Lost access to Public IP when OpenVPN client connect to VPN

This forum is for admins who are looking to build or expand their OpenVPN setup.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
hcolina
OpenVpn Newbie
Posts: 2
Joined: Tue Mar 05, 2024 3:25 am

Lost access to Public IP when OpenVPN client connect to VPN

Post by hcolina » Tue Mar 05, 2024 3:42 am

Hi.

Please, I'm guessing how to solve this issue in my openvpn setup.

I have an linux console openvpn client using a public IP. This public IP offer http access to simple services. When the client isn't connect to the VPN we can access without problems to the http service on the public IP.

However, when this client is connected to the VPN we lost the access to the public IP. So, if some user need to connect to the http service on the Public IP it will need to connect to the VPN too.

Thank you very much

We're using OpenVPN server 2.5.9 and clients configuration file is:

Server Config

client
proto udp
explicit-exit-notify
remote XX.XX.XX.XX 1194
dev tun
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
verify-x509-name server_id2gCJYNZB8zc9YY name
auth SHA256
auth-nocache
cipher AES-128-GCM
tls-client
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
ignore-unknown-option block-outside-dns
setenv opt block-outside-dns
verb 3
Top
User avatar
openvpn_inc
OpenVPN Inc.
Posts: 1333
Joined: Tue Feb 16, 2021 10:41 am

Re: Lost access to Public IP when OpenVPN client connect to VPN

Post by openvpn_inc » Thu Mar 07, 2024 6:36 pm

Hi hcolina,

Try running your client with --verb 4 and show us what is logged. I guess your server pushed --redirect-gateway, and this would be normal if your client is behind NAT. A lot more information is needed to answer this. Server-side logs would not hurt either.

Regards, rob0
Image OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support
Top
hcolina
OpenVpn Newbie
Posts: 2
Joined: Tue Mar 05, 2024 3:25 am

Re: Lost access to Public IP when OpenVPN client connect to VPN

Post by hcolina » Fri Mar 08, 2024 7:39 pm

Hi

Client log:
openvpn --config consola.ovpn --verb 4
Fri Mar 8 19:17:28 2024 Unrecognized option or missing or extra parameter(s) in consola.ovpn:19: block-outside-dns (2.4.12)
Fri Mar 8 19:17:28 2024 us=340301 Current Parameter Settings:
Fri Mar 8 19:17:28 2024 us=340317 config = 'consola.ovpn'
Fri Mar 8 19:17:28 2024 us=340324 mode = 0
Fri Mar 8 19:17:28 2024 us=340336 persist_config = DISABLED
Fri Mar 8 19:17:28 2024 us=340345 persist_mode = 1
Fri Mar 8 19:17:28 2024 us=340351 show_ciphers = DISABLED
Fri Mar 8 19:17:28 2024 us=340356 show_digests = DISABLED
Fri Mar 8 19:17:28 2024 us=340361 show_engines = DISABLED
Fri Mar 8 19:17:28 2024 us=340368 genkey = DISABLED
Fri Mar 8 19:17:28 2024 us=340373 key_pass_file = '[UNDEF]'
Fri Mar 8 19:17:28 2024 us=340378 show_tls_ciphers = DISABLED
Fri Mar 8 19:17:28 2024 us=340383 connect_retry_max = 0
Fri Mar 8 19:17:28 2024 us=340388 Connection profiles [0]:
Fri Mar 8 19:17:28 2024 us=340395 proto = udp
Fri Mar 8 19:17:28 2024 us=340400 local = '[UNDEF]'
Fri Mar 8 19:17:28 2024 us=340405 local_port = '[UNDEF]'
Fri Mar 8 19:17:28 2024 us=340411 remote = 'XX.XX.XX.XX'
Fri Mar 8 19:17:28 2024 us=340416 remote_port = '1194'
Fri Mar 8 19:17:28 2024 us=340423 remote_float = DISABLED
Fri Mar 8 19:17:28 2024 us=340428 bind_defined = DISABLED
Fri Mar 8 19:17:28 2024 us=340435 bind_local = DISABLED
Fri Mar 8 19:17:28 2024 us=340440 bind_ipv6_only = DISABLED
Fri Mar 8 19:17:28 2024 us=340447 connect_retry_seconds = 5
Fri Mar 8 19:17:28 2024 us=340452 connect_timeout = 120
Fri Mar 8 19:17:28 2024 us=340459 socks_proxy_server = '[UNDEF]'
Fri Mar 8 19:17:28 2024 us=340464 socks_proxy_port = '[UNDEF]'
Fri Mar 8 19:17:28 2024 us=340470 tun_mtu = 1500
Fri Mar 8 19:17:28 2024 us=340475 tun_mtu_defined = ENABLED
Fri Mar 8 19:17:28 2024 us=340488 link_mtu = 1500
Fri Mar 8 19:17:28 2024 us=340495 link_mtu_defined = DISABLED
Fri Mar 8 19:17:28 2024 us=340500 tun_mtu_extra = 0
Fri Mar 8 19:17:28 2024 us=340507 tun_mtu_extra_defined = DISABLED
Fri Mar 8 19:17:28 2024 us=340512 mtu_discover_type = -1
Fri Mar 8 19:17:28 2024 us=340517 fragment = 0
Fri Mar 8 19:17:28 2024 us=340522 mssfix = 1450
Fri Mar 8 19:17:28 2024 us=340527 explicit_exit_notification = 1
Fri Mar 8 19:17:28 2024 us=340534 Connection profiles END
Fri Mar 8 19:17:28 2024 us=340539 remote_random = DISABLED
Fri Mar 8 19:17:28 2024 us=340544 ipchange = '[UNDEF]'
Fri Mar 8 19:17:28 2024 us=340550 dev = 'tun'
Fri Mar 8 19:17:28 2024 us=340555 dev_type = '[UNDEF]'
Fri Mar 8 19:17:28 2024 us=340561 dev_node = '[UNDEF]'
Fri Mar 8 19:17:28 2024 us=340566 lladdr = '[UNDEF]'
Fri Mar 8 19:17:28 2024 us=340573 topology = 1
Fri Mar 8 19:17:28 2024 us=340578 ifconfig_local = '[UNDEF]'
Fri Mar 8 19:17:28 2024 us=340584 ifconfig_remote_netmask = '[UNDEF]'
Fri Mar 8 19:17:28 2024 us=340612 ifconfig_noexec = DISABLED
Fri Mar 8 19:17:28 2024 us=340618 ifconfig_nowarn = DISABLED
Fri Mar 8 19:17:28 2024 us=340624 ifconfig_ipv6_local = '[UNDEF]'
Fri Mar 8 19:17:28 2024 us=340630 ifconfig_ipv6_netbits = 0
Fri Mar 8 19:17:28 2024 us=340635 ifconfig_ipv6_remote = '[UNDEF]'
Fri Mar 8 19:17:28 2024 us=340836 shaper = 0
Fri Mar 8 19:17:28 2024 us=340860 mtu_test = 0
Fri Mar 8 19:17:28 2024 us=340870 mlock = DISABLED
Fri Mar 8 19:17:28 2024 us=340875 keepalive_ping = 0
Fri Mar 8 19:17:28 2024 us=340880 keepalive_timeout = 0
Fri Mar 8 19:17:28 2024 us=340893 inactivity_timeout = 0
Fri Mar 8 19:17:28 2024 us=340898 ping_send_timeout = 0
Fri Mar 8 19:17:28 2024 us=340903 ping_rec_timeout = 0
Fri Mar 8 19:17:28 2024 us=340936 ping_rec_timeout_action = 0
Fri Mar 8 19:17:28 2024 us=340942 ping_timer_remote = DISABLED
Fri Mar 8 19:17:28 2024 us=340947 remap_sigusr1 = 0
Fri Mar 8 19:17:28 2024 us=340952 persist_tun = ENABLED
Fri Mar 8 19:17:28 2024 us=340959 persist_local_ip = DISABLED
Fri Mar 8 19:17:28 2024 us=340980 persist_remote_ip = DISABLED
Fri Mar 8 19:17:28 2024 us=340985 persist_key = ENABLED
Fri Mar 8 19:17:28 2024 us=340993 passtos = DISABLED
Fri Mar 8 19:17:28 2024 us=340998 resolve_retry_seconds = 1000000000
Fri Mar 8 19:17:28 2024 us=341005 resolve_in_advance = DISABLED
Fri Mar 8 19:17:28 2024 us=341010 username = '[UNDEF]'
Fri Mar 8 19:17:28 2024 us=341025 groupname = '[UNDEF]'
Fri Mar 8 19:17:28 2024 us=341036 chroot_dir = '[UNDEF]'
Fri Mar 8 19:17:28 2024 us=341117 cd_dir = '[UNDEF]'
Fri Mar 8 19:17:28 2024 us=341135 writepid = '[UNDEF]'
Fri Mar 8 19:17:28 2024 us=341146 up_script = '[UNDEF]'
Fri Mar 8 19:17:28 2024 us=341157 down_script = '[UNDEF]'
Fri Mar 8 19:17:28 2024 us=341168 down_pre = DISABLED
Fri Mar 8 19:17:28 2024 us=341179 up_restart = DISABLED
Fri Mar 8 19:17:28 2024 us=341190 up_delay = DISABLED
Fri Mar 8 19:17:28 2024 us=341210 daemon = DISABLED
Fri Mar 8 19:17:28 2024 us=341222 inetd = 0
Fri Mar 8 19:17:28 2024 us=341233 log = DISABLED
Fri Mar 8 19:17:28 2024 us=341244 suppress_timestamps = DISABLED
Fri Mar 8 19:17:28 2024 us=341258 machine_readable_output = DISABLED
Fri Mar 8 19:17:28 2024 us=341269 nice = 0
Fri Mar 8 19:17:28 2024 us=341283 verbosity = 4
Fri Mar 8 19:17:28 2024 us=341295 mute = 0
Fri Mar 8 19:17:28 2024 us=341306 gremlin = 0
Fri Mar 8 19:17:28 2024 us=341317 status_file = '[UNDEF]'
Fri Mar 8 19:17:28 2024 us=341328 status_file_version = 1
Fri Mar 8 19:17:28 2024 us=341339 status_file_update_freq = 60
Fri Mar 8 19:17:28 2024 us=341350 occ = ENABLED
Fri Mar 8 19:17:28 2024 us=341361 rcvbuf = 0
Fri Mar 8 19:17:28 2024 us=341372 sndbuf = 0
Fri Mar 8 19:17:28 2024 us=341383 mark = 0
Fri Mar 8 19:17:28 2024 us=341394 sockflags = 0
Fri Mar 8 19:17:28 2024 us=341405 fast_io = DISABLED
Fri Mar 8 19:17:28 2024 us=341431 comp.alg = 0
Fri Mar 8 19:17:28 2024 us=341458 comp.flags = 0
Fri Mar 8 19:17:28 2024 us=341469 route_script = '[UNDEF]'
Fri Mar 8 19:17:28 2024 us=341546 route_default_gateway = '[UNDEF]'
Fri Mar 8 19:17:28 2024 us=341562 route_default_metric = 0
Fri Mar 8 19:17:28 2024 us=341573 route_noexec = DISABLED
Fri Mar 8 19:17:28 2024 us=341586 route_delay = 0
Fri Mar 8 19:17:28 2024 us=341594 route_delay_window = 30
Fri Mar 8 19:17:28 2024 us=341599 route_delay_defined = DISABLED
Fri Mar 8 19:17:28 2024 us=341604 route_nopull = DISABLED
Fri Mar 8 19:17:28 2024 us=341616 route_gateway_via_dhcp = DISABLED
Fri Mar 8 19:17:28 2024 us=341627 allow_pull_fqdn = DISABLED
Fri Mar 8 19:17:28 2024 us=341637 management_addr = '[UNDEF]'
Fri Mar 8 19:17:28 2024 us=341648 management_port = '[UNDEF]'
Fri Mar 8 19:17:28 2024 us=341658 management_user_pass = '[UNDEF]'
Fri Mar 8 19:17:28 2024 us=341669 management_log_history_cache = 250
Fri Mar 8 19:17:28 2024 us=341679 management_echo_buffer_size = 100
Fri Mar 8 19:17:28 2024 us=341690 management_write_peer_info_file = '[UNDEF]'
Fri Mar 8 19:17:28 2024 us=341700 management_client_user = '[UNDEF]'
Fri Mar 8 19:17:28 2024 us=341711 management_client_group = '[UNDEF]'
Fri Mar 8 19:17:28 2024 us=341721 management_flags = 0
Fri Mar 8 19:17:28 2024 us=341732 shared_secret_file = '[UNDEF]'
Fri Mar 8 19:17:28 2024 us=341774 key_direction = not set
Fri Mar 8 19:17:28 2024 us=341790 ciphername = 'AES-128-GCM'
Fri Mar 8 19:17:28 2024 us=341801 ncp_enabled = ENABLED
Fri Mar 8 19:17:28 2024 us=341812 ncp_ciphers = 'AES-256-GCM:AES-128-GCM'
Fri Mar 8 19:17:28 2024 us=341822 authname = 'SHA256'
Fri Mar 8 19:17:28 2024 us=341833 prng_hash = 'SHA1'
Fri Mar 8 19:17:28 2024 us=341843 prng_nonce_secret_len = 16
Fri Mar 8 19:17:28 2024 us=341853 keysize = 0
Fri Mar 8 19:17:28 2024 us=341864 engine = DISABLED
Fri Mar 8 19:17:28 2024 us=341901 replay = ENABLED
Fri Mar 8 19:17:28 2024 us=341916 mute_replay_warnings = DISABLED
Fri Mar 8 19:17:28 2024 us=341926 replay_window = 64
Fri Mar 8 19:17:28 2024 us=341937 replay_time = 15
Fri Mar 8 19:17:28 2024 us=341947 packet_id_file = '[UNDEF]'
Fri Mar 8 19:17:28 2024 us=341957 use_iv = ENABLED
Fri Mar 8 19:17:28 2024 us=341968 test_crypto = DISABLED
Fri Mar 8 19:17:28 2024 us=342002 tls_server = DISABLED
Fri Mar 8 19:17:28 2024 us=342013 tls_client = ENABLED
Fri Mar 8 19:17:28 2024 us=342024 key_method = 2
Fri Mar 8 19:17:28 2024 us=342035 ca_file = '[[INLINE]]'
Fri Mar 8 19:17:28 2024 us=342046 ca_path = '[UNDEF]'
Fri Mar 8 19:17:28 2024 us=342057 dh_file = '[UNDEF]'
Fri Mar 8 19:17:28 2024 us=342067 cert_file = '[[INLINE]]'
Fri Mar 8 19:17:28 2024 us=342078 extra_certs_file = '[UNDEF]'
Fri Mar 8 19:17:28 2024 us=342089 priv_key_file = '[[INLINE]]'
Fri Mar 8 19:17:28 2024 us=342100 pkcs12_file = '[UNDEF]'
Fri Mar 8 19:17:28 2024 us=342111 cipher_list = 'TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256'
Fri Mar 8 19:17:28 2024 us=342151 cipher_list_tls13 = '[UNDEF]'
Fri Mar 8 19:17:28 2024 us=342167 tls_cert_profile = '[UNDEF]'
Fri Mar 8 19:17:28 2024 us=342178 tls_verify = '[UNDEF]'
Fri Mar 8 19:17:28 2024 us=342189 tls_export_cert = '[UNDEF]'
Fri Mar 8 19:17:28 2024 us=342199 verify_x509_type = 2
Fri Mar 8 19:17:28 2024 us=342210 verify_x509_name = 'server_id2gCJINLb7zc8xY'
Fri Mar 8 19:17:28 2024 us=342221 crl_file = '[UNDEF]'
Fri Mar 8 19:17:28 2024 us=342248 ns_cert_type = 0
Fri Mar 8 19:17:28 2024 us=342258 remote_cert_ku = 65535
Fri Mar 8 19:17:28 2024 us=342269 remote_cert_ku = 0
Fri Mar 8 19:17:28 2024 us=342279 remote_cert_ku = 0
Fri Mar 8 19:17:28 2024 us=342290 remote_cert_ku = 0
Fri Mar 8 19:17:28 2024 us=342301 remote_cert_ku = 0
Fri Mar 8 19:17:28 2024 us=342311 remote_cert_ku = 0
Fri Mar 8 19:17:28 2024 us=342325 remote_cert_ku = 0
Fri Mar 8 19:17:28 2024 us=342336 remote_cert_ku = 0
Fri Mar 8 19:17:28 2024 us=342346 remote_cert_ku = 0
Fri Mar 8 19:17:28 2024 us=342359 remote_cert_ku = 0
Fri Mar 8 19:17:28 2024 us=342370 remote_cert_ku[i] = 0
Fri Mar 8 19:17:28 2024 us=342381 remote_cert_ku[i] = 0
Fri Mar 8 19:17:28 2024 us=342391 remote_cert_ku[i] = 0
Fri Mar 8 19:17:28 2024 us=342402 remote_cert_ku[i] = 0
Fri Mar 8 19:17:28 2024 us=342412 remote_cert_ku[i] = 0
Fri Mar 8 19:17:28 2024 us=342425 remote_cert_ku[i] = 0
Fri Mar 8 19:17:28 2024 us=342436 remote_cert_eku = 'TLS Web Server Authentication'
Fri Mar 8 19:17:28 2024 us=342447 ssl_flags = 192
Fri Mar 8 19:17:28 2024 us=342457 tls_timeout = 2
Fri Mar 8 19:17:28 2024 us=342468 renegotiate_bytes = -1
Fri Mar 8 19:17:28 2024 us=342478 renegotiate_packets = 0
Fri Mar 8 19:17:28 2024 us=342489 renegotiate_seconds = 3600
Fri Mar 8 19:17:28 2024 us=342499 handshake_window = 60
Fri Mar 8 19:17:28 2024 us=342509 transition_window = 3600
Fri Mar 8 19:17:28 2024 us=342521 single_session = DISABLED
Fri Mar 8 19:17:28 2024 us=342531 push_peer_info = DISABLED
Fri Mar 8 19:17:28 2024 us=342544 tls_exit = DISABLED
Fri Mar 8 19:17:28 2024 us=342555 tls_auth_file = '[UNDEF]'
Fri Mar 8 19:17:28 2024 us=342566 tls_crypt_file = '[[INLINE]]'
Fri Mar 8 19:17:28 2024 us=342576 pkcs11_protected_authentication = DISABLED
Fri Mar 8 19:17:28 2024 us=342587 pkcs11_protected_authentication = DISABLED
Fri Mar 8 19:17:28 2024 us=342597 pkcs11_protected_authentication = DISABLED
Fri Mar 8 19:17:28 2024 us=342608 pkcs11_protected_authentication = DISABLED
Fri Mar 8 19:17:28 2024 us=342619 pkcs11_protected_authentication = DISABLED
Fri Mar 8 19:17:28 2024 us=342629 pkcs11_protected_authentication = DISABLED
Fri Mar 8 19:17:28 2024 us=342639 pkcs11_protected_authentication = DISABLED
Fri Mar 8 19:17:28 2024 us=342650 pkcs11_protected_authentication = DISABLED
Fri Mar 8 19:17:28 2024 us=342931 pkcs11_protected_authentication = DISABLED
Fri Mar 8 19:17:28 2024 us=342954 pkcs11_protected_authentication = DISABLED
Fri Mar 8 19:17:28 2024 us=342966 pkcs11_protected_authentication = DISABLED
Fri Mar 8 19:17:28 2024 us=342981 pkcs11_protected_authentication = DISABLED
Fri Mar 8 19:17:28 2024 us=342992 pkcs11_protected_authentication = DISABLED
Fri Mar 8 19:17:28 2024 us=343003 pkcs11_protected_authentication = DISABLED
Fri Mar 8 19:17:28 2024 us=343015 pkcs11_protected_authentication = DISABLED
Fri Mar 8 19:17:28 2024 us=343026 pkcs11_protected_authentication = DISABLED
Fri Mar 8 19:17:28 2024 us=343041 pkcs11_private_mode = 00000000
Fri Mar 8 19:17:28 2024 us=343073 pkcs11_private_mode = 00000000
Fri Mar 8 19:17:28 2024 us=343084 pkcs11_private_mode = 00000000
Fri Mar 8 19:17:28 2024 us=343095 pkcs11_private_mode = 00000000
Fri Mar 8 19:17:28 2024 us=343109 pkcs11_private_mode = 00000000
Fri Mar 8 19:17:28 2024 us=343120 pkcs11_private_mode = 00000000
Fri Mar 8 19:17:28 2024 us=343131 pkcs11_private_mode = 00000000
Fri Mar 8 19:17:28 2024 us=343144 pkcs11_private_mode = 00000000
Fri Mar 8 19:17:28 2024 us=343155 pkcs11_private_mode = 00000000
Fri Mar 8 19:17:28 2024 us=343166 pkcs11_private_mode = 00000000
Fri Mar 8 19:17:28 2024 us=343179 pkcs11_private_mode = 00000000
Fri Mar 8 19:17:28 2024 us=343191 pkcs11_private_mode = 00000000
Fri Mar 8 19:17:28 2024 us=343201 pkcs11_private_mode = 00000000
Fri Mar 8 19:17:28 2024 us=343212 pkcs11_private_mode = 00000000
Fri Mar 8 19:17:28 2024 us=343225 pkcs11_private_mode = 00000000
Fri Mar 8 19:17:28 2024 us=343236 pkcs11_private_mode = 00000000
Fri Mar 8 19:17:28 2024 us=343247 pkcs11_cert_private = DISABLED
Fri Mar 8 19:17:28 2024 us=343261 pkcs11_cert_private = DISABLED
Fri Mar 8 19:17:28 2024 us=343272 pkcs11_cert_private = DISABLED
Fri Mar 8 19:17:28 2024 us=343282 pkcs11_cert_private = DISABLED
Fri Mar 8 19:17:28 2024 us=343296 pkcs11_cert_private = DISABLED
Fri Mar 8 19:17:28 2024 us=343307 pkcs11_cert_private = DISABLED
Fri Mar 8 19:17:28 2024 us=343318 pkcs11_cert_private = DISABLED
Fri Mar 8 19:17:28 2024 us=343331 pkcs11_cert_private = DISABLED
Fri Mar 8 19:17:28 2024 us=343342 pkcs11_cert_private = DISABLED
Fri Mar 8 19:17:28 2024 us=343353 pkcs11_cert_private = DISABLED
Fri Mar 8 19:17:28 2024 us=343364 pkcs11_cert_private = DISABLED
Fri Mar 8 19:17:28 2024 us=343377 pkcs11_cert_private = DISABLED
Fri Mar 8 19:17:28 2024 us=343388 pkcs11_cert_private = DISABLED
Fri Mar 8 19:17:28 2024 us=343399 pkcs11_cert_private = DISABLED
Fri Mar 8 19:17:28 2024 us=343412 pkcs11_cert_private = DISABLED
Fri Mar 8 19:17:28 2024 us=343423 pkcs11_cert_private = DISABLED
Fri Mar 8 19:17:28 2024 us=343434 pkcs11_pin_cache_period = -1
Fri Mar 8 19:17:28 2024 us=343446 pkcs11_id = '[UNDEF]'
Fri Mar 8 19:17:28 2024 us=343457 pkcs11_id_management = DISABLED
Fri Mar 8 19:17:28 2024 us=343469 server_network = 0.0.0.0
Fri Mar 8 19:17:28 2024 us=343481 server_netmask = 0.0.0.0
Fri Mar 8 19:17:28 2024 us=343501 server_network_ipv6 = ::
Fri Mar 8 19:17:28 2024 us=343511 server_netbits_ipv6 = 0
Fri Mar 8 19:17:28 2024 us=343517 server_bridge_ip = 0.0.0.0
Fri Mar 8 19:17:28 2024 us=343531 server_bridge_netmask = 0.0.0.0
Fri Mar 8 19:17:28 2024 us=343543 server_bridge_pool_start = 0.0.0.0
Fri Mar 8 19:17:28 2024 us=343554 server_bridge_pool_end = 0.0.0.0
Fri Mar 8 19:17:28 2024 us=343565 ifconfig_pool_defined = DISABLED
Fri Mar 8 19:17:28 2024 us=343578 ifconfig_pool_start = 0.0.0.0
Fri Mar 8 19:17:28 2024 us=343593 ifconfig_pool_end = 0.0.0.0
Fri Mar 8 19:17:28 2024 us=343605 ifconfig_pool_netmask = 0.0.0.0
Fri Mar 8 19:17:28 2024 us=343616 ifconfig_pool_persist_filename = '[UNDEF]'
Fri Mar 8 19:17:28 2024 us=343627 ifconfig_pool_persist_refresh_freq = 600
Fri Mar 8 19:17:28 2024 us=343638 ifconfig_ipv6_pool_defined = DISABLED
Fri Mar 8 19:17:28 2024 us=343650 ifconfig_ipv6_pool_base = ::
Fri Mar 8 19:17:28 2024 us=343661 ifconfig_ipv6_pool_netbits = 0
Fri Mar 8 19:17:28 2024 us=343672 n_bcast_buf = 256
Fri Mar 8 19:17:28 2024 us=343726 tcp_queue_limit = 64
Fri Mar 8 19:17:28 2024 us=343764 real_hash_size = 256
Fri Mar 8 19:17:28 2024 us=343799 virtual_hash_size = 256
Fri Mar 8 19:17:28 2024 us=343836 client_connect_script = '[UNDEF]'
Fri Mar 8 19:17:28 2024 us=343869 learn_address_script = '[UNDEF]'
Fri Mar 8 19:17:28 2024 us=343902 client_disconnect_script = '[UNDEF]'
Fri Mar 8 19:17:28 2024 us=343936 client_config_dir = '[UNDEF]'
Fri Mar 8 19:17:28 2024 us=343973 ccd_exclusive = DISABLED
Fri Mar 8 19:17:28 2024 us=344024 tmp_dir = '/tmp'
Fri Mar 8 19:17:28 2024 us=344070 push_ifconfig_defined = DISABLED
Fri Mar 8 19:17:28 2024 us=344123 push_ifconfig_local = 0.0.0.0
Fri Mar 8 19:17:28 2024 us=344157 push_ifconfig_remote_netmask = 0.0.0.0
Fri Mar 8 19:17:28 2024 us=344190 push_ifconfig_ipv6_defined = DISABLED
Fri Mar 8 19:17:28 2024 us=344197 push_ifconfig_ipv6_local = ::/0
Fri Mar 8 19:17:28 2024 us=344203 push_ifconfig_ipv6_remote = ::
Fri Mar 8 19:17:28 2024 us=344209 enable_c2c = DISABLED
Fri Mar 8 19:17:28 2024 us=344214 duplicate_cn = DISABLED
Fri Mar 8 19:17:28 2024 us=344219 cf_max = 0
Fri Mar 8 19:17:28 2024 us=344224 cf_per = 0
Fri Mar 8 19:17:28 2024 us=344230 max_clients = 1024
Fri Mar 8 19:17:28 2024 us=344235 max_routes_per_client = 256
Fri Mar 8 19:17:28 2024 us=344240 auth_user_pass_verify_script = '[UNDEF]'
Fri Mar 8 19:17:28 2024 us=344246 auth_user_pass_verify_script_via_file = DISABLED
Fri Mar 8 19:17:28 2024 us=344251 auth_token_generate = DISABLED
Fri Mar 8 19:17:28 2024 us=344256 auth_token_lifetime = 0
Fri Mar 8 19:17:28 2024 us=344262 port_share_host = '[UNDEF]'
Fri Mar 8 19:17:28 2024 us=344267 port_share_port = '[UNDEF]'
Fri Mar 8 19:17:28 2024 us=344272 client = ENABLED
Fri Mar 8 19:17:28 2024 us=344277 pull = ENABLED
Fri Mar 8 19:17:28 2024 us=344283 auth_user_pass_file = '[UNDEF]'
Fri Mar 8 19:17:28 2024 us=344289 OpenVPN 2.4.12 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Aug 21 2023
Fri Mar 8 19:17:28 2024 us=344303 library versions: OpenSSL 1.1.1f 31 Mar 2020, LZO 2.10
Fri Mar 8 19:17:28 2024 us=346080 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Fri Mar 8 19:17:28 2024 us=346145 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Fri Mar 8 19:17:28 2024 us=346172 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Fri Mar 8 19:17:28 2024 us=346185 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Fri Mar 8 19:17:28 2024 us=346292 Control Channel MTU parms [ L:1621 D:1156 EF:94 EB:0 ET:0 EL:3 ]
Fri Mar 8 19:17:28 2024 us=346331 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
Fri Mar 8 19:17:28 2024 us=346360 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1549,tun-mtu 1500,proto UDPv4,cipher AES-128-GCM,auth [null-digest],keysize 128,key-method 2,tls-client'
Fri Mar 8 19:17:28 2024 us=346370 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1549,tun-mtu 1500,proto UDPv4,cipher AES-128-GCM,auth [null-digest],keysize 128,key-method 2,tls-server'
Fri Mar 8 19:17:28 2024 us=346395 TCP/UDP: Preserving recently used remote address: [AF_INET]82.165.XX.XX:1194
Fri Mar 8 19:17:28 2024 us=346470 Socket Buffers: R=[212992->212992] S=[212992->212992]
Fri Mar 8 19:17:28 2024 us=346487 UDP link local: (not bound)
Fri Mar 8 19:17:28 2024 us=346503 UDP link remote: [AF_INET]82.165.XX.XX:1194
Fri Mar 8 19:17:28 2024 us=611343 TLS: Initial packet from [AF_INET]82.165.10.XX.XX:1194, sid=65554496 e1ad8435
Fri Mar 8 19:17:29 2024 us=137463 VERIFY OK: depth=1, CN=cn_OuhxCNAOEOYMrEA0
Fri Mar 8 19:17:29 2024 us=137881 VERIFY KU OK
Fri Mar 8 19:17:29 2024 us=137944 Validating certificate extended key usage
Fri Mar 8 19:17:29 2024 us=138018 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Fri Mar 8 19:17:29 2024 us=138073 VERIFY EKU OK
Fri Mar 8 19:17:29 2024 us=138125 VERIFY X509NAME OK: CN=server_id2gCJINLb7zc8xY
Fri Mar 8 19:17:29 2024 us=138161 VERIFY OK: depth=0, CN=server_id2gCJINLb7zc8xY
Fri Mar 8 19:17:29 2024 us=404887 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 256 bit EC, curve: prime256v1
Fri Mar 8 19:17:29 2024 us=404978 [server_id2gCJINLb7zc8xY] Peer Connection Initiated with [AF_INET]82.165.XX.XX:1194
Fri Mar 8 19:17:30 2024 us=610353 SENT CONTROL [server_id2gCJINLb7zc8xY]: 'PUSH_REQUEST' (status=1)
Fri Mar 8 19:17:30 2024 us=873205 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,redirect-gateway def1 bypass-dhcp,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.8.0.3 255.255.255.0,peer-id 1,cipher AES-128-GCM'
Fri Mar 8 19:17:30 2024 us=873332 OPTIONS IMPORT: timers and/or timeouts modified
Fri Mar 8 19:17:30 2024 us=873346 OPTIONS IMPORT: --ifconfig/up options modified
Fri Mar 8 19:17:30 2024 us=873351 OPTIONS IMPORT: route options modified
Fri Mar 8 19:17:30 2024 us=873356 OPTIONS IMPORT: route-related options modified
Fri Mar 8 19:17:30 2024 us=873361 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Fri Mar 8 19:17:30 2024 us=873365 OPTIONS IMPORT: peer-id set
Fri Mar 8 19:17:30 2024 us=873370 OPTIONS IMPORT: adjusting link_mtu to 1624
Fri Mar 8 19:17:30 2024 us=873375 OPTIONS IMPORT: data channel crypto options modified
Fri Mar 8 19:17:30 2024 us=873404 Data Channel MTU parms [ L:1552 D:1450 EF:52 EB:406 ET:0 EL:3 ]
Fri Mar 8 19:17:30 2024 us=873475 Outgoing Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
Fri Mar 8 19:17:30 2024 us=873489 Incoming Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
Fri Mar 8 19:17:30 2024 us=873654 ROUTE_GATEWAY 10.0.0.1/255.255.255.0 IFACE=eth0 HWADDR=00:22:48:36:cd:6d
Fri Mar 8 19:17:30 2024 us=874086 TUN/TAP device tun0 opened
Fri Mar 8 19:17:30 2024 us=874123 TUN/TAP TX queue length set to 100
Fri Mar 8 19:17:30 2024 us=874140 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Fri Mar 8 19:17:30 2024 us=874152 /sbin/ip link set dev tun0 up mtu 1500
Fri Mar 8 19:17:30 2024 us=875961 /sbin/ip addr add dev tun0 10.8.0.3/24 broadcast 10.8.0.255
Fri Mar 8 19:17:30 2024 us=877447 /sbin/ip route add 82.165.XX.XX/32 via 10.0.0.1
Fri Mar 8 19:17:30 2024 us=885331 /sbin/ip route add 0.0.0.0/1 via 10.8.0.1
Fri Mar 8 19:17:30 2024 us=886888 /sbin/ip route add 128.0.0.0/1 via 10.8.0.1
Fri Mar 8 19:17:30 2024 us=888354 Initialization Sequence Completed



Server extract Log
Mar 8 19:15:28 ubuntu ovpn-server[458994]: 20.226.XX.XX:32823 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Mar 8 19:15:28 ubuntu ovpn-server[458994]: 20.226.XX.XX:32823 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Mar 8 19:15:28 ubuntu ovpn-server[458994]: 20.226.XX.XX:32823 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Mar 8 19:15:28 ubuntu ovpn-server[458994]: 20.226.XX.XX:32823 TLS: Initial packet from [AF_INET]20.226.XX.XX:32823, sid=45552767 6f5a8c13
Mar 8 19:15:29 ubuntu ovpn-server[458994]: 20.226.XX.XX:32823 VERIFY OK: depth=1, CN=cn_OuhxCNAOEOYMrEA0
Mar 8 19:15:29 ubuntu ovpn-server[458994]: 20.226.XX.XX:32823 VERIFY OK: depth=0, CN=consola
Mar 8 19:15:29 ubuntu ovpn-server[458994]: 20.226.XX.XX:32823 peer info: IV_VER=2.4.12
Mar 8 19:15:29 ubuntu ovpn-server[458994]: 20.226.XX.XX:32823 peer info: IV_PLAT=linux
Mar 8 19:15:29 ubuntu ovpn-server[458994]: 20.226.XX.XX:32823 peer info: IV_PROTO=2
Mar 8 19:15:29 ubuntu ovpn-server[458994]: 20.226.XX.XX:32823 peer info: IV_NCP=2
Mar 8 19:15:29 ubuntu ovpn-server[458994]: 20.226.XX.XX:32823 peer info: IV_CIPHERS=AES-256-GCM:AES-128-GCM
Mar 8 19:15:29 ubuntu ovpn-server[458994]: 20.226.XX.XX:32823 peer info: IV_LZ4=1
Mar 8 19:15:29 ubuntu ovpn-server[458994]: 20.226.XX.XX:32823 peer info: IV_LZ4v2=1
Mar 8 19:15:29 ubuntu ovpn-server[458994]: 20.226.XX.XX:32823 peer info: IV_LZO=1
Mar 8 19:15:29 ubuntu ovpn-server[458994]: 20.226.XX.XX:32823 peer info: IV_COMP_STUB=1
Mar 8 19:15:29 ubuntu ovpn-server[458994]: 20.226.XX.XX:32823 peer info: IV_COMP_STUBv2=1
Mar 8 19:15:29 ubuntu ovpn-server[458994]: 20.226.XX.XX:32823 peer info: IV_TCPNL=1
Mar 8 19:15:29 ubuntu ovpn-server[458994]: 20.226.XX.XX:32823 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 256 bit EC, curve prime256v1, signature: ecdsa-with-SHA256
Mar 8 19:15:29 ubuntu ovpn-server[458994]: 20.226.XX.XX:32823 [consola] Peer Connection Initiated with [AF_INET]20.226.XX.XX:32823
Mar 8 19:15:29 ubuntu ovpn-server[458994]: consola/20.226.XX.XX:32823 MULTI_sva: pool returned IPv4=10.8.0.3, IPv6=(Not enabled)
Mar 8 19:15:29 ubuntu ovpn-server[458994]: consola/20.226.XX.XX:32823 OPTIONS IMPORT: reading client specific options from: /tmp/openvpn_cc_4dfed9d096cb1cc32a837133fa9e3146.tmp
Mar 8 19:15:29 ubuntu ovpn-server[458994]: consola/20.226.XX.XX:32823 MULTI: Learn: 10.8.0.3 -> consola/20.226.XX.XX:32823
Mar 8 19:15:29 ubuntu ovpn-server[458994]: consola/20.226.XX.XX:32823 MULTI: primary virtual IP for consola/20.226.XX.XX:32823: 10.8.0.3
Mar 8 19:15:29 ubuntu ovpn-server[458994]: consola/20.226.XX.XX:32823 Outgoing Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
Mar 8 19:15:29 ubuntu ovpn-server[458994]: consola/20.226.XX.XX:32823 Incoming Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
Mar 8 19:15:30 ubuntu ovpn-server[458994]: consola/20.226.XX.XX:32823 PUSH: Received control message: 'PUSH_REQUEST'
Mar 8 19:15:30 ubuntu ovpn-server[458994]: consola/20.226.XX.XX:32823 SENT CONTROL [consola]: 'PUSH_REPLY,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,redirect-gateway def1 bypass-dhcp,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.8.0.3 255.255.255.0,peer-id 1,cipher AES-128-GCM' (status=1)
Mar 8 19:15:30 ubuntu ovpn-server[458994]: consola/20.226.XX.XX:32823 SIGTERM[soft,remote-exit] received, client-instance exiting
Mar 8 19:16:27 ubuntu ovpn-server[458994]: consola/20.226.XX.XX:33323 [consola] Inactivity timeout (--ping-restart), restarting
Mar 8 19:16:27 ubuntu ovpn-server[458994]: consola/20.226.XX.XX:33323 SIGUSR1[soft,ping-restart] received, client-instance restarting
Mar 8 19:17:28 ubuntu ovpn-server[458994]: 20.226.XX.XX:49908 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Mar 8 19:17:28 ubuntu ovpn-server[458994]: 20.226.XX.XX:49908 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Mar 8 19:17:28 ubuntu ovpn-server[458994]: 20.226.XX.XX:49908 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Mar 8 19:17:28 ubuntu ovpn-server[458994]: 20.226.XX.XX:49908 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Mar 8 19:17:28 ubuntu ovpn-server[458994]: 20.226.XX.XX:49908 TLS: Initial packet from [AF_INET]20.226.XX.XX:49908, sid=3e56e72f bc9b07f5
Mar 8 19:17:29 ubuntu ovpn-server[458994]: 20.226.XX.XX:49908 VERIFY OK: depth=1, CN=cn_OuhxCNAOEOYMrEA0
Mar 8 19:17:29 ubuntu ovpn-server[458994]: 20.226.XX.XX:49908 VERIFY OK: depth=0, CN=consola
Mar 8 19:17:29 ubuntu ovpn-server[458994]: 20.226.XX.XX:49908 peer info: IV_VER=2.4.12
Mar 8 19:17:29 ubuntu ovpn-server[458994]: 20.226.XX.XX:49908 peer info: IV_PLAT=linux
Mar 8 19:17:29 ubuntu ovpn-server[458994]: 20.226.XX.XX:49908 peer info: IV_PROTO=2
Mar 8 19:17:29 ubuntu ovpn-server[458994]: 20.226.XX.XX:49908 peer info: IV_NCP=2
Mar 8 19:17:29 ubuntu ovpn-server[458994]: 20.226.XX.XX:49908 peer info: IV_CIPHERS=AES-256-GCM:AES-128-GCM
Mar 8 19:17:29 ubuntu ovpn-server[458994]: 20.226.XX.XX:49908 peer info: IV_LZ4=1
Mar 8 19:17:29 ubuntu ovpn-server[458994]: 20.226.XX.XX:49908 peer info: IV_LZ4v2=1
Mar 8 19:17:29 ubuntu ovpn-server[458994]: 20.226.XX.XX:49908 peer info: IV_LZO=1
Mar 8 19:17:29 ubuntu ovpn-server[458994]: 20.226.XX.XX:49908 peer info: IV_COMP_STUB=1
Mar 8 19:17:29 ubuntu ovpn-server[458994]: 20.226.XX.XX:49908 peer info: IV_COMP_STUBv2=1
Mar 8 19:17:29 ubuntu ovpn-server[458994]: 20.226.XX.XX:49908 peer info: IV_TCPNL=1
Mar 8 19:17:29 ubuntu ovpn-server[458994]: 20.226.XX.XX:49908 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 256 bit EC, curve prime256v1, signature: ecdsa-with-SHA256
Mar 8 19:17:29 ubuntu ovpn-server[458994]: 20.226.XX.XX:49908 [consola] Peer Connection Initiated with [AF_INET]20.226.XX.XX:49908
Mar 8 19:17:29 ubuntu ovpn-server[458994]: consola/20.226.XX.XX:49908 MULTI_sva: pool returned IPv4=10.8.0.3, IPv6=(Not enabled)
Mar 8 19:17:29 ubuntu ovpn-server[458994]: consola/20.226.XX.XX:49908 OPTIONS IMPORT: reading client specific options from: /tmp/openvpn_cc_121b63438089244e144ec8ef6a19b2cd.tmp
Mar 8 19:17:29 ubuntu ovpn-server[458994]: consola/20.226.XX.XX:49908 MULTI: Learn: 10.8.0.3 -> consola/20.226.XX.XX:49908
Mar 8 19:17:29 ubuntu ovpn-server[458994]: consola/20.226.XX.XX:49908 MULTI: primary virtual IP for consola/20.226.XX.XX:49908: 10.8.0.3
Mar 8 19:17:29 ubuntu ovpn-server[458994]: consola/20.226.XX.XX:49908 Outgoing Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
Mar 8 19:17:29 ubuntu ovpn-server[458994]: consola/20.226.XX.XX:49908 Incoming Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
Mar 8 19:17:30 ubuntu ovpn-server[458994]: consola/20.226.XX.XX:49908 PUSH: Received control message: 'PUSH_REQUEST'
Mar 8 19:17:30 ubuntu ovpn-server[458994]: consola/20.226.XX.XX:49908 SENT CONTROL [consola]: 'PUSH_REPLY,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,redirect-gateway def1 bypass-dhcp,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.8.0.3 255.255.255.0,peer-id 1,cipher AES-128-GCM' (status=1)
Mar 8 19:20:31 ubuntu ovpn-server[458994]: MANAGEMENT: Client connected from [AF_INET]127.0.0.1:5555
Mar 8 19:20:31 ubuntu ovpn-server[458994]: MANAGEMENT: CMD 'version'
Mar 8 19:20:31 ubuntu ovpn-server[458994]: MANAGEMENT: CMD 'state'
Mar 8 19:20:31 ubuntu ovpn-server[458994]: MANAGEMENT: CMD 'status 3'
Mar 8 19:20:31 ubuntu ovpn-server[458994]: MANAGEMENT: CMD 'quit'
Mar 8 19:20:31 ubuntu ovpn-server[458994]: MANAGEMENT: Client disconnected
Mar 8 19:25:34 ubuntu ovpn-server[458994]: MANAGEMENT: Client connected from [AF_INET]127.0.0.1:5555
Mar 8 19:25:34 ubuntu ovpn-server[458994]: MANAGEMENT: CMD 'version'
Mar 8 19:25:34 ubuntu ovpn-server[458994]: MANAGEMENT: CMD 'state'
Mar 8 19:25:34 ubuntu ovpn-server[458994]: MANAGEMENT: CMD 'status 3'
Mar 8 19:25:34 ubuntu ovpn-server[458994]: MANAGEMENT: CMD 'quit'
Mar 8 19:25:34 ubuntu ovpn-server[458994]: MANAGEMENT: Client disconnected
Mar 8 19:30:37 ubuntu ovpn-server[458994]: MANAGEMENT: Client connected from [AF_INET]127.0.0.1:5555
Mar 8 19:30:37 ubuntu ovpn-server[458994]: MANAGEMENT: CMD 'version'
Mar 8 19:30:37 ubuntu ovpn-server[458994]: MANAGEMENT: CMD 'state'
Mar 8 19:30:37 ubuntu ovpn-server[458994]: MANAGEMENT: CMD 'status 3'
Mar 8 19:30:37 ubuntu ovpn-server[458994]: MANAGEMENT: CMD 'quit'
Mar 8 19:30:37 ubuntu ovpn-server[458994]: MANAGEMENT: Client disconnected
root@ubuntu:/var/log#
Top
Post Reply

Return to “Server Administration”