OpenVPN server can't reach clients

Need help configuring your VPN? Just post here and you'll get that help.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
viperman1271
OpenVpn Newbie
Posts: 3
Joined: Fri Dec 30, 2016 12:53 am

OpenVPN server can't reach clients

Post by viperman1271 » Fri Dec 30, 2016 1:13 am

I'm trying to setup a simple VPN server setup. I have my server setup on a VPS, and several clients.

Currently I can connect to the server with several clients. I am able to ping the server, from all of the clients, and I can ping the clients from one another as well.

All of my internet traffic passes through the VPN server, as desired.

The last part, is I can't seem to figure out how to get the server to be able to ping/access the clients.

I should note that my server is running Linux CentOS 6.3, while my example client is Windows 10.

client.ovpn
client
client
dev tun
proto udp

# Server IP and Port
remote $SERVER$ 1194

resolv-retry infinite
nobind

persist-key
persist-tun

mute-replay-warnings

# Certificates
ca ca.crt
cert client1.crt
key client1.key

ns-cert-type server

script-security 2

# Cryptographic cipher.
cipher AES-256-CBC

# Authentication
auth-user-pass
auth-nocache
server.conf
server
port 1194

# TCP or UDP
;proto tcp
proto udp

# Routed IP Tunnel (TUN) or Ethernet Bridge (TAP)
;dev tap
dev tun

# Certificate information
ca /etc/openvpn/ssl/ca.crt
cert /etc/openvpn/ssl/server.crt
key /etc/openvpn/ssl/server.key # This file should be kept secret

# Diffie hellman parameters.
dh /etc/openvpn/ssl/dh2048.pem

# Network topology
topology subnet

# Configure server mode and supply a VPN subnet
server 10.8.0.0 255.255.255.0
ifconfig 10.8.0.1 10.8.0.2

ifconfig-pool-persist ipp.txt

push "redirect-gateway def1 bypass-dhcp"

# Certain Windows-specific network settings
# pushed to the clients
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"

# Some routing stuff
push "route 10.8.0.1 255.255.255.255"
push "route 10.8.0.0 255.255.255.0"
#push "route 104.168.151.129 255.255.255.255"
route 10.8.0.0 255.255.255.255
route 10.8.0.0 255.255.255.0
client-to-client

# The keepalive directive validates clients
# are still alive
keepalive 10 120

# Cryptographic cipher.
cipher AES-256-CBC

# Enable compression on the VPN link
;compress lz4-v2
;push "compress lz4-v2"

max-clients 100

# Reduce daemon's privelages after initialization
user nobody
group nobody

persist-key
persist-tun

# Logging
status status.log
log-append openvpn.log

# Authentication
plugin /usr/lib64/openvpn/plugin/lib/openvpn-auth-pam.so openvpn

# Enable management console
management localhost 7505
client routing table

Code: Select all

Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1     192.168.0.19     25
          0.0.0.0        128.0.0.0         10.8.0.1         10.8.0.2     20
         10.8.0.0    255.255.255.0         On-link          10.8.0.2    276
         10.8.0.0    255.255.255.0         10.8.0.1         10.8.0.2     20
         10.8.0.1  255.255.255.255         10.8.0.1         10.8.0.2     20
         10.8.0.2  255.255.255.255         On-link          10.8.0.2    276
       10.8.0.255  255.255.255.255         On-link          10.8.0.2    276
server routing table

Code: Select all

 route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
10.8.0.0        10.8.0.2        255.255.255.255 UGH   0      0        0 tun0
10.8.0.0        0.0.0.0         255.255.255.0   U     0      0        0 tun0
169.254.0.0     0.0.0.0         255.255.0.0     U     1002   0        0 venet0
0.0.0.0         0.0.0.0         0.0.0.0         U     0      0        0 venet0
client to server ping

Code: Select all

Pinging 10.8.0.1 with 32 bytes of data:
Reply from 10.8.0.1: bytes=32 time=140ms TTL=64
Reply from 10.8.0.1: bytes=32 time=110ms TTL=64
Reply from 10.8.0.1: bytes=32 time=99ms TTL=64
Reply from 10.8.0.1: bytes=32 time=84ms TTL=64

Ping statistics for 10.8.0.1:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 84ms, Maximum = 140ms, Average = 108ms
server to client ping

Code: Select all

ping -c4 10.8.0.2
PING 10.8.0.2 (10.8.0.2) 56(84) bytes of data.

--- 10.8.0.2 ping statistics ---
4 packets transmitted, 0 received, 100% packet loss, time 13000ms
tcpdump -i tun0 @ server

Code: Select all

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on tun0, link-type RAW (Raw IP), capture size 65535 bytes
20:05:44.624473 IP 10.8.0.1 > 10.8.0.2: ICMP echo request, id 44598, seq 1, length 64
20:05:45.624916 IP 10.8.0.1 > 10.8.0.2: ICMP echo request, id 44598, seq 2, length 64
20:05:46.625173 IP 10.8.0.1 > 10.8.0.2: ICMP echo request, id 44598, seq 3, length 64
20:05:47.624965 IP 10.8.0.1 > 10.8.0.2: ICMP echo request, id 44598, seq 4, length 64
I've looked in the forum, and I haven't seen anything that helps me solve this issue. Google yielded no better result.

Apologies if I've forgotten something, or been a noob and didn't post this correctly.

Thanks in advance for any assistance!

*EDIT* Forgot to add my version
OpenVPN 2.3.14 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Dec 7 2016
Top
TinCanTech
OpenVPN Protagonist
Posts: 11139
Joined: Fri Jun 03, 2016 1:17 pm

Re: OpenVPN server can't reach clients

Post by TinCanTech » Fri Dec 30, 2016 1:21 am

Server & client log files at --verb 4 please.

See --log & --verb in The Manual v23x
Top
viperman1271
OpenVpn Newbie
Posts: 3
Joined: Fri Dec 30, 2016 12:53 am

Re: OpenVPN server can't reach clients

Post by viperman1271 » Fri Dec 30, 2016 1:29 am

client log

Code: Select all

Thu Dec 29 20:23:48 2016   pkcs11_protected_authentication = DISABLED
Thu Dec 29 20:23:48 2016   pkcs11_protected_authentication = DISABLED
Thu Dec 29 20:23:48 2016   pkcs11_private_mode = 00000000
Thu Dec 29 20:23:48 2016   pkcs11_private_mode = 00000000
Thu Dec 29 20:23:48 2016   pkcs11_private_mode = 00000000
Thu Dec 29 20:23:48 2016   pkcs11_private_mode = 00000000
Thu Dec 29 20:23:48 2016   pkcs11_private_mode = 00000000
Thu Dec 29 20:23:48 2016   pkcs11_private_mode = 00000000
Thu Dec 29 20:23:48 2016   pkcs11_private_mode = 00000000
Thu Dec 29 20:23:48 2016   pkcs11_private_mode = 00000000
Thu Dec 29 20:23:48 2016   pkcs11_private_mode = 00000000
Thu Dec 29 20:23:48 2016   pkcs11_private_mode = 00000000
Thu Dec 29 20:23:48 2016   pkcs11_private_mode = 00000000
Thu Dec 29 20:23:48 2016   pkcs11_private_mode = 00000000
Thu Dec 29 20:23:48 2016   pkcs11_private_mode = 00000000
Thu Dec 29 20:23:48 2016   pkcs11_private_mode = 00000000
Thu Dec 29 20:23:48 2016   pkcs11_private_mode = 00000000
Thu Dec 29 20:23:48 2016   pkcs11_private_mode = 00000000
Thu Dec 29 20:23:48 2016   pkcs11_cert_private = DISABLED
Thu Dec 29 20:23:48 2016   pkcs11_cert_private = DISABLED
Thu Dec 29 20:23:48 2016   pkcs11_cert_private = DISABLED
Thu Dec 29 20:23:48 2016   pkcs11_cert_private = DISABLED
Thu Dec 29 20:23:48 2016   pkcs11_cert_private = DISABLED
Thu Dec 29 20:23:48 2016   pkcs11_cert_private = DISABLED
Thu Dec 29 20:23:48 2016   pkcs11_cert_private = DISABLED
Thu Dec 29 20:23:48 2016   pkcs11_cert_private = DISABLED
Thu Dec 29 20:23:48 2016   pkcs11_cert_private = DISABLED
Thu Dec 29 20:23:48 2016   pkcs11_cert_private = DISABLED
Thu Dec 29 20:23:48 2016   pkcs11_cert_private = DISABLED
Thu Dec 29 20:23:48 2016   pkcs11_cert_private = DISABLED
Thu Dec 29 20:23:48 2016   pkcs11_cert_private = DISABLED
Thu Dec 29 20:23:48 2016   pkcs11_cert_private = DISABLED
Thu Dec 29 20:23:48 2016   pkcs11_cert_private = DISABLED
Thu Dec 29 20:23:48 2016   pkcs11_cert_private = DISABLED
Thu Dec 29 20:23:48 2016   pkcs11_pin_cache_period = -1
Thu Dec 29 20:23:48 2016   pkcs11_id = '[UNDEF]'
Thu Dec 29 20:23:48 2016   pkcs11_id_management = DISABLED
Thu Dec 29 20:23:48 2016   server_network = 0.0.0.0
Thu Dec 29 20:23:48 2016   server_netmask = 0.0.0.0
Thu Dec 29 20:23:48 2016   server_network_ipv6 = ::
Thu Dec 29 20:23:48 2016   server_netbits_ipv6 = 0
Thu Dec 29 20:23:48 2016   server_bridge_ip = 0.0.0.0
Thu Dec 29 20:23:48 2016   server_bridge_netmask = 0.0.0.0
Thu Dec 29 20:23:48 2016   server_bridge_pool_start = 0.0.0.0
Thu Dec 29 20:23:48 2016   server_bridge_pool_end = 0.0.0.0
Thu Dec 29 20:23:48 2016   ifconfig_pool_defined = DISABLED
Thu Dec 29 20:23:48 2016   ifconfig_pool_start = 0.0.0.0
Thu Dec 29 20:23:48 2016   ifconfig_pool_end = 0.0.0.0
Thu Dec 29 20:23:48 2016   ifconfig_pool_netmask = 0.0.0.0
Thu Dec 29 20:23:48 2016   ifconfig_pool_persist_filename = '[UNDEF]'
Thu Dec 29 20:23:48 2016   ifconfig_pool_persist_refresh_freq = 600
Thu Dec 29 20:23:48 2016   ifconfig_ipv6_pool_defined = DISABLED
Thu Dec 29 20:23:48 2016   ifconfig_ipv6_pool_base = ::
Thu Dec 29 20:23:48 2016   ifconfig_ipv6_pool_netbits = 0
Thu Dec 29 20:23:48 2016   n_bcast_buf = 256
Thu Dec 29 20:23:48 2016   tcp_queue_limit = 64
Thu Dec 29 20:23:48 2016   real_hash_size = 256
Thu Dec 29 20:23:48 2016   virtual_hash_size = 256
Thu Dec 29 20:23:48 2016   client_connect_script = '[UNDEF]'
Thu Dec 29 20:23:48 2016   learn_address_script = '[UNDEF]'
Thu Dec 29 20:23:48 2016   client_disconnect_script = '[UNDEF]'
Thu Dec 29 20:23:48 2016   client_config_dir = '[UNDEF]'
Thu Dec 29 20:23:48 2016   ccd_exclusive = DISABLED
Thu Dec 29 20:23:48 2016   tmp_dir = 'C:\Users\mfilion\AppData\Local\Temp\'
Thu Dec 29 20:23:48 2016   push_ifconfig_defined = DISABLED
Thu Dec 29 20:23:48 2016   push_ifconfig_local = 0.0.0.0
Thu Dec 29 20:23:48 2016   push_ifconfig_remote_netmask = 0.0.0.0
Thu Dec 29 20:23:48 2016   push_ifconfig_ipv6_defined = DISABLED
Thu Dec 29 20:23:48 2016   push_ifconfig_ipv6_local = ::/0
Thu Dec 29 20:23:48 2016   push_ifconfig_ipv6_remote = ::
Thu Dec 29 20:23:48 2016   enable_c2c = DISABLED
Thu Dec 29 20:23:48 2016   duplicate_cn = DISABLED
Thu Dec 29 20:23:48 2016   cf_max = 0
Thu Dec 29 20:23:48 2016   cf_per = 0
Thu Dec 29 20:23:48 2016   max_clients = 1024
Thu Dec 29 20:23:48 2016   max_routes_per_client = 256
Thu Dec 29 20:23:48 2016   auth_user_pass_verify_script = '[UNDEF]'
Thu Dec 29 20:23:48 2016   auth_user_pass_verify_script_via_file = DISABLED
Thu Dec 29 20:23:48 2016   client = ENABLED
Thu Dec 29 20:23:48 2016   pull = ENABLED
Thu Dec 29 20:23:48 2016   auth_user_pass_file = 'stdin'
Thu Dec 29 20:23:48 2016   show_net_up = DISABLED
Thu Dec 29 20:23:48 2016   route_method = 0
Thu Dec 29 20:23:48 2016   block_outside_dns = DISABLED
Thu Dec 29 20:23:48 2016   ip_win32_defined = DISABLED
Thu Dec 29 20:23:48 2016   ip_win32_type = 3
Thu Dec 29 20:23:48 2016   dhcp_masq_offset = 0
Thu Dec 29 20:23:48 2016   dhcp_lease_time = 31536000
Thu Dec 29 20:23:48 2016   tap_sleep = 0
Thu Dec 29 20:23:48 2016   dhcp_options = DISABLED
Thu Dec 29 20:23:48 2016   dhcp_renew = DISABLED
Thu Dec 29 20:23:48 2016   dhcp_pre_release = DISABLED
Thu Dec 29 20:23:48 2016   dhcp_release = DISABLED
Thu Dec 29 20:23:48 2016   domain = '[UNDEF]'
Thu Dec 29 20:23:48 2016   netbios_scope = '[UNDEF]'
Thu Dec 29 20:23:48 2016   netbios_node_type = 0
Thu Dec 29 20:23:48 2016   disable_nbt = DISABLED
Thu Dec 29 20:23:48 2016 OpenVPN 2.3.11 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on May 10 2016
Thu Dec 29 20:23:48 2016 Windows version 6.2 (Windows 8 or greater) 64bit
Thu Dec 29 20:23:48 2016 library versions: OpenSSL 1.0.1t  3 May 2016, LZO 2.09
Thu Dec 29 20:23:48 2016 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Thu Dec 29 20:23:48 2016 Need hold release from management interface, waiting...
Thu Dec 29 20:23:49 2016 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Thu Dec 29 20:23:49 2016 MANAGEMENT: CMD 'state on'
Thu Dec 29 20:23:49 2016 MANAGEMENT: CMD 'log all on'
Thu Dec 29 20:23:49 2016 MANAGEMENT: CMD 'hold off'
Thu Dec 29 20:23:49 2016 MANAGEMENT: CMD 'hold release'
Thu Dec 29 20:23:54 2016 MANAGEMENT: CMD 'username "Auth" "mfilion"'
Thu Dec 29 20:23:54 2016 MANAGEMENT: CMD 'password [...]'
Thu Dec 29 20:23:54 2016 Control Channel MTU parms [ L:1557 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Thu Dec 29 20:23:54 2016 Socket Buffers: R=[65536->65536] S=[65536->65536]
Thu Dec 29 20:23:54 2016 MANAGEMENT: >STATE:1483061034,RESOLVE,,,
Thu Dec 29 20:23:54 2016 Data Channel MTU parms [ L:1557 D:1450 EF:57 EB:12 ET:0 EL:3 ]
Thu Dec 29 20:23:54 2016 Local Options String: 'V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-client'
Thu Dec 29 20:23:54 2016 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-server'
Thu Dec 29 20:23:54 2016 Local Options hash (VER=V4): '2dd3fcaf'
Thu Dec 29 20:23:54 2016 Expected Remote Options hash (VER=V4): '8114d01c'
Thu Dec 29 20:23:54 2016 UDPv4 link local: [undef]
Thu Dec 29 20:23:54 2016 UDPv4 link remote: [AF_INET]$VPN_PUBLIC_IP$:1194
Thu Dec 29 20:23:54 2016 MANAGEMENT: >STATE:1483061034,WAIT,,,
Thu Dec 29 20:23:54 2016 MANAGEMENT: >STATE:1483061034,AUTH,,,
Thu Dec 29 20:23:54 2016 TLS: Initial packet from [AF_INET]$VPN_PUBLIC_IP$:1194, sid=b0aa7519 4c3a8b5c
Thu Dec 29 20:23:55 2016 VERIFY OK: depth=1, C=CA, ST=QC, L=Quebec, O=MikeFilion, OU=MikeFilion, CN=orion.mikefilion.com, name=EasyRSA, emailAddress=mfilion@mikefilion.com
Thu Dec 29 20:23:55 2016 VERIFY OK: nsCertType=SERVER
Thu Dec 29 20:23:55 2016 VERIFY OK: depth=0, C=CA, ST=QC, L=Quebec, O=MikeFilion, OU=MikeFilion, CN=orion.mikefilion.com, name=EasyRSA, emailAddress=mfilion@mikefilion.com
Thu Dec 29 20:23:55 2016 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Thu Dec 29 20:23:55 2016 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Dec 29 20:23:55 2016 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Thu Dec 29 20:23:55 2016 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Dec 29 20:23:55 2016 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Thu Dec 29 20:23:55 2016 [orion.mikefilion.com] Peer Connection Initiated with [AF_INET]$VPN_PUBLIC_IP$:1194
Thu Dec 29 20:23:56 2016 MANAGEMENT: >STATE:1483061036,GET_CONFIG,,,
Thu Dec 29 20:23:57 2016 SENT CONTROL [orion.mikefilion.com]: 'PUSH_REQUEST' (status=1)
Thu Dec 29 20:23:57 2016 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route 10.8.0.1 255.255.255.255,route 10.8.0.0 255.255.255.0,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.8.0.2 255.255.255.0'
Thu Dec 29 20:23:57 2016 OPTIONS IMPORT: timers and/or timeouts modified
Thu Dec 29 20:23:57 2016 OPTIONS IMPORT: --ifconfig/up options modified
Thu Dec 29 20:23:57 2016 OPTIONS IMPORT: route options modified
Thu Dec 29 20:23:57 2016 OPTIONS IMPORT: route-related options modified
Thu Dec 29 20:23:57 2016 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Thu Dec 29 20:23:57 2016 ROUTE_GATEWAY 192.168.0.1/255.255.255.0 I=10 HWADDR=28:c2:dd:d9:1d:a7
Thu Dec 29 20:23:57 2016 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Thu Dec 29 20:23:57 2016 MANAGEMENT: >STATE:1483061037,ASSIGN_IP,,10.8.0.2,
Thu Dec 29 20:23:57 2016 open_tun, tt->ipv6=0
Thu Dec 29 20:23:57 2016 TAP-WIN32 device [VPN Adapter] opened: \\.\Global\{21A230A5-E3BA-469B-B25F-B8897F4DADDD}.tap
Thu Dec 29 20:23:57 2016 TAP-Windows Driver Version 9.21 
Thu Dec 29 20:23:57 2016 TAP-Windows MTU=1500
Thu Dec 29 20:23:57 2016 Set TAP-Windows TUN subnet mode network/local/netmask = 10.8.0.0/10.8.0.2/255.255.255.0 [SUCCEEDED]
Thu Dec 29 20:23:57 2016 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.8.0.2/255.255.255.0 on interface {21A230A5-E3BA-469B-B25F-B8897F4DADDD} [DHCP-serv: 10.8.0.254, lease-time: 31536000]
Thu Dec 29 20:23:57 2016 DHCP option string: 06080808 08080808 0404
Thu Dec 29 20:23:57 2016 Successful ARP Flush on interface [3] {21A230A5-E3BA-469B-B25F-B8897F4DADDD}
Thu Dec 29 20:24:02 2016 TEST ROUTES: 3/3 succeeded len=2 ret=1 a=0 u/d=up
Thu Dec 29 20:24:02 2016 C:\WINDOWS\system32\route.exe ADD $VPN_PUBLIC_IP$ MASK 255.255.255.255 192.168.0.1
Thu Dec 29 20:24:02 2016 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=25 and dwForwardType=4
Thu Dec 29 20:24:02 2016 Route addition via IPAPI succeeded [adaptive]
Thu Dec 29 20:24:02 2016 C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.8.0.1
Thu Dec 29 20:24:02 2016 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
Thu Dec 29 20:24:02 2016 Route addition via IPAPI succeeded [adaptive]
Thu Dec 29 20:24:02 2016 C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.8.0.1
Thu Dec 29 20:24:02 2016 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
Thu Dec 29 20:24:02 2016 Route addition via IPAPI succeeded [adaptive]
Thu Dec 29 20:24:02 2016 MANAGEMENT: >STATE:1483061042,ADD_ROUTES,,,
Thu Dec 29 20:24:02 2016 C:\WINDOWS\system32\route.exe ADD 10.8.0.1 MASK 255.255.255.255 10.8.0.1
Thu Dec 29 20:24:02 2016 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
Thu Dec 29 20:24:02 2016 Route addition via IPAPI succeeded [adaptive]
Thu Dec 29 20:24:02 2016 C:\WINDOWS\system32\route.exe ADD 10.8.0.0 MASK 255.255.255.0 10.8.0.1
Thu Dec 29 20:24:02 2016 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
Thu Dec 29 20:24:02 2016 Route addition via IPAPI succeeded [adaptive]
Thu Dec 29 20:24:02 2016 Initialization Sequence Completed
Thu Dec 29 20:24:02 2016 MANAGEMENT: >STATE:1483061042,CONNECTED,SUCCESS,10.8.0.2,$VPN_PUBLIC_IP$
server log

Code: Select all

Thu Dec 29 20:23:50 2016 us=391931 Current Parameter Settings:
Thu Dec 29 20:23:50 2016 us=392065   config = 'server.conf'
Thu Dec 29 20:23:50 2016 us=392085   mode = 1
Thu Dec 29 20:23:50 2016 us=392099   persist_config = DISABLED
Thu Dec 29 20:23:50 2016 us=392113   persist_mode = 1
Thu Dec 29 20:23:50 2016 us=392125   show_ciphers = DISABLED
Thu Dec 29 20:23:50 2016 us=392138   show_digests = DISABLED
Thu Dec 29 20:23:50 2016 us=392151   show_engines = DISABLED
Thu Dec 29 20:23:50 2016 us=392163   genkey = DISABLED
Thu Dec 29 20:23:50 2016 us=392176   key_pass_file = '[UNDEF]'
Thu Dec 29 20:23:50 2016 us=392189   show_tls_ciphers = DISABLED
Thu Dec 29 20:23:50 2016 us=392202 Connection profiles [default]:
Thu Dec 29 20:23:50 2016 us=392216   proto = udp
Thu Dec 29 20:23:50 2016 us=392229   local = '[UNDEF]'
Thu Dec 29 20:23:50 2016 us=392242   local_port = 1194
Thu Dec 29 20:23:50 2016 us=392254   remote = '[UNDEF]'
Thu Dec 29 20:23:50 2016 us=392267   remote_port = 1194
Thu Dec 29 20:23:50 2016 us=392279   remote_float = DISABLED
Thu Dec 29 20:23:50 2016 us=392292   bind_defined = DISABLED
Thu Dec 29 20:23:50 2016 us=392304   bind_local = ENABLED
Thu Dec 29 20:23:50 2016 us=392317   connect_retry_seconds = 5
Thu Dec 29 20:23:50 2016 us=392329   connect_timeout = 10
Thu Dec 29 20:23:50 2016 us=392341   connect_retry_max = 0
Thu Dec 29 20:23:50 2016 us=392354   socks_proxy_server = '[UNDEF]'
Thu Dec 29 20:23:50 2016 us=392366   socks_proxy_port = 0
Thu Dec 29 20:23:50 2016 us=392379   socks_proxy_retry = DISABLED
Thu Dec 29 20:23:50 2016 us=392391   tun_mtu = 1500
Thu Dec 29 20:23:50 2016 us=392404   tun_mtu_defined = ENABLED
Thu Dec 29 20:23:50 2016 us=392416   link_mtu = 1500
Thu Dec 29 20:23:50 2016 us=392429   link_mtu_defined = DISABLED
Thu Dec 29 20:23:50 2016 us=392441   tun_mtu_extra = 0
Thu Dec 29 20:23:50 2016 us=392453   tun_mtu_extra_defined = DISABLED
Thu Dec 29 20:23:50 2016 us=392466   mtu_discover_type = -1
Thu Dec 29 20:23:50 2016 us=392478   fragment = 0
Thu Dec 29 20:23:50 2016 us=392491   mssfix = 1450
Thu Dec 29 20:23:50 2016 us=392503   explicit_exit_notification = 0
Thu Dec 29 20:23:50 2016 us=392516 Connection profiles END
Thu Dec 29 20:23:50 2016 us=392528   remote_random = DISABLED
Thu Dec 29 20:23:50 2016 us=392540   ipchange = '[UNDEF]'
Thu Dec 29 20:23:50 2016 us=392553   dev = 'tun'
Thu Dec 29 20:23:50 2016 us=392565   dev_type = '[UNDEF]'
Thu Dec 29 20:23:50 2016 us=392577   dev_node = '[UNDEF]'
Thu Dec 29 20:23:50 2016 us=392590   lladdr = '[UNDEF]'
Thu Dec 29 20:23:50 2016 us=392602   topology = 3
Thu Dec 29 20:23:50 2016 us=392615   tun_ipv6 = DISABLED
Thu Dec 29 20:23:50 2016 us=392627   ifconfig_local = '10.8.0.1'
Thu Dec 29 20:23:50 2016 us=392640   ifconfig_remote_netmask = '255.255.255.0'
Thu Dec 29 20:23:50 2016 us=392653   ifconfig_noexec = DISABLED
Thu Dec 29 20:23:50 2016 us=392665   ifconfig_nowarn = DISABLED
Thu Dec 29 20:23:50 2016 us=392678   ifconfig_ipv6_local = '[UNDEF]'
Thu Dec 29 20:23:50 2016 us=392691   ifconfig_ipv6_netbits = 0
Thu Dec 29 20:23:50 2016 us=392704   ifconfig_ipv6_remote = '[UNDEF]'
Thu Dec 29 20:23:50 2016 us=392716   shaper = 0
Thu Dec 29 20:23:50 2016 us=392737   mtu_test = 0
Thu Dec 29 20:23:50 2016 us=392750   mlock = DISABLED
Thu Dec 29 20:23:50 2016 us=392763   keepalive_ping = 10
Thu Dec 29 20:23:50 2016 us=392775   keepalive_timeout = 120
Thu Dec 29 20:23:50 2016 us=392788   inactivity_timeout = 0
Thu Dec 29 20:23:50 2016 us=392800   ping_send_timeout = 10
Thu Dec 29 20:23:50 2016 us=392812   ping_rec_timeout = 240
Thu Dec 29 20:23:50 2016 us=392825   ping_rec_timeout_action = 2
Thu Dec 29 20:23:50 2016 us=392837   ping_timer_remote = DISABLED
Thu Dec 29 20:23:50 2016 us=392851   remap_sigusr1 = 0
Thu Dec 29 20:23:50 2016 us=392864   persist_tun = ENABLED
Thu Dec 29 20:23:50 2016 us=392876   persist_local_ip = DISABLED
Thu Dec 29 20:23:50 2016 us=392889   persist_remote_ip = DISABLED
Thu Dec 29 20:23:50 2016 us=392901   persist_key = ENABLED
Thu Dec 29 20:23:50 2016 us=392914   passtos = DISABLED
Thu Dec 29 20:23:50 2016 us=392927   resolve_retry_seconds = 1000000000
Thu Dec 29 20:23:50 2016 us=392947   username = 'nobody'
Thu Dec 29 20:23:50 2016 us=392960   groupname = 'nobody'
Thu Dec 29 20:23:50 2016 us=392972   chroot_dir = '[UNDEF]'
Thu Dec 29 20:23:50 2016 us=393000   cd_dir = '/etc/openvpn'
Thu Dec 29 20:23:50 2016 us=393014   writepid = '/var/run/openvpn/server.pid'
Thu Dec 29 20:23:50 2016 us=393031   up_script = '[UNDEF]'
Thu Dec 29 20:23:50 2016 us=393044   down_script = '[UNDEF]'
Thu Dec 29 20:23:50 2016 us=393057   down_pre = DISABLED
Thu Dec 29 20:23:50 2016 us=393069   up_restart = DISABLED
Thu Dec 29 20:23:50 2016 us=393081   up_delay = DISABLED
Thu Dec 29 20:23:50 2016 us=393094   daemon = ENABLED
Thu Dec 29 20:23:50 2016 us=393107   inetd = 0
Thu Dec 29 20:23:50 2016 us=393119   log = ENABLED
Thu Dec 29 20:23:50 2016 us=393136   suppress_timestamps = DISABLED
Thu Dec 29 20:23:50 2016 us=393149   nice = 0
Thu Dec 29 20:23:50 2016 us=393161   verbosity = 4
Thu Dec 29 20:23:50 2016 us=393174   mute = 0
Thu Dec 29 20:23:50 2016 us=393186   gremlin = 0
Thu Dec 29 20:23:50 2016 us=393198   status_file = 'status.log'
Thu Dec 29 20:23:50 2016 us=393211   status_file_version = 1
Thu Dec 29 20:23:50 2016 us=393223   status_file_update_freq = 60
Thu Dec 29 20:23:50 2016 us=393236   occ = ENABLED
Thu Dec 29 20:23:50 2016 us=393248   rcvbuf = 0
Thu Dec 29 20:23:50 2016 us=393260   sndbuf = 0
Thu Dec 29 20:23:50 2016 us=393273   mark = 0
Thu Dec 29 20:23:50 2016 us=393285   sockflags = 0
Thu Dec 29 20:23:50 2016 us=393297   fast_io = DISABLED
Thu Dec 29 20:23:50 2016 us=393310   lzo = 0
Thu Dec 29 20:23:50 2016 us=393322   route_script = '[UNDEF]'
Thu Dec 29 20:23:50 2016 us=393335   route_default_gateway = '10.8.0.2'
Thu Dec 29 20:23:50 2016 us=393347   route_default_metric = 0
Thu Dec 29 20:23:50 2016 us=393360   route_noexec = DISABLED
Thu Dec 29 20:23:50 2016 us=393380   route_delay = 0
Thu Dec 29 20:23:50 2016 us=393397   route_delay_window = 30
Thu Dec 29 20:23:50 2016 us=393417   route_delay_defined = DISABLED
Thu Dec 29 20:23:50 2016 us=393431   route_nopull = DISABLED
Thu Dec 29 20:23:50 2016 us=393444   route_gateway_via_dhcp = DISABLED
Thu Dec 29 20:23:50 2016 us=393456   max_routes = 100
Thu Dec 29 20:23:50 2016 us=393469   allow_pull_fqdn = DISABLED
Thu Dec 29 20:23:50 2016 us=393486   route 10.8.0.0/255.255.255.255/default (not set)/default (not set)
Thu Dec 29 20:23:50 2016 us=393500   route 10.8.0.0/255.255.255.0/default (not set)/default (not set)
Thu Dec 29 20:23:50 2016 us=393513   management_addr = 'localhost'
Thu Dec 29 20:23:50 2016 us=393525   management_port = 7505
Thu Dec 29 20:23:50 2016 us=393538   management_user_pass = '[UNDEF]'
Thu Dec 29 20:23:50 2016 us=393550   management_log_history_cache = 250
Thu Dec 29 20:23:50 2016 us=393563   management_echo_buffer_size = 100
Thu Dec 29 20:23:50 2016 us=393576   management_write_peer_info_file = '[UNDEF]'
Thu Dec 29 20:23:50 2016 us=393589   management_client_user = '[UNDEF]'
Thu Dec 29 20:23:50 2016 us=393602   management_client_group = '[UNDEF]'
Thu Dec 29 20:23:50 2016 us=393614   management_flags = 0
Thu Dec 29 20:23:50 2016 us=393635   plugin[0] /usr/lib64/openvpn/plugin/lib/openvpn-auth-pam.so '[/usr/lib64/openvpn/plugin/lib/openvpn-auth-pam.so] [openvpn]'
Thu Dec 29 20:23:50 2016 us=393653   shared_secret_file = '[UNDEF]'
Thu Dec 29 20:23:50 2016 us=393666   key_direction = 0
Thu Dec 29 20:23:50 2016 us=393679   ciphername_defined = ENABLED
Thu Dec 29 20:23:50 2016 us=393692   ciphername = 'AES-256-CBC'
Thu Dec 29 20:23:50 2016 us=393705   authname_defined = ENABLED
Thu Dec 29 20:23:50 2016 us=393718   authname = 'SHA1'
Thu Dec 29 20:23:50 2016 us=393737   prng_hash = 'SHA1'
Thu Dec 29 20:23:50 2016 us=393750   prng_nonce_secret_len = 16
Thu Dec 29 20:23:50 2016 us=393762   keysize = 0
Thu Dec 29 20:23:50 2016 us=393775   engine = DISABLED
Thu Dec 29 20:23:50 2016 us=393787   replay = ENABLED
Thu Dec 29 20:23:50 2016 us=393800   mute_replay_warnings = DISABLED
Thu Dec 29 20:23:50 2016 us=393812   replay_window = 64
Thu Dec 29 20:23:50 2016 us=393825   replay_time = 15
Thu Dec 29 20:23:50 2016 us=393838   packet_id_file = '[UNDEF]'
Thu Dec 29 20:23:50 2016 us=393857   use_iv = ENABLED
Thu Dec 29 20:23:50 2016 us=393871   test_crypto = DISABLED
Thu Dec 29 20:23:50 2016 us=393883   tls_server = ENABLED
Thu Dec 29 20:23:50 2016 us=393896   tls_client = DISABLED
Thu Dec 29 20:23:50 2016 us=393908   key_method = 2
Thu Dec 29 20:23:50 2016 us=393921   ca_file = '/etc/openvpn/ssl/ca.crt'
Thu Dec 29 20:23:50 2016 us=393934   ca_path = '[UNDEF]'
Thu Dec 29 20:23:50 2016 us=393947   dh_file = '/etc/openvpn/ssl/dh2048.pem'
Thu Dec 29 20:23:50 2016 us=393960   cert_file = '/etc/openvpn/ssl/server.crt'
Thu Dec 29 20:23:50 2016 us=393973   extra_certs_file = '[UNDEF]'
Thu Dec 29 20:23:50 2016 us=393990   priv_key_file = '/etc/openvpn/ssl/server.key'
Thu Dec 29 20:23:50 2016 us=394003   pkcs12_file = '[UNDEF]'
Thu Dec 29 20:23:50 2016 us=394016   cipher_list = '[UNDEF]'
Thu Dec 29 20:23:50 2016 us=394029   tls_verify = '[UNDEF]'
Thu Dec 29 20:23:50 2016 us=394041   tls_export_cert = '[UNDEF]'
Thu Dec 29 20:23:50 2016 us=394054   verify_x509_type = 0
Thu Dec 29 20:23:50 2016 us=394066   verify_x509_name = '[UNDEF]'
Thu Dec 29 20:23:50 2016 us=394079   crl_file = '[UNDEF]'
Thu Dec 29 20:23:50 2016 us=394092   ns_cert_type = 0
Thu Dec 29 20:23:50 2016 us=394105   remote_cert_ku[i] = 0
Thu Dec 29 20:23:50 2016 us=394117   remote_cert_ku[i] = 0
Thu Dec 29 20:23:50 2016 us=394129   remote_cert_ku[i] = 0
Thu Dec 29 20:23:50 2016 us=394141   remote_cert_ku[i] = 0
Thu Dec 29 20:23:50 2016 us=394153   remote_cert_ku[i] = 0
Thu Dec 29 20:23:50 2016 us=394188   remote_cert_ku[i] = 0
Thu Dec 29 20:23:50 2016 us=394200   remote_cert_ku[i] = 0
Thu Dec 29 20:23:50 2016 us=394212   remote_cert_ku[i] = 0
Thu Dec 29 20:23:50 2016 us=394224   remote_cert_ku[i] = 0
Thu Dec 29 20:23:50 2016 us=394236   remote_cert_ku[i] = 0
Thu Dec 29 20:23:50 2016 us=394248   remote_cert_ku[i] = 0
Thu Dec 29 20:23:50 2016 us=394261   remote_cert_ku[i] = 0
Thu Dec 29 20:23:50 2016 us=394273   remote_cert_ku[i] = 0
Thu Dec 29 20:23:50 2016 us=394284   remote_cert_ku[i] = 0
Thu Dec 29 20:23:50 2016 us=394296   remote_cert_ku[i] = 0
Thu Dec 29 20:23:50 2016 us=394308   remote_cert_ku[i] = 0
Thu Dec 29 20:23:50 2016 us=394320   remote_cert_eku = '[UNDEF]'
Thu Dec 29 20:23:50 2016 us=394333   ssl_flags = 0
Thu Dec 29 20:23:50 2016 us=394345   tls_timeout = 2
Thu Dec 29 20:23:50 2016 us=394358   renegotiate_bytes = -1
Thu Dec 29 20:23:50 2016 us=394370   renegotiate_packets = 0
Thu Dec 29 20:23:50 2016 us=394383   renegotiate_seconds = 3600
Thu Dec 29 20:23:50 2016 us=394395   handshake_window = 60
Thu Dec 29 20:23:50 2016 us=394408   transition_window = 3600
Thu Dec 29 20:23:50 2016 us=394420   single_session = DISABLED
Thu Dec 29 20:23:50 2016 us=394433   push_peer_info = DISABLED
Thu Dec 29 20:23:50 2016 us=394446   tls_exit = DISABLED
Thu Dec 29 20:23:50 2016 us=394458   tls_auth_file = '[UNDEF]'
Thu Dec 29 20:23:50 2016 us=394471   pkcs11_protected_authentication = DISABLED
Thu Dec 29 20:23:50 2016 us=394484   pkcs11_protected_authentication = DISABLED
Thu Dec 29 20:23:50 2016 us=394496   pkcs11_protected_authentication = DISABLED
Thu Dec 29 20:23:50 2016 us=394508   pkcs11_protected_authentication = DISABLED
Thu Dec 29 20:23:50 2016 us=394521   pkcs11_protected_authentication = DISABLED
Thu Dec 29 20:23:50 2016 us=394534   pkcs11_protected_authentication = DISABLED
Thu Dec 29 20:23:50 2016 us=394546   pkcs11_protected_authentication = DISABLED
Thu Dec 29 20:23:50 2016 us=394558   pkcs11_protected_authentication = DISABLED
Thu Dec 29 20:23:50 2016 us=394571   pkcs11_protected_authentication = DISABLED
Thu Dec 29 20:23:50 2016 us=394583   pkcs11_protected_authentication = DISABLED
Thu Dec 29 20:23:50 2016 us=394595   pkcs11_protected_authentication = DISABLED
Thu Dec 29 20:23:50 2016 us=394607   pkcs11_protected_authentication = DISABLED
Thu Dec 29 20:23:50 2016 us=394619   pkcs11_protected_authentication = DISABLED
Thu Dec 29 20:23:50 2016 us=394632   pkcs11_protected_authentication = DISABLED
Thu Dec 29 20:23:50 2016 us=394644   pkcs11_protected_authentication = DISABLED
Thu Dec 29 20:23:50 2016 us=394662   pkcs11_protected_authentication = DISABLED
Thu Dec 29 20:23:50 2016 us=394676   pkcs11_private_mode = 00000000
Thu Dec 29 20:23:50 2016 us=394689   pkcs11_private_mode = 00000000
Thu Dec 29 20:23:50 2016 us=394701   pkcs11_private_mode = 00000000
Thu Dec 29 20:23:50 2016 us=394713   pkcs11_private_mode = 00000000
Thu Dec 29 20:23:50 2016 us=394730   pkcs11_private_mode = 00000000
Thu Dec 29 20:23:50 2016 us=394743   pkcs11_private_mode = 00000000
Thu Dec 29 20:23:50 2016 us=394755   pkcs11_private_mode = 00000000
Thu Dec 29 20:23:50 2016 us=394767   pkcs11_private_mode = 00000000
Thu Dec 29 20:23:50 2016 us=394779   pkcs11_private_mode = 00000000
Thu Dec 29 20:23:50 2016 us=394791   pkcs11_private_mode = 00000000
Thu Dec 29 20:23:50 2016 us=394804   pkcs11_private_mode = 00000000
Thu Dec 29 20:23:50 2016 us=394816   pkcs11_private_mode = 00000000
Thu Dec 29 20:23:50 2016 us=394828   pkcs11_private_mode = 00000000
Thu Dec 29 20:23:50 2016 us=394840   pkcs11_private_mode = 00000000
Thu Dec 29 20:23:50 2016 us=394852   pkcs11_private_mode = 00000000
Thu Dec 29 20:23:50 2016 us=394864   pkcs11_private_mode = 00000000
Thu Dec 29 20:23:50 2016 us=394877   pkcs11_cert_private = DISABLED
Thu Dec 29 20:23:50 2016 us=394889   pkcs11_cert_private = DISABLED
Thu Dec 29 20:23:50 2016 us=394902   pkcs11_cert_private = DISABLED
Thu Dec 29 20:23:50 2016 us=394914   pkcs11_cert_private = DISABLED
Thu Dec 29 20:23:50 2016 us=394926   pkcs11_cert_private = DISABLED
Thu Dec 29 20:23:50 2016 us=394939   pkcs11_cert_private = DISABLED
Thu Dec 29 20:23:50 2016 us=394951   pkcs11_cert_private = DISABLED
Thu Dec 29 20:23:50 2016 us=394962   pkcs11_cert_private = DISABLED
Thu Dec 29 20:23:50 2016 us=394974   pkcs11_cert_private = DISABLED
Thu Dec 29 20:23:50 2016 us=395037   pkcs11_cert_private = DISABLED
Thu Dec 29 20:23:50 2016 us=395052   pkcs11_cert_private = DISABLED
Thu Dec 29 20:23:50 2016 us=395064   pkcs11_cert_private = DISABLED
Thu Dec 29 20:23:50 2016 us=395077   pkcs11_cert_private = DISABLED
Thu Dec 29 20:23:50 2016 us=395089   pkcs11_cert_private = DISABLED
Thu Dec 29 20:23:50 2016 us=395101   pkcs11_cert_private = DISABLED
Thu Dec 29 20:23:50 2016 us=395114   pkcs11_cert_private = DISABLED
Thu Dec 29 20:23:50 2016 us=395127   pkcs11_pin_cache_period = -1
Thu Dec 29 20:23:50 2016 us=395139   pkcs11_id = '[UNDEF]'
Thu Dec 29 20:23:50 2016 us=395152   pkcs11_id_management = DISABLED
Thu Dec 29 20:23:50 2016 us=395167   server_network = 10.8.0.0
Thu Dec 29 20:23:50 2016 us=395181   server_netmask = 255.255.255.0
Thu Dec 29 20:23:50 2016 us=395202   server_network_ipv6 = ::
Thu Dec 29 20:23:50 2016 us=395216   server_netbits_ipv6 = 0
Thu Dec 29 20:23:50 2016 us=395229   server_bridge_ip = 0.0.0.0
Thu Dec 29 20:23:50 2016 us=395247   server_bridge_netmask = 0.0.0.0
Thu Dec 29 20:23:50 2016 us=395262   server_bridge_pool_start = 0.0.0.0
Thu Dec 29 20:23:50 2016 us=395276   server_bridge_pool_end = 0.0.0.0
Thu Dec 29 20:23:50 2016 us=395288   push_entry = 'redirect-gateway def1 bypass-dhcp'
Thu Dec 29 20:23:50 2016 us=395301   push_entry = 'dhcp-option DNS 8.8.8.8'
Thu Dec 29 20:23:50 2016 us=395314   push_entry = 'dhcp-option DNS 8.8.4.4'
Thu Dec 29 20:23:50 2016 us=395326   push_entry = 'route 10.8.0.1 255.255.255.255'
Thu Dec 29 20:23:50 2016 us=395338   push_entry = 'route 10.8.0.0 255.255.255.0'
Thu Dec 29 20:23:50 2016 us=395351   push_entry = 'route-gateway 10.8.0.1'
Thu Dec 29 20:23:50 2016 us=395363   push_entry = 'topology subnet'
Thu Dec 29 20:23:50 2016 us=395376   push_entry = 'ping 10'
Thu Dec 29 20:23:50 2016 us=395388   push_entry = 'ping-restart 120'
Thu Dec 29 20:23:50 2016 us=395400   ifconfig_pool_defined = ENABLED
Thu Dec 29 20:23:50 2016 us=395413   ifconfig_pool_start = 10.8.0.2
Thu Dec 29 20:23:50 2016 us=395427   ifconfig_pool_end = 10.8.0.253
Thu Dec 29 20:23:50 2016 us=395448   ifconfig_pool_netmask = 255.255.255.0
Thu Dec 29 20:23:50 2016 us=395461   ifconfig_pool_persist_filename = 'ipp.txt'
Thu Dec 29 20:23:50 2016 us=395475   ifconfig_pool_persist_refresh_freq = 600
Thu Dec 29 20:23:50 2016 us=395496   ifconfig_ipv6_pool_defined = DISABLED
Thu Dec 29 20:23:50 2016 us=395510   ifconfig_ipv6_pool_base = ::
Thu Dec 29 20:23:50 2016 us=395523   ifconfig_ipv6_pool_netbits = 0
Thu Dec 29 20:23:50 2016 us=395535   n_bcast_buf = 256
Thu Dec 29 20:23:50 2016 us=395549   tcp_queue_limit = 64
Thu Dec 29 20:23:50 2016 us=395561   real_hash_size = 256
Thu Dec 29 20:23:50 2016 us=395574   virtual_hash_size = 256
Thu Dec 29 20:23:50 2016 us=395586   client_connect_script = '[UNDEF]'
Thu Dec 29 20:23:50 2016 us=395599   learn_address_script = '[UNDEF]'
Thu Dec 29 20:23:50 2016 us=395612   client_disconnect_script = '[UNDEF]'
Thu Dec 29 20:23:50 2016 us=395625   client_config_dir = '[UNDEF]'
Thu Dec 29 20:23:50 2016 us=395637   ccd_exclusive = DISABLED
Thu Dec 29 20:23:50 2016 us=395650   tmp_dir = '/tmp'
Thu Dec 29 20:23:50 2016 us=395663   push_ifconfig_defined = DISABLED
Thu Dec 29 20:23:50 2016 us=395677   push_ifconfig_local = 0.0.0.0
Thu Dec 29 20:23:50 2016 us=395691   push_ifconfig_remote_netmask = 0.0.0.0
Thu Dec 29 20:23:50 2016 us=395703   push_ifconfig_ipv6_defined = DISABLED
Thu Dec 29 20:23:50 2016 us=395717   push_ifconfig_ipv6_local = ::/0
Thu Dec 29 20:23:50 2016 us=395733   push_ifconfig_ipv6_remote = ::
Thu Dec 29 20:23:50 2016 us=395754   enable_c2c = ENABLED
Thu Dec 29 20:23:50 2016 us=395769   duplicate_cn = DISABLED
Thu Dec 29 20:23:50 2016 us=395781   cf_max = 0
Thu Dec 29 20:23:50 2016 us=395794   cf_per = 0
Thu Dec 29 20:23:50 2016 us=395806   max_clients = 100
Thu Dec 29 20:23:50 2016 us=395819   max_routes_per_client = 256
Thu Dec 29 20:23:50 2016 us=395832   auth_user_pass_verify_script = '[UNDEF]'
Thu Dec 29 20:23:50 2016 us=395845   auth_user_pass_verify_script_via_file = DISABLED
Thu Dec 29 20:23:50 2016 us=395857   port_share_host = '[UNDEF]'
Thu Dec 29 20:23:50 2016 us=395870   port_share_port = 0
Thu Dec 29 20:23:50 2016 us=395882   client = DISABLED
Thu Dec 29 20:23:50 2016 us=395895   pull = DISABLED
Thu Dec 29 20:23:50 2016 us=395908   auth_user_pass_file = '[UNDEF]'
Thu Dec 29 20:23:50 2016 us=395926 OpenVPN 2.3.14 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Dec  7 2016
Thu Dec 29 20:23:50 2016 us=395947 library versions: OpenSSL 1.0.1e-fips 11 Feb 2013, LZO 2.03
Thu Dec 29 20:23:50 2016 us=400417 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:7505
AUTH-PAM: BACKGROUND: INIT service='openvpn'
Thu Dec 29 20:23:50 2016 us=401498 PLUGIN_INIT: POST /usr/lib64/openvpn/plugin/lib/openvpn-auth-pam.so '[/usr/lib64/openvpn/plugin/lib/openvpn-auth-pam.so] [openvpn]' intercepted=PLUGIN_AUTH_USER_PASS_VERIFY 
Thu Dec 29 20:23:50 2016 us=412679 Diffie-Hellman initialized with 2048 bit key
Thu Dec 29 20:23:50 2016 us=413218 TLS-Auth MTU parms [ L:1557 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Thu Dec 29 20:23:50 2016 us=413250 Socket Buffers: R=[133120->133120] S=[133120->133120]
Thu Dec 29 20:23:50 2016 us=413363 ROUTE_GATEWAY ON_LINK IFACE=venet0 HWADDR=00:00:00:00:00:00
Thu Dec 29 20:23:50 2016 us=413910 TUN/TAP device tun0 opened
Thu Dec 29 20:23:50 2016 us=413933 TUN/TAP TX queue length set to 100
Thu Dec 29 20:23:50 2016 us=413947 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Thu Dec 29 20:23:50 2016 us=413968 /sbin/ip link set dev tun0 up mtu 1500
Thu Dec 29 20:23:50 2016 us=417588 /sbin/ip addr add dev tun0 10.8.0.1/24 broadcast 10.8.0.255
Thu Dec 29 20:23:50 2016 us=419737 /sbin/ip route add 10.8.0.0/32 via 10.8.0.2
Thu Dec 29 20:23:50 2016 us=420807 /sbin/ip route add 10.8.0.0/24 via 10.8.0.2
RTNETLINK answers: File exists
Thu Dec 29 20:23:50 2016 us=475812 ERROR: Linux route add command failed: external program exited with error status: 2
Thu Dec 29 20:23:50 2016 us=475910 Data Channel MTU parms [ L:1557 D:1450 EF:57 EB:12 ET:0 EL:3 ]
Thu Dec 29 20:23:50 2016 us=476144 GID set to nobody
Thu Dec 29 20:23:50 2016 us=476181 UID set to nobody
Thu Dec 29 20:23:50 2016 us=476205 UDPv4 link local (bound): [undef]
Thu Dec 29 20:23:50 2016 us=476221 UDPv4 link remote: [undef]
Thu Dec 29 20:23:50 2016 us=476253 MULTI: multi_init called, r=256 v=256
Thu Dec 29 20:23:50 2016 us=476313 IFCONFIG POOL: base=10.8.0.2 size=252, ipv6=0
Thu Dec 29 20:23:50 2016 us=476341 ifconfig_pool_read(), in='CLIENT1,10.8.0.2', TODO: IPv6
Thu Dec 29 20:23:50 2016 us=476397 succeeded -> ifconfig_pool_set()
Thu Dec 29 20:23:50 2016 us=476417 ifconfig_pool_read(), in='CLIENT2,10.8.0.3', TODO: IPv6
Thu Dec 29 20:23:50 2016 us=476454 succeeded -> ifconfig_pool_set()
Thu Dec 29 20:23:50 2016 us=476470 ifconfig_pool_read(), in='client,10.8.0.4', TODO: IPv6
Thu Dec 29 20:23:50 2016 us=476504 succeeded -> ifconfig_pool_set()
Thu Dec 29 20:23:50 2016 us=476526 IFCONFIG POOL LIST
Thu Dec 29 20:23:50 2016 us=476545 CLIENT1,10.8.0.2
Thu Dec 29 20:23:50 2016 us=476560 CLIENT2,10.8.0.3
Thu Dec 29 20:23:50 2016 us=476575 client,10.8.0.4
Thu Dec 29 20:23:50 2016 us=476638 Initialization Sequence Completed
Thu Dec 29 20:24:00 2016 us=311389 MULTI: multi_create_instance called
Thu Dec 29 20:24:00 2016 us=311502 $CLIENT_PUBLIC_IP$:51308 Re-using SSL/TLS context
Thu Dec 29 20:24:00 2016 us=311713 $CLIENT_PUBLIC_IP$:51308 Control Channel MTU parms [ L:1557 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Thu Dec 29 20:24:00 2016 us=311744 $CLIENT_PUBLIC_IP$:51308 Data Channel MTU parms [ L:1557 D:1450 EF:57 EB:12 ET:0 EL:3 ]
Thu Dec 29 20:24:00 2016 us=311891 $CLIENT_PUBLIC_IP$:51308 Local Options String: 'V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-server'
Thu Dec 29 20:24:00 2016 us=311913 $CLIENT_PUBLIC_IP$:51308 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-client'
Thu Dec 29 20:24:00 2016 us=311952 $CLIENT_PUBLIC_IP$:51308 Local Options hash (VER=V4): '8114d01c'
Thu Dec 29 20:24:00 2016 us=311975 $CLIENT_PUBLIC_IP$:51308 Expected Remote Options hash (VER=V4): '2dd3fcaf'
Thu Dec 29 20:24:00 2016 us=312069 $CLIENT_PUBLIC_IP$:51308 TLS: Initial packet from [AF_INET]$CLIENT_PUBLIC_IP$:51308, sid=03a14e1e 89496977
Thu Dec 29 20:24:00 2016 us=546734 $CLIENT_PUBLIC_IP$:51308 VERIFY OK: depth=1, C=CA, ST=QC, L=Quebec, O=MikeFilion, OU=MikeFilion, CN=orion.mikefilion.com, name=EasyRSA, emailAddress=mfilion@mikefilion.com
Thu Dec 29 20:24:00 2016 us=547056 $CLIENT_PUBLIC_IP$:51308 VERIFY OK: depth=0, C=CA, ST=QC, L=Quebec, O=MikeFilion, OU=MikeFilion, CN=CLIENT1, name=EasyRSA, emailAddress=mfilion@mikefilion.com
AUTH-PAM: BACKGROUND: received command code: 0
AUTH-PAM: BACKGROUND: USER: mfilion
AUTH-PAM: BACKGROUND: my_conv[0] query='Password: ' style=1
Thu Dec 29 20:24:00 2016 us=660849 $CLIENT_PUBLIC_IP$:51308 PLUGIN_CALL: POST /usr/lib64/openvpn/plugin/lib/openvpn-auth-pam.so/PLUGIN_AUTH_USER_PASS_VERIFY status=0
Thu Dec 29 20:24:00 2016 us=660901 $CLIENT_PUBLIC_IP$:51308 TLS: Username/Password authentication succeeded for username 'mfilion' 
Thu Dec 29 20:24:00 2016 us=661011 $CLIENT_PUBLIC_IP$:51308 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Thu Dec 29 20:24:00 2016 us=661026 $CLIENT_PUBLIC_IP$:51308 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Dec 29 20:24:00 2016 us=661035 $CLIENT_PUBLIC_IP$:51308 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Thu Dec 29 20:24:00 2016 us=661055 $CLIENT_PUBLIC_IP$:51308 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Dec 29 20:24:00 2016 us=743537 $CLIENT_PUBLIC_IP$:51308 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Thu Dec 29 20:24:00 2016 us=743610 $CLIENT_PUBLIC_IP$:51308 [CLIENT1] Peer Connection Initiated with [AF_INET]$CLIENT_PUBLIC_IP$:51308
Thu Dec 29 20:24:00 2016 us=743663 CLIENT1/$CLIENT_PUBLIC_IP$:51308 MULTI_sva: pool returned IPv4=10.8.0.2, IPv6=(Not enabled)
Thu Dec 29 20:24:00 2016 us=743731 CLIENT1/$CLIENT_PUBLIC_IP$:51308 MULTI: Learn: 10.8.0.2 -> CLIENT1/$CLIENT_PUBLIC_IP$:51308
Thu Dec 29 20:24:00 2016 us=743751 CLIENT1/$CLIENT_PUBLIC_IP$:51308 MULTI: primary virtual IP for CLIENT1/$CLIENT_PUBLIC_IP$:51308: 10.8.0.2
Thu Dec 29 20:24:02 2016 us=789576 CLIENT1/$CLIENT_PUBLIC_IP$:51308 PUSH: Received control message: 'PUSH_REQUEST'
Thu Dec 29 20:24:02 2016 us=789638 CLIENT1/$CLIENT_PUBLIC_IP$:51308 send_push_reply(): safe_cap=940
Thu Dec 29 20:24:02 2016 us=789670 CLIENT1/$CLIENT_PUBLIC_IP$:51308 SENT CONTROL [CLIENT1]: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route 10.8.0.1 255.255.255.255,route 10.8.0.0 255.255.255.0,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.8.0.2 255.255.255.0' (status=1)
Thu Dec 29 20:24:03 2016 us=253832 CLIENT1/$CLIENT_PUBLIC_IP$:51308 MULTI: bad source address from client [::], packet dropped
Top
TinCanTech
OpenVPN Protagonist
Posts: 11139
Joined: Fri Jun 03, 2016 1:17 pm

Re: OpenVPN server can't reach clients

Post by TinCanTech » Fri Dec 30, 2016 12:37 pm

viperman1271 wrote:The last part, is I can't seem to figure out how to get the server to be able to ping/access the clients.
This sounds like the client windows firewall
viperman1271 wrote:Currently I can connect to the server with several clients. I am able to ping the server, from all of the clients, and I can ping the clients from one another as well.
Are you absolutely sure of this ?
Top
viperman1271
OpenVpn Newbie
Posts: 3
Joined: Fri Dec 30, 2016 12:53 am

[SOLVED] OpenVPN server can't reach clients

Post by viperman1271 » Fri Dec 30, 2016 7:23 pm

TinCanTech wrote:
viperman1271 wrote:The last part, is I can't seem to figure out how to get the server to be able to ping/access the clients.
This sounds like the client windows firewall
You were 100% correct. I thought I had disabled it correctly, but it appears that I hadn't. I had validated with a second client, an Android client, that it wasn't reachable from the server either. Upon a retry it was working this time around. I must have changed something that finally permitted it to work, testing it only on my windows client. Upon second inspection, and disabling the windows firewall correctly, I was indeed able to reach the client from the server.
TinCanTech wrote:
viperman1271 wrote:Currently I can connect to the server with several clients. I am able to ping the server, from all of the clients, and I can ping the clients from one another as well.
Are you absolutely sure of this ?
I had enabled a virtual host of my Apache server to listen only on 10.8.0.1 to validate that my clients were correctly establishing their connection and the traffic to the OpenVPN server worked as intended. The webpage is indeed reachable, including a test page with some basic information about connected clients (parsed from the open vpn staus log).

Apologies for my noobness and thanks for your help!
Top
Post Reply

Return to “Configuration”