I've spend 4-5 days for adjusting OpenVPN as a server on CentOS 7 and don't understand why it doesn't work.
I tried about 20 manuals and how-to and got different errors one by one.
I have choosen this how-to, actually it is in Russian but you can see the sequence of the commands:
https://www.dmosk.ru/miniinstruktions.p ... n-easyrsa3
What did I do?
I tried different manuals and how-to, starting from official, but it didn't consist all the information and differs to my version of the openssl and openvpn (strange, as I figure out official how-to is obsolete and that commands didn't work in my case).
Today, I get temprorary working server and one client, and tried to generate another one key, but easy-rsa said that pass for CA certificate is bad and I coudn't generate new one (tried to find solution several hours) and decided to generate all the keys and certificates anew, but I left configurations of the server and client untouched.
But, now after generating new keys and certificates client (Windows 10, OpenVPN, I tried usual user and admin->the same) can't to connect to the server, it just hangs on
Code: Select all
MANAGEMENT: >STATE:1595972333,TCP_CONNECT
Code: Select all
TCP: connect to [AF_INET]213.159.209.98:1094 failed: Unknown error
Code: Select all
Code: Select all
#cat /etc/redhat-release
CentOS Linux release 7.8.2003 (Core)
Code: Select all
#openvpn --version
OpenVPN 2.4.9 x86_64-redhat-linux-gnu [Fedora EPEL patched] [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 24 2020
library versions: OpenSSL 1.0.2k-fips 26 Jan 2017, LZO 2.06
Originally developed by James Yonan
Code: Select all
Wed Jul 29 00:34:42 2020 pkcs11_protected_authentication = DISABLED
Wed Jul 29 00:34:42 2020 pkcs11_private_mode = 00000000
Wed Jul 29 00:34:42 2020 pkcs11_private_mode = 00000000
Wed Jul 29 00:34:42 2020 pkcs11_private_mode = 00000000
Wed Jul 29 00:34:42 2020 pkcs11_private_mode = 00000000
Wed Jul 29 00:34:42 2020 pkcs11_private_mode = 00000000
Wed Jul 29 00:34:42 2020 pkcs11_private_mode = 00000000
Wed Jul 29 00:34:42 2020 pkcs11_private_mode = 00000000
Wed Jul 29 00:34:42 2020 pkcs11_private_mode = 00000000
Wed Jul 29 00:34:42 2020 pkcs11_private_mode = 00000000
Wed Jul 29 00:34:42 2020 pkcs11_private_mode = 00000000
Wed Jul 29 00:34:42 2020 pkcs11_private_mode = 00000000
Wed Jul 29 00:34:42 2020 pkcs11_private_mode = 00000000
Wed Jul 29 00:34:42 2020 pkcs11_private_mode = 00000000
Wed Jul 29 00:34:42 2020 pkcs11_private_mode = 00000000
Wed Jul 29 00:34:42 2020 pkcs11_private_mode = 00000000
Wed Jul 29 00:34:42 2020 pkcs11_private_mode = 00000000
Wed Jul 29 00:34:42 2020 pkcs11_cert_private = DISABLED
Wed Jul 29 00:34:42 2020 pkcs11_cert_private = DISABLED
Wed Jul 29 00:34:42 2020 pkcs11_cert_private = DISABLED
Wed Jul 29 00:34:42 2020 pkcs11_cert_private = DISABLED
Wed Jul 29 00:34:42 2020 pkcs11_cert_private = DISABLED
Wed Jul 29 00:34:42 2020 pkcs11_cert_private = DISABLED
Wed Jul 29 00:34:42 2020 pkcs11_cert_private = DISABLED
Wed Jul 29 00:34:42 2020 pkcs11_cert_private = DISABLED
Wed Jul 29 00:34:42 2020 pkcs11_cert_private = DISABLED
Wed Jul 29 00:34:42 2020 pkcs11_cert_private = DISABLED
Wed Jul 29 00:34:42 2020 pkcs11_cert_private = DISABLED
Wed Jul 29 00:34:42 2020 pkcs11_cert_private = DISABLED
Wed Jul 29 00:34:42 2020 pkcs11_cert_private = DISABLED
Wed Jul 29 00:34:42 2020 pkcs11_cert_private = DISABLED
Wed Jul 29 00:34:42 2020 pkcs11_cert_private = DISABLED
Wed Jul 29 00:34:42 2020 pkcs11_cert_private = DISABLED
Wed Jul 29 00:34:42 2020 pkcs11_pin_cache_period = -1
Wed Jul 29 00:34:42 2020 pkcs11_id = '[UNDEF]'
Wed Jul 29 00:34:42 2020 pkcs11_id_management = DISABLED
Wed Jul 29 00:34:42 2020 server_network = 0.0.0.0
Wed Jul 29 00:34:42 2020 server_netmask = 0.0.0.0
Wed Jul 29 00:34:42 2020 server_network_ipv6 = ::
Wed Jul 29 00:34:42 2020 server_netbits_ipv6 = 0
Wed Jul 29 00:34:42 2020 server_bridge_ip = 0.0.0.0
Wed Jul 29 00:34:42 2020 server_bridge_netmask = 0.0.0.0
Wed Jul 29 00:34:42 2020 server_bridge_pool_start = 0.0.0.0
Wed Jul 29 00:34:42 2020 server_bridge_pool_end = 0.0.0.0
Wed Jul 29 00:34:42 2020 ifconfig_pool_defined = DISABLED
Wed Jul 29 00:34:42 2020 ifconfig_pool_start = 0.0.0.0
Wed Jul 29 00:34:42 2020 ifconfig_pool_end = 0.0.0.0
Wed Jul 29 00:34:42 2020 ifconfig_pool_netmask = 0.0.0.0
Wed Jul 29 00:34:42 2020 ifconfig_pool_persist_filename = '[UNDEF]'
Wed Jul 29 00:34:42 2020 ifconfig_pool_persist_refresh_freq = 600
Wed Jul 29 00:34:42 2020 ifconfig_ipv6_pool_defined = DISABLED
Wed Jul 29 00:34:42 2020 ifconfig_ipv6_pool_base = ::
Wed Jul 29 00:34:42 2020 ifconfig_ipv6_pool_netbits = 0
Wed Jul 29 00:34:42 2020 n_bcast_buf = 256
Wed Jul 29 00:34:42 2020 tcp_queue_limit = 64
Wed Jul 29 00:34:42 2020 real_hash_size = 256
Wed Jul 29 00:34:42 2020 virtual_hash_size = 256
Wed Jul 29 00:34:42 2020 client_connect_script = '[UNDEF]'
Wed Jul 29 00:34:42 2020 learn_address_script = '[UNDEF]'
Wed Jul 29 00:34:42 2020 client_disconnect_script = '[UNDEF]'
Wed Jul 29 00:34:42 2020 client_config_dir = '[UNDEF]'
Wed Jul 29 00:34:42 2020 ccd_exclusive = DISABLED
Wed Jul 29 00:34:42 2020 tmp_dir = 'C:\Users\Victor\AppData\Local\Temp\'
Wed Jul 29 00:34:42 2020 push_ifconfig_defined = DISABLED
Wed Jul 29 00:34:42 2020 push_ifconfig_local = 0.0.0.0
Wed Jul 29 00:34:42 2020 push_ifconfig_remote_netmask = 0.0.0.0
Wed Jul 29 00:34:42 2020 push_ifconfig_ipv6_defined = DISABLED
Wed Jul 29 00:34:42 2020 push_ifconfig_ipv6_local = ::/0
Wed Jul 29 00:34:42 2020 push_ifconfig_ipv6_remote = ::
Wed Jul 29 00:34:42 2020 enable_c2c = DISABLED
Wed Jul 29 00:34:42 2020 duplicate_cn = DISABLED
Wed Jul 29 00:34:42 2020 cf_max = 0
Wed Jul 29 00:34:42 2020 cf_per = 0
Wed Jul 29 00:34:42 2020 max_clients = 1024
Wed Jul 29 00:34:42 2020 max_routes_per_client = 256
Wed Jul 29 00:34:42 2020 auth_user_pass_verify_script = '[UNDEF]'
Wed Jul 29 00:34:42 2020 auth_user_pass_verify_script_via_file = DISABLED
Wed Jul 29 00:34:42 2020 auth_token_generate = DISABLED
Wed Jul 29 00:34:42 2020 auth_token_lifetime = 0
Wed Jul 29 00:34:42 2020 client = ENABLED
Wed Jul 29 00:34:42 2020 pull = ENABLED
Wed Jul 29 00:34:42 2020 auth_user_pass_file = '[UNDEF]'
Wed Jul 29 00:34:42 2020 show_net_up = DISABLED
Wed Jul 29 00:34:42 2020 route_method = 3
Wed Jul 29 00:34:42 2020 block_outside_dns = DISABLED
Wed Jul 29 00:34:42 2020 ip_win32_defined = DISABLED
Wed Jul 29 00:34:42 2020 ip_win32_type = 3
Wed Jul 29 00:34:42 2020 dhcp_masq_offset = 0
Wed Jul 29 00:34:42 2020 dhcp_lease_time = 31536000
Wed Jul 29 00:34:42 2020 tap_sleep = 0
Wed Jul 29 00:34:42 2020 dhcp_options = DISABLED
Wed Jul 29 00:34:42 2020 dhcp_renew = DISABLED
Wed Jul 29 00:34:42 2020 dhcp_pre_release = DISABLED
Wed Jul 29 00:34:42 2020 domain = '[UNDEF]'
Wed Jul 29 00:34:42 2020 netbios_scope = '[UNDEF]'
Wed Jul 29 00:34:42 2020 netbios_node_type = 0
Wed Jul 29 00:34:42 2020 disable_nbt = DISABLED
Wed Jul 29 00:34:42 2020 OpenVPN 2.4.9 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Apr 16 2020
Wed Jul 29 00:34:42 2020 Windows version 6.2 (Windows 8 or greater) 64bit
Wed Jul 29 00:34:42 2020 library versions: OpenSSL 1.1.1f 31 Mar 2020, LZO 2.10
Wed Jul 29 00:34:42 2020 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Wed Jul 29 00:34:42 2020 Need hold release from management interface, waiting...
Wed Jul 29 00:34:42 2020 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Wed Jul 29 00:34:43 2020 MANAGEMENT: CMD 'state on'
Wed Jul 29 00:34:43 2020 MANAGEMENT: CMD 'log all on'
Wed Jul 29 00:34:43 2020 MANAGEMENT: CMD 'echo all on'
Wed Jul 29 00:34:43 2020 MANAGEMENT: CMD 'bytecount 5'
Wed Jul 29 00:34:43 2020 MANAGEMENT: CMD 'hold off'
Wed Jul 29 00:34:43 2020 MANAGEMENT: CMD 'hold release'
Wed Jul 29 00:34:43 2020 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Wed Jul 29 00:34:43 2020 Control Channel MTU parms [ L:1623 D:1210 EF:40 EB:0 ET:0 EL:3 ]
Wed Jul 29 00:34:43 2020 Data Channel MTU parms [ L:1623 D:1450 EF:123 EB:406 ET:0 EL:3 ]
Wed Jul 29 00:34:43 2020 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_CLIENT,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Wed Jul 29 00:34:43 2020 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_SERVER,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Wed Jul 29 00:34:43 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]213.159.209.98:1094
Wed Jul 29 00:34:43 2020 Socket Buffers: R=[65536->65536] S=[65536->65536]
Wed Jul 29 00:34:43 2020 Attempting to establish TCP connection with [AF_INET]213.159.209.98:1094 [nonblock]
Wed Jul 29 00:34:43 2020 MANAGEMENT: >STATE:1595972083,TCP_CONNECT,,,,,,
Wed Jul 29 00:36:43 2020 TCP: connect to [AF_INET]213.159.209.98:1094 failed: Unknown error
Wed Jul 29 00:36:43 2020 SIGUSR1[connection failed(soft),init_instance] received, process restarting
Wed Jul 29 00:36:43 2020 MANAGEMENT: >STATE:1595972203,RECONNECTING,init_instance,,,,,
Wed Jul 29 00:36:43 2020 Restart pause, 5 second(s)
Wed Jul 29 00:36:48 2020 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Wed Jul 29 00:36:48 2020 Re-using SSL/TLS context
Wed Jul 29 00:36:48 2020 Control Channel MTU parms [ L:1623 D:1210 EF:40 EB:0 ET:0 EL:3 ]
Wed Jul 29 00:36:48 2020 Data Channel MTU parms [ L:1623 D:1450 EF:123 EB:406 ET:0 EL:3 ]
Wed Jul 29 00:36:48 2020 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_CLIENT,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Wed Jul 29 00:36:48 2020 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_SERVER,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Wed Jul 29 00:36:48 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]213.159.209.98:1094
Wed Jul 29 00:36:48 2020 Socket Buffers: R=[65536->65536] S=[65536->65536]
Wed Jul 29 00:36:48 2020 Attempting to establish TCP connection with [AF_INET]213.159.209.98:1094 [nonblock]
Wed Jul 29 00:36:48 2020 MANAGEMENT: >STATE:1595972208,TCP_CONNECT,,,,,,
Wed Jul 29 00:38:48 2020 TCP: connect to [AF_INET]213.159.209.98:1094 failed: Unknown error
Wed Jul 29 00:38:48 2020 SIGUSR1[connection failed(soft),init_instance] received, process restarting
Wed Jul 29 00:38:48 2020 MANAGEMENT: >STATE:1595972328,RECONNECTING,init_instance,,,,,
Wed Jul 29 00:38:48 2020 Restart pause, 5 second(s)
Wed Jul 29 00:38:53 2020 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Wed Jul 29 00:38:53 2020 Re-using SSL/TLS context
Wed Jul 29 00:38:53 2020 Control Channel MTU parms [ L:1623 D:1210 EF:40 EB:0 ET:0 EL:3 ]
Wed Jul 29 00:38:53 2020 Data Channel MTU parms [ L:1623 D:1450 EF:123 EB:406 ET:0 EL:3 ]
Wed Jul 29 00:38:53 2020 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_CLIENT,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Wed Jul 29 00:38:53 2020 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_SERVER,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Wed Jul 29 00:38:53 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]213.159.209.98:1094
Wed Jul 29 00:38:53 2020 Socket Buffers: R=[65536->65536] S=[65536->65536]
Wed Jul 29 00:38:53 2020 Attempting to establish TCP connection with [AF_INET]213.159.209.98:1094 [nonblock]
Wed Jul 29 00:38:53 2020 MANAGEMENT: >STATE:1595972333,TCP_CONNECT,,,,,,
Wed Jul 29 00:40:53 2020 TCP: connect to [AF_INET]213.159.209.98:1094 failed: Unknown error
Wed Jul 29 00:40:53 2020 SIGUSR1[connection failed(soft),init_instance] received, process restarting
Wed Jul 29 00:40:53 2020 MANAGEMENT: >STATE:1595972453,RECONNECTING,init_instance,,,,,
Wed Jul 29 00:40:53 2020 Restart pause, 5 second(s)
Wed Jul 29 00:40:58 2020 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Wed Jul 29 00:40:58 2020 Re-using SSL/TLS context
Wed Jul 29 00:40:58 2020 Control Channel MTU parms [ L:1623 D:1210 EF:40 EB:0 ET:0 EL:3 ]
Wed Jul 29 00:40:58 2020 Data Channel MTU parms [ L:1623 D:1450 EF:123 EB:406 ET:0 EL:3 ]
Wed Jul 29 00:40:58 2020 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_CLIENT,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Wed Jul 29 00:40:58 2020 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_SERVER,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Wed Jul 29 00:40:58 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]213.159.209.98:1094
Wed Jul 29 00:40:58 2020 Socket Buffers: R=[65536->65536] S=[65536->65536]
Wed Jul 29 00:40:58 2020 Attempting to establish TCP connection with [AF_INET]213.159.209.98:1094 [nonblock]
Wed Jul 29 00:40:58 2020 MANAGEMENT: >STATE:1595972458,TCP_CONNECT,,,,,,
Wed Jul 29 00:42:58 2020 TCP: connect to [AF_INET]213.159.209.98:1094 failed: Unknown error
Wed Jul 29 00:42:58 2020 SIGUSR1[connection failed(soft),init_instance] received, process restarting
Wed Jul 29 00:42:58 2020 MANAGEMENT: >STATE:1595972578,RECONNECTING,init_instance,,,,,
Wed Jul 29 00:42:58 2020 Restart pause, 5 second(s)
Wed Jul 29 00:43:03 2020 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Wed Jul 29 00:43:03 2020 Re-using SSL/TLS context
Wed Jul 29 00:43:03 2020 Control Channel MTU parms [ L:1623 D:1210 EF:40 EB:0 ET:0 EL:3 ]
Wed Jul 29 00:43:03 2020 Data Channel MTU parms [ L:1623 D:1450 EF:123 EB:406 ET:0 EL:3 ]
Wed Jul 29 00:43:03 2020 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_CLIENT,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Wed Jul 29 00:43:03 2020 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_SERVER,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Wed Jul 29 00:43:03 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]213.159.209.98:1094
Wed Jul 29 00:43:03 2020 Socket Buffers: R=[65536->65536] S=[65536->65536]
Wed Jul 29 00:43:03 2020 Attempting to establish TCP connection with [AF_INET]213.159.209.98:1094 [nonblock]
Wed Jul 29 00:43:03 2020 MANAGEMENT: >STATE:1595972583,TCP_CONNECT,,,,,,
Wed Jul 29 00:45:03 2020 TCP: connect to [AF_INET]213.159.209.98:1094 failed: Unknown error
Wed Jul 29 00:45:03 2020 SIGUSR1[connection failed(soft),init_instance] received, process restarting
Wed Jul 29 00:45:03 2020 MANAGEMENT: >STATE:1595972703,RECONNECTING,init_instance,,,,,
Wed Jul 29 00:45:03 2020 Restart pause, 10 second(s)
Wed Jul 29 00:45:13 2020 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Wed Jul 29 00:45:13 2020 Re-using SSL/TLS context
Wed Jul 29 00:45:13 2020 Control Channel MTU parms [ L:1623 D:1210 EF:40 EB:0 ET:0 EL:3 ]
Wed Jul 29 00:45:13 2020 Data Channel MTU parms [ L:1623 D:1450 EF:123 EB:406 ET:0 EL:3 ]
Wed Jul 29 00:45:13 2020 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_CLIENT,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Wed Jul 29 00:45:13 2020 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_SERVER,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Wed Jul 29 00:45:13 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]213.159.209.98:1094
Wed Jul 29 00:45:13 2020 Socket Buffers: R=[65536->65536] S=[65536->65536]
Wed Jul 29 00:45:13 2020 Attempting to establish TCP connection with [AF_INET]213.159.209.98:1094 [nonblock]
Wed Jul 29 00:45:13 2020 MANAGEMENT: >STATE:1595972713,TCP_CONNECT,,,,,,
Wed Jul 29 00:47:13 2020 TCP: connect to [AF_INET]213.159.209.98:1094 failed: Unknown error
Wed Jul 29 00:47:13 2020 SIGUSR1[connection failed(soft),init_instance] received, process restarting
Wed Jul 29 00:47:13 2020 MANAGEMENT: >STATE:1595972833,RECONNECTING,init_instance,,,,,
Wed Jul 29 00:47:13 2020 Restart pause, 20 second(s)
Wed Jul 29 00:47:33 2020 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Wed Jul 29 00:47:33 2020 Re-using SSL/TLS context
Wed Jul 29 00:47:33 2020 Control Channel MTU parms [ L:1623 D:1210 EF:40 EB:0 ET:0 EL:3 ]
Wed Jul 29 00:47:33 2020 Data Channel MTU parms [ L:1623 D:1450 EF:123 EB:406 ET:0 EL:3 ]
Wed Jul 29 00:47:33 2020 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_CLIENT,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Wed Jul 29 00:47:33 2020 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_SERVER,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Wed Jul 29 00:47:33 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]213.159.209.98:1094
Wed Jul 29 00:47:33 2020 Socket Buffers: R=[65536->65536] S=[65536->65536]
Wed Jul 29 00:47:33 2020 Attempting to establish TCP connection with [AF_INET]213.159.209.98:1094 [nonblock]
Wed Jul 29 00:47:33 2020 MANAGEMENT: >STATE:1595972853,TCP_CONNECT,,,,,,
Wed Jul 29 00:49:33 2020 TCP: connect to [AF_INET]213.159.209.98:1094 failed: Unknown error
Wed Jul 29 00:49:33 2020 SIGUSR1[connection failed(soft),init_instance] received, process restarting
Wed Jul 29 00:49:33 2020 MANAGEMENT: >STATE:1595972973,RECONNECTING,init_instance,,,,,
Wed Jul 29 00:49:33 2020 Restart pause, 40 second(s)
Wed Jul 29 00:50:13 2020 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Wed Jul 29 00:50:13 2020 Re-using SSL/TLS context
Wed Jul 29 00:50:13 2020 Control Channel MTU parms [ L:1623 D:1210 EF:40 EB:0 ET:0 EL:3 ]
Wed Jul 29 00:50:13 2020 Data Channel MTU parms [ L:1623 D:1450 EF:123 EB:406 ET:0 EL:3 ]
Wed Jul 29 00:50:13 2020 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_CLIENT,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Wed Jul 29 00:50:13 2020 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_SERVER,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Wed Jul 29 00:50:13 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]213.159.209.98:1094
Wed Jul 29 00:50:13 2020 Socket Buffers: R=[65536->65536] S=[65536->65536]
Wed Jul 29 00:50:13 2020 Attempting to establish TCP connection with [AF_INET]213.159.209.98:1094 [nonblock]
Wed Jul 29 00:50:13 2020 MANAGEMENT: >STATE:1595973013,TCP_CONNECT,,,,,,
Wed Jul 29 00:52:13 2020 TCP: connect to [AF_INET]213.159.209.98:1094 failed: Unknown error
Wed Jul 29 00:52:13 2020 SIGUSR1[connection failed(soft),init_instance] received, process restarting
Wed Jul 29 00:52:13 2020 MANAGEMENT: >STATE:1595973133,RECONNECTING,init_instance,,,,,
Wed Jul 29 00:52:13 2020 Restart pause, 80 second(s)
Wed Jul 29 00:53:33 2020 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Wed Jul 29 00:53:33 2020 Re-using SSL/TLS context
Wed Jul 29 00:53:33 2020 Control Channel MTU parms [ L:1623 D:1210 EF:40 EB:0 ET:0 EL:3 ]
Wed Jul 29 00:53:33 2020 Data Channel MTU parms [ L:1623 D:1450 EF:123 EB:406 ET:0 EL:3 ]
Wed Jul 29 00:53:33 2020 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_CLIENT,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Wed Jul 29 00:53:33 2020 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_SERVER,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Wed Jul 29 00:53:33 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]213.159.209.98:1094
Wed Jul 29 00:53:33 2020 Socket Buffers: R=[65536->65536] S=[65536->65536]
Wed Jul 29 00:53:33 2020 Attempting to establish TCP connection with [AF_INET]213.159.209.98:1094 [nonblock]
Wed Jul 29 00:53:33 2020 MANAGEMENT: >STATE:1595973213,TCP_CONNECT,,,,,,
Wed Jul 29 00:55:33 2020 TCP: connect to [AF_INET]213.159.209.98:1094 failed: Unknown error
Wed Jul 29 00:55:33 2020 SIGUSR1[connection failed(soft),init_instance] received, process restarting
Wed Jul 29 00:55:33 2020 MANAGEMENT: >STATE:1595973333,RECONNECTING,init_instance,,,,,
Wed Jul 29 00:55:33 2020 Restart pause, 160 second(s)
Wed Jul 29 00:58:13 2020 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Wed Jul 29 00:58:13 2020 Re-using SSL/TLS context
Wed Jul 29 00:58:13 2020 Control Channel MTU parms [ L:1623 D:1210 EF:40 EB:0 ET:0 EL:3 ]
Wed Jul 29 00:58:13 2020 Data Channel MTU parms [ L:1623 D:1450 EF:123 EB:406 ET:0 EL:3 ]
Wed Jul 29 00:58:13 2020 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_CLIENT,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Wed Jul 29 00:58:13 2020 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_SERVER,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Wed Jul 29 00:58:13 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]213.159.209.98:1094
Wed Jul 29 00:58:13 2020 Socket Buffers: R=[65536->65536] S=[65536->65536]
Wed Jul 29 00:58:13 2020 Attempting to establish TCP connection with [AF_INET]213.159.209.98:1094 [nonblock]
Wed Jul 29 00:58:13 2020 MANAGEMENT: >STATE:1595973493,TCP_CONNECT,,,,,,
Wed Jul 29 01:00:13 2020 TCP: connect to [AF_INET]213.159.209.98:1094 failed: Unknown error
Wed Jul 29 01:00:13 2020 SIGUSR1[connection failed(soft),init_instance] received, process restarting
Wed Jul 29 01:00:13 2020 MANAGEMENT: >STATE:1595973613,RECONNECTING,init_instance,,,,,
Wed Jul 29 01:00:13 2020 Restart pause, 300 second(s)
Code: Select all
#openvpn /etc/openvpn/server/server.conf
Wed Jul 29 00:34:35 2020 us=835988 Current Parameter Settings:
Wed Jul 29 00:34:35 2020 us=836208 config = '/etc/openvpn/server/server.conf'
Wed Jul 29 00:34:35 2020 us=836225 mode = 1
Wed Jul 29 00:34:35 2020 us=836237 persist_config = DISABLED
Wed Jul 29 00:34:35 2020 us=836248 persist_mode = 1
Wed Jul 29 00:34:35 2020 us=836258 show_ciphers = DISABLED
Wed Jul 29 00:34:35 2020 us=836269 show_digests = DISABLED
Wed Jul 29 00:34:35 2020 us=836280 show_engines = DISABLED
Wed Jul 29 00:34:35 2020 us=836292 genkey = DISABLED
Wed Jul 29 00:34:35 2020 us=836302 key_pass_file = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=836313 show_tls_ciphers = DISABLED
Wed Jul 29 00:34:35 2020 us=836323 connect_retry_max = 0
Wed Jul 29 00:34:35 2020 us=836334 Connection profiles [0]:
Wed Jul 29 00:34:35 2020 us=836345 proto = tcp-server
Wed Jul 29 00:34:35 2020 us=836356 local = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=836378 local_port = '1094'
Wed Jul 29 00:34:35 2020 us=836390 remote = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=836400 remote_port = '1094'
Wed Jul 29 00:34:35 2020 us=836410 remote_float = DISABLED
Wed Jul 29 00:34:35 2020 us=836421 bind_defined = DISABLED
Wed Jul 29 00:34:35 2020 us=836431 bind_local = ENABLED
Wed Jul 29 00:34:35 2020 us=836442 bind_ipv6_only = DISABLED
Wed Jul 29 00:34:35 2020 us=836453 connect_retry_seconds = 5
Wed Jul 29 00:34:35 2020 us=836464 connect_timeout = 120
Wed Jul 29 00:34:35 2020 us=836475 socks_proxy_server = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=836509 socks_proxy_port = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=836520 tun_mtu = 1500
Wed Jul 29 00:34:35 2020 us=836531 tun_mtu_defined = ENABLED
Wed Jul 29 00:34:35 2020 us=836542 link_mtu = 1500
Wed Jul 29 00:34:35 2020 us=836553 link_mtu_defined = DISABLED
Wed Jul 29 00:34:35 2020 us=836563 tun_mtu_extra = 0
Wed Jul 29 00:34:35 2020 us=836574 tun_mtu_extra_defined = DISABLED
Wed Jul 29 00:34:35 2020 us=836585 mtu_discover_type = -1
Wed Jul 29 00:34:35 2020 us=836600 fragment = 0
Wed Jul 29 00:34:35 2020 us=836610 mssfix = 1450
Wed Jul 29 00:34:35 2020 us=836621 explicit_exit_notification = 0
Wed Jul 29 00:34:35 2020 us=836632 Connection profiles END
Wed Jul 29 00:34:35 2020 us=836642 remote_random = DISABLED
Wed Jul 29 00:34:35 2020 us=836652 ipchange = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=836663 dev = 'tun'
Wed Jul 29 00:34:35 2020 us=836675 dev_type = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=836685 dev_node = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=836695 lladdr = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=836706 topology = 1
Wed Jul 29 00:34:35 2020 us=836717 ifconfig_local = '192.168.10.1'
Wed Jul 29 00:34:35 2020 us=836728 ifconfig_remote_netmask = '192.168.10.2'
Wed Jul 29 00:34:35 2020 us=836739 ifconfig_noexec = DISABLED
Wed Jul 29 00:34:35 2020 us=836750 ifconfig_nowarn = DISABLED
Wed Jul 29 00:34:35 2020 us=836760 ifconfig_ipv6_local = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=836771 ifconfig_ipv6_netbits = 0
Wed Jul 29 00:34:35 2020 us=836782 ifconfig_ipv6_remote = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=836792 shaper = 0
Wed Jul 29 00:34:35 2020 us=836802 mtu_test = 0
Wed Jul 29 00:34:35 2020 us=836813 mlock = DISABLED
Wed Jul 29 00:34:35 2020 us=836823 keepalive_ping = 10
Wed Jul 29 00:34:35 2020 us=836834 keepalive_timeout = 120
Wed Jul 29 00:34:35 2020 us=836844 inactivity_timeout = 0
Wed Jul 29 00:34:35 2020 us=836855 ping_send_timeout = 10
Wed Jul 29 00:34:35 2020 us=836865 ping_rec_timeout = 240
Wed Jul 29 00:34:35 2020 us=836876 ping_rec_timeout_action = 2
Wed Jul 29 00:34:35 2020 us=836887 ping_timer_remote = DISABLED
Wed Jul 29 00:34:35 2020 us=836898 remap_sigusr1 = 0
Wed Jul 29 00:34:35 2020 us=836908 persist_tun = ENABLED
Wed Jul 29 00:34:35 2020 us=836919 persist_local_ip = DISABLED
Wed Jul 29 00:34:35 2020 us=836930 persist_remote_ip = DISABLED
Wed Jul 29 00:34:35 2020 us=836940 persist_key = ENABLED
Wed Jul 29 00:34:35 2020 us=836952 passtos = DISABLED
Wed Jul 29 00:34:35 2020 us=836986 resolve_retry_seconds = 1000000000
Wed Jul 29 00:34:35 2020 us=836998 resolve_in_advance = DISABLED
Wed Jul 29 00:34:35 2020 us=837009 username = 'nobody'
Wed Jul 29 00:34:35 2020 us=837019 groupname = 'nobody'
Wed Jul 29 00:34:35 2020 us=837030 chroot_dir = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=837040 cd_dir = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=837050 selinux_context = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=837072 writepid = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=837083 up_script = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=837094 down_script = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=837105 down_pre = DISABLED
Wed Jul 29 00:34:35 2020 us=837116 up_restart = DISABLED
Wed Jul 29 00:34:35 2020 us=837127 up_delay = DISABLED
Wed Jul 29 00:34:35 2020 us=837137 daemon = DISABLED
Wed Jul 29 00:34:35 2020 us=837148 inetd = 0
Wed Jul 29 00:34:35 2020 us=837159 log = DISABLED
Wed Jul 29 00:34:35 2020 us=837170 suppress_timestamps = DISABLED
Wed Jul 29 00:34:35 2020 us=837180 machine_readable_output = DISABLED
Wed Jul 29 00:34:35 2020 us=837192 nice = 0
Wed Jul 29 00:34:35 2020 us=837211 verbosity = 6
Wed Jul 29 00:34:35 2020 us=837222 mute = 0
Wed Jul 29 00:34:35 2020 us=837233 gremlin = 0
Wed Jul 29 00:34:35 2020 us=837243 status_file = 'openvpn-status.log'
Wed Jul 29 00:34:35 2020 us=837260 status_file_version = 1
Wed Jul 29 00:34:35 2020 us=837271 status_file_update_freq = 60
Wed Jul 29 00:34:35 2020 us=837282 occ = ENABLED
Wed Jul 29 00:34:35 2020 us=837292 rcvbuf = 0
Wed Jul 29 00:34:35 2020 us=837310 sndbuf = 0
Wed Jul 29 00:34:35 2020 us=837321 mark = 0
Wed Jul 29 00:34:35 2020 us=837331 sockflags = 0
Wed Jul 29 00:34:35 2020 us=837342 fast_io = DISABLED
Wed Jul 29 00:34:35 2020 us=837353 comp.alg = 0
Wed Jul 29 00:34:35 2020 us=837378 comp.flags = 0
Wed Jul 29 00:34:35 2020 us=837389 route_script = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=837400 route_default_gateway = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=837411 route_default_metric = 0
Wed Jul 29 00:34:35 2020 us=837427 route_noexec = DISABLED
Wed Jul 29 00:34:35 2020 us=837438 route_delay = 0
Wed Jul 29 00:34:35 2020 us=837448 route_delay_window = 30
Wed Jul 29 00:34:35 2020 us=837458 route_delay_defined = DISABLED
Wed Jul 29 00:34:35 2020 us=837469 route_nopull = DISABLED
Wed Jul 29 00:34:35 2020 us=837480 route_gateway_via_dhcp = DISABLED
Wed Jul 29 00:34:35 2020 us=837490 allow_pull_fqdn = DISABLED
Wed Jul 29 00:34:35 2020 us=837503 route 192.168.10.0/255.255.255.0/default (n ot set)/default (not set)
Wed Jul 29 00:34:35 2020 us=837514 management_addr = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=837525 management_port = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=837543 management_user_pass = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=837554 management_log_history_cache = 250
Wed Jul 29 00:34:35 2020 us=837565 management_echo_buffer_size = 100
Wed Jul 29 00:34:35 2020 us=837582 management_write_peer_info_file = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=837594 management_client_user = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=837604 management_client_group = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=838029 management_flags = 0
Wed Jul 29 00:34:35 2020 us=838049 shared_secret_file = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=838061 key_direction = not set
Wed Jul 29 00:34:35 2020 us=838072 ciphername = 'AES-256-CBC'
Wed Jul 29 00:34:35 2020 us=838082 ncp_enabled = ENABLED
Wed Jul 29 00:34:35 2020 us=838098 ncp_ciphers = 'AES-256-GCM:AES-128-GCM'
Wed Jul 29 00:34:35 2020 us=838110 authname = 'SHA1'
Wed Jul 29 00:34:35 2020 us=838120 prng_hash = 'SHA1'
Wed Jul 29 00:34:35 2020 us=838131 prng_nonce_secret_len = 16
Wed Jul 29 00:34:35 2020 us=838141 keysize = 0
Wed Jul 29 00:34:35 2020 us=838152 engine = DISABLED
Wed Jul 29 00:34:35 2020 us=838162 replay = ENABLED
Wed Jul 29 00:34:35 2020 us=838173 mute_replay_warnings = DISABLED
Wed Jul 29 00:34:35 2020 us=838183 replay_window = 64
Wed Jul 29 00:34:35 2020 us=838194 replay_time = 15
Wed Jul 29 00:34:35 2020 us=838204 packet_id_file = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=838215 use_iv = ENABLED
Wed Jul 29 00:34:35 2020 us=838225 test_crypto = DISABLED
Wed Jul 29 00:34:35 2020 us=838235 tls_server = ENABLED
Wed Jul 29 00:34:35 2020 us=838246 tls_client = DISABLED
Wed Jul 29 00:34:35 2020 us=838256 key_method = 2
Wed Jul 29 00:34:35 2020 us=838267 ca_file = '/etc/openvpn/keys/ca.crt'
Wed Jul 29 00:34:35 2020 us=838278 ca_path = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=838289 dh_file = '/etc/openvpn/certs/dh.pem'
Wed Jul 29 00:34:35 2020 us=838300 cert_file = '/etc/openvpn/keys/victor-serve r.crt'
Wed Jul 29 00:34:35 2020 us=838311 extra_certs_file = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=838323 priv_key_file = '/etc/openvpn/keys/victor-s erver.key'
Wed Jul 29 00:34:35 2020 us=838334 pkcs12_file = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=838344 cipher_list = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=838355 cipher_list_tls13 = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=838378 tls_cert_profile = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=838388 tls_verify = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=838399 tls_export_cert = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=838410 verify_x509_type = 0
Wed Jul 29 00:34:35 2020 us=838420 verify_x509_name = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=838431 crl_file = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=838441 ns_cert_type = 0
Wed Jul 29 00:34:35 2020 us=838452 remote_cert_ku[i] = 0
Wed Jul 29 00:34:35 2020 us=838463 remote_cert_ku[i] = 0
Wed Jul 29 00:34:35 2020 us=838473 remote_cert_ku[i] = 0
Wed Jul 29 00:34:35 2020 us=838484 remote_cert_ku[i] = 0
Wed Jul 29 00:34:35 2020 us=838494 remote_cert_ku[i] = 0
Wed Jul 29 00:34:35 2020 us=838505 remote_cert_ku[i] = 0
Wed Jul 29 00:34:35 2020 us=838516 remote_cert_ku[i] = 0
Wed Jul 29 00:34:35 2020 us=838526 remote_cert_ku[i] = 0
Wed Jul 29 00:34:35 2020 us=838536 remote_cert_ku[i] = 0
Wed Jul 29 00:34:35 2020 us=838547 remote_cert_ku[i] = 0
Wed Jul 29 00:34:35 2020 us=838558 remote_cert_ku[i] = 0
Wed Jul 29 00:34:35 2020 us=838569 remote_cert_ku[i] = 0
Wed Jul 29 00:34:35 2020 us=838579 remote_cert_ku[i] = 0
Wed Jul 29 00:34:35 2020 us=838589 remote_cert_ku[i] = 0
Wed Jul 29 00:34:35 2020 us=838600 remote_cert_ku[i] = 0
Wed Jul 29 00:34:35 2020 us=838610 remote_cert_ku[i] = 0
Wed Jul 29 00:34:35 2020 us=838621 remote_cert_eku = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=838631 ssl_flags = 0
Wed Jul 29 00:34:35 2020 us=838642 tls_timeout = 2
Wed Jul 29 00:34:35 2020 us=838652 renegotiate_bytes = -1
Wed Jul 29 00:34:35 2020 us=838663 renegotiate_packets = 0
Wed Jul 29 00:34:35 2020 us=838673 renegotiate_seconds = 3600
Wed Jul 29 00:34:35 2020 us=838684 handshake_window = 60
Wed Jul 29 00:34:35 2020 us=838695 transition_window = 3600
Wed Jul 29 00:34:35 2020 us=838706 single_session = DISABLED
Wed Jul 29 00:34:35 2020 us=838717 push_peer_info = DISABLED
Wed Jul 29 00:34:35 2020 us=838727 tls_exit = DISABLED
Wed Jul 29 00:34:35 2020 us=838738 tls_auth_file = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=838749 tls_crypt_file = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=838759 pkcs11_protected_authentication = DISABLED
Wed Jul 29 00:34:35 2020 us=838771 pkcs11_protected_authentication = DISABLED
Wed Jul 29 00:34:35 2020 us=838781 pkcs11_protected_authentication = DISABLED
Wed Jul 29 00:34:35 2020 us=838792 pkcs11_protected_authentication = DISABLED
Wed Jul 29 00:34:35 2020 us=838803 pkcs11_protected_authentication = DISABLED
Wed Jul 29 00:34:35 2020 us=838813 pkcs11_protected_authentication = DISABLED
Wed Jul 29 00:34:35 2020 us=838824 pkcs11_protected_authentication = DISABLED
Wed Jul 29 00:34:35 2020 us=838835 pkcs11_protected_authentication = DISABLED
Wed Jul 29 00:34:35 2020 us=838846 pkcs11_protected_authentication = DISABLED
Wed Jul 29 00:34:35 2020 us=838856 pkcs11_protected_authentication = DISABLED
Wed Jul 29 00:34:35 2020 us=838867 pkcs11_protected_authentication = DISABLED
Wed Jul 29 00:34:35 2020 us=838878 pkcs11_protected_authentication = DISABLED
Wed Jul 29 00:34:35 2020 us=838889 pkcs11_protected_authentication = DISABLED
Wed Jul 29 00:34:35 2020 us=838900 pkcs11_protected_authentication = DISABLED
Wed Jul 29 00:34:35 2020 us=838910 pkcs11_protected_authentication = DISABLED
Wed Jul 29 00:34:35 2020 us=838921 pkcs11_protected_authentication = DISABLED
Wed Jul 29 00:34:35 2020 us=838933 pkcs11_private_mode = 00000000
Wed Jul 29 00:34:35 2020 us=838944 pkcs11_private_mode = 00000000
Wed Jul 29 00:34:35 2020 us=838955 pkcs11_private_mode = 00000000
Wed Jul 29 00:34:35 2020 us=838986 pkcs11_private_mode = 00000000
Wed Jul 29 00:34:35 2020 us=838997 pkcs11_private_mode = 00000000
Wed Jul 29 00:34:35 2020 us=839007 pkcs11_private_mode = 00000000
Wed Jul 29 00:34:35 2020 us=839018 pkcs11_private_mode = 00000000
Wed Jul 29 00:34:35 2020 us=839029 pkcs11_private_mode = 00000000
Wed Jul 29 00:34:35 2020 us=839039 pkcs11_private_mode = 00000000
Wed Jul 29 00:34:35 2020 us=839050 pkcs11_private_mode = 00000000
Wed Jul 29 00:34:35 2020 us=839061 pkcs11_private_mode = 00000000
Wed Jul 29 00:34:35 2020 us=839071 pkcs11_private_mode = 00000000
Wed Jul 29 00:34:35 2020 us=839082 pkcs11_private_mode = 00000000
Wed Jul 29 00:34:35 2020 us=839092 pkcs11_private_mode = 00000000
Wed Jul 29 00:34:35 2020 us=839103 pkcs11_private_mode = 00000000
Wed Jul 29 00:34:35 2020 us=839114 pkcs11_private_mode = 00000000
Wed Jul 29 00:34:35 2020 us=839124 pkcs11_cert_private = DISABLED
Wed Jul 29 00:34:35 2020 us=839135 pkcs11_cert_private = DISABLED
Wed Jul 29 00:34:35 2020 us=839146 pkcs11_cert_private = DISABLED
Wed Jul 29 00:34:35 2020 us=839156 pkcs11_cert_private = DISABLED
Wed Jul 29 00:34:35 2020 us=839166 pkcs11_cert_private = DISABLED
Wed Jul 29 00:34:35 2020 us=839177 pkcs11_cert_private = DISABLED
Wed Jul 29 00:34:35 2020 us=839188 pkcs11_cert_private = DISABLED
Wed Jul 29 00:34:35 2020 us=839198 pkcs11_cert_private = DISABLED
Wed Jul 29 00:34:35 2020 us=839413 pkcs11_cert_private = DISABLED
Wed Jul 29 00:34:35 2020 us=839429 pkcs11_cert_private = DISABLED
Wed Jul 29 00:34:35 2020 us=839439 pkcs11_cert_private = DISABLED
Wed Jul 29 00:34:35 2020 us=839450 pkcs11_cert_private = DISABLED
Wed Jul 29 00:34:35 2020 us=839461 pkcs11_cert_private = DISABLED
Wed Jul 29 00:34:35 2020 us=839471 pkcs11_cert_private = DISABLED
Wed Jul 29 00:34:35 2020 us=839482 pkcs11_cert_private = DISABLED
Wed Jul 29 00:34:35 2020 us=839492 pkcs11_cert_private = DISABLED
Wed Jul 29 00:34:35 2020 us=839503 pkcs11_pin_cache_period = -1
Wed Jul 29 00:34:35 2020 us=839514 pkcs11_id = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=839525 pkcs11_id_management = DISABLED
Wed Jul 29 00:34:35 2020 us=839540 server_network = 192.168.10.0
Wed Jul 29 00:34:35 2020 us=839552 server_netmask = 255.255.255.0
Wed Jul 29 00:34:35 2020 us=839582 server_network_ipv6 = ::
Wed Jul 29 00:34:35 2020 us=839593 server_netbits_ipv6 = 0
Wed Jul 29 00:34:35 2020 us=839605 server_bridge_ip = 0.0.0.0
Wed Jul 29 00:34:35 2020 us=839617 server_bridge_netmask = 0.0.0.0
Wed Jul 29 00:34:35 2020 us=839628 server_bridge_pool_start = 0.0.0.0
Wed Jul 29 00:34:35 2020 us=839640 server_bridge_pool_end = 0.0.0.0
Wed Jul 29 00:34:35 2020 us=839652 push_entry = 'redirect-gateway def1 bypass- dhcp'
Wed Jul 29 00:34:35 2020 us=839663 push_entry = 'route 192.168.10.0 255.255.25 5.0'
Wed Jul 29 00:34:35 2020 us=839674 push_entry = 'topology net30'
Wed Jul 29 00:34:35 2020 us=839685 push_entry = 'ping 10'
Wed Jul 29 00:34:35 2020 us=839696 push_entry = 'ping-restart 120'
Wed Jul 29 00:34:35 2020 us=839706 ifconfig_pool_defined = ENABLED
Wed Jul 29 00:34:35 2020 us=839718 ifconfig_pool_start = 192.168.10.4
Wed Jul 29 00:34:35 2020 us=839730 ifconfig_pool_end = 192.168.10.251
Wed Jul 29 00:34:35 2020 us=839741 ifconfig_pool_netmask = 0.0.0.0
Wed Jul 29 00:34:35 2020 us=839752 ifconfig_pool_persist_filename = 'ipp.txt'
Wed Jul 29 00:34:35 2020 us=839763 ifconfig_pool_persist_refresh_freq = 600
Wed Jul 29 00:34:35 2020 us=839774 ifconfig_ipv6_pool_defined = DISABLED
Wed Jul 29 00:34:35 2020 us=839786 ifconfig_ipv6_pool_base = ::
Wed Jul 29 00:34:35 2020 us=839797 ifconfig_ipv6_pool_netbits = 0
Wed Jul 29 00:34:35 2020 us=839807 n_bcast_buf = 256
Wed Jul 29 00:34:35 2020 us=839818 tcp_queue_limit = 64
Wed Jul 29 00:34:35 2020 us=839828 real_hash_size = 256
Wed Jul 29 00:34:35 2020 us=839839 virtual_hash_size = 256
Wed Jul 29 00:34:35 2020 us=839850 client_connect_script = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=839861 learn_address_script = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=839871 client_disconnect_script = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=839882 client_config_dir = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=839893 ccd_exclusive = DISABLED
Wed Jul 29 00:34:35 2020 us=839903 tmp_dir = '/tmp'
Wed Jul 29 00:34:35 2020 us=839914 push_ifconfig_defined = DISABLED
Wed Jul 29 00:34:35 2020 us=839926 push_ifconfig_local = 0.0.0.0
Wed Jul 29 00:34:35 2020 us=839937 push_ifconfig_remote_netmask = 0.0.0.0
Wed Jul 29 00:34:35 2020 us=839948 push_ifconfig_ipv6_defined = DISABLED
Wed Jul 29 00:34:35 2020 us=839982 push_ifconfig_ipv6_local = ::/0
Wed Jul 29 00:34:35 2020 us=839994 push_ifconfig_ipv6_remote = ::
Wed Jul 29 00:34:35 2020 us=840005 enable_c2c = ENABLED
Wed Jul 29 00:34:35 2020 us=840016 duplicate_cn = DISABLED
Wed Jul 29 00:34:35 2020 us=840026 cf_max = 0
Wed Jul 29 00:34:35 2020 us=840037 cf_per = 0
Wed Jul 29 00:34:35 2020 us=840047 max_clients = 1024
Wed Jul 29 00:34:35 2020 us=840058 max_routes_per_client = 256
Wed Jul 29 00:34:35 2020 us=840068 auth_user_pass_verify_script = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=840080 auth_user_pass_verify_script_via_file = DIS ABLED
Wed Jul 29 00:34:35 2020 us=840091 auth_token_generate = DISABLED
Wed Jul 29 00:34:35 2020 us=840101 auth_token_lifetime = 0
Wed Jul 29 00:34:35 2020 us=840112 port_share_host = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=840123 port_share_port = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=840134 client = DISABLED
Wed Jul 29 00:34:35 2020 us=840144 pull = DISABLED
Wed Jul 29 00:34:35 2020 us=840155 auth_user_pass_file = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=840170 OpenVPN 2.4.9 x86_64-redhat-linux-gnu [Fedora EPEL patched] [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 24 2020
Wed Jul 29 00:34:35 2020 us=840256 library versions: OpenSSL 1.0.2k-fips 26 Jan 2017, LZO 2.06
Wed Jul 29 00:34:35 2020 us=841804 Diffie-Hellman initialized with 2048 bit key
Wed Jul 29 00:34:35 2020 us=842727 TLS-Auth MTU parms [ L:1623 D:1210 EF:40 EB:0 ET:0 EL:3 ]
Wed Jul 29 00:34:35 2020 us=843258 ROUTE_GATEWAY 10.0.0.1
Wed Jul 29 00:34:35 2020 us=844451 TUN/TAP device tun0 opened
Wed Jul 29 00:34:35 2020 us=844495 TUN/TAP TX queue length set to 100
Wed Jul 29 00:34:35 2020 us=844517 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Wed Jul 29 00:34:35 2020 us=844542 /sbin/ip link set dev tun0 up mtu 1500
Wed Jul 29 00:34:35 2020 us=852293 /sbin/ip addr add dev tun0 local 192.168.10.1 peer 192.168.10.2
Wed Jul 29 00:34:35 2020 us=854695 /sbin/ip route add 192.168.10.0/24 via 192.16 8.10.2
Wed Jul 29 00:34:35 2020 us=856933 Data Channel MTU parms [ L:1623 D:1450 EF:123 EB:406 ET:0 EL:3 ]
Wed Jul 29 00:34:35 2020 us=857342 Could not determine IPv4/IPv6 protocol. Using AF_INET
Wed Jul 29 00:34:35 2020 us=857417 Socket Buffers: R=[87380->87380] S=[16384->16 384]
Wed Jul 29 00:34:35 2020 us=857447 Listening for incoming TCP connection on [AF_ INET][undef]:1094
Wed Jul 29 00:34:35 2020 us=857464 TCPv4_SERVER link local (bound): [AF_INET][un def]:1094
Wed Jul 29 00:34:35 2020 us=857473 TCPv4_SERVER link remote: [AF_UNSPEC]
Wed Jul 29 00:34:35 2020 us=857490 GID set to nobody
Wed Jul 29 00:34:35 2020 us=857514 UID set to nobody
Wed Jul 29 00:34:35 2020 us=857549 MULTI: multi_init called, r=256 v=256
Wed Jul 29 00:34:35 2020 us=857584 IFCONFIG POOL: base=192.168.10.4 size=62, ipv 6=0
Wed Jul 29 00:34:35 2020 us=857616 IFCONFIG POOL LIST
Wed Jul 29 00:34:35 2020 us=857653 MULTI: TCP INIT maxclients=1024 maxevents=102 8
Wed Jul 29 00:34:35 2020 us=857693 Initialization Sequence Completed
Code: Select all
client
;dev tap
dev tun
;dev-node OpenVPN
proto tcp
;proto udp
remote 213.159.209.98 1094
resolv-retry infinite
nobind
;user nobody
;group nobody
persist-key
persist-tun
ca C:\\OpenVPN\\certs\\ca.crt
cert C:\\OpenVPN\\certs\\victor-client.crt
key C:\\OpenVPN\\certs\\victor-client.key
dh /etc/openvpn/certs/dh.pem
#tls-auth ta.key 1
;ns-cert-type server
;route 192.168.10.0 255.255.255.0
#ifconfig-pool-persist ipp.txt
;compress lz4-v2
;push "compress lz4-v2"
;max-clients 100
status C:\\OpenVPN\\log\\openvpn-status.log 1
status-version 3
;log openvpn.log
log-append openvpn.log
verb 6
Code: Select all
port 1094
#port 53
proto tcp
;proto udp
;dev tap
dev tun
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/victor-server.crt
key /etc/openvpn/keys/victor-server.key
dh /etc/openvpn/certs/dh.pem
server 192.168.10.0 255.255.255.0
;iroute 192.168.8.0 255.255.255.0
ifconfig-pool-persist ipp.txt
client-to-client
push "redirect-gateway def1 bypass-dhcp"
;duplicate-cn
keepalive 10 120
cipher AES-256-CBC
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
verb 6
Code: Select all
ping 213.159.209.98
Обмен пакетами с 213.159.209.98 по с 32 байтами данных:
Ответ от 213.159.209.98: число байт=32 время=6мс TTL=53
Ответ от 213.159.209.98: число байт=32 время=4мс TTL=53
Ответ от 213.159.209.98: число байт=32 время=5мс TTL=53
Ответ от 213.159.209.98: число байт=32 время=4мс TTL=53
Статистика Ping для 213.159.209.98:
Пакетов: отправлено = 4, получено = 4, потеряно = 0
(0% потерь)
Приблизительное время приема-передачи в мс:
Минимальное = 4мсек, Максимальное = 6 мсек, Среднее = 4 мсек
Code: Select all
# tcpdump port 1094
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
01:05:17.251648 IP 37-145-37-143.broadband.corbina.ru.55113 > myserver.fvds. ru.rootd: Flags [S], seq 3919669653, win 64240, options [mss 1460,nop,wscale 8,n op,nop,sackOK], length 0
01:05:20.254052 IP 37-145-37-143.broadband.corbina.ru.55113 > myserver.fvds. ru.rootd: Flags [S], seq 3919669653, win 64240, options [mss 1460,nop,wscale 8,n op,nop,sackOK], length 0
01:05:26.250678 IP 37-145-37-143.broadband.corbina.ru.55113 > myserver.fvds. ru.rootd: Flags [S], seq 3919669653, win 64240, options [mss 1460,nop,wscale 8,n op,nop,sackOK], length 0
01:05:26.723031 IP 37-145-37-143.broadband.corbina.ru.55119 > myserver.fvds. ru.rootd: Flags [S], seq 2675092632, win 64240, options [mss 1460,nop,wscale 8,n op,nop,sackOK], length 0
01:05:29.719333 IP 37-145-37-143.broadband.corbina.ru.55119 > myserver.fvds. ru.rootd: Flags [S], seq 2675092632, win 64240, options [mss 1460,nop,wscale 8,n op,nop,sackOK], length 0
01:05:35.718859 IP 37-145-37-143.broadband.corbina.ru.55119 > myserver.fvds. ru.rootd: Flags [S], seq 2675092632, win 64240, options [mss 1460,nop,wscale 8,n op,nop,sackOK], length 0
01:12:17.333980 IP 37-145-37-143.broadband.corbina.ru.55359 > myserver.fvds. ru.rootd: Flags [S], seq 3648063440, win 64240, options [mss 1460,nop,wscale 8,n op,nop,sackOK], length 0
01:12:20.329271 IP 37-145-37-143.broadband.corbina.ru.55359 > myserver.fvds. ru.rootd: Flags [S], seq 3648063440, win 64240, options [mss 1460,nop,wscale 8,n op,nop,sackOK], length 0
01:12:26.330063 IP 37-145-37-143.broadband.corbina.ru.55359 > myserver.fvds. ru.rootd: Flags [S], seq 3648063440, win 64240, options [mss 1460,nop,wscale 8,n op,nop,sackOK], length 0
01:12:26.911157 IP 37-145-37-143.broadband.corbina.ru.55366 > myserver.fvds. ru.rootd: Flags [S], seq 695729156, win 64240, options [mss 1460,nop,wscale 8,no p,nop,sackOK], length 0
01:12:29.909165 IP 37-145-37-143.broadband.corbina.ru.55366 > myserver.fvds. ru.rootd: Flags [S], seq 695729156, win 64240, options [mss 1460,nop,wscale 8,no p,nop,sackOK], length 0
01:12:35.909259 IP 37-145-37-143.broadband.corbina.ru.55366 > myserver.fvds. ru.rootd: Flags [S], seq 695729156, win 64240, options [mss 1460,nop,wscale 8,no p,nop,sackOK], length 0
Code: Select all
# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 213.159.209.98 netmask 255.255.255.255 broadcast 213.159.209.98
inet6 fe80::5054:ff:fe59:ef19 prefixlen 64 scopeid 0x20<link>
ether 52:54:00:59:ef:19 txqueuelen 1000 (Ethernet)
RX packets 40184 bytes 3905902 (3.7 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 38868 bytes 8064728 (7.6 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth0:1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.31.16.37 netmask 255.255.255.255 broadcast 172.31.16.37
ether 52:54:00:59:ef:19 txqueuelen 1000 (Ethernet)
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 503 bytes 44969 (43.9 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 503 bytes 44969 (43.9 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500
inet 192.168.10.1 netmask 255.255.255.255 destination 192.168.10.2
inet6 fe80::7e7:a81d:dd90:10ae prefixlen 64 scopeid 0x20<link>
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 100 (UNSPEC)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 3 bytes 144 (144.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
Code: Select all
# ps aux | grep firewall
root 528 0.0 1.5 358924 29124 ? Ssl июл28 0:01 /usr/bin/python2 -Es /usr/sbin/firewalld --nofork --nopid
root 8993 0.0 0.0 112836 972 pts/1 S+ 01:19 0:00 grep --color=auto firewall
Code: Select all
# cat firewalld.conf
# firewalld config file
# default zone
# The default zone used if an empty zone string is used.
# Default: public
DefaultZone=public
# Minimal mark
# Marks up to this minimum are free for use for example in the direct
# interface. If more free marks are needed, increase the minimum
# Default: 100
MinimalMark=100
# Clean up on exit
# If set to no or false the firewall configuration will not get cleaned up
# on exit or stop of firewalld
# Default: yes
CleanupOnExit=yes
# Lockdown
# If set to enabled, firewall changes with the D-Bus interface will be limited
# to applications that are listed in the lockdown whitelist.
# The lockdown whitelist file is lockdown-whitelist.xml
# Default: no
Lockdown=no
# IPv6_rpfilter
# Performs a reverse path filter test on a packet for IPv6. If a reply to the
# packet would be sent via the same interface that the packet arrived on, the
# packet will match and be accepted, otherwise dropped.
# The rp_filter for IPv4 is controlled using sysctl.
# Default: yes
IPv6_rpfilter=yes
# IndividualCalls
# Do not use combined -restore calls, but individual calls. This increases the
# time that is needed to apply changes and to start the daemon, but is good for
# debugging.
# Default: no
IndividualCalls=no
# LogDenied
# Add logging rules right before reject and drop rules in the INPUT, FORWARD
# and OUTPUT chains for the default rules and also final reject and drop rules
# in zones. Possible values are: all, unicast, broadcast, multicast and off.
# Default: off
LogDenied=off
# AutomaticHelpers
# For the secure use of iptables and connection tracking helpers it is
# recommended to turn AutomaticHelpers off. But this might have side effects on
# other services using the netfilter helpers as the sysctl setting in
# /proc/sys/net/netfilter/nf_conntrack_helper will be changed.
# With the system setting, the default value set in the kernel or with sysctl
# will be used. Possible values are: yes, no and system.
# Default: system
AutomaticHelpers=system
# AllowZoneDrifting
# Older versions of firewalld had undocumented behavior known as "zone
# drifting". This allowed packets to ingress multiple zones - this is a
# violation of zone based firewalls. However, some users rely on this behavior
# to have a "catch-all" zone, e.g. the default zone. You can enable this if you
# desire such behavior. It's disabled by default for security reasons.
# Note: If "yes" packets will only drift from source based zones to interface
# based zones (including the default zone). Packets never drift from interface
# based zones to other interfaces based zones (including the default zone).
# Possible values; "yes", "no". Defaults to "yes".
AllowZoneDrifting=yes