VPN Server connects but then nothing

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
Author Message
BriC
DD-WRT Novice


Joined: 18 Sep 2016
Posts: 7

PostPosted: Tue Nov 28, 2023 18:08    Post subject: VPN Server connects but then nothing Reply with quote
The guide truly is wonderful. I set up a long since defunct VPN in about 2015(?) using whatever I could find on the wiki/internet at the time and this saved so much time and explained the settings along the way.

I would like to: connect to servers on the LAN, browse the web while connected to VPN using VPN Server's IP (i.e., traffic through the tunnel), and perhaps file share.

I am using:
Netgear R7000 (as router, behind fibre modem/ONT)
dd-wrt upgraded to v3 r54079
Then I reset to factory settings
A few small changes (I changed the "Router IP" (local subnet), updated "NTP client settings" to use local time, set wifi password, used "Services > Dnsmasq Infrastructure > additional options" to specify IP addresses by MAC address)

followed guide until step 9
(left out anything marked optional ... i.e., tls-crypt/auth)

connection! it worked

Then I added in TLS-crypt certificate. Still connects. Success!

But neither connection lets me do any of the things I would like to do (connect to servers on local subnet, browser internet via vpn, etc).

Where can I go next? I'm running in circles trying things.
Sponsor
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12795
Location: Netherlands

PostPosted: Tue Nov 28, 2023 19:44    Post subject: Reply with quote
Please show the openvpn status page (whole page) and openvpn client settings and client log.
_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
BriC
DD-WRT Novice


Joined: 18 Sep 2016
Posts: 7

PostPosted: Tue Nov 28, 2023 20:51    Post subject: Reply with quote
Client Log ("OpenVPN for Android"):
Code:

2023-11-28 12:40:00 official build 0.7.49 running on google Pixel 2 (walleye), Android 13 (TQ3A.230901.001) API 33, ABI arm64-v8a, (google/walleye/walleye:11/RP1A.201005.004.A1/6934943:user/release-keys)
2023-11-28 12:40:00 Building configuration…
2023-11-28 12:40:00 Fetched VPN profile (mobile) triggered by main profile list
2023-11-28 12:40:00 Scheduling VPN keep alive for VPN mobile
2023-11-28 12:40:00 started Socket Thread
2023-11-28 12:40:00 P:WARNING: linker: Warning: "/data/app/~~ZvICMapsnpyvCj_Xy-r6xA==/de.blinkt.openvpn-CTK69i3AMiithx2tj3VGNA==/lib/arm64/libovpnexec.so" is not a directory (ignoring)
2023-11-28 12:40:00 Network Status: CONNECTED LTE to MOBILE ltemobile.apn
2023-11-28 12:40:00 Debug state info: CONNECTED LTE to MOBILE ltemobile.apn, pause: userPause, shouldbeconnected: true, network: SHOULDBECONNECTED
2023-11-28 12:40:00 Debug state info: CONNECTED LTE to MOBILE ltemobile.apn, pause: userPause, shouldbeconnected: true, network: SHOULDBECONNECTED
2023-11-28 12:40:00 Note: --cipher is not set. OpenVPN versions before 2.5 defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers-fallback BF-CBC' to your configuration and/or add BF-CBC to --data-ciphers.
2023-11-28 12:40:00 Current Parameter Settings:
2023-11-28 12:40:00   config = 'stdin'
2023-11-28 12:40:00   mode = 0
2023-11-28 12:40:00   show_ciphers = DISABLED
2023-11-28 12:40:00   show_digests = DISABLED
2023-11-28 12:40:00   show_engines = DISABLED
2023-11-28 12:40:00   genkey = DISABLED
2023-11-28 12:40:00   genkey_filename = '[UNDEF]'
2023-11-28 12:40:00   key_pass_file = '[UNDEF]'
2023-11-28 12:40:00   show_tls_ciphers = DISABLED
2023-11-28 12:40:00   connect_retry_max = 0
2023-11-28 12:40:00 Connection profiles [0]:
2023-11-28 12:40:00   proto = udp
2023-11-28 12:40:00   local = '[UNDEF]'
2023-11-28 12:40:00   local_port = '[UNDEF]'
2023-11-28 12:40:00   remote = 'pub.ip.addr.redacted'
2023-11-28 12:40:00   remote_port = '1194'
2023-11-28 12:40:00   remote_float = ENABLED
2023-11-28 12:40:00   bind_defined = DISABLED
2023-11-28 12:40:00   bind_local = DISABLED
2023-11-28 12:40:00   bind_ipv6_only = DISABLED
2023-11-28 12:40:00   connect_retry_seconds = 2
2023-11-28 12:40:00   connect_timeout = 120
2023-11-28 12:40:00   socks_proxy_server = '[UNDEF]'
2023-11-28 12:40:00   socks_proxy_port = '[UNDEF]'
2023-11-28 12:40:00   tun_mtu = 1400
2023-11-28 12:40:00   tun_mtu_defined = ENABLED
2023-11-28 12:40:00   link_mtu = 1500
2023-11-28 12:40:00   link_mtu_defined = DISABLED
2023-11-28 12:40:00   tun_mtu_extra = 0
2023-11-28 12:40:00   tun_mtu_extra_defined = DISABLED
2023-11-28 12:40:00   tls_mtu = 1250
2023-11-28 12:40:00   mtu_discover_type = -1
2023-11-28 12:40:00   fragment = 0
2023-11-28 12:40:00   mssfix = 1400
2023-11-28 12:40:00   mssfix_encap = ENABLED
2023-11-28 12:40:00   mssfix_fixed = ENABLED
2023-11-28 12:40:00   explicit_exit_notification = 0
2023-11-28 12:40:00   tls_auth_file = '[UNDEF]'
2023-11-28 12:40:00   key_direction = not set
2023-11-28 12:40:00   tls_crypt_file = '[INLINE]'
2023-11-28 12:40:00   tls_crypt_v2_file = '[UNDEF]'
2023-11-28 12:40:00 Connection profiles END
2023-11-28 12:40:00   remote_random = DISABLED
2023-11-28 12:40:00   ipchange = '[UNDEF]'
2023-11-28 12:40:00   dev = 'tun'
2023-11-28 12:40:00   dev_type = '[UNDEF]'
2023-11-28 12:40:00   dev_node = '[UNDEF]'
2023-11-28 12:40:00   lladdr = '[UNDEF]'
2023-11-28 12:40:00   topology = 1
2023-11-28 12:40:00   ifconfig_local = '[UNDEF]'
2023-11-28 12:40:00   ifconfig_remote_netmask = '[UNDEF]'
2023-11-28 12:40:00   ifconfig_noexec = DISABLED
2023-11-28 12:40:00   ifconfig_nowarn = ENABLED
2023-11-28 12:40:00   ifconfig_ipv6_local = '[UNDEF]'
2023-11-28 12:40:00   ifconfig_ipv6_netbits = 0
2023-11-28 12:40:00 Waiting 0s seconds between connection attempt
2023-11-28 12:40:00   ifconfig_ipv6_remote = '[UNDEF]'
2023-11-28 12:40:00   shaper = 0
2023-11-28 12:40:00   mtu_test = 0
2023-11-28 12:40:00   mlock = DISABLED
2023-11-28 12:40:00   keepalive_ping = 0
2023-11-28 12:40:00   keepalive_timeout = 0
2023-11-28 12:40:00   inactivity_timeout = 0
2023-11-28 12:40:00   session_timeout = 0
2023-11-28 12:40:00   inactivity_minimum_bytes = 0
2023-11-28 12:40:00   ping_send_timeout = 0
2023-11-28 12:40:00   ping_rec_timeout = 0
2023-11-28 12:40:00   ping_rec_timeout_action = 0
2023-11-28 12:40:00   ping_timer_remote = DISABLED
2023-11-28 12:40:00   remap_sigusr1 = 0
2023-11-28 12:40:00   persist_tun = ENABLED
2023-11-28 12:40:00   persist_local_ip = DISABLED
2023-11-28 12:40:00   persist_remote_ip = DISABLED
2023-11-28 12:40:00   persist_key = DISABLED
2023-11-28 12:40:00   passtos = DISABLED
2023-11-28 12:40:00   resolve_retry_seconds = 60
2023-11-28 12:40:00   resolve_in_advance = ENABLED
2023-11-28 12:40:00   username = '[UNDEF]'
2023-11-28 12:40:00   groupname = '[UNDEF]'
2023-11-28 12:40:00   chroot_dir = '[UNDEF]'
2023-11-28 12:40:00   cd_dir = '[UNDEF]'
2023-11-28 12:40:00   writepid = '[UNDEF]'
2023-11-28 12:40:00   up_script = '[UNDEF]'
2023-11-28 12:40:00   down_script = '[UNDEF]'
2023-11-28 12:40:00   down_pre = DISABLED
2023-11-28 12:40:00   up_restart = DISABLED
2023-11-28 12:40:00   up_delay = DISABLED
2023-11-28 12:40:00   daemon = DISABLED
2023-11-28 12:40:00   log = DISABLED
2023-11-28 12:40:00   suppress_timestamps = DISABLED
2023-11-28 12:40:00   machine_readable_output = ENABLED
2023-11-28 12:40:00   nice = 0
2023-11-28 12:40:00   verbosity = 4
2023-11-28 12:40:00   mute = 0
2023-11-28 12:40:00   gremlin = 0
2023-11-28 12:40:00   status_file = '[UNDEF]'
2023-11-28 12:40:00   status_file_version = 1
2023-11-28 12:40:00   status_file_update_freq = 60
2023-11-28 12:40:00   occ = ENABLED
2023-11-28 12:40:00   rcvbuf = 0
2023-11-28 12:40:00   sndbuf = 0
2023-11-28 12:40:00   sockflags = 0
2023-11-28 12:40:00   fast_io = DISABLED
2023-11-28 12:40:00   comp.alg = 0
2023-11-28 12:40:00   comp.flags = 24
2023-11-28 12:40:00   route_script = '[UNDEF]'
2023-11-28 12:40:00   route_default_gateway = '[UNDEF]'
2023-11-28 12:40:00   route_default_metric = 0
2023-11-28 12:40:00   route_noexec = DISABLED
2023-11-28 12:40:00   route_delay = 0
2023-11-28 12:40:00   route_delay_window = 30
2023-11-28 12:40:00   route_delay_defined = DISABLED
2023-11-28 12:40:00   route_nopull = DISABLED
2023-11-28 12:40:00   route_gateway_via_dhcp = DISABLED
2023-11-28 12:40:00   allow_pull_fqdn = DISABLED
2023-11-28 12:40:00   Pull filters:
2023-11-28 12:40:00     ignore "route-ipv6"
2023-11-28 12:40:00     ignore "ifconfig-ipv6"
2023-11-28 12:40:00   management_addr = '/data/user/0/de.blinkt.openvpn/cache/mgmtsocket'
2023-11-28 12:40:00   management_port = 'unix'
2023-11-28 12:40:00   management_user_pass = '[UNDEF]'
2023-11-28 12:40:00   management_log_history_cache = 250
2023-11-28 12:40:00   management_echo_buffer_size = 100
2023-11-28 12:40:00   management_client_user = '[UNDEF]'
2023-11-28 12:40:00   management_client_group = '[UNDEF]'
2023-11-28 12:40:00   management_flags = 16678
2023-11-28 12:40:00   shared_secret_file = '[UNDEF]'
2023-11-28 12:40:00   key_direction = not set
2023-11-28 12:40:00   ciphername = 'BF-CBC'
2023-11-28 12:40:00   ncp_ciphers = 'CHACHA20-POLY1305:AES-128-GCM:AES-256-GCM'
2023-11-28 12:40:00   authname = 'none'
2023-11-28 12:40:00   engine = DISABLED
2023-11-28 12:40:00   replay = ENABLED
2023-11-28 12:40:00   mute_replay_warnings = DISABLED
2023-11-28 12:40:00   replay_window = 64
2023-11-28 12:40:00   replay_time = 15
2023-11-28 12:40:00   packet_id_file = '[UNDEF]'
2023-11-28 12:40:00   test_crypto = DISABLED
2023-11-28 12:40:00   tls_server = DISABLED
2023-11-28 12:40:00   tls_client = ENABLED
2023-11-28 12:40:00   ca_file = '[INLINE]'
2023-11-28 12:40:00   ca_path = '[UNDEF]'
2023-11-28 12:40:00   dh_file = '[UNDEF]'
2023-11-28 12:40:00   cert_file = '[INLINE]'
2023-11-28 12:40:00   extra_certs_file = '[UNDEF]'
2023-11-28 12:40:00   priv_key_file = '[INLINE]'
2023-11-28 12:40:00   pkcs12_file = '[UNDEF]'
2023-11-28 12:40:00   cipher_list = '[UNDEF]'
2023-11-28 12:40:00   cipher_list_tls13 = '[UNDEF]'
2023-11-28 12:40:00   tls_cert_profile = '[UNDEF]'
2023-11-28 12:40:00   tls_verify = '[UNDEF]'
2023-11-28 12:40:00   tls_export_cert = '[UNDEF]'
2023-11-28 12:40:00   verify_x509_type = 0
2023-11-28 12:40:00   verify_x509_name = '[UNDEF]'
2023-11-28 12:40:00   crl_file = '[UNDEF]'
2023-11-28 12:40:00   ns_cert_type = 0
2023-11-28 12:40:00   remote_cert_ku[i] = 65535
2023-11-28 12:40:00   remote_cert_ku[i] = 0
2023-11-28 12:40:00   remote_cert_ku[i] = 0
2023-11-28 12:40:00   remote_cert_ku[i] = 0
2023-11-28 12:40:00   remote_cert_ku[i] = 0
2023-11-28 12:40:00   remote_cert_ku[i] = 0
2023-11-28 12:40:00   remote_cert_ku[i] = 0
2023-11-28 12:40:00   remote_cert_ku[i] = 0
2023-11-28 12:40:00   remote_cert_ku[i] = 0
2023-11-28 12:40:00   remote_cert_ku[i] = 0
2023-11-28 12:40:00   remote_cert_ku[i] = 0
2023-11-28 12:40:00   remote_cert_ku[i] = 0
2023-11-28 12:40:00   remote_cert_ku[i] = 0
2023-11-28 12:40:00   remote_cert_ku[i] = 0
2023-11-28 12:40:00   remote_cert_ku[i] = 0
2023-11-28 12:40:00   remote_cert_ku[i] = 0
2023-11-28 12:40:00   remote_cert_eku = 'TLS Web Server Authentication'
2023-11-28 12:40:00   ssl_flags = 192
2023-11-28 12:40:00   tls_timeout = 2
2023-11-28 12:40:00   renegotiate_bytes = -1
2023-11-28 12:40:00   renegotiate_packets = 0
2023-11-28 12:40:00   renegotiate_seconds = 3600
2023-11-28 12:40:00   handshake_window = 60
2023-11-28 12:40:00   transition_window = 3600
2023-11-28 12:40:00   single_session = DISABLED
2023-11-28 12:40:00   push_peer_info = DISABLED
2023-11-28 12:40:00   tls_exit = DISABLED
2023-11-28 12:40:00   tls_crypt_v2_metadata = '[UNDEF]'
2023-11-28 12:40:00   server_network = 0.0.0.0
2023-11-28 12:40:00   server_netmask = 0.0.0.0
2023-11-28 12:40:00   server_network_ipv6 = ::
2023-11-28 12:40:00   server_netbits_ipv6 = 0
2023-11-28 12:40:00   server_bridge_ip = 0.0.0.0
2023-11-28 12:40:00   server_bridge_netmask = 0.0.0.0
2023-11-28 12:40:00   server_bridge_pool_start = 0.0.0.0
2023-11-28 12:40:00   server_bridge_pool_end = 0.0.0.0
2023-11-28 12:40:00   ifconfig_pool_defined = DISABLED
2023-11-28 12:40:00   ifconfig_pool_start = 0.0.0.0
2023-11-28 12:40:00   ifconfig_pool_end = 0.0.0.0
2023-11-28 12:40:00   ifconfig_pool_netmask = 0.0.0.0
2023-11-28 12:40:00   ifconfig_pool_persist_filename = '[UNDEF]'
2023-11-28 12:40:00   ifconfig_pool_persist_refresh_freq = 600
2023-11-28 12:40:00   ifconfig_ipv6_pool_defined = DISABLED
2023-11-28 12:40:00   ifconfig_ipv6_pool_base = ::
2023-11-28 12:40:00   ifconfig_ipv6_pool_netbits = 0
2023-11-28 12:40:00   n_bcast_buf = 256
2023-11-28 12:40:00   tcp_queue_limit = 64
2023-11-28 12:40:00   real_hash_size = 256
2023-11-28 12:40:00   virtual_hash_size = 256
2023-11-28 12:40:00   client_connect_script = '[UNDEF]'
2023-11-28 12:40:00   learn_address_script = '[UNDEF]'
2023-11-28 12:40:00   client_disconnect_script = '[UNDEF]'
2023-11-28 12:40:00   client_crresponse_script = '[UNDEF]'
2023-11-28 12:40:00   client_config_dir = '[UNDEF]'
2023-11-28 12:40:00   ccd_exclusive = DISABLED
2023-11-28 12:40:00   tmp_dir = '/data/data/de.blinkt.openvpn/cache'
2023-11-28 12:40:00   push_ifconfig_defined = DISABLED
2023-11-28 12:40:00   push_ifconfig_local = 0.0.0.0
2023-11-28 12:40:00   push_ifconfig_remote_netmask = 0.0.0.0
2023-11-28 12:40:00   push_ifconfig_ipv6_defined = DISABLED
2023-11-28 12:40:00   push_ifconfig_ipv6_local = ::/0
2023-11-28 12:40:00   push_ifconfig_ipv6_remote = ::
2023-11-28 12:40:00   enable_c2c = DISABLED
2023-11-28 12:40:00   duplicate_cn = DISABLED
2023-11-28 12:40:00   cf_max = 0
2023-11-28 12:40:00   cf_per = 0
2023-11-28 12:40:00   cf_initial_max = 100
2023-11-28 12:40:00   cf_initial_per = 10
2023-11-28 12:40:00   max_clients = 1024
2023-11-28 12:40:00   max_routes_per_client = 256
2023-11-28 12:40:00   auth_user_pass_verify_script = '[UNDEF]'
2023-11-28 12:40:00   auth_user_pass_verify_script_via_file = DISABLED
2023-11-28 12:40:00   auth_token_generate = DISABLED
2023-11-28 12:40:00   auth_token_lifetime = 0
2023-11-28 12:40:00   auth_token_secret_file = '[UNDEF]'
2023-11-28 12:40:00   port_share_host = '[UNDEF]'
2023-11-28 12:40:00   port_share_port = '[UNDEF]'
2023-11-28 12:40:00   vlan_tagging = DISABLED
2023-11-28 12:40:00   vlan_accept = all
2023-11-28 12:40:00   vlan_pvid = 1
2023-11-28 12:40:00   client = ENABLED
2023-11-28 12:40:00   pull = ENABLED
2023-11-28 12:40:00   auth_user_pass_file = '[UNDEF]'
2023-11-28 12:40:00 OpenVPN 2.7-icsopenvpn [git:icsopenvpn/v0.7.49-0-ga80f21b1] arm64-v8a [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Aug 26 2023
2023-11-28 12:40:00 library versions: OpenSSL 3.1.2 1 Aug 2023, LZO 2.10
2023-11-28 12:40:00 MANAGEMENT: Connected to management server at /data/user/0/de.blinkt.openvpn/cache/mgmtsocket
2023-11-28 12:40:00 MANAGEMENT: CMD 'version 3'
2023-11-28 12:40:00 MANAGEMENT: CMD 'hold release'
2023-11-28 12:40:00 MANAGEMENT: CMD 'bytecount 2'
2023-11-28 12:40:00 MANAGEMENT: CMD 'state on'
2023-11-28 12:40:00 MANAGEMENT: CMD 'proxy NONE'
2023-11-28 12:40:01 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2023-11-28 12:40:01 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2023-11-28 12:40:01 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2023-11-28 12:40:01 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2023-11-28 12:40:01 Control Channel MTU parms [ mss_fix:0 max_frag:0 tun_mtu:1250 tun_max_mtu:0 headroom:126 payload:1600 tailroom:126 ET:0 ]
2023-11-28 12:40:01 Data Channel MTU parms [ mss_fix:0 max_frag:0 tun_mtu:1400 tun_max_mtu:1600 headroom:136 payload:1768 tailroom:562 ET:0 ]
2023-11-28 12:40:01 TCP/UDP: Preserving recently used remote address: [AF_INET]pub.ip.addr.redacted:1194
2023-11-28 12:40:01 Socket Buffers: R=[212992->212992] S=[212992->212992]
2023-11-28 12:40:01 MANAGEMENT: CMD 'needok 'PROTECTFD' ok'
2023-11-28 12:40:01 UDPv4 link local: (not bound)
2023-11-28 12:40:01 UDPv4 link remote: [AF_INET]pub.ip.addr.redacted:1194
2023-11-28 12:40:01 MANAGEMENT: >STATE:1701204001,WAIT,,,,,,
2023-11-28 12:40:01 MANAGEMENT: >STATE:1701204001,AUTH,,,,,,
2023-11-28 12:40:01 TLS: Initial packet from [AF_INET]pub.ip.addr.redacted:1194, sid=3243ed37 bc0ce738
2023-11-28 12:40:02 VERIFY OK: depth=1, CN=KlargCA
2023-11-28 12:40:02 VERIFY KU OK
2023-11-28 12:40:02 Validating certificate extended key usage
2023-11-28 12:40:02 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2023-11-28 12:40:02 VERIFY EKU OK
2023-11-28 12:40:02 VERIFY OK: depth=0, CN=klarg-server
2023-11-28 12:40:02 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256
2023-11-28 12:40:02 [klarg-server] Peer Connection Initiated with [AF_INET]pub.ip.addr.redacted:1194
2023-11-28 12:40:02 TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1
2023-11-28 12:40:02 TLS: tls_multi_process: initial untrusted session promoted to trusted
2023-11-28 12:40:02 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.8.0.2 255.255.255.0,peer-id 0,cipher CHACHA20-POLY1305,protocol-flags cc-exit,tun-mtu 1400'
2023-11-28 12:40:02 OPTIONS IMPORT: --ifconfig/up options modified
2023-11-28 12:40:02 OPTIONS IMPORT: route options modified
2023-11-28 12:40:02 OPTIONS IMPORT: route-related options modified
2023-11-28 12:40:02 OPTIONS IMPORT: tun-mtu set to 1400
2023-11-28 12:40:02 ROUTE_GATEWAY 127.100.103.119 IFACE=android-gw
2023-11-28 12:40:02 do_ifconfig, ipv4=1, ipv6=0
2023-11-28 12:40:02 MANAGEMENT: >STATE:1701204002,ASSIGN_IP,,10.8.0.2,,,,
2023-11-28 12:40:02 MANAGEMENT: CMD 'needok 'IFCONFIG' ok'
2023-11-28 12:40:02 MANAGEMENT: CMD 'needok 'ROUTE' ok'
2023-11-28 12:40:02 MANAGEMENT: CMD 'needok 'PERSIST_TUN_ACTION' OPEN_BEFORE_CLOSE'
2023-11-28 12:40:02 Opening tun interface:
2023-11-28 12:40:02 Local IPv4: 10.8.0.2/24 IPv6: (not set) MTU: 1400
2023-11-28 12:40:02 DNS Server: , Domain: null
2023-11-28 12:40:02 Routes: 0.0.0.0/0, 10.8.0.0/24
2023-11-28 12:40:02 Routes excluded: 
2023-11-28 12:40:02 Disallowed VPN apps:
2023-11-28 12:40:02 No DNS servers being used. Name resolution may not work. Consider setting custom DNS Servers. Please also note that Android will keep using your proxy settings specified for your mobile/Wi-Fi connection when no DNS servers are set.
2023-11-28 12:40:02 MANAGEMENT: CMD 'needok 'OPENTUN' ok'
2023-11-28 12:40:02 Data Channel MTU parms [ mss_fix:1360 max_frag:0 tun_mtu:1400 tun_max_mtu:1600 headroom:136 payload:1768 tailroom:562 ET:0 ]
2023-11-28 12:40:02 Outgoing Data Channel: Cipher 'CHACHA20-POLY1305' initialized with 256 bit key
2023-11-28 12:40:02 Incoming Data Channel: Cipher 'CHACHA20-POLY1305' initialized with 256 bit key
2023-11-28 12:40:02 Initialization Sequence Completed
2023-11-28 12:40:02 MANAGEMENT: >STATE:1701204002,CONNECTED,SUCCESS,10.8.0.2,pub.ip.addr.redacted,1194,,
2023-11-28 12:40:02 Data Channel: cipher 'CHACHA20-POLY1305', peer-id: 0
2023-11-28 12:40:02 Timers: ping 10, ping-restart 120
2023-11-28 12:40:02 Protocol options: protocol-flags cc-exit
2023-11-28 12:40:02 Debug state info: CONNECTED LTE to MOBILE ltemobile.apn, pause: userPause, shouldbeconnected: true, network: SHOULDBECONNECTED
2023-11-28 12:40:02 PID_ERR replay [0] [SSL-0] [0] 0:1 0:1 t=1701204002[0] r=[0,64,15,0,1] sl=[63,1,64,528]
2023-11-28 12:40:02 AEAD Decrypt error: bad packet ID (may be a replay): [ #1 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
2023-11-28 12:40:02 PID_ERR replay [0] [SSL-0] [0] 0:1 0:1 t=1701204002[0] r=[0,64,15,0,1] sl=[63,1,64,528]
2023-11-28 12:40:02 AEAD Decrypt error: bad packet ID (may be a replay): [ #1 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
2023-11-28 12:40:02 PID_ERR replay [0] [SSL-0] [0] 0:1 0:1 t=1701204002[0] r=[0,64,15,0,1] sl=[63,1,64,528]
2023-11-28 12:40:02 AEAD Decrypt error: bad packet ID (may be a replay): [ #1 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
2023-11-28 12:40:02 PID_ERR replay [0] [SSL-0] [0] 0:1 0:1 t=1701204002[0] r=[0,64,15,0,1] sl=[63,1,64,528]
2023-11-28 12:40:02 AEAD Decrypt error: bad packet ID (may be a replay): [ #1 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
2023-11-28 12:40:02 PID_ERR replay [0] [SSL-0] [0] 0:1 0:1 t=1701204002[0] r=[0,64,15,0,1] sl=[63,1,64,528]
2023-11-28 12:40:02 AEAD Decrypt error: bad packet ID (may be a replay): [ #1 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
2023-11-28 12:40:03 PID_ERR replay [0] [SSL-0] [1] 0:1 0:1 t=1701204003[0] r=[-1,64,15,0,1] sl=[63,1,64,528]
2023-11-28 12:40:03 AEAD Decrypt error: bad packet ID (may be a replay): [ #1 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
2023-11-28 12:40:03 PID_ERR replay [0] [SSL-0] [1] 0:1 0:1 t=1701204003[0] r=[-1,64,15,0,1] sl=[63,1,64,528]
2023-11-28 12:40:03 AEAD Decrypt error: bad packet ID (may be a replay): [ #1 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
2023-11-28 12:40:03 PID_ERR replay [0] [SSL-0] [1] 0:1 0:1 t=1701204003[0] r=[-1,64,15,0,1] sl=[63,1,64,528]
2023-11-28 12:40:03 AEAD Decrypt error: bad packet ID (may be a replay): [ #1 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
2023-11-28 12:40:03 PID_ERR replay [0] [SSL-0] [1] 0:1 0:1 t=1701204003[0] r=[-1,64,15,0,1] sl=[63,1,64,528]
2023-11-28 12:40:03 AEAD Decrypt error: bad packet ID (may be a replay): [ #1 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
2023-11-28 12:40:03 PID_ERR replay [0] [SSL-0] [1] 0:1 0:1 t=1701204003[0] r=[-1,64,15,0,1] sl=[63,1,64,528]
2023-11-28 12:40:03 AEAD Decrypt error: bad packet ID (may be a replay): [ #1 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
2023-11-28 12:40:03 PID_ERR replay [0] [SSL-0] [1] 0:1 0:1 t=1701204003[0] r=[-1,64,15,0,1] sl=[63,1,64,528]
2023-11-28 12:40:03 AEAD Decrypt error: bad packet ID (may be a replay): [ #1 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
2023-11-28 12:40:03 PID_ERR replay [0] [SSL-0] [1] 0:1 0:1 t=1701204003[0] r=[-1,64,15,0,1] sl=[63,1,64,528]
2023-11-28 12:40:03 AEAD Decrypt error: bad packet ID (may be a replay): [ #1 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
2023-11-28 12:40:03 PID_ERR replay [0] [SSL-0] [1] 0:1 0:1 t=1701204003[0] r=[-1,64,15,0,1] sl=[63,1,64,528]
2023-11-28 12:40:03 AEAD Decrypt error: bad packet ID (may be a replay): [ #1 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
2023-11-28 12:40:04 PID_ERR replay [0] [SSL-0] [2] 0:1 0:1 t=1701204004[0] r=[-2,64,15,0,1] sl=[63,1,64,528]
2023-11-28 12:40:04 AEAD Decrypt error: bad packet ID (may be a replay): [ #1 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
2023-11-28 12:40:04 PID_ERR replay [0] [SSL-0] [2] 0:1 0:1 t=1701204004[0] r=[-2,64,15,0,1] sl=[63,1,64,528]
2023-11-28 12:40:04 AEAD Decrypt error: bad packet ID (may be a replay): [ #1 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
2023-11-28 12:40:06 PID_ERR replay [0] [SSL-0] [4] 0:1 0:1 t=1701204006[0] r=[-4,64,15,0,1] sl=[63,1,64,528]
2023-11-28 12:40:06 AEAD Decrypt error: bad packet ID (may be a replay): [ #1 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
2023-11-28 12:40:06 PID_ERR replay [0] [SSL-0] [4] 0:1 0:1 t=1701204006[0] r=[-4,64,15,0,1] sl=[63,1,64,528]
2023-11-28 12:40:06 AEAD Decrypt error: bad packet ID (may be a replay): [ #1 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
2023-11-28 12:40:10 PID_ERR replay [0] [SSL-0] [8] 0:1 0:1 t=1701204010[0] r=[0,64,15,0,1] sl=[63,1,64,528]
2023-11-28 12:40:10 AEAD Decrypt error: bad packet ID (may be a replay): [ #1 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
2023-11-28 12:40:10 PID_ERR replay [0] [SSL-0] [8] 0:1 0:1 t=1701204010[0] r=[0,64,15,0,1] sl=[63,1,64,528]
2023-11-28 12:40:10 AEAD Decrypt error: bad packet ID (may be a replay): [ #1 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
2023-11-28 12:40:17 PID_ERR replay [0] [SSL-0] [>] 0:1 0:1 t=1701204017[0] r=[0,64,15,0,1] sl=[63,1,64,528]
2023-11-28 12:40:17 AEAD Decrypt error: bad packet ID (may be a replay): [ #1 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
2023-11-28 12:40:17 PID_ERR replay [0] [SSL-0] [>] 0:1 0:1 t=1701204017[0] r=[0,64,15,0,1] sl=[63,1,64,528]
2023-11-28 12:40:17 AEAD Decrypt error: bad packet ID (may be a replay): [ #1 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
2023-11-28 12:40:27 PID_ERR replay [0] [SSL-0] [E] 0:1 0:1 t=1701204027[0] r=[0,64,15,0,1] sl=[63,1,64,528]
2023-11-28 12:40:27 AEAD Decrypt error: bad packet ID (may be a replay): [ #1 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
2023-11-28 12:40:31 PID_ERR replay [0] [SSL-0] [E] 0:1 0:1 t=1701204031[0] r=[-4,64,15,0,1] sl=[63,1,64,528]
2023-11-28 12:40:31 AEAD Decrypt error: bad packet ID (may be a replay): [ #1 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
2023-11-28 12:40:32 PID_ERR replay [0] [SSL-0] [E] 0:1 0:1 t=1701204032[0] r=[0,64,15,0,1] sl=[63,1,64,528]
2023-11-28 12:40:32 AEAD Decrypt error: bad packet ID (may be a replay): [ #1 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
2023-11-28 12:40:32 PID_ERR replay [0] [SSL-0] [E] 0:1 0:1 t=1701204032[0] r=[0,64,15,0,1] sl=[63,1,64,528]
2023-11-28 12:40:32 AEAD Decrypt error: bad packet ID (may be a replay): [ #1 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
2023-11-28 12:40:32 PID_ERR replay [0] [SSL-0] [E] 0:1 0:1 t=1701204032[0] r=[0,64,15,0,1] sl=[63,1,64,528]
2023-11-28 12:40:32 AEAD Decrypt error: bad packet ID (may be a replay): [ #1 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
2023-11-28 12:40:33 PID_ERR replay [0] [SSL-0] [E] 0:1 0:1 t=1701204033[0] r=[-1,64,15,0,1] sl=[63,1,64,528]
2023-11-28 12:40:33 AEAD Decrypt error: bad packet ID (may be a replay): [ #1 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
2023-11-28 12:40:34 PID_ERR replay [0] [SSL-0] [E] 0:1 0:1 t=1701204034[0] r=[-2,64,15,0,1] sl=[63,1,64,528]
2023-11-28 12:40:34 AEAD Decrypt error: bad packet ID (may be a replay): [ #1 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
2023-11-28 12:40:34 PID_ERR replay [0] [SSL-0] [E] 0:1 0:1 t=1701204034[0] r=[-2,64,15,0,1] sl=[63,1,64,528]
2023-11-28 12:40:34 AEAD Decrypt error: bad packet ID (may be a replay): [ #1 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings


Client Settings using the auto-generated ovpn and inline keys/certs removed
Code:

#This is beta build 0.91, use it with care
#OpenVPN client config generated, check if settings are correct see: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=327398, made by egc
client
#windows-driver wintun     # For Windows 10 and OpenVPN 2.5 and higher
verb 3
nobind
persist-key
persist-tun
float
remote-cert-tls server
auth-nocache
tun-mtu 1400    # lowered default can be commented to let OpenVPN decide
#Replace remote address with actual WAN or DDNS address
remote pub.ip.addr.redacted 1194
dev tun
proto udp4
auth none
data-ciphers CHACHA20-POLY1305:AES-128-GCM:AES-256-GCM
#Block IPv6, newer clients could default to IPv6
pull-filter ignore "route-ipv6"
pull-filter ignore "ifconfig-ipv6"
block-ipv6
<tls-crypt>
-----BEGIN OpenVPN Static key V1-----
-snip-
-----END OpenVPN Static key V1-----
</tls-crypt>
<ca>
-----BEGIN CERTIFICATE-----
-snip-
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
-snip-
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
-snip-
-----END PRIVATE KEY-----
</key>
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12795
Location: Netherlands

PostPosted: Wed Nov 29, 2023 9:26    Post subject: Reply with quote
First upgrade to the latest build.

Your phone show connected at 12:40:
Quote:
2023-11-28 12:40:02 Outgoing Data Channel: Cipher 'CHACHA20-POLY1305' initialized with 256 bit key
2023-11-28 12:40:02 Incoming Data Channel: Cipher 'CHACHA20-POLY1305' initialized with 256 bit key
2023-11-28 12:40:02 Initialization Sequence Completed
2023-11-28 12:40:02 MANAGEMENT: >STATE:1701204002,CONNECTED,SUCCESS,10.8.0.2,pub.ip.addr.redacted,1194,,


The server log stops at 12:24 so cannot conclude anything about that.

You have a lot of AEAD decrypt errors, that is a bad network connection, is your cellular provider IPv6 only?
You can do several things to mitigate this:
-Lower MTU from 1400 to 1280 on both sides
-Add to the client config: no-replay

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
BriC
DD-WRT Novice


Joined: 18 Sep 2016
Posts: 7

PostPosted: Wed Nov 29, 2023 17:27    Post subject: Reply with quote
So far, all I have done is upgrade to the newest version. And miraculously (?) connections are now giving me access to my servers on the LAN and I can ping the router (neither of which was working previously).

The VPN server status page now shows a client connection, which it did not previously (indicating the client's actual ipv4 address and a virtual 10.8.0.1)...explaining why I can connect to the LAN now, I guess.

Attempts at browsing still time out with messages that indicate they are unable to connect (net::ERR_ADDRESS_UNREACHABLE in Chrome based browsers)

And the server log now does not show the AEAD decrypt errors that it has had the last week.
(I suppose there's little value to say that my phone settings show "ipv4/ipv6" both selected in "APN Protocol" and visiting something like 'whatismyip.com' shows both v4 and v6 addresses.)

Given the state of things, I haven't disabled the replay protection or reduced the MTU.

I'm a bit amazed that it was truly something in the build of a couple weeks ago that was not cooperating with my router, but I'll not complain. Great news!

What information can shed light on the problems with client access to the server WAN?
BriC
DD-WRT Novice


Joined: 18 Sep 2016
Posts: 7

PostPosted: Wed Nov 29, 2023 17:46    Post subject: Reply with quote
Here is the server log and the client log. Is there any significance to the server message "MANAGEMENT: Client disconnected " when the client was still reporting 'connected' (in the app interface ... before I manually disconnected)?

Code:
Log
Server Log:
20231129 09:35:15 NOTE: --mute triggered...
20231129 09:35:19 1 variation(s) on previous 3 message(s) suppressed by --mute
20231129 09:35:19 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:39128
20231129 09:35:19 D MANAGEMENT: CMD 'state'
20231129 09:35:19 MANAGEMENT: Client disconnected
20231129 09:35:19 NOTE: --mute triggered...
20231129 09:35:19 1 variation(s) on previous 3 message(s) suppressed by --mute
20231129 09:35:19 D MANAGEMENT: CMD 'state'
20231129 09:35:19 MANAGEMENT: Client disconnected
20231129 09:35:19 NOTE: --mute triggered...
20231129 09:35:19 1 variation(s) on previous 3 message(s) suppressed by --mute
20231129 09:35:19 D MANAGEMENT: CMD 'state'
20231129 09:35:19 MANAGEMENT: Client disconnected
20231129 09:35:19 NOTE: --mute triggered...
20231129 09:35:19 3 variation(s) on previous 3 message(s) suppressed by --mute
20231129 09:35:19 D MANAGEMENT: CMD 'status 2'
20231129 09:35:19 MANAGEMENT: Client disconnected
20231129 09:35:20 NOTE: --mute triggered...
20231129 09:35:20 1 variation(s) on previous 3 message(s) suppressed by --mute
20231129 09:35:20 D MANAGEMENT: CMD 'status 2'
20231129 09:35:20 MANAGEMENT: Client disconnected
20231129 09:35:20 NOTE: --mute triggered...
20231129 09:35:20 1 variation(s) on previous 3 message(s) suppressed by --mute
20231129 09:35:20 D MANAGEMENT: CMD 'log 500'
20231129 09:35:20 MANAGEMENT: Client disconnected
20231129 09:35:25 N read UDPv4 [ECONNREFUSED]: Connection refused (fd=6 code=111)
20231129 09:35:25 NOTE: --mute triggered...
20231129 09:35:57 Connection Attempt 8 variation(s) on previous 3 message(s) suppressed by --mute
20231129 09:35:57 Connection Attempt MULTI: multi_create_instance called
20231129 09:35:57 pub.ip.addr.redacted:36237 Re-using SSL/TLS context
20231129 09:35:57 pub.ip.addr.redacted:36237 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
20231129 09:35:57 pub.ip.addr.redacted:36237 NOTE: --mute triggered...
20231129 09:35:57 pub.ip.addr.redacted:36237 3 variation(s) on previous 3 message(s) suppressed by --mute
20231129 09:35:57 pub.ip.addr.redacted:36237 Control Channel MTU parms [ mss_fix:0 max_frag:0 tun_mtu:1250 tun_max_mtu:0 headroom:126 payload:1600 tailroom:126 ET:0 ]
20231129 09:35:57 pub.ip.addr.redacted:36237 NOTE: --mute triggered...
20231129 09:35:57 1 variation(s) on previous 3 message(s) suppressed by --mute
20231129 09:35:57 N read UDPv4 [ECONNREFUSED]: Connection refused (fd=6 code=111)
20231129 09:35:57 NOTE: --mute triggered...
20231129 09:35:58 pub.ip.addr.redacted:36237 3 variation(s) on previous 3 message(s) suppressed by --mute
20231129 09:35:58 pub.ip.addr.redacted:36237 VERIFY OK: depth=1 CN=KlargCA
20231129 09:35:58 pub.ip.addr.redacted:36237 NOTE: --mute triggered...
20231129 09:35:58 pub.ip.addr.redacted:36237 1 variation(s) on previous 3 message(s) suppressed by --mute
20231129 09:35:58 I pub.ip.addr.redacted:36237 peer info: IV_VER=2.7_master
20231129 09:35:58 I pub.ip.addr.redacted:36237 peer info: IV_PLAT=android
20231129 09:35:58 I pub.ip.addr.redacted:36237 peer info: IV_TCPNL=1
20231129 09:35:58 I pub.ip.addr.redacted:36237 peer info: IV_MTU=1600
20231129 09:35:58 I pub.ip.addr.redacted:36237 peer info: IV_NCP=2
20231129 09:35:58 I pub.ip.addr.redacted:36237 peer info: IV_CIPHERS=CHACHA20-POLY1305:AES-128-GCM:AES-256-GCM
20231129 09:35:58 I pub.ip.addr.redacted:36237 peer info: IV_PROTO=470
20231129 09:35:58 I pub.ip.addr.redacted:36237 peer info: IV_LZO_STUB=1
20231129 09:35:58 I pub.ip.addr.redacted:36237 peer info: IV_COMP_STUB=1
20231129 09:35:58 I pub.ip.addr.redacted:36237 peer info: IV_COMP_STUBv2=1
20231129 09:35:58 I pub.ip.addr.redacted:36237 peer info: IV_GUI_VER=de.blinkt.openvpn_0.7.49
20231129 09:35:58 I pub.ip.addr.redacted:36237 peer info: IV_SSO=openurl webauth crtext
20231129 09:35:58 pub.ip.addr.redacted:36237 TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1
20231129 09:35:58 pub.ip.addr.redacted:36237 NOTE: --mute triggered...
20231129 09:35:58 1 variation(s) on previous 3 message(s) suppressed by --mute
20231129 09:35:58 N read UDPv4 [ECONNREFUSED]: Connection refused (fd=6 code=111)
20231129 09:35:58 NOTE: --mute triggered...
20231129 09:35:58 pub.ip.addr.redacted:36237 1 variation(s) on previous 3 message(s) suppressed by --mute
20231129 09:35:58 pub.ip.addr.redacted:36237 Control Channel: TLSv1.3 cipher TLSv1.3 TLS_AES_256_GCM_SHA384 peer certificate: 2048 bits RSA signature: RSA-SHA256 peer temporary key: 384 bits EC curve secp384r1
20231129 09:35:58 I pub.ip.addr.redacted:36237 [klarg-mobile-bc] Peer Connection Initiated with [AF_INET]pub.ip.addr.redacted:36237
20231129 09:35:58 I klarg-mobile-bc/pub.ip.addr.redacted:36237 MULTI_sva: pool returned IPv4=10.8.0.3 IPv6=(Not enabled)
20231129 09:35:58 klarg-mobile-bc/pub.ip.addr.redacted:36237 OPTIONS IMPORT: reading client specific options from: /tmp/openvpn_cc_6a1e03df1f127780.tmp
20231129 09:35:58 klarg-mobile-bc/pub.ip.addr.redacted:36237 MULTI: Learn: 10.8.0.3 -> klarg-mobile-bc/pub.ip.addr.redacted:36237
20231129 09:35:58 klarg-mobile-bc/pub.ip.addr.redacted:36237 NOTE: --mute triggered...
20231129 09:35:58 klarg-mobile-bc/pub.ip.addr.redacted:36237 1 variation(s) on previous 3 message(s) suppressed by --mute
20231129 09:35:58 klarg-mobile-bc/pub.ip.addr.redacted:36237 Data Channel MTU parms [ mss_fix:1360 max_frag:0 tun_mtu:1400 tun_max_mtu:1600 headroom:136 payload:1768 tailroom:562 ET:0 ]
20231129 09:35:58 klarg-mobile-bc/pub.ip.addr.redacted:36237 SENT CONTROL [klarg-mobile-bc]: 'PUSH_REPLY redirect-gateway def1 route-gateway 10.8.0.1 topology subnet ping 10 ping-restart 120 ifconfig 10.8.0.3 255.255.255.0 peer-id 1 cipher CHACHA20-POLY1305 protocol-flags cc-exit tun-mtu 1400' (status=1)
20231129 09:35:58 N read UDPv4 [ECONNREFUSED]: Connection refused (fd=6 code=111)
20231129 09:35:58 NOTE: --mute triggered...
20231129 09:35:59 klarg-mobile-bc/pub.ip.addr.redacted:36237 4 variation(s) on previous 3 message(s) suppressed by --mute
20231129 09:35:59 klarg-mobile-bc/pub.ip.addr.redacted:36237 Data Channel: cipher 'CHACHA20-POLY1305' peer-id: 0
20231129 09:35:59 klarg-mobile-bc/pub.ip.addr.redacted:36237 NOTE: --mute triggered...
20231129 09:35:59 2 variation(s) on previous 3 message(s) suppressed by --mute
20231129 09:35:59 N read UDPv4 [ECONNREFUSED]: Connection refused (fd=6 code=111)
20231129 09:36:01 NOTE: --mute triggered...
20231129 09:36:35 22 variation(s) on previous 3 message(s) suppressed by --mute
20231129 09:36:35 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:39198
20231129 09:36:35 D MANAGEMENT: CMD 'state'
20231129 09:36:35 MANAGEMENT: Client disconnected
20231129 09:36:35 NOTE: --mute triggered...
20231129 09:36:35 1 variation(s) on previous 3 message(s) suppressed by --mute
20231129 09:36:35 D MANAGEMENT: CMD 'state'
20231129 09:36:35 MANAGEMENT: Client disconnected
20231129 09:36:35 NOTE: --mute triggered...
20231129 09:36:35 1 variation(s) on previous 3 message(s) suppressed by --mute
20231129 09:36:35 D MANAGEMENT: CMD 'state'
20231129 09:36:35 MANAGEMENT: Client disconnected
20231129 09:36:35 NOTE: --mute triggered...
20231129 09:36:35 3 variation(s) on previous 3 message(s) suppressed by --mute
20231129 09:36:35 D MANAGEMENT: CMD 'status 2'
20231129 09:36:35 MANAGEMENT: Client disconnected
20231129 09:36:35 NOTE: --mute triggered...
20231129 09:36:35 1 variation(s) on previous 3 message(s) suppressed by --mute
20231129 09:36:35 D MANAGEMENT: CMD 'status 2'
20231129 09:36:35 MANAGEMENT: Client disconnected
20231129 09:36:35 NOTE: --mute triggered...
20231129 09:36:35 1 variation(s) on previous 3 message(s) suppressed by --mute
20231129 09:36:35 D MANAGEMENT: CMD 'log 500'
19691231 16:00:00



Client VPN Log:

Code:
2023-11-29 09:35:55 official build 0.7.49 running on google Pixel 2 (walleye), Android 13 (TQ3A.230901.001) API 33, ABI arm64-v8a, (google/walleye/walleye:11/RP1A.201005.004.A1/6934943:user/release-keys)
2023-11-29 09:35:55 Building configuration…
2023-11-29 09:35:55 Fetched VPN profile (mobile) triggered by main profile list
2023-11-29 09:35:55 Scheduling VPN keep alive for VPN mobile
2023-11-29 09:35:55 started Socket Thread
2023-11-29 09:35:55 Network Status: CONNECTED LTE to MOBILE ltemobile.apn
2023-11-29 09:35:55 Debug state info: CONNECTED LTE to MOBILE ltemobile.apn, pause: userPause, shouldbeconnected: true, network: SHOULDBECONNECTED
2023-11-29 09:35:55 Debug state info: CONNECTED LTE to MOBILE ltemobile.apn, pause: userPause, shouldbeconnected: true, network: SHOULDBECONNECTED
2023-11-29 09:35:55 P:WARNING: linker: Warning: "/data/app/~~ZvICMapsnpyvCj_Xy-r6xA==/de.blinkt.openvpn-CTK69i3AMiithx2tj3VGNA==/lib/arm64/libovpnexec.so" is not a directory (ignoring)
2023-11-29 09:35:55 Note: --cipher is not set. OpenVPN versions before 2.5 defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers-fallback BF-CBC' to your configuration and/or add BF-CBC to --data-ciphers.
2023-11-29 09:35:55 Current Parameter Settings:
2023-11-29 09:35:55   config = 'stdin'
2023-11-29 09:35:55   mode = 0
2023-11-29 09:35:55   show_ciphers = DISABLED
2023-11-29 09:35:55   show_digests = DISABLED
2023-11-29 09:35:55   show_engines = DISABLED
2023-11-29 09:35:55   genkey = DISABLED
2023-11-29 09:35:55   genkey_filename = '[UNDEF]'
2023-11-29 09:35:55   key_pass_file = '[UNDEF]'
2023-11-29 09:35:55   show_tls_ciphers = DISABLED
2023-11-29 09:35:55   connect_retry_max = 0
2023-11-29 09:35:55 Connection profiles [0]:
2023-11-29 09:35:55   proto = udp
2023-11-29 09:35:55   local = '[UNDEF]'
2023-11-29 09:35:55   local_port = '[UNDEF]'
2023-11-29 09:35:55   remote = 'srvr.ip.addr.redacted'
2023-11-29 09:35:55   remote_port = '1194'
2023-11-29 09:35:55   remote_float = ENABLED
2023-11-29 09:35:55   bind_defined = DISABLED
2023-11-29 09:35:55   bind_local = DISABLED
2023-11-29 09:35:55   bind_ipv6_only = DISABLED
2023-11-29 09:35:55   connect_retry_seconds = 2
2023-11-29 09:35:55   connect_timeout = 120
2023-11-29 09:35:55   socks_proxy_server = '[UNDEF]'
2023-11-29 09:35:55   socks_proxy_port = '[UNDEF]'
2023-11-29 09:35:55   tun_mtu = 1400
2023-11-29 09:35:55   tun_mtu_defined = ENABLED
2023-11-29 09:35:55   link_mtu = 1500
2023-11-29 09:35:55   link_mtu_defined = DISABLED
2023-11-29 09:35:55   tun_mtu_extra = 0
2023-11-29 09:35:55   tun_mtu_extra_defined = DISABLED
2023-11-29 09:35:55   tls_mtu = 1250
2023-11-29 09:35:55   mtu_discover_type = -1
2023-11-29 09:35:55   fragment = 0
2023-11-29 09:35:55   mssfix = 1400
2023-11-29 09:35:55   mssfix_encap = ENABLED
2023-11-29 09:35:55   mssfix_fixed = ENABLED
2023-11-29 09:35:55   explicit_exit_notification = 0
2023-11-29 09:35:55   tls_auth_file = '[UNDEF]'
2023-11-29 09:35:55   key_direction = not set
2023-11-29 09:35:55   tls_crypt_file = '[INLINE]'
2023-11-29 09:35:55   tls_crypt_v2_file = '[UNDEF]'
2023-11-29 09:35:55 Connection profiles END
2023-11-29 09:35:55   remote_random = DISABLED
2023-11-29 09:35:55   ipchange = '[UNDEF]'
2023-11-29 09:35:55   dev = 'tun'
2023-11-29 09:35:55   dev_type = '[UNDEF]'
2023-11-29 09:35:55   dev_node = '[UNDEF]'
2023-11-29 09:35:55   lladdr = '[UNDEF]'
2023-11-29 09:35:55   topology = 1
2023-11-29 09:35:55   ifconfig_local = '[UNDEF]'
2023-11-29 09:35:55   ifconfig_remote_netmask = '[UNDEF]'
2023-11-29 09:35:55   ifconfig_noexec = DISABLED
2023-11-29 09:35:55   ifconfig_nowarn = ENABLED
2023-11-29 09:35:55   ifconfig_ipv6_local = '[UNDEF]'
2023-11-29 09:35:55   ifconfig_ipv6_netbits = 0
2023-11-29 09:35:55   ifconfig_ipv6_remote = '[UNDEF]'
2023-11-29 09:35:55   shaper = 0
2023-11-29 09:35:55   mtu_test = 0
2023-11-29 09:35:55   mlock = DISABLED
2023-11-29 09:35:55   keepalive_ping = 0
2023-11-29 09:35:55   keepalive_timeout = 0
2023-11-29 09:35:55   inactivity_timeout = 0
2023-11-29 09:35:55   session_timeout = 0
2023-11-29 09:35:55   inactivity_minimum_bytes = 0
2023-11-29 09:35:55   ping_send_timeout = 0
2023-11-29 09:35:55   ping_rec_timeout = 0
2023-11-29 09:35:55   ping_rec_timeout_action = 0
2023-11-29 09:35:55   ping_timer_remote = DISABLED
2023-11-29 09:35:55   remap_sigusr1 = 0
2023-11-29 09:35:55   persist_tun = ENABLED
2023-11-29 09:35:55   persist_local_ip = DISABLED
2023-11-29 09:35:55   persist_remote_ip = DISABLED
2023-11-29 09:35:55   persist_key = DISABLED
2023-11-29 09:35:55   passtos = DISABLED
2023-11-29 09:35:55   resolve_retry_seconds = 60
2023-11-29 09:35:55   resolve_in_advance = ENABLED
2023-11-29 09:35:55   username = '[UNDEF]'
2023-11-29 09:35:55   groupname = '[UNDEF]'
2023-11-29 09:35:55   chroot_dir = '[UNDEF]'
2023-11-29 09:35:55   cd_dir = '[UNDEF]'
2023-11-29 09:35:55   writepid = '[UNDEF]'
2023-11-29 09:35:55   up_script = '[UNDEF]'
2023-11-29 09:35:55   down_script = '[UNDEF]'
2023-11-29 09:35:55   down_pre = DISABLED
2023-11-29 09:35:55   up_restart = DISABLED
2023-11-29 09:35:55   up_delay = DISABLED
2023-11-29 09:35:55   daemon = DISABLED
2023-11-29 09:35:55   log = DISABLED
2023-11-29 09:35:55   suppress_timestamps = DISABLED
2023-11-29 09:35:55   machine_readable_output = ENABLED
2023-11-29 09:35:55   nice = 0
2023-11-29 09:35:55   verbosity = 4
2023-11-29 09:35:55   mute = 0
2023-11-29 09:35:55   gremlin = 0
2023-11-29 09:35:55   status_file = '[UNDEF]'
2023-11-29 09:35:55   status_file_version = 1
2023-11-29 09:35:55   status_file_update_freq = 60
2023-11-29 09:35:55   occ = ENABLED
2023-11-29 09:35:55   rcvbuf = 0
2023-11-29 09:35:55   sndbuf = 0
2023-11-29 09:35:55   sockflags = 0
2023-11-29 09:35:55   fast_io = DISABLED
2023-11-29 09:35:55   comp.alg = 0
2023-11-29 09:35:55   comp.flags = 24
2023-11-29 09:35:55   route_script = '[UNDEF]'
2023-11-29 09:35:55   route_default_gateway = '[UNDEF]'
2023-11-29 09:35:55   route_default_metric = 0
2023-11-29 09:35:55   route_noexec = DISABLED
2023-11-29 09:35:55   route_delay = 0
2023-11-29 09:35:55   route_delay_window = 30
2023-11-29 09:35:55   route_delay_defined = DISABLED
2023-11-29 09:35:55   route_nopull = DISABLED
2023-11-29 09:35:55   route_gateway_via_dhcp = DISABLED
2023-11-29 09:35:55   allow_pull_fqdn = DISABLED
2023-11-29 09:35:55   Pull filters:
2023-11-29 09:35:55     ignore "route-ipv6"
2023-11-29 09:35:55     ignore "ifconfig-ipv6"
2023-11-29 09:35:55   management_addr = '/data/user/0/de.blinkt.openvpn/cache/mgmtsocket'
2023-11-29 09:35:55   management_port = 'unix'
2023-11-29 09:35:55   management_user_pass = '[UNDEF]'
2023-11-29 09:35:55   management_log_history_cache = 250
2023-11-29 09:35:55   management_echo_buffer_size = 100
2023-11-29 09:35:55   management_client_user = '[UNDEF]'
2023-11-29 09:35:55   management_client_group = '[UNDEF]'
2023-11-29 09:35:55   management_flags = 16678
2023-11-29 09:35:55   shared_secret_file = '[UNDEF]'
2023-11-29 09:35:55   key_direction = not set
2023-11-29 09:35:55   ciphername = 'BF-CBC'
2023-11-29 09:35:55   ncp_ciphers = 'CHACHA20-POLY1305:AES-128-GCM:AES-256-GCM'
2023-11-29 09:35:55   authname = 'none'
2023-11-29 09:35:55   engine = DISABLED
2023-11-29 09:35:55   replay = ENABLED
2023-11-29 09:35:55   mute_replay_warnings = DISABLED
2023-11-29 09:35:55   replay_window = 64
2023-11-29 09:35:55   replay_time = 15
2023-11-29 09:35:55   packet_id_file = '[UNDEF]'
2023-11-29 09:35:55   test_crypto = DISABLED
2023-11-29 09:35:55   tls_server = DISABLED
2023-11-29 09:35:55 Waiting 0s seconds between connection attempt
2023-11-29 09:35:55   tls_client = ENABLED
2023-11-29 09:35:55   ca_file = '[INLINE]'
2023-11-29 09:35:55   ca_path = '[UNDEF]'
2023-11-29 09:35:55   dh_file = '[UNDEF]'
2023-11-29 09:35:55   cert_file = '[INLINE]'
2023-11-29 09:35:55   extra_certs_file = '[UNDEF]'
2023-11-29 09:35:55   priv_key_file = '[INLINE]'
2023-11-29 09:35:55   pkcs12_file = '[UNDEF]'
2023-11-29 09:35:55   cipher_list = '[UNDEF]'
2023-11-29 09:35:55   cipher_list_tls13 = '[UNDEF]'
2023-11-29 09:35:55   tls_cert_profile = '[UNDEF]'
2023-11-29 09:35:55   tls_verify = '[UNDEF]'
2023-11-29 09:35:55   tls_export_cert = '[UNDEF]'
2023-11-29 09:35:55   verify_x509_type = 0
2023-11-29 09:35:55   verify_x509_name = '[UNDEF]'
2023-11-29 09:35:55   crl_file = '[UNDEF]'
2023-11-29 09:35:55   ns_cert_type = 0
2023-11-29 09:35:55   remote_cert_ku[i] = 65535
2023-11-29 09:35:55   remote_cert_ku[i] = 0
2023-11-29 09:35:55   remote_cert_ku[i] = 0
2023-11-29 09:35:55   remote_cert_ku[i] = 0
2023-11-29 09:35:55   remote_cert_ku[i] = 0
2023-11-29 09:35:55   remote_cert_ku[i] = 0
2023-11-29 09:35:55   remote_cert_ku[i] = 0
2023-11-29 09:35:55   remote_cert_ku[i] = 0
2023-11-29 09:35:55   remote_cert_ku[i] = 0
2023-11-29 09:35:55   remote_cert_ku[i] = 0
2023-11-29 09:35:55   remote_cert_ku[i] = 0
2023-11-29 09:35:55   remote_cert_ku[i] = 0
2023-11-29 09:35:55   remote_cert_ku[i] = 0
2023-11-29 09:35:55   remote_cert_ku[i] = 0
2023-11-29 09:35:55   remote_cert_ku[i] = 0
2023-11-29 09:35:55   remote_cert_ku[i] = 0
2023-11-29 09:35:55   remote_cert_eku = 'TLS Web Server Authentication'
2023-11-29 09:35:55   ssl_flags = 192
2023-11-29 09:35:55   tls_timeout = 2
2023-11-29 09:35:55   renegotiate_bytes = -1
2023-11-29 09:35:55   renegotiate_packets = 0
2023-11-29 09:35:55   renegotiate_seconds = 3600
2023-11-29 09:35:55   handshake_window = 60
2023-11-29 09:35:55   transition_window = 3600
2023-11-29 09:35:55   single_session = DISABLED
2023-11-29 09:35:55   push_peer_info = DISABLED
2023-11-29 09:35:55   tls_exit = DISABLED
2023-11-29 09:35:55   tls_crypt_v2_metadata = '[UNDEF]'
2023-11-29 09:35:55   server_network = 0.0.0.0
2023-11-29 09:35:55   server_netmask = 0.0.0.0
2023-11-29 09:35:55   server_network_ipv6 = ::
2023-11-29 09:35:55   server_netbits_ipv6 = 0
2023-11-29 09:35:55   server_bridge_ip = 0.0.0.0
2023-11-29 09:35:55   server_bridge_netmask = 0.0.0.0
2023-11-29 09:35:55   server_bridge_pool_start = 0.0.0.0
2023-11-29 09:35:55   server_bridge_pool_end = 0.0.0.0
2023-11-29 09:35:55   ifconfig_pool_defined = DISABLED
2023-11-29 09:35:55   ifconfig_pool_start = 0.0.0.0
2023-11-29 09:35:55   ifconfig_pool_end = 0.0.0.0
2023-11-29 09:35:55   ifconfig_pool_netmask = 0.0.0.0
2023-11-29 09:35:55   ifconfig_pool_persist_filename = '[UNDEF]'
2023-11-29 09:35:55   ifconfig_pool_persist_refresh_freq = 600
2023-11-29 09:35:55   ifconfig_ipv6_pool_defined = DISABLED
2023-11-29 09:35:55   ifconfig_ipv6_pool_base = ::
2023-11-29 09:35:55   ifconfig_ipv6_pool_netbits = 0
2023-11-29 09:35:55   n_bcast_buf = 256
2023-11-29 09:35:55   tcp_queue_limit = 64
2023-11-29 09:35:55   real_hash_size = 256
2023-11-29 09:35:55   virtual_hash_size = 256
2023-11-29 09:35:55   client_connect_script = '[UNDEF]'
2023-11-29 09:35:55   learn_address_script = '[UNDEF]'
2023-11-29 09:35:55   client_disconnect_script = '[UNDEF]'
2023-11-29 09:35:55   client_crresponse_script = '[UNDEF]'
2023-11-29 09:35:55   client_config_dir = '[UNDEF]'
2023-11-29 09:35:55   ccd_exclusive = DISABLED
2023-11-29 09:35:55   tmp_dir = '/data/data/de.blinkt.openvpn/cache'
2023-11-29 09:35:55   push_ifconfig_defined = DISABLED
2023-11-29 09:35:55   push_ifconfig_local = 0.0.0.0
2023-11-29 09:35:55   push_ifconfig_remote_netmask = 0.0.0.0
2023-11-29 09:35:55   push_ifconfig_ipv6_defined = DISABLED
2023-11-29 09:35:55   push_ifconfig_ipv6_local = ::/0
2023-11-29 09:35:55   push_ifconfig_ipv6_remote = ::
2023-11-29 09:35:55   enable_c2c = DISABLED
2023-11-29 09:35:55   duplicate_cn = DISABLED
2023-11-29 09:35:55   cf_max = 0
2023-11-29 09:35:55   cf_per = 0
2023-11-29 09:35:55   cf_initial_max = 100
2023-11-29 09:35:55   cf_initial_per = 10
2023-11-29 09:35:55   max_clients = 1024
2023-11-29 09:35:55   max_routes_per_client = 256
2023-11-29 09:35:55   auth_user_pass_verify_script = '[UNDEF]'
2023-11-29 09:35:55   auth_user_pass_verify_script_via_file = DISABLED
2023-11-29 09:35:55   auth_token_generate = DISABLED
2023-11-29 09:35:55   auth_token_lifetime = 0
2023-11-29 09:35:55   auth_token_secret_file = '[UNDEF]'
2023-11-29 09:35:55   port_share_host = '[UNDEF]'
2023-11-29 09:35:55   port_share_port = '[UNDEF]'
2023-11-29 09:35:55   vlan_tagging = DISABLED
2023-11-29 09:35:55   vlan_accept = all
2023-11-29 09:35:55   vlan_pvid = 1
2023-11-29 09:35:55   client = ENABLED
2023-11-29 09:35:55   pull = ENABLED
2023-11-29 09:35:55   auth_user_pass_file = '[UNDEF]'
2023-11-29 09:35:55 OpenVPN 2.7-icsopenvpn [git:icsopenvpn/v0.7.49-0-ga80f21b1] arm64-v8a [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Aug 26 2023
2023-11-29 09:35:55 library versions: OpenSSL 3.1.2 1 Aug 2023, LZO 2.10
2023-11-29 09:35:55 MANAGEMENT: Connected to management server at /data/user/0/de.blinkt.openvpn/cache/mgmtsocket
2023-11-29 09:35:55 MANAGEMENT: CMD 'version 3'
2023-11-29 09:35:55 MANAGEMENT: CMD 'hold release'
2023-11-29 09:35:55 MANAGEMENT: CMD 'bytecount 2'
2023-11-29 09:35:55 MANAGEMENT: CMD 'state on'
2023-11-29 09:35:55 MANAGEMENT: CMD 'proxy NONE'
2023-11-29 09:35:56 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2023-11-29 09:35:56 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2023-11-29 09:35:56 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2023-11-29 09:35:56 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2023-11-29 09:35:56 Control Channel MTU parms [ mss_fix:0 max_frag:0 tun_mtu:1250 tun_max_mtu:0 headroom:126 payload:1600 tailroom:126 ET:0 ]
2023-11-29 09:35:56 Data Channel MTU parms [ mss_fix:0 max_frag:0 tun_mtu:1400 tun_max_mtu:1600 headroom:136 payload:1768 tailroom:562 ET:0 ]
2023-11-29 09:35:56 TCP/UDP: Preserving recently used remote address: [AF_INET]srvr.ip.addr.redacted:1194
2023-11-29 09:35:56 Socket Buffers: R=[212992->212992] S=[212992->212992]
2023-11-29 09:35:56 MANAGEMENT: CMD 'needok 'PROTECTFD' ok'
2023-11-29 09:35:56 UDPv4 link local: (not bound)
2023-11-29 09:35:56 UDPv4 link remote: [AF_INET]srvr.ip.addr.redacted:1194
2023-11-29 09:35:56 MANAGEMENT: >STATE:1701279356,WAIT,,,,,,
2023-11-29 09:35:56 MANAGEMENT: >STATE:1701279356,AUTH,,,,,,
2023-11-29 09:35:56 TLS: Initial packet from [AF_INET]srvr.ip.addr.redacted:1194, sid=4f4aa12b cac5b86d
2023-11-29 09:35:56 VERIFY OK: depth=1, CN=KlargCA
2023-11-29 09:35:56 VERIFY KU OK
2023-11-29 09:35:56 Validating certificate extended key usage
2023-11-29 09:35:56 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2023-11-29 09:35:56 VERIFY EKU OK
2023-11-29 09:35:56 VERIFY OK: depth=0, CN=klarg-server
2023-11-29 09:35:57 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256
2023-11-29 09:35:57 [klarg-server] Peer Connection Initiated with [AF_INET]srvr.ip.addr.redacted:1194
2023-11-29 09:35:57 TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1
2023-11-29 09:35:57 TLS: tls_multi_process: initial untrusted session promoted to trusted
2023-11-29 09:35:57 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.8.0.3 255.255.255.0,peer-id 1,cipher CHACHA20-POLY1305,protocol-flags cc-exit,tun-mtu 1400'
2023-11-29 09:35:57 OPTIONS IMPORT: --ifconfig/up options modified
2023-11-29 09:35:57 OPTIONS IMPORT: route options modified
2023-11-29 09:35:57 OPTIONS IMPORT: route-related options modified
2023-11-29 09:35:57 OPTIONS IMPORT: tun-mtu set to 1400
2023-11-29 09:35:57 ROUTE_GATEWAY 127.100.103.119 IFACE=android-gw
2023-11-29 09:35:57 do_ifconfig, ipv4=1, ipv6=0
2023-11-29 09:35:57 MANAGEMENT: >STATE:1701279357,ASSIGN_IP,,10.8.0.3,,,,
2023-11-29 09:35:57 MANAGEMENT: CMD 'needok 'IFCONFIG' ok'
2023-11-29 09:35:57 MANAGEMENT: CMD 'needok 'ROUTE' ok'
2023-11-29 09:35:57 MANAGEMENT: CMD 'needok 'PERSIST_TUN_ACTION' OPEN_BEFORE_CLOSE'
2023-11-29 09:35:57 Opening tun interface:
2023-11-29 09:35:57 Local IPv4: 10.8.0.3/24 IPv6: (not set) MTU: 1400
2023-11-29 09:35:57 DNS Server: , Domain: null
2023-11-29 09:35:57 Routes: 0.0.0.0/0, 10.8.0.0/24
2023-11-29 09:35:57 Routes excluded: 
2023-11-29 09:35:57 Disallowed VPN apps:
2023-11-29 09:35:57 No DNS servers being used. Name resolution may not work. Consider setting custom DNS Servers. Please also note that Android will keep using your proxy settings specified for your mobile/Wi-Fi connection when no DNS servers are set.
2023-11-29 09:35:57 MANAGEMENT: CMD 'needok 'OPENTUN' ok'
2023-11-29 09:35:57 Data Channel MTU parms [ mss_fix:1360 max_frag:0 tun_mtu:1400 tun_max_mtu:1600 headroom:136 payload:1768 tailroom:562 ET:0 ]
2023-11-29 09:35:57 Outgoing Data Channel: Cipher 'CHACHA20-POLY1305' initialized with 256 bit key
2023-11-29 09:35:57 Incoming Data Channel: Cipher 'CHACHA20-POLY1305' initialized with 256 bit key
2023-11-29 09:35:57 Initialization Sequence Completed
2023-11-29 09:35:57 MANAGEMENT: >STATE:1701279357,CONNECTED,SUCCESS,10.8.0.3,srvr.ip.addr.redacted,1194,,
2023-11-29 09:35:57 Data Channel: cipher 'CHACHA20-POLY1305', peer-id: 1
2023-11-29 09:35:57 Timers: ping 10, ping-restart 120
2023-11-29 09:35:57 Protocol options: protocol-flags cc-exit
2023-11-29 09:35:57 Debug state info: CONNECTED LTE to MOBILE ltemobile.apn, pause: userPause, shouldbeconnected: true, network: SHOULDBECONNECTED
2023-11-29 09:36:00 PID_ERR replay-window backtrack occurred [2] [SSL-0] [0__0023333] 0:10 0:8 t=1701279360[0] r=[-3,64,15,2,1] sl=[54,10,64,528]
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12795
Location: Netherlands

PostPosted: Thu Nov 30, 2023 7:08    Post subject: Reply with quote
BriC wrote:
Here is the server log and the client log. Is there any significance to the server message "MANAGEMENT: Client disconnected " when the client was still reporting 'connected' (in the app interface ... before I manually disconnected)?


This question has been answered so often that you cannot count it any more.

This is the last time I am answering it Wink

The management client is you looking at the status page.
Each time you look the management client (=you) opens the management client and retrieves the stats and closes/disconnect the management client.

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
BriC
DD-WRT Novice


Joined: 18 Sep 2016
Posts: 7

PostPosted: Thu Nov 30, 2023 18:08    Post subject: Reply with quote
egc wrote:

This question has been answered so often that you cannot count it any more.

This is the last time I am answering it Wink

The management client is you looking at the status page.
Each time you look the management client (=you) opens the management client and retrieves the stats and closes/disconnect the management client.


Well, I thank you for the answer. In fact, I re-read my own questions and was about to comment that I had read last night in another thread (not mine) that the web interface is registered as a client and then when I reloaded the thread -- you had already answered it. So you answered my question twice. Sorry about that. Much appreciated.

BriC wrote:
What information can shed light on the problems with client access to the server WAN?


I realize that my initial post contained multiple questions (some are solved) but this problem remains.

I have followed 'step 8a' in the guide as near as I understand. I do have 'Push Client Route' set to 'Default Gateway' and so, I have enabled 'Allow Clients WAN Access'. I have also tried firewall with nothing, and with both of the two iptables variations. Currently, I am back with:

iptables -t nat -I POSTROUTING -s 10.8.0.0/24 -o $(get_wanface) -j MASQUERADE

Per the troubleshooting guide, everything is coming up vlan2.

Code:
root@DD-WRT:~# nvram get wan_iface
vlan2
root@DD-WRT:~# nvram get wan_ifname
vlan2
root@DD-WRT:~# get_wanface
vlan2
root@DD-WRT:~# echo WAN_IF="$(route -n | awk '/^0.0.0.0/{wif=$NF} END {print wif}')"
WAN_IF=vlan2
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum