Upgraded Fedora 35 to Fedora 36, all OpenVPN settings are the same, but no Internet

tamar · Post by **tamar** » Wed Jul 27, 2022 1:28 pm

I'm not sure what happened here. I've been using OpenVPN successfully and all I did was upgrade my Fedora version.

OS

Linux 5.18.13-200.fc36.x86_64 #1 SMP PREEMPT_DYNAMIC Fri Jul 22 14:03:36 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux

Server Config (I redacted the port number and hostname)

Code: Select all

port ##
proto udp
proto udp6
dev tun
ca ca.crt
cert issued/server.crt
key private/server.key
dh dh.pem
topology subnet
server 172.16.0.0 255.255.255.0
ipconfig-pool-persist ipp.txt
push "redirect-gateway def1"
push "dhcp-option DNS 10.10.10.1"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
keepalive 10 120
tls-auth ta.key 0
cipher AES-256-CBC
comp-lzo
user nobody
group nobody
persist-key
persist-tun
status /var/log/openvpn/openvpn-status.log
log-append  /var/log/openvpn/openvpn.log
verb 4
explicit-exit-notify 1
auth SHA512
route 10.10.10.1 255.255.255.0

Client Config

Code: Select all

client
tls-client
pull
dev tun
proto udp
remote hostname port
resolv-retry infinite
nobind
dhcp-option DNS 8.8.8.8
persist-key
persist-tun
key-direction 1
tls-auth ta.key 1
comp-lzo
verb 4
ca ca.crt
cert client.crt
key client.key
auth SHA512
cipher AES-256-CBC
client-config-dir ccd

CCD file

Code: Select all

iroute 10.10.10.1 255.255.255.0

The logs aren't telling me anything helpful, but here are a few lines:

Code: Select all

client/x.x.x.x:6958 IP packet with unknown IP version=15 seen
read UDPv6 [NO-INFO]: Connection refused (code=111)
client/x.x.x.x:6958 [client] Inactivity timeout (--ping-restart), restarting
client/x.x.x.x:6958 SIGUSR1[soft,ping-restart] received, client-instance restarting

I also ran the iptables routing:

Code: Select all

iptables -t nat -A POSTROUTING -s 172.16.0.0/24 -o enp3s0 -j MASQUERADE

I hope I've provided enough info. I don't understand what the upgrade did to negate the VPN's usability.

Thanks!

TinCanTech · Post by **TinCanTech** » Wed Jul 27, 2022 1:49 pm

Perhaps you have forgotten to enable IP Forwarding..

tamar · Post by **tamar** » Wed Jul 27, 2022 6:50 pm

TinCanTech wrote: ↑
Wed Jul 27, 2022 1:49 pm
Perhaps you have forgotten to enable IP Forwarding..

No luck. Port forwarding was there already.

Code: Select all

$ sysctl -p
fs.inotify.max_user_watches = 1048576
net.ipv4.ip_forward = 1

And thanks for removing the hostname on that other post.

TinCanTech · Post by **TinCanTech** » Wed Jul 27, 2022 7:54 pm

tamar wrote: ↑
Wed Jul 27, 2022 1:28 pm
Code: Select all
port ##
proto udp
proto udp6 <-- remove this

You cannot specify two protocols.

tamar · Post by **tamar** » Wed Jul 27, 2022 8:37 pm

Thanks. Still not working though with a server restart.

TinCanTech · Post by **TinCanTech** » Wed Jul 27, 2022 9:25 pm

Need to see full logs @ --verb 4

tamar · Post by **tamar** » Wed Jul 27, 2022 10:54 pm

hmm, so I just log into the management interface and then type verb 4?

If so:

Server log

Code: Select all

client/10.10.10.1:49214 IP packet with unknown IP version=15 seen
client/10.10.10.1:49214 IP packet with unknown IP version=15 seen
client/10.10.10.1:49214 IP packet with unknown IP version=15 seen
client/10.10.10.1:49214 IP packet with unknown IP version=15 seen
client/10.10.10.1:49214 IP packet with unknown IP version=15 seen
client/10.10.10.1:49214 IP packet with unknown IP version=15 seen
client/10.10.10.1:49214 IP packet with unknown IP version=15 seen
client/10.10.10.1:49214 IP packet with unknown IP version=15 seen

Client log

Code: Select all

TITLE,OpenVPN 2.5.7 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTI2
TIME,2022-07-27 18:52:13,1658962333
HEADER,CLIENT_LIST,Common Name,Real Address,Virtual Address,Virtual IPv6 Address,Bytes Received,Br
CLIENT_LIST,client,10.10.10.1:49214,172.16.0.2,,57391,4181,2022-07-27 18:51:31,1658962291,UNDEF,0M
HEADER,ROUTING_TABLE,Virtual Address,Common Name,Real Address,Last Ref,Last Ref (time_t)
ROUTING_TABLE,172.16.0.2,client,10.10.10.1:49214,2022-07-27 18:51:31,1658962291
GLOBAL_STATS,Max bcast/mcast queue length,1
END

I don't see public IPs here. Is that the issue?

TinCanTech · Post by **TinCanTech** » Wed Jul 27, 2022 11:51 pm

Logs like so: viewtopic.php?t=22603#p68963

tamar · Post by **tamar** » Thu Jul 28, 2022 12:41 am

Is this what you need? Not seeing public IPs here either.

Code: Select all

event_wait : Interrupted system call (code=4)
SENT CONTROL [client]: 'RESTART' (status=1)
TCP/UDP: Closing socket
Closing TUN/TAP interface
net_addr_v4_del: 172.16.0.1 dev tun0
sitnl_send: rtnl: generic error (-1): Operation not permitted
Linux can't del IP from iface tun0
SIGTERM[hard,] received, process exiting
Current Parameter Settings:
  config = 'server.conf'
  mode = 1
  persist_config = DISABLED
  persist_mode = 1
  show_ciphers = DISABLED
  show_digests = DISABLED
  show_engines = DISABLED
  genkey = DISABLED
  genkey_filename = '[UNDEF]'
  key_pass_file = '[UNDEF]'
  show_tls_ciphers = DISABLED
  connect_retry_max = 0
Connection profiles [0]:
  proto = udp
  local = '[UNDEF]'
  local_port = '82'
  remote = '[UNDEF]'
  remote_port = '82'
  remote_float = DISABLED
  bind_defined = DISABLED
  bind_local = ENABLED
  bind_ipv6_only = DISABLED
  connect_retry_seconds = 5
  connect_timeout = 120
  socks_proxy_server = '[UNDEF]'
  socks_proxy_port = '[UNDEF]'
  tun_mtu = 1500
  tun_mtu_defined = ENABLED
  link_mtu = 1500
  link_mtu_defined = DISABLED
  tun_mtu_extra = 0
  tun_mtu_extra_defined = DISABLED
  mtu_discover_type = -1
  fragment = 0
  mssfix = 1450
  explicit_exit_notification = 1
  tls_auth_file = '[INLINE]'
  key_direction = 0
  tls_crypt_file = '[UNDEF]'
  tls_crypt_v2_file = '[UNDEF]'
Connection profiles END
  remote_random = DISABLED
  ipchange = '[UNDEF]'
  dev = 'tun'
  dev_type = '[UNDEF]'
  dev_node = '[UNDEF]'
  lladdr = '[UNDEF]'
  topology = 3
  ifconfig_local = '172.16.0.1'
  ifconfig_remote_netmask = '255.255.255.0'
  ifconfig_noexec = DISABLED
  ifconfig_nowarn = DISABLED
  ifconfig_ipv6_local = '[UNDEF]'
  ifconfig_ipv6_netbits = 0
  ifconfig_ipv6_remote = '[UNDEF]'
  shaper = 0
  mtu_test = 0
  mlock = DISABLED
  keepalive_ping = 10
  keepalive_timeout = 120
  inactivity_timeout = 0
  inactivity_minimum_bytes = 0
  ping_send_timeout = 10
  ping_rec_timeout = 240
  ping_rec_timeout_action = 2
  ping_timer_remote = DISABLED
  remap_sigusr1 = 0
  persist_tun = ENABLED
  persist_local_ip = DISABLED
  persist_remote_ip = DISABLED
  persist_key = ENABLED
  passtos = DISABLED
  resolve_retry_seconds = 1000000000
  resolve_in_advance = DISABLED
  username = 'nobody'
  groupname = 'nobody'
  chroot_dir = '[UNDEF]'
  cd_dir = '[UNDEF]'
  selinux_context = '[UNDEF]'
  writepid = '[UNDEF]'
  up_script = '[UNDEF]'
  down_script = '[UNDEF]'
  down_pre = DISABLED
  up_restart = DISABLED
  up_delay = DISABLED
  daemon = DISABLED
  inetd = 0
  log = ENABLED
  suppress_timestamps = ENABLED
  machine_readable_output = DISABLED
  nice = 0
  verbosity = 4
  mute = 0
  gremlin = 0
  status_file = '/var/log/openvpn/openvpn-status.log'
  status_file_version = 2
  status_file_update_freq = 60
  occ = ENABLED
  rcvbuf = 0
  sndbuf = 0
  mark = 0
  sockflags = 0
  fast_io = DISABLED
  comp.alg = 0
  comp.flags = 0
  route_script = '[UNDEF]'
  route_default_gateway = '172.16.0.2'
  route_default_metric = 0
  route_noexec = DISABLED
  route_delay = 0
  route_delay_window = 30
  route_delay_defined = DISABLED
  route_nopull = DISABLED
  route_gateway_via_dhcp = DISABLED
  allow_pull_fqdn = DISABLED
  route 10.10.10.1/255.255.255.0/default (not set)/default (not set)
  management_addr = '[UNDEF]'
  management_port = '[UNDEF]'
  management_user_pass = '[UNDEF]'
  management_log_history_cache = 250
  management_echo_buffer_size = 100
  management_write_peer_info_file = '[UNDEF]'
  management_client_user = '[UNDEF]'
  management_client_group = '[UNDEF]'
  management_flags = 0
  shared_secret_file = '[UNDEF]'
  key_direction = 0
  ciphername = 'AES-256-CBC'
  ncp_enabled = ENABLED
  ncp_ciphers = 'AES-256-GCM:AES-128-GCM:AES-256-CBC:AES-128-CBC'
  authname = 'SHA512'
  prng_hash = 'SHA1'
  prng_nonce_secret_len = 16
  keysize = 0
  engine = DISABLED
  replay = ENABLED
  mute_replay_warnings = DISABLED
  replay_window = 64
  replay_time = 15
  packet_id_file = '[UNDEF]'
  test_crypto = DISABLED
  tls_server = ENABLED
  tls_client = DISABLED
  ca_file = 'ca.crt'
  ca_path = '[UNDEF]'
  dh_file = 'dh.pem'
  cert_file = 'issued/server.crt'
  extra_certs_file = '[UNDEF]'
  priv_key_file = 'private/server.key'
  pkcs12_file = '[UNDEF]'
  cipher_list = '[UNDEF]'
  cipher_list_tls13 = '[UNDEF]'
  tls_cert_profile = '[UNDEF]'
  tls_verify = '[UNDEF]'
  tls_export_cert = '[UNDEF]'
  verify_x509_type = 0
  verify_x509_name = '[UNDEF]'
  crl_file = '[UNDEF]'
  ns_cert_type = 0
  remote_cert_ku[i] = 0
  remote_cert_ku[i] = 0
  remote_cert_ku[i] = 0
  remote_cert_ku[i] = 0
  remote_cert_ku[i] = 0
  remote_cert_ku[i] = 0
  remote_cert_ku[i] = 0
  remote_cert_ku[i] = 0
  remote_cert_ku[i] = 0
  remote_cert_ku[i] = 0
  remote_cert_ku[i] = 0
  remote_cert_ku[i] = 0
  remote_cert_ku[i] = 0
  remote_cert_ku[i] = 0
  remote_cert_ku[i] = 0
  remote_cert_ku[i] = 0
  remote_cert_eku = '[UNDEF]'
  ssl_flags = 0
  tls_timeout = 2
  renegotiate_bytes = -1
  renegotiate_packets = 0
  renegotiate_seconds = 3600
  handshake_window = 60
  transition_window = 3600
  single_session = DISABLED
  push_peer_info = DISABLED
  tls_exit = DISABLED
  tls_crypt_v2_metadata = '[UNDEF]'
  pkcs11_protected_authentication = DISABLED
  pkcs11_protected_authentication = DISABLED
  pkcs11_protected_authentication = DISABLED
  pkcs11_protected_authentication = DISABLED
  pkcs11_protected_authentication = DISABLED
  pkcs11_protected_authentication = DISABLED
  pkcs11_protected_authentication = DISABLED
  pkcs11_protected_authentication = DISABLED
  pkcs11_protected_authentication = DISABLED
  pkcs11_protected_authentication = DISABLED
  pkcs11_protected_authentication = DISABLED
  pkcs11_protected_authentication = DISABLED
  pkcs11_protected_authentication = DISABLED
  pkcs11_protected_authentication = DISABLED
  pkcs11_protected_authentication = DISABLED
  pkcs11_protected_authentication = DISABLED
  pkcs11_private_mode = 00000000
  pkcs11_private_mode = 00000000
  pkcs11_private_mode = 00000000
  pkcs11_private_mode = 00000000
  pkcs11_private_mode = 00000000
  pkcs11_private_mode = 00000000
  pkcs11_private_mode = 00000000
  pkcs11_private_mode = 00000000
  pkcs11_private_mode = 00000000
  pkcs11_private_mode = 00000000
  pkcs11_private_mode = 00000000
  pkcs11_private_mode = 00000000
  pkcs11_private_mode = 00000000
  pkcs11_private_mode = 00000000
  pkcs11_private_mode = 00000000
  pkcs11_private_mode = 00000000
  pkcs11_cert_private = DISABLED
  pkcs11_cert_private = DISABLED
  pkcs11_cert_private = DISABLED
  pkcs11_cert_private = DISABLED
  pkcs11_cert_private = DISABLED
  pkcs11_cert_private = DISABLED
  pkcs11_cert_private = DISABLED
  pkcs11_cert_private = DISABLED
  pkcs11_cert_private = DISABLED
  pkcs11_cert_private = DISABLED
  pkcs11_cert_private = DISABLED
  pkcs11_cert_private = DISABLED
  pkcs11_cert_private = DISABLED
  pkcs11_cert_private = DISABLED
  pkcs11_cert_private = DISABLED
  pkcs11_cert_private = DISABLED
  pkcs11_pin_cache_period = -1
  pkcs11_id = '[UNDEF]'
  pkcs11_id_management = DISABLED
  server_network = 172.16.0.0
  server_netmask = 255.255.255.0
  server_network_ipv6 = ::
  server_netbits_ipv6 = 0
  server_bridge_ip = 0.0.0.0
  server_bridge_netmask = 0.0.0.0
  server_bridge_pool_start = 0.0.0.0
  server_bridge_pool_end = 0.0.0.0
  push_entry = 'redirect-gateway def1'
  push_entry = 'dhcp-option DNS 10.10.10.1'
  push_entry = 'dhcp-option DNS 8.8.8.8'
  push_entry = 'dhcp-option DNS 208.67.222.222'
  push_entry = 'dhcp-option DNS 208.67.220.220'
  push_entry = 'route-gateway 172.16.0.1'
  push_entry = 'topology subnet'
  push_entry = 'ping 10'
  push_entry = 'ping-restart 120'
  ifconfig_pool_defined = ENABLED
  ifconfig_pool_start = 172.16.0.2
  ifconfig_pool_end = 172.16.0.254
  ifconfig_pool_netmask = 255.255.255.0
  ifconfig_pool_persist_filename = 'ipp.txt'
  ifconfig_pool_persist_refresh_freq = 600
  ifconfig_ipv6_pool_defined = DISABLED
  ifconfig_ipv6_pool_base = ::
  ifconfig_ipv6_pool_netbits = 0
  n_bcast_buf = 256
  tcp_queue_limit = 64
  real_hash_size = 256
  virtual_hash_size = 256
  client_connect_script = '[UNDEF]'
  learn_address_script = '[UNDEF]'
  client_disconnect_script = '[UNDEF]'
  client_config_dir = '[UNDEF]'
  ccd_exclusive = DISABLED
  tmp_dir = '/tmp'
  push_ifconfig_defined = DISABLED
  push_ifconfig_local = 0.0.0.0
  push_ifconfig_remote_netmask = 0.0.0.0
  push_ifconfig_ipv6_defined = DISABLED
  push_ifconfig_ipv6_local = ::/0
  push_ifconfig_ipv6_remote = ::
  enable_c2c = DISABLED
  duplicate_cn = DISABLED
  cf_max = 0
  cf_per = 0
  max_clients = 1024
  max_routes_per_client = 256
  auth_user_pass_verify_script = '[UNDEF]'
  auth_user_pass_verify_script_via_file = DISABLED
  auth_token_generate = DISABLED
  auth_token_lifetime = 0
  auth_token_secret_file = '[UNDEF]'
  port_share_host = '[UNDEF]'
  port_share_port = '[UNDEF]'
  vlan_tagging = DISABLED
  vlan_accept = all
  vlan_pvid = 1
  client = DISABLED
  pull = DISABLED
  auth_user_pass_file = '[UNDEF]'
OpenVPN 2.5.7 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on May 31 2022
library versions: OpenSSL 3.0.5 5 Jul 2022, LZO 2.10
net_route_v4_best_gw query: dst 0.0.0.0
net_route_v4_best_gw result: via 10.10.10.1 dev enp3s0
Diffie-Hellman initialized with 2048 bit key
Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
TLS-Auth MTU parms [ L:1621 D:1140 EF:110 EB:0 ET:0 EL:3 ]
net_route_v4_best_gw query: dst 0.0.0.0
net_route_v4_best_gw result: via 10.10.10.1 dev enp3s0
ROUTE_GATEWAY 10.10.10.1/255.255.255.0 IFACE=enp3s0 HWADDR=00:24:21:10:56:fb
TUN/TAP device tun0 opened
do_ifconfig, ipv4=1, ipv6=0
net_iface_mtu_set: mtu 1500 for tun0
net_iface_up: set tun0 up
net_addr_v4_add: 172.16.0.1/24 dev tun0
net_route_v4_add: 10.10.10.1/24 via 172.16.0.2 dev [NULL] table 0 metric -1
sitnl_send: rtnl: generic error (-22): Invalid argument
ERROR: Linux route add command failed
Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
Could not determine IPv4/IPv6 protocol. Using AF_INET
Socket Buffers: R=[212992->212992] S=[212992->212992]
UDPv4 link local (bound): [AF_INET][undef]:82
UDPv4 link remote: [AF_UNSPEC]
GID set to nobody
UID set to nobody
MULTI: multi_init called, r=256 v=256
IFCONFIG POOL IPv4: base=172.16.0.2 size=253
ifconfig_pool_read(), in='client,172.16.0.2,'
succeeded -> ifconfig_pool_set(hand=0)
ifconfig_pool_read(), in='client,172.16.0.3,'
succeeded -> ifconfig_pool_set(hand=1)
IFCONFIG POOL LIST
client,172.16.0.2,
client,172.16.0.3,
Initialization Sequence Completed

TinCanTech · Post by **TinCanTech** » Thu Jul 28, 2022 9:59 am

tamar wrote: ↑
Thu Jul 28, 2022 12:41 am
Is this what you need?

That is part of it.

tamar · Post by **tamar** » Fri Jul 29, 2022 12:38 am

Okay, not sure what covers everything (my log files are huge) and I have 2MB since I replaced the old log file which was 32mb, so... hopefully this isn't too much this time.

Note: the comp-lzo stuff was me testing the IP version=15 issue. It's in server.conf now but that doesn't make a difference. I've removed it on both sides, same effect.

Code: Select all

Current Parameter Settings:
  config = 'server.conf'
  mode = 1
  persist_config = DISABLED
  persist_mode = 1
  show_ciphers = DISABLED
  show_digests = DISABLED
  show_engines = DISABLED
  genkey = DISABLED
  genkey_filename = '[UNDEF]'
  key_pass_file = '[UNDEF]'
  show_tls_ciphers = DISABLED
  connect_retry_max = 0
Connection profiles [0]:
  proto = udp6
  local = '[UNDEF]'
  local_port = '82'
  remote = '[UNDEF]'
  remote_port = '82'
  remote_float = DISABLED
  bind_defined = DISABLED
  bind_local = ENABLED
  bind_ipv6_only = DISABLED
  connect_retry_seconds = 5
  connect_timeout = 120
  socks_proxy_server = '[UNDEF]'
  socks_proxy_port = '[UNDEF]'
  tun_mtu = 1500
  tun_mtu_defined = ENABLED
  link_mtu = 1500
  link_mtu_defined = DISABLED
  tun_mtu_extra = 0
  tun_mtu_extra_defined = DISABLED
  mtu_discover_type = -1
  fragment = 0
  mssfix = 1450
  explicit_exit_notification = 1
  tls_auth_file = '[INLINE]'
  key_direction = 0
  tls_crypt_file = '[UNDEF]'
  tls_crypt_v2_file = '[UNDEF]'
Connection profiles END
  remote_random = DISABLED
  ipchange = '[UNDEF]'
  dev = 'tun'
  dev_type = '[UNDEF]'
  dev_node = '[UNDEF]'
  lladdr = '[UNDEF]'
  topology = 3
  ifconfig_local = '172.16.0.1'
  ifconfig_remote_netmask = '255.255.255.0'
  ifconfig_noexec = DISABLED
  ifconfig_nowarn = DISABLED
  ifconfig_ipv6_local = '[UNDEF]'
  ifconfig_ipv6_netbits = 0
  ifconfig_ipv6_remote = '[UNDEF]'
  shaper = 0
  mtu_test = 0
  mlock = DISABLED
  keepalive_ping = 10
  keepalive_timeout = 120
  inactivity_timeout = 0
  inactivity_minimum_bytes = 0
  ping_send_timeout = 10
  ping_rec_timeout = 240
  ping_rec_timeout_action = 2
  ping_timer_remote = DISABLED
  remap_sigusr1 = 0
  persist_tun = ENABLED
  persist_local_ip = DISABLED
  persist_remote_ip = DISABLED
  persist_key = ENABLED
  passtos = DISABLED
  resolve_retry_seconds = 1000000000
  resolve_in_advance = DISABLED
  username = 'nobody'
  groupname = 'nobody'
  chroot_dir = '[UNDEF]'
  cd_dir = '[UNDEF]'
  selinux_context = '[UNDEF]'
  writepid = '[UNDEF]'
  up_script = '[UNDEF]'
  down_script = '[UNDEF]'
  down_pre = DISABLED
  up_restart = DISABLED
  up_delay = DISABLED
  daemon = DISABLED
  inetd = 0
  log = ENABLED
  suppress_timestamps = ENABLED
  machine_readable_output = DISABLED
  nice = 0
  verbosity = 4
  mute = 0
  gremlin = 0
  status_file = '/var/log/openvpn/openvpn-status.log'
  status_file_version = 2
  status_file_update_freq = 60
  occ = ENABLED
  rcvbuf = 0
  sndbuf = 0
  mark = 0
  sockflags = 0
  fast_io = DISABLED
  comp.alg = 0
  comp.flags = 0
  route_script = '[UNDEF]'
  route_default_gateway = '172.16.0.2'
  route_default_metric = 0
  route_noexec = DISABLED
  route_delay = 0
  route_delay_window = 30
  route_delay_defined = DISABLED
  route_nopull = DISABLED
  route_gateway_via_dhcp = DISABLED
  allow_pull_fqdn = DISABLED
  route 10.10.10.1/255.255.255.0/default (not set)/default (not set)
  management_addr = '[UNDEF]'
  management_port = '[UNDEF]'
  management_user_pass = '[UNDEF]'
  management_log_history_cache = 250
  management_echo_buffer_size = 100
  management_write_peer_info_file = '[UNDEF]'
  management_client_user = '[UNDEF]'
  management_client_group = '[UNDEF]'
  management_flags = 0
  shared_secret_file = '[UNDEF]'
  key_direction = 0
  ciphername = 'AES-256-CBC'
  ncp_enabled = ENABLED
  ncp_ciphers = 'AES-256-GCM:AES-128-GCM:AES-256-CBC:AES-128-CBC'
  authname = 'SHA512'
  prng_hash = 'SHA1'
  prng_nonce_secret_len = 16
  keysize = 0
  engine = DISABLED
  replay = ENABLED
  mute_replay_warnings = DISABLED
  replay_window = 64
  replay_time = 15
  packet_id_file = '[UNDEF]'
  test_crypto = DISABLED
  tls_server = ENABLED
  tls_client = DISABLED
  ca_file = 'ca.crt'
  ca_path = '[UNDEF]'
  dh_file = 'dh.pem'
  cert_file = 'issued/server.crt'
  extra_certs_file = '[UNDEF]'
  priv_key_file = 'private/server.key'
  pkcs12_file = '[UNDEF]'
  cipher_list = '[UNDEF]'
  cipher_list_tls13 = '[UNDEF]'
  tls_cert_profile = '[UNDEF]'
  tls_verify = '[UNDEF]'
  tls_export_cert = '[UNDEF]'
  verify_x509_type = 0
  verify_x509_name = '[UNDEF]'
  crl_file = '[UNDEF]'
  ns_cert_type = 0
  remote_cert_ku[i] = 0
  remote_cert_ku[i] = 0
  remote_cert_ku[i] = 0
  remote_cert_ku[i] = 0
  remote_cert_ku[i] = 0
  remote_cert_ku[i] = 0
  remote_cert_ku[i] = 0
  remote_cert_ku[i] = 0
  remote_cert_ku[i] = 0
  remote_cert_ku[i] = 0
  remote_cert_ku[i] = 0
  remote_cert_ku[i] = 0
  remote_cert_ku[i] = 0
  remote_cert_ku[i] = 0
  remote_cert_ku[i] = 0
  remote_cert_ku[i] = 0
  remote_cert_eku = '[UNDEF]'
  ssl_flags = 0
  tls_timeout = 2
  renegotiate_bytes = -1
  renegotiate_packets = 0
  renegotiate_seconds = 3600
  handshake_window = 60
  transition_window = 3600
  single_session = DISABLED
  push_peer_info = DISABLED
  tls_exit = DISABLED
  tls_crypt_v2_metadata = '[UNDEF]'
  pkcs11_protected_authentication = DISABLED
  pkcs11_protected_authentication = DISABLED
  pkcs11_protected_authentication = DISABLED
  pkcs11_protected_authentication = DISABLED
  pkcs11_protected_authentication = DISABLED
  pkcs11_protected_authentication = DISABLED
  pkcs11_protected_authentication = DISABLED
  pkcs11_protected_authentication = DISABLED
  pkcs11_protected_authentication = DISABLED
  pkcs11_protected_authentication = DISABLED
  pkcs11_protected_authentication = DISABLED
  pkcs11_protected_authentication = DISABLED
  pkcs11_protected_authentication = DISABLED
  pkcs11_protected_authentication = DISABLED
  pkcs11_protected_authentication = DISABLED
  pkcs11_protected_authentication = DISABLED
  pkcs11_private_mode = 00000000
  pkcs11_private_mode = 00000000
  pkcs11_private_mode = 00000000
  pkcs11_private_mode = 00000000
  pkcs11_private_mode = 00000000
  pkcs11_private_mode = 00000000
  pkcs11_private_mode = 00000000
  pkcs11_private_mode = 00000000
  pkcs11_private_mode = 00000000
  pkcs11_private_mode = 00000000
  pkcs11_private_mode = 00000000
  pkcs11_private_mode = 00000000
  pkcs11_private_mode = 00000000
  pkcs11_private_mode = 00000000
  pkcs11_private_mode = 00000000
  pkcs11_private_mode = 00000000
  pkcs11_cert_private = DISABLED
  pkcs11_cert_private = DISABLED
  pkcs11_cert_private = DISABLED
  pkcs11_cert_private = DISABLED
  pkcs11_cert_private = DISABLED
  pkcs11_cert_private = DISABLED
  pkcs11_cert_private = DISABLED
  pkcs11_cert_private = DISABLED
  pkcs11_cert_private = DISABLED
  pkcs11_cert_private = DISABLED
  pkcs11_cert_private = DISABLED
  pkcs11_cert_private = DISABLED
  pkcs11_cert_private = DISABLED
  pkcs11_cert_private = DISABLED
  pkcs11_cert_private = DISABLED
  pkcs11_cert_private = DISABLED
  pkcs11_pin_cache_period = -1
  pkcs11_id = '[UNDEF]'
  pkcs11_id_management = DISABLED
  server_network = 172.16.0.0
  server_netmask = 255.255.255.0
  server_network_ipv6 = ::
  server_netbits_ipv6 = 0
  server_bridge_ip = 0.0.0.0
  server_bridge_netmask = 0.0.0.0
  server_bridge_pool_start = 0.0.0.0
  server_bridge_pool_end = 0.0.0.0
  push_entry = 'redirect-gateway def1'
  push_entry = 'dhcp-option DNS 10.10.10.1'
  push_entry = 'dhcp-option DNS 8.8.8.8'
  push_entry = 'dhcp-option DNS 208.67.222.222'
  push_entry = 'dhcp-option DNS 208.67.220.220'
  push_entry = 'route-gateway 172.16.0.1'
  push_entry = 'topology subnet'
  push_entry = 'ping 10'
  push_entry = 'ping-restart 120'
  ifconfig_pool_defined = ENABLED
  ifconfig_pool_start = 172.16.0.2
  ifconfig_pool_end = 172.16.0.254
  ifconfig_pool_netmask = 255.255.255.0
  ifconfig_pool_persist_filename = 'ipp.txt'
  ifconfig_pool_persist_refresh_freq = 600
  ifconfig_ipv6_pool_defined = DISABLED
  ifconfig_ipv6_pool_base = ::
  ifconfig_ipv6_pool_netbits = 0
  n_bcast_buf = 256
  tcp_queue_limit = 64
  real_hash_size = 256
  virtual_hash_size = 256
  client_connect_script = '[UNDEF]'
  learn_address_script = '[UNDEF]'
  client_disconnect_script = '[UNDEF]'
  client_config_dir = '[UNDEF]'
  ccd_exclusive = DISABLED
  tmp_dir = '/tmp'
  push_ifconfig_defined = DISABLED
  push_ifconfig_local = 0.0.0.0
  push_ifconfig_remote_netmask = 0.0.0.0
  push_ifconfig_ipv6_defined = DISABLED
  push_ifconfig_ipv6_local = ::/0
  push_ifconfig_ipv6_remote = ::
  enable_c2c = DISABLED
  duplicate_cn = DISABLED
  cf_max = 0
  cf_per = 0
  max_clients = 1024
  max_routes_per_client = 256
  auth_user_pass_verify_script = '[UNDEF]'
  auth_user_pass_verify_script_via_file = DISABLED
  auth_token_generate = DISABLED
  auth_token_lifetime = 0
  auth_token_secret_file = '[UNDEF]'
  port_share_host = '[UNDEF]'
  port_share_port = '[UNDEF]'
  vlan_tagging = DISABLED
  vlan_accept = all
  vlan_pvid = 1
  client = DISABLED
  pull = DISABLED
  auth_user_pass_file = '[UNDEF]'
OpenVPN 2.5.7 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on May 31 2022
library versions: OpenSSL 3.0.5 5 Jul 2022, LZO 2.10
net_route_v4_best_gw query: dst 0.0.0.0
net_route_v4_best_gw result: via 10.10.10.1 dev enp3s0
Diffie-Hellman initialized with 2048 bit key
Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
TLS-Auth MTU parms [ L:1621 D:1140 EF:110 EB:0 ET:0 EL:3 ]
net_route_v4_best_gw query: dst 0.0.0.0
net_route_v4_best_gw result: via 10.10.10.1 dev enp3s0
ROUTE_GATEWAY 10.10.10.1/255.255.255.0 IFACE=enp3s0 HWADDR=00:24:21:10:56:fb
TUN/TAP device tun0 opened
do_ifconfig, ipv4=1, ipv6=0
net_iface_mtu_set: mtu 1500 for tun0
net_iface_up: set tun0 up
net_addr_v4_add: 172.16.0.1/24 dev tun0
net_route_v4_add: 10.10.10.1/24 via 172.16.0.2 dev [NULL] table 0 metric -1
sitnl_send: rtnl: generic error (-22): Invalid argument
ERROR: Linux route add command failed
Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
Socket Buffers: R=[212992->212992] S=[212992->212992]
setsockopt(IPV6_V6ONLY=0)
UDPv6 link local (bound): [AF_INET6][undef]:82
UDPv6 link remote: [AF_UNSPEC]
GID set to nobody
UID set to nobody
MULTI: multi_init called, r=256 v=256
IFCONFIG POOL IPv4: base=172.16.0.2 size=253
ifconfig_pool_read(), in='client,172.16.0.2,'
succeeded -> ifconfig_pool_set(hand=0)
ifconfig_pool_read(), in='client,172.16.0.3,'
succeeded -> ifconfig_pool_set(hand=1)
IFCONFIG POOL LIST
client,172.16.0.2,
client,172.16.0.3,
Initialization Sequence Completed
MULTI: multi_create_instance called
10.10.10.1:49751 Re-using SSL/TLS context
10.10.10.1:49751 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
10.10.10.1:49751 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
10.10.10.1:49751 Control Channel MTU parms [ L:1621 D:1140 EF:110 EB:0 ET:0 EL:3 ]
10.10.10.1:49751 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
10.10.10.1:49751 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1601,tun-mtu 1500,proto UDPv4,keydir 0,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-server'
10.10.10.1:49751 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1601,tun-mtu 1500,proto UDPv4,keydir 1,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-client'
10.10.10.1:49751 TLS: Initial packet from [AF_INET6]::ffff:10.10.10.1:49751, sid=6fcfea89 b9d2a548
10.10.10.1:49751 VERIFY OK: depth=1, CN=microwave
10.10.10.1:49751 VERIFY OK: depth=0, CN=client
10.10.10.1:49751 peer info: IV_VER=3.git::d3f8b18b:Release
10.10.10.1:49751 peer info: IV_PLAT=android
10.10.10.1:49751 peer info: IV_NCP=2
10.10.10.1:49751 peer info: IV_TCPNL=1
10.10.10.1:49751 peer info: IV_PROTO=30
10.10.10.1:49751 peer info: IV_CIPHERS=AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:AES-256-CBC
10.10.10.1:49751 peer info: IV_LZO_STUB=1
10.10.10.1:49751 peer info: IV_COMP_STUB=1
10.10.10.1:49751 peer info: IV_COMP_STUBv2=1
10.10.10.1:49751 peer info: IV_AUTO_SESS=1
10.10.10.1:49751 peer info: IV_GUI_VER=net.openvpn.connect.android_3.2.7-7957
10.10.10.1:49751 peer info: IV_SSO=webauth,openurl
10.10.10.1:49751 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1601', remote='link-mtu 1602'
10.10.10.1:49751 WARNING: 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo'
10.10.10.1:49751 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256
10.10.10.1:49751 [client] Peer Connection Initiated with [AF_INET6]::ffff:10.10.10.1:49751
client/10.10.10.1:49751 MULTI_sva: pool returned IPv4=172.16.0.2, IPv6=(Not enabled)
client/10.10.10.1:49751 MULTI: Learn: 172.16.0.2 -> client/10.10.10.1:49751
client/10.10.10.1:49751 MULTI: primary virtual IP for client/10.10.10.1:49751: 172.16.0.2
client/10.10.10.1:49751 Data Channel: using negotiated cipher 'AES-256-GCM'
client/10.10.10.1:49751 Data Channel MTU parms [ L:1549 D:1450 EF:49 EB:406 ET:0 EL:3 ]
client/10.10.10.1:49751 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
client/10.10.10.1:49751 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
client/10.10.10.1:49751 SENT CONTROL [client]: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 10.10.10.1,dhcp-option DNS 8.8.8.8,dhcp-option DNS 208.67.222.222,dhcp-option DNS 208.67.220.220,route-gateway 172.16.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 172.16.0.2 255.255.255.0,peer-id 0,cipher AES-256-GCM' (status=1)
client/10.10.10.1:49751 PUSH: Received control message: 'PUSH_REQUEST'
client/10.10.10.1:49751 IP packet with unknown IP version=15 seen
client/10.10.10.1:49751 IP packet with unknown IP version=15 seen
[a few hundred of these lines which I cannot source to any issue]
read UDPv6 [NO-INFO]: Connection refused (code=111)
MULTI: multi_create_instance called
10.10.10.1:46192 Re-using SSL/TLS context
10.10.10.1:46192 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
10.10.10.1:46192 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
10.10.10.1:46192 Control Channel MTU parms [ L:1621 D:1140 EF:110 EB:0 ET:0 EL:3 ]
10.10.10.1:46192 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
10.10.10.1:46192 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1601,tun-mtu 1500,proto UDPv4,keydir 0,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-server'
10.10.10.1:46192 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1601,tun-mtu 1500,proto UDPv4,keydir 1,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-client'
10.10.10.1:46192 TLS: Initial packet from [AF_INET6]::ffff:10.10.10.1:46192, sid=d19e9234 20265081
10.10.10.1:46192 VERIFY OK: depth=1, CN=microwave
10.10.10.1:46192 VERIFY OK: depth=0, CN=client
10.10.10.1:46192 peer info: IV_VER=3.git::d3f8b18b:Release
10.10.10.1:46192 peer info: IV_PLAT=android
10.10.10.1:46192 peer info: IV_NCP=2
10.10.10.1:46192 peer info: IV_TCPNL=1
10.10.10.1:46192 peer info: IV_PROTO=30
10.10.10.1:46192 peer info: IV_CIPHERS=AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:AES-256-CBC
10.10.10.1:46192 peer info: IV_LZO_STUB=1
10.10.10.1:46192 peer info: IV_COMP_STUB=1
10.10.10.1:46192 peer info: IV_COMP_STUBv2=1
10.10.10.1:46192 peer info: IV_AUTO_SESS=1
10.10.10.1:46192 peer info: IV_GUI_VER=net.openvpn.connect.android_3.2.7-7957
10.10.10.1:46192 peer info: IV_SSO=webauth,openurl
10.10.10.1:46192 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1601', remote='link-mtu 1602'
10.10.10.1:46192 WARNING: 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo'
10.10.10.1:46192 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256
10.10.10.1:46192 [client] Peer Connection Initiated with [AF_INET6]::ffff:10.10.10.1:46192
MULTI: new connection by client 'client' will cause previous active sessions by this client to be dropped.  Remember to use the --duplicate-cn option if you want multiple clients using the same certificate or username to concurrently connect.
MULTI_sva: pool returned IPv4=172.16.0.2, IPv6=(Not enabled)
MULTI: Learn: 172.16.0.2 -> client/10.10.10.1:46192
MULTI: primary virtual IP for client/10.10.10.1:46192: 172.16.0.2
Data Channel: using negotiated cipher 'AES-256-GCM'
Data Channel MTU parms [ L:1549 D:1450 EF:49 EB:406 ET:0 EL:3 ]
Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
SENT CONTROL [client]: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 10.10.10.1,dhcp-option DNS 8.8.8.8,dhcp-option DNS 208.67.222.222,dhcp-option DNS 208.67.220.220,route-gateway 172.16.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 172.16.0.2 255.255.255.0,peer-id 1,cipher AES-256-GCM' (status=1)
client/10.10.10.1:46192 PUSH: Received control message: 'PUSH_REQUEST'
client/10.10.10.1:46192 IP packet with unknown IP version=15 seen
client/10.10.10.1:46192 IP packet with unknown IP version=15 seen
(yadda yadda)

client/10.10.10.1:46192 IP packet with unknown IP version=15 seen
client/10.10.10.1:46192 IP packet with unknown IP version=15 seen
client/10.10.10.1:46192 IP packet with unknown IP version=15 seen
client/10.10.10.1:46192 IP packet with unknown IP version=15 seen
client/10.10.10.1:46192 IP packet with unknown IP version=15 seen
client/10.10.10.1:46192 IP packet with unknown IP version=15 seen
client/10.10.10.1:46192 IP packet with unknown IP version=15 seen
client/10.10.10.1:46192 IP packet with unknown IP version=15 seen
client/10.10.10.1:46192 IP packet with unknown IP version=15 seen
client/10.10.10.1:46192 IP packet with unknown IP version=15 seen
client/10.10.10.1:46192 IP packet with unknown IP version=15 seen
client/10.10.10.1:46192 IP packet with unknown IP version=15 seen
client/10.10.10.1:46192 IP packet with unknown IP version=15 seen
client/10.10.10.1:46192 IP packet with unknown IP version=15 seen
client/10.10.10.1:46192 IP packet with unknown IP version=15 seen
client/10.10.10.1:46192 IP packet with unknown IP version=15 seen
read UDPv6 [NO-INFO]: Connection refused (code=111)
read UDPv6 [NO-INFO]: Connection refused (code=111)
read UDPv6 [NO-INFO]: Connection refused (code=111)
read UDPv6 [NO-INFO]: Connection refused (code=111)
read UDPv6 [NO-INFO]: Connection refused (code=111)
read UDPv6 [NO-INFO]: Connection refused (code=111)
read UDPv6 [NO-INFO]: Connection refused (code=111)
read UDPv6 [NO-INFO]: Connection refused (code=111)
read UDPv6 [NO-INFO]: Connection refused (code=111)
read UDPv6 [NO-INFO]: Connection refused (code=111)
read UDPv6 [NO-INFO]: Connection refused (code=111)
read UDPv6 [NO-INFO]: Connection refused (code=111)
read UDPv6 [NO-INFO]: Connection refused (code=111)
read UDPv6 [NO-INFO]: Connection refused (code=111)
read UDPv6 [NO-INFO]: Connection refused (code=111)
read UDPv6 [NO-INFO]: Connection refused (code=111)
read UDPv6 [NO-INFO]: Connection refused (code=111)
read UDPv6 [NO-INFO]: Connection refused (code=111)
read UDPv6 [NO-INFO]: Connection refused (code=111)
read UDPv6 [NO-INFO]: Connection refused (code=111)
read UDPv6 [NO-INFO]: Connection refused (code=111)
read UDPv6 [NO-INFO]: Connection refused (code=111)
read UDPv6 [NO-INFO]: Connection refused (code=111)
client/10.10.10.1:46192 [client] Inactivity timeout (--ping-restart), restarting
client/10.10.10.1:46192 SIGUSR1[soft,ping-restart] received, client-instance restarting
MULTI: multi_create_instance called

TinCanTech · Post by **TinCanTech** » Fri Jul 29, 2022 3:19 am

Once again, you have only provided a fraction of the data required .. but what I see shows no specific problems.

tamar · Post by **tamar** » Fri Jul 29, 2022 2:55 pm

Can you tell me what's missing? I provided everything in the logs for 2 separate logins.

I'll paste the full 36k lines unedited except IPs, of which 31k is client/x.x.x.x IPs anyway, I just wanted to be mindful of loading on phpBB.

tamar · Post by **tamar** » Fri Jul 29, 2022 3:17 pm

Here you go (part1) for a few client connections - I was 40x over the limit of max characters per post so I edited more of the IP version=15 stuff. I've since shortened this significantly but it was still going over the limit. I don't feel like this is enough because it seems like the stuff I provided yesterday.

What am I missing here?

Code: Select all

Current Parameter Settings:
  config = 'server.conf'
  mode = 1
  persist_config = DISABLED
  persist_mode = 1
  show_ciphers = DISABLED
  show_digests = DISABLED
  show_engines = DISABLED
  genkey = DISABLED
  genkey_filename = '[UNDEF]'
  key_pass_file = '[UNDEF]'
  show_tls_ciphers = DISABLED
  connect_retry_max = 0
Connection profiles [0]:
  proto = udp6
  local = '[UNDEF]'
  local_port = '82'
  remote = '[UNDEF]'
  remote_port = '82'
  remote_float = DISABLED
  bind_defined = DISABLED
  bind_local = ENABLED
  bind_ipv6_only = DISABLED
  connect_retry_seconds = 5
  connect_timeout = 120
  socks_proxy_server = '[UNDEF]'
  socks_proxy_port = '[UNDEF]'
  tun_mtu = 1500
  tun_mtu_defined = ENABLED
  link_mtu = 1500
  link_mtu_defined = DISABLED
  tun_mtu_extra = 0
  tun_mtu_extra_defined = DISABLED
  mtu_discover_type = -1
  fragment = 0
  mssfix = 1450
  explicit_exit_notification = 1
  tls_auth_file = '[INLINE]'
  key_direction = 0
  tls_crypt_file = '[UNDEF]'
  tls_crypt_v2_file = '[UNDEF]'
Connection profiles END
  remote_random = DISABLED
  ipchange = '[UNDEF]'
  dev = 'tun'
  dev_type = '[UNDEF]'
  dev_node = '[UNDEF]'
  lladdr = '[UNDEF]'
  topology = 3
  ifconfig_local = '172.16.0.1'
  ifconfig_remote_netmask = '255.255.255.0'
  ifconfig_noexec = DISABLED
  ifconfig_nowarn = DISABLED
  ifconfig_ipv6_local = '[UNDEF]'
  ifconfig_ipv6_netbits = 0
  ifconfig_ipv6_remote = '[UNDEF]'
  shaper = 0
  mtu_test = 0
  mlock = DISABLED
  keepalive_ping = 10
  keepalive_timeout = 120
  inactivity_timeout = 0
  inactivity_minimum_bytes = 0
  ping_send_timeout = 10
  ping_rec_timeout = 240
  ping_rec_timeout_action = 2
  ping_timer_remote = DISABLED
  remap_sigusr1 = 0
  persist_tun = ENABLED
  persist_local_ip = DISABLED
  persist_remote_ip = DISABLED
  persist_key = ENABLED
  passtos = DISABLED
  resolve_retry_seconds = 1000000000
  resolve_in_advance = DISABLED
  username = 'nobody'
  groupname = 'nobody'
  chroot_dir = '[UNDEF]'
  cd_dir = '[UNDEF]'
  selinux_context = '[UNDEF]'
  writepid = '[UNDEF]'
  up_script = '[UNDEF]'
  down_script = '[UNDEF]'
  down_pre = DISABLED
  up_restart = DISABLED
  up_delay = DISABLED
  daemon = DISABLED
  inetd = 0
  log = ENABLED
  suppress_timestamps = ENABLED
  machine_readable_output = DISABLED
  nice = 0
  verbosity = 4
  mute = 0
  gremlin = 0
  status_file = '/var/log/openvpn/openvpn-status.log'
  status_file_version = 2
  status_file_update_freq = 60
  occ = ENABLED
  rcvbuf = 0
  sndbuf = 0
  mark = 0
  sockflags = 0
  fast_io = DISABLED
  comp.alg = 0
  comp.flags = 0
  route_script = '[UNDEF]'
  route_default_gateway = '172.16.0.2'
  route_default_metric = 0
  route_noexec = DISABLED
  route_delay = 0
  route_delay_window = 30
  route_delay_defined = DISABLED
  route_nopull = DISABLED
  route_gateway_via_dhcp = DISABLED
  allow_pull_fqdn = DISABLED
  route 10.10.10.1/255.255.255.0/default (not set)/default (not set)
  management_addr = '[UNDEF]'
  management_port = '[UNDEF]'
  management_user_pass = '[UNDEF]'
  management_log_history_cache = 250
  management_echo_buffer_size = 100
  management_write_peer_info_file = '[UNDEF]'
  management_client_user = '[UNDEF]'
  management_client_group = '[UNDEF]'
  management_flags = 0
  shared_secret_file = '[UNDEF]'
  key_direction = 0
  ciphername = 'AES-256-CBC'
  ncp_enabled = ENABLED
  ncp_ciphers = 'AES-256-GCM:AES-128-GCM:AES-256-CBC:AES-128-CBC'
  authname = 'SHA512'
  prng_hash = 'SHA1'
  prng_nonce_secret_len = 16
  keysize = 0
  engine = DISABLED
  replay = ENABLED
  mute_replay_warnings = DISABLED
  replay_window = 64
  replay_time = 15
  packet_id_file = '[UNDEF]'
  test_crypto = DISABLED
  tls_server = ENABLED
  tls_client = DISABLED
  ca_file = 'ca.crt'
  ca_path = '[UNDEF]'
  dh_file = 'dh.pem'
  cert_file = 'issued/server.crt'
  extra_certs_file = '[UNDEF]'
  priv_key_file = 'private/server.key'
  pkcs12_file = '[UNDEF]'
  cipher_list = '[UNDEF]'
  cipher_list_tls13 = '[UNDEF]'
  tls_cert_profile = '[UNDEF]'
  tls_verify = '[UNDEF]'
  tls_export_cert = '[UNDEF]'
  verify_x509_type = 0
  verify_x509_name = '[UNDEF]'
  crl_file = '[UNDEF]'
  ns_cert_type = 0
  remote_cert_ku[i] = 0
  remote_cert_ku[i] = 0
  remote_cert_ku[i] = 0
  remote_cert_ku[i] = 0
  remote_cert_ku[i] = 0
  remote_cert_ku[i] = 0
  remote_cert_eku = '[UNDEF]'
  ssl_flags = 0
  tls_timeout = 2
  renegotiate_bytes = -1
  renegotiate_packets = 0
  renegotiate_seconds = 3600
  handshake_window = 60
  transition_window = 3600
  single_session = DISABLED
  push_peer_info = DISABLED
  tls_exit = DISABLED
  tls_crypt_v2_metadata = '[UNDEF]'
  pkcs11_protected_authentication = DISABLED
  pkcs11_protected_authentication = DISABLED
  pkcs11_protected_authentication = DISABLED
  pkcs11_protected_authentication = DISABLED
  pkcs11_protected_authentication = DISABLED
  pkcs11_protected_authentication = DISABLED
  pkcs11_private_mode = 00000000
  pkcs11_private_mode = 00000000
  pkcs11_private_mode = 00000000
  pkcs11_private_mode = 00000000
  pkcs11_private_mode = 00000000
  pkcs11_private_mode = 00000000
  pkcs11_private_mode = 00000000
  pkcs11_cert_private = DISABLED
  pkcs11_cert_private = DISABLED
  pkcs11_cert_private = DISABLED
  pkcs11_cert_private = DISABLED
  pkcs11_cert_private = DISABLED
  pkcs11_cert_private = DISABLED
  pkcs11_pin_cache_period = -1
  pkcs11_id = '[UNDEF]'
  pkcs11_id_management = DISABLED
  server_network = 172.16.0.0
  server_netmask = 255.255.255.0
  server_network_ipv6 = ::
  server_netbits_ipv6 = 0
  server_bridge_ip = 0.0.0.0
  server_bridge_netmask = 0.0.0.0
  server_bridge_pool_start = 0.0.0.0
  server_bridge_pool_end = 0.0.0.0
  push_entry = 'redirect-gateway def1'
  push_entry = 'dhcp-option DNS 10.10.10.1'
  push_entry = 'dhcp-option DNS 8.8.8.8'
  push_entry = 'dhcp-option DNS 208.67.222.222'
  push_entry = 'dhcp-option DNS 208.67.220.220'
  push_entry = 'route-gateway 172.16.0.1'
  push_entry = 'topology subnet'
  push_entry = 'ping 10'
  push_entry = 'ping-restart 120'
  ifconfig_pool_defined = ENABLED
  ifconfig_pool_start = 172.16.0.2
  ifconfig_pool_end = 172.16.0.254
  ifconfig_pool_netmask = 255.255.255.0
  ifconfig_pool_persist_filename = 'ipp.txt'
  ifconfig_pool_persist_refresh_freq = 600
  ifconfig_ipv6_pool_defined = DISABLED
  ifconfig_ipv6_pool_base = ::
  ifconfig_ipv6_pool_netbits = 0
  n_bcast_buf = 256
  tcp_queue_limit = 64
  real_hash_size = 256
  virtual_hash_size = 256
  client_connect_script = '[UNDEF]'
  learn_address_script = '[UNDEF]'
  client_disconnect_script = '[UNDEF]'
  client_config_dir = '[UNDEF]'
  ccd_exclusive = DISABLED
  tmp_dir = '/tmp'
  push_ifconfig_defined = DISABLED
  push_ifconfig_local = 0.0.0.0
  push_ifconfig_remote_netmask = 0.0.0.0
  push_ifconfig_ipv6_defined = DISABLED
  push_ifconfig_ipv6_local = ::/0
  push_ifconfig_ipv6_remote = ::
  enable_c2c = DISABLED
  duplicate_cn = DISABLED
  cf_max = 0
  cf_per = 0
  max_clients = 1024
  max_routes_per_client = 256
  auth_user_pass_verify_script = '[UNDEF]'
  auth_user_pass_verify_script_via_file = DISABLED
  auth_token_generate = DISABLED
  auth_token_lifetime = 0
  auth_token_secret_file = '[UNDEF]'
  port_share_host = '[UNDEF]'
  port_share_port = '[UNDEF]'
  vlan_tagging = DISABLED
  vlan_accept = all
  vlan_pvid = 1
  client = DISABLED
  pull = DISABLED
  auth_user_pass_file = '[UNDEF]'
OpenVPN 2.5.7 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on May 31 2022
library versions: OpenSSL 3.0.5 5 Jul 2022, LZO 2.10
net_route_v4_best_gw query: dst 0.0.0.0
net_route_v4_best_gw result: via 10.10.10.1 dev enp3s0
Diffie-Hellman initialized with 2048 bit key
Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
TLS-Auth MTU parms [ L:1621 D:1140 EF:110 EB:0 ET:0 EL:3 ]
net_route_v4_best_gw query: dst 0.0.0.0
net_route_v4_best_gw result: via 10.10.10.1 dev enp3s0
ROUTE_GATEWAY 10.10.10.1/255.255.255.0 IFACE=enp3s0 HWADDR=00:24:21:10:56:fb
TUN/TAP device tun0 opened
do_ifconfig, ipv4=1, ipv6=0
net_iface_mtu_set: mtu 1500 for tun0
net_iface_up: set tun0 up
net_addr_v4_add: 172.16.0.1/24 dev tun0
net_route_v4_add: 10.10.10.1/24 via 172.16.0.2 dev [NULL] table 0 metric -1
sitnl_send: rtnl: generic error (-22): Invalid argument
ERROR: Linux route add command failed
Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
Socket Buffers: R=[212992->212992] S=[212992->212992]
setsockopt(IPV6_V6ONLY=0)
UDPv6 link local (bound): [AF_INET6][undef]:82
UDPv6 link remote: [AF_UNSPEC]
GID set to nobody
UID set to nobody
MULTI: multi_init called, r=256 v=256
IFCONFIG POOL IPv4: base=172.16.0.2 size=253
ifconfig_pool_read(), in='client,172.16.0.2,'
succeeded -> ifconfig_pool_set(hand=0)
ifconfig_pool_read(), in='client,172.16.0.3,'
succeeded -> ifconfig_pool_set(hand=1)
IFCONFIG POOL LIST
client,172.16.0.2,
client,172.16.0.3,
Initialization Sequence Completed
MULTI: multi_create_instance called
x.x.x.x:8225 Re-using SSL/TLS context
x.x.x.x:8225 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
x.x.x.x:8225 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
x.x.x.x:8225 Control Channel MTU parms [ L:1621 D:1140 EF:110 EB:0 ET:0 EL:3 ]
x.x.x.x:8225 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
x.x.x.x:8225 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1601,tun-mtu 1500,proto UDPv4,keydir 0,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-server'
x.x.x.x:8225 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1601,tun-mtu 1500,proto UDPv4,keydir 1,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-client'
x.x.x.x:8225 TLS: Initial packet from [AF_INET6]::ffff:x.x.x.x:8225, sid=0d4f1986 ec7db3f0
x.x.x.x:8225 VERIFY OK: depth=1, CN=microwave
x.x.x.x:8225 VERIFY OK: depth=0, CN=client
x.x.x.x:8225 peer info: IV_VER=3.git::d3f8b18b:Release
x.x.x.x:8225 peer info: IV_PLAT=android
x.x.x.x:8225 peer info: IV_NCP=2
x.x.x.x:8225 peer info: IV_TCPNL=1
x.x.x.x:8225 peer info: IV_PROTO=30
x.x.x.x:8225 peer info: IV_CIPHERS=AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:AES-256-CBC
x.x.x.x:8225 peer info: IV_LZO_STUB=1
x.x.x.x:8225 peer info: IV_COMP_STUB=1
x.x.x.x:8225 peer info: IV_COMP_STUBv2=1
x.x.x.x:8225 peer info: IV_AUTO_SESS=1
x.x.x.x:8225 peer info: IV_GUI_VER=net.openvpn.connect.android_3.2.7-7957
x.x.x.x:8225 peer info: IV_SSO=webauth,openurl
x.x.x.x:8225 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1601', remote='link-mtu 1602'
x.x.x.x:8225 WARNING: 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo'
x.x.x.x:8225 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256
x.x.x.x:8225 [client] Peer Connection Initiated with [AF_INET6]::ffff:x.x.x.x:8225
client/x.x.x.x:8225 MULTI_sva: pool returned IPv4=172.16.0.2, IPv6=(Not enabled)
client/x.x.x.x:8225 MULTI: Learn: 172.16.0.2 -> client/x.x.x.x:8225
client/x.x.x.x:8225 MULTI: primary virtual IP for client/x.x.x.x:8225: 172.16.0.2
client/x.x.x.x:8225 Data Channel: using negotiated cipher 'AES-256-GCM'
client/x.x.x.x:8225 Data Channel MTU parms [ L:1549 D:1450 EF:49 EB:406 ET:0 EL:3 ]
client/x.x.x.x:8225 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
client/x.x.x.x:8225 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
client/x.x.x.x:8225 SENT CONTROL [client]: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 10.10.10.1,dhcp-option DNS 8.8.8.8,dhcp-option DNS 208.67.222.222,dhcp-option DNS 208.67.220.220,route-gateway 172.16.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 172.16.0.2 255.255.255.0,peer-id 0,cipher AES-256-GCM' (status=1)
client/x.x.x.x:8225 PUSH: Received control message: 'PUSH_REQUEST'
client/x.x.x.x:8225 IP packet with unknown IP version=15 seen
client/x.x.x.x:8225 IP packet with unknown IP version=15 seen
client/x.x.x.x:8225 IP packet with unknown IP version=15 seen
client/x.x.x.x:8225 IP packet with unknown IP version=15 seen
client/x.x.x.x:8225 IP packet with unknown IP version=15 seen
client/x.x.x.x:8225 IP packet with unknown IP version=15 seen
client/x.x.x.x:8225 IP packet with unknown IP version=15 seen
client/x.x.x.x:8225 IP packet with unknown IP version=15 seen
client/x.x.x.x:8225 IP packet with unknown IP version=15 seen
client/x.x.x.x:8225 IP packet with unknown IP version=15 seen
read UDPv6 [NO-INFO]: Connection refused (code=111)
MULTI: multi_create_instance called
x.x.x.x:8228 Re-using SSL/TLS context
x.x.x.x:8228 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
x.x.x.x:8228 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
x.x.x.x:8228 Control Channel MTU parms [ L:1621 D:1140 EF:110 EB:0 ET:0 EL:3 ]
x.x.x.x:8228 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
x.x.x.x:8228 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1601,tun-mtu 1500,proto UDPv4,keydir 0,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-server'
x.x.x.x:8228 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1601,tun-mtu 1500,proto UDPv4,keydir 1,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-client'
x.x.x.x:8228 TLS: Initial packet from [AF_INET6]::ffff:x.x.x.x:8228, sid=7b3a9244 8d6a164a
x.x.x.x:8228 VERIFY OK: depth=1, CN=microwave
x.x.x.x:8228 VERIFY OK: depth=0, CN=client
x.x.x.x:8228 peer info: IV_VER=3.git::d3f8b18b:Release
x.x.x.x:8228 peer info: IV_PLAT=android
x.x.x.x:8228 peer info: IV_NCP=2
x.x.x.x:8228 peer info: IV_TCPNL=1
x.x.x.x:8228 peer info: IV_PROTO=30
x.x.x.x:8228 peer info: IV_CIPHERS=AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:AES-256-CBC
x.x.x.x:8228 peer info: IV_LZO_STUB=1
x.x.x.x:8228 peer info: IV_COMP_STUB=1
x.x.x.x:8228 peer info: IV_COMP_STUBv2=1
x.x.x.x:8228 peer info: IV_AUTO_SESS=1
x.x.x.x:8228 peer info: IV_GUI_VER=net.openvpn.connect.android_3.2.7-7957
x.x.x.x:8228 peer info: IV_SSO=webauth,openurl
x.x.x.x:8228 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1601', remote='link-mtu 1602'
x.x.x.x:8228 WARNING: 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo'
x.x.x.x:8228 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256
x.x.x.x:8228 [client] Peer Connection Initiated with [AF_INET6]::ffff:x.x.x.x:8228
MULTI: new connection by client 'client' will cause previous active sessions by this client to be dropped.  Remember to use the --duplicate-cn option if you want multiple clients using the same certificate or username to concurrently connect.
MULTI_sva: pool returned IPv4=172.16.0.2, IPv6=(Not enabled)
MULTI: Learn: 172.16.0.2 -> client/x.x.x.x:8228
MULTI: primary virtual IP for client/x.x.x.x:8228: 172.16.0.2
Data Channel: using negotiated cipher 'AES-256-GCM'
Data Channel MTU parms [ L:1549 D:1450 EF:49 EB:406 ET:0 EL:3 ]
Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
SENT CONTROL [client]: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 10.10.10.1,dhcp-option DNS 8.8.8.8,dhcp-option DNS 208.67.222.222,dhcp-option DNS 208.67.220.220,route-gateway 172.16.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 172.16.0.2 255.255.255.0,peer-id 1,cipher AES-256-GCM' (status=1)
client/x.x.x.x:8228 PUSH: Received control message: 'PUSH_REQUEST'
client/x.x.x.x:8228 IP packet with unknown IP version=15 seen
client/x.x.x.x:8228 IP packet with unknown IP version=15 seen
client/x.x.x.x:8228 IP packet with unknown IP version=15 seen
client/x.x.x.x:8228 IP packet with unknown IP version=15 seen
client/x.x.x.x:8228 IP packet with unknown IP version=15 seen
client/x.x.x.x:8228 IP packet with unknown IP version=15 seen
client/x.x.x.x:8228 IP packet with unknown IP version=15 seen
client/x.x.x.x:8228 IP packet with unknown IP version=15 seen
client/x.x.x.x:2779 IP packet with unknown IP version=15 seen
client/x.x.x.x:2779 IP packet with unknown IP version=15 seen
client/x.x.x.x:2779 IP packet with unknown IP version=15 seen
client/x.x.x.x:2779 IP packet with unknown IP version=15 seen
client/x.x.x.x:2779 IP packet with unknown IP version=15 seen
MULTI: multi_create_instance called
x.x.x.x:8237 Re-using SSL/TLS context
x.x.x.x:8237 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
x.x.x.x:8237 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
x.x.x.x:8237 Control Channel MTU parms [ L:1621 D:1140 EF:110 EB:0 ET:0 EL:3 ]
x.x.x.x:8237 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
x.x.x.x:8237 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1601,tun-mtu 1500,proto UDPv4,keydir 0,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-server'
x.x.x.x:8237 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1601,tun-mtu 1500,proto UDPv4,keydir 1,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-client'
x.x.x.x:8237 TLS: Initial packet from [AF_INET6]::ffff:x.x.x.x:8237, sid=16094d88 0bd2f62b
x.x.x.x:8237 VERIFY OK: depth=1, CN=microwave
x.x.x.x:8237 VERIFY OK: depth=0, CN=client
x.x.x.x:8237 peer info: IV_VER=3.git::d3f8b18b:Release
x.x.x.x:8237 peer info: IV_PLAT=android
x.x.x.x:8237 peer info: IV_NCP=2
x.x.x.x:8237 peer info: IV_TCPNL=1
x.x.x.x:8237 peer info: IV_PROTO=30
x.x.x.x:8237 peer info: IV_CIPHERS=AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:AES-256-CBC
x.x.x.x:8237 peer info: IV_LZO_STUB=1
x.x.x.x:8237 peer info: IV_COMP_STUB=1
x.x.x.x:8237 peer info: IV_COMP_STUBv2=1
x.x.x.x:8237 peer info: IV_AUTO_SESS=1
x.x.x.x:8237 peer info: IV_GUI_VER=net.openvpn.connect.android_3.2.7-7957
x.x.x.x:8237 peer info: IV_SSO=webauth,openurl
x.x.x.x:8237 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1601', remote='link-mtu 1602'
x.x.x.x:8237 WARNING: 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo'
x.x.x.x:8237 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256
x.x.x.x:8237 [client] Peer Connection Initiated with [AF_INET6]::ffff:x.x.x.x:8237
MULTI: new connection by client 'client' will cause previous active sessions by this client to be dropped.  Remember to use the --duplicate-cn option if you want multiple clients using the same certificate or username to concurrently connect.
MULTI_sva: pool returned IPv4=172.16.0.2, IPv6=(Not enabled)
MULTI: Learn: 172.16.0.2 -> client/x.x.x.x:8237
MULTI: primary virtual IP for client/x.x.x.x:8237: 172.16.0.2
Data Channel: using negotiated cipher 'AES-256-GCM'
Data Channel MTU parms [ L:1549 D:1450 EF:49 EB:406 ET:0 EL:3 ]
Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
SENT CONTROL [client]: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 10.10.10.1,dhcp-option DNS 8.8.8.8,dhcp-option DNS 208.67.222.222,dhcp-option DNS 208.67.220.220,route-gateway 172.16.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 172.16.0.2 255.255.255.0,peer-id 0,cipher AES-256-GCM' (status=1)
client/x.x.x.x:8237 PUSH: Received control message: 'PUSH_REQUEST'
client/x.x.x.x:8237 IP packet with unknown IP version=15 seen
client/x.x.x.x:8237 IP packet with unknown IP version=15 seen
client/x.x.x.x:8237 IP packet with unknown IP version=15 seen
client/x.x.x.x:8237 IP packet with unknown IP version=15 seen
client/x.x.x.x:8237 IP packet with unknown IP version=15 seen
client/x.x.x.x:8237 IP packet with unknown IP version=15 seen
client/x.x.x.x:8237 IP packet with unknown IP version=15 seen
client/x.x.x.x:8237 IP packet with unknown IP version=15 seen
client/x.x.x.x:8237 IP packet with unknown IP version=15 seen
client/x.x.x.x:8237 PID_ERR replay-window backtrack occurred [1] [SSL-0] [0_00000000000000000000] 0:22 0:21 t=1658948294[0] r=[0,64,15,1,1] sl=[42,22,64,528]
client/x.x.x.x:8237 IP packet with unknown IP version=15 seen
client/x.x.x.x:8237 IP packet with unknown IP version=15 seen
client/x.x.x.x:8237 IP packet with unknown IP version=15 seen
client/x.x.x.x:8237 IP packet with unknown IP version=15 seen
client/x.x.x.x:8237 IP packet with unknown IP version=15 seen
client/x.x.x.x:8237 IP packet with unknown IP version=15 seen
client/x.x.x.x:8237 IP packet with unknown IP version=15 seen
client/x.x.x.x:8237 IP packet with unknown IP version=15 seen
client/x.x.x.x:8237 IP packet with unknown IP version=15 seen
MULTI: multi_create_instance called
x.x.x.x:2765 Re-using SSL/TLS context
x.x.x.x:2765 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
x.x.x.x:2765 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
x.x.x.x:2765 Control Channel MTU parms [ L:1621 D:1140 EF:110 EB:0 ET:0 EL:3 ]
x.x.x.x:2765 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
x.x.x.x:2765 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1601,tun-mtu 1500,proto UDPv4,keydir 0,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-server'
x.x.x.x:2765 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1601,tun-mtu 1500,proto UDPv4,keydir 1,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-client'
x.x.x.x:2765 TLS: Initial packet from [AF_INET6]::ffff:x.x.x.x:2765, sid=6eadb77c 8fb4047d
x.x.x.x:2765 VERIFY OK: depth=1, CN=microwave
x.x.x.x:2765 VERIFY OK: depth=0, CN=client
x.x.x.x:2765 peer info: IV_VER=3.git::d3f8b18b:Release
x.x.x.x:2765 peer info: IV_PLAT=android
x.x.x.x:2765 peer info: IV_NCP=2
x.x.x.x:2765 peer info: IV_TCPNL=1
x.x.x.x:2765 peer info: IV_PROTO=30
x.x.x.x:2765 peer info: IV_CIPHERS=AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:AES-256-CBC
x.x.x.x:2765 peer info: IV_LZO_STUB=1
x.x.x.x:2765 peer info: IV_COMP_STUB=1
x.x.x.x:2765 peer info: IV_COMP_STUBv2=1
x.x.x.x:2765 peer info: IV_AUTO_SESS=1
x.x.x.x:2765 peer info: IV_GUI_VER=net.openvpn.connect.android_3.2.7-7957
x.x.x.x:2765 peer info: IV_SSO=webauth,openurl
x.x.x.x:2765 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1601', remote='link-mtu 1602'
x.x.x.x:2765 WARNING: 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo'
x.x.x.x:2765 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256
x.x.x.x:2765 [client] Peer Connection Initiated with [AF_INET6]::ffff:x.x.x.x:2765
MULTI: new connection by client 'client' will cause previous active sessions by this client to be dropped.  Remember to use the --duplicate-cn option if you want multiple clients using the same certificate or username to concurrently connect.
MULTI_sva: pool returned IPv4=172.16.0.2, IPv6=(Not enabled)
MULTI: Learn: 172.16.0.2 -> client/x.x.x.x:2765
MULTI: primary virtual IP for client/x.x.x.x:2765: 172.16.0.2
Data Channel: using negotiated cipher 'AES-256-GCM'
Data Channel MTU parms [ L:1549 D:1450 EF:49 EB:406 ET:0 EL:3 ]
Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
SENT CONTROL [client]: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 10.10.10.1,dhcp-option DNS 8.8.8.8,dhcp-option DNS 208.67.222.222,dhcp-option DNS 208.67.220.220,route-gateway 172.16.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 172.16.0.2 255.255.255.0,peer-id 1,cipher AES-256-GCM' (status=1)
client/x.x.x.x:2765 PUSH: Received control message: 'PUSH_REQUEST'
client/x.x.x.x:2765 IP packet with unknown IP version=15 seen
client/x.x.x.x:2765 IP packet with unknown IP version=15 seen
client/x.x.x.x:2765 IP packet with unknown IP version=15 seen
client/x.x.x.x:2765 IP packet with unknown IP version=15 seen
client/x.x.x.x:2765 IP packet with unknown IP version=15 seen
client/x.x.x.x:2765 IP packet with unknown IP version=15 seen
client/x.x.x.x:2765 IP packet with unknown IP version=15 seen
client/x.x.x.x:2765 IP packet with unknown IP version=15 seen
MULTI: multi_create_instance called
x.x.x.x:8244 Re-using SSL/TLS context
x.x.x.x:8244 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
x.x.x.x:8244 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
x.x.x.x:8244 Control Channel MTU parms [ L:1621 D:1140 EF:110 EB:0 ET:0 EL:3 ]
x.x.x.x:8244 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
x.x.x.x:8244 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1601,tun-mtu 1500,proto UDPv4,keydir 0,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-server'
x.x.x.x:8244 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1601,tun-mtu 1500,proto UDPv4,keydir 1,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-client'
x.x.x.x:8244 TLS: Initial packet from [AF_INET6]::ffff:x.x.x.x:8244, sid=21bb446a 4f22c85f
x.x.x.x:8244 VERIFY OK: depth=1, CN=microwave
x.x.x.x:8244 VERIFY OK: depth=0, CN=client
x.x.x.x:8244 peer info: IV_VER=3.git::d3f8b18b:Release
x.x.x.x:8244 peer info: IV_PLAT=android
x.x.x.x:8244 peer info: IV_NCP=2
x.x.x.x:8244 peer info: IV_TCPNL=1
x.x.x.x:8244 peer info: IV_PROTO=30
x.x.x.x:8244 peer info: IV_CIPHERS=AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:AES-256-CBC
x.x.x.x:8244 peer info: IV_LZO_STUB=1
x.x.x.x:8244 peer info: IV_COMP_STUB=1
x.x.x.x:8244 peer info: IV_COMP_STUBv2=1
x.x.x.x:8244 peer info: IV_AUTO_SESS=1
x.x.x.x:8244 peer info: IV_GUI_VER=net.openvpn.connect.android_3.2.7-7957
x.x.x.x:8244 peer info: IV_SSO=webauth,openurl
x.x.x.x:8244 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1601', remote='link-mtu 1602'
x.x.x.x:8244 WARNING: 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo'
x.x.x.x:8244 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256
x.x.x.x:8244 [client] Peer Connection Initiated with [AF_INET6]::ffff:x.x.x.x:8244



,dhcp-option DNS 10.10.10.1,dhcp-option DNS 8.8.8.8,dhcp-option DNS 208.67.222.222,dhcp-option DNS 208.67.220.220,route-gateway 172.16.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 172.16.0.2 255.255.255.0,peer-id 0,cipher AES-256-GCM' (status=1)
client/x.x.x.x:8244 PUSH: Received control message: 'PUSH_REQUEST'
client/x.x.x.x:8244 IP packet with unknown IP version=15 seen
client/x.x.x.x:8244 IP packet with unknown IP version=15 seen
client/x.x.x.x:8234 IP packet with unknown IP version=15 seen
client/x.x.x.x:8234 IP packet with unknown IP version=15 seen
client/x.x.x.x:8234 IP packet with unknown IP version=15 seen
client/x.x.x.x:8234 IP packet with unknown IP version=15 seen
client/x.x.x.x:8234 IP packet with unknown IP version=15 seen
MULTI: multi_create_instance called
x.x.x.x:8252 Re-using SSL/TLS context
x.x.x.x:8252 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
x.x.x.x:8252 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
x.x.x.x:8252 Control Channel MTU parms [ L:1621 D:1140 EF:110 EB:0 ET:0 EL:3 ]
x.x.x.x:8252 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
x.x.x.x:8252 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1601,tun-mtu 1500,proto UDPv4,keydir 0,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-server'
x.x.x.x:8252 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1601,tun-mtu 1500,proto UDPv4,keydir 1,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-client'
x.x.x.x:8252 TLS: Initial packet from [AF_INET6]::ffff:x.x.x.x:8252, sid=39a98b71 8a42c84c
x.x.x.x:8252 VERIFY OK: depth=1, CN=microwave
x.x.x.x:8252 VERIFY OK: depth=0, CN=client
x.x.x.x:8252 peer info: IV_VER=3.git::d3f8b18b:Release
x.x.x.x:8252 peer info: IV_PLAT=android
x.x.x.x:8252 peer info: IV_NCP=2
x.x.x.x:8252 peer info: IV_TCPNL=1
x.x.x.x:8252 peer info: IV_PROTO=30
x.x.x.x:8252 peer info: IV_CIPHERS=AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:AES-256-CBC
x.x.x.x:8252 peer info: IV_LZO_STUB=1
x.x.x.x:8252 peer info: IV_COMP_STUB=1
x.x.x.x:8252 peer info: IV_COMP_STUBv2=1
x.x.x.x:8252 peer info: IV_AUTO_SESS=1
x.x.x.x:8252 peer info: IV_GUI_VER=net.openvpn.connect.android_3.2.7-7957
x.x.x.x:8252 peer info: IV_SSO=webauth,openurl
x.x.x.x:8252 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1601', remote='link-mtu 1602'
x.x.x.x:8252 WARNING: 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo'
x.x.x.x:8252 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256
x.x.x.x:8252 [client] Peer Connection Initiated with [AF_INET6]::ffff:x.x.x.x:8252
MULTI: new connection by client 'client' will cause previous active sessions by this client to be dropped.  Remember to use the --duplicate-cn option if you want multiple clients using the same certificate or username to concurrently connect.
MULTI_sva: pool returned IPv4=172.16.0.2, IPv6=(Not enabled)
MULTI: Learn: 172.16.0.2 -> client/x.x.x.x:8252
MULTI: primary virtual IP for client/x.x.x.x:8252: 172.16.0.2
Data Channel: using negotiated cipher 'AES-256-GCM'
Data Channel MTU parms [ L:1549 D:1450 EF:49 EB:406 ET:0 EL:3 ]
Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
SENT CONTROL [client]: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 10.10.10.1,dhcp-option DNS 8.8.8.8,dhcp-option DNS 208.67.222.222,dhcp-option DNS 208.67.220.220,route-gateway 172.16.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 172.16.0.2 255.255.255.0,peer-id 1,cipher AES-256-GCM' (status=1)
client/x.x.x.x:8252 PUSH: Received control message: 'PUSH_REQUEST'
client/x.x.x.x:8252 IP packet with unknown IP version=15 seen
client/x.x.x.x:8252 IP packet with unknown IP version=15 seen
client/x.x.x.x:8252 IP packet with unknown IP version=15 seen
client/x.x.x.x:8252 IP packet with unknown IP version=15 seen
client/x.x.x.x:8252 IP packet with unknown IP version=15 seen
client/x.x.x.x:8252 PID_ERR replay-window backtrack occurred [2] [SSL-0] [00_0000000000000000000] 0:22 0:20 t=1658948906[0] r=[0,64,15,2,1] sl=[42,22,64,528]
client/x.x.x.x:8252 IP packet with unknown IP version=15 seen
client/x.x.x.x:8252 IP packet with unknown IP version=15 seen
client/x.x.x.x:8252 IP packet with unknown IP version=15 seen
client/x.x.x.x:8252 IP packet with unknown IP version=15 seen
client/x.x.x.x:8252 IP packet with unknown IP version=15 seen
client/x.x.x.x:8252 IP packet with unknown IP version=15 seen
client/x.x.x.x:8252 IP packet with unknown IP version=15 seen
client/x.x.x.x:8252 IP packet with unknown IP version=15 seen
client/x.x.x.x:8252 IP packet with unknown IP version=15 seen
client/x.x.x.x:8252 IP packet with unknown IP version=15 seen
client/x.x.x.x:8252 IP packet with unknown IP version=15 seen
client/x.x.x.x:8252 IP packet with unknown IP version=15 seen
client/x.x.x.x:8252 IP packet with unknown IP version=15 seen
client/x.x.x.x:8252 IP packet with unknown IP version=15 seen
client/x.x.x.x:8252 IP packet with unknown IP version=15 seen
client/x.x.x.x:8252 IP packet with unknown IP version=15 seen
client/x.x.x.x:8252 IP packet with unknown IP version=15 seen
MULTI: multi_create_instance called
x.x.x.x:8226 Re-using SSL/TLS context
x.x.x.x:8226 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
x.x.x.x:8226 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
x.x.x.x:8226 Control Channel MTU parms [ L:1621 D:1140 EF:110 EB:0 ET:0 EL:3 ]
x.x.x.x:8226 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
x.x.x.x:8226 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1601,tun-mtu 1500,proto UDPv4,keydir 0,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-server'
x.x.x.x:8226 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1601,tun-mtu 1500,proto UDPv4,keydir 1,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-client'
x.x.x.x:8226 TLS: Initial packet from [AF_INET6]::ffff:x.x.x.x:8226, sid=486ebd27 ac0c6e71
x.x.x.x:8226 VERIFY OK: depth=1, CN=microwave
x.x.x.x:8226 VERIFY OK: depth=0, CN=client
x.x.x.x:8226 peer info: IV_VER=3.git::d3f8b18b:Release
x.x.x.x:8226 peer info: IV_PLAT=android
x.x.x.x:8226 peer info: IV_NCP=2
x.x.x.x:8226 peer info: IV_TCPNL=1
x.x.x.x:8226 peer info: IV_PROTO=30
x.x.x.x:8226 peer info: IV_CIPHERS=AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:AES-256-CBC
x.x.x.x:8226 peer info: IV_LZO_STUB=1
x.x.x.x:8226 peer info: IV_COMP_STUB=1
x.x.x.x:8226 peer info: IV_COMP_STUBv2=1
x.x.x.x:8226 peer info: IV_AUTO_SESS=1
x.x.x.x:8226 peer info: IV_GUI_VER=net.openvpn.connect.android_3.2.7-7957
x.x.x.x:8226 peer info: IV_SSO=webauth,openurl
x.x.x.x:8226 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1601', remote='link-mtu 1602'
x.x.x.x:8226 WARNING: 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo'
x.x.x.x:8226 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256
x.x.x.x:8226 [client] Peer Connection Initiated with [AF_INET6]::ffff:x.x.x.x:8226
MULTI: new connection by client 'client' will cause previous active sessions by this client to be dropped.  Remember to use the --duplicate-cn option if you want multiple clients using the same certificate or username to concurrently connect.
MULTI_sva: pool returned IPv4=172.16.0.2, IPv6=(Not enabled)
MULTI: Learn: 172.16.0.2 -> client/x.x.x.x:8226
MULTI: primary virtual IP for client/x.x.x.x:8226: 172.16.0.2
Data Channel: using negotiated cipher 'AES-256-GCM'
Data Channel MTU parms [ L:1549 D:1450 EF:49 EB:406 ET:0 EL:3 ]
Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
SENT CONTROL [client]: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 10.10.10.1,dhcp-option DNS 8.8.8.8,dhcp-option DNS 208.67.222.222,dhcp-option DNS 208.67.220.220,route-gateway 172.16.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 172.16.0.2 255.255.255.0,peer-id 0,cipher AES-256-GCM' (status=1)
client/x.x.x.x:8226 PUSH: Received control message: 'PUSH_REQUEST'
client/x.x.x.x:8226 IP packet with unknown IP version=15 seen
client/x.x.x.x:8226 IP packet with unknown IP version=15 seen
client/x.x.x.x:8226 IP packet with unknown IP version=15 seen
client/x.x.x.x:8226 IP packet with unknown IP version=15 seen
client/x.x.x.x:8226 IP packet with unknown IP version=15 seen
client/x.x.x.x:8226 IP packet with unknown IP version=15 seen
client/x.x.x.x:8226 IP packet with unknown IP version=15 seen
client/x.x.x.x:8226 IP packet with unknown IP version=15 seen
client/x.x.x.x:8226 IP packet with unknown IP version=15 seen
client/x.x.x.x:8226 IP packet with unknown IP version=15 seen
client/x.x.x.x:8226 IP packet with unknown IP version=15 seen
client/x.x.x.x:8226 IP packet with unknown IP version=15 seen
client/x.x.x.x:8226 IP packet with unknown IP version=15 seen
client/x.x.x.x:8226 IP packet with unknown IP version=15 seen
client/x.x.x.x:8226 IP packet with unknown IP version=15 seen
read UDPv6 [NO-INFO]: Connection refused (code=111)
MULTI: multi_create_instance called
x.x.x.x:8233 Re-using SSL/TLS context
x.x.x.x:8233 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
x.x.x.x:8233 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
x.x.x.x:8233 Control Channel MTU parms [ L:1621 D:1140 EF:110 EB:0 ET:0 EL:3 ]
x.x.x.x:8233 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
x.x.x.x:8233 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1601,tun-mtu 1500,proto UDPv4,keydir 0,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-server'
x.x.x.x:8233 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1601,tun-mtu 1500,proto UDPv4,keydir 1,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-client'
x.x.x.x:8233 TLS: Initial packet from [AF_INET6]::ffff:x.x.x.x:8233, sid=fe836bf3 c45b942a
x.x.x.x:8233 VERIFY OK: depth=1, CN=microwave
x.x.x.x:8233 VERIFY OK: depth=0, CN=client
x.x.x.x:8233 peer info: IV_VER=3.git::d3f8b18b:Release
x.x.x.x:8233 peer info: IV_PLAT=android
x.x.x.x:8233 peer info: IV_NCP=2
x.x.x.x:8233 peer info: IV_TCPNL=1
x.x.x.x:8233 peer info: IV_PROTO=30
x.x.x.x:8233 peer info: IV_CIPHERS=AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:AES-256-CBC
x.x.x.x:8233 peer info: IV_LZO_STUB=1
x.x.x.x:8233 peer info: IV_COMP_STUB=1
x.x.x.x:8233 peer info: IV_COMP_STUBv2=1
x.x.x.x:8233 peer info: IV_AUTO_SESS=1
x.x.x.x:8233 peer info: IV_GUI_VER=net.openvpn.connect.android_3.2.7-7957
x.x.x.x:8233 peer info: IV_SSO=webauth,openurl
x.x.x.x:8233 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1601', remote='link-mtu 1602'
x.x.x.x:8233 WARNING: 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo'
x.x.x.x:8233 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256
x.x.x.x:8233 [client] Peer Connection Initiated with [AF_INET6]::ffff:x.x.x.x:8233
MULTI: new connection by client 'client' will cause previous active sessions by this client to be dropped.  Remember to use the --duplicate-cn option if you want multiple clients using the same certificate or username to concurrently connect.
MULTI_sva: pool returned IPv4=172.16.0.2, IPv6=(Not enabled)
MULTI: Learn: 172.16.0.2 -> client/x.x.x.x:8233
MULTI: primary virtual IP for client/x.x.x.x:8233: 172.16.0.2
Data Channel: using negotiated cipher 'AES-256-GCM'
Data Channel MTU parms [ L:1549 D:1450 EF:49 EB:406 ET:0 EL:3 ]
Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
SENT CONTROL [client]: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 10.10.10.1,dhcp-option DNS 8.8.8.8,dhcp-option DNS 208.67.222.222,dhcp-option DNS 208.67.220.220,route-gateway 172.16.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 172.16.0.2 255.255.255.0,peer-id 1,cipher AES-256-GCM' (status=1)
client/x.x.x.x:8233 PUSH: Received control message: 'PUSH_REQUEST'
client/x.x.x.x:8233 IP packet with unknown IP version=15 seen
client/x.x.x.x:8233 IP packet with unknown IP version=15 seen
client/x.x.x.x:8233 IP packet with unknown IP version=15 seen
client/x.x.x.x:8233 IP packet with unknown IP version=15 seen
client/x.x.x.x:8233 IP packet with unknown IP version=15 seen
client/x.x.x.x:8233 IP packet with unknown IP version=15 seen
client/x.x.x.x:8233 IP packet with unknown IP version=15 seen
client/x.x.x.x:8233 IP packet with unknown IP version=15 seen
client/x.x.x.x:8233 IP packet with unknown IP version=15 seen
client/x.x.x.x:8233 IP packet with unknown IP version=15 seen
client/x.x.x.x:8233 IP packet with unknown IP version=15 seen
client/x.x.x.x:8233 IP packet with unknown IP version=15 seen
MULTI: multi_create_instance called
x.x.x.x:8227 Re-using SSL/TLS context
x.x.x.x:8227 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
x.x.x.x:8227 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
x.x.x.x:8227 Control Channel MTU parms [ L:1621 D:1140 EF:110 EB:0 ET:0 EL:3 ]
x.x.x.x:8227 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
x.x.x.x:8227 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1601,tun-mtu 1500,proto UDPv4,keydir 0,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-server'
x.x.x.x:8227 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1601,tun-mtu 1500,proto UDPv4,keydir 1,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-client'
x.x.x.x:8227 TLS: Initial packet from [AF_INET6]::ffff:x.x.x.x:8227, sid=86341a5b f8b09353
x.x.x.x:8227 VERIFY OK: depth=1, CN=microwave
x.x.x.x:8227 VERIFY OK: depth=0, CN=client
x.x.x.x:8227 peer info: IV_VER=3.git::d3f8b18b:Release
x.x.x.x:8227 peer info: IV_PLAT=android
x.x.x.x:8227 peer info: IV_NCP=2
x.x.x.x:8227 peer info: IV_TCPNL=1
x.x.x.x:8227 peer info: IV_PROTO=30
x.x.x.x:8227 peer info: IV_CIPHERS=AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:AES-256-CBC
x.x.x.x:8227 peer info: IV_LZO_STUB=1
x.x.x.x:8227 peer info: IV_COMP_STUB=1
x.x.x.x:8227 peer info: IV_COMP_STUBv2=1
x.x.x.x:8227 peer info: IV_AUTO_SESS=1
x.x.x.x:8227 peer info: IV_GUI_VER=net.openvpn.connect.android_3.2.7-7957
x.x.x.x:8227 peer info: IV_SSO=webauth,openurl
x.x.x.x:8227 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1601', remote='link-mtu 1602'
x.x.x.x:8227 WARNING: 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo'
x.x.x.x:8227 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256
x.x.x.x:8227 [client] Peer Connection Initiated with [AF_INET6]::ffff:x.x.x.x:8227
MULTI: new connection by client 'client' will cause previous active sessions by this client to be dropped.  Remember to use the --duplicate-cn option if you want multiple clients using the same certificate or username to concurrently connect.
MULTI_sva: pool returned IPv4=172.16.0.2, IPv6=(Not enabled)
MULTI: Learn: 172.16.0.2 -> client/x.x.x.x:8227
MULTI: primary virtual IP for client/x.x.x.x:8227: 172.16.0.2
Data Channel: using negotiated cipher 'AES-256-GCM'
Data Channel MTU parms [ L:1549 D:1450 EF:49 EB:406 ET:0 EL:3 ]
Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
SENT CONTROL [client]: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 10.10.10.1,dhcp-option DNS 8.8.8.8,dhcp-option DNS 208.67.222.222,dhcp-option DNS 208.67.220.220,route-gateway 172.16.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 172.16.0.2 255.255.255.0,peer-id 0,cipher AES-256-GCM' (status=1)
client/x.x.x.x:8227 PUSH: Received control message: 'PUSH_REQUEST'
client/x.x.x.x:8227 IP packet with unknown IP version=15 seen
client/x.x.x.x:8227 IP packet with unknown IP version=15 seen
client/x.x.x.x:8227 IP packet with unknown IP version=15 seen
client/x.x.x.x:8227 IP packet with unknown IP version=15 seen
client/x.x.x.x:8227 IP packet with unknown IP version=15 seen
client/x.x.x.x:8227 IP packet with unknown IP version=15 seen
client/x.x.x.x:8227 IP packet with unknown IP version=15 seen
client/x.x.x.x:8227 IP packet with unknown IP version=15 seen
client/x.x.x.x:8227 IP packet with unknown IP version=15 seen
client/x.x.x.x:8227 IP packet with unknown IP version=15 seen
client/x.x.x.x:8227 IP packet with unknown IP version=15 seen
client/x.x.x.x:8227 IP packet with unknown IP version=15 seen
MULTI: multi_create_instance called
x.x.x.x:8247 Re-using SSL/TLS context
x.x.x.x:8247 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
x.x.x.x:8247 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
x.x.x.x:8247 Control Channel MTU parms [ L:1621 D:1140 EF:110 EB:0 ET:0 EL:3 ]
x.x.x.x:8247 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
x.x.x.x:8247 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1601,tun-mtu 1500,proto UDPv4,keydir 0,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-server'
x.x.x.x:8247 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1601,tun-mtu 1500,proto UDPv4,keydir 1,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-client'
x.x.x.x:8247 TLS: Initial packet from [AF_INET6]::ffff:x.x.x.x:8247, sid=3fb9be81 f376247c
x.x.x.x:8247 VERIFY OK: depth=1, CN=microwave
x.x.x.x:8247 VERIFY OK: depth=0, CN=client
x.x.x.x:8247 peer info: IV_VER=3.git::d3f8b18b:Release
x.x.x.x:8247 peer info: IV_PLAT=android
x.x.x.x:8247 peer info: IV_NCP=2
x.x.x.x:8247 peer info: IV_TCPNL=1
x.x.x.x:8247 peer info: IV_PROTO=30
x.x.x.x:8247 peer info: IV_CIPHERS=AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:AES-256-CBC
x.x.x.x:8247 peer info: IV_LZO_STUB=1
x.x.x.x:8247 peer info: IV_COMP_STUB=1
x.x.x.x:8247 peer info: IV_COMP_STUBv2=1
x.x.x.x:8247 peer info: IV_AUTO_SESS=1
x.x.x.x:8247 peer info: IV_GUI_VER=net.openvpn.connect.android_3.2.7-7957
x.x.x.x:8247 peer info: IV_SSO=webauth,openurl
x.x.x.x:8247 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1601', remote='link-mtu 1602'
x.x.x.x:8247 WARNING: 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo'
x.x.x.x:8247 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256
x.x.x.x:8247 [client] Peer Connection Initiated with [AF_INET6]::ffff:x.x.x.x:8247
MULTI: new connection by client 'client' will cause previous active sessions by this client to be dropped.  Remember to use the --duplicate-cn option if you want multiple clients using the same certificate or username to concurrently connect.
MULTI_sva: pool returned IPv4=172.16.0.2, IPv6=(Not enabled)
MULTI: Learn: 172.16.0.2 -> client/x.x.x.x:8247
MULTI: primary virtual IP for client/x.x.x.x:8247: 172.16.0.2
Data Channel: using negotiated cipher 'AES-256-GCM'
Data Channel MTU parms [ L:1549 D:1450 EF:49 EB:406 ET:0 EL:3 ]
Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
SENT CONTROL [client]: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 10.10.10.1,dhcp-option DNS 8.8.8.8,dhcp-option DNS 208.67.222.222,dhcp-option DNS 208.67.220.220,route-gateway 172.16.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 172.16.0.2 255.255.255.0,peer-id 1,cipher AES-256-GCM' (status=1)
client/x.x.x.x:8247 PUSH: Received control message: 'PUSH_REQUEST'
client/x.x.x.x:8247 IP packet with unknown IP version=15 seen
client/x.x.x.x:8247 IP packet with unknown IP version=15 seen
client/x.x.x.x:8247 IP packet with unknown IP version=15 seen
client/x.x.x.x:8247 IP packet with unknown IP version=15 seen
client/x.x.x.x:8247 IP packet with unknown IP version=15 seen
client/x.x.x.x:8247 IP packet with unknown IP version=15 seen
client/x.x.x.x:8247 IP packet with unknown IP version=15 seen
client/x.x.x.x:8247 IP packet with unknown IP version=15 seen
client/x.x.x.x:8247 IP packet with unknown IP version=15 seen
client/x.x.x.x:8247 IP packet with unknown IP version=15 seen
client/x.x.x.x:8247 IP packet with unknown IP version=15 seen
client/x.x.x.x:8247 IP packet with unknown IP version=15 seen
client/x.x.x.x:8247 IP packet with unknown IP version=15 seen
client/x.x.x.x:8247 IP packet with unknown IP version=15 seen
client/x.x.x.x:8247 IP packet with unknown IP version=15 seen
MULTI: multi_create_instance called
x.x.x.x:8243 Re-using SSL/TLS context
x.x.x.x:8243 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
x.x.x.x:8243 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
x.x.x.x:8243 Control Channel MTU parms [ L:1621 D:1140 EF:110 EB:0 ET:0 EL:3 ]
x.x.x.x:8243 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
x.x.x.x:8243 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1601,tun-mtu 1500,proto UDPv4,keydir 0,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-server'
x.x.x.x:8243 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1601,tun-mtu 1500,proto UDPv4,keydir 1,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-client'
x.x.x.x:8243 TLS: Initial packet from [AF_INET6]::ffff:x.x.x.x:8243, sid=268dca1a 805b9dd6
x.x.x.x:8243 VERIFY OK: depth=1, CN=microwave
x.x.x.x:8243 VERIFY OK: depth=0, CN=client
x.x.x.x:8243 peer info: IV_VER=3.git::d3f8b18b:Release
x.x.x.x:8243 peer info: IV_PLAT=android
x.x.x.x:8243 peer info: IV_NCP=2
x.x.x.x:8243 peer info: IV_TCPNL=1
x.x.x.x:8243 peer info: IV_PROTO=30
x.x.x.x:8243 peer info: IV_CIPHERS=AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:AES-256-CBC
x.x.x.x:8243 peer info: IV_LZO_STUB=1
x.x.x.x:8243 peer info: IV_COMP_STUB=1
x.x.x.x:8243 peer info: IV_COMP_STUBv2=1
x.x.x.x:8243 peer info: IV_AUTO_SESS=1
x.x.x.x:8243 peer info: IV_GUI_VER=net.openvpn.connect.android_3.2.7-7957
x.x.x.x:8243 peer info: IV_SSO=webauth,openurl
x.x.x.x:8243 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1601', remote='link-mtu 1602'
x.x.x.x:8243 WARNING: 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo'
x.x.x.x:8243 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256
x.x.x.x:8243 [client] Peer Connection Initiated with [AF_INET6]::ffff:x.x.x.x:8243
MULTI: new connection by client 'client' will cause previous active sessions by this client to be dropped.  Remember to use the --duplicate-cn option if you want multiple clients using the same certificate or username to concurrently connect.
MULTI_sva: pool returned IPv4=172.16.0.2, IPv6=(Not enabled)
MULTI: Learn: 172.16.0.2 -> client/x.x.x.x:8243
MULTI: primary virtual IP for client/x.x.x.x:8243: 172.16.0.2
Data Channel: using negotiated cipher 'AES-256-GCM'
Data Channel MTU parms [ L:1549 D:1450 EF:49 EB:406 ET:0 EL:3 ]
Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
SENT CONTROL [client]: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 10.10.10.1,dhcp-option DNS 8.8.8.8,dhcp-option DNS 208.67.222.222,dhcp-option DNS 208.67.220.220,route-gateway 172.16.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 172.16.0.2 255.255.255.0,peer-id 0,cipher AES-256-GCM' (status=1)
client/x.x.x.x:8243 PUSH: Received control message: 'PUSH_REQUEST'
client/x.x.x.x:8243 IP packet with unknown IP version=15 seen
client/x.x.x.x:8243 IP packet with unknown IP version=15 seen
client/x.x.x.x:8243 IP packet with unknown IP version=15 seen
client/x.x.x.x:8243 IP packet with unknown IP version=15 seen
client/x.x.x.x:8243 IP packet with unknown IP version=15 seen
client/x.x.x.x:8243 IP packet with unknown IP version=15 seen
client/x.x.x.x:8243 IP packet with unknown IP version=15 seen
client/x.x.x.x:8243 IP packet with unknown IP version=15 seen
client/x.x.x.x:8243 IP packet with unknown IP version=15 seen
client/x.x.x.x:8243 IP packet with unknown IP version=15 seen
client/x.x.x.x:8243 IP packet with unknown IP version=15 seen
client/x.x.x.x:8243 IP packet with unknown IP version=15 seen
client/x.x.x.x:8243 IP packet with unknown IP version=15 seen
client/x.x.x.x:8243 IP packet with unknown IP version=15 seen
MULTI: multi_create_instance called
x.x.x.x:8248 Re-using SSL/TLS context
x.x.x.x:8248 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
x.x.x.x:8248 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
x.x.x.x:8248 Control Channel MTU parms [ L:1621 D:1140 EF:110 EB:0 ET:0 EL:3 ]
x.x.x.x:8248 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
x.x.x.x:8248 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1601,tun-mtu 1500,proto UDPv4,keydir 0,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-server'
x.x.x.x:8248 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1601,tun-mtu 1500,proto UDPv4,keydir 1,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-client'
x.x.x.x:8248 TLS: Initial packet from [AF_INET6]::ffff:x.x.x.x:8248, sid=b53382e4 c5955db2
x.x.x.x:8248 VERIFY OK: depth=1, CN=microwave
x.x.x.x:8248 VERIFY OK: depth=0, CN=client
x.x.x.x:8248 peer info: IV_VER=3.git::d3f8b18b:Release
x.x.x.x:8248 peer info: IV_PLAT=android
x.x.x.x:8248 peer info: IV_NCP=2
x.x.x.x:8248 peer info: IV_TCPNL=1
x.x.x.x:8248 peer info: IV_PROTO=30
x.x.x.x:8248 peer info: IV_CIPHERS=AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:AES-256-CBC
x.x.x.x:8248 peer info: IV_LZO_STUB=1
x.x.x.x:8248 peer info: IV_COMP_STUB=1
x.x.x.x:8248 peer info: IV_COMP_STUBv2=1
x.x.x.x:8248 peer info: IV_AUTO_SESS=1
x.x.x.x:8248 peer info: IV_GUI_VER=net.openvpn.connect.android_3.2.7-7957
x.x.x.x:8248 peer info: IV_SSO=webauth,openurl

Can send the other part of this code if need be, but hopefully this is enough. I've made too many edits for this to fit here...

TinCanTech · Post by **TinCanTech** » Fri Jul 29, 2022 5:18 pm

Please post the complete output from

Code: Select all

openvpn --version

on the server.

tamar · Post by **tamar** » Fri Jul 29, 2022 6:47 pm

Here you go.

Code: Select all

openvpn --version | more
OpenVPN 2.5.7 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on May 31 2022
library versions: OpenSSL 3.0.5 5 Jul 2022, LZO 2.10
Originally developed by James Yonan
Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
Compile time defines: enable_async_push=yes enable_comp_stub=no enable_crypto_ofb_cfb=yes enable_debug=yes enable_def_auth=yes enable_dependency_tracking=no 
enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown enable_fast_install=needless enable_fragment=yes enable_iproute2=no enable
_libtool_lock=yes enable_lz4=yes enable_lzo=yes enable_management=yes enable_multihome=yes enable_pam_dlopen=no enable_pedantic=no enable_pf=yes enable_pkcs1
1=yes enable_plugin_auth_pam=yes enable_plugin_down_root=yes enable_plugins=yes enable_port_share=yes enable_selinux=yes enable_shared=yes enable_shared_with
_static_runtimes=no enable_silent_rules=yes enable_small=no enable_static=yes enable_strict=no enable_strict_options=no enable_systemd=yes enable_werror=no e
nable_win32_dll=yes enable_x509_alt_username=yes with_aix_soname=aix with_crypto_library=openssl with_gnu_ld=yes with_mem_check=no with_openssl_engine=auto w
ith_sysroot=no

TinCanTech · Post by **TinCanTech** » Fri Jul 29, 2022 7:04 pm

Try disabling compression completely by removing compression settings from all of your configs.

https://community.openvpn.net/openvpn/wiki/Compression

Enjoy the stink..

tamar · Post by **tamar** » Fri Jul 29, 2022 8:27 pm

How do I have compression running when the verbose --version says otherwise? I commented out with both # and ;

Code: Select all

# Enable compression on the VPN link and push the
# option to the client (v2.4+ only, for earlier
# versions see below)
#compress lz4-v2
#push "compress lz4-v2"

# For compression compatible with older clients use comp-lzo
# If you enable it here, you must also
# enable it in the client config file.
#comp-lzo

Code: Select all

OpenVPN 2.5.7 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on May 31 2022
library versions: OpenSSL 3.0.5 5 Jul 2022, LZO 2.10
Originally developed by James Yonan
Copyright (C) 2002-2022 OpenVPN Inc <sales@openvpn.net>
Compile time defines: enable_async_push=yes enable_comp_stub=no enable_crypto_ofb_cfb=yes enable_debug=yes enable_def_auth=yes enable_dependency_tracking=no 
enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown enable_fast_install=needless enable_fragment=yes enable_iproute2=no enable
_libtool_lock=yes enable_lz4=yes enable_lzo=yes enable_management=yes enable_multihome=yes enable_pam_dlopen=no enable_pedantic=no enable_pf=yes enable_pkcs1
1=yes enable_plugin_auth_pam=yes enable_plugin_down_root=yes enable_plugins=yes enable_port_share=yes enable_selinux=yes enable_shared=yes enable_shared_with
_static_runtimes=no enable_silent_rules=yes enable_small=no enable_static=yes enable_strict=no enable_strict_options=no enable_systemd=yes enable_werror=no e
nable_win32_dll=yes enable_x509_alt_username=yes with_aix_soname=aix with_crypto_library=openssl with_gnu_ld=yes with_mem_check=no with_openssl_engine=auto w
ith_sysroot=no

TinCanTech · Post by **TinCanTech** » Fri Jul 29, 2022 10:55 pm

Please Read the howto.

Use Ubuntu, it is for beginners ..

Redhat my ass.

tamar · Post by **tamar** » Sun Jul 31, 2022 7:49 pm

I'm sorry you are frustrated with Fedora but I am stuck with it for a number of critical operations and merely need assistance because this upgrade is being wonky. I've been using flavors of RedHat since before Ubuntu even existed.

I followed the howto. OpenVPN worked for Fedora 34 and 35, and failed at version 36.

It seems that to date, we haven't figured out what the issue is. It was fine until I upgraded. If it is truly howto related, please tell me what I am not doing properly, because again, OpenVPN worked fine until the upgrade.

Can you kindly tell me what you're seeing in these results that we're missing here?

OpenVPN Support Forum

Upgraded Fedora 35 to Fedora 36, all OpenVPN settings are the same, but no Internet

Upgraded Fedora 35 to Fedora 36, all OpenVPN settings are the same, but no Internet

Re: Upgraded Fedora 35 to Fedora 36, all OpenVPN settings are the same, but no Internet

Re: Upgraded Fedora 35 to Fedora 36, all OpenVPN settings are the same, but no Internet

Re: Upgraded Fedora 35 to Fedora 36, all OpenVPN settings are the same, but no Internet

Re: Upgraded Fedora 35 to Fedora 36, all OpenVPN settings are the same, but no Internet

Re: Upgraded Fedora 35 to Fedora 36, all OpenVPN settings are the same, but no Internet

Re: Upgraded Fedora 35 to Fedora 36, all OpenVPN settings are the same, but no Internet

Re: Upgraded Fedora 35 to Fedora 36, all OpenVPN settings are the same, but no Internet

Re: Upgraded Fedora 35 to Fedora 36, all OpenVPN settings are the same, but no Internet

Re: Upgraded Fedora 35 to Fedora 36, all OpenVPN settings are the same, but no Internet

Re: Upgraded Fedora 35 to Fedora 36, all OpenVPN settings are the same, but no Internet

Re: Upgraded Fedora 35 to Fedora 36, all OpenVPN settings are the same, but no Internet

Re: Upgraded Fedora 35 to Fedora 36, all OpenVPN settings are the same, but no Internet

Re: Upgraded Fedora 35 to Fedora 36, all OpenVPN settings are the same, but no Internet

Re: Upgraded Fedora 35 to Fedora 36, all OpenVPN settings are the same, but no Internet

Re: Upgraded Fedora 35 to Fedora 36, all OpenVPN settings are the same, but no Internet

Re: Upgraded Fedora 35 to Fedora 36, all OpenVPN settings are the same, but no Internet

Re: Upgraded Fedora 35 to Fedora 36, all OpenVPN settings are the same, but no Internet

Re: Upgraded Fedora 35 to Fedora 36, all OpenVPN settings are the same, but no Internet

Re: Upgraded Fedora 35 to Fedora 36, all OpenVPN settings are the same, but no Internet