tls-crypt unwrap error: packet too short

Need help configuring your VPN? Just post here and you'll get that help.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: tls-crypt unwrap error: packet too short

Post by TinCanTech » Sat Nov 09, 2019 4:47 pm

Once again .. you have not provided the requested information.

MrMoore
OpenVpn Newbie
Posts: 12
Joined: Fri Nov 01, 2019 8:16 pm

Re: tls-crypt unwrap error: packet too short

Post by MrMoore » Sat Nov 09, 2019 5:59 pm

TinCanTech wrote:
Sat Nov 09, 2019 4:47 pm
Once again .. you have not provided the requested information.
Please let me know what’s missing!

Many thanks,

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: tls-crypt unwrap error: packet too short

Post by TinCanTech » Sat Nov 09, 2019 11:53 pm

Your complete logs and the openvpn versions .. as per the link.

crash_desn
OpenVpn Newbie
Posts: 3
Joined: Fri Jan 24, 2020 9:22 pm

Re: tls-crypt unwrap error: packet too short

Post by crash_desn » Fri Jan 24, 2020 9:25 pm

Hi, have you resolved the issue?

crash_desn
OpenVpn Newbie
Posts: 3
Joined: Fri Jan 24, 2020 9:22 pm

Re: tls-crypt unwrap error: packet too short

Post by crash_desn » Fri Jan 24, 2020 9:55 pm

I think I have same issue, will post my problem here.

I'm using

Code: Select all

Linux raspberrypi 4.19.93-v7l+ #1290 SMP Fri Jan 10 16:45:11 GMT 2020 armv7l GNU/Linux
and

Code: Select all

OpenVPN 2.4.7 arm-unknown-linux-gnueabihf
as a server.

Client - macOS Mojave 10.14.6 and OpenVPN Connect 2.7.1.100.

server.conf
port 1194
proto udp
dev tun
user nobody
group nogroup
persist-key
persist-tun
keepalive 10 120
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
push "redirect-gateway def1 bypass-dhcp"
dh none
tls-crypt tls-crypt.key 0
crl-verify crl.pem
ca ca.crt
cert server_yKHPawPNrilHNN01.crt
key server_yKHPawPNrilHNN01.key
auth SHA256
cipher AES-128-GCM
ncp-ciphers AES-128-GCM
tls-server
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
status /var/log/openvpn/status.log
verb 4
ecdh-curve prime256v1
log /var/log/openvpn/log.log

client1.ovpn

client
remote 192.168.35.11 1194
dev tun
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
verify-x509-name server_yKHPawPNrilHNN01 name
auth SHA256
auth-nocache
cipher AES-128-GCM
tls-client
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
setenv opt block-outside-dns
verb 4
proto udp
<ca>
-----BEGIN CERTIFICATE-----
***
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
***
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
***
-----END PRIVATE KEY-----
</key>
<tls-crypt>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
***
-----END OpenVPN Static key V1-----
</tls-crypt>

server.log

Fri Jan 24 21:31:57 2020 us=76757 Current Parameter Settings:
Fri Jan 24 21:31:57 2020 us=77083 config = '/etc/openvpn/server.conf'
Fri Jan 24 21:31:57 2020 us=77143 mode = 1
Fri Jan 24 21:31:57 2020 us=77196 persist_config = DISABLED
Fri Jan 24 21:31:57 2020 us=77247 persist_mode = 1
Fri Jan 24 21:31:57 2020 us=77297 show_ciphers = DISABLED
Fri Jan 24 21:31:57 2020 us=77346 show_digests = DISABLED
Fri Jan 24 21:31:57 2020 us=77396 show_engines = DISABLED
Fri Jan 24 21:31:57 2020 us=77444 genkey = DISABLED
Fri Jan 24 21:31:57 2020 us=77493 key_pass_file = '[UNDEF]'
Fri Jan 24 21:31:57 2020 us=77541 show_tls_ciphers = DISABLED
Fri Jan 24 21:31:57 2020 us=77589 connect_retry_max = 0
Fri Jan 24 21:31:57 2020 us=77638 Connection profiles [0]:
Fri Jan 24 21:31:57 2020 us=77687 proto = udp
Fri Jan 24 21:31:57 2020 us=77733 local = '[UNDEF]'
Fri Jan 24 21:31:57 2020 us=77779 local_port = '1194'
Fri Jan 24 21:31:57 2020 us=77824 remote = '[UNDEF]'
Fri Jan 24 21:31:57 2020 us=77870 remote_port = '1194'
Fri Jan 24 21:31:57 2020 us=77916 remote_float = DISABLED
Fri Jan 24 21:31:57 2020 us=77961 bind_defined = DISABLED
Fri Jan 24 21:31:57 2020 us=78007 bind_local = ENABLED
Fri Jan 24 21:31:57 2020 us=78052 bind_ipv6_only = DISABLED
Fri Jan 24 21:31:57 2020 us=78098 connect_retry_seconds = 5
Fri Jan 24 21:31:57 2020 us=78143 connect_timeout = 120
Fri Jan 24 21:31:57 2020 us=78189 socks_proxy_server = '[UNDEF]'
Fri Jan 24 21:31:57 2020 us=78235 socks_proxy_port = '[UNDEF]'
Fri Jan 24 21:31:57 2020 us=78280 tun_mtu = 1500
Fri Jan 24 21:31:57 2020 us=78325 tun_mtu_defined = ENABLED
Fri Jan 24 21:31:57 2020 us=78371 link_mtu = 1500
Fri Jan 24 21:31:57 2020 us=78417 link_mtu_defined = DISABLED
Fri Jan 24 21:31:57 2020 us=78462 tun_mtu_extra = 0
Fri Jan 24 21:31:57 2020 us=78508 tun_mtu_extra_defined = DISABLED
Fri Jan 24 21:31:57 2020 us=78554 mtu_discover_type = -1
Fri Jan 24 21:31:57 2020 us=78599 fragment = 0
Fri Jan 24 21:31:57 2020 us=78644 mssfix = 1450
Fri Jan 24 21:31:57 2020 us=78690 explicit_exit_notification = 0
Fri Jan 24 21:31:57 2020 us=78739 Connection profiles END
Fri Jan 24 21:31:57 2020 us=78840 remote_random = DISABLED
Fri Jan 24 21:31:57 2020 us=78891 ipchange = '[UNDEF]'
Fri Jan 24 21:31:57 2020 us=78939 dev = 'tun'
Fri Jan 24 21:31:57 2020 us=78987 dev_type = '[UNDEF]'
Fri Jan 24 21:31:57 2020 us=79036 dev_node = '[UNDEF]'
Fri Jan 24 21:31:57 2020 us=79084 lladdr = '[UNDEF]'
Fri Jan 24 21:31:57 2020 us=79133 topology = 3
Fri Jan 24 21:31:57 2020 us=79181 ifconfig_local = '10.8.0.1'
Fri Jan 24 21:31:57 2020 us=79230 ifconfig_remote_netmask = '255.255.255.0'
Fri Jan 24 21:31:57 2020 us=79278 ifconfig_noexec = DISABLED
Fri Jan 24 21:31:57 2020 us=79325 ifconfig_nowarn = DISABLED
Fri Jan 24 21:31:57 2020 us=79374 ifconfig_ipv6_local = '[UNDEF]'
Fri Jan 24 21:31:57 2020 us=79423 ifconfig_ipv6_netbits = 0
Fri Jan 24 21:31:57 2020 us=79471 ifconfig_ipv6_remote = '[UNDEF]'
Fri Jan 24 21:31:57 2020 us=79519 shaper = 0
Fri Jan 24 21:31:57 2020 us=79567 mtu_test = 0
Fri Jan 24 21:31:57 2020 us=79615 mlock = DISABLED
Fri Jan 24 21:31:57 2020 us=79664 keepalive_ping = 10
Fri Jan 24 21:31:57 2020 us=79712 keepalive_timeout = 120
Fri Jan 24 21:31:57 2020 us=79760 inactivity_timeout = 0
Fri Jan 24 21:31:57 2020 us=79808 ping_send_timeout = 10
Fri Jan 24 21:31:57 2020 us=79856 ping_rec_timeout = 240
Fri Jan 24 21:31:57 2020 us=79904 ping_rec_timeout_action = 2
Fri Jan 24 21:31:57 2020 us=79952 ping_timer_remote = DISABLED
Fri Jan 24 21:31:57 2020 us=80000 remap_sigusr1 = 0
Fri Jan 24 21:31:57 2020 us=80048 persist_tun = ENABLED
Fri Jan 24 21:31:57 2020 us=80096 persist_local_ip = DISABLED
Fri Jan 24 21:31:57 2020 us=80144 persist_remote_ip = DISABLED
Fri Jan 24 21:31:57 2020 us=80191 persist_key = ENABLED
Fri Jan 24 21:31:57 2020 us=80240 passtos = DISABLED
Fri Jan 24 21:31:57 2020 us=80288 resolve_retry_seconds = 1000000000
Fri Jan 24 21:31:57 2020 us=80336 resolve_in_advance = DISABLED
Fri Jan 24 21:31:57 2020 us=80384 username = 'nobody'
Fri Jan 24 21:31:57 2020 us=80517 groupname = 'nogroup'
Fri Jan 24 21:31:57 2020 us=80571 chroot_dir = '[UNDEF]'
Fri Jan 24 21:31:57 2020 us=80620 cd_dir = '/etc/openvpn'
Fri Jan 24 21:31:57 2020 us=80668 writepid = '/run/openvpn/server.pid'
Fri Jan 24 21:31:57 2020 us=80717 up_script = '[UNDEF]'
Fri Jan 24 21:31:57 2020 us=80766 down_script = '[UNDEF]'
Fri Jan 24 21:31:57 2020 us=80814 down_pre = DISABLED
Fri Jan 24 21:31:57 2020 us=80863 up_restart = DISABLED
Fri Jan 24 21:31:57 2020 us=80911 up_delay = DISABLED
Fri Jan 24 21:31:57 2020 us=80959 daemon = ENABLED
Fri Jan 24 21:31:57 2020 us=81007 inetd = 0
Fri Jan 24 21:31:57 2020 us=81055 log = ENABLED
Fri Jan 24 21:31:57 2020 us=81104 suppress_timestamps = DISABLED
Fri Jan 24 21:31:57 2020 us=81152 machine_readable_output = DISABLED
Fri Jan 24 21:31:57 2020 us=81201 nice = 0
Fri Jan 24 21:31:57 2020 us=81249 verbosity = 4
Fri Jan 24 21:31:57 2020 us=81297 mute = 0
Fri Jan 24 21:31:57 2020 us=81345 gremlin = 0
Fri Jan 24 21:31:57 2020 us=81394 status_file = '/var/log/openvpn/status.log'
Fri Jan 24 21:31:57 2020 us=81443 status_file_version = 1
Fri Jan 24 21:31:57 2020 us=81491 status_file_update_freq = 10
Fri Jan 24 21:31:57 2020 us=81539 occ = ENABLED
Fri Jan 24 21:31:57 2020 us=81587 rcvbuf = 0
Fri Jan 24 21:31:57 2020 us=81635 sndbuf = 0
Fri Jan 24 21:31:57 2020 us=81683 mark = 0
Fri Jan 24 21:31:57 2020 us=81731 sockflags = 0
Fri Jan 24 21:31:57 2020 us=81779 fast_io = DISABLED
Fri Jan 24 21:31:57 2020 us=81828 comp.alg = 0
Fri Jan 24 21:31:57 2020 us=81876 comp.flags = 0
Fri Jan 24 21:31:57 2020 us=81924 route_script = '[UNDEF]'
Fri Jan 24 21:31:57 2020 us=81973 route_default_gateway = '10.8.0.2'
Fri Jan 24 21:31:57 2020 us=82022 route_default_metric = 0
Fri Jan 24 21:31:57 2020 us=82070 route_noexec = DISABLED
Fri Jan 24 21:31:57 2020 us=82119 route_delay = 0
Fri Jan 24 21:31:57 2020 us=82167 route_delay_window = 30
Fri Jan 24 21:31:57 2020 us=82216 route_delay_defined = DISABLED
Fri Jan 24 21:31:57 2020 us=82264 route_nopull = DISABLED
Fri Jan 24 21:31:57 2020 us=82313 route_gateway_via_dhcp = DISABLED
Fri Jan 24 21:31:57 2020 us=82362 allow_pull_fqdn = DISABLED
Fri Jan 24 21:31:57 2020 us=82410 management_addr = '[UNDEF]'
Fri Jan 24 21:31:57 2020 us=82460 management_port = '[UNDEF]'
Fri Jan 24 21:31:57 2020 us=82508 management_user_pass = '[UNDEF]'
Fri Jan 24 21:31:57 2020 us=82559 management_log_history_cache = 250
Fri Jan 24 21:31:57 2020 us=82608 management_echo_buffer_size = 100
Fri Jan 24 21:31:57 2020 us=82657 management_write_peer_info_file = '[UNDEF]'
Fri Jan 24 21:31:57 2020 us=82707 management_client_user = '[UNDEF]'
Fri Jan 24 21:31:57 2020 us=82756 management_client_group = '[UNDEF]'
Fri Jan 24 21:31:57 2020 us=82805 management_flags = 0
Fri Jan 24 21:31:57 2020 us=82854 shared_secret_file = '[UNDEF]'
Fri Jan 24 21:31:57 2020 us=82903 key_direction = not set
Fri Jan 24 21:31:57 2020 us=82953 ciphername = 'AES-128-GCM'
Fri Jan 24 21:31:57 2020 us=83001 ncp_enabled = ENABLED
Fri Jan 24 21:31:57 2020 us=83050 ncp_ciphers = 'AES-128-GCM'
Fri Jan 24 21:31:57 2020 us=83099 authname = 'SHA256'
Fri Jan 24 21:31:57 2020 us=83147 prng_hash = 'SHA1'
Fri Jan 24 21:31:57 2020 us=83195 prng_nonce_secret_len = 16
Fri Jan 24 21:31:57 2020 us=83244 keysize = 0
Fri Jan 24 21:31:57 2020 us=83293 engine = DISABLED
Fri Jan 24 21:31:57 2020 us=83341 replay = ENABLED
Fri Jan 24 21:31:57 2020 us=83390 mute_replay_warnings = DISABLED
Fri Jan 24 21:31:57 2020 us=83439 replay_window = 64
Fri Jan 24 21:31:57 2020 us=83487 replay_time = 15
Fri Jan 24 21:31:57 2020 us=83536 packet_id_file = '[UNDEF]'
Fri Jan 24 21:31:57 2020 us=83584 use_iv = ENABLED
Fri Jan 24 21:31:57 2020 us=83633 test_crypto = DISABLED
Fri Jan 24 21:31:57 2020 us=83682 tls_server = ENABLED
Fri Jan 24 21:31:57 2020 us=83730 tls_client = DISABLED
Fri Jan 24 21:31:57 2020 us=83779 key_method = 2
Fri Jan 24 21:31:57 2020 us=83828 ca_file = 'ca.crt'
Fri Jan 24 21:31:57 2020 us=83906 ca_path = '[UNDEF]'
Fri Jan 24 21:31:57 2020 us=83956 dh_file = '[UNDEF]'
Fri Jan 24 21:31:57 2020 us=84006 cert_file = 'server_yKHPawPNrilHNN01.crt'
Fri Jan 24 21:31:57 2020 us=84055 extra_certs_file = '[UNDEF]'
Fri Jan 24 21:31:57 2020 us=84104 priv_key_file = 'server_yKHPawPNrilHNN01.key'
Fri Jan 24 21:31:57 2020 us=84153 pkcs12_file = '[UNDEF]'
Fri Jan 24 21:31:57 2020 us=84203 cipher_list = 'TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256'
Fri Jan 24 21:31:57 2020 us=84251 cipher_list_tls13 = '[UNDEF]'
Fri Jan 24 21:31:57 2020 us=84299 tls_cert_profile = '[UNDEF]'
Fri Jan 24 21:31:57 2020 us=84348 tls_verify = '[UNDEF]'
Fri Jan 24 21:31:57 2020 us=84396 tls_export_cert = '[UNDEF]'
Fri Jan 24 21:31:57 2020 us=84445 verify_x509_type = 0
Fri Jan 24 21:31:57 2020 us=84492 verify_x509_name = '[UNDEF]'
Fri Jan 24 21:31:57 2020 us=84541 crl_file = 'crl.pem'
Fri Jan 24 21:31:57 2020 us=84590 ns_cert_type = 0
Fri Jan 24 21:31:57 2020 us=84639 remote_cert_ku = 0
Fri Jan 24 21:31:57 2020 us=84687 remote_cert_ku = 0
Fri Jan 24 21:31:57 2020 us=84734 remote_cert_ku = 0
Fri Jan 24 21:31:57 2020 us=84782 remote_cert_ku = 0
Fri Jan 24 21:31:57 2020 us=84829 remote_cert_ku = 0
Fri Jan 24 21:31:57 2020 us=84877 remote_cert_ku = 0
Fri Jan 24 21:31:57 2020 us=84925 remote_cert_ku = 0
Fri Jan 24 21:31:57 2020 us=84973 remote_cert_ku = 0
Fri Jan 24 21:31:57 2020 us=85021 remote_cert_ku = 0
Fri Jan 24 21:31:57 2020 us=85069 remote_cert_ku = 0
Fri Jan 24 21:31:57 2020 us=85117 remote_cert_ku[i] = 0
Fri Jan 24 21:31:57 2020 us=85165 remote_cert_ku[i] = 0
Fri Jan 24 21:31:57 2020 us=85213 remote_cert_ku[i] = 0
Fri Jan 24 21:31:57 2020 us=85261 remote_cert_ku[i] = 0
Fri Jan 24 21:31:57 2020 us=85310 remote_cert_ku[i] = 0
Fri Jan 24 21:31:57 2020 us=85358 remote_cert_ku[i] = 0
Fri Jan 24 21:31:57 2020 us=85406 remote_cert_eku = '[UNDEF]'
Fri Jan 24 21:31:57 2020 us=85455 ssl_flags = 192
Fri Jan 24 21:31:57 2020 us=85503 tls_timeout = 2
Fri Jan 24 21:31:57 2020 us=85552 renegotiate_bytes = -1
Fri Jan 24 21:31:57 2020 us=85600 renegotiate_packets = 0
Fri Jan 24 21:31:57 2020 us=85648 renegotiate_seconds = 3600
Fri Jan 24 21:31:57 2020 us=85696 handshake_window = 60
Fri Jan 24 21:31:57 2020 us=85744 transition_window = 3600
Fri Jan 24 21:31:57 2020 us=85792 single_session = DISABLED
Fri Jan 24 21:31:57 2020 us=85839 push_peer_info = DISABLED
Fri Jan 24 21:31:57 2020 us=85888 tls_exit = DISABLED
Fri Jan 24 21:31:57 2020 us=85937 tls_auth_file = '[UNDEF]'
Fri Jan 24 21:31:57 2020 us=85985 tls_crypt_file = 'tls-crypt.key'
Fri Jan 24 21:31:57 2020 us=86034 pkcs11_protected_authentication = DISABLED
Fri Jan 24 21:31:57 2020 us=86082 pkcs11_protected_authentication = DISABLED
Fri Jan 24 21:31:57 2020 us=86130 pkcs11_protected_authentication = DISABLED
Fri Jan 24 21:31:57 2020 us=86179 pkcs11_protected_authentication = DISABLED
Fri Jan 24 21:31:57 2020 us=86227 pkcs11_protected_authentication = DISABLED
Fri Jan 24 21:31:57 2020 us=86275 pkcs11_protected_authentication = DISABLED
Fri Jan 24 21:31:57 2020 us=86323 pkcs11_protected_authentication = DISABLED
Fri Jan 24 21:31:57 2020 us=86371 pkcs11_protected_authentication = DISABLED
Fri Jan 24 21:31:57 2020 us=86420 pkcs11_protected_authentication = DISABLED
Fri Jan 24 21:31:57 2020 us=86469 pkcs11_protected_authentication = DISABLED
Fri Jan 24 21:31:57 2020 us=86517 pkcs11_protected_authentication = DISABLED
Fri Jan 24 21:31:57 2020 us=86565 pkcs11_protected_authentication = DISABLED
Fri Jan 24 21:31:57 2020 us=86613 pkcs11_protected_authentication = DISABLED
Fri Jan 24 21:31:57 2020 us=86661 pkcs11_protected_authentication = DISABLED
Fri Jan 24 21:31:57 2020 us=86710 pkcs11_protected_authentication = DISABLED
Fri Jan 24 21:31:57 2020 us=86758 pkcs11_protected_authentication = DISABLED
Fri Jan 24 21:31:57 2020 us=86808 pkcs11_private_mode = 00000000
Fri Jan 24 21:31:57 2020 us=86858 pkcs11_private_mode = 00000000
Fri Jan 24 21:31:57 2020 us=86907 pkcs11_private_mode = 00000000
Fri Jan 24 21:31:57 2020 us=86987 pkcs11_private_mode = 00000000
Fri Jan 24 21:31:57 2020 us=87038 pkcs11_private_mode = 00000000
Fri Jan 24 21:31:57 2020 us=87087 pkcs11_private_mode = 00000000
Fri Jan 24 21:31:57 2020 us=87136 pkcs11_private_mode = 00000000
Fri Jan 24 21:31:57 2020 us=87186 pkcs11_private_mode = 00000000
Fri Jan 24 21:31:57 2020 us=87234 pkcs11_private_mode = 00000000
Fri Jan 24 21:31:57 2020 us=87283 pkcs11_private_mode = 00000000
Fri Jan 24 21:31:57 2020 us=87331 pkcs11_private_mode = 00000000
Fri Jan 24 21:31:57 2020 us=87379 pkcs11_private_mode = 00000000
Fri Jan 24 21:31:57 2020 us=87427 pkcs11_private_mode = 00000000
Fri Jan 24 21:31:57 2020 us=87476 pkcs11_private_mode = 00000000
Fri Jan 24 21:31:57 2020 us=87524 pkcs11_private_mode = 00000000
Fri Jan 24 21:31:57 2020 us=87573 pkcs11_private_mode = 00000000
Fri Jan 24 21:31:57 2020 us=87621 pkcs11_cert_private = DISABLED
Fri Jan 24 21:31:57 2020 us=87670 pkcs11_cert_private = DISABLED
Fri Jan 24 21:31:57 2020 us=87718 pkcs11_cert_private = DISABLED
Fri Jan 24 21:31:57 2020 us=87766 pkcs11_cert_private = DISABLED
Fri Jan 24 21:31:57 2020 us=87815 pkcs11_cert_private = DISABLED
Fri Jan 24 21:31:57 2020 us=87863 pkcs11_cert_private = DISABLED
Fri Jan 24 21:31:57 2020 us=87911 pkcs11_cert_private = DISABLED
Fri Jan 24 21:31:57 2020 us=87959 pkcs11_cert_private = DISABLED
Fri Jan 24 21:31:57 2020 us=88025 pkcs11_cert_private = DISABLED
Fri Jan 24 21:31:57 2020 us=88075 pkcs11_cert_private = DISABLED
Fri Jan 24 21:31:57 2020 us=88124 pkcs11_cert_private = DISABLED
Fri Jan 24 21:31:57 2020 us=88172 pkcs11_cert_private = DISABLED
Fri Jan 24 21:31:57 2020 us=88220 pkcs11_cert_private = DISABLED
Fri Jan 24 21:31:57 2020 us=88268 pkcs11_cert_private = DISABLED
Fri Jan 24 21:31:57 2020 us=88317 pkcs11_cert_private = DISABLED
Fri Jan 24 21:31:57 2020 us=88365 pkcs11_cert_private = DISABLED
Fri Jan 24 21:31:57 2020 us=88414 pkcs11_pin_cache_period = -1
Fri Jan 24 21:31:57 2020 us=88463 pkcs11_id = '[UNDEF]'
Fri Jan 24 21:31:57 2020 us=88511 pkcs11_id_management = DISABLED
Fri Jan 24 21:31:57 2020 us=88563 server_network = 10.8.0.0
Fri Jan 24 21:31:57 2020 us=88616 server_netmask = 255.255.255.0
Fri Jan 24 21:31:57 2020 us=88667 server_network_ipv6 = ::
Fri Jan 24 21:31:57 2020 us=88716 server_netbits_ipv6 = 0
Fri Jan 24 21:31:57 2020 us=88857 server_bridge_ip = 0.0.0.0
Fri Jan 24 21:31:57 2020 us=88921 server_bridge_netmask = 0.0.0.0
Fri Jan 24 21:31:57 2020 us=88974 server_bridge_pool_start = 0.0.0.0
Fri Jan 24 21:31:57 2020 us=89027 server_bridge_pool_end = 0.0.0.0
Fri Jan 24 21:31:57 2020 us=89076 push_entry = 'dhcp-option DNS 8.8.8.8'
Fri Jan 24 21:31:57 2020 us=89125 push_entry = 'dhcp-option DNS 8.8.4.4'
Fri Jan 24 21:31:57 2020 us=89174 push_entry = 'redirect-gateway def1 bypass-dhcp'
Fri Jan 24 21:31:57 2020 us=89223 push_entry = 'route-gateway 10.8.0.1'
Fri Jan 24 21:31:57 2020 us=89270 push_entry = 'topology subnet'
Fri Jan 24 21:31:57 2020 us=89318 push_entry = 'ping 10'
Fri Jan 24 21:31:57 2020 us=89367 push_entry = 'ping-restart 120'
Fri Jan 24 21:31:57 2020 us=89415 ifconfig_pool_defined = ENABLED
Fri Jan 24 21:31:57 2020 us=89466 ifconfig_pool_start = 10.8.0.2
Fri Jan 24 21:31:57 2020 us=89518 ifconfig_pool_end = 10.8.0.253
Fri Jan 24 21:31:57 2020 us=89570 ifconfig_pool_netmask = 255.255.255.0
Fri Jan 24 21:31:57 2020 us=89619 ifconfig_pool_persist_filename = 'ipp.txt'
Fri Jan 24 21:31:57 2020 us=89669 ifconfig_pool_persist_refresh_freq = 600
Fri Jan 24 21:31:57 2020 us=89717 ifconfig_ipv6_pool_defined = DISABLED
Fri Jan 24 21:31:57 2020 us=89768 ifconfig_ipv6_pool_base = ::
Fri Jan 24 21:31:57 2020 us=89818 ifconfig_ipv6_pool_netbits = 0
Fri Jan 24 21:31:57 2020 us=89866 n_bcast_buf = 256
Fri Jan 24 21:31:57 2020 us=89915 tcp_queue_limit = 64
Fri Jan 24 21:31:57 2020 us=89964 real_hash_size = 256
Fri Jan 24 21:31:57 2020 us=90012 virtual_hash_size = 256
Fri Jan 24 21:31:57 2020 us=90061 client_connect_script = '[UNDEF]'
Fri Jan 24 21:31:57 2020 us=90142 learn_address_script = '[UNDEF]'
Fri Jan 24 21:31:57 2020 us=90194 client_disconnect_script = '[UNDEF]'
Fri Jan 24 21:31:57 2020 us=90244 client_config_dir = '[UNDEF]'
Fri Jan 24 21:31:57 2020 us=90294 ccd_exclusive = DISABLED
Fri Jan 24 21:31:57 2020 us=90343 tmp_dir = '/tmp'
Fri Jan 24 21:31:57 2020 us=90393 push_ifconfig_defined = DISABLED
Fri Jan 24 21:31:57 2020 us=90445 push_ifconfig_local = 0.0.0.0
Fri Jan 24 21:31:57 2020 us=90498 push_ifconfig_remote_netmask = 0.0.0.0
Fri Jan 24 21:31:57 2020 us=90548 push_ifconfig_ipv6_defined = DISABLED
Fri Jan 24 21:31:57 2020 us=90600 push_ifconfig_ipv6_local = ::/0
Fri Jan 24 21:31:57 2020 us=90652 push_ifconfig_ipv6_remote = ::
Fri Jan 24 21:31:57 2020 us=90701 enable_c2c = DISABLED
Fri Jan 24 21:31:57 2020 us=90750 duplicate_cn = DISABLED
Fri Jan 24 21:31:57 2020 us=90800 cf_max = 0
Fri Jan 24 21:31:57 2020 us=90850 cf_per = 0
Fri Jan 24 21:31:57 2020 us=90900 max_clients = 1024
Fri Jan 24 21:31:57 2020 us=90949 max_routes_per_client = 256
Fri Jan 24 21:31:57 2020 us=90999 auth_user_pass_verify_script = '[UNDEF]'
Fri Jan 24 21:31:57 2020 us=91049 auth_user_pass_verify_script_via_file = DISABLED
Fri Jan 24 21:31:57 2020 us=91098 auth_token_generate = DISABLED
Fri Jan 24 21:31:57 2020 us=91147 auth_token_lifetime = 0
Fri Jan 24 21:31:57 2020 us=91196 port_share_host = '[UNDEF]'
Fri Jan 24 21:31:57 2020 us=91245 port_share_port = '[UNDEF]'
Fri Jan 24 21:31:57 2020 us=91294 client = DISABLED
Fri Jan 24 21:31:57 2020 us=91343 pull = DISABLED
Fri Jan 24 21:31:57 2020 us=91393 auth_user_pass_file = '[UNDEF]'
Fri Jan 24 21:31:57 2020 us=91446 OpenVPN 2.4.7 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 20 2019
Fri Jan 24 21:31:57 2020 us=91534 library versions: OpenSSL 1.1.1d 10 Sep 2019, LZO 2.10
Fri Jan 24 21:31:57 2020 us=96413 ECDH curve prime256v1 added
Fri Jan 24 21:31:57 2020 us=96999 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Fri Jan 24 21:31:57 2020 us=97089 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Fri Jan 24 21:31:57 2020 us=97149 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Fri Jan 24 21:31:57 2020 us=97217 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Fri Jan 24 21:31:57 2020 us=97280 TLS-Auth MTU parms [ L:1621 D:1156 EF:94 EB:0 ET:0 EL:3 ]
Fri Jan 24 21:31:57 2020 us=98952 TUN/TAP device tun0 opened
Fri Jan 24 21:31:57 2020 us=99262 TUN/TAP TX queue length set to 100
Fri Jan 24 21:31:57 2020 us=99363 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Fri Jan 24 21:31:57 2020 us=99449 /sbin/ip link set dev tun0 up mtu 1500
Fri Jan 24 21:31:57 2020 us=111467 /sbin/ip addr add dev tun0 10.8.0.1/24 broadcast 10.8.0.255
Fri Jan 24 21:31:57 2020 us=121658 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
Fri Jan 24 21:31:57 2020 us=123040 Could not determine IPv4/IPv6 protocol. Using AF_INET
Fri Jan 24 21:31:57 2020 us=123191 Socket Buffers: R=[163840->163840] S=[163840->163840]
Fri Jan 24 21:31:57 2020 us=123299 UDPv4 link local (bound): [AF_INET][undef]:1194
Fri Jan 24 21:31:57 2020 us=123392 UDPv4 link remote: [AF_UNSPEC]
Fri Jan 24 21:31:57 2020 us=123501 GID set to nogroup
Fri Jan 24 21:31:57 2020 us=123600 UID set to nobody
Fri Jan 24 21:31:57 2020 us=123705 MULTI: multi_init called, r=256 v=256
Fri Jan 24 21:31:57 2020 us=123828 IFCONFIG POOL: base=10.8.0.2 size=252, ipv6=0
Fri Jan 24 21:31:57 2020 us=123918 IFCONFIG POOL LIST
Fri Jan 24 21:31:57 2020 us=125267 Initialization Sequence Completed
Fri Jan 24 21:33:13 2020 us=210140 tls-crypt unwrap error: packet too short
Fri Jan 24 21:33:13 2020 us=210313 TLS Error: tls-crypt unwrapping failed from [AF_INET]192.168.35.138:60079
Fri Jan 24 21:33:14 2020 us=282576 tls-crypt unwrap error: packet too short
Fri Jan 24 21:33:14 2020 us=282697 TLS Error: tls-crypt unwrapping failed from [AF_INET]192.168.35.138:60079
Fri Jan 24 21:33:15 2020 us=350883 tls-crypt unwrap error: packet too short
Fri Jan 24 21:33:15 2020 us=350972 TLS Error: tls-crypt unwrapping failed from [AF_INET]192.168.35.138:60079
Fri Jan 24 21:33:16 2020 us=411199 tls-crypt unwrap error: packet too short
Fri Jan 24 21:33:16 2020 us=411298 TLS Error: tls-crypt unwrapping failed from [AF_INET]192.168.35.138:60079
Fri Jan 24 21:33:17 2020 us=481098 tls-crypt unwrap error: packet too short
Fri Jan 24 21:33:17 2020 us=481191 TLS Error: tls-crypt unwrapping failed from [AF_INET]192.168.35.138:60079
Fri Jan 24 21:33:18 2020 us=551641 tls-crypt unwrap error: packet too short
Fri Jan 24 21:33:18 2020 us=551738 TLS Error: tls-crypt unwrapping failed from [AF_INET]192.168.35.138:60079

client.log

2020-01-24 16:32:54-0500 [-] ProfileSignatureVerify.verify: RSASig: cannot parse RSA signature: client/profsig:15,pki/sign:210,pki/sign:95,application/app:348,internet/base:1166,internet/base:1178,internet/selectreactor:140,python/log:85,python/log:70,python/context:59,python/context:37,internet/selectreactor:156,internet/posixbase:188,internet/abstract:169,internet/process:260,internet/process:762,internet/process:773,internet/process:306,internet/_baseprocess:48,internet/process:775,internet/_baseprocess:60,svc/pp:117,svc/svcnotify:32,internet/defer:238,internet/defer:307,internet/defer:323,internet/defer:766,internet/defer:746,client/profman:587,client/profman:609,client/profsig:15,pki/sign:210,pki/sign:95,util/error:61,util/error:44 (RSASIG_PARSE_ERROR)
2020-01-24 16:32:54-0500 [-] Profile sanitize warning: line 9: verify-x509-name server_yKHPawPNrilHNN01 name: line filtered from untrusted profile
2020-01-24 16:32:54-0500 [-] Profile sanitize warning: line 15: tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256: line filtered from untrusted profile
2020-01-24 16:32:54-0500 [-] Profile sanitize warning: line 16: setenv opt block-outside-dns: line filtered from untrusted profile
2020-01-24 16:32:54-0500 [-] Profile sanitize warning: line 56: <tls-crypt>: multi-line directive 'tls-crypt' is not allowed -- must be one of frozenset(['http-proxy-user-pass', 'tls-auth', 'ca', 'cert', 'pkcs12', 'secret', 'key', 'extra-certs', 'crl-verify'])
2020-01-24 16:32:54-0500 [-] Profile sanitize warning: line 60: -----BEGIN OpenVPN Static key V1-----: line filtered from untrusted profile
2020-01-24 16:32:54-0500 [-] Profile sanitize warning: line 61: 89d7690dbebcf713911f09b4323ec40a: line filtered from untrusted profile
2020-01-24 16:32:54-0500 [-] Profile sanitize warning: line 62: 56047f958c1ea9c18b323ee79fe63782: line filtered from untrusted profile
2020-01-24 16:32:54-0500 [-] Profile sanitize warning: line 63: 11aa8f1f4561313dfdb1afb4f2a034c0: line filtered from untrusted profile
2020-01-24 16:32:54-0500 [-] Profile sanitize warning: line 64: 1949b2c9f93d5906fe30dd91b6d545ba: line filtered from untrusted profile
2020-01-24 16:32:54-0500 [-] Profile sanitize warning: line 65: 2db7a5dd7cd20969a56dk64h8n3cacb5: line filtered from untrusted profile
2020-01-24 16:32:54-0500 [-] Profile sanitize warning: line 66: 450c5119adab329cd123662b9c6be30a: line filtered from untrusted profile
2020-01-24 16:32:54-0500 [-] Profile sanitize warning: line 67: fbd8b4ea9b0e4e5c915d73ba137bd77a: line filtered from untrusted profile
2020-01-24 16:32:54-0500 [-] Profile sanitize warning: line 68: e299f0ce3c35ba48f606378fdfe8cbd9: line filtered from untrusted profile
2020-01-24 16:32:54-0500 [-] Profile sanitize warning: line 69: 7571f8b1c25cb61482f37b3ce1f89193: line filtered from untrusted profile
2020-01-24 16:32:54-0500 [-] Profile sanitize warning: line 70: 3bc75547a60a1698ef3a62f237d917a4: line filtered from untrusted profile
2020-01-24 16:32:54-0500 [-] Profile sanitize warning: line 71: 3a8c533901920c384d8ed5b16fe06df7: line filtered from untrusted profile
2020-01-24 16:32:54-0500 [-] Profile sanitize warning: line 72: a7e7f2c0g76f7ab2ebd30f41e3db87e1: line filtered from untrusted profile
2020-01-24 16:32:54-0500 [-] Profile sanitize warning: line 73: 8616511eb24190e678d570c9f61a3d21: line filtered from untrusted profile
2020-01-24 16:32:54-0500 [-] Profile sanitize warning: line 74: 318a239828f06305dcdf6dee05c20a6e: line filtered from untrusted profile
2020-01-24 16:32:54-0500 [-] Profile sanitize warning: line 75: 902968f4kl3ecb0e2770ba45200d1300: line filtered from untrusted profile
2020-01-24 16:32:54-0500 [-] Profile sanitize warning: line 76: bd36a4d49617dd66d26f65fd0910651a: line filtered from untrusted profile
2020-01-24 16:32:54-0500 [-] Profile sanitize warning: line 77: -----END OpenVPN Static key V1-----: line filtered from untrusted profile
2020-01-24 16:32:54-0500 [-] Profile sanitize warning: line 78: </tls-crypt>: line filtered from untrusted profile
2020-01-24 16:32:54-0500 [-] ImportProfile: profile sanitized
2020-01-24 16:32:54-0500 [-] *** API CALL f=xmlrpc_Poll args=['sess_TrackActiveProfiles_b02jO2DRsfHjldr5_2', 10] kw={} ret=[{'timestamp': 1579901574, 'state': 'add_profile', 'profile_id': u'192_168_35_11_p3899', 'type': 'PROFILE'}]
2020-01-24 16:32:54-0500 [-] *** API CALL f=xmlrpc_ImportProfileFromFile args=['/Users/aponomarenko/client1.ovpn', {}] kw={} ret=u'192_168_35_11_p3899'
2020-01-24 16:32:54-0500 [HTTPChannel,2708,] *** API CALL f=xmlrpc_ProfileProperties args=['192_168_35_11_p3899'] kw={} ret={'hash': '660ef421f6d89c9efb7e7faf71b69733cd8416299c5182c8aeddf0c8241fff3c', 'name': u'192.168.35.11', 'global': False, 'host': u'192.168.35.11', 'owner': u'aponomarenko', 'remote_hosts': [u'192.168.35.11'], 'type': ['static'], 'id': '192_168_35_11_p3899', 'access_allowed': True}
2020-01-24 16:32:58-0500 [HTTPChannel,2710,] *** API CALL f=xmlrpc_DisconnectSet args=[[]] kw={} ret=None
2020-01-24 16:33:07-0500 [HTTPChannel,2711,] *** API CALL f=xmlrpc_GetPreferences args=[] kw={} ret={'proxy_auto': False, 'exec_admin_domain': '', 'update_base_url': 'http://swupdate.openvpn.net/updates', 'log_append': False, 'enable_xd_proxy': True, 'basic_client': False, 'auth_allow_cache_pw': True, 'restrict_domain': '*', 'proxy_auth_allow_basic': True, 'trust_group': '', 'proto_force': '', 'allow_ssl_v2': False, 'connect_timeout': 60, 'implicit_elevation': False, 'exec_user_domain': '*', 'universal_sessions_are_global': False, 'reroute_dns_partial': False, 'verb': '', 'proxy_auth_allow_save_pw': True, 'user_may_trust_cert': True, 'silent_update': False, 'route_nopull': False, 'enable_connect': True, 'notify_update': True, 'user_hostspec': '*', 'allow_web_import': True}
2020-01-24 16:33:07-0500 [HTTPChannel,2712,] *** API CALL f=xmlrpc_LocalUserContext args=[True] kw={} ret={'user': 'aponomarenko', 'user_is_admin': False}
2020-01-24 16:33:07-0500 [HTTPChannel,2713,] *** API CALL f=xmlrpc_TrackActiveProfiles args=[True] kw={} ret='sess_TrackActiveProfiles_2QFnFpKqzNcQDjkW_3'
2020-01-24 16:33:07-0500 [HTTPChannel,2714,] *** API CALL f=xmlrpc_UpdateStatus args=[] kw={} ret={}
2020-01-24 16:33:07-0500 [HTTPChannel,2715,] *** API CALL f=xmlrpc_Poll args=['sess_TrackActiveProfiles_2QFnFpKqzNcQDjkW_3', 10] kw={} ret=[{'timestamp': 1579901587, 'state': 'add_profile', 'profile_id': u'192_168_35_11_p3899', 'type': 'PROFILE'}]
2020-01-24 16:33:07-0500 [HTTPChannel,2716,] *** API CALL f=xmlrpc_ProfileProperties args=['192_168_35_11_p3899'] kw={} ret={'hash': '660ef421f6d89c9efb7e7faf71b69733cd8416299c5182c8aeddf0c8241fff3c', 'name': u'192.168.35.11', 'global': False, 'host': u'192.168.35.11', 'owner': u'aponomarenko', 'remote_hosts': [u'192.168.35.11'], 'type': ['static'], 'id': '192_168_35_11_p3899', 'access_allowed': True}
2020-01-24 16:33:13-0500 [HTTPChannel,2718,] Profile approve: profile u'192.168.35.11' signed_by=None was previously seen, approval=True
2020-01-24 16:33:13-0500 [HTTPChannel,2718,] OpenVPN 192_168_35_11_p3899 instantiated
2020-01-24 16:33:13-0500 [HTTPChannel,2718,] pyovpn.client.vpncli.MyOMIServer starting on "u'/Library/Application Support/OpenVPN/sock/ovpn-RbTLCtOoPeXg.sock'"
2020-01-24 16:33:13-0500 [-] (Port None Closed)
2020-01-24 16:33:13-0500 [MyOMIClient,0,] FROM OMI: u">INFO:OpenVPN Management Interface Version 1 -- type 'help' for more info"
2020-01-24 16:33:13-0500 [MyOMIClient,0,] FROM OMI: u'>HOLD:Waiting for hold release'
2020-01-24 16:33:13-0500 [MyOMIClient,0,] TO OMI: ['state on']
2020-01-24 16:33:13-0500 [MyOMIClient,0,] FROM OMI: u'SUCCESS: real-time state notification set to ON'
2020-01-24 16:33:13-0500 [MyOMIClient,0,] TO OMI: ['echo on']
2020-01-24 16:33:13-0500 [MyOMIClient,0,] FROM OMI: u'SUCCESS: real-time echo notification set to ON'
2020-01-24 16:33:13-0500 [MyOMIClient,0,] TO OMI: ['bytecount 1']
2020-01-24 16:33:13-0500 [MyOMIClient,0,] FROM OMI: u'SUCCESS: bytecount interval changed'
2020-01-24 16:33:13-0500 [MyOMIClient,0,] TO OMI: ['hold off']
2020-01-24 16:33:13-0500 [MyOMIClient,0,] FROM OMI: u'SUCCESS: hold flag set to OFF'
2020-01-24 16:33:13-0500 [MyOMIClient,0,] TO OMI: ['hold release']
2020-01-24 16:33:13-0500 [MyOMIClient,0,] FROM OMI: u'SUCCESS: hold release succeeded'
2020-01-24 16:33:13-0500 [MyOMIClient,0,] OpenVPN start: name='192_168_35_11_p3899' sev='info' msg='process started successfully'
2020-01-24 16:33:13-0500 [MyOMIClient,0,] *** API CALL f=xmlrpc_Poll args=['sess_TrackActiveProfiles_2QFnFpKqzNcQDjkW_3', 10] kw={} ret=[{'type': 'PROFILE', 'state': 'connect', 'profile_id': '192_168_35_11_p3899', 'cookie': 'TRAY_CLIENT_YXBvbm9tYXJlbmtv_OBC64F96', 'timestamp': 1579901593}]
2020-01-24 16:33:13-0500 [MyOMIClient,0,] *** API CALL f=xmlrpc_Connect args=[{'new_only': True, 'cookie': 'TRAY_CLIENT_YXBvbm9tYXJlbmtv_OBC64F96', 'profile_id': '192_168_35_11_p3899', 'type': 'static', 'non_interactive': False}, ['STATE', 'PASSWORD', 'ACTIVE', 'CERT_APPROVAL', 'INFO', 'CONNECTED_USER', 'FATAL', 'SCRIPT', 'CHALLENGE', 'DELETE_PENDING', 'NOTIFY', 'RSA_SIGN', 'CONNECT_TIMEOUT', 'BYTECOUNT'], {}] kw={} ret='sess_192_168_35_11_p3899_LSBxwvsaHOgQxzPk_1'
2020-01-24 16:33:13-0500 [MyOMIClient,0,] FROM OMI: u'>REMOTE:192.168.35.11,1194,udp'
2020-01-24 16:33:13-0500 [MyOMIClient,0,] TO OMI: ['remote ACCEPT']
2020-01-24 16:33:13-0500 [MyOMIClient,0,] FROM OMI: u'SUCCESS: remote command succeeded'
2020-01-24 16:33:13-0500 [HTTPChannel,2719,] *** API CALL f=xmlrpc_Poll args=['sess_192_168_35_11_p3899_LSBxwvsaHOgQxzPk_1', 10] kw={} ret=[{'active': True, 'timestamp': 1579901593, 'type': 'ACTIVE', 'last': None}]
2020-01-24 16:33:13-0500 [MyOMIClient,0,] FROM OMI: u'>STATE:1579901593,RESOLVE,,,'
2020-01-24 16:33:13-0500 [MyOMIClient,0,] *** STATE 1579901593,RESOLVE,,,
2020-01-24 16:33:13-0500 [MyOMIClient,0,] *** API CALL f=xmlrpc_Poll args=['sess_192_168_35_11_p3899_LSBxwvsaHOgQxzPk_1', 10] kw={} ret=[{'timestamp': 1579901593, 'state': u'RESOLVE', 'type': 'STATE'}]
2020-01-24 16:33:13-0500 [MyOMIClient,0,] FROM OMI: u'>STATE:1579901593,WAIT,,,'
2020-01-24 16:33:13-0500 [MyOMIClient,0,] *** STATE 1579901593,WAIT,,,
2020-01-24 16:33:13-0500 [HTTPChannel,2722,] *** API CALL f=xmlrpc_Poll args=['sess_192_168_35_11_p3899_LSBxwvsaHOgQxzPk_1', 10] kw={} ret=[{'timestamp': 1579901593, 'state': u'WAIT', 'type': 'STATE'}]
2020-01-24 16:33:23-0500 [MyOMIClient,0,] FROM OMI: u'>STATE:1579901603,RECONNECTING,,,'
2020-01-24 16:33:23-0500 [MyOMIClient,0,] *** STATE 1579901603,RECONNECTING,,,
2020-01-24 16:33:23-0500 [MyOMIClient,0,] *** API CALL f=xmlrpc_Poll args=['sess_192_168_35_11_p3899_LSBxwvsaHOgQxzPk_1', 10] kw={} ret=[{'timestamp': 1579901603, 'state': u'RECONNECTING', 'type': 'STATE'}]
2020-01-24 16:33:23-0500 [MyOMIClient,0,] FROM OMI: u'>STATE:1579901603,WAIT,,,'
2020-01-24 16:33:23-0500 [MyOMIClient,0,] *** STATE 1579901603,WAIT,,,
2020-01-24 16:33:23-0500 [HTTPChannel,2734,] *** API CALL f=xmlrpc_Poll args=['sess_192_168_35_11_p3899_LSBxwvsaHOgQxzPk_1', 10] kw={} ret=[{'timestamp': 1579901603, 'state': u'WAIT', 'type': 'STATE'}]
2020-01-24 16:33:33-0500 [MyOMIClient,0,] FROM OMI: u'>STATE:1579901613,RECONNECTING,,,'
2020-01-24 16:33:33-0500 [MyOMIClient,0,] *** STATE 1579901613,RECONNECTING,,,
2020-01-24 16:33:33-0500 [MyOMIClient,0,] *** API CALL f=xmlrpc_Poll args=['sess_192_168_35_11_p3899_LSBxwvsaHOgQxzPk_1', 10] kw={} ret=[{'timestamp': 1579901613, 'state': u'RECONNECTING', 'type': 'STATE'}]
2020-01-24 16:33:33-0500 [MyOMIClient,0,] FROM OMI: u'>STATE:1579901613,WAIT,,,'
2020-01-24 16:33:33-0500 [MyOMIClient,0,] *** STATE 1579901613,WAIT,,,
2020-01-24 16:33:33-0500 [HTTPChannel,2746,] *** API CALL f=xmlrpc_Poll args=['sess_192_168_35_11_p3899_LSBxwvsaHOgQxzPk_1', 10] kw={} ret=[{'timestamp': 1579901613, 'state': u'WAIT', 'type': 'STATE'}]
2020-01-24 16:33:43-0500 [MyOMIClient,0,] FROM OMI: u'>STATE:1579901623,RECONNECTING,,,'
2020-01-24 16:33:43-0500 [MyOMIClient,0,] *** STATE 1579901623,RECONNECTING,,,
2020-01-24 16:33:43-0500 [MyOMIClient,0,] *** API CALL f=xmlrpc_Poll args=['sess_192_168_35_11_p3899_LSBxwvsaHOgQxzPk_1', 10] kw={} ret=[{'timestamp': 1579901623, 'state': u'RECONNECTING', 'type': 'STATE'}]
2020-01-24 16:33:43-0500 [MyOMIClient,0,] FROM OMI: u'>STATE:1579901623,WAIT,,,'
2020-01-24 16:33:43-0500 [MyOMIClient,0,] *** STATE 1579901623,WAIT,,,
2020-01-24 16:33:43-0500 [HTTPChannel,2758,] *** API CALL f=xmlrpc_Poll args=['sess_192_168_35_11_p3899_LSBxwvsaHOgQxzPk_1', 10] kw={} ret=[{'timestamp': 1579901623, 'state': u'WAIT', 'type': 'STATE'}]
2020-01-24 16:33:53-0500 [MyOMIClient,0,] FROM OMI: u'>STATE:1579901633,RECONNECTING,,,'
2020-01-24 16:33:53-0500 [MyOMIClient,0,] *** STATE 1579901633,RECONNECTING,,,
2020-01-24 16:33:53-0500 [MyOMIClient,0,] *** API CALL f=xmlrpc_Poll args=['sess_192_168_35_11_p3899_LSBxwvsaHOgQxzPk_1', 10] kw={} ret=[{'timestamp': 1579901633, 'state': u'RECONNECTING', 'type': 'STATE'}]
2020-01-24 16:33:53-0500 [MyOMIClient,0,] FROM OMI: u'>STATE:1579901633,WAIT,,,'
2020-01-24 16:33:53-0500 [MyOMIClient,0,] *** STATE 1579901633,WAIT,,,
2020-01-24 16:33:53-0500 [HTTPChannel,2770,] *** API CALL f=xmlrpc_Poll args=['sess_192_168_35_11_p3899_LSBxwvsaHOgQxzPk_1', 10] kw={} ret=[{'timestamp': 1579901633, 'state': u'WAIT', 'type': 'STATE'}]
2020-01-24 16:34:03-0500 [MyOMIClient,0,] FROM OMI: u'>STATE:1579901643,RECONNECTING,,,'
2020-01-24 16:34:03-0500 [MyOMIClient,0,] *** STATE 1579901643,RECONNECTING,,,
2020-01-24 16:34:03-0500 [MyOMIClient,0,] *** API CALL f=xmlrpc_Poll args=['sess_192_168_35_11_p3899_LSBxwvsaHOgQxzPk_1', 10] kw={} ret=[{'timestamp': 1579901643, 'state': u'RECONNECTING', 'type': 'STATE'}]
2020-01-24 16:34:03-0500 [MyOMIClient,0,] FROM OMI: u'>STATE:1579901643,WAIT,,,'
2020-01-24 16:34:03-0500 [MyOMIClient,0,] *** STATE 1579901643,WAIT,,,
2020-01-24 16:34:03-0500 [HTTPChannel,2784,] *** API CALL f=xmlrpc_Poll args=['sess_192_168_35_11_p3899_LSBxwvsaHOgQxzPk_1', 10] kw={} ret=[{'timestamp': 1579901643, 'state': u'WAIT', 'type': 'STATE'}]
2020-01-24 16:34:13-0500 [-] OVPN 192_168_35_11_p3899 ERR: '>FATAL:CONNECTION_TIMEOUT'
2020-01-24 16:34:13-0500 [MyOMIClient,0,] FROM OMI: u'>FATAL:CONNECTION_TIMEOUT'
2020-01-24 16:34:13-0500 [MyOMIClient,0,] *** API CALL f=xmlrpc_Poll args=['sess_192_168_35_11_p3899_LSBxwvsaHOgQxzPk_1', 10] kw={} ret=[{'timestamp': 1579901653, 'type': 'FATAL', 'error': u'CONNECTION_TIMEOUT'}]
2020-01-24 16:34:13-0500 [-] *** API CALL f=xmlrpc_Poll args=['sess_192_168_35_11_p3899_LSBxwvsaHOgQxzPk_1', 10] kw={} ret=[{'active': False, 'timestamp': 1579901653, 'type': 'ACTIVE', 'last': True}]
2020-01-24 16:34:13-0500 [-] *** API CALL f=xmlrpc_Poll args=['sess_TrackActiveProfiles_2QFnFpKqzNcQDjkW_3', 10] kw={} ret=[{'timestamp': 1579901653, 'state': 'disconnect', 'profile_id': '192_168_35_11_p3899', 'type': 'PROFILE'}]
2020-01-24 16:34:13-0500 [-] OpenVPN 192_168_35_11_p3899 stop: daemon exited with status 0
2020-01-24 16:34:13-0500 [HTTPChannel,2797,] *** API CALL f=xmlrpc_Poll args=['sess_192_168_35_11_p3899_LSBxwvsaHOgQxzPk_1', 10] kw={} ret=[{'timestamp': 1579901653, 'type': 'DELETE_PENDING'}]

crash_desn
OpenVpn Newbie
Posts: 3
Joined: Fri Jan 24, 2020 9:22 pm

Re: tls-crypt unwrap error: packet too short

Post by crash_desn » Sat Feb 01, 2020 12:54 am

would appreciate any help...

postcd
OpenVPN User
Posts: 26
Joined: Sun Jan 24, 2016 9:22 pm

Re: tls-crypt unwrap error: packet too short

Post by postcd » Fri Aug 26, 2022 1:18 pm

Same log lines on server and unable to connect.

"journalctl -xe" on client says:
DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
WARNING: file '/home/user/.local/share/networkmanagement/certificates/2022/private.key' is group or others accessible
OpenVPN 2.5.1 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on May 14 2021
library versions: OpenSSL 1.1.1n 15 Mar 2022, LZO 2.10
WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
I have tried to apply suggestions of this thread already.

User avatar
ordex
OpenVPN Inc.
Posts: 444
Joined: Wed Dec 28, 2016 2:32 am
Location: IRC #openvpn-devel @ libera.chat

Re: tls-crypt unwrap error: packet too short

Post by ordex » Sun Sep 11, 2022 10:53 pm

postcd wrote:
Fri Aug 26, 2022 1:18 pm
Same log lines on server and unable to connect.

"journalctl -xe" on client says:
DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
WARNING: file '/home/user/.local/share/networkmanagement/certificates/2022/private.key' is group or others accessible
OpenVPN 2.5.1 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on May 14 2021
library versions: OpenSSL 1.1.1n 15 Mar 2022, LZO 2.10
WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
I have tried to apply suggestions of this thread already.
this seems to be the client, isn't it?
The real error is likely on the server log. (better is to have 'verb 4')

Post Reply