OpenVPN Support Forum

Code: Select all

ovpn-server[9110]: X.X.X.X:42529 TLS: Initial packet from [AF_INET]X.X.X.X:42529, sid=c93dd086 c1f6f25f
ovpn-server[9110]: X.X.X.X:42529 TLS error: The server has no TLS ciphersuites in common with the client. Your --tls-cipher setting might be too restrictive.
ovpn-server[9110]: X.X.X.X:42529 OpenSSL: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher
ovpn-server[9110]: X.X.X.X:42529 TLS_ERROR: BIO read tls_read_plaintext error
ovpn-server[9110]: X.X.X.X:42529 TLS Error: TLS object -> incoming plaintext read error
ovpn-server[9110]: X.X.X.X:42529 TLS Error: TLS handshake failed

Code: Select all

----- OpenVPN Start -----
OpenVPN core 3.2 ios arm64 64-bit PT_PROXY built on Sep  4 2018 09:41:09

Frame=512/2048/512 mssfix-ctrl=1250

UNUSED OPTIONS
4 [resolv-retry] [infinite]
5 [nobind]
6 [user] [nobody]
7 [group] [nogroup]
8 [persist-key]
9 [persist-tun]
11 [tls-cipher] [TLS-DHE-RSA-WITH-AES-256-CBC-SHA]
15 [verb] [3]
18 [auth-nocache]

EVENT: RESOLVE
Contacting [X.X.X.X]:PORT/UDP via UDP
EVENT: WAIT
Connecting to [domain]:PORT (X.X.X.X) via UDPv4
EVENT: CONNECTING
Tunnel Options:V4,dev-type tun,link-mtu 1602,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-client
Creds: StaticChallenge

Peer Info:
IV_GUI_VER=net.openvpn.connect.ios 3.0.1-770
IV_VER=3.2
IV_PLAT=ios
IV_NCP=2
IV_TCPNL=1
IV_PROTO=2
IV_LZO=1
IV_LZO_SWAP=1
IV_LZ4=1
IV_LZ4v2=1
IV_COMP_STUB=1
IV_COMP_STUBv2=1

EVENT: DISCONNECTED

Raw stats on disconnect:
  BYTES_IN : 98
  BYTES_OUT : 6260
  PACKETS_IN : 1
  PACKETS_OUT : 22

Performance stats on disconnect:
  CPU usage (microseconds): 76332
  Network bytes per CPU second: 83294
  Tunnel bytes per CPU second: 0

Code: Select all

----- OpenVPN Start -----
OpenVPN core 3.2 ios arm64 64-bit PT_PROXY built on Sep  4 2018 09:41:09

Frame=512/2048/512 mssfix-ctrl=1250

UNUSED OPTIONS
4 [resolv-retry] [infinite]
5 [nobind]
6 [user] [nobody]
7 [group] [nogroup]
8 [persist-key]
9 [persist-tun]
11 [tls-cipher] [TLS-DHE-RSA-WITH-AES-256-CBC-SHA]
15 [verb] [3]
18 [auth-nocache]

EVENT: RESOLVE
Contacting [X.X.X.X]:PORT/UDP via UDP
EVENT: WAIT
Connecting to [domain]:PORT (X.X.X.X) via UDPv4
EVENT: CONNECTING
Tunnel Options:V4,dev-type tun,link-mtu 1602,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-client
Creds: StaticChallenge
Peer Info:
IV_GUI_VER=net.openvpn.connect.ios 3.0.1-770
IV_VER=3.2
IV_PLAT=ios
IV_LZO=1
IV_LZO_SWAP=1
IV_LZ4=1
IV_COMP_STUB=1

VERIFY OK : depth=1
cert. version    : X
serial number    : XX:XX:XX:XX:XX:XX:XX:XX
issuer name      : C=US, ST=Illinois, L=Chicago, O=Company, OU=DOMAIN, CN=domain.com, ??=Certificate Authority, emailAddress=email
subject name      : C=US, ST=Illinois, L=Chicago, O=Comany, OU=DOMAIN, CN=domain.com, ??=Certificate Authority, emailAddress=email
issued  on        : 2018-06-27 16:51:02
expires on        : 2028-06-24 16:51:02
signed using      : RSA with SHA-256
RSA key size      : 2048 bits
basic constraints : CA=true


VERIFY OK : depth=0
cert. version    : 3
serial number    : 01
issuer name      : C=US, ST=Illinois, L=Chicago, O=Company, OU=DOMAIN, CN=domain.com, ??=DOMAIN Certificate Authority, emailAddress=email
subject name      : C=US, ST=Illinois, L=Chicago, O=Company, OU=DOMAIN, CN=domain.com, ??=DOMAIN Server Cert, emailAddress=email
issued  on        : 2018-06-27 16:51:03
expires on        : 2028-06-24 16:51:03
signed using      : RSA with SHA-256
RSA key size      : 2048 bits
basic constraints : CA=false
subject alt name  : domain.com
cert. type        : SSL Server
key usage        : Digital Signature, Key Encipherment
ext key usage    : TLS Web Server Authentication

SSL Handshake: TLSv1.2/TLS-DHE-RSA-WITH-AES-256-CBC-SHA
Session is ACTIVE
EVENT: GET_CONFIG
Sending PUSH_REQUEST to server...

OPTIONS:
0 [route] [X.X.X.X] [X.X.X.X]
1 [route] [X.X.X.X] [X.X.X.X]
2 [dhcp-option] [DNS] [X.X.X.X]
3 [dhcp-option] [DNS] [X.X.X.X]
4 [dhcp-option] [DNS] [X.X.X.X]
5 [compress] [lz4-v2]
6 [route] [X.X.X.X]
7 [topology] [net30]
8 [ping] [10]
9 [ping-restart] [120]
10 [ifconfig] [X.X.X.X] [X.X.X.X]


PROTOCOL OPTIONS:
  cipher: AES-256-CBC
  digest: SHA512
  compress: LZ4v2
  peer ID: -1

EVENT: ASSIGN_IP
NIP: preparing TUN network settings
NIP: init TUN network settings with endpoint: X.X.X.X
NIP: adding IPv4 address to network settings X.X.X.X/255.255.255.252
NIP: adding (included) IPv4 route X.X.X.X/30
NIP: adding (included) IPv4 route X.X.X.X/16
NIP: adding (included) IPv4 route X.X.X.X/16
NIP: adding (included) IPv4 route X.X.X.X/32
NIP: adding DNS X.X.X.X
NIP: adding DNS X.X.X.X
NIP: adding DNS X.X.X.X
NIP: adding match domain ALL
NIP: adding DNS specific routes:
NIP: adding (included) IPv4 route X.X.X.X/32
NIP: adding (included) IPv4 route X.X.X.X/32
NIP: adding (included) IPv4 route X.X.X.X/32
Connected via NetworkExtensionTUN
LZ4v2 init asym=0
EVENT: CONNECTED username@domain:PORT (X.X.X.X) via /UDPv4 on NetworkExtensionTUN/X.X.X.X/ gw=[/]

Code: Select all

X.X.X.X:46391 TLS: Initial packet from [AF_INET]X.X.X.X:46391, sid=dafac842 38ac4828
X.X.X.X:46391 VERIFY OK: depth=1, C=US, ST=Illinois, L=Chicago, O=Company, OU=DOMAIN, CN=domain.com, name=Certificate Authority, emailAddress=email
X.X.X.X:46391 VERIFY OK: depth=0, C=US, ST=Illinois, L=Chicago, O=Company, OU=DOMAIN, CN=domain, name=DOMAIN Client Cert, emailAddress=email
X.X.X.X:46391 peer info: IV_GUI_VER=net.openvpn.connect.ios_3.0.1-770
X.X.X.X:46391 peer info: IV_VER=3.2
X.X.X.X:46391 peer info: IV_PLAT=ios
X.X.X.X:46391 peer info: IV_LZO=1
X.X.X.X:46391 peer info: IV_LZO_SWAP=1
X.X.X.X:46391 peer info: IV_LZ4=1
X.X.X.X:46391 peer info: IV_COMP_STUB=1
X.X.X.X:46391 PLUGIN_CALL: POST /usr/lib/openvpn/openvpn-auth-ldap.so/PLUGIN_AUTH_USER_PASS_VERIFY status=0
X.X.X.X:46391 PLUGIN_CALL: POST /usr/lib/openvpn/openvpn-otp.so/PLUGIN_AUTH_USER_PASS_VERIFY status=0
X.X.X.X:46391 TLS: Username/Password authentication succeeded for username 'username'
X.X.X.X:46391 Outgoing Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
X.X.X.X:46391 Outgoing Data Channel: Using 512 bit message hash 'SHA512' for HMAC authentication
X.X.X.X:46391 Incoming Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
X.X.X.X:46391 Incoming Data Channel: Using 512 bit message hash 'SHA512' for HMAC authentication
X.X.X.X:46391 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
X.X.X.X:46391 [domain] Peer Connection Initiated with [AF_INET]X.X.X.X:46391
domain/X.X.X.X:46391 MULTI_sva: pool returned IPv4=X.X.X.X, IPv6=(Not enabled)
domain/X.X.X.X:46391 PLUGIN_CALL: POST /usr/lib/openvpn/openvpn-auth-ldap.so/PLUGIN_CLIENT_CONNECT status=0
domain/X.X.X.X:46391 OPTIONS IMPORT: reading client specific options from: /tmp/openvpn_cc_7d8594863b0dec8f3ffcd46312862a90.tmp
domain/X.X.X.X:46391 MULTI: Learn: X.X.X.X -> domain/X.X.X.X:46391
domain/X.X.X.X:46391 MULTI: primary virtual IP for domain/X.X.X.X:46391: X.X.X.X
domain/X.X.X.X:46391 PUSH: Received control message: 'PUSH_REQUEST'
domain/X.X.X.X:46391 SENT CONTROL [domain]: 'PUSH_REPLY,route X.X.X.X 255.255.0.0,route X.X.X.X 255.255.0.0,dhcp-option DNS X.X.X.X,dhcp-option DNS X.X.X.X,dhcp-option DNS X.X.X.X,compress lz4-v2,route X.X.X.X,topology net30,ping 10,ping-restart 120,ifconfig X.X.X.X X.X.X.X' (status=1)
domain/X.X.X.X:46391 SIGTERM[soft,remote-exit] received, client-instance exiting
PLUGIN_CALL: POST /usr/lib/openvpn/openvpn-auth-ldap.so/PLUGIN_CLIENT_DISCONNECT status=0
MANAGEMENT: Client connected from [AF_INET]X.X.X.X:PORT

Code: Select all

tls-cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA256