Password + MFA no working properly
Posted: Mon Oct 26, 2020 7:05 pm
Hi there,
So, my goal is that my users can login with USERNAME, PASSWORD + MFA code from Google authenticator. I got it working following some guides and oficial docs but i noticed that no password is beign validated, i mean that i can put just the code from Google app and i can login without problem -> i dont want that. Followed this guide for MFA -> https://medium.com/@egonbraun/using-goo ... 4e4acc2852
Also i find something weird: i can log in using client1.ovpn with client2's username + MFA code.. i don't understand why ¿maybe i'm no validating client side cert?.
Goal:
That user can login with Linux/Unix USERNAME, PASSWORD + MFA
Setup:
I'm doing routing openvpn. My openvpn server is behind my router so is not the default GW.
Server OS: Debian 10
Config:
auth requisite /usr/lib/x86_64-linux-gnu/security/pam_google_authenticator.so secret=/etc/openvpn/google-authenticator/${USER} user=gauth forward_pass
port 1194
proto udp4
dev tun0
ca ca.crt
cert server.crt
key server.key # This file should be kept secret
dh dh.pem
server 10.8.0.0 255.255.255.0 'nopool'
ifconfig-pool-persist /var/log/openvpn/ipp.txt
ifconfig-pool 10.8.0.50 10.8.0.100
push "route 192.168.1.0 255.255.255.0"
keepalive 10 120
tls-auth ta.key 0 # This file is secret
cipher AES-256-CBC
user nobody
group nogroup
persist-key
persist-tun
status /var/log/openvpn/openvpn-status.log
log /var/log/openvpn/openvpn.log
verb 4
explicit-exit-notify 1
auth SHA256
crl-verify crl.pem
plugin /usr/lib/x86_64-linux-gnu/openvpn/plugins/openvpn-plugin-auth-pam.so openvpn
client
dev tun
proto udp4
remote x.y.z.t randomport
resolv-retry infinite
nobind
user nobody
group nobody
persist-key
persist-tun
remote-cert-tls server
cipher AES-256-CBC
auth SHA256
verb 4
key-direction 1
ns-cert-type server
auth-user-pass
Server log --verbose 4:
Client log --verbose 4:
I hope thats enough info. I know that i'am missing something, have been a few days with this issue but didn't find anything that worked for me yet.
So, my goal is that my users can login with USERNAME, PASSWORD + MFA code from Google authenticator. I got it working following some guides and oficial docs but i noticed that no password is beign validated, i mean that i can put just the code from Google app and i can login without problem -> i dont want that. Followed this guide for MFA -> https://medium.com/@egonbraun/using-goo ... 4e4acc2852
Also i find something weird: i can log in using client1.ovpn with client2's username + MFA code.. i don't understand why ¿maybe i'm no validating client side cert?.
Goal:
That user can login with Linux/Unix USERNAME, PASSWORD + MFA
Setup:
I'm doing routing openvpn. My openvpn server is behind my router so is not the default GW.
Server OS: Debian 10
Config:
pam.d openvpn config
auth requisite /usr/lib/x86_64-linux-gnu/security/pam_google_authenticator.so secret=/etc/openvpn/google-authenticator/${USER} user=gauth forward_pass
Server conf
port 1194
proto udp4
dev tun0
ca ca.crt
cert server.crt
key server.key # This file should be kept secret
dh dh.pem
server 10.8.0.0 255.255.255.0 'nopool'
ifconfig-pool-persist /var/log/openvpn/ipp.txt
ifconfig-pool 10.8.0.50 10.8.0.100
push "route 192.168.1.0 255.255.255.0"
keepalive 10 120
tls-auth ta.key 0 # This file is secret
cipher AES-256-CBC
user nobody
group nogroup
persist-key
persist-tun
status /var/log/openvpn/openvpn-status.log
log /var/log/openvpn/openvpn.log
verb 4
explicit-exit-notify 1
auth SHA256
crl-verify crl.pem
plugin /usr/lib/x86_64-linux-gnu/openvpn/plugins/openvpn-plugin-auth-pam.so openvpn
Client conf
client
dev tun
proto udp4
remote x.y.z.t randomport
resolv-retry infinite
nobind
user nobody
group nobody
persist-key
persist-tun
remote-cert-tls server
cipher AES-256-CBC
auth SHA256
verb 4
key-direction 1
ns-cert-type server
auth-user-pass
Server log --verbose 4:
Code: Select all
Mon Oct 26 14:58:52 2020 us=230914 MULTI: multi_create_instance called
Mon Oct 26 14:58:52 2020 us=230953 OTHERPUBLICIP:49683 Re-using SSL/TLS context
Mon Oct 26 14:58:52 2020 us=231022 OTHERPUBLICIP:49683 Control Channel MTU parms [ L:1621 D:1172 EF:78 EB:0 ET:0 EL:3 ]
Mon Oct 26 14:58:52 2020 us=231037 OTHERPUBLICIP:49683 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
Mon Oct 26 14:58:52 2020 us=231076 OTHERPUBLICIP:49683 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1569,tun-mtu 1500,proto UDPv4,keydir 0,cipher AES-256-CBC,auth SHA256,keysize 256,tls-auth,key-method 2,tls-server'
Mon Oct 26 14:58:52 2020 us=231087 OTHERPUBLICIP:49683 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1569,tun-mtu 1500,proto UDPv4,keydir 1,cipher AES-256-CBC,auth SHA256,keysize 256,tls-auth,key-method 2,tls-client'
Mon Oct 26 14:58:52 2020 us=231115 OTHERPUBLICIP:49683 TLS: Initial packet from [AF_INET]OTHERPUBLICIP:49683, sid=df2181be 964a3398
Mon Oct 26 14:58:52 2020 us=298504 OTHERPUBLICIP:49683 VERIFY OK: depth=1, CN=Easy-RSA CA
Mon Oct 26 14:58:52 2020 us=298806 OTHERPUBLICIP:49683 VERIFY OK: depth=0, CN=client1
Mon Oct 26 14:58:52 2020 us=299336 OTHERPUBLICIP:49683 peer info: IV_VER=2.4.9
Mon Oct 26 14:58:52 2020 us=299379 OTHERPUBLICIP:49683 peer info: IV_PLAT=win
Mon Oct 26 14:58:52 2020 us=299400 OTHERPUBLICIP:49683 peer info: IV_PROTO=2
Mon Oct 26 14:58:52 2020 us=299419 OTHERPUBLICIP:49683 peer info: IV_NCP=2
Mon Oct 26 14:58:52 2020 us=299438 OTHERPUBLICIP:49683 peer info: IV_LZ4=1
Mon Oct 26 14:58:52 2020 us=299457 OTHERPUBLICIP:49683 peer info: IV_LZ4v2=1
Mon Oct 26 14:58:52 2020 us=299476 OTHERPUBLICIP:49683 peer info: IV_LZO=1
Mon Oct 26 14:58:52 2020 us=299495 OTHERPUBLICIP:49683 peer info: IV_COMP_STUB=1
Mon Oct 26 14:58:52 2020 us=299529 OTHERPUBLICIP:49683 peer info: IV_COMP_STUBv2=1
Mon Oct 26 14:58:52 2020 us=299547 OTHERPUBLICIP:49683 peer info: IV_TCPNL=1
Mon Oct 26 14:58:52 2020 us=299566 OTHERPUBLICIP:49683 peer info: IV_GUI_VER=OpenVPN_GUI_11
AUTH-PAM: BACKGROUND: received command code: 0
AUTH-PAM: BACKGROUND: USER: client1
AUTH-PAM: BACKGROUND: my_conv[0] query='login:' style=2
AUTH-PAM: BACKGROUND: name match found, query/match-string ['login:', 'login'] = 'USERNAME'
AUTH-PAM: BACKGROUND: my_conv[0] query='Password & verification code: ' style=1
AUTH-PAM: BACKGROUND: name match found, query/match-string ['Password & verification code: ', 'password'] = 'PASSWORD'
Mon Oct 26 14:58:52 2020 us=349684 OTHERPUBLICIP:49683 PLUGIN_CALL: POST /usr/lib/x86_64-linux-gnu/openvpn/plugins/openvpn-plugin-auth-pam.so/PLUGIN_AUTH_USER_PASS_VERIFY status=0
Mon Oct 26 14:58:52 2020 us=349726 OTHERPUBLICIP:49683 TLS: Username/Password authentication succeeded for username 'client1'
Mon Oct 26 14:58:52 2020 us=360267 OTHERPUBLICIP:49683 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 2048 bit RSA
Mon Oct 26 14:58:52 2020 us=360303 OTHERPUBLICIP:49683 [client1] Peer Connection Initiated with [AF_INET]OTHERPUBLICIP:49683
Mon Oct 26 14:58:52 2020 us=360396 MULTI: new connection by client 'client1' will cause previous active sessions by this client to be dropped. Remember to use the --duplicate-cn option if you want multiple clients using the same certificate or username to concurrently connect.
Mon Oct 26 14:58:52 2020 us=360415 MULTI_sva: pool returned IPv4=10.8.0.50, IPv6=(Not enabled)
Mon Oct 26 14:58:52 2020 us=360501 MULTI: Learn: 10.8.0.50 -> client1/OTHERPUBLICIP:49683
Mon Oct 26 14:58:52 2020 us=360524 MULTI: primary virtual IP for client1/OTHERPUBLICIP:49683: 10.8.0.50
Mon Oct 26 14:58:53 2020 us=405412 client1/OTHERPUBLICIP:49683 PUSH: Received control message: 'PUSH_REQUEST'
Mon Oct 26 14:58:53 2020 us=405549 client1/OTHERPUBLICIP:49683 SENT CONTROL [client1]: 'PUSH_REPLY,route 192.168.1.0 255.255.255.0,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.8.0.50 255.255.255.0,peer-id 0,cipher AES-256-GCM' (status=1)
Mon Oct 26 14:58:53 2020 us=405580 client1/OTHERPUBLICIP:49683 Data Channel: using negotiated cipher 'AES-256-GCM'
Mon Oct 26 14:58:53 2020 us=405620 client1/OTHERPUBLICIP:49683 Data Channel MTU parms [ L:1549 D:1450 EF:49 EB:406 ET:0 EL:3 ]
Mon Oct 26 14:58:53 2020 us=405789 client1/OTHERPUBLICIP:49683 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Mon Oct 26 14:58:53 2020 us=405818 client1/OTHERPUBLICIP:49683 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Code: Select all
Mon Oct 26 14:58:53 2020 pkcs11_protected_authentication = DISABLED
Mon Oct 26 14:58:53 2020 pkcs11_private_mode = 00000000
Mon Oct 26 14:58:53 2020 pkcs11_private_mode = 00000000
Mon Oct 26 14:58:53 2020 pkcs11_private_mode = 00000000
Mon Oct 26 14:58:53 2020 pkcs11_private_mode = 00000000
Mon Oct 26 14:58:53 2020 pkcs11_private_mode = 00000000
Mon Oct 26 14:58:53 2020 pkcs11_private_mode = 00000000
Mon Oct 26 14:58:53 2020 pkcs11_private_mode = 00000000
Mon Oct 26 14:58:53 2020 pkcs11_private_mode = 00000000
Mon Oct 26 14:58:53 2020 pkcs11_private_mode = 00000000
Mon Oct 26 14:58:53 2020 pkcs11_private_mode = 00000000
Mon Oct 26 14:58:53 2020 pkcs11_private_mode = 00000000
Mon Oct 26 14:58:53 2020 pkcs11_private_mode = 00000000
Mon Oct 26 14:58:53 2020 pkcs11_private_mode = 00000000
Mon Oct 26 14:58:53 2020 pkcs11_private_mode = 00000000
Mon Oct 26 14:58:53 2020 pkcs11_private_mode = 00000000
Mon Oct 26 14:58:53 2020 pkcs11_private_mode = 00000000
Mon Oct 26 14:58:53 2020 pkcs11_cert_private = DISABLED
Mon Oct 26 14:58:53 2020 pkcs11_cert_private = DISABLED
Mon Oct 26 14:58:53 2020 pkcs11_cert_private = DISABLED
Mon Oct 26 14:58:53 2020 pkcs11_cert_private = DISABLED
Mon Oct 26 14:58:53 2020 pkcs11_cert_private = DISABLED
Mon Oct 26 14:58:53 2020 pkcs11_cert_private = DISABLED
Mon Oct 26 14:58:53 2020 pkcs11_cert_private = DISABLED
Mon Oct 26 14:58:53 2020 pkcs11_cert_private = DISABLED
Mon Oct 26 14:58:53 2020 pkcs11_cert_private = DISABLED
Mon Oct 26 14:58:53 2020 pkcs11_cert_private = DISABLED
Mon Oct 26 14:58:53 2020 pkcs11_cert_private = DISABLED
Mon Oct 26 14:58:53 2020 pkcs11_cert_private = DISABLED
Mon Oct 26 14:58:53 2020 pkcs11_cert_private = DISABLED
Mon Oct 26 14:58:53 2020 pkcs11_cert_private = DISABLED
Mon Oct 26 14:58:53 2020 pkcs11_cert_private = DISABLED
Mon Oct 26 14:58:53 2020 pkcs11_cert_private = DISABLED
Mon Oct 26 14:58:53 2020 pkcs11_pin_cache_period = -1
Mon Oct 26 14:58:53 2020 pkcs11_id = '[UNDEF]'
Mon Oct 26 14:58:53 2020 pkcs11_id_management = DISABLED
Mon Oct 26 14:58:53 2020 server_network = 0.0.0.0
Mon Oct 26 14:58:53 2020 server_netmask = 0.0.0.0
Mon Oct 26 14:58:53 2020 server_network_ipv6 = ::
Mon Oct 26 14:58:53 2020 server_netbits_ipv6 = 0
Mon Oct 26 14:58:53 2020 server_bridge_ip = 0.0.0.0
Mon Oct 26 14:58:53 2020 server_bridge_netmask = 0.0.0.0
Mon Oct 26 14:58:53 2020 server_bridge_pool_start = 0.0.0.0
Mon Oct 26 14:58:53 2020 server_bridge_pool_end = 0.0.0.0
Mon Oct 26 14:58:53 2020 ifconfig_pool_defined = DISABLED
Mon Oct 26 14:58:53 2020 ifconfig_pool_start = 0.0.0.0
Mon Oct 26 14:58:53 2020 ifconfig_pool_end = 0.0.0.0
Mon Oct 26 14:58:53 2020 ifconfig_pool_netmask = 0.0.0.0
Mon Oct 26 14:58:53 2020 ifconfig_pool_persist_filename = '[UNDEF]'
Mon Oct 26 14:58:53 2020 ifconfig_pool_persist_refresh_freq = 600
Mon Oct 26 14:58:53 2020 ifconfig_ipv6_pool_defined = DISABLED
Mon Oct 26 14:58:53 2020 ifconfig_ipv6_pool_base = ::
Mon Oct 26 14:58:53 2020 ifconfig_ipv6_pool_netbits = 0
Mon Oct 26 14:58:53 2020 n_bcast_buf = 256
Mon Oct 26 14:58:53 2020 tcp_queue_limit = 64
Mon Oct 26 14:58:53 2020 real_hash_size = 256
Mon Oct 26 14:58:53 2020 virtual_hash_size = 256
Mon Oct 26 14:58:53 2020 client_connect_script = '[UNDEF]'
Mon Oct 26 14:58:53 2020 learn_address_script = '[UNDEF]'
Mon Oct 26 14:58:53 2020 client_disconnect_script = '[UNDEF]'
Mon Oct 26 14:58:53 2020 client_config_dir = '[UNDEF]'
Mon Oct 26 14:58:53 2020 ccd_exclusive = DISABLED
Mon Oct 26 14:58:53 2020 tmp_dir = 'C:\Users\USERNAME~1\AppData\Local\Temp\'
Mon Oct 26 14:58:53 2020 push_ifconfig_defined = DISABLED
Mon Oct 26 14:58:53 2020 push_ifconfig_local = 0.0.0.0
Mon Oct 26 14:58:53 2020 push_ifconfig_remote_netmask = 0.0.0.0
Mon Oct 26 14:58:53 2020 push_ifconfig_ipv6_defined = DISABLED
Mon Oct 26 14:58:53 2020 push_ifconfig_ipv6_local = ::/0
Mon Oct 26 14:58:53 2020 push_ifconfig_ipv6_remote = ::
Mon Oct 26 14:58:53 2020 enable_c2c = DISABLED
Mon Oct 26 14:58:53 2020 duplicate_cn = DISABLED
Mon Oct 26 14:58:53 2020 cf_max = 0
Mon Oct 26 14:58:53 2020 cf_per = 0
Mon Oct 26 14:58:53 2020 max_clients = 1024
Mon Oct 26 14:58:53 2020 max_routes_per_client = 256
Mon Oct 26 14:58:53 2020 auth_user_pass_verify_script = '[UNDEF]'
Mon Oct 26 14:58:53 2020 auth_user_pass_verify_script_via_file = DISABLED
Mon Oct 26 14:58:53 2020 auth_token_generate = DISABLED
Mon Oct 26 14:58:53 2020 auth_token_lifetime = 0
Mon Oct 26 14:58:53 2020 client = ENABLED
Mon Oct 26 14:58:53 2020 pull = ENABLED
Mon Oct 26 14:58:53 2020 auth_user_pass_file = 'stdin'
Mon Oct 26 14:58:53 2020 show_net_up = DISABLED
Mon Oct 26 14:58:53 2020 route_method = 0
Mon Oct 26 14:58:53 2020 block_outside_dns = DISABLED
Mon Oct 26 14:58:53 2020 ip_win32_defined = DISABLED
Mon Oct 26 14:58:53 2020 ip_win32_type = 3
Mon Oct 26 14:58:53 2020 dhcp_masq_offset = 0
Mon Oct 26 14:58:53 2020 dhcp_lease_time = 31536000
Mon Oct 26 14:58:53 2020 tap_sleep = 0
Mon Oct 26 14:58:53 2020 dhcp_options = DISABLED
Mon Oct 26 14:58:53 2020 dhcp_renew = DISABLED
Mon Oct 26 14:58:53 2020 dhcp_pre_release = DISABLED
Mon Oct 26 14:58:53 2020 domain = '[UNDEF]'
Mon Oct 26 14:58:53 2020 netbios_scope = '[UNDEF]'
Mon Oct 26 14:58:53 2020 netbios_node_type = 0
Mon Oct 26 14:58:53 2020 disable_nbt = DISABLED
Mon Oct 26 14:58:53 2020 OpenVPN 2.4.9 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Apr 16 2020
Mon Oct 26 14:58:53 2020 Windows version 6.2 (Windows 8 or greater) 32bit
Mon Oct 26 14:58:53 2020 library versions: OpenSSL 1.1.1f 31 Mar 2020, LZO 2.10
Mon Oct 26 14:58:53 2020 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Mon Oct 26 14:58:53 2020 Need hold release from management interface, waiting...
Mon Oct 26 14:58:53 2020 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Mon Oct 26 14:58:53 2020 MANAGEMENT: CMD 'state on'
Mon Oct 26 14:58:53 2020 MANAGEMENT: CMD 'log all on'
Mon Oct 26 14:58:56 2020 MANAGEMENT: CMD 'echo all on'
Mon Oct 26 14:58:56 2020 MANAGEMENT: CMD 'bytecount 5'
Mon Oct 26 14:58:56 2020 MANAGEMENT: CMD 'hold off'
Mon Oct 26 14:58:56 2020 MANAGEMENT: CMD 'hold release'
Mon Oct 26 14:59:01 2020 MANAGEMENT: CMD 'username "Auth" "client1"'
Mon Oct 26 14:59:01 2020 MANAGEMENT: CMD 'password [...]'
Mon Oct 26 14:59:01 2020 WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
Mon Oct 26 14:59:01 2020 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Mon Oct 26 14:59:01 2020 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Mon Oct 26 14:59:01 2020 Control Channel MTU parms [ L:1621 D:1172 EF:78 EB:0 ET:0 EL:3 ]
Mon Oct 26 14:59:01 2020 MANAGEMENT: >STATE:1603735141,RESOLVE,,,,,,
Mon Oct 26 14:59:01 2020 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
Mon Oct 26 14:59:01 2020 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1569,tun-mtu 1500,proto UDPv4,keydir 1,cipher AES-256-CBC,auth SHA256,keysize 256,tls-auth,key-method 2,tls-client'
Mon Oct 26 14:59:01 2020 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1569,tun-mtu 1500,proto UDPv4,keydir 0,cipher AES-256-CBC,auth SHA256,keysize 256,tls-auth,key-method 2,tls-server'
Mon Oct 26 14:59:01 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]PUBLICIP:PORT
Mon Oct 26 14:59:01 2020 Socket Buffers: R=[65536->65536] S=[65536->65536]
Mon Oct 26 14:59:01 2020 UDPv4 link local: (not bound)
Mon Oct 26 14:59:01 2020 UDPv4 link remote: [AF_INET]PUBLICIP:PORT
Mon Oct 26 14:59:01 2020 MANAGEMENT: >STATE:1603735141,WAIT,,,,,,
Mon Oct 26 14:59:01 2020 MANAGEMENT: >STATE:1603735141,AUTH,,,,,,
Mon Oct 26 14:59:01 2020 TLS: Initial packet from [AF_INET]PUBLICIP:PORT, sid=719b0d63 91306fd7
Mon Oct 26 14:59:01 2020 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Mon Oct 26 14:59:01 2020 VERIFY OK: depth=1, CN=Easy-RSA CA
Mon Oct 26 14:59:01 2020 VERIFY OK: nsCertType=SERVER
Mon Oct 26 14:59:01 2020 VERIFY KU OK
Mon Oct 26 14:59:01 2020 Validating certificate extended key usage
Mon Oct 26 14:59:01 2020 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Mon Oct 26 14:59:01 2020 VERIFY EKU OK
Mon Oct 26 14:59:01 2020 VERIFY OK: depth=0, CN=server
Mon Oct 26 14:59:01 2020 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 2048 bit RSA
Mon Oct 26 14:59:01 2020 [server] Peer Connection Initiated with [AF_INET]PUBLICIP:PORT
Mon Oct 26 14:59:02 2020 MANAGEMENT: >STATE:1603735142,GET_CONFIG,,,,,,
Mon Oct 26 14:59:02 2020 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Mon Oct 26 14:59:02 2020 PUSH: Received control message: 'PUSH_REPLY,route 192.168.1.0 255.255.255.0,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.8.0.50 255.255.255.0,peer-id 0,cipher AES-256-GCM'
Mon Oct 26 14:59:02 2020 OPTIONS IMPORT: timers and/or timeouts modified
Mon Oct 26 14:59:02 2020 OPTIONS IMPORT: --ifconfig/up options modified
Mon Oct 26 14:59:02 2020 OPTIONS IMPORT: route options modified
Mon Oct 26 14:59:02 2020 OPTIONS IMPORT: route-related options modified
Mon Oct 26 14:59:02 2020 OPTIONS IMPORT: peer-id set
Mon Oct 26 14:59:02 2020 OPTIONS IMPORT: adjusting link_mtu to 1624
Mon Oct 26 14:59:02 2020 OPTIONS IMPORT: data channel crypto options modified
Mon Oct 26 14:59:02 2020 Data Channel: using negotiated cipher 'AES-256-GCM'
Mon Oct 26 14:59:02 2020 Data Channel MTU parms [ L:1552 D:1450 EF:52 EB:406 ET:0 EL:3 ]
Mon Oct 26 14:59:02 2020 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Mon Oct 26 14:59:02 2020 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Mon Oct 26 14:59:02 2020 interactive service msg_channel=0
Mon Oct 26 14:59:02 2020 ROUTE_GATEWAY 192.168.88.1/255.255.255.0 I=4 HWADDR=48:d2:24:65:54:ca
Mon Oct 26 14:59:02 2020 open_tun
Mon Oct 26 14:59:02 2020 TAP-WIN32 device [Conexión de área local 2] opened: \\.\Global\{12922884-3347-4003-91C6-BA27013F4332}.tap
Mon Oct 26 14:59:02 2020 TAP-Windows Driver Version 9.24
Mon Oct 26 14:59:02 2020 TAP-Windows MTU=1500
Mon Oct 26 14:59:02 2020 Set TAP-Windows TUN subnet mode network/local/netmask = 10.8.0.0/10.8.0.50/255.255.255.0 [SUCCEEDED]
Mon Oct 26 14:59:02 2020 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.8.0.50/255.255.255.0 on interface {12922884-3347-4003-91C6-BA27013F4332} [DHCP-serv: 10.8.0.254, lease-time: 31536000]
Mon Oct 26 14:59:02 2020 Successful ARP Flush on interface [30] {12922884-3347-4003-91C6-BA27013F4332}
Mon Oct 26 14:59:02 2020 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Mon Oct 26 14:59:02 2020 MANAGEMENT: >STATE:1603735142,ASSIGN_IP,,10.8.0.50,,,,
Mon Oct 26 14:59:07 2020 TEST ROUTES: 1/1 succeeded len=1 ret=1 a=0 u/d=up
Mon Oct 26 14:59:07 2020 MANAGEMENT: >STATE:1603735147,ADD_ROUTES,,,,,,
Mon Oct 26 14:59:07 2020 C:\Windows\system32\route.exe ADD 192.168.1.0 MASK 255.255.255.0 10.8.0.1
Mon Oct 26 14:59:07 2020 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=10 and dwForwardType=4
Mon Oct 26 14:59:07 2020 Route addition via IPAPI succeeded [adaptive]
Mon Oct 26 14:59:07 2020 Initialization Sequence Completed
Mon Oct 26 14:59:07 2020 MANAGEMENT: >STATE:1603735147,CONNECTED,SUCCESS,10.8.0.50,PUBLICIP,PORT,,