mar 24 06:17:37 2015 us=759746 pkcs11_private_mode = 00000000
Tue Mar 24 06:17:37 2015 us=759779 pkcs11_private_mode = 00000000
Tue Mar 24 06:17:37 2015 us=759812 pkcs11_private_mode = 00000000
Tue Mar 24 06:17:37 2015 us=759851 pkcs11_private_mode = 00000000
Tue Mar 24 06:17:37 2015 us=759885 pkcs11_private_mode = 00000000
Tue Mar 24 06:17:37 2015 us=759917 pkcs11_private_mode = 00000000
Tue Mar 24 06:17:37 2015 us=759950 pkcs11_private_mode = 00000000
Tue Mar 24 06:17:37 2015 us=759984 pkcs11_private_mode = 00000000
Tue Mar 24 06:17:37 2015 us=760016 pkcs11_private_mode = 00000000
Tue Mar 24 06:17:37 2015 us=760049 pkcs11_private_mode = 00000000
Tue Mar 24 06:17:37 2015 us=760081 pkcs11_private_mode = 00000000
Tue Mar 24 06:17:37 2015 us=760113 pkcs11_private_mode = 00000000
Tue Mar 24 06:17:37 2015 us=760146 pkcs11_private_mode = 00000000
Tue Mar 24 06:17:37 2015 us=760178 pkcs11_private_mode = 00000000
Tue Mar 24 06:17:37 2015 us=760210 pkcs11_cert_private = DISABLED
Tue Mar 24 06:17:37 2015 us=760242 pkcs11_cert_private = DISABLED
Tue Mar 24 06:17:37 2015 us=760274 pkcs11_cert_private = DISABLED
Tue Mar 24 06:17:37 2015 us=760306 pkcs11_cert_private = DISABLED
Tue Mar 24 06:17:37 2015 us=760345 pkcs11_cert_private = DISABLED
Tue Mar 24 06:17:37 2015 us=760379 pkcs11_cert_private = DISABLED
Tue Mar 24 06:17:37 2015 us=760412 pkcs11_cert_private = DISABLED
Tue Mar 24 06:17:37 2015 us=760445 pkcs11_cert_private = DISABLED
Tue Mar 24 06:17:37 2015 us=760477 pkcs11_cert_private = DISABLED
Tue Mar 24 06:17:37 2015 us=760509 pkcs11_cert_private = DISABLED
Tue Mar 24 06:17:37 2015 us=760542 pkcs11_cert_private = DISABLED
Tue Mar 24 06:17:37 2015 us=760574 pkcs11_cert_private = DISABLED
Tue Mar 24 06:17:37 2015 us=760607 pkcs11_cert_private = DISABLED
Tue Mar 24 06:17:37 2015 us=760639 pkcs11_cert_private = DISABLED
Tue Mar 24 06:17:37 2015 us=760672 pkcs11_cert_private = DISABLED
Tue Mar 24 06:17:37 2015 us=760704 pkcs11_cert_private = DISABLED
Tue Mar 24 06:17:37 2015 us=760736 pkcs11_pin_cache_period = -1
Tue Mar 24 06:17:37 2015 us=760773 pkcs11_id = '[UNDEF]'
Tue Mar 24 06:17:37 2015 us=760806 pkcs11_id_management = DISABLED
Tue Mar 24 06:17:37 2015 us=760840 server_network = 10.250.0.0
Tue Mar 24 06:17:37 2015 us=760874 server_netmask = 255.255.255.128
Tue Mar 24 06:17:37 2015 us=760938 server_network_ipv6 = ::
Tue Mar 24 06:17:37 2015 us=760973 server_netbits_ipv6 = 0
Tue Mar 24 06:17:37 2015 us=761007 server_bridge_ip = 0.0.0.0
Tue Mar 24 06:17:37 2015 us=761041 server_bridge_netmask = 0.0.0.0
Tue Mar 24 06:17:37 2015 us=761074 server_bridge_pool_start = 0.0.0.0
Tue Mar 24 06:17:37 2015 us=761107 server_bridge_pool_end = 0.0.0.0
Tue Mar 24 06:17:37 2015 us=761140 push_entry = 'route 10.250.0.1'
Tue Mar 24 06:17:37 2015 us=761173 push_entry = 'topology net30'
Tue Mar 24 06:17:37 2015 us=761206 push_entry = 'ping 20'
Tue Mar 24 06:17:37 2015 us=761238 push_entry = 'ping-restart 61'
Tue Mar 24 06:17:37 2015 us=761291 ifconfig_pool_defined = ENABLED
Tue Mar 24 06:17:37 2015 us=761332 ifconfig_pool_start = 10.250.0.4
Tue Mar 24 06:17:37 2015 us=761369 ifconfig_pool_end = 10.250.0.123
Tue Mar 24 06:17:37 2015 us=761403 ifconfig_pool_netmask = 0.0.0.0
Tue Mar 24 06:17:37 2015 us=761436 ifconfig_pool_persist_filename = '[UNDEF]'
Tue Mar 24 06:17:37 2015 us=761481 ifconfig_pool_persist_refresh_freq = 600
Tue Mar 24 06:17:37 2015 us=761524 ifconfig_ipv6_pool_defined = DISABLED
Tue Mar 24 06:17:37 2015 us=761558 ifconfig_ipv6_pool_base = ::
Tue Mar 24 06:17:37 2015 us=761591 ifconfig_ipv6_pool_netbits = 0
Tue Mar 24 06:17:37 2015 us=761625 n_bcast_buf = 256
Tue Mar 24 06:17:37 2015 us=761677 tcp_queue_limit = 64
Tue Mar 24 06:17:37 2015 us=761712 real_hash_size = 256
Tue Mar 24 06:17:37 2015 us=761745 virtual_hash_size = 256
Tue Mar 24 06:17:37 2015 us=761787 client_connect_script = '[UNDEF]'
Tue Mar 24 06:17:37 2015 us=761821 learn_address_script = '[UNDEF]'
Tue Mar 24 06:17:37 2015 us=761854 client_disconnect_script = '[UNDEF]'
Tue Mar 24 06:17:37 2015 us=761886 client_config_dir = '/etc/ovpnccd/c3entry'
Tue Mar 24 06:17:37 2015 us=761919 ccd_exclusive = DISABLED
Tue Mar 24 06:17:37 2015 us=761952 tmp_dir = '/tmp'
Tue Mar 24 06:17:37 2015 us=761991 push_ifconfig_defined = DISABLED
Tue Mar 24 06:17:37 2015 us=762026 push_ifconfig_local = 0.0.0.0
Tue Mar 24 06:17:37 2015 us=762060 push_ifconfig_remote_netmask = 0.0.0.0
Tue Mar 24 06:17:37 2015 us=762093 push_ifconfig_ipv6_defined = DISABLED
Tue Mar 24 06:17:37 2015 us=762127 push_ifconfig_ipv6_local = ::/0
Tue Mar 24 06:17:37 2015 us=762160 push_ifconfig_ipv6_remote = ::
Tue Mar 24 06:17:37 2015 us=762193 enable_c2c = DISABLED
Tue Mar 24 06:17:37 2015 us=762226 duplicate_cn = DISABLED
Tue Mar 24 06:17:37 2015 us=762258 cf_max = 0
Tue Mar 24 06:17:37 2015 us=762291 cf_per = 0
Tue Mar 24 06:17:37 2015 us=762323 max_clients = 1024
Tue Mar 24 06:17:37 2015 us=762366 max_routes_per_client = 256
Tue Mar 24 06:17:37 2015 us=762400 auth_user_pass_verify_script = '[UNDEF]'
Tue Mar 24 06:17:37 2015 us=762433 auth_user_pass_verify_script_via_file = DISABLED
Tue Mar 24 06:17:37 2015 us=762476 port_share_host = '[UNDEF]'
Tue Mar 24 06:17:37 2015 us=762511 port_share_port = 0
Tue Mar 24 06:17:37 2015 us=762544 client = DISABLED
Tue Mar 24 06:17:37 2015 us=762577 pull = DISABLED
Tue Mar 24 06:17:37 2015 us=762609 auth_user_pass_file = '[UNDEF]'
Tue Mar 24 06:17:37 2015 us=762647 OpenVPN 2.3.2 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [IPv6] built on Dec 2 2014
Tue Mar 24 06:17:37 2015 us=767959 Diffie-Hellman initialized with 2048 bit key
Tue Mar 24 06:17:37 2015 us=768286 TLS-Auth MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Tue Mar 24 06:17:37 2015 us=768347 Socket Buffers: R=[212992->131072] S=[212992->131072]
Tue Mar 24 06:17:37 2015 us=768489 ROUTE_GATEWAY 10.240.0.1
Tue Mar 24 06:17:37 2015 us=769176 TUN/TAP device tun16 opened
Tue Mar 24 06:17:37 2015 us=769233 TUN/TAP TX queue length set to 100
Tue Mar 24 06:17:37 2015 us=769294 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Tue Mar 24 06:17:37 2015 us=769344 /sbin/ip link set dev tun16 up mtu 1500
Tue Mar 24 06:17:37 2015 us=770554 /sbin/ip addr add dev tun16 local 10.250.0.1 peer 10.250.0.2
Tue Mar 24 06:17:37 2015 us=772087 /sbin/ip route add 10.250.0.0/25 via 10.250.0.2
Tue Mar 24 06:17:37 2015 us=773057 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Tue Mar 24 06:17:37 2015 us=773546 GID set to nogroup
Tue Mar 24 06:17:37 2015 us=773561 UID set to nobody
Tue Mar 24 06:17:37 2015 us=773568 UDPv4 link local (bound): [undef]
Tue Mar 24 06:17:37 2015 us=773572 UDPv4 link remote: [undef]
Tue Mar 24 06:17:37 2015 us=773579 MULTI: multi_init called, r=256 v=256
Tue Mar 24 06:17:37 2015 us=773600 IFCONFIG POOL: base=10.250.0.4 size=30, ipv6=0
Tue Mar 24 06:17:37 2015 us=773616 Initialization Sequence Completed
Tue Mar 24 06:18:09 2015 us=666929 MULTI: multi_create_instance called
Tue Mar 24 06:18:09 2015 us=667005 1.2.3.4:44021 Re-using SSL/TLS context
Tue Mar 24 06:18:09 2015 us=667059 1.2.3.4:44021 LZO compression initialized
Tue Mar 24 06:18:09 2015 us=667181 1.2.3.4:44021 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Tue Mar 24 06:18:09 2015 us=667191 1.2.3.4:44021 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Tue Mar 24 06:18:09 2015 us=667529 1.2.3.4:44021 Local Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Tue Mar 24 06:18:09 2015 us=667551 1.2.3.4:44021 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Tue Mar 24 06:18:09 2015 us=667577 1.2.3.4:44021 Local Options hash (VER=V4): '530fdded'
Tue Mar 24 06:18:09 2015 us=667586 1.2.3.4:44021 Expected Remote Options hash (VER=V4): '41690919'
Tue Mar 24 06:18:09 2015 us=667617 1.2.3.4:44021 TLS: Initial packet from [AF_INET]1.2.3.4:44021, sid=1457376b 5061ac00
Tue Mar 24 06:18:10 2015 us=791961 1.2.3.4:44021 VERIFY OK: depth=1, C=US, CN=IP:1.2.3.4
Tue Mar 24 06:18:10 2015 us=792089 1.2.3.4:44021 Validating certificate key usage
Tue Mar 24 06:18:10 2015 us=792097 1.2.3.4:44021 ++ Certificate has key usage 0080, expects 0080
Tue Mar 24 06:18:10 2015 us=792101 1.2.3.4:44021 VERIFY KU OK
Tue Mar 24 06:18:10 2015 us=792107 1.2.3.4:44021 Validating certificate extended key usage
Tue Mar 24 06:18:10 2015 us=792113 1.2.3.4:44021 ++ Certificate has EKU (str) TLS Web Client Authentication, expects TLS Web Client Authentication
Tue Mar 24 06:18:10 2015 us=792117 1.2.3.4:44021 VERIFY EKU OK
Tue Mar 24 06:18:10 2015 us=792120 1.2.3.4:44021 VERIFY OK: depth=0, C=US, CN=gngsm
Tue Mar 24 06:18:10 2015 us=851231 1.2.3.4:44021 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Mar 24 06:18:10 2015 us=851425 1.2.3.4:44021 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Mar 24 06:18:10 2015 us=851565 1.2.3.4:44021 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Mar 24 06:18:10 2015 us=851663 1.2.3.4:44021 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Mar 24 06:18:10 2015 us=915567 1.2.3.4:44021 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Tue Mar 24 06:18:10 2015 us=915727 1.2.3.4:44021 [gngsm] Peer Connection Initiated with [AF_INET]1.2.3.4:44021
Tue Mar 24 06:18:10 2015 us=915871 gngsm/1.2.3.4:44021 OPTIONS IMPORT: reading client specific options from: /etc/ovpnccd/c3entry/DEFAULT
Tue Mar 24 06:18:10 2015 us=916034 gngsm/1.2.3.4:44021 MULTI_sva: pool returned IPv4=10.250.0.6, IPv6=(Not enabled)
Tue Mar 24 06:18:10 2015 us=916162 gngsm/1.2.3.4:44021 MULTI: Learn: 10.250.0.6 -> gngsm/1.2.3.4:44021
Tue Mar 24 06:18:10 2015 us=916258 gngsm/1.2.3.4:44021 MULTI: primary virtual IP for gngsm/1.2.3.4:44021: 10.250.0.6
Tue Mar 24 06:18:11 2015 us=922415 gngsm/1.2.3.4:44021 PUSH: Received control message: 'PUSH_REQUEST'
Tue Mar 24 06:18:11 2015 us=922449 gngsm/1.2.3.4:44021 send_push_reply(): safe_cap=940
Tue Mar 24 06:18:11 2015 us=922470 gngsm/1.2.3.4:44021 SENT CONTROL [gngsm]: 'PUSH_REPLY,route 10.250.0.1,topology net30,ping 20,ping-restart 61,redirect-gateway def1,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,ifconfig 10.250.0.6 10.250.0.5' (status=1)
Tue Mar 24 06:18:15 2015 us=274240 gngsm/1.2.3.4:44021 MULTI: bad source address from client [192.168.1.138], packet dropped
Tue Mar 24 06:18:24 2015 us=519301 gngsm/1.2.3.4:44021 MULTI: bad source address from client [192.168.1.138], packet dropped
Tue Mar 24 06:18:31 2015 us=308889 gngsm/1.2.3.4:44021 MULTI: bad source address from client [192.168.1.138], packet dropped
Tue Mar 24 06:18:40 2015 us=858467 gngsm/1.2.3.4:44021 MULTI: bad source address from client [192.168.1.138], packet dropped
Tue Mar 24 06:18:47 2015 us=235239 gngsm/1.2.3.4:44021 MULTI: bad source address from client [192.168.1.138], packet dropped

Thank you for your willingness to help. I did post those yesterday, but apparently the bulletin board ignores multiple postings.

Check is out and let me know what the fix is...

Here is server config:
# Access
port 1235
dev tun16
server 10.250.0.0 255.255.255.128

# Security
tls-server
remote-cert-tls client
ca ca.crt
cert c3.crt
key c3.key
dh dh2048.pem
persist-key
persist-tun
user nobody
group nogroup

# Client configuration
client-config-dir /etc/ovpnccd/c3entry
#push "redirect-gateway def1"
#push "dhcp-option DNS 8.8.8.8"
#push "dhcp-option DNS 8.8.4.4"
keepalive 20 61

# Features
comp-lzo
verb 3



Here is server starting and accepting one client:

Tue Mar 24 06:17:37 2015 us=752463 Current Parameter Settings:
Tue Mar 24 06:17:37 2015 us=752722 config = 'c3entry.ovpn'
Tue Mar 24 06:17:37 2015 us=752826 mode = 1
Tue Mar 24 06:17:37 2015 us=752925 persist_config = DISABLED
Tue Mar 24 06:17:37 2015 us=752974 persist_mode = 1
Tue Mar 24 06:17:37 2015 us=753010 show_ciphers = DISABLED
Tue Mar 24 06:17:37 2015 us=753043 show_digests = DISABLED
Tue Mar 24 06:17:37 2015 us=753076 show_engines = DISABLED
Tue Mar 24 06:17:37 2015 us=753108 genkey = DISABLED
Tue Mar 24 06:17:37 2015 us=753141 key_pass_file = '[UNDEF]'
Tue Mar 24 06:17:37 2015 us=753174 show_tls_ciphers = DISABLED
Tue Mar 24 06:17:37 2015 us=753207 Connection profiles [default]:
Tue Mar 24 06:17:37 2015 us=753240 proto = udp
Tue Mar 24 06:17:37 2015 us=753295 local = '[UNDEF]'
Tue Mar 24 06:17:37 2015 us=753340 local_port = 1235
Tue Mar 24 06:17:37 2015 us=753376 remote = '[UNDEF]'
Tue Mar 24 06:17:37 2015 us=753409 remote_port = 1235
Tue Mar 24 06:17:37 2015 us=753447 remote_float = DISABLED
Tue Mar 24 06:17:37 2015 us=753482 bind_defined = DISABLED
Tue Mar 24 06:17:37 2015 us=753519 bind_local = ENABLED
Tue Mar 24 06:17:37 2015 us=753552 connect_retry_seconds = 5
Tue Mar 24 06:17:37 2015 us=753586 connect_timeout = 10
Tue Mar 24 06:17:37 2015 us=753618 connect_retry_max = 0
Tue Mar 24 06:17:37 2015 us=753651 socks_proxy_server = '[UNDEF]'
Tue Mar 24 06:17:37 2015 us=753684 socks_proxy_port = 0
Tue Mar 24 06:17:37 2015 us=753716 socks_proxy_retry = DISABLED
Tue Mar 24 06:17:37 2015 us=753749 tun_mtu = 1500
Tue Mar 24 06:17:37 2015 us=753787 tun_mtu_defined = ENABLED
Tue Mar 24 06:17:37 2015 us=753821 link_mtu = 1500
Tue Mar 24 06:17:37 2015 us=753856 link_mtu_defined = DISABLED
Tue Mar 24 06:17:37 2015 us=753889 tun_mtu_extra = 0
Tue Mar 24 06:17:37 2015 us=753924 tun_mtu_extra_defined = DISABLED
Tue Mar 24 06:17:37 2015 us=753959 mtu_discover_type = -1
Tue Mar 24 06:17:37 2015 us=753992 fragment = 0
Tue Mar 24 06:17:37 2015 us=754024 mssfix = 1450
Tue Mar 24 06:17:37 2015 us=754057 explicit_exit_notification = 0
Tue Mar 24 06:17:37 2015 us=754093 Connection profiles END
Tue Mar 24 06:17:37 2015 us=754128 remote_random = DISABLED
Tue Mar 24 06:17:37 2015 us=754160 ipchange = '[UNDEF]'
Tue Mar 24 06:17:37 2015 us=754193 dev = 'tun16'
Tue Mar 24 06:17:37 2015 us=754225 dev_type = '[UNDEF]'
Tue Mar 24 06:17:37 2015 us=754257 dev_node = '[UNDEF]'
Tue Mar 24 06:17:37 2015 us=754290 lladdr = '[UNDEF]'
Tue Mar 24 06:17:37 2015 us=754323 topology = 1
Tue Mar 24 06:17:37 2015 us=754497 tun_ipv6 = DISABLED
Tue Mar 24 06:17:37 2015 us=754532 ifconfig_local = '10.250.0.1'
Tue Mar 24 06:17:37 2015 us=754565 ifconfig_remote_netmask = '10.250.0.2'
Tue Mar 24 06:17:37 2015 us=754602 ifconfig_noexec = DISABLED
Tue Mar 24 06:17:37 2015 us=754636 ifconfig_nowarn = DISABLED
Tue Mar 24 06:17:37 2015 us=754669 ifconfig_ipv6_local = '[UNDEF]'
Tue Mar 24 06:17:37 2015 us=754702 ifconfig_ipv6_netbits = 0
Tue Mar 24 06:17:37 2015 us=754735 ifconfig_ipv6_remote = '[UNDEF]'
Tue Mar 24 06:17:37 2015 us=754767 shaper = 0
Tue Mar 24 06:17:37 2015 us=754800 mtu_test = 0
Tue Mar 24 06:17:37 2015 us=754832 mlock = DISABLED
Tue Mar 24 06:17:37 2015 us=754871 keepalive_ping = 20
Tue Mar 24 06:17:37 2015 us=754906 keepalive_timeout = 61
Tue Mar 24 06:17:37 2015 us=754939 inactivity_timeout = 0
Tue Mar 24 06:17:37 2015 us=754972 ping_send_timeout = 20
Tue Mar 24 06:17:37 2015 us=755004 ping_rec_timeout = 122
Tue Mar 24 06:17:37 2015 us=755037 ping_rec_timeout_action = 2
Tue Mar 24 06:17:37 2015 us=755070 ping_timer_remote = DISABLED
Tue Mar 24 06:17:37 2015 us=755102 remap_sigusr1 = 0
Tue Mar 24 06:17:37 2015 us=755135 persist_tun = ENABLED
Tue Mar 24 06:17:37 2015 us=755167 persist_local_ip = DISABLED
Tue Mar 24 06:17:37 2015 us=755200 persist_remote_ip = DISABLED
Tue Mar 24 06:17:37 2015 us=755233 persist_key = ENABLED
Tue Mar 24 06:17:37 2015 us=755265 passtos = DISABLED
Tue Mar 24 06:17:37 2015 us=755298 resolve_retry_seconds = 1000000000
Tue Mar 24 06:17:37 2015 us=755347 username = 'nobody'
Tue Mar 24 06:17:37 2015 us=755383 groupname = 'nogroup'
Tue Mar 24 06:17:37 2015 us=755416 chroot_dir = '[UNDEF]'
Tue Mar 24 06:17:37 2015 us=755448 cd_dir = '[UNDEF]'
Tue Mar 24 06:17:37 2015 us=755481 writepid = '[UNDEF]'
Tue Mar 24 06:17:37 2015 us=755514 up_script = '[UNDEF]'
Tue Mar 24 06:17:37 2015 us=755546 down_script = '[UNDEF]'
Tue Mar 24 06:17:37 2015 us=755579 down_pre = DISABLED
Tue Mar 24 06:17:37 2015 us=755611 up_restart = DISABLED
Tue Mar 24 06:17:37 2015 us=755643 up_delay = DISABLED
Tue Mar 24 06:17:37 2015 us=755676 daemon = DISABLED
Tue Mar 24 06:17:37 2015 us=755708 inetd = 0
Tue Mar 24 06:17:37 2015 us=755742 log = DISABLED
Tue Mar 24 06:17:37 2015 us=755775 suppress_timestamps = DISABLED
Tue Mar 24 06:17:37 2015 us=755807 nice = 0
Tue Mar 24 06:17:37 2015 us=755844 verbosity = 4
Tue Mar 24 06:17:37 2015 us=755876 mute = 0
Tue Mar 24 06:17:37 2015 us=755909 gremlin = 0
Tue Mar 24 06:17:37 2015 us=755944 status_file = '[UNDEF]'
Tue Mar 24 06:17:37 2015 us=755979 status_file_version = 1
Tue Mar 24 06:17:37 2015 us=756012 status_file_update_freq = 60
Tue Mar 24 06:17:37 2015 us=756044 occ = ENABLED
Tue Mar 24 06:17:37 2015 us=756081 rcvbuf = 65536
Tue Mar 24 06:17:37 2015 us=756115 sndbuf = 65536
Tue Mar 24 06:17:37 2015 us=756147 mark = 0
Tue Mar 24 06:17:37 2015 us=756180 sockflags = 0
Tue Mar 24 06:17:37 2015 us=756212 fast_io = DISABLED
Tue Mar 24 06:17:37 2015 us=756245 lzo = 7
Tue Mar 24 06:17:37 2015 us=756283 route_script = '[UNDEF]'
Tue Mar 24 06:17:37 2015 us=756317 route_default_gateway = '[UNDEF]'
Tue Mar 24 06:17:37 2015 us=756359 route_default_metric = 0
Tue Mar 24 06:17:37 2015 us=756393 route_noexec = DISABLED
Tue Mar 24 06:17:37 2015 us=756427 route_delay = 0
Tue Mar 24 06:17:37 2015 us=756459 route_delay_window = 30
Tue Mar 24 06:17:37 2015 us=756492 route_delay_defined = DISABLED
Tue Mar 24 06:17:37 2015 us=756525 route_nopull = DISABLED
Tue Mar 24 06:17:37 2015 us=756558 route_gateway_via_dhcp = DISABLED
Tue Mar 24 06:17:37 2015 us=756591 max_routes = 100
Tue Mar 24 06:17:37 2015 us=756629 allow_pull_fqdn = DISABLED
Tue Mar 24 06:17:37 2015 us=756664 route 10.250.0.0/255.255.255.128/nil/nil
Tue Mar 24 06:17:37 2015 us=756698 management_addr = '[UNDEF]'
Tue Mar 24 06:17:37 2015 us=756730 management_port = 0
Tue Mar 24 06:17:37 2015 us=756762 management_user_pass = '[UNDEF]'
Tue Mar 24 06:17:37 2015 us=756795 management_log_history_cache = 250
Tue Mar 24 06:17:37 2015 us=756828 management_echo_buffer_size = 100
Tue Mar 24 06:17:37 2015 us=756865 management_write_peer_info_file = '[UNDEF]'
Tue Mar 24 06:17:37 2015 us=756900 management_client_user = '[UNDEF]'
Tue Mar 24 06:17:37 2015 us=756957 management_client_group = '[UNDEF]'
Tue Mar 24 06:17:37 2015 us=756990 management_flags = 0
Tue Mar 24 06:17:37 2015 us=757048 shared_secret_file = '[UNDEF]'
Tue Mar 24 06:17:37 2015 us=757084 key_direction = 0
Tue Mar 24 06:17:37 2015 us=757117 ciphername_defined = ENABLED
Tue Mar 24 06:17:37 2015 us=757149 ciphername = 'BF-CBC'
Tue Mar 24 06:17:37 2015 us=757182 authname_defined = ENABLED
Tue Mar 24 06:17:37 2015 us=757215 authname = 'SHA1'
Tue Mar 24 06:17:37 2015 us=757265 prng_hash = 'SHA1'
Tue Mar 24 06:17:37 2015 us=757304 prng_nonce_secret_len = 16
Tue Mar 24 06:17:37 2015 us=757344 keysize = 0
Tue Mar 24 06:17:37 2015 us=757378 engine = DISABLED
Tue Mar 24 06:17:37 2015 us=757411 replay = ENABLED
Tue Mar 24 06:17:37 2015 us=757443 mute_replay_warnings = DISABLED
Tue Mar 24 06:17:37 2015 us=757476 replay_window = 64
Tue Mar 24 06:17:37 2015 us=757510 replay_time = 15
Tue Mar 24 06:17:37 2015 us=757543 packet_id_file = '[UNDEF]'
Tue Mar 24 06:17:37 2015 us=757592 use_iv = ENABLED
Tue Mar 24 06:17:37 2015 us=757628 test_crypto = DISABLED
Tue Mar 24 06:17:37 2015 us=757660 tls_server = ENABLED
Tue Mar 24 06:17:37 2015 us=757692 tls_client = DISABLED
Tue Mar 24 06:17:37 2015 us=757724 key_method = 2
Tue Mar 24 06:17:37 2015 us=757766 ca_file = 'ca.crt'
Tue Mar 24 06:17:37 2015 us=757799 ca_path = '[UNDEF]'
Tue Mar 24 06:17:37 2015 us=757832 dh_file = 'dh2048.pem'
Tue Mar 24 06:17:37 2015 us=757864 cert_file = 'c3.crt'
Tue Mar 24 06:17:37 2015 us=757897 priv_key_file = 'c3.key'
Tue Mar 24 06:17:37 2015 us=757939 pkcs12_file = '[UNDEF]'
Tue Mar 24 06:17:37 2015 us=757980 cipher_list = '[UNDEF]'
Tue Mar 24 06:17:37 2015 us=758013 tls_verify = '[UNDEF]'
Tue Mar 24 06:17:37 2015 us=758045 tls_export_cert = '[UNDEF]'
Tue Mar 24 06:17:37 2015 us=758078 verify_x509_type = 0
Tue Mar 24 06:17:37 2015 us=758111 verify_x509_name = '[UNDEF]'
Tue Mar 24 06:17:37 2015 us=758143 crl_file = '[UNDEF]'
Tue Mar 24 06:17:37 2015 us=758176 ns_cert_type = 0
Tue Mar 24 06:17:37 2015 us=758208 remote_cert_ku = 128
Tue Mar 24 06:17:37 2015 us=758240 remote_cert_ku = 8
Tue Mar 24 06:17:37 2015 us=758273 remote_cert_ku = 136
Tue Mar 24 06:17:37 2015 us=758306 remote_cert_ku = 0
Tue Mar 24 06:17:37 2015 us=758345 remote_cert_ku = 0
Tue Mar 24 06:17:37 2015 us=758379 remote_cert_ku = 0
Tue Mar 24 06:17:37 2015 us=758412 remote_cert_ku = 0
Tue Mar 24 06:17:37 2015 us=758451 remote_cert_ku = 0
Tue Mar 24 06:17:37 2015 us=758485 remote_cert_ku = 0
Tue Mar 24 06:17:37 2015 us=758518 remote_cert_ku = 0
Tue Mar 24 06:17:37 2015 us=758550 remote_cert_ku[i] = 0
Tue Mar 24 06:17:37 2015 us=758582 remote_cert_ku[i] = 0
Tue Mar 24 06:17:37 2015 us=758615 remote_cert_ku[i] = 0
Tue Mar 24 06:17:37 2015 us=758647 remote_cert_ku[i] = 0
Tue Mar 24 06:17:37 2015 us=758679 remote_cert_ku[i] = 0
Tue Mar 24 06:17:37 2015 us=758712 remote_cert_ku[i] = 0
Tue Mar 24 06:17:37 2015 us=758744 remote_cert_eku = 'TLS Web Client Authentication'
Tue Mar 24 06:17:37 2015 us=758778 ssl_flags = 0
Tue Mar 24 06:17:37 2015 us=758814 tls_timeout = 2
Tue Mar 24 06:17:37 2015 us=758847 renegotiate_bytes = 0
Tue Mar 24 06:17:37 2015 us=758879 renegotiate_packets = 0
Tue Mar 24 06:17:37 2015 us=758911 renegotiate_seconds = 3600
Tue Mar 24 06:17:37 2015 us=758944 handshake_window = 60
Tue Mar 24 06:17:37 2015 us=758976 transition_window = 3600
Tue Mar 24 06:17:37 2015 us=759008 single_session = DISABLED
Tue Mar 24 06:17:37 2015 us=759045 push_peer_info = DISABLED
Tue Mar 24 06:17:37 2015 us=759078 tls_exit = DISABLED
Tue Mar 24 06:17:37 2015 us=759112 tls_auth_file = '[UNDEF]'
Tue Mar 24 06:17:37 2015 us=759144 pkcs11_protected_authentication = DISABLED
Tue Mar 24 06:17:37 2015 us=759177 pkcs11_protected_authentication = DISABLED
Tue Mar 24 06:17:37 2015 us=759210 pkcs11_protected_authentication = DISABLED
Tue Mar 24 06:17:37 2015 us=759243 pkcs11_protected_authentication = DISABLED
Tue Mar 24 06:17:37 2015 us=759277 pkcs11_protected_authentication = DISABLED
Tue Mar 24 06:17:37 2015 us=759310 pkcs11_protected_authentication = DISABLED
Tue Mar 24 06:17:37 2015 us=759349 pkcs11_protected_authentication = DISABLED
Tue Mar 24 06:17:37 2015 us=759383 pkcs11_protected_authentication = DISABLED
Tue Mar 24 06:17:37 2015 us=759416 pkcs11_protected_authentication = DISABLED
Tue Mar 24 06:17:37 2015 us=759449 pkcs11_protected_authentication = DISABLED
Tue Mar 24 06:17:37 2015 us=759482 pkcs11_protected_authentication = DISABLED
Tue Mar 24 06:17:37 2015 us=759514 pkcs11_protected_authentication = DISABLED
Tue Mar 24 06:17:37 2015 us=759547 pkcs11_protected_authentication = DISABLED
Tue Mar 24 06:17:37 2015 us=759580 pkcs11_protected_authentication = DISABLED
Tue Mar 24 06:17:37 2015 us=759613 pkcs11_protected_authentication = DISABLED
Tue Mar 24 06:17:37 2015 us=759646 pkcs11_protected_authentication = DISABLED
Tue Mar 24 06:17:37 2015 us=759680 pkcs11_private_mode = 00000000
Tue Mar 24 06:17:37 2015 us=759713 pkcs11_private_mode = 00000000
Tue Mar 24 06:17:37 2015 us=759746 pkcs11_private_mode = 00000000
Tue Mar 24 06:17:37 2015 us=759779 pkcs11_private_mode = 00000000
Tue Mar 24 06:17:37 2015 us=759812 pkcs11_private_mode = 00000000
Tue Mar 24 06:17:37 2015 us=759851 pkcs11_private_mode = 00000000
Tue Mar 24 06:17:37 2015 us=759885 pkcs11_private_mode = 00000000
Tue Mar 24 06:17:37 2015 us=759917 pkcs11_private_mode = 00000000
Tue Mar 24 06:17:37 2015 us=759950 pkcs11_private_mode = 00000000
Tue Mar 24 06:17:37 2015 us=759984 pkcs11_private_mode = 00000000
Tue Mar 24 06:17:37 2015 us=760016 pkcs11_private_mode = 00000000
Tue Mar 24 06:17:37 2015 us=760049 pkcs11_private_mode = 00000000
Tue Mar 24 06:17:37 2015 us=760081 pkcs11_private_mode = 00000000
Tue Mar 24 06:17:37 2015 us=760113 pkcs11_private_mode = 00000000
Tue Mar 24 06:17:37 2015 us=760146 pkcs11_private_mode = 00000000
Tue Mar 24 06:17:37 2015 us=760178 pkcs11_private_mode = 00000000
Tue Mar 24 06:17:37 2015 us=760210 pkcs11_cert_private = DISABLED
Tue Mar 24 06:17:37 2015 us=760242 pkcs11_cert_private = DISABLED
Tue Mar 24 06:17:37 2015 us=760274 pkcs11_cert_private = DISABLED
Tue Mar 24 06:17:37 2015 us=760306 pkcs11_cert_private = DISABLED
Tue Mar 24 06:17:37 2015 us=760345 pkcs11_cert_private = DISABLED
Tue Mar 24 06:17:37 2015 us=760379 pkcs11_cert_private = DISABLED
Tue Mar 24 06:17:37 2015 us=760412 pkcs11_cert_private = DISABLED
Tue Mar 24 06:17:37 2015 us=760445 pkcs11_cert_private = DISABLED
Tue Mar 24 06:17:37 2015 us=760477 pkcs11_cert_private = DISABLED
Tue Mar 24 06:17:37 2015 us=760509 pkcs11_cert_private = DISABLED
Tue Mar 24 06:17:37 2015 us=760542 pkcs11_cert_private = DISABLED
Tue Mar 24 06:17:37 2015 us=760574 pkcs11_cert_private = DISABLED
Tue Mar 24 06:17:37 2015 us=760607 pkcs11_cert_private = DISABLED
Tue Mar 24 06:17:37 2015 us=760639 pkcs11_cert_private = DISABLED
Tue Mar 24 06:17:37 2015 us=760672 pkcs11_cert_private = DISABLED
Tue Mar 24 06:17:37 2015 us=760704 pkcs11_cert_private = DISABLED
Tue Mar 24 06:17:37 2015 us=760736 pkcs11_pin_cache_period = -1
Tue Mar 24 06:17:37 2015 us=760773 pkcs11_id = '[UNDEF]'
Tue Mar 24 06:17:37 2015 us=760806 pkcs11_id_management = DISABLED
Tue Mar 24 06:17:37 2015 us=760840 server_network = 10.250.0.0
Tue Mar 24 06:17:37 2015 us=760874 server_netmask = 255.255.255.128
Tue Mar 24 06:17:37 2015 us=760938 server_network_ipv6 = ::
Tue Mar 24 06:17:37 2015 us=760973 server_netbits_ipv6 = 0
Tue Mar 24 06:17:37 2015 us=761007 server_bridge_ip = 0.0.0.0
Tue Mar 24 06:17:37 2015 us=761041 server_bridge_netmask = 0.0.0.0
Tue Mar 24 06:17:37 2015 us=761074 server_bridge_pool_start = 0.0.0.0
Tue Mar 24 06:17:37 2015 us=761107 server_bridge_pool_end = 0.0.0.0
Tue Mar 24 06:17:37 2015 us=761140 push_entry = 'route 10.250.0.1'
Tue Mar 24 06:17:37 2015 us=761173 push_entry = 'topology net30'
Tue Mar 24 06:17:37 2015 us=761206 push_entry = 'ping 20'
Tue Mar 24 06:17:37 2015 us=761238 push_entry = 'ping-restart 61'
Tue Mar 24 06:17:37 2015 us=761291 ifconfig_pool_defined = ENABLED
Tue Mar 24 06:17:37 2015 us=761332 ifconfig_pool_start = 10.250.0.4
Tue Mar 24 06:17:37 2015 us=761369 ifconfig_pool_end = 10.250.0.123
Tue Mar 24 06:17:37 2015 us=761403 ifconfig_pool_netmask = 0.0.0.0
Tue Mar 24 06:17:37 2015 us=761436 ifconfig_pool_persist_filename = '[UNDEF]'
Tue Mar 24 06:17:37 2015 us=761481 ifconfig_pool_persist_refresh_freq = 600
Tue Mar 24 06:17:37 2015 us=761524 ifconfig_ipv6_pool_defined = DISABLED
Tue Mar 24 06:17:37 2015 us=761558 ifconfig_ipv6_pool_base = ::
Tue Mar 24 06:17:37 2015 us=761591 ifconfig_ipv6_pool_netbits = 0
Tue Mar 24 06:17:37 2015 us=761625 n_bcast_buf = 256
Tue Mar 24 06:17:37 2015 us=761677 tcp_queue_limit = 64
Tue Mar 24 06:17:37 2015 us=761712 real_hash_size = 256
Tue Mar 24 06:17:37 2015 us=761745 virtual_hash_size = 256
Tue Mar 24 06:17:37 2015 us=761787 client_connect_script = '[UNDEF]'
Tue Mar 24 06:17:37 2015 us=761821 learn_address_script = '[UNDEF]'
Tue Mar 24 06:17:37 2015 us=761854 client_disconnect_script = '[UNDEF]'
Tue Mar 24 06:17:37 2015 us=761886 client_config_dir = '/etc/ovpnccd/c3entry'
Tue Mar 24 06:17:37 2015 us=761919 ccd_exclusive = DISABLED
Tue Mar 24 06:17:37 2015 us=761952 tmp_dir = '/tmp'
Tue Mar 24 06:17:37 2015 us=761991 push_ifconfig_defined = DISABLED
Tue Mar 24 06:17:37 2015 us=762026 push_ifconfig_local = 0.0.0.0
Tue Mar 24 06:17:37 2015 us=762060 push_ifconfig_remote_netmask = 0.0.0.0
Tue Mar 24 06:17:37 2015 us=762093 push_ifconfig_ipv6_defined = DISABLED
Tue Mar 24 06:17:37 2015 us=762127 push_ifconfig_ipv6_local = ::/0
Tue Mar 24 06:17:37 2015 us=762160 push_ifconfig_ipv6_remote = ::
Tue Mar 24 06:17:37 2015 us=762193 enable_c2c = DISABLED
Tue Mar 24 06:17:37 2015 us=762226 duplicate_cn = DISABLED
Tue Mar 24 06:17:37 2015 us=762258 cf_max = 0
Tue Mar 24 06:17:37 2015 us=762291 cf_per = 0
Tue Mar 24 06:17:37 2015 us=762323 max_clients = 1024
Tue Mar 24 06:17:37 2015 us=762366 max_routes_per_client = 256
Tue Mar 24 06:17:37 2015 us=762400 auth_user_pass_verify_script = '[UNDEF]'
Tue Mar 24 06:17:37 2015 us=762433 auth_user_pass_verify_script_via_file = DISABLED
Tue Mar 24 06:17:37 2015 us=762476 port_share_host = '[UNDEF]'
Tue Mar 24 06:17:37 2015 us=762511 port_share_port = 0
Tue Mar 24 06:17:37 2015 us=762544 client = DISABLED
Tue Mar 24 06:17:37 2015 us=762577 pull = DISABLED
Tue Mar 24 06:17:37 2015 us=762609 auth_user_pass_file = '[UNDEF]'
Tue Mar 24 06:17:37 2015 us=762647 OpenVPN 2.3.2 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [IPv6] built on Dec 2 2014
Tue Mar 24 06:17:37 2015 us=767959 Diffie-Hellman initialized with 2048 bit key
Tue Mar 24 06:17:37 2015 us=768286 TLS-Auth MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Tue Mar 24 06:17:37 2015 us=768347 Socket Buffers: R=[212992->131072] S=[212992->131072]
Tue Mar 24 06:17:37 2015 us=768489 ROUTE_GATEWAY 10.240.0.1
Tue Mar 24 06:17:37 2015 us=769176 TUN/TAP device tun16 opened
Tue Mar 24 06:17:37 2015 us=769233 TUN/TAP TX queue length set to 100
Tue Mar 24 06:17:37 2015 us=769294 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Tue Mar 24 06:17:37 2015 us=769344 /sbin/ip link set dev tun16 up mtu 1500
Tue Mar 24 06:17:37 2015 us=770554 /sbin/ip addr add dev tun16 local 10.250.0.1 peer 10.250.0.2
Tue Mar 24 06:17:37 2015 us=772087 /sbin/ip route add 10.250.0.0/25 via 10.250.0.2
Tue Mar 24 06:17:37 2015 us=773057 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Tue Mar 24 06:17:37 2015 us=773546 GID set to nogroup
Tue Mar 24 06:17:37 2015 us=773561 UID set to nobody
Tue Mar 24 06:17:37 2015 us=773568 UDPv4 link local (bound): [undef]
Tue Mar 24 06:17:37 2015 us=773572 UDPv4 link remote: [undef]
Tue Mar 24 06:17:37 2015 us=773579 MULTI: multi_init called, r=256 v=256
Tue Mar 24 06:17:37 2015 us=773600 IFCONFIG POOL: base=10.250.0.4 size=30, ipv6=0
Tue Mar 24 06:17:37 2015 us=773616 Initialization Sequence Completed
Tue Mar 24 06:18:09 2015 us=666929 MULTI: multi_create_instance called
Tue Mar 24 06:18:09 2015 us=667005 1.2.3.4:44021 Re-using SSL/TLS context
Tue Mar 24 06:18:09 2015 us=667059 1.2.3.4:44021 LZO compression initialized
Tue Mar 24 06:18:09 2015 us=667181 1.2.3.4:44021 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Tue Mar 24 06:18:09 2015 us=667191 1.2.3.4:44021 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Tue Mar 24 06:18:09 2015 us=667529 1.2.3.4:44021 Local Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Tue Mar 24 06:18:09 2015 us=667551 1.2.3.4:44021 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Tue Mar 24 06:18:09 2015 us=667577 1.2.3.4:44021 Local Options hash (VER=V4): '530fdded'
Tue Mar 24 06:18:09 2015 us=667586 1.2.3.4:44021 Expected Remote Options hash (VER=V4): '41690919'
Tue Mar 24 06:18:09 2015 us=667617 1.2.3.4:44021 TLS: Initial packet from [AF_INET]1.2.3.4:44021, sid=1457376b 5061ac00
Tue Mar 24 06:18:10 2015 us=791961 1.2.3.4:44021 VERIFY OK: depth=1, C=US, CN=IP:1.2.3.4
Tue Mar 24 06:18:10 2015 us=792089 1.2.3.4:44021 Validating certificate key usage
Tue Mar 24 06:18:10 2015 us=792097 1.2.3.4:44021 ++ Certificate has key usage 0080, expects 0080
Tue Mar 24 06:18:10 2015 us=792101 1.2.3.4:44021 VERIFY KU OK
Tue Mar 24 06:18:10 2015 us=792107 1.2.3.4:44021 Validating certificate extended key usage
Tue Mar 24 06:18:10 2015 us=792113 1.2.3.4:44021 ++ Certificate has EKU (str) TLS Web Client Authentication, expects TLS Web Client Authentication
Tue Mar 24 06:18:10 2015 us=792117 1.2.3.4:44021 VERIFY EKU OK
Tue Mar 24 06:18:10 2015 us=792120 1.2.3.4:44021 VERIFY OK: depth=0, C=US, CN=gngsm
Tue Mar 24 06:18:10 2015 us=851231 1.2.3.4:44021 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Mar 24 06:18:10 2015 us=851425 1.2.3.4:44021 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Mar 24 06:18:10 2015 us=851565 1.2.3.4:44021 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Mar 24 06:18:10 2015 us=851663 1.2.3.4:44021 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Mar 24 06:18:10 2015 us=915567 1.2.3.4:44021 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Tue Mar 24 06:18:10 2015 us=915727 1.2.3.4:44021 [gngsm] Peer Connection Initiated with [AF_INET]1.2.3.4:44021
Tue Mar 24 06:18:10 2015 us=915871 gngsm/1.2.3.4:44021 OPTIONS IMPORT: reading client specific options from: /etc/ovpnccd/c3entry/DEFAULT
Tue Mar 24 06:18:10 2015 us=916034 gngsm/1.2.3.4:44021 MULTI_sva: pool returned IPv4=10.250.0.6, IPv6=(Not enabled)
Tue Mar 24 06:18:10 2015 us=916162 gngsm/1.2.3.4:44021 MULTI: Learn: 10.250.0.6 -> gngsm/1.2.3.4:44021
Tue Mar 24 06:18:10 2015 us=916258 gngsm/1.2.3.4:44021 MULTI: primary virtual IP for gngsm/1.2.3.4:44021: 10.250.0.6
Tue Mar 24 06:18:11 2015 us=922415 gngsm/1.2.3.4:44021 PUSH: Received control message: 'PUSH_REQUEST'
Tue Mar 24 06:18:11 2015 us=922449 gngsm/1.2.3.4:44021 send_push_reply(): safe_cap=940
Tue Mar 24 06:18:11 2015 us=922470 gngsm/1.2.3.4:44021 SENT CONTROL [gngsm]: 'PUSH_REPLY,route 10.250.0.1,topology net30,ping 20,ping-restart 61,redirect-gateway def1,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,ifconfig 10.250.0.6 10.250.0.5' (status=1)

vpn2vpn wrote:I did post those yesterday, but apparently the bulletin board ignores multiple postings.

Sorry about that .. I did not review your post completely

This is troubling:

vpn2vpn wrote:the ip route show routing table isn't modified by OpenVPN Connect, so I can't use regular openvpn tricks

if the routing table is not modified then this:

vpn2vpn wrote:Tue Mar 24 06:18:11 2015 us=922470 gngsm/1.2.3.4:44021 SENT CONTROL [gngsm]: 'PUSH_REPLY,route 10.250.0.1,topology net30,ping 20,ping-restart 61,redirect-gateway def1,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,ifconfig 10.250.0.6 10.250.0.5' (status=1)'

is not going to work ..

Please post your client routing table and log after connection.

Be aware that OpenVPN Connect uses Android vpn api.

If you have a model server config that works with OpenVPN Connect client, that might be just what I need.

Here's the info:

The routing table change is the one tun0 line added when VPN active:

default via 192.168.1.5 dev wlan0
10.250.0.12/30 dev tun0 proto kernel scope link src 10.250.0.14
192.168.1.0/24 dev wlan0 scope link
192.168.1.0/24 dev wlan0 proto kernel scope link src 192.168.1.143
192.168.1.5 dev wlan0 scope link

Here's the OpenVPN Connect log from logcat:

D/PrefUtil( 3146): set_string: profile='1.2.3.4 [c3entrycn5a]'
D/PrefUtil( 3146): get_boolean: auto_keyboard=true
D/PrefUtil( 3146): get_string: vpn_proto='adaptive'
D/PrefUtil( 3146): get_string: conn_timeout='0'
D/PrefUtil( 3146): get_string: compression_mode='yes'
D/PrefUtil( 3146): get_boolean: expand_stats=false
D/OpenVPNService( 3146): SERV: client attach n_clients=1
D/OpenVPNClientBase( 3146): CLI: submitConnectIntent: 1.2.3.4 [c3entrycn5a]
D/OpenVPNService( 3146): SERV: onStartCommand action=net.openvpn.openvpn.CONNECT
D/OpenVPNService( 3146): SERV: profile file len=8083
D/PrefUtil( 3146): get_boolean: enable_notifications=true
D/PrefUtil( 3146): get_boolean: tun_persist=true
I/OpenVPNService( 3146): Seamless Tunnel disabled for KitKat 4.4 - 4.4.2
D/PrefUtil( 3146): get_boolean: google_dns_fallback=true
D/PrefUtil( 3146): get_boolean: force_aes_cbc_ciphersuites=true
I/OpenVPNService( 3146): SERV: CONNECT prof=1.2.3.4 [c3entrycn5a] user=null proxy=undef serv=null proto=adaptive to=0 resp=null epki_alias=null comp=yes
D/PrefUtil( 3146): set_string: autostart_profile_name='1.2.3.4 [c3entrycn5a]'
I/OpenVPNService( 3146): EVENT: CORE_THREAD_ACTIVE
D/PrefUtil( 3146): set_string: profile='1.2.3.4 [c3entrycn5a]'
D/PrefUtil( 3146): get_boolean: auto_keyboard=true
D/OpenVPNService( 3146): SOCKET PROTECT: fd=50 protected status=true
I/OpenVPNService( 3146): LOG: UNUSED OPTIONS
I/OpenVPNService( 3146): 1 [pull]
I/OpenVPNService( 3146): 2 [tls-client]
I/OpenVPNService( 3146): 7 [persist-key]
I/OpenVPNService( 3146): 8 [persist-tun]
I/OpenVPNService( 3146): 10 [resolv-retry] [infinite]
I/OpenVPNService( 3146): 11 [nobind]
I/OpenVPNService( 3146): 12 [keepalive] [10] [60]
I/OpenVPNService( 3146): 13 [explicit-exit-notify] [3]
I/OpenVPNService( 3146): 15 [verb] [3]
I/OpenVPNService( 3146):
I/OpenVPNService( 3146): LOG: LZO-ASYM init swap=0 asym=0
I/OpenVPNService( 3146): EVENT: RESOLVE
I/OpenVPNService( 3146): LOG: Contacting 1.2.3.4:1235 via UDP
I/OpenVPNService( 3146): EVENT: WAIT
I/OpenVPNService( 3146): LOG: Connecting to 1.2.3.4:1235 (1.2.3.4) via UDPv4
I/OpenVPNService( 3146): EVENT: CONNECTING
I/OpenVPNService( 3146): LOG: Tunnel Options:V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client
I/OpenVPNService( 3146): LOG: Peer Info:
I/OpenVPNService( 3146): IV_GUI_VER=net.openvpn.connect.android 1.1.14-56
I/OpenVPNService( 3146): IV_VER=3.0
I/OpenVPNService( 3146): IV_PLAT=android
I/OpenVPNService( 3146): IV_NCP=1
I/OpenVPNService( 3146): IV_LZO=1
I/OpenVPNService( 3146):
I/OpenVPNService( 3146): LOG: VERIFY OK: depth=1
I/OpenVPNService( 3146): cert. version : 3
I/OpenVPNService( 3146): serial number : 86:8D:BC:62:62:A5:FB:3A
I/OpenVPNService( 3146): issuer name : C=US, CN=IP:1.2.3.4
I/OpenVPNService( 3146): subject name : C=US, CN=IP:1.2.3.4
I/OpenVPNService( 3146): issued on : 2015-01-06 04:03:30
I/OpenVPNService( 3146): expires on : 2025-01-03 04:03:30
I/OpenVPNService( 3146): signed using : RSA with SHA-256
I/OpenVPNService( 3146): RSA key size : 2048 bits
I/OpenVPNService( 3146): basic constraints : CA=true
I/OpenVPNService( 3146):
I/OpenVPNService( 3146): LOG: VERIFY OK: depth=0
I/OpenVPNService( 3146): cert. version : 3
I/OpenVPNService( 3146): serial number : 01
I/OpenVPNService( 3146): issuer name : C=US, CN=IP:1.2.3.4
I/OpenVPNService( 3146): subject name : C=US, CN=n10
I/OpenVPNService( 3146): issued on : 2015-01-06 04:03:52
I/OpenVPNService( 3146): expires on : 2025-01-03 04:03:52
I/OpenVPNService( 3146): signed using : RSA with SHA-256
I/OpenVPNService( 3146): RSA key size : 2048 bits
I/OpenVPNService( 3146): basic constraints : CA=false
I/OpenVPNService( 3146): subject alt name : c3
I/OpenVPNService( 3146): cert. type : SSL Server
I/OpenVPNService( 3146): key usage : Digital Signature, Key Encipherment
I/OpenVPNService( 3146): ext key usage : TLS Web Server Authentication
I/OpenVPNService( 3146):
I/OpenVPNService( 3146): LOG: SSL Handshake: TLSv1.0/TLS-DHE-RSA-WITH-AES-256-CBC-SHA
I/OpenVPNService( 3146): LOG: Session is ACTIVE
I/OpenVPNService( 3146): EVENT: GET_CONFIG
I/OpenVPNService( 3146): LOG: Sending PUSH_REQUEST to server...
D/OpenVPNService( 3146): BUILDER: add_address 10.250.0.14/30 10.250.0.13 ipv6=false net30=true
D/OpenVPNService( 3146): BUILDER: reroute_gw ipv4=true ipv6=false flags=275
D/OpenVPNService( 3146): BUILDER: add_dns_server 8.8.8.8 ipv6=false
D/OpenVPNService( 3146): BUILDER: add_dns_server 8.8.4.4 ipv6=false
D/OpenVPNService( 3146): BUILDER: set_remote_address 1.2.3.4 ipv6=false
D/OpenVPNService( 3146): BUILDER: set_session_name 1.2.3.4
D/OpenVPNService( 3146): BUILDER: establish
D/Vpn ( 1862): setting state=CONNECTING, reason=establish
D/VpnJni ( 1862): Address added on tun0: 10.250.0.14/30
I/OpenVPNService( 3146): LOG: OPTIONS:
I/OpenVPNService( 3146): 0 [route] [10.250.0.1]
I/OpenVPNService( 3146): 1 [topology] [net30]
I/OpenVPNService( 3146): 2 [ping] [20]
I/OpenVPNService( 3146): 3 [ping-restart] [61]
I/OpenVPNService( 3146): 4 [redirect-gateway] [def1]
I/OpenVPNService( 3146): 5 [dhcp-option] [DNS] [8.8.8.8]
I/OpenVPNService( 3146): 6 [dhcp-option] [DNS] [8.8.4.4]
I/OpenVPNService( 3146): 7 [ifconfig] [10.250.0.14] [10.250.0.13]
I/OpenVPNService( 3146):
I/OpenVPNService( 3146): LOG: LZO-ASYM init swap=0 asym=0
I/OpenVPNService( 3146): EVENT: ASSIGN_IP
I/ip6tables( 1352): ip6tables v1.4.11.1: can't initialize ip6tables table `nat': Table does not exist (do you need to insmod?)
I/ip6tables( 1352): Perhaps ip6tables or your kernel needs to be upgraded.
I/ip6tables( 1352): ip6tables terminated by exit(3)
E/Netd ( 1352): exec() res=0, status=768 for /system/bin/ip6tables -t nat -A st_nat_POSTROUTING -o tun0 -m mark --mark 61 -j MASQUERADE
I/Vpn ( 1862): Established by net.openvpn.openvpn on tun0
D/Vpn ( 1862): setting state=AUTHENTICATING, reason=establish
I/OpenVPNService( 3146): LOG: Connected via tun
I/OpenVPNService( 3146): EVENT: CONNECTED info='@1.2.3.4:1235 (1.2.3.4) via /UDPv4 on tun/10.250.0.14/' trans=TO_CONNECTED
D/PrefUtil( 3146): get_boolean: expand_stats=false

What is your server LAN IP ? (eg. 192.168.?.?)

I edited it to be 1.2.3.4. Just some public ip.

I did also verify that there is something up with Android. With a regular Wi-Fi connection that loses upstream connectivity for a couple of hours (ap still good), when it comes back, for a specific app: routing to some ip work, another gets timeout. Despite that I can prove that both ips are reachable from Terminal Emulator and other apps. routing table looks pristine. I have this in a broken state and plan to run a bit of tcpdump on it.

Fact remains, when using OpenVPN Connect, that uses the Android vpn api, some apps refuse to be routed through the vpn. Including Google developed preloads.

Other apps work most of the time, but do need a restart when they get stuck about every 48 hours.

The only thing that always works as expected is wget, ie. Linux command line.

or

the vpn server:
public is 1.2.3.4
as vpn host on its tun interface 10.250.0.1
and the vpn servers default gateway to the Internets (it's nated) is 10.240.0.1

I am not sure if you are also providing help here but my conclusions are these:

1. On Android, many apps do not get routed through the vpn
1.1 This might be caused by the use of Android vpn api or even Android itself
2. OpenVPN Connect can only have one single vpn connection at a time
2.1 This is caused by the use of Android vpn api
3. OpenVPN Connect has the problem that it hangs on change of default gateway that is caused by persist-tun
3.1 This is problem everywhere but unavoidable on mobiles like laptops and phones.
3.2 This is probably fixable by simply removing persist-tun
4. It is trouble to maintain an OpenVPN connection for several days
5. If you cannot control the vpn server, you are forced to use OpenVPN Connect/Android vpn api for server certificates larger than 1 KiB, or so.

Some of this is not possible to resolve.

You guys could publish server and client configurations for a connection your were able to maintain over WAN for 1 week.

Traffic wrote:What is your server LAN IP ? (eg. 192.168.?.?)

vpn2vpn wrote:I edited it to be 1.2.3.4. Just some public ip.

vpn2vpn wrote:Tue Mar 24 06:18:11 2015 us=922470 gngsm/1.2.3.4:44021 SENT CONTROL [gngsm]: 'PUSH_REPLY,route 10.250.0.1,topology net30,ping 20,ping-restart 61,redirect-gateway def1,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,ifconfig 10.250.0.6 10.250.0.5' (status=1)
Tue Mar 24 06:18:15 2015 us=274240 gngsm/1.2.3.4:44021 MULTI: bad source address from client [192.168.1.138], packet dropped

• NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x. Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.

possibly ..

Thanks,

That's not it. that .138 packet is an app that was running before the vpn was started. Initially before the app understands it now has a new ip, its packets will enter the vpn tunnel and come out where they can't be routed. It is not a problem.

The vpn server's internal (routed to) ip on subnet 10.250.0.0. Those other subnets are points of access.

These problems are caused by OpenVPN Connect. OpenVPN for Android works fine.

• Some packets forwarded from another interface inbound to the client on the openvpn connection are sent back out with the source ip unchanged. This leads to martial source kernel messages on the OpenVPN server Linux host.
• Some Android apps fail to communicate like there is no Internet at all.
  • Some of those apps are Google-made pre-loads that are difficult to relaunch.
  • Apps that can be relaunched generally can be made to work.
  • Some apps initially fails but start to work after a few seconds, which may indicate routing problems.
  • Certain apps fail in a corrupt way, ie. claims to have a server connection when not a single packet is emitted.
• If OpenVPN Connect is launched and terminated, net.openvpn.openvpn is still running per ps, and later dns breaks from what appears to be servers removed. killall openvpn seems to be the way to go.

A guess is that OpenVPN Connect uses some sophisticated features not working or present on all Android builds. The app remaining in the background is questionable.

Next, I will spend some time to determine if OpenVPN for Android is reliable.

Unfortunately OpenVPN for Android broken, too. It's probably an Android vpn api bug.

So I did a silly test, on the Android I did:
nping --tcp-connect --count 1 --dest-port 80 --source-port 2928 144.76.73.242
abusing someone's public http server.
- This does a single tcp connect, 6 packets, 3 in each direction.
- The port number 2928, nobody else is using, so iptables LOG works like a charm filtering out just the good stuff.
- the vpn connection is udp.

BUG:
The last packet, an ACK from client to server IS SENT OUTSIDE OF THE VPN TUNNEL. This Frankenstein packet has the vpn client's source private ip, uses tcp protocol instead of udp, and is addresses to 144.76.73.242 instead of the vpn server. This fails at the VPN server with martian source logging. BUGBUGBUG!

I am using the Android 4.4.4 which is feature-upgraded to 4.5 or 4.6 like Google likes to do.

Here's where people who know can help: is this a known problem with Android or OpenVPN?

There's not much I could have gotten wrong here, This is a buggy bug.