OpenVPN Site-to-Site using UDP4 - 'TLS Error' w/o tls-crypt

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
View previous topic :: View next topic  
Author Message
sasholal
DD-WRT Novice


Joined: 27 Jan 2020
Posts: 1
PostPosted: Fri Apr 10, 2020 21:16    Post subject: OpenVPN Site-to-Site using UDP4 - 'TLS Error' w/o tls-crypt Reply with quote
I have used OpenVPN w/ the routers stated below as I was using TCP4 for OpenVPN but my connections started dropping. I believe this is the TCP Meltdown described at OpenVPN's FAQ. I want to use UDP4. I tried using HMAC with tls-auth and tls-crypt but even after disabling HMAC, the TLS error persisted. Then I changed the cipher from AES-256-CBC to AES-256-GCM - still no luck. Back when I was using the TCP4 version everything worked - the Site-to-Site functionality and the DNS resolution across my networks - the only problem was dropping connections after some time which I could reestablish right away but still that is annoying. OpenVPN's HowTo recommends UDP. I downloaded from the forum the guide for OpenVPN (v1.74) and the troubleshooting guide - no luck. I was searching on the ?Internet and tried different things that didn't work.

OpenVPN Server: TP-Link TL-WR740N HW: v4.24 (openvpn binary and config are downloaded at runtime via scripts) with DD-WRT v3.0-r39290
OpenVPN Client: TP-LINK ARCHER C7 (native support for OpenVPN); HW: v2/v3; DD-WRT v3.0-r41659

Notice I removed any usage of tls-auth or tls-crypt as now I just want a working UDP4 connection.

Server config and log using AES-256-CBC:
Quote:
Code:
server 10.8.0.0 255.255.255.0
proto udp4
dev tun
user nobody
group nobody
persist-key
persist-tun
verb 8
log openvpn.log
ncp-disable
cipher AES-256-CBC
auth SHA256
;tls-cipher TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384
;key-direction 0
;tls-server

port 1194
push "route 192.168.7.0 255.255.255.0"
push "route 192.168.3.0 255.255.255.0"
push "route 192.168.4.0 255.255.255.0"
route 192.168.4.0 255.255.255.0
route 192.168.3.0 255.255.255.0
client-config-dir ccd
client-to-client
keepalive 60 300
max-clients 20
explicit-exit-notify 1

<ca>
...
</ca>

<cert>
...
</cert>

<key>
...
</key>

<dh>
...
</dh>

[b]LOG[/b]:

Fri Apr 10 21:23:38 2020 us=228084 OpenVPN 2.4.7 mips-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Fri Apr 10 21:23:38 2020 us=228390 library versions: OpenSSL 1.1.1f  31 Mar 2020, LZO 2.10
Fri Apr 10 21:23:38 2020 us=236996 Diffie-Hellman initialized with 2048 bit key
Fri Apr 10 21:23:38 2020 us=248398 TLS-Auth MTU parms [ L:1621 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Fri Apr 10 21:23:38 2020 us=254561 TUN/TAP device tun0 opened
Fri Apr 10 21:23:38 2020 us=254808 TUN/TAP TX queue length set to 100
Fri Apr 10 21:23:38 2020 us=255017 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Fri Apr 10 21:23:38 2020 us=265504 /sbin/ifconfig tun0 10.8.0.1 pointopoint 10.8.0.2 mtu 1500
Fri Apr 10 21:23:38 2020 us=272984 /sbin/route add -net 192.168.4.0 netmask 255.255.255.0 gw 10.8.0.2
Fri Apr 10 21:23:38 2020 us=298065 /sbin/route add -net 192.168.3.0 netmask 255.255.255.0 gw 10.8.0.2
Fri Apr 10 21:23:38 2020 us=303862 /sbin/route add -net 10.8.0.0 netmask 255.255.255.0 gw 10.8.0.2
Fri Apr 10 21:23:38 2020 us=310250 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
Fri Apr 10 21:23:38 2020 us=310839 Socket Buffers: R=[163840->163840] S=[163840->163840]
Fri Apr 10 21:23:38 2020 us=311090 UDPv4 link local (bound): [AF_INET][undef]:1194
Fri Apr 10 21:23:38 2020 us=311225 UDPv4 link remote: [AF_UNSPEC]
Fri Apr 10 21:23:38 2020 us=311376 GID set to nobody
Fri Apr 10 21:23:38 2020 us=311551 UID set to nobody
Fri Apr 10 21:23:38 2020 us=311716 MULTI: multi_init called, r=256 v=256
Fri Apr 10 21:23:38 2020 us=312097 IFCONFIG POOL: base=10.8.0.4 size=62, ipv6=0
Fri Apr 10 21:23:38 2020 us=312942 Initialization Sequence Completed
Fri Apr 10 21:26:12 2020 us=677302 MULTI: multi_create_instance called
Fri Apr 10 21:26:12 2020 us=678098 77.xx.xxx.248:27xxx Re-using SSL/TLS context
Fri Apr 10 21:26:12 2020 us=679835 77.xx.xxx.248:27xxx Control Channel MTU parms [ L:1621 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Fri Apr 10 21:26:12 2020 us=680058 77.xx.xxx.248:27xxx Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
Fri Apr 10 21:26:12 2020 us=680305 77.xx.xxx.248:27xxx crypto_adjust_frame_parameters: Adjusting frame parameters for crypto by 68 bytes
Fri Apr 10 21:26:12 2020 us=680421 77.xx.xxx.248:27xxx calc_options_string_link_mtu: link-mtu 1621 -> 1569
Fri Apr 10 21:26:12 2020 us=680813 77.xx.xxx.248:27xxx crypto_adjust_frame_parameters: Adjusting frame parameters for crypto by 68 bytes
Fri Apr 10 21:26:12 2020 us=680930 77.xx.xxx.248:27xxx calc_options_string_link_mtu: link-mtu 1621 -> 1569
Fri Apr 10 21:26:12 2020 us=681210 77.xx.xxx.248:27xxx Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1569,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA256,keysize 256,key-method 2,tls-server'
Fri Apr 10 21:26:12 2020 us=681333 77.xx.xxx.248:27xxx Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1569,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA256,keysize 256,key-method 2,tls-client'
Fri Apr 10 21:26:12 2020 us=681746 77.xx.xxx.248:27xxx UDPv4 READ [14] from [AF_INET]77.xx.xxx.248:27xxx: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
Fri Apr 10 21:26:12 2020 us=682001 77.xx.xxx.248:27xxx TLS: Initial packet from [AF_INET]77.xx.xxx.248:27xxx, sid=ab78149f 8bf831dc
Fri Apr 10 21:26:12 2020 us=682384 77.xx.xxx.248:27xxx UDPv4 WRITE [26] to [AF_INET]77.xx.xxx.248:27xxx: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 [ 0 ] pid=0 DATA len=0
Fri Apr 10 21:26:14 2020 us=836028 77.xx.xxx.248:27xxx UDPv4 READ [14] from [AF_INET]77.xx.xxx.248:27xxx: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
Fri Apr 10 21:26:14 2020 us=836533 77.xx.xxx.248:27xxx UDPv4 WRITE [26] to [AF_INET]77.xx.xxx.248:27xxx: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 [ 0 ] pid=0 DATA len=0
Fri Apr 10 21:26:18 2020 us=79510 77.xx.xxx.248:27xxx UDPv4 READ [14] from [AF_INET]77.xx.xxx.248:27xxx: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
Fri Apr 10 21:26:18 2020 us=79968 77.xx.xxx.248:27xxx UDPv4 WRITE [26] to [AF_INET]77.xx.xxx.248:27xxx: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 [ 0 ] pid=0 DATA len=0
Fri Apr 10 21:26:26 2020 us=879523 77.xx.xxx.248:27xxx UDPv4 READ [14] from [AF_INET]77.xx.xxx.248:27xxx: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
Fri Apr 10 21:26:26 2020 us=880088 77.xx.xxx.248:27xxx UDPv4 WRITE [26] to [AF_INET]77.xx.xxx.248:27xxx: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 [ 0 ] pid=0 DATA len=0
Fri Apr 10 21:26:42 2020 us=559342 77.xx.xxx.248:27xxx UDPv4 READ [14] from [AF_INET]77.xx.xxx.248:27xxx: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
Fri Apr 10 21:26:42 2020 us=559865 77.xx.xxx.248:27xxx UDPv4 WRITE [26] to [AF_INET]77.xx.xxx.248:27xxx: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 [ 0 ] pid=0 DATA len=0
Fri Apr 10 21:27:12 2020 us=625223 77.xx.xxx.248:27xxx TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Fri Apr 10 21:27:12 2020 us=625420 77.xx.xxx.248:27xxx TLS Error: TLS handshake failed
Fri Apr 10 21:27:12 2020 us=626605 77.xx.xxx.248:27xxx SIGUSR1[soft,tls-error] received, client-instance restarting
Fri Apr 10 21:32:12 2020 us=502521 MULTI: multi_create_instance called


Client config and log using AES-256-CBC:
Quote:
Code:
;tls-auth /tmp/openvpncl/ta.key
ca /tmp/openvpncl/ca.crt
cert /tmp/openvpncl/client.crt
key /tmp/openvpncl/client.key
client
proto udp4
dev tun
user nobody
group nobody
persist-key
persist-tun
verb 8
log openvpn.log
ncp-disable
cipher AES-256-CBC
auth SHA256
;tls-cipher TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384
;key-direction 1
;tls-client

remote xxxxxxxx.freeddns.org 27xxx
nobind
remote-cert-tls server
resolv-retry infinite
daemon
float
tun-mtu 1500
;auth-nocache

[b]LOG:[/b]
Fri Apr 10 20:59:40 2020 us=974994 Current Parameter Settings:
Fri Apr 10 20:59:40 2020 us=975209   config = 'openvpn.conf'
Fri Apr 10 20:59:40 2020 us=975284   mode = 0
Fri Apr 10 20:59:40 2020 us=975347   persist_config = DISABLED
Fri Apr 10 20:59:40 2020 us=975408   persist_mode = 1
Fri Apr 10 20:59:40 2020 us=975469   show_ciphers = DISABLED
Fri Apr 10 20:59:40 2020 us=975531   show_digests = DISABLED
Fri Apr 10 20:59:40 2020 us=975858   show_engines = DISABLED
Fri Apr 10 20:59:40 2020 us=975927   genkey = DISABLED
Fri Apr 10 20:59:40 2020 us=975989   key_pass_file = '[UNDEF]'
Fri Apr 10 20:59:40 2020 us=976051   show_tls_ciphers = DISABLED
Fri Apr 10 20:59:40 2020 us=976112   connect_retry_max = 0
Fri Apr 10 20:59:40 2020 us=976173 Connection profiles [0]:
Fri Apr 10 20:59:40 2020 us=976236   proto = udp4
Fri Apr 10 20:59:40 2020 us=976296   local = '[UNDEF]'
Fri Apr 10 20:59:40 2020 us=976358   local_port = '[UNDEF]'
Fri Apr 10 20:59:40 2020 us=976420   remote = 'xxxxxxx.freeddns.org'
Fri Apr 10 20:59:40 2020 us=976482   remote_port = '27xxx'
Fri Apr 10 20:59:40 2020 us=976543   remote_float = ENABLED
Fri Apr 10 20:59:40 2020 us=976604   bind_defined = DISABLED
Fri Apr 10 20:59:40 2020 us=976665   bind_local = DISABLED
Fri Apr 10 20:59:40 2020 us=976725   bind_ipv6_only = DISABLED
Fri Apr 10 20:59:40 2020 us=976786   connect_retry_seconds = 5
Fri Apr 10 20:59:40 2020 us=976848   connect_timeout = 120
Fri Apr 10 20:59:40 2020 us=976911   socks_proxy_server = '[UNDEF]'
Fri Apr 10 20:59:40 2020 us=977037   socks_proxy_port = '[UNDEF]'
Fri Apr 10 20:59:40 2020 us=977103   tun_mtu = 1500
Fri Apr 10 20:59:40 2020 us=977164   tun_mtu_defined = ENABLED
Fri Apr 10 20:59:40 2020 us=977250   link_mtu = 1500
Fri Apr 10 20:59:40 2020 us=977312   link_mtu_defined = DISABLED
Fri Apr 10 20:59:40 2020 us=977372   tun_mtu_extra = 0
Fri Apr 10 20:59:40 2020 us=977433   tun_mtu_extra_defined = DISABLED
Fri Apr 10 20:59:40 2020 us=977495   mtu_discover_type = -1
Fri Apr 10 20:59:40 2020 us=977555   fragment = 0
Fri Apr 10 20:59:40 2020 us=977616   mssfix = 1450
Fri Apr 10 20:59:40 2020 us=977676   explicit_exit_notification = 0
Fri Apr 10 20:59:40 2020 us=977736 Connection profiles END
Fri Apr 10 20:59:40 2020 us=977795   remote_random = DISABLED
Fri Apr 10 20:59:40 2020 us=977854   ipchange = '[UNDEF]'
Fri Apr 10 20:59:40 2020 us=977913   dev = 'tun'
Fri Apr 10 20:59:40 2020 us=977972   dev_type = '[UNDEF]'
Fri Apr 10 20:59:40 2020 us=978031   dev_node = '[UNDEF]'
Fri Apr 10 20:59:40 2020 us=978091   lladdr = '[UNDEF]'
Fri Apr 10 20:59:40 2020 us=978150   topology = 1
Fri Apr 10 20:59:40 2020 us=978209   ifconfig_local = '[UNDEF]'
Fri Apr 10 20:59:40 2020 us=978270   ifconfig_remote_netmask = '[UNDEF]'
Fri Apr 10 20:59:40 2020 us=978328   ifconfig_noexec = DISABLED
Fri Apr 10 20:59:40 2020 us=978387   ifconfig_nowarn = DISABLED
Fri Apr 10 20:59:40 2020 us=978446   ifconfig_ipv6_local = '[UNDEF]'
Fri Apr 10 20:59:40 2020 us=978505   ifconfig_ipv6_netbits = 0
Fri Apr 10 20:59:40 2020 us=978564   ifconfig_ipv6_remote = '[UNDEF]'
Fri Apr 10 20:59:40 2020 us=978624   shaper = 0
Fri Apr 10 20:59:40 2020 us=978682   mtu_test = 0
Fri Apr 10 20:59:40 2020 us=978741   mlock = DISABLED
Fri Apr 10 20:59:40 2020 us=978802   keepalive_ping = 0
Fri Apr 10 20:59:40 2020 us=978861   keepalive_timeout = 0
Fri Apr 10 20:59:40 2020 us=978923   inactivity_timeout = 0
Fri Apr 10 20:59:40 2020 us=978983   ping_send_timeout = 0
Fri Apr 10 20:59:40 2020 us=979042   ping_rec_timeout = 0
Fri Apr 10 20:59:40 2020 us=979101   ping_rec_timeout_action = 0
Fri Apr 10 20:59:40 2020 us=979161   ping_timer_remote = DISABLED
Fri Apr 10 20:59:40 2020 us=979221   remap_sigusr1 = 0
Fri Apr 10 20:59:40 2020 us=979280   persist_tun = ENABLED
Fri Apr 10 20:59:40 2020 us=979339   persist_local_ip = DISABLED
Fri Apr 10 20:59:40 2020 us=979398   persist_remote_ip = DISABLED
Fri Apr 10 20:59:40 2020 us=979457   persist_key = ENABLED
Fri Apr 10 20:59:40 2020 us=979516   passtos = DISABLED
Fri Apr 10 20:59:40 2020 us=979624   resolve_retry_seconds = 1000000000
Fri Apr 10 20:59:40 2020 us=979698   resolve_in_advance = DISABLED
Fri Apr 10 20:59:40 2020 us=979781   username = 'nobody'
Fri Apr 10 20:59:40 2020 us=979843   groupname = 'nobody'
Fri Apr 10 20:59:40 2020 us=979902   chroot_dir = '[UNDEF]'
Fri Apr 10 20:59:40 2020 us=979963   cd_dir = '[UNDEF]'
Fri Apr 10 20:59:40 2020 us=980022   writepid = '[UNDEF]'
Fri Apr 10 20:59:40 2020 us=980082   up_script = '[UNDEF]'
Fri Apr 10 20:59:40 2020 us=980142   down_script = '[UNDEF]'
Fri Apr 10 20:59:40 2020 us=980202   down_pre = DISABLED
Fri Apr 10 20:59:40 2020 us=980261   up_restart = DISABLED
Fri Apr 10 20:59:40 2020 us=980320   up_delay = DISABLED
Fri Apr 10 20:59:40 2020 us=980379   daemon = ENABLED
Fri Apr 10 20:59:40 2020 us=980438   inetd = 0
Fri Apr 10 20:59:40 2020 us=980496   log = ENABLED
Fri Apr 10 20:59:40 2020 us=980555   suppress_timestamps = DISABLED
Fri Apr 10 20:59:40 2020 us=980615   machine_readable_output = DISABLED
Fri Apr 10 20:59:40 2020 us=980674   nice = 0
Fri Apr 10 20:59:40 2020 us=980732   verbosity = 8
Fri Apr 10 20:59:40 2020 us=980791   mute = 0
Fri Apr 10 20:59:40 2020 us=980849   status_file = '[UNDEF]'
Fri Apr 10 20:59:40 2020 us=980908   status_file_version = 1
Fri Apr 10 20:59:40 2020 us=980967   status_file_update_freq = 60
Fri Apr 10 20:59:40 2020 us=981027   occ = ENABLED
Fri Apr 10 20:59:40 2020 us=981085   rcvbuf = 0
Fri Apr 10 20:59:40 2020 us=981143   sndbuf = 0
Fri Apr 10 20:59:40 2020 us=981200   mark = 0
Fri Apr 10 20:59:40 2020 us=981258   sockflags = 0
Fri Apr 10 20:59:40 2020 us=981315   fast_io = DISABLED
Fri Apr 10 20:59:40 2020 us=981374   comp.alg = 0
Fri Apr 10 20:59:40 2020 us=981431   comp.flags = 0
Fri Apr 10 20:59:40 2020 us=981491   route_script = '[UNDEF]'
Fri Apr 10 20:59:40 2020 us=981553   route_default_gateway = '[UNDEF]'
Fri Apr 10 20:59:40 2020 us=981614   route_default_metric = 0
Fri Apr 10 20:59:40 2020 us=981674   route_noexec = DISABLED
Fri Apr 10 20:59:40 2020 us=981735   route_delay = 0
Fri Apr 10 20:59:40 2020 us=981796   route_delay_window = 30
Fri Apr 10 20:59:40 2020 us=981857   route_delay_defined = DISABLED
Fri Apr 10 20:59:40 2020 us=981919   route_nopull = DISABLED
Fri Apr 10 20:59:40 2020 us=981981   route_gateway_via_dhcp = DISABLED
Fri Apr 10 20:59:40 2020 us=982042   allow_pull_fqdn = DISABLED
Fri Apr 10 20:59:40 2020 us=982104   management_addr = '[UNDEF]'
Fri Apr 10 20:59:40 2020 us=986391   management_port = '[UNDEF]'
Fri Apr 10 20:59:40 2020 us=986477   management_user_pass = '[UNDEF]'
Fri Apr 10 20:59:40 2020 us=986540   management_log_history_cache = 250
Fri Apr 10 20:59:40 2020 us=986601   management_echo_buffer_size = 100
Fri Apr 10 20:59:40 2020 us=986664   management_write_peer_info_file = '[UNDEF]'
Fri Apr 10 20:59:40 2020 us=986726   management_client_user = '[UNDEF]'
Fri Apr 10 20:59:40 2020 us=986787   management_client_group = '[UNDEF]'
Fri Apr 10 20:59:40 2020 us=986849   management_flags = 0
Fri Apr 10 20:59:40 2020 us=986908   shared_secret_file = '[UNDEF]'
Fri Apr 10 20:59:40 2020 us=986971   key_direction = not set
Fri Apr 10 20:59:40 2020 us=987031   ciphername = 'AES-256-CBC'
Fri Apr 10 20:59:40 2020 us=987091   ncp_enabled = DISABLED
Fri Apr 10 20:59:40 2020 us=987151   ncp_ciphers = 'AES-256-GCM:AES-128-GCM'
Fri Apr 10 20:59:40 2020 us=987213   authname = 'SHA256'
Fri Apr 10 20:59:40 2020 us=987275   prng_hash = 'SHA1'
Fri Apr 10 20:59:40 2020 us=987336   prng_nonce_secret_len = 16
Fri Apr 10 20:59:40 2020 us=987397   keysize = 0
Fri Apr 10 20:59:40 2020 us=987457   engine = DISABLED
Fri Apr 10 20:59:40 2020 us=987517   replay = ENABLED
Fri Apr 10 20:59:40 2020 us=987577   mute_replay_warnings = DISABLED
Fri Apr 10 20:59:40 2020 us=987637   replay_window = 64
Fri Apr 10 20:59:40 2020 us=987697   replay_time = 15
Fri Apr 10 20:59:40 2020 us=987757   packet_id_file = '[UNDEF]'
Fri Apr 10 20:59:40 2020 us=987818   use_iv = ENABLED
Fri Apr 10 20:59:40 2020 us=987878   test_crypto = DISABLED
Fri Apr 10 20:59:40 2020 us=987939   tls_server = DISABLED
Fri Apr 10 20:59:40 2020 us=988001   tls_client = ENABLED
Fri Apr 10 20:59:40 2020 us=988061   key_method = 2
Fri Apr 10 20:59:40 2020 us=988151   ca_file = '/tmp/openvpncl/ca.crt'
Fri Apr 10 20:59:40 2020 us=988215   ca_path = '[UNDEF]'
Fri Apr 10 20:59:40 2020 us=988276   dh_file = '[UNDEF]'
Fri Apr 10 20:59:40 2020 us=988337   cert_file = '/tmp/openvpncl/client.crt'
Fri Apr 10 20:59:40 2020 us=988398   extra_certs_file = '[UNDEF]'
Fri Apr 10 20:59:40 2020 us=988459   priv_key_file = '/tmp/openvpncl/client.key'
Fri Apr 10 20:59:40 2020 us=988520   pkcs12_file = '[UNDEF]'
Fri Apr 10 20:59:40 2020 us=988581   cipher_list = '[UNDEF]'
Fri Apr 10 20:59:40 2020 us=988641   cipher_list_tls13 = '[UNDEF]'
Fri Apr 10 20:59:40 2020 us=988702   tls_cert_profile = '[UNDEF]'
Fri Apr 10 20:59:40 2020 us=988763   tls_verify = '[UNDEF]'
Fri Apr 10 20:59:40 2020 us=988824   tls_export_cert = '[UNDEF]'
Fri Apr 10 20:59:40 2020 us=988885   verify_x509_type = 0
Fri Apr 10 20:59:40 2020 us=988946   verify_x509_name = '[UNDEF]'
Fri Apr 10 20:59:40 2020 us=989006   crl_file = '[UNDEF]'
Fri Apr 10 20:59:40 2020 us=989068   ns_cert_type = 0
Fri Apr 10 20:59:40 2020 us=989129   remote_cert_ku[i] = 65535
Fri Apr 10 20:59:40 2020 us=989191   remote_cert_ku[i] = 0
Fri Apr 10 20:59:40 2020 us=989253   remote_cert_ku[i] = 0
Fri Apr 10 20:59:40 2020 us=989315   remote_cert_ku[i] = 0
Fri Apr 10 20:59:40 2020 us=989375   remote_cert_ku[i] = 0
Fri Apr 10 20:59:40 2020 us=989437   remote_cert_ku[i] = 0
Fri Apr 10 20:59:40 2020 us=989498   remote_cert_ku[i] = 0
Fri Apr 10 20:59:40 2020 us=989560   remote_cert_ku[i] = 0
Fri Apr 10 20:59:40 2020 us=989621   remote_cert_ku[i] = 0
Fri Apr 10 20:59:40 2020 us=989681   remote_cert_ku[i] = 0
Fri Apr 10 20:59:40 2020 us=989741   remote_cert_ku[i] = 0
Fri Apr 10 20:59:40 2020 us=989802   remote_cert_ku[i] = 0
Fri Apr 10 20:59:40 2020 us=989864   remote_cert_ku[i] = 0
Fri Apr 10 20:59:40 2020 us=989926   remote_cert_ku[i] = 0
Fri Apr 10 20:59:40 2020 us=989987   remote_cert_ku[i] = 0
Fri Apr 10 20:59:40 2020 us=990049   remote_cert_ku[i] = 0
Fri Apr 10 20:59:40 2020 us=990112   remote_cert_eku = 'TLS Web Server Authentication'
Fri Apr 10 20:59:40 2020 us=990173   ssl_flags = 0
Fri Apr 10 20:59:40 2020 us=990233   tls_timeout = 2
Fri Apr 10 20:59:40 2020 us=990293   renegotiate_bytes = -1
Fri Apr 10 20:59:40 2020 us=990353   renegotiate_packets = 0
Fri Apr 10 20:59:40 2020 us=990415   renegotiate_seconds = 3600
Fri Apr 10 20:59:40 2020 us=990477   handshake_window = 60
Fri Apr 10 20:59:40 2020 us=990537   transition_window = 3600
Fri Apr 10 20:59:40 2020 us=990599   single_session = DISABLED
Fri Apr 10 20:59:40 2020 us=990661   push_peer_info = DISABLED
Fri Apr 10 20:59:40 2020 us=990722   tls_exit = DISABLED
Fri Apr 10 20:59:40 2020 us=990782   tls_auth_file = '[UNDEF]'
Fri Apr 10 20:59:40 2020 us=990843   tls_crypt_file = '[UNDEF]'
Fri Apr 10 20:59:40 2020 us=990917   server_network = 0.0.0.0
Fri Apr 10 20:59:40 2020 us=990989   server_netmask = 0.0.0.0
Fri Apr 10 20:59:40 2020 us=991072   server_network_ipv6 = ::
Fri Apr 10 20:59:40 2020 us=991136   server_netbits_ipv6 = 0
Fri Apr 10 20:59:40 2020 us=991208   server_bridge_ip = 0.0.0.0
Fri Apr 10 20:59:40 2020 us=991282   server_bridge_netmask = 0.0.0.0
Fri Apr 10 20:59:40 2020 us=991356   server_bridge_pool_start = 0.0.0.0
Fri Apr 10 20:59:40 2020 us=991430   server_bridge_pool_end = 0.0.0.0
Fri Apr 10 20:59:40 2020 us=991495   ifconfig_pool_defined = DISABLED
Fri Apr 10 20:59:40 2020 us=991569   ifconfig_pool_start = 0.0.0.0
Fri Apr 10 20:59:40 2020 us=991644   ifconfig_pool_end = 0.0.0.0
Fri Apr 10 20:59:40 2020 us=991718   ifconfig_pool_netmask = 0.0.0.0
Fri Apr 10 20:59:40 2020 us=991783   ifconfig_pool_persist_filename = '[UNDEF]'
Fri Apr 10 20:59:40 2020 us=991846   ifconfig_pool_persist_refresh_freq = 600
Fri Apr 10 20:59:40 2020 us=991909   ifconfig_ipv6_pool_defined = DISABLED
Fri Apr 10 20:59:40 2020 us=991989   ifconfig_ipv6_pool_base = ::
Fri Apr 10 20:59:40 2020 us=992054   ifconfig_ipv6_pool_netbits = 0
Fri Apr 10 20:59:40 2020 us=992116   n_bcast_buf = 256
Fri Apr 10 20:59:40 2020 us=992222   tcp_queue_limit = 64
Fri Apr 10 20:59:40 2020 us=992292   real_hash_size = 256
Fri Apr 10 20:59:40 2020 us=992383   virtual_hash_size = 256
Fri Apr 10 20:59:40 2020 us=992448   client_connect_script = '[UNDEF]'
Fri Apr 10 20:59:40 2020 us=992511   learn_address_script = '[UNDEF]'
Fri Apr 10 20:59:40 2020 us=992575   client_disconnect_script = '[UNDEF]'
Fri Apr 10 20:59:40 2020 us=992638   client_config_dir = '[UNDEF]'
Fri Apr 10 20:59:40 2020 us=992700   ccd_exclusive = DISABLED
Fri Apr 10 20:59:40 2020 us=992763   tmp_dir = '/tmp'
Fri Apr 10 20:59:40 2020 us=992825   push_ifconfig_defined = DISABLED
Fri Apr 10 20:59:40 2020 us=992898   push_ifconfig_local = 0.0.0.0
Fri Apr 10 20:59:40 2020 us=992970   push_ifconfig_remote_netmask = 0.0.0.0
Fri Apr 10 20:59:40 2020 us=993032   push_ifconfig_ipv6_defined = DISABLED
Fri Apr 10 20:59:40 2020 us=993114   push_ifconfig_ipv6_local = ::/0
Fri Apr 10 20:59:40 2020 us=993192   push_ifconfig_ipv6_remote = ::
Fri Apr 10 20:59:40 2020 us=993253   enable_c2c = DISABLED
Fri Apr 10 20:59:40 2020 us=993314   duplicate_cn = DISABLED
Fri Apr 10 20:59:40 2020 us=993374   cf_max = 0
Fri Apr 10 20:59:40 2020 us=993434   cf_per = 0
Fri Apr 10 20:59:40 2020 us=993493   max_clients = 1024
Fri Apr 10 20:59:40 2020 us=993554   max_routes_per_client = 256
Fri Apr 10 20:59:40 2020 us=993616   auth_user_pass_verify_script = '[UNDEF]'
Fri Apr 10 20:59:40 2020 us=993677   auth_user_pass_verify_script_via_file = DISABLED
Fri Apr 10 20:59:40 2020 us=993737   auth_token_generate = DISABLED
Fri Apr 10 20:59:40 2020 us=993797   auth_token_lifetime = 0
Fri Apr 10 20:59:40 2020 us=993857   port_share_host = '[UNDEF]'
Fri Apr 10 20:59:40 2020 us=993917   port_share_port = '[UNDEF]'
Fri Apr 10 20:59:40 2020 us=993977   client = ENABLED
Fri Apr 10 20:59:40 2020 us=994036   pull = ENABLED
Fri Apr 10 20:59:40 2020 us=994096   auth_user_pass_file = '[UNDEF]'
Fri Apr 10 20:59:40 2020 us=994163 OpenVPN 2.4.7 mips-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Dec  3 2019
Fri Apr 10 20:59:40 2020 us=994229 library versions: OpenSSL 1.1.1d  10 Sep 2019, LZO 2.09
Fri Apr 10 20:59:41 2020 us=6215 Control Channel MTU parms [ L:1621 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Fri Apr 10 20:59:41 2020 us=231846 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
Fri Apr 10 20:59:41 2020 us=232031 crypto_adjust_frame_parameters: Adjusting frame parameters for crypto by 68 bytes
Fri Apr 10 20:59:41 2020 us=232095 calc_options_string_link_mtu: link-mtu 1621 -> 1569
Fri Apr 10 20:59:41 2020 us=232319 crypto_adjust_frame_parameters: Adjusting frame parameters for crypto by 68 bytes
Fri Apr 10 20:59:41 2020 us=232388 calc_options_string_link_mtu: link-mtu 1621 -> 1569
Fri Apr 10 20:59:41 2020 us=232512 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1569,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA256,keysize 256,key-method 2,tls-client'
Fri Apr 10 20:59:41 2020 us=232575 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1569,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA256,keysize 256,key-method 2,tls-server'
Fri Apr 10 20:59:41 2020 us=232819 TCP/UDP: Preserving recently used remote address: [AF_INET]85.xxx.xxx.114:27xxx
Fri Apr 10 20:59:41 2020 us=232932 Socket Buffers: R=[172032->172032] S=[172032->172032]
Fri Apr 10 20:59:41 2020 us=232999 UDPv4 link local: (not bound)
Fri Apr 10 20:59:41 2020 us=233080 UDPv4 link remote: [AF_INET]85.xxx.xxx.114:27xxx
Fri Apr 10 20:59:41 2020 us=233141 NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
Fri Apr 10 20:59:41 2020 us=233380 UDPv4 WRITE [14] to [AF_INET]85.xxx.xxx.114:27xxx: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
Fri Apr 10 20:59:43 2020 us=442371 UDPv4 WRITE [14] to [AF_INET]85.xxx.xxx.114:27xxx: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
Fri Apr 10 20:59:47 2020 us=855541 UDPv4 WRITE [14] to [AF_INET]85.xxx.xxx.114:27xxx: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
Fri Apr 10 20:59:55 2020 us=341892 UDPv4 WRITE [14] to [AF_INET]85.xxx.xxx.114:27xxx: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
Fri Apr 10 21:00:11 2020 us=336226 UDPv4 WRITE [14] to [AF_INET]85.xxx.xxx.114:27xxx: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
Fri Apr 10 21:00:41 2020 us=170048 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Fri Apr 10 21:00:41 2020 us=170153 TLS Error: TLS handshake failed
Fri Apr 10 21:00:41 2020 us=171012 TCP/UDP: Closing socket
Fri Apr 10 21:00:41 2020 us=171170 SIGUSR1[soft,tls-error] received, process restarting
Fri Apr 10 21:00:41 2020 us=171282 Restart pause, 5 second(s)
Fri Apr 10 21:00:46 2020 us=171451 Re-using SSL/TLS context
Fri Apr 10 21:00:46 2020 us=172217 Control Channel MTU parms [ L:1621 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Fri Apr 10 21:00:46 2020 us=173206 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]


Then I tried using the GCM version of the cipher:
Server config and log using AES-256-GCM:
Quote:
Code:
server 10.8.0.0 255.255.255.0
proto udp4
dev tun
user nobody
group nobody
persist-key
persist-tun
verb 8
log openvpn.log
ncp-disable
cipher AES-256-GCM
auth SHA256
;tls-cipher TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384
;key-direction 0
;tls-server

port 1194
push "route 192.168.7.0 255.255.255.0"
push "route 192.168.3.0 255.255.255.0"
push "route 192.168.4.0 255.255.255.0"
route 192.168.4.0 255.255.255.0
route 192.168.3.0 255.255.255.0
client-config-dir ccd
client-to-client
keepalive 60 300
max-clients 20
explicit-exit-notify 1

<ca>
...
</ca>

<cert>
...
</cert>

<key>
...
</key>

<dh>
...
</dh>

Fri Apr 10 21:59:19 2020 us=342109 OpenVPN 2.4.7 mips-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Fri Apr 10 21:59:19 2020 us=342367 library versions: OpenSSL 1.1.1f  31 Mar 2020, LZO 2.10
Fri Apr 10 21:59:19 2020 us=351375 Diffie-Hellman initialized with 2048 bit key
Fri Apr 10 21:59:19 2020 us=362902 TLS-Auth MTU parms [ L:1621 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Fri Apr 10 21:59:19 2020 us=368721 TUN/TAP device tun0 opened
Fri Apr 10 21:59:19 2020 us=368967 TUN/TAP TX queue length set to 100
Fri Apr 10 21:59:19 2020 us=369171 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Fri Apr 10 21:59:19 2020 us=369464 /sbin/ifconfig tun0 10.8.0.1 pointopoint 10.8.0.2 mtu 1500
Fri Apr 10 21:59:19 2020 us=386998 /sbin/route add -net 192.168.4.0 netmask 255.255.255.0 gw 10.8.0.2
Fri Apr 10 21:59:19 2020 us=402876 /sbin/route add -net 192.168.3.0 netmask 255.255.255.0 gw 10.8.0.2
Fri Apr 10 21:59:19 2020 us=408816 /sbin/route add -net 10.8.0.0 netmask 255.255.255.0 gw 10.8.0.2
Fri Apr 10 21:59:19 2020 us=425570 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
Fri Apr 10 21:59:19 2020 us=426147 Socket Buffers: R=[163840->163840] S=[163840->163840]
Fri Apr 10 21:59:19 2020 us=426387 UDPv4 link local (bound): [AF_INET][undef]:1194
Fri Apr 10 21:59:19 2020 us=426518 UDPv4 link remote: [AF_UNSPEC]
Fri Apr 10 21:59:19 2020 us=426670 GID set to nobody
Fri Apr 10 21:59:19 2020 us=426842 UID set to nobody
Fri Apr 10 21:59:19 2020 us=427008 MULTI: multi_init called, r=256 v=256
Fri Apr 10 21:59:19 2020 us=427429 IFCONFIG POOL: base=10.8.0.4 size=62, ipv6=0
Fri Apr 10 21:59:19 2020 us=428077 Initialization Sequence Completed
Fri Apr 10 22:02:12 2020 us=424555 MULTI: multi_create_instance called
Fri Apr 10 22:02:12 2020 us=425360 77.xx.xxx.248:26xxx Re-using SSL/TLS context
Fri Apr 10 22:02:12 2020 us=427304 77.xx.xxx.248:26xxx Control Channel MTU parms [ L:1621 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Fri Apr 10 22:02:12 2020 us=427525 77.xx.xxx.248:26xxx Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
Fri Apr 10 22:02:12 2020 us=427755 77.xx.xxx.248:26xxx crypto_adjust_frame_parameters: Adjusting frame parameters for crypto by 48 bytes
Fri Apr 10 22:02:12 2020 us=427869 77.xx.xxx.248:26xxx calc_options_string_link_mtu: link-mtu 1621 -> 1549
Fri Apr 10 22:02:12 2020 us=428240 77.xx.xxx.248:26xxx crypto_adjust_frame_parameters: Adjusting frame parameters for crypto by 48 bytes
Fri Apr 10 22:02:12 2020 us=428361 77.xx.xxx.248:26xxx calc_options_string_link_mtu: link-mtu 1621 -> 1549
Fri Apr 10 22:02:12 2020 us=428630 77.xx.xxx.248:26xxx Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1549,tun-mtu 1500,proto UDPv4,cipher AES-256-GCM,auth [null-digest],keysize 256,key-method 2,tls-server'
Fri Apr 10 22:02:12 2020 us=428754 77.xx.xxx.248:26xxx Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1549,tun-mtu 1500,proto UDPv4,cipher AES-256-GCM,auth [null-digest],keysize 256,key-method 2,tls-client'
Fri Apr 10 22:02:12 2020 us=429161 77.xx.xxx.248:26xxx UDPv4 READ [14] from [AF_INET]77.xx.xxx.248:26xxx: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
Fri Apr 10 22:02:12 2020 us=429415 77.xx.xxx.248:26xxx TLS: Initial packet from [AF_INET]77.xx.xxx.248:26xxx, sid=523dc60a 4ee378d3
Fri Apr 10 22:02:12 2020 us=429827 77.xx.xxx.248:26xxx UDPv4 WRITE [26] to [AF_INET]77.xx.xxx.248:26xxx: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 [ 0 ] pid=0 DATA len=0
Fri Apr 10 22:02:14 2020 us=650305 77.xx.xxx.248:26xxx UDPv4 WRITE [14] to [AF_INET]77.xx.xxx.248:26xxx: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 [ ] pid=0 DATA len=0
Fri Apr 10 22:02:14 2020 us=748655 77.xx.xxx.248:26xxx UDPv4 READ [14] from [AF_INET]77.xx.xxx.248:26xxx: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
Fri Apr 10 22:02:14 2020 us=749167 77.xx.xxx.248:26xxx UDPv4 WRITE [22] to [AF_INET]77.xx.xxx.248:26xxx: P_ACK_V1 kid=0 [ 0 ]
Fri Apr 10 22:02:18 2020 us=228775 77.xx.xxx.248:26xxx UDPv4 READ [14] from [AF_INET]77.xx.xxx.248:26xxx: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
Fri Apr 10 22:02:18 2020 us=229231 77.xx.xxx.248:26xxx UDPv4 WRITE [26] to [AF_INET]77.xx.xxx.248:26xxx: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 [ 0 ] pid=0 DATA len=0
Fri Apr 10 22:02:26 2020 us=81783 77.xx.xxx.248:26xxx UDPv4 READ [14] from [AF_INET]77.xx.xxx.248:26xxx: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
Fri Apr 10 22:02:26 2020 us=82239 77.xx.xxx.248:26xxx UDPv4 WRITE [26] to [AF_INET]77.xx.xxx.248:26xxx: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 [ 0 ] pid=0 DATA len=0
Fri Apr 10 22:02:42 2020 us=580377 77.xx.xxx.248:26xxx UDPv4 WRITE [14] to [AF_INET]77.xx.xxx.248:26xxx: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 [ ] pid=0 DATA len=0
Fri Apr 10 22:02:42 2020 us=631535 77.xx.xxx.248:26xxx UDPv4 READ [14] from [AF_INET]77.xx.xxx.248:26xxx: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
Fri Apr 10 22:02:42 2020 us=632045 77.xx.xxx.248:26xxx UDPv4 WRITE [22] to [AF_INET]77.xx.xxx.248:26xxx: P_ACK_V1 kid=0 [ 0 ]
Fri Apr 10 22:03:12 2020 us=510155 77.xx.xxx.248:26xxx TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Fri Apr 10 22:03:12 2020 us=510353 77.xx.xxx.248:26xxx TLS Error: TLS handshake failed
Fri Apr 10 22:03:12 2020 us=511553 77.xx.xxx.248:26xxx SIGUSR1[soft,tls-error] received, client-instance restarting
Fri Apr 10 22:08:12 2020 us=662648 MULTI: multi_create_instance called


Client config and log using AES-256-GCM cipher:
Quote:
Code:
;tls-auth /tmp/openvpncl/ta.key
ca /tmp/openvpncl/ca.crt
cert /tmp/openvpncl/client.crt
key /tmp/openvpncl/client.key
client
proto udp4
dev tun
user nobody
group nobody
persist-key
persist-tun
verb 8
log openvpn.log
ncp-disable
cipher AES-256-GCM
auth SHA256
;tls-cipher TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384
;key-direction 1
;tls-client

remote xxxxxx.freeddns.org 27xxx
nobind
remote-cert-tls server
resolv-retry infinite
daemon
float
tun-mtu 1500
;auth-nocache

Fri Apr 10 23:20:54 2020 us=853020 Current Parameter Settings:
Fri Apr 10 23:20:54 2020 us=853384   config = 'openvpn.conf'
Fri Apr 10 23:20:54 2020 us=853471   mode = 0
Fri Apr 10 23:20:54 2020 us=853532   persist_config = DISABLED
Fri Apr 10 23:20:54 2020 us=853593   persist_mode = 1
Fri Apr 10 23:20:54 2020 us=853653   show_ciphers = DISABLED
Fri Apr 10 23:20:54 2020 us=853713   show_digests = DISABLED
Fri Apr 10 23:20:54 2020 us=853773   show_engines = DISABLED
Fri Apr 10 23:20:54 2020 us=853833   genkey = DISABLED
Fri Apr 10 23:20:54 2020 us=853894   key_pass_file = '[UNDEF]'
Fri Apr 10 23:20:54 2020 us=854354   show_tls_ciphers = DISABLED
Fri Apr 10 23:20:54 2020 us=854461   connect_retry_max = 0
Fri Apr 10 23:20:54 2020 us=854524 Connection profiles [0]:
Fri Apr 10 23:20:54 2020 us=854586   proto = udp4
Fri Apr 10 23:20:54 2020 us=854646   local = '[UNDEF]'
Fri Apr 10 23:20:54 2020 us=854707   local_port = '[UNDEF]'
Fri Apr 10 23:20:54 2020 us=854767   remote = 'xxxxxxx.freeddns.org'
Fri Apr 10 23:20:54 2020 us=854828   remote_port = '27xxx'
Fri Apr 10 23:20:54 2020 us=854888   remote_float = ENABLED
Fri Apr 10 23:20:54 2020 us=854947   bind_defined = DISABLED
Fri Apr 10 23:20:54 2020 us=855006   bind_local = DISABLED
Fri Apr 10 23:20:54 2020 us=855066   bind_ipv6_only = DISABLED
Fri Apr 10 23:20:54 2020 us=855125   connect_retry_seconds = 5
Fri Apr 10 23:20:54 2020 us=855185   connect_timeout = 120
Fri Apr 10 23:20:54 2020 us=855246   socks_proxy_server = '[UNDEF]'
Fri Apr 10 23:20:54 2020 us=855308   socks_proxy_port = '[UNDEF]'
Fri Apr 10 23:20:54 2020 us=855367   tun_mtu = 1500
Fri Apr 10 23:20:54 2020 us=855428   tun_mtu_defined = ENABLED
Fri Apr 10 23:20:54 2020 us=855488   link_mtu = 1500
Fri Apr 10 23:20:54 2020 us=855547   link_mtu_defined = DISABLED
Fri Apr 10 23:20:54 2020 us=855607   tun_mtu_extra = 0
Fri Apr 10 23:20:54 2020 us=855666   tun_mtu_extra_defined = DISABLED
Fri Apr 10 23:20:54 2020 us=855728   mtu_discover_type = -1
Fri Apr 10 23:20:54 2020 us=855787   fragment = 0
Fri Apr 10 23:20:54 2020 us=855846   mssfix = 1450
Fri Apr 10 23:20:54 2020 us=855906   explicit_exit_notification = 0
Fri Apr 10 23:20:54 2020 us=855965 Connection profiles END
Fri Apr 10 23:20:54 2020 us=856025   remote_random = DISABLED
Fri Apr 10 23:20:54 2020 us=856084   ipchange = '[UNDEF]'
Fri Apr 10 23:20:54 2020 us=856143   dev = 'tun'
Fri Apr 10 23:20:54 2020 us=856202   dev_type = '[UNDEF]'
Fri Apr 10 23:20:54 2020 us=856262   dev_node = '[UNDEF]'
Fri Apr 10 23:20:54 2020 us=856322   lladdr = '[UNDEF]'
Fri Apr 10 23:20:54 2020 us=856381   topology = 1
Fri Apr 10 23:20:54 2020 us=856440   ifconfig_local = '[UNDEF]'
Fri Apr 10 23:20:54 2020 us=856500   ifconfig_remote_netmask = '[UNDEF]'
Fri Apr 10 23:20:54 2020 us=856560   ifconfig_noexec = DISABLED
Fri Apr 10 23:20:54 2020 us=856619   ifconfig_nowarn = DISABLED
Fri Apr 10 23:20:54 2020 us=856678   ifconfig_ipv6_local = '[UNDEF]'
Fri Apr 10 23:20:54 2020 us=856736   ifconfig_ipv6_netbits = 0
Fri Apr 10 23:20:54 2020 us=856795   ifconfig_ipv6_remote = '[UNDEF]'
Fri Apr 10 23:20:54 2020 us=856853   shaper = 0
Fri Apr 10 23:20:54 2020 us=856912   mtu_test = 0
Fri Apr 10 23:20:54 2020 us=856971   mlock = DISABLED
Fri Apr 10 23:20:54 2020 us=857030   keepalive_ping = 0
Fri Apr 10 23:20:54 2020 us=857145   keepalive_timeout = 0
Fri Apr 10 23:20:54 2020 us=857217   inactivity_timeout = 0
Fri Apr 10 23:20:54 2020 us=857277   ping_send_timeout = 0
Fri Apr 10 23:20:54 2020 us=857337   ping_rec_timeout = 0
Fri Apr 10 23:20:54 2020 us=857398   ping_rec_timeout_action = 0
Fri Apr 10 23:20:54 2020 us=857457   ping_timer_remote = DISABLED
Fri Apr 10 23:20:54 2020 us=857518   remap_sigusr1 = 0
Fri Apr 10 23:20:54 2020 us=857578   persist_tun = ENABLED
Fri Apr 10 23:20:54 2020 us=857638   persist_local_ip = DISABLED
Fri Apr 10 23:20:54 2020 us=857697   persist_remote_ip = DISABLED
Fri Apr 10 23:20:54 2020 us=857757   persist_key = ENABLED
Fri Apr 10 23:20:54 2020 us=857816   passtos = DISABLED
Fri Apr 10 23:20:54 2020 us=857920   resolve_retry_seconds = 1000000000
Fri Apr 10 23:20:54 2020 us=857992   resolve_in_advance = DISABLED
Fri Apr 10 23:20:54 2020 us=858078   username = 'nobody'
Fri Apr 10 23:20:54 2020 us=858140   groupname = 'nobody'
Fri Apr 10 23:20:54 2020 us=858198   chroot_dir = '[UNDEF]'
Fri Apr 10 23:20:54 2020 us=858259   cd_dir = '[UNDEF]'
Fri Apr 10 23:20:54 2020 us=858359   writepid = '[UNDEF]'
Fri Apr 10 23:20:54 2020 us=858420   up_script = '[UNDEF]'
Fri Apr 10 23:20:54 2020 us=858481   down_script = '[UNDEF]'
Fri Apr 10 23:20:54 2020 us=858540   down_pre = DISABLED
Fri Apr 10 23:20:54 2020 us=858599   up_restart = DISABLED
Fri Apr 10 23:20:54 2020 us=858659   up_delay = DISABLED
Fri Apr 10 23:20:54 2020 us=858718   daemon = ENABLED
Fri Apr 10 23:20:54 2020 us=858777   inetd = 0
Fri Apr 10 23:20:54 2020 us=858836   log = ENABLED
Fri Apr 10 23:20:54 2020 us=858895   suppress_timestamps = DISABLED
Fri Apr 10 23:20:54 2020 us=858955   machine_readable_output = DISABLED
Fri Apr 10 23:20:54 2020 us=859015   nice = 0
Fri Apr 10 23:20:54 2020 us=859074   verbosity = 8
Fri Apr 10 23:20:54 2020 us=859134   mute = 0
Fri Apr 10 23:20:54 2020 us=859193   status_file = '[UNDEF]'
Fri Apr 10 23:20:54 2020 us=859252   status_file_version = 1
Fri Apr 10 23:20:54 2020 us=859312   status_file_update_freq = 60
Fri Apr 10 23:20:54 2020 us=859372   occ = ENABLED
Fri Apr 10 23:20:54 2020 us=859431   rcvbuf = 0
Fri Apr 10 23:20:54 2020 us=859489   sndbuf = 0
Fri Apr 10 23:20:54 2020 us=859548   mark = 0
Fri Apr 10 23:20:54 2020 us=859607   sockflags = 0
Fri Apr 10 23:20:54 2020 us=859665   fast_io = DISABLED
Fri Apr 10 23:20:54 2020 us=859724   comp.alg = 0
Fri Apr 10 23:20:54 2020 us=859783   comp.flags = 0
Fri Apr 10 23:20:54 2020 us=859844   route_script = '[UNDEF]'
Fri Apr 10 23:20:54 2020 us=859906   route_default_gateway = '[UNDEF]'
Fri Apr 10 23:20:54 2020 us=859967   route_default_metric = 0
Fri Apr 10 23:20:54 2020 us=860027   route_noexec = DISABLED
Fri Apr 10 23:20:54 2020 us=860087   route_delay = 0
Fri Apr 10 23:20:54 2020 us=860149   route_delay_window = 30
Fri Apr 10 23:20:54 2020 us=860210   route_delay_defined = DISABLED
Fri Apr 10 23:20:54 2020 us=860272   route_nopull = DISABLED
Fri Apr 10 23:20:54 2020 us=860334   route_gateway_via_dhcp = DISABLED
Fri Apr 10 23:20:54 2020 us=860396   allow_pull_fqdn = DISABLED
Fri Apr 10 23:20:54 2020 us=860458   management_addr = '[UNDEF]'
Fri Apr 10 23:20:54 2020 us=860519   management_port = '[UNDEF]'
Fri Apr 10 23:20:54 2020 us=860581   management_user_pass = '[UNDEF]'
Fri Apr 10 23:20:54 2020 us=860643   management_log_history_cache = 250
Fri Apr 10 23:20:54 2020 us=860705   management_echo_buffer_size = 100
Fri Apr 10 23:20:54 2020 us=860768   management_write_peer_info_file = '[UNDEF]'
Fri Apr 10 23:20:54 2020 us=860829   management_client_user = '[UNDEF]'
Fri Apr 10 23:20:54 2020 us=860890   management_client_group = '[UNDEF]'
Fri Apr 10 23:20:54 2020 us=860952   management_flags = 0
Fri Apr 10 23:20:54 2020 us=861013   shared_secret_file = '[UNDEF]'
Fri Apr 10 23:20:54 2020 us=861076   key_direction = not set
Fri Apr 10 23:20:54 2020 us=861136   ciphername = 'AES-256-GCM'
Fri Apr 10 23:20:54 2020 us=861196   ncp_enabled = DISABLED
Fri Apr 10 23:20:54 2020 us=861257   ncp_ciphers = 'AES-256-GCM:AES-128-GCM'
Fri Apr 10 23:20:54 2020 us=861319   authname = 'SHA256'
Fri Apr 10 23:20:54 2020 us=861380   prng_hash = 'SHA1'
Fri Apr 10 23:20:54 2020 us=861442   prng_nonce_secret_len = 16
Fri Apr 10 23:20:54 2020 us=861503   keysize = 0
Fri Apr 10 23:20:54 2020 us=861564   engine = DISABLED
Fri Apr 10 23:20:54 2020 us=861623   replay = ENABLED
Fri Apr 10 23:20:54 2020 us=861683   mute_replay_warnings = DISABLED
Fri Apr 10 23:20:54 2020 us=861744   replay_window = 64
Fri Apr 10 23:20:54 2020 us=861805   replay_time = 15
Fri Apr 10 23:20:54 2020 us=861865   packet_id_file = '[UNDEF]'
Fri Apr 10 23:20:54 2020 us=861925   use_iv = ENABLED
Fri Apr 10 23:20:54 2020 us=862007   test_crypto = DISABLED
Fri Apr 10 23:20:54 2020 us=862069   tls_server = DISABLED
Fri Apr 10 23:20:54 2020 us=862130   tls_client = ENABLED
Fri Apr 10 23:20:54 2020 us=862190   key_method = 2
Fri Apr 10 23:20:54 2020 us=862278   ca_file = '/tmp/openvpncl/ca.crt'
Fri Apr 10 23:20:54 2020 us=862342   ca_path = '[UNDEF]'
Fri Apr 10 23:20:54 2020 us=862402   dh_file = '[UNDEF]'
Fri Apr 10 23:20:54 2020 us=862463   cert_file = '/tmp/openvpncl/client.crt'
Fri Apr 10 23:20:54 2020 us=862525   extra_certs_file = '[UNDEF]'
Fri Apr 10 23:20:54 2020 us=862585   priv_key_file = '/tmp/openvpncl/client.key'
Fri Apr 10 23:20:54 2020 us=862646   pkcs12_file = '[UNDEF]'
Fri Apr 10 23:20:54 2020 us=862705   cipher_list = '[UNDEF]'
Fri Apr 10 23:20:54 2020 us=862765   cipher_list_tls13 = '[UNDEF]'
Fri Apr 10 23:20:54 2020 us=862825   tls_cert_profile = '[UNDEF]'
Fri Apr 10 23:20:54 2020 us=862886   tls_verify = '[UNDEF]'
Fri Apr 10 23:20:54 2020 us=862947   tls_export_cert = '[UNDEF]'
Fri Apr 10 23:20:54 2020 us=863007   verify_x509_type = 0
Fri Apr 10 23:20:54 2020 us=863068   verify_x509_name = '[UNDEF]'
Fri Apr 10 23:20:54 2020 us=863128   crl_file = '[UNDEF]'
Fri Apr 10 23:20:54 2020 us=863189   ns_cert_type = 0
Fri Apr 10 23:20:54 2020 us=863249   remote_cert_ku[i] = 65535
Fri Apr 10 23:20:54 2020 us=863309   remote_cert_ku[i] = 0
Fri Apr 10 23:20:54 2020 us=863370   remote_cert_ku[i] = 0
Fri Apr 10 23:20:54 2020 us=863430   remote_cert_ku[i] = 0
Fri Apr 10 23:20:54 2020 us=863490   remote_cert_ku[i] = 0
Fri Apr 10 23:20:54 2020 us=863550   remote_cert_ku[i] = 0
Fri Apr 10 23:20:54 2020 us=863610   remote_cert_ku[i] = 0
Fri Apr 10 23:20:54 2020 us=863670   remote_cert_ku[i] = 0
Fri Apr 10 23:20:54 2020 us=863730   remote_cert_ku[i] = 0
Fri Apr 10 23:20:54 2020 us=863789   remote_cert_ku[i] = 0
Fri Apr 10 23:20:54 2020 us=863876   remote_cert_ku[i] = 0
Fri Apr 10 23:20:54 2020 us=863945   remote_cert_ku[i] = 0
Fri Apr 10 23:20:54 2020 us=864006   remote_cert_ku[i] = 0
Fri Apr 10 23:20:54 2020 us=864066   remote_cert_ku[i] = 0
Fri Apr 10 23:20:54 2020 us=864148   remote_cert_ku[i] = 0
Fri Apr 10 23:20:54 2020 us=864210   remote_cert_ku[i] = 0
Fri Apr 10 23:20:54 2020 us=864271   remote_cert_eku = 'TLS Web Server Authentication'
Fri Apr 10 23:20:54 2020 us=864331   ssl_flags = 0
Fri Apr 10 23:20:54 2020 us=864390   tls_timeout = 2
Fri Apr 10 23:20:54 2020 us=864449   renegotiate_bytes = -1
Fri Apr 10 23:20:54 2020 us=864509   renegotiate_packets = 0
Fri Apr 10 23:20:54 2020 us=864569   renegotiate_seconds = 3600
Fri Apr 10 23:20:54 2020 us=864629   handshake_window = 60
Fri Apr 10 23:20:54 2020 us=864689   transition_window = 3600
Fri Apr 10 23:20:54 2020 us=864749   single_session = DISABLED
Fri Apr 10 23:20:54 2020 us=864809   push_peer_info = DISABLED
Fri Apr 10 23:20:54 2020 us=864868   tls_exit = DISABLED
Fri Apr 10 23:20:54 2020 us=864928   tls_auth_file = '[UNDEF]'
Fri Apr 10 23:20:54 2020 us=864988   tls_crypt_file = '[UNDEF]'
Fri Apr 10 23:20:54 2020 us=865060   server_network = 0.0.0.0
Fri Apr 10 23:20:54 2020 us=865132   server_netmask = 0.0.0.0
Fri Apr 10 23:20:54 2020 us=865215   server_network_ipv6 = ::
Fri Apr 10 23:20:54 2020 us=865279   server_netbits_ipv6 = 0
Fri Apr 10 23:20:54 2020 us=865351   server_bridge_ip = 0.0.0.0
Fri Apr 10 23:20:54 2020 us=865424   server_bridge_netmask = 0.0.0.0
Fri Apr 10 23:20:54 2020 us=865497   server_bridge_pool_start = 0.0.0.0
Fri Apr 10 23:20:54 2020 us=865570   server_bridge_pool_end = 0.0.0.0
Fri Apr 10 23:20:54 2020 us=865633   ifconfig_pool_defined = DISABLED
Fri Apr 10 23:20:54 2020 us=865706   ifconfig_pool_start = 0.0.0.0
Fri Apr 10 23:20:54 2020 us=865780   ifconfig_pool_end = 0.0.0.0
Fri Apr 10 23:20:54 2020 us=865854   ifconfig_pool_netmask = 0.0.0.0
Fri Apr 10 23:20:54 2020 us=865917   ifconfig_pool_persist_filename = '[UNDEF]'
Fri Apr 10 23:20:54 2020 us=865980   ifconfig_pool_persist_refresh_freq = 600
Fri Apr 10 23:20:54 2020 us=866041   ifconfig_ipv6_pool_defined = DISABLED
Fri Apr 10 23:20:54 2020 us=866121   ifconfig_ipv6_pool_base = ::
Fri Apr 10 23:20:54 2020 us=866185   ifconfig_ipv6_pool_netbits = 0
Fri Apr 10 23:20:54 2020 us=866246   n_bcast_buf = 256
Fri Apr 10 23:20:54 2020 us=866309   tcp_queue_limit = 64
Fri Apr 10 23:20:54 2020 us=866371   real_hash_size = 256
Fri Apr 10 23:20:54 2020 us=866462   virtual_hash_size = 256
Fri Apr 10 23:20:54 2020 us=866527   client_connect_script = '[UNDEF]'
Fri Apr 10 23:20:54 2020 us=866590   learn_address_script = '[UNDEF]'
Fri Apr 10 23:20:54 2020 us=866654   client_disconnect_script = '[UNDEF]'
Fri Apr 10 23:20:54 2020 us=866717   client_config_dir = '[UNDEF]'
Fri Apr 10 23:20:54 2020 us=866780   ccd_exclusive = DISABLED
Fri Apr 10 23:20:54 2020 us=866843   tmp_dir = '/tmp'
Fri Apr 10 23:20:54 2020 us=866905   push_ifconfig_defined = DISABLED
Fri Apr 10 23:20:54 2020 us=866978   push_ifconfig_local = 0.0.0.0
Fri Apr 10 23:20:54 2020 us=867051   push_ifconfig_remote_netmask = 0.0.0.0
Fri Apr 10 23:20:54 2020 us=867160   push_ifconfig_ipv6_defined = DISABLED
Fri Apr 10 23:20:54 2020 us=867246   push_ifconfig_ipv6_local = ::/0
Fri Apr 10 23:20:54 2020 us=867325   push_ifconfig_ipv6_remote = ::
Fri Apr 10 23:20:54 2020 us=867388   enable_c2c = DISABLED
Fri Apr 10 23:20:54 2020 us=867449   duplicate_cn = DISABLED
Fri Apr 10 23:20:54 2020 us=867510   cf_max = 0
Fri Apr 10 23:20:54 2020 us=867570   cf_per = 0
Fri Apr 10 23:20:54 2020 us=867629   max_clients = 1024
Fri Apr 10 23:20:54 2020 us=867690   max_routes_per_client = 256
Fri Apr 10 23:20:54 2020 us=867751   auth_user_pass_verify_script = '[UNDEF]'
Fri Apr 10 23:20:54 2020 us=867811   auth_user_pass_verify_script_via_file = DISABLED
Fri Apr 10 23:20:54 2020 us=867873   auth_token_generate = DISABLED
Fri Apr 10 23:20:54 2020 us=867932   auth_token_lifetime = 0
Fri Apr 10 23:20:54 2020 us=867992   port_share_host = '[UNDEF]'
Fri Apr 10 23:20:54 2020 us=868053   port_share_port = '[UNDEF]'
Fri Apr 10 23:20:54 2020 us=868112   client = ENABLED
Fri Apr 10 23:20:54 2020 us=868171   pull = ENABLED
Fri Apr 10 23:20:54 2020 us=868232   auth_user_pass_file = '[UNDEF]'
Fri Apr 10 23:20:54 2020 us=868299 OpenVPN 2.4.7 mips-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Dec  3 2019
Fri Apr 10 23:20:54 2020 us=868367 library versions: OpenSSL 1.1.1d  10 Sep 2019, LZO 2.09
Fri Apr 10 23:20:54 2020 us=880945 Control Channel MTU parms [ L:1621 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Fri Apr 10 23:20:54 2020 us=882005 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
Fri Apr 10 23:20:54 2020 us=882180 crypto_adjust_frame_parameters: Adjusting frame parameters for crypto by 48 bytes
Fri Apr 10 23:20:54 2020 us=882245 calc_options_string_link_mtu: link-mtu 1621 -> 1549
Fri Apr 10 23:20:54 2020 us=882410 crypto_adjust_frame_parameters: Adjusting frame parameters for crypto by 48 bytes
Fri Apr 10 23:20:54 2020 us=882472 calc_options_string_link_mtu: link-mtu 1621 -> 1549
Fri Apr 10 23:20:54 2020 us=882589 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1549,tun-mtu 1500,proto UDPv4,cipher AES-256-GCM,auth [null-digest],keysize 256,key-method 2,tls-client'
Fri Apr 10 23:20:54 2020 us=882655 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1549,tun-mtu 1500,proto UDPv4,cipher AES-256-GCM,auth [null-digest],keysize 256,key-method 2,tls-server'
Fri Apr 10 23:20:54 2020 us=882899 TCP/UDP: Preserving recently used remote address: [AF_INET]85.xxx.xxx.114:27xxx
Fri Apr 10 23:20:54 2020 us=883010 Socket Buffers: R=[172032->172032] S=[172032->172032]
Fri Apr 10 23:20:54 2020 us=883077 UDPv4 link local: (not bound)
Fri Apr 10 23:20:54 2020 us=883158 UDPv4 link remote: [AF_INET]85.xxx.xxx.114:27xxx
Fri Apr 10 23:20:54 2020 us=883218 NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
Fri Apr 10 23:20:54 2020 us=883457 UDPv4 WRITE [14] to [AF_INET]85.xxx.xxx.114:27xxx: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
Fri Apr 10 23:20:57 2020 us=65445 UDPv4 WRITE [14] to [AF_INET]85.xxx.xx.114:27xxx: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
Fri Apr 10 23:21:01 2020 us=422589 UDPv4 WRITE [14] to [AF_INET]85.xx.xx.114:27xxx: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
Fri Apr 10 23:21:09 2020 us=299436 UDPv4 WRITE [14] to [AF_INET]85.xx.xx.114:27xxx: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
Fri Apr 10 23:21:25 2020 us=845003 UDPv4 WRITE [14] to [AF_INET]85.xx.xx.114:27xxx: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
Fri Apr 10 23:21:54 2020 us=27168 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Fri Apr 10 23:21:54 2020 us=27272 TLS Error: TLS handshake failed
Fri Apr 10 23:21:54 2020 us=28175 TCP/UDP: Closing socket
Fri Apr 10 23:21:54 2020 us=28336 SIGUSR1[soft,tls-error] received, process restarting
Fri Apr 10 23:21:54 2020 us=28447 Restart pause, 5 second(s)
Fri Apr 10 23:21:59 2020 us=28624 Re-using SSL/TLS context
Fri Apr 10 23:21:59 2020 us=29360 Control Channel MTU parms [ L:1621 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Fri Apr 10 23:21:59 2020 us=30496 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]


I don't think there is any firewall rule hindering access because the server clearly sees that a client is trying to connect and it knows exactly from which IP. I have configured the firewall using iptables and I am using the same port now. I hope someone of you can help me. Thanks!

Last edited by sasholal on Mon Apr 13, 2020 12:41; edited 1 time in total
Back to top View user's profile Send private message
Sponsor
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12873
Location: Netherlands
PostPosted: Sat Apr 11, 2020 7:18    Post subject: Reply with quote
This has seldom anything to do with ciphers or HMAC (do not use ncp-disable unless you know exactly what you are doing, furthermore you are using keys/certs so keep tls-server and tls-client enabled (this is not the cause of your problems as you are using the server directive which expands to tls-server))

UDP4 can be more difficult to setup because of MTU problems.

My advice go back to a working TCP connection.

From there just exchange TCP for UDP.

As you have to make your own firewall rules because you are deviating from the standard tun you have to open up the right UDP port instead of the TCP port and if you are forwarding also forward UDP instead of TCP.

If you adapted that look into MTU.
_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Back to top View user's profile Send private message
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum