OpenVPN Support Forum

Code: Select all

Authenticate/Decrypt packet error: cipher final failed
MANAGEMENT: Client disconnected
MANAGEMENT: CMD 'status 2'
MANAGEMENT: CMD 'state all'
MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
Authenticate/Decrypt packet error: cipher final failed
Initialization Sequence Completed
/sbin/route add -net 128.0.0.0 10.18.112.1 128.0.0.0
/sbin/route add -net 0.0.0.0 10.18.112.1 128.0.0.0
/sbin/route add -net 156.146.54.71 xx.xx.xx.xx 255.255.255.255
/usr/local/etc/inc/plugins.inc.d/openvpn/ovpn-linkup ovpnc3 1500 1542 10.18.112.2 255.255.255.0 init
/sbin/route add -net 10.18.112.0 10.18.112.1 255.255.255.0
/sbin/ifconfig ovpnc3 10.18.112.2 10.18.112.1 mtu 1500 netmask 255.255.255.0 up
do_ifconfig, tt->did_ifconfig_ipv6_setup=0
TUN/TAP device /dev/tun3 opened
TUN/TAP device ovpnc3 exists previously, keep at program end
ROUTE_GATEWAY xx.xx.xx.xx/xx.xx.xx.xx IFACE=vtnet0 HWADDR=xx:xx:xx:xx:xx:xx
WARNING: cipher with small block size in use, reducing reneg-bytes to 64MB to mitigate SWEET32 attacks.
Incoming Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
WARNING: INSECURE cipher with block size less than 128 bit (64 bit).  This allows attacks like SWEET32.  Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
Incoming Data Channel: Cipher 'BF-CBC' initialized with 128 bit key
Outgoing Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
WARNING: INSECURE cipher with block size less than 128 bit (64 bit).  This allows attacks like SWEET32.  Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
Outgoing Data Channel: Cipher 'BF-CBC' initialized with 128 bit key
Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:406 ET:0 EL:3 ]
OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
OPTIONS IMPORT: route-related options modified
OPTIONS IMPORT: route options modified
OPTIONS IMPORT: --ifconfig/up options modified
OPTIONS IMPORT: compression parms modified
OPTIONS IMPORT: timers and/or timeouts modified
PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 10.0.0.243,dhcp-option DNS 10.0.0.242,ping 10,comp-lzo no,route-gateway 10.18.112.1,topology subnet,ifconfig 10.18.112.2 255.255.255.0,auth-token'
SENT CONTROL [newyork403]: 'PUSH_REQUEST' (status=1)
[newyork403] Peer Connection Initiated with [AF_INET]156.146.54.71:1198
Control Channel: TLSv1.2, cipher TLSv1.2 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
VERIFY OK: depth=0, C=US, ST=CA, L=LosAngeles, O=Private Internet Access, OU=Private Internet Access, CN=newyork403, name=newyork403
VERIFY EKU OK
++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Validating certificate extended key usage
VERIFY KU OK
VERIFY OK: depth=1, C=US, ST=CA, L=LosAngeles, O=Private Internet Access, OU=Private Internet Access, CN=Private Internet Access, name=Private Internet Access, emailAddress=secure@privateinternetaccess.com
WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
TLS: Initial packet from [AF_INET]156.146.54.71:1198, sid=36d8524c 77024532
UDP link remote: [AF_INET]156.146.54.71:1198
UDP link local (bound): [AF_INET]xx.xx.xx.xx:0
Socket Buffers: R=[42080->42080] S=[57344->57344]
TCP/UDP: Preserving recently used remote address: [AF_INET]156.146.54.71:1198
Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 ]
Control Channel MTU parms [ L:1622 D:1212 EF:38 EB:0 ET:0 EL:3 ]
LZO compression initializing
NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
MANAGEMENT: unix domain socket listening on /var/etc/openvpn/client3.sock
library versions: OpenSSL 1.1.1g  21 Apr 2020, LZO 2.10
OpenVPN 2.4.9 amd64-portbld-freebsd12.1 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Jul 28 2020
auth_user_pass_file = '/var/etc/openvpn/client3.up'
pull = ENABLED
client = ENABLED
port_share_port = '[UNDEF]'
port_share_host = '[UNDEF]'
auth_token_lifetime = 0
auth_token_generate = DISABLED
auth_user_pass_verify_script_via_file = DISABLED
auth_user_pass_verify_script = '[UNDEF]'
max_routes_per_client = 256
max_clients = 1024
cf_per = 0
cf_max = 0
duplicate_cn = DISABLED
enable_c2c = DISABLED
push_ifconfig_ipv6_remote = ::
push_ifconfig_ipv6_local = ::/0
push_ifconfig_ipv6_defined = DISABLED
push_ifconfig_remote_netmask = 0.0.0.0
push_ifconfig_local = 0.0.0.0
push_ifconfig_defined = DISABLED
tmp_dir = '/tmp'
ccd_exclusive = DISABLED
client_config_dir = '[UNDEF]'
client_disconnect_script = '[UNDEF]'
learn_address_script = '[UNDEF]'
client_connect_script = '[UNDEF]'
virtual_hash_size = 256
real_hash_size = 256
tcp_queue_limit = 64
n_bcast_buf = 256
ifconfig_ipv6_pool_netbits = 0
ifconfig_ipv6_pool_base = ::
ifconfig_ipv6_pool_defined = DISABLED
ifconfig_pool_persist_refresh_freq = 600
ifconfig_pool_persist_filename = '[UNDEF]'
ifconfig_pool_netmask = 0.0.0.0
ifconfig_pool_end = 0.0.0.0
ifconfig_pool_start = 0.0.0.0
ifconfig_pool_defined = DISABLED
server_bridge_pool_end = 0.0.0.0
server_bridge_pool_start = 0.0.0.0
server_bridge_netmask = 0.0.0.0
server_bridge_ip = 0.0.0.0
server_netbits_ipv6 = 0
server_network_ipv6 = ::
server_netmask = 0.0.0.0
server_network = 0.0.0.0
tls_crypt_file = '[UNDEF]'
tls_auth_file = '[UNDEF]'
tls_exit = DISABLED
push_peer_info = DISABLED
single_session = DISABLED
transition_window = 3600
handshake_window = 60
renegotiate_seconds = 0
renegotiate_packets = 0
renegotiate_bytes = -1
tls_timeout = 2
ssl_flags = 0
remote_cert_eku = 'TLS Web Server Authentication'
remote_cert_ku[i] = 0
remote_cert_ku[i] = 0
remote_cert_ku[i] = 0
remote_cert_ku[i] = 0
remote_cert_ku[i] = 0
remote_cert_ku[i] = 0
remote_cert_ku[i] = 0
remote_cert_ku[i] = 0
remote_cert_ku[i] = 0
remote_cert_ku[i] = 0
remote_cert_ku[i] = 0
remote_cert_ku[i] = 0
remote_cert_ku[i] = 0
remote_cert_ku[i] = 0
remote_cert_ku[i] = 0
remote_cert_ku[i] = 65535
ns_cert_type = 0
crl_file = '[UNDEF]'
verify_x509_name = '[UNDEF]'
verify_x509_type = 0
tls_export_cert = '[UNDEF]'
tls_verify = '[UNDEF]'
tls_cert_profile = '[UNDEF]'
cipher_list_tls13 = '[UNDEF]'
cipher_list = '[UNDEF]'
pkcs12_file = '[UNDEF]'
priv_key_file = '[UNDEF]'
extra_certs_file = '[UNDEF]'
cert_file = '[UNDEF]'
dh_file = '[UNDEF]'
ca_path = '[UNDEF]'
ca_file = '/var/etc/openvpn/client3.ca'
key_method = 2
tls_client = ENABLED
tls_server = DISABLED
test_crypto = DISABLED
use_iv = ENABLED
packet_id_file = '[UNDEF]'
replay_time = 15
replay_window = 64
mute_replay_warnings = DISABLED
replay = ENABLED
engine = DISABLED
keysize = 0
prng_nonce_secret_len = 16
prng_hash = 'SHA1'
authname = 'SHA1'
ncp_ciphers = 'AES-256-GCM:AES-128-GCM'
ncp_enabled = ENABLED
ciphername = 'BF-CBC'
key_direction = not set
shared_secret_file = '[UNDEF]'
management_flags = 256
management_client_group = '[UNDEF]'
management_client_user = '[UNDEF]'
management_write_peer_info_file = '[UNDEF]'
management_echo_buffer_size = 100
management_log_history_cache = 250
management_user_pass = '[UNDEF]'
management_port = 'unix'
management_addr = '/var/etc/openvpn/client3.sock'
allow_pull_fqdn = DISABLED
route_gateway_via_dhcp = DISABLED
route_nopull = DISABLED
route_delay_defined = DISABLED
route_delay_window = 30
route_delay = 0
route_noexec = DISABLED
route_default_metric = 0
route_default_gateway = '[UNDEF]'
route_script = '[UNDEF]'
comp.flags = 1
comp.alg = 2
fast_io = DISABLED
sockflags = 0
sndbuf = 0
rcvbuf = 0
occ = ENABLED
status_file_update_freq = 60
status_file_version = 1
status_file = '[UNDEF]'
gremlin = 0
mute = 0
verbosity = 4
nice = 0
machine_readable_output = DISABLED
suppress_timestamps = DISABLED
log = DISABLED
inetd = 0
daemon = ENABLED
up_delay = DISABLED
up_restart = DISABLED
down_pre = DISABLED
down_script = '/usr/local/etc/inc/plugins.inc.d/openvpn/ovpn-linkdown'
up_script = '/usr/local/etc/inc/plugins.inc.d/openvpn/ovpn-linkup'
writepid = '/var/run/openvpn_client3.pid'
cd_dir = '[UNDEF]'
chroot_dir = '[UNDEF]'
groupname = '[UNDEF]'
username = '[UNDEF]'
resolve_in_advance = DISABLED
resolve_retry_seconds = 1000000000
passtos = DISABLED
persist_key = ENABLED
persist_remote_ip = DISABLED
persist_local_ip = DISABLED
persist_tun = ENABLED
remap_sigusr1 = 0
ping_timer_remote = ENABLED
ping_rec_timeout_action = 2
ping_rec_timeout = 60
ping_send_timeout = 10
inactivity_timeout = 0
keepalive_timeout = 60
keepalive_ping = 10
mlock = DISABLED
mtu_test = 0
shaper = 0
ifconfig_ipv6_remote = '[UNDEF]'
ifconfig_ipv6_netbits = 0
ifconfig_ipv6_local = '[UNDEF]'
ifconfig_nowarn = DISABLED
ifconfig_noexec = DISABLED
ifconfig_remote_netmask = '[UNDEF]'
ifconfig_local = '[UNDEF]'
topology = 1
lladdr = '[UNDEF]'
dev_node = '/dev/tun3'
dev_type = 'tun'
dev = 'ovpnc3'
ipchange = '[UNDEF]'
remote_random = DISABLED
Connection profiles END
explicit_exit_notification = 0
mssfix = 1450
fragment = 0
mtu_discover_type = -1
tun_mtu_extra_defined = DISABLED
tun_mtu_extra = 0
link_mtu_defined = DISABLED
link_mtu = 1500
tun_mtu_defined = ENABLED
tun_mtu = 1500
socks_proxy_port = '[UNDEF]'
socks_proxy_server = '[UNDEF]'
xormasklen = 0
xormask = ''
xormethod = 0
connect_timeout = 120
connect_retry_seconds = 5
bind_ipv6_only = DISABLED
bind_local = ENABLED
bind_defined = DISABLED
remote_float = DISABLED
remote_port = '1198'
remote = 'us-newyorkcity.privacy.network'
local_port = '0'
local = 'xx.xx.xx.xx'
proto = udp
Connection profiles [0]:
connect_retry_max = 0
show_tls_ciphers = DISABLED
key_pass_file = '[UNDEF]'
genkey = DISABLED
show_engines = DISABLED
show_digests = DISABLED
show_ciphers = DISABLED
mode = 0
config = '/var/etc/openvpn/client3.conf'
Current Parameter Settings:
WARNING: file '/var/etc/openvpn/client3.up' is group or others accessible