Problems with a bridged VPN
Posted: Sun Oct 09, 2011 9:42 pm
Hi,
I've run into some trouble with my bridge VPN setup. The TLS handshake is going well, so I guess it must be something with the network configuration, maybe some of your trained eyes will spot an error there
.
Here is the server configuration:
Here is the bridge setup on the server.
Here are the routes set after the connection has been established
And here is the log, which, at least for me, doesn't tell anything suspicious:
Ok, coming to the client now, beginning with the configuration file:
Here is the bridge setup as well as the routes:
And finally the log from the client:
So hopefully you spot something that is wrong, I'm probably working too long on this already 
.
Best regards,
johnpatcher
I've run into some trouble with my bridge VPN setup. The TLS handshake is going well, so I guess it must be something with the network configuration, maybe some of your trained eyes will spot an error there
.Here is the server configuration:
Code: Select all
root@router:/etc/openvpn# grep -vE '^#|^;|^$' server.ovpn
tls-server
port 1194
proto udp
dev tap0
ca /lib/uci/upload/cbid.openvpn.openvpn.ca
cert /lib/uci/upload/cbid.openvpn.openvpn.cert
key /lib/uci/upload/cbid.openvpn.openvpn.key
dh /lib/uci/upload/cbid.openvpn.openvpn.dh
server-bridge 10.24.11.1 255.255.255.0 10.24.11.201 10.24.11.249
client-to-client
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 5
Code: Select all
root@router:/etc/openvpn# brctl show
bridge name bridge id STP enabled interfaces
br-lan 8000.c03f0e7c27bb no eth0
wlan0
wlan1
wlan2
wlan3
tap0
Code: Select all
root@router:/etc/openvpn# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.24.11.0 * 255.255.255.0 U 0 0 0 br-lan
188.195.1xx.0 * 255.255.248.0 U 0 0 0 eth1
default 188-195-1xx-254 0.0.0.0 UG 0 0 0 eth1
Code: Select all
Sun Oct 9 23:22:23 2011 us=329854 OpenVPN 2.1.4 mips-openwrt-linux [SSL] [LZO2] [EPOLL] built on Jul 12 2011
Sun Oct 9 23:22:23 2011 us=331596 NOTE: when bridging your LAN adapter with the TAP adapter, note that the new bridge adapter will often take on its own IP address that is different from what the LAN adapter was previously set to
Sun Oct 9 23:22:23 2011 us=333491 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Sun Oct 9 23:22:23 2011 us=411077 Diffie-Hellman initialized with 1024 bit key
Sun Oct 9 23:22:23 2011 us=413929 WARNING: file '/lib/uci/upload/cbid.openvpn.openvpn.key' is group or others accessible
Sun Oct 9 23:22:23 2011 us=418758 TLS-Auth MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
Sun Oct 9 23:22:23 2011 us=419962 Socket Buffers: R=[114688->131072] S=[114688->131072]
Sun Oct 9 23:22:23 2011 us=421323 TUN/TAP device tap0 opened
Sun Oct 9 23:22:23 2011 us=422647 TUN/TAP TX queue length set to 100
Sun Oct 9 23:22:23 2011 us=423879 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
Sun Oct 9 23:22:23 2011 us=425312 UDPv4 link local (bound): [undef]:1194
Sun Oct 9 23:22:23 2011 us=426454 UDPv4 link remote: [undef]
Sun Oct 9 23:22:23 2011 us=427703 MULTI: multi_init called, r=256 v=256
Sun Oct 9 23:22:23 2011 us=429257 IFCONFIG POOL: base=10.24.11.201 size=49
Sun Oct 9 23:22:23 2011 us=430447 Initialization Sequence Completed
Sun Oct 9 23:22:42 2011 us=112932 MULTI: multi_create_instance called
Sun Oct 9 23:22:42 2011 us=114499 82.113.99.41:47026 Re-using SSL/TLS context
Sun Oct 9 23:22:42 2011 us=115664 82.113.99.41:47026 LZO compression initialized
Sun Oct 9 23:22:42 2011 us=117717 82.113.99.41:47026 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
Sun Oct 9 23:22:42 2011 us=119072 82.113.99.41:47026 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
RSun Oct 9 23:22:42 2011 us=121667 82.113.99.41:47026 TLS: Initial packet from 82.113.99.41:47026, sid=393002bb e4454e77
WRRWRWWWWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRRRRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRSun Oct 9 23:22:43 2011 us=432553 82.113.99.41:47026 VERIFY OK: depth=1, /C=DE/ST=BY/L=Bayreuth/O=babioch/CN=babioch/name=Karol_Babioch/emailAddress=karol@babioch.de
Sun Oct 9 23:22:43 2011 us=436178 82.113.99.41:47026 VERIFY OK: depth=0, /C=DE/ST=BY/L=Bayreuth/O=babioch/CN=vpcs/name=Karol_Babioch/emailAddress=karol@babioch.de
WRWRWRWWWWRWRWRWRWRWRWRWRWRWRRRRWRWRWRSun Oct 9 23:22:43 2011 us=983840 82.113.99.41:47026 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Oct 9 23:22:43 2011 us=985282 82.113.99.41:47026 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Oct 9 23:22:43 2011 us=987104 82.113.99.41:47026 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Oct 9 23:22:43 2011 us=988692 82.113.99.41:47026 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
WWRRSun Oct 9 23:22:44 2011 us=98037 82.113.99.41:47026 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Sun Oct 9 23:22:44 2011 us=99429 82.113.99.41:47026 [vpcs] Peer Connection Initiated with 82.113.99.41:47026
RSun Oct 9 23:22:46 2011 us=252159 vpcs/82.113.99.41:47026 PUSH: Received control message: 'PUSH_REQUEST'
Sun Oct 9 23:22:46 2011 us=253980 vpcs/82.113.99.41:47026 SENT CONTROL [vpcs]: 'PUSH_REPLY,route-gateway 10.24.11.1,ping 10,ping-restart 120,ifconfig 10.24.11.201 255.255.255.0' (status=1)
WWWRRRSun Oct 9 23:22:46 2011 us=382227 vpcs/82.113.99.41:47026 MULTI: Learn: 26:e7:50:0e:03:77 -> vpcs/82.113.99.41:47026
wRwRwRwRwRwRwRwRwRwRwRwRwWRWRWRwRwRwRwRwWSun Oct 9 23:23:32 2011 us=938581 event_wait : Interrupted system call (code=4)
Sun Oct 9 23:23:32 2011 us=942280 TCP/UDP: Closing socket
Sun Oct 9 23:23:32 2011 us=943392 Closing TUN/TAP interface
Sun Oct 9 23:23:32 2011 us=944855 SIGINT[hard,] received, process exiting
Code: Select all
[root@localhost openvpn]# grep -vE '^#|^;|^$' client.ovpn
client
dev tap
proto udp
remote johnpatcher.dyndns.org 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
comp-lzo
verb 5
Code: Select all
[root@localhost ~]# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.24.11.0 * 255.255.255.0 U 0 0 0 tap0
192.168.42.0 * 255.255.255.0 U 0 0 0 br0
default 192.168.42.129 0.0.0.0 UG 0 0 0 br0
[root@localhost ~]# brctl show
bridge name bridge id STP enabled interfaces
br0 8000.26e7500e0377 no tap0
usb0
Code: Select all
[root@localhost openvpn]# cat client.log
Sun Oct 9 23:37:10 2011 us=837706 Current Parameter Settings:
Sun Oct 9 23:37:10 2011 us=837775 config = 'client.ovpn'
Sun Oct 9 23:37:10 2011 us=837789 mode = 0
Sun Oct 9 23:37:10 2011 us=837800 persist_config = DISABLED
Sun Oct 9 23:37:10 2011 us=837811 persist_mode = 1
Sun Oct 9 23:37:10 2011 us=837823 show_ciphers = DISABLED
Sun Oct 9 23:37:10 2011 us=837834 show_digests = DISABLED
Sun Oct 9 23:37:10 2011 us=837845 show_engines = DISABLED
Sun Oct 9 23:37:10 2011 us=837856 genkey = DISABLED
Sun Oct 9 23:37:10 2011 us=837868 key_pass_file = '[UNDEF]'
Sun Oct 9 23:37:10 2011 us=837879 show_tls_ciphers = DISABLED
Sun Oct 9 23:37:10 2011 us=837892 Connection profiles [default]:
Sun Oct 9 23:37:10 2011 us=837904 proto = udp
Sun Oct 9 23:37:10 2011 us=837915 local = '[UNDEF]'
Sun Oct 9 23:37:10 2011 us=837926 local_port = 0
Sun Oct 9 23:37:10 2011 us=837937 remote = 'johnpatcher.dyndns.org'
Sun Oct 9 23:37:10 2011 us=837949 remote_port = 1194
Sun Oct 9 23:37:10 2011 us=837960 remote_float = DISABLED
Sun Oct 9 23:37:10 2011 us=837971 bind_defined = DISABLED
Sun Oct 9 23:37:10 2011 us=837982 bind_local = DISABLED
Sun Oct 9 23:37:10 2011 us=837993 connect_retry_seconds = 5
Sun Oct 9 23:37:10 2011 us=838005 connect_timeout = 10
Sun Oct 9 23:37:10 2011 us=838016 connect_retry_max = 0
Sun Oct 9 23:37:10 2011 us=838027 socks_proxy_server = '[UNDEF]'
Sun Oct 9 23:37:10 2011 us=838049 socks_proxy_port = 0
Sun Oct 9 23:37:10 2011 us=838060 socks_proxy_retry = DISABLED
Sun Oct 9 23:37:10 2011 us=838072 Connection profiles END
Sun Oct 9 23:37:10 2011 us=838083 remote_random = DISABLED
Sun Oct 9 23:37:10 2011 us=838094 ipchange = '[UNDEF]'
Sun Oct 9 23:37:10 2011 us=838105 dev = 'tap0'
Sun Oct 9 23:37:10 2011 us=838116 dev_type = '[UNDEF]'
Sun Oct 9 23:37:10 2011 us=838127 dev_node = '[UNDEF]'
Sun Oct 9 23:37:10 2011 us=838138 lladdr = '[UNDEF]'
Sun Oct 9 23:37:10 2011 us=838149 topology = 1
Sun Oct 9 23:37:10 2011 us=838160 tun_ipv6 = DISABLED
Sun Oct 9 23:37:10 2011 us=838171 ifconfig_local = '[UNDEF]'
Sun Oct 9 23:37:10 2011 us=838182 ifconfig_remote_netmask = '[UNDEF]'
Sun Oct 9 23:37:10 2011 us=838193 ifconfig_noexec = DISABLED
Sun Oct 9 23:37:10 2011 us=838205 ifconfig_nowarn = DISABLED
Sun Oct 9 23:37:10 2011 us=838216 shaper = 0
Sun Oct 9 23:37:10 2011 us=838227 tun_mtu = 1500
Sun Oct 9 23:37:10 2011 us=838237 tun_mtu_defined = ENABLED
Sun Oct 9 23:37:10 2011 us=838249 link_mtu = 1500
Sun Oct 9 23:37:10 2011 us=838260 link_mtu_defined = DISABLED
Sun Oct 9 23:37:10 2011 us=838271 tun_mtu_extra = 32
Sun Oct 9 23:37:10 2011 us=838282 tun_mtu_extra_defined = ENABLED
Sun Oct 9 23:37:10 2011 us=838293 fragment = 0
Sun Oct 9 23:37:10 2011 us=838304 mtu_discover_type = -1
Sun Oct 9 23:37:10 2011 us=838315 mtu_test = 0
Sun Oct 9 23:37:10 2011 us=838326 mlock = DISABLED
Sun Oct 9 23:37:10 2011 us=838337 keepalive_ping = 0
Sun Oct 9 23:37:10 2011 us=838348 keepalive_timeout = 0
Sun Oct 9 23:37:10 2011 us=838359 inactivity_timeout = 0
Sun Oct 9 23:37:10 2011 us=838370 ping_send_timeout = 0
Sun Oct 9 23:37:10 2011 us=838381 ping_rec_timeout = 0
Sun Oct 9 23:37:10 2011 us=838392 ping_rec_timeout_action = 0
Sun Oct 9 23:37:10 2011 us=838403 ping_timer_remote = DISABLED
Sun Oct 9 23:37:10 2011 us=838414 remap_sigusr1 = 0
Sun Oct 9 23:37:10 2011 us=838425 explicit_exit_notification = 0
Sun Oct 9 23:37:10 2011 us=838436 persist_tun = ENABLED
Sun Oct 9 23:37:10 2011 us=838447 persist_local_ip = DISABLED
Sun Oct 9 23:37:10 2011 us=838458 persist_remote_ip = DISABLED
Sun Oct 9 23:37:10 2011 us=838471 persist_key = ENABLED
Sun Oct 9 23:37:10 2011 us=838482 mssfix = 1450
Sun Oct 9 23:37:10 2011 us=838493 passtos = DISABLED
Sun Oct 9 23:37:10 2011 us=838505 resolve_retry_seconds = 1000000000
Sun Oct 9 23:37:10 2011 us=838516 username = '[UNDEF]'
Sun Oct 9 23:37:10 2011 us=838527 groupname = '[UNDEF]'
Sun Oct 9 23:37:10 2011 us=838538 chroot_dir = '[UNDEF]'
Sun Oct 9 23:37:10 2011 us=838556 cd_dir = '[UNDEF]'
Sun Oct 9 23:37:10 2011 us=838567 selinux_context = '[UNDEF]'
Sun Oct 9 23:37:10 2011 us=838579 writepid = '[UNDEF]'
Sun Oct 9 23:37:10 2011 us=838590 up_script = '[UNDEF]'
Sun Oct 9 23:37:10 2011 us=838601 down_script = '[UNDEF]'
Sun Oct 9 23:37:10 2011 us=838612 down_pre = DISABLED
Sun Oct 9 23:37:10 2011 us=838623 up_restart = DISABLED
Sun Oct 9 23:37:10 2011 us=838634 up_delay = DISABLED
Sun Oct 9 23:37:10 2011 us=838645 daemon = DISABLED
Sun Oct 9 23:37:10 2011 us=838656 inetd = 0
Sun Oct 9 23:37:10 2011 us=838667 log = ENABLED
Sun Oct 9 23:37:10 2011 us=838678 suppress_timestamps = DISABLED
Sun Oct 9 23:37:10 2011 us=838689 nice = 0
Sun Oct 9 23:37:10 2011 us=838700 verbosity = 5
Sun Oct 9 23:37:10 2011 us=838712 mute = 0
Sun Oct 9 23:37:10 2011 us=838723 gremlin = 0
Sun Oct 9 23:37:10 2011 us=838734 status_file = '[UNDEF]'
Sun Oct 9 23:37:10 2011 us=838745 status_file_version = 1
Sun Oct 9 23:37:10 2011 us=838756 status_file_update_freq = 60
Sun Oct 9 23:37:10 2011 us=838767 occ = ENABLED
Sun Oct 9 23:37:10 2011 us=838778 rcvbuf = 65536
Sun Oct 9 23:37:10 2011 us=838789 sndbuf = 65536
Sun Oct 9 23:37:10 2011 us=838800 sockflags = 0
Sun Oct 9 23:37:10 2011 us=838811 fast_io = DISABLED
Sun Oct 9 23:37:10 2011 us=838822 lzo = 7
Sun Oct 9 23:37:10 2011 us=838833 route_script = '[UNDEF]'
Sun Oct 9 23:37:10 2011 us=838845 route_default_gateway = '[UNDEF]'
Sun Oct 9 23:37:10 2011 us=838856 route_default_metric = 0
Sun Oct 9 23:37:10 2011 us=838867 route_noexec = DISABLED
Sun Oct 9 23:37:10 2011 us=838878 route_delay = 0
Sun Oct 9 23:37:10 2011 us=838889 route_delay_window = 30
Sun Oct 9 23:37:10 2011 us=838901 route_delay_defined = DISABLED
Sun Oct 9 23:37:10 2011 us=838912 route_nopull = DISABLED
Sun Oct 9 23:37:10 2011 us=838923 route_gateway_via_dhcp = DISABLED
Sun Oct 9 23:37:10 2011 us=838934 max_routes = 100
Sun Oct 9 23:37:10 2011 us=838945 allow_pull_fqdn = DISABLED
Sun Oct 9 23:37:10 2011 us=838956 management_addr = '[UNDEF]'
Sun Oct 9 23:37:10 2011 us=838968 management_port = 0
Sun Oct 9 23:37:10 2011 us=838979 management_user_pass = '[UNDEF]'
Sun Oct 9 23:37:10 2011 us=838990 management_log_history_cache = 250
Sun Oct 9 23:37:10 2011 us=839002 management_echo_buffer_size = 100
Sun Oct 9 23:37:10 2011 us=839013 management_write_peer_info_file = '[UNDEF]'
Sun Oct 9 23:37:10 2011 us=839024 management_client_user = '[UNDEF]'
Sun Oct 9 23:37:10 2011 us=839044 management_client_group = '[UNDEF]'
Sun Oct 9 23:37:10 2011 us=839056 management_flags = 0
Sun Oct 9 23:37:10 2011 us=839067 shared_secret_file = '[UNDEF]'
Sun Oct 9 23:37:10 2011 us=839078 key_direction = 0
Sun Oct 9 23:37:10 2011 us=839090 ciphername_defined = ENABLED
Sun Oct 9 23:37:10 2011 us=839101 ciphername = 'BF-CBC'
Sun Oct 9 23:37:10 2011 us=839112 authname_defined = ENABLED
Sun Oct 9 23:37:10 2011 us=839123 authname = 'SHA1'
Sun Oct 9 23:37:10 2011 us=839134 prng_hash = 'SHA1'
Sun Oct 9 23:37:10 2011 us=839145 prng_nonce_secret_len = 16
Sun Oct 9 23:37:10 2011 us=839156 keysize = 0
Sun Oct 9 23:37:10 2011 us=839167 engine = DISABLED
Sun Oct 9 23:37:10 2011 us=839178 replay = ENABLED
Sun Oct 9 23:37:10 2011 us=839189 mute_replay_warnings = DISABLED
Sun Oct 9 23:37:10 2011 us=839201 replay_window = 64
Sun Oct 9 23:37:10 2011 us=839212 replay_time = 15
Sun Oct 9 23:37:10 2011 us=839223 packet_id_file = '[UNDEF]'
Sun Oct 9 23:37:10 2011 us=839234 use_iv = ENABLED
Sun Oct 9 23:37:10 2011 us=839245 test_crypto = DISABLED
Sun Oct 9 23:37:10 2011 us=839256 tls_server = DISABLED
Sun Oct 9 23:37:10 2011 us=839267 tls_client = ENABLED
Sun Oct 9 23:37:10 2011 us=839278 key_method = 2
Sun Oct 9 23:37:10 2011 us=839289 ca_file = 'ca.crt'
Sun Oct 9 23:37:10 2011 us=839300 ca_path = '[UNDEF]'
Sun Oct 9 23:37:10 2011 us=839311 dh_file = '[UNDEF]'
Sun Oct 9 23:37:10 2011 us=839322 cert_file = 'client.crt'
Sun Oct 9 23:37:10 2011 us=839333 priv_key_file = 'client.key'
Sun Oct 9 23:37:10 2011 us=839351 pkcs12_file = '[UNDEF]'
Sun Oct 9 23:37:10 2011 us=839362 cipher_list = '[UNDEF]'
Sun Oct 9 23:37:10 2011 us=839373 tls_verify = '[UNDEF]'
Sun Oct 9 23:37:10 2011 us=839384 tls_remote = '[UNDEF]'
Sun Oct 9 23:37:10 2011 us=839395 crl_file = '[UNDEF]'
Sun Oct 9 23:37:10 2011 us=839407 ns_cert_type = 0
Sun Oct 9 23:37:10 2011 us=839418 remote_cert_ku[i] = 0
Sun Oct 9 23:37:10 2011 us=839429 remote_cert_ku[i] = 0
Sun Oct 9 23:37:10 2011 us=839440 remote_cert_ku[i] = 0
Sun Oct 9 23:37:10 2011 us=839451 remote_cert_ku[i] = 0
Sun Oct 9 23:37:10 2011 us=839462 remote_cert_ku[i] = 0
Sun Oct 9 23:37:10 2011 us=839473 remote_cert_ku[i] = 0
Sun Oct 9 23:37:10 2011 us=839484 remote_cert_ku[i] = 0
Sun Oct 9 23:37:10 2011 us=839496 remote_cert_ku[i] = 0
Sun Oct 9 23:37:10 2011 us=839507 remote_cert_ku[i] = 0
Sun Oct 9 23:37:10 2011 us=839518 remote_cert_ku[i] = 0
Sun Oct 9 23:37:10 2011 us=839529 remote_cert_ku[i] = 0
Sun Oct 9 23:37:10 2011 us=839540 remote_cert_ku[i] = 0
Sun Oct 9 23:37:10 2011 us=839551 remote_cert_ku[i] = 0
Sun Oct 9 23:37:10 2011 us=839562 remote_cert_ku[i] = 0
Sun Oct 9 23:37:10 2011 us=839573 remote_cert_ku[i] = 0
Sun Oct 9 23:37:10 2011 us=839584 remote_cert_ku[i] = 0
Sun Oct 9 23:37:10 2011 us=839595 remote_cert_eku = '[UNDEF]'
Sun Oct 9 23:37:10 2011 us=839606 tls_timeout = 2
Sun Oct 9 23:37:10 2011 us=839617 renegotiate_bytes = 0
Sun Oct 9 23:37:10 2011 us=839628 renegotiate_packets = 0
Sun Oct 9 23:37:10 2011 us=839640 renegotiate_seconds = 3600
Sun Oct 9 23:37:10 2011 us=839651 handshake_window = 60
Sun Oct 9 23:37:10 2011 us=839662 transition_window = 3600
Sun Oct 9 23:37:10 2011 us=839673 single_session = DISABLED
Sun Oct 9 23:37:10 2011 us=839684 push_peer_info = DISABLED
Sun Oct 9 23:37:10 2011 us=839695 tls_exit = DISABLED
Sun Oct 9 23:37:10 2011 us=839706 tls_auth_file = '[UNDEF]'
Sun Oct 9 23:37:10 2011 us=839718 pkcs11_protected_authentication = DISABLED
Sun Oct 9 23:37:10 2011 us=839729 pkcs11_protected_authentication = DISABLED
Sun Oct 9 23:37:10 2011 us=839740 pkcs11_protected_authentication = DISABLED
Sun Oct 9 23:37:10 2011 us=839754 pkcs11_protected_authentication = DISABLED
Sun Oct 9 23:37:10 2011 us=839766 pkcs11_protected_authentication = DISABLED
Sun Oct 9 23:37:10 2011 us=839777 pkcs11_protected_authentication = DISABLED
Sun Oct 9 23:37:10 2011 us=839789 pkcs11_protected_authentication = DISABLED
Sun Oct 9 23:37:10 2011 us=839800 pkcs11_protected_authentication = DISABLED
Sun Oct 9 23:37:10 2011 us=839811 pkcs11_protected_authentication = DISABLED
Sun Oct 9 23:37:10 2011 us=839822 pkcs11_protected_authentication = DISABLED
Sun Oct 9 23:37:10 2011 us=839833 pkcs11_protected_authentication = DISABLED
Sun Oct 9 23:37:10 2011 us=839845 pkcs11_protected_authentication = DISABLED
Sun Oct 9 23:37:10 2011 us=839856 pkcs11_protected_authentication = DISABLED
Sun Oct 9 23:37:10 2011 us=839867 pkcs11_protected_authentication = DISABLED
Sun Oct 9 23:37:10 2011 us=839878 pkcs11_protected_authentication = DISABLED
Sun Oct 9 23:37:10 2011 us=839889 pkcs11_protected_authentication = DISABLED
Sun Oct 9 23:37:10 2011 us=839901 pkcs11_private_mode = 00000000
Sun Oct 9 23:37:10 2011 us=839912 pkcs11_private_mode = 00000000
Sun Oct 9 23:37:10 2011 us=839924 pkcs11_private_mode = 00000000
Sun Oct 9 23:37:10 2011 us=839935 pkcs11_private_mode = 00000000
Sun Oct 9 23:37:10 2011 us=839946 pkcs11_private_mode = 00000000
Sun Oct 9 23:37:10 2011 us=839957 pkcs11_private_mode = 00000000
Sun Oct 9 23:37:10 2011 us=839968 pkcs11_private_mode = 00000000
Sun Oct 9 23:37:10 2011 us=839979 pkcs11_private_mode = 00000000
Sun Oct 9 23:37:10 2011 us=839990 pkcs11_private_mode = 00000000
Sun Oct 9 23:37:10 2011 us=840002 pkcs11_private_mode = 00000000
Sun Oct 9 23:37:10 2011 us=840013 pkcs11_private_mode = 00000000
Sun Oct 9 23:37:10 2011 us=840024 pkcs11_private_mode = 00000000
Sun Oct 9 23:37:10 2011 us=840049 pkcs11_private_mode = 00000000
Sun Oct 9 23:37:10 2011 us=840060 pkcs11_private_mode = 00000000
Sun Oct 9 23:37:10 2011 us=840072 pkcs11_private_mode = 00000000
Sun Oct 9 23:37:10 2011 us=840083 pkcs11_private_mode = 00000000
Sun Oct 9 23:37:10 2011 us=840094 pkcs11_cert_private = DISABLED
Sun Oct 9 23:37:10 2011 us=840105 pkcs11_cert_private = DISABLED
Sun Oct 9 23:37:10 2011 us=840116 pkcs11_cert_private = DISABLED
Sun Oct 9 23:37:10 2011 us=840127 pkcs11_cert_private = DISABLED
Sun Oct 9 23:37:10 2011 us=840138 pkcs11_cert_private = DISABLED
Sun Oct 9 23:37:10 2011 us=840149 pkcs11_cert_private = DISABLED
Sun Oct 9 23:37:10 2011 us=840160 pkcs11_cert_private = DISABLED
Sun Oct 9 23:37:10 2011 us=840171 pkcs11_cert_private = DISABLED
Sun Oct 9 23:37:10 2011 us=840182 pkcs11_cert_private = DISABLED
Sun Oct 9 23:37:10 2011 us=840193 pkcs11_cert_private = DISABLED
Sun Oct 9 23:37:10 2011 us=840204 pkcs11_cert_private = DISABLED
Sun Oct 9 23:37:10 2011 us=840215 pkcs11_cert_private = DISABLED
Sun Oct 9 23:37:10 2011 us=840226 pkcs11_cert_private = DISABLED
Sun Oct 9 23:37:10 2011 us=840237 pkcs11_cert_private = DISABLED
Sun Oct 9 23:37:10 2011 us=840248 pkcs11_cert_private = DISABLED
Sun Oct 9 23:37:10 2011 us=840259 pkcs11_cert_private = DISABLED
Sun Oct 9 23:37:10 2011 us=840271 pkcs11_pin_cache_period = -1
Sun Oct 9 23:37:10 2011 us=840282 pkcs11_id = '[UNDEF]'
Sun Oct 9 23:37:10 2011 us=840293 pkcs11_id_management = DISABLED
Sun Oct 9 23:37:10 2011 us=840309 server_network = 0.0.0.0
Sun Oct 9 23:37:10 2011 us=840321 server_netmask = 0.0.0.0
Sun Oct 9 23:37:10 2011 us=840333 server_bridge_ip = 0.0.0.0
Sun Oct 9 23:37:10 2011 us=840345 server_bridge_netmask = 0.0.0.0
Sun Oct 9 23:37:10 2011 us=840357 server_bridge_pool_start = 0.0.0.0
Sun Oct 9 23:37:10 2011 us=840369 server_bridge_pool_end = 0.0.0.0
Sun Oct 9 23:37:10 2011 us=840380 ifconfig_pool_defined = DISABLED
Sun Oct 9 23:37:10 2011 us=840392 ifconfig_pool_start = 0.0.0.0
Sun Oct 9 23:37:10 2011 us=840404 ifconfig_pool_end = 0.0.0.0
Sun Oct 9 23:37:10 2011 us=840416 ifconfig_pool_netmask = 0.0.0.0
Sun Oct 9 23:37:10 2011 us=840427 ifconfig_pool_persist_filename = '[UNDEF]'
Sun Oct 9 23:37:10 2011 us=840439 ifconfig_pool_persist_refresh_freq = 600
Sun Oct 9 23:37:10 2011 us=840450 n_bcast_buf = 256
Sun Oct 9 23:37:10 2011 us=840461 tcp_queue_limit = 64
Sun Oct 9 23:37:10 2011 us=840472 real_hash_size = 256
Sun Oct 9 23:37:10 2011 us=840483 virtual_hash_size = 256
Sun Oct 9 23:37:10 2011 us=840494 client_connect_script = '[UNDEF]'
Sun Oct 9 23:37:10 2011 us=840505 learn_address_script = '[UNDEF]'
Sun Oct 9 23:37:10 2011 us=840516 client_disconnect_script = '[UNDEF]'
Sun Oct 9 23:37:10 2011 us=840527 client_config_dir = '[UNDEF]'
Sun Oct 9 23:37:10 2011 us=840538 ccd_exclusive = DISABLED
Sun Oct 9 23:37:10 2011 us=840549 tmp_dir = '[UNDEF]'
Sun Oct 9 23:37:10 2011 us=840561 push_ifconfig_defined = DISABLED
Sun Oct 9 23:37:10 2011 us=840573 push_ifconfig_local = 0.0.0.0
Sun Oct 9 23:37:10 2011 us=840585 push_ifconfig_remote_netmask = 0.0.0.0
Sun Oct 9 23:37:10 2011 us=840596 enable_c2c = DISABLED
Sun Oct 9 23:37:10 2011 us=840607 duplicate_cn = DISABLED
Sun Oct 9 23:37:10 2011 us=840618 cf_max = 0
Sun Oct 9 23:37:10 2011 us=840629 cf_per = 0
Sun Oct 9 23:37:10 2011 us=840640 max_clients = 1024
Sun Oct 9 23:37:10 2011 us=840651 max_routes_per_client = 256
Sun Oct 9 23:37:10 2011 us=840662 auth_user_pass_verify_script = '[UNDEF]'
Sun Oct 9 23:37:10 2011 us=840673 auth_user_pass_verify_script_via_file = DISABLED
Sun Oct 9 23:37:10 2011 us=840684 ssl_flags = 0
Sun Oct 9 23:37:10 2011 us=840695 port_share_host = '[UNDEF]'
Sun Oct 9 23:37:10 2011 us=840706 port_share_port = 0
Sun Oct 9 23:37:10 2011 us=840717 client = ENABLED
Sun Oct 9 23:37:10 2011 us=840728 pull = ENABLED
Sun Oct 9 23:37:10 2011 us=840739 auth_user_pass_file = '[UNDEF]'
Sun Oct 9 23:37:10 2011 us=840758 OpenVPN 2.1.4 x86_64-redhat-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] built on Mar 17 2011
Sun Oct 9 23:37:10 2011 us=840834 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Sun Oct 9 23:37:10 2011 us=840846 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Sun Oct 9 23:37:10 2011 us=841263 WARNING: file 'client.key' is group or others accessible
Sun Oct 9 23:37:10 2011 us=841640 LZO compression initialized
Sun Oct 9 23:37:10 2011 us=841710 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
Sun Oct 9 23:37:10 2011 us=841754 Socket Buffers: R=[126976->131072] S=[126976->131072]
Sun Oct 9 23:37:11 2011 us=111706 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
Sun Oct 9 23:37:11 2011 us=111748 Local Options String: 'V4,dev-type tap,link-mtu 1574,tun-mtu 1532,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Sun Oct 9 23:37:11 2011 us=111761 Expected Remote Options String: 'V4,dev-type tap,link-mtu 1574,tun-mtu 1532,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Sun Oct 9 23:37:11 2011 us=111782 Local Options hash (VER=V4): 'd79ca330'
Sun Oct 9 23:37:11 2011 us=111798 Expected Remote Options hash (VER=V4): 'f7df56b8'
Sun Oct 9 23:37:11 2011 us=111822 UDPv4 link local: [undef]
Sun Oct 9 23:37:11 2011 us=111836 UDPv4 link remote: 188.195.160.21:1194
WRSun Oct 9 23:37:11 2011 us=391922 TLS: Initial packet from 188.195.160.21:1194, sid=0a6bae16 ec69dc2d
WWWRRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRSun Oct 9 23:37:15 2011 us=224188 VERIFY OK: depth=1, /C=DE/ST=BY/L=Bayreuth/O=babioch/CN=babioch/name=Karol_Babioch/emailAddress=karol@babioch.de
Sun Oct 9 23:37:15 2011 us=224327 VERIFY OK: depth=0, /C=DE/ST=BY/L=Bayreuth/O=babioch/CN=babioch/name=Karol_Babioch/emailAddress=karol@babioch.de
WRWRWRWRWRWRWWWWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRRRRWRWRWRWRWRWRWRWRWRWRWRWRWWWWRRRRWRSun Oct 9 23:37:26 2011 us=682649 NOTE: Options consistency check may be skewed by version differences
Sun Oct 9 23:37:26 2011 us=682675 WARNING: 'version' is used inconsistently, local='version V4', remote='version V0 UNDEF'
Sun Oct 9 23:37:26 2011 us=682689 WARNING: 'dev-type' is present in local config but missing in remote config, local='dev-type tap'
Sun Oct 9 23:37:26 2011 us=682703 WARNING: 'link-mtu' is present in local config but missing in remote config, local='link-mtu 1574'
Sun Oct 9 23:37:26 2011 us=682716 WARNING: 'tun-mtu' is present in local config but missing in remote config, local='tun-mtu 1532'
Sun Oct 9 23:37:26 2011 us=682729 WARNING: 'proto' is present in local config but missing in remote config, local='proto UDPv4'
Sun Oct 9 23:37:26 2011 us=682742 WARNING: 'comp-lzo' is present in local config but missing in remote config, local='comp-lzo'
Sun Oct 9 23:37:26 2011 us=682754 WARNING: 'cipher' is present in local config but missing in remote config, local='cipher BF-CBC'
Sun Oct 9 23:37:26 2011 us=682767 WARNING: 'auth' is present in local config but missing in remote config, local='auth SHA1'
Sun Oct 9 23:37:26 2011 us=682780 WARNING: 'keysize' is present in local config but missing in remote config, local='keysize 128'
Sun Oct 9 23:37:26 2011 us=682793 WARNING: 'key-method' is present in local config but missing in remote config, local='key-method 2'
Sun Oct 9 23:37:26 2011 us=682806 WARNING: 'tls-server' is present in local config but missing in remote config, local='tls-server'
Sun Oct 9 23:37:26 2011 us=682947 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Oct 9 23:37:26 2011 us=682963 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Oct 9 23:37:26 2011 us=683018 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Oct 9 23:37:26 2011 us=683047 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
WSun Oct 9 23:37:26 2011 us=683091 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Sun Oct 9 23:37:26 2011 us=683121 [babioch] Peer Connection Initiated with 188.195.160.21:1194
Sun Oct 9 23:37:28 2011 us=971495 SENT CONTROL [babioch]: 'PUSH_REQUEST' (status=1)
WWRRWRSun Oct 9 23:37:31 2011 us=228693 PUSH: Received control message: 'PUSH_REPLY,route-gateway 10.24.11.1,ping 10,ping-restart 120,ifconfig 10.24.11.201 255.255.255.0'
Sun Oct 9 23:37:31 2011 us=228740 OPTIONS IMPORT: timers and/or timeouts modified
Sun Oct 9 23:37:31 2011 us=228753 OPTIONS IMPORT: --ifconfig/up options modified
Sun Oct 9 23:37:31 2011 us=228764 OPTIONS IMPORT: route-related options modified
Sun Oct 9 23:37:31 2011 us=228863 TUN/TAP device tap0 opened
Sun Oct 9 23:37:31 2011 us=228888 TUN/TAP TX queue length set to 100
Sun Oct 9 23:37:31 2011 us=228921 /sbin/ip link set dev tap0 up mtu 1500
Sun Oct 9 23:37:31 2011 us=230435 /sbin/ip addr add dev tap0 10.24.11.201/24 broadcast 10.24.11.255
Sun Oct 9 23:37:31 2011 us=231472 Initialization Sequence Completed
WrWrWrWrWrWrWrWrWrWrWrWrWrWRWRWRrWrWRWRWRWRWRWSun Oct 9 23:38:54 2011 us=946084 event_wait : Interrupted system call (code=4)
Sun Oct 9 23:38:54 2011 us=946448 TCP/UDP: Closing socket
Sun Oct 9 23:38:54 2011 us=946474 Closing TUN/TAP interface
Sun Oct 9 23:38:54 2011 us=946502 /sbin/ip addr del dev tap0 10.24.11.201/24
Sun Oct 9 23:38:54 2011 us=947912 SIGINT[hard,] received, process exiting
Best regards,
johnpatcher