Subnet behind Client and Server not reachable

matbol · Post by **matbol** » Tue Nov 14, 2023 2:39 pm

Server Running at:
OpenVPN 2.5.1
Distributor ID: Debian
Description: Debian GNU/Linux 11 (bullseye)
Release: 11
Codename: bullseye

External Company is connected to our server (PUBLICIP) via a strongswan-VPN tunnel. There is an OpenVPN server running here, which is intended to connect several hundred mini-routers to the server in the future. These devices have a tunnel IP generated by OpenVPN and a local network.

Currently, I have one device active, and the entire chain appears to be as follows:

External Company Endpoint - "RelayServer" (public: PUBLICIP internal: 172.31.22.190) - OpenVPN Server (10.0.0.1) - ClientRouter(VPN IP: 10.0.0.2, Local IP: 10.110.0.249/30) - IOT Device (10.110.0.250)

Currently, the tunnel is connecting, and I can ping from (10.110.0.249) towards the server (172.31.22.190). Currently it work the other way around. But the IoT Device (10.110.0.250) couldnt be pinged.

Code: Select all

sudo openvpn --config test-server.conf --mute-replay-warnings

etc_openvpn_server_server.conf

port 1194
proto udp
dev tun

ca /etc/openvpn/easy-rsa/pki/ca.crt
cert /etc/openvpn/easy-rsa/pki/issued/server.crt
key /etc/openvpn/easy-rsa/pki/private/server.key # keep secret
dh /etc/openvpn/easy-rsa/pki/dh.pem

topology subnet
server 10.0.0.0 255.255.255.0 # internal tun0 connection IP
ifconfig-pool-persist ipp.txt

push "redirect-gateway def1 bypass-dhcp"

client-config-dir /etc/openvpn/testclients
route 10.110.0.0 255.255.255.0 10.0.0.1

keepalive 10 120
tls-auth /etc/openvpn/server/ta.key 0
auth-nocache

cipher AES-256-CBC
data-ciphers AES-256-CBC
persist-key
persist-tun

status /var/log/openvpn/openvpn-status.log
log-append /var/log/openvpn/openvpn.log
verb 4 # verbose mode

client-to-client
explicit-exit-notify 1

etc_openvpn_testclients_testclient01

push "route 10.110.0.248 255.255.255.252 10.0.0.1"
iroute 10.110.0.248 255.255.255.252

client.ovpn

client
dev tun
proto udp

remote XXXXXXXX 1194 # [VPN server IP] [PORT]
resolv-retry infinite
nobind

persist-key
persist-tun

remote-cert-tls server

auth-nocache

cipher AES-256-CBC
data-ciphers AES-256-CBC

mute-replay-warnings

verb 3

key-direction 1

[olog]
2023-11-14 15:26:27 us=953037 WARNING: file '/etc/openvpn/easy-rsa/pki/private/server.key' is group or others accessible
2023-11-14 15:26:27 us=953125 Current Parameter Settings:
2023-11-14 15:26:27 us=953138 config = 'test-server.conf'
2023-11-14 15:26:27 us=953146 mode = 1
2023-11-14 15:26:27 us=953153 persist_config = DISABLED
2023-11-14 15:26:27 us=953161 persist_mode = 1
2023-11-14 15:26:27 us=953168 show_ciphers = DISABLED
2023-11-14 15:26:27 us=953175 show_digests = DISABLED
2023-11-14 15:26:27 us=953182 show_engines = DISABLED
2023-11-14 15:26:27 us=953189 genkey = DISABLED
2023-11-14 15:26:27 us=953196 genkey_filename = '[UNDEF]'
2023-11-14 15:26:27 us=953203 key_pass_file = '[UNDEF]'
2023-11-14 15:26:27 us=953210 show_tls_ciphers = DISABLED
2023-11-14 15:26:27 us=953217 connect_retry_max = 0
2023-11-14 15:26:27 us=953229 Connection profiles [0]:
2023-11-14 15:26:27 us=953237 proto = udp
2023-11-14 15:26:27 us=953244 local = '[UNDEF]'
2023-11-14 15:26:27 us=953251 local_port = '1194'
2023-11-14 15:26:27 us=953258 remote = '[UNDEF]'
2023-11-14 15:26:27 us=953265 remote_port = '1194'
2023-11-14 15:26:27 us=953272 remote_float = DISABLED
2023-11-14 15:26:27 us=953278 bind_defined = DISABLED
2023-11-14 15:26:27 us=953285 bind_local = ENABLED
2023-11-14 15:26:27 us=953292 bind_ipv6_only = DISABLED
2023-11-14 15:26:27 us=953298 connect_retry_seconds = 5
2023-11-14 15:26:27 us=953305 connect_timeout = 120
2023-11-14 15:26:27 us=953312 socks_proxy_server = '[UNDEF]'
2023-11-14 15:26:27 us=953319 socks_proxy_port = '[UNDEF]'
2023-11-14 15:26:27 us=953326 tun_mtu = 1500
2023-11-14 15:26:27 us=953332 tun_mtu_defined = ENABLED
2023-11-14 15:26:27 us=953339 link_mtu = 1500
2023-11-14 15:26:27 us=953346 link_mtu_defined = DISABLED
2023-11-14 15:26:27 us=953353 tun_mtu_extra = 0
2023-11-14 15:26:27 us=953360 tun_mtu_extra_defined = DISABLED
2023-11-14 15:26:27 us=953366 mtu_discover_type = -1
2023-11-14 15:26:27 us=953373 fragment = 0
2023-11-14 15:26:27 us=953380 mssfix = 1450
2023-11-14 15:26:27 us=953386 explicit_exit_notification = 1
2023-11-14 15:26:27 us=953393 tls_auth_file = '[INLINE]'
2023-11-14 15:26:27 us=953400 key_direction = 0
2023-11-14 15:26:27 us=953406 tls_crypt_file = '[UNDEF]'
2023-11-14 15:26:27 us=953413 tls_crypt_v2_file = '[UNDEF]'
2023-11-14 15:26:27 us=953422 Connection profiles END
2023-11-14 15:26:27 us=953428 remote_random = DISABLED
2023-11-14 15:26:27 us=953435 ipchange = '[UNDEF]'
2023-11-14 15:26:27 us=953442 dev = 'tun'
2023-11-14 15:26:27 us=953448 dev_type = '[UNDEF]'
2023-11-14 15:26:27 us=953455 dev_node = '[UNDEF]'
2023-11-14 15:26:27 us=953462 lladdr = '[UNDEF]'
2023-11-14 15:26:27 us=953470 topology = 3
2023-11-14 15:26:27 us=953476 ifconfig_local = '10.0.0.1'
2023-11-14 15:26:27 us=953484 ifconfig_remote_netmask = '255.255.255.0'
2023-11-14 15:26:27 us=953491 ifconfig_noexec = DISABLED
2023-11-14 15:26:27 us=953497 ifconfig_nowarn = DISABLED
2023-11-14 15:26:27 us=953507 ifconfig_ipv6_local = '[UNDEF]'
2023-11-14 15:26:27 us=953515 ifconfig_ipv6_netbits = 0
2023-11-14 15:26:27 us=953521 ifconfig_ipv6_remote = '[UNDEF]'
2023-11-14 15:26:27 us=953528 shaper = 0
2023-11-14 15:26:27 us=953535 mtu_test = 0
2023-11-14 15:26:27 us=953542 mlock = DISABLED
2023-11-14 15:26:27 us=953549 keepalive_ping = 10
2023-11-14 15:26:27 us=953555 keepalive_timeout = 120
2023-11-14 15:26:27 us=953562 inactivity_timeout = 0
2023-11-14 15:26:27 us=953582 ping_send_timeout = 10
2023-11-14 15:26:27 us=953590 ping_rec_timeout = 240
2023-11-14 15:26:27 us=953596 ping_rec_timeout_action = 2
2023-11-14 15:26:27 us=953603 ping_timer_remote = DISABLED
2023-11-14 15:26:27 us=953610 remap_sigusr1 = 0
2023-11-14 15:26:27 us=953616 persist_tun = ENABLED
2023-11-14 15:26:27 us=953623 persist_local_ip = DISABLED
2023-11-14 15:26:27 us=953629 persist_remote_ip = DISABLED
2023-11-14 15:26:27 us=953636 persist_key = ENABLED
2023-11-14 15:26:27 us=953643 passtos = DISABLED
2023-11-14 15:26:27 us=953649 resolve_retry_seconds = 1000000000
2023-11-14 15:26:27 us=953656 resolve_in_advance = DISABLED
2023-11-14 15:26:27 us=953668 username = '[UNDEF]'
2023-11-14 15:26:27 us=953675 groupname = '[UNDEF]'
2023-11-14 15:26:27 us=953686 chroot_dir = '[UNDEF]'
2023-11-14 15:26:27 us=953694 cd_dir = '[UNDEF]'
2023-11-14 15:26:27 us=953701 writepid = '[UNDEF]'
2023-11-14 15:26:27 us=953707 up_script = '[UNDEF]'
2023-11-14 15:26:27 us=953714 down_script = '[UNDEF]'
2023-11-14 15:26:27 us=953721 down_pre = DISABLED
2023-11-14 15:26:27 us=953732 up_restart = DISABLED
2023-11-14 15:26:27 us=953740 up_delay = DISABLED
2023-11-14 15:26:27 us=953755 daemon = DISABLED
2023-11-14 15:26:27 us=953762 inetd = 0
2023-11-14 15:26:27 us=953769 log = ENABLED
2023-11-14 15:26:27 us=953776 suppress_timestamps = DISABLED
2023-11-14 15:26:27 us=953782 machine_readable_output = DISABLED
2023-11-14 15:26:27 us=953789 nice = 0
2023-11-14 15:26:27 us=953796 verbosity = 4
2023-11-14 15:26:27 us=953802 mute = 0
2023-11-14 15:26:27 us=953809 gremlin = 0
2023-11-14 15:26:27 us=953816 status_file = '/var/log/openvpn/openvpn-status.log'
2023-11-14 15:26:27 us=953822 status_file_version = 1
2023-11-14 15:26:27 us=953829 status_file_update_freq = 60
2023-11-14 15:26:27 us=953836 occ = ENABLED
2023-11-14 15:26:27 us=953842 rcvbuf = 0
2023-11-14 15:26:27 us=953849 sndbuf = 0
2023-11-14 15:26:27 us=953856 mark = 0
2023-11-14 15:26:27 us=953862 sockflags = 0
2023-11-14 15:26:27 us=953869 fast_io = DISABLED
2023-11-14 15:26:27 us=953876 comp.alg = 0
2023-11-14 15:26:27 us=953882 comp.flags = 0
2023-11-14 15:26:27 us=953889 route_script = '[UNDEF]'
2023-11-14 15:26:27 us=953896 route_default_gateway = '10.0.0.2'
2023-11-14 15:26:27 us=953903 route_default_metric = 0
2023-11-14 15:26:27 us=953913 route_noexec = DISABLED
2023-11-14 15:26:27 us=953920 route_delay = 0
2023-11-14 15:26:27 us=953927 route_delay_window = 30
2023-11-14 15:26:27 us=953934 route_delay_defined = DISABLED
2023-11-14 15:26:27 us=953941 route_nopull = DISABLED
2023-11-14 15:26:27 us=953950 route_gateway_via_dhcp = DISABLED
2023-11-14 15:26:27 us=953957 allow_pull_fqdn = DISABLED
2023-11-14 15:26:27 us=953965 route 10.110.0.0/255.255.255.0/10.0.0.1/default (not set)
2023-11-14 15:26:27 us=953976 management_addr = '[UNDEF]'
2023-11-14 15:26:27 us=953983 management_port = '[UNDEF]'
2023-11-14 15:26:27 us=953990 management_user_pass = '[UNDEF]'
2023-11-14 15:26:27 us=953997 management_log_history_cache = 250
2023-11-14 15:26:27 us=954004 management_echo_buffer_size = 100
2023-11-14 15:26:27 us=954011 management_write_peer_info_file = '[UNDEF]'
2023-11-14 15:26:27 us=954018 management_client_user = '[UNDEF]'
2023-11-14 15:26:27 us=954025 management_client_group = '[UNDEF]'
2023-11-14 15:26:27 us=954031 management_flags = 0
2023-11-14 15:26:27 us=954039 shared_secret_file = '[UNDEF]'
2023-11-14 15:26:27 us=954046 key_direction = 0
2023-11-14 15:26:27 us=954052 ciphername = 'AES-256-CBC'
2023-11-14 15:26:27 us=954059 ncp_enabled = ENABLED
2023-11-14 15:26:27 us=954066 ncp_ciphers = 'AES-256-CBC'
2023-11-14 15:26:27 us=954073 authname = 'SHA1'
2023-11-14 15:26:27 us=954080 prng_hash = 'SHA1'
2023-11-14 15:26:27 us=954087 prng_nonce_secret_len = 16
2023-11-14 15:26:27 us=954094 keysize = 0
2023-11-14 15:26:27 us=954101 engine = DISABLED
2023-11-14 15:26:27 us=954108 replay = ENABLED
2023-11-14 15:26:27 us=954120 mute_replay_warnings = ENABLED
2023-11-14 15:26:27 us=954128 replay_window = 64
2023-11-14 15:26:27 us=954135 replay_time = 15
2023-11-14 15:26:27 us=954145 packet_id_file = '[UNDEF]'
2023-11-14 15:26:27 us=954152 test_crypto = DISABLED
2023-11-14 15:26:27 us=954159 tls_server = ENABLED
2023-11-14 15:26:27 us=954166 tls_client = DISABLED
2023-11-14 15:26:27 us=954174 ca_file = '/etc/openvpn/easy-rsa/pki/ca.crt'
2023-11-14 15:26:27 us=954183 ca_path = '[UNDEF]'
2023-11-14 15:26:27 us=954191 dh_file = '/etc/openvpn/easy-rsa/pki/dh.pem'
2023-11-14 15:26:27 us=954198 cert_file = '/etc/openvpn/easy-rsa/pki/issued/server.crt'
2023-11-14 15:26:27 us=954204 extra_certs_file = '[UNDEF]'
2023-11-14 15:26:27 us=954211 priv_key_file = '/etc/openvpn/easy-rsa/pki/private/server.key'
2023-11-14 15:26:27 us=954218 pkcs12_file = '[UNDEF]'
2023-11-14 15:26:27 us=954225 cipher_list = '[UNDEF]'
2023-11-14 15:26:27 us=954232 cipher_list_tls13 = '[UNDEF]'
2023-11-14 15:26:27 us=954239 tls_cert_profile = '[UNDEF]'
2023-11-14 15:26:27 us=954245 tls_verify = '[UNDEF]'
2023-11-14 15:26:27 us=954252 tls_export_cert = '[UNDEF]'
2023-11-14 15:26:27 us=954259 verify_x509_type = 0
2023-11-14 15:26:27 us=954265 verify_x509_name = '[UNDEF]'
2023-11-14 15:26:27 us=954272 crl_file = '[UNDEF]'
2023-11-14 15:26:27 us=954279 ns_cert_type = 0
2023-11-14 15:26:27 us=954286 remote_cert_ku = 0
2023-11-14 15:26:27 us=954293 remote_cert_ku = 0
2023-11-14 15:26:27 us=954299 remote_cert_ku = 0
2023-11-14 15:26:27 us=954306 remote_cert_ku = 0
2023-11-14 15:26:27 us=954313 remote_cert_ku = 0
2023-11-14 15:26:27 us=954320 remote_cert_ku = 0
2023-11-14 15:26:27 us=954326 remote_cert_ku = 0
2023-11-14 15:26:27 us=954333 remote_cert_ku = 0
2023-11-14 15:26:27 us=954340 remote_cert_ku = 0
2023-11-14 15:26:27 us=954347 remote_cert_ku = 0
2023-11-14 15:26:27 us=954353 remote_cert_ku[i] = 0
2023-11-14 15:26:27 us=954360 remote_cert_ku[i] = 0
2023-11-14 15:26:27 us=954367 remote_cert_ku[i] = 0
2023-11-14 15:26:27 us=954374 remote_cert_ku[i] = 0
2023-11-14 15:26:27 us=954383 remote_cert_ku[i] = 0
2023-11-14 15:26:27 us=954390 remote_cert_ku[i] = 0
2023-11-14 15:26:27 us=954397 remote_cert_eku = '[UNDEF]'
2023-11-14 15:26:27 us=954405 ssl_flags = 0
2023-11-14 15:26:27 us=954415 tls_timeout = 2
2023-11-14 15:26:27 us=954422 renegotiate_bytes = -1
2023-11-14 15:26:27 us=954429 renegotiate_packets = 0
2023-11-14 15:26:27 us=954436 renegotiate_seconds = 3600
2023-11-14 15:26:27 us=954442 handshake_window = 60
2023-11-14 15:26:27 us=954449 transition_window = 3600
2023-11-14 15:26:27 us=954456 single_session = DISABLED
2023-11-14 15:26:27 us=954463 push_peer_info = DISABLED
2023-11-14 15:26:27 us=954469 tls_exit = DISABLED
2023-11-14 15:26:27 us=954476 tls_crypt_v2_metadata = '[UNDEF]'
2023-11-14 15:26:27 us=954483 pkcs11_protected_authentication = DISABLED
2023-11-14 15:26:27 us=954490 pkcs11_protected_authentication = DISABLED
2023-11-14 15:26:27 us=954497 pkcs11_protected_authentication = DISABLED
2023-11-14 15:26:27 us=954504 pkcs11_protected_authentication = DISABLED
2023-11-14 15:26:27 us=954510 pkcs11_protected_authentication = DISABLED
2023-11-14 15:26:27 us=954517 pkcs11_protected_authentication = DISABLED
2023-11-14 15:26:27 us=954524 pkcs11_protected_authentication = DISABLED
2023-11-14 15:26:27 us=954531 pkcs11_protected_authentication = DISABLED
2023-11-14 15:26:27 us=954537 pkcs11_protected_authentication = DISABLED
2023-11-14 15:26:27 us=954544 pkcs11_protected_authentication = DISABLED
2023-11-14 15:26:27 us=954551 pkcs11_protected_authentication = DISABLED
2023-11-14 15:26:27 us=954558 pkcs11_protected_authentication = DISABLED
2023-11-14 15:26:27 us=954565 pkcs11_protected_authentication = DISABLED
2023-11-14 15:26:27 us=954572 pkcs11_protected_authentication = DISABLED
2023-11-14 15:26:27 us=954579 pkcs11_protected_authentication = DISABLED
2023-11-14 15:26:27 us=954586 pkcs11_protected_authentication = DISABLED
2023-11-14 15:26:27 us=954601 pkcs11_private_mode = 00000000
2023-11-14 15:26:27 us=954609 pkcs11_private_mode = 00000000
2023-11-14 15:26:27 us=954616 pkcs11_private_mode = 00000000
2023-11-14 15:26:27 us=954622 pkcs11_private_mode = 00000000
2023-11-14 15:26:27 us=954629 pkcs11_private_mode = 00000000
2023-11-14 15:26:27 us=954636 pkcs11_private_mode = 00000000
2023-11-14 15:26:27 us=954642 pkcs11_private_mode = 00000000
2023-11-14 15:26:27 us=954649 pkcs11_private_mode = 00000000
2023-11-14 15:26:27 us=954656 pkcs11_private_mode = 00000000
2023-11-14 15:26:27 us=954662 pkcs11_private_mode = 00000000
2023-11-14 15:26:27 us=954669 pkcs11_private_mode = 00000000
2023-11-14 15:26:27 us=954675 pkcs11_private_mode = 00000000
2023-11-14 15:26:27 us=954682 pkcs11_private_mode = 00000000
2023-11-14 15:26:27 us=954689 pkcs11_private_mode = 00000000
2023-11-14 15:26:27 us=954695 pkcs11_private_mode = 00000000
2023-11-14 15:26:27 us=954702 pkcs11_private_mode = 00000000
2023-11-14 15:26:27 us=954709 pkcs11_cert_private = DISABLED
2023-11-14 15:26:27 us=954716 pkcs11_cert_private = DISABLED
2023-11-14 15:26:27 us=954722 pkcs11_cert_private = DISABLED
2023-11-14 15:26:27 us=954729 pkcs11_cert_private = DISABLED
2023-11-14 15:26:27 us=954736 pkcs11_cert_private = DISABLED
2023-11-14 15:26:27 us=954743 pkcs11_cert_private = DISABLED
2023-11-14 15:26:27 us=954749 pkcs11_cert_private = DISABLED
2023-11-14 15:26:27 us=954756 pkcs11_cert_private = DISABLED
2023-11-14 15:26:27 us=954763 pkcs11_cert_private = DISABLED
2023-11-14 15:26:27 us=954770 pkcs11_cert_private = DISABLED
2023-11-14 15:26:27 us=954777 pkcs11_cert_private = DISABLED
2023-11-14 15:26:27 us=954786 pkcs11_cert_private = DISABLED
2023-11-14 15:26:27 us=954794 pkcs11_cert_private = DISABLED
2023-11-14 15:26:27 us=954801 pkcs11_cert_private = DISABLED
2023-11-14 15:26:27 us=954808 pkcs11_cert_private = DISABLED
2023-11-14 15:26:27 us=954818 pkcs11_cert_private = DISABLED
2023-11-14 15:26:27 us=954825 pkcs11_pin_cache_period = -1
2023-11-14 15:26:27 us=954832 pkcs11_id = '[UNDEF]'
2023-11-14 15:26:27 us=954839 pkcs11_id_management = DISABLED
2023-11-14 15:26:27 us=954850 server_network = 10.0.0.0
2023-11-14 15:26:27 us=954858 server_netmask = 255.255.255.0
2023-11-14 15:26:27 us=954866 server_network_ipv6 = ::
2023-11-14 15:26:27 us=954872 server_netbits_ipv6 = 0
2023-11-14 15:26:27 us=954880 server_bridge_ip = 0.0.0.0
2023-11-14 15:26:27 us=954887 server_bridge_netmask = 0.0.0.0
2023-11-14 15:26:27 us=954894 server_bridge_pool_start = 0.0.0.0
2023-11-14 15:26:27 us=954901 server_bridge_pool_end = 0.0.0.0
2023-11-14 15:26:27 us=954908 push_entry = 'redirect-gateway def1 bypass-dhcp'
2023-11-14 15:26:27 us=954915 push_entry = 'route-gateway 10.0.0.1'
2023-11-14 15:26:27 us=954922 push_entry = 'topology subnet'
2023-11-14 15:26:27 us=954929 push_entry = 'ping 10'
2023-11-14 15:26:27 us=954935 push_entry = 'ping-restart 120'
2023-11-14 15:26:27 us=954942 ifconfig_pool_defined = ENABLED
2023-11-14 15:26:27 us=954949 ifconfig_pool_start = 10.0.0.2
2023-11-14 15:26:27 us=954957 ifconfig_pool_end = 10.0.0.253
2023-11-14 15:26:27 us=954964 ifconfig_pool_netmask = 255.255.255.0
2023-11-14 15:26:27 us=954971 ifconfig_pool_persist_filename = 'ipp.txt'
2023-11-14 15:26:27 us=954979 ifconfig_pool_persist_refresh_freq = 600
2023-11-14 15:26:27 us=954986 ifconfig_ipv6_pool_defined = DISABLED
2023-11-14 15:26:27 us=954994 ifconfig_ipv6_pool_base = ::
2023-11-14 15:26:27 us=955001 ifconfig_ipv6_pool_netbits = 0
2023-11-14 15:26:27 us=955011 n_bcast_buf = 256
2023-11-14 15:26:27 us=955018 tcp_queue_limit = 64
2023-11-14 15:26:27 us=955026 real_hash_size = 256
2023-11-14 15:26:27 us=955033 virtual_hash_size = 256
2023-11-14 15:26:27 us=955040 client_connect_script = '[UNDEF]'
2023-11-14 15:26:27 us=955049 learn_address_script = '[UNDEF]'
2023-11-14 15:26:27 us=955056 client_disconnect_script = '[UNDEF]'
2023-11-14 15:26:27 us=955063 client_config_dir = '/etc/openvpn/testclients'
2023-11-14 15:26:27 us=955087 ccd_exclusive = DISABLED
2023-11-14 15:26:27 us=955096 tmp_dir = '/tmp'
2023-11-14 15:26:27 us=955103 push_ifconfig_defined = DISABLED
2023-11-14 15:26:27 us=955111 push_ifconfig_local = 0.0.0.0
2023-11-14 15:26:27 us=955122 push_ifconfig_remote_netmask = 0.0.0.0
2023-11-14 15:26:27 us=955156 push_ifconfig_ipv6_defined = DISABLED
2023-11-14 15:26:27 us=955168 push_ifconfig_ipv6_local = ::/0
2023-11-14 15:26:27 us=955176 push_ifconfig_ipv6_remote = ::
2023-11-14 15:26:27 us=955183 enable_c2c = ENABLED
2023-11-14 15:26:27 us=955189 duplicate_cn = DISABLED
2023-11-14 15:26:27 us=955196 cf_max = 0
2023-11-14 15:26:27 us=955203 cf_per = 0
2023-11-14 15:26:27 us=955210 max_clients = 1024
2023-11-14 15:26:27 us=955217 max_routes_per_client = 256
2023-11-14 15:26:27 us=955223 auth_user_pass_verify_script = '[UNDEF]'
2023-11-14 15:26:27 us=955231 auth_user_pass_verify_script_via_file = DISABLED
2023-11-14 15:26:27 us=955237 auth_token_generate = DISABLED
2023-11-14 15:26:27 us=955244 auth_token_lifetime = 0
2023-11-14 15:26:27 us=955251 auth_token_secret_file = '[UNDEF]'
2023-11-14 15:26:27 us=955258 port_share_host = '[UNDEF]'
2023-11-14 15:26:27 us=955265 port_share_port = '[UNDEF]'
2023-11-14 15:26:27 us=955272 vlan_tagging = DISABLED
2023-11-14 15:26:27 us=955279 vlan_accept = all
2023-11-14 15:26:27 us=955287 vlan_pvid = 1
2023-11-14 15:26:27 us=955294 client = DISABLED
2023-11-14 15:26:27 us=955301 pull = DISABLED
2023-11-14 15:26:27 us=955312 auth_user_pass_file = '[UNDEF]'
2023-11-14 15:26:27 us=955320 OpenVPN 2.5.1 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on May 14 2021
2023-11-14 15:26:27 us=955336 library versions: OpenSSL 1.1.1w 11 Sep 2023, LZO 2.10
2023-11-14 15:26:27 us=955422 net_route_v4_best_gw query: dst 0.0.0.0
2023-11-14 15:26:27 us=955545 net_route_v4_best_gw result: via 172.31.16.1 dev eth0
2023-11-14 15:26:27 us=956051 Diffie-Hellman initialized with 2048 bit key
2023-11-14 15:26:30 us=554385 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2023-11-14 15:26:30 us=554461 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2023-11-14 15:26:30 us=554486 TLS-Auth MTU parms [ L:1621 D:1184 EF:66 EB:0 ET:0 EL:3 ]
2023-11-14 15:26:30 us=554688 net_route_v4_best_gw query: dst 0.0.0.0
2023-11-14 15:26:30 us=554802 net_route_v4_best_gw result: via 172.31.16.1 dev eth0
2023-11-14 15:26:30 us=554847 ROUTE_GATEWAY 172.31.16.1/255.255.240.0 IFACE=eth0 HWADDR=02:e8:41:26:fc:84
2023-11-14 15:26:30 us=555956 TUN/TAP device tun0 opened
2023-11-14 15:26:30 us=556120 do_ifconfig, ipv4=1, ipv6=0
2023-11-14 15:26:30 us=556265 net_iface_mtu_set: mtu 1500 for tun0
2023-11-14 15:26:30 us=556445 net_iface_up: set tun0 up
2023-11-14 15:26:30 us=557860 net_addr_v4_add: 10.0.0.1/24 dev tun0
2023-11-14 15:26:30 us=558423 net_route_v4_add: 10.110.0.0/24 via 10.0.0.1 dev [NULL] table 0 metric -1
2023-11-14 15:26:30 us=558971 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
2023-11-14 15:26:30 us=559160 Could not determine IPv4/IPv6 protocol. Using AF_INET
2023-11-14 15:26:30 us=559299 Socket Buffers: R=[212992->212992] S=[212992->212992]
2023-11-14 15:26:30 us=559403 UDPv4 link local (bound): [AF_INET][undef]:1194
2023-11-14 15:26:30 us=559498 UDPv4 link remote: [AF_UNSPEC]
2023-11-14 15:26:30 us=559596 MULTI: multi_init called, r=256 v=256
2023-11-14 15:26:30 us=559713 IFCONFIG POOL IPv4: base=10.0.0.2 size=252
2023-11-14 15:26:30 us=559833 ifconfig_pool_read(), in='company_test01,10.0.0.2,'
2023-11-14 15:26:30 us=559926 succeeded -> ifconfig_pool_set(hand=0)
2023-11-14 15:26:30 us=560018 IFCONFIG POOL LIST
2023-11-14 15:26:30 us=560107 company_test01,10.0.0.2,
2023-11-14 15:26:30 us=560223 Initialization Sequence Completed
2023-11-14 15:26:41 us=740787 MULTI: multi_create_instance called
2023-11-14 15:26:41 us=740916 XX.XX.XX.XX:42246 Re-using SSL/TLS context
2023-11-14 15:26:41 us=741002 XX.XX.XX.XX:42246 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2023-11-14 15:26:41 us=741018 XX.XX.XX.XX:42246 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2023-11-14 15:26:41 us=741151 XX.XX.XX.XX:42246 Control Channel MTU parms [ L:1621 D:1184 EF:66 EB:0 ET:0 EL:3 ]
2023-11-14 15:26:41 us=741171 XX.XX.XX.XX:42246 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
2023-11-14 15:26:41 us=741207 XX.XX.XX.XX:42246 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
2023-11-14 15:26:41 us=741216 XX.XX.XX.XX:42246 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
2023-11-14 15:26:41 us=741242 XX.XX.XX.XX:42246 TLS: Initial packet from [AF_INET]XX.XX.XX.XX:42246, sid=854eb047 da213e75
2023-11-14 15:26:41 us=741363 XX.XX.XX.XX:42246 PID_ERR replay [0] [TLS_WRAP-0] [0____] 1699971970:5 1699971970:5 t=1699972001[0] r=[0,64,15,0,1] sl=[59,5,64,528]
2023-11-14 15:26:41 us=741389 XX.XX.XX.XX:42246 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #5 / time = (1699971970) 2023-11-14 15:26:10 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
2023-11-14 15:26:41 us=741399 XX.XX.XX.XX:42246 TLS Error: incoming packet authentication failed from [AF_INET]XX.XX.XX.XX:42246
2023-11-14 15:26:41 us=973621 XX.XX.XX.XX:42246 VERIFY OK: depth=1, CN=PROD ExternalCompanyEthernetVPN
2023-11-14 15:26:41 us=973811 XX.XX.XX.XX:42246 VERIFY OK: depth=0, CN=company_test01
2023-11-14 15:26:41 us=974044 XX.XX.XX.XX:42246 PID_ERR replay [0] [TLS_WRAP-0] [0000000____] 1699971970:11 1699971970:11 t=1699972001[0] r=[0,64,15,0,1] sl=[53,11,64,528]
2023-11-14 15:26:41 us=974080 XX.XX.XX.XX:42246 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #11 / time = (1699971970) 2023-11-14 15:26:10 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
2023-11-14 15:26:41 us=974095 XX.XX.XX.XX:42246 TLS Error: incoming packet authentication failed from [AF_INET]XX.XX.XX.XX:42246
2023-11-14 15:26:41 us=974127 XX.XX.XX.XX:42246 peer info: IV_VER=2.5.3
2023-11-14 15:26:41 us=974143 XX.XX.XX.XX:42246 peer info: IV_PLAT=linux
2023-11-14 15:26:41 us=974151 XX.XX.XX.XX:42246 peer info: IV_PROTO=6
2023-11-14 15:26:41 us=974159 XX.XX.XX.XX:42246 peer info: IV_CIPHERS=AES-256-CBC
2023-11-14 15:26:41 us=974166 XX.XX.XX.XX:42246 peer info: IV_LZ4=1
2023-11-14 15:26:41 us=974173 XX.XX.XX.XX:42246 peer info: IV_LZ4v2=1
2023-11-14 15:26:41 us=974180 XX.XX.XX.XX:42246 peer info: IV_LZO=1
2023-11-14 15:26:41 us=974187 XX.XX.XX.XX:42246 peer info: IV_COMP_STUB=1
2023-11-14 15:26:41 us=974194 XX.XX.XX.XX:42246 peer info: IV_COMP_STUBv2=1
2023-11-14 15:26:41 us=974202 XX.XX.XX.XX:42246 peer info: IV_TCPNL=1
2023-11-14 15:26:42 us=5189 XX.XX.XX.XX:42246 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 2048 bit RSA
2023-11-14 15:26:42 us=5262 XX.XX.XX.XX:42246 [company_test01] Peer Connection Initiated with [AF_INET]XX.XX.XX.XX:42246
2023-11-14 15:26:42 us=5287 company_test01/XX.XX.XX.XX:42246 MULTI_sva: pool returned IPv4=10.0.0.2, IPv6=(Not enabled)
2023-11-14 15:26:42 us=5339 company_test01/XX.XX.XX.XX:42246 OPTIONS IMPORT: reading client specific options from: /etc/openvpn/testclients/company_test01
2023-11-14 15:26:42 us=5413 company_test01/XX.XX.XX.XX:42246 MULTI: Learn: 10.0.0.2 -> company_test01/XX.XX.XX.XX:42246
2023-11-14 15:26:42 us=5425 company_test01/XX.XX.XX.XX:42246 MULTI: primary virtual IP for company_test01/XX.XX.XX.XX:42246: 10.0.0.2
2023-11-14 15:26:42 us=5435 company_test01/XX.XX.XX.XX:42246 MULTI: internal route 10.110.0.248/30 -> company_test01/XX.XX.XX.XX:42246
2023-11-14 15:26:42 us=5459 company_test01/XX.XX.XX.XX:42246 MULTI: Learn: 10.110.0.248/30 -> company_test01/XX.XX.XX.XX:42246
2023-11-14 15:26:42 us=5543 company_test01/XX.XX.XX.XX:42246 Outgoing Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
2023-11-14 15:26:42 us=5561 company_test01/XX.XX.XX.XX:42246 Outgoing Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
2023-11-14 15:26:42 us=5570 company_test01/XX.XX.XX.XX:42246 Incoming Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
2023-11-14 15:26:42 us=5580 company_test01/XX.XX.XX.XX:42246 Incoming Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
2023-11-14 15:26:42 us=5611 company_test01/XX.XX.XX.XX:42246 SENT CONTROL [company_test01]: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,route-gateway 10.0.0.1,topology subnet,ping 10,ping-restart 120,route 10.110.0.248 255.255.255.252 10.0.0.1,ifconfig 10.0.0.2 255.255.255.0,peer-id 0,cipher AES-256-CBC' (status=1)
2023-11-14 15:26:49 us=16278 company_test01/XX.XX.XX.XX:42246 MULTI: Learn: 10.110.0.249 -> company_test01/XX.XX.XX.XX:42246
2023-11-14 15:26:49 us=16368 company_test01/XX.XX.XX.XX:42246 MULTI: Learn: 10.110.0.250 -> company_test01/XX.XX.XX.XX:42246
2023-11-14 15:26:50 us=105959 company_test01/XX.XX.XX.XX:42246 PID_ERR replay [0] [SSL-0] [011] 0:3 0:3 t=1699972010[0] r=[-1,64,15,0,1] sl=[61,3,64,528]

[/olog]