sasholal DD-WRT Novice
Joined: 27 Jan 2020 Posts: 1
|
Posted: Fri Apr 10, 2020 21:16 Post subject: OpenVPN Site-to-Site using UDP4 - 'TLS Error' w/o tls-crypt |
|
I have used OpenVPN w/ the routers stated below as I was using TCP4 for OpenVPN but my connections started dropping. I believe this is the TCP Meltdown described at OpenVPN's FAQ. I want to use UDP4. I tried using HMAC with tls-auth and tls-crypt but even after disabling HMAC, the TLS error persisted. Then I changed the cipher from AES-256-CBC to AES-256-GCM - still no luck. Back when I was using the TCP4 version everything worked - the Site-to-Site functionality and the DNS resolution across my networks - the only problem was dropping connections after some time which I could reestablish right away but still that is annoying. OpenVPN's HowTo recommends UDP. I downloaded from the forum the guide for OpenVPN (v1.74) and the troubleshooting guide - no luck. I was searching on the ?Internet and tried different things that didn't work.
OpenVPN Server: TP-Link TL-WR740N HW: v4.24 (openvpn binary and config are downloaded at runtime via scripts) with DD-WRT v3.0-r39290
OpenVPN Client: TP-LINK ARCHER C7 (native support for OpenVPN); HW: v2/v3; DD-WRT v3.0-r41659
Notice I removed any usage of tls-auth or tls-crypt as now I just want a working UDP4 connection.
Server config and log using AES-256-CBC:
Quote: | Code: | server 10.8.0.0 255.255.255.0
proto udp4
dev tun
user nobody
group nobody
persist-key
persist-tun
verb 8
log openvpn.log
ncp-disable
cipher AES-256-CBC
auth SHA256
;tls-cipher TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384
;key-direction 0
;tls-server
port 1194
push "route 192.168.7.0 255.255.255.0"
push "route 192.168.3.0 255.255.255.0"
push "route 192.168.4.0 255.255.255.0"
route 192.168.4.0 255.255.255.0
route 192.168.3.0 255.255.255.0
client-config-dir ccd
client-to-client
keepalive 60 300
max-clients 20
explicit-exit-notify 1
<ca>
...
</ca>
<cert>
...
</cert>
<key>
...
</key>
<dh>
...
</dh>
[b]LOG[/b]:
Fri Apr 10 21:23:38 2020 us=228084 OpenVPN 2.4.7 mips-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Fri Apr 10 21:23:38 2020 us=228390 library versions: OpenSSL 1.1.1f 31 Mar 2020, LZO 2.10
Fri Apr 10 21:23:38 2020 us=236996 Diffie-Hellman initialized with 2048 bit key
Fri Apr 10 21:23:38 2020 us=248398 TLS-Auth MTU parms [ L:1621 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Fri Apr 10 21:23:38 2020 us=254561 TUN/TAP device tun0 opened
Fri Apr 10 21:23:38 2020 us=254808 TUN/TAP TX queue length set to 100
Fri Apr 10 21:23:38 2020 us=255017 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Fri Apr 10 21:23:38 2020 us=265504 /sbin/ifconfig tun0 10.8.0.1 pointopoint 10.8.0.2 mtu 1500
Fri Apr 10 21:23:38 2020 us=272984 /sbin/route add -net 192.168.4.0 netmask 255.255.255.0 gw 10.8.0.2
Fri Apr 10 21:23:38 2020 us=298065 /sbin/route add -net 192.168.3.0 netmask 255.255.255.0 gw 10.8.0.2
Fri Apr 10 21:23:38 2020 us=303862 /sbin/route add -net 10.8.0.0 netmask 255.255.255.0 gw 10.8.0.2
Fri Apr 10 21:23:38 2020 us=310250 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
Fri Apr 10 21:23:38 2020 us=310839 Socket Buffers: R=[163840->163840] S=[163840->163840]
Fri Apr 10 21:23:38 2020 us=311090 UDPv4 link local (bound): [AF_INET][undef]:1194
Fri Apr 10 21:23:38 2020 us=311225 UDPv4 link remote: [AF_UNSPEC]
Fri Apr 10 21:23:38 2020 us=311376 GID set to nobody
Fri Apr 10 21:23:38 2020 us=311551 UID set to nobody
Fri Apr 10 21:23:38 2020 us=311716 MULTI: multi_init called, r=256 v=256
Fri Apr 10 21:23:38 2020 us=312097 IFCONFIG POOL: base=10.8.0.4 size=62, ipv6=0
Fri Apr 10 21:23:38 2020 us=312942 Initialization Sequence Completed
Fri Apr 10 21:26:12 2020 us=677302 MULTI: multi_create_instance called
Fri Apr 10 21:26:12 2020 us=678098 77.xx.xxx.248:27xxx Re-using SSL/TLS context
Fri Apr 10 21:26:12 2020 us=679835 77.xx.xxx.248:27xxx Control Channel MTU parms [ L:1621 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Fri Apr 10 21:26:12 2020 us=680058 77.xx.xxx.248:27xxx Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
Fri Apr 10 21:26:12 2020 us=680305 77.xx.xxx.248:27xxx crypto_adjust_frame_parameters: Adjusting frame parameters for crypto by 68 bytes
Fri Apr 10 21:26:12 2020 us=680421 77.xx.xxx.248:27xxx calc_options_string_link_mtu: link-mtu 1621 -> 1569
Fri Apr 10 21:26:12 2020 us=680813 77.xx.xxx.248:27xxx crypto_adjust_frame_parameters: Adjusting frame parameters for crypto by 68 bytes
Fri Apr 10 21:26:12 2020 us=680930 77.xx.xxx.248:27xxx calc_options_string_link_mtu: link-mtu 1621 -> 1569
Fri Apr 10 21:26:12 2020 us=681210 77.xx.xxx.248:27xxx Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1569,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA256,keysize 256,key-method 2,tls-server'
Fri Apr 10 21:26:12 2020 us=681333 77.xx.xxx.248:27xxx Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1569,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA256,keysize 256,key-method 2,tls-client'
Fri Apr 10 21:26:12 2020 us=681746 77.xx.xxx.248:27xxx UDPv4 READ [14] from [AF_INET]77.xx.xxx.248:27xxx: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
Fri Apr 10 21:26:12 2020 us=682001 77.xx.xxx.248:27xxx TLS: Initial packet from [AF_INET]77.xx.xxx.248:27xxx, sid=ab78149f 8bf831dc
Fri Apr 10 21:26:12 2020 us=682384 77.xx.xxx.248:27xxx UDPv4 WRITE [26] to [AF_INET]77.xx.xxx.248:27xxx: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 [ 0 ] pid=0 DATA len=0
Fri Apr 10 21:26:14 2020 us=836028 77.xx.xxx.248:27xxx UDPv4 READ [14] from [AF_INET]77.xx.xxx.248:27xxx: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
Fri Apr 10 21:26:14 2020 us=836533 77.xx.xxx.248:27xxx UDPv4 WRITE [26] to [AF_INET]77.xx.xxx.248:27xxx: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 [ 0 ] pid=0 DATA len=0
Fri Apr 10 21:26:18 2020 us=79510 77.xx.xxx.248:27xxx UDPv4 READ [14] from [AF_INET]77.xx.xxx.248:27xxx: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
Fri Apr 10 21:26:18 2020 us=79968 77.xx.xxx.248:27xxx UDPv4 WRITE [26] to [AF_INET]77.xx.xxx.248:27xxx: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 [ 0 ] pid=0 DATA len=0
Fri Apr 10 21:26:26 2020 us=879523 77.xx.xxx.248:27xxx UDPv4 READ [14] from [AF_INET]77.xx.xxx.248:27xxx: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
Fri Apr 10 21:26:26 2020 us=880088 77.xx.xxx.248:27xxx UDPv4 WRITE [26] to [AF_INET]77.xx.xxx.248:27xxx: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 [ 0 ] pid=0 DATA len=0
Fri Apr 10 21:26:42 2020 us=559342 77.xx.xxx.248:27xxx UDPv4 READ [14] from [AF_INET]77.xx.xxx.248:27xxx: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
Fri Apr 10 21:26:42 2020 us=559865 77.xx.xxx.248:27xxx UDPv4 WRITE [26] to [AF_INET]77.xx.xxx.248:27xxx: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 [ 0 ] pid=0 DATA len=0
Fri Apr 10 21:27:12 2020 us=625223 77.xx.xxx.248:27xxx TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Fri Apr 10 21:27:12 2020 us=625420 77.xx.xxx.248:27xxx TLS Error: TLS handshake failed
Fri Apr 10 21:27:12 2020 us=626605 77.xx.xxx.248:27xxx SIGUSR1[soft,tls-error] received, client-instance restarting
Fri Apr 10 21:32:12 2020 us=502521 MULTI: multi_create_instance called |
|
Client config and log using AES-256-CBC:
Quote: | Code: | ;tls-auth /tmp/openvpncl/ta.key
ca /tmp/openvpncl/ca.crt
cert /tmp/openvpncl/client.crt
key /tmp/openvpncl/client.key
client
proto udp4
dev tun
user nobody
group nobody
persist-key
persist-tun
verb 8
log openvpn.log
ncp-disable
cipher AES-256-CBC
auth SHA256
;tls-cipher TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384
;key-direction 1
;tls-client
remote xxxxxxxx.freeddns.org 27xxx
nobind
remote-cert-tls server
resolv-retry infinite
daemon
float
tun-mtu 1500
;auth-nocache
[b]LOG:[/b]
Fri Apr 10 20:59:40 2020 us=974994 Current Parameter Settings:
Fri Apr 10 20:59:40 2020 us=975209 config = 'openvpn.conf'
Fri Apr 10 20:59:40 2020 us=975284 mode = 0
Fri Apr 10 20:59:40 2020 us=975347 persist_config = DISABLED
Fri Apr 10 20:59:40 2020 us=975408 persist_mode = 1
Fri Apr 10 20:59:40 2020 us=975469 show_ciphers = DISABLED
Fri Apr 10 20:59:40 2020 us=975531 show_digests = DISABLED
Fri Apr 10 20:59:40 2020 us=975858 show_engines = DISABLED
Fri Apr 10 20:59:40 2020 us=975927 genkey = DISABLED
Fri Apr 10 20:59:40 2020 us=975989 key_pass_file = '[UNDEF]'
Fri Apr 10 20:59:40 2020 us=976051 show_tls_ciphers = DISABLED
Fri Apr 10 20:59:40 2020 us=976112 connect_retry_max = 0
Fri Apr 10 20:59:40 2020 us=976173 Connection profiles [0]:
Fri Apr 10 20:59:40 2020 us=976236 proto = udp4
Fri Apr 10 20:59:40 2020 us=976296 local = '[UNDEF]'
Fri Apr 10 20:59:40 2020 us=976358 local_port = '[UNDEF]'
Fri Apr 10 20:59:40 2020 us=976420 remote = 'xxxxxxx.freeddns.org'
Fri Apr 10 20:59:40 2020 us=976482 remote_port = '27xxx'
Fri Apr 10 20:59:40 2020 us=976543 remote_float = ENABLED
Fri Apr 10 20:59:40 2020 us=976604 bind_defined = DISABLED
Fri Apr 10 20:59:40 2020 us=976665 bind_local = DISABLED
Fri Apr 10 20:59:40 2020 us=976725 bind_ipv6_only = DISABLED
Fri Apr 10 20:59:40 2020 us=976786 connect_retry_seconds = 5
Fri Apr 10 20:59:40 2020 us=976848 connect_timeout = 120
Fri Apr 10 20:59:40 2020 us=976911 socks_proxy_server = '[UNDEF]'
Fri Apr 10 20:59:40 2020 us=977037 socks_proxy_port = '[UNDEF]'
Fri Apr 10 20:59:40 2020 us=977103 tun_mtu = 1500
Fri Apr 10 20:59:40 2020 us=977164 tun_mtu_defined = ENABLED
Fri Apr 10 20:59:40 2020 us=977250 link_mtu = 1500
Fri Apr 10 20:59:40 2020 us=977312 link_mtu_defined = DISABLED
Fri Apr 10 20:59:40 2020 us=977372 tun_mtu_extra = 0
Fri Apr 10 20:59:40 2020 us=977433 tun_mtu_extra_defined = DISABLED
Fri Apr 10 20:59:40 2020 us=977495 mtu_discover_type = -1
Fri Apr 10 20:59:40 2020 us=977555 fragment = 0
Fri Apr 10 20:59:40 2020 us=977616 mssfix = 1450
Fri Apr 10 20:59:40 2020 us=977676 explicit_exit_notification = 0
Fri Apr 10 20:59:40 2020 us=977736 Connection profiles END
Fri Apr 10 20:59:40 2020 us=977795 remote_random = DISABLED
Fri Apr 10 20:59:40 2020 us=977854 ipchange = '[UNDEF]'
Fri Apr 10 20:59:40 2020 us=977913 dev = 'tun'
Fri Apr 10 20:59:40 2020 us=977972 dev_type = '[UNDEF]'
Fri Apr 10 20:59:40 2020 us=978031 dev_node = '[UNDEF]'
Fri Apr 10 20:59:40 2020 us=978091 lladdr = '[UNDEF]'
Fri Apr 10 20:59:40 2020 us=978150 topology = 1
Fri Apr 10 20:59:40 2020 us=978209 ifconfig_local = '[UNDEF]'
Fri Apr 10 20:59:40 2020 us=978270 ifconfig_remote_netmask = '[UNDEF]'
Fri Apr 10 20:59:40 2020 us=978328 ifconfig_noexec = DISABLED
Fri Apr 10 20:59:40 2020 us=978387 ifconfig_nowarn = DISABLED
Fri Apr 10 20:59:40 2020 us=978446 ifconfig_ipv6_local = '[UNDEF]'
Fri Apr 10 20:59:40 2020 us=978505 ifconfig_ipv6_netbits = 0
Fri Apr 10 20:59:40 2020 us=978564 ifconfig_ipv6_remote = '[UNDEF]'
Fri Apr 10 20:59:40 2020 us=978624 shaper = 0
Fri Apr 10 20:59:40 2020 us=978682 mtu_test = 0
Fri Apr 10 20:59:40 2020 us=978741 mlock = DISABLED
Fri Apr 10 20:59:40 2020 us=978802 keepalive_ping = 0
Fri Apr 10 20:59:40 2020 us=978861 keepalive_timeout = 0
Fri Apr 10 20:59:40 2020 us=978923 inactivity_timeout = 0
Fri Apr 10 20:59:40 2020 us=978983 ping_send_timeout = 0
Fri Apr 10 20:59:40 2020 us=979042 ping_rec_timeout = 0
Fri Apr 10 20:59:40 2020 us=979101 ping_rec_timeout_action = 0
Fri Apr 10 20:59:40 2020 us=979161 ping_timer_remote = DISABLED
Fri Apr 10 20:59:40 2020 us=979221 remap_sigusr1 = 0
Fri Apr 10 20:59:40 2020 us=979280 persist_tun = ENABLED
Fri Apr 10 20:59:40 2020 us=979339 persist_local_ip = DISABLED
Fri Apr 10 20:59:40 2020 us=979398 persist_remote_ip = DISABLED
Fri Apr 10 20:59:40 2020 us=979457 persist_key = ENABLED
Fri Apr 10 20:59:40 2020 us=979516 passtos = DISABLED
Fri Apr 10 20:59:40 2020 us=979624 resolve_retry_seconds = 1000000000
Fri Apr 10 20:59:40 2020 us=979698 resolve_in_advance = DISABLED
Fri Apr 10 20:59:40 2020 us=979781 username = 'nobody'
Fri Apr 10 20:59:40 2020 us=979843 groupname = 'nobody'
Fri Apr 10 20:59:40 2020 us=979902 chroot_dir = '[UNDEF]'
Fri Apr 10 20:59:40 2020 us=979963 cd_dir = '[UNDEF]'
Fri Apr 10 20:59:40 2020 us=980022 writepid = '[UNDEF]'
Fri Apr 10 20:59:40 2020 us=980082 up_script = '[UNDEF]'
Fri Apr 10 20:59:40 2020 us=980142 down_script = '[UNDEF]'
Fri Apr 10 20:59:40 2020 us=980202 down_pre = DISABLED
Fri Apr 10 20:59:40 2020 us=980261 up_restart = DISABLED
Fri Apr 10 20:59:40 2020 us=980320 up_delay = DISABLED
Fri Apr 10 20:59:40 2020 us=980379 daemon = ENABLED
Fri Apr 10 20:59:40 2020 us=980438 inetd = 0
Fri Apr 10 20:59:40 2020 us=980496 log = ENABLED
Fri Apr 10 20:59:40 2020 us=980555 suppress_timestamps = DISABLED
Fri Apr 10 20:59:40 2020 us=980615 machine_readable_output = DISABLED
Fri Apr 10 20:59:40 2020 us=980674 nice = 0
Fri Apr 10 20:59:40 2020 us=980732 verbosity = 8
Fri Apr 10 20:59:40 2020 us=980791 mute = 0
Fri Apr 10 20:59:40 2020 us=980849 status_file = '[UNDEF]'
Fri Apr 10 20:59:40 2020 us=980908 status_file_version = 1
Fri Apr 10 20:59:40 2020 us=980967 status_file_update_freq = 60
Fri Apr 10 20:59:40 2020 us=981027 occ = ENABLED
Fri Apr 10 20:59:40 2020 us=981085 rcvbuf = 0
Fri Apr 10 20:59:40 2020 us=981143 sndbuf = 0
Fri Apr 10 20:59:40 2020 us=981200 mark = 0
Fri Apr 10 20:59:40 2020 us=981258 sockflags = 0
Fri Apr 10 20:59:40 2020 us=981315 fast_io = DISABLED
Fri Apr 10 20:59:40 2020 us=981374 comp.alg = 0
Fri Apr 10 20:59:40 2020 us=981431 comp.flags = 0
Fri Apr 10 20:59:40 2020 us=981491 route_script = '[UNDEF]'
Fri Apr 10 20:59:40 2020 us=981553 route_default_gateway = '[UNDEF]'
Fri Apr 10 20:59:40 2020 us=981614 route_default_metric = 0
Fri Apr 10 20:59:40 2020 us=981674 route_noexec = DISABLED
Fri Apr 10 20:59:40 2020 us=981735 route_delay = 0
Fri Apr 10 20:59:40 2020 us=981796 route_delay_window = 30
Fri Apr 10 20:59:40 2020 us=981857 route_delay_defined = DISABLED
Fri Apr 10 20:59:40 2020 us=981919 route_nopull = DISABLED
Fri Apr 10 20:59:40 2020 us=981981 route_gateway_via_dhcp = DISABLED
Fri Apr 10 20:59:40 2020 us=982042 allow_pull_fqdn = DISABLED
Fri Apr 10 20:59:40 2020 us=982104 management_addr = '[UNDEF]'
Fri Apr 10 20:59:40 2020 us=986391 management_port = '[UNDEF]'
Fri Apr 10 20:59:40 2020 us=986477 management_user_pass = '[UNDEF]'
Fri Apr 10 20:59:40 2020 us=986540 management_log_history_cache = 250
Fri Apr 10 20:59:40 2020 us=986601 management_echo_buffer_size = 100
Fri Apr 10 20:59:40 2020 us=986664 management_write_peer_info_file = '[UNDEF]'
Fri Apr 10 20:59:40 2020 us=986726 management_client_user = '[UNDEF]'
Fri Apr 10 20:59:40 2020 us=986787 management_client_group = '[UNDEF]'
Fri Apr 10 20:59:40 2020 us=986849 management_flags = 0
Fri Apr 10 20:59:40 2020 us=986908 shared_secret_file = '[UNDEF]'
Fri Apr 10 20:59:40 2020 us=986971 key_direction = not set
Fri Apr 10 20:59:40 2020 us=987031 ciphername = 'AES-256-CBC'
Fri Apr 10 20:59:40 2020 us=987091 ncp_enabled = DISABLED
Fri Apr 10 20:59:40 2020 us=987151 ncp_ciphers = 'AES-256-GCM:AES-128-GCM'
Fri Apr 10 20:59:40 2020 us=987213 authname = 'SHA256'
Fri Apr 10 20:59:40 2020 us=987275 prng_hash = 'SHA1'
Fri Apr 10 20:59:40 2020 us=987336 prng_nonce_secret_len = 16
Fri Apr 10 20:59:40 2020 us=987397 keysize = 0
Fri Apr 10 20:59:40 2020 us=987457 engine = DISABLED
Fri Apr 10 20:59:40 2020 us=987517 replay = ENABLED
Fri Apr 10 20:59:40 2020 us=987577 mute_replay_warnings = DISABLED
Fri Apr 10 20:59:40 2020 us=987637 replay_window = 64
Fri Apr 10 20:59:40 2020 us=987697 replay_time = 15
Fri Apr 10 20:59:40 2020 us=987757 packet_id_file = '[UNDEF]'
Fri Apr 10 20:59:40 2020 us=987818 use_iv = ENABLED
Fri Apr 10 20:59:40 2020 us=987878 test_crypto = DISABLED
Fri Apr 10 20:59:40 2020 us=987939 tls_server = DISABLED
Fri Apr 10 20:59:40 2020 us=988001 tls_client = ENABLED
Fri Apr 10 20:59:40 2020 us=988061 key_method = 2
Fri Apr 10 20:59:40 2020 us=988151 ca_file = '/tmp/openvpncl/ca.crt'
Fri Apr 10 20:59:40 2020 us=988215 ca_path = '[UNDEF]'
Fri Apr 10 20:59:40 2020 us=988276 dh_file = '[UNDEF]'
Fri Apr 10 20:59:40 2020 us=988337 cert_file = '/tmp/openvpncl/client.crt'
Fri Apr 10 20:59:40 2020 us=988398 extra_certs_file = '[UNDEF]'
Fri Apr 10 20:59:40 2020 us=988459 priv_key_file = '/tmp/openvpncl/client.key'
Fri Apr 10 20:59:40 2020 us=988520 pkcs12_file = '[UNDEF]'
Fri Apr 10 20:59:40 2020 us=988581 cipher_list = '[UNDEF]'
Fri Apr 10 20:59:40 2020 us=988641 cipher_list_tls13 = '[UNDEF]'
Fri Apr 10 20:59:40 2020 us=988702 tls_cert_profile = '[UNDEF]'
Fri Apr 10 20:59:40 2020 us=988763 tls_verify = '[UNDEF]'
Fri Apr 10 20:59:40 2020 us=988824 tls_export_cert = '[UNDEF]'
Fri Apr 10 20:59:40 2020 us=988885 verify_x509_type = 0
Fri Apr 10 20:59:40 2020 us=988946 verify_x509_name = '[UNDEF]'
Fri Apr 10 20:59:40 2020 us=989006 crl_file = '[UNDEF]'
Fri Apr 10 20:59:40 2020 us=989068 ns_cert_type = 0
Fri Apr 10 20:59:40 2020 us=989129 remote_cert_ku[i] = 65535
Fri Apr 10 20:59:40 2020 us=989191 remote_cert_ku[i] = 0
Fri Apr 10 20:59:40 2020 us=989253 remote_cert_ku[i] = 0
Fri Apr 10 20:59:40 2020 us=989315 remote_cert_ku[i] = 0
Fri Apr 10 20:59:40 2020 us=989375 remote_cert_ku[i] = 0
Fri Apr 10 20:59:40 2020 us=989437 remote_cert_ku[i] = 0
Fri Apr 10 20:59:40 2020 us=989498 remote_cert_ku[i] = 0
Fri Apr 10 20:59:40 2020 us=989560 remote_cert_ku[i] = 0
Fri Apr 10 20:59:40 2020 us=989621 remote_cert_ku[i] = 0
Fri Apr 10 20:59:40 2020 us=989681 remote_cert_ku[i] = 0
Fri Apr 10 20:59:40 2020 us=989741 remote_cert_ku[i] = 0
Fri Apr 10 20:59:40 2020 us=989802 remote_cert_ku[i] = 0
Fri Apr 10 20:59:40 2020 us=989864 remote_cert_ku[i] = 0
Fri Apr 10 20:59:40 2020 us=989926 remote_cert_ku[i] = 0
Fri Apr 10 20:59:40 2020 us=989987 remote_cert_ku[i] = 0
Fri Apr 10 20:59:40 2020 us=990049 remote_cert_ku[i] = 0
Fri Apr 10 20:59:40 2020 us=990112 remote_cert_eku = 'TLS Web Server Authentication'
Fri Apr 10 20:59:40 2020 us=990173 ssl_flags = 0
Fri Apr 10 20:59:40 2020 us=990233 tls_timeout = 2
Fri Apr 10 20:59:40 2020 us=990293 renegotiate_bytes = -1
Fri Apr 10 20:59:40 2020 us=990353 renegotiate_packets = 0
Fri Apr 10 20:59:40 2020 us=990415 renegotiate_seconds = 3600
Fri Apr 10 20:59:40 2020 us=990477 handshake_window = 60
Fri Apr 10 20:59:40 2020 us=990537 transition_window = 3600
Fri Apr 10 20:59:40 2020 us=990599 single_session = DISABLED
Fri Apr 10 20:59:40 2020 us=990661 push_peer_info = DISABLED
Fri Apr 10 20:59:40 2020 us=990722 tls_exit = DISABLED
Fri Apr 10 20:59:40 2020 us=990782 tls_auth_file = '[UNDEF]'
Fri Apr 10 20:59:40 2020 us=990843 tls_crypt_file = '[UNDEF]'
Fri Apr 10 20:59:40 2020 us=990917 server_network = 0.0.0.0
Fri Apr 10 20:59:40 2020 us=990989 server_netmask = 0.0.0.0
Fri Apr 10 20:59:40 2020 us=991072 server_network_ipv6 = ::
Fri Apr 10 20:59:40 2020 us=991136 server_netbits_ipv6 = 0
Fri Apr 10 20:59:40 2020 us=991208 server_bridge_ip = 0.0.0.0
Fri Apr 10 20:59:40 2020 us=991282 server_bridge_netmask = 0.0.0.0
Fri Apr 10 20:59:40 2020 us=991356 server_bridge_pool_start = 0.0.0.0
Fri Apr 10 20:59:40 2020 us=991430 server_bridge_pool_end = 0.0.0.0
Fri Apr 10 20:59:40 2020 us=991495 ifconfig_pool_defined = DISABLED
Fri Apr 10 20:59:40 2020 us=991569 ifconfig_pool_start = 0.0.0.0
Fri Apr 10 20:59:40 2020 us=991644 ifconfig_pool_end = 0.0.0.0
Fri Apr 10 20:59:40 2020 us=991718 ifconfig_pool_netmask = 0.0.0.0
Fri Apr 10 20:59:40 2020 us=991783 ifconfig_pool_persist_filename = '[UNDEF]'
Fri Apr 10 20:59:40 2020 us=991846 ifconfig_pool_persist_refresh_freq = 600
Fri Apr 10 20:59:40 2020 us=991909 ifconfig_ipv6_pool_defined = DISABLED
Fri Apr 10 20:59:40 2020 us=991989 ifconfig_ipv6_pool_base = ::
Fri Apr 10 20:59:40 2020 us=992054 ifconfig_ipv6_pool_netbits = 0
Fri Apr 10 20:59:40 2020 us=992116 n_bcast_buf = 256
Fri Apr 10 20:59:40 2020 us=992222 tcp_queue_limit = 64
Fri Apr 10 20:59:40 2020 us=992292 real_hash_size = 256
Fri Apr 10 20:59:40 2020 us=992383 virtual_hash_size = 256
Fri Apr 10 20:59:40 2020 us=992448 client_connect_script = '[UNDEF]'
Fri Apr 10 20:59:40 2020 us=992511 learn_address_script = '[UNDEF]'
Fri Apr 10 20:59:40 2020 us=992575 client_disconnect_script = '[UNDEF]'
Fri Apr 10 20:59:40 2020 us=992638 client_config_dir = '[UNDEF]'
Fri Apr 10 20:59:40 2020 us=992700 ccd_exclusive = DISABLED
Fri Apr 10 20:59:40 2020 us=992763 tmp_dir = '/tmp'
Fri Apr 10 20:59:40 2020 us=992825 push_ifconfig_defined = DISABLED
Fri Apr 10 20:59:40 2020 us=992898 push_ifconfig_local = 0.0.0.0
Fri Apr 10 20:59:40 2020 us=992970 push_ifconfig_remote_netmask = 0.0.0.0
Fri Apr 10 20:59:40 2020 us=993032 push_ifconfig_ipv6_defined = DISABLED
Fri Apr 10 20:59:40 2020 us=993114 push_ifconfig_ipv6_local = ::/0
Fri Apr 10 20:59:40 2020 us=993192 push_ifconfig_ipv6_remote = ::
Fri Apr 10 20:59:40 2020 us=993253 enable_c2c = DISABLED
Fri Apr 10 20:59:40 2020 us=993314 duplicate_cn = DISABLED
Fri Apr 10 20:59:40 2020 us=993374 cf_max = 0
Fri Apr 10 20:59:40 2020 us=993434 cf_per = 0
Fri Apr 10 20:59:40 2020 us=993493 max_clients = 1024
Fri Apr 10 20:59:40 2020 us=993554 max_routes_per_client = 256
Fri Apr 10 20:59:40 2020 us=993616 auth_user_pass_verify_script = '[UNDEF]'
Fri Apr 10 20:59:40 2020 us=993677 auth_user_pass_verify_script_via_file = DISABLED
Fri Apr 10 20:59:40 2020 us=993737 auth_token_generate = DISABLED
Fri Apr 10 20:59:40 2020 us=993797 auth_token_lifetime = 0
Fri Apr 10 20:59:40 2020 us=993857 port_share_host = '[UNDEF]'
Fri Apr 10 20:59:40 2020 us=993917 port_share_port = '[UNDEF]'
Fri Apr 10 20:59:40 2020 us=993977 client = ENABLED
Fri Apr 10 20:59:40 2020 us=994036 pull = ENABLED
Fri Apr 10 20:59:40 2020 us=994096 auth_user_pass_file = '[UNDEF]'
Fri Apr 10 20:59:40 2020 us=994163 OpenVPN 2.4.7 mips-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Dec 3 2019
Fri Apr 10 20:59:40 2020 us=994229 library versions: OpenSSL 1.1.1d 10 Sep 2019, LZO 2.09
Fri Apr 10 20:59:41 2020 us=6215 Control Channel MTU parms [ L:1621 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Fri Apr 10 20:59:41 2020 us=231846 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
Fri Apr 10 20:59:41 2020 us=232031 crypto_adjust_frame_parameters: Adjusting frame parameters for crypto by 68 bytes
Fri Apr 10 20:59:41 2020 us=232095 calc_options_string_link_mtu: link-mtu 1621 -> 1569
Fri Apr 10 20:59:41 2020 us=232319 crypto_adjust_frame_parameters: Adjusting frame parameters for crypto by 68 bytes
Fri Apr 10 20:59:41 2020 us=232388 calc_options_string_link_mtu: link-mtu 1621 -> 1569
Fri Apr 10 20:59:41 2020 us=232512 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1569,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA256,keysize 256,key-method 2,tls-client'
Fri Apr 10 20:59:41 2020 us=232575 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1569,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA256,keysize 256,key-method 2,tls-server'
Fri Apr 10 20:59:41 2020 us=232819 TCP/UDP: Preserving recently used remote address: [AF_INET]85.xxx.xxx.114:27xxx
Fri Apr 10 20:59:41 2020 us=232932 Socket Buffers: R=[172032->172032] S=[172032->172032]
Fri Apr 10 20:59:41 2020 us=232999 UDPv4 link local: (not bound)
Fri Apr 10 20:59:41 2020 us=233080 UDPv4 link remote: [AF_INET]85.xxx.xxx.114:27xxx
Fri Apr 10 20:59:41 2020 us=233141 NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
Fri Apr 10 20:59:41 2020 us=233380 UDPv4 WRITE [14] to [AF_INET]85.xxx.xxx.114:27xxx: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
Fri Apr 10 20:59:43 2020 us=442371 UDPv4 WRITE [14] to [AF_INET]85.xxx.xxx.114:27xxx: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
Fri Apr 10 20:59:47 2020 us=855541 UDPv4 WRITE [14] to [AF_INET]85.xxx.xxx.114:27xxx: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
Fri Apr 10 20:59:55 2020 us=341892 UDPv4 WRITE [14] to [AF_INET]85.xxx.xxx.114:27xxx: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
Fri Apr 10 21:00:11 2020 us=336226 UDPv4 WRITE [14] to [AF_INET]85.xxx.xxx.114:27xxx: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
Fri Apr 10 21:00:41 2020 us=170048 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Fri Apr 10 21:00:41 2020 us=170153 TLS Error: TLS handshake failed
Fri Apr 10 21:00:41 2020 us=171012 TCP/UDP: Closing socket
Fri Apr 10 21:00:41 2020 us=171170 SIGUSR1[soft,tls-error] received, process restarting
Fri Apr 10 21:00:41 2020 us=171282 Restart pause, 5 second(s)
Fri Apr 10 21:00:46 2020 us=171451 Re-using SSL/TLS context
Fri Apr 10 21:00:46 2020 us=172217 Control Channel MTU parms [ L:1621 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Fri Apr 10 21:00:46 2020 us=173206 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ] |
|
Then I tried using the GCM version of the cipher:
Server config and log using AES-256-GCM:
Quote: | Code: | server 10.8.0.0 255.255.255.0
proto udp4
dev tun
user nobody
group nobody
persist-key
persist-tun
verb 8
log openvpn.log
ncp-disable
cipher AES-256-GCM
auth SHA256
;tls-cipher TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384
;key-direction 0
;tls-server
port 1194
push "route 192.168.7.0 255.255.255.0"
push "route 192.168.3.0 255.255.255.0"
push "route 192.168.4.0 255.255.255.0"
route 192.168.4.0 255.255.255.0
route 192.168.3.0 255.255.255.0
client-config-dir ccd
client-to-client
keepalive 60 300
max-clients 20
explicit-exit-notify 1
<ca>
...
</ca>
<cert>
...
</cert>
<key>
...
</key>
<dh>
...
</dh>
Fri Apr 10 21:59:19 2020 us=342109 OpenVPN 2.4.7 mips-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Fri Apr 10 21:59:19 2020 us=342367 library versions: OpenSSL 1.1.1f 31 Mar 2020, LZO 2.10
Fri Apr 10 21:59:19 2020 us=351375 Diffie-Hellman initialized with 2048 bit key
Fri Apr 10 21:59:19 2020 us=362902 TLS-Auth MTU parms [ L:1621 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Fri Apr 10 21:59:19 2020 us=368721 TUN/TAP device tun0 opened
Fri Apr 10 21:59:19 2020 us=368967 TUN/TAP TX queue length set to 100
Fri Apr 10 21:59:19 2020 us=369171 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Fri Apr 10 21:59:19 2020 us=369464 /sbin/ifconfig tun0 10.8.0.1 pointopoint 10.8.0.2 mtu 1500
Fri Apr 10 21:59:19 2020 us=386998 /sbin/route add -net 192.168.4.0 netmask 255.255.255.0 gw 10.8.0.2
Fri Apr 10 21:59:19 2020 us=402876 /sbin/route add -net 192.168.3.0 netmask 255.255.255.0 gw 10.8.0.2
Fri Apr 10 21:59:19 2020 us=408816 /sbin/route add -net 10.8.0.0 netmask 255.255.255.0 gw 10.8.0.2
Fri Apr 10 21:59:19 2020 us=425570 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
Fri Apr 10 21:59:19 2020 us=426147 Socket Buffers: R=[163840->163840] S=[163840->163840]
Fri Apr 10 21:59:19 2020 us=426387 UDPv4 link local (bound): [AF_INET][undef]:1194
Fri Apr 10 21:59:19 2020 us=426518 UDPv4 link remote: [AF_UNSPEC]
Fri Apr 10 21:59:19 2020 us=426670 GID set to nobody
Fri Apr 10 21:59:19 2020 us=426842 UID set to nobody
Fri Apr 10 21:59:19 2020 us=427008 MULTI: multi_init called, r=256 v=256
Fri Apr 10 21:59:19 2020 us=427429 IFCONFIG POOL: base=10.8.0.4 size=62, ipv6=0
Fri Apr 10 21:59:19 2020 us=428077 Initialization Sequence Completed
Fri Apr 10 22:02:12 2020 us=424555 MULTI: multi_create_instance called
Fri Apr 10 22:02:12 2020 us=425360 77.xx.xxx.248:26xxx Re-using SSL/TLS context
Fri Apr 10 22:02:12 2020 us=427304 77.xx.xxx.248:26xxx Control Channel MTU parms [ L:1621 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Fri Apr 10 22:02:12 2020 us=427525 77.xx.xxx.248:26xxx Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
Fri Apr 10 22:02:12 2020 us=427755 77.xx.xxx.248:26xxx crypto_adjust_frame_parameters: Adjusting frame parameters for crypto by 48 bytes
Fri Apr 10 22:02:12 2020 us=427869 77.xx.xxx.248:26xxx calc_options_string_link_mtu: link-mtu 1621 -> 1549
Fri Apr 10 22:02:12 2020 us=428240 77.xx.xxx.248:26xxx crypto_adjust_frame_parameters: Adjusting frame parameters for crypto by 48 bytes
Fri Apr 10 22:02:12 2020 us=428361 77.xx.xxx.248:26xxx calc_options_string_link_mtu: link-mtu 1621 -> 1549
Fri Apr 10 22:02:12 2020 us=428630 77.xx.xxx.248:26xxx Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1549,tun-mtu 1500,proto UDPv4,cipher AES-256-GCM,auth [null-digest],keysize 256,key-method 2,tls-server'
Fri Apr 10 22:02:12 2020 us=428754 77.xx.xxx.248:26xxx Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1549,tun-mtu 1500,proto UDPv4,cipher AES-256-GCM,auth [null-digest],keysize 256,key-method 2,tls-client'
Fri Apr 10 22:02:12 2020 us=429161 77.xx.xxx.248:26xxx UDPv4 READ [14] from [AF_INET]77.xx.xxx.248:26xxx: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
Fri Apr 10 22:02:12 2020 us=429415 77.xx.xxx.248:26xxx TLS: Initial packet from [AF_INET]77.xx.xxx.248:26xxx, sid=523dc60a 4ee378d3
Fri Apr 10 22:02:12 2020 us=429827 77.xx.xxx.248:26xxx UDPv4 WRITE [26] to [AF_INET]77.xx.xxx.248:26xxx: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 [ 0 ] pid=0 DATA len=0
Fri Apr 10 22:02:14 2020 us=650305 77.xx.xxx.248:26xxx UDPv4 WRITE [14] to [AF_INET]77.xx.xxx.248:26xxx: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 [ ] pid=0 DATA len=0
Fri Apr 10 22:02:14 2020 us=748655 77.xx.xxx.248:26xxx UDPv4 READ [14] from [AF_INET]77.xx.xxx.248:26xxx: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
Fri Apr 10 22:02:14 2020 us=749167 77.xx.xxx.248:26xxx UDPv4 WRITE [22] to [AF_INET]77.xx.xxx.248:26xxx: P_ACK_V1 kid=0 [ 0 ]
Fri Apr 10 22:02:18 2020 us=228775 77.xx.xxx.248:26xxx UDPv4 READ [14] from [AF_INET]77.xx.xxx.248:26xxx: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
Fri Apr 10 22:02:18 2020 us=229231 77.xx.xxx.248:26xxx UDPv4 WRITE [26] to [AF_INET]77.xx.xxx.248:26xxx: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 [ 0 ] pid=0 DATA len=0
Fri Apr 10 22:02:26 2020 us=81783 77.xx.xxx.248:26xxx UDPv4 READ [14] from [AF_INET]77.xx.xxx.248:26xxx: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
Fri Apr 10 22:02:26 2020 us=82239 77.xx.xxx.248:26xxx UDPv4 WRITE [26] to [AF_INET]77.xx.xxx.248:26xxx: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 [ 0 ] pid=0 DATA len=0
Fri Apr 10 22:02:42 2020 us=580377 77.xx.xxx.248:26xxx UDPv4 WRITE [14] to [AF_INET]77.xx.xxx.248:26xxx: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 [ ] pid=0 DATA len=0
Fri Apr 10 22:02:42 2020 us=631535 77.xx.xxx.248:26xxx UDPv4 READ [14] from [AF_INET]77.xx.xxx.248:26xxx: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
Fri Apr 10 22:02:42 2020 us=632045 77.xx.xxx.248:26xxx UDPv4 WRITE [22] to [AF_INET]77.xx.xxx.248:26xxx: P_ACK_V1 kid=0 [ 0 ]
Fri Apr 10 22:03:12 2020 us=510155 77.xx.xxx.248:26xxx TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Fri Apr 10 22:03:12 2020 us=510353 77.xx.xxx.248:26xxx TLS Error: TLS handshake failed
Fri Apr 10 22:03:12 2020 us=511553 77.xx.xxx.248:26xxx SIGUSR1[soft,tls-error] received, client-instance restarting
Fri Apr 10 22:08:12 2020 us=662648 MULTI: multi_create_instance called |
|
Client config and log using AES-256-GCM cipher:
Quote: | Code: | ;tls-auth /tmp/openvpncl/ta.key
ca /tmp/openvpncl/ca.crt
cert /tmp/openvpncl/client.crt
key /tmp/openvpncl/client.key
client
proto udp4
dev tun
user nobody
group nobody
persist-key
persist-tun
verb 8
log openvpn.log
ncp-disable
cipher AES-256-GCM
auth SHA256
;tls-cipher TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384
;key-direction 1
;tls-client
remote xxxxxx.freeddns.org 27xxx
nobind
remote-cert-tls server
resolv-retry infinite
daemon
float
tun-mtu 1500
;auth-nocache
Fri Apr 10 23:20:54 2020 us=853020 Current Parameter Settings:
Fri Apr 10 23:20:54 2020 us=853384 config = 'openvpn.conf'
Fri Apr 10 23:20:54 2020 us=853471 mode = 0
Fri Apr 10 23:20:54 2020 us=853532 persist_config = DISABLED
Fri Apr 10 23:20:54 2020 us=853593 persist_mode = 1
Fri Apr 10 23:20:54 2020 us=853653 show_ciphers = DISABLED
Fri Apr 10 23:20:54 2020 us=853713 show_digests = DISABLED
Fri Apr 10 23:20:54 2020 us=853773 show_engines = DISABLED
Fri Apr 10 23:20:54 2020 us=853833 genkey = DISABLED
Fri Apr 10 23:20:54 2020 us=853894 key_pass_file = '[UNDEF]'
Fri Apr 10 23:20:54 2020 us=854354 show_tls_ciphers = DISABLED
Fri Apr 10 23:20:54 2020 us=854461 connect_retry_max = 0
Fri Apr 10 23:20:54 2020 us=854524 Connection profiles [0]:
Fri Apr 10 23:20:54 2020 us=854586 proto = udp4
Fri Apr 10 23:20:54 2020 us=854646 local = '[UNDEF]'
Fri Apr 10 23:20:54 2020 us=854707 local_port = '[UNDEF]'
Fri Apr 10 23:20:54 2020 us=854767 remote = 'xxxxxxx.freeddns.org'
Fri Apr 10 23:20:54 2020 us=854828 remote_port = '27xxx'
Fri Apr 10 23:20:54 2020 us=854888 remote_float = ENABLED
Fri Apr 10 23:20:54 2020 us=854947 bind_defined = DISABLED
Fri Apr 10 23:20:54 2020 us=855006 bind_local = DISABLED
Fri Apr 10 23:20:54 2020 us=855066 bind_ipv6_only = DISABLED
Fri Apr 10 23:20:54 2020 us=855125 connect_retry_seconds = 5
Fri Apr 10 23:20:54 2020 us=855185 connect_timeout = 120
Fri Apr 10 23:20:54 2020 us=855246 socks_proxy_server = '[UNDEF]'
Fri Apr 10 23:20:54 2020 us=855308 socks_proxy_port = '[UNDEF]'
Fri Apr 10 23:20:54 2020 us=855367 tun_mtu = 1500
Fri Apr 10 23:20:54 2020 us=855428 tun_mtu_defined = ENABLED
Fri Apr 10 23:20:54 2020 us=855488 link_mtu = 1500
Fri Apr 10 23:20:54 2020 us=855547 link_mtu_defined = DISABLED
Fri Apr 10 23:20:54 2020 us=855607 tun_mtu_extra = 0
Fri Apr 10 23:20:54 2020 us=855666 tun_mtu_extra_defined = DISABLED
Fri Apr 10 23:20:54 2020 us=855728 mtu_discover_type = -1
Fri Apr 10 23:20:54 2020 us=855787 fragment = 0
Fri Apr 10 23:20:54 2020 us=855846 mssfix = 1450
Fri Apr 10 23:20:54 2020 us=855906 explicit_exit_notification = 0
Fri Apr 10 23:20:54 2020 us=855965 Connection profiles END
Fri Apr 10 23:20:54 2020 us=856025 remote_random = DISABLED
Fri Apr 10 23:20:54 2020 us=856084 ipchange = '[UNDEF]'
Fri Apr 10 23:20:54 2020 us=856143 dev = 'tun'
Fri Apr 10 23:20:54 2020 us=856202 dev_type = '[UNDEF]'
Fri Apr 10 23:20:54 2020 us=856262 dev_node = '[UNDEF]'
Fri Apr 10 23:20:54 2020 us=856322 lladdr = '[UNDEF]'
Fri Apr 10 23:20:54 2020 us=856381 topology = 1
Fri Apr 10 23:20:54 2020 us=856440 ifconfig_local = '[UNDEF]'
Fri Apr 10 23:20:54 2020 us=856500 ifconfig_remote_netmask = '[UNDEF]'
Fri Apr 10 23:20:54 2020 us=856560 ifconfig_noexec = DISABLED
Fri Apr 10 23:20:54 2020 us=856619 ifconfig_nowarn = DISABLED
Fri Apr 10 23:20:54 2020 us=856678 ifconfig_ipv6_local = '[UNDEF]'
Fri Apr 10 23:20:54 2020 us=856736 ifconfig_ipv6_netbits = 0
Fri Apr 10 23:20:54 2020 us=856795 ifconfig_ipv6_remote = '[UNDEF]'
Fri Apr 10 23:20:54 2020 us=856853 shaper = 0
Fri Apr 10 23:20:54 2020 us=856912 mtu_test = 0
Fri Apr 10 23:20:54 2020 us=856971 mlock = DISABLED
Fri Apr 10 23:20:54 2020 us=857030 keepalive_ping = 0
Fri Apr 10 23:20:54 2020 us=857145 keepalive_timeout = 0
Fri Apr 10 23:20:54 2020 us=857217 inactivity_timeout = 0
Fri Apr 10 23:20:54 2020 us=857277 ping_send_timeout = 0
Fri Apr 10 23:20:54 2020 us=857337 ping_rec_timeout = 0
Fri Apr 10 23:20:54 2020 us=857398 ping_rec_timeout_action = 0
Fri Apr 10 23:20:54 2020 us=857457 ping_timer_remote = DISABLED
Fri Apr 10 23:20:54 2020 us=857518 remap_sigusr1 = 0
Fri Apr 10 23:20:54 2020 us=857578 persist_tun = ENABLED
Fri Apr 10 23:20:54 2020 us=857638 persist_local_ip = DISABLED
Fri Apr 10 23:20:54 2020 us=857697 persist_remote_ip = DISABLED
Fri Apr 10 23:20:54 2020 us=857757 persist_key = ENABLED
Fri Apr 10 23:20:54 2020 us=857816 passtos = DISABLED
Fri Apr 10 23:20:54 2020 us=857920 resolve_retry_seconds = 1000000000
Fri Apr 10 23:20:54 2020 us=857992 resolve_in_advance = DISABLED
Fri Apr 10 23:20:54 2020 us=858078 username = 'nobody'
Fri Apr 10 23:20:54 2020 us=858140 groupname = 'nobody'
Fri Apr 10 23:20:54 2020 us=858198 chroot_dir = '[UNDEF]'
Fri Apr 10 23:20:54 2020 us=858259 cd_dir = '[UNDEF]'
Fri Apr 10 23:20:54 2020 us=858359 writepid = '[UNDEF]'
Fri Apr 10 23:20:54 2020 us=858420 up_script = '[UNDEF]'
Fri Apr 10 23:20:54 2020 us=858481 down_script = '[UNDEF]'
Fri Apr 10 23:20:54 2020 us=858540 down_pre = DISABLED
Fri Apr 10 23:20:54 2020 us=858599 up_restart = DISABLED
Fri Apr 10 23:20:54 2020 us=858659 up_delay = DISABLED
Fri Apr 10 23:20:54 2020 us=858718 daemon = ENABLED
Fri Apr 10 23:20:54 2020 us=858777 inetd = 0
Fri Apr 10 23:20:54 2020 us=858836 log = ENABLED
Fri Apr 10 23:20:54 2020 us=858895 suppress_timestamps = DISABLED
Fri Apr 10 23:20:54 2020 us=858955 machine_readable_output = DISABLED
Fri Apr 10 23:20:54 2020 us=859015 nice = 0
Fri Apr 10 23:20:54 2020 us=859074 verbosity = 8
Fri Apr 10 23:20:54 2020 us=859134 mute = 0
Fri Apr 10 23:20:54 2020 us=859193 status_file = '[UNDEF]'
Fri Apr 10 23:20:54 2020 us=859252 status_file_version = 1
Fri Apr 10 23:20:54 2020 us=859312 status_file_update_freq = 60
Fri Apr 10 23:20:54 2020 us=859372 occ = ENABLED
Fri Apr 10 23:20:54 2020 us=859431 rcvbuf = 0
Fri Apr 10 23:20:54 2020 us=859489 sndbuf = 0
Fri Apr 10 23:20:54 2020 us=859548 mark = 0
Fri Apr 10 23:20:54 2020 us=859607 sockflags = 0
Fri Apr 10 23:20:54 2020 us=859665 fast_io = DISABLED
Fri Apr 10 23:20:54 2020 us=859724 comp.alg = 0
Fri Apr 10 23:20:54 2020 us=859783 comp.flags = 0
Fri Apr 10 23:20:54 2020 us=859844 route_script = '[UNDEF]'
Fri Apr 10 23:20:54 2020 us=859906 route_default_gateway = '[UNDEF]'
Fri Apr 10 23:20:54 2020 us=859967 route_default_metric = 0
Fri Apr 10 23:20:54 2020 us=860027 route_noexec = DISABLED
Fri Apr 10 23:20:54 2020 us=860087 route_delay = 0
Fri Apr 10 23:20:54 2020 us=860149 route_delay_window = 30
Fri Apr 10 23:20:54 2020 us=860210 route_delay_defined = DISABLED
Fri Apr 10 23:20:54 2020 us=860272 route_nopull = DISABLED
Fri Apr 10 23:20:54 2020 us=860334 route_gateway_via_dhcp = DISABLED
Fri Apr 10 23:20:54 2020 us=860396 allow_pull_fqdn = DISABLED
Fri Apr 10 23:20:54 2020 us=860458 management_addr = '[UNDEF]'
Fri Apr 10 23:20:54 2020 us=860519 management_port = '[UNDEF]'
Fri Apr 10 23:20:54 2020 us=860581 management_user_pass = '[UNDEF]'
Fri Apr 10 23:20:54 2020 us=860643 management_log_history_cache = 250
Fri Apr 10 23:20:54 2020 us=860705 management_echo_buffer_size = 100
Fri Apr 10 23:20:54 2020 us=860768 management_write_peer_info_file = '[UNDEF]'
Fri Apr 10 23:20:54 2020 us=860829 management_client_user = '[UNDEF]'
Fri Apr 10 23:20:54 2020 us=860890 management_client_group = '[UNDEF]'
Fri Apr 10 23:20:54 2020 us=860952 management_flags = 0
Fri Apr 10 23:20:54 2020 us=861013 shared_secret_file = '[UNDEF]'
Fri Apr 10 23:20:54 2020 us=861076 key_direction = not set
Fri Apr 10 23:20:54 2020 us=861136 ciphername = 'AES-256-GCM'
Fri Apr 10 23:20:54 2020 us=861196 ncp_enabled = DISABLED
Fri Apr 10 23:20:54 2020 us=861257 ncp_ciphers = 'AES-256-GCM:AES-128-GCM'
Fri Apr 10 23:20:54 2020 us=861319 authname = 'SHA256'
Fri Apr 10 23:20:54 2020 us=861380 prng_hash = 'SHA1'
Fri Apr 10 23:20:54 2020 us=861442 prng_nonce_secret_len = 16
Fri Apr 10 23:20:54 2020 us=861503 keysize = 0
Fri Apr 10 23:20:54 2020 us=861564 engine = DISABLED
Fri Apr 10 23:20:54 2020 us=861623 replay = ENABLED
Fri Apr 10 23:20:54 2020 us=861683 mute_replay_warnings = DISABLED
Fri Apr 10 23:20:54 2020 us=861744 replay_window = 64
Fri Apr 10 23:20:54 2020 us=861805 replay_time = 15
Fri Apr 10 23:20:54 2020 us=861865 packet_id_file = '[UNDEF]'
Fri Apr 10 23:20:54 2020 us=861925 use_iv = ENABLED
Fri Apr 10 23:20:54 2020 us=862007 test_crypto = DISABLED
Fri Apr 10 23:20:54 2020 us=862069 tls_server = DISABLED
Fri Apr 10 23:20:54 2020 us=862130 tls_client = ENABLED
Fri Apr 10 23:20:54 2020 us=862190 key_method = 2
Fri Apr 10 23:20:54 2020 us=862278 ca_file = '/tmp/openvpncl/ca.crt'
Fri Apr 10 23:20:54 2020 us=862342 ca_path = '[UNDEF]'
Fri Apr 10 23:20:54 2020 us=862402 dh_file = '[UNDEF]'
Fri Apr 10 23:20:54 2020 us=862463 cert_file = '/tmp/openvpncl/client.crt'
Fri Apr 10 23:20:54 2020 us=862525 extra_certs_file = '[UNDEF]'
Fri Apr 10 23:20:54 2020 us=862585 priv_key_file = '/tmp/openvpncl/client.key'
Fri Apr 10 23:20:54 2020 us=862646 pkcs12_file = '[UNDEF]'
Fri Apr 10 23:20:54 2020 us=862705 cipher_list = '[UNDEF]'
Fri Apr 10 23:20:54 2020 us=862765 cipher_list_tls13 = '[UNDEF]'
Fri Apr 10 23:20:54 2020 us=862825 tls_cert_profile = '[UNDEF]'
Fri Apr 10 23:20:54 2020 us=862886 tls_verify = '[UNDEF]'
Fri Apr 10 23:20:54 2020 us=862947 tls_export_cert = '[UNDEF]'
Fri Apr 10 23:20:54 2020 us=863007 verify_x509_type = 0
Fri Apr 10 23:20:54 2020 us=863068 verify_x509_name = '[UNDEF]'
Fri Apr 10 23:20:54 2020 us=863128 crl_file = '[UNDEF]'
Fri Apr 10 23:20:54 2020 us=863189 ns_cert_type = 0
Fri Apr 10 23:20:54 2020 us=863249 remote_cert_ku[i] = 65535
Fri Apr 10 23:20:54 2020 us=863309 remote_cert_ku[i] = 0
Fri Apr 10 23:20:54 2020 us=863370 remote_cert_ku[i] = 0
Fri Apr 10 23:20:54 2020 us=863430 remote_cert_ku[i] = 0
Fri Apr 10 23:20:54 2020 us=863490 remote_cert_ku[i] = 0
Fri Apr 10 23:20:54 2020 us=863550 remote_cert_ku[i] = 0
Fri Apr 10 23:20:54 2020 us=863610 remote_cert_ku[i] = 0
Fri Apr 10 23:20:54 2020 us=863670 remote_cert_ku[i] = 0
Fri Apr 10 23:20:54 2020 us=863730 remote_cert_ku[i] = 0
Fri Apr 10 23:20:54 2020 us=863789 remote_cert_ku[i] = 0
Fri Apr 10 23:20:54 2020 us=863876 remote_cert_ku[i] = 0
Fri Apr 10 23:20:54 2020 us=863945 remote_cert_ku[i] = 0
Fri Apr 10 23:20:54 2020 us=864006 remote_cert_ku[i] = 0
Fri Apr 10 23:20:54 2020 us=864066 remote_cert_ku[i] = 0
Fri Apr 10 23:20:54 2020 us=864148 remote_cert_ku[i] = 0
Fri Apr 10 23:20:54 2020 us=864210 remote_cert_ku[i] = 0
Fri Apr 10 23:20:54 2020 us=864271 remote_cert_eku = 'TLS Web Server Authentication'
Fri Apr 10 23:20:54 2020 us=864331 ssl_flags = 0
Fri Apr 10 23:20:54 2020 us=864390 tls_timeout = 2
Fri Apr 10 23:20:54 2020 us=864449 renegotiate_bytes = -1
Fri Apr 10 23:20:54 2020 us=864509 renegotiate_packets = 0
Fri Apr 10 23:20:54 2020 us=864569 renegotiate_seconds = 3600
Fri Apr 10 23:20:54 2020 us=864629 handshake_window = 60
Fri Apr 10 23:20:54 2020 us=864689 transition_window = 3600
Fri Apr 10 23:20:54 2020 us=864749 single_session = DISABLED
Fri Apr 10 23:20:54 2020 us=864809 push_peer_info = DISABLED
Fri Apr 10 23:20:54 2020 us=864868 tls_exit = DISABLED
Fri Apr 10 23:20:54 2020 us=864928 tls_auth_file = '[UNDEF]'
Fri Apr 10 23:20:54 2020 us=864988 tls_crypt_file = '[UNDEF]'
Fri Apr 10 23:20:54 2020 us=865060 server_network = 0.0.0.0
Fri Apr 10 23:20:54 2020 us=865132 server_netmask = 0.0.0.0
Fri Apr 10 23:20:54 2020 us=865215 server_network_ipv6 = ::
Fri Apr 10 23:20:54 2020 us=865279 server_netbits_ipv6 = 0
Fri Apr 10 23:20:54 2020 us=865351 server_bridge_ip = 0.0.0.0
Fri Apr 10 23:20:54 2020 us=865424 server_bridge_netmask = 0.0.0.0
Fri Apr 10 23:20:54 2020 us=865497 server_bridge_pool_start = 0.0.0.0
Fri Apr 10 23:20:54 2020 us=865570 server_bridge_pool_end = 0.0.0.0
Fri Apr 10 23:20:54 2020 us=865633 ifconfig_pool_defined = DISABLED
Fri Apr 10 23:20:54 2020 us=865706 ifconfig_pool_start = 0.0.0.0
Fri Apr 10 23:20:54 2020 us=865780 ifconfig_pool_end = 0.0.0.0
Fri Apr 10 23:20:54 2020 us=865854 ifconfig_pool_netmask = 0.0.0.0
Fri Apr 10 23:20:54 2020 us=865917 ifconfig_pool_persist_filename = '[UNDEF]'
Fri Apr 10 23:20:54 2020 us=865980 ifconfig_pool_persist_refresh_freq = 600
Fri Apr 10 23:20:54 2020 us=866041 ifconfig_ipv6_pool_defined = DISABLED
Fri Apr 10 23:20:54 2020 us=866121 ifconfig_ipv6_pool_base = ::
Fri Apr 10 23:20:54 2020 us=866185 ifconfig_ipv6_pool_netbits = 0
Fri Apr 10 23:20:54 2020 us=866246 n_bcast_buf = 256
Fri Apr 10 23:20:54 2020 us=866309 tcp_queue_limit = 64
Fri Apr 10 23:20:54 2020 us=866371 real_hash_size = 256
Fri Apr 10 23:20:54 2020 us=866462 virtual_hash_size = 256
Fri Apr 10 23:20:54 2020 us=866527 client_connect_script = '[UNDEF]'
Fri Apr 10 23:20:54 2020 us=866590 learn_address_script = '[UNDEF]'
Fri Apr 10 23:20:54 2020 us=866654 client_disconnect_script = '[UNDEF]'
Fri Apr 10 23:20:54 2020 us=866717 client_config_dir = '[UNDEF]'
Fri Apr 10 23:20:54 2020 us=866780 ccd_exclusive = DISABLED
Fri Apr 10 23:20:54 2020 us=866843 tmp_dir = '/tmp'
Fri Apr 10 23:20:54 2020 us=866905 push_ifconfig_defined = DISABLED
Fri Apr 10 23:20:54 2020 us=866978 push_ifconfig_local = 0.0.0.0
Fri Apr 10 23:20:54 2020 us=867051 push_ifconfig_remote_netmask = 0.0.0.0
Fri Apr 10 23:20:54 2020 us=867160 push_ifconfig_ipv6_defined = DISABLED
Fri Apr 10 23:20:54 2020 us=867246 push_ifconfig_ipv6_local = ::/0
Fri Apr 10 23:20:54 2020 us=867325 push_ifconfig_ipv6_remote = ::
Fri Apr 10 23:20:54 2020 us=867388 enable_c2c = DISABLED
Fri Apr 10 23:20:54 2020 us=867449 duplicate_cn = DISABLED
Fri Apr 10 23:20:54 2020 us=867510 cf_max = 0
Fri Apr 10 23:20:54 2020 us=867570 cf_per = 0
Fri Apr 10 23:20:54 2020 us=867629 max_clients = 1024
Fri Apr 10 23:20:54 2020 us=867690 max_routes_per_client = 256
Fri Apr 10 23:20:54 2020 us=867751 auth_user_pass_verify_script = '[UNDEF]'
Fri Apr 10 23:20:54 2020 us=867811 auth_user_pass_verify_script_via_file = DISABLED
Fri Apr 10 23:20:54 2020 us=867873 auth_token_generate = DISABLED
Fri Apr 10 23:20:54 2020 us=867932 auth_token_lifetime = 0
Fri Apr 10 23:20:54 2020 us=867992 port_share_host = '[UNDEF]'
Fri Apr 10 23:20:54 2020 us=868053 port_share_port = '[UNDEF]'
Fri Apr 10 23:20:54 2020 us=868112 client = ENABLED
Fri Apr 10 23:20:54 2020 us=868171 pull = ENABLED
Fri Apr 10 23:20:54 2020 us=868232 auth_user_pass_file = '[UNDEF]'
Fri Apr 10 23:20:54 2020 us=868299 OpenVPN 2.4.7 mips-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Dec 3 2019
Fri Apr 10 23:20:54 2020 us=868367 library versions: OpenSSL 1.1.1d 10 Sep 2019, LZO 2.09
Fri Apr 10 23:20:54 2020 us=880945 Control Channel MTU parms [ L:1621 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Fri Apr 10 23:20:54 2020 us=882005 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
Fri Apr 10 23:20:54 2020 us=882180 crypto_adjust_frame_parameters: Adjusting frame parameters for crypto by 48 bytes
Fri Apr 10 23:20:54 2020 us=882245 calc_options_string_link_mtu: link-mtu 1621 -> 1549
Fri Apr 10 23:20:54 2020 us=882410 crypto_adjust_frame_parameters: Adjusting frame parameters for crypto by 48 bytes
Fri Apr 10 23:20:54 2020 us=882472 calc_options_string_link_mtu: link-mtu 1621 -> 1549
Fri Apr 10 23:20:54 2020 us=882589 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1549,tun-mtu 1500,proto UDPv4,cipher AES-256-GCM,auth [null-digest],keysize 256,key-method 2,tls-client'
Fri Apr 10 23:20:54 2020 us=882655 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1549,tun-mtu 1500,proto UDPv4,cipher AES-256-GCM,auth [null-digest],keysize 256,key-method 2,tls-server'
Fri Apr 10 23:20:54 2020 us=882899 TCP/UDP: Preserving recently used remote address: [AF_INET]85.xxx.xxx.114:27xxx
Fri Apr 10 23:20:54 2020 us=883010 Socket Buffers: R=[172032->172032] S=[172032->172032]
Fri Apr 10 23:20:54 2020 us=883077 UDPv4 link local: (not bound)
Fri Apr 10 23:20:54 2020 us=883158 UDPv4 link remote: [AF_INET]85.xxx.xxx.114:27xxx
Fri Apr 10 23:20:54 2020 us=883218 NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
Fri Apr 10 23:20:54 2020 us=883457 UDPv4 WRITE [14] to [AF_INET]85.xxx.xxx.114:27xxx: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
Fri Apr 10 23:20:57 2020 us=65445 UDPv4 WRITE [14] to [AF_INET]85.xxx.xx.114:27xxx: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
Fri Apr 10 23:21:01 2020 us=422589 UDPv4 WRITE [14] to [AF_INET]85.xx.xx.114:27xxx: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
Fri Apr 10 23:21:09 2020 us=299436 UDPv4 WRITE [14] to [AF_INET]85.xx.xx.114:27xxx: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
Fri Apr 10 23:21:25 2020 us=845003 UDPv4 WRITE [14] to [AF_INET]85.xx.xx.114:27xxx: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
Fri Apr 10 23:21:54 2020 us=27168 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Fri Apr 10 23:21:54 2020 us=27272 TLS Error: TLS handshake failed
Fri Apr 10 23:21:54 2020 us=28175 TCP/UDP: Closing socket
Fri Apr 10 23:21:54 2020 us=28336 SIGUSR1[soft,tls-error] received, process restarting
Fri Apr 10 23:21:54 2020 us=28447 Restart pause, 5 second(s)
Fri Apr 10 23:21:59 2020 us=28624 Re-using SSL/TLS context
Fri Apr 10 23:21:59 2020 us=29360 Control Channel MTU parms [ L:1621 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Fri Apr 10 23:21:59 2020 us=30496 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ] |
|
I don't think there is any firewall rule hindering access because the server clearly sees that a client is trying to connect and it knows exactly from which IP. I have configured the firewall using iptables and I am using the same port now. I hope someone of you can help me. Thanks!
Last edited by sasholal on Mon Apr 13, 2020 12:41; edited 1 time in total |
|