[Solved]Connection fails before network exchange
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
-
- OpenVpn Newbie
- Posts: 5
- Joined: Wed Aug 10, 2022 5:37 pm
[Solved]Connection fails before network exchange
Hello,
I'm looking for some help on the forum after several days of research.
I'm trying to set up a new VPN server and I'm having connection problems with my clients.
My VPN clients fail to connect with the error "TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)". Until I have a network exchange with my server (HTTP/HTTPS request for example) and the VPN client manages to connect right after.
I tried to disable my firewall and I have the same behavior.
I use UDP4 on the default port.
I don't have this problem with my second VPN server which has an identical configuration: the clients have no trouble connecting to the server.
I can't change my client configuration (which works with my old server without any problem).
Do not hesitate if you need more information.
Notes :
Server: Debian
Client: Router on Openwrt
I'm looking for some help on the forum after several days of research.
I'm trying to set up a new VPN server and I'm having connection problems with my clients.
My VPN clients fail to connect with the error "TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)". Until I have a network exchange with my server (HTTP/HTTPS request for example) and the VPN client manages to connect right after.
I tried to disable my firewall and I have the same behavior.
I use UDP4 on the default port.
I don't have this problem with my second VPN server which has an identical configuration: the clients have no trouble connecting to the server.
I can't change my client configuration (which works with my old server without any problem).
Do not hesitate if you need more information.
Notes :
Server: Debian
Client: Router on Openwrt
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: Connection fails before network exchange
There is no reason to post the same question again.
-
- OpenVpn Newbie
- Posts: 5
- Joined: Wed Aug 10, 2022 5:37 pm
Re: Connection fails before network exchange
Sorry, I've put this one in the bad topic. Please delete it
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: Connection fails before network exchange
This is currently the correct place for your question.
If you believe that the problem is caused by openvpn then please add the details requested here:
viewtopic.php?t=22603#p68963
If you believe that the problem is caused by openvpn then please add the details requested here:
viewtopic.php?t=22603#p68963
-
- OpenVpn Newbie
- Posts: 5
- Joined: Wed Aug 10, 2022 5:37 pm
Re: Connection fails before network exchange
You can find here more information about my conf(s).
Hope it will help.
SERVER
Conf
Network
Logs
CLIENT
Conf
Network
Logs
Hope it will help.
SERVER
Conf
server
##protocol port
port 1194
proto udp
dev tun
##ip server client
server 10.1.0.0 255.255.0.0
topology subnet
management /var/run/openvpn/openvpn.sock unix
##key
ca /etc/openvpn/easyrsa3/pki/[FILE].crt
cert /etc/openvpn/easyrsa3/pki/issued/[FILE].crt
key /etc/openvpn/easyrsa3/pki/private/[FILE].key
dh /etc/openvpn/easyrsa3/pki/dh.pem
#crl-verify /etc/openvpn/easyrsa3/pki/crl.pem
##option
persist-key
persist-tun
keepalive 5 30
reneg-sec 432000
##option authen.
cipher AES-256-CBC
auth SHA1
user XXXX
group XXXX
comp-lzo
client-to-client
username-as-common-name
auth-user-pass-verify /etc/openvpn/scripts/[FILE].sh via-env
##push to client
max-clients 100
##script connect-disconnect
script-security 3 #system
client-connect /etc/openvpn/scripts/[FILE].sh
client-disconnect /etc/openvpn/scripts/[FILE].sh
##log-status
status /var/log/openvpn/status.log
log-append /var/log/openvpn/openvpn.log
verb 4
port 1194
proto udp
dev tun
##ip server client
server 10.1.0.0 255.255.0.0
topology subnet
management /var/run/openvpn/openvpn.sock unix
##key
ca /etc/openvpn/easyrsa3/pki/[FILE].crt
cert /etc/openvpn/easyrsa3/pki/issued/[FILE].crt
key /etc/openvpn/easyrsa3/pki/private/[FILE].key
dh /etc/openvpn/easyrsa3/pki/dh.pem
#crl-verify /etc/openvpn/easyrsa3/pki/crl.pem
##option
persist-key
persist-tun
keepalive 5 30
reneg-sec 432000
##option authen.
cipher AES-256-CBC
auth SHA1
user XXXX
group XXXX
comp-lzo
client-to-client
username-as-common-name
auth-user-pass-verify /etc/openvpn/scripts/[FILE].sh via-env
##push to client
max-clients 100
##script connect-disconnect
script-security 3 #system
client-connect /etc/openvpn/scripts/[FILE].sh
client-disconnect /etc/openvpn/scripts/[FILE].sh
##log-status
status /var/log/openvpn/status.log
log-append /var/log/openvpn/openvpn.log
verb 4
Network
Code: Select all
enp1s0f0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet [IP] netmask 255.255.255.0 broadcast [IP]
inet6 [IP] prefixlen 64 scopeid 0x20<link>
ether txqueuelen 1000 (Ethernet)
RX packets 86035 bytes 5807099 (5.5 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 50823 bytes 58341755 (55.6 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 190 bytes 16106 (15.7 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 190 bytes 16106 (15.7 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500
inet 10.1.0.1 netmask 255.255.0.0 destination 10.1.0.1
inet6 prefixlen 64 scopeid 0x20<link>
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 100 (UNSPEC)
RX packets 390 bytes 34320 (33.5 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 412 bytes 24624 (24.0 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
Code: Select all
Wed Aug 10 21:39:59 2022 us=562488 Current Parameter Settings:
Wed Aug 10 21:39:59 2022 us=562517 config = '/etc/openvpn/server.conf'
Wed Aug 10 21:39:59 2022 us=562525 mode = 1
Wed Aug 10 21:39:59 2022 us=562532 persist_config = DISABLED
Wed Aug 10 21:39:59 2022 us=562539 persist_mode = 1
Wed Aug 10 21:39:59 2022 us=562546 show_ciphers = DISABLED
Wed Aug 10 21:39:59 2022 us=562552 show_digests = DISABLED
Wed Aug 10 21:39:59 2022 us=562558 show_engines = DISABLED
Wed Aug 10 21:39:59 2022 us=562565 genkey = DISABLED
Wed Aug 10 21:39:59 2022 us=562571 key_pass_file = '[UNDEF]'
Wed Aug 10 21:39:59 2022 us=562578 show_tls_ciphers = DISABLED
Wed Aug 10 21:39:59 2022 us=562585 connect_retry_max = 0
Wed Aug 10 21:39:59 2022 us=562591 Connection profiles [0]:
Wed Aug 10 21:39:59 2022 us=562598 proto = udp
Wed Aug 10 21:39:59 2022 us=562605 local = '[UNDEF]'
Wed Aug 10 21:39:59 2022 us=562613 local_port = '1194'
Wed Aug 10 21:39:59 2022 us=562619 remote = '[UNDEF]'
Wed Aug 10 21:39:59 2022 us=562626 remote_port = '1194'
Wed Aug 10 21:39:59 2022 us=562632 remote_float = DISABLED
Wed Aug 10 21:39:59 2022 us=562639 bind_defined = DISABLED
Wed Aug 10 21:39:59 2022 us=562645 bind_local = ENABLED
Wed Aug 10 21:39:59 2022 us=562651 bind_ipv6_only = DISABLED
Wed Aug 10 21:39:59 2022 us=562657 connect_retry_seconds = 5
Wed Aug 10 21:39:59 2022 us=562664 connect_timeout = 120
Wed Aug 10 21:39:59 2022 us=562670 socks_proxy_server = '[UNDEF]'
Wed Aug 10 21:39:59 2022 us=562677 socks_proxy_port = '[UNDEF]'
Wed Aug 10 21:39:59 2022 us=562683 tun_mtu = 1500
Wed Aug 10 21:39:59 2022 us=562690 tun_mtu_defined = ENABLED
Wed Aug 10 21:39:59 2022 us=562696 link_mtu = 1500
Wed Aug 10 21:39:59 2022 us=562702 link_mtu_defined = DISABLED
Wed Aug 10 21:39:59 2022 us=562709 tun_mtu_extra = 0
Wed Aug 10 21:39:59 2022 us=562715 tun_mtu_extra_defined = DISABLED
Wed Aug 10 21:39:59 2022 us=562721 mtu_discover_type = -1
Wed Aug 10 21:39:59 2022 us=562728 fragment = 0
Wed Aug 10 21:39:59 2022 us=562734 mssfix = 1450
Wed Aug 10 21:39:59 2022 us=562741 explicit_exit_notification = 0
Wed Aug 10 21:39:59 2022 us=562747 Connection profiles END
Wed Aug 10 21:39:59 2022 us=562753 remote_random = DISABLED
Wed Aug 10 21:39:59 2022 us=562760 ipchange = '[UNDEF]'
Wed Aug 10 21:39:59 2022 us=562766 dev = 'tun'
Wed Aug 10 21:39:59 2022 us=562772 dev_type = '[UNDEF]'
Wed Aug 10 21:39:59 2022 us=562779 dev_node = '[UNDEF]'
Wed Aug 10 21:39:59 2022 us=562785 lladdr = '[UNDEF]'
Wed Aug 10 21:39:59 2022 us=562791 topology = 3
Wed Aug 10 21:39:59 2022 us=562798 ifconfig_local = '10.1.0.1'
Wed Aug 10 21:39:59 2022 us=562804 ifconfig_remote_netmask = '255.255.0.0'
Wed Aug 10 21:39:59 2022 us=562811 ifconfig_noexec = DISABLED
Wed Aug 10 21:39:59 2022 us=562817 ifconfig_nowarn = DISABLED
Wed Aug 10 21:39:59 2022 us=562824 ifconfig_ipv6_local = '[UNDEF]'
Wed Aug 10 21:39:59 2022 us=562829 ifconfig_ipv6_netbits = 0
Wed Aug 10 21:39:59 2022 us=562833 ifconfig_ipv6_remote = '[UNDEF]'
Wed Aug 10 21:39:59 2022 us=562853 shaper = 0
Wed Aug 10 21:39:59 2022 us=562857 mtu_test = 0
Wed Aug 10 21:39:59 2022 us=562861 mlock = DISABLED
Wed Aug 10 21:39:59 2022 us=562865 keepalive_ping = 5
Wed Aug 10 21:39:59 2022 us=562869 keepalive_timeout = 30
Wed Aug 10 21:39:59 2022 us=562873 inactivity_timeout = 0
Wed Aug 10 21:39:59 2022 us=562877 ping_send_timeout = 5
Wed Aug 10 21:39:59 2022 us=562881 ping_rec_timeout = 60
Wed Aug 10 21:39:59 2022 us=562885 ping_rec_timeout_action = 2
Wed Aug 10 21:39:59 2022 us=562889 ping_timer_remote = DISABLED
Wed Aug 10 21:39:59 2022 us=562893 remap_sigusr1 = 0
Wed Aug 10 21:39:59 2022 us=562896 persist_tun = ENABLED
Wed Aug 10 21:39:59 2022 us=562900 persist_local_ip = DISABLED
Wed Aug 10 21:39:59 2022 us=562904 persist_remote_ip = DISABLED
Wed Aug 10 21:39:59 2022 us=562908 persist_key = ENABLED
Wed Aug 10 21:39:59 2022 us=562912 passtos = DISABLED
Wed Aug 10 21:39:59 2022 us=562916 resolve_retry_seconds = 1000000000
Wed Aug 10 21:39:59 2022 us=562920 resolve_in_advance = DISABLED
Wed Aug 10 21:39:59 2022 us=562924 username = 'XXXX'
Wed Aug 10 21:39:59 2022 us=562927 groupname = 'XXXX'
Wed Aug 10 21:39:59 2022 us=562931 chroot_dir = '[UNDEF]'
Wed Aug 10 21:39:59 2022 us=562935 cd_dir = '/etc/openvpn'
Wed Aug 10 21:39:59 2022 us=562939 writepid = '/run/openvpn/server.pid'
Wed Aug 10 21:39:59 2022 us=562943 up_script = '[UNDEF]'
Wed Aug 10 21:39:59 2022 us=562947 down_script = '[UNDEF]'
Wed Aug 10 21:39:59 2022 us=562951 down_pre = DISABLED
Wed Aug 10 21:39:59 2022 us=562954 up_restart = DISABLED
Wed Aug 10 21:39:59 2022 us=562958 up_delay = DISABLED
Wed Aug 10 21:39:59 2022 us=562962 daemon = ENABLED
Wed Aug 10 21:39:59 2022 us=562966 inetd = 0
Wed Aug 10 21:39:59 2022 us=562970 log = ENABLED
Wed Aug 10 21:39:59 2022 us=562974 suppress_timestamps = DISABLED
Wed Aug 10 21:39:59 2022 us=562978 machine_readable_output = DISABLED
Wed Aug 10 21:39:59 2022 us=562982 nice = 0
Wed Aug 10 21:39:59 2022 us=562986 verbosity = 4
Wed Aug 10 21:39:59 2022 us=562990 mute = 0
Wed Aug 10 21:39:59 2022 us=562993 gremlin = 0
Wed Aug 10 21:39:59 2022 us=562997 status_file = '/var/log/openvpn/status.log'
Wed Aug 10 21:39:59 2022 us=563001 status_file_version = 1
Wed Aug 10 21:39:59 2022 us=563005 status_file_update_freq = 10
Wed Aug 10 21:39:59 2022 us=563009 occ = ENABLED
Wed Aug 10 21:39:59 2022 us=563013 rcvbuf = 0
Wed Aug 10 21:39:59 2022 us=563017 sndbuf = 0
Wed Aug 10 21:39:59 2022 us=563021 mark = 0
Wed Aug 10 21:39:59 2022 us=563025 sockflags = 0
Wed Aug 10 21:39:59 2022 us=563029 fast_io = DISABLED
Wed Aug 10 21:39:59 2022 us=563033 comp.alg = 2
Wed Aug 10 21:39:59 2022 us=563037 comp.flags = 1
Wed Aug 10 21:39:59 2022 us=563040 route_script = '[UNDEF]'
Wed Aug 10 21:39:59 2022 us=563044 route_default_gateway = '10.1.0.2'
Wed Aug 10 21:39:59 2022 us=563048 route_default_metric = 0
Wed Aug 10 21:39:59 2022 us=563052 route_noexec = DISABLED
Wed Aug 10 21:39:59 2022 us=563056 route_delay = 0
Wed Aug 10 21:39:59 2022 us=563060 route_delay_window = 30
Wed Aug 10 21:39:59 2022 us=563064 route_delay_defined = DISABLED
Wed Aug 10 21:39:59 2022 us=563068 route_nopull = DISABLED
Wed Aug 10 21:39:59 2022 us=563072 route_gateway_via_dhcp = DISABLED
Wed Aug 10 21:39:59 2022 us=563076 allow_pull_fqdn = DISABLED
Wed Aug 10 21:39:59 2022 us=563080 management_addr = '/var/run/openvpn/openvpn.sock'
Wed Aug 10 21:39:59 2022 us=563084 management_port = 'unix'
Wed Aug 10 21:39:59 2022 us=563088 management_user_pass = '[UNDEF]'
Wed Aug 10 21:39:59 2022 us=563092 management_log_history_cache = 250
Wed Aug 10 21:39:59 2022 us=563096 management_echo_buffer_size = 100
Wed Aug 10 21:39:59 2022 us=563100 management_write_peer_info_file = '[UNDEF]'
Wed Aug 10 21:39:59 2022 us=563104 management_client_user = '[UNDEF]'
Wed Aug 10 21:39:59 2022 us=563108 management_client_group = '[UNDEF]'
Wed Aug 10 21:39:59 2022 us=563113 management_flags = 256
Wed Aug 10 21:39:59 2022 s=563118 shared_secret_file = '[UNDEF]'
Wed Aug 10 21:39:59 2022 us=563128 key_direction = not set
Wed Aug 10 21:39:59 2022 us=563132 ciphername = 'AES-256-CBC'
Wed Aug 10 21:39:59 2022 us=563136 ncp_enabled = ENABLED
Wed Aug 10 21:39:59 2022 us=563140 ncp_ciphers = 'AES-256-GCM:AES-128-GCM'
Wed Aug 10 21:39:59 2022 us=563144 authname = 'SHA1'
Wed Aug 10 21:39:59 2022 us=563148 prng_hash = 'SHA1'
Wed Aug 10 21:39:59 2022 us=563152 prng_nonce_secret_len = 16
Wed Aug 10 21:39:59 2022 us=563156 keysize = 0
Wed Aug 10 21:39:59 2022 us=563160 engine = DISABLED
Wed Aug 10 21:39:59 2022 us=563164 replay = ENABLED
Wed Aug 10 21:39:59 2022 us=563168 mute_replay_warnings = DISABLED
Wed Aug 10 21:39:59 2022 us=563172 replay_window = 64
Wed Aug 10 21:39:59 2022 us=563176 replay_time = 15
Wed Aug 10 21:39:59 2022 us=563180 packet_id_file = '[UNDEF]'
Wed Aug 10 21:39:59 2022 us=563183 use_iv = ENABLED
Wed Aug 10 21:39:59 2022 us=563187 test_crypto = DISABLED
Wed Aug 10 21:39:59 2022 us=563191 tls_server = ENABLED
Wed Aug 10 21:39:59 2022 us=563195 tls_client = DISABLED
Wed Aug 10 21:39:59 2022 us=563199 key_method = 2
Wed Aug 10 21:39:59 2022 us=563204 ca_file = '/etc/openvpn/easyrsa3/pki/ca.crt'
Wed Aug 10 21:39:59 2022 us=563208 ca_path = '[UNDEF]'
Wed Aug 10 21:39:59 2022 us=563212 dh_file = '/etc/openvpn/easyrsa3/pki/dh.pem'
Wed Aug 10 21:39:59 2022 us=563216 cert_file = '/etc/openvpn/easyrsa3/pki/issued/[FILE].crt'
Wed Aug 10 21:39:59 2022 us=563220 extra_certs_file = '[UNDEF]'
Wed Aug 10 21:39:59 2022 us=563224 priv_key_file = '/etc/openvpn/easyrsa3/pki/private/[FILE].key'
Wed Aug 10 21:39:59 2022 us=563228 pkcs12_file = '[UNDEF]'
Wed Aug 10 21:39:59 2022 us=563232 cipher_list = '[UNDEF]'
Wed Aug 10 21:39:59 2022 us=563236 cipher_list_tls13 = '[UNDEF]'
Wed Aug 10 21:39:59 2022 us=563240 tls_cert_profile = '[UNDEF]'
Wed Aug 10 21:39:59 2022 us=563243 tls_verify = '[UNDEF]'
Wed Aug 10 21:39:59 2022 us=563247 tls_export_cert = '[UNDEF]'
Wed Aug 10 21:39:59 2022 us=563251 verify_x509_type = 0
Wed Aug 10 21:39:59 2022 us=563255 verify_x509_name = '[UNDEF]'
Wed Aug 10 21:39:59 2022 us=563259 crl_file = '[UNDEF]'
Wed Aug 10 21:39:59 2022 us=563263 ns_cert_type = 0
Wed Aug 10 21:39:59 2022 us=563267 remote_cert_ku[i] = 0
Wed Aug 10 21:39:59 2022 us=563271 remote_cert_ku[i] = 0
Wed Aug 10 21:39:59 2022 us=563275 remote_cert_ku[i] = 0
Wed Aug 10 21:39:59 2022 us=563279 remote_cert_ku[i] = 0
Wed Aug 10 21:39:59 2022 us=563282 remote_cert_ku[i] = 0
Wed Aug 10 21:39:59 2022 us=563286 remote_cert_ku[i] = 0
Wed Aug 10 21:39:59 2022 us=563290 remote_cert_ku[i] = 0
Wed Aug 10 21:39:59 2022 us=563294 remote_cert_ku[i] = 0
Wed Aug 10 21:39:59 2022 us=563298 remote_cert_ku[i] = 0
Wed Aug 10 21:39:59 2022 us=563302 remote_cert_ku[i] = 0
Wed Aug 10 21:39:59 2022 us=563305 remote_cert_ku[i] = 0
Wed Aug 10 21:39:59 2022 us=563309 remote_cert_ku[i] = 0
Wed Aug 10 21:39:59 2022 us=563313 remote_cert_ku[i] = 0
Wed Aug 10 21:39:59 2022 us=563317 remote_cert_ku[i] = 0
Wed Aug 10 21:39:59 2022 us=563321 remote_cert_ku[i] = 0
Wed Aug 10 21:39:59 2022 us=563325 remote_cert_ku[i] = 0
Wed Aug 10 21:39:59 2022 us=563329 remote_cert_eku = '[UNDEF]'
Wed Aug 10 21:39:59 2022 us=563333 ssl_flags = 4
Wed Aug 10 21:39:59 2022 us=563337 tls_timeout = 2
Wed Aug 10 21:39:59 2022 us=563341 renegotiate_bytes = -1
Wed Aug 10 21:39:59 2022 us=563345 renegotiate_packets = 0
Wed Aug 10 21:39:59 2022 us=563348 renegotiate_seconds = 432000
Wed Aug 10 21:39:59 2022 us=563352 handshake_window = 60
Wed Aug 10 21:39:59 2022 us=563357 transition_window = 3600
Wed Aug 10 21:39:59 2022 us=563360 single_session = DISABLED
Wed Aug 10 21:39:59 2022 us=563364 push_peer_info = DISABLED
Wed Aug 10 21:39:59 2022 us=563368 tls_exit = DISABLED
Wed Aug 10 21:39:59 2022 us=563372 tls_auth_file = '[UNDEF]'
Wed Aug 10 21:39:59 2022 us=563376 tls_crypt_file = '[UNDEF]'
Wed Aug 10 21:39:59 2022 us=563380 pkcs11_protected_authentication = DISABLED
Wed Aug 10 21:39:59 2022 us=563384 pkcs11_protected_authentication = DISABLED
Wed Aug 10 21:39:59 2022 us=563391 pkcs11_protected_authentication = DISABLED
Wed Aug 10 21:39:59 2022 us=563395 pkcs11_protected_authentication = DISABLED
Wed Aug 10 21:39:59 2022 us=563399 pkcs11_protected_authentication = DISABLED
Wed Aug 10 21:39:59 2022 us=563402 pkcs11_protected_authentication = DISABLED
Wed Aug 10 21:39:59 2022 us=563406 pkcs11_protected_authentication = DISABLED
Wed Aug 10 21:39:59 2022 us=563410 pkcs11_protected_authentication = DISABLED
Wed Aug 10 21:39:59 2022 us=563414 pkcs11_protected_authentication = DISABLED
Wed Aug 10 21:39:59 2022 us=563418 pkcs11_protected_authentication = DISABLED
Wed Aug 10 21:39:59 2022 us=563422 pkcs11_protected_authentication = DISABLED
Wed Aug 10 21:39:59 2022 us=563426 pkcs11_protected_authentication = DISABLED
Wed Aug 10 21:39:59 2022 us=563429 pkcs11_protected_authentication = DISABLED
Wed Aug 10 21:39:59 2022 us=563433 pkcs11_protected_authentication = DISABLED
Wed Aug 10 21:39:59 2022 us=563437 pkcs11_protected_authentication = DISABLED
Wed Aug 10 21:39:59 2022 us=563441 pkcs11_protected_authentication = DISABLED
Wed Aug 10 21:39:59 2022 us=563445 pkcs11_private_mode = 00000000
Wed Aug 10 21:39:59 2022 us=563449 pkcs11_private_mode = 00000000
Wed Aug 10 21:39:59 2022 us=563453 pkcs11_private_mode = 00000000
Wed Aug 10 21:39:59 2022 us=563457 pkcs11_private_mode = 00000000
Wed Aug 10 21:39:59 2022 us=563461 pkcs11_private_mode = 00000000
Wed Aug 10 21:39:59 2022 us=563465 pkcs11_private_mode = 00000000
Wed Aug 10 21:39:59 2022 us=563468 pkcs11_private_mode = 00000000
Wed Aug 10 21:39:59 2022 us=563472 pkcs11_private_mode = 00000000
Wed Aug 10 21:39:59 2022 us=563476 pkcs11_private_mode = 00000000
Wed Aug 10 21:39:59 2022 us=563480 pkcs11_private_mode = 00000000
Wed Aug 10 21:39:59 2022 us=563484 pkcs11_private_mode = 00000000
Wed Aug 10 21:39:59 2022 us=563488 pkcs11_private_mode = 00000000
Wed Aug 10 21:39:59 2022 us=563492 pkcs11_private_mode = 00000000
Wed Aug 10 21:39:59 2022 us=563496 pkcs11_private_mode = 00000000
Wed Aug 10 21:39:59 2022 us=563499 pkcs11_private_mode = 00000000
Wed Aug 10 21:39:59 2022 us=563503 pkcs11_private_mode = 00000000
Wed Aug 10 21:39:59 2022 us=563507 pkcs11_cert_private = DISABLED
Wed Aug 10 21:39:59 2022 us=563511 pkcs11_cert_private = DISABLED
Wed Aug 10 21:39:59 2022 us=563515 pkcs11_cert_private = DISABLED
Wed Aug 10 21:39:59 2022 us=563519 pkcs11_cert_private = DISABLED
Wed Aug 10 21:39:59 2022 us=563522 pkcs11_cert_private = DISABLED
Wed Aug 10 21:39:59 2022 us=563526 pkcs11_cert_private = DISABLED
Wed Aug 10 21:39:59 2022 us=563530 pkcs11_cert_private = DISABLED
Wed Aug 10 21:39:59 2022 us=563534 pkcs11_cert_private = DISABLED
Wed Aug 10 21:39:59 2022 us=563538 pkcs11_cert_private = DISABLED
Wed Aug 10 21:39:59 2022 us=563542 pkcs11_cert_private = DISABLED
Wed Aug 10 21:39:59 2022 us=563545 pkcs11_cert_private = DISABLED
Wed Aug 10 21:39:59 2022 us=563549 pkcs11_cert_private = DISABLED
Wed Aug 10 21:39:59 2022 us=563553 pkcs11_cert_private = DISABLED
Wed Aug 10 21:39:59 2022 us=563557 pkcs11_cert_private = DISABLED
Wed Aug 10 21:39:59 2022 us=563561 pkcs11_cert_private = DISABLED
Wed Aug 10 21:39:59 2022 us=563564 pkcs11_cert_private = DISABLED
Wed Aug 10 21:39:59 2022 us=563568 pkcs11_pin_cache_period = -1
Wed Aug 10 21:39:59 2022 us=563572 pkcs11_id = '[UNDEF]'
Wed Aug 10 21:39:59 2022 us=563576 pkcs11_id_management = DISABLED
Wed Aug 10 21:39:59 2022 us=563581 server_network = 10.1.0.0
Wed Aug 10 21:39:59 2022 us=563585 server_netmask = 255.255.0.0
Wed Aug 10 21:39:59 2022 us=563590 server_network_ipv6 = ::
Wed Aug 10 21:39:59 2022 us=563594 server_netbits_ipv6 = 0
Wed Aug 10 21:39:59 2022 us=563598 server_bridge_ip = 0.0.0.0
Wed Aug 10 21:39:59 2022 us=563603 server_bridge_netmask = 0.0.0.0
Wed Aug 10 21:39:59 2022 us=563607 server_bridge_pool_start = 0.0.0.0
Wed Aug 10 21:39:59 2022 us=563612 server_bridge_pool_end = 0.0.0.0
Wed Aug 10 21:39:59 2022 us=563616 push_entry = 'route-gateway 10.1.0.1'
Wed Aug 10 21:39:59 2022 us=563622 push_entry = 'topology subnet'
Wed Aug 10 21:39:59 2022 us=563626 push_entry = 'ping 5'
Wed Aug 10 21:39:59 2022 us=563630 push_entry = 'ping-restart 30'
Wed Aug 10 21:39:59 2022 us=563634 ifconfig_pool_defined = ENABLED
Wed Aug 10 21:39:59 2022 us=563638 ifconfig_pool_start = 10.1.0.2
Wed Aug 10 21:39:59 2022 us=563643 ifconfig_pool_end = 10.1.255.253
Wed Aug 10 21:39:59 2022 us=563647 ifconfig_pool_netmask = 255.255.0.0
Wed Aug 10 21:39:59 2022 us=563651 ifconfig_pool_persist_filename = '[UNDEF]'
Wed Aug 10 21:39:59 2022 us=563655 ifconfig_pool_persist_refresh_freq = 600
Wed Aug 10 21:39:59 2022 us=563659 ifconfig_ipv6_pool_defined = DISABLED
Wed Aug 10 21:39:59 2022 us=563664 ifconfig_ipv6_pool_base = ::
Wed Aug 10 21:39:59 2022 us=563668 ifconfig_ipv6_pool_netbits = 0
Wed Aug 10 21:39:59 2022 us=563672 n_bcast_buf = 256
Wed Aug 10 21:39:59 2022 us=563676 tcp_queue_limit = 64
Wed Aug 10 21:39:59 2022 us=563680 real_hash_size = 256
Wed Aug 10 21:39:59 2022 us=563684 virtual_hash_size = 256
Wed Aug 10 21:39:59 2022 us=563688 client_connect_script = '/etc/openvpn/scripts/[FILE].sh'
Wed Aug 10 21:39:59 2022 us=563692 learn_address_script = '[UNDEF]'
Wed Aug 10 21:39:59 2022 us=563696 client_disconnect_script = '/etc/openvpn/scripts/[FILE].sh'
Wed Aug 10 21:39:59 2022 us=563700 client_config_dir = '[UNDEF]'
Wed Aug 10 21:39:59 2022 us=563704 ccd_exclusive = DISABLED
Wed Aug 10 21:39:59 2022 us=563708 tmp_dir = '/tmp'
Wed Aug 10 21:39:59 2022 us=563712 push_ifconfig_defined = DISABLED
Wed Aug 10 21:39:59 2022 us=563716 push_ifconfig_local = 0.0.0.0
Wed Aug 10 21:39:59 2022 us=563721 push_ifconfig_remote_netmask = 0.0.0.0
Wed Aug 10 21:39:59 2022 us=563724 push_ifconfig_ipv6_defined = DISABLED
Wed Aug 10 21:39:59 2022 us=563729 push_ifconfig_ipv6_local = ::/0
Wed Aug 10 21:39:59 2022 us=563733 push_ifconfig_ipv6_remote = ::
Wed Aug 10 21:39:59 2022 us=563737 enable_c2c = ENABLED
Wed Aug 10 21:39:59 2022 us=563741 duplicate_cn = DISABLED
Wed Aug 10 21:39:59 2022 us=563745 cf_max = 0
Wed Aug 10 21:39:59 2022 us=563749 cf_per = 0
Wed Aug 10 21:39:59 2022 us=563753 max_clients = 100
Wed Aug 10 21:39:59 2022 us=563757 max_routes_per_client = 256
Wed Aug 10 21:39:59 2022 us=563761 auth_user_pass_verify_script = '/etc/openvpn/scripts/[FILE].sh'
Wed Aug 10 21:39:59 2022 us=563765 auth_user_pass_verify_script_via_file = DISABLED
Wed Aug 10 21:39:59 2022 us=563769 auth_token_generate = DISABLED
Wed Aug 10 21:39:59 2022 us=563773 auth_token_lifetime = 0
Wed Aug 10 21:39:59 2022 us=563777 port_share_host = '[UNDEF]'
Wed Aug 10 21:39:59 2022 us=563781 port_share_port = '[UNDEF]'
Wed Aug 10 21:39:59 2022 us=563785 client = DISABLED
Wed Aug 10 21:39:59 2022 us=563789 pull = DISABLED
Wed Aug 10 21:39:59 2022 us=563793 auth_user_pass_file = '[UNDEF]'
Wed Aug 10 21:39:59 2022 us=563797 OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 28 2021
Wed Aug 10 21:39:59 2022 us=563803 library versions: OpenSSL 1.1.1n 15 Mar 2022, LZO 2.10
Wed Aug 10 21:39:59 2022 us=563893 MANAGEMENT: unix domain socket listening on /var/run/openvpn/openvpn.sock
Wed Aug 10 21:39:59 2022 us=564000 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Wed Aug 10 21:39:59 2022 us=564222 Diffie-Hellman initialized with 2048 bit key
Wed Aug 10 21:39:59 2022 us=564465 TLS-Auth MTU parms [ L:1622 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Wed Aug 10 21:39:59 2022 us=564699 TUN/TAP device tun0 opened
Wed Aug 10 21:39:59 2022 us=564725 TUN/TAP TX queue length set to 100
Wed Aug 10 21:39:59 2022 us=564733 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Wed Aug 10 21:39:59 2022 us=564742 /sbin/ip link set dev tun0 up mtu 1500
Wed Aug 10 21:39:59 2022 us=565841 /sbin/ip addr add dev tun0 10.1.0.1/16 broadcast 10.1.255.255
Wed Aug 10 21:39:59 2022 us=566858 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 ]
Wed Aug 10 21:39:59 2022 us=567657 Could not determine IPv4/IPv6 protocol. Using AF_INET
Wed Aug 10 21:39:59 2022 us=567684 Socket Buffers: R=[212992->212992] S=[212992->212992]
Wed Aug 10 21:39:59 2022 us=567699 UDPv4 link local (bound): [AF_INET][undef]:1194
Wed Aug 10 21:39:59 2022 us=567705 UDPv4 link remote: [AF_UNSPEC]
Wed Aug 10 21:39:59 2022 us=567716 GID set to XXXX
Wed Aug 10 21:39:59 2022 us=567742 UID set to XXXX
Wed Aug 10 21:39:59 2022 us=567753 MULTI: multi_init called, r=256 v=256
Wed Aug 10 21:39:59 2022 us=568442 IFCONFIG POOL: base=10.1.0.2 size=65532, ipv6=0
Wed Aug 10 21:39:59 2022 us=568497 Initialization Sequence Completed
====> curl from client here <====
Wed Aug 10 21:44:19 2022 us=52796 MULTI: multi_create_instance called
Wed Aug 10 21:44:19 2022 us=52841 [IP]:19506 Re-using SSL/TLS context
Wed Aug 10 21:44:19 2022 us=52853 [IP]:19506 LZO compression initializing
Wed Aug 10 21:44:19 2022 us=52945 [IP]:19506 Control Channel MTU parms [ L:1622 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Wed Aug 10 21:44:19 2022 us=52954 [IP]:19506 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 ]
Wed Aug 10 21:44:19 2022 us=52988 [IP]:19506 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-server'
Wed Aug 10 21:44:19 2022 us=52996 [IP]:19506 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-client'
Wed Aug 10 21:44:19 2022 us=53018 [IP]:19506 TLS: Initial packet from [AF_INET][IP]:19506, sid=cb834b7d f5dee07e
Wed Aug 10 21:44:19 2022 us=416168 [IP]:19506 VERIFY OK: depth=1, CN=[IP]
Wed Aug 10 21:44:19 2022 us=416276 [IP]:19506 VERIFY OK: depth=0, CN=[CERT]
Wed Aug 10 21:44:19 2022 us=461326 [IP]:19506 peer info: IV_VER=2.4.7
Wed Aug 10 21:44:19 2022 us=461342 [IP]:19506 peer info: IV_PLAT=linux
Wed Aug 10 21:44:19 2022 us=461348 [IP]:19506 peer info: IV_PROTO=2
Wed Aug 10 21:44:19 2022 us=461355 [IP]:19506 peer info: IV_NCP=2
Wed Aug 10 21:44:19 2022 us=461361 [IP]:19506 peer info: IV_LZ4=1
Wed Aug 10 21:44:19 2022 us=461367 [IP]:19506 peer info: IV_LZ4v2=1
Wed Aug 10 21:44:19 2022 us=461373 [IP]:19506 peer info: IV_LZO=1
Wed Aug 10 21:44:19 2022 us=461379 [IP]:19506 peer info: IV_COMP_STUB=1
Wed Aug 10 21:44:19 2022 us=461386 [IP]:19506 peer info: IV_COMP_STUBv2=1
Wed Aug 10 21:44:19 2022 us=461392 [IP]:19506 peer info: IV_TCPNL=1
Wed Aug 10 21:44:19 2022 us=468617 [IP]:19506 TLS: Username/Password authentication succeeded for username '[CERT]' [CN SET]
Wed Aug 10 21:44:19 2022 us=512800 [IP]:19506 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Wed Aug 10 21:44:19 2022 us=512821 [IP]:19506 [[CERT]] Peer Connection Initiated with [AF_INET][IP]:19506
Wed Aug 10 21:44:19 2022 us=513009 [CERT]/[IP]:19506 MULTI_sva: pool returned IPv4=10.1.0.2, IPv6=(Not enabled)
Wed Aug 10 21:44:19 2022 us=598378 [CERT]/[IP]:19506 OPTIONS IMPORT: reading client specific options from: /tmp/openvpn_cc_53a6290e3fff084e7b30ec7d599e7ec5.tmp
Wed Aug 10 21:44:19 2022 us=598456 [CERT]/[IP]:19506 MULTI: Learn: 10.1.0.2 -> [CERT]/[IP]:19506
Wed Aug 10 21:44:19 2022 us=598468 [CERT]/[IP]:19506 MULTI: primary virtual IP for [CERT]/[IP]:19506: 10.1.0.2
Wed Aug 10 21:44:20 2022 us=573334 [CERT]/[IP]:19506 PUSH: Received control message: 'PUSH_REQUEST'
Wed Aug 10 21:44:20 2022 us=573375 [CERT]/[IP]:19506 SENT CONTROL [[CERT]]: 'PUSH_REPLY,route-gateway 10.1.0.1,topology subnet,ping 5,ping-restart 30,ifconfig 10.1.0.2 255.255.0.0,peer-id 0,cipher AES-256-GCM' (status=1)
Wed Aug 10 21:44:20 2022 us=573384 [CERT]/[IP]:19506 Data Channel: using negotiated cipher 'AES-256-GCM'
Wed Aug 10 21:44:20 2022 us=573415 [CERT]/[IP]:19506 Data Channel MTU parms [ L:1550 D:1450 EF:50 EB:406 ET:0 EL:3 ]
Wed Aug 10 21:44:20 2022 us=573492 [CERT]/[IP]:19506 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Wed Aug 10 21:44:20 2022 us=573500 [CERT]/[IP]:19506 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
CLIENT
Conf
client
config openvpn 'CLIENT'
option float '1'
option client '1'
option status '/tmp/openvpn-status.log'
option reneg_sec '0'
option persist_key '1'
option nobind '1'
option remote_cert_tls 'server'
option persist_tun '1'
option auth 'SHA1'
option cipher 'AES-256-CBC'
option dev 'tun'
option ca '[FILE].ca'
option enabled '1'
option cert '[FILE].cert'
option key '[FILE].key'
option auth_user_pass '[FILE].auth_user_pass'
option route_noexec '1'
option route_nopull '1'
option up_delay '60'
option connect_retry '10 20'
option pull '0'
option comp_lzo 'yes'
list remote '[IP] 1194 udp4'
option verb '4'
option float '1'
option client '1'
option status '/tmp/openvpn-status.log'
option reneg_sec '0'
option persist_key '1'
option nobind '1'
option remote_cert_tls 'server'
option persist_tun '1'
option auth 'SHA1'
option cipher 'AES-256-CBC'
option dev 'tun'
option ca '[FILE].ca'
option enabled '1'
option cert '[FILE].cert'
option key '[FILE].key'
option auth_user_pass '[FILE].auth_user_pass'
option route_noexec '1'
option route_nopull '1'
option up_delay '60'
option connect_retry '10 20'
option pull '0'
option comp_lzo 'yes'
list remote '[IP] 1194 udp4'
option verb '4'
Network
Code: Select all
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:438 errors:0 dropped:0 overruns:0 frame:0
TX packets:438 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:31873 (31.1 KiB) TX bytes:31873 (31.1 KiB)
tun Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.1.0.2 P-t-P:10.1.0.2 Mask:255.255.0.0
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:58 errors:0 dropped:0 overruns:0 frame:0
TX packets:50 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:3468 (3.3 KiB) TX bytes:4400 (4.2 KiB)
usb0 Link encap:Ethernet HWaddr
inet addr:[IP] Mask:255.255.255.248
inet6 addr: [IP] Scope:Link
UP RUNNING NOARP MTU:1420 Metric:1
RX packets:174 errors:0 dropped:0 overruns:0 frame:0
TX packets:211 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:23128 (22.5 KiB) TX bytes:24149 (23.5 KiB)
wlan0 Link encap:Ethernet HWaddr
inet addr:192.168.1.254 Bcast:192.168.3.255 Mask:255.255.252.0
inet6 addr: [IP] Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:190 errors:0 dropped:0 overruns:0 frame:0
TX packets:204 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:15991 (15.6 KiB) TX bytes:56242 (54.9 KiB)
Code: Select all
Wed Aug 10 19:42:38 2022 daemon.notice openvpn(CLIENT)[11990]: OpenVPN 2.4.7 mipsel-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Wed Aug 10 19:42:38 2022 daemon.notice openvpn(CLIENT)[11990]: library versions: OpenSSL 1.0.2g 1 Mar 2016, LZO 2.08
Wed Aug 10 19:42:38 2022 daemon.notice openvpn(CLIENT)[11990]: LZO compression initializing
Wed Aug 10 19:42:38 2022 daemon.notice openvpn(CLIENT)[11990]: Control Channel MTU parms [ L:1622 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Wed Aug 10 19:42:38 2022 daemon.notice openvpn(CLIENT)[11990]: Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 ]
Wed Aug 10 19:42:38 2022 daemon.notice openvpn(CLIENT)[11990]: Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-client'
Wed Aug 10 19:42:38 2022 daemon.notice openvpn(CLIENT)[11990]: Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-server'
Wed Aug 10 19:42:38 2022 daemon.notice openvpn(CLIENT)[11990]: TCP/UDP: Preserving recently used remote address: [AF_INET][IP]:1194
Wed Aug 10 19:42:38 2022 daemon.notice openvpn(CLIENT)[11990]: Socket Buffers: R=[163840->163840] S=[163840->163840]
Wed Aug 10 19:42:38 2022 daemon.notice openvpn(CLIENT)[11990]: UDPv4 link local: (not bound)
Wed Aug 10 19:42:38 2022 daemon.notice openvpn(CLIENT)[11990]: UDPv4 link remote: [AF_INET][IP]:1194
Wed Aug 10 19:43:38 2022 daemon.err openvpn(CLIENT)[11990]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Aug 10 19:43:38 2022 daemon.err openvpn(CLIENT)[11990]: TLS Error: TLS handshake failed
Wed Aug 10 19:43:38 2022 daemon.notice openvpn(CLIENT)[11990]: TCP/UDP: Closing socket
Wed Aug 10 19:43:38 2022 daemon.notice openvpn(CLIENT)[11990]: SIGUSR1[soft,tls-error] received, process restarting
Wed Aug 10 19:43:38 2022 daemon.notice openvpn(CLIENT)[11990]: Restart pause, 10 second(s)
Wed Aug 10 19:43:48 2022 daemon.notice openvpn(CLIENT)[11990]: Re-using SSL/TLS context
Wed Aug 10 19:43:48 2022 daemon.notice openvpn(CLIENT)[11990]: LZO compression initializing
Wed Aug 10 19:43:48 2022 daemon.notice openvpn(CLIENT)[11990]: Control Channel MTU parms [ L:1622 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Wed Aug 10 19:43:48 2022 daemon.notice openvpn(CLIENT)[11990]: Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 ]
Wed Aug 10 19:43:48 2022 daemon.notice openvpn(CLIENT)[11990]: Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-client'
Wed Aug 10 19:43:48 2022 daemon.notice openvpn(CLIENT)[11990]: Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-server'
Wed Aug 10 19:43:48 2022 daemon.notice openvpn(CLIENT)[11990]: TCP/UDP: Preserving recently used remote address: [AF_INET][IP]:1194
Wed Aug 10 19:43:48 2022 daemon.notice openvpn(CLIENT)[11990]: Socket Buffers: R=[163840->163840] S=[163840->163840]
Wed Aug 10 19:43:48 2022 daemon.notice openvpn(CLIENT)[11990]: UDPv4 link local: (not bound)
Wed Aug 10 19:43:48 2022 daemon.notice openvpn(CLIENT)[11990]: UDPv4 link remote: [AF_INET][IP]:1194
====> curl myserver here <====
Wed Aug 10 19:44:19 2022 daemon.notice openvpn(CLIENT)[11990]: TLS: Initial packet from [AF_INET][IP]:1194, sid=da1436fe 2c6562a5
Wed Aug 10 19:44:19 2022 daemon.warn openvpn(CLIENT)[11990]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Wed Aug 10 19:44:19 2022 daemon.notice openvpn(CLIENT)[11990]: VERIFY OK: depth=1, CN=[IP]
Wed Aug 10 19:44:19 2022 daemon.notice openvpn(CLIENT)[11990]: VERIFY KU OK
Wed Aug 10 19:44:19 2022 daemon.notice openvpn(CLIENT)[11990]: Validating certificate extended key usage
Wed Aug 10 19:44:19 2022 daemon.notice openvpn(CLIENT)[11990]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Wed Aug 10 19:44:19 2022 daemon.notice openvpn(CLIENT)[11990]: VERIFY EKU OK
Wed Aug 10 19:44:19 2022 daemon.notice openvpn(CLIENT)[11990]: VERIFY OK: depth=0, CN=[IP]
Wed Aug 10 19:44:19 2022 daemon.notice openvpn(CLIENT)[11990]: Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Wed Aug 10 19:44:19 2022 daemon.notice openvpn(CLIENT)[11990]: [IP] Peer Connection Initiated with [AF_INET][IP]:1194
Wed Aug 10 19:44:20 2022 daemon.notice openvpn(CLIENT)[11990]: SENT CONTROL [IP]: 'PUSH_REQUEST' (status=1)
Wed Aug 10 19:44:20 2022 daemon.notice openvpn(CLIENT)[11990]: PUSH: Received control message: 'PUSH_REPLY,route-gateway 10.1.0.1,topology subnet,ping 5,ping-restart 30,ifconfig 10.1.0.2 255.255.0.0,peer-id 0,cipher AES-256-GCM'
Wed Aug 10 19:44:20 2022 daemon.notice openvpn(CLIENT)[11990]: OPTIONS IMPORT: timers and/or timeouts modified
Wed Aug 10 19:44:20 2022 daemon.notice openvpn(CLIENT)[11990]: OPTIONS IMPORT: --ifconfig/up options modified
Wed Aug 10 19:44:20 2022 daemon.notice openvpn(CLIENT)[11990]: OPTIONS IMPORT: route-related options modified
Wed Aug 10 19:44:20 2022 daemon.notice openvpn(CLIENT)[11990]: OPTIONS IMPORT: peer-id set
Wed Aug 10 19:44:20 2022 daemon.notice openvpn(CLIENT)[11990]: OPTIONS IMPORT: adjusting link_mtu to 1625
Wed Aug 10 19:44:20 2022 daemon.notice openvpn(CLIENT)[11990]: OPTIONS IMPORT: data channel crypto options modified
Wed Aug 10 19:44:20 2022 daemon.notice openvpn(CLIENT)[11990]: Data Channel: using negotiated cipher 'AES-256-GCM'
Wed Aug 10 19:44:20 2022 daemon.notice openvpn(CLIENT)[11990]: Data Channel MTU parms [ L:1553 D:1450 EF:53 EB:406 ET:0 EL:3 ]
Wed Aug 10 19:44:20 2022 daemon.notice openvpn(CLIENT)[11990]: Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Wed Aug 10 19:44:20 2022 daemon.notice openvpn(CLIENT)[11990]: Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Wed Aug 10 19:44:20 2022 daemon.notice netifd: Interface 'ovpn' is enabled
Wed Aug 10 19:44:20 2022 daemon.notice netifd: Network device 'tun' link is up
Wed Aug 10 19:44:20 2022 daemon.notice netifd: Interface 'ovpns' has link connectivity
Wed Aug 10 19:44:20 2022 daemon.notice netifd: Interface 'ovpn' is setting up now
Wed Aug 10 19:44:20 2022 daemon.notice openvpn(CLIENT)[11990]: TUN/TAP device tun opened
Wed Aug 10 19:44:20 2022 daemon.notice openvpn(CLIENT)[11990]: TUN/TAP TX queue length set to 100
Wed Aug 10 19:44:20 2022 daemon.notice openvpn(CLIENT)[11990]: do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Wed Aug 10 19:44:20 2022 daemon.notice openvpn(CLIENT)[11990]: /sbin/ifconfig tun 10.1.0.2 netmask 255.255.0.0 mtu 1500 broadcast 10.1.255.255
Wed Aug 10 19:44:20 2022 daemon.notice openvpn(CLIENT)[11990]: Initialization Sequence Completed
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: Connection fails before network exchange
And without the ====> curl from client here <==== your client cannot connect.Shed3921 wrote: ↑Wed Aug 10, 2022 8:11 pmWed Aug 10 21:39:59 2022 us=568442 IFCONFIG POOL: base=10.1.0.2 size=65532, ipv6=0
Wed Aug 10 21:39:59 2022 us=568497 Initialization Sequence Completed
====> curl from client here <====
Wed Aug 10 21:44:19 2022 us=52796 MULTI: multi_create_instance called
Wed Aug 10 21:44:19 2022 us=52841 [IP]:19506 Re-using SSL/TLS context
-
- OpenVpn Newbie
- Posts: 5
- Joined: Wed Aug 10, 2022 5:37 pm
Re: Connection fails before network exchange
Yes, the client never connects if there is no network exchange with the server.
Exemple, client log without curl :
And so on...
Exemple, client log without curl :
Code: Select all
Wed Aug 10 19:40:01 2022 daemon.notice openvpn(CLIENT)[3325]: TCP/UDP: Preserving recently used remote address: [AF_INET][IP]:1194
Wed Aug 10 19:40:01 2022 daemon.notice openvpn(CLIENT)[3325]: Socket Buffers: R=[163840->163840] S=[163840->163840]
Wed Aug 10 19:40:01 2022 daemon.notice openvpn(CLIENT)[3325]: UDPv4 link local: (not bound)
Wed Aug 10 19:40:01 2022 daemon.notice openvpn(CLIENT)[3325]: UDPv4 link remote: [AF_INET][IP]:1194
Wed Aug 10 19:41:01 2022 daemon.err openvpn(CLIENT)[3325]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Aug 10 19:41:01 2022 daemon.err openvpn(CLIENT)[3325]: TLS Error: TLS handshake failed
Wed Aug 10 19:41:01 2022 daemon.notice openvpn(CLIENT)[3325]: SIGUSR1[soft,tls-error] received, process restarting
Wed Aug 10 19:41:01 2022 daemon.notice openvpn(CLIENT)[3325]: Restart pause, 20 second(s)
Wed Aug 10 19:41:21 2022 daemon.notice openvpn(CLIENT)[3325]: TCP/UDP: Preserving recently used remote address: [AF_INET][IP]:1194
Wed Aug 10 19:41:21 2022 daemon.notice openvpn(CLIENT)[3325]: Socket Buffers: R=[163840->163840] S=[163840->163840]
Wed Aug 10 19:41:21 2022 daemon.notice openvpn(CLIENT)[3325]: UDPv4 link local: (not bound)
Wed Aug 10 19:41:21 2022 daemon.notice openvpn(CLIENT)[3325]: UDPv4 link remote: [AF_INET[IP]:1194
Wed Aug 10 19:42:21 2022 daemon.err openvpn(CLIENT)[3325]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Aug 10 19:42:21 2022 daemon.err openvpn(CLIENT)[3325]: TLS Error: TLS handshake failed
Wed Aug 10 19:42:21 2022 daemon.notice openvpn(CLIENT)[3325]: SIGUSR1[soft,tls-error] received, process restarting
Wed Aug 10 19:42:21 2022 daemon.notice openvpn(CLIENT)[3325]: Restart pause, 20 second(s)
Last edited by Shed3921 on Wed Aug 10, 2022 8:34 pm, edited 1 time in total.
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: Connection fails before network exchange
I would normally advise you to speak to your network administrator, however,
you probably are the notwork administrator ..
Which means you have to figure out what you have done to your network.
It is almost certainly your server network router at fault, perhaps:
you probably are the notwork administrator ..
Which means you have to figure out what you have done to your network.
It is almost certainly your server network router at fault, perhaps:
- ARP - Unlikely
- Port knocking - You never know
- Firewall - The usual suspect
- Wonky security setting - ISP
- Edit: Other unspecified - Take your pick; more than one NIC .. or cat stuff
-
- OpenVpn Newbie
- Posts: 1
- Joined: Wed Mar 09, 2022 7:26 am
Re: Connection fails before network exchange
this is a too difficult situation when network connections fail.
-
- OpenVpn Newbie
- Posts: 5
- Joined: Wed Aug 10, 2022 5:37 pm
Re: Connection fails before network exchange
Hello,
The problem was with the firewall of my server provider (OVH / Game Firwall).
Regards.
The problem was with the firewall of my server provider (OVH / Game Firwall).
Regards.
- Pippin
- Forum Team
- Posts: 1201
- Joined: Wed Jul 01, 2015 8:03 am
- Location: irc://irc.libera.chat:6697/openvpn
Re: [Solved]Connection fails before network exchange
Glad you got it solved.
I gloomily came to the ironic conclusion that if you take a highly intelligent person and give them the best possible, elite education, then you will most likely wind up with an academic who is completely impervious to reality.
Halton Arp
Halton Arp