OpenVPN community 2.6.x fails (2.5.9 working)

Need help configuring your VPN? Just post here and you'll get that help.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
apic
OpenVpn Newbie
Posts: 1
Joined: Tue Apr 11, 2023 2:03 pm

OpenVPN community 2.6.x fails (2.5.9 working)

Post by apic » Tue Apr 11, 2023 2:21 pm

Hi, I have an installation working with OpenVPN 2.5.9 (community edition) but it doesn't work with newer versions. I see a new lines "NOTE: setsockopt SO_SNDBUF=393216 failed" with the newer version, but not sure what it means. Also, I tested it in both Win10 and Win11, and fails in both systems.

Status with 2.5.9 (OK):

Code: Select all

Tue Apr 11 15:57:18 2023 NOTE: --user option is not implemented on Windows
Tue Apr 11 15:57:18 2023 NOTE: --group option is not implemented on Windows
Tue Apr 11 15:57:18 2023 --cipher is not set. Previous OpenVPN version defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers-fallback BF-CBC' to your configuration and/or add BF-CBC to --data-ciphers.
Tue Apr 11 15:57:18 2023 OpenVPN 2.5.9 [git:v2.5.9/ea4ce681d9008f27] Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Feb 15 2023
Tue Apr 11 15:57:18 2023 Windows version 10.0 (Windows 10 or greater) 64bit
Tue Apr 11 15:57:18 2023 library versions: OpenSSL 1.1.1t  7 Feb 2023, LZO 2.10
Tue Apr 11 15:57:18 2023 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25341
Tue Apr 11 15:57:18 2023 Need hold release from management interface, waiting...
Tue Apr 11 15:57:18 2023 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25341
Tue Apr 11 15:57:18 2023 MANAGEMENT: CMD 'state on'
Tue Apr 11 15:57:18 2023 MANAGEMENT: CMD 'log on all'
Tue Apr 11 15:57:19 2023 MANAGEMENT: CMD 'echo on all'
Tue Apr 11 15:57:19 2023 MANAGEMENT: CMD 'bytecount 5'
Tue Apr 11 15:57:19 2023 MANAGEMENT: CMD 'state'
Tue Apr 11 15:57:19 2023 MANAGEMENT: CMD 'hold off'
Tue Apr 11 15:57:19 2023 MANAGEMENT: CMD 'hold release'
Tue Apr 11 15:57:19 2023 MANAGEMENT: >STATE:1681221439,RESOLVE,,,,,,
Tue Apr 11 15:57:19 2023 TCP/UDP: Preserving recently used remote address: [AF_INET]52.xxx.xxx.183:1194
Tue Apr 11 15:57:19 2023 Socket Buffers: R=[65536->65536] S=[65536->65536]
Tue Apr 11 15:57:19 2023 UDP link local: (not bound)
Tue Apr 11 15:57:19 2023 UDP link remote: [AF_INET]52.xxx.xxx.183:1194
Tue Apr 11 15:57:19 2023 MANAGEMENT: >STATE:1681221439,WAIT,,,,,,
Tue Apr 11 15:57:19 2023 MANAGEMENT: >STATE:1681221439,AUTH,,,,,,
Tue Apr 11 15:57:19 2023 TLS: Initial packet from [AF_INET]52.xxx.xxx.183:1194, sid=695ebb35 1c952a93
Tue Apr 11 15:57:19 2023 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Tue Apr 11 15:57:19 2023 VERIFY OK: depth=1, C=de, ST=Bavaria, L=Wuerzburg, O=EMnify, OU=EMnify Operations, CN=openvpn.emnify.net, name=EMnify, emailAddress=support@emnify.com
Tue Apr 11 15:57:19 2023 VERIFY KU OK
Tue Apr 11 15:57:19 2023 Validating certificate extended key usage
Tue Apr 11 15:57:19 2023 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Tue Apr 11 15:57:19 2023 VERIFY EKU OK
Tue Apr 11 15:57:19 2023 VERIFY OK: depth=0, C=de, ST=Bavaria, L=Wuerzburg, O=EMnify, OU=EMnify Operations, CN=openvpn.emnify.net, name=EMnify, emailAddress=support@emnify.com
Tue Apr 11 15:57:19 2023 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256
Tue Apr 11 15:57:19 2023 [openvpn.emnify.net] Peer Connection Initiated with [AF_INET]52.xxx.xxx.183:1194
Tue Apr 11 15:57:20 2023 MANAGEMENT: >STATE:1681221440,GET_CONFIG,,,,,,
Tue Apr 11 15:57:20 2023 SENT CONTROL [openvpn.emnify.net]: 'PUSH_REQUEST' (status=1)
Tue Apr 11 15:57:25 2023 SENT CONTROL [openvpn.emnify.net]: 'PUSH_REQUEST' (status=1)
Tue Apr 11 15:57:30 2023 SENT CONTROL [openvpn.emnify.net]: 'PUSH_REQUEST' (status=1)
Tue Apr 11 15:57:30 2023 PUSH: Received control message: 'PUSH_REPLY,sndbuf 393216,rcvbuf 393216,route 10.64.0.1,topology net30,ping 10,ping-restart 60,route 10.112.192.0 255.255.252.0,ifconfig 10.81.xxx.xxx10.81.xxx.xxx 10.81.xxx.yyy,peer-id 161,cipher AES-256-GCM'
Tue Apr 11 15:57:30 2023 OPTIONS IMPORT: timers and/or timeouts modified
Tue Apr 11 15:57:30 2023 OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
Tue Apr 11 15:57:30 2023 Socket Buffers: R=[65536->393216] S=[65536->393216]
Tue Apr 11 15:57:30 2023 OPTIONS IMPORT: --ifconfig/up options modified
Tue Apr 11 15:57:30 2023 OPTIONS IMPORT: route options modified
Tue Apr 11 15:57:30 2023 OPTIONS IMPORT: peer-id set
Tue Apr 11 15:57:30 2023 OPTIONS IMPORT: adjusting link_mtu to 1624
Tue Apr 11 15:57:30 2023 OPTIONS IMPORT: data channel crypto options modified
Tue Apr 11 15:57:30 2023 Data Channel: using negotiated cipher 'AES-256-GCM'
Tue Apr 11 15:57:30 2023 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Tue Apr 11 15:57:30 2023 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Tue Apr 11 15:57:30 2023 interactive service msg_channel=488
Tue Apr 11 15:57:30 2023 open_tun
Tue Apr 11 15:57:31 2023 tap-windows6 device [OpenVPN TAP-Windows6] opened
Tue Apr 11 15:57:31 2023 TAP-Windows Driver Version 9.24 
Tue Apr 11 15:57:31 2023 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.81.xxx.xxx/255.255.255.252 on interface {7D7876E8-XXX-XXX-XXX-XXX} [DHCP-serv: 10.81.xxx.yyy, lease-time: 31536000]
Tue Apr 11 15:57:31 2023 Successful ARP Flush on interface [13] {7D7876E8-XXX-XXX-XXX-XXX}
Tue Apr 11 15:57:31 2023 MANAGEMENT: >STATE:1681221451,ASSIGN_IP,,10.81.xxx.xxx,,,,
Tue Apr 11 15:57:31 2023 IPv4 MTU set to 1500 on interface 13 using service
Tue Apr 11 15:57:36 2023 TEST ROUTES: 2/2 succeeded len=2 ret=1 a=0 u/d=up
Tue Apr 11 15:57:36 2023 MANAGEMENT: >STATE:1681221456,ADD_ROUTES,,,,,,
Tue Apr 11 15:57:36 2023 C:\Windows\system32\route.exe ADD 10.64.0.1 MASK 255.255.255.255 10.81.xxx.yyy
Tue Apr 11 15:57:36 2023 Route addition via service succeeded
Tue Apr 11 15:57:36 2023 C:\Windows\system32\route.exe ADD 10.112.192.0 MASK 255.255.252.0 10.81.xxx.yyy
Tue Apr 11 15:57:36 2023 Route addition via service succeeded
Tue Apr 11 15:57:36 2023 Initialization Sequence Completed
Tue Apr 11 15:57:36 2023 MANAGEMENT: >STATE:1681221456,CONNECTED,SUCCESS,10.81.xxx.xxx,52.xxx.xxx.183,1194,,
Status with 2.6.0 (KO):

Code: Select all

Tue Apr 11 15:59:24 2023 NOTE: --user option is not implemented on Windows
Tue Apr 11 15:59:24 2023 NOTE: --group option is not implemented on Windows
Tue Apr 11 15:59:24 2023 Note: --cipher is not set. OpenVPN versions before 2.5 defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers-fallback BF-CBC' to your configuration and/or add BF-CBC to --data-ciphers.
Tue Apr 11 15:59:24 2023 OpenVPN 2.6.0 [git:v2.6.0/b999466418dddb89] Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] [DCO] built on Feb 15 2023
Tue Apr 11 15:59:24 2023 Windows version 10.0 (Windows 10 or greater), amd64 executable
Tue Apr 11 15:59:24 2023 library versions: OpenSSL 3.0.8 7 Feb 2023, LZO 2.10
Tue Apr 11 15:59:24 2023 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25341
Tue Apr 11 15:59:24 2023 Need hold release from management interface, waiting...
Tue Apr 11 15:59:24 2023 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:58259
Tue Apr 11 15:59:24 2023 MANAGEMENT: CMD 'state on'
Tue Apr 11 15:59:24 2023 MANAGEMENT: CMD 'log on all'
Tue Apr 11 15:59:24 2023 MANAGEMENT: CMD 'echo on all'
Tue Apr 11 15:59:24 2023 MANAGEMENT: CMD 'bytecount 5'
Tue Apr 11 15:59:24 2023 MANAGEMENT: CMD 'state'
Tue Apr 11 15:59:25 2023 MANAGEMENT: CMD 'hold off'
Tue Apr 11 15:59:25 2023 MANAGEMENT: CMD 'hold release'
Tue Apr 11 15:59:25 2023 MANAGEMENT: >STATE:1681221565,RESOLVE,,,,,,
Tue Apr 11 15:59:25 2023 TCP/UDP: Preserving recently used remote address: [AF_INET]52.xxx.xxx.183:1194
Tue Apr 11 15:59:25 2023 ovpn-dco device [OpenVPN Data Channel Offload] opened
Tue Apr 11 15:59:25 2023 UDP link local: (not bound)
Tue Apr 11 15:59:25 2023 UDP link remote: [AF_INET]52.xxx.xxx.183:1194
Tue Apr 11 15:59:25 2023 MANAGEMENT: >STATE:1681221565,WAIT,,,,,,
Tue Apr 11 15:59:25 2023 MANAGEMENT: >STATE:1681221565,AUTH,,,,,,
Tue Apr 11 15:59:25 2023 TLS: Initial packet from [AF_INET]52.xxx.xxx.183:1194, sid=7848aaca ba313708
Tue Apr 11 15:59:25 2023 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Tue Apr 11 15:59:25 2023 VERIFY OK: depth=1, C=de, ST=Bavaria, L=Wuerzburg, O=EMnify, OU=EMnify Operations, CN=openvpn.emnify.net, name=EMnify, emailAddress=support@emnify.com
Tue Apr 11 15:59:25 2023 VERIFY KU OK
Tue Apr 11 15:59:25 2023 Validating certificate extended key usage
Tue Apr 11 15:59:25 2023 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Tue Apr 11 15:59:25 2023 VERIFY EKU OK
Tue Apr 11 15:59:25 2023 VERIFY OK: depth=0, C=de, ST=Bavaria, L=Wuerzburg, O=EMnify, OU=EMnify Operations, CN=openvpn.emnify.net, name=EMnify, emailAddress=support@emnify.com
Tue Apr 11 15:59:25 2023 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256
Tue Apr 11 15:59:25 2023 [openvpn.emnify.net] Peer Connection Initiated with [AF_INET]52.xxx.xxx.183:1194
Tue Apr 11 15:59:25 2023 TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1
Tue Apr 11 15:59:25 2023 TLS: tls_multi_process: initial untrusted session promoted to trusted
Tue Apr 11 15:59:26 2023 MANAGEMENT: >STATE:1681221566,GET_CONFIG,,,,,,
Tue Apr 11 15:59:26 2023 SENT CONTROL [openvpn.emnify.net]: 'PUSH_REQUEST' (status=1)
Tue Apr 11 15:59:26 2023 PUSH: Received control message: 'PUSH_REPLY,sndbuf 393216,rcvbuf 393216,route 10.64.0.1,topology net30,ping 10,ping-restart 60,route 10.112.192.0 255.255.252.0,ifconfig 10.81.xxx.xxx 10.81.xxx.yyy,peer-id 39,cipher AES-256-GCM'
Tue Apr 11 15:59:26 2023 OPTIONS IMPORT: timers and/or timeouts modified
Tue Apr 11 15:59:26 2023 OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
Tue Apr 11 15:59:26 2023 NOTE: setsockopt SO_SNDBUF=393216 failed
Tue Apr 11 15:59:26 2023 NOTE: setsockopt SO_RCVBUF=393216 failed
Tue Apr 11 15:59:26 2023 Socket Buffers: R=[0->0] S=[0->0]
Tue Apr 11 15:59:26 2023 OPTIONS IMPORT: --ifconfig/up options modified
Tue Apr 11 15:59:26 2023 OPTIONS IMPORT: route options modified
Tue Apr 11 15:59:26 2023 OPTIONS IMPORT: peer-id set
Tue Apr 11 15:59:26 2023 OPTIONS IMPORT: data channel crypto options modified
Tue Apr 11 15:59:26 2023 interactive service msg_channel=488
Tue Apr 11 15:59:26 2023 MANAGEMENT: >STATE:1681221566,ASSIGN_IP,,10.81.xxx.xxx,,,,
Tue Apr 11 15:59:26 2023 INET address service: add 10.81.xxx.xxx/30
Tue Apr 11 15:59:26 2023 IPv4 MTU set to 1500 on interface 50 using service
Tue Apr 11 15:59:26 2023 MANAGEMENT: >STATE:1681221566,ADD_ROUTES,,,,,,
Tue Apr 11 15:59:26 2023 C:\Windows\system32\route.exe ADD 10.64.0.1 MASK 255.255.255.255 10.81.xxx.yyy METRIC 200
Tue Apr 11 15:59:26 2023 Route addition via service succeeded
Tue Apr 11 15:59:26 2023 C:\Windows\system32\route.exe ADD 10.112.192.0 MASK 255.255.252.0 10.81.xxx.yyy METRIC 200
Tue Apr 11 15:59:26 2023 Route addition via service succeeded
Tue Apr 11 15:59:26 2023 Data Channel: using negotiated cipher 'AES-256-GCM'
Tue Apr 11 15:59:26 2023 Initialization Sequence Completed
Tue Apr 11 15:59:26 2023 MANAGEMENT: >STATE:1681221566,CONNECTED,SUCCESS,10.81.xxx.xxx,52.xxx.xxx.183,1194,,
ovpn file:

Code: Select all

client
dev tun
proto udp
remote eu-west-1.openvpn.emnify.net 1194
resolv-retry infinite
nobind
explicit-exit-notify 3
keepalive 5 30
user root
group nogroup
persist-key
persist-tun
remote-cert-tls server
verb 3
;auth-nocache
auth-user-pass "C:\\Program Files\\OpenVPN\\config\\credentials.txt"
auth-retry nointeract
<ca>
-----BEGIN CERTIFICATE-----
XXX
-----END CERTIFICATE-----
</ca>

<cert>
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2 (0x2)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=de, ST=Bavaria, L=Wuerzburg, O=EMnify, OU=EMnify Operations, CN=openvpn.emnify.net/name=EMnify/emailAddress=support@emnify.com
        Validity
            Not Before: Jun 27 18:24:21 2016 GMT
            Not After : Jun 25 18:24:21 2026 GMT
        Subject: C=de, ST=Bavaria, L=Wuerzburg, O=EMnify, OU=EMnify Operations, CN=client/name=EMnify/emailAddress=support@emnify.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    XXX
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: 
                CA:FALSE
            Netscape Comment: 
                Easy-RSA Generated Certificate
            X509v3 Subject Key Identifier: 
                XXX
            X509v3 Authority Key Identifier: 
                keyid:XXX
                DirName:/C=de/ST=Bavaria/L=Wuerzburg/O=EMnify/OU=EMnify Operations/CN=openvpn.emnify.net/name=EMnify/emailAddress=support@emnify.com
                serial:XXX

            X509v3 Extended Key Usage: 
                TLS Web Client Authentication
            X509v3 Key Usage: 
                Digital Signature
            X509v3 Subject Alternative Name: 
                DNS:client
    Signature Algorithm: sha256WithRSAEncryption
         XXX
-----BEGIN CERTIFICATE-----
XXX
-----END CERTIFICATE-----
</cert>

<key>
-----BEGIN PRIVATE KEY-----
XXX
-----END PRIVATE KEY-----
</key>
Top
Post Reply

Return to “Configuration”