castletonroad DD-WRT Novice
Joined: 23 Oct 2018 Posts: 27
|
Posted: Tue May 21, 2019 9:48 Post subject: |
|
Hi,
Thanks again for helping me out.
After restarting my router this morning, I have now connected my iPhone via OpenVPN. I am able to connect to the router, but not then an external IP.
Here're the outputs:
Code: | root@WNDR3700v4:~# iptables -vnL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
4209 1392K ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT udp -- vlan2 * 0.0.0.0/0 0.0.0.0/0 udp spt:67 dpt:68
7 297 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:1194
205 13682 ACCEPT 0 -- tun2 * 0.0.0.0/0 0.0.0.0/0
1 52 DROP udp -- vlan2 * 0.0.0.0/0 0.0.0.0/0 udp dpt:520
0 0 DROP udp -- br0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:520
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:520
17 666 DROP icmp -- vlan2 * 0.0.0.0/0 0.0.0.0/0
4 128 DROP 2 -- * * 0.0.0.0/0 0.0.0.0/0
34 2098 ACCEPT 0 -- lo * 0.0.0.0/0 0.0.0.0/0 state NEW
12492 1318K ACCEPT 0 -- br0 * 0.0.0.0/0 0.0.0.0/0 state NEW
57799 2366K DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
5611K 5388M ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT 47 -- * vlan2 192.168.200.0/24 0.0.0.0/0
0 0 ACCEPT tcp -- * vlan2 192.168.200.0/24 0.0.0.0/0 tcp dpt:1723
0 0 ACCEPT 0 -- tun2 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT 0 -- * tun2 0.0.0.0/0 0.0.0.0/0
39904 7238K lan2wan 0 -- * * 0.0.0.0/0 0.0.0.0/0
1408 77056 ACCEPT 0 -- br0 br0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT udp -- * * 0.0.0.0/0 192.168.200.23 udp dpt:4444
49 2532 ACCEPT tcp -- * * 0.0.0.0/0 192.168.200.23 tcp dpt:25
58 3448 ACCEPT tcp -- * * 0.0.0.0/0 192.168.200.23 tcp dpt:465
0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.200.23 tcp dpt:587
2 104 ACCEPT tcp -- * * 0.0.0.0/0 192.168.200.23 tcp dpt:143
86 5472 ACCEPT tcp -- * * 0.0.0.0/0 192.168.200.23 tcp dpt:993
8 416 ACCEPT tcp -- * * 0.0.0.0/0 192.168.200.23 tcp dpt:110
2 104 ACCEPT tcp -- * * 0.0.0.0/0 192.168.200.23 tcp dpt:995
94 4864 ACCEPT tcp -- * * 0.0.0.0/0 192.168.200.23 tcp dpt:80
481 28280 ACCEPT tcp -- * * 0.0.0.0/0 192.168.200.23 tcp dpt:443
0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.200.23 tcp dpt:4190
0 0 TRIGGER 0 -- vlan2 br0 0.0.0.0/0 0.0.0.0/0 TRIGGER type:in match:0 relate:0
37716 7116K trigger_out 0 -- br0 * 0.0.0.0/0 0.0.0.0/0
0 0 TRIGGER 0 -- vlan2 eth0 0.0.0.0/0 0.0.0.0/0 TRIGGER type:in match:0 relate:0
0 0 trigger_out 0 -- eth0 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT 0 -- eth0 * 0.0.0.0/0 0.0.0.0/0 state NEW
0 0 TRIGGER 0 -- vlan2 vlan1 0.0.0.0/0 0.0.0.0/0 TRIGGER type:in match:0 relate:0
0 0 trigger_out 0 -- vlan1 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT 0 -- vlan1 * 0.0.0.0/0 0.0.0.0/0 state NEW
37423 7094K ACCEPT 0 -- br0 * 0.0.0.0/0 0.0.0.0/0 state NEW
293 21215 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 15631 packets, 2123K bytes)
pkts bytes target prot opt in out source destination
Chain advgrp_1 (0 references)
pkts bytes target prot opt in out source destination
Chain advgrp_10 (0 references)
pkts bytes target prot opt in out source destination
Chain advgrp_11 (0 references)
pkts bytes target prot opt in out source destination
Chain advgrp_12 (0 references)
pkts bytes target prot opt in out source destination
Chain advgrp_13 (0 references)
pkts bytes target prot opt in out source destination
Chain advgrp_14 (0 references)
pkts bytes target prot opt in out source destination
Chain advgrp_15 (0 references)
pkts bytes target prot opt in out source destination
Chain advgrp_16 (0 references)
pkts bytes target prot opt in out source destination
Chain advgrp_17 (0 references)
pkts bytes target prot opt in out source destination
Chain advgrp_18 (0 references)
pkts bytes target prot opt in out source destination
Chain advgrp_19 (0 references)
pkts bytes target prot opt in out source destination
Chain advgrp_2 (0 references)
pkts bytes target prot opt in out source destination
Chain advgrp_20 (0 references)
pkts bytes target prot opt in out source destination
Chain advgrp_3 (0 references)
pkts bytes target prot opt in out source destination
Chain advgrp_4 (0 references)
pkts bytes target prot opt in out source destination
Chain advgrp_5 (0 references)
pkts bytes target prot opt in out source destination
Chain advgrp_6 (0 references)
pkts bytes target prot opt in out source destination
Chain advgrp_7 (0 references)
pkts bytes target prot opt in out source destination
Chain advgrp_8 (0 references)
pkts bytes target prot opt in out source destination
Chain advgrp_9 (0 references)
pkts bytes target prot opt in out source destination
Chain grp_1 (0 references)
pkts bytes target prot opt in out source destination
Chain grp_10 (0 references)
pkts bytes target prot opt in out source destination
Chain grp_11 (0 references)
pkts bytes target prot opt in out source destination
Chain grp_12 (0 references)
pkts bytes target prot opt in out source destination
Chain grp_13 (0 references)
pkts bytes target prot opt in out source destination
Chain grp_14 (0 references)
pkts bytes target prot opt in out source destination
Chain grp_15 (0 references)
pkts bytes target prot opt in out source destination
Chain grp_16 (0 references)
pkts bytes target prot opt in out source destination
Chain grp_17 (0 references)
pkts bytes target prot opt in out source destination
Chain grp_18 (0 references)
pkts bytes target prot opt in out source destination
Chain grp_19 (0 references)
pkts bytes target prot opt in out source destination
Chain grp_2 (0 references)
pkts bytes target prot opt in out source destination
Chain grp_20 (0 references)
pkts bytes target prot opt in out source destination
Chain grp_3 (0 references)
pkts bytes target prot opt in out source destination
Chain grp_4 (0 references)
pkts bytes target prot opt in out source destination
Chain grp_5 (0 references)
pkts bytes target prot opt in out source destination
Chain grp_6 (0 references)
pkts bytes target prot opt in out source destination
Chain grp_7 (0 references)
pkts bytes target prot opt in out source destination
Chain grp_8 (0 references)
pkts bytes target prot opt in out source destination
Chain grp_9 (0 references)
pkts bytes target prot opt in out source destination
Chain lan2wan (1 references)
pkts bytes target prot opt in out source destination
Chain logaccept (0 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain logdrop (0 references)
pkts bytes target prot opt in out source destination
0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain logreject (0 references)
pkts bytes target prot opt in out source destination
0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with tcp-reset
Chain trigger_out (3 references)
pkts bytes target prot opt in out source destination
root@WNDR3700v4:~# iptables -t nat -vnL
Chain PREROUTING (policy ACCEPT 110K packets, 11M bytes)
pkts bytes target prot opt in out source destination
17 666 DNAT icmp -- * * 0.0.0.0/0 xxx.xxx.xxx.xxx to:192.168.200.2
0 0 DNAT udp -- * * 0.0.0.0/0 xxx.xxx.xxx.xxx udp dpt:4444 to:192.168.200.23:4444
49 2528 DNAT tcp -- * * 0.0.0.0/0 xxx.xxx.xxx.xxx tcp dpt:25 to:192.168.200.23:25
59 3492 DNAT tcp -- * * 0.0.0.0/0 xxx.xxx.xxx.xxx tcp dpt:465 to:192.168.200.23:465
0 0 DNAT tcp -- * * 0.0.0.0/0 xxx.xxx.xxx.xxx tcp dpt:587 to:192.168.200.23:587
2 100 DNAT tcp -- * * 0.0.0.0/0 xxx.xxx.xxx.xxx tcp dpt:143 to:192.168.200.23:143
235 14876 DNAT tcp -- * * 0.0.0.0/0 xxx.xxx.xxx.xxx tcp dpt:993 to:192.168.200.23:993
8 408 DNAT tcp -- * * 0.0.0.0/0 xxx.xxx.xxx.xxx tcp dpt:110 to:192.168.200.23:110
2 100 DNAT tcp -- * * 0.0.0.0/0 xxx.xxx.xxx.xxx tcp dpt:995 to:192.168.200.23:995
94 4788 DNAT tcp -- * * 0.0.0.0/0 xxx.xxx.xxx.xxx tcp dpt:80 to:192.168.200.23:80
1748 96328 DNAT tcp -- * * 0.0.0.0/0 xxx.xxx.xxx.xxx tcp dpt:443 to:192.168.200.23:443
0 0 DNAT tcp -- * * 0.0.0.0/0 xxx.xxx.xxx.xxx tcp dpt:4190 to:192.168.200.23:4190
57653 2345K TRIGGER 0 -- * * 0.0.0.0/0 xxx.xxx.xxx.xxx TRIGGER type:dnat match:0 relate:0
Chain INPUT (policy ACCEPT 11145 packets, 918K bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 126 packets, 23342 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 909 packets, 68754 bytes)
pkts bytes target prot opt in out source destination
0 0 MASQUERADE 0 -- * vlan2 10.8.0.0/24 0.0.0.0/0
33205 6023K SNAT 0 -- * vlan2 192.168.200.0/24 0.0.0.0/0 to:xxx.xxx.xxx.xxx
1414 77356 MASQUERADE 0 -- * * 0.0.0.0/0 0.0.0.0/0 mark match 0x80000000/0x80000000
root@WNDR3700v4:~# |
Here's the OpenVPN log for the session from my iPhone:
Code: | 2019-05-21 19:12:55 ----- OpenVPN Start -----
OpenVPN core 3.2 ios arm64 64-bit PT_PROXY built on Oct 3 2018 06:35:04
2019-05-21 19:12:55 Frame=512/2048/512 mssfix-ctrl=1250
2019-05-21 19:12:55 UNUSED OPTIONS
5 [resolv-retry] [infinite]
6 [nobind]
7 [persist-key]
8 [persist-tun]
9 [sndbuf] [0]
10 [rcvbuf] [0]
12 [verb] [3]
14 [auth-nocache]
2019-05-21 19:12:55 EVENT: RESOLVE
2019-05-21 19:12:55 Contacting [xxx.xxx.xxx.xxx]:1194/UDP via UDP
2019-05-21 19:12:55 EVENT: WAIT
2019-05-21 19:12:55 Connecting to [mysite.org]:1194 (xxx.xxx.xxx.xxx) via UDPv4
2019-05-21 19:12:55 EVENT: CONNECTING
2019-05-21 19:12:55 Tunnel Options:V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-client
2019-05-21 19:12:55 Creds: UsernameEmpty/PasswordEmpty
2019-05-21 19:12:55 Peer Info:
IV_GUI_VER=net.openvpn.connect.ios 3.0.2-894
IV_VER=3.2
IV_PLAT=ios
IV_NCP=2
IV_TCPNL=1
IV_PROTO=2
IV_LZO_STUB=1
IV_COMP_STUB=1
IV_COMP_STUBv2=1
IV_AUTO_SESS=1
2019-05-21 19:12:56 VERIFY OK : depth=1
cert. version : 3
serial number : B9:4C:94:93:89:03:BB:F7
issuer name : C=xxx, ST=xxx, L=xxx, O=xxx, OU=xxx, CN=OpenVPN-CA, ??=xxx, emailAddress=xxx
subject name : C=xxx, ST=xxx, L=xxx, O=xxx, OU=xxx, CN=OpenVPN-CA, ??=xxx, emailAddress=xxx
issued on : 2018-10-20 11:36:19
expires on : 2028-10-17 11:36:19
signed using : RSA with SHA-256
RSA key size : 4096 bits
basic constraints : CA=true
2019-05-21 19:12:56 VERIFY OK : depth=0
cert. version : 3
serial number : 01
issuer name : C=xxx, ST=xxx, L=xxx, O=xxx, OU=xxx, CN=OpenVPN-CA, ??=xxx, emailAddress=xxx
subject name : C=xxx, ST=xxx, L=xxx, O=xxx, OU=xxx, CN=OpenVPN-CA, ??=xxx, emailAddress=xxx
issued on : 2018-10-20 11:38:48
expires on : 2028-10-17 11:38:48
signed using : RSA with SHA-256
RSA key size : 4096 bits
basic constraints : CA=false
cert. type : SSL Server
key usage : Digital Signature, Key Encipherment
ext key usage : TLS Web Server Authentication
2019-05-21 19:12:57 SSL Handshake: TLSv1.2/TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384
2019-05-21 19:12:57 Session is ACTIVE
2019-05-21 19:12:57 EVENT: GET_CONFIG
2019-05-21 19:12:57 Sending PUSH_REQUEST to server...
2019-05-21 19:12:57 OPTIONS:
0 [redirect-gateway] [def1]
1 [route] [10.8.0.1] [255.255.255.255]
2 [route] [10.8.0.0] [255.255.255.0]
3 [route] [192.168.200.0] [255.255.255.0]
4 [dhcp-option] [DNS] [10.8.0.1]
5 [route-gateway] [10.8.0.1]
6 [topology] [subnet]
7 [ping] [10]
8 [ping-restart] [120]
9 [ifconfig] [10.8.0.2] [255.255.255.0]
10 [peer-id] [0]
11 [cipher] [AES-256-GCM]
2019-05-21 19:12:57 PROTOCOL OPTIONS:
cipher: AES-256-GCM
digest: SHA1
compress: LZO_STUB
peer ID: 0
2019-05-21 19:12:57 EVENT: ASSIGN_IP
2019-05-21 19:12:57 NIP: preparing TUN network settings
2019-05-21 19:12:57 NIP: init TUN network settings with endpoint: xxx.xxx.xxx.xxx
2019-05-21 19:12:57 NIP: adding IPv4 address to network settings 10.8.0.2/255.255.255.0
2019-05-21 19:12:57 NIP: adding (included) IPv4 route 10.8.0.0/24
2019-05-21 19:12:57 NIP: adding (included) IPv4 route 10.8.0.1/32
2019-05-21 19:12:57 NIP: adding (included) IPv4 route 10.8.0.0/24
2019-05-21 19:12:57 NIP: adding (included) IPv4 route 192.168.200.0/24
2019-05-21 19:12:57 NIP: redirecting all IPv4 traffic to TUN interface
2019-05-21 19:12:57 NIP: adding DNS 10.8.0.1
2019-05-21 19:12:57 Connected via NetworkExtensionTUN
2019-05-21 19:12:57 LZO-ASYM init swap=0 asym=1
2019-05-21 19:12:57 Comp-stub init swap=0
2019-05-21 19:12:57 EVENT: CONNECTED mysite.org:1194 (xxx.xxx.xxx.xxx) via /UDPv4 on NetworkExtensionTUN/10.8.0.2/ gw=[/]
2019-05-21 19:17:59 OS Event: SLEEP
2019-05-21 19:17:59 EVENT: PAUSE
2019-05-21 19:18:00 OS Event: WAKEUP
2019-05-21 19:18:03 RESUME TEST: Internet:ReachableViaWWAN/WR t------
2019-05-21 19:18:03 STANDARD RESUME
2019-05-21 19:18:03 EVENT: RESUME
2019-05-21 19:18:03 EVENT: RECONNECTING
2019-05-21 19:18:03 EVENT: RESOLVE
2019-05-21 19:18:03 Contacting [xxx.xxx.xxx.xxx]:1194/UDP via UDP
2019-05-21 19:18:03 EVENT: WAIT
2019-05-21 19:18:03 Connecting to [mysite.org]:1194 (xxx.xxx.xxx.xxx) via UDPv4
2019-05-21 19:18:03 EVENT: CONNECTING
2019-05-21 19:18:03 Tunnel Options:V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-client
2019-05-21 19:18:03 Creds: UsernameEmpty/PasswordEmpty
2019-05-21 19:18:03 Peer Info:
IV_GUI_VER=net.openvpn.connect.ios 3.0.2-894
IV_VER=3.2
IV_PLAT=ios
IV_NCP=2
IV_TCPNL=1
IV_PROTO=2
IV_LZO_STUB=1
IV_COMP_STUB=1
IV_COMP_STUBv2=1
IV_AUTO_SESS=1
2019-05-21 19:18:04 VERIFY OK : depth=1
cert. version : 3
serial number : B9:4C:94:93:89:03:BB:F7
issuer name : C=xxx, ST=xxx, L=xxx, O=xxx, OU=xxx, CN=OpenVPN-CA, ??=xxx, emailAddress=xxx
subject name : C=xxx, ST=xxx, L=xxx, O=xxx, OU=xxx, CN=OpenVPN-CA, ??=xxx, emailAddress=xxx
issued on : 2018-10-20 11:36:19
expires on : 2028-10-17 11:36:19
signed using : RSA with SHA-256
RSA key size : 4096 bits
basic constraints : CA=true
2019-05-21 19:18:04 VERIFY OK : depth=0
cert. version : 3
serial number : 01
issuer name : C=xxx, ST=xxx, L=xxx, O=xxx, OU=xxx, CN=OpenVPN-CA, ??=xxx, emailAddress=xxx
subject name : C=xxx, ST=xxx, L=xxx, O=xxx, OU=xxx, CN=OpenVPN-CA, ??=xxx, emailAddress=xxx
issued on : 2018-10-20 11:38:48
expires on : 2028-10-17 11:38:48
signed using : RSA with SHA-256
RSA key size : 4096 bits
basic constraints : CA=false
cert. type : SSL Server
key usage : Digital Signature, Key Encipherment
ext key usage : TLS Web Server Authentication
2019-05-21 19:18:05 SSL Handshake: TLSv1.2/TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384
2019-05-21 19:18:05 Session is ACTIVE
2019-05-21 19:18:05 EVENT: GET_CONFIG
2019-05-21 19:18:05 Sending PUSH_REQUEST to server...
2019-05-21 19:18:05 OPTIONS:
0 [redirect-gateway] [def1]
1 [route] [10.8.0.1] [255.255.255.255]
2 [route] [10.8.0.0] [255.255.255.0]
3 [route] [192.168.200.0] [255.255.255.0]
4 [dhcp-option] [DNS] [10.8.0.1]
5 [route-gateway] [10.8.0.1]
6 [topology] [subnet]
7 [ping] [10]
8 [ping-restart] [120]
9 [ifconfig] [10.8.0.2] [255.255.255.0]
10 [peer-id] [0]
11 [cipher] [AES-256-GCM]
2019-05-21 19:18:05 PROTOCOL OPTIONS:
cipher: AES-256-GCM
digest: SHA1
compress: LZO_STUB
peer ID: 0
2019-05-21 19:18:05 EVENT: ASSIGN_IP
2019-05-21 19:18:05 NIP: preparing TUN network settings
2019-05-21 19:18:05 NIP: init TUN network settings with endpoint: xxx.xxx.xxx.xxx
2019-05-21 19:18:05 NIP: adding IPv4 address to network settings 10.8.0.2/255.255.255.0
2019-05-21 19:18:05 NIP: adding (included) IPv4 route 10.8.0.0/24
2019-05-21 19:18:05 NIP: adding (included) IPv4 route 10.8.0.1/32
2019-05-21 19:18:05 NIP: adding (included) IPv4 route 10.8.0.0/24
2019-05-21 19:18:05 NIP: adding (included) IPv4 route 192.168.200.0/24
2019-05-21 19:18:05 NIP: redirecting all IPv4 traffic to TUN interface
2019-05-21 19:18:05 NIP: adding DNS 10.8.0.1
2019-05-21 19:18:05 Connected via NetworkExtensionTUN
2019-05-21 19:18:05 LZO-ASYM init swap=0 asym=1
2019-05-21 19:18:05 Comp-stub init swap=0
2019-05-21 19:18:05 EVENT: CONNECTED mysite.org:1194 (xxx.xxx.xxx.xxx) via /UDPv4 on NetworkExtensionTUN/10.8.0.2/ gw=[/]
2019-05-21 19:18:41 OS Event: SLEEP
2019-05-21 19:18:41 EVENT: PAUSE
2019-05-21 19:18:44 OS Event: WAKEUP
2019-05-21 19:18:47 RESUME TEST: Internet:ReachableViaWWAN/WR t------
2019-05-21 19:18:47 STANDARD RESUME
2019-05-21 19:18:47 EVENT: RESUME
2019-05-21 19:18:47 EVENT: RECONNECTING
2019-05-21 19:18:47 EVENT: RESOLVE
2019-05-21 19:18:47 OS Event: SLEEP
2019-05-21 19:18:47 EVENT: PAUSE
2019-05-21 19:18:49 OS Event: WAKEUP
2019-05-21 19:18:52 RESUME TEST: Internet:ReachableViaWWAN/WR t------
2019-05-21 19:18:52 STANDARD RESUME
2019-05-21 19:18:52 EVENT: RESUME
2019-05-21 19:18:52 EVENT: RECONNECTING
2019-05-21 19:18:52 EVENT: RESOLVE
2019-05-21 19:18:52 OS Event: SLEEP
2019-05-21 19:18:52 EVENT: PAUSE
2019-05-21 19:18:54 OS Event: WAKEUP
2019-05-21 19:18:57 RESUME TEST: Internet:ReachableViaWWAN/WR t------
2019-05-21 19:18:57 STANDARD RESUME
2019-05-21 19:18:57 EVENT: RESUME
2019-05-21 19:18:57 EVENT: RECONNECTING
2019-05-21 19:18:57 EVENT: RESOLVE
2019-05-21 19:19:07 OS Event: SLEEP
2019-05-21 19:19:07 EVENT: PAUSE
2019-05-21 19:19:50 OS Event: WAKEUP
2019-05-21 19:19:53 RESUME TEST: Internet:ReachableViaWWAN/WR t------
2019-05-21 19:19:53 STANDARD RESUME
2019-05-21 19:19:53 EVENT: RESUME
2019-05-21 19:19:53 EVENT: RECONNECTING
2019-05-21 19:19:53 EVENT: RESOLVE
2019-05-21 19:19:58 OS Event: SLEEP
2019-05-21 19:19:58 EVENT: PAUSE
2019-05-21 19:21:22 OS Event: WAKEUP
2019-05-21 19:21:25 RESUME TEST: Internet:ReachableViaWWAN/WR t------
2019-05-21 19:21:25 STANDARD RESUME
2019-05-21 19:21:25 EVENT: RESUME
2019-05-21 19:21:25 EVENT: RECONNECTING
2019-05-21 19:21:25 EVENT: RESOLVE
2019-05-21 19:21:25 Contacting [xxx.xxx.xxx.xxx]:1194/UDP via UDP
2019-05-21 19:21:25 EVENT: WAIT
2019-05-21 19:21:25 Connecting to [mysite.org]:1194 (xxx.xxx.xxx.xxx) via UDPv4
2019-05-21 19:21:25 EVENT: CONNECTING
2019-05-21 19:21:25 Tunnel Options:V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-client
2019-05-21 19:21:25 Creds: UsernameEmpty/PasswordEmpty
2019-05-21 19:21:25 Peer Info:
IV_GUI_VER=net.openvpn.connect.ios 3.0.2-894
IV_VER=3.2
IV_PLAT=ios
IV_NCP=2
IV_TCPNL=1
IV_PROTO=2
IV_LZO_STUB=1
IV_COMP_STUB=1
IV_COMP_STUBv2=1
IV_AUTO_SESS=1
2019-05-21 19:21:26 VERIFY OK : depth=1
cert. version : 3
serial number : B9:4C:94:93:89:03:BB:F7
issuer name : C=xxx, ST=xxx, L=xxx, O=xxx, OU=xxx, CN=OpenVPN-CA, ??=xxx, emailAddress=xxx
subject name : C=xxx, ST=xxx, L=xxx, O=xxx, OU=xxx, CN=OpenVPN-CA, ??=xxx, emailAddress=xxx
issued on : 2018-10-20 11:36:19
expires on : 2028-10-17 11:36:19
signed using : RSA with SHA-256
RSA key size : 4096 bits
basic constraints : CA=true
2019-05-21 19:21:26 VERIFY OK : depth=0
cert. version : 3
serial number : 01
issuer name : C=xxx, ST=xxx, L=xxx, O=xxx, OU=xxx, CN=OpenVPN-CA, ??=xxx, emailAddress=xxx
subject name : C=xxx, ST=xxx, L=xxx, O=xxx, OU=xxx, CN=OpenVPN-CA, ??=xxx, emailAddress=xxx
issued on : 2018-10-20 11:38:48
expires on : 2028-10-17 11:38:48
signed using : RSA with SHA-256
RSA key size : 4096 bits
basic constraints : CA=false
cert. type : SSL Server
key usage : Digital Signature, Key Encipherment
ext key usage : TLS Web Server Authentication
2019-05-21 19:21:26 SSL Handshake: TLSv1.2/TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384
2019-05-21 19:21:26 Session is ACTIVE
2019-05-21 19:21:26 EVENT: GET_CONFIG
2019-05-21 19:21:26 Sending PUSH_REQUEST to server...
2019-05-21 19:21:26 OPTIONS:
0 [redirect-gateway] [def1]
1 [route] [10.8.0.1] [255.255.255.255]
2 [route] [10.8.0.0] [255.255.255.0]
3 [route] [192.168.200.0] [255.255.255.0]
4 [dhcp-option] [DNS] [10.8.0.1]
5 [route-gateway] [10.8.0.1]
6 [topology] [subnet]
7 [ping] [10]
8 [ping-restart] [120]
9 [ifconfig] [10.8.0.2] [255.255.255.0]
10 [peer-id] [0]
11 [cipher] [AES-256-GCM]
2019-05-21 19:21:26 PROTOCOL OPTIONS:
cipher: AES-256-GCM
digest: SHA1
compress: LZO_STUB
peer ID: 0
2019-05-21 19:21:26 EVENT: ASSIGN_IP
2019-05-21 19:21:26 NIP: preparing TUN network settings
2019-05-21 19:21:26 NIP: init TUN network settings with endpoint: xxx.xxx.xxx.xxx
2019-05-21 19:21:26 NIP: adding IPv4 address to network settings 10.8.0.2/255.255.255.0
2019-05-21 19:21:26 NIP: adding (included) IPv4 route 10.8.0.0/24
2019-05-21 19:21:26 NIP: adding (included) IPv4 route 10.8.0.1/32
2019-05-21 19:21:26 NIP: adding (included) IPv4 route 10.8.0.0/24
2019-05-21 19:21:26 NIP: adding (included) IPv4 route 192.168.200.0/24
2019-05-21 19:21:26 NIP: redirecting all IPv4 traffic to TUN interface
2019-05-21 19:21:26 NIP: adding DNS 10.8.0.1
2019-05-21 19:21:26 Connected via NetworkExtensionTUN
2019-05-21 19:21:26 LZO-ASYM init swap=0 asym=1
2019-05-21 19:21:26 Comp-stub init swap=0
2019-05-21 19:21:26 EVENT: CONNECTED mysite.org:1194 (xxx.xxx.xxx.xxx) via /UDPv4 on NetworkExtensionTUN/10.8.0.2/ gw=[/]
2019-05-21 19:25:21 OS Event: SLEEP
2019-05-21 19:25:21 EVENT: PAUSE
2019-05-21 19:28:19 OS Event: WAKEUP
2019-05-21 19:28:22 RESUME TEST: Internet:ReachableViaWWAN/WR t------
2019-05-21 19:28:22 STANDARD RESUME
2019-05-21 19:28:22 EVENT: RESUME
2019-05-21 19:28:22 EVENT: RECONNECTING
2019-05-21 19:28:22 EVENT: RESOLVE
2019-05-21 19:28:22 Contacting [xxx.xxx.xxx.xxx]:1194/UDP via UDP
2019-05-21 19:28:22 EVENT: WAIT
2019-05-21 19:28:22 Connecting to [mysite.org]:1194 (xxx.xxx.xxx.xxx) via UDPv4
2019-05-21 19:28:22 EVENT: CONNECTING
2019-05-21 19:28:22 Tunnel Options:V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-client
2019-05-21 19:28:22 Creds: UsernameEmpty/PasswordEmpty
2019-05-21 19:28:22 Peer Info:
IV_GUI_VER=net.openvpn.connect.ios 3.0.2-894
IV_VER=3.2
IV_PLAT=ios
IV_NCP=2
IV_TCPNL=1
IV_PROTO=2
IV_LZO_STUB=1
IV_COMP_STUB=1
IV_COMP_STUBv2=1
IV_AUTO_SESS=1
2019-05-21 19:28:23 VERIFY OK : depth=1
cert. version : 3
serial number : B9:4C:94:93:89:03:BB:F7
issuer name : C=xxx, ST=xxx, L=xxx, O=xxx, OU=xxx, CN=OpenVPN-CA, ??=xxx, emailAddress=xxx
subject name : C=xxx, ST=xxx, L=xxx, O=xxx, OU=xxx, CN=OpenVPN-CA, ??=xxx, emailAddress=xxx
issued on : 2018-10-20 11:36:19
expires on : 2028-10-17 11:36:19
signed using : RSA with SHA-256
RSA key size : 4096 bits
basic constraints : CA=true
2019-05-21 19:28:23 VERIFY OK : depth=0
cert. version : 3
serial number : 01
issuer name : C=xxx, ST=xxx, L=xxx, O=xxx, OU=xxx, CN=OpenVPN-CA, ??=xxx, emailAddress=xxx
subject name : C=xxx, ST=xxx, L=xxx, O=xxx, OU=xxx, CN=OpenVPN-CA, ??=xxx, emailAddress=xxx
issued on : 2018-10-20 11:38:48
expires on : 2028-10-17 11:38:48
signed using : RSA with SHA-256
RSA key size : 4096 bits
basic constraints : CA=false
cert. type : SSL Server
key usage : Digital Signature, Key Encipherment
ext key usage : TLS Web Server Authentication
2019-05-21 19:28:24 SSL Handshake: TLSv1.2/TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384
2019-05-21 19:28:24 Session is ACTIVE
2019-05-21 19:28:24 EVENT: GET_CONFIG
2019-05-21 19:28:24 Sending PUSH_REQUEST to server...
2019-05-21 19:28:24 OPTIONS:
0 [redirect-gateway] [def1]
1 [route] [10.8.0.1] [255.255.255.255]
2 [route] [10.8.0.0] [255.255.255.0]
3 [route] [192.168.200.0] [255.255.255.0]
4 [dhcp-option] [DNS] [10.8.0.1]
5 [route-gateway] [10.8.0.1]
6 [topology] [subnet]
7 [ping] [10]
8 [ping-restart] [120]
9 [ifconfig] [10.8.0.2] [255.255.255.0]
10 [peer-id] [0]
11 [cipher] [AES-256-GCM]
2019-05-21 19:28:24 PROTOCOL OPTIONS:
cipher: AES-256-GCM
digest: SHA1
compress: LZO_STUB
peer ID: 0
2019-05-21 19:28:24 EVENT: ASSIGN_IP
2019-05-21 19:28:24 NIP: preparing TUN network settings
2019-05-21 19:28:24 NIP: init TUN network settings with endpoint: xxx.xxx.xxx.xxx
2019-05-21 19:28:24 NIP: adding IPv4 address to network settings 10.8.0.2/255.255.255.0
2019-05-21 19:28:24 NIP: adding (included) IPv4 route 10.8.0.0/24
2019-05-21 19:28:24 NIP: adding (included) IPv4 route 10.8.0.1/32
2019-05-21 19:28:24 NIP: adding (included) IPv4 route 10.8.0.0/24
2019-05-21 19:28:24 NIP: adding (included) IPv4 route 192.168.200.0/24
2019-05-21 19:28:24 NIP: redirecting all IPv4 traffic to TUN interface
2019-05-21 19:28:24 NIP: adding DNS 10.8.0.1
2019-05-21 19:28:24 Connected via NetworkExtensionTUN
2019-05-21 19:28:24 LZO-ASYM init swap=0 asym=1
2019-05-21 19:28:24 Comp-stub init swap=0
2019-05-21 19:28:24 EVENT: CONNECTED mysite.org:1194 (xxx.xxx.xxx.xxx) via /UDPv4 on NetworkExtensionTUN/10.8.0.2/ gw=[/] |
Here's the OpenVPN log for the session from my DD WRT router:
Code: | Serverlog:
20190521 19:12:57 my_iPhone:2973 SENT CONTROL [surface]: 'PUSH_REPLY redirect-gateway def1 route 10.8.0.1 255.255.255.255 route 10.8.0.0 255.255.255.0 route 192.168.200.0 255.255.255.0 dhcp-option DNS 10.8.0.1 route-gateway 10.8.0.1 topology subnet ping 10 ping-restart 120 ifconfig 10.8.0.2 255.255.255.0 peer-id 0 cipher AES-256-GCM' (status=1)
20190521 19:12:57 my_iPhone:2973 Data Channel: using negotiated cipher 'AES-256-GCM'
20190521 19:12:57 my_iPhone:2973 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
20190521 19:12:57 my_iPhone:2973 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
20190521 19:18:00 my_iPhone:2973 SIGTERM[soft remote-exit] received client-instance exiting
20190521 19:18:03 my_iPhone:3030 TLS: Initial packet from [AF_INET]my_iPhone:3030 sid=88e81e4d 2f0a69ed
20190521 19:18:05 my_iPhone:3030 VERIFY OK: depth=1 C=xxx ST=xxx L=xxx O=xxx OU=xxx CN=OpenVPN-CA name=xxx emailAddress=xxx
20190521 19:18:05 my_iPhone:3030 VERIFY OK: depth=0 C=xxx ST=xxx L=xxx O=xxx OU=xxx CN=OpenVPN-CA name=xxx emailAddress=xxx
20190521 19:18:05 I my_iPhone:3030 peer info: IV_GUI_VER=net.openvpn.connect.ios_3.0.2-894
20190521 19:18:05 I my_iPhone:3030 peer info: IV_VER=3.2
20190521 19:18:05 I my_iPhone:3030 peer info: IV_PLAT=ios
20190521 19:18:05 I my_iPhone:3030 peer info: IV_NCP=2
20190521 19:18:05 I my_iPhone:3030 peer info: IV_TCPNL=1
20190521 19:18:05 I my_iPhone:3030 peer info: IV_PROTO=2
20190521 19:18:05 I my_iPhone:3030 peer info: IV_LZO_STUB=1
20190521 19:18:05 I my_iPhone:3030 peer info: IV_COMP_STUB=1
20190521 19:18:05 I my_iPhone:3030 peer info: IV_COMP_STUBv2=1
20190521 19:18:05 I my_iPhone:3030 peer info: IV_AUTO_SESS=1
20190521 19:18:05 my_iPhone:3030 Control Channel: TLSv1.2 cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 4096 bit RSA
20190521 19:18:05 I my_iPhone:3030 [surface] Peer Connection Initiated with [AF_INET]my_iPhone:3030
20190521 19:18:05 I my_iPhone:3030 MULTI_sva: pool returned IPv4=10.8.0.2 IPv6=(Not enabled)
20190521 19:18:05 my_iPhone:3030 OPTIONS IMPORT: reading client specific options from: /tmp/openvpn_cc_41cda33c4f7b92fc.tmp
20190521 19:18:05 my_iPhone:3030 MULTI: Learn: 10.8.0.2 -> my_iPhone:3030
20190521 19:18:05 my_iPhone:3030 MULTI: primary virtual IP for my_iPhone:3030: 10.8.0.2
20190521 19:18:05 my_iPhone:3030 PUSH: Received control message: 'PUSH_REQUEST'
20190521 19:18:05 my_iPhone:3030 SENT CONTROL [surface]: 'PUSH_REPLY redirect-gateway def1 route 10.8.0.1 255.255.255.255 route 10.8.0.0 255.255.255.0 route 192.168.200.0 255.255.255.0 dhcp-option DNS 10.8.0.1 route-gateway 10.8.0.1 topology subnet ping 10 ping-restart 120 ifconfig 10.8.0.2 255.255.255.0 peer-id 0 cipher AES-256-GCM' (status=1)
20190521 19:18:05 my_iPhone:3030 Data Channel: using negotiated cipher 'AES-256-GCM'
20190521 19:18:05 my_iPhone:3030 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
20190521 19:18:05 my_iPhone:3030 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
20190521 19:18:41 my_iPhone:3030 SIGTERM[soft remote-exit] received client-instance exiting
20190521 19:21:25 my_iPhone:2877 TLS: Initial packet from [AF_INET]my_iPhone:2877 sid=86462e58 a4bdd011
20190521 19:21:26 my_iPhone:2877 VERIFY OK: depth=1 C=xxx ST=xxx L=xxx O=xxx OU=xxx CN=OpenVPN-CA name=xxx emailAddress=xxx
20190521 19:21:26 my_iPhone:2877 VERIFY OK: depth=0 C=xxx ST=xxx L=xxx O=xxx OU=xxx CN=OpenVPN-CA name=xxx emailAddress=xxx
20190521 19:21:26 I my_iPhone:2877 peer info: IV_GUI_VER=net.openvpn.connect.ios_3.0.2-894
20190521 19:21:26 I my_iPhone:2877 peer info: IV_VER=3.2
20190521 19:21:26 I my_iPhone:2877 peer info: IV_PLAT=ios
20190521 19:21:26 I my_iPhone:2877 peer info: IV_NCP=2
20190521 19:21:26 I my_iPhone:2877 peer info: IV_TCPNL=1
20190521 19:21:26 I my_iPhone:2877 peer info: IV_PROTO=2
20190521 19:21:26 I my_iPhone:2877 peer info: IV_LZO_STUB=1
20190521 19:21:26 I my_iPhone:2877 peer info: IV_COMP_STUB=1
20190521 19:21:26 I my_iPhone:2877 peer info: IV_COMP_STUBv2=1
20190521 19:21:26 I my_iPhone:2877 peer info: IV_AUTO_SESS=1
20190521 19:21:26 my_iPhone:2877 Control Channel: TLSv1.2 cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 4096 bit RSA
20190521 19:21:26 I my_iPhone:2877 [surface] Peer Connection Initiated with [AF_INET]my_iPhone:2877
20190521 19:21:26 I my_iPhone:2877 MULTI_sva: pool returned IPv4=10.8.0.2 IPv6=(Not enabled)
20190521 19:21:26 my_iPhone:2877 OPTIONS IMPORT: reading client specific options from: /tmp/openvpn_cc_6ecedc6a66726a9a.tmp
20190521 19:21:26 my_iPhone:2877 MULTI: Learn: 10.8.0.2 -> my_iPhone:2877
20190521 19:21:26 my_iPhone:2877 MULTI: primary virtual IP for my_iPhone:2877: 10.8.0.2
20190521 19:21:26 my_iPhone:2877 PUSH: Received control message: 'PUSH_REQUEST'
20190521 19:21:26 my_iPhone:2877 SENT CONTROL [surface]: 'PUSH_REPLY redirect-gateway def1 route 10.8.0.1 255.255.255.255 route 10.8.0.0 255.255.255.0 route 192.168.200.0 255.255.255.0 dhcp-option DNS 10.8.0.1 route-gateway 10.8.0.1 topology subnet ping 10 ping-restart 120 ifconfig 10.8.0.2 255.255.255.0 peer-id 0 cipher AES-256-GCM' (status=1)
20190521 19:21:26 my_iPhone:2877 Data Channel: using negotiated cipher 'AES-256-GCM'
20190521 19:21:26 my_iPhone:2877 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
20190521 19:21:26 my_iPhone:2877 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
20190521 19:28:20 my_iPhone:2877 SIGTERM[soft remote-exit] received client-instance exiting
20190521 19:28:22 my_iPhone:3048 TLS: Initial packet from [AF_INET]my_iPhone:3048 sid=9a232db5 04462177
20190521 19:28:23 my_iPhone:3048 VERIFY OK: depth=1 C=xxx ST=xxx L=xxx O=xxx OU=xxx CN=OpenVPN-CA name=xxx emailAddress=xxx
20190521 19:28:23 my_iPhone:3048 VERIFY OK: depth=0 C=xxx ST=xxx L=xxx O=xxx OU=xxx CN=OpenVPN-CA name=xxx emailAddress=xxx
20190521 19:28:24 I my_iPhone:3048 peer info: IV_GUI_VER=net.openvpn.connect.ios_3.0.2-894
20190521 19:28:24 I my_iPhone:3048 peer info: IV_VER=3.2
20190521 19:28:24 I my_iPhone:3048 peer info: IV_PLAT=ios
20190521 19:28:24 I my_iPhone:3048 peer info: IV_NCP=2
20190521 19:28:24 I my_iPhone:3048 peer info: IV_TCPNL=1
20190521 19:28:24 I my_iPhone:3048 peer info: IV_PROTO=2
20190521 19:28:24 I my_iPhone:3048 peer info: IV_LZO_STUB=1
20190521 19:28:24 I my_iPhone:3048 peer info: IV_COMP_STUB=1
20190521 19:28:24 I my_iPhone:3048 peer info: IV_COMP_STUBv2=1
20190521 19:28:24 I my_iPhone:3048 peer info: IV_AUTO_SESS=1
20190521 19:28:24 my_iPhone:3048 Control Channel: TLSv1.2 cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 4096 bit RSA
20190521 19:28:24 I my_iPhone:3048 [surface] Peer Connection Initiated with [AF_INET]my_iPhone:3048
20190521 19:28:24 I my_iPhone:3048 MULTI_sva: pool returned IPv4=10.8.0.2 IPv6=(Not enabled)
20190521 19:28:24 my_iPhone:3048 OPTIONS IMPORT: reading client specific options from: /tmp/openvpn_cc_0010c3e63163acbb.tmp
20190521 19:28:24 my_iPhone:3048 MULTI: Learn: 10.8.0.2 -> my_iPhone:3048
20190521 19:28:24 my_iPhone:3048 MULTI: primary virtual IP for my_iPhone:3048: 10.8.0.2
20190521 19:28:24 my_iPhone:3048 PUSH: Received control message: 'PUSH_REQUEST'
20190521 19:28:24 my_iPhone:3048 SENT CONTROL [surface]: 'PUSH_REPLY redirect-gateway def1 route 10.8.0.1 255.255.255.255 route 10.8.0.0 255.255.255.0 route 192.168.200.0 255.255.255.0 dhcp-option DNS 10.8.0.1 route-gateway 10.8.0.1 topology subnet ping 10 ping-restart 120 ifconfig 10.8.0.2 255.255.255.0 peer-id 0 cipher AES-256-GCM' (status=1)
20190521 19:28:24 my_iPhone:3048 Data Channel: using negotiated cipher 'AES-256-GCM'
20190521 19:28:24 my_iPhone:3048 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
20190521 19:28:24 my_iPhone:3048 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
20190521 19:29:57 my_iPhone:3048 SIGTERM[soft remote-exit] received client-instance exiting
20190521 19:41:01 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20190521 19:41:01 D MANAGEMENT: CMD 'state'
20190521 19:41:01 MANAGEMENT: Client disconnected
20190521 19:41:01 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20190521 19:41:01 D MANAGEMENT: CMD 'state'
20190521 19:41:01 MANAGEMENT: Client disconnected
20190521 19:41:01 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20190521 19:41:01 D MANAGEMENT: CMD 'state'
20190521 19:41:01 MANAGEMENT: Client disconnected
20190521 19:41:01 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20190521 19:41:01 MANAGEMENT: Client disconnected
20190521 19:41:01 NOTE: --mute triggered...
20190521 19:41:01 1 variation(s) on previous 3 message(s) suppressed by --mute
20190521 19:41:01 D MANAGEMENT: CMD 'status 2'
20190521 19:41:01 MANAGEMENT: Client disconnected
20190521 19:41:01 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20190521 19:41:01 D MANAGEMENT: CMD 'status 2'
20190521 19:41:01 MANAGEMENT: Client disconnected
20190521 19:41:01 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
20190521 19:41:01 D MANAGEMENT: CMD 'log 500'
19700101 11:00:00 |
(xxx, my_iPhone, my_site.org etc. replace my real values/data)
Does this provide any more information as to why I can't get an outbound connection?
Cheers - Steven. |
|