Unknown problem with openvpn - CentOS

Unknown problem with openvpn

4 posts • Page 1 of 1

Fireball: Posts: 2; Joined: 2020/07/28 21:36:59

Unknown problem with openvpn

Quote

Post by Fireball » 2020/07/28 22:29:09

Hello to all,

I've spend 4-5 days for adjusting OpenVPN as a server on CentOS 7 and don't understand why it doesn't work.
I tried about 20 manuals and how-to and got different errors one by one.

I have choosen this how-to, actually it is in Russian but you can see the sequence of the commands:
https://www.dmosk.ru/miniinstruktions.p ... n-easyrsa3

What did I do?
I tried different manuals and how-to, starting from official, but it didn't consist all the information and differs to my version of the openssl and openvpn (strange, as I figure out official how-to is obsolete and that commands didn't work in my case).

Today, I get temprorary working server and one client, and tried to generate another one key, but easy-rsa said that pass for CA certificate is bad and I coudn't generate new one (tried to find solution several hours) and decided to generate all the keys and certificates anew, but I left configurations of the server and client untouched.

But, now after generating new keys and certificates client (Windows 10, OpenVPN, I tried usual user and admin->the same) can't to connect to the server, it just hangs on

Code: Select all

 MANAGEMENT: >STATE:1595972333,TCP_CONNECT

and then

Code: Select all

TCP: connect to [AF_INET]213.159.209.98:1094 failed: Unknown error

I have checked that TCP packets can go to the server from client, on the server I try use tcpdump during connecting:

Code: Select all

OS version:

Code: Select all

#cat /etc/redhat-release
CentOS Linux release 7.8.2003 (Core)

OpenVPN version:

Code: Select all

#openvpn --version
OpenVPN 2.4.9 x86_64-redhat-linux-gnu [Fedora EPEL patched] [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 24 2020
library versions: OpenSSL 1.0.2k-fips  26 Jan 2017, LZO 2.06
Originally developed by James Yonan

Output of connecting on client (Windows 10):

Code: Select all

Wed Jul 29 00:34:42 2020   pkcs11_protected_authentication = DISABLED
Wed Jul 29 00:34:42 2020   pkcs11_private_mode = 00000000
Wed Jul 29 00:34:42 2020   pkcs11_private_mode = 00000000
Wed Jul 29 00:34:42 2020   pkcs11_private_mode = 00000000
Wed Jul 29 00:34:42 2020   pkcs11_private_mode = 00000000
Wed Jul 29 00:34:42 2020   pkcs11_private_mode = 00000000
Wed Jul 29 00:34:42 2020   pkcs11_private_mode = 00000000
Wed Jul 29 00:34:42 2020   pkcs11_private_mode = 00000000
Wed Jul 29 00:34:42 2020   pkcs11_private_mode = 00000000
Wed Jul 29 00:34:42 2020   pkcs11_private_mode = 00000000
Wed Jul 29 00:34:42 2020   pkcs11_private_mode = 00000000
Wed Jul 29 00:34:42 2020   pkcs11_private_mode = 00000000
Wed Jul 29 00:34:42 2020   pkcs11_private_mode = 00000000
Wed Jul 29 00:34:42 2020   pkcs11_private_mode = 00000000
Wed Jul 29 00:34:42 2020   pkcs11_private_mode = 00000000
Wed Jul 29 00:34:42 2020   pkcs11_private_mode = 00000000
Wed Jul 29 00:34:42 2020   pkcs11_private_mode = 00000000
Wed Jul 29 00:34:42 2020   pkcs11_cert_private = DISABLED
Wed Jul 29 00:34:42 2020   pkcs11_cert_private = DISABLED
Wed Jul 29 00:34:42 2020   pkcs11_cert_private = DISABLED
Wed Jul 29 00:34:42 2020   pkcs11_cert_private = DISABLED
Wed Jul 29 00:34:42 2020   pkcs11_cert_private = DISABLED
Wed Jul 29 00:34:42 2020   pkcs11_cert_private = DISABLED
Wed Jul 29 00:34:42 2020   pkcs11_cert_private = DISABLED
Wed Jul 29 00:34:42 2020   pkcs11_cert_private = DISABLED
Wed Jul 29 00:34:42 2020   pkcs11_cert_private = DISABLED
Wed Jul 29 00:34:42 2020   pkcs11_cert_private = DISABLED
Wed Jul 29 00:34:42 2020   pkcs11_cert_private = DISABLED
Wed Jul 29 00:34:42 2020   pkcs11_cert_private = DISABLED
Wed Jul 29 00:34:42 2020   pkcs11_cert_private = DISABLED
Wed Jul 29 00:34:42 2020   pkcs11_cert_private = DISABLED
Wed Jul 29 00:34:42 2020   pkcs11_cert_private = DISABLED
Wed Jul 29 00:34:42 2020   pkcs11_cert_private = DISABLED
Wed Jul 29 00:34:42 2020   pkcs11_pin_cache_period = -1
Wed Jul 29 00:34:42 2020   pkcs11_id = '[UNDEF]'
Wed Jul 29 00:34:42 2020   pkcs11_id_management = DISABLED
Wed Jul 29 00:34:42 2020   server_network = 0.0.0.0
Wed Jul 29 00:34:42 2020   server_netmask = 0.0.0.0
Wed Jul 29 00:34:42 2020   server_network_ipv6 = ::
Wed Jul 29 00:34:42 2020   server_netbits_ipv6 = 0
Wed Jul 29 00:34:42 2020   server_bridge_ip = 0.0.0.0
Wed Jul 29 00:34:42 2020   server_bridge_netmask = 0.0.0.0
Wed Jul 29 00:34:42 2020   server_bridge_pool_start = 0.0.0.0
Wed Jul 29 00:34:42 2020   server_bridge_pool_end = 0.0.0.0
Wed Jul 29 00:34:42 2020   ifconfig_pool_defined = DISABLED
Wed Jul 29 00:34:42 2020   ifconfig_pool_start = 0.0.0.0
Wed Jul 29 00:34:42 2020   ifconfig_pool_end = 0.0.0.0
Wed Jul 29 00:34:42 2020   ifconfig_pool_netmask = 0.0.0.0
Wed Jul 29 00:34:42 2020   ifconfig_pool_persist_filename = '[UNDEF]'
Wed Jul 29 00:34:42 2020   ifconfig_pool_persist_refresh_freq = 600
Wed Jul 29 00:34:42 2020   ifconfig_ipv6_pool_defined = DISABLED
Wed Jul 29 00:34:42 2020   ifconfig_ipv6_pool_base = ::
Wed Jul 29 00:34:42 2020   ifconfig_ipv6_pool_netbits = 0
Wed Jul 29 00:34:42 2020   n_bcast_buf = 256
Wed Jul 29 00:34:42 2020   tcp_queue_limit = 64
Wed Jul 29 00:34:42 2020   real_hash_size = 256
Wed Jul 29 00:34:42 2020   virtual_hash_size = 256
Wed Jul 29 00:34:42 2020   client_connect_script = '[UNDEF]'
Wed Jul 29 00:34:42 2020   learn_address_script = '[UNDEF]'
Wed Jul 29 00:34:42 2020   client_disconnect_script = '[UNDEF]'
Wed Jul 29 00:34:42 2020   client_config_dir = '[UNDEF]'
Wed Jul 29 00:34:42 2020   ccd_exclusive = DISABLED
Wed Jul 29 00:34:42 2020   tmp_dir = 'C:\Users\Victor\AppData\Local\Temp\'
Wed Jul 29 00:34:42 2020   push_ifconfig_defined = DISABLED
Wed Jul 29 00:34:42 2020   push_ifconfig_local = 0.0.0.0
Wed Jul 29 00:34:42 2020   push_ifconfig_remote_netmask = 0.0.0.0
Wed Jul 29 00:34:42 2020   push_ifconfig_ipv6_defined = DISABLED
Wed Jul 29 00:34:42 2020   push_ifconfig_ipv6_local = ::/0
Wed Jul 29 00:34:42 2020   push_ifconfig_ipv6_remote = ::
Wed Jul 29 00:34:42 2020   enable_c2c = DISABLED
Wed Jul 29 00:34:42 2020   duplicate_cn = DISABLED
Wed Jul 29 00:34:42 2020   cf_max = 0
Wed Jul 29 00:34:42 2020   cf_per = 0
Wed Jul 29 00:34:42 2020   max_clients = 1024
Wed Jul 29 00:34:42 2020   max_routes_per_client = 256
Wed Jul 29 00:34:42 2020   auth_user_pass_verify_script = '[UNDEF]'
Wed Jul 29 00:34:42 2020   auth_user_pass_verify_script_via_file = DISABLED
Wed Jul 29 00:34:42 2020   auth_token_generate = DISABLED
Wed Jul 29 00:34:42 2020   auth_token_lifetime = 0
Wed Jul 29 00:34:42 2020   client = ENABLED
Wed Jul 29 00:34:42 2020   pull = ENABLED
Wed Jul 29 00:34:42 2020   auth_user_pass_file = '[UNDEF]'
Wed Jul 29 00:34:42 2020   show_net_up = DISABLED
Wed Jul 29 00:34:42 2020   route_method = 3
Wed Jul 29 00:34:42 2020   block_outside_dns = DISABLED
Wed Jul 29 00:34:42 2020   ip_win32_defined = DISABLED
Wed Jul 29 00:34:42 2020   ip_win32_type = 3
Wed Jul 29 00:34:42 2020   dhcp_masq_offset = 0
Wed Jul 29 00:34:42 2020   dhcp_lease_time = 31536000
Wed Jul 29 00:34:42 2020   tap_sleep = 0
Wed Jul 29 00:34:42 2020   dhcp_options = DISABLED
Wed Jul 29 00:34:42 2020   dhcp_renew = DISABLED
Wed Jul 29 00:34:42 2020   dhcp_pre_release = DISABLED
Wed Jul 29 00:34:42 2020   domain = '[UNDEF]'
Wed Jul 29 00:34:42 2020   netbios_scope = '[UNDEF]'
Wed Jul 29 00:34:42 2020   netbios_node_type = 0
Wed Jul 29 00:34:42 2020   disable_nbt = DISABLED
Wed Jul 29 00:34:42 2020 OpenVPN 2.4.9 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Apr 16 2020
Wed Jul 29 00:34:42 2020 Windows version 6.2 (Windows 8 or greater) 64bit
Wed Jul 29 00:34:42 2020 library versions: OpenSSL 1.1.1f  31 Mar 2020, LZO 2.10
Wed Jul 29 00:34:42 2020 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Wed Jul 29 00:34:42 2020 Need hold release from management interface, waiting...
Wed Jul 29 00:34:42 2020 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Wed Jul 29 00:34:43 2020 MANAGEMENT: CMD 'state on'
Wed Jul 29 00:34:43 2020 MANAGEMENT: CMD 'log all on'
Wed Jul 29 00:34:43 2020 MANAGEMENT: CMD 'echo all on'
Wed Jul 29 00:34:43 2020 MANAGEMENT: CMD 'bytecount 5'
Wed Jul 29 00:34:43 2020 MANAGEMENT: CMD 'hold off'
Wed Jul 29 00:34:43 2020 MANAGEMENT: CMD 'hold release'
Wed Jul 29 00:34:43 2020 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Wed Jul 29 00:34:43 2020 Control Channel MTU parms [ L:1623 D:1210 EF:40 EB:0 ET:0 EL:3 ]
Wed Jul 29 00:34:43 2020 Data Channel MTU parms [ L:1623 D:1450 EF:123 EB:406 ET:0 EL:3 ]
Wed Jul 29 00:34:43 2020 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_CLIENT,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Wed Jul 29 00:34:43 2020 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_SERVER,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Wed Jul 29 00:34:43 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]213.159.209.98:1094
Wed Jul 29 00:34:43 2020 Socket Buffers: R=[65536->65536] S=[65536->65536]
Wed Jul 29 00:34:43 2020 Attempting to establish TCP connection with [AF_INET]213.159.209.98:1094 [nonblock]
Wed Jul 29 00:34:43 2020 MANAGEMENT: >STATE:1595972083,TCP_CONNECT,,,,,,
Wed Jul 29 00:36:43 2020 TCP: connect to [AF_INET]213.159.209.98:1094 failed: Unknown error
Wed Jul 29 00:36:43 2020 SIGUSR1[connection failed(soft),init_instance] received, process restarting
Wed Jul 29 00:36:43 2020 MANAGEMENT: >STATE:1595972203,RECONNECTING,init_instance,,,,,
Wed Jul 29 00:36:43 2020 Restart pause, 5 second(s)
Wed Jul 29 00:36:48 2020 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Wed Jul 29 00:36:48 2020 Re-using SSL/TLS context
Wed Jul 29 00:36:48 2020 Control Channel MTU parms [ L:1623 D:1210 EF:40 EB:0 ET:0 EL:3 ]
Wed Jul 29 00:36:48 2020 Data Channel MTU parms [ L:1623 D:1450 EF:123 EB:406 ET:0 EL:3 ]
Wed Jul 29 00:36:48 2020 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_CLIENT,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Wed Jul 29 00:36:48 2020 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_SERVER,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Wed Jul 29 00:36:48 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]213.159.209.98:1094
Wed Jul 29 00:36:48 2020 Socket Buffers: R=[65536->65536] S=[65536->65536]
Wed Jul 29 00:36:48 2020 Attempting to establish TCP connection with [AF_INET]213.159.209.98:1094 [nonblock]
Wed Jul 29 00:36:48 2020 MANAGEMENT: >STATE:1595972208,TCP_CONNECT,,,,,,
Wed Jul 29 00:38:48 2020 TCP: connect to [AF_INET]213.159.209.98:1094 failed: Unknown error
Wed Jul 29 00:38:48 2020 SIGUSR1[connection failed(soft),init_instance] received, process restarting
Wed Jul 29 00:38:48 2020 MANAGEMENT: >STATE:1595972328,RECONNECTING,init_instance,,,,,
Wed Jul 29 00:38:48 2020 Restart pause, 5 second(s)
Wed Jul 29 00:38:53 2020 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Wed Jul 29 00:38:53 2020 Re-using SSL/TLS context
Wed Jul 29 00:38:53 2020 Control Channel MTU parms [ L:1623 D:1210 EF:40 EB:0 ET:0 EL:3 ]
Wed Jul 29 00:38:53 2020 Data Channel MTU parms [ L:1623 D:1450 EF:123 EB:406 ET:0 EL:3 ]
Wed Jul 29 00:38:53 2020 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_CLIENT,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Wed Jul 29 00:38:53 2020 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_SERVER,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Wed Jul 29 00:38:53 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]213.159.209.98:1094
Wed Jul 29 00:38:53 2020 Socket Buffers: R=[65536->65536] S=[65536->65536]
Wed Jul 29 00:38:53 2020 Attempting to establish TCP connection with [AF_INET]213.159.209.98:1094 [nonblock]
Wed Jul 29 00:38:53 2020 MANAGEMENT: >STATE:1595972333,TCP_CONNECT,,,,,,
Wed Jul 29 00:40:53 2020 TCP: connect to [AF_INET]213.159.209.98:1094 failed: Unknown error
Wed Jul 29 00:40:53 2020 SIGUSR1[connection failed(soft),init_instance] received, process restarting
Wed Jul 29 00:40:53 2020 MANAGEMENT: >STATE:1595972453,RECONNECTING,init_instance,,,,,
Wed Jul 29 00:40:53 2020 Restart pause, 5 second(s)
Wed Jul 29 00:40:58 2020 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Wed Jul 29 00:40:58 2020 Re-using SSL/TLS context
Wed Jul 29 00:40:58 2020 Control Channel MTU parms [ L:1623 D:1210 EF:40 EB:0 ET:0 EL:3 ]
Wed Jul 29 00:40:58 2020 Data Channel MTU parms [ L:1623 D:1450 EF:123 EB:406 ET:0 EL:3 ]
Wed Jul 29 00:40:58 2020 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_CLIENT,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Wed Jul 29 00:40:58 2020 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_SERVER,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Wed Jul 29 00:40:58 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]213.159.209.98:1094
Wed Jul 29 00:40:58 2020 Socket Buffers: R=[65536->65536] S=[65536->65536]
Wed Jul 29 00:40:58 2020 Attempting to establish TCP connection with [AF_INET]213.159.209.98:1094 [nonblock]
Wed Jul 29 00:40:58 2020 MANAGEMENT: >STATE:1595972458,TCP_CONNECT,,,,,,
Wed Jul 29 00:42:58 2020 TCP: connect to [AF_INET]213.159.209.98:1094 failed: Unknown error
Wed Jul 29 00:42:58 2020 SIGUSR1[connection failed(soft),init_instance] received, process restarting
Wed Jul 29 00:42:58 2020 MANAGEMENT: >STATE:1595972578,RECONNECTING,init_instance,,,,,
Wed Jul 29 00:42:58 2020 Restart pause, 5 second(s)
Wed Jul 29 00:43:03 2020 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Wed Jul 29 00:43:03 2020 Re-using SSL/TLS context
Wed Jul 29 00:43:03 2020 Control Channel MTU parms [ L:1623 D:1210 EF:40 EB:0 ET:0 EL:3 ]
Wed Jul 29 00:43:03 2020 Data Channel MTU parms [ L:1623 D:1450 EF:123 EB:406 ET:0 EL:3 ]
Wed Jul 29 00:43:03 2020 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_CLIENT,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Wed Jul 29 00:43:03 2020 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_SERVER,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Wed Jul 29 00:43:03 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]213.159.209.98:1094
Wed Jul 29 00:43:03 2020 Socket Buffers: R=[65536->65536] S=[65536->65536]
Wed Jul 29 00:43:03 2020 Attempting to establish TCP connection with [AF_INET]213.159.209.98:1094 [nonblock]
Wed Jul 29 00:43:03 2020 MANAGEMENT: >STATE:1595972583,TCP_CONNECT,,,,,,
Wed Jul 29 00:45:03 2020 TCP: connect to [AF_INET]213.159.209.98:1094 failed: Unknown error
Wed Jul 29 00:45:03 2020 SIGUSR1[connection failed(soft),init_instance] received, process restarting
Wed Jul 29 00:45:03 2020 MANAGEMENT: >STATE:1595972703,RECONNECTING,init_instance,,,,,
Wed Jul 29 00:45:03 2020 Restart pause, 10 second(s)
Wed Jul 29 00:45:13 2020 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Wed Jul 29 00:45:13 2020 Re-using SSL/TLS context
Wed Jul 29 00:45:13 2020 Control Channel MTU parms [ L:1623 D:1210 EF:40 EB:0 ET:0 EL:3 ]
Wed Jul 29 00:45:13 2020 Data Channel MTU parms [ L:1623 D:1450 EF:123 EB:406 ET:0 EL:3 ]
Wed Jul 29 00:45:13 2020 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_CLIENT,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Wed Jul 29 00:45:13 2020 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_SERVER,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Wed Jul 29 00:45:13 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]213.159.209.98:1094
Wed Jul 29 00:45:13 2020 Socket Buffers: R=[65536->65536] S=[65536->65536]
Wed Jul 29 00:45:13 2020 Attempting to establish TCP connection with [AF_INET]213.159.209.98:1094 [nonblock]
Wed Jul 29 00:45:13 2020 MANAGEMENT: >STATE:1595972713,TCP_CONNECT,,,,,,
Wed Jul 29 00:47:13 2020 TCP: connect to [AF_INET]213.159.209.98:1094 failed: Unknown error
Wed Jul 29 00:47:13 2020 SIGUSR1[connection failed(soft),init_instance] received, process restarting
Wed Jul 29 00:47:13 2020 MANAGEMENT: >STATE:1595972833,RECONNECTING,init_instance,,,,,
Wed Jul 29 00:47:13 2020 Restart pause, 20 second(s)
Wed Jul 29 00:47:33 2020 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Wed Jul 29 00:47:33 2020 Re-using SSL/TLS context
Wed Jul 29 00:47:33 2020 Control Channel MTU parms [ L:1623 D:1210 EF:40 EB:0 ET:0 EL:3 ]
Wed Jul 29 00:47:33 2020 Data Channel MTU parms [ L:1623 D:1450 EF:123 EB:406 ET:0 EL:3 ]
Wed Jul 29 00:47:33 2020 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_CLIENT,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Wed Jul 29 00:47:33 2020 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_SERVER,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Wed Jul 29 00:47:33 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]213.159.209.98:1094
Wed Jul 29 00:47:33 2020 Socket Buffers: R=[65536->65536] S=[65536->65536]
Wed Jul 29 00:47:33 2020 Attempting to establish TCP connection with [AF_INET]213.159.209.98:1094 [nonblock]
Wed Jul 29 00:47:33 2020 MANAGEMENT: >STATE:1595972853,TCP_CONNECT,,,,,,
Wed Jul 29 00:49:33 2020 TCP: connect to [AF_INET]213.159.209.98:1094 failed: Unknown error
Wed Jul 29 00:49:33 2020 SIGUSR1[connection failed(soft),init_instance] received, process restarting
Wed Jul 29 00:49:33 2020 MANAGEMENT: >STATE:1595972973,RECONNECTING,init_instance,,,,,
Wed Jul 29 00:49:33 2020 Restart pause, 40 second(s)
Wed Jul 29 00:50:13 2020 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Wed Jul 29 00:50:13 2020 Re-using SSL/TLS context
Wed Jul 29 00:50:13 2020 Control Channel MTU parms [ L:1623 D:1210 EF:40 EB:0 ET:0 EL:3 ]
Wed Jul 29 00:50:13 2020 Data Channel MTU parms [ L:1623 D:1450 EF:123 EB:406 ET:0 EL:3 ]
Wed Jul 29 00:50:13 2020 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_CLIENT,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Wed Jul 29 00:50:13 2020 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_SERVER,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Wed Jul 29 00:50:13 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]213.159.209.98:1094
Wed Jul 29 00:50:13 2020 Socket Buffers: R=[65536->65536] S=[65536->65536]
Wed Jul 29 00:50:13 2020 Attempting to establish TCP connection with [AF_INET]213.159.209.98:1094 [nonblock]
Wed Jul 29 00:50:13 2020 MANAGEMENT: >STATE:1595973013,TCP_CONNECT,,,,,,
Wed Jul 29 00:52:13 2020 TCP: connect to [AF_INET]213.159.209.98:1094 failed: Unknown error
Wed Jul 29 00:52:13 2020 SIGUSR1[connection failed(soft),init_instance] received, process restarting
Wed Jul 29 00:52:13 2020 MANAGEMENT: >STATE:1595973133,RECONNECTING,init_instance,,,,,
Wed Jul 29 00:52:13 2020 Restart pause, 80 second(s)
Wed Jul 29 00:53:33 2020 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Wed Jul 29 00:53:33 2020 Re-using SSL/TLS context
Wed Jul 29 00:53:33 2020 Control Channel MTU parms [ L:1623 D:1210 EF:40 EB:0 ET:0 EL:3 ]
Wed Jul 29 00:53:33 2020 Data Channel MTU parms [ L:1623 D:1450 EF:123 EB:406 ET:0 EL:3 ]
Wed Jul 29 00:53:33 2020 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_CLIENT,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Wed Jul 29 00:53:33 2020 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_SERVER,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Wed Jul 29 00:53:33 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]213.159.209.98:1094
Wed Jul 29 00:53:33 2020 Socket Buffers: R=[65536->65536] S=[65536->65536]
Wed Jul 29 00:53:33 2020 Attempting to establish TCP connection with [AF_INET]213.159.209.98:1094 [nonblock]
Wed Jul 29 00:53:33 2020 MANAGEMENT: >STATE:1595973213,TCP_CONNECT,,,,,,
Wed Jul 29 00:55:33 2020 TCP: connect to [AF_INET]213.159.209.98:1094 failed: Unknown error
Wed Jul 29 00:55:33 2020 SIGUSR1[connection failed(soft),init_instance] received, process restarting
Wed Jul 29 00:55:33 2020 MANAGEMENT: >STATE:1595973333,RECONNECTING,init_instance,,,,,
Wed Jul 29 00:55:33 2020 Restart pause, 160 second(s)
Wed Jul 29 00:58:13 2020 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Wed Jul 29 00:58:13 2020 Re-using SSL/TLS context
Wed Jul 29 00:58:13 2020 Control Channel MTU parms [ L:1623 D:1210 EF:40 EB:0 ET:0 EL:3 ]
Wed Jul 29 00:58:13 2020 Data Channel MTU parms [ L:1623 D:1450 EF:123 EB:406 ET:0 EL:3 ]
Wed Jul 29 00:58:13 2020 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_CLIENT,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Wed Jul 29 00:58:13 2020 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_SERVER,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Wed Jul 29 00:58:13 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]213.159.209.98:1094
Wed Jul 29 00:58:13 2020 Socket Buffers: R=[65536->65536] S=[65536->65536]
Wed Jul 29 00:58:13 2020 Attempting to establish TCP connection with [AF_INET]213.159.209.98:1094 [nonblock]
Wed Jul 29 00:58:13 2020 MANAGEMENT: >STATE:1595973493,TCP_CONNECT,,,,,,
Wed Jul 29 01:00:13 2020 TCP: connect to [AF_INET]213.159.209.98:1094 failed: Unknown error
Wed Jul 29 01:00:13 2020 SIGUSR1[connection failed(soft),init_instance] received, process restarting
Wed Jul 29 01:00:13 2020 MANAGEMENT: >STATE:1595973613,RECONNECTING,init_instance,,,,,
Wed Jul 29 01:00:13 2020 Restart pause, 300 second(s)

Output on server:

Code: Select all

#openvpn /etc/openvpn/server/server.conf
Wed Jul 29 00:34:35 2020 us=835988 Current Parameter Settings:
Wed Jul 29 00:34:35 2020 us=836208   config = '/etc/openvpn/server/server.conf'
Wed Jul 29 00:34:35 2020 us=836225   mode = 1
Wed Jul 29 00:34:35 2020 us=836237   persist_config = DISABLED
Wed Jul 29 00:34:35 2020 us=836248   persist_mode = 1
Wed Jul 29 00:34:35 2020 us=836258   show_ciphers = DISABLED
Wed Jul 29 00:34:35 2020 us=836269   show_digests = DISABLED
Wed Jul 29 00:34:35 2020 us=836280   show_engines = DISABLED
Wed Jul 29 00:34:35 2020 us=836292   genkey = DISABLED
Wed Jul 29 00:34:35 2020 us=836302   key_pass_file = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=836313   show_tls_ciphers = DISABLED
Wed Jul 29 00:34:35 2020 us=836323   connect_retry_max = 0
Wed Jul 29 00:34:35 2020 us=836334 Connection profiles [0]:
Wed Jul 29 00:34:35 2020 us=836345   proto = tcp-server
Wed Jul 29 00:34:35 2020 us=836356   local = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=836378   local_port = '1094'
Wed Jul 29 00:34:35 2020 us=836390   remote = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=836400   remote_port = '1094'
Wed Jul 29 00:34:35 2020 us=836410   remote_float = DISABLED
Wed Jul 29 00:34:35 2020 us=836421   bind_defined = DISABLED
Wed Jul 29 00:34:35 2020 us=836431   bind_local = ENABLED
Wed Jul 29 00:34:35 2020 us=836442   bind_ipv6_only = DISABLED
Wed Jul 29 00:34:35 2020 us=836453   connect_retry_seconds = 5
Wed Jul 29 00:34:35 2020 us=836464   connect_timeout = 120
Wed Jul 29 00:34:35 2020 us=836475   socks_proxy_server = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=836509   socks_proxy_port = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=836520   tun_mtu = 1500
Wed Jul 29 00:34:35 2020 us=836531   tun_mtu_defined = ENABLED
Wed Jul 29 00:34:35 2020 us=836542   link_mtu = 1500
Wed Jul 29 00:34:35 2020 us=836553   link_mtu_defined = DISABLED
Wed Jul 29 00:34:35 2020 us=836563   tun_mtu_extra = 0
Wed Jul 29 00:34:35 2020 us=836574   tun_mtu_extra_defined = DISABLED
Wed Jul 29 00:34:35 2020 us=836585   mtu_discover_type = -1
Wed Jul 29 00:34:35 2020 us=836600   fragment = 0
Wed Jul 29 00:34:35 2020 us=836610   mssfix = 1450
Wed Jul 29 00:34:35 2020 us=836621   explicit_exit_notification = 0
Wed Jul 29 00:34:35 2020 us=836632 Connection profiles END
Wed Jul 29 00:34:35 2020 us=836642   remote_random = DISABLED
Wed Jul 29 00:34:35 2020 us=836652   ipchange = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=836663   dev = 'tun'
Wed Jul 29 00:34:35 2020 us=836675   dev_type = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=836685   dev_node = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=836695   lladdr = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=836706   topology = 1
Wed Jul 29 00:34:35 2020 us=836717   ifconfig_local = '192.168.10.1'
Wed Jul 29 00:34:35 2020 us=836728   ifconfig_remote_netmask = '192.168.10.2'
Wed Jul 29 00:34:35 2020 us=836739   ifconfig_noexec = DISABLED
Wed Jul 29 00:34:35 2020 us=836750   ifconfig_nowarn = DISABLED
Wed Jul 29 00:34:35 2020 us=836760   ifconfig_ipv6_local = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=836771   ifconfig_ipv6_netbits = 0
Wed Jul 29 00:34:35 2020 us=836782   ifconfig_ipv6_remote = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=836792   shaper = 0
Wed Jul 29 00:34:35 2020 us=836802   mtu_test = 0
Wed Jul 29 00:34:35 2020 us=836813   mlock = DISABLED
Wed Jul 29 00:34:35 2020 us=836823   keepalive_ping = 10
Wed Jul 29 00:34:35 2020 us=836834   keepalive_timeout = 120
Wed Jul 29 00:34:35 2020 us=836844   inactivity_timeout = 0
Wed Jul 29 00:34:35 2020 us=836855   ping_send_timeout = 10
Wed Jul 29 00:34:35 2020 us=836865   ping_rec_timeout = 240
Wed Jul 29 00:34:35 2020 us=836876   ping_rec_timeout_action = 2
Wed Jul 29 00:34:35 2020 us=836887   ping_timer_remote = DISABLED
Wed Jul 29 00:34:35 2020 us=836898   remap_sigusr1 = 0
Wed Jul 29 00:34:35 2020 us=836908   persist_tun = ENABLED
Wed Jul 29 00:34:35 2020 us=836919   persist_local_ip = DISABLED
Wed Jul 29 00:34:35 2020 us=836930   persist_remote_ip = DISABLED
Wed Jul 29 00:34:35 2020 us=836940   persist_key = ENABLED
Wed Jul 29 00:34:35 2020 us=836952   passtos = DISABLED
Wed Jul 29 00:34:35 2020 us=836986   resolve_retry_seconds = 1000000000
Wed Jul 29 00:34:35 2020 us=836998   resolve_in_advance = DISABLED
Wed Jul 29 00:34:35 2020 us=837009   username = 'nobody'
Wed Jul 29 00:34:35 2020 us=837019   groupname = 'nobody'
Wed Jul 29 00:34:35 2020 us=837030   chroot_dir = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=837040   cd_dir = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=837050   selinux_context = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=837072   writepid = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=837083   up_script = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=837094   down_script = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=837105   down_pre = DISABLED
Wed Jul 29 00:34:35 2020 us=837116   up_restart = DISABLED
Wed Jul 29 00:34:35 2020 us=837127   up_delay = DISABLED
Wed Jul 29 00:34:35 2020 us=837137   daemon = DISABLED
Wed Jul 29 00:34:35 2020 us=837148   inetd = 0
Wed Jul 29 00:34:35 2020 us=837159   log = DISABLED
Wed Jul 29 00:34:35 2020 us=837170   suppress_timestamps = DISABLED
Wed Jul 29 00:34:35 2020 us=837180   machine_readable_output = DISABLED
Wed Jul 29 00:34:35 2020 us=837192   nice = 0
Wed Jul 29 00:34:35 2020 us=837211   verbosity = 6
Wed Jul 29 00:34:35 2020 us=837222   mute = 0
Wed Jul 29 00:34:35 2020 us=837233   gremlin = 0
Wed Jul 29 00:34:35 2020 us=837243   status_file = 'openvpn-status.log'
Wed Jul 29 00:34:35 2020 us=837260   status_file_version = 1
Wed Jul 29 00:34:35 2020 us=837271   status_file_update_freq = 60
Wed Jul 29 00:34:35 2020 us=837282   occ = ENABLED
Wed Jul 29 00:34:35 2020 us=837292   rcvbuf = 0
Wed Jul 29 00:34:35 2020 us=837310   sndbuf = 0
Wed Jul 29 00:34:35 2020 us=837321   mark = 0
Wed Jul 29 00:34:35 2020 us=837331   sockflags = 0
Wed Jul 29 00:34:35 2020 us=837342   fast_io = DISABLED
Wed Jul 29 00:34:35 2020 us=837353   comp.alg = 0
Wed Jul 29 00:34:35 2020 us=837378   comp.flags = 0
Wed Jul 29 00:34:35 2020 us=837389   route_script = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=837400   route_default_gateway = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=837411   route_default_metric = 0
Wed Jul 29 00:34:35 2020 us=837427   route_noexec = DISABLED
Wed Jul 29 00:34:35 2020 us=837438   route_delay = 0
Wed Jul 29 00:34:35 2020 us=837448   route_delay_window = 30
Wed Jul 29 00:34:35 2020 us=837458   route_delay_defined = DISABLED
Wed Jul 29 00:34:35 2020 us=837469   route_nopull = DISABLED
Wed Jul 29 00:34:35 2020 us=837480   route_gateway_via_dhcp = DISABLED
Wed Jul 29 00:34:35 2020 us=837490   allow_pull_fqdn = DISABLED
Wed Jul 29 00:34:35 2020 us=837503   route 192.168.10.0/255.255.255.0/default (n                                                                                                             ot set)/default (not set)
Wed Jul 29 00:34:35 2020 us=837514   management_addr = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=837525   management_port = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=837543   management_user_pass = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=837554   management_log_history_cache = 250
Wed Jul 29 00:34:35 2020 us=837565   management_echo_buffer_size = 100
Wed Jul 29 00:34:35 2020 us=837582   management_write_peer_info_file = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=837594   management_client_user = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=837604   management_client_group = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=838029   management_flags = 0
Wed Jul 29 00:34:35 2020 us=838049   shared_secret_file = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=838061   key_direction = not set
Wed Jul 29 00:34:35 2020 us=838072   ciphername = 'AES-256-CBC'
Wed Jul 29 00:34:35 2020 us=838082   ncp_enabled = ENABLED
Wed Jul 29 00:34:35 2020 us=838098   ncp_ciphers = 'AES-256-GCM:AES-128-GCM'
Wed Jul 29 00:34:35 2020 us=838110   authname = 'SHA1'
Wed Jul 29 00:34:35 2020 us=838120   prng_hash = 'SHA1'
Wed Jul 29 00:34:35 2020 us=838131   prng_nonce_secret_len = 16
Wed Jul 29 00:34:35 2020 us=838141   keysize = 0
Wed Jul 29 00:34:35 2020 us=838152   engine = DISABLED
Wed Jul 29 00:34:35 2020 us=838162   replay = ENABLED
Wed Jul 29 00:34:35 2020 us=838173   mute_replay_warnings = DISABLED
Wed Jul 29 00:34:35 2020 us=838183   replay_window = 64
Wed Jul 29 00:34:35 2020 us=838194   replay_time = 15
Wed Jul 29 00:34:35 2020 us=838204   packet_id_file = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=838215   use_iv = ENABLED
Wed Jul 29 00:34:35 2020 us=838225   test_crypto = DISABLED
Wed Jul 29 00:34:35 2020 us=838235   tls_server = ENABLED
Wed Jul 29 00:34:35 2020 us=838246   tls_client = DISABLED
Wed Jul 29 00:34:35 2020 us=838256   key_method = 2
Wed Jul 29 00:34:35 2020 us=838267   ca_file = '/etc/openvpn/keys/ca.crt'
Wed Jul 29 00:34:35 2020 us=838278   ca_path = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=838289   dh_file = '/etc/openvpn/certs/dh.pem'
Wed Jul 29 00:34:35 2020 us=838300   cert_file = '/etc/openvpn/keys/victor-serve                                                                                                             r.crt'
Wed Jul 29 00:34:35 2020 us=838311   extra_certs_file = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=838323   priv_key_file = '/etc/openvpn/keys/victor-s                                                                                                             erver.key'
Wed Jul 29 00:34:35 2020 us=838334   pkcs12_file = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=838344   cipher_list = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=838355   cipher_list_tls13 = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=838378   tls_cert_profile = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=838388   tls_verify = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=838399   tls_export_cert = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=838410   verify_x509_type = 0
Wed Jul 29 00:34:35 2020 us=838420   verify_x509_name = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=838431   crl_file = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=838441   ns_cert_type = 0
Wed Jul 29 00:34:35 2020 us=838452   remote_cert_ku[i] = 0
Wed Jul 29 00:34:35 2020 us=838463   remote_cert_ku[i] = 0
Wed Jul 29 00:34:35 2020 us=838473   remote_cert_ku[i] = 0
Wed Jul 29 00:34:35 2020 us=838484   remote_cert_ku[i] = 0
Wed Jul 29 00:34:35 2020 us=838494   remote_cert_ku[i] = 0
Wed Jul 29 00:34:35 2020 us=838505   remote_cert_ku[i] = 0
Wed Jul 29 00:34:35 2020 us=838516   remote_cert_ku[i] = 0
Wed Jul 29 00:34:35 2020 us=838526   remote_cert_ku[i] = 0
Wed Jul 29 00:34:35 2020 us=838536   remote_cert_ku[i] = 0
Wed Jul 29 00:34:35 2020 us=838547   remote_cert_ku[i] = 0
Wed Jul 29 00:34:35 2020 us=838558   remote_cert_ku[i] = 0
Wed Jul 29 00:34:35 2020 us=838569   remote_cert_ku[i] = 0
Wed Jul 29 00:34:35 2020 us=838579   remote_cert_ku[i] = 0
Wed Jul 29 00:34:35 2020 us=838589   remote_cert_ku[i] = 0
Wed Jul 29 00:34:35 2020 us=838600   remote_cert_ku[i] = 0
Wed Jul 29 00:34:35 2020 us=838610   remote_cert_ku[i] = 0
Wed Jul 29 00:34:35 2020 us=838621   remote_cert_eku = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=838631   ssl_flags = 0
Wed Jul 29 00:34:35 2020 us=838642   tls_timeout = 2
Wed Jul 29 00:34:35 2020 us=838652   renegotiate_bytes = -1
Wed Jul 29 00:34:35 2020 us=838663   renegotiate_packets = 0
Wed Jul 29 00:34:35 2020 us=838673   renegotiate_seconds = 3600
Wed Jul 29 00:34:35 2020 us=838684   handshake_window = 60
Wed Jul 29 00:34:35 2020 us=838695   transition_window = 3600
Wed Jul 29 00:34:35 2020 us=838706   single_session = DISABLED
Wed Jul 29 00:34:35 2020 us=838717   push_peer_info = DISABLED
Wed Jul 29 00:34:35 2020 us=838727   tls_exit = DISABLED
Wed Jul 29 00:34:35 2020 us=838738   tls_auth_file = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=838749   tls_crypt_file = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=838759   pkcs11_protected_authentication = DISABLED
Wed Jul 29 00:34:35 2020 us=838771   pkcs11_protected_authentication = DISABLED
Wed Jul 29 00:34:35 2020 us=838781   pkcs11_protected_authentication = DISABLED
Wed Jul 29 00:34:35 2020 us=838792   pkcs11_protected_authentication = DISABLED
Wed Jul 29 00:34:35 2020 us=838803   pkcs11_protected_authentication = DISABLED
Wed Jul 29 00:34:35 2020 us=838813   pkcs11_protected_authentication = DISABLED
Wed Jul 29 00:34:35 2020 us=838824   pkcs11_protected_authentication = DISABLED
Wed Jul 29 00:34:35 2020 us=838835   pkcs11_protected_authentication = DISABLED
Wed Jul 29 00:34:35 2020 us=838846   pkcs11_protected_authentication = DISABLED
Wed Jul 29 00:34:35 2020 us=838856   pkcs11_protected_authentication = DISABLED
Wed Jul 29 00:34:35 2020 us=838867   pkcs11_protected_authentication = DISABLED
Wed Jul 29 00:34:35 2020 us=838878   pkcs11_protected_authentication = DISABLED
Wed Jul 29 00:34:35 2020 us=838889   pkcs11_protected_authentication = DISABLED
Wed Jul 29 00:34:35 2020 us=838900   pkcs11_protected_authentication = DISABLED
Wed Jul 29 00:34:35 2020 us=838910   pkcs11_protected_authentication = DISABLED
Wed Jul 29 00:34:35 2020 us=838921   pkcs11_protected_authentication = DISABLED
Wed Jul 29 00:34:35 2020 us=838933   pkcs11_private_mode = 00000000
Wed Jul 29 00:34:35 2020 us=838944   pkcs11_private_mode = 00000000
Wed Jul 29 00:34:35 2020 us=838955   pkcs11_private_mode = 00000000
Wed Jul 29 00:34:35 2020 us=838986   pkcs11_private_mode = 00000000
Wed Jul 29 00:34:35 2020 us=838997   pkcs11_private_mode = 00000000
Wed Jul 29 00:34:35 2020 us=839007   pkcs11_private_mode = 00000000
Wed Jul 29 00:34:35 2020 us=839018   pkcs11_private_mode = 00000000
Wed Jul 29 00:34:35 2020 us=839029   pkcs11_private_mode = 00000000
Wed Jul 29 00:34:35 2020 us=839039   pkcs11_private_mode = 00000000
Wed Jul 29 00:34:35 2020 us=839050   pkcs11_private_mode = 00000000
Wed Jul 29 00:34:35 2020 us=839061   pkcs11_private_mode = 00000000
Wed Jul 29 00:34:35 2020 us=839071   pkcs11_private_mode = 00000000
Wed Jul 29 00:34:35 2020 us=839082   pkcs11_private_mode = 00000000
Wed Jul 29 00:34:35 2020 us=839092   pkcs11_private_mode = 00000000
Wed Jul 29 00:34:35 2020 us=839103   pkcs11_private_mode = 00000000
Wed Jul 29 00:34:35 2020 us=839114   pkcs11_private_mode = 00000000
Wed Jul 29 00:34:35 2020 us=839124   pkcs11_cert_private = DISABLED
Wed Jul 29 00:34:35 2020 us=839135   pkcs11_cert_private = DISABLED
Wed Jul 29 00:34:35 2020 us=839146   pkcs11_cert_private = DISABLED
Wed Jul 29 00:34:35 2020 us=839156   pkcs11_cert_private = DISABLED
Wed Jul 29 00:34:35 2020 us=839166   pkcs11_cert_private = DISABLED
Wed Jul 29 00:34:35 2020 us=839177   pkcs11_cert_private = DISABLED
Wed Jul 29 00:34:35 2020 us=839188   pkcs11_cert_private = DISABLED
Wed Jul 29 00:34:35 2020 us=839198   pkcs11_cert_private = DISABLED
Wed Jul 29 00:34:35 2020 us=839413   pkcs11_cert_private = DISABLED
Wed Jul 29 00:34:35 2020 us=839429   pkcs11_cert_private = DISABLED
Wed Jul 29 00:34:35 2020 us=839439   pkcs11_cert_private = DISABLED
Wed Jul 29 00:34:35 2020 us=839450   pkcs11_cert_private = DISABLED
Wed Jul 29 00:34:35 2020 us=839461   pkcs11_cert_private = DISABLED
Wed Jul 29 00:34:35 2020 us=839471   pkcs11_cert_private = DISABLED
Wed Jul 29 00:34:35 2020 us=839482   pkcs11_cert_private = DISABLED
Wed Jul 29 00:34:35 2020 us=839492   pkcs11_cert_private = DISABLED
Wed Jul 29 00:34:35 2020 us=839503   pkcs11_pin_cache_period = -1
Wed Jul 29 00:34:35 2020 us=839514   pkcs11_id = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=839525   pkcs11_id_management = DISABLED
Wed Jul 29 00:34:35 2020 us=839540   server_network = 192.168.10.0
Wed Jul 29 00:34:35 2020 us=839552   server_netmask = 255.255.255.0
Wed Jul 29 00:34:35 2020 us=839582   server_network_ipv6 = ::
Wed Jul 29 00:34:35 2020 us=839593   server_netbits_ipv6 = 0
Wed Jul 29 00:34:35 2020 us=839605   server_bridge_ip = 0.0.0.0
Wed Jul 29 00:34:35 2020 us=839617   server_bridge_netmask = 0.0.0.0
Wed Jul 29 00:34:35 2020 us=839628   server_bridge_pool_start = 0.0.0.0
Wed Jul 29 00:34:35 2020 us=839640   server_bridge_pool_end = 0.0.0.0
Wed Jul 29 00:34:35 2020 us=839652   push_entry = 'redirect-gateway def1 bypass-                                                                                                             dhcp'
Wed Jul 29 00:34:35 2020 us=839663   push_entry = 'route 192.168.10.0 255.255.25                                                                                                             5.0'
Wed Jul 29 00:34:35 2020 us=839674   push_entry = 'topology net30'
Wed Jul 29 00:34:35 2020 us=839685   push_entry = 'ping 10'
Wed Jul 29 00:34:35 2020 us=839696   push_entry = 'ping-restart 120'
Wed Jul 29 00:34:35 2020 us=839706   ifconfig_pool_defined = ENABLED
Wed Jul 29 00:34:35 2020 us=839718   ifconfig_pool_start = 192.168.10.4
Wed Jul 29 00:34:35 2020 us=839730   ifconfig_pool_end = 192.168.10.251
Wed Jul 29 00:34:35 2020 us=839741   ifconfig_pool_netmask = 0.0.0.0
Wed Jul 29 00:34:35 2020 us=839752   ifconfig_pool_persist_filename = 'ipp.txt'
Wed Jul 29 00:34:35 2020 us=839763   ifconfig_pool_persist_refresh_freq = 600
Wed Jul 29 00:34:35 2020 us=839774   ifconfig_ipv6_pool_defined = DISABLED
Wed Jul 29 00:34:35 2020 us=839786   ifconfig_ipv6_pool_base = ::
Wed Jul 29 00:34:35 2020 us=839797   ifconfig_ipv6_pool_netbits = 0
Wed Jul 29 00:34:35 2020 us=839807   n_bcast_buf = 256
Wed Jul 29 00:34:35 2020 us=839818   tcp_queue_limit = 64
Wed Jul 29 00:34:35 2020 us=839828   real_hash_size = 256
Wed Jul 29 00:34:35 2020 us=839839   virtual_hash_size = 256
Wed Jul 29 00:34:35 2020 us=839850   client_connect_script = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=839861   learn_address_script = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=839871   client_disconnect_script = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=839882   client_config_dir = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=839893   ccd_exclusive = DISABLED
Wed Jul 29 00:34:35 2020 us=839903   tmp_dir = '/tmp'
Wed Jul 29 00:34:35 2020 us=839914   push_ifconfig_defined = DISABLED
Wed Jul 29 00:34:35 2020 us=839926   push_ifconfig_local = 0.0.0.0
Wed Jul 29 00:34:35 2020 us=839937   push_ifconfig_remote_netmask = 0.0.0.0
Wed Jul 29 00:34:35 2020 us=839948   push_ifconfig_ipv6_defined = DISABLED
Wed Jul 29 00:34:35 2020 us=839982   push_ifconfig_ipv6_local = ::/0
Wed Jul 29 00:34:35 2020 us=839994   push_ifconfig_ipv6_remote = ::
Wed Jul 29 00:34:35 2020 us=840005   enable_c2c = ENABLED
Wed Jul 29 00:34:35 2020 us=840016   duplicate_cn = DISABLED
Wed Jul 29 00:34:35 2020 us=840026   cf_max = 0
Wed Jul 29 00:34:35 2020 us=840037   cf_per = 0
Wed Jul 29 00:34:35 2020 us=840047   max_clients = 1024
Wed Jul 29 00:34:35 2020 us=840058   max_routes_per_client = 256
Wed Jul 29 00:34:35 2020 us=840068   auth_user_pass_verify_script = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=840080   auth_user_pass_verify_script_via_file = DIS                                                                                                             ABLED
Wed Jul 29 00:34:35 2020 us=840091   auth_token_generate = DISABLED
Wed Jul 29 00:34:35 2020 us=840101   auth_token_lifetime = 0
Wed Jul 29 00:34:35 2020 us=840112   port_share_host = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=840123   port_share_port = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=840134   client = DISABLED
Wed Jul 29 00:34:35 2020 us=840144   pull = DISABLED
Wed Jul 29 00:34:35 2020 us=840155   auth_user_pass_file = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=840170 OpenVPN 2.4.9 x86_64-redhat-linux-gnu [Fedora                                                                                                              EPEL patched] [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD]                                                                                                              built on Apr 24 2020
Wed Jul 29 00:34:35 2020 us=840256 library versions: OpenSSL 1.0.2k-fips  26 Jan                                                                                                              2017, LZO 2.06
Wed Jul 29 00:34:35 2020 us=841804 Diffie-Hellman initialized with 2048 bit key
Wed Jul 29 00:34:35 2020 us=842727 TLS-Auth MTU parms [ L:1623 D:1210 EF:40 EB:0                                                                                                              ET:0 EL:3 ]
Wed Jul 29 00:34:35 2020 us=843258 ROUTE_GATEWAY 10.0.0.1
Wed Jul 29 00:34:35 2020 us=844451 TUN/TAP device tun0 opened
Wed Jul 29 00:34:35 2020 us=844495 TUN/TAP TX queue length set to 100
Wed Jul 29 00:34:35 2020 us=844517 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Wed Jul 29 00:34:35 2020 us=844542 /sbin/ip link set dev tun0 up mtu 1500
Wed Jul 29 00:34:35 2020 us=852293 /sbin/ip addr add dev tun0 local 192.168.10.1                                                                                                              peer 192.168.10.2
Wed Jul 29 00:34:35 2020 us=854695 /sbin/ip route add 192.168.10.0/24 via 192.16                                                                                                             8.10.2
Wed Jul 29 00:34:35 2020 us=856933 Data Channel MTU parms [ L:1623 D:1450 EF:123                                                                                                              EB:406 ET:0 EL:3 ]
Wed Jul 29 00:34:35 2020 us=857342 Could not determine IPv4/IPv6 protocol. Using                                                                                                              AF_INET
Wed Jul 29 00:34:35 2020 us=857417 Socket Buffers: R=[87380->87380] S=[16384->16                                                                                                             384]
Wed Jul 29 00:34:35 2020 us=857447 Listening for incoming TCP connection on [AF_                                                                                                             INET][undef]:1094
Wed Jul 29 00:34:35 2020 us=857464 TCPv4_SERVER link local (bound): [AF_INET][un                                                                                                             def]:1094
Wed Jul 29 00:34:35 2020 us=857473 TCPv4_SERVER link remote: [AF_UNSPEC]
Wed Jul 29 00:34:35 2020 us=857490 GID set to nobody
Wed Jul 29 00:34:35 2020 us=857514 UID set to nobody
Wed Jul 29 00:34:35 2020 us=857549 MULTI: multi_init called, r=256 v=256
Wed Jul 29 00:34:35 2020 us=857584 IFCONFIG POOL: base=192.168.10.4 size=62, ipv                                                                                                             6=0
Wed Jul 29 00:34:35 2020 us=857616 IFCONFIG POOL LIST
Wed Jul 29 00:34:35 2020 us=857653 MULTI: TCP INIT maxclients=1024 maxevents=102                                                                                                             8
Wed Jul 29 00:34:35 2020 us=857693 Initialization Sequence Completed

Client's config:

Code: Select all

client

;dev tap
dev tun

;dev-node OpenVPN

proto tcp
;proto udp

remote 213.159.209.98 1094
resolv-retry infinite 

nobind 

;user nobody
;group nobody

persist-key
persist-tun

ca C:\\OpenVPN\\certs\\ca.crt
cert C:\\OpenVPN\\certs\\victor-client.crt
key C:\\OpenVPN\\certs\\victor-client.key
dh /etc/openvpn/certs/dh.pem
#tls-auth ta.key 1

;ns-cert-type server

;route 192.168.10.0 255.255.255.0

#ifconfig-pool-persist ipp.txt 
 
;compress lz4-v2
;push "compress lz4-v2"
 
;max-clients 100

status C:\\OpenVPN\\log\\openvpn-status.log 1
status-version 3

;log         openvpn.log
log-append  openvpn.log
 
verb 6

Server's config: (CentOS 7)

Code: Select all

port 1094 
#port 53
 
proto tcp
;proto udp
 
;dev tap
dev tun
 
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/victor-server.crt
key /etc/openvpn/keys/victor-server.key
dh /etc/openvpn/certs/dh.pem
 
server 192.168.10.0 255.255.255.0
;iroute 192.168.8.0 255.255.255.0
 
ifconfig-pool-persist ipp.txt
client-to-client

push "redirect-gateway def1 bypass-dhcp"

;duplicate-cn
 
keepalive 10 120
 
cipher AES-256-CBC
 
user nobody
group nobody
 
persist-key
persist-tun
 
status openvpn-status.log
 
verb 6

Ping of server from client:

Code: Select all

ping 213.159.209.98

Обмен пакетами с 213.159.209.98 по с 32 байтами данных:
Ответ от 213.159.209.98: число байт=32 время=6мс TTL=53
Ответ от 213.159.209.98: число байт=32 время=4мс TTL=53
Ответ от 213.159.209.98: число байт=32 время=5мс TTL=53
Ответ от 213.159.209.98: число байт=32 время=4мс TTL=53

Статистика Ping для 213.159.209.98:
    Пакетов: отправлено = 4, получено = 4, потеряно = 0
    (0% потерь)
Приблизительное время приема-передачи в мс:
    Минимальное = 4мсек, Максимальное = 6 мсек, Среднее = 4 мсек

tcpdump on the server:

Code: Select all

# tcpdump port 1094
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
01:05:17.251648 IP 37-145-37-143.broadband.corbina.ru.55113 > myserver.fvds. ru.rootd: Flags [S], seq 3919669653, win 64240, options [mss 1460,nop,wscale 8,n op,nop,sackOK], length 0
01:05:20.254052 IP 37-145-37-143.broadband.corbina.ru.55113 > myserver.fvds. ru.rootd: Flags [S], seq 3919669653, win 64240, options [mss 1460,nop,wscale 8,n op,nop,sackOK], length 0
01:05:26.250678 IP 37-145-37-143.broadband.corbina.ru.55113 > myserver.fvds. ru.rootd: Flags [S], seq 3919669653, win 64240, options [mss 1460,nop,wscale 8,n op,nop,sackOK], length 0
01:05:26.723031 IP 37-145-37-143.broadband.corbina.ru.55119 > myserver.fvds. ru.rootd: Flags [S], seq 2675092632, win 64240, options [mss 1460,nop,wscale 8,n op,nop,sackOK], length 0
01:05:29.719333 IP 37-145-37-143.broadband.corbina.ru.55119 > myserver.fvds. ru.rootd: Flags [S], seq 2675092632, win 64240, options [mss 1460,nop,wscale 8,n op,nop,sackOK], length 0
01:05:35.718859 IP 37-145-37-143.broadband.corbina.ru.55119 > myserver.fvds. ru.rootd: Flags [S], seq 2675092632, win 64240, options [mss 1460,nop,wscale 8,n op,nop,sackOK], length 0
01:12:17.333980 IP 37-145-37-143.broadband.corbina.ru.55359 > myserver.fvds. ru.rootd: Flags [S], seq 3648063440, win 64240, options [mss 1460,nop,wscale 8,n op,nop,sackOK], length 0
01:12:20.329271 IP 37-145-37-143.broadband.corbina.ru.55359 > myserver.fvds. ru.rootd: Flags [S], seq 3648063440, win 64240, options [mss 1460,nop,wscale 8,n op,nop,sackOK], length 0
01:12:26.330063 IP 37-145-37-143.broadband.corbina.ru.55359 > myserver.fvds. ru.rootd: Flags [S], seq 3648063440, win 64240, options [mss 1460,nop,wscale 8,n op,nop,sackOK], length 0
01:12:26.911157 IP 37-145-37-143.broadband.corbina.ru.55366 > myserver.fvds. ru.rootd: Flags [S], seq 695729156, win 64240, options [mss 1460,nop,wscale 8,no p,nop,sackOK], length 0
01:12:29.909165 IP 37-145-37-143.broadband.corbina.ru.55366 > myserver.fvds. ru.rootd: Flags [S], seq 695729156, win 64240, options [mss 1460,nop,wscale 8,no p,nop,sackOK], length 0
01:12:35.909259 IP 37-145-37-143.broadband.corbina.ru.55366 > myserver.fvds. ru.rootd: Flags [S], seq 695729156, win 64240, options [mss 1460,nop,wscale 8,no p,nop,sackOK], length 0

Interfaces on the server:

Code: Select all

# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 213.159.209.98  netmask 255.255.255.255  broadcast 213.159.209.98
        inet6 fe80::5054:ff:fe59:ef19  prefixlen 64  scopeid 0x20<link>
        ether 52:54:00:59:ef:19  txqueuelen 1000  (Ethernet)
        RX packets 40184  bytes 3905902 (3.7 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 38868  bytes 8064728 (7.6 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

eth0:1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.31.16.37  netmask 255.255.255.255  broadcast 172.31.16.37
        ether 52:54:00:59:ef:19  txqueuelen 1000  (Ethernet)

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 503  bytes 44969 (43.9 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 503  bytes 44969 (43.9 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1500
        inet 192.168.10.1  netmask 255.255.255.255  destination 192.168.10.2
        inet6 fe80::7e7:a81d:dd90:10ae  prefixlen 64  scopeid 0x20<link>
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 100                                                                                                               (UNSPEC)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 3  bytes 144 (144.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

Firewall:

Code: Select all

# ps aux | grep firewall
root       528  0.0  1.5 358924 29124 ?        Ssl  июл28   0:01 /usr/bin/python2 -Es /usr/sbin/firewalld --nofork --nopid
root      8993  0.0  0.0 112836   972 pts/1    S+   01:19   0:00 grep --color=auto firewall

Code: Select all

# cat firewalld.conf
# firewalld config file

# default zone
# The default zone used if an empty zone string is used.
# Default: public
DefaultZone=public

# Minimal mark
# Marks up to this minimum are free for use for example in the direct
# interface. If more free marks are needed, increase the minimum
# Default: 100
MinimalMark=100

# Clean up on exit
# If set to no or false the firewall configuration will not get cleaned up
# on exit or stop of firewalld
# Default: yes
CleanupOnExit=yes

# Lockdown
# If set to enabled, firewall changes with the D-Bus interface will be limited
# to applications that are listed in the lockdown whitelist.
# The lockdown whitelist file is lockdown-whitelist.xml
# Default: no
Lockdown=no

# IPv6_rpfilter
# Performs a reverse path filter test on a packet for IPv6. If a reply to the
# packet would be sent via the same interface that the packet arrived on, the
# packet will match and be accepted, otherwise dropped.
# The rp_filter for IPv4 is controlled using sysctl.
# Default: yes
IPv6_rpfilter=yes

# IndividualCalls
# Do not use combined -restore calls, but individual calls. This increases the
# time that is needed to apply changes and to start the daemon, but is good for
# debugging.
# Default: no
IndividualCalls=no

# LogDenied
# Add logging rules right before reject and drop rules in the INPUT, FORWARD
# and OUTPUT chains for the default rules and also final reject and drop rules
# in zones. Possible values are: all, unicast, broadcast, multicast and off.
# Default: off
LogDenied=off

# AutomaticHelpers
# For the secure use of iptables and connection tracking helpers it is
# recommended to turn AutomaticHelpers off. But this might have side effects on
# other services using the netfilter helpers as the sysctl setting in
# /proc/sys/net/netfilter/nf_conntrack_helper will be changed.
# With the system setting, the default value set in the kernel or with sysctl
# will be used. Possible values are: yes, no and system.
# Default: system
AutomaticHelpers=system

# AllowZoneDrifting
# Older versions of firewalld had undocumented behavior known as "zone
# drifting". This allowed packets to ingress multiple zones - this is a
# violation of zone based firewalls. However, some users rely on this behavior
# to have a "catch-all" zone, e.g. the default zone. You can enable this if you
# desire such behavior. It's disabled by default for security reasons.
# Note: If "yes" packets will only drift from source based zones to interface
# based zones (including the default zone). Packets never drift from interface
# based zones to other interfaces based zones (including the default zone).
# Possible values; "yes", "no". Defaults to "yes".
AllowZoneDrifting=yes

Please help to connect clients and server and understand why it happens

jlehtone: Posts: 4530; Joined: 2007/12/11 08:17:33; Location: Finland

Re: Unknown problem with openvpn

Quote

Post by jlehtone » 2020/07/29 19:03:30

You have firewall, but what does it have?
(The firewalld.conf is mostly irrelevant.)

See https://access.redhat.com/documentation ... _firewalld

What zones do you have?

Code: Select all

sudo firewall-cmd --get-active-zones

If you haven't changed zones, then you have just 'public'.
What does it have?

Code: Select all

sudo firewall-cmd --zone=public --list-all

By default only services ssh and (something that I can't remember) are allowed. Not openvpn.

Is there 'openvpn' in:

Code: Select all

sudo firewall-cmd --get-services

If not, then define a service, or just allow port on the zone.

Firewalld simply manages rules that are in the kernel. If you want to see the actual rules, then:

Code: Select all

sudo iptables -S
sudo iptables -t nat -S
sudo iptables -t mangle -S

PS. The 'ifconfig' got a rival, iproute2, two decades ago. It can do:

Code: Select all

ip li
ip ad
ip ro

NetworkManager attempts to replace/complement iproute2. It can do:

Code: Select all

nmcli
nmcli d s
nmcli c s

Fireball: Posts: 2; Joined: 2020/07/28 21:36:59

Re: Unknown problem with openvpn

Quote

Post by Fireball » 2020/07/29 23:51:57

yes, thank you. I solved the problem by disabling firewalld and activating iptables.
problem was in the firewalld. But actually I didn't understand the problem because tcpdump could catch the packets and I thought everything is OK with packets going and didn't suspect the firewalld.

Code: Select all

systemctl stop firewalld
systemctl mask firewalld
systemctl enable iptables
systemctl start iptables
ps aux | grep iptables
iptables –flush
iptables -t nat -A POSTROUTING -s 192.168.10.0/24 -o eth0 -j MASQUERADE
iptables-save > /etc/sysconfig/iptables

and than

Code: Select all

vi /etc/sysctl.conf
net.ipv4.ip_forward = 1

Now, it works fine

jlehtone: Posts: 4530; Joined: 2007/12/11 08:17:33; Location: Finland

Re: Unknown problem with openvpn

Quote

Post by jlehtone » 2020/07/30 13:23:19

Ok, you moved from almost correct firewall (just one port to open) into no firewall at all. The only thing you do with iptables is NAT.

Post Reply

4 posts • Page 1 of 1

Return to “CentOS 7 - General Support”