Openvpn and tls stunnel

This forum is for general conversation and user-user networking.
Post Reply
Perico
OpenVpn Newbie
Posts: 1
Joined: Wed Jun 12, 2019 7:58 pm

Openvpn and tls stunnel

Post by Perico » Wed Jun 12, 2019 8:32 pm

Hi everybody,

I am trying to set up openvpn and stunnel. I know the stunnel is working, however my installation of openvpn has problems to connect

Platform: ubuntu18 server and cliient debian8.

Here some logs and confs:

stunnel server:

Code: Select all

cert = /etc/stunnel/stunnel.pem
pid = /var/run/stunnel.pid
; It's recommended to switch process ownership if started as root. 
; But make sure you have these:
;setuid = nobody 
;setgid = nogroup
output = /var/log/stunnel
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1

[openvpn]
client = no
accept=A.B.C.D:443
connect=localhost:9999
;Use the below with a CA to harden against MiTM attacks
;verify=3 
stunnel client

Code: Select all

;cert = /etc/stunnel/stunnel.pem
client = yes
; Wise to do this if you start stunnel as root. Be sure the user and group actually exist!
;setuid = nobody 
;setgid = nogroup
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1

[openvpn]
client = yes
accept = localhost:9999
connect = A.B.C.D:443
; Only use the below verification option if your pem includes a CA certificate
;verify=3
openvpn server:

Code: Select all

local 127.0.0.1 
port 9999 
tls-server
proto tcp 
dev tun 

ca /etc/openvpn2/easy-rsa/keys/ca.crt
cert /etc/openvpn2/easy-rsa/keys/server.crt
key /etc/openvpn2/easy-rsa/keys/server.key  # This file should be kept secret
dh /etc/openvpn2/easy-rsa/keys/dh4096.pem
tls-auth /etc/openvpn2/easy-rsa/keys/ta.key 0 # This file is secret

txqueuelen 1000
mtu-disc yes
comp-lzo no
push "comp-lzo no"
keepalive 10 120
persist-key
persist-tun
status /tmp/openvpn-status.log
verb 6
server 10.11.12.0 255.255.255.0
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
max-clients 1024
user ovpn 
group vpn
openvpn client

Code: Select all

client
dev tun
proto tcp
remote localhost 9999
resolv-retry infinite
script-security 2
nobind
persist-key
persist-tun
user nobody
group nogroup
tls-client
tls-auth ta.key 1
comp-lzo
verb 3
#then the embedded certificates:
ca
cert
key
tls-auth 
openvpn client log:

Code: Select all

Wed Jun 12 20:30:58 2019 OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 19 2019
Wed Jun 12 20:30:58 2019 library versions: OpenSSL 1.0.2r  26 Feb 2019, LZO 2.08
Wed Jun 12 20:30:58 2019 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Wed Jun 12 20:30:58 2019 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Jun 12 20:30:58 2019 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Jun 12 20:30:58 2019 TCP/UDP: Preserving recently used remote address: [AF_INET6]::1:9999
Wed Jun 12 20:30:58 2019 Socket Buffers: R=[87380->87380] S=[16384->16384]
Wed Jun 12 20:30:58 2019 Attempting to establish TCP connection with [AF_INET6]::1:9999 [nonblock]
Wed Jun 12 20:30:58 2019 TCP connection established with [AF_INET6]::1:9999
Wed Jun 12 20:30:58 2019 TCP_CLIENT link local: (not bound)
Wed Jun 12 20:30:58 2019 TCP_CLIENT link remote: [AF_INET6]::1:9999
Wed Jun 12 20:30:58 2019 NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
Wed Jun 12 20:30:58 2019 TLS: Initial packet from [AF_INET6]::1:9999, sid=15420ad0 9a8e967d
Wed Jun 12 20:30:58 2019 VERIFY OK: depth=1, C=UK, ST=SY, L=Sheffield, O=ABC, OU=MyOrganizationalUnit, CN=ABC CA, name=ClientKey, emailAddress=me@myhost.mydomain
Wed Jun 12 20:30:58 2019 VERIFY OK: depth=0, C=UK, ST=SY, L=Sheffield, O=ABC, OU=MyOrganizationalUnit, CN=ClientKey, name=ClientKey, emailAddress=me@myhost.mydomain
Wed Jun 12 20:30:58 2019 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Wed Jun 12 20:30:58 2019 [ClientKey] Peer Connection Initiated with [AF_INET6]::1:9999
Wed Jun 12 20:30:59 2019 SENT CONTROL [ClientKey]: 'PUSH_REQUEST' (status=1)
Wed Jun 12 20:30:59 2019 PUSH: Received control message: 'PUSH_REPLY,comp-lzo no,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 208.67.222.222,dhcp-option DNS 208.67.220.220,route 10.11.12.1,topology net30,ping 10,ping-restart 120,ifconfig 10.11.12.6 10.11.12.5,peer-id 0,cipher AES-256-GCM'
Wed Jun 12 20:30:59 2019 OPTIONS IMPORT: timers and/or timeouts modified
Wed Jun 12 20:30:59 2019 OPTIONS IMPORT: compression parms modified
Wed Jun 12 20:30:59 2019 OPTIONS IMPORT: --ifconfig/up options modified
Wed Jun 12 20:30:59 2019 OPTIONS IMPORT: route options modified
Wed Jun 12 20:30:59 2019 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Wed Jun 12 20:30:59 2019 OPTIONS IMPORT: peer-id set
Wed Jun 12 20:30:59 2019 OPTIONS IMPORT: adjusting link_mtu to 1627
Wed Jun 12 20:30:59 2019 OPTIONS IMPORT: data channel crypto options modified
Wed Jun 12 20:30:59 2019 Data Channel: using negotiated cipher 'AES-256-GCM'
Wed Jun 12 20:30:59 2019 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Wed Jun 12 20:30:59 2019 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Wed Jun 12 20:30:59 2019 ROUTE_GATEWAY 192.168.0.1/255.255.255.0 IFACE=wlan0 HWADDR=a4:34:d9:53:ff:1b
Wed Jun 12 20:30:59 2019 TUN/TAP device tun0 opened
Wed Jun 12 20:30:59 2019 TUN/TAP TX queue length set to 100
Wed Jun 12 20:30:59 2019 /sbin/ip link set dev tun0 up mtu 1500
Wed Jun 12 20:30:59 2019 /sbin/ip addr add dev tun0 local 10.11.12.6 peer 10.11.12.5
Wed Jun 12 20:30:59 2019 ROUTE remote_host protocol differs from tunneled
Wed Jun 12 20:30:59 2019 /sbin/ip route add 0.0.0.0/1 via 10.11.12.5
Wed Jun 12 20:30:59 2019 /sbin/ip route add 128.0.0.0/1 via 10.11.12.5
Wed Jun 12 20:30:59 2019 /sbin/ip route add 10.11.12.1/32 via 10.11.12.5
Wed Jun 12 20:30:59 2019 GID set to nogroup
Wed Jun 12 20:30:59 2019 UID set to nobody
Wed Jun 12 20:30:59 2019 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Wed Jun 12 20:30:59 2019 Initialization Sequence Completed
Wed Jun 12 20:32:59 2019 [ClientKey] Inactivity timeout (--ping-restart), restarting
Wed Jun 12 20:32:59 2019 SIGUSR1[soft,ping-restart] received, process restarting
Wed Jun 12 20:32:59 2019 Restart pause, 5 second(s)
Wed Jun 12 20:33:04 2019 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Wed Jun 12 20:33:04 2019 TCP/UDP: Preserving recently used remote address: [AF_INET6]::1:9999
Wed Jun 12 20:33:04 2019 Socket Buffers: R=[87380->87380] S=[16384->16384]
Wed Jun 12 20:33:04 2019 Attempting to establish TCP connection with [AF_INET6]::1:9999 [nonblock]
Wed Jun 12 20:33:04 2019 TCP connection established with [AF_INET6]::1:9999
Wed Jun 12 20:33:04 2019 TCP_CLIENT link local: (not bound)
Wed Jun 12 20:33:04 2019 TCP_CLIENT link remote: [AF_INET6]::1:9999
Wed Jun 12 20:33:14 2019 Connection reset, restarting [-1]
Wed Jun 12 20:33:14 2019 SIGUSR1[soft,connection-reset] received, process restarting
Wed Jun 12 20:33:14 2019 Restart pause, 5 second(s)
Wed Jun 12 20:33:19 2019 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Wed Jun 12 20:33:19 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]127.0.0.1:9999
Wed Jun 12 20:33:19 2019 Socket Buffers: R=[87380->87380] S=[16384->16384]
Wed Jun 12 20:33:19 2019 Attempting to establish TCP connection with [AF_INET]127.0.0.1:9999 [nonblock]
Wed Jun 12 20:33:19 2019 TCP connection established with [AF_INET]127.0.0.1:9999
Wed Jun 12 20:33:19 2019 TCP_CLIENT link local: (not bound)
Wed Jun 12 20:33:19 2019 TCP_CLIENT link remote: [AF_INET]127.0.0.1:9999
Wed Jun 12 20:33:29 2019 Connection reset, restarting [-1]
Wed Jun 12 20:33:29 2019 SIGUSR1[soft,connection-reset] received, process restarting
Wed Jun 12 20:33:29 2019 Restart pause, 5 second(s)
Wed Jun 12 20:33:34 2019 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Wed Jun 12 20:33:34 2019 TCP/UDP: Preserving recently used remote address: [AF_INET6]::1:9999
Wed Jun 12 20:33:34 2019 Socket Buffers: R=[87380->87380] S=[16384->16384]
Wed Jun 12 20:33:34 2019 Attempting to establish TCP connection with [AF_INET6]::1:9999 [nonblock]
Wed Jun 12 20:33:34 2019 TCP connection established with [AF_INET6]::1:9999
Wed Jun 12 20:33:34 2019 TCP_CLIENT link local: (not bound)
Wed Jun 12 20:33:34 2019 TCP_CLIENT link remote: [AF_INET6]::1:9999
Wed Jun 12 20:33:44 2019 Connection reset, restarting [-1]
Wed Jun 12 20:33:44 2019 SIGUSR1[soft,connection-reset] received, process restarting
Wed Jun 12 20:33:44 2019 Restart pause, 5 second(s)
Wed Jun 12 20:33:49 2019 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Wed Jun 12 20:33:49 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]127.0.0.1:9999
Wed Jun 12 20:33:49 2019 Socket Buffers: R=[87380->87380] S=[16384->16384]
Wed Jun 12 20:33:49 2019 Attempting to establish TCP connection with [AF_INET]127.0.0.1:9999 [nonblock]
Wed Jun 12 20:33:49 2019 TCP connection established with [AF_INET]127.0.0.1:9999
Wed Jun 12 20:33:49 2019 TCP_CLIENT link local: (not bound)
Wed Jun 12 20:33:49 2019 TCP_CLIENT link remote: [AF_INET]127.0.0.1:9999
Wed Jun 12 20:33:59 2019 Connection reset, restarting [-1]
Wed Jun 12 20:33:59 2019 SIGUSR1[soft,connection-reset] received, process restarting
Wed Jun 12 20:33:59 2019 Restart pause, 5 second(s)
Wed Jun 12 20:34:04 2019 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Wed Jun 12 20:34:04 2019 TCP/UDP: Preserving recently used remote address: [AF_INET6]::1:9999
Wed Jun 12 20:34:04 2019 Socket Buffers: R=[87380->87380] S=[16384->16384]
Wed Jun 12 20:34:04 2019 Attempting to establish TCP connection with [AF_INET6]::1:9999 [nonblock]
Wed Jun 12 20:34:04 2019 TCP connection established with [AF_INET6]::1:9999
Wed Jun 12 20:34:04 2019 TCP_CLIENT link local: (not bound)
Wed Jun 12 20:34:04 2019 TCP_CLIENT link remote: [AF_INET6]::1:9999
Wed Jun 12 20:34:14 2019 Connection reset, restarting [-1]
Wed Jun 12 20:34:14 2019 SIGUSR1[soft,connection-reset] received, process restarting
Wed Jun 12 20:34:14 2019 Restart pause, 5 second(s)
Wed Jun 12 20:34:19 2019 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Wed Jun 12 20:34:19 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]127.0.0.1:9999
Wed Jun 12 20:34:19 2019 Socket Buffers: R=[87380->87380] S=[16384->16384]
Wed Jun 12 20:34:19 2019 Attempting to establish TCP connection with [AF_INET]127.0.0.1:9999 [nonblock]
Wed Jun 12 20:34:19 2019 TCP connection established with [AF_INET]127.0.0.1:9999
Wed Jun 12 20:34:19 2019 TCP_CLIENT link local: (not bound)
Wed Jun 12 20:34:19 2019 TCP_CLIENT link remote: [AF_INET]127.0.0.1:9999
Wed Jun 12 20:34:29 2019 Connection reset, restarting [-1]
Wed Jun 12 20:34:29 2019 SIGUSR1[soft,connection-reset] received, process restarting
Wed Jun 12 20:34:29 2019 Restart pause, 5 second(s)
Wed Jun 12 20:34:34 2019 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Wed Jun 12 20:34:34 2019 TCP/UDP: Preserving recently used remote address: [AF_INET6]::1:9999
Wed Jun 12 20:34:34 2019 Socket Buffers: R=[87380->87380] S=[16384->16384]
Wed Jun 12 20:34:34 2019 Attempting to establish TCP connection with [AF_INET6]::1:9999 [nonblock]
Wed Jun 12 20:34:34 2019 TCP connection established with [AF_INET6]::1:9999
Wed Jun 12 20:34:34 2019 TCP_CLIENT link local: (not bound)
Wed Jun 12 20:34:34 2019 TCP_CLIENT link remote: [AF_INET6]::1:9999
Wed Jun 12 20:34:44 2019 Connection reset, restarting [-1]
Wed Jun 12 20:34:44 2019 SIGUSR1[soft,connection-reset] received, process restarting
Wed Jun 12 20:34:44 2019 Restart pause, 5 second(s)
Wed Jun 12 20:34:49 2019 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Wed Jun 12 20:34:49 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]127.0.0.1:9999
Wed Jun 12 20:34:49 2019 Socket Buffers: R=[87380->87380] S=[16384->16384]
Wed Jun 12 20:34:49 2019 Attempting to establish TCP connection with [AF_INET]127.0.0.1:9999 [nonblock]
Wed Jun 12 20:34:49 2019 TCP connection established with [AF_INET]127.0.0.1:9999
Wed Jun 12 20:34:49 2019 TCP_CLIENT link local: (not bound)
Wed Jun 12 20:34:49 2019 TCP_CLIENT link remote: [AF_INET]127.0.0.1:9999
Wed Jun 12 20:34:59 2019 Connection reset, restarting [-1]
Wed Jun 12 20:34:59 2019 SIGUSR1[soft,connection-reset] received, process restarting
Wed Jun 12 20:34:59 2019 Restart pause, 5 second(s)
Wed Jun 12 20:35:04 2019 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Wed Jun 12 20:35:04 2019 TCP/UDP: Preserving recently used remote address: [AF_INET6]::1:9999
Wed Jun 12 20:35:04 2019 Socket Buffers: R=[87380->87380] S=[16384->16384]
Wed Jun 12 20:35:04 2019 Attempting to establish TCP connection with [AF_INET6]::1:9999 [nonblock]
Wed Jun 12 20:35:04 2019 TCP connection established with [AF_INET6]::1:9999
Wed Jun 12 20:35:04 2019 TCP_CLIENT link local: (not bound)
Wed Jun 12 20:35:04 2019 TCP_CLIENT link remote: [AF_INET6]::1:9999
Wed Jun 12 20:35:14 2019 Connection reset, restarting [-1]
Wed Jun 12 20:35:14 2019 SIGUSR1[soft,connection-reset] received, process restarting
Wed Jun 12 20:35:14 2019 Restart pause, 5 second(s)
Wed Jun 12 20:35:19 2019 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Wed Jun 12 20:35:19 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]127.0.0.1:9999
Wed Jun 12 20:35:19 2019 Socket Buffers: R=[87380->87380] S=[16384->16384]
Wed Jun 12 20:35:19 2019 Attempting to establish TCP connection with [AF_INET]127.0.0.1:9999 [nonblock]
Wed Jun 12 20:35:19 2019 TCP connection established with [AF_INET]127.0.0.1:9999
Wed Jun 12 20:35:19 2019 TCP_CLIENT link local: (not bound)
Wed Jun 12 20:35:19 2019 TCP_CLIENT link remote: [AF_INET]127.0.0.1:9999
Wed Jun 12 20:35:29 2019 Connection reset, restarting [-1]
Wed Jun 12 20:35:29 2019 SIGUSR1[soft,connection-reset] received, process restarting
Wed Jun 12 20:35:29 2019 Restart pause, 5 second(s)
Wed Jun 12 20:35:34 2019 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Wed Jun 12 20:35:34 2019 TCP/UDP: Preserving recently used remote address: [AF_INET6]::1:9999
Wed Jun 12 20:35:34 2019 Socket Buffers: R=[87380->87380] S=[16384->16384]
Wed Jun 12 20:35:34 2019 Attempting to establish TCP connection with [AF_INET6]::1:9999 [nonblock]
Wed Jun 12 20:35:34 2019 TCP connection established with [AF_INET6]::1:9999
Wed Jun 12 20:35:34 2019 TCP_CLIENT link local: (not bound)
Wed Jun 12 20:35:34 2019 TCP_CLIENT link remote: [AF_INET6]::1:9999
openvpn server log

Code: Select all

Wed Jun 12 20:30:30 2019 us=154481 Current Parameter Settings:
Wed Jun 12 20:30:30 2019 us=154599   config = '/etc/openvpn2/pericoServer.conf'
Wed Jun 12 20:30:30 2019 us=154633   mode = 1
Wed Jun 12 20:30:30 2019 us=154651   persist_config = DISABLED
Wed Jun 12 20:30:30 2019 us=154668   persist_mode = 1
Wed Jun 12 20:30:30 2019 us=154684   show_ciphers = DISABLED
Wed Jun 12 20:30:30 2019 us=154700   show_digests = DISABLED
Wed Jun 12 20:30:30 2019 us=154715   show_engines = DISABLED
Wed Jun 12 20:30:30 2019 us=154731   genkey = DISABLED
Wed Jun 12 20:30:30 2019 us=154747   key_pass_file = '[UNDEF]'
Wed Jun 12 20:30:30 2019 us=154762   show_tls_ciphers = DISABLED
Wed Jun 12 20:30:30 2019 us=154780   connect_retry_max = 0
Wed Jun 12 20:30:30 2019 us=154812 Connection profiles [0]:
Wed Jun 12 20:30:30 2019 us=154836   proto = tcp-server
Wed Jun 12 20:30:30 2019 us=154852   local = '127.0.0.1'
Wed Jun 12 20:30:30 2019 us=154868   local_port = '9999'
Wed Jun 12 20:30:30 2019 us=154883   remote = '[UNDEF]'
Wed Jun 12 20:30:30 2019 us=154899   remote_port = '9999'
Wed Jun 12 20:30:30 2019 us=154914   remote_float = DISABLED
Wed Jun 12 20:30:30 2019 us=154929   bind_defined = DISABLED
Wed Jun 12 20:30:30 2019 us=154944   bind_local = ENABLED
Wed Jun 12 20:30:30 2019 us=154959   bind_ipv6_only = DISABLED
Wed Jun 12 20:30:30 2019 us=154975   connect_retry_seconds = 5
Wed Jun 12 20:30:30 2019 us=154990   connect_timeout = 120
Wed Jun 12 20:30:30 2019 us=155006   socks_proxy_server = '[UNDEF]'
Wed Jun 12 20:30:30 2019 us=155021   socks_proxy_port = '[UNDEF]'
Wed Jun 12 20:30:30 2019 us=155036   tun_mtu = 1500
Wed Jun 12 20:30:30 2019 us=155055   tun_mtu_defined = ENABLED
Wed Jun 12 20:30:30 2019 us=155086   link_mtu = 1500
Wed Jun 12 20:30:30 2019 us=155107   link_mtu_defined = DISABLED
Wed Jun 12 20:30:30 2019 us=155122   tun_mtu_extra = 0
Wed Jun 12 20:30:30 2019 us=155138   tun_mtu_extra_defined = DISABLED
Wed Jun 12 20:30:30 2019 us=155153   mtu_discover_type = 2
Wed Jun 12 20:30:30 2019 us=155169   fragment = 0
Wed Jun 12 20:30:30 2019 us=155184   mssfix = 1450
Wed Jun 12 20:30:30 2019 us=155199   explicit_exit_notification = 0
Wed Jun 12 20:30:30 2019 us=155215 Connection profiles END
Wed Jun 12 20:30:30 2019 us=155230   remote_random = DISABLED
Wed Jun 12 20:30:30 2019 us=155245   ipchange = '[UNDEF]'
Wed Jun 12 20:30:30 2019 us=155261   dev = 'tun'
Wed Jun 12 20:30:30 2019 us=155276   dev_type = '[UNDEF]'
Wed Jun 12 20:30:30 2019 us=155291   dev_node = '[UNDEF]'
Wed Jun 12 20:30:30 2019 us=155307   lladdr = '[UNDEF]'
Wed Jun 12 20:30:30 2019 us=155329   topology = 1
Wed Jun 12 20:30:30 2019 us=155359   ifconfig_local = '10.11.12.1'
Wed Jun 12 20:30:30 2019 us=155378   ifconfig_remote_netmask = '10.11.12.2'
Wed Jun 12 20:30:30 2019 us=155394   ifconfig_noexec = DISABLED
Wed Jun 12 20:30:30 2019 us=155409   ifconfig_nowarn = DISABLED
Wed Jun 12 20:30:30 2019 us=155425   ifconfig_ipv6_local = '[UNDEF]'
Wed Jun 12 20:30:30 2019 us=155440   ifconfig_ipv6_netbits = 0
Wed Jun 12 20:30:30 2019 us=155455   ifconfig_ipv6_remote = '[UNDEF]'
Wed Jun 12 20:30:30 2019 us=155471   shaper = 0
Wed Jun 12 20:30:30 2019 us=155487   mtu_test = 0
Wed Jun 12 20:30:30 2019 us=155502   mlock = DISABLED
Wed Jun 12 20:30:30 2019 us=155518   keepalive_ping = 10
Wed Jun 12 20:30:30 2019 us=155533   keepalive_timeout = 120
Wed Jun 12 20:30:30 2019 us=155548   inactivity_timeout = 0
Wed Jun 12 20:30:30 2019 us=155564   ping_send_timeout = 10
Wed Jun 12 20:30:30 2019 us=155579   ping_rec_timeout = 240
Wed Jun 12 20:30:30 2019 us=155606   ping_rec_timeout_action = 2
Wed Jun 12 20:30:30 2019 us=155643   ping_timer_remote = DISABLED
Wed Jun 12 20:30:30 2019 us=155659   remap_sigusr1 = 0
Wed Jun 12 20:30:30 2019 us=155675   persist_tun = ENABLED
Wed Jun 12 20:30:30 2019 us=155690   persist_local_ip = DISABLED
Wed Jun 12 20:30:30 2019 us=155706   persist_remote_ip = DISABLED
Wed Jun 12 20:30:30 2019 us=155721   persist_key = ENABLED
Wed Jun 12 20:30:30 2019 us=155736   passtos = DISABLED
Wed Jun 12 20:30:30 2019 us=155753   resolve_retry_seconds = 1000000000
Wed Jun 12 20:30:30 2019 us=155768   resolve_in_advance = DISABLED
Wed Jun 12 20:30:30 2019 us=155792   username = 'ovpn'
Wed Jun 12 20:30:30 2019 us=155809   groupname = 'vpn'
Wed Jun 12 20:30:30 2019 us=155825   chroot_dir = '[UNDEF]'
Wed Jun 12 20:30:30 2019 us=155841   cd_dir = '[UNDEF]'
Wed Jun 12 20:30:30 2019 us=155857   writepid = '[UNDEF]'
Wed Jun 12 20:30:30 2019 us=155872   up_script = '[UNDEF]'
Wed Jun 12 20:30:30 2019 us=155888   down_script = '[UNDEF]'
Wed Jun 12 20:30:30 2019 us=155904   down_pre = DISABLED
Wed Jun 12 20:30:30 2019 us=155919   up_restart = DISABLED
Wed Jun 12 20:30:30 2019 us=155935   up_delay = DISABLED
Wed Jun 12 20:30:30 2019 us=155951   daemon = DISABLED
Wed Jun 12 20:30:30 2019 us=155967   inetd = 0
Wed Jun 12 20:30:30 2019 us=155988   log = DISABLED
Wed Jun 12 20:30:30 2019 us=156032   suppress_timestamps = DISABLED
Wed Jun 12 20:30:30 2019 us=156055   machine_readable_output = DISABLED
Wed Jun 12 20:30:30 2019 us=156074   nice = 0
Wed Jun 12 20:30:30 2019 us=156106   verbosity = 6
Wed Jun 12 20:30:30 2019 us=156129   mute = 0
Wed Jun 12 20:30:30 2019 us=156144   gremlin = 0
Wed Jun 12 20:30:30 2019 us=156160   status_file = '/tmp/openvpn-status.log'
Wed Jun 12 20:30:30 2019 us=156175   status_file_version = 1
Wed Jun 12 20:30:30 2019 us=156191   status_file_update_freq = 60
Wed Jun 12 20:30:30 2019 us=156206   occ = ENABLED
Wed Jun 12 20:30:30 2019 us=156221   rcvbuf = 0
Wed Jun 12 20:30:30 2019 us=156237   sndbuf = 0
Wed Jun 12 20:30:30 2019 us=156252   mark = 0
Wed Jun 12 20:30:30 2019 us=156267   sockflags = 0
Wed Jun 12 20:30:30 2019 us=156283   fast_io = DISABLED
Wed Jun 12 20:30:30 2019 us=156298   comp.alg = 1
Wed Jun 12 20:30:30 2019 us=156314   comp.flags = 0
Wed Jun 12 20:30:30 2019 us=156329   route_script = '[UNDEF]'
Wed Jun 12 20:30:30 2019 us=156350   route_default_gateway = '[UNDEF]'
Wed Jun 12 20:30:30 2019 us=156381   route_default_metric = 0
Wed Jun 12 20:30:30 2019 us=156401   route_noexec = DISABLED
Wed Jun 12 20:30:30 2019 us=156417   route_delay = 0
Wed Jun 12 20:30:30 2019 us=156433   route_delay_window = 30
Wed Jun 12 20:30:30 2019 us=156448   route_delay_defined = DISABLED
Wed Jun 12 20:30:30 2019 us=156463   route_nopull = DISABLED
Wed Jun 12 20:30:30 2019 us=156479   route_gateway_via_dhcp = DISABLED
Wed Jun 12 20:30:30 2019 us=156494   allow_pull_fqdn = DISABLED
Wed Jun 12 20:30:30 2019 us=156510   route 10.11.12.0/255.255.255.0/default (not set)/default (not set)
Wed Jun 12 20:30:30 2019 us=156526   management_addr = '[UNDEF]'
Wed Jun 12 20:30:30 2019 us=156542   management_port = '[UNDEF]'
Wed Jun 12 20:30:30 2019 us=156557   management_user_pass = '[UNDEF]'
Wed Jun 12 20:30:30 2019 us=156573   management_log_history_cache = 250
Wed Jun 12 20:30:30 2019 us=156588   management_echo_buffer_size = 100
Wed Jun 12 20:30:30 2019 us=156604   management_write_peer_info_file = '[UNDEF]'
Wed Jun 12 20:30:30 2019 us=156644   management_client_user = '[UNDEF]'
Wed Jun 12 20:30:30 2019 us=156667   management_client_group = '[UNDEF]'
Wed Jun 12 20:30:30 2019 us=156683   management_flags = 0
Wed Jun 12 20:30:30 2019 us=156699   shared_secret_file = '[UNDEF]'
Wed Jun 12 20:30:30 2019 us=156714   key_direction = 1
Wed Jun 12 20:30:30 2019 us=156730   ciphername = 'BF-CBC'
Wed Jun 12 20:30:30 2019 us=156745   ncp_enabled = ENABLED
Wed Jun 12 20:30:30 2019 us=156761   ncp_ciphers = 'AES-256-GCM:AES-128-GCM'
Wed Jun 12 20:30:30 2019 us=156776   authname = 'SHA1'
Wed Jun 12 20:30:30 2019 us=156792   prng_hash = 'SHA1'
Wed Jun 12 20:30:30 2019 us=156808   prng_nonce_secret_len = 16
Wed Jun 12 20:30:30 2019 us=156824   keysize = 0
Wed Jun 12 20:30:30 2019 us=156839   engine = DISABLED
Wed Jun 12 20:30:30 2019 us=156855   replay = ENABLED
Wed Jun 12 20:30:30 2019 us=156870   mute_replay_warnings = DISABLED
Wed Jun 12 20:30:30 2019 us=156886   replay_window = 64
Wed Jun 12 20:30:30 2019 us=156902   replay_time = 15
Wed Jun 12 20:30:30 2019 us=156917   packet_id_file = '[UNDEF]'
Wed Jun 12 20:30:30 2019 us=156933   use_iv = ENABLED
Wed Jun 12 20:30:30 2019 us=156948   test_crypto = DISABLED
Wed Jun 12 20:30:30 2019 us=156973   tls_server = ENABLED
Wed Jun 12 20:30:30 2019 us=156990   tls_client = DISABLED
Wed Jun 12 20:30:30 2019 us=157006   key_method = 2
Wed Jun 12 20:30:30 2019 us=157022   ca_file = '/etc/openvpn2/easy-rsa/keys/ca.crt'
Wed Jun 12 20:30:30 2019 us=157038   ca_path = '[UNDEF]'
Wed Jun 12 20:30:30 2019 us=157054   dh_file = '/etc/openvpn2/easy-rsa/keys/dh4096.pem'
Wed Jun 12 20:30:30 2019 us=157070   cert_file = '/etc/openvpn2/easy-rsa/keys/ServerKey.crt'
Wed Jun 12 20:30:30 2019 us=157086   extra_certs_file = '[UNDEF]'
Wed Jun 12 20:30:30 2019 us=157112   priv_key_file = '/etc/openvpn2/easy-rsa/keys/ServerKey.key'
Wed Jun 12 20:30:30 2019 us=157142   pkcs12_file = '[UNDEF]'
Wed Jun 12 20:30:30 2019 us=157160   cipher_list = '[UNDEF]'
Wed Jun 12 20:30:30 2019 us=157176   tls_verify = '[UNDEF]'
Wed Jun 12 20:30:30 2019 us=157192   tls_export_cert = '[UNDEF]'
Wed Jun 12 20:30:30 2019 us=157208   verify_x509_type = 0
Wed Jun 12 20:30:30 2019 us=157223   verify_x509_name = '[UNDEF]'
Wed Jun 12 20:30:30 2019 us=157239   crl_file = '[UNDEF]'
Wed Jun 12 20:30:30 2019 us=157254   ns_cert_type = 0
Wed Jun 12 20:30:30 2019 us=157270   remote_cert_ku[i] = 0
Wed Jun 12 20:30:30 2019 us=157286   remote_cert_ku[i] = 0
Wed Jun 12 20:30:30 2019 us=157301   remote_cert_ku[i] = 0
Wed Jun 12 20:30:30 2019 us=157317   remote_cert_ku[i] = 0
Wed Jun 12 20:30:30 2019 us=157544   remote_cert_eku = '[UNDEF]'
Wed Jun 12 20:30:30 2019 us=157560   ssl_flags = 0
Wed Jun 12 20:30:30 2019 us=157576   tls_timeout = 2
Wed Jun 12 20:30:30 2019 us=157591   renegotiate_bytes = -1
Wed Jun 12 20:30:30 2019 us=157607   renegotiate_packets = 0
Wed Jun 12 20:30:30 2019 us=157634   renegotiate_seconds = 3600
Wed Jun 12 20:30:30 2019 us=157667   handshake_window = 60
Wed Jun 12 20:30:30 2019 us=157689   transition_window = 3600
Wed Jun 12 20:30:30 2019 us=157705   single_session = DISABLED
Wed Jun 12 20:30:30 2019 us=157720   push_peer_info = DISABLED
Wed Jun 12 20:30:30 2019 us=157736   tls_exit = DISABLED
Wed Jun 12 20:30:30 2019 us=157752   tls_auth_file = '/etc/openvpn2/easy-rsa/keys/ta.key'
Wed Jun 12 20:30:30 2019 us=157768   tls_crypt_file = '[UNDEF]'
Wed Jun 12 20:30:30 2019 us=157783   pkcs11_protected_authentication = DISABLED
Wed Jun 12 20:30:30 2019 us=157799   pkcs11_protected_authentication = DISABLED
Wed Jun 12 20:30:30 2019 us=158576   pkcs11_cert_private = DISABLED
Wed Jun 12 20:30:30 2019 us=158592   pkcs11_pin_cache_period = -1
Wed Jun 12 20:30:30 2019 us=158608   pkcs11_id = '[UNDEF]'
Wed Jun 12 20:30:30 2019 us=158633   pkcs11_id_management = DISABLED
Wed Jun 12 20:30:30 2019 us=158650   server_network = 10.11.12.0
Wed Jun 12 20:30:30 2019 us=158680   server_netmask = 255.255.255.0
Wed Jun 12 20:30:30 2019 us=158708   server_network_ipv6 = ::
Wed Jun 12 20:30:30 2019 us=158726   server_netbits_ipv6 = 0
Wed Jun 12 20:30:30 2019 us=158742   server_bridge_ip = 0.0.0.0
Wed Jun 12 20:30:30 2019 us=158758   server_bridge_netmask = 0.0.0.0
Wed Jun 12 20:30:30 2019 us=158775   server_bridge_pool_start = 0.0.0.0
Wed Jun 12 20:30:30 2019 us=158791   server_bridge_pool_end = 0.0.0.0
Wed Jun 12 20:30:30 2019 us=158806   push_entry = 'comp-lzo no'
Wed Jun 12 20:30:30 2019 us=158822   push_entry = 'redirect-gateway def1 bypass-dhcp'
Wed Jun 12 20:30:30 2019 us=158837   push_entry = 'dhcp-option DNS 208.67.222.222'
Wed Jun 12 20:30:30 2019 us=158852   push_entry = 'dhcp-option DNS 208.67.220.220'
Wed Jun 12 20:30:30 2019 us=158868   push_entry = 'route 10.11.12.1'
Wed Jun 12 20:30:30 2019 us=158883   push_entry = 'topology net30'
Wed Jun 12 20:30:30 2019 us=158898   push_entry = 'ping 10'
Wed Jun 12 20:30:30 2019 us=158914   push_entry = 'ping-restart 120'
Wed Jun 12 20:30:30 2019 us=158929   ifconfig_pool_defined = ENABLED
Wed Jun 12 20:30:30 2019 us=158945   ifconfig_pool_start = 10.11.12.4
Wed Jun 12 20:30:30 2019 us=158962   ifconfig_pool_end = 10.11.12.251
Wed Jun 12 20:30:30 2019 us=158978   ifconfig_pool_netmask = 0.0.0.0
Wed Jun 12 20:30:30 2019 us=158993   ifconfig_pool_persist_filename = '[UNDEF]'
Wed Jun 12 20:30:30 2019 us=159009   ifconfig_pool_persist_refresh_freq = 600
Wed Jun 12 20:30:30 2019 us=159024   ifconfig_ipv6_pool_defined = DISABLED
Wed Jun 12 20:30:30 2019 us=159040   ifconfig_ipv6_pool_base = ::
Wed Jun 12 20:30:30 2019 us=159065   ifconfig_ipv6_pool_netbits = 0
Wed Jun 12 20:30:30 2019 us=159082   n_bcast_buf = 256
Wed Jun 12 20:30:30 2019 us=159082   n_bcast_buf = 256
Wed Jun 12 20:30:30 2019 us=159098   tcp_queue_limit = 64
Wed Jun 12 20:30:30 2019 us=159114   real_hash_size = 256
Wed Jun 12 20:30:30 2019 us=159130   virtual_hash_size = 256
Wed Jun 12 20:30:30 2019 us=159151   client_connect_script = '[UNDEF]'
Wed Jun 12 20:30:30 2019 us=159183   learn_address_script = '[UNDEF]'
Wed Jun 12 20:30:30 2019 us=159203   client_disconnect_script = '[UNDEF]'
Wed Jun 12 20:30:30 2019 us=159219   client_config_dir = '[UNDEF]'
Wed Jun 12 20:30:30 2019 us=159234   ccd_exclusive = DISABLED
Wed Jun 12 20:30:30 2019 us=159250   tmp_dir = '/tmp'
Wed Jun 12 20:30:30 2019 us=159265   push_ifconfig_defined = DISABLED
Wed Jun 12 20:30:30 2019 us=159281   push_ifconfig_local = 0.0.0.0
Wed Jun 12 20:30:30 2019 us=159308   push_ifconfig_remote_netmask = 0.0.0.0
Wed Jun 12 20:30:30 2019 us=159326   push_ifconfig_ipv6_defined = DISABLED
Wed Jun 12 20:30:30 2019 us=159343   push_ifconfig_ipv6_local = ::/0
Wed Jun 12 20:30:30 2019 us=159359   push_ifconfig_ipv6_remote = ::
Wed Jun 12 20:30:30 2019 us=159375   enable_c2c = DISABLED
Wed Jun 12 20:30:30 2019 us=159391   duplicate_cn = DISABLED
Wed Jun 12 20:30:30 2019 us=159407   cf_max = 0
Wed Jun 12 20:30:30 2019 us=159435   cf_per = 0
Wed Jun 12 20:30:30 2019 us=159464   max_clients = 1024
Wed Jun 12 20:30:30 2019 us=159481   max_routes_per_client = 256
Wed Jun 12 20:30:30 2019 us=159496   auth_user_pass_verify_script = '[UNDEF]'
Wed Jun 12 20:30:30 2019 us=159512   auth_user_pass_verify_script_via_file = DISABLED
Wed Jun 12 20:30:30 2019 us=159527   auth_token_generate = DISABLED
Wed Jun 12 20:30:30 2019 us=159542   auth_token_lifetime = 0
Wed Jun 12 20:30:30 2019 us=159558   port_share_host = '[UNDEF]'
Wed Jun 12 20:30:30 2019 us=159573   port_share_port = '[UNDEF]'
Wed Jun 12 20:30:30 2019 us=159589   client = DISABLED
Wed Jun 12 20:30:30 2019 us=159605   pull = DISABLED
Wed Jun 12 20:30:30 2019 us=159630   auth_user_pass_file = '[UNDEF]'
Wed Jun 12 20:30:30 2019 us=159648 OpenVPN 2.4.4 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jan  9 2019
Wed Jun 12 20:30:30 2019 us=159672 library versions: OpenSSL 1.1.0g  2 Nov 2017, LZO 2.08
Wed Jun 12 20:30:30 2019 us=160333 Diffie-Hellman initialized with 4096 bit key
Wed Jun 12 20:30:30 2019 us=160993 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Jun 12 20:30:30 2019 us=161022 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Jun 12 20:30:30 2019 us=161045 TLS-Auth MTU parms [ L:1624 D:1182 EF:68 EB:0 ET:0 EL:3 ]
Wed Jun 12 20:30:30 2019 us=161156 ROUTE_GATEWAY 212.67.221.254/255.255.255.0 IFACE=ens3 HWADDR=52:54:00:98:b7:7a
Wed Jun 12 20:30:30 2019 us=162334 TUN/TAP device tun0 opened
Wed Jun 12 20:30:30 2019 us=162610 TUN/TAP TX queue length set to 1000
Wed Jun 12 20:30:30 2019 us=162678 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Wed Jun 12 20:30:30 2019 us=162723 /sbin/ip link set dev tun0 up mtu 1500
Wed Jun 12 20:30:30 2019 us=168112 /sbin/ip addr add dev tun0 local 10.11.12.1 peer 10.11.12.2
Wed Jun 12 20:30:30 2019 us=170116 /sbin/ip route add 10.11.12.0/24 via 10.11.12.2
Wed Jun 12 20:30:30 2019 us=171652 Data Channel MTU parms [ L:1624 D:1450 EF:124 EB:406 ET:0 EL:3 ]
Wed Jun 12 20:30:30 2019 us=172436 Could not determine IPv4/IPv6 protocol. Using AF_INET
Wed Jun 12 20:30:30 2019 us=172497 Socket Buffers: R=[87380->87380] S=[16384->16384]
Wed Jun 12 20:30:30 2019 us=172531 Listening for incoming TCP connection on [AF_INET]127.0.0.1:9999
Wed Jun 12 20:30:30 2019 us=172562 TCPv4_SERVER link local (bound): [AF_INET]127.0.0.1:9999
Wed Jun 12 20:30:30 2019 us=172582 TCPv4_SERVER link remote: [AF_UNSPEC]
Wed Jun 12 20:30:30 2019 us=172609 GID set to vpn
Wed Jun 12 20:30:30 2019 us=172637 UID set to ovpn
Wed Jun 12 20:30:30 2019 us=172669 MULTI: multi_init called, r=256 v=256
Wed Jun 12 20:30:30 2019 us=172723 IFCONFIG POOL: base=10.11.12.4 size=62, ipv6=0
Wed Jun 12 20:30:30 2019 us=172785 MULTI: TCP INIT maxclients=1024 maxevents=1028
Wed Jun 12 20:30:30 2019 us=172836 Initialization Sequence Completed
Wed Jun 12 20:30:58 2019 us=312792 MULTI: multi_create_instance called
Wed Jun 12 20:30:58 2019 us=312930 Re-using SSL/TLS context
Wed Jun 12 20:30:58 2019 us=313184 Control Channel MTU parms [ L:1624 D:1182 EF:68 EB:0 ET:0 EL:3 ]
Wed Jun 12 20:30:58 2019 us=313233 Data Channel MTU parms [ L:1624 D:1450 EF:124 EB:406 ET:0 EL:3 ]
Wed Jun 12 20:30:58 2019 us=313301 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,keydir 0,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server'
Wed Jun 12 20:30:58 2019 us=313324 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,keydir 1,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client'
Wed Jun 12 20:30:58 2019 us=313368 TCP connection established with [AF_INET]127.0.0.1:56630
Wed Jun 12 20:30:58 2019 us=313395 TCPv4_SERVER link local: (not bound)
Wed Jun 12 20:30:58 2019 us=313418 TCPv4_SERVER link remote: [AF_INET]127.0.0.1:56630
Wed Jun 12 20:30:58 2019 us=335960 127.0.0.1:56630 TCPv4_SERVER READ [42] from [AF_INET]127.0.0.1:56630: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #1 ] [ ] pid=0 DATA len=0
Wed Jun 12 20:30:58 2019 us=336032 127.0.0.1:56630 TLS: Initial packet from [AF_INET]127.0.0.1:56630, sid=021d5081 b5f8d8fc
Wed Jun 12 20:30:58 2019 us=336107 127.0.0.1:56630 TCPv4_SERVER WRITE [54] to [AF_INET]127.0.0.1:56630: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 pid=[ #1 ] [ 0 ] pid=0 DATA len=0
Wed Jun 12 20:30:58 2019 us=365665 127.0.0.1:56630 TCPv4_SERVER READ [50] from [AF_INET]127.0.0.1:56630: P_ACK_V1 kid=0 pid=[ #2 ] [ 0 ]
Wed Jun 12 20:30:58 2019 us=365778 127.0.0.1:56630 TCPv4_SERVER READ [215] from [AF_INET]127.0.0.1:56630: P_CONTROL_V1 kid=0 pid=[ #3 ] [ ] pid=1 DATA len=173
Wed Jun 12 20:30:58 2019 us=369088 127.0.0.1:56630 TCPv4_SERVER WRITE [1168] to [AF_INET]127.0.0.1:56630: P_CONTROL_V1 kid=0 pid=[ #2 ] [ 1 ] pid=1 DATA len=1114
Wed Jun 12 20:30:58 2019 us=369198 127.0.0.1:56630 TCPv4_SERVER WRITE [1156] to [AF_INET]127.0.0.1:56630: P_CONTROL_V1 kid=0 pid=[ #3 ] [ ] pid=2 DATA len=1114
Wed Jun 12 20:30:58 2019 us=369275 127.0.0.1:56630 TCPv4_SERVER WRITE [1067] to [AF_INET]127.0.0.1:56630: P_CONTROL_V1 kid=0 pid=[ #4 ] [ ] pid=3 DATA len=1025
Wed Jun 12 20:30:58 2019 us=407455 127.0.0.1:56630 TCPv4_SERVER READ [50] from [AF_INET]127.0.0.1:56630: P_ACK_V1 kid=0 pid=[ #4 ] [ 1 ]
Wed Jun 12 20:30:58 2019 us=433371 127.0.0.1:56630 TCPv4_SERVER READ [50] from [AF_INET]127.0.0.1:56630: P_ACK_V1 kid=0 pid=[ #5 ] [ 2 ]
Wed Jun 12 20:30:58 2019 us=484819 127.0.0.1:56630 TCPv4_SERVER READ [1168] from [AF_INET]127.0.0.1:56630: P_CONTROL_V1 kid=0 pid=[ #6 ] [ 3 ] pid=2 DATA len=1114
Wed Jun 12 20:30:58 2019 us=485169 127.0.0.1:56630 TCPv4_SERVER READ [818] from [AF_INET]127.0.0.1:56630: P_CONTROL_V1 kid=0 pid=[ #8 ] 
[ ] pid=4 DATA len=776
Wed Jun 12 20:30:58 2019 us=485664 127.0.0.1:56630 VERIFY OK: depth=1, C=UK, ST=SY, L=Sheffield, O=ABC, OU=MyOrganizationalUnit, CN=ABC 
CA, name=ServerKey, emailAddress=me@myhost.mydomain
Wed Jun 12 20:30:58 2019 us=485911 127.0.0.1:56630 VERIFY OK: depth=0, C=UK, ST=SY, L=Sheffield, O=ABC, OU=MyOrganizationalUnit, CN=Serv
erClient, name=ServerKey, emailAddress=me@myhost.mydomain
Wed Jun 12 20:30:58 2019 us=486571 127.0.0.1:56630 TCPv4_SERVER WRITE [105] to [AF_INET]127.0.0.1:56630: P_CONTROL_V1 kid=0 pid=[ #7 ] [
 4 ] pid=4 DATA len=51
Wed Jun 12 20:30:58 2019 us=563769 127.0.0.1:56630 TCPv4_SERVER READ [477] from [AF_INET]127.0.0.1:56630: P_CONTROL_V1 kid=0 pid=[ #9 ] 
[ 4 ] pid=5 DATA len=423
Wed Jun 12 20:30:58 2019 us=563940 127.0.0.1:56630 peer info: IV_VER=2.4.7
Wed Jun 12 20:30:58 2019 us=563972 127.0.0.1:56630 peer info: IV_PLAT=linux
Wed Jun 12 20:30:58 2019 us=563990 127.0.0.1:56630 peer info: IV_PROTO=2
Wed Jun 12 20:30:58 2019 us=564043 127.0.0.1:56630 peer info: IV_NCP=2
Wed Jun 12 20:30:58 2019 us=564063 127.0.0.1:56630 peer info: IV_LZ4=1
Wed Jun 12 20:30:58 2019 us=564080 127.0.0.1:56630 peer info: IV_LZ4v2=1
Wed Jun 12 20:30:58 2019 us=564097 127.0.0.1:56630 peer info: IV_LZO=1
Wed Jun 12 20:30:58 2019 us=564114 127.0.0.1:56630 peer info: IV_COMP_STUB=1
Wed Jun 12 20:30:58 2019 us=564131 127.0.0.1:56630 peer info: IV_COMP_STUBv2=1
Wed Jun 12 20:30:58 2019 us=564148 127.0.0.1:56630 peer info: IV_TCPNL=1
Wed Jun 12 20:30:58 2019 us=564254 127.0.0.1:56630 TCPv4_SERVER WRITE [309] to [AF_INET]127.0.0.1:56630: P_CONTROL_V1 kid=0 pid=[ #8 ] [ 5 ] pid=5 DATA len=255
Wed Jun 12 20:30:58 2019 us=589374 127.0.0.1:56630 TCPv4_SERVER READ [50] from [AF_INET]127.0.0.1:56630: P_ACK_V1 kid=0 pid=[ #10 ] [ 5 ]
Wed Jun 12 20:30:58 2019 us=589434 127.0.0.1:56630 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Wed Jun 12 20:30:58 2019 us=589480 127.0.0.1:56630 [ServerClient] Peer Connection Initiated with [AF_INET]127.0.0.1:56630
Wed Jun 12 20:30:58 2019 us=589518 ServerClient/127.0.0.1:56630 MULTI_sva: pool returned IPv4=10.11.12.6, IPv6=(Not enabled)
Wed Jun 12 20:30:58 2019 us=589574 ServerClient/127.0.0.1:56630 MULTI: Learn: 10.11.12.6 -> ServerClient/127.0.0.1:56630
Wed Jun 12 20:30:58 2019 us=589594 ServerClient/127.0.0.1:56630 MULTI: primary virtual IP for ServerClient/127.0.0.1:56630: 10.11.12.6
Wed Jun 12 20:30:59 2019 us=711348 ServerClient/127.0.0.1:56630 TCPv4_SERVER READ [84] from [AF_INET]127.0.0.1:56630: P_CONTROL_V1 kid=0 pid=[ #11 ] [ ] pid=6 DATA len=42
Wed Jun 12 20:30:59 2019 us=711503 ServerClient/127.0.0.1:56630 PUSH: Received control message: 'PUSH_REQUEST'
Wed Jun 12 20:30:59 2019 us=711577 ServerClient/127.0.0.1:56630 SENT CONTROL [ServerClient]: 'PUSH_REPLY,comp-lzo no,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 208.67.222.222,dhcp-option DNS 208.67.220.220,route 10.11.12.1,topology net30,ping 10,ping-restart 120,ifconfig 10.11.12.6 10.11.12.5,peer-id 0,cipher AES-256-GCM' (status=1)
Wed Jun 12 20:30:59 2019 us=711604 ServerClient/127.0.0.1:56630 Data Channel: using negotiated cipher 'AES-256-GCM'
Wed Jun 12 20:30:59 2019 us=711639 ServerClient/127.0.0.1:56630 Data Channel MTU parms [ L:1552 D:1450 EF:52 EB:406 ET:0 EL:3 ]
Wed Jun 12 20:30:59 2019 us=711747 ServerClient/127.0.0.1:56630 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Wed Jun 12 20:30:59 2019 us=711775 ServerClient/127.0.0.1:56630 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Wed Jun 12 20:30:59 2019 us=711819 ServerClient/127.0.0.1:56630 TCPv4_SERVER WRITE [50] to [AF_INET]127.0.0.1:56630: P_ACK_V1 kid=0 pid=[ #9 ] [ 6 ]
Wed Jun 12 20:30:59 2019 us=711923 ServerClient/127.0.0.1:56630 TCPv4_SERVER WRITE [307] to [AF_INET]127.0.0.1:56630: P_CONTROL_V1 kid=0 pid=[ #10 ] [ ] pid=6 DATA len=265
Wed Jun 12 20:31:01 2019 us=840403 ServerClient/127.0.0.1:56630 TCPv4_SERVER WRITE [307] to [AF_INET]127.0.0.1:56630: P_CONTROL_V1 kid=0 pid=[ #11 ] [ ] pid=6 DATA len=265
Wed Jun 12 20:31:05 2019 us=907940 ServerClient/127.0.0.1:56630 TCPv4_SERVER WRITE [307] to [AF_INET]127.0.0.1:56630: P_CONTROL_V1 kid=0 pid=[ #12 ] [ ] pid=6 DATA len=265
Wed Jun 12 20:31:14 2019 us=18296 ServerClient/127.0.0.1:56630 TCPv4_SERVER WRITE [307] to [AF_INET]127.0.0.1:56630: P_CONTROL_V1 kid=0 pid=[ #13 ] [ ] pid=6 DATA len=265
Wed Jun 12 20:31:24 2019 us=113068 ServerClient/127.0.0.1:56630 TCPv4_SERVER WRITE [38] to [AF_INET]127.0.0.1:56630: P_DATA_V1 kid=0 DATA len=37
Wed Jun 12 20:31:30 2019 us=290889 ServerClient/127.0.0.1:56630 TCPv4_SERVER WRITE [307] to [AF_INET]127.0.0.1:56630: P_CONTROL_V1 kid=0 pid=[ #14 ] [ ] pid=6 DATA len=265
Wed Jun 12 20:31:32 2019 us=352263 ServerClient/127.0.0.1:56630 TCPv4_SERVER WRITE [70] to [AF_INET]127.0.0.1:56630: P_DATA_V1 kid=0 DATA len=69
Wed Jun 12 20:31:42 2019 us=598042 ServerClient/127.0.0.1:56630 TCPv4_SERVER WRITE [38] to [AF_INET]127.0.0.1:56630: P_DATA_V1 kid=0 DATA len=37
Wed Jun 12 20:31:52 2019 us=839805 ServerClient/127.0.0.1:56630 TCPv4_SERVER WRITE [38] to [AF_INET]127.0.0.1:56630: P_DATA_V1 kid=0 DATA len=37
finally the iptables

Code: Select all

iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
iptables -t nat -F
iptables -t mangle -F
iptables -F
iptables -X

# IP FORWARDING
iptables -A FORWARD -i ifext -o tun0 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -s 10.11.12.0/22 -o ifext -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.11.12.0/22 -o ifext -j MASQUERADE

# GLOBAL DoS ANTI 
iptables -A INPUT -p icmp -m limit --limit 2/second --limit-burst 2 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -m limit --limit 80/minute --limit-burst 100 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -m limit --limit 80/minute --limit-burst 100 -j ACCEPT

iptables -A INPUT -s 10.11.12.0/22 -d 10.11.12.0/22 -p tcp --destination-port 22 -j DROP
iptables -A INPUT -s 10.11.12.0/22 -d 10.11.12.0/22 -p tcp --destination-port 80 -j DROP
# If you want SMTP over the VPN, uncomment the below
#iptables -A INPUT -s 10.11.12.0/22 -d 10.11.12.0/22 -p tcp --destination-port 25 -j ACCEPT
iptables -A INPUT -s 10.11.12.0/22 -d 10.11.12.0/22 -p tcp --destination-port 53 -j ACCEPT

iptables -A INPUT -p tcp --destination-port 53 -j DROP 
iptables -A INPUT -p tcp --destination-port 25 -j DROP 

dpkg-reconfigure iptables-persistent

sysctl -p

I would appreciate if somebody can put me in the right track.

Many thanks in advance

Perico

fhcd
OpenVpn Newbie
Posts: 3
Joined: Sun Jun 16, 2019 7:25 pm

Re: Openvpn and tls stunnel

Post by fhcd » Sun Jun 16, 2019 7:26 pm

Is this Android? Could be a routing loop on the client.

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 5728
Joined: Fri Jun 03, 2016 1:17 pm

Re: Openvpn and tls stunnel

Post by TinCanTech » Sun Jun 16, 2019 10:00 pm

fhcd wrote:
Sun Jun 16, 2019 7:26 pm
Is this Android?
Perico wrote:
Wed Jun 12, 2019 8:32 pm
Platform: ubuntu18 server and cliient debian8
:lol:
Perico wrote:
Wed Jun 12, 2019 8:32 pm
I know the stunnel is working
How do you know ?

Post Reply