How to debug "Outgoing TUN queue full"?

This forum is for admins who are looking to build or expand their OpenVPN setup.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
choin
OpenVpn Newbie
Posts: 8
Joined: Fri Jul 22, 2022 8:00 pm

How to debug "Outgoing TUN queue full"?

Post by choin » Fri Jul 22, 2022 9:04 pm

I'm absolutely devastated by this issue. Lost packets and lost connectivity for no reason. No wireless, direct ping outside of VPN is stable. I even switched to "dev tap" instead of "dev tun" on server and clients but it still happens. Latest 2.5.7 (Windows) installed everywhere.

My server is inside a network, with TCP port forwarded to it for OpenVPN. Clients have issues both inside the network and outside of it.

Server:

Code: Select all

port <snip>
proto tcp
dev tap
dev-node <snip>
dh C:\\OpenVPN\\<snip>.pem
ca C:\\OpenVPN\\<snip>.crt
cert C:\\OpenVPN\\<snip>.crt
key C:\\OpenVPN\\<snip>.key
crl-verify C:\\OpenVPN\\<snip>.pem 
server <snip> 255.255.255.0
client-to-client
topology subnet
client-config-dir "C:\\OpenVPN\\<snip>"
ifconfig-pool-persist "C:\\OpenVPN\\<snip>"
push "dhcp-option DNS <snip>"
max-clients 32
keepalive 10 120
comp-lzo
persist-key
persist-tun
tls-auth C:\\OpenVPN\\<snip>.key 0
cipher AES-256-CBC
auth SHA1
verb 4
mute 20
status C:\\OpenVPN\\<snip>.log
log C:\\OpenVPN\\<snip>.log
Clients:

Code: Select all

client
resolv-retry infinite
dev tap
dev-node <snip>
proto tcp
remote <snip> <snip>
server-poll-timeout 2
ca <snip>
cert <snip>
key <snip>
tls-client
remote-cert-tls server
tls-auth <snip> 1
cipher AES-256-CBC
auth SHA1
auth-nocache
comp-lzo
float
keepalive 10 120
persist-key
persist-tun
verb 3
script-security 2
dhcp-option DNS <snip>
dhcp-option DOMAIN <snip>
Seems like I can only ever get 1 client to work stable at a time.
Could Cisco ASA be the source of the problem?

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: How to debug "Outgoing TUN queue full"?

Post by TinCanTech » Fri Jul 22, 2022 10:48 pm

choin wrote:
Fri Jul 22, 2022 9:04 pm
I even switched to "dev tap" instead of "dev tun" on server and clients
Maybe you should read what the difference between the two is .. because that is a very bad idea.

choin
OpenVpn Newbie
Posts: 8
Joined: Fri Jul 22, 2022 8:00 pm

Re: How to debug "Outgoing TUN queue full"?

Post by choin » Fri Jul 22, 2022 10:57 pm

TinCanTech wrote:
Fri Jul 22, 2022 10:48 pm
choin wrote:
Fri Jul 22, 2022 9:04 pm
I even switched to "dev tap" instead of "dev tun" on server and clients
Maybe you should read what the difference between the two is .. because that is a very bad idea.
A number of discussions suggest to use TAP instead of TUN for accessing the network properly, and I didn't find much bad in the documentation about it. Only that it has to be equal on server and clients.

Either way, it doesn't seem to affect the issue with "Outgoing TUN queue full". Would like to get actual help with it.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: How to debug "Outgoing TUN queue full"?

Post by TinCanTech » Fri Jul 22, 2022 11:05 pm

choin wrote:
Fri Jul 22, 2022 10:57 pm
A number of discussions suggest to use TAP instead of TUN for ...
They are ALL wrong.

choin
OpenVpn Newbie
Posts: 8
Joined: Fri Jul 22, 2022 8:00 pm

Re: How to debug "Outgoing TUN queue full"?

Post by choin » Fri Jul 22, 2022 11:12 pm

TinCanTech wrote:
Fri Jul 22, 2022 11:05 pm
choin wrote:
Fri Jul 22, 2022 10:57 pm
A number of discussions suggest to use TAP instead of TUN for ...
They are ALL wrong.
I don't deny that and am willing to revert anything or everything. I just never had a good experience with OpenVPN to know which settings I'm supposed to use.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: How to debug "Outgoing TUN queue full"?

Post by TinCanTech » Fri Jul 22, 2022 11:16 pm

Then you should read the official documentation not random blogs.

Start with the howto. https://community.openvpn.net/openvpn/wiki/HOWTO

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: How to debug "Outgoing TUN queue full"?

Post by TinCanTech » Fri Jul 22, 2022 11:24 pm

choin wrote:
Fri Jul 22, 2022 10:57 pm
A number of discussions suggest to use TAP instead of TUN for
Show me ..

choin
OpenVpn Newbie
Posts: 8
Joined: Fri Jul 22, 2022 8:00 pm

Re: How to debug "Outgoing TUN queue full"?

Post by choin » Sat Jul 23, 2022 11:18 am

Would it be possible to just tell what I am doing wrong? Tried UDP, different ports. Tried creating configs from scratch. Not even testing remote clients, it's all local, just 1 server and 1 client. Got rid of all WARNINGs. The following very basic configs still result in random packet losses during ping and "Outgoing TUN queue full, dropped packet len=52" / "Outgoing TUN queue full, dropped packet len=60".

Server

Code: Select all

port 1195
local 192.168.0.5
proto tcp
dev tun
dev-node "OpenVPN"
server 172.17.8.0 255.255.255.0
topology subnet
max-clients 32
keepalive 10 120

auth SHA1
data-ciphers-fallback AES-256-CBC
*auth files*
Client

Code: Select all

client
remote 192.168.0.5 1195
proto tcp
dev tun
dev-node "OpenVPN"
tun-mtu 1500
keepalive 10 120

auth-nocache
data-ciphers-fallback AES-256-CBC
*auth files*
It seems I'm missing something basic, like maybe OpenVPN server can't work on virtualized OS, or I need TUN network adapters instead of TAP. How can any queue get full as soon as it receives like 10 PING requests from a single client? Every other service and software seem to work fine in this environment.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: How to debug "Outgoing TUN queue full"?

Post by TinCanTech » Sat Jul 23, 2022 1:47 pm

choin wrote:
Sat Jul 23, 2022 11:18 am
It seems I'm missing something basic
Your latest configs are simple enough to prove that OpenVPN works.
choin wrote:
Sat Jul 23, 2022 11:18 am
Would it be possible to just tell what I am doing wrong?
You are not doing anything wrong, as your latest configs show.

TCP is not recommended for a tunnel but it should work perfectly for your test above.

Packet loss and queue full are usually signs that there is something wrong with your network equipment.
In this case I would even expect your Windows server to work correctly.

You might like to try --verb 4 in your configs and post your log files.
Note: With a local test like this, there isn't really anything security sensitive in your logs but check first anyway.

choin
OpenVpn Newbie
Posts: 8
Joined: Fri Jul 22, 2022 8:00 pm

Re: How to debug "Outgoing TUN queue full"?

Post by choin » Sun Jul 24, 2022 5:48 pm

Server log

Code: Select all

2022-07-24 20:33:50 us=578000 Current Parameter Settings:
2022-07-24 20:33:50 us=578000   config = '*.ovpn'
2022-07-24 20:33:50 us=578000   mode = 1
2022-07-24 20:33:50 us=578000   show_ciphers = DISABLED
2022-07-24 20:33:50 us=578000   show_digests = DISABLED
2022-07-24 20:33:50 us=578000   show_engines = DISABLED
2022-07-24 20:33:50 us=578000   genkey = DISABLED
2022-07-24 20:33:50 us=578000   genkey_filename = '[UNDEF]'
2022-07-24 20:33:50 us=578000   key_pass_file = '[UNDEF]'
2022-07-24 20:33:50 us=578000   show_tls_ciphers = DISABLED
2022-07-24 20:33:50 us=578000   connect_retry_max = 0
2022-07-24 20:33:50 us=578000 Connection profiles [0]:
2022-07-24 20:33:50 us=578000   proto = tcp-server
2022-07-24 20:33:50 us=578000   local = '192.168.0.5'
2022-07-24 20:33:50 us=578000   local_port = '1195'
2022-07-24 20:33:50 us=578000   remote = '[UNDEF]'
2022-07-24 20:33:50 us=578000   remote_port = '1195'
2022-07-24 20:33:50 us=578000   remote_float = DISABLED
2022-07-24 20:33:50 us=578000   bind_defined = DISABLED
2022-07-24 20:33:50 us=578000   bind_local = ENABLED
2022-07-24 20:33:50 us=578000 NOTE: --mute triggered...
2022-07-24 20:33:50 us=578000 283 variation(s) on previous 20 message(s) suppressed by --mute
2022-07-24 20:33:50 us=578000 OpenVPN 2.5.7 Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on May 27 2022
2022-07-24 20:33:50 us=578000 Windows version 6.3 (Windows 8.1) 64bit
2022-07-24 20:33:50 us=578000 library versions: OpenSSL 1.1.1o  3 May 2022, LZO 2.10
2022-07-24 20:33:50 us=578000 NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x.  Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
2022-07-24 20:33:50 us=593000 Diffie-Hellman initialized with 2048 bit key
2022-07-24 20:33:50 us=593000 CRL: loaded 1 CRLs from file *.pem
2022-07-24 20:33:50 us=593000 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2022-07-24 20:33:50 us=593000 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2022-07-24 20:33:50 us=593000 TLS-Auth MTU parms [ L:1623 D:1182 EF:68 EB:0 ET:0 EL:3 ]
2022-07-24 20:33:50 us=593000 interactive service msg_channel=0
2022-07-24 20:33:50 us=593000 open_tun
2022-07-24 20:33:50 us=593000 tap-windows6 device [OpenVPN] opened
2022-07-24 20:33:50 us=593000 TAP-Windows Driver Version 9.24 
2022-07-24 20:33:50 us=593000 TAP-Windows MTU=1500
2022-07-24 20:33:50 us=593000 Set TAP-Windows TUN subnet mode network/local/netmask = 172.17.8.0/172.17.8.1/255.255.255.0 [SUCCEEDED]
2022-07-24 20:33:50 us=593000 Notified TAP-Windows driver to set a DHCP IP/netmask of 172.17.8.1/255.255.255.0 on interface {C61FF8B0-E063-4B69-9017-FEB28DECD11B} [DHCP-serv: 172.17.8.0, lease-time: 31536000]
2022-07-24 20:33:50 us=593000 Sleeping for 10 seconds...
2022-07-24 20:34:00 us=609000 Successful ARP Flush on interface [15] {C61FF8B0-E063-4B69-9017-FEB28DECD11B}
2022-07-24 20:34:00 us=609000 do_ifconfig, ipv4=1, ipv6=0
2022-07-24 20:34:00 us=609000 IPv4 MTU set to 1500 on interface 15 using SetIpInterfaceEntry()
2022-07-24 20:34:00 us=609000 Data Channel MTU parms [ L:1623 D:1450 EF:123 EB:406 ET:0 EL:3 ]
2022-07-24 20:34:00 us=609000 Could not determine IPv4/IPv6 protocol. Using AF_INET
2022-07-24 20:34:00 us=609000 Socket Buffers: R=[65536->65536] S=[65536->65536]
2022-07-24 20:34:00 us=609000 Listening for incoming TCP connection on [AF_INET]192.168.0.5:1195
2022-07-24 20:34:00 us=609000 TCPv4_SERVER link local (bound): [AF_INET]192.168.0.5:1195
2022-07-24 20:34:00 us=609000 TCPv4_SERVER link remote: [AF_UNSPEC]
2022-07-24 20:34:00 us=609000 MULTI: multi_init called, r=256 v=256
2022-07-24 20:34:00 us=609000 IFCONFIG POOL IPv4: base=172.17.8.2 size=253
2022-07-24 20:34:00 us=609000 MULTI: TCP INIT maxclients=32 maxevents=36
2022-07-24 20:34:00 us=609000 Initialization Sequence Completed
2022-07-24 20:34:01 us=218000 MULTI: multi_create_instance called
2022-07-24 20:34:01 us=218000 Re-using SSL/TLS context
2022-07-24 20:34:01 us=218000 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2022-07-24 20:34:01 us=218000 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2022-07-24 20:34:01 us=218000 Control Channel MTU parms [ L:1623 D:1182 EF:68 EB:0 ET:0 EL:3 ]
2022-07-24 20:34:01 us=218000 Data Channel MTU parms [ L:1623 D:1450 EF:123 EB:406 ET:0 EL:3 ]
2022-07-24 20:34:01 us=218000 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1559,tun-mtu 1500,proto TCPv4_SERVER,keydir 0,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
2022-07-24 20:34:01 us=218000 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1559,tun-mtu 1500,proto TCPv4_CLIENT,keydir 1,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
2022-07-24 20:34:01 us=218000 TCP connection established with [AF_INET]192.168.0.111:57368
2022-07-24 20:34:01 us=218000 TCPv4_SERVER link local: (not bound)
2022-07-24 20:34:01 us=218000 TCPv4_SERVER link remote: [AF_INET]192.168.0.111:57368
2022-07-24 20:34:01 us=218000 192.168.0.111:57368 TLS: Initial packet from [AF_INET]192.168.0.111:57368, sid=56506b0c d4ac7d2f
2022-07-24 20:34:01 us=312000 192.168.0.111:57368 VERIFY OK: *
2022-07-24 20:34:01 us=312000 192.168.0.111:57368 VERIFY OK: *
2022-07-24 20:34:01 us=312000 192.168.0.111:57368 peer info: IV_VER=2.5.7
2022-07-24 20:34:01 us=312000 192.168.0.111:57368 peer info: IV_PLAT=win
2022-07-24 20:34:01 us=312000 192.168.0.111:57368 peer info: IV_PROTO=6
2022-07-24 20:34:01 us=312000 192.168.0.111:57368 peer info: IV_NCP=2
2022-07-24 20:34:01 us=312000 192.168.0.111:57368 peer info: IV_CIPHERS=AES-256-GCM:AES-128-GCM
2022-07-24 20:34:01 us=312000 192.168.0.111:57368 peer info: IV_LZ4=1
2022-07-24 20:34:01 us=312000 192.168.0.111:57368 peer info: IV_LZ4v2=1
2022-07-24 20:34:01 us=312000 192.168.0.111:57368 peer info: IV_LZO=1
2022-07-24 20:34:01 us=312000 192.168.0.111:57368 peer info: IV_COMP_STUB=1
2022-07-24 20:34:01 us=312000 192.168.0.111:57368 peer info: IV_COMP_STUBv2=1
2022-07-24 20:34:01 us=312000 192.168.0.111:57368 peer info: IV_TCPNL=1
2022-07-24 20:34:01 us=421000 192.168.0.111:57368 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 4096 bit RSA, signature: RSA-SHA256
2022-07-24 20:34:01 us=421000 192.168.0.111:57368 [client-lan] Peer Connection Initiated with [AF_INET]192.168.0.111:57368
2022-07-24 20:34:01 us=421000 client-lan/192.168.0.111:57368 MULTI_sva: pool returned IPv4=172.17.8.2, IPv6=(Not enabled)
2022-07-24 20:34:01 us=421000 client-lan/192.168.0.111:57368 OPTIONS IMPORT: reading client specific options from: *
2022-07-24 20:34:01 us=421000 client-lan/192.168.0.111:57368 MULTI: Learn: 172.17.8.13 -> client-lan/192.168.0.111:57368
2022-07-24 20:34:01 us=421000 client-lan/192.168.0.111:57368 MULTI: primary virtual IP for client-lan/192.168.0.111:57368: 172.17.8.13
2022-07-24 20:34:01 us=421000 client-lan/192.168.0.111:57368 Data Channel: using negotiated cipher 'AES-256-GCM'
2022-07-24 20:34:01 us=421000 client-lan/192.168.0.111:57368 Data Channel MTU parms [ L:1551 D:1450 EF:51 EB:406 ET:0 EL:3 ]
2022-07-24 20:34:01 us=421000 client-lan/192.168.0.111:57368 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2022-07-24 20:34:01 us=421000 client-lan/192.168.0.111:57368 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2022-07-24 20:34:01 us=421000 client-lan/192.168.0.111:57368 SENT CONTROL [client-lan]: 'PUSH_REPLY,route-gateway 172.17.8.1,topology subnet,ping 10,ping-restart 120,route 192.168.0.0 255.255.255.0,route-gateway 172.17.8.1,route-metric 300,ifconfig 172.17.8.13 255.255.255.0,peer-id 0,cipher AES-256-GCM' (status=1)
2022-07-24 20:34:01 us=875000 client-lan/192.168.0.111:57368 MULTI: bad source address from client [::], packet dropped
2022-07-24 20:34:07 us=953000 client-lan/192.168.0.111:57368 MULTI: Outgoing TUN queue full, dropped packet len=52
2022-07-24 20:34:08 us=953000 client-lan/192.168.0.111:57368 MULTI: Outgoing TUN queue full, dropped packet len=52
2022-07-24 20:34:10 us=500000 client-lan/192.168.0.111:57368 MULTI: Outgoing TUN queue full, dropped packet len=60
2022-07-24 20:34:11 us=515000 client-lan/192.168.0.111:57368 MULTI: Outgoing TUN queue full, dropped packet len=52
2022-07-24 20:34:13 us=515000 client-lan/192.168.0.111:57368 MULTI: Outgoing TUN queue full, dropped packet len=52
2022-07-24 20:34:14 us=531000 client-lan/192.168.0.111:57368 MULTI: Outgoing TUN queue full, dropped packet len=52
2022-07-24 20:34:16 us=500000 client-lan/192.168.0.111:57368 MULTI: Outgoing TUN queue full, dropped packet len=52
2022-07-24 20:34:17 us=500000 client-lan/192.168.0.111:57368 MULTI: Outgoing TUN queue full, dropped packet len=52
2022-07-24 20:34:19 us=500000 client-lan/192.168.0.111:57368 MULTI: Outgoing TUN queue full, dropped packet len=52
2022-07-24 20:34:20 us=500000 client-lan/192.168.0.111:57368 MULTI: Outgoing TUN queue full, dropped packet len=52
2022-07-24 20:34:21 us=500000 client-lan/192.168.0.111:57368 MULTI: Outgoing TUN queue full, dropped packet len=52
2022-07-24 20:34:22 us=500000 client-lan/192.168.0.111:57368 MULTI: Outgoing TUN queue full, dropped packet len=52
2022-07-24 20:34:23 us=500000 client-lan/192.168.0.111:57368 MULTI: Outgoing TUN queue full, dropped packet len=52
2022-07-24 20:34:24 us=500000 client-lan/192.168.0.111:57368 MULTI: Outgoing TUN queue full, dropped packet len=52
2022-07-24 20:34:25 us=500000 client-lan/192.168.0.111:57368 MULTI: Outgoing TUN queue full, dropped packet len=52
2022-07-24 20:34:26 us=500000 client-lan/192.168.0.111:57368 MULTI: Outgoing TUN queue full, dropped packet len=52
2022-07-24 20:34:28 us=500000 client-lan/192.168.0.111:57368 MULTI: Outgoing TUN queue full, dropped packet len=60
2022-07-24 20:34:29 us=515000 client-lan/192.168.0.111:57368 MULTI: Outgoing TUN queue full, dropped packet len=52
2022-07-24 20:34:34 us=15000 client-lan/192.168.0.111:57368 MULTI: Outgoing TUN queue full, dropped packet len=52
2022-07-24 20:34:35 us=31000 client-lan/192.168.0.111:57368 MULTI: Outgoing TUN queue full, dropped packet len=52
2022-07-24 20:34:36 us=515000 client-lan/192.168.0.111:57368 NOTE: --mute triggered...
2022-07-24 20:34:56 us=125000 client-lan/192.168.0.111:57368 8 variation(s) on previous 20 message(s) suppressed by --mute
2022-07-24 20:34:56 us=125000 client-lan/192.168.0.111:57368 Connection reset, restarting [-1]
2022-07-24 20:34:56 us=125000 client-lan/192.168.0.111:57368 SIGUSR1[soft,connection-reset] received, client-instance restarting
2022-07-24 20:34:56 us=125000 TCP/UDP: Closing socket
2022-07-24 20:35:03 us=93000 TCP/UDP: Closing socket
2022-07-24 20:35:03 us=93000 Closing TUN/TAP interface
2022-07-24 20:35:03 us=109000 TAP: DHCP address released
2022-07-24 20:35:03 us=109000 SIGTERM[hard,] received, process exiting
Client log

Code: Select all

2022-07-24 20:33:58 us=359000 Current Parameter Settings:
2022-07-24 20:33:58 us=359000   config = '*.ovpn'
2022-07-24 20:33:58 us=359000   mode = 0
2022-07-24 20:33:58 us=359000   show_ciphers = DISABLED
2022-07-24 20:33:58 us=359000   show_digests = DISABLED
2022-07-24 20:33:58 us=359000   show_engines = DISABLED
2022-07-24 20:33:58 us=359000   genkey = DISABLED
2022-07-24 20:33:58 us=359000   genkey_filename = '[UNDEF]'
2022-07-24 20:33:58 us=359000   key_pass_file = '[UNDEF]'
2022-07-24 20:33:58 us=359000   show_tls_ciphers = DISABLED
2022-07-24 20:33:58 us=359000   connect_retry_max = 0
2022-07-24 20:33:58 us=359000 Connection profiles [0]:
2022-07-24 20:33:58 us=359000   proto = tcp-client
2022-07-24 20:33:58 us=359000   local = '[UNDEF]'
2022-07-24 20:33:58 us=359000   local_port = '[UNDEF]'
2022-07-24 20:33:58 us=359000   remote = '192.168.0.5'
2022-07-24 20:33:58 us=359000   remote_port = '1195'
2022-07-24 20:33:58 us=359000   remote_float = DISABLED
2022-07-24 20:33:58 us=359000   bind_defined = DISABLED
2022-07-24 20:33:58 us=359000   bind_local = DISABLED
2022-07-24 20:33:58 us=359000   bind_ipv6_only = DISABLED
2022-07-24 20:33:58 us=359000   connect_retry_seconds = 5
2022-07-24 20:33:58 us=359000   connect_timeout = 120
2022-07-24 20:33:58 us=359000   socks_proxy_server = '[UNDEF]'
2022-07-24 20:33:58 us=359000   socks_proxy_port = '[UNDEF]'
2022-07-24 20:33:58 us=359000   tun_mtu = 1500
2022-07-24 20:33:58 us=359000   tun_mtu_defined = ENABLED
2022-07-24 20:33:58 us=359000   link_mtu = 1500
2022-07-24 20:33:58 us=359000   link_mtu_defined = DISABLED
2022-07-24 20:33:58 us=359000   tun_mtu_extra = 0
2022-07-24 20:33:58 us=359000   tun_mtu_extra_defined = DISABLED
2022-07-24 20:33:58 us=359000   mtu_discover_type = -1
2022-07-24 20:33:58 us=359000   fragment = 0
2022-07-24 20:33:58 us=359000   mssfix = 1450
2022-07-24 20:33:58 us=359000   explicit_exit_notification = 0
2022-07-24 20:33:58 us=359000   tls_auth_file = '*.key'
2022-07-24 20:33:58 us=359000   key_direction = 1
2022-07-24 20:33:58 us=359000   tls_crypt_file = '[UNDEF]'
2022-07-24 20:33:58 us=359000   tls_crypt_v2_file = '[UNDEF]'
2022-07-24 20:33:58 us=359000 Connection profiles END
2022-07-24 20:33:58 us=359000   remote_random = DISABLED
2022-07-24 20:33:58 us=359000   ipchange = '[UNDEF]'
2022-07-24 20:33:58 us=359000   dev = 'tun'
2022-07-24 20:33:58 us=359000   dev_type = '[UNDEF]'
2022-07-24 20:33:58 us=359000   dev_node = 'OpenVPN'
2022-07-24 20:33:58 us=359000   lladdr = '[UNDEF]'
2022-07-24 20:33:58 us=359000   topology = 1
2022-07-24 20:33:58 us=359000   ifconfig_local = '[UNDEF]'
2022-07-24 20:33:58 us=359000   ifconfig_remote_netmask = '[UNDEF]'
2022-07-24 20:33:58 us=359000   ifconfig_noexec = DISABLED
2022-07-24 20:33:58 us=359000   ifconfig_nowarn = DISABLED
2022-07-24 20:33:58 us=359000   ifconfig_ipv6_local = '[UNDEF]'
2022-07-24 20:33:58 us=359000   ifconfig_ipv6_netbits = 0
2022-07-24 20:33:58 us=359000   ifconfig_ipv6_remote = '[UNDEF]'
2022-07-24 20:33:58 us=359000   shaper = 0
2022-07-24 20:33:58 us=359000   mtu_test = 0
2022-07-24 20:33:58 us=359000   mlock = DISABLED
2022-07-24 20:33:58 us=359000   keepalive_ping = 10
2022-07-24 20:33:58 us=359000   keepalive_timeout = 120
2022-07-24 20:33:58 us=359000   inactivity_timeout = 0
2022-07-24 20:33:58 us=359000   inactivity_minimum_bytes = 0
2022-07-24 20:33:58 us=359000   ping_send_timeout = 10
2022-07-24 20:33:58 us=359000   ping_rec_timeout = 120
2022-07-24 20:33:58 us=359000   ping_rec_timeout_action = 2
2022-07-24 20:33:58 us=359000   ping_timer_remote = DISABLED
2022-07-24 20:33:58 us=359000   remap_sigusr1 = 0
2022-07-24 20:33:58 us=359000   persist_tun = DISABLED
2022-07-24 20:33:58 us=359000   persist_local_ip = DISABLED
2022-07-24 20:33:58 us=359000   persist_remote_ip = DISABLED
2022-07-24 20:33:58 us=359000   persist_key = DISABLED
2022-07-24 20:33:58 us=359000   passtos = DISABLED
2022-07-24 20:33:58 us=359000   resolve_retry_seconds = 1000000000
2022-07-24 20:33:58 us=359000   resolve_in_advance = DISABLED
2022-07-24 20:33:58 us=359000   username = '[UNDEF]'
2022-07-24 20:33:58 us=359000   groupname = '[UNDEF]'
2022-07-24 20:33:58 us=359000   chroot_dir = '[UNDEF]'
2022-07-24 20:33:58 us=359000   cd_dir = '[UNDEF]'
2022-07-24 20:33:58 us=359000   writepid = '[UNDEF]'
2022-07-24 20:33:58 us=359000   up_script = '[UNDEF]'
2022-07-24 20:33:58 us=359000   down_script = '[UNDEF]'
2022-07-24 20:33:58 us=359000   down_pre = DISABLED
2022-07-24 20:33:58 us=359000   up_restart = DISABLED
2022-07-24 20:33:58 us=359000   up_delay = DISABLED
2022-07-24 20:33:58 us=359000   daemon = DISABLED
2022-07-24 20:33:58 us=359000   inetd = 0
2022-07-24 20:33:58 us=359000   log = DISABLED
2022-07-24 20:33:58 us=359000   suppress_timestamps = DISABLED
2022-07-24 20:33:58 us=359000   machine_readable_output = DISABLED
2022-07-24 20:33:58 us=359000   nice = 0
2022-07-24 20:33:58 us=359000   verbosity = 4
2022-07-24 20:33:58 us=359000   mute = 0
2022-07-24 20:33:58 us=359000   status_file = '[UNDEF]'
2022-07-24 20:33:58 us=359000   status_file_version = 1
2022-07-24 20:33:58 us=359000   status_file_update_freq = 60
2022-07-24 20:33:58 us=359000   occ = ENABLED
2022-07-24 20:33:58 us=359000   rcvbuf = 0
2022-07-24 20:33:58 us=359000   sndbuf = 0
2022-07-24 20:33:58 us=359000   sockflags = 0
2022-07-24 20:33:58 us=359000   fast_io = DISABLED
2022-07-24 20:33:58 us=359000   comp.alg = 0
2022-07-24 20:33:58 us=359000   comp.flags = 0
2022-07-24 20:33:58 us=359000   route_script = '[UNDEF]'
2022-07-24 20:33:58 us=359000   route_default_gateway = '[UNDEF]'
2022-07-24 20:33:58 us=359000   route_default_metric = 0
2022-07-24 20:33:58 us=359000   route_noexec = DISABLED
2022-07-24 20:33:58 us=359000   route_delay = 5
2022-07-24 20:33:58 us=359000   route_delay_window = 30
2022-07-24 20:33:58 us=359000   route_delay_defined = ENABLED
2022-07-24 20:33:58 us=359000   route_nopull = DISABLED
2022-07-24 20:33:58 us=359000   route_gateway_via_dhcp = DISABLED
2022-07-24 20:33:58 us=359000   allow_pull_fqdn = DISABLED
2022-07-24 20:33:58 us=359000   management_addr = '[UNDEF]'
2022-07-24 20:33:58 us=359000   management_port = '[UNDEF]'
2022-07-24 20:33:58 us=359000   management_user_pass = '[UNDEF]'
2022-07-24 20:33:58 us=359000   management_log_history_cache = 250
2022-07-24 20:33:58 us=359000   management_echo_buffer_size = 100
2022-07-24 20:33:58 us=359000   management_write_peer_info_file = '[UNDEF]'
2022-07-24 20:33:58 us=359000   management_client_user = '[UNDEF]'
2022-07-24 20:33:58 us=359000   management_client_group = '[UNDEF]'
2022-07-24 20:33:58 us=359000   management_flags = 0
2022-07-24 20:33:58 us=359000   shared_secret_file = '[UNDEF]'
2022-07-24 20:33:58 us=359000   key_direction = 1
2022-07-24 20:33:58 us=359000   ciphername = 'AES-256-CBC'
2022-07-24 20:33:58 us=359000   ncp_enabled = ENABLED
2022-07-24 20:33:58 us=359000   ncp_ciphers = 'AES-256-GCM:AES-128-GCM'
2022-07-24 20:33:58 us=359000   authname = 'SHA1'
2022-07-24 20:33:58 us=359000   prng_hash = 'SHA1'
2022-07-24 20:33:58 us=359000   prng_nonce_secret_len = 16
2022-07-24 20:33:58 us=359000   keysize = 0
2022-07-24 20:33:58 us=359000   engine = DISABLED
2022-07-24 20:33:58 us=359000   replay = ENABLED
2022-07-24 20:33:58 us=359000   mute_replay_warnings = DISABLED
2022-07-24 20:33:58 us=359000   replay_window = 64
2022-07-24 20:33:58 us=359000   replay_time = 15
2022-07-24 20:33:58 us=359000   packet_id_file = '[UNDEF]'
2022-07-24 20:33:58 us=359000   test_crypto = DISABLED
2022-07-24 20:33:58 us=359000   tls_server = DISABLED
2022-07-24 20:33:58 us=359000   tls_client = ENABLED
2022-07-24 20:33:58 us=359000   ca_file = '*.crt'
2022-07-24 20:33:58 us=359000   ca_path = '[UNDEF]'
2022-07-24 20:33:58 us=359000   dh_file = '[UNDEF]'
2022-07-24 20:33:58 us=359000   cert_file = '*.crt'
2022-07-24 20:33:58 us=359000   extra_certs_file = '[UNDEF]'
2022-07-24 20:33:58 us=359000   priv_key_file = '*.key'
2022-07-24 20:33:58 us=359000   pkcs12_file = '[UNDEF]'
2022-07-24 20:33:58 us=359000   cryptoapi_cert = '[UNDEF]'
2022-07-24 20:33:58 us=359000   cipher_list = '[UNDEF]'
2022-07-24 20:33:58 us=359000   cipher_list_tls13 = '[UNDEF]'
2022-07-24 20:33:58 us=359000   tls_cert_profile = '[UNDEF]'
2022-07-24 20:33:58 us=359000   tls_verify = '[UNDEF]'
2022-07-24 20:33:58 us=359000   tls_export_cert = '[UNDEF]'
2022-07-24 20:33:58 us=359000   verify_x509_type = 0
2022-07-24 20:33:58 us=359000   verify_x509_name = '[UNDEF]'
2022-07-24 20:33:58 us=359000   crl_file = '[UNDEF]'
2022-07-24 20:33:58 us=359000   ns_cert_type = 0
2022-07-24 20:33:58 us=359000   remote_cert_ku[i] = 0
2022-07-24 20:33:58 us=359000   remote_cert_ku[i] = 0
2022-07-24 20:33:58 us=359000   remote_cert_ku[i] = 0
2022-07-24 20:33:58 us=359000   remote_cert_ku[i] = 0
2022-07-24 20:33:58 us=359000   remote_cert_ku[i] = 0
2022-07-24 20:33:58 us=359000   remote_cert_ku[i] = 0
2022-07-24 20:33:58 us=359000   remote_cert_ku[i] = 0
2022-07-24 20:33:58 us=359000   remote_cert_ku[i] = 0
2022-07-24 20:33:58 us=359000   remote_cert_ku[i] = 0
2022-07-24 20:33:58 us=359000   remote_cert_ku[i] = 0
2022-07-24 20:33:58 us=359000   remote_cert_ku[i] = 0
2022-07-24 20:33:58 us=359000   remote_cert_ku[i] = 0
2022-07-24 20:33:58 us=359000   remote_cert_ku[i] = 0
2022-07-24 20:33:58 us=359000   remote_cert_ku[i] = 0
2022-07-24 20:33:58 us=359000   remote_cert_ku[i] = 0
2022-07-24 20:33:58 us=359000   remote_cert_ku[i] = 0
2022-07-24 20:33:58 us=359000   remote_cert_eku = '[UNDEF]'
2022-07-24 20:33:58 us=359000   ssl_flags = 0
2022-07-24 20:33:58 us=359000   tls_timeout = 2
2022-07-24 20:33:58 us=359000   renegotiate_bytes = -1
2022-07-24 20:33:58 us=359000   renegotiate_packets = 0
2022-07-24 20:33:58 us=359000   renegotiate_seconds = 3600
2022-07-24 20:33:58 us=359000   handshake_window = 60
2022-07-24 20:33:58 us=359000   transition_window = 3600
2022-07-24 20:33:58 us=359000   single_session = DISABLED
2022-07-24 20:33:58 us=359000   push_peer_info = DISABLED
2022-07-24 20:33:58 us=359000   tls_exit = DISABLED
2022-07-24 20:33:58 us=359000   tls_crypt_v2_metadata = '[UNDEF]'
2022-07-24 20:33:58 us=359000   pkcs11_protected_authentication = DISABLED
2022-07-24 20:33:58 us=359000   pkcs11_protected_authentication = DISABLED
2022-07-24 20:33:58 us=359000   pkcs11_protected_authentication = DISABLED
2022-07-24 20:33:58 us=359000   pkcs11_protected_authentication = DISABLED
2022-07-24 20:33:58 us=359000   pkcs11_protected_authentication = DISABLED
2022-07-24 20:33:58 us=359000   pkcs11_protected_authentication = DISABLED
2022-07-24 20:33:58 us=359000   pkcs11_protected_authentication = DISABLED
2022-07-24 20:33:58 us=359000   pkcs11_protected_authentication = DISABLED
2022-07-24 20:33:58 us=359000   pkcs11_protected_authentication = DISABLED
2022-07-24 20:33:58 us=359000   pkcs11_protected_authentication = DISABLED
2022-07-24 20:33:58 us=359000   pkcs11_protected_authentication = DISABLED
2022-07-24 20:33:58 us=359000   pkcs11_protected_authentication = DISABLED
2022-07-24 20:33:58 us=359000   pkcs11_protected_authentication = DISABLED
2022-07-24 20:33:58 us=359000   pkcs11_protected_authentication = DISABLED
2022-07-24 20:33:58 us=359000   pkcs11_protected_authentication = DISABLED
2022-07-24 20:33:58 us=359000   pkcs11_protected_authentication = DISABLED
2022-07-24 20:33:58 us=359000   pkcs11_private_mode = 00000000
2022-07-24 20:33:58 us=359000   pkcs11_private_mode = 00000000
2022-07-24 20:33:58 us=359000   pkcs11_private_mode = 00000000
2022-07-24 20:33:58 us=359000   pkcs11_private_mode = 00000000
2022-07-24 20:33:58 us=359000   pkcs11_private_mode = 00000000
2022-07-24 20:33:58 us=359000   pkcs11_private_mode = 00000000
2022-07-24 20:33:58 us=359000   pkcs11_private_mode = 00000000
2022-07-24 20:33:58 us=359000   pkcs11_private_mode = 00000000
2022-07-24 20:33:58 us=359000   pkcs11_private_mode = 00000000
2022-07-24 20:33:58 us=359000   pkcs11_private_mode = 00000000
2022-07-24 20:33:58 us=359000   pkcs11_private_mode = 00000000
2022-07-24 20:33:58 us=359000   pkcs11_private_mode = 00000000
2022-07-24 20:33:58 us=359000   pkcs11_private_mode = 00000000
2022-07-24 20:33:58 us=359000   pkcs11_private_mode = 00000000
2022-07-24 20:33:58 us=359000   pkcs11_private_mode = 00000000
2022-07-24 20:33:58 us=359000   pkcs11_private_mode = 00000000
2022-07-24 20:33:58 us=359000   pkcs11_cert_private = DISABLED
2022-07-24 20:33:58 us=359000   pkcs11_cert_private = DISABLED
2022-07-24 20:33:58 us=359000   pkcs11_cert_private = DISABLED
2022-07-24 20:33:58 us=359000   pkcs11_cert_private = DISABLED
2022-07-24 20:33:58 us=359000   pkcs11_cert_private = DISABLED
2022-07-24 20:33:58 us=359000   pkcs11_cert_private = DISABLED
2022-07-24 20:33:58 us=359000   pkcs11_cert_private = DISABLED
2022-07-24 20:33:58 us=359000   pkcs11_cert_private = DISABLED
2022-07-24 20:33:58 us=359000   pkcs11_cert_private = DISABLED
2022-07-24 20:33:58 us=359000   pkcs11_cert_private = DISABLED
2022-07-24 20:33:58 us=359000   pkcs11_cert_private = DISABLED
2022-07-24 20:33:58 us=359000   pkcs11_cert_private = DISABLED
2022-07-24 20:33:58 us=359000   pkcs11_cert_private = DISABLED
2022-07-24 20:33:58 us=359000   pkcs11_cert_private = DISABLED
2022-07-24 20:33:58 us=359000   pkcs11_cert_private = DISABLED
2022-07-24 20:33:58 us=359000   pkcs11_cert_private = DISABLED
2022-07-24 20:33:58 us=359000   pkcs11_pin_cache_period = -1
2022-07-24 20:33:58 us=359000   pkcs11_id = '[UNDEF]'
2022-07-24 20:33:58 us=359000   pkcs11_id_management = DISABLED
2022-07-24 20:33:58 us=359000   server_network = 0.0.0.0
2022-07-24 20:33:58 us=359000   server_netmask = 0.0.0.0
2022-07-24 20:33:58 us=359000   server_network_ipv6 = ::
2022-07-24 20:33:58 us=359000   server_netbits_ipv6 = 0
2022-07-24 20:33:58 us=359000   server_bridge_ip = 0.0.0.0
2022-07-24 20:33:58 us=359000   server_bridge_netmask = 0.0.0.0
2022-07-24 20:33:58 us=359000   server_bridge_pool_start = 0.0.0.0
2022-07-24 20:33:58 us=359000   server_bridge_pool_end = 0.0.0.0
2022-07-24 20:33:58 us=359000   ifconfig_pool_defined = DISABLED
2022-07-24 20:33:58 us=359000   ifconfig_pool_start = 0.0.0.0
2022-07-24 20:33:58 us=359000   ifconfig_pool_end = 0.0.0.0
2022-07-24 20:33:58 us=359000   ifconfig_pool_netmask = 0.0.0.0
2022-07-24 20:33:58 us=359000   ifconfig_pool_persist_filename = '[UNDEF]'
2022-07-24 20:33:58 us=359000   ifconfig_pool_persist_refresh_freq = 600
2022-07-24 20:33:58 us=359000   ifconfig_ipv6_pool_defined = DISABLED
2022-07-24 20:33:58 us=359000   ifconfig_ipv6_pool_base = ::
2022-07-24 20:33:58 us=359000   ifconfig_ipv6_pool_netbits = 0
2022-07-24 20:33:58 us=359000   n_bcast_buf = 256
2022-07-24 20:33:58 us=359000   tcp_queue_limit = 64
2022-07-24 20:33:58 us=359000   real_hash_size = 256
2022-07-24 20:33:58 us=359000   virtual_hash_size = 256
2022-07-24 20:33:58 us=359000   client_connect_script = '[UNDEF]'
2022-07-24 20:33:58 us=359000   learn_address_script = '[UNDEF]'
2022-07-24 20:33:58 us=359000   client_disconnect_script = '[UNDEF]'
2022-07-24 20:33:58 us=359000   client_config_dir = '[UNDEF]'
2022-07-24 20:33:58 us=359000   ccd_exclusive = DISABLED
2022-07-24 20:33:58 us=359000   tmp_dir = 'C:\WINDOWS\TEMP\'
2022-07-24 20:33:58 us=359000   push_ifconfig_defined = DISABLED
2022-07-24 20:33:58 us=359000   push_ifconfig_local = 0.0.0.0
2022-07-24 20:33:58 us=359000   push_ifconfig_remote_netmask = 0.0.0.0
2022-07-24 20:33:58 us=359000   push_ifconfig_ipv6_defined = DISABLED
2022-07-24 20:33:58 us=359000   push_ifconfig_ipv6_local = ::/0
2022-07-24 20:33:58 us=359000   push_ifconfig_ipv6_remote = ::
2022-07-24 20:33:58 us=359000   enable_c2c = DISABLED
2022-07-24 20:33:58 us=359000   duplicate_cn = DISABLED
2022-07-24 20:33:58 us=359000   cf_max = 0
2022-07-24 20:33:58 us=359000   cf_per = 0
2022-07-24 20:33:58 us=359000   max_clients = 1024
2022-07-24 20:33:58 us=359000   max_routes_per_client = 256
2022-07-24 20:33:58 us=359000   auth_user_pass_verify_script = '[UNDEF]'
2022-07-24 20:33:58 us=359000   auth_user_pass_verify_script_via_file = DISABLED
2022-07-24 20:33:58 us=359000   auth_token_generate = DISABLED
2022-07-24 20:33:58 us=359000   auth_token_lifetime = 0
2022-07-24 20:33:58 us=359000   auth_token_secret_file = '[UNDEF]'
2022-07-24 20:33:58 us=359000   vlan_tagging = DISABLED
2022-07-24 20:33:58 us=359000   vlan_accept = all
2022-07-24 20:33:58 us=359000   vlan_pvid = 1
2022-07-24 20:33:58 us=359000   client = ENABLED
2022-07-24 20:33:58 us=359000   pull = ENABLED
2022-07-24 20:33:58 us=359000   auth_user_pass_file = '[UNDEF]'
2022-07-24 20:33:58 us=359000   show_net_up = DISABLED
2022-07-24 20:33:58 us=359000   route_method = 0
2022-07-24 20:33:58 us=359000   block_outside_dns = DISABLED
2022-07-24 20:33:58 us=359000   ip_win32_defined = DISABLED
2022-07-24 20:33:58 us=359000   ip_win32_type = 3
2022-07-24 20:33:58 us=359000   dhcp_masq_offset = 0
2022-07-24 20:33:58 us=359000   dhcp_lease_time = 31536000
2022-07-24 20:33:58 us=359000   tap_sleep = 0
2022-07-24 20:33:58 us=359000   dhcp_options = DISABLED
2022-07-24 20:33:58 us=359000   dhcp_renew = DISABLED
2022-07-24 20:33:58 us=359000   dhcp_pre_release = DISABLED
2022-07-24 20:33:58 us=359000   domain = '[UNDEF]'
2022-07-24 20:33:58 us=359000   netbios_scope = '[UNDEF]'
2022-07-24 20:33:58 us=359000   netbios_node_type = 0
2022-07-24 20:33:58 us=359000   disable_nbt = DISABLED
2022-07-24 20:33:58 us=359000 OpenVPN 2.5.7 Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on May 27 2022
2022-07-24 20:33:58 us=359000 Windows version 10.0 (Windows 10 or greater) 64bit
2022-07-24 20:33:58 us=359000 library versions: OpenSSL 1.1.1o  3 May 2022, LZO 2.10
2022-07-24 20:33:58 us=359000 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
2022-07-24 20:33:58 us=359000 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2022-07-24 20:33:58 us=359000 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2022-07-24 20:33:58 us=359000 Control Channel MTU parms [ L:1623 D:1182 EF:68 EB:0 ET:0 EL:3 ]
2022-07-24 20:33:58 us=359000 Data Channel MTU parms [ L:1623 D:1450 EF:123 EB:406 ET:0 EL:3 ]
2022-07-24 20:33:58 us=359000 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1559,tun-mtu 1500,proto TCPv4_CLIENT,keydir 1,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
2022-07-24 20:33:58 us=359000 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1559,tun-mtu 1500,proto TCPv4_SERVER,keydir 0,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
2022-07-24 20:33:58 us=359000 TCP/UDP: Preserving recently used remote address: [AF_INET]192.168.0.5:1195
2022-07-24 20:33:58 us=359000 Socket Buffers: R=[65536->65536] S=[65536->65536]
2022-07-24 20:33:58 us=359000 Attempting to establish TCP connection with [AF_INET]192.168.0.5:1195 [nonblock]
2022-07-24 20:34:01 us=375000 TCP connection established with [AF_INET]192.168.0.5:1195
2022-07-24 20:34:01 us=375000 TCP_CLIENT link local: (not bound)
2022-07-24 20:34:01 us=375000 TCP_CLIENT link remote: [AF_INET]192.168.0.5:1195
2022-07-24 20:34:01 us=390000 TLS: Initial packet from [AF_INET]192.168.0.5:1195, sid=86c974c4 8c57b3f7
2022-07-24 20:34:01 us=468000 VERIFY OK: *
2022-07-24 20:34:01 us=468000 VERIFY OK: *
2022-07-24 20:34:01 us=515000 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 4096 bit RSA, signature: RSA-SHA256
2022-07-24 20:34:01 us=515000 [*] Peer Connection Initiated with [AF_INET]192.168.0.5:1195
2022-07-24 20:34:01 us=578000 PUSH: Received control message: 'PUSH_REPLY,route-gateway 172.17.8.1,topology subnet,ping 10,ping-restart 120,route 192.168.0.0 255.255.255.0,route-gateway 172.17.8.1,route-metric 300,ifconfig 172.17.8.13 255.255.255.0,peer-id 0,cipher AES-256-GCM'
2022-07-24 20:34:01 us=578000 OPTIONS IMPORT: timers and/or timeouts modified
2022-07-24 20:34:01 us=578000 OPTIONS IMPORT: --ifconfig/up options modified
2022-07-24 20:34:01 us=578000 OPTIONS IMPORT: route options modified
2022-07-24 20:34:01 us=578000 OPTIONS IMPORT: route-related options modified
2022-07-24 20:34:01 us=578000 OPTIONS IMPORT: peer-id set
2022-07-24 20:34:01 us=578000 OPTIONS IMPORT: adjusting link_mtu to 1626
2022-07-24 20:34:01 us=578000 OPTIONS IMPORT: data channel crypto options modified
2022-07-24 20:34:01 us=578000 Data Channel: using negotiated cipher 'AES-256-GCM'
2022-07-24 20:34:01 us=578000 Data Channel MTU parms [ L:1554 D:1450 EF:54 EB:406 ET:0 EL:3 ]
2022-07-24 20:34:01 us=578000 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2022-07-24 20:34:01 us=578000 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2022-07-24 20:34:01 us=578000 interactive service msg_channel=0
2022-07-24 20:34:01 us=578000 open_tun
2022-07-24 20:34:01 us=593000 tap-windows6 device [OpenVPN] opened
2022-07-24 20:34:01 us=593000 TAP-Windows Driver Version 9.24 
2022-07-24 20:34:01 us=593000 TAP-Windows MTU=1500
2022-07-24 20:34:01 us=593000 Set TAP-Windows TUN subnet mode network/local/netmask = 172.17.8.0/172.17.8.13/255.255.255.0 [SUCCEEDED]
2022-07-24 20:34:01 us=593000 Notified TAP-Windows driver to set a DHCP IP/netmask of 172.17.8.13/255.255.255.0 on interface {96627D35-F255-4420-92BF-73F70687058D} [DHCP-serv: 172.17.8.0, lease-time: 31536000]
2022-07-24 20:34:01 us=593000 Successful ARP Flush on interface [20] {96627D35-F255-4420-92BF-73F70687058D}
2022-07-24 20:34:01 us=593000 do_ifconfig, ipv4=1, ipv6=0
2022-07-24 20:34:01 us=593000 IPv4 MTU set to 1500 on interface 20 using SetIpInterfaceEntry()
2022-07-24 20:34:06 TEST ROUTES: 1/1 succeeded len=1 ret=1 a=0 u/d=up
2022-07-24 20:34:06 C:\WINDOWS\system32\route.exe ADD 192.168.0.0 MASK 255.255.255.0 172.17.8.1 METRIC 300
2022-07-24 20:34:06 Route addition via IPAPI succeeded [adaptive]
2022-07-24 20:34:06 Initialization Sequence Completed
2022-07-24 20:34:56 us=281000 TCP/UDP: Closing socket
2022-07-24 20:34:56 us=281000 C:\WINDOWS\system32\route.exe DELETE 192.168.0.0 MASK 255.255.255.0 172.17.8.1
2022-07-24 20:34:56 us=296000 Route deletion via IPAPI succeeded [adaptive]
2022-07-24 20:34:56 us=296000 Closing TUN/TAP interface
2022-07-24 20:34:56 us=390000 TAP: DHCP address released
2022-07-24 20:34:56 us=390000 SIGTERM[hard,] received, process exiting

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: How to debug "Outgoing TUN queue full"?

Post by TinCanTech » Mon Jul 25, 2022 7:46 am

choin wrote:
Sat Jul 23, 2022 11:18 am
maybe OpenVPN server can't work on virtualized OS
Maybe that is not setup correctly.

choin
OpenVpn Newbie
Posts: 8
Joined: Fri Jul 22, 2022 8:00 pm

Re: How to debug "Outgoing TUN queue full"?

Post by choin » Mon Jul 25, 2022 10:16 am

I found if I remove this line from the client's ccd config:

Code: Select all

push "route 192.168.0.0 255.255.255.0"
there is no more packet losses during ping session, thus no "Outgoing TUN queue full".
I'm having a difficulty understanding why. This exact line seems to be used frequently.
TinCanTech wrote:
Mon Jul 25, 2022 7:46 am
Maybe that is not setup correctly.
Is there anything special in how you are supposed to configure Hyper-V machines for OpenVPN? Any other service works fine as far as I can see.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: How to debug "Outgoing TUN queue full"?

Post by TinCanTech » Mon Jul 25, 2022 7:02 pm

choin wrote:
Mon Jul 25, 2022 10:16 am
I found if I remove this line from the client's ccd config:

Code: Select all

push "route 192.168.0.0 255.255.255.0"
there is no more packet losses during ping session, thus no "Outgoing TUN queue full".
I'm having a difficulty understanding why. This exact line seems to be used frequently.
You must not push a route for your local network when both server and client are on the same LAN.

Also, using that subnet for your server is the worse one possible. Consult your router manual and set your LAN to a unique subnet. eg 192.168.129.0/24
choin wrote:
Mon Jul 25, 2022 10:16 am
Is there anything special in how you are supposed to configure Hyper-V machines for OpenVPN?
You must configure the VM and host networking correctly.

One other tip:
  • Do not use options like --tun-mtu and --route-metric if you do not understand what they do.
    Try using these examples.

choin
OpenVpn Newbie
Posts: 8
Joined: Fri Jul 22, 2022 8:00 pm

Re: How to debug "Outgoing TUN queue full"?

Post by choin » Mon Jul 25, 2022 10:11 pm

TinCanTech wrote:
Mon Jul 25, 2022 7:02 pm
choin wrote:
Mon Jul 25, 2022 10:16 am
I found if I remove this line from the client's ccd config:

Code: Select all

push "route 192.168.0.0 255.255.255.0"
there is no more packet losses during ping session, thus no "Outgoing TUN queue full".
I'm having a difficulty understanding why. This exact line seems to be used frequently.
You must not push a route for your local network when both server and client are on the same LAN.
Don't know what's wrong with it, seeing it's not exactly broken (connectivity is there, just with packet losses), but ok. What should I do then? Clients still need to access the network resources if they leave it (become remote clients), and my understanding is that this route provides this functionality.
TinCanTech wrote:
Mon Jul 25, 2022 7:02 pm
Also, using that subnet for your server is the worse one possible. Consult your router manual and set your LAN to a unique subnet. eg 192.168.129.0/24
I think if no remote client utilizes the same subnet then it's not a problem?
TinCanTech wrote:
Mon Jul 25, 2022 7:02 pm
choin wrote:
Mon Jul 25, 2022 10:16 am
Is there anything special in how you are supposed to configure Hyper-V machines for OpenVPN?
You must configure the VM and host networking correctly.
Not seeing any signs of it being incorrectly configured. No other service shows anything similar to these random packet losses.
TinCanTech wrote:
Mon Jul 25, 2022 7:02 pm
Do not use options like --tun-mtu and --route-metric if you do not understand what they do.
I used tun-mtu to fix the warning about inconsistent mtu values. Haven't debugged much to know how route-metric affected anything, but I don't think it affects the packet loss situation.
TinCanTech wrote:
Mon Jul 25, 2022 7:02 pm
Try using these examples.
Thank you, but these examples look outdated and don't include much for ccd configs.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: How to debug "Outgoing TUN queue full"?

Post by TinCanTech » Mon Jul 25, 2022 11:49 pm

You may find a book. more helpful.

choin
OpenVpn Newbie
Posts: 8
Joined: Fri Jul 22, 2022 8:00 pm

Re: How to debug "Outgoing TUN queue full"?

Post by choin » Tue Jul 26, 2022 7:33 am

One may want to lock the whole forum section with such a comment. Also that is not helpful right now as my credit card will not be accepted by the website.

Post Reply