I am not used to this (VPN) game, so apologies for missing the obvious:
My intention is to be able to remotely control my home/business desktop from a
netbook. Both are Linux machines. At present they are effectively connected to
the internet through the same router, one wired the netbook wireless. I am told
that shouldn't present additional problems. (However it occurs to me that when I
try to operating the netbook from a remote corner of the globe, will I be thwarted
if their router does not have port 1194 open?)
In mine port 1194 is defined as of type UDP.
My initial problem is that I cannot ping the subnet address of the server from
the netbook.
My IP address is dynamic so I have registered a domain with NO-IP.org
My openvpn config files are as follow:
This is the server's:
dev tun
proto udp
ifconfig 10.0.0.1 10.0.0.2
secret /etc/openvpn/static.key
and this is the client's:
remote asandco.no-ip.org
dev tun
proto udp
ifconfig 10.0.0.2 10.0.0.1
secret /etc/openvpn/static.key
This is what is shown on execution:
[root@desktop openvpn]# openvpn --script-security 2 --config /etc/openvpn/server.conf
Mon Feb 13 11:01:05 2012 OpenVPN 2.2.1 x86_64-mandriva-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] built on Nov 8 2011
Mon Feb 13 11:01:05 2012 IMPORTANT: OpenVPN's default port number is now 1194,
based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and
earlier used 5000 as the default port.
Mon Feb 13 11:01:05 2012 NOTE: the current --script-security setting may allow
this configuration to call user-defined scripts
Mon Feb 13 11:01:05 2012 TUN/TAP device tun0 opened
Mon Feb 13 11:01:05 2012 /sbin/ifconfig tun0 10.0.0.1 pointopoint 10.0.0.2 mtu
1500
Mon Feb 13 11:01:05 2012 UDPv4 link local (bound): [undef]:1194
Mon Feb 13 11:01:05 2012 UDPv4 link remote: [undef]
and this the client's
[root@desktop openvpn]# openvpn --script-security 2 --config /etc/openvpn/client.conf
Mon Feb 13 11:01:05 2012 OpenVPN 2.2.1 i586-mandriva-linux-gnu [SSL] [LZO2]
[EPOLL] [PKCS11] [eurephia] built on Nov 9 2011
Mon Feb 13 11:01:05 2012 IMPORTANT: OpenVPN's default port number is now 1194,
based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and
earlier used 5000 as the default port.
Mon Feb 13 11:01:05 2012 NOTE: the current --script-security setting may allow
this configuration to call user-defined scripts
Mon Feb 13 11:01:05 2012 TUN/TAP device tun0 opened
Mon Feb 13 11:01:05 2012 /sbin/ifconfig tun0 10.0.0.2 pointopoint 10.0.0.1 mtu
1500
Mon Feb 13 11:01:05 2012 UDPv4 link local (bound): [undef]:1194
Mon Feb 13 11:01:05 2012 UDPv4 link remote: 8.23.224.90:1194
ifconfig on the server shows this:
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.0.0.1 P-t-P:10.0.0.2 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
The client is almost identical but with the two subnet addresses reversed.
Thanks in advance.
I don't know what else to try?
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
-
pinnerite
- OpenVpn Newbie
- Posts: 4
- Joined: Mon Feb 06, 2012 11:16 pm
-
janjust
- Forum Team
- Posts: 2703
- Joined: Fri Aug 20, 2010 2:57 pm
- Location: Amsterdam
- Contact:
Re: I don't know what else to try?
try adding
to both sides and restart; post the output here; it looks like the connection is never established , probably due to firewall rescrictions (iptables?)
also, try switching to
and
Code: Select all
port 1194
verb 5also, try switching to
Code: Select all
proto tcp-clientCode: Select all
proto tcp-server-
pinnerite
- OpenVpn Newbie
- Posts: 4
- Joined: Mon Feb 06, 2012 11:16 pm
Re: I don't know what else to try?
Thank you for replying.
The following is before changing the router to make port 1194 type tcp/udp
and adding proto tcp-server (client) to the config files. However the result
was much the same.
Server
======
[root@desktop openvpn]# openvpn --script-security 2 --config /etc/openvpn/server.conf
Thu Feb 16 18:17:23 2012 us=453614 Current Parameter Settings:
Thu Feb 16 18:17:23 2012 us=453675 config = '/etc/openvpn/server.conf'
Thu Feb 16 18:17:23 2012 us=453681 mode = 0
Thu Feb 16 18:17:23 2012 us=453687 persist_config = DISABLED
Thu Feb 16 18:17:23 2012 us=453691 persist_mode = 1
Thu Feb 16 18:17:23 2012 us=453696 show_ciphers = DISABLED
Thu Feb 16 18:17:23 2012 us=453701 show_digests = DISABLED
Thu Feb 16 18:17:23 2012 us=453706 show_engines = DISABLED
Thu Feb 16 18:17:23 2012 us=453710 genkey = DISABLED
Thu Feb 16 18:17:23 2012 us=453715 key_pass_file = '[UNDEF]'
Thu Feb 16 18:17:23 2012 us=453720 show_tls_ciphers = DISABLED
Thu Feb 16 18:17:23 2012 us=453724 Connection profiles [default]:
Thu Feb 16 18:17:23 2012 us=453729 proto = udp
Thu Feb 16 18:17:23 2012 us=453734 local = '[UNDEF]'
Thu Feb 16 18:17:23 2012 us=453738 local_port = 1194
Thu Feb 16 18:17:23 2012 us=453743 remote = '[UNDEF]'
Thu Feb 16 18:17:23 2012 us=453747 remote_port = 1194
Thu Feb 16 18:17:23 2012 us=453752 remote_float = DISABLED
Thu Feb 16 18:17:23 2012 us=453756 bind_defined = DISABLED
Thu Feb 16 18:17:23 2012 us=453761 bind_local = ENABLED
Thu Feb 16 18:17:23 2012 us=453765 connect_retry_seconds = 5
Thu Feb 16 18:17:23 2012 us=453770 connect_timeout = 10
Thu Feb 16 18:17:23 2012 us=453775 connect_retry_max = 0
Thu Feb 16 18:17:23 2012 us=453780 socks_proxy_server = '[UNDEF]'
Thu Feb 16 18:17:23 2012 us=453784 socks_proxy_port = 0
Thu Feb 16 18:17:23 2012 us=453789 socks_proxy_retry = DISABLED
Thu Feb 16 18:17:23 2012 us=453794 Connection profiles END
Thu Feb 16 18:17:23 2012 us=453798 remote_random = DISABLED
Thu Feb 16 18:17:23 2012 us=453803 ipchange = '[UNDEF]'
Thu Feb 16 18:17:23 2012 us=453807 dev = 'tun'
Thu Feb 16 18:17:23 2012 us=453812 dev_type = '[UNDEF]'
Thu Feb 16 18:17:23 2012 us=453816 dev_node = '[UNDEF]'
Thu Feb 16 18:17:23 2012 us=453821 lladdr = '[UNDEF]'
Thu Feb 16 18:17:23 2012 us=453825 topology = 1
Thu Feb 16 18:17:23 2012 us=453830 tun_ipv6 = DISABLED
Thu Feb 16 18:17:23 2012 us=453837 ifconfig_local = '10.0.0.1'
Thu Feb 16 18:17:23 2012 us=453842 ifconfig_remote_netmask = '10.0.0.2'
Thu Feb 16 18:17:23 2012 us=453846 ifconfig_noexec = DISABLED
Thu Feb 16 18:17:23 2012 us=453851 ifconfig_nowarn = DISABLED
Thu Feb 16 18:17:23 2012 us=453856 shaper = 0
Thu Feb 16 18:17:23 2012 us=453860 tun_mtu = 1500
Thu Feb 16 18:17:23 2012 us=453865 tun_mtu_defined = ENABLED
Thu Feb 16 18:17:23 2012 us=453869 link_mtu = 1500
Thu Feb 16 18:17:23 2012 us=453874 link_mtu_defined = DISABLED
Thu Feb 16 18:17:23 2012 us=453879 tun_mtu_extra = 0
Thu Feb 16 18:17:23 2012 us=453884 tun_mtu_extra_defined = DISABLED
Thu Feb 16 18:17:23 2012 us=453889 fragment = 0
Thu Feb 16 18:17:23 2012 us=453893 mtu_discover_type = -1
Thu Feb 16 18:17:23 2012 us=453898 mtu_test = 0
Thu Feb 16 18:17:23 2012 us=453902 mlock = DISABLED
Thu Feb 16 18:17:23 2012 us=453907 keepalive_ping = 0
Thu Feb 16 18:17:23 2012 us=453911 keepalive_timeout = 0
Thu Feb 16 18:17:23 2012 us=453916 inactivity_timeout = 0
Thu Feb 16 18:17:23 2012 us=453920 ping_send_timeout = 0
Thu Feb 16 18:17:23 2012 us=453925 ping_rec_timeout = 0
Thu Feb 16 18:17:23 2012 us=453929 ping_rec_timeout_action = 0
Thu Feb 16 18:17:23 2012 us=453934 ping_timer_remote = DISABLED
Thu Feb 16 18:17:23 2012 us=453938 remap_sigusr1 = 0
Thu Feb 16 18:17:23 2012 us=453943 explicit_exit_notification = 0
Thu Feb 16 18:17:23 2012 us=453947 persist_tun = DISABLED
Thu Feb 16 18:17:23 2012 us=453952 persist_local_ip = DISABLED
Thu Feb 16 18:17:23 2012 us=453956 persist_remote_ip = DISABLED
Thu Feb 16 18:17:23 2012 us=453961 persist_key = DISABLED
Thu Feb 16 18:17:23 2012 us=453965 mssfix = 1450
Thu Feb 16 18:17:23 2012 us=453969 passtos = DISABLED
Thu Feb 16 18:17:23 2012 us=453974 resolve_retry_seconds = 1000000000
Thu Feb 16 18:17:23 2012 us=453986 username = '[UNDEF]'
Thu Feb 16 18:17:23 2012 us=453991 groupname = '[UNDEF]'
Thu Feb 16 18:17:23 2012 us=453995 chroot_dir = '[UNDEF]'
Thu Feb 16 18:17:23 2012 us=454000 cd_dir = '[UNDEF]'
Thu Feb 16 18:17:23 2012 us=454004 writepid = '[UNDEF]'
Thu Feb 16 18:17:23 2012 us=454009 up_script = '[UNDEF]'
Thu Feb 16 18:17:23 2012 us=454013 down_script = '[UNDEF]'
Thu Feb 16 18:17:23 2012 us=454018 down_pre = DISABLED
Thu Feb 16 18:17:23 2012 us=454022 up_restart = DISABLED
Thu Feb 16 18:17:23 2012 us=454027 up_delay = DISABLED
Thu Feb 16 18:17:23 2012 us=454031 daemon = DISABLED
Thu Feb 16 18:17:23 2012 us=454036 inetd = 0
Thu Feb 16 18:17:23 2012 us=454040 log = DISABLED
Thu Feb 16 18:17:23 2012 us=454045 suppress_timestamps = DISABLED
Thu Feb 16 18:17:23 2012 us=454049 nice = 0
Thu Feb 16 18:17:23 2012 us=454053 verbosity = 5
Thu Feb 16 18:17:23 2012 us=454058 mute = 0
Thu Feb 16 18:17:23 2012 us=454063 gremlin = 0
Thu Feb 16 18:17:23 2012 us=454067 status_file = '[UNDEF]'
Thu Feb 16 18:17:23 2012 us=454071 status_file_version = 1
Thu Feb 16 18:17:23 2012 us=454076 status_file_update_freq = 60
Thu Feb 16 18:17:23 2012 us=454081 occ = ENABLED
Thu Feb 16 18:17:23 2012 us=454085 rcvbuf = 65536
Thu Feb 16 18:17:23 2012 us=454089 sndbuf = 65536
Thu Feb 16 18:17:23 2012 us=454094 sockflags = 0
Thu Feb 16 18:17:23 2012 us=454098 fast_io = DISABLED
Thu Feb 16 18:17:23 2012 us=454102 lzo = 0
Thu Feb 16 18:17:23 2012 us=454107 route_script = '[UNDEF]'
Thu Feb 16 18:17:23 2012 us=454112 route_default_gateway = '[UNDEF]'
Thu Feb 16 18:17:23 2012 us=454116 route_default_metric = 0
Thu Feb 16 18:17:23 2012 us=454121 route_noexec = DISABLED
Thu Feb 16 18:17:23 2012 us=454126 route_delay = 0
Thu Feb 16 18:17:23 2012 us=454130 route_delay_window = 30
Thu Feb 16 18:17:23 2012 us=454135 route_delay_defined = DISABLED
Thu Feb 16 18:17:23 2012 us=454139 route_nopull = DISABLED
Thu Feb 16 18:17:23 2012 us=454144 route_gateway_via_dhcp = DISABLED
Thu Feb 16 18:17:23 2012 us=454149 max_routes = 100
Thu Feb 16 18:17:23 2012 us=454153 allow_pull_fqdn = DISABLED
Thu Feb 16 18:17:23 2012 us=454157 management_addr = '[UNDEF]'
Thu Feb 16 18:17:23 2012 us=454162 management_port = 0
Thu Feb 16 18:17:23 2012 us=454167 management_user_pass = '[UNDEF]'
Thu Feb 16 18:17:23 2012 us=454171 management_log_history_cache = 250
Thu Feb 16 18:17:23 2012 us=454176 management_echo_buffer_size = 100
Thu Feb 16 18:17:23 2012 us=454181 management_write_peer_info_file = '[UNDEF]'
Thu Feb 16 18:17:23 2012 us=454186 management_client_user = '[UNDEF]'
Thu Feb 16 18:17:23 2012 us=454190 management_client_group = '[UNDEF]'
Thu Feb 16 18:17:23 2012 us=454195 management_flags = 0
Thu Feb 16 18:17:23 2012 us=454200 shared_secret_file = '/etc/openvpn/static.key'
Thu Feb 16 18:17:23 2012 us=454204 key_direction = 0
Thu Feb 16 18:17:23 2012 us=454209 ciphername_defined = ENABLED
Thu Feb 16 18:17:23 2012 us=454213 ciphername = 'BF-CBC'
Thu Feb 16 18:17:23 2012 us=454234 authname_defined = ENABLED
Thu Feb 16 18:17:23 2012 us=454239 authname = 'SHA1'
Thu Feb 16 18:17:23 2012 us=454244 prng_hash = 'SHA1'
Thu Feb 16 18:17:23 2012 us=454253 prng_nonce_secret_len = 16
Thu Feb 16 18:17:23 2012 us=454259 keysize = 0
Thu Feb 16 18:17:23 2012 us=454264 engine = DISABLED
Thu Feb 16 18:17:23 2012 us=454268 replay = ENABLED
Thu Feb 16 18:17:23 2012 us=454273 mute_replay_warnings = DISABLED
Thu Feb 16 18:17:23 2012 us=454277 replay_window = 64
Thu Feb 16 18:17:23 2012 us=454282 replay_time = 15
Thu Feb 16 18:17:23 2012 us=454286 packet_id_file = '[UNDEF]'
Thu Feb 16 18:17:23 2012 us=454291 use_iv = ENABLED
Thu Feb 16 18:17:23 2012 us=454295 test_crypto = DISABLED
Thu Feb 16 18:17:23 2012 us=454300 tls_server = DISABLED
Thu Feb 16 18:17:23 2012 us=454305 tls_client = DISABLED
Thu Feb 16 18:17:23 2012 us=454310 key_method = 2
Thu Feb 16 18:17:23 2012 us=454314 ca_file = '[UNDEF]'
Thu Feb 16 18:17:23 2012 us=454318 ca_path = '[UNDEF]'
Thu Feb 16 18:17:23 2012 us=454323 dh_file = '[UNDEF]'
Thu Feb 16 18:17:23 2012 us=454327 cert_file = '[UNDEF]'
Thu Feb 16 18:17:23 2012 us=454332 priv_key_file = '[UNDEF]'
Thu Feb 16 18:17:23 2012 us=454336 pkcs12_file = '[UNDEF]'
Thu Feb 16 18:17:23 2012 us=454341 cipher_list = '[UNDEF]'
Thu Feb 16 18:17:23 2012 us=454345 tls_verify = '[UNDEF]'
Thu Feb 16 18:17:23 2012 us=454350 tls_export_cert = '[UNDEF]'
Thu Feb 16 18:17:23 2012 us=454354 tls_remote = '[UNDEF]'
Thu Feb 16 18:17:23 2012 us=454359 crl_file = '[UNDEF]'
Thu Feb 16 18:17:23 2012 us=454363 ns_cert_type = 0
Thu Feb 16 18:17:23 2012 us=454368 remote_cert_ku = 0
Thu Feb 16 18:17:23 2012 us=454373 remote_cert_ku = 0
Thu Feb 16 18:17:23 2012 us=454377 remote_cert_ku = 0
Thu Feb 16 18:17:23 2012 us=454381 remote_cert_ku = 0
Thu Feb 16 18:17:23 2012 us=454386 remote_cert_ku = 0
Thu Feb 16 18:17:23 2012 us=454390 remote_cert_ku = 0
Thu Feb 16 18:17:23 2012 us=454394 remote_cert_ku = 0
Thu Feb 16 18:17:23 2012 us=454399 remote_cert_ku = 0
Thu Feb 16 18:17:23 2012 us=454403 remote_cert_ku = 0
Thu Feb 16 18:17:23 2012 us=454408 remote_cert_ku = 0
Thu Feb 16 18:17:23 2012 us=454412 remote_cert_ku[i] = 0
Thu Feb 16 18:17:23 2012 us=454416 remote_cert_ku[i] = 0
Thu Feb 16 18:17:23 2012 us=454421 remote_cert_ku[i] = 0
Thu Feb 16 18:17:23 2012 us=454425 remote_cert_ku[i] = 0
Thu Feb 16 18:17:23 2012 us=454430 remote_cert_ku[i] = 0
Thu Feb 16 18:17:23 2012 us=454434 remote_cert_ku[i] = 0
Thu Feb 16 18:17:23 2012 us=454439 remote_cert_eku = '[UNDEF]'
Thu Feb 16 18:17:23 2012 us=454455 tls_timeout = 2
Thu Feb 16 18:17:23 2012 us=454460 renegotiate_bytes = 0
Thu Feb 16 18:17:23 2012 us=454464 renegotiate_packets = 0
Thu Feb 16 18:17:23 2012 us=454469 renegotiate_seconds = 3600
Thu Feb 16 18:17:23 2012 us=454473 handshake_window = 60
Thu Feb 16 18:17:23 2012 us=454478 transition_window = 3600
Thu Feb 16 18:17:23 2012 us=454482 single_session = DISABLED
Thu Feb 16 18:17:23 2012 us=454487 push_peer_info = DISABLED
Thu Feb 16 18:17:23 2012 us=454491 tls_exit = DISABLED
Thu Feb 16 18:17:23 2012 us=454496 tls_auth_file = '[UNDEF]'
Thu Feb 16 18:17:23 2012 us=454500 pkcs11_protected_authentication = DISABLED
Thu Feb 16 18:17:23 2012 us=454505 pkcs11_protected_authentication = DISABLED
Thu Feb 16 18:17:23 2012 us=454510 pkcs11_protected_authentication = DISABLED
Thu Feb 16 18:17:23 2012 us=454514 pkcs11_protected_authentication = DISABLED
Thu Feb 16 18:17:23 2012 us=454519 pkcs11_protected_authentication = DISABLED
Thu Feb 16 18:17:23 2012 us=454523 pkcs11_protected_authentication = DISABLED
Thu Feb 16 18:17:23 2012 us=454528 pkcs11_protected_authentication = DISABLED
Thu Feb 16 18:17:23 2012 us=454532 pkcs11_protected_authentication = DISABLED
Thu Feb 16 18:17:23 2012 us=454537 pkcs11_protected_authentication = DISABLED
Thu Feb 16 18:17:23 2012 us=454541 pkcs11_protected_authentication = DISABLED
Thu Feb 16 18:17:23 2012 us=454779 pkcs11_protected_authentication = DISABLED
Thu Feb 16 18:17:23 2012 us=454784 pkcs11_protected_authentication = DISABLED
Thu Feb 16 18:17:23 2012 us=454789 pkcs11_protected_authentication = DISABLED
Thu Feb 16 18:17:23 2012 us=454793 pkcs11_protected_authentication = DISABLED
Thu Feb 16 18:17:23 2012 us=454798 pkcs11_protected_authentication = DISABLED
Thu Feb 16 18:17:23 2012 us=454803 pkcs11_protected_authentication = DISABLED
Thu Feb 16 18:17:23 2012 us=454809 pkcs11_private_mode = 00000000
Thu Feb 16 18:17:23 2012 us=454814 pkcs11_private_mode = 00000000
Thu Feb 16 18:17:23 2012 us=454819 pkcs11_private_mode = 00000000
Thu Feb 16 18:17:23 2012 us=454823 pkcs11_private_mode = 00000000
Thu Feb 16 18:17:23 2012 us=454828 pkcs11_private_mode = 00000000
Thu Feb 16 18:17:23 2012 us=454832 pkcs11_private_mode = 00000000
Thu Feb 16 18:17:23 2012 us=454837 pkcs11_private_mode = 00000000
Thu Feb 16 18:17:23 2012 us=454842 pkcs11_private_mode = 00000000
Thu Feb 16 18:17:23 2012 us=454846 pkcs11_private_mode = 00000000
Thu Feb 16 18:17:23 2012 us=454851 pkcs11_private_mode = 00000000
Thu Feb 16 18:17:23 2012 us=454855 pkcs11_private_mode = 00000000
Thu Feb 16 18:17:23 2012 us=454860 pkcs11_private_mode = 00000000
Thu Feb 16 18:17:23 2012 us=454864 pkcs11_private_mode = 00000000
Thu Feb 16 18:17:23 2012 us=454869 pkcs11_private_mode = 00000000
Thu Feb 16 18:17:23 2012 us=454873 pkcs11_private_mode = 00000000
Thu Feb 16 18:17:23 2012 us=454878 pkcs11_private_mode = 00000000
Thu Feb 16 18:17:23 2012 us=454882 pkcs11_cert_private = DISABLED
Thu Feb 16 18:17:23 2012 us=454887 pkcs11_cert_private = DISABLED
Thu Feb 16 18:17:23 2012 us=454891 pkcs11_cert_private = DISABLED
Thu Feb 16 18:17:23 2012 us=454896 pkcs11_cert_private = DISABLED
Thu Feb 16 18:17:23 2012 us=454901 pkcs11_cert_private = DISABLED
Thu Feb 16 18:17:23 2012 us=454905 pkcs11_cert_private = DISABLED
Thu Feb 16 18:17:23 2012 us=454910 pkcs11_cert_private = DISABLED
Thu Feb 16 18:17:23 2012 us=454914 pkcs11_cert_private = DISABLED
Thu Feb 16 18:17:23 2012 us=454919 pkcs11_cert_private = DISABLED
Thu Feb 16 18:17:23 2012 us=454923 pkcs11_cert_private = DISABLED
Thu Feb 16 18:17:23 2012 us=454928 pkcs11_cert_private = DISABLED
Thu Feb 16 18:17:23 2012 us=454933 pkcs11_cert_private = DISABLED
Thu Feb 16 18:17:23 2012 us=454937 pkcs11_cert_private = DISABLED
Thu Feb 16 18:17:23 2012 us=454942 pkcs11_cert_private = DISABLED
Thu Feb 16 18:17:23 2012 us=454946 pkcs11_cert_private = DISABLED
Thu Feb 16 18:17:23 2012 us=454951 pkcs11_cert_private = DISABLED
Thu Feb 16 18:17:23 2012 us=454955 pkcs11_pin_cache_period = -1
Thu Feb 16 18:17:23 2012 us=454960 pkcs11_id = '[UNDEF]'
Thu Feb 16 18:17:23 2012 us=454965 pkcs11_id_management = DISABLED
Thu Feb 16 18:17:23 2012 us=454975 server_network = 0.0.0.0
Thu Feb 16 18:17:23 2012 us=454990 server_netmask = 0.0.0.0
Thu Feb 16 18:17:23 2012 us=454997 server_bridge_ip = 0.0.0.0
Thu Feb 16 18:17:23 2012 us=455005 server_bridge_netmask = 0.0.0.0
Thu Feb 16 18:17:23 2012 us=455011 server_bridge_pool_start = 0.0.0.0
Thu Feb 16 18:17:23 2012 us=455016 server_bridge_pool_end = 0.0.0.0
Thu Feb 16 18:17:23 2012 us=455020 ifconfig_pool_defined = DISABLED
Thu Feb 16 18:17:23 2012 us=455026 ifconfig_pool_start = 0.0.0.0
Thu Feb 16 18:17:23 2012 us=455031 ifconfig_pool_end = 0.0.0.0
Thu Feb 16 18:17:23 2012 us=455036 ifconfig_pool_netmask = 0.0.0.0
Thu Feb 16 18:17:23 2012 us=455041 ifconfig_pool_persist_filename = '[UNDEF]'
Thu Feb 16 18:17:23 2012 us=455046 ifconfig_pool_persist_refresh_freq = 600
Thu Feb 16 18:17:23 2012 us=455051 n_bcast_buf = 256
Thu Feb 16 18:17:23 2012 us=455055 tcp_queue_limit = 64
Thu Feb 16 18:17:23 2012 us=455060 real_hash_size = 256
Thu Feb 16 18:17:23 2012 us=455064 virtual_hash_size = 256
Thu Feb 16 18:17:23 2012 us=455069 client_connect_script = '[UNDEF]'
Thu Feb 16 18:17:23 2012 us=455074 learn_address_script = '[UNDEF]'
Thu Feb 16 18:17:23 2012 us=455078 client_disconnect_script = '[UNDEF]'
Thu Feb 16 18:17:23 2012 us=455083 client_config_dir = '[UNDEF]'
Thu Feb 16 18:17:23 2012 us=455088 ccd_exclusive = DISABLED
Thu Feb 16 18:17:23 2012 us=455092 tmp_dir = '/root/tmp'
Thu Feb 16 18:17:23 2012 us=455097 push_ifconfig_defined = DISABLED
Thu Feb 16 18:17:23 2012 us=455102 push_ifconfig_local = 0.0.0.0
Thu Feb 16 18:17:23 2012 us=455108 push_ifconfig_remote_netmask = 0.0.0.0
Thu Feb 16 18:17:23 2012 us=455112 enable_c2c = DISABLED
Thu Feb 16 18:17:23 2012 us=455117 duplicate_cn = DISABLED
Thu Feb 16 18:17:23 2012 us=455121 cf_max = 0
Thu Feb 16 18:17:23 2012 us=455126 cf_per = 0
Thu Feb 16 18:17:23 2012 us=455130 max_clients = 1024
Thu Feb 16 18:17:23 2012 us=455135 max_routes_per_client = 256
Thu Feb 16 18:17:23 2012 us=455140 auth_user_pass_verify_script = '[UNDEF]'
Thu Feb 16 18:17:23 2012 us=455144 auth_user_pass_verify_script_via_file = DISABLED
Thu Feb 16 18:17:23 2012 us=455149 ssl_flags = 0
Thu Feb 16 18:17:23 2012 us=455154 port_share_host = '[UNDEF]'
Thu Feb 16 18:17:23 2012 us=455158 port_share_port = 0
Thu Feb 16 18:17:23 2012 us=455163 client = DISABLED
Thu Feb 16 18:17:23 2012 us=455167 pull = DISABLED
Thu Feb 16 18:17:23 2012 us=455172 auth_user_pass_file = '[UNDEF]'
Thu Feb 16 18:17:23 2012 us=455179 OpenVPN 2.2.1 x86_64-mandriva-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] built on Nov 8 2011
Thu Feb 16 18:17:23 2012 us=455279 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Thu Feb 16 18:17:23 2012 us=470159 Static Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Feb 16 18:17:23 2012 us=470823 Static Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Feb 16 18:17:23 2012 us=470868 Static Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Feb 16 18:17:23 2012 us=470874 Static Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Feb 16 18:17:23 2012 us=470914 Socket Buffers: R=[126976->131072] S=[126976->131072]
Thu Feb 16 18:17:23 2012 us=526196 TUN/TAP device tun0 opened
Thu Feb 16 18:17:23 2012 us=526238 TUN/TAP TX queue length set to 100
Thu Feb 16 18:17:23 2012 us=526281 /sbin/ifconfig tun0 10.0.0.1 pointopoint 10.0.0.2 mtu 1500
Thu Feb 16 18:17:23 2012 us=528899 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:4 ET:0 EL:0 ]
Thu Feb 16 18:17:23 2012 us=528942 Local Options String: 'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto UDPv4,ifconfig 10.0.0.2 10.0.0.1,cipher BF-CBC,auth SHA1,keysize 128,secret'
Thu Feb 16 18:17:23 2012 us=528948 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto UDPv4,ifconfig 10.0.0.1 10.0.0.2,cipher BF-CBC,auth SHA1,keysize 128,secret'
Thu Feb 16 18:17:23 2012 us=528967 Local Options hash (VER=V4): '522471df'
Thu Feb 16 18:17:23 2012 us=528995 Expected Remote Options hash (VER=V4): '5c3fe1ab'
Thu Feb 16 18:17:23 2012 us=529011 UDPv4 link local (bound): [undef]:1194
Thu Feb 16 18:17:23 2012 us=529017 UDPv4 link remote: [undef]
Client
======
[root@localhost openvpn]# openvpn --script-security 2 --config /etc/openvpn/client.conf
Thu Feb 16 18:20:35 2012 us=411694 Current Parameter Settings:
Thu Feb 16 18:20:35 2012 us=411889 config = '/etc/openvpn/client.conf'
Thu Feb 16 18:20:35 2012 us=411932 mode = 0
Thu Feb 16 18:20:35 2012 us=411968 persist_config = DISABLED
Thu Feb 16 18:20:35 2012 us=412004 persist_mode = 1
Thu Feb 16 18:20:35 2012 us=412040 show_ciphers = DISABLED
Thu Feb 16 18:20:35 2012 us=412075 show_digests = DISABLED
Thu Feb 16 18:20:35 2012 us=412111 show_engines = DISABLED
Thu Feb 16 18:20:35 2012 us=412146 genkey = DISABLED
Thu Feb 16 18:20:35 2012 us=412181 key_pass_file = '[UNDEF]'
Thu Feb 16 18:20:35 2012 us=412216 show_tls_ciphers = DISABLED
Thu Feb 16 18:20:35 2012 us=412251 Connection profiles [default]:
Thu Feb 16 18:20:35 2012 us=412287 proto = udp
Thu Feb 16 18:20:35 2012 us=413142 local = '[UNDEF]'
Thu Feb 16 18:20:35 2012 us=413183 local_port = 1194
Thu Feb 16 18:20:35 2012 us=413218 remote = 'asandco.no-ip.org'
Thu Feb 16 18:20:35 2012 us=413255 remote_port = 1194
Thu Feb 16 18:20:35 2012 us=413291 remote_float = DISABLED
Thu Feb 16 18:20:35 2012 us=413819 bind_defined = DISABLED
Thu Feb 16 18:20:35 2012 us=413856 bind_local = ENABLED
Thu Feb 16 18:20:35 2012 us=413891 connect_retry_seconds = 5
Thu Feb 16 18:20:35 2012 us=413927 connect_timeout = 10
Thu Feb 16 18:20:35 2012 us=413962 connect_retry_max = 0
Thu Feb 16 18:20:35 2012 us=413997 socks_proxy_server = '[UNDEF]'
Thu Feb 16 18:20:35 2012 us=414033 socks_proxy_port = 0
Thu Feb 16 18:20:35 2012 us=414068 socks_proxy_retry = DISABLED
Thu Feb 16 18:20:35 2012 us=414113 Connection profiles END
Thu Feb 16 18:20:35 2012 us=414150 remote_random = DISABLED
Thu Feb 16 18:20:35 2012 us=414185 ipchange = '[UNDEF]'
Thu Feb 16 18:20:35 2012 us=414219 dev = 'tun'
Thu Feb 16 18:20:35 2012 us=414253 dev_type = '[UNDEF]'
Thu Feb 16 18:20:35 2012 us=414288 dev_node = '[UNDEF]'
Thu Feb 16 18:20:35 2012 us=415050 lladdr = '[UNDEF]'
Thu Feb 16 18:20:35 2012 us=415088 topology = 1
Thu Feb 16 18:20:35 2012 us=415124 tun_ipv6 = DISABLED
Thu Feb 16 18:20:35 2012 us=415159 ifconfig_local = '10.0.0.2'
Thu Feb 16 18:20:35 2012 us=415194 ifconfig_remote_netmask = '10.0.0.1'
Thu Feb 16 18:20:35 2012 us=415229 ifconfig_noexec = DISABLED
Thu Feb 16 18:20:35 2012 us=415265 ifconfig_nowarn = DISABLED
Thu Feb 16 18:20:35 2012 us=415783 shaper = 0
Thu Feb 16 18:20:35 2012 us=415838 tun_mtu = 1500
Thu Feb 16 18:20:35 2012 us=415874 tun_mtu_defined = ENABLED
Thu Feb 16 18:20:35 2012 us=415910 link_mtu = 1500
Thu Feb 16 18:20:35 2012 us=415945 link_mtu_defined = DISABLED
Thu Feb 16 18:20:35 2012 us=415980 tun_mtu_extra = 0
Thu Feb 16 18:20:35 2012 us=416014 tun_mtu_extra_defined = DISABLED
Thu Feb 16 18:20:35 2012 us=416050 fragment = 0
Thu Feb 16 18:20:35 2012 us=416085 mtu_discover_type = -1
Thu Feb 16 18:20:35 2012 us=416120 mtu_test = 0
Thu Feb 16 18:20:35 2012 us=416155 mlock = DISABLED
Thu Feb 16 18:20:35 2012 us=416190 keepalive_ping = 0
Thu Feb 16 18:20:35 2012 us=416225 keepalive_timeout = 0
Thu Feb 16 18:20:35 2012 us=416260 inactivity_timeout = 0
Thu Feb 16 18:20:35 2012 us=416961 ping_send_timeout = 0
Thu Feb 16 18:20:35 2012 us=417018 ping_rec_timeout = 0
Thu Feb 16 18:20:35 2012 us=417055 ping_rec_timeout_action = 0
Thu Feb 16 18:20:35 2012 us=417090 ping_timer_remote = DISABLED
Thu Feb 16 18:20:35 2012 us=417126 remap_sigusr1 = 0
Thu Feb 16 18:20:35 2012 us=417161 explicit_exit_notification = 0
Thu Feb 16 18:20:35 2012 us=417196 persist_tun = DISABLED
Thu Feb 16 18:20:35 2012 us=417230 persist_local_ip = DISABLED
Thu Feb 16 18:20:35 2012 us=417265 persist_remote_ip = DISABLED
Thu Feb 16 18:20:35 2012 us=417809 persist_key = DISABLED
Thu Feb 16 18:20:35 2012 us=417861 mssfix = 1450
Thu Feb 16 18:20:35 2012 us=417896 passtos = DISABLED
Thu Feb 16 18:20:35 2012 us=417932 resolve_retry_seconds = 1000000000
Thu Feb 16 18:20:35 2012 us=417967 username = '[UNDEF]'
Thu Feb 16 18:20:35 2012 us=418002 groupname = '[UNDEF]'
Thu Feb 16 18:20:35 2012 us=418037 chroot_dir = '[UNDEF]'
Thu Feb 16 18:20:35 2012 us=418071 cd_dir = '[UNDEF]'
Thu Feb 16 18:20:35 2012 us=418106 writepid = '[UNDEF]'
Thu Feb 16 18:20:35 2012 us=418150 up_script = '[UNDEF]'
Thu Feb 16 18:20:35 2012 us=418186 down_script = '[UNDEF]'
Thu Feb 16 18:20:35 2012 us=418221 down_pre = DISABLED
Thu Feb 16 18:20:35 2012 us=418256 up_restart = DISABLED
Thu Feb 16 18:20:35 2012 us=418290 up_delay = DISABLED
Thu Feb 16 18:20:35 2012 us=418400 daemon = DISABLED
Thu Feb 16 18:20:35 2012 us=418454 inetd = 0
Thu Feb 16 18:20:35 2012 us=418504 log = DISABLED
Thu Feb 16 18:20:35 2012 us=418564 suppress_timestamps = DISABLED
Thu Feb 16 18:20:35 2012 us=418614 nice = 0
Thu Feb 16 18:20:35 2012 us=418662 verbosity = 5
Thu Feb 16 18:20:35 2012 us=418710 mute = 0
Thu Feb 16 18:20:35 2012 us=418757 gremlin = 0
Thu Feb 16 18:20:35 2012 us=418805 status_file = '[UNDEF]'
Thu Feb 16 18:20:35 2012 us=418852 status_file_version = 1
Thu Feb 16 18:20:35 2012 us=418900 status_file_update_freq = 60
Thu Feb 16 18:20:35 2012 us=418948 occ = ENABLED
Thu Feb 16 18:20:35 2012 us=418996 rcvbuf = 65536
Thu Feb 16 18:20:35 2012 us=419044 sndbuf = 65536
Thu Feb 16 18:20:35 2012 us=419091 sockflags = 0
Thu Feb 16 18:20:35 2012 us=419139 fast_io = DISABLED
Thu Feb 16 18:20:35 2012 us=419187 lzo = 0
Thu Feb 16 18:20:35 2012 us=419237 route_script = '[UNDEF]'
Thu Feb 16 18:20:35 2012 us=419289 route_default_gateway = '[UNDEF]'
Thu Feb 16 18:20:35 2012 us=419392 route_default_metric = 0
Thu Feb 16 18:20:35 2012 us=419444 route_noexec = DISABLED
Thu Feb 16 18:20:35 2012 us=419493 route_delay = 0
Thu Feb 16 18:20:35 2012 us=419541 route_delay_window = 30
Thu Feb 16 18:20:35 2012 us=419589 route_delay_defined = DISABLED
Thu Feb 16 18:20:35 2012 us=419639 route_nopull = DISABLED
Thu Feb 16 18:20:35 2012 us=419687 route_gateway_via_dhcp = DISABLED
Thu Feb 16 18:20:35 2012 us=419736 max_routes = 100
Thu Feb 16 18:20:35 2012 us=419784 allow_pull_fqdn = DISABLED
Thu Feb 16 18:20:35 2012 us=419833 management_addr = '[UNDEF]'
Thu Feb 16 18:20:35 2012 us=419881 management_port = 0
Thu Feb 16 18:20:35 2012 us=419930 management_user_pass = '[UNDEF]'
Thu Feb 16 18:20:35 2012 us=419979 management_log_history_cache = 250
Thu Feb 16 18:20:35 2012 us=420028 management_echo_buffer_size = 100
Thu Feb 16 18:20:35 2012 us=420078 management_write_peer_info_file = '[UNDEF]'
Thu Feb 16 18:20:35 2012 us=420126 management_client_user = '[UNDEF]'
Thu Feb 16 18:20:35 2012 us=420176 management_client_group = '[UNDEF]'
Thu Feb 16 18:20:35 2012 us=420225 management_flags = 0
Thu Feb 16 18:20:35 2012 us=420274 shared_secret_file = '/etc/openvpn/static.key'
Thu Feb 16 18:20:35 2012 us=420378 key_direction = 0
Thu Feb 16 18:20:35 2012 us=420428 ciphername_defined = ENABLED
Thu Feb 16 18:20:35 2012 us=420480 ciphername = 'BF-CBC'
Thu Feb 16 18:20:35 2012 us=420536 authname_defined = ENABLED
Thu Feb 16 18:20:35 2012 us=420591 authname = 'SHA1'
Thu Feb 16 18:20:35 2012 us=420644 prng_hash = 'SHA1'
Thu Feb 16 18:20:35 2012 us=420693 prng_nonce_secret_len = 16
Thu Feb 16 18:20:35 2012 us=420742 keysize = 0
Thu Feb 16 18:20:35 2012 us=420789 engine = DISABLED
Thu Feb 16 18:20:35 2012 us=420837 replay = ENABLED
Thu Feb 16 18:20:35 2012 us=420886 mute_replay_warnings = DISABLED
Thu Feb 16 18:20:35 2012 us=420935 replay_window = 64
Thu Feb 16 18:20:35 2012 us=420983 replay_time = 15
Thu Feb 16 18:20:35 2012 us=421031 packet_id_file = '[UNDEF]'
Thu Feb 16 18:20:35 2012 us=421080 use_iv = ENABLED
Thu Feb 16 18:20:35 2012 us=421128 test_crypto = DISABLED
Thu Feb 16 18:20:35 2012 us=421176 tls_server = DISABLED
Thu Feb 16 18:20:35 2012 us=421225 tls_client = DISABLED
Thu Feb 16 18:20:35 2012 us=421274 key_method = 2
Thu Feb 16 18:20:35 2012 us=421384 ca_file = '[UNDEF]'
Thu Feb 16 18:20:35 2012 us=421434 ca_path = '[UNDEF]'
Thu Feb 16 18:20:35 2012 us=421482 dh_file = '[UNDEF]'
Thu Feb 16 18:20:35 2012 us=421530 cert_file = '[UNDEF]'
Thu Feb 16 18:20:35 2012 us=421579 priv_key_file = '[UNDEF]'
Thu Feb 16 18:20:35 2012 us=421627 pkcs12_file = '[UNDEF]'
Thu Feb 16 18:20:35 2012 us=421675 cipher_list = '[UNDEF]'
Thu Feb 16 18:20:35 2012 us=421724 tls_verify = '[UNDEF]'
Thu Feb 16 18:20:35 2012 us=421772 tls_export_cert = '[UNDEF]'
Thu Feb 16 18:20:35 2012 us=421821 tls_remote = '[UNDEF]'
Thu Feb 16 18:20:35 2012 us=421870 crl_file = '[UNDEF]'
Thu Feb 16 18:20:35 2012 us=421918 ns_cert_type = 0
Thu Feb 16 18:20:35 2012 us=421972 remote_cert_ku[i] = 0
Thu Feb 16 18:20:35 2012 us=422025 remote_cert_ku[i] = 0
Thu Feb 16 18:20:35 2012 us=422080 remote_cert_ku[i] = 0
Thu Feb 16 18:20:35 2012 us=422131 remote_cert_ku[i] = 0
Thu Feb 16 18:20:35 2012 us=422181 remote_cert_ku[i] = 0
Thu Feb 16 18:20:35 2012 us=422230 remote_cert_ku[i] = 0
Thu Feb 16 18:20:35 2012 us=422278 remote_cert_ku[i] = 0
Thu Feb 16 18:20:35 2012 us=422371 remote_cert_ku[i] = 0
Thu Feb 16 18:20:35 2012 us=422420 remote_cert_ku[i] = 0
Thu Feb 16 18:20:35 2012 us=422469 remote_cert_ku[i] = 0
Thu Feb 16 18:20:35 2012 us=422517 remote_cert_ku[i] = 0
Thu Feb 16 18:20:35 2012 us=422566 remote_cert_ku[i] = 0
Thu Feb 16 18:20:35 2012 us=422614 remote_cert_ku[i] = 0
Thu Feb 16 18:20:35 2012 us=422662 remote_cert_ku[i] = 0
Thu Feb 16 18:20:35 2012 us=422711 remote_cert_ku[i] = 0
Thu Feb 16 18:20:35 2012 us=422760 remote_cert_ku[i] = 0
Thu Feb 16 18:20:35 2012 us=422809 remote_cert_eku = '[UNDEF]'
Thu Feb 16 18:20:35 2012 us=422858 tls_timeout = 2
Thu Feb 16 18:20:35 2012 us=422906 renegotiate_bytes = 0
Thu Feb 16 18:20:35 2012 us=422955 renegotiate_packets = 0
Thu Feb 16 18:20:35 2012 us=423005 renegotiate_seconds = 3600
Thu Feb 16 18:20:35 2012 us=423054 handshake_window = 60
Thu Feb 16 18:20:35 2012 us=423102 transition_window = 3600
Thu Feb 16 18:20:35 2012 us=423150 single_session = DISABLED
Thu Feb 16 18:20:35 2012 us=423197 push_peer_info = DISABLED
Thu Feb 16 18:20:35 2012 us=423245 tls_exit = DISABLED
Thu Feb 16 18:20:35 2012 us=423333 tls_auth_file = '[UNDEF]'
Thu Feb 16 18:20:35 2012 us=423386 pkcs11_protected_authentication = DISABLED
Thu Feb 16 18:20:35 2012 us=423436 pkcs11_protected_authentication = DISABLED
Thu Feb 16 18:20:35 2012 us=423486 pkcs11_protected_authentication = DISABLED
Thu Feb 16 18:20:35 2012 us=423535 pkcs11_protected_authentication = DISABLED
Thu Feb 16 18:20:35 2012 us=423584 pkcs11_protected_authentication = DISABLED
Thu Feb 16 18:20:35 2012 us=423632 pkcs11_protected_authentication = DISABLED
Thu Feb 16 18:20:35 2012 us=423681 pkcs11_protected_authentication = DISABLED
Thu Feb 16 18:20:35 2012 us=423734 pkcs11_protected_authentication = DISABLED
Thu Feb 16 18:20:35 2012 us=423788 pkcs11_protected_authentication = DISABLED
Thu Feb 16 18:20:35 2012 us=423843 pkcs11_protected_authentication = DISABLED
Thu Feb 16 18:20:35 2012 us=423895 pkcs11_protected_authentication = DISABLED
Thu Feb 16 18:20:35 2012 us=423946 pkcs11_protected_authentication = DISABLED
Thu Feb 16 18:20:35 2012 us=423995 pkcs11_protected_authentication = DISABLED
Thu Feb 16 18:20:35 2012 us=424044 pkcs11_protected_authentication = DISABLED
Thu Feb 16 18:20:35 2012 us=424094 pkcs11_protected_authentication = DISABLED
Thu Feb 16 18:20:35 2012 us=424143 pkcs11_protected_authentication = DISABLED
Thu Feb 16 18:20:35 2012 us=424194 pkcs11_private_mode = 00000000
Thu Feb 16 18:20:35 2012 us=424243 pkcs11_private_mode = 00000000
Thu Feb 16 18:20:35 2012 us=424334 pkcs11_private_mode = 00000000
Thu Feb 16 18:20:35 2012 us=424390 pkcs11_private_mode = 00000000
Thu Feb 16 18:20:35 2012 us=424440 pkcs11_private_mode = 00000000
Thu Feb 16 18:20:35 2012 us=424490 pkcs11_private_mode = 00000000
Thu Feb 16 18:20:35 2012 us=424540 pkcs11_private_mode = 00000000
Thu Feb 16 18:20:35 2012 us=424590 pkcs11_private_mode = 00000000
Thu Feb 16 18:20:35 2012 us=424640 pkcs11_private_mode = 00000000
Thu Feb 16 18:20:35 2012 us=424691 pkcs11_private_mode = 00000000
Thu Feb 16 18:20:35 2012 us=424741 pkcs11_private_mode = 00000000
Thu Feb 16 18:20:35 2012 us=424790 pkcs11_private_mode = 00000000
Thu Feb 16 18:20:35 2012 us=424840 pkcs11_private_mode = 00000000
Thu Feb 16 18:20:35 2012 us=424890 pkcs11_private_mode = 00000000
Thu Feb 16 18:20:35 2012 us=424940 pkcs11_private_mode = 00000000
Thu Feb 16 18:20:35 2012 us=424990 pkcs11_private_mode = 00000000
Thu Feb 16 18:20:35 2012 us=425038 pkcs11_cert_private = DISABLED
Thu Feb 16 18:20:35 2012 us=425087 pkcs11_cert_private = DISABLED
Thu Feb 16 18:20:35 2012 us=425137 pkcs11_cert_private = DISABLED
Thu Feb 16 18:20:35 2012 us=425186 pkcs11_cert_private = DISABLED
Thu Feb 16 18:20:35 2012 us=425235 pkcs11_cert_private = DISABLED
Thu Feb 16 18:20:35 2012 us=425283 pkcs11_cert_private = DISABLED
Thu Feb 16 18:20:35 2012 us=425376 pkcs11_cert_private = DISABLED
Thu Feb 16 18:20:35 2012 us=425427 pkcs11_cert_private = DISABLED
Thu Feb 16 18:20:35 2012 us=425476 pkcs11_cert_private = DISABLED
Thu Feb 16 18:20:35 2012 us=425524 pkcs11_cert_private = DISABLED
Thu Feb 16 18:20:35 2012 us=425573 pkcs11_cert_private = DISABLED
Thu Feb 16 18:20:35 2012 us=425621 pkcs11_cert_private = DISABLED
Thu Feb 16 18:20:35 2012 us=425669 pkcs11_cert_private = DISABLED
Thu Feb 16 18:20:35 2012 us=425717 pkcs11_cert_private = DISABLED
Thu Feb 16 18:20:35 2012 us=425764 pkcs11_cert_private = DISABLED
Thu Feb 16 18:20:35 2012 us=425815 pkcs11_cert_private = DISABLED
Thu Feb 16 18:20:35 2012 us=425870 pkcs11_pin_cache_period = -1
Thu Feb 16 18:20:35 2012 us=425923 pkcs11_id = '[UNDEF]'
Thu Feb 16 18:20:35 2012 us=425976 pkcs11_id_management = DISABLED
Thu Feb 16 18:20:35 2012 us=426091 server_network = 0.0.0.0
Thu Feb 16 18:20:35 2012 us=426148 server_netmask = 0.0.0.0
Thu Feb 16 18:20:35 2012 us=426202 server_bridge_ip = 0.0.0.0
Thu Feb 16 18:20:35 2012 us=426257 server_bridge_netmask = 0.0.0.0
Thu Feb 16 18:20:35 2012 us=426357 server_bridge_pool_start = 0.0.0.0
Thu Feb 16 18:20:35 2012 us=426416 server_bridge_pool_end = 0.0.0.0
Thu Feb 16 18:20:35 2012 us=426466 ifconfig_pool_defined = DISABLED
Thu Feb 16 18:20:35 2012 us=426520 ifconfig_pool_start = 0.0.0.0
Thu Feb 16 18:20:35 2012 us=426574 ifconfig_pool_end = 0.0.0.0
Thu Feb 16 18:20:35 2012 us=426628 ifconfig_pool_netmask = 0.0.0.0
Thu Feb 16 18:20:35 2012 us=426676 ifconfig_pool_persist_filename = '[UNDEF]'
Thu Feb 16 18:20:35 2012 us=426726 ifconfig_pool_persist_refresh_freq = 600
Thu Feb 16 18:20:35 2012 us=426775 n_bcast_buf = 256
Thu Feb 16 18:20:35 2012 us=426824 tcp_queue_limit = 64
Thu Feb 16 18:20:35 2012 us=426872 real_hash_size = 256
Thu Feb 16 18:20:35 2012 us=426919 virtual_hash_size = 256
Thu Feb 16 18:20:35 2012 us=426973 client_connect_script = '[UNDEF]'
Thu Feb 16 18:20:35 2012 us=427022 learn_address_script = '[UNDEF]'
Thu Feb 16 18:20:35 2012 us=427071 client_disconnect_script = '[UNDEF]'
Thu Feb 16 18:20:35 2012 us=427120 client_config_dir = '[UNDEF]'
Thu Feb 16 18:20:35 2012 us=427168 ccd_exclusive = DISABLED
Thu Feb 16 18:20:35 2012 us=427216 tmp_dir = '/root/tmp'
Thu Feb 16 18:20:35 2012 us=427264 push_ifconfig_defined = DISABLED
Thu Feb 16 18:20:35 2012 us=427588 push_ifconfig_local = 0.0.0.0
Thu Feb 16 18:20:35 2012 us=427666 push_ifconfig_remote_netmask = 0.0.0.0
Thu Feb 16 18:20:35 2012 us=427715 enable_c2c = DISABLED
Thu Feb 16 18:20:35 2012 us=427764 duplicate_cn = DISABLED
Thu Feb 16 18:20:35 2012 us=427812 cf_max = 0
Thu Feb 16 18:20:35 2012 us=427861 cf_per = 0
Thu Feb 16 18:20:35 2012 us=427908 max_clients = 1024
Thu Feb 16 18:20:35 2012 us=427957 max_routes_per_client = 256
Thu Feb 16 18:20:35 2012 us=428006 auth_user_pass_verify_script = '[UNDEF]'
Thu Feb 16 18:20:35 2012 us=428056 auth_user_pass_verify_script_via_file = DISABLED
Thu Feb 16 18:20:35 2012 us=428105 ssl_flags = 0
Thu Feb 16 18:20:35 2012 us=428152 port_share_host = '[UNDEF]'
Thu Feb 16 18:20:35 2012 us=428201 port_share_port = 0
Thu Feb 16 18:20:35 2012 us=428249 client = DISABLED
Thu Feb 16 18:20:35 2012 us=428352 pull = DISABLED
Thu Feb 16 18:20:35 2012 us=428407 auth_user_pass_file = '[UNDEF]'
Thu Feb 16 18:20:35 2012 us=428477 OpenVPN 2.2.1 i586-mandriva-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] built on Nov 9 2011
Thu Feb 16 18:20:35 2012 us=428956 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Thu Feb 16 18:20:35 2012 us=432772 Static Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Feb 16 18:20:35 2012 us=432900 Static Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Feb 16 18:20:35 2012 us=433036 Static Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Feb 16 18:20:35 2012 us=433083 Static Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Feb 16 18:20:35 2012 us=433211 Socket Buffers: R=[114688->131072] S=[114688->131072]
Thu Feb 16 18:20:35 2012 us=570809 TUN/TAP device tun0 opened
Thu Feb 16 18:20:35 2012 us=570983 TUN/TAP TX queue length set to 100
Thu Feb 16 18:20:35 2012 us=571160 /sbin/ifconfig tun0 10.0.0.2 pointopoint 10.0.0.1 mtu 1500
Thu Feb 16 18:20:35 2012 us=580042 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:4 ET:0 EL:0 ]
Thu Feb 16 18:20:35 2012 us=580218 Local Options String: 'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto UDPv4,ifconfig 10.0.0.1 10.0.0.2,cipher BF-CBC,auth SHA1,keysize 128,secret'
Thu Feb 16 18:20:35 2012 us=580271 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto UDPv4,ifconfig 10.0.0.2 10.0.0.1,cipher BF-CBC,auth SHA1,keysize 128,secret'
Thu Feb 16 18:20:35 2012 us=580500 Local Options hash (VER=V4): '5c3fe1ab'
Thu Feb 16 18:20:35 2012 us=580589 Expected Remote Options hash (VER=V4): '522471df'
Thu Feb 16 18:20:35 2012 us=580680 UDPv4 link local (bound): [undef]:1194
Thu Feb 16 18:20:35 2012 us=580735 UDPv4 link remote: 8.23.224.90:1194
Thu Feb 16 18:22:37 2012 us=81063 NOTE: failed to obtain options consistency info from peer
-- this could occur if the remote peer is running a version of OpenVPN before 1.5-beta8 or
if there is a network connectivity problem, and will not necessarily prevent OpenVPN from
running (0 bytes received from peer, 0 bytes authenticated data channel traffic) -- you
can disable the options consistency check with --disable-occ
The following is before changing the router to make port 1194 type tcp/udp
and adding proto tcp-server (client) to the config files. However the result
was much the same.
Server
======
[root@desktop openvpn]# openvpn --script-security 2 --config /etc/openvpn/server.conf
Thu Feb 16 18:17:23 2012 us=453614 Current Parameter Settings:
Thu Feb 16 18:17:23 2012 us=453675 config = '/etc/openvpn/server.conf'
Thu Feb 16 18:17:23 2012 us=453681 mode = 0
Thu Feb 16 18:17:23 2012 us=453687 persist_config = DISABLED
Thu Feb 16 18:17:23 2012 us=453691 persist_mode = 1
Thu Feb 16 18:17:23 2012 us=453696 show_ciphers = DISABLED
Thu Feb 16 18:17:23 2012 us=453701 show_digests = DISABLED
Thu Feb 16 18:17:23 2012 us=453706 show_engines = DISABLED
Thu Feb 16 18:17:23 2012 us=453710 genkey = DISABLED
Thu Feb 16 18:17:23 2012 us=453715 key_pass_file = '[UNDEF]'
Thu Feb 16 18:17:23 2012 us=453720 show_tls_ciphers = DISABLED
Thu Feb 16 18:17:23 2012 us=453724 Connection profiles [default]:
Thu Feb 16 18:17:23 2012 us=453729 proto = udp
Thu Feb 16 18:17:23 2012 us=453734 local = '[UNDEF]'
Thu Feb 16 18:17:23 2012 us=453738 local_port = 1194
Thu Feb 16 18:17:23 2012 us=453743 remote = '[UNDEF]'
Thu Feb 16 18:17:23 2012 us=453747 remote_port = 1194
Thu Feb 16 18:17:23 2012 us=453752 remote_float = DISABLED
Thu Feb 16 18:17:23 2012 us=453756 bind_defined = DISABLED
Thu Feb 16 18:17:23 2012 us=453761 bind_local = ENABLED
Thu Feb 16 18:17:23 2012 us=453765 connect_retry_seconds = 5
Thu Feb 16 18:17:23 2012 us=453770 connect_timeout = 10
Thu Feb 16 18:17:23 2012 us=453775 connect_retry_max = 0
Thu Feb 16 18:17:23 2012 us=453780 socks_proxy_server = '[UNDEF]'
Thu Feb 16 18:17:23 2012 us=453784 socks_proxy_port = 0
Thu Feb 16 18:17:23 2012 us=453789 socks_proxy_retry = DISABLED
Thu Feb 16 18:17:23 2012 us=453794 Connection profiles END
Thu Feb 16 18:17:23 2012 us=453798 remote_random = DISABLED
Thu Feb 16 18:17:23 2012 us=453803 ipchange = '[UNDEF]'
Thu Feb 16 18:17:23 2012 us=453807 dev = 'tun'
Thu Feb 16 18:17:23 2012 us=453812 dev_type = '[UNDEF]'
Thu Feb 16 18:17:23 2012 us=453816 dev_node = '[UNDEF]'
Thu Feb 16 18:17:23 2012 us=453821 lladdr = '[UNDEF]'
Thu Feb 16 18:17:23 2012 us=453825 topology = 1
Thu Feb 16 18:17:23 2012 us=453830 tun_ipv6 = DISABLED
Thu Feb 16 18:17:23 2012 us=453837 ifconfig_local = '10.0.0.1'
Thu Feb 16 18:17:23 2012 us=453842 ifconfig_remote_netmask = '10.0.0.2'
Thu Feb 16 18:17:23 2012 us=453846 ifconfig_noexec = DISABLED
Thu Feb 16 18:17:23 2012 us=453851 ifconfig_nowarn = DISABLED
Thu Feb 16 18:17:23 2012 us=453856 shaper = 0
Thu Feb 16 18:17:23 2012 us=453860 tun_mtu = 1500
Thu Feb 16 18:17:23 2012 us=453865 tun_mtu_defined = ENABLED
Thu Feb 16 18:17:23 2012 us=453869 link_mtu = 1500
Thu Feb 16 18:17:23 2012 us=453874 link_mtu_defined = DISABLED
Thu Feb 16 18:17:23 2012 us=453879 tun_mtu_extra = 0
Thu Feb 16 18:17:23 2012 us=453884 tun_mtu_extra_defined = DISABLED
Thu Feb 16 18:17:23 2012 us=453889 fragment = 0
Thu Feb 16 18:17:23 2012 us=453893 mtu_discover_type = -1
Thu Feb 16 18:17:23 2012 us=453898 mtu_test = 0
Thu Feb 16 18:17:23 2012 us=453902 mlock = DISABLED
Thu Feb 16 18:17:23 2012 us=453907 keepalive_ping = 0
Thu Feb 16 18:17:23 2012 us=453911 keepalive_timeout = 0
Thu Feb 16 18:17:23 2012 us=453916 inactivity_timeout = 0
Thu Feb 16 18:17:23 2012 us=453920 ping_send_timeout = 0
Thu Feb 16 18:17:23 2012 us=453925 ping_rec_timeout = 0
Thu Feb 16 18:17:23 2012 us=453929 ping_rec_timeout_action = 0
Thu Feb 16 18:17:23 2012 us=453934 ping_timer_remote = DISABLED
Thu Feb 16 18:17:23 2012 us=453938 remap_sigusr1 = 0
Thu Feb 16 18:17:23 2012 us=453943 explicit_exit_notification = 0
Thu Feb 16 18:17:23 2012 us=453947 persist_tun = DISABLED
Thu Feb 16 18:17:23 2012 us=453952 persist_local_ip = DISABLED
Thu Feb 16 18:17:23 2012 us=453956 persist_remote_ip = DISABLED
Thu Feb 16 18:17:23 2012 us=453961 persist_key = DISABLED
Thu Feb 16 18:17:23 2012 us=453965 mssfix = 1450
Thu Feb 16 18:17:23 2012 us=453969 passtos = DISABLED
Thu Feb 16 18:17:23 2012 us=453974 resolve_retry_seconds = 1000000000
Thu Feb 16 18:17:23 2012 us=453986 username = '[UNDEF]'
Thu Feb 16 18:17:23 2012 us=453991 groupname = '[UNDEF]'
Thu Feb 16 18:17:23 2012 us=453995 chroot_dir = '[UNDEF]'
Thu Feb 16 18:17:23 2012 us=454000 cd_dir = '[UNDEF]'
Thu Feb 16 18:17:23 2012 us=454004 writepid = '[UNDEF]'
Thu Feb 16 18:17:23 2012 us=454009 up_script = '[UNDEF]'
Thu Feb 16 18:17:23 2012 us=454013 down_script = '[UNDEF]'
Thu Feb 16 18:17:23 2012 us=454018 down_pre = DISABLED
Thu Feb 16 18:17:23 2012 us=454022 up_restart = DISABLED
Thu Feb 16 18:17:23 2012 us=454027 up_delay = DISABLED
Thu Feb 16 18:17:23 2012 us=454031 daemon = DISABLED
Thu Feb 16 18:17:23 2012 us=454036 inetd = 0
Thu Feb 16 18:17:23 2012 us=454040 log = DISABLED
Thu Feb 16 18:17:23 2012 us=454045 suppress_timestamps = DISABLED
Thu Feb 16 18:17:23 2012 us=454049 nice = 0
Thu Feb 16 18:17:23 2012 us=454053 verbosity = 5
Thu Feb 16 18:17:23 2012 us=454058 mute = 0
Thu Feb 16 18:17:23 2012 us=454063 gremlin = 0
Thu Feb 16 18:17:23 2012 us=454067 status_file = '[UNDEF]'
Thu Feb 16 18:17:23 2012 us=454071 status_file_version = 1
Thu Feb 16 18:17:23 2012 us=454076 status_file_update_freq = 60
Thu Feb 16 18:17:23 2012 us=454081 occ = ENABLED
Thu Feb 16 18:17:23 2012 us=454085 rcvbuf = 65536
Thu Feb 16 18:17:23 2012 us=454089 sndbuf = 65536
Thu Feb 16 18:17:23 2012 us=454094 sockflags = 0
Thu Feb 16 18:17:23 2012 us=454098 fast_io = DISABLED
Thu Feb 16 18:17:23 2012 us=454102 lzo = 0
Thu Feb 16 18:17:23 2012 us=454107 route_script = '[UNDEF]'
Thu Feb 16 18:17:23 2012 us=454112 route_default_gateway = '[UNDEF]'
Thu Feb 16 18:17:23 2012 us=454116 route_default_metric = 0
Thu Feb 16 18:17:23 2012 us=454121 route_noexec = DISABLED
Thu Feb 16 18:17:23 2012 us=454126 route_delay = 0
Thu Feb 16 18:17:23 2012 us=454130 route_delay_window = 30
Thu Feb 16 18:17:23 2012 us=454135 route_delay_defined = DISABLED
Thu Feb 16 18:17:23 2012 us=454139 route_nopull = DISABLED
Thu Feb 16 18:17:23 2012 us=454144 route_gateway_via_dhcp = DISABLED
Thu Feb 16 18:17:23 2012 us=454149 max_routes = 100
Thu Feb 16 18:17:23 2012 us=454153 allow_pull_fqdn = DISABLED
Thu Feb 16 18:17:23 2012 us=454157 management_addr = '[UNDEF]'
Thu Feb 16 18:17:23 2012 us=454162 management_port = 0
Thu Feb 16 18:17:23 2012 us=454167 management_user_pass = '[UNDEF]'
Thu Feb 16 18:17:23 2012 us=454171 management_log_history_cache = 250
Thu Feb 16 18:17:23 2012 us=454176 management_echo_buffer_size = 100
Thu Feb 16 18:17:23 2012 us=454181 management_write_peer_info_file = '[UNDEF]'
Thu Feb 16 18:17:23 2012 us=454186 management_client_user = '[UNDEF]'
Thu Feb 16 18:17:23 2012 us=454190 management_client_group = '[UNDEF]'
Thu Feb 16 18:17:23 2012 us=454195 management_flags = 0
Thu Feb 16 18:17:23 2012 us=454200 shared_secret_file = '/etc/openvpn/static.key'
Thu Feb 16 18:17:23 2012 us=454204 key_direction = 0
Thu Feb 16 18:17:23 2012 us=454209 ciphername_defined = ENABLED
Thu Feb 16 18:17:23 2012 us=454213 ciphername = 'BF-CBC'
Thu Feb 16 18:17:23 2012 us=454234 authname_defined = ENABLED
Thu Feb 16 18:17:23 2012 us=454239 authname = 'SHA1'
Thu Feb 16 18:17:23 2012 us=454244 prng_hash = 'SHA1'
Thu Feb 16 18:17:23 2012 us=454253 prng_nonce_secret_len = 16
Thu Feb 16 18:17:23 2012 us=454259 keysize = 0
Thu Feb 16 18:17:23 2012 us=454264 engine = DISABLED
Thu Feb 16 18:17:23 2012 us=454268 replay = ENABLED
Thu Feb 16 18:17:23 2012 us=454273 mute_replay_warnings = DISABLED
Thu Feb 16 18:17:23 2012 us=454277 replay_window = 64
Thu Feb 16 18:17:23 2012 us=454282 replay_time = 15
Thu Feb 16 18:17:23 2012 us=454286 packet_id_file = '[UNDEF]'
Thu Feb 16 18:17:23 2012 us=454291 use_iv = ENABLED
Thu Feb 16 18:17:23 2012 us=454295 test_crypto = DISABLED
Thu Feb 16 18:17:23 2012 us=454300 tls_server = DISABLED
Thu Feb 16 18:17:23 2012 us=454305 tls_client = DISABLED
Thu Feb 16 18:17:23 2012 us=454310 key_method = 2
Thu Feb 16 18:17:23 2012 us=454314 ca_file = '[UNDEF]'
Thu Feb 16 18:17:23 2012 us=454318 ca_path = '[UNDEF]'
Thu Feb 16 18:17:23 2012 us=454323 dh_file = '[UNDEF]'
Thu Feb 16 18:17:23 2012 us=454327 cert_file = '[UNDEF]'
Thu Feb 16 18:17:23 2012 us=454332 priv_key_file = '[UNDEF]'
Thu Feb 16 18:17:23 2012 us=454336 pkcs12_file = '[UNDEF]'
Thu Feb 16 18:17:23 2012 us=454341 cipher_list = '[UNDEF]'
Thu Feb 16 18:17:23 2012 us=454345 tls_verify = '[UNDEF]'
Thu Feb 16 18:17:23 2012 us=454350 tls_export_cert = '[UNDEF]'
Thu Feb 16 18:17:23 2012 us=454354 tls_remote = '[UNDEF]'
Thu Feb 16 18:17:23 2012 us=454359 crl_file = '[UNDEF]'
Thu Feb 16 18:17:23 2012 us=454363 ns_cert_type = 0
Thu Feb 16 18:17:23 2012 us=454368 remote_cert_ku = 0
Thu Feb 16 18:17:23 2012 us=454373 remote_cert_ku = 0
Thu Feb 16 18:17:23 2012 us=454377 remote_cert_ku = 0
Thu Feb 16 18:17:23 2012 us=454381 remote_cert_ku = 0
Thu Feb 16 18:17:23 2012 us=454386 remote_cert_ku = 0
Thu Feb 16 18:17:23 2012 us=454390 remote_cert_ku = 0
Thu Feb 16 18:17:23 2012 us=454394 remote_cert_ku = 0
Thu Feb 16 18:17:23 2012 us=454399 remote_cert_ku = 0
Thu Feb 16 18:17:23 2012 us=454403 remote_cert_ku = 0
Thu Feb 16 18:17:23 2012 us=454408 remote_cert_ku = 0
Thu Feb 16 18:17:23 2012 us=454412 remote_cert_ku[i] = 0
Thu Feb 16 18:17:23 2012 us=454416 remote_cert_ku[i] = 0
Thu Feb 16 18:17:23 2012 us=454421 remote_cert_ku[i] = 0
Thu Feb 16 18:17:23 2012 us=454425 remote_cert_ku[i] = 0
Thu Feb 16 18:17:23 2012 us=454430 remote_cert_ku[i] = 0
Thu Feb 16 18:17:23 2012 us=454434 remote_cert_ku[i] = 0
Thu Feb 16 18:17:23 2012 us=454439 remote_cert_eku = '[UNDEF]'
Thu Feb 16 18:17:23 2012 us=454455 tls_timeout = 2
Thu Feb 16 18:17:23 2012 us=454460 renegotiate_bytes = 0
Thu Feb 16 18:17:23 2012 us=454464 renegotiate_packets = 0
Thu Feb 16 18:17:23 2012 us=454469 renegotiate_seconds = 3600
Thu Feb 16 18:17:23 2012 us=454473 handshake_window = 60
Thu Feb 16 18:17:23 2012 us=454478 transition_window = 3600
Thu Feb 16 18:17:23 2012 us=454482 single_session = DISABLED
Thu Feb 16 18:17:23 2012 us=454487 push_peer_info = DISABLED
Thu Feb 16 18:17:23 2012 us=454491 tls_exit = DISABLED
Thu Feb 16 18:17:23 2012 us=454496 tls_auth_file = '[UNDEF]'
Thu Feb 16 18:17:23 2012 us=454500 pkcs11_protected_authentication = DISABLED
Thu Feb 16 18:17:23 2012 us=454505 pkcs11_protected_authentication = DISABLED
Thu Feb 16 18:17:23 2012 us=454510 pkcs11_protected_authentication = DISABLED
Thu Feb 16 18:17:23 2012 us=454514 pkcs11_protected_authentication = DISABLED
Thu Feb 16 18:17:23 2012 us=454519 pkcs11_protected_authentication = DISABLED
Thu Feb 16 18:17:23 2012 us=454523 pkcs11_protected_authentication = DISABLED
Thu Feb 16 18:17:23 2012 us=454528 pkcs11_protected_authentication = DISABLED
Thu Feb 16 18:17:23 2012 us=454532 pkcs11_protected_authentication = DISABLED
Thu Feb 16 18:17:23 2012 us=454537 pkcs11_protected_authentication = DISABLED
Thu Feb 16 18:17:23 2012 us=454541 pkcs11_protected_authentication = DISABLED
Thu Feb 16 18:17:23 2012 us=454779 pkcs11_protected_authentication = DISABLED
Thu Feb 16 18:17:23 2012 us=454784 pkcs11_protected_authentication = DISABLED
Thu Feb 16 18:17:23 2012 us=454789 pkcs11_protected_authentication = DISABLED
Thu Feb 16 18:17:23 2012 us=454793 pkcs11_protected_authentication = DISABLED
Thu Feb 16 18:17:23 2012 us=454798 pkcs11_protected_authentication = DISABLED
Thu Feb 16 18:17:23 2012 us=454803 pkcs11_protected_authentication = DISABLED
Thu Feb 16 18:17:23 2012 us=454809 pkcs11_private_mode = 00000000
Thu Feb 16 18:17:23 2012 us=454814 pkcs11_private_mode = 00000000
Thu Feb 16 18:17:23 2012 us=454819 pkcs11_private_mode = 00000000
Thu Feb 16 18:17:23 2012 us=454823 pkcs11_private_mode = 00000000
Thu Feb 16 18:17:23 2012 us=454828 pkcs11_private_mode = 00000000
Thu Feb 16 18:17:23 2012 us=454832 pkcs11_private_mode = 00000000
Thu Feb 16 18:17:23 2012 us=454837 pkcs11_private_mode = 00000000
Thu Feb 16 18:17:23 2012 us=454842 pkcs11_private_mode = 00000000
Thu Feb 16 18:17:23 2012 us=454846 pkcs11_private_mode = 00000000
Thu Feb 16 18:17:23 2012 us=454851 pkcs11_private_mode = 00000000
Thu Feb 16 18:17:23 2012 us=454855 pkcs11_private_mode = 00000000
Thu Feb 16 18:17:23 2012 us=454860 pkcs11_private_mode = 00000000
Thu Feb 16 18:17:23 2012 us=454864 pkcs11_private_mode = 00000000
Thu Feb 16 18:17:23 2012 us=454869 pkcs11_private_mode = 00000000
Thu Feb 16 18:17:23 2012 us=454873 pkcs11_private_mode = 00000000
Thu Feb 16 18:17:23 2012 us=454878 pkcs11_private_mode = 00000000
Thu Feb 16 18:17:23 2012 us=454882 pkcs11_cert_private = DISABLED
Thu Feb 16 18:17:23 2012 us=454887 pkcs11_cert_private = DISABLED
Thu Feb 16 18:17:23 2012 us=454891 pkcs11_cert_private = DISABLED
Thu Feb 16 18:17:23 2012 us=454896 pkcs11_cert_private = DISABLED
Thu Feb 16 18:17:23 2012 us=454901 pkcs11_cert_private = DISABLED
Thu Feb 16 18:17:23 2012 us=454905 pkcs11_cert_private = DISABLED
Thu Feb 16 18:17:23 2012 us=454910 pkcs11_cert_private = DISABLED
Thu Feb 16 18:17:23 2012 us=454914 pkcs11_cert_private = DISABLED
Thu Feb 16 18:17:23 2012 us=454919 pkcs11_cert_private = DISABLED
Thu Feb 16 18:17:23 2012 us=454923 pkcs11_cert_private = DISABLED
Thu Feb 16 18:17:23 2012 us=454928 pkcs11_cert_private = DISABLED
Thu Feb 16 18:17:23 2012 us=454933 pkcs11_cert_private = DISABLED
Thu Feb 16 18:17:23 2012 us=454937 pkcs11_cert_private = DISABLED
Thu Feb 16 18:17:23 2012 us=454942 pkcs11_cert_private = DISABLED
Thu Feb 16 18:17:23 2012 us=454946 pkcs11_cert_private = DISABLED
Thu Feb 16 18:17:23 2012 us=454951 pkcs11_cert_private = DISABLED
Thu Feb 16 18:17:23 2012 us=454955 pkcs11_pin_cache_period = -1
Thu Feb 16 18:17:23 2012 us=454960 pkcs11_id = '[UNDEF]'
Thu Feb 16 18:17:23 2012 us=454965 pkcs11_id_management = DISABLED
Thu Feb 16 18:17:23 2012 us=454975 server_network = 0.0.0.0
Thu Feb 16 18:17:23 2012 us=454990 server_netmask = 0.0.0.0
Thu Feb 16 18:17:23 2012 us=454997 server_bridge_ip = 0.0.0.0
Thu Feb 16 18:17:23 2012 us=455005 server_bridge_netmask = 0.0.0.0
Thu Feb 16 18:17:23 2012 us=455011 server_bridge_pool_start = 0.0.0.0
Thu Feb 16 18:17:23 2012 us=455016 server_bridge_pool_end = 0.0.0.0
Thu Feb 16 18:17:23 2012 us=455020 ifconfig_pool_defined = DISABLED
Thu Feb 16 18:17:23 2012 us=455026 ifconfig_pool_start = 0.0.0.0
Thu Feb 16 18:17:23 2012 us=455031 ifconfig_pool_end = 0.0.0.0
Thu Feb 16 18:17:23 2012 us=455036 ifconfig_pool_netmask = 0.0.0.0
Thu Feb 16 18:17:23 2012 us=455041 ifconfig_pool_persist_filename = '[UNDEF]'
Thu Feb 16 18:17:23 2012 us=455046 ifconfig_pool_persist_refresh_freq = 600
Thu Feb 16 18:17:23 2012 us=455051 n_bcast_buf = 256
Thu Feb 16 18:17:23 2012 us=455055 tcp_queue_limit = 64
Thu Feb 16 18:17:23 2012 us=455060 real_hash_size = 256
Thu Feb 16 18:17:23 2012 us=455064 virtual_hash_size = 256
Thu Feb 16 18:17:23 2012 us=455069 client_connect_script = '[UNDEF]'
Thu Feb 16 18:17:23 2012 us=455074 learn_address_script = '[UNDEF]'
Thu Feb 16 18:17:23 2012 us=455078 client_disconnect_script = '[UNDEF]'
Thu Feb 16 18:17:23 2012 us=455083 client_config_dir = '[UNDEF]'
Thu Feb 16 18:17:23 2012 us=455088 ccd_exclusive = DISABLED
Thu Feb 16 18:17:23 2012 us=455092 tmp_dir = '/root/tmp'
Thu Feb 16 18:17:23 2012 us=455097 push_ifconfig_defined = DISABLED
Thu Feb 16 18:17:23 2012 us=455102 push_ifconfig_local = 0.0.0.0
Thu Feb 16 18:17:23 2012 us=455108 push_ifconfig_remote_netmask = 0.0.0.0
Thu Feb 16 18:17:23 2012 us=455112 enable_c2c = DISABLED
Thu Feb 16 18:17:23 2012 us=455117 duplicate_cn = DISABLED
Thu Feb 16 18:17:23 2012 us=455121 cf_max = 0
Thu Feb 16 18:17:23 2012 us=455126 cf_per = 0
Thu Feb 16 18:17:23 2012 us=455130 max_clients = 1024
Thu Feb 16 18:17:23 2012 us=455135 max_routes_per_client = 256
Thu Feb 16 18:17:23 2012 us=455140 auth_user_pass_verify_script = '[UNDEF]'
Thu Feb 16 18:17:23 2012 us=455144 auth_user_pass_verify_script_via_file = DISABLED
Thu Feb 16 18:17:23 2012 us=455149 ssl_flags = 0
Thu Feb 16 18:17:23 2012 us=455154 port_share_host = '[UNDEF]'
Thu Feb 16 18:17:23 2012 us=455158 port_share_port = 0
Thu Feb 16 18:17:23 2012 us=455163 client = DISABLED
Thu Feb 16 18:17:23 2012 us=455167 pull = DISABLED
Thu Feb 16 18:17:23 2012 us=455172 auth_user_pass_file = '[UNDEF]'
Thu Feb 16 18:17:23 2012 us=455179 OpenVPN 2.2.1 x86_64-mandriva-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] built on Nov 8 2011
Thu Feb 16 18:17:23 2012 us=455279 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Thu Feb 16 18:17:23 2012 us=470159 Static Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Feb 16 18:17:23 2012 us=470823 Static Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Feb 16 18:17:23 2012 us=470868 Static Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Feb 16 18:17:23 2012 us=470874 Static Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Feb 16 18:17:23 2012 us=470914 Socket Buffers: R=[126976->131072] S=[126976->131072]
Thu Feb 16 18:17:23 2012 us=526196 TUN/TAP device tun0 opened
Thu Feb 16 18:17:23 2012 us=526238 TUN/TAP TX queue length set to 100
Thu Feb 16 18:17:23 2012 us=526281 /sbin/ifconfig tun0 10.0.0.1 pointopoint 10.0.0.2 mtu 1500
Thu Feb 16 18:17:23 2012 us=528899 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:4 ET:0 EL:0 ]
Thu Feb 16 18:17:23 2012 us=528942 Local Options String: 'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto UDPv4,ifconfig 10.0.0.2 10.0.0.1,cipher BF-CBC,auth SHA1,keysize 128,secret'
Thu Feb 16 18:17:23 2012 us=528948 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto UDPv4,ifconfig 10.0.0.1 10.0.0.2,cipher BF-CBC,auth SHA1,keysize 128,secret'
Thu Feb 16 18:17:23 2012 us=528967 Local Options hash (VER=V4): '522471df'
Thu Feb 16 18:17:23 2012 us=528995 Expected Remote Options hash (VER=V4): '5c3fe1ab'
Thu Feb 16 18:17:23 2012 us=529011 UDPv4 link local (bound): [undef]:1194
Thu Feb 16 18:17:23 2012 us=529017 UDPv4 link remote: [undef]
Client
======
[root@localhost openvpn]# openvpn --script-security 2 --config /etc/openvpn/client.conf
Thu Feb 16 18:20:35 2012 us=411694 Current Parameter Settings:
Thu Feb 16 18:20:35 2012 us=411889 config = '/etc/openvpn/client.conf'
Thu Feb 16 18:20:35 2012 us=411932 mode = 0
Thu Feb 16 18:20:35 2012 us=411968 persist_config = DISABLED
Thu Feb 16 18:20:35 2012 us=412004 persist_mode = 1
Thu Feb 16 18:20:35 2012 us=412040 show_ciphers = DISABLED
Thu Feb 16 18:20:35 2012 us=412075 show_digests = DISABLED
Thu Feb 16 18:20:35 2012 us=412111 show_engines = DISABLED
Thu Feb 16 18:20:35 2012 us=412146 genkey = DISABLED
Thu Feb 16 18:20:35 2012 us=412181 key_pass_file = '[UNDEF]'
Thu Feb 16 18:20:35 2012 us=412216 show_tls_ciphers = DISABLED
Thu Feb 16 18:20:35 2012 us=412251 Connection profiles [default]:
Thu Feb 16 18:20:35 2012 us=412287 proto = udp
Thu Feb 16 18:20:35 2012 us=413142 local = '[UNDEF]'
Thu Feb 16 18:20:35 2012 us=413183 local_port = 1194
Thu Feb 16 18:20:35 2012 us=413218 remote = 'asandco.no-ip.org'
Thu Feb 16 18:20:35 2012 us=413255 remote_port = 1194
Thu Feb 16 18:20:35 2012 us=413291 remote_float = DISABLED
Thu Feb 16 18:20:35 2012 us=413819 bind_defined = DISABLED
Thu Feb 16 18:20:35 2012 us=413856 bind_local = ENABLED
Thu Feb 16 18:20:35 2012 us=413891 connect_retry_seconds = 5
Thu Feb 16 18:20:35 2012 us=413927 connect_timeout = 10
Thu Feb 16 18:20:35 2012 us=413962 connect_retry_max = 0
Thu Feb 16 18:20:35 2012 us=413997 socks_proxy_server = '[UNDEF]'
Thu Feb 16 18:20:35 2012 us=414033 socks_proxy_port = 0
Thu Feb 16 18:20:35 2012 us=414068 socks_proxy_retry = DISABLED
Thu Feb 16 18:20:35 2012 us=414113 Connection profiles END
Thu Feb 16 18:20:35 2012 us=414150 remote_random = DISABLED
Thu Feb 16 18:20:35 2012 us=414185 ipchange = '[UNDEF]'
Thu Feb 16 18:20:35 2012 us=414219 dev = 'tun'
Thu Feb 16 18:20:35 2012 us=414253 dev_type = '[UNDEF]'
Thu Feb 16 18:20:35 2012 us=414288 dev_node = '[UNDEF]'
Thu Feb 16 18:20:35 2012 us=415050 lladdr = '[UNDEF]'
Thu Feb 16 18:20:35 2012 us=415088 topology = 1
Thu Feb 16 18:20:35 2012 us=415124 tun_ipv6 = DISABLED
Thu Feb 16 18:20:35 2012 us=415159 ifconfig_local = '10.0.0.2'
Thu Feb 16 18:20:35 2012 us=415194 ifconfig_remote_netmask = '10.0.0.1'
Thu Feb 16 18:20:35 2012 us=415229 ifconfig_noexec = DISABLED
Thu Feb 16 18:20:35 2012 us=415265 ifconfig_nowarn = DISABLED
Thu Feb 16 18:20:35 2012 us=415783 shaper = 0
Thu Feb 16 18:20:35 2012 us=415838 tun_mtu = 1500
Thu Feb 16 18:20:35 2012 us=415874 tun_mtu_defined = ENABLED
Thu Feb 16 18:20:35 2012 us=415910 link_mtu = 1500
Thu Feb 16 18:20:35 2012 us=415945 link_mtu_defined = DISABLED
Thu Feb 16 18:20:35 2012 us=415980 tun_mtu_extra = 0
Thu Feb 16 18:20:35 2012 us=416014 tun_mtu_extra_defined = DISABLED
Thu Feb 16 18:20:35 2012 us=416050 fragment = 0
Thu Feb 16 18:20:35 2012 us=416085 mtu_discover_type = -1
Thu Feb 16 18:20:35 2012 us=416120 mtu_test = 0
Thu Feb 16 18:20:35 2012 us=416155 mlock = DISABLED
Thu Feb 16 18:20:35 2012 us=416190 keepalive_ping = 0
Thu Feb 16 18:20:35 2012 us=416225 keepalive_timeout = 0
Thu Feb 16 18:20:35 2012 us=416260 inactivity_timeout = 0
Thu Feb 16 18:20:35 2012 us=416961 ping_send_timeout = 0
Thu Feb 16 18:20:35 2012 us=417018 ping_rec_timeout = 0
Thu Feb 16 18:20:35 2012 us=417055 ping_rec_timeout_action = 0
Thu Feb 16 18:20:35 2012 us=417090 ping_timer_remote = DISABLED
Thu Feb 16 18:20:35 2012 us=417126 remap_sigusr1 = 0
Thu Feb 16 18:20:35 2012 us=417161 explicit_exit_notification = 0
Thu Feb 16 18:20:35 2012 us=417196 persist_tun = DISABLED
Thu Feb 16 18:20:35 2012 us=417230 persist_local_ip = DISABLED
Thu Feb 16 18:20:35 2012 us=417265 persist_remote_ip = DISABLED
Thu Feb 16 18:20:35 2012 us=417809 persist_key = DISABLED
Thu Feb 16 18:20:35 2012 us=417861 mssfix = 1450
Thu Feb 16 18:20:35 2012 us=417896 passtos = DISABLED
Thu Feb 16 18:20:35 2012 us=417932 resolve_retry_seconds = 1000000000
Thu Feb 16 18:20:35 2012 us=417967 username = '[UNDEF]'
Thu Feb 16 18:20:35 2012 us=418002 groupname = '[UNDEF]'
Thu Feb 16 18:20:35 2012 us=418037 chroot_dir = '[UNDEF]'
Thu Feb 16 18:20:35 2012 us=418071 cd_dir = '[UNDEF]'
Thu Feb 16 18:20:35 2012 us=418106 writepid = '[UNDEF]'
Thu Feb 16 18:20:35 2012 us=418150 up_script = '[UNDEF]'
Thu Feb 16 18:20:35 2012 us=418186 down_script = '[UNDEF]'
Thu Feb 16 18:20:35 2012 us=418221 down_pre = DISABLED
Thu Feb 16 18:20:35 2012 us=418256 up_restart = DISABLED
Thu Feb 16 18:20:35 2012 us=418290 up_delay = DISABLED
Thu Feb 16 18:20:35 2012 us=418400 daemon = DISABLED
Thu Feb 16 18:20:35 2012 us=418454 inetd = 0
Thu Feb 16 18:20:35 2012 us=418504 log = DISABLED
Thu Feb 16 18:20:35 2012 us=418564 suppress_timestamps = DISABLED
Thu Feb 16 18:20:35 2012 us=418614 nice = 0
Thu Feb 16 18:20:35 2012 us=418662 verbosity = 5
Thu Feb 16 18:20:35 2012 us=418710 mute = 0
Thu Feb 16 18:20:35 2012 us=418757 gremlin = 0
Thu Feb 16 18:20:35 2012 us=418805 status_file = '[UNDEF]'
Thu Feb 16 18:20:35 2012 us=418852 status_file_version = 1
Thu Feb 16 18:20:35 2012 us=418900 status_file_update_freq = 60
Thu Feb 16 18:20:35 2012 us=418948 occ = ENABLED
Thu Feb 16 18:20:35 2012 us=418996 rcvbuf = 65536
Thu Feb 16 18:20:35 2012 us=419044 sndbuf = 65536
Thu Feb 16 18:20:35 2012 us=419091 sockflags = 0
Thu Feb 16 18:20:35 2012 us=419139 fast_io = DISABLED
Thu Feb 16 18:20:35 2012 us=419187 lzo = 0
Thu Feb 16 18:20:35 2012 us=419237 route_script = '[UNDEF]'
Thu Feb 16 18:20:35 2012 us=419289 route_default_gateway = '[UNDEF]'
Thu Feb 16 18:20:35 2012 us=419392 route_default_metric = 0
Thu Feb 16 18:20:35 2012 us=419444 route_noexec = DISABLED
Thu Feb 16 18:20:35 2012 us=419493 route_delay = 0
Thu Feb 16 18:20:35 2012 us=419541 route_delay_window = 30
Thu Feb 16 18:20:35 2012 us=419589 route_delay_defined = DISABLED
Thu Feb 16 18:20:35 2012 us=419639 route_nopull = DISABLED
Thu Feb 16 18:20:35 2012 us=419687 route_gateway_via_dhcp = DISABLED
Thu Feb 16 18:20:35 2012 us=419736 max_routes = 100
Thu Feb 16 18:20:35 2012 us=419784 allow_pull_fqdn = DISABLED
Thu Feb 16 18:20:35 2012 us=419833 management_addr = '[UNDEF]'
Thu Feb 16 18:20:35 2012 us=419881 management_port = 0
Thu Feb 16 18:20:35 2012 us=419930 management_user_pass = '[UNDEF]'
Thu Feb 16 18:20:35 2012 us=419979 management_log_history_cache = 250
Thu Feb 16 18:20:35 2012 us=420028 management_echo_buffer_size = 100
Thu Feb 16 18:20:35 2012 us=420078 management_write_peer_info_file = '[UNDEF]'
Thu Feb 16 18:20:35 2012 us=420126 management_client_user = '[UNDEF]'
Thu Feb 16 18:20:35 2012 us=420176 management_client_group = '[UNDEF]'
Thu Feb 16 18:20:35 2012 us=420225 management_flags = 0
Thu Feb 16 18:20:35 2012 us=420274 shared_secret_file = '/etc/openvpn/static.key'
Thu Feb 16 18:20:35 2012 us=420378 key_direction = 0
Thu Feb 16 18:20:35 2012 us=420428 ciphername_defined = ENABLED
Thu Feb 16 18:20:35 2012 us=420480 ciphername = 'BF-CBC'
Thu Feb 16 18:20:35 2012 us=420536 authname_defined = ENABLED
Thu Feb 16 18:20:35 2012 us=420591 authname = 'SHA1'
Thu Feb 16 18:20:35 2012 us=420644 prng_hash = 'SHA1'
Thu Feb 16 18:20:35 2012 us=420693 prng_nonce_secret_len = 16
Thu Feb 16 18:20:35 2012 us=420742 keysize = 0
Thu Feb 16 18:20:35 2012 us=420789 engine = DISABLED
Thu Feb 16 18:20:35 2012 us=420837 replay = ENABLED
Thu Feb 16 18:20:35 2012 us=420886 mute_replay_warnings = DISABLED
Thu Feb 16 18:20:35 2012 us=420935 replay_window = 64
Thu Feb 16 18:20:35 2012 us=420983 replay_time = 15
Thu Feb 16 18:20:35 2012 us=421031 packet_id_file = '[UNDEF]'
Thu Feb 16 18:20:35 2012 us=421080 use_iv = ENABLED
Thu Feb 16 18:20:35 2012 us=421128 test_crypto = DISABLED
Thu Feb 16 18:20:35 2012 us=421176 tls_server = DISABLED
Thu Feb 16 18:20:35 2012 us=421225 tls_client = DISABLED
Thu Feb 16 18:20:35 2012 us=421274 key_method = 2
Thu Feb 16 18:20:35 2012 us=421384 ca_file = '[UNDEF]'
Thu Feb 16 18:20:35 2012 us=421434 ca_path = '[UNDEF]'
Thu Feb 16 18:20:35 2012 us=421482 dh_file = '[UNDEF]'
Thu Feb 16 18:20:35 2012 us=421530 cert_file = '[UNDEF]'
Thu Feb 16 18:20:35 2012 us=421579 priv_key_file = '[UNDEF]'
Thu Feb 16 18:20:35 2012 us=421627 pkcs12_file = '[UNDEF]'
Thu Feb 16 18:20:35 2012 us=421675 cipher_list = '[UNDEF]'
Thu Feb 16 18:20:35 2012 us=421724 tls_verify = '[UNDEF]'
Thu Feb 16 18:20:35 2012 us=421772 tls_export_cert = '[UNDEF]'
Thu Feb 16 18:20:35 2012 us=421821 tls_remote = '[UNDEF]'
Thu Feb 16 18:20:35 2012 us=421870 crl_file = '[UNDEF]'
Thu Feb 16 18:20:35 2012 us=421918 ns_cert_type = 0
Thu Feb 16 18:20:35 2012 us=421972 remote_cert_ku[i] = 0
Thu Feb 16 18:20:35 2012 us=422025 remote_cert_ku[i] = 0
Thu Feb 16 18:20:35 2012 us=422080 remote_cert_ku[i] = 0
Thu Feb 16 18:20:35 2012 us=422131 remote_cert_ku[i] = 0
Thu Feb 16 18:20:35 2012 us=422181 remote_cert_ku[i] = 0
Thu Feb 16 18:20:35 2012 us=422230 remote_cert_ku[i] = 0
Thu Feb 16 18:20:35 2012 us=422278 remote_cert_ku[i] = 0
Thu Feb 16 18:20:35 2012 us=422371 remote_cert_ku[i] = 0
Thu Feb 16 18:20:35 2012 us=422420 remote_cert_ku[i] = 0
Thu Feb 16 18:20:35 2012 us=422469 remote_cert_ku[i] = 0
Thu Feb 16 18:20:35 2012 us=422517 remote_cert_ku[i] = 0
Thu Feb 16 18:20:35 2012 us=422566 remote_cert_ku[i] = 0
Thu Feb 16 18:20:35 2012 us=422614 remote_cert_ku[i] = 0
Thu Feb 16 18:20:35 2012 us=422662 remote_cert_ku[i] = 0
Thu Feb 16 18:20:35 2012 us=422711 remote_cert_ku[i] = 0
Thu Feb 16 18:20:35 2012 us=422760 remote_cert_ku[i] = 0
Thu Feb 16 18:20:35 2012 us=422809 remote_cert_eku = '[UNDEF]'
Thu Feb 16 18:20:35 2012 us=422858 tls_timeout = 2
Thu Feb 16 18:20:35 2012 us=422906 renegotiate_bytes = 0
Thu Feb 16 18:20:35 2012 us=422955 renegotiate_packets = 0
Thu Feb 16 18:20:35 2012 us=423005 renegotiate_seconds = 3600
Thu Feb 16 18:20:35 2012 us=423054 handshake_window = 60
Thu Feb 16 18:20:35 2012 us=423102 transition_window = 3600
Thu Feb 16 18:20:35 2012 us=423150 single_session = DISABLED
Thu Feb 16 18:20:35 2012 us=423197 push_peer_info = DISABLED
Thu Feb 16 18:20:35 2012 us=423245 tls_exit = DISABLED
Thu Feb 16 18:20:35 2012 us=423333 tls_auth_file = '[UNDEF]'
Thu Feb 16 18:20:35 2012 us=423386 pkcs11_protected_authentication = DISABLED
Thu Feb 16 18:20:35 2012 us=423436 pkcs11_protected_authentication = DISABLED
Thu Feb 16 18:20:35 2012 us=423486 pkcs11_protected_authentication = DISABLED
Thu Feb 16 18:20:35 2012 us=423535 pkcs11_protected_authentication = DISABLED
Thu Feb 16 18:20:35 2012 us=423584 pkcs11_protected_authentication = DISABLED
Thu Feb 16 18:20:35 2012 us=423632 pkcs11_protected_authentication = DISABLED
Thu Feb 16 18:20:35 2012 us=423681 pkcs11_protected_authentication = DISABLED
Thu Feb 16 18:20:35 2012 us=423734 pkcs11_protected_authentication = DISABLED
Thu Feb 16 18:20:35 2012 us=423788 pkcs11_protected_authentication = DISABLED
Thu Feb 16 18:20:35 2012 us=423843 pkcs11_protected_authentication = DISABLED
Thu Feb 16 18:20:35 2012 us=423895 pkcs11_protected_authentication = DISABLED
Thu Feb 16 18:20:35 2012 us=423946 pkcs11_protected_authentication = DISABLED
Thu Feb 16 18:20:35 2012 us=423995 pkcs11_protected_authentication = DISABLED
Thu Feb 16 18:20:35 2012 us=424044 pkcs11_protected_authentication = DISABLED
Thu Feb 16 18:20:35 2012 us=424094 pkcs11_protected_authentication = DISABLED
Thu Feb 16 18:20:35 2012 us=424143 pkcs11_protected_authentication = DISABLED
Thu Feb 16 18:20:35 2012 us=424194 pkcs11_private_mode = 00000000
Thu Feb 16 18:20:35 2012 us=424243 pkcs11_private_mode = 00000000
Thu Feb 16 18:20:35 2012 us=424334 pkcs11_private_mode = 00000000
Thu Feb 16 18:20:35 2012 us=424390 pkcs11_private_mode = 00000000
Thu Feb 16 18:20:35 2012 us=424440 pkcs11_private_mode = 00000000
Thu Feb 16 18:20:35 2012 us=424490 pkcs11_private_mode = 00000000
Thu Feb 16 18:20:35 2012 us=424540 pkcs11_private_mode = 00000000
Thu Feb 16 18:20:35 2012 us=424590 pkcs11_private_mode = 00000000
Thu Feb 16 18:20:35 2012 us=424640 pkcs11_private_mode = 00000000
Thu Feb 16 18:20:35 2012 us=424691 pkcs11_private_mode = 00000000
Thu Feb 16 18:20:35 2012 us=424741 pkcs11_private_mode = 00000000
Thu Feb 16 18:20:35 2012 us=424790 pkcs11_private_mode = 00000000
Thu Feb 16 18:20:35 2012 us=424840 pkcs11_private_mode = 00000000
Thu Feb 16 18:20:35 2012 us=424890 pkcs11_private_mode = 00000000
Thu Feb 16 18:20:35 2012 us=424940 pkcs11_private_mode = 00000000
Thu Feb 16 18:20:35 2012 us=424990 pkcs11_private_mode = 00000000
Thu Feb 16 18:20:35 2012 us=425038 pkcs11_cert_private = DISABLED
Thu Feb 16 18:20:35 2012 us=425087 pkcs11_cert_private = DISABLED
Thu Feb 16 18:20:35 2012 us=425137 pkcs11_cert_private = DISABLED
Thu Feb 16 18:20:35 2012 us=425186 pkcs11_cert_private = DISABLED
Thu Feb 16 18:20:35 2012 us=425235 pkcs11_cert_private = DISABLED
Thu Feb 16 18:20:35 2012 us=425283 pkcs11_cert_private = DISABLED
Thu Feb 16 18:20:35 2012 us=425376 pkcs11_cert_private = DISABLED
Thu Feb 16 18:20:35 2012 us=425427 pkcs11_cert_private = DISABLED
Thu Feb 16 18:20:35 2012 us=425476 pkcs11_cert_private = DISABLED
Thu Feb 16 18:20:35 2012 us=425524 pkcs11_cert_private = DISABLED
Thu Feb 16 18:20:35 2012 us=425573 pkcs11_cert_private = DISABLED
Thu Feb 16 18:20:35 2012 us=425621 pkcs11_cert_private = DISABLED
Thu Feb 16 18:20:35 2012 us=425669 pkcs11_cert_private = DISABLED
Thu Feb 16 18:20:35 2012 us=425717 pkcs11_cert_private = DISABLED
Thu Feb 16 18:20:35 2012 us=425764 pkcs11_cert_private = DISABLED
Thu Feb 16 18:20:35 2012 us=425815 pkcs11_cert_private = DISABLED
Thu Feb 16 18:20:35 2012 us=425870 pkcs11_pin_cache_period = -1
Thu Feb 16 18:20:35 2012 us=425923 pkcs11_id = '[UNDEF]'
Thu Feb 16 18:20:35 2012 us=425976 pkcs11_id_management = DISABLED
Thu Feb 16 18:20:35 2012 us=426091 server_network = 0.0.0.0
Thu Feb 16 18:20:35 2012 us=426148 server_netmask = 0.0.0.0
Thu Feb 16 18:20:35 2012 us=426202 server_bridge_ip = 0.0.0.0
Thu Feb 16 18:20:35 2012 us=426257 server_bridge_netmask = 0.0.0.0
Thu Feb 16 18:20:35 2012 us=426357 server_bridge_pool_start = 0.0.0.0
Thu Feb 16 18:20:35 2012 us=426416 server_bridge_pool_end = 0.0.0.0
Thu Feb 16 18:20:35 2012 us=426466 ifconfig_pool_defined = DISABLED
Thu Feb 16 18:20:35 2012 us=426520 ifconfig_pool_start = 0.0.0.0
Thu Feb 16 18:20:35 2012 us=426574 ifconfig_pool_end = 0.0.0.0
Thu Feb 16 18:20:35 2012 us=426628 ifconfig_pool_netmask = 0.0.0.0
Thu Feb 16 18:20:35 2012 us=426676 ifconfig_pool_persist_filename = '[UNDEF]'
Thu Feb 16 18:20:35 2012 us=426726 ifconfig_pool_persist_refresh_freq = 600
Thu Feb 16 18:20:35 2012 us=426775 n_bcast_buf = 256
Thu Feb 16 18:20:35 2012 us=426824 tcp_queue_limit = 64
Thu Feb 16 18:20:35 2012 us=426872 real_hash_size = 256
Thu Feb 16 18:20:35 2012 us=426919 virtual_hash_size = 256
Thu Feb 16 18:20:35 2012 us=426973 client_connect_script = '[UNDEF]'
Thu Feb 16 18:20:35 2012 us=427022 learn_address_script = '[UNDEF]'
Thu Feb 16 18:20:35 2012 us=427071 client_disconnect_script = '[UNDEF]'
Thu Feb 16 18:20:35 2012 us=427120 client_config_dir = '[UNDEF]'
Thu Feb 16 18:20:35 2012 us=427168 ccd_exclusive = DISABLED
Thu Feb 16 18:20:35 2012 us=427216 tmp_dir = '/root/tmp'
Thu Feb 16 18:20:35 2012 us=427264 push_ifconfig_defined = DISABLED
Thu Feb 16 18:20:35 2012 us=427588 push_ifconfig_local = 0.0.0.0
Thu Feb 16 18:20:35 2012 us=427666 push_ifconfig_remote_netmask = 0.0.0.0
Thu Feb 16 18:20:35 2012 us=427715 enable_c2c = DISABLED
Thu Feb 16 18:20:35 2012 us=427764 duplicate_cn = DISABLED
Thu Feb 16 18:20:35 2012 us=427812 cf_max = 0
Thu Feb 16 18:20:35 2012 us=427861 cf_per = 0
Thu Feb 16 18:20:35 2012 us=427908 max_clients = 1024
Thu Feb 16 18:20:35 2012 us=427957 max_routes_per_client = 256
Thu Feb 16 18:20:35 2012 us=428006 auth_user_pass_verify_script = '[UNDEF]'
Thu Feb 16 18:20:35 2012 us=428056 auth_user_pass_verify_script_via_file = DISABLED
Thu Feb 16 18:20:35 2012 us=428105 ssl_flags = 0
Thu Feb 16 18:20:35 2012 us=428152 port_share_host = '[UNDEF]'
Thu Feb 16 18:20:35 2012 us=428201 port_share_port = 0
Thu Feb 16 18:20:35 2012 us=428249 client = DISABLED
Thu Feb 16 18:20:35 2012 us=428352 pull = DISABLED
Thu Feb 16 18:20:35 2012 us=428407 auth_user_pass_file = '[UNDEF]'
Thu Feb 16 18:20:35 2012 us=428477 OpenVPN 2.2.1 i586-mandriva-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] built on Nov 9 2011
Thu Feb 16 18:20:35 2012 us=428956 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Thu Feb 16 18:20:35 2012 us=432772 Static Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Feb 16 18:20:35 2012 us=432900 Static Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Feb 16 18:20:35 2012 us=433036 Static Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Feb 16 18:20:35 2012 us=433083 Static Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Feb 16 18:20:35 2012 us=433211 Socket Buffers: R=[114688->131072] S=[114688->131072]
Thu Feb 16 18:20:35 2012 us=570809 TUN/TAP device tun0 opened
Thu Feb 16 18:20:35 2012 us=570983 TUN/TAP TX queue length set to 100
Thu Feb 16 18:20:35 2012 us=571160 /sbin/ifconfig tun0 10.0.0.2 pointopoint 10.0.0.1 mtu 1500
Thu Feb 16 18:20:35 2012 us=580042 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:4 ET:0 EL:0 ]
Thu Feb 16 18:20:35 2012 us=580218 Local Options String: 'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto UDPv4,ifconfig 10.0.0.1 10.0.0.2,cipher BF-CBC,auth SHA1,keysize 128,secret'
Thu Feb 16 18:20:35 2012 us=580271 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto UDPv4,ifconfig 10.0.0.2 10.0.0.1,cipher BF-CBC,auth SHA1,keysize 128,secret'
Thu Feb 16 18:20:35 2012 us=580500 Local Options hash (VER=V4): '5c3fe1ab'
Thu Feb 16 18:20:35 2012 us=580589 Expected Remote Options hash (VER=V4): '522471df'
Thu Feb 16 18:20:35 2012 us=580680 UDPv4 link local (bound): [undef]:1194
Thu Feb 16 18:20:35 2012 us=580735 UDPv4 link remote: 8.23.224.90:1194
Thu Feb 16 18:22:37 2012 us=81063 NOTE: failed to obtain options consistency info from peer
-- this could occur if the remote peer is running a version of OpenVPN before 1.5-beta8 or
if there is a network connectivity problem, and will not necessarily prevent OpenVPN from
running (0 bytes received from peer, 0 bytes authenticated data channel traffic) -- you
can disable the options consistency check with --disable-occ
-
janjust
- Forum Team
- Posts: 2703
- Joined: Fri Aug 20, 2010 2:57 pm
- Location: Amsterdam
- Contact:
Re: I don't know what else to try?
I see no connection attempts on either side - most likely there's a firewall blocking access in between; also check iptables on both client and server to see if anything is dropping traffic there.
-
pinnerite
- OpenVpn Newbie
- Posts: 4
- Joined: Mon Feb 06, 2012 11:16 pm
Re: I don't know what else to try?
I have gone over the router settings with a fine tooth comb. I am considering switching it for another (I have a couple) but before I do so, I would like your view on this. The client messages show that it is trying to connect to 8.23.224.90:1194. I recognise the 1194 but not the URL. A trace shows that it is in Los Angeles, USA. I cannot see why this should show up unless it is related the the DDNS domain with no-ip.
I checked on my current ip address and substituted it for the DDNS name in client.conf and tried again. Still no connection.
The only firewall is that on the router and access to port 1194 is specifically allowed in both directions. I am going to switch routers and report back.
I checked on my current ip address and substituted it for the DDNS name in client.conf and tried again. Still no connection.
The only firewall is that on the router and access to port 1194 is specifically allowed in both directions. I am going to switch routers and report back.
-
pinnerite
- OpenVpn Newbie
- Posts: 4
- Joined: Mon Feb 06, 2012 11:16 pm
Re: I don't know what else to try?
I switched to a Linksys ADSL-router and tried again. I also plugged in my current IP address rather than the DDNS substitute and tried again. This time I saw 'Peer connection initiated' and can now ping 10.0.0.1.
The question now is, how do use it?
That probably sounds daft but I want to access files or better still control the server remotely. Can you suggest anything? I am running a KDE4 based linux system.
By the way, without your help I would never have got this far. Thank you.
The question now is, how do use it?
That probably sounds daft but I want to access files or better still control the server remotely. Can you suggest anything? I am running a KDE4 based linux system.
By the way, without your help I would never have got this far. Thank you.