openvpn / openvpn Goto Github PK
View Code? Open in Web Editor NEWOpenVPN is an open source VPN daemon
Home Page: http://openvpn.net
License: Other
OpenVPN is an open source VPN daemon
Home Page: http://openvpn.net
License: Other
OpenVPN -- A Secure tunneling daemon Copyright (C) 2002-2022 OpenVPN Inc. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License version 2 as published by the Free Software Foundation. ************************************************************************* To get the latest release of OpenVPN, go to: https://openvpn.net/community-downloads/ To Build and Install, tar -zxf openvpn-<version>.tar.gz cd openvpn-<version> ./configure make make install or see the file INSTALL for more info. For information on how to build OpenVPN on/for Windows with MinGW or MSVC see README.cmake.md. ************************************************************************* For detailed information on OpenVPN, including examples, see the man page http://openvpn.net/man.html For a sample VPN configuration, see http://openvpn.net/howto.html To report an issue, see https://github.com/OpenVPN/openvpn/issues/new (Note: We recently switched to GitHub for reporting new issues, old issues can be found at: https://community.openvpn.net/openvpn/report) For a description of OpenVPN's underlying protocol, see the file ssl.h included in the source distribution. ************************************************************************* Other Files & Directories: * configure.ac -- script to rebuild our configure script and makefile. * sample/sample-scripts/verify-cn A sample perl script which can be used with OpenVPN's --tls-verify option to provide a customized authentication test on embedded X509 certificate fields. * sample/sample-keys/ Sample RSA keys and certificates. DON'T USE THESE FILES FOR ANYTHING OTHER THAN TESTING BECAUSE THEY ARE TOTALLY INSECURE. * sample/sample-config-files/ A collection of OpenVPN config files and scripts from the HOWTO at http://openvpn.net/howto.html ************************************************************************* Note that easy-rsa and tap-windows are now maintained in their own subprojects. Their source code is available here: https://github.com/OpenVPN/easy-rsa https://github.com/OpenVPN/tap-windows6 Community-provided Windows installers (MSI) and Debian packages are built from https://github.com/OpenVPN/openvpn-build See the INSTALL file for usage information.
Hi! When installing any version of openvpn server in the log files, I get the following errors:
«Linux ip addr del failed: external program exited with error status: 2»
«RTNETLINK answers: Operation not permitted»
What does it mean? How to fix it?
To Reproduce
Install a VPN on the server.
To run.
View logs
OS: ubuntu 20.04 LTS
OpenVPN version: any
I am grateful for any help
Describe the bug
AUTH_FAILED message not sent from server to client after token expiration when using auth-gen-token and reneg-sec settings on the server. Instead it is sent after auth-gen-token + (reneg-sec * 2) which leads to a stalled client until AUTH_FAILED is received.
To Reproduce
use both auth-gen-token and reneg-sec
Expected behavior
The AUTH_FAILED message should be sent to the client as soon as the token is expired, or ideally the the client would be asked to re-authenticate before the old token expires and a new token is pushed to the client (as the man page eludes to).
Version information (please complete the following information):
Additional context
The 2.5 openvpn man page states for auth-gen-token:
"The token will expire either after the configured lifetime of the token is reached or after not being renewed for more than 2 * reneg-sec seconds."
The token still expires after the specified auth-gen-token lifetime so reneg-sec should not be factored into the AUTH_FAILED control message unless there's a way to prompt for re-authentication before expiration. Perhaps these two options should be completely independent.
Based on Trac issues 311 and 639 recreated here for better visibility and ease of follow up
Describe the bug
SIGTERM/SIGINT are lost in some cases leading to non-interruptible (or hard to interrupt) loops
To Reproduce
On Windows and Linux: use a bogus dns server and run the client preferably with with an unresolvable remote like
openvpn --client --remote foo.bar <other options>
When the process stalls in getaddrinfo()
press ctrl-C
. Instead of exiting, the connection will repeatedly restart after a couple of rounds of timeout in getaddrinfo()
. In this case ctrl-C
pressed during address resolution is lost on Linux.
Pressing ctrl-C
when the process is in sleep() (restart delay) does terminate the process on Linux. But, on Windows ctrl-C is always lost unless --management option
is also used.
Windows only: Just use an unresolvable remote with working dns server (but no --management
option) and the process goes into a SIGUSR1 restart loop that is not interruptible even during the restart delay.
Expected behaviour
On pressing ctrl-C or sending SIGTERM or SIGINT, the process should terminate once address resolution times out. Although getaddrinfo()
is not interruptible, the signal does get delivered during it and it should not be lost. On Windows, restart loops must be interruptible even if ---management
option is not used.
Version information (please complete the following information):
Additional context
As discussed under https://community.openvpn.net/openvpn/ticket/639, this appears to be caused by lower priority signals (SIGUSR1, for example) overwriting pending SIGTERM before it gets processed.
Propose to fix by
(i) set all signals through functions (no direct re-write of volatile variables)
(ii) prioritize signals in order of importance
(iii) On windows, signal is not picked up in openvpn_sleep() unless management is active. Fix this
(iv) use sigaction instead of old signal API
https://github.com/selvanair/openvpn/tree/signals
(iv) is may be too intrusive for 2.6 at this stage, but (i) to (iii) are simple and will fix the above buggy behaviour in practice, even if not fool-proof.
I had an issue with client-connect script execution. We do some operations in client-connect script which takes 20-30 seconds. During the execution of this script all traffic on the openvpn server is blocked, or not processed.
If I telnet into management port and run status
command there, then output of that command is returned after client-connect script done processing. During execution of this script, no other user is able to connect to openvpn-server.
To Reproduce
sleep(30);
in it.Expected behavior
I should be able to connect other users when client-connect for previous user is executing.
Version information (please complete the following information):
Additional context
As per this: https://community.openvpn.net/openvpn/ticket/1244
Same issue was fixed, but unable to get it working as expected.
Thanks,
Currently we lack support for the legacy
provider of OpenSSL:
.\openvpn --providers default legacy --show-ciphers
2022-12-05 13:30:49 OpenSSL: error:12800067:DSO support routines::could not load the shared library
2022-12-05 13:30:49 OpenSSL: error:12800067:DSO support routines::could not load the shared library
2022-12-05 13:30:49 OpenSSL: error:07880025:common libcrypto routines::reason(524325)
2022-12-05 13:30:49 failed to load provider 'legacy'
2022-12-05 13:30:49 Exiting due to fatal error
After manually copying the legacy.dll
running OpenSSL.exe still does not work since it has the wrong search path by default:
.\openssl.exe ciphers -provider legacy
ciphers: unable to load provider legacy
Hint: use -provider-path option or OPENSSL_MODULES environment variable.
586D0000:error:12800067:DSO support routines:win32_load:could not load the shared
library:crypto\dso\dso_win32.c:108:filename(C:\buildbot\windows-server-2019-static-msbuild\vcpkg\packages\openssl_x64-
windows-ovpn\bin\legacy.dll)
586D0000:error:12800067:DSO support routines:DSO_load:could not load the shared library:crypto\dso\dso_lib.c:152:
586D0000:error:07880025:common libcrypto routines:provider_init:reason(524325):crypto\provider_core.c:912:name=legacy
Manually adding the search path works:
.\openssl.exe ciphers -provider-path . -provider legacy -provider default
PS C:\Program Files\OpenVPN\bin> .\openssl.exe ciphers -provider-path . -provider legacy -provider default
TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:RSA-PSK-AES256-GCM-SHA384:DHE-PSK-AES256-GCM-SHA384:RSA-PSK-CHACHA20-POLY1305:DHE-PSK-CHACHA20-POLY1305:ECDHE-PSK-CHACHA20-POLY1305:AES256-GCM-SHA384:PSK-AES256-GCM-SHA384:PSK-CHACHA20-POLY1305:RSA-PSK-AES128-GCM-SHA256:DHE-PSK-AES128-GCM-SHA256:AES128-GCM-SHA256:PSK-AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:ECDHE-PSK-AES256-CBC-SHA384:ECDHE-PSK-AES256-CBC-SHA:SRP-RSA-AES-256-CBC-SHA:SRP-AES-256-CBC-SHA:RSA-PSK-AES256-CBC-SHA384:DHE-PSK-AES256-CBC-SHA384:RSA-PSK-AES256-CBC-SHA:DHE-PSK-AES256-CBC-SHA:AES256-SHA:PSK-AES256-CBC-SHA384:PSK-AES256-CBC-SHA:ECDHE-PSK-AES128-CBC-SHA256:ECDHE-PSK-AES128-CBC-SHA:SRP-RSA-AES-128-CBC-SHA:SRP-AES-128-CBC-SHA:RSA-PSK-AES128-CBC-SHA256:DHE-PSK-AES128-CBC-SHA256:RSA-PSK-AES128-CBC-SHA:DHE-PSK-AES128-CBC-SHA:AES128-SHA:PSK-AES128-CBC-SHA256:PSK-AES128-CBC-SHA
We could build OpenSSL with no-modules
to enable legacy provider as internal module but that probably also blocks/disables other features (it will internally enable the STATIC_LEGACY
define).
To enable it in OpenVPN, we need to define the environment variable as well:
PS C:\Program Files\OpenVPN\bin> $env:OPENSSL_MODULES='C:\Program Files\OpenVPN\bin'
PS C:\Program Files\OpenVPN\bin> .\openvpn --providers default legacy --show-ciphers
The following ciphers and cipher modes are available for use
with OpenVPN. Each cipher shown below may be used as a
parameter to the --data-ciphers (or --cipher) option. In static
key mode only CBC mode is allowed.
See also openssl list -cipher-algorithms
AES-128-CBC (128 bit key, 128 bit block)
AES-128-GCM (128 bit key, 128 bit block, TLS client/server mode only)
AES-192-CBC (192 bit key, 128 bit block)
[...]
BF-CBC (128 bit key, 64 bit block)
[...]
Will it make sense to have a status 4 returning the same information as status 2/3 but without the ROUTING_TABLE ?
Describe the bug
It would be nice, if it was possible to require certificate authentication and use a static challenge without username and password to make it possible to implement e.g. TOTP with a auth-user-pass-verify script. Static challenges are only activated if auth-user-pass is configured as well, this strictly requires a username and a password. We can configure static credentials with e.g. "auth-user-pass credentials.txt" and just add some static values in two lines in that file but it is not possible to store them inside the ovpn file as inline configuration parameter. This was actually promised for openvpn 2.4.x in the old bug ticket https://community.openvpn.net/openvpn/ticket/628 but unfortunately never implemented.
To Reproduce
add the following to your configuration:
<auth-user-pass>
username
password
</auth-user-pass>
Expected behavior
(1) I was hoping that OpenVPN would takeover the username for the username field and the string password for the password, however it only returns an error saying that this is not an inline parameter. It would also absolutely fine, if the contents of the inline parameter had to be base64 encoded.
(2) Additionally it would be great, if static-challenge would use an empty username and an empty password if auth-user-pass is not configured while static-challenge is.
Version information (please complete the following information):
Describe the bug
OpenVPN GUI scans config-auto.
To Reproduce
Expected behavior
Ovpn configs from the config-auto folder should not be displayed as described in config-auto\README.txt
Version information (please complete the following information):
Describe the bug
As we install user-specific nft-firewall-rules when the user logs into our OpenVPN-service, we need to run nftables-commands via sudo in our learn-address-scripts. When we tried to run 2.6-rc1/rc2 on Ubuntu 22.10 the scripts we used before throws the error sudo: unable to change to root gid: Operation not permitted
when calling the nft-binary via sudo.
This mechanism runs on our production-OpenVPN-Servers (currently with 2.5.8 on Ubuntu 20.04 LTS) since years without any problem. The configuration-snippet:
learn-address /path/to/scripts/openVPN-learnAddress
script-security 3
While testing OpenVPN 2.6-rc1/rc2 and the behaviour with the failing sudo occurred on our Testsystem (Ubuntu 22.10, OpenVPN 2.6-rc2), the Linux-Capabilities came to our attention. So I logged, with which capabilities the script is running (using /sbin/capsh --print
):
Logsnippet 2.6
Logsnippet OpenVPN 2.6_rc2 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] [DCO]
Jan 14 12:18:50 localhost openvpn[432999]: Current: =
Jan 14 12:18:50 localhost openvpn[432999]: Bounding set =
Jan 14 12:18:50 localhost openvpn[432999]: Ambient set =
Jan 14 12:18:50 localhost openvpn[432999]: Current IAB: !cap_chown,!cap_dac_override,!cap_dac_read_search,!cap_fowner,!cap_fsetid,!cap_kill,!cap_setgid,!cap_setuid,!cap_setpcap,!cap_linux_immutable,!cap_net_bind_service,!cap_net_broadcast,!cap_net_admin,!cap_net_raw,!cap_ipc_lock,!cap_ipc_owner,!cap_sys_module,!cap_sys_rawio,!cap_sys_chroot,!cap_sys_ptrace,!cap_sys_pacct,!cap_sys_admin,!cap_sys_boot,!cap_sys_nice,!cap_sys_resource,!cap_sys_time,!cap_sys_tty_config,!cap_mknod,!cap_lease,!cap_audit_write,!cap_audit_control,!cap_setfcap,!cap_mac_override,!cap_mac_admin,!cap_syslog,!cap_wake_alarm,!cap_block_suspend,!cap_audit_read,!cap_perfmon,!cap_bpf,!cap_checkpoint_restore
Jan 14 12:18:50 localhost openvpn[432999]: Securebits: 00/0x0/1'b0
Jan 14 12:18:50 localhost openvpn[432999]: secure-noroot: no (unlocked)
Jan 14 12:18:50 localhost openvpn[432999]: secure-no-suid-fixup: no (unlocked)
Jan 14 12:18:50 localhost openvpn[432999]: secure-keep-caps: no (unlocked)
Jan 14 12:18:50 localhost openvpn[432999]: secure-no-ambient-raise: no (unlocked)
Jan 14 12:18:50 localhost openvpn[432999]: uid=996(openvpn) euid=996(openvpn)
Jan 14 12:18:50 localhost openvpn[432999]: gid=996(openvpn)
Jan 14 12:18:50 localhost openvpn[432999]: groups=
Jan 14 12:18:50 localhost openvpn[432999]: Guessed mode: UNCERTAIN (0)
The same system with the same settings, downgraded to OpenVPN 2.5, works:
Logsnippet 2.5
Version: OpenVPN 2.5.8 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD]
Jan 14 13:39:50 localhost openvpn[435304]: Current: =
Jan 14 13:39:50 localhost openvpn[435304]: Bounding set =cap_dac_override,cap_setgid,cap_setuid,cap_net_bind_service,cap_net_admin,cap_net_raw,cap_ipc_lock,cap_sys_chroot,cap_audit_write
Jan 14 13:39:50 localhost openvpn[435304]: Ambient set =
Jan 14 13:39:50 localhost openvpn[435304]: Current IAB: !cap_chown,!cap_dac_read_search,!cap_fowner,!cap_fsetid,!cap_kill,!cap_setpcap,!cap_linux_immutable,!cap_net_broadcast,!cap_ipc_owner,!cap_sys_module,!cap_sys_rawio,!cap_sys_ptrace,!cap_sys_pacct,!cap_sys_admin,!cap_sys_boot,!cap_sys_nice,!cap_sys_resource,!cap_sys_time,!cap_sys_tty_config,!cap_mknod,!cap_lease,!cap_audit_control,!cap_setfcap,!cap_mac_override,!cap_mac_admin,!cap_syslog,!cap_wake_alarm,!cap_block_suspend,!cap_audit_read,!cap_perfmon,!cap_bpf,!cap_checkpoint_restore
Jan 14 13:39:50 localhost openvpn[435304]: Securebits: 00/0x0/1'b0
Jan 14 13:39:50 localhost openvpn[435304]: secure-noroot: no (unlocked)
Jan 14 13:39:50 localhost openvpn[435304]: secure-no-suid-fixup: no (unlocked)
Jan 14 13:39:50 localhost openvpn[435304]: secure-keep-caps: no (unlocked)
Jan 14 13:39:50 localhost openvpn[435304]: secure-no-ambient-raise: no (unlocked)
Jan 14 13:39:50 localhost openvpn[435304]: uid=996(openvpn) euid=996(openvpn)
Jan 14 13:39:50 localhost openvpn[435304]: gid=996(openvpn)
Jan 14 13:39:50 localhost openvpn[435304]: groups=996(openvpn)
Jan 14 13:39:50 localhost openvpn[435304]: Guessed mode: UNCERTAIN (0)
So the difference between these two is the "Bounding set", where setuid/setgid was allowed in 2.5.
Maybe OpenVPN is dropping too much privileges/capabilities in 2.6? Or is this wanted behavior, as this sudo-solution could potentially lead to security-issues? (In the latter case, we would have to rewrite our firewall-setup-phase).
To Reproduce
Run any command via sudo (for becoming another user) in a learn-address-script.
Expected behavior
Run the sudo-commands as called in the learn-address-script.
Version information (please complete the following information):
When iservice is unable to apply "block-outside-dns", access violation happens during undo phase.
Steps to reproduce:
There is a compatibility issue with dco driver and Sonicwall driver, but interactive service should not crash regardless of it. The access violation seem to happen inside WFP, but that does not excuse us :)
Describe the bug
2022-12-08 02:38:25 us=845277 VERIFY EKU OK
2022-12-08 02:38:25 us=845295 VERIFY OK: depth=0, CN=server
2022-12-08 02:38:25 us=921607 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256
2022-12-08 02:38:40 us=998290 TLS: soft reset sec=15/15 bytes=0/-1 pkts=0/0
2022-12-08 02:38:40 us=998991 Assertion failed at dco.c:175 (primary->dco_status != DCO_NOT_INSTALLED)
To Reproduce
A normal TLS setup was established, then after around 15+ successful TLS: soft reset this happens.
Config same as #192 (comment) except server dco disabled because TLS reneg doesn't work with it on
Expected behavior
Nothing happens
Version information (please complete the following information):
Describe the bug
As title, you can only set connect-retry >1.
Expected behavior
Normal TLS setup.
Or allow 0 so can restart server with SIGUSR1 without wait time.
Version information (please complete the following information):
Additional context
Doesn't realistically break anything, just code a simple check before it.
Since both wintun and dco-win set ip_win32_type
to IPW32_SET_NETSH
, having dhcp-option DNS 8.8.8.8
in config breaks it because of this code:
if (options->tuntap_options.dhcp_options
&& options->windows_driver != WINDOWS_DRIVER_WINTUN
&& options->tuntap_options.ip_win32_type != IPW32_SET_DHCP_MASQ
&& options->tuntap_options.ip_win32_type != IPW32_SET_ADAPTIVE)
{
msg(M_USAGE, "--dhcp-option requires --ip-win32 dynamic or adaptive");
}
A server using --auth-gen-token
outputs an erroneous log message stating password
verification, when ONLY an auth-token
has been verified -- at renegotiation time --reneg-sec
.
https://community.openvpn.net/openvpn/ticket/840#comment:6
Log example:
CLIENT-01/10.1.101.21:64070 TLS: Username/auth-token authentication succeeded for username 'dan10'
CLIENT-01/10.1.101.21:64070 TLS: Username/Password authentication succeeded for username 'dan10'
CLIENT-01/10.1.101.21:64070 SENT CONTROL [CLIENT-01]: 'PUSH_REPLY, auth-tokenSESS_ID' (status=1)
password
cannot be verified because password
was not sent, the client uses --auth-nocache
.
As discussed in the context of commit 9c6d72c (https://www.mail-archive.com/[email protected]/msg25926.html) the current "install routes on Windows, with metric" is quite ugly, with the Vista+ workaround of using increasing metric values in a loop until things succeed.
The correct fix is to move this all to CreateIpForwardEntry2()
and stop using the pre-Vista APIs.
This is something to tackle after 2.6 release, in the "early 2.7 cleanup / restructure" phase.
To Reproduce
Install Windows 11 22H2 (on VirtualBox in my case).
Configure L2TP/IPSec VPN connection with pre-shared key in built-in Windows VPN client. All needed settings can be done via GUI.
Add Registry Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent\AssumeUDPEncapsulationContextOnSendRule = 2
Reboot system.
Check that L2TP\IPSec connection can be established.
Install OpenVPN client community edition with default settings.
Check that L2TP\IPSec connection can not be established with error: "The L2TP connection attempt failed because the security layer encountered a processing error during the initial negotiations with the remote computer."
Uninstall OpenVPN client.
Check that L2TP\IPSec connection still can not be established with same error.
Expected behavior
L2TP/IPSec connection should work.
Version information (please complete the following information):
How to set the logging level for vpn server launched via systemd?
Verb directive from server config is not applied.
The unit file is not at all clear what launches: ExecStart=/bin/true
Describe the bug
with persist-tun:
2022-12-07 16:13:31 UDPv4 link local: (not bound)
2022-12-07 16:13:31 UDPv4 link remote: [AF_INET]**127.0.0.1:12345**
2022-12-07 16:13:31 dco_do_write: netlink reports error (-1): Unspecific failure
2022-12-07 16:13:31 dco_do_write: failed to send netlink message: No route to host (-113)
2022-12-07 16:13:31 write UDPv4 []: Success (fd=4,code=0)
2022-12-07 16:13:33 dco_do_write: netlink reports error (-1): Unspecific failure
2022-12-07 16:13:33 dco_do_write: failed to send netlink message: No route to host (-113)
2022-12-07 16:13:33 write UDPv4 []: Success (fd=4,code=0)
then stuck, not crashing, a SIGHUP can "fix" it
without persist-tun:
2022-12-07 16:13:31 UDPv4 link local: (not bound)
2022-12-07 16:13:31 UDPv4 link remote: [AF_INET]127.0.0.1:12345
crashed
To Reproduce
Ubuntu 22. dco on.
client config:
remote 127.0.0.1:12345
persist-local-ip
persist-remote-ip
persist-tun
persist-key
Expected behavior
2.5.8 good. remove persist-remote-ip is good as 2.5.8.
Version information (please complete the following information):
Installer:OpenVPN-2.6.0-I003-amd64.msi
OS: Windows 10 22H2 [10.0.19045.2546]
According to the reference manual:
--inactive args Causes OpenVPN to exit after n seconds of inactivity on the TUN/TAP device.
Valid syntaxes:
inactive n
inactive n bytes
The server push configuration is as follows: inactive 600 10000
The client will automatically disconnect when the time comes, no matter how much data is transferred.
The 2.4.x/2.5.x version is able to handle it correctly.
Key Log Information:
2023-01-29 20:57:38 OpenVPN 2.6.0 [git:v2.6.0/b999466418dddb89] Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] [DCO] built on Jan 25 2023
2023-01-29 20:57:38 Windows version 10.0 (Windows 10 or greater), amd64 executable
2023-01-29 20:57:38 library versions: OpenSSL 3.0.7 1 Nov 2022, LZO 2.10
2023-01-29 20:57:41 PUSH: Received control message: 'PUSH_REPLY,explicit-exit-notify,topology subnet,route-delay 5 30,dhcp-pre-release,dhcp-renew,dhcp-release,route-metric 101,ping 12,ping-restart 50,inactive 600 10000,redirect-private def1,...
2023-01-29 20:57:46 Initialization Sequence Completed
2023-01-29 20:57:46 MANAGEMENT: >STATE:1674997066,CONNECTED,SUCCESS
2023-01-29 21:07:41 Inactivity timeout (--inactive), exiting
2023-01-29 21:07:41 SIGTERM received, sending exit notification to peer
Bytes in: 326926 (319.3 KiB) out: 160551(156.8 KiB) OpenVPN GUI 11.37.0.0/2.6.0
Tested on Mac OS 12.6.1 and Mac OS 13.1
OpenVPN Connect 3.3.5
Internet does not work after VPN Disconnect.
Workaround - disconnect and connect to Wi-Fi
ping after VPN disconnect
alex@MacBook-Air ~ % ping 8.8.4.4
PING 8.8.4.4 (8.8.4.4): 56 data bytes
ping: sendto: No route to host
ping: sendto: No route to host
Request timeout for icmp_seq 0
ping: sendto: No route to host
Request timeout for icmp_seq 1
ping: sendto: No route to host
Request timeout for icmp_seq 2
ping: sendto: No route to host
Request timeout for icmp_seq 3
ping: sendto: No route to host
Request timeout for icmp_seq 4
Describe the bug
OpenVPN outputs git commit id and branch name, When built from tag, it outputs none
.
To Reproduce
PS C:\Program Files\OpenVPN beta\bin> .\openvpn.exe --version
OpenVPN 2.6_beta2 [git:none/566c0791caddc52e] Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] [DCO] built on Dec 15 2022
library versions: OpenSSL 3.0.7 1 Nov 2022, LZO 2.10
Windows version 10.0 (Windows 10 or greater), amd64 executable
Expected behavior
I expect it to print v2.6_beta2
.
Describe the bug
server client both 2.6 beta1 w/ dco
server:
udp
explicit-exit-notify 1
client:
udp
explicit-exit-notify 2
To Reproduce
Establish a TLS config connection first
then send server a SIGUSR1/SIGHUP/SIGTERM
server will log(this one is SIGTERM):
2022-12-07 11:26:09 event_wait : Interrupted system call (fd=-1,code=4)
2022-12-07 11:26:09 SENT CONTROL [Client]: 'RESTART' (status=1)
2022-12-07 11:26:11 Closing DCO interface
but client receives nothing/log nothing, need a manual SIGUSR1 on client to reestablish connection.
Expected behavior
Client receives RESTART then generates an internal SIGUSR1. This makes client will reconnect after server reboot.
Version information (please complete the following information):
Describe the bug
2.6_beta1 enables DCO mode for p2p --secret setups, and later crashes because all the TLS bits are not initialized
To Reproduce
Run 2.6_beta1 on a DCO-enabled linux system, with a p2p --secret config
Expected behavior
message in the log file "disabling data channel offload", and running without DCO
Version information (please complete the following information):
tun.h has a static-but-not-inline function
static const char *
print_windows_driver(enum windows_driver_type windows_driver)
{
switch (windows_driver)
{
case WINDOWS_DRIVER_TAP_WINDOWS6:
return "tap-windows6";
which creates a warning on windows (MinGW at least) compiles for each module that pulls in tun.h one way or the other
... -c -o xkey_helper.o xkey_helper.c
In file included from socket.h:37,
from manage.h:31,
from xkey_helper.c:35:
tun.h:665:1: warning: ‘print_windows_driver’ defined but not used [-Wunused-function]
665 | print_windows_driver(enum windows_driver_type windows_driver)
| ^~~~~~~~~~~~~~~~~~~~
and it really shouldn't be there in the first place - non-inline functions should not be in header files, ever. So I think this should either go to win32.c or tun.c, and tun.h should only have a prototype for it (it's called mostly from tun.c but also from dco.c).
With OpenVPN 2.6.0 while connecting to a up-to-date Synology NAS, the connection is established and after a while the data flow stops working. Connection appears to be still up, but I am unable to ping or access any of the remote location's devices.
I am using following ovpn config file
dev tun
tls-client
remote 1194
pull
proto udp
script-security 2
reneg-sec 0
cipher AES-256-CBC
data-ciphers 'AES-256-CBC'
auth SHA512
auth-user-pass
-----BEGIN CERTIFICATE-----
cert data
-----END CERTIFICATE-----
On a Windows 10 22H2 x64 all patched up system.
With OpenVPN version: 2.6.0
The OpenVPN 2.5.8 works with the same confix file just fine, no issues there.
(Edited: on further look, this is not specific to DCO)
Describe the bug
Client on Windows using dco-win
and persist-tun
fails to restart on SIGUSR1 at first attempt when auth-token
is in use, and goes through a second round which succeeds. But it causes existing TCP connections through the tunnel to close, as if persist-tun
is not in use. If auth-token
is not in use, works as expected.
Edit: even without DCO, tun gets re-opened killing existing connections thrugh the tunnel, though it doesnt go through an extra cycle of SIGUSR1. So the real issue is not specific to DCO.
To Reproduce
Run windows client with --persist-tun
and without --windows-driver foo
option so that dco-win
will get used. Connect to a server that will push an auth-token
. Send SIGUSR1 to the client to restart.
Expected behaviour
--persist-tun
should work even when auth-token
is in use.
Version information (please complete the following information):
Additional Comments
This may not be specific to Windows and appears to be related to tun re-opening when pulled options change -- in this case auth-token changes. A known issue, possibly?
server client both 2.6 beta1 w/ dco
server config:
daemon
port 1080
proto udp
float
explicit-exit-notify 1
tun-mtu 1428
dev tun21
txqueuelen 1000
client-config-dir /etc/openvpn/ccd1
persist-tun
persist-key
data-ciphers AES-128-GCM
auth SHA512
auth-nocache
allow-compression no
tls-crypt tlscrypt.key
ca ca.crt
cert server.crt
key server.key
dh dh.pem
remote-cert-eku "TLS Web Client Authentication"
reneg-sec 0
hand-window 5
tran-window 86000
server 10.0.0.0 255.255.255.0
block-ipv6
topology subnet
client-to-client
replay-window 5000 3
connect-retry 3 15
ping 0
ping-restart 3600
sndbuf 11796480
rcvbuf 11796480
mlock
push "sndbuf 11796480"
push "rcvbuf 11796480"
client config:
daemon
dev tun11
persist-tun
proto udp
tun-mtu 1428
remote 127.0.0.1 1080
nobind
explicit-exit-notify 2
connect-retry 1 3
client
allow-compression no
data-ciphers AES-128-GCM
auth SHA512
auth-nocache
script-security 2
remote-cert-tls server
tls-crypt tlscrypt.key
ca ca.crt
cert main1.crt
key main1.key
reneg-sec 0
hand-window 5
tran-window 86000
persist-key
ping 0
ping-restart 3600
replay-window 5000 3
mute 20
mlock
Describe the bug/To Reproduce
Establish a TLS config connection first
then send server a SIGUSR1/SIGHUP/SIGTERM
server will log(this one is SIGTERM):
2022-12-07 11:26:09 event_wait : Interrupted system call (fd=-1,code=4)
2022-12-07 11:26:09 SENT CONTROL [Client]: 'RESTART' (status=1)
2022-12-07 11:26:11 Closing DCO interface
but client receives nothing/log nothing, need a manual SIGUSR1 on client to reestablish connection.
Expected behavior
Client receives RESTART then generates an internal SIGUSR1. This makes client will reconnect after server reboot.
Version information (please complete the following information):
Scenario:
A server with two authentication plugins is stated, one of them makes a check against with a file and the other against a database.
The former can fulfill synchronously, the second, deferred. Assuming they are loaded in order based on the position within the configuration file.
The plugin_call_ssl
function's main loop calls the first plugin, returns OPENVPN_PLUGIN_FUNC_ERROR
because the given user/pass is not listed in the file. Then calls the second and returns OPENVPN_PLUGIN_FUNC_DEFERRED
to do async check on the database.
Because error
was set to true
, the authentication fails always no matter if the user is valid on the database.
Also, if the user/pass exists in the file of the first plugin, the function will return OPENVPN_PLUGIN_FUNC_DEFERRED
because deferred_auth_done
was set to true
in the loop.
Probably, in order to fix this, compatibility with previous version must be broken.
Kind regards,
Mauro.
I've noticed that when my Windows 11 OpenVPN clients upgraded this week to the Jan. 25 release that the legacy service (auto-start it at boot to enable VPN to Azure Gateway) will no longer start. They all use the OpenVPN 64-bit MSI.
It is possible to use DCO with --topology net30
on a Windows client.
Steps to reproduce:
Linux server.
Windows client with DCO support.
(Configs attached below)
Expected behavior
That DCO should not support --topology net30
Version information:
For the duration of the client connection, I was using VNC to connect to the server desktop.
My logs:
SERVER:
root@home openvpn # openvpn tuns_23456u.conf
2022-12-12 19:10:01 Consider setting groups/curves preference with tls-groups instead of forcing a specific curve with ecdh-curve.
2022-12-12 19:10:01 us=578018 WARNING: --topology net30 support for server configs with IPv4 pools will be removed in a future release. Please migrate to --topology subnet as soon as possible.
2022-12-12 19:10:01 us=578042 --cipher is not set. Previous OpenVPN version defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers-fallback BF-CBC' to your configuration and/or add BF-CBC to --data-ciphers.
2022-12-12 19:10:01 us=578190 Current Parameter Settings:
2022-12-12 19:10:01 us=578203 config = 'tuns_23456u.conf'
2022-12-12 19:10:01 us=578217 mode = 1
2022-12-12 19:10:01 us=578229 persist_config = DISABLED
2022-12-12 19:10:01 us=578240 persist_mode = 1
2022-12-12 19:10:01 us=578252 show_ciphers = DISABLED
2022-12-12 19:10:01 us=578263 show_digests = DISABLED
2022-12-12 19:10:01 us=578273 show_engines = DISABLED
2022-12-12 19:10:01 us=578284 genkey = DISABLED
2022-12-12 19:10:01 us=578294 genkey_filename = '[UNDEF]'
2022-12-12 19:10:01 us=578305 key_pass_file = '[UNDEF]'
2022-12-12 19:10:01 us=578315 show_tls_ciphers = DISABLED
2022-12-12 19:10:01 us=578326 connect_retry_max = 0
2022-12-12 19:10:01 us=578336 Connection profiles [0]:
2022-12-12 19:10:01 us=578350 proto = udp
2022-12-12 19:10:01 us=578360 local = '[UNDEF]'
2022-12-12 19:10:01 us=578370 local_port = '23456'
2022-12-12 19:10:01 us=578381 remote = '[UNDEF]'
2022-12-12 19:10:01 us=578391 remote_port = '23456'
2022-12-12 19:10:01 us=578402 remote_float = DISABLED
2022-12-12 19:10:01 us=578412 bind_defined = DISABLED
2022-12-12 19:10:01 us=578422 bind_local = ENABLED
2022-12-12 19:10:01 us=578432 bind_ipv6_only = DISABLED
2022-12-12 19:10:01 us=578442 connect_retry_seconds = 5
2022-12-12 19:10:01 us=578453 connect_timeout = 120
2022-12-12 19:10:01 us=578463 socks_proxy_server = '[UNDEF]'
2022-12-12 19:10:01 us=578474 socks_proxy_port = '[UNDEF]'
2022-12-12 19:10:01 us=578485 tun_mtu = 1500
2022-12-12 19:10:01 us=578496 tun_mtu_defined = ENABLED
2022-12-12 19:10:01 us=578506 link_mtu = 1500
2022-12-12 19:10:01 us=578517 link_mtu_defined = DISABLED
2022-12-12 19:10:01 us=578528 tun_mtu_extra = 0
2022-12-12 19:10:01 us=578538 tun_mtu_extra_defined = DISABLED
2022-12-12 19:10:01 us=578550 mtu_discover_type = -1
2022-12-12 19:10:01 us=578562 fragment = 0
2022-12-12 19:10:01 us=578571 mssfix = 1450
2022-12-12 19:10:01 us=578582 explicit_exit_notification = 0
2022-12-12 19:10:01 us=578593 tls_auth_file = '[INLINE]'
2022-12-12 19:10:01 us=578603 key_direction = not set
2022-12-12 19:10:01 us=578613 tls_crypt_file = '[UNDEF]'
2022-12-12 19:10:01 us=578623 tls_crypt_v2_file = '[UNDEF]'
2022-12-12 19:10:01 us=578635 Connection profiles END
2022-12-12 19:10:01 us=578646 remote_random = DISABLED
2022-12-12 19:10:01 us=578656 ipchange = '[UNDEF]'
2022-12-12 19:10:01 us=578667 dev = 'tun'
2022-12-12 19:10:01 us=578677 dev_type = '[UNDEF]'
2022-12-12 19:10:01 us=578687 dev_node = '[UNDEF]'
2022-12-12 19:10:01 us=578698 lladdr = '[UNDEF]'
2022-12-12 19:10:01 us=578708 topology = 1
2022-12-12 19:10:01 us=578719 ifconfig_local = '10.23.45.1'
2022-12-12 19:10:01 us=578729 ifconfig_remote_netmask = '10.23.45.2'
2022-12-12 19:10:01 us=578740 ifconfig_noexec = DISABLED
2022-12-12 19:10:01 us=578750 ifconfig_nowarn = DISABLED
2022-12-12 19:10:01 us=578760 ifconfig_ipv6_local = '[UNDEF]'
2022-12-12 19:10:01 us=578771 ifconfig_ipv6_netbits = 0
2022-12-12 19:10:01 us=578781 ifconfig_ipv6_remote = '[UNDEF]'
2022-12-12 19:10:01 us=578791 shaper = 0
2022-12-12 19:10:01 us=578802 mtu_test = 0
2022-12-12 19:10:01 us=578811 mlock = DISABLED
2022-12-12 19:10:01 us=578823 keepalive_ping = 10
2022-12-12 19:10:01 us=578832 keepalive_timeout = 30
2022-12-12 19:10:01 us=578844 inactivity_timeout = 0
2022-12-12 19:10:01 us=578854 inactivity_minimum_bytes = 0
2022-12-12 19:10:01 us=578863 ping_send_timeout = 10
2022-12-12 19:10:01 us=578874 ping_rec_timeout = 60
2022-12-12 19:10:01 us=578886 ping_rec_timeout_action = 2
2022-12-12 19:10:01 us=578897 ping_timer_remote = DISABLED
2022-12-12 19:10:01 us=578908 remap_sigusr1 = 0
2022-12-12 19:10:01 us=578918 persist_tun = DISABLED
2022-12-12 19:10:01 us=578927 persist_local_ip = DISABLED
2022-12-12 19:10:01 us=578937 persist_remote_ip = DISABLED
2022-12-12 19:10:01 us=578947 persist_key = DISABLED
2022-12-12 19:10:01 us=578956 passtos = DISABLED
2022-12-12 19:10:01 us=578966 resolve_retry_seconds = 1000000000
2022-12-12 19:10:01 us=578976 resolve_in_advance = DISABLED
2022-12-12 19:10:01 us=578986 username = '[UNDEF]'
2022-12-12 19:10:01 us=578996 groupname = '[UNDEF]'
2022-12-12 19:10:01 us=579005 chroot_dir = '[UNDEF]'
2022-12-12 19:10:01 us=579015 cd_dir = '/etc/openvpn'
2022-12-12 19:10:01 us=579025 writepid = '[UNDEF]'
2022-12-12 19:10:01 us=579035 up_script = '[UNDEF]'
2022-12-12 19:10:01 us=579045 down_script = '[UNDEF]'
2022-12-12 19:10:01 us=579055 down_pre = DISABLED
2022-12-12 19:10:01 us=579065 up_restart = DISABLED
2022-12-12 19:10:01 us=579075 up_delay = DISABLED
2022-12-12 19:10:01 us=579084 daemon = DISABLED
2022-12-12 19:10:01 us=579094 inetd = 0
2022-12-12 19:10:01 us=579104 log = DISABLED
2022-12-12 19:10:01 us=579113 suppress_timestamps = DISABLED
2022-12-12 19:10:01 us=579123 machine_readable_output = DISABLED
2022-12-12 19:10:01 us=579133 nice = 0
2022-12-12 19:10:01 us=579143 verbosity = 4
2022-12-12 19:10:01 us=579152 mute = 0
2022-12-12 19:10:01 us=579162 gremlin = 0
2022-12-12 19:10:01 us=579172 status_file = '[UNDEF]'
2022-12-12 19:10:01 us=579183 status_file_version = 1
2022-12-12 19:10:01 us=579193 status_file_update_freq = 60
2022-12-12 19:10:01 us=579203 occ = ENABLED
2022-12-12 19:10:01 us=579213 rcvbuf = 0
2022-12-12 19:10:01 us=579223 sndbuf = 0
2022-12-12 19:10:01 us=579233 mark = 0
2022-12-12 19:10:01 us=579242 sockflags = 0
2022-12-12 19:10:01 us=579252 fast_io = DISABLED
2022-12-12 19:10:01 us=579262 comp.alg = 0
2022-12-12 19:10:01 us=579272 comp.flags = 0
2022-12-12 19:10:01 us=579282 route_script = '[UNDEF]'
2022-12-12 19:10:01 us=579292 route_default_gateway = '[UNDEF]'
2022-12-12 19:10:01 us=579302 route_default_metric = 0
2022-12-12 19:10:01 us=579312 route_noexec = DISABLED
2022-12-12 19:10:01 us=579322 route_delay = 0
2022-12-12 19:10:01 us=579332 route_delay_window = 30
2022-12-12 19:10:01 us=579342 route_delay_defined = DISABLED
2022-12-12 19:10:01 us=579352 route_nopull = DISABLED
2022-12-12 19:10:01 us=579361 route_gateway_via_dhcp = DISABLED
2022-12-12 19:10:01 us=579371 allow_pull_fqdn = DISABLED
2022-12-12 19:10:01 us=579382 route 10.23.45.0/255.255.255.0/default (not set)/default (not set)
2022-12-12 19:10:01 us=579392 management_addr = '[UNDEF]'
2022-12-12 19:10:01 us=579402 management_port = '[UNDEF]'
2022-12-12 19:10:01 us=579413 management_user_pass = '[UNDEF]'
2022-12-12 19:10:01 us=579423 management_log_history_cache = 250
2022-12-12 19:10:01 us=579433 management_echo_buffer_size = 100
2022-12-12 19:10:01 us=579442 management_write_peer_info_file = '[UNDEF]'
2022-12-12 19:10:01 us=579453 management_client_user = '[UNDEF]'
2022-12-12 19:10:01 us=579463 management_client_group = '[UNDEF]'
2022-12-12 19:10:01 us=579473 management_flags = 0
2022-12-12 19:10:01 us=579483 shared_secret_file = '[UNDEF]'
2022-12-12 19:10:01 us=579494 key_direction = not set
2022-12-12 19:10:01 us=579504 ciphername = 'BF-CBC'
2022-12-12 19:10:01 us=579513 ncp_enabled = ENABLED
2022-12-12 19:10:01 us=579524 ncp_ciphers = 'AES-256-GCM:AES-128-GCM'
2022-12-12 19:10:01 us=579534 authname = 'SHA1'
2022-12-12 19:10:01 us=579544 prng_hash = 'SHA1'
2022-12-12 19:10:01 us=579554 prng_nonce_secret_len = 16
2022-12-12 19:10:01 us=579564 keysize = 0
2022-12-12 19:10:01 us=579574 engine = DISABLED
2022-12-12 19:10:01 us=579584 replay = ENABLED
2022-12-12 19:10:01 us=579594 mute_replay_warnings = DISABLED
2022-12-12 19:10:01 us=579604 replay_window = 64
2022-12-12 19:10:01 us=579614 replay_time = 15
2022-12-12 19:10:01 us=579624 packet_id_file = '[UNDEF]'
2022-12-12 19:10:01 us=579634 test_crypto = DISABLED
2022-12-12 19:10:01 us=579644 tls_server = ENABLED
2022-12-12 19:10:01 us=579654 tls_client = DISABLED
2022-12-12 19:10:01 us=579664 ca_file = '[INLINE]'
2022-12-12 19:10:01 us=579674 ca_path = '[UNDEF]'
2022-12-12 19:10:01 us=579684 dh_file = '[UNDEF]'
2022-12-12 19:10:01 us=579694 cert_file = '[INLINE]'
2022-12-12 19:10:01 us=579704 extra_certs_file = '[UNDEF]'
2022-12-12 19:10:01 us=579714 priv_key_file = '[INLINE]'
2022-12-12 19:10:01 us=579724 pkcs12_file = '[UNDEF]'
2022-12-12 19:10:01 us=579734 cipher_list = '[UNDEF]'
2022-12-12 19:10:01 us=579744 cipher_list_tls13 = '[UNDEF]'
2022-12-12 19:10:01 us=579754 tls_cert_profile = '[UNDEF]'
2022-12-12 19:10:01 us=579764 tls_verify = '[UNDEF]'
2022-12-12 19:10:01 us=579774 tls_export_cert = '[UNDEF]'
2022-12-12 19:10:01 us=579784 verify_x509_type = 0
2022-12-12 19:10:01 us=579794 verify_x509_name = '[UNDEF]'
2022-12-12 19:10:01 us=579804 crl_file = '[UNDEF]'
2022-12-12 19:10:01 us=579814 ns_cert_type = 0
2022-12-12 19:10:01 us=579824 remote_cert_ku[i] = 0
2022-12-12 19:10:01 us=579834 remote_cert_ku[i] = 0
2022-12-12 19:10:01 us=579844 remote_cert_ku[i] = 0
2022-12-12 19:10:01 us=579854 remote_cert_ku[i] = 0
2022-12-12 19:10:01 us=579864 remote_cert_ku[i] = 0
2022-12-12 19:10:01 us=579874 remote_cert_ku[i] = 0
2022-12-12 19:10:01 us=579884 remote_cert_ku[i] = 0
2022-12-12 19:10:01 us=579894 remote_cert_ku[i] = 0
2022-12-12 19:10:01 us=579904 remote_cert_ku[i] = 0
2022-12-12 19:10:01 us=579914 remote_cert_ku[i] = 0
2022-12-12 19:10:01 us=579924 remote_cert_ku[i] = 0
2022-12-12 19:10:01 us=579934 remote_cert_ku[i] = 0
2022-12-12 19:10:01 us=579944 remote_cert_ku[i] = 0
2022-12-12 19:10:01 us=579954 remote_cert_ku[i] = 0
2022-12-12 19:10:01 us=579964 remote_cert_ku[i] = 0
2022-12-12 19:10:01 us=579974 remote_cert_ku[i] = 0
2022-12-12 19:10:01 us=579985 remote_cert_eku = '[UNDEF]'
2022-12-12 19:10:01 us=579998 ssl_flags = 0
2022-12-12 19:10:01 us=580008 tls_timeout = 2
2022-12-12 19:10:01 us=580018 renegotiate_bytes = -1
2022-12-12 19:10:01 us=580028 renegotiate_packets = 0
2022-12-12 19:10:01 us=580038 renegotiate_seconds = 3600
2022-12-12 19:10:01 us=580048 handshake_window = 60
2022-12-12 19:10:01 us=580058 transition_window = 3600
2022-12-12 19:10:01 us=580068 single_session = DISABLED
2022-12-12 19:10:01 us=580078 push_peer_info = DISABLED
2022-12-12 19:10:01 us=580088 tls_exit = DISABLED
2022-12-12 19:10:01 us=580098 tls_crypt_v2_metadata = '[UNDEF]'
2022-12-12 19:10:01 us=580108 pkcs11_protected_authentication = DISABLED
2022-12-12 19:10:01 us=580118 pkcs11_protected_authentication = DISABLED
2022-12-12 19:10:01 us=580128 pkcs11_protected_authentication = DISABLED
2022-12-12 19:10:01 us=580138 pkcs11_protected_authentication = DISABLED
2022-12-12 19:10:01 us=580148 pkcs11_protected_authentication = DISABLED
2022-12-12 19:10:01 us=580158 pkcs11_protected_authentication = DISABLED
2022-12-12 19:10:01 us=580168 pkcs11_protected_authentication = DISABLED
2022-12-12 19:10:01 us=580176 pkcs11_protected_authentication = DISABLED
2022-12-12 19:10:01 us=580186 pkcs11_protected_authentication = DISABLED
2022-12-12 19:10:01 us=580199 pkcs11_protected_authentication = DISABLED
2022-12-12 19:10:01 us=580208 pkcs11_protected_authentication = DISABLED
2022-12-12 19:10:01 us=580218 pkcs11_protected_authentication = DISABLED
2022-12-12 19:10:01 us=580229 pkcs11_protected_authentication = DISABLED
2022-12-12 19:10:01 us=580239 pkcs11_protected_authentication = DISABLED
2022-12-12 19:10:01 us=580249 pkcs11_protected_authentication = DISABLED
2022-12-12 19:10:01 us=580259 pkcs11_protected_authentication = DISABLED
2022-12-12 19:10:01 us=580269 pkcs11_private_mode = 00000000
2022-12-12 19:10:01 us=580279 pkcs11_private_mode = 00000000
2022-12-12 19:10:01 us=580289 pkcs11_private_mode = 00000000
2022-12-12 19:10:01 us=580299 pkcs11_private_mode = 00000000
2022-12-12 19:10:01 us=580310 pkcs11_private_mode = 00000000
2022-12-12 19:10:01 us=580319 pkcs11_private_mode = 00000000
2022-12-12 19:10:01 us=580329 pkcs11_private_mode = 00000000
2022-12-12 19:10:01 us=580339 pkcs11_private_mode = 00000000
2022-12-12 19:10:01 us=580349 pkcs11_private_mode = 00000000
2022-12-12 19:10:01 us=580359 pkcs11_private_mode = 00000000
2022-12-12 19:10:01 us=580369 pkcs11_private_mode = 00000000
2022-12-12 19:10:01 us=580379 pkcs11_private_mode = 00000000
2022-12-12 19:10:01 us=580389 pkcs11_private_mode = 00000000
2022-12-12 19:10:01 us=580399 pkcs11_private_mode = 00000000
2022-12-12 19:10:01 us=580409 pkcs11_private_mode = 00000000
2022-12-12 19:10:01 us=580420 pkcs11_private_mode = 00000000
2022-12-12 19:10:01 us=580430 pkcs11_cert_private = DISABLED
2022-12-12 19:10:01 us=580440 pkcs11_cert_private = DISABLED
2022-12-12 19:10:01 us=580450 pkcs11_cert_private = DISABLED
2022-12-12 19:10:01 us=580460 pkcs11_cert_private = DISABLED
2022-12-12 19:10:01 us=580469 pkcs11_cert_private = DISABLED
2022-12-12 19:10:01 us=580479 pkcs11_cert_private = DISABLED
2022-12-12 19:10:01 us=580489 pkcs11_cert_private = DISABLED
2022-12-12 19:10:01 us=580499 pkcs11_cert_private = DISABLED
2022-12-12 19:10:01 us=580509 pkcs11_cert_private = DISABLED
2022-12-12 19:10:01 us=580519 pkcs11_cert_private = DISABLED
2022-12-12 19:10:01 us=580529 pkcs11_cert_private = DISABLED
2022-12-12 19:10:01 us=580539 pkcs11_cert_private = DISABLED
2022-12-12 19:10:01 us=580549 pkcs11_cert_private = DISABLED
2022-12-12 19:10:01 us=580559 pkcs11_cert_private = DISABLED
2022-12-12 19:10:01 us=580569 pkcs11_cert_private = DISABLED
2022-12-12 19:10:01 us=580579 pkcs11_cert_private = DISABLED
2022-12-12 19:10:01 us=580589 pkcs11_pin_cache_period = -1
2022-12-12 19:10:01 us=580599 pkcs11_id = '[UNDEF]'
2022-12-12 19:10:01 us=580609 pkcs11_id_management = DISABLED
2022-12-12 19:10:01 us=580621 server_network = 10.23.45.0
2022-12-12 19:10:01 us=580631 server_netmask = 255.255.255.0
2022-12-12 19:10:01 us=580642 server_network_ipv6 = ::
2022-12-12 19:10:01 us=580651 server_netbits_ipv6 = 0
2022-12-12 19:10:01 us=580662 server_bridge_ip = 0.0.0.0
2022-12-12 19:10:01 us=580673 server_bridge_netmask = 0.0.0.0
2022-12-12 19:10:01 us=580693 server_bridge_pool_start = 0.0.0.0
2022-12-12 19:10:01 us=580704 server_bridge_pool_end = 0.0.0.0
2022-12-12 19:10:01 us=580714 push_entry = 'route 10.23.45.1'
2022-12-12 19:10:01 us=580724 push_entry = 'topology net30'
2022-12-12 19:10:01 us=580734 push_entry = 'ping 10'
2022-12-12 19:10:01 us=580744 push_entry = 'ping-restart 30'
2022-12-12 19:10:01 us=580755 ifconfig_pool_defined = ENABLED
2022-12-12 19:10:01 us=580766 ifconfig_pool_start = 10.23.45.4
2022-12-12 19:10:01 us=580777 ifconfig_pool_end = 10.23.45.251
2022-12-12 19:10:01 us=580788 ifconfig_pool_netmask = 0.0.0.0
2022-12-12 19:10:01 us=580797 ifconfig_pool_persist_filename = '[UNDEF]'
2022-12-12 19:10:01 us=580808 ifconfig_pool_persist_refresh_freq = 600
2022-12-12 19:10:01 us=580818 ifconfig_ipv6_pool_defined = DISABLED
2022-12-12 19:10:01 us=580829 ifconfig_ipv6_pool_base = ::
2022-12-12 19:10:01 us=580839 ifconfig_ipv6_pool_netbits = 0
2022-12-12 19:10:01 us=580849 n_bcast_buf = 256
2022-12-12 19:10:01 us=580859 tcp_queue_limit = 64
2022-12-12 19:10:01 us=580869 real_hash_size = 256
2022-12-12 19:10:01 us=580879 virtual_hash_size = 256
2022-12-12 19:10:01 us=580889 client_connect_script = '[UNDEF]'
2022-12-12 19:10:01 us=580898 learn_address_script = '[UNDEF]'
2022-12-12 19:10:01 us=580908 client_disconnect_script = '[UNDEF]'
2022-12-12 19:10:01 us=580919 client_config_dir = '[UNDEF]'
2022-12-12 19:10:01 us=580929 ccd_exclusive = DISABLED
2022-12-12 19:10:01 us=580939 tmp_dir = '/tmp'
2022-12-12 19:10:01 us=580949 push_ifconfig_defined = DISABLED
2022-12-12 19:10:01 us=580960 push_ifconfig_local = 0.0.0.0
2022-12-12 19:10:01 us=580970 push_ifconfig_remote_netmask = 0.0.0.0
2022-12-12 19:10:01 us=580982 push_ifconfig_ipv6_defined = DISABLED
2022-12-12 19:10:01 us=580992 push_ifconfig_ipv6_local = ::/0
2022-12-12 19:10:01 us=581002 push_ifconfig_ipv6_remote = ::
2022-12-12 19:10:01 us=581010 enable_c2c = DISABLED
2022-12-12 19:10:01 us=581022 duplicate_cn = DISABLED
2022-12-12 19:10:01 us=581032 cf_max = 0
2022-12-12 19:10:01 us=581042 cf_per = 0
2022-12-12 19:10:01 us=581053 max_clients = 1024
2022-12-12 19:10:01 us=581064 max_routes_per_client = 256
2022-12-12 19:10:01 us=581076 auth_user_pass_verify_script = '[UNDEF]'
2022-12-12 19:10:01 us=581089 auth_user_pass_verify_script_via_file = DISABLED
2022-12-12 19:10:01 us=581101 auth_token_generate = DISABLED
2022-12-12 19:10:01 us=581112 auth_token_lifetime = 0
2022-12-12 19:10:01 us=581122 auth_token_secret_file = '[UNDEF]'
2022-12-12 19:10:01 us=581133 port_share_host = '[UNDEF]'
2022-12-12 19:10:01 us=581145 port_share_port = '[UNDEF]'
2022-12-12 19:10:01 us=581156 vlan_tagging = DISABLED
2022-12-12 19:10:01 us=581169 vlan_accept = all
2022-12-12 19:10:01 us=581181 vlan_pvid = 1
2022-12-12 19:10:01 us=581193 client = DISABLED
2022-12-12 19:10:01 us=581204 pull = DISABLED
2022-12-12 19:10:01 us=581214 auth_user_pass_file = '[UNDEF]'
2022-12-12 19:10:01 us=581227 OpenVPN 2.5.8 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Oct 28 2022
2022-12-12 19:10:01 us=581252 library versions: OpenSSL 1.1.1f 31 Mar 2020, LZO 2.10
2022-12-12 19:10:01 us=582745 ECDH curve secp384r1 added
2022-12-12 19:10:01 us=582847 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2022-12-12 19:10:01 us=582864 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2022-12-12 19:10:01 us=582883 TLS-Auth MTU parms [ L:1621 D:1184 EF:66 EB:0 ET:0 EL:3 ]
2022-12-12 19:10:01 us=583179 ROUTE_GATEWAY 10.1.101.1/255.255.255.0 IFACE=enp5s0 HWADDR=24:b6:fd:31:bc:ca
2022-12-12 19:10:01 us=583699 TUN/TAP device tun0 opened
2022-12-12 19:10:01 us=583750 do_ifconfig, ipv4=1, ipv6=0
2022-12-12 19:10:01 us=583770 /sbin/ip link set dev tun0 up mtu 1500
2022-12-12 19:10:01 us=592480 /sbin/ip link set dev tun0 up
2022-12-12 19:10:01 us=594143 /sbin/ip addr add dev tun0 local 10.23.45.1 peer 10.23.45.2
2022-12-12 19:10:01 us=597821 /sbin/ip route add 10.23.45.0/24 via 10.23.45.2
2022-12-12 19:10:01 us=600051 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 AF:14/121 ]
2022-12-12 19:10:01 us=600096 Could not determine IPv4/IPv6 protocol. Using AF_INET
2022-12-12 19:10:01 us=600132 Socket Buffers: R=[212992->212992] S=[212992->212992]
2022-12-12 19:10:01 us=600160 UDPv4 link local (bound): [AF_INET][undef]:23456
2022-12-12 19:10:01 us=600175 UDPv4 link remote: [AF_UNSPEC]
2022-12-12 19:10:01 us=600196 MULTI: multi_init called, r=256 v=256
2022-12-12 19:10:01 us=600232 IFCONFIG POOL IPv4: base=10.23.45.4 size=62
2022-12-12 19:10:01 us=600272 Initialization Sequence Completed
2022-12-12 19:10:08 us=929289 MULTI: multi_create_instance called
2022-12-12 19:10:08 us=929507 10.1.101.21:52401 Re-using SSL/TLS context
2022-12-12 19:10:08 us=929829 10.1.101.21:52401 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2022-12-12 19:10:08 us=929934 10.1.101.21:52401 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2022-12-12 19:10:08 us=930316 10.1.101.21:52401 Control Channel MTU parms [ L:1621 D:1184 EF:66 EB:0 ET:0 EL:3 ]
2022-12-12 19:10:08 us=930387 10.1.101.21:52401 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 AF:14/121 ]
2022-12-12 19:10:08 us=930541 10.1.101.21:52401 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1541,tun-mtu 1500,proto UDPv4,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server'
2022-12-12 19:10:08 us=930600 10.1.101.21:52401 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1541,tun-mtu 1500,proto UDPv4,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client'
2022-12-12 19:10:08 us=930711 10.1.101.21:52401 TLS: Initial packet from [AF_INET]10.1.101.21:52401, sid=51e82df0 9e5495bd
2022-12-12 19:10:08 us=971826 10.1.101.21:52401 VERIFY OK: depth=1, C=00, ST=home, L=wiscii glaß, O=tct, OU=tct @ $&$, CN=Easy-RSA CA, [email protected], serialNumber=.
2022-12-12 19:10:08 us=972867 10.1.101.21:52401 VERIFY OK: depth=0, C=00, ST=home, L=wiscii glaß, O=tct, OU=tct @ $&$, CN=CLIENT-01, [email protected], serialNumber=.
2022-12-12 19:10:08 us=973969 10.1.101.21:52401 peer info: IV_VER=2.6_beta1
2022-12-12 19:10:08 us=973997 10.1.101.21:52401 peer info: IV_PLAT=win
2022-12-12 19:10:08 us=974012 10.1.101.21:52401 peer info: IV_TCPNL=1
2022-12-12 19:10:08 us=974023 10.1.101.21:52401 peer info: IV_MTU=1600
2022-12-12 19:10:08 us=974035 10.1.101.21:52401 peer info: IV_NCP=2
2022-12-12 19:10:08 us=974046 10.1.101.21:52401 peer info: IV_CIPHERS=AES-256-GCM:AES-128-GCM
2022-12-12 19:10:08 us=974057 10.1.101.21:52401 peer info: IV_PROTO=478
2022-12-12 19:10:08 us=974069 10.1.101.21:52401 peer info: IV_LZO_STUB=1
2022-12-12 19:10:08 us=974079 10.1.101.21:52401 peer info: IV_COMP_STUB=1
2022-12-12 19:10:08 us=974090 10.1.101.21:52401 peer info: IV_COMP_STUBv2=1
2022-12-12 19:10:08 us=974100 10.1.101.21:52401 peer info: IV_GUI_VER=OpenVPN_GUI_11
2022-12-12 19:10:08 us=974110 10.1.101.21:52401 peer info: IV_SSO=openurl,crtext
2022-12-12 19:10:08 us=974135 10.1.101.21:52401 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1541', remote='link-mtu 1544'
2022-12-12 19:10:08 us=976361 10.1.101.21:52401 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 456 bit ED448, signature: ED448
2022-12-12 19:10:08 us=976404 10.1.101.21:52401 [CLIENT-01] Peer Connection Initiated with [AF_INET]10.1.101.21:52401
2022-12-12 19:10:08 us=976432 CLIENT-01/10.1.101.21:52401 MULTI_sva: pool returned IPv4=10.23.45.6, IPv6=(Not enabled)
2022-12-12 19:10:08 us=976469 CLIENT-01/10.1.101.21:52401 MULTI: Learn: 10.23.45.6 -> CLIENT-01/10.1.101.21:52401
2022-12-12 19:10:08 us=976481 CLIENT-01/10.1.101.21:52401 MULTI: primary virtual IP for CLIENT-01/10.1.101.21:52401: 10.23.45.6
2022-12-12 19:10:08 us=976499 CLIENT-01/10.1.101.21:52401 Data Channel: using negotiated cipher 'AES-256-GCM'
2022-12-12 19:10:08 us=976521 CLIENT-01/10.1.101.21:52401 Data Channel MTU parms [ L:1549 D:1450 EF:49 EB:406 ET:0 EL:3 AF:14/121 ]
2022-12-12 19:10:08 us=976595 CLIENT-01/10.1.101.21:52401 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2022-12-12 19:10:08 us=976610 CLIENT-01/10.1.101.21:52401 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2022-12-12 19:10:08 us=976644 CLIENT-01/10.1.101.21:52401 SENT CONTROL [CLIENT-01]: 'PUSH_REPLY,route 10.23.45.1,topology net30,ping 10,ping-restart 30,ifconfig 10.23.45.6 10.23.45.5,peer-id 0,cipher AES-256-GCM' (status=1)
2022-12-12 19:10:09 us=229059 CLIENT-01/10.1.101.21:52401 MULTI: bad source address from client [::], packet dropped
CLIENT:
2022-12-12 18:42:00 us=953000 Note: --cipher is not set. OpenVPN versions before 2.5 defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers-fallback BF-CBC' to your configuration and/or add BF-CBC to --data-ciphers.
2022-12-12 18:42:00 us=953000 Current Parameter Settings:
2022-12-12 18:42:00 us=953000 config = 'testc_23456u.ovpn'
2022-12-12 18:42:00 us=953000 mode = 0
2022-12-12 18:42:00 us=953000 show_ciphers = DISABLED
2022-12-12 18:42:00 us=953000 show_digests = DISABLED
2022-12-12 18:42:00 us=953000 show_engines = DISABLED
2022-12-12 18:42:00 us=953000 genkey = DISABLED
2022-12-12 18:42:00 us=953000 genkey_filename = '[UNDEF]'
2022-12-12 18:42:00 us=953000 key_pass_file = '[UNDEF]'
2022-12-12 18:42:00 us=953000 show_tls_ciphers = DISABLED
2022-12-12 18:42:00 us=953000 connect_retry_max = 0
2022-12-12 18:42:00 us=953000 Connection profiles [0]:
2022-12-12 18:42:00 us=953000 proto = udp
2022-12-12 18:42:00 us=953000 local = '[UNDEF]'
2022-12-12 18:42:00 us=953000 local_port = '[UNDEF]'
2022-12-12 18:42:00 us=953000 remote = '10.1.101.101'
2022-12-12 18:42:00 us=953000 remote_port = '23456'
2022-12-12 18:42:00 us=953000 remote_float = DISABLED
2022-12-12 18:42:00 us=953000 bind_defined = DISABLED
2022-12-12 18:42:00 us=953000 bind_local = DISABLED
2022-12-12 18:42:00 us=953000 bind_ipv6_only = DISABLED
2022-12-12 18:42:00 us=953000 connect_retry_seconds = 5
2022-12-12 18:42:00 us=953000 connect_timeout = 120
2022-12-12 18:42:00 us=953000 socks_proxy_server = '[UNDEF]'
2022-12-12 18:42:00 us=953000 socks_proxy_port = '[UNDEF]'
2022-12-12 18:42:00 us=953000 tun_mtu = 1500
2022-12-12 18:42:00 us=953000 tun_mtu_defined = ENABLED
2022-12-12 18:42:00 us=953000 link_mtu = 1500
2022-12-12 18:42:00 us=953000 link_mtu_defined = DISABLED
2022-12-12 18:42:00 us=953000 tun_mtu_extra = 0
2022-12-12 18:42:00 us=953000 tun_mtu_extra_defined = DISABLED
2022-12-12 18:42:00 us=953000 tls_mtu = 1250
2022-12-12 18:42:00 us=953000 mtu_discover_type = -1
2022-12-12 18:42:00 us=953000 fragment = 0
2022-12-12 18:42:00 us=953000 mssfix = 1492
2022-12-12 18:42:00 us=953000 mssfix_encap = ENABLED
2022-12-12 18:42:00 us=953000 mssfix_fixed = DISABLED
2022-12-12 18:42:00 us=953000 explicit_exit_notification = 0
2022-12-12 18:42:00 us=953000 tls_auth_file = '[INLINE]'
2022-12-12 18:42:00 us=953000 key_direction = not set
2022-12-12 18:42:00 us=953000 tls_crypt_file = '[UNDEF]'
2022-12-12 18:42:00 us=953000 tls_crypt_v2_file = '[UNDEF]'
2022-12-12 18:42:00 us=953000 Connection profiles END
2022-12-12 18:42:00 us=953000 remote_random = DISABLED
2022-12-12 18:42:00 us=953000 ipchange = '[UNDEF]'
2022-12-12 18:42:00 us=953000 dev = 'tun'
2022-12-12 18:42:00 us=953000 dev_type = '[UNDEF]'
2022-12-12 18:42:00 us=953000 dev_node = '[UNDEF]'
2022-12-12 18:42:00 us=953000 tuntap_options.disable_dco = DISABLED
2022-12-12 18:42:00 us=953000 lladdr = '[UNDEF]'
2022-12-12 18:42:00 us=953000 topology = 1
2022-12-12 18:42:00 us=953000 ifconfig_local = '[UNDEF]'
2022-12-12 18:42:00 us=953000 ifconfig_remote_netmask = '[UNDEF]'
2022-12-12 18:42:00 us=953000 ifconfig_noexec = DISABLED
2022-12-12 18:42:00 us=953000 ifconfig_nowarn = DISABLED
2022-12-12 18:42:00 us=953000 ifconfig_ipv6_local = '[UNDEF]'
2022-12-12 18:42:00 us=953000 ifconfig_ipv6_netbits = 0
2022-12-12 18:42:00 us=953000 ifconfig_ipv6_remote = '[UNDEF]'
2022-12-12 18:42:00 us=953000 shaper = 0
2022-12-12 18:42:00 us=953000 mtu_test = 0
2022-12-12 18:42:00 us=953000 mlock = DISABLED
2022-12-12 18:42:00 us=953000 keepalive_ping = 0
2022-12-12 18:42:00 us=953000 keepalive_timeout = 0
2022-12-12 18:42:00 us=953000 inactivity_timeout = 0
2022-12-12 18:42:00 us=953000 session_timeout = 0
2022-12-12 18:42:00 us=953000 inactivity_minimum_bytes = 0
2022-12-12 18:42:00 us=953000 ping_send_timeout = 0
2022-12-12 18:42:00 us=953000 ping_rec_timeout = 0
2022-12-12 18:42:00 us=953000 ping_rec_timeout_action = 0
2022-12-12 18:42:00 us=953000 ping_timer_remote = DISABLED
2022-12-12 18:42:00 us=953000 remap_sigusr1 = 0
2022-12-12 18:42:00 us=953000 persist_tun = DISABLED
2022-12-12 18:42:00 us=953000 persist_local_ip = DISABLED
2022-12-12 18:42:00 us=953000 persist_remote_ip = DISABLED
2022-12-12 18:42:00 us=953000 persist_key = DISABLED
2022-12-12 18:42:00 us=953000 passtos = DISABLED
2022-12-12 18:42:00 us=953000 resolve_retry_seconds = 1000000000
2022-12-12 18:42:00 us=953000 resolve_in_advance = DISABLED
2022-12-12 18:42:00 us=953000 username = '[UNDEF]'
2022-12-12 18:42:00 us=953000 groupname = '[UNDEF]'
2022-12-12 18:42:00 us=953000 chroot_dir = '[UNDEF]'
2022-12-12 18:42:00 us=953000 cd_dir = '[UNDEF]'
2022-12-12 18:42:00 us=953000 writepid = '[UNDEF]'
2022-12-12 18:42:00 us=953000 up_script = '[UNDEF]'
2022-12-12 18:42:00 us=953000 down_script = '[UNDEF]'
2022-12-12 18:42:00 us=953000 down_pre = DISABLED
2022-12-12 18:42:00 us=953000 up_restart = DISABLED
2022-12-12 18:42:00 us=953000 up_delay = DISABLED
2022-12-12 18:42:00 us=953000 daemon = DISABLED
2022-12-12 18:42:00 us=953000 log = ENABLED
2022-12-12 18:42:00 us=953000 suppress_timestamps = DISABLED
2022-12-12 18:42:00 us=953000 machine_readable_output = DISABLED
2022-12-12 18:42:00 us=953000 nice = 0
2022-12-12 18:42:00 us=953000 verbosity = 4
2022-12-12 18:42:00 us=953000 mute = 0
2022-12-12 18:42:00 us=953000 status_file = '[UNDEF]'
2022-12-12 18:42:00 us=953000 status_file_version = 1
2022-12-12 18:42:00 us=953000 status_file_update_freq = 60
2022-12-12 18:42:00 us=953000 occ = ENABLED
2022-12-12 18:42:00 us=953000 rcvbuf = 0
2022-12-12 18:42:00 us=953000 sndbuf = 0
2022-12-12 18:42:00 us=953000 sockflags = 0
2022-12-12 18:42:00 us=953000 fast_io = DISABLED
2022-12-12 18:42:00 us=953000 comp.alg = 0
2022-12-12 18:42:00 us=953000 comp.flags = 24
2022-12-12 18:42:00 us=953000 route_script = '[UNDEF]'
2022-12-12 18:42:00 us=953000 route_default_gateway = '[UNDEF]'
2022-12-12 18:42:00 us=953000 route_default_metric = 0
2022-12-12 18:42:00 us=953000 route_noexec = DISABLED
2022-12-12 18:42:00 us=953000 route_delay = 0
2022-12-12 18:42:00 us=953000 route_delay_window = 30
2022-12-12 18:42:00 us=953000 route_delay_defined = DISABLED
2022-12-12 18:42:00 us=953000 route_nopull = DISABLED
2022-12-12 18:42:00 us=953000 route_gateway_via_dhcp = DISABLED
2022-12-12 18:42:00 us=953000 allow_pull_fqdn = DISABLED
2022-12-12 18:42:00 us=953000 Pull filters:
2022-12-12 18:42:00 us=953000 ignore "route-method"
2022-12-12 18:42:00 us=953000 management_addr = '127.0.0.1'
2022-12-12 18:42:00 us=953000 management_port = '25342'
2022-12-12 18:42:00 us=953000 management_user_pass = 'stdin'
2022-12-12 18:42:00 us=953000 management_log_history_cache = 250
2022-12-12 18:42:00 us=953000 management_echo_buffer_size = 100
2022-12-12 18:42:00 us=953000 management_client_user = '[UNDEF]'
2022-12-12 18:42:00 us=953000 management_client_group = '[UNDEF]'
2022-12-12 18:42:00 us=953000 management_flags = 6
2022-12-12 18:42:00 us=953000 shared_secret_file = '[UNDEF]'
2022-12-12 18:42:00 us=953000 key_direction = not set
2022-12-12 18:42:00 us=953000 ciphername = 'BF-CBC'
2022-12-12 18:42:00 us=953000 ncp_ciphers = 'AES-256-GCM:AES-128-GCM'
2022-12-12 18:42:00 us=953000 authname = 'SHA1'
2022-12-12 18:42:00 us=953000 engine = DISABLED
2022-12-12 18:42:00 us=953000 replay = ENABLED
2022-12-12 18:42:00 us=953000 mute_replay_warnings = DISABLED
2022-12-12 18:42:00 us=953000 replay_window = 64
2022-12-12 18:42:00 us=953000 replay_time = 15
2022-12-12 18:42:00 us=953000 packet_id_file = '[UNDEF]'
2022-12-12 18:42:00 us=953000 test_crypto = DISABLED
2022-12-12 18:42:00 us=953000 tls_server = DISABLED
2022-12-12 18:42:00 us=953000 tls_client = ENABLED
2022-12-12 18:42:00 us=953000 ca_file = '[INLINE]'
2022-12-12 18:42:00 us=953000 ca_path = '[UNDEF]'
2022-12-12 18:42:00 us=953000 dh_file = '[UNDEF]'
2022-12-12 18:42:00 us=953000 cert_file = '[INLINE]'
2022-12-12 18:42:00 us=953000 extra_certs_file = '[UNDEF]'
2022-12-12 18:42:00 us=953000 priv_key_file = '[INLINE]'
2022-12-12 18:42:00 us=953000 pkcs12_file = '[UNDEF]'
2022-12-12 18:42:00 us=953000 cryptoapi_cert = '[UNDEF]'
2022-12-12 18:42:00 us=953000 cipher_list = '[UNDEF]'
2022-12-12 18:42:00 us=953000 cipher_list_tls13 = '[UNDEF]'
2022-12-12 18:42:00 us=953000 tls_cert_profile = '[UNDEF]'
2022-12-12 18:42:00 us=953000 tls_verify = '[UNDEF]'
2022-12-12 18:42:00 us=953000 tls_export_cert = '[UNDEF]'
2022-12-12 18:42:00 us=953000 verify_x509_type = 0
2022-12-12 18:42:00 us=953000 verify_x509_name = '[UNDEF]'
2022-12-12 18:42:00 us=953000 crl_file = '[UNDEF]'
2022-12-12 18:42:00 us=953000 ns_cert_type = 0
2022-12-12 18:42:00 us=953000 remote_cert_ku[i] = 0
2022-12-12 18:42:00 us=953000 remote_cert_ku[i] = 0
2022-12-12 18:42:00 us=953000 remote_cert_ku[i] = 0
2022-12-12 18:42:00 us=953000 remote_cert_ku[i] = 0
2022-12-12 18:42:00 us=953000 remote_cert_ku[i] = 0
2022-12-12 18:42:00 us=953000 remote_cert_ku[i] = 0
2022-12-12 18:42:00 us=953000 remote_cert_ku[i] = 0
2022-12-12 18:42:00 us=953000 remote_cert_ku[i] = 0
2022-12-12 18:42:00 us=953000 remote_cert_ku[i] = 0
2022-12-12 18:42:00 us=953000 remote_cert_ku[i] = 0
2022-12-12 18:42:00 us=953000 remote_cert_ku[i] = 0
2022-12-12 18:42:00 us=953000 remote_cert_ku[i] = 0
2022-12-12 18:42:00 us=953000 remote_cert_ku[i] = 0
2022-12-12 18:42:00 us=953000 remote_cert_ku[i] = 0
2022-12-12 18:42:00 us=953000 remote_cert_ku[i] = 0
2022-12-12 18:42:00 us=953000 remote_cert_ku[i] = 0
2022-12-12 18:42:00 us=953000 remote_cert_eku = '[UNDEF]'
2022-12-12 18:42:00 us=953000 ssl_flags = 192
2022-12-12 18:42:00 us=953000 tls_timeout = 2
2022-12-12 18:42:00 us=953000 renegotiate_bytes = -1
2022-12-12 18:42:00 us=953000 renegotiate_packets = 0
2022-12-12 18:42:00 us=953000 renegotiate_seconds = 3600
2022-12-12 18:42:00 us=953000 handshake_window = 60
2022-12-12 18:42:00 us=953000 transition_window = 3600
2022-12-12 18:42:00 us=953000 single_session = DISABLED
2022-12-12 18:42:00 us=953000 push_peer_info = DISABLED
2022-12-12 18:42:00 us=953000 tls_exit = DISABLED
2022-12-12 18:42:00 us=953000 tls_crypt_v2_metadata = '[UNDEF]'
2022-12-12 18:42:00 us=953000 pkcs11_protected_authentication = DISABLED
2022-12-12 18:42:00 us=953000 pkcs11_protected_authentication = DISABLED
2022-12-12 18:42:00 us=953000 pkcs11_protected_authentication = DISABLED
2022-12-12 18:42:00 us=953000 pkcs11_protected_authentication = DISABLED
2022-12-12 18:42:00 us=953000 pkcs11_protected_authentication = DISABLED
2022-12-12 18:42:00 us=953000 pkcs11_protected_authentication = DISABLED
2022-12-12 18:42:00 us=953000 pkcs11_protected_authentication = DISABLED
2022-12-12 18:42:00 us=953000 pkcs11_protected_authentication = DISABLED
2022-12-12 18:42:00 us=953000 pkcs11_protected_authentication = DISABLED
2022-12-12 18:42:00 us=953000 pkcs11_protected_authentication = DISABLED
2022-12-12 18:42:00 us=953000 pkcs11_protected_authentication = DISABLED
2022-12-12 18:42:00 us=953000 pkcs11_protected_authentication = DISABLED
2022-12-12 18:42:00 us=953000 pkcs11_protected_authentication = DISABLED
2022-12-12 18:42:00 us=953000 pkcs11_protected_authentication = DISABLED
2022-12-12 18:42:00 us=953000 pkcs11_protected_authentication = DISABLED
2022-12-12 18:42:00 us=953000 pkcs11_protected_authentication = DISABLED
2022-12-12 18:42:00 us=953000 pkcs11_private_mode = 00000000
2022-12-12 18:42:00 us=953000 pkcs11_private_mode = 00000000
2022-12-12 18:42:00 us=953000 pkcs11_private_mode = 00000000
2022-12-12 18:42:00 us=953000 pkcs11_private_mode = 00000000
2022-12-12 18:42:00 us=953000 pkcs11_private_mode = 00000000
2022-12-12 18:42:00 us=953000 pkcs11_private_mode = 00000000
2022-12-12 18:42:00 us=953000 pkcs11_private_mode = 00000000
2022-12-12 18:42:00 us=953000 pkcs11_private_mode = 00000000
2022-12-12 18:42:00 us=953000 pkcs11_private_mode = 00000000
2022-12-12 18:42:00 us=953000 pkcs11_private_mode = 00000000
2022-12-12 18:42:00 us=953000 pkcs11_private_mode = 00000000
2022-12-12 18:42:00 us=953000 pkcs11_private_mode = 00000000
2022-12-12 18:42:00 us=953000 pkcs11_private_mode = 00000000
2022-12-12 18:42:00 us=953000 pkcs11_private_mode = 00000000
2022-12-12 18:42:00 us=953000 pkcs11_private_mode = 00000000
2022-12-12 18:42:00 us=953000 pkcs11_private_mode = 00000000
2022-12-12 18:42:00 us=953000 pkcs11_cert_private = DISABLED
2022-12-12 18:42:00 us=953000 pkcs11_cert_private = DISABLED
2022-12-12 18:42:00 us=953000 pkcs11_cert_private = DISABLED
2022-12-12 18:42:00 us=953000 pkcs11_cert_private = DISABLED
2022-12-12 18:42:00 us=953000 pkcs11_cert_private = DISABLED
2022-12-12 18:42:00 us=953000 pkcs11_cert_private = DISABLED
2022-12-12 18:42:00 us=953000 pkcs11_cert_private = DISABLED
2022-12-12 18:42:00 us=953000 pkcs11_cert_private = DISABLED
2022-12-12 18:42:00 us=953000 pkcs11_cert_private = DISABLED
2022-12-12 18:42:00 us=953000 pkcs11_cert_private = DISABLED
2022-12-12 18:42:00 us=953000 pkcs11_cert_private = DISABLED
2022-12-12 18:42:00 us=953000 pkcs11_cert_private = DISABLED
2022-12-12 18:42:00 us=953000 pkcs11_cert_private = DISABLED
2022-12-12 18:42:00 us=953000 pkcs11_cert_private = DISABLED
2022-12-12 18:42:00 us=953000 pkcs11_cert_private = DISABLED
2022-12-12 18:42:00 us=953000 pkcs11_cert_private = DISABLED
2022-12-12 18:42:00 us=953000 pkcs11_pin_cache_period = -1
2022-12-12 18:42:00 us=953000 pkcs11_id = '[UNDEF]'
2022-12-12 18:42:00 us=953000 pkcs11_id_management = DISABLED
2022-12-12 18:42:00 us=953000 server_network = 0.0.0.0
2022-12-12 18:42:00 us=953000 server_netmask = 0.0.0.0
2022-12-12 18:42:00 us=953000 server_network_ipv6 = ::
2022-12-12 18:42:00 us=953000 server_netbits_ipv6 = 0
2022-12-12 18:42:00 us=953000 server_bridge_ip = 0.0.0.0
2022-12-12 18:42:00 us=953000 server_bridge_netmask = 0.0.0.0
2022-12-12 18:42:00 us=953000 server_bridge_pool_start = 0.0.0.0
2022-12-12 18:42:00 us=953000 server_bridge_pool_end = 0.0.0.0
2022-12-12 18:42:00 us=953000 ifconfig_pool_defined = DISABLED
2022-12-12 18:42:00 us=953000 ifconfig_pool_start = 0.0.0.0
2022-12-12 18:42:00 us=953000 ifconfig_pool_end = 0.0.0.0
2022-12-12 18:42:00 us=953000 ifconfig_pool_netmask = 0.0.0.0
2022-12-12 18:42:00 us=953000 ifconfig_pool_persist_filename = '[UNDEF]'
2022-12-12 18:42:00 us=953000 ifconfig_pool_persist_refresh_freq = 600
2022-12-12 18:42:00 us=953000 ifconfig_ipv6_pool_defined = DISABLED
2022-12-12 18:42:00 us=953000 ifconfig_ipv6_pool_base = ::
2022-12-12 18:42:00 us=953000 ifconfig_ipv6_pool_netbits = 0
2022-12-12 18:42:00 us=953000 n_bcast_buf = 256
2022-12-12 18:42:00 us=953000 tcp_queue_limit = 64
2022-12-12 18:42:00 us=953000 real_hash_size = 256
2022-12-12 18:42:00 us=953000 virtual_hash_size = 256
2022-12-12 18:42:00 us=953000 client_connect_script = '[UNDEF]'
2022-12-12 18:42:00 us=953000 learn_address_script = '[UNDEF]'
2022-12-12 18:42:00 us=953000 client_disconnect_script = '[UNDEF]'
2022-12-12 18:42:00 us=953000 client_crresponse_script = '[UNDEF]'
2022-12-12 18:42:00 us=953000 client_config_dir = '[UNDEF]'
2022-12-12 18:42:00 us=953000 ccd_exclusive = DISABLED
2022-12-12 18:42:00 us=953000 tmp_dir = 'C:\Users\den\AppData\Local\Temp\'
2022-12-12 18:42:00 us=953000 push_ifconfig_defined = DISABLED
2022-12-12 18:42:00 us=953000 push_ifconfig_local = 0.0.0.0
2022-12-12 18:42:00 us=953000 push_ifconfig_remote_netmask = 0.0.0.0
2022-12-12 18:42:00 us=953000 push_ifconfig_ipv6_defined = DISABLED
2022-12-12 18:42:00 us=953000 push_ifconfig_ipv6_local = ::/0
2022-12-12 18:42:00 us=953000 push_ifconfig_ipv6_remote = ::
2022-12-12 18:42:00 us=953000 enable_c2c = DISABLED
2022-12-12 18:42:00 us=953000 duplicate_cn = DISABLED
2022-12-12 18:42:00 us=953000 cf_max = 0
2022-12-12 18:42:00 us=953000 cf_per = 0
2022-12-12 18:42:00 us=953000 max_clients = 1024
2022-12-12 18:42:00 us=953000 max_routes_per_client = 256
2022-12-12 18:42:00 us=953000 auth_user_pass_verify_script = '[UNDEF]'
2022-12-12 18:42:00 us=953000 auth_user_pass_verify_script_via_file = DISABLED
2022-12-12 18:42:00 us=953000 auth_token_generate = DISABLED
2022-12-12 18:42:00 us=953000 auth_token_lifetime = 0
2022-12-12 18:42:00 us=953000 auth_token_secret_file = '[UNDEF]'
2022-12-12 18:42:00 us=953000 vlan_tagging = DISABLED
2022-12-12 18:42:00 us=953000 vlan_accept = all
2022-12-12 18:42:00 us=953000 vlan_pvid = 1
2022-12-12 18:42:00 us=953000 client = ENABLED
2022-12-12 18:42:00 us=953000 pull = ENABLED
2022-12-12 18:42:00 us=953000 auth_user_pass_file = '[UNDEF]'
2022-12-12 18:42:00 us=953000 show_net_up = DISABLED
2022-12-12 18:42:00 us=953000 route_method = 3
2022-12-12 18:42:00 us=953000 block_outside_dns = DISABLED
2022-12-12 18:42:00 us=953000 ip_win32_defined = DISABLED
2022-12-12 18:42:00 us=953000 ip_win32_type = 1
2022-12-12 18:42:00 us=953000 dhcp_masq_offset = 0
2022-12-12 18:42:00 us=953000 dhcp_lease_time = 31536000
2022-12-12 18:42:00 us=953000 tap_sleep = 0
2022-12-12 18:42:00 us=953000 dhcp_options = DISABLED
2022-12-12 18:42:00 us=953000 dhcp_renew = DISABLED
2022-12-12 18:42:00 us=953000 dhcp_pre_release = DISABLED
2022-12-12 18:42:00 us=953000 domain = '[UNDEF]'
2022-12-12 18:42:00 us=953000 netbios_scope = '[UNDEF]'
2022-12-12 18:42:00 us=953000 netbios_node_type = 0
2022-12-12 18:42:00 us=953000 disable_nbt = DISABLED
2022-12-12 18:42:00 us=953000 OpenVPN 2.6_beta1 [git:release/2.6/e778a6fd26d849dc] Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] [DCO] built on Dec 2 2022
2022-12-12 18:42:00 us=968000 Windows version 10.0 (Windows 10 or greater), amd64 executable
2022-12-12 18:42:00 us=968000 library versions: OpenSSL 3.0.7 1 Nov 2022, LZO 2.10
2022-12-12 18:42:00 us=968000 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25342
2022-12-12 18:42:00 us=968000 Need hold release from management interface, waiting...
2022-12-12 18:42:01 us=265000 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:63964
2022-12-12 18:42:01 us=375000 MANAGEMENT: CMD 'state on'
2022-12-12 18:42:01 us=375000 MANAGEMENT: CMD 'log on all'
2022-12-12 18:42:01 us=859000 MANAGEMENT: CMD 'echo on all'
2022-12-12 18:42:01 us=859000 MANAGEMENT: CMD 'bytecount 5'
2022-12-12 18:42:01 us=875000 MANAGEMENT: CMD 'state'
2022-12-12 18:42:01 us=875000 MANAGEMENT: CMD 'hold off'
2022-12-12 18:42:01 us=875000 MANAGEMENT: CMD 'hold release'
2022-12-12 18:42:01 us=875000 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
2022-12-12 18:42:01 us=890000 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2022-12-12 18:42:01 us=890000 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2022-12-12 18:42:01 us=890000 Control Channel MTU parms [ mss_fix:0 max_frag:0 tun_mtu:1250 tun_max_mtu:0 headroom:126 payload:1600 tailroom:126 ET:0 ]
2022-12-12 18:42:01 us=890000 Data Channel MTU parms [ mss_fix:0 max_frag:0 tun_mtu:1500 tun_max_mtu:1600 headroom:136 payload:1768 tailroom:562 ET:0 ]
2022-12-12 18:42:01 us=890000 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1541,tun-mtu 1500,proto UDPv4,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client'
2022-12-12 18:42:01 us=890000 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1541,tun-mtu 1500,proto UDPv4,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server'
2022-12-12 18:42:01 us=890000 TCP/UDP: Preserving recently used remote address: [AF_INET]10.1.101.101:23456
2022-12-12 18:42:01 us=906000 ovpn-dco device [OpenVPN Data Channel Offload] opened
2022-12-12 18:42:01 us=906000 UDP link local: (not bound)
2022-12-12 18:42:01 us=906000 UDP link remote: [AF_INET]10.1.101.101:23456
2022-12-12 18:42:01 us=906000 MANAGEMENT: >STATE:1670870521,WAIT,,,,,,
2022-12-12 18:42:01 us=906000 MANAGEMENT: >STATE:1670870521,AUTH,,,,,,
2022-12-12 18:42:01 us=906000 TLS: Initial packet from [AF_INET]10.1.101.101:23456, sid=414480a0 7653e0ef
2022-12-12 18:42:01 us=937000 VERIFY OK: depth=1, C=00, ST=home, L=wiscii glaß, O=tct, OU=tct @ $&$, CN=Easy-RSA CA, [email protected], serialNumber=.
2022-12-12 18:42:01 us=953000 VERIFY OK: depth=0, C=00, ST=home, L=wiscii glaß, O=tct, OU=tct @ $&$, CN=SERVER-01, [email protected], serialNumber=.
2022-12-12 18:42:01 us=968000 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 456 bit ED448, signature: ED448
2022-12-12 18:42:01 us=968000 [SERVER-01] Peer Connection Initiated with [AF_INET]10.1.101.101:23456
2022-12-12 18:42:01 us=968000 PUSH: Received control message: 'PUSH_REPLY,route 10.23.45.1,topology net30,ifconfig 10.23.45.6 10.23.45.5,peer-id 0,cipher AES-256-GCM'
2022-12-12 18:42:01 us=968000 OPTIONS IMPORT: --ifconfig/up options modified
2022-12-12 18:42:01 us=968000 OPTIONS IMPORT: route options modified
2022-12-12 18:42:01 us=968000 OPTIONS IMPORT: peer-id set
2022-12-12 18:42:01 us=968000 OPTIONS IMPORT: data channel crypto options modified
2022-12-12 18:42:01 us=968000 interactive service msg_channel=752
2022-12-12 18:42:02 do_ifconfig, ipv4=1, ipv6=0
2022-12-12 18:42:02 MANAGEMENT: >STATE:1670870522,ASSIGN_IP,,10.23.45.6,,,,
2022-12-12 18:42:02 INET address service: add 10.23.45.6/30
2022-12-12 18:42:02 IPv4 MTU set to 1500 on interface 13 using service
2022-12-12 18:42:02 MANAGEMENT: >STATE:1670870522,ADD_ROUTES,,,,,,
2022-12-12 18:42:02 C:\WINDOWS\system32\route.exe ADD 10.23.45.1 MASK 255.255.255.255 10.23.45.5 METRIC 200
2022-12-12 18:42:02 us=15000 Route addition via service succeeded
2022-12-12 18:42:02 us=15000 Data Channel: using negotiated cipher 'AES-256-GCM'
2022-12-12 18:42:02 us=15000 Data Channel MTU parms [ mss_fix:1400 max_frag:0 tun_mtu:1500 tun_max_mtu:1600 headroom:136 payload:1768 tailroom:562 ET:0 ]
2022-12-12 18:42:02 us=15000 Initialization Sequence Completed
2022-12-12 18:42:02 us=15000 MANAGEMENT: >STATE:1670870522,CONNECTED,SUCCESS,10.23.45.6,10.1.101.101,23456,,
2022-12-12 19:10:04 us=390000 read UDP: The specified network name is no longer available. (fd=420,code=64)
2022-12-12 19:10:04 us=390000 [SERVER-01] Inactivity timeout (--ping-restart), restarting
2022-12-12 19:10:04 us=390000 C:\WINDOWS\system32\route.exe DELETE 10.23.45.1 MASK 255.255.255.255 10.23.45.5
2022-12-12 19:10:04 us=421000 Route deletion via service succeeded
2022-12-12 19:10:04 us=421000 Closing DCO interface
2022-12-12 19:10:04 us=421000 Deleting IPv4 dns servers on 'OpenVPN Data Channel Offload' (if_index = 13) using service
2022-12-12 19:10:04 us=640000 IPv4 dns servers deleted using service
2022-12-12 19:10:04 us=640000 INET address service: remove 10.23.45.6/30
2022-12-12 19:10:04 us=640000 SIGUSR1[soft,ping-restart] received, process restarting
2022-12-12 19:10:04 us=640000 MANAGEMENT: >STATE:1670872204,RECONNECTING,ping-restart,,,,,
2022-12-12 19:10:04 us=640000 Restart pause, 5 second(s)
2022-12-12 19:10:09 us=703000 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
2022-12-12 19:10:09 us=703000 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2022-12-12 19:10:09 us=703000 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2022-12-12 19:10:09 us=703000 Control Channel MTU parms [ mss_fix:0 max_frag:0 tun_mtu:1250 tun_max_mtu:0 headroom:126 payload:1600 tailroom:126 ET:0 ]
2022-12-12 19:10:09 us=703000 Data Channel MTU parms [ mss_fix:0 max_frag:0 tun_mtu:1500 tun_max_mtu:1600 headroom:136 payload:1768 tailroom:562 ET:0 ]
2022-12-12 19:10:09 us=703000 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto UDPv4,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client'
2022-12-12 19:10:09 us=703000 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto UDPv4,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server'
2022-12-12 19:10:09 us=703000 TCP/UDP: Preserving recently used remote address: [AF_INET]10.1.101.101:23456
2022-12-12 19:10:09 us=718000 ovpn-dco device [OpenVPN Data Channel Offload] opened
2022-12-12 19:10:09 us=718000 UDP link local: (not bound)
2022-12-12 19:10:09 us=718000 UDP link remote: [AF_INET]10.1.101.101:23456
2022-12-12 19:10:09 us=718000 MANAGEMENT: >STATE:1670872209,WAIT,,,,,,
2022-12-12 19:10:09 us=718000 MANAGEMENT: >STATE:1670872209,AUTH,,,,,,
2022-12-12 19:10:09 us=718000 TLS: Initial packet from [AF_INET]10.1.101.101:23456, sid=b78f9a26 e6114e61
2022-12-12 19:10:09 us=750000 VERIFY OK: depth=1, C=00, ST=home, L=wiscii glaß, O=tct, OU=tct @ $&$, CN=Easy-RSA CA, [email protected], serialNumber=.
2022-12-12 19:10:09 us=750000 VERIFY OK: depth=0, C=00, ST=home, L=wiscii glaß, O=tct, OU=tct @ $&$, CN=SERVER-01, [email protected], serialNumber=.
2022-12-12 19:10:09 us=765000 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1544', remote='link-mtu 1541'
2022-12-12 19:10:09 us=765000 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 456 bit ED448, signature: ED448
2022-12-12 19:10:09 us=765000 [SERVER-01] Peer Connection Initiated with [AF_INET]10.1.101.101:23456
2022-12-12 19:10:09 us=765000 PUSH: Received control message: 'PUSH_REPLY,route 10.23.45.1,topology net30,ping 10,ping-restart 30,ifconfig 10.23.45.6 10.23.45.5,peer-id 0,cipher AES-256-GCM'
2022-12-12 19:10:09 us=765000 OPTIONS IMPORT: timers and/or timeouts modified
2022-12-12 19:10:09 us=765000 OPTIONS IMPORT: --ifconfig/up options modified
2022-12-12 19:10:09 us=765000 OPTIONS IMPORT: route options modified
2022-12-12 19:10:09 us=765000 OPTIONS IMPORT: peer-id set
2022-12-12 19:10:09 us=765000 OPTIONS IMPORT: data channel crypto options modified
2022-12-12 19:10:09 us=765000 interactive service msg_channel=752
2022-12-12 19:10:09 us=796000 do_ifconfig, ipv4=1, ipv6=0
2022-12-12 19:10:09 us=796000 MANAGEMENT: >STATE:1670872209,ASSIGN_IP,,10.23.45.6,,,,
2022-12-12 19:10:09 us=796000 INET address service: add 10.23.45.6/30
2022-12-12 19:10:09 us=796000 IPv4 MTU set to 1500 on interface 13 using service
2022-12-12 19:10:09 us=796000 MANAGEMENT: >STATE:1670872209,ADD_ROUTES,,,,,,
2022-12-12 19:10:09 us=796000 C:\WINDOWS\system32\route.exe ADD 10.23.45.1 MASK 255.255.255.255 10.23.45.5 METRIC 200
2022-12-12 19:10:09 us=812000 Route addition via service succeeded
2022-12-12 19:10:09 us=812000 Data Channel: using negotiated cipher 'AES-256-GCM'
2022-12-12 19:10:09 us=812000 Data Channel MTU parms [ mss_fix:1400 max_frag:0 tun_mtu:1500 tun_max_mtu:1600 headroom:136 payload:1768 tailroom:562 ET:0 ]
2022-12-12 19:10:09 us=812000 Initialization Sequence Completed
2022-12-12 19:10:09 us=812000 MANAGEMENT: >STATE:1670872209,CONNECTED,SUCCESS,10.23.45.6,10.1.101.101,23456,,
2022-12-12 19:54:09 us=140000 C:\WINDOWS\system32\route.exe DELETE 10.23.45.1 MASK 255.255.255.255 10.23.45.5
2022-12-12 19:54:09 us=140000 Route deletion via service succeeded
2022-12-12 19:54:09 us=140000 Closing DCO interface
2022-12-12 19:54:09 us=140000 Deleting IPv4 dns servers on 'OpenVPN Data Channel Offload' (if_index = 13) using service
2022-12-12 19:54:09 us=390000 IPv4 dns servers deleted using service
2022-12-12 19:54:09 us=390000 INET address service: remove 10.23.45.6/30
2022-12-12 19:54:09 us=390000 SIGTERM[hard,] received, process exiting
2022-12-12 19:54:09 us=390000 MANAGEMENT: >STATE:1670874849,EXITING,SIGTERM,,,,,
Full server and client configs, with working inline certs/keys.
SERVER:
port 23456
proto udp
dev tun
verb 4
cd /etc/openvpn
server 10.23.45.0 255.255.255.0
dh none
ecdh-curve secp384r1
keepalive 10 30
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
b1e1cd5f4bb00992d5d375f3a8f7ee33
d543871c6263112a1ed5773c688f1d7a
09b77b76802fc32fa7c82353321034b8
766ba77eac2d44adf6e74f2d85a924c6
f83faeea44dcdfbe23066196bbf0bbaa
141a0f506c109afcdf026dc6351e0db7
b34bc2405b510044873027c2351b7900
3eec8b145e9076a526ff2cf8eacf1de3
040493bd1ae27b510a483640ae318e34
7103dda7c53e2ecd8190fe9211af4414
816c3d32a6a8c200e8a0355f446b920c
4899a0a2f9d47b6fe77d6e20ef1a5086
d23a87d99da660d2d1bf57e364cb92c5
f044496f1d814be11c73e87933df403d
7773092676c138c34b464670162122e7
89eaa0f326689128850400aec6fd915d
-----END OpenVPN Static key V1-----
</tls-auth>
;key-direction 1
########################
# server: SERVER-01
<ca>
-----BEGIN CERTIFICATE-----
MIIDVDCCAtSgAwIBAgIUXR+jKg45t4r5kUI2rgx8RFOPy5UwBQYDK2VxMIGWMQsw
CQYDVQQGEwIwMDENMAsGA1UECAwEaG9tZTEVMBMGA1UEBwwMd2lzY2lpIGdsYcOf
MQwwCgYDVQQKDAN0Y3QxEjAQBgNVBAsMCXRjdCBAICQmJDEUMBIGA1UEAwwLRWFz
eS1SU0EgQ0ExHTAbBgkqhkiG9w0BCQEWDm1lQGV4YW1wbGUubmV0MQowCAYDVQQF
EwEuMB4XDTIyMTIxMjE3NDkwMVoXDTMyMTIwOTE3NDkwMVowgZYxCzAJBgNVBAYT
AjAwMQ0wCwYDVQQIDARob21lMRUwEwYDVQQHDAx3aXNjaWkgZ2xhw58xDDAKBgNV
BAoMA3RjdDESMBAGA1UECwwJdGN0IEAgJCYkMRQwEgYDVQQDDAtFYXN5LVJTQSBD
QTEdMBsGCSqGSIb3DQEJARYObWVAZXhhbXBsZS5uZXQxCjAIBgNVBAUTAS4wQzAF
BgMrZXEDOgALG1fJKUk5ehUq4nVUkPzvArj5oP/KM3KOwZlHsdhVf8Jpnn2bHcw8
u31Ow4bQkyBzv1LCfojvHwCjggEXMIIBEzAMBgNVHRMEBTADAQH/MB0GA1UdDgQW
BBQf86RZp+lN0kljSxLcsKKdjivrljCB1gYDVR0jBIHOMIHLgBQf86RZp+lN0klj
SxLcsKKdjivrlqGBnKSBmTCBljELMAkGA1UEBhMCMDAxDTALBgNVBAgMBGhvbWUx
FTATBgNVBAcMDHdpc2NpaSBnbGHDnzEMMAoGA1UECgwDdGN0MRIwEAYDVQQLDAl0
Y3QgQCAkJiQxFDASBgNVBAMMC0Vhc3ktUlNBIENBMR0wGwYJKoZIhvcNAQkBFg5t
ZUBleGFtcGxlLm5ldDEKMAgGA1UEBRMBLoIUXR+jKg45t4r5kUI2rgx8RFOPy5Uw
CwYDVR0PBAQDAgEGMAUGAytlcQNzADSPM80MStQhVALsTfhqYr2QEoVKmSeLw5Y4
c3ITUFVaEGTgNFhZ1kqAw52ysc4hdwBDQKO3kEO1ANrI6zXps7vGOzack50lK1gq
VlGQMUnxAlVuCitNZrMQ1DOr3FOBOjOBXfVNjtm+2iyvqWZ8ZgwWAA==
-----END CERTIFICATE-----
</ca>
<cert>
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
61:20:df:30:8a:93:8e:a9:39:96:45:dc:34:9c:78:cc
Signature Algorithm: ED448
Issuer: C=00, ST=home, L=wiscii gla\xC3\x9F, O=tct, OU=tct @ $&$, CN=Easy-RSA CA/[email protected]/serialNumber=.
Validity
Not Before: Dec 12 17:49:20 2022 GMT
Not After : Mar 16 17:49:20 2025 GMT
Subject: C=00, ST=home, L=wiscii gla\xC3\x9F, O=tct, OU=tct @ $&$, CN=SERVER-01/[email protected]/serialNumber=.
Subject Public Key Info:
Public Key Algorithm: ED448
ED448 Public-Key:
pub:
48:31:d8:03:71:e4:7e:d3:a9:9a:3d:35:0c:3a:81:
50:a2:7f:3c:11:e6:fd:d9:77:e6:1d:4e:05:d1:99:
25:f7:11:1b:35:e4:6f:5f:84:82:b0:f9:e1:e9:81:
b0:70:0d:75:6a:d6:98:c9:42:c7:67:00
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Subject Key Identifier:
75:36:AB:4D:41:82:B1:A3:94:9D:DA:7A:AD:33:EF:46:C2:9A:B4:B7
X509v3 Authority Key Identifier:
keyid:1F:F3:A4:59:A7:E9:4D:D2:49:63:4B:12:DC:B0:A2:9D:8E:2B:EB:96
DirName:/C=00/ST=home/L=wiscii gla\xC3\x9F/O=tct/OU=tct @ $&$/CN=Easy-RSA CA/[email protected]/serialNumber=.
serial:5D:1F:A3:2A:0E:39:B7:8A:F9:91:42:36:AE:0C:7C:44:53:8F:CB:95
X509v3 Extended Key Usage:
TLS Web Server Authentication
X509v3 Key Usage:
Digital Signature, Key Encipherment
X509v3 Subject Alternative Name:
DNS:SERVER-01
Signature Algorithm: ED448
f7:39:33:f2:26:7c:1f:01:c9:96:8e:36:44:8e:be:15:d3:f8:
4f:06:91:a2:a1:29:45:15:63:72:f7:09:72:f2:77:5a:f2:a1:
72:94:c1:8a:af:32:5c:49:63:d6:58:e4:7d:71:58:fa:1c:f7:
0a:a0:80:c5:7e:87:3f:4b:bb:55:de:6b:26:6b:21:92:56:9f:
7d:a8:e4:50:a2:18:af:19:d7:f7:d3:56:19:06:97:98:1b:a9:
cc:d1:2c:97:20:d7:c5:7f:08:a7:38:bf:96:56:5a:0a:ec:75:
48:d9:9a:83:37:00
-----BEGIN CERTIFICATE-----
MIIDdjCCAvagAwIBAgIQYSDfMIqTjqk5lkXcNJx4zDAFBgMrZXEwgZYxCzAJBgNV
BAYTAjAwMQ0wCwYDVQQIDARob21lMRUwEwYDVQQHDAx3aXNjaWkgZ2xhw58xDDAK
BgNVBAoMA3RjdDESMBAGA1UECwwJdGN0IEAgJCYkMRQwEgYDVQQDDAtFYXN5LVJT
QSBDQTEdMBsGCSqGSIb3DQEJARYObWVAZXhhbXBsZS5uZXQxCjAIBgNVBAUTAS4w
HhcNMjIxMjEyMTc0OTIwWhcNMjUwMzE2MTc0OTIwWjCBlDELMAkGA1UEBhMCMDAx
DTALBgNVBAgMBGhvbWUxFTATBgNVBAcMDHdpc2NpaSBnbGHDnzEMMAoGA1UECgwD
dGN0MRIwEAYDVQQLDAl0Y3QgQCAkJiQxEjAQBgNVBAMMCVNFUlZFUi0wMTEdMBsG
CSqGSIb3DQEJARYObWVAZXhhbXBsZS5uZXQxCjAIBgNVBAUTAS4wQzAFBgMrZXED
OgBIMdgDceR+06maPTUMOoFQon88Eeb92XfmHU4F0Zkl9xEbNeRvX4SCsPnh6YGw
cA11ataYyULHZwCjggE/MIIBOzAJBgNVHRMEAjAAMB0GA1UdDgQWBBR1NqtNQYKx
o5Sd2nqtM+9Gwpq0tzCB1gYDVR0jBIHOMIHLgBQf86RZp+lN0kljSxLcsKKdjivr
lqGBnKSBmTCBljELMAkGA1UEBhMCMDAxDTALBgNVBAgMBGhvbWUxFTATBgNVBAcM
DHdpc2NpaSBnbGHDnzEMMAoGA1UECgwDdGN0MRIwEAYDVQQLDAl0Y3QgQCAkJiQx
FDASBgNVBAMMC0Vhc3ktUlNBIENBMR0wGwYJKoZIhvcNAQkBFg5tZUBleGFtcGxl
Lm5ldDEKMAgGA1UEBRMBLoIUXR+jKg45t4r5kUI2rgx8RFOPy5UwEwYDVR0lBAww
CgYIKwYBBQUHAwEwCwYDVR0PBAQDAgWgMBQGA1UdEQQNMAuCCVNFUlZFUi0wMTAF
BgMrZXEDcwD3OTPyJnwfAcmWjjZEjr4V0/hPBpGioSlFFWNy9wly8nda8qFylMGK
rzJcSWPWWOR9cVj6HPcKoIDFfoc/S7tV3msmayGSVp99qORQohivGdf301YZBpeY
G6nM0SyXINfFfwinOL+WVloK7HVI2ZqDNwA=
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
MEcCAQAwBQYDK2VxBDsEOda/biZ/2BY6EAjq+wa5w1higx3SpsAFjo+Mz84jqiCM
47MsM5fDlrLqaVgvWyqxGishnRK+oB3K4A==
-----END PRIVATE KEY-----
</key>
CLIENT:
dev tun
;windows-driver wintun
remote 10.1.101.101 23456 udp
client
verb 4
# client: CLIENT-01
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
b1e1cd5f4bb00992d5d375f3a8f7ee33
d543871c6263112a1ed5773c688f1d7a
09b77b76802fc32fa7c82353321034b8
766ba77eac2d44adf6e74f2d85a924c6
f83faeea44dcdfbe23066196bbf0bbaa
141a0f506c109afcdf026dc6351e0db7
b34bc2405b510044873027c2351b7900
3eec8b145e9076a526ff2cf8eacf1de3
040493bd1ae27b510a483640ae318e34
7103dda7c53e2ecd8190fe9211af4414
816c3d32a6a8c200e8a0355f446b920c
4899a0a2f9d47b6fe77d6e20ef1a5086
d23a87d99da660d2d1bf57e364cb92c5
f044496f1d814be11c73e87933df403d
7773092676c138c34b464670162122e7
89eaa0f326689128850400aec6fd915d
-----END OpenVPN Static key V1-----
</tls-auth>
<ca>
-----BEGIN CERTIFICATE-----
MIIDVDCCAtSgAwIBAgIUXR+jKg45t4r5kUI2rgx8RFOPy5UwBQYDK2VxMIGWMQsw
CQYDVQQGEwIwMDENMAsGA1UECAwEaG9tZTEVMBMGA1UEBwwMd2lzY2lpIGdsYcOf
MQwwCgYDVQQKDAN0Y3QxEjAQBgNVBAsMCXRjdCBAICQmJDEUMBIGA1UEAwwLRWFz
eS1SU0EgQ0ExHTAbBgkqhkiG9w0BCQEWDm1lQGV4YW1wbGUubmV0MQowCAYDVQQF
EwEuMB4XDTIyMTIxMjE3NDkwMVoXDTMyMTIwOTE3NDkwMVowgZYxCzAJBgNVBAYT
AjAwMQ0wCwYDVQQIDARob21lMRUwEwYDVQQHDAx3aXNjaWkgZ2xhw58xDDAKBgNV
BAoMA3RjdDESMBAGA1UECwwJdGN0IEAgJCYkMRQwEgYDVQQDDAtFYXN5LVJTQSBD
QTEdMBsGCSqGSIb3DQEJARYObWVAZXhhbXBsZS5uZXQxCjAIBgNVBAUTAS4wQzAF
BgMrZXEDOgALG1fJKUk5ehUq4nVUkPzvArj5oP/KM3KOwZlHsdhVf8Jpnn2bHcw8
u31Ow4bQkyBzv1LCfojvHwCjggEXMIIBEzAMBgNVHRMEBTADAQH/MB0GA1UdDgQW
BBQf86RZp+lN0kljSxLcsKKdjivrljCB1gYDVR0jBIHOMIHLgBQf86RZp+lN0klj
SxLcsKKdjivrlqGBnKSBmTCBljELMAkGA1UEBhMCMDAxDTALBgNVBAgMBGhvbWUx
FTATBgNVBAcMDHdpc2NpaSBnbGHDnzEMMAoGA1UECgwDdGN0MRIwEAYDVQQLDAl0
Y3QgQCAkJiQxFDASBgNVBAMMC0Vhc3ktUlNBIENBMR0wGwYJKoZIhvcNAQkBFg5t
ZUBleGFtcGxlLm5ldDEKMAgGA1UEBRMBLoIUXR+jKg45t4r5kUI2rgx8RFOPy5Uw
CwYDVR0PBAQDAgEGMAUGAytlcQNzADSPM80MStQhVALsTfhqYr2QEoVKmSeLw5Y4
c3ITUFVaEGTgNFhZ1kqAw52ysc4hdwBDQKO3kEO1ANrI6zXps7vGOzack50lK1gq
VlGQMUnxAlVuCitNZrMQ1DOr3FOBOjOBXfVNjtm+2iyvqWZ8ZgwWAA==
-----END CERTIFICATE-----
</ca>
<cert>
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
a7:93:94:fe:87:14:99:6c:eb:8f:c9:f8:8e:76:79:18
Signature Algorithm: ED448
Issuer: C=00, ST=home, L=wiscii gla\xC3\x9F, O=tct, OU=tct @ $&$, CN=Easy-RSA CA/[email protected]/serialNumber=.
Validity
Not Before: Dec 12 17:49:34 2022 GMT
Not After : Mar 16 17:49:34 2025 GMT
Subject: C=00, ST=home, L=wiscii gla\xC3\x9F, O=tct, OU=tct @ $&$, CN=CLIENT-01/[email protected]/serialNumber=.
Subject Public Key Info:
Public Key Algorithm: ED448
ED448 Public-Key:
pub:
25:61:fc:35:f9:7e:e8:f0:72:07:30:ad:e3:72:c3:
ea:1d:20:0e:bd:29:33:e5:77:c3:c2:f9:b2:6d:26:
90:81:4f:15:93:58:8d:32:5c:f1:95:96:a9:32:d9:
4c:47:0c:04:6e:aa:5e:95:40:6f:92:80
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Subject Key Identifier:
86:91:7A:30:E7:44:13:A5:FC:B5:9D:2E:EE:BB:C1:38:38:35:39:8A
X509v3 Authority Key Identifier:
keyid:1F:F3:A4:59:A7:E9:4D:D2:49:63:4B:12:DC:B0:A2:9D:8E:2B:EB:96
DirName:/C=00/ST=home/L=wiscii gla\xC3\x9F/O=tct/OU=tct @ $&$/CN=Easy-RSA CA/[email protected]/serialNumber=.
serial:5D:1F:A3:2A:0E:39:B7:8A:F9:91:42:36:AE:0C:7C:44:53:8F:CB:95
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
Signature Algorithm: ED448
26:35:6f:90:7b:9d:d6:58:78:84:1e:05:80:68:8c:82:e3:c0:
dd:8e:09:c4:b7:91:3c:39:0f:d4:b1:0d:55:da:42:46:36:fc:
44:bb:ac:77:e1:39:f5:46:d4:66:64:b5:c3:8c:7b:d7:3f:86:
9e:f9:00:de:a4:e4:0b:3a:be:ef:84:3b:e9:3d:b0:87:c8:33:
89:74:35:40:05:6b:9a:36:4f:9d:0f:86:fa:e5:2b:16:ce:ce:
ed:a3:2e:71:dd:08:27:77:a5:de:d0:27:d8:35:45:d5:f4:24:
ac:db:b1:fd:10:00
-----BEGIN CERTIFICATE-----
MIIDYTCCAuGgAwIBAgIRAKeTlP6HFJls64/J+I52eRgwBQYDK2VxMIGWMQswCQYD
VQQGEwIwMDENMAsGA1UECAwEaG9tZTEVMBMGA1UEBwwMd2lzY2lpIGdsYcOfMQww
CgYDVQQKDAN0Y3QxEjAQBgNVBAsMCXRjdCBAICQmJDEUMBIGA1UEAwwLRWFzeS1S
U0EgQ0ExHTAbBgkqhkiG9w0BCQEWDm1lQGV4YW1wbGUubmV0MQowCAYDVQQFEwEu
MB4XDTIyMTIxMjE3NDkzNFoXDTI1MDMxNjE3NDkzNFowgZQxCzAJBgNVBAYTAjAw
MQ0wCwYDVQQIDARob21lMRUwEwYDVQQHDAx3aXNjaWkgZ2xhw58xDDAKBgNVBAoM
A3RjdDESMBAGA1UECwwJdGN0IEAgJCYkMRIwEAYDVQQDDAlDTElFTlQtMDExHTAb
BgkqhkiG9w0BCQEWDm1lQGV4YW1wbGUubmV0MQowCAYDVQQFEwEuMEMwBQYDK2Vx
AzoAJWH8Nfl+6PByBzCt43LD6h0gDr0pM+V3w8L5sm0mkIFPFZNYjTJc8ZWWqTLZ
TEcMBG6qXpVAb5KAo4IBKTCCASUwCQYDVR0TBAIwADAdBgNVHQ4EFgQUhpF6MOdE
E6X8tZ0u7rvBODg1OYowgdYGA1UdIwSBzjCBy4AUH/OkWafpTdJJY0sS3LCinY4r
65ahgZykgZkwgZYxCzAJBgNVBAYTAjAwMQ0wCwYDVQQIDARob21lMRUwEwYDVQQH
DAx3aXNjaWkgZ2xhw58xDDAKBgNVBAoMA3RjdDESMBAGA1UECwwJdGN0IEAgJCYk
MRQwEgYDVQQDDAtFYXN5LVJTQSBDQTEdMBsGCSqGSIb3DQEJARYObWVAZXhhbXBs
ZS5uZXQxCjAIBgNVBAUTAS6CFF0foyoOObeK+ZFCNq4MfERTj8uVMBMGA1UdJQQM
MAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAFBgMrZXEDcwAmNW+Qe53WWHiEHgWA
aIyC48DdjgnEt5E8OQ/UsQ1V2kJGNvxEu6x34Tn1RtRmZLXDjHvXP4ae+QDepOQL
Or7vhDvpPbCHyDOJdDVABWuaNk+dD4b65SsWzs7toy5x3Qgnd6Xe0CfYNUXV9CSs
27H9EAA=
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
MEcCAQAwBQYDK2VxBDsEOZd4zLg8dAfe0aXdtmVOzXdnjngsTD+fV0CobBlarN6Q
/8XLGGEedtRdIoimdo2MWmdvfm9ufBcrtg==
-----END PRIVATE KEY-----
</key>
Configuration .ovpn ExpressVPN does not work
dev tun
fast-io
persist-key
persist-tun
nobind
remote germany-frankfurt-1-ca-version-2.expressnetw.com 1195
remote-random
pull
comp-lzo no
tls-client
verify-x509-name Server name-prefix
ns-cert-type server
key-direction 1
route-method exe
route-delay 2
tun-mtu 1500
fragment 1300
mssfix 1200
verb 3
cipher AES-256-CBC
keysize 256
auth SHA512
sndbuf 524288
rcvbuf 524288
auth-user-pass
<cert>
-----BEGIN CERTIFICATE-----
MIIDTjCCAregAwIBAgIDKzZvMA0GCSqGSIb3DQEBCwUAMIGFMQswCQYDVQQGEwJV
UzELMAkGA1UECBMCQ0ExFTATBgNVBAcTDFNhbkZyYW5jaXNjbzEVMBMGA1UEChMM
Rm9ydC1GdW5zdG9uMRgwFgYDVQQDEw9Gb3J0LUZ1bnN0b24gQ0ExITAfBgkqhkiG
9w0BCQEWEm1lQG15aG9zdC5teWRvbWFpbjAgFw0xNjExMDMwMzA2MThaGA8yMDY2
MTEwMzAzMDYxOFowgYoxCzAJBgNVBAYTAlZHMQwwCgYDVQQIDANCVkkxEzARBgNV
BAoMCkV4cHJlc3NWUE4xEzARBgNVBAsMCkV4cHJlc3NWUE4xHDAaBgNVBAMME2V4
cHJlc3N2cG5fY3VzdG9tZXIxJTAjBgkqhkiG9w0BCQEWFnN1cHBvcnRAZXhwcmVz
c3Zwbi5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrOYt/KOi2
uMDGev3pXg8j1SO4J/4EVWDF7vJcKr2jrZlqD/zuAFx2W1YWvwumPO6PKH4PU962
1aNdiumaUkv/RplCfznnnxqobhJuTE2oA+rS1bOq+9OhHwF9jgNXNVk+XX4d0toS
T5uGE6Z3OdmPBur8o5AlCf78PDSAwpFOw5HrgLqOEU4hTweC1/czX2VsvsHv22HR
I6JMZgP8gGQii/p9iukqfaJvGdPciL5p1QRBUQIi8P8pNvEp1pVIpxYj7/LOUqb2
DxFvgmp2v1IQ0Yu88SWsFk84+xAYHzfkLyS31Sqj5uLRBnJqx3fIlOihQ50GI72f
wPMwo+OippvVAgMBAAGjPzA9MAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgSw
MB0GA1UdDgQWBBSkBM1TCX9kBgFsv2RmOzudMXa9njANBgkqhkiG9w0BAQsFAAOB
gQA+2e4b+33zFmA+1ZQ46kWkfiB+fEeDyMwMLeYYyDS2d8mZhNZKdOw7dy4Ifz9V
qzp4aKuQ6j61c6k1UaQQL0tskqWVzslSFvs9NZyUAJLLdGUc5TT2MiLwiXQwd4Uv
H6bGeePdhvB4+ZbW7VMD7TE8hZhjhAL4F6yAP1EQvg3LDA==
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAqzmLfyjotrjAxnr96V4PI9UjuCf+BFVgxe7yXCq9o62Zag/8
7gBcdltWFr8Lpjzujyh+D1PettWjXYrpmlJL/0aZQn85558aqG4SbkxNqAPq0tWz
qvvToR8BfY4DVzVZPl1+HdLaEk+bhhOmdznZjwbq/KOQJQn+/Dw0gMKRTsOR64C6
jhFOIU8Hgtf3M19lbL7B79th0SOiTGYD/IBkIov6fYrpKn2ibxnT3Ii+adUEQVEC
IvD/KTbxKdaVSKcWI+/yzlKm9g8Rb4Jqdr9SENGLvPElrBZPOPsQGB835C8kt9Uq
o+bi0QZyasd3yJTooUOdBiO9n8DzMKPjoqab1QIDAQABAoIBAHgsekC0SKi+AOcN
OZqJ3pxqophE0V7fQX2KWGXhxZnUZMFxGTc936deMYzjZ1y0lUa6x8cgOUcfqHol
3hDmw9oWBckLHGv5Wi9umdb6DOLoZO62+FQATSdfaJ9jheq2Ub2YxsRN0apaXzB6
KDKz0oM0+sZ4Udn9Kw6DfuIELRIWwEx4w0v3gKW7YLC4Jkc4AwLkPK03xEA/qImf
kCmaMPLhrgVQt+IFfP8bXzL7CCC04rNU/IS8pyjex+iUolnQZlbXntF7Bm4V2mz0
827ZVqrgAb/hEQRlsTW3rRkVh+rrdoUE7BCZRTFmRCbLoShjN6XuSf4sAus8ch4U
EN12gN0CgYEA4o/tSvij1iPaXLmt4KOEuxqmSGB8MLKhFde8lBbNdrDgxiIH9bH7
khKx15XRTX0qLDbs8b2/UJygZG0Aa1kIBqZTXTgeMAuxPRTesALJPdqQ/ROnbJcd
FkI7gllrAG8VB0fH4wTRsRd0vWEB6YlCdE107u6LEsLAHxOj9Q5819cCgYEAwXjx
9RkQ2qITBx5Ewib8YsltA0n3cmRomPicLlsnKV5DfvyCLpFIsZ1h3f9dUpfxRLwz
p8wcoLiq9cCoOGdu1udw/yBTqmhaXWhUK/g77f9Ze2ZB1OEhuyKLYJ1vW/h/Z/a1
aPCMxZqsDTPCePsuO8Cez5gqs8LjM3W7EyzRxDMCgYEAvhHrDFt975fSiLoJgo0M
PIAGAnBXn+8sLwv3m/FpW+rWF8LTFK/Fku12H5wDpNOdvswxijkauIE+GiJMGMLv
dcyx4WHECaC1h73reJRNykOEIZ0Md5BrCZJ1JEzp9Mo8RQhWTEFtvfkkqgApP4g0
pSeaMx0StaGG1kt+4IbP+68CgYBrZdQKlquAck/Vt7u7eyDHRcE5/ilaWtqlb/xi
zz7h++3D5C/v4b5UumTFcyg+3RGVclPKZcfOgDSGzzeSd/hTW46iUTOgeOUQzQVM
kzPRXdoyYgVRQtgSpY5xR3O1vjAbahwx8LZ0SvQPMBhYSDbV/Isr+fBacWjl/Aip
EEwxeQKBgQDdrAEnVlOFoCLw4sUjsPoxkLjhTAgI7CYk5NNxX67Rnj0tp+Y49+sG
Uhl5sCGfMKkLShiON5P2oxZa+B0aPtQjsdnsFPa1uaZkK4c++SS6AetzYRpVDLmL
p7/1CulE0z3O0sBekpwiuaqLJ9ZccC81g4+2j8j6c50rIAct3hxIxw==
-----END RSA PRIVATE KEY-----
</key>
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
48d9999bd71095b10649c7cb471c1051
b1afdece597cea06909b99303a18c674
01597b12c04a787e98cdb619ee960d90
a0165529dc650f3a5c6fbe77c91c137d
cf55d863fcbe314df5f0b45dbe974d9b
de33ef5b4803c3985531c6c23ca6906d
6cd028efc8585d1b9e71003566bd7891
b9cc9212bcba510109922eed87f5c8e6
6d8e59cbd82575261f02777372b2cd4c
a5214c4a6513ff26dd568f574fd40d6c
d450fc788160ff68434ce2bf6afb00e7
10a3198538f14c4d45d84ab42637872e
778a6b35a124e700920879f1d003ba93
dccdb953cdf32bea03f365760b0ed800
2098d4ce20d045b45a83a8432cc73767
7aed27125592a7148d25c87fdbe0a3f6
-----END OpenVPN Static key V1-----
</tls-auth>
<ca>
-----BEGIN CERTIFICATE-----
MIIF+DCCA+CgAwIBAgIBATANBgkqhkiG9w0BAQ0FADCBhDELMAkGA1UEBhMCVkcx
DDAKBgNVBAgMA0JWSTETMBEGA1UECgwKRXhwcmVzc1ZQTjETMBEGA1UECwwKRXhw
cmVzc1ZQTjEWMBQGA1UEAwwNRXhwcmVzc1ZQTiBDQTElMCMGCSqGSIb3DQEJARYW
c3VwcG9ydEBleHByZXNzdnBuLmNvbTAeFw0xNTEwMjEwMDAwMDBaFw0yNjA0MDEy
MTEyMDBaMIGEMQswCQYDVQQGEwJWRzEMMAoGA1UECAwDQlZJMRMwEQYDVQQKDApF
eHByZXNzVlBOMRMwEQYDVQQLDApFeHByZXNzVlBOMRYwFAYDVQQDDA1FeHByZXNz
VlBOIENBMSUwIwYJKoZIhvcNAQkBFhZzdXBwb3J0QGV4cHJlc3N2cG4uY29tMIIC
IjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAxzXvHZ25OsESKRMQFINHJNqE
9kVRLWJS50oVB2jxobudPhCsWvJSApvar8CB2RrqkVMhXu2HT3FBtDL91INg070q
AyjjRpzEbDPWqQ1+G0tk0sjiJt2mXPJK2IlNFnhe6rTs09Pkpcp8qRhfZay/dIlm
agohQAr4JvYL1Ajg9A3sLb8JkY03H6GhOF8EKYTqhrEppCcg4sQKQhNSytRoQAm8
Ta+tnTYIedwWpqjUXP9YXFOvljPaixfYug24eAkpTjeuWTcELSyfnuiBeK+z9+5O
YunhqFt2QZMq33kLFZGMN2gHRCzngxxphurypsPRo7jiFgQI1yLt8uZsEZ+otGEK
91jjKfOC+g9TBy2RUtxk1neWcQ6syXDuc3rBNrGA8iM0ZoEqQ1BC8xWr3NYlSjqN
+1mgpTAX3/Dxze4GzHd7AmYaYJV8xnKBVNphlMlg1giCAu5QXjMxPbfCgZiEFq/u
q0SOKQJeT3AI/uVPSvwCMWByjyMbDpKKAK8Hy3UT5m4bCNu8J7bxj+vdnq0A2HPw
tF0FwBl/TIM3zNsyFrZZ0j6jLRT50mFsgDBKcD4L/J5rjdCsKPu5rodhxe38rCx2
GknP1Zkov4yoVCcR48+CQwg3oBkq0/EflvWUvcYApzs9SomUM/g+8Q/V0WOfJmFW
uxN9YntZlnzHRSRjrvMCAwEAAaNzMHEwHQYDVR0OBBYEFIzmQGj8xS+0LLklwqHD
45VVOZRJMB8GA1UdIwQYMBaAFIzmQGj8xS+0LLklwqHD45VVOZRJMA8GA1UdEwEB
/wQFMAMBAf8wCwYDVR0PBAQDAgEGMBEGCWCGSAGG+EIBAQQEAwIBFjANBgkqhkiG
9w0BAQ0FAAOCAgEAbHfuMKtojm1NgX7qSU2Rm2B5L8G0FuFP0L40dj8O5WHt45j2
z8coMK90vrUnQEZNQmRzot7v3XjVzVlxBWYSsCEApTsSDNi/4BNFP8H/BUUtJuy2
GFTO4wDVJnqNkZOHBmyVD75s1Y+W8a+zB4jkMeDEhOHZdwQ0l1fJDDgXal5f1UT5
F5WH6/RwHmWTwX4GxuCiIVtx70CjkXqhM8yZtTp1UtHLRNYcNSIes0vrAPHPgoA5
z9B8UvsOjuP+mfcjzi0LGGrY+2pJu0BKO2dRnarIZZABETIisI3FokoTszx5jpRP
yxyUTuRDKWHrvi0PPtOmC8nFahfugWFUi6uBsqCaSeuex+ahnTPCq0b1l0Ozpg0Y
eE8CW1TL9Y92b01up2c+PP6wZOIm3JyTH+L5smDFbh80V42dKyGNdPXMg5IcJhj3
YfAy4k8h/qbWY57KFcIzKx40bFsoI7PeydbGtT/dIoFLSZRLW5bleXNgG9mXZp27
0UeEC6CpATCS6uVl8LVT1I02uulHUpFaRmTEOrmMxsXGt6UAwYTY55K/B8uuID34
1xKbeC0kzhuN2gsL5UJaocBHyWK/AqwbeBttdhOCLwoaj7+nSViPxICObKrg3qav
GNCvtwy/fEegK9X/wlp2e2CFlIhFbadeXOBr9Fn8ypYPP17mTqe98OJYM04=
-----END CERTIFICATE-----
</ca>
What needs to be fixed in the config?
There's a problem that I've been seeing for over a year now, and I'm not the only one. I have a program to work with that uses.ovpn configs to change my IP. Every 10 minutes it is automatically disconnected from the previous config connects to a new random one which are found by the path C:\Program Files\OpenVPN\config Approximately after ~150 such reconnected OpenVPN stops working. A lot of yellow icons appear in the tray and if you swipe the mouse pointer over them, they will simply disappear. If you restart the OpenVPN GUI it will appear in the tray with the usual white icon. but if you try to connect to the config, the icon immediately disappears and the connection does not occur. Only rebooting the PC/Server helps, after which everything works without problems
2.5.5: Accompanied by such a notification when the OpenVPN GUI was restarted - "OpenVPNServiceInteractive" is not started. Wintun driver will not work.
Also, around the same time, the clipboard stops working, and strange artifacts appear in the "Windows Explorer path."
P.S. But this is a "Windows" problem (with an RDP connection), it periodically occurs without OpenVPN installed. Maybe these problems are interrelated?!
please help solve this problem!
Describe the bug
Without changing any config file, neither on client nor server side, the server complains, ccd files are no longer readable.
Could not access file 'fmly/ccd/name': Permission denied (errno=13)
To Reproduce
It always reproduces.
Expected behavior
Behave like 2.5.8 is that regard.
Version information (please complete the following information):
Additional context
Of course that ccd folder is in the server.conf:
client-config-dir fmly/ccd
The ccd file itself and all its subfolders have ownership openvpn:network
and are readable and executable, respectively.
Downgrading to 2.5.8 immediately fixes the issue.
I'm happy to give as many more information as you need!
Doing some research I noticed that the documentation says that IPv4 and IPv6 are supported simultaneously but it doesn't make it clear where. According to the manual and some tests i noted regardless of the proto
used in the tunnel it is possible to travel IPv4 and IPv6 normally, what changes is the connection protocol (transport) between server and client: udp/udp4/udp6.
My intention is to allow clients to connect (transport) over both IPv4 and IPv6 using a single server instance. So far it seems to me that IPv4 and IPv6 connection/transport is not possible with a single instance, 1 instance is needed for IPv4 and another for IPv6.
if anyone knows, thanks
v2.6.008 OpenVPNgui is asking for password and should not.
reverted to previous version 2.5.040 and it is working fine with Remote Access ( SSL/TLS ). No popup.
on win10.
installed today using winget -> KO
removed and reinstalled specifying v2.5.040 -> OK
Identical --cipher
/--data-cipher AES-128-GCM
/--auth SHA256
/--data-cipher-fallback
/compression no
setting among server and clients, no link-mtu config.
Client still log:
WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1516', remote='link-mtu 1513'
Lack of documentation on how it's computed, and no real effect, DEPRECATED anyway, just remove it.
when enabled on the server, stop working with this error:
2022-09-19 17:26:15 Bruno-Casa/2804:14d:5ca0::XXX SIGTERM[soft,ovpn-dco: ping expired] received, client-instance exiting
Linux SRV01 5.19.0-1-amd64 OpenVPN/ovpn-dco#1 SMP PREEMPT_DYNAMIC Debian 5.19.6-1 (2022-09-01) x86_64 GNU/Linux
openvpn 2.6.0~git20220818-1
ovpn-dco/0.0+git20220816, 5.19.0-1-amd64, x86_64:
Describe the bug
I notice these two lines when connecting with OpenVPN-2.6.0-I003-amd64:
Tue Jan 31 21:34:19 2023 NOTE: --user option is not implemented on Windows
Tue Jan 31 21:34:19 2023 NOTE: --group option is not implemented on Windows
To Reproduce
Expected behavior
I expected to connect, and do, and still do without the above lines, but I'm just wondering if it's correct that these are no longer in the Windows client, and if so, what that means. Maybe it's unimportant, but I thought it was for a security reason.
Version information (please complete the following information):
Additional context
All but sure this is new as of 2.6.0, but even if it's not, the question stands.
Just wondering the above. GitHub's Watch Releases feature doesn't work because the project has no releases in the GitHub sense. The official OpenVPN download pages RSS feed links to comments only and not the actual releases. This renders staying fully patched extremely difficult. Any ideas?
Describe the bug
When using OpenVPN 2.6.0, our Windows clients can't assign the IPv4 address given by the server, which results in a later failure when the client tries to set routes dependent on that IPv4 address. The issue does not appear when using the old tap-windows6 driver by setting disable-dco
in the client config.
Redacted Log (I hope it is still readable enough):
2023-01-27 13:56:46 Note: --cipher is not set. OpenVPN versions before 2.5 defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers-fallback BF-CBC' to your configuration and/or add BF-CBC to --data-ciphers.
2023-01-27 13:56:46 OpenVPN 2.6.0 [git:v2.6.0/b999466418dddb89] Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] [DCO] built on Jan 25 2023
2023-01-27 13:56:46 Windows version 10.0 (Windows 10 or greater), amd64 executable
2023-01-27 13:56:46 library versions: OpenSSL 3.0.7 1 Nov 2022, LZO 2.10
2023-01-27 13:56:46 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25341
2023-01-27 13:56:46 Need hold release from management interface, waiting...
2023-01-27 13:56:47 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:62515
2023-01-27 13:56:47 MANAGEMENT: CMD 'state on'
2023-01-27 13:56:47 MANAGEMENT: CMD 'log on all'
2023-01-27 13:56:47 MANAGEMENT: CMD 'echo on all'
2023-01-27 13:56:47 MANAGEMENT: CMD 'bytecount 5'
2023-01-27 13:56:47 MANAGEMENT: CMD 'state'
2023-01-27 13:56:47 MANAGEMENT: CMD 'hold off'
2023-01-27 13:56:47 MANAGEMENT: CMD 'hold release'
2023-01-27 13:56:47 MANAGEMENT: >STATE:1674824207,RESOLVE,,,,,,
2023-01-27 13:56:47 TCP/UDP: Preserving recently used remote address: [AF_INET]REMOTE_IP:1194
2023-01-27 13:56:47 ovpn-dco device [OpenVPN Data Channel Offload] opened
2023-01-27 13:56:47 UDP link local: (not bound)
2023-01-27 13:56:47 UDP link remote: [AF_INET]REMOTE_IP:1194
2023-01-27 13:56:47 MANAGEMENT: >STATE:1674824207,WAIT,,,,,,
2023-01-27 13:56:47 MANAGEMENT: >STATE:1674824207,AUTH,,,,,,
2023-01-27 13:56:47 TLS: Initial packet from [AF_INET]REMOTE_IP:1194, sid=xxxxxxxx xxxxxxxx
2023-01-27 13:56:47 VERIFY OK: depth=3, REDACTED
2023-01-27 13:56:47 VERIFY OK: depth=2, REDACTED
2023-01-27 13:56:47 VERIFY OK: depth=1, REDACTED
2023-01-27 13:56:47 VERIFY KU OK
2023-01-27 13:56:47 Validating certificate extended key usage
2023-01-27 13:56:47 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2023-01-27 13:56:47 VERIFY EKU OK
2023-01-27 13:56:47 VERIFY X509NAME OK: REDACTED
2023-01-27 13:56:47 VERIFY OK: depth=0, REDACTED
2023-01-27 13:56:47 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 4096 bit RSA, signature: RSA-SHA256
2023-01-27 13:56:47 [REMOTE_DOMAIN] Peer Connection Initiated with [AF_INET]REMOTE_IP:1194
2023-01-27 13:56:47 TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1
2023-01-27 13:56:47 TLS: tls_multi_process: initial untrusted session promoted to trusted
2023-01-27 13:56:47 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS DNS_v4_IP,dhcp-option DNS6 DNS_v6_IP,dhcp-option NTP NTP_v4_IP_1,dhcp-option NTP NTP_v4_IP_2,dhcp-option DOMAIN COMPANY_DOMAIN,ip-win32 dynamic 0 86400,route COMPANY_IP_NET 255.255.0.0,route-ipv6 COMPANY_IP_NET_v6/48,route remote_host 255.255.255.255 net_gateway,tun-ipv6,route-gateway VPN_CLIENT_IPv4_GATEWAY,topology subnet,ping 15,ping-restart 120,ifconfig-ipv6 VPN_CLIENT_IPv6/64 VPN_CLIENT_IPv6_GATEWAY,ifconfig VPN_CLIENT_IPv4 255.255.255.0,peer-id 3,cipher AES-256-GCM'
2023-01-27 13:56:47 OPTIONS IMPORT: timers and/or timeouts modified
2023-01-27 13:56:47 OPTIONS IMPORT: --ifconfig/up options modified
2023-01-27 13:56:47 OPTIONS IMPORT: route options modified
2023-01-27 13:56:47 OPTIONS IMPORT: route-related options modified
2023-01-27 13:56:47 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2023-01-27 13:56:47 OPTIONS IMPORT: peer-id set
2023-01-27 13:56:47 OPTIONS IMPORT: data channel crypto options modified
2023-01-27 13:56:47 interactive service msg_channel=572
2023-01-27 13:56:47 GDG6: remote_host_ipv6=n/a
2023-01-27 13:56:47 NOTE: GetBestInterfaceEx returned error: Element nicht gefunden. (code=1168)
2023-01-27 13:56:47 MANAGEMENT: >STATE:1674824207,ASSIGN_IP,,VPN_CLIENT_IPv4,,,,,VPN_CLIENT_IPv6
2023-01-27 13:56:47 IPv4 MTU set to 1300 on interface 9 using service
2023-01-27 13:56:47 INET6 address service: add VPN_CLIENT_IPv6/128
2023-01-27 13:56:47 add_route_ipv6(VPN_CLIENT_IPv6_NETWORK/64 -> VPN_CLIENT_IPv6 metric 0) IF 9
2023-01-27 13:56:47 IPv6 route addition via service succeeded
2023-01-27 13:56:47 IPv6 dns servers set using service
2023-01-27 13:56:47 IPv6 MTU set to 1300 on interface 9 using service
2023-01-27 13:56:47 C:\WINDOWS\system32\route.exe ADD REMOTE_IP MASK 255.255.255.255 DEFAULT_IPv4_GATEWAY
2023-01-27 13:56:47 Route addition via service succeeded
2023-01-27 13:56:47 C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 VPN_CLIENT_IPv4_GATEWAY
2023-01-27 13:56:47 Warning: route gateway is not reachable on any active network adapters: VPN_CLIENT_IPv4_GATEWAY
2023-01-27 13:56:47 C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 VPN_CLIENT_IPv4_GATEWAY
2023-01-27 13:56:47 Warning: route gateway is not reachable on any active network adapters: VPN_CLIENT_IPv4_GATEWAY
2023-01-27 13:56:47 MANAGEMENT: >STATE:1674824207,ADD_ROUTES,,,,,,
2023-01-27 13:56:47 C:\WINDOWS\system32\route.exe ADD COMPANY_IP_NET MASK 255.255.0.0 VPN_CLIENT_IPv4_GATEWAY METRIC 200
2023-01-27 13:56:47 Warning: route gateway is not reachable on any active network adapters: VPN_CLIENT_IPv4_GATEWAY
2023-01-27 13:56:47 C:\WINDOWS\system32\route.exe ADD REMOTE_IP MASK 255.255.255.255 DEFAULT_IPv4_GATEWAY METRIC 200
2023-01-27 13:56:47 Route addition via service failed because route exists
2023-01-27 13:56:47 add_route_ipv6(COMPANY_IP_NET_v6/48 -> VPN_CLIENT_IPv6_GATEWAY metric 200) IF 9
2023-01-27 13:56:47 IPv6 route addition via service succeeded
2023-01-27 13:56:47 add_route_ipv6(::/3 -> VPN_CLIENT_IPv6_GATEWAY metric 200) IF 9
2023-01-27 13:56:47 IPv6 route addition via service succeeded
2023-01-27 13:56:47 add_route_ipv6(2000::/4 -> VPN_CLIENT_IPv6_GATEWAY metric 200) IF 9
2023-01-27 13:56:47 IPv6 route addition via service succeeded
2023-01-27 13:56:47 add_route_ipv6(3000::/4 -> VPN_CLIENT_IPv6_GATEWAY metric 200) IF 9
2023-01-27 13:56:47 IPv6 route addition via service succeeded
2023-01-27 13:56:47 add_route_ipv6(fc00::/7 -> VPN_CLIENT_IPv6_GATEWAY metric 200) IF 9
2023-01-27 13:56:47 IPv6 route addition via service succeeded
2023-01-27 13:56:47 Data Channel: using negotiated cipher 'AES-256-GCM'
2023-01-27 13:56:47 Initialization Sequence Completed
2023-01-27 13:56:47 MANAGEMENT: >STATE:1674824207,CONNECTED,ROUTE_ERROR,VPN_CLIENT_IPv4,REMOTE_IP,1194,,,VPN_CLIENT_IPv6
Tested on Windows 10 2004, which should correspond to 20H1. I have also tested the same config on 21H2 with the same results.
Is this an issue in our config or a problem in the new dco driver?
Expected behavior
A working IPv4 address and correctly configured routes
Version information (please complete the following information):
Describe the bug
Running OpenVPN on FreeBSD with --daemon
(which implies --syslog
) shows off-by-one PID in syslog
To Reproduce
Run OpenVPN on FreeBSD with --daemon
, compare PID in syslog and ps
Dec 14 11:58:20 fbsd14 tun-udp-p2p-tls-sha256[46924]: dco_update_keys: peer_id=-1
# ps axwwwwwu |grep tls-sha256
root 46925 0.0 0.2 18208 8148 - Ss 11:39 0:00.26 ./bin/openvpn --daemon tun-udp-p2p-tls-sha256 --cd tun-udp-p2p-tls-sha256 --config server.conf --writepid ../openvpn-tun-udp-p2p-tls-sha256.pid
Expected behavior
actuall process PID visible in syslog
Version information (please complete the following information):
Additional context
I assume this is caused by doing openlog()
before daemon()
or something like that... does not happen on Linux.
Describe the bug
I am setting up vpn tunnels between multiple RockPi's (clients) on my home network and a cloud VM (server). After connecting a client to the server a timeout consistently occurs, after which the client attempts to reinitialize a new tunnel resulting in a tun0 and tun1. This seems to cause a conflict such that I can no longer access the RockPi via the VPN tunnel created initially. I have generated the server.conf and client.conf files via PiVPN.
To Reproduce
Expected behavior
Upon creating tunnel, tun0 will be set up. After timeout occurs on client side, tun1 will be initialized alongside existing tun0 (client side). Pi will then no longer be accessible from VM through vpn tunnel.
Version information (please complete the following information):
Additional context
From client side (/var/log/openvpn/the.log)
Fri Feb 3 06:58:53 2023 [vm594xjpu_ead5609c-735f-481b-97c1-4338332607ee] Inactivity timeout (--ping-restart), restarting
Fri Feb 3 06:58:53 2023 SIGUSR1[soft,ping-restart] received, process restarting
Fri Feb 3 06:58:53 2023 Restart pause, 5 second(s)
Fri Feb 3 06:58:58 2023 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Fri Feb 3 06:58:58 2023 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Fri Feb 3 06:58:58 2023 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Fri Feb 3 06:58:58 2023 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Fri Feb 3 06:58:58 2023 TCP/UDP: Preserving recently used remote address: [AF_INET]160.119.253.173:1194
Fri Feb 3 06:58:58 2023 Socket Buffers: R=[212992->212992] S=[212992->212992]
Fri Feb 3 06:58:58 2023 UDP link local: (not bound)
Fri Feb 3 06:58:58 2023 UDP link remote: [AF_INET]160.119.253.173:1194
Fri Feb 3 06:58:58 2023 TLS: Initial packet from [AF_INET]160.119.253.173:1194, sid=4a610490 41177b45
Fri Feb 3 06:58:59 2023 VERIFY OK: depth=1, CN=ChangeMe
Fri Feb 3 06:58:59 2023 VERIFY KU OK
Fri Feb 3 06:58:59 2023 Validating certificate extended key usage
Fri Feb 3 06:58:59 2023 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Fri Feb 3 06:58:59 2023 VERIFY EKU OK
Fri Feb 3 06:58:59 2023 VERIFY X509NAME OK: CN=vm594xjpu_ead5609c-735f-481b-97c1-4338332607ee
Fri Feb 3 06:58:59 2023 VERIFY OK: depth=0, CN=vm594xjpu_ead5609c-735f-481b-97c1-4338332607ee
Fri Feb 3 06:58:59 2023 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 256 bit EC, curve: prime256v1
Fri Feb 3 06:58:59 2023 [vm594xjpu_ead5609c-735f-481b-97c1-4338332607ee] Peer Connection Initiated with [AF_INET]160.119.253.173:1194
Fri Feb 3 06:59:00 2023 SENT CONTROL [vm594xjpu_ead5609c-735f-481b-97c1-4338332607ee]: 'PUSH_REQUEST' (status=1)
Fri Feb 3 06:59:00 2023 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DOMAIN searchdomain.example.com,dhcp-option DNS 9.9.9.9,dhcp-option DNS 149.112.112.112,block-outside-dns,redirect-gateway def1,route-gateway 10.8.0.1,topology subnet,ping 15,ping-restart 120,ifconfig 10.8.0.12 255.255.255.0,peer-id 4,cipher AES-256-GCM'
Fri Feb 3 06:59:00 2023 Options error: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:4: block-outside-dns (2.4.7)
Fri Feb 3 06:59:00 2023 OPTIONS IMPORT: timers and/or timeouts modified
Fri Feb 3 06:59:00 2023 OPTIONS IMPORT: --ifconfig/up options modified
Fri Feb 3 06:59:00 2023 OPTIONS IMPORT: route options modified
Fri Feb 3 06:59:00 2023 OPTIONS IMPORT: route-related options modified
Fri Feb 3 06:59:00 2023 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Fri Feb 3 06:59:00 2023 OPTIONS IMPORT: peer-id set
Fri Feb 3 06:59:00 2023 OPTIONS IMPORT: adjusting link_mtu to 1624
Fri Feb 3 06:59:00 2023 OPTIONS IMPORT: data channel crypto options modified
Fri Feb 3 06:59:00 2023 Data Channel: using negotiated cipher 'AES-256-GCM'
Fri Feb 3 06:59:00 2023 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Fri Feb 3 06:59:00 2023 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Fri Feb 3 06:59:00 2023 Preserving previous TUN/TAP instance: tun1
Fri Feb 3 06:59:00 2023 Initialization Sequence Completed
Fri Feb 3 07:02:43 2023 [vm594xjpu_ead5609c-735f-481b-97c1-4338332607ee] Inactivity timeout (--ping-restart), restarting
From server side (/var/log/openvpn.log)
Feb 3 06:58:58 vm594xjpu ovpn-server[10622]: MULTI: multi_create_instance called
Feb 3 06:58:58 vm594xjpu ovpn-server[10622]: 41.216.204.204:23760 Re-using SSL/TLS context
Feb 3 06:58:58 vm594xjpu ovpn-server[10622]: 41.216.204.204:23760 Control Channel MTU parms [ L:1621 D:1156 EF:94 EB:0 ET:0 EL:3 ]
Feb 3 06:58:58 vm594xjpu ovpn-server[10622]: 41.216.204.204:23760 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
Feb 3 06:58:58 vm594xjpu ovpn-server[10622]: 41.216.204.204:23760 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1553,tun-mtu 1500,proto UDPv4,cipher BF-CBC,auth SHA256,keysize 128,key-method 2,tls-server'
Feb 3 06:58:58 vm594xjpu ovpn-server[10622]: 41.216.204.204:23760 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1553,tun-mtu 1500,proto UDPv4,cipher BF-CBC,auth SHA256,keysize 128,key-method 2,tls-client'
Feb 3 06:58:58 vm594xjpu ovpn-server[10622]: 41.216.204.204:23760 TLS: Initial packet from [AF_INET]41.216.204.204:23760, sid=868dca55 28b05f9d
Feb 3 06:58:59 vm594xjpu ovpn-server[10622]: 41.216.204.204:23760 VERIFY OK: depth=1, CN=ChangeMe
Feb 3 06:58:59 vm594xjpu ovpn-server[10622]: 41.216.204.204:23760 VERIFY KU OK
Feb 3 06:58:59 vm594xjpu ovpn-server[10622]: 41.216.204.204:23760 Validating certificate extended key usage
Feb 3 06:58:59 vm594xjpu ovpn-server[10622]: 41.216.204.204:23760 ++ Certificate has EKU (str) TLS Web Client Authentication, expects TLS Web Client Authentication
Feb 3 06:58:59 vm594xjpu ovpn-server[10622]: 41.216.204.204:23760 VERIFY EKU OK
Feb 3 06:58:59 vm594xjpu ovpn-server[10622]: 41.216.204.204:23760 VERIFY OK: depth=0, CN=agent-2
Feb 3 06:58:59 vm594xjpu ovpn-server[10622]: 41.216.204.204:23760 peer info: IV_VER=2.4.7
Feb 3 06:58:59 vm594xjpu ovpn-server[10622]: 41.216.204.204:23760 peer info: IV_PLAT=linux
Feb 3 06:58:59 vm594xjpu ovpn-server[10622]: 41.216.204.204:23760 peer info: IV_PROTO=2
Feb 3 06:58:59 vm594xjpu ovpn-server[10622]: 41.216.204.204:23760 peer info: IV_NCP=2
Feb 3 06:58:59 vm594xjpu ovpn-server[10622]: 41.216.204.204:23760 peer info: IV_LZ4=1
Feb 3 06:58:59 vm594xjpu ovpn-server[10622]: 41.216.204.204:23760 peer info: IV_LZ4v2=1
Feb 3 06:58:59 vm594xjpu ovpn-server[10622]: 41.216.204.204:23760 peer info: IV_LZO=1
Feb 3 06:58:59 vm594xjpu ovpn-server[10622]: 41.216.204.204:23760 peer info: IV_COMP_STUB=1
Feb 3 06:58:59 vm594xjpu ovpn-server[10622]: 41.216.204.204:23760 peer info: IV_COMP_STUBv2=1
Feb 3 06:58:59 vm594xjpu ovpn-server[10622]: 41.216.204.204:23760 peer info: IV_TCPNL=1
Feb 3 06:58:59 vm594xjpu ovpn-server[10622]: 41.216.204.204:23760 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 256 bit EC, curve: prime256v1
Feb 3 06:58:59 vm594xjpu ovpn-server[10622]: 41.216.204.204:23760 [agent-2] Peer Connection Initiated with [AF_INET]41.216.204.204:23760
Feb 3 06:58:59 vm594xjpu ovpn-server[10622]: MULTI: new connection by client 'agent-2' will cause previous active sessions by this client to be dropped. Remember to use the --duplicate-cn option if you want multiple clients using the same certificate or username to concurrently connect.
Feb 3 06:58:59 vm594xjpu ovpn-server[10622]: OPTIONS IMPORT: reading client specific options from: /etc/openvpn/ccd/agent-2
Feb 3 06:58:59 vm594xjpu ovpn-server[10622]: MULTI: Learn: 10.8.0.12 -> agent-2/41.216.204.204:23760
Feb 3 06:58:59 vm594xjpu ovpn-server[10622]: MULTI: primary virtual IP for agent-2/41.216.204.204:23760: 10.8.0.12
Feb 3 06:59:00 vm594xjpu ovpn-server[10622]: agent-2/41.216.204.204:23760 PUSH: Received control message: 'PUSH_REQUEST'
Feb 3 06:59:00 vm594xjpu ovpn-server[10622]: agent-2/41.216.204.204:23760 SENT CONTROL [agent-2]: 'PUSH_REPLY,dhcp-option DOMAIN searchdomain.example.com,dhcp-option DNS 9.9.9.9,dhcp-option DNS 149.112.112.112,block-outside-dns,redirect-gateway def1,route-gateway 10.8.0.1,topology subnet,ping 15,ping-restart 120,ifconfig 10.8.0.12 255.255.255.0,peer-id 4,cipher AES-256-GCM' (status=1)
Feb 3 06:59:00 vm594xjpu ovpn-server[10622]: agent-2/41.216.204.204:23760 Data Channel: using negotiated cipher 'AES-256-GCM'
Feb 3 06:59:00 vm594xjpu ovpn-server[10622]: agent-2/41.216.204.204:23760 Data Channel MTU parms [ L:1549 D:1450 EF:49 EB:406 ET:0 EL:3 ]
Feb 3 06:59:00 vm594xjpu ovpn-server[10622]: agent-2/41.216.204.204:23760 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Feb 3 06:59:00 vm594xjpu ovpn-server[10622]: agent-2/41.216.204.204:23760 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
ifconfig from client side
tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500
inet 10.8.0.12 netmask 255.255.255.0 destination 10.8.0.12
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 100 (UNSPEC)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
tun1: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500
inet 10.8.0.12 netmask 255.255.255.0 destination 10.8.0.12
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 100 (UNSPEC)
RX packets 3783 bytes 269287 (269.2 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 6989 bytes 5973610 (5.9 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
Describe the bug
TCP servers do not properly expire clients, so the pool fills, and when the pool is full, clients can no longer connect and the syslog is full of "DCO errors"
To Reproduce
run a TCP server, connect a few 10.000 clients with different usernames (=new IP address assignment per client), disconnect right away
Expected behavior
dco-linux needs to inform userland about closed TCP sessions, but until this can be done, userland should log this in a more useful way (see below)
Version information (please complete the following information):
Additional context
Dec 22 12:01:36 ubuntu2004 tun-tcp-p2mp-username-cn[1659541]: 2001:608:0:814::f000:21 [gremlin46393] Peer Connection Initiated with [AF_INET6]2001:608:0:814::f000:21:24792
Dec 22 12:01:36 ubuntu2004 tun-tcp-p2mp-username-cn[1659541]: gremlin46393/2001:608:0:814::f000:21 MULTI: no free --ifconfig-pool addresses are available
Dec 22 12:01:36 ubuntu2004 tun-tcp-p2mp-username-cn[1659541]: gremlin46393/2001:608:0:814::f000:21 MULTI: no dynamic or static remote--ifconfig address is available for gremlin46393/2001:608:0:814::f000:21
Dec 22 12:01:36 ubuntu2004 tun-tcp-p2mp-username-cn[1659541]: gremlin46393/2001:608:0:814::f000:21 dco_new_peer: peer-id 0, fd 9, remote addr: [undefined]
Dec 22 12:01:36 ubuntu2004 tun-tcp-p2mp-username-cn[1659541]: gremlin46393/2001:608:0:814::f000:21 dco_new_peer: netlink reports error (-7): Invalid input data or parameter: No such file or directory (errno=2)
Dec 22 12:01:36 ubuntu2004 tun-tcp-p2mp-username-cn[1659541]: gremlin46393/2001:608:0:814::f000:21 dco_new_peer: failed to send netlink message: Invalid argument (-22)
Dec 22 12:01:36 ubuntu2004 tun-tcp-p2mp-username-cn[1659541]: gremlin46393/2001:608:0:814::f000:21 Cannot add peer to DCO for gremlin46393/2001:608:0:814::f000:21: Invalid argument (-22)
Dec 22 12:01:36 ubuntu2004 tun-tcp-p2mp-username-cn[1659541]: gremlin46393/2001:608:0:814::f000:21 Delayed exit in 5 seconds
Describe the bug
After a successful connection using OpenVPN-GUI, reconnecting fails with "All wintun adapters on this system are currently in use or disabled." The actual error appears to be with registering ring buffers (see logs below).
To Reproduce
Start a connection on Windows with --windows-driver wintun
using OpenVPN-GUI. Once connected, press reconnect which sends SIGHUP. After receiving PUSH_REPLY, the connection will fail with the above error. Tested only using OpenVPN-GUI as wintun needs SYSTEM privileges, but the error doesn't appear to be related to the GUI.
Expected behavior
SIGHUP restart should work
Version information (please complete the following information):
Additional context
Logs after first successful connection (excuse the hacked-up highlighting of errors)
2022-12-28 08:39:23 us=46000 Initialization Sequence Completed
2022-12-28 08:39:23 us=46000 MANAGEMENT: >STATE:1672245563,CONNECTED,SUCCESS,10.9.0.10,x.y.z.136,1194,,,2600:x:y:z::1008
2022-12-28 08:39:27 us=578000 MANAGEMENT: CMD 'signal SIGHUP'
2022-12-28 08:39:27 us=578000 TCP/UDP: Closing socket
2022-12-28 08:39:27 us=578000 Closing TUN/TAP interface
2022-12-28 08:39:27 us=578000 delete_route_ipv6(2600:x:y:z::/64)
2022-12-28 08:39:27 us=578000 IPv6 route deletion via service succeeded
2022-12-28 08:39:27 us=578000 INET6 address service: remove 2600:x:y:z::1008/128
2022-12-28 08:39:27 us=578000 Deleting IPv4 dns servers on 'OpenVPN Wintun' (if_index = 9) using service
2022-12-28 08:39:27 us=656000 IPv4 dns servers deleted using service
2022-12-28 08:39:27 us=656000 INET address service: remove 10.9.0.10/24
2022-12-28 08:39:27 us=671000 SIGHUP[hard,] received, process restarting
2022-12-28 08:39:27 us=671000 MANAGEMENT: >STATE:1672245567,RECONNECTING,SIGHUP,,,,,
2022-12-28 08:39:27 us=671000 --windows-driver is set to 'wintun'. Disabling Data Channel Offload
...
...
2022-12-28 08:39:27 us=687000 Restart pause, 1 second(s)
2022-12-28 08:39:28 us=703000 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2022-12-28 08:39:28 us=703000 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2022-12-28 08:39:28 us=703000 Control Channel MTU parms [ mss_fix:0 max_frag:0 tun_mtu:1250 tun_max_mtu:0 headroom:126 payload:1600 tailroom:126 ET:0 ]
2022-12-28 08:39:28 us=703000 MANAGEMENT: >STATE:1672245568,RESOLVE,,,,,,
2022-12-28 08:39:28 us=703000 Data Channel MTU parms [ mss_fix:0 max_frag:0 tun_mtu:1500 tun_max_mtu:1600 headroom:136 payload:1768 tailroom:562 ET:0 ]
2022-12-28 08:39:28 us=703000 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,keydir 1,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
2022-12-28 08:39:28 us=703000 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,keydir 0,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
2022-12-28 08:39:28 us=703000 TCP/UDP: Preserving recently used remote address: [AF_INET]x.y.z.136:1194
2022-12-28 08:39:28 us=703000 Socket Buffers: R=[65536->65536] S=[65536->65536]
2022-12-28 08:39:28 us=703000 UDPv4 link local: (not bound)
2022-12-28 08:39:28 us=703000 UDPv4 link remote: [AF_INET]x.y.z.136:1194
2022-12-28 08:39:28 us=703000 MANAGEMENT: >STATE:1672245568,WAIT,,,,,,
2022-12-28 08:39:28 us=734000 MANAGEMENT: >STATE:1672245568,AUTH,,,,,,
2022-12-28 08:39:28 us=734000 TLS: Initial packet from [AF_INET]x.y.z.136:1194, sid=38e44662 ec6699b3
2022-12-28 08:39:28 us=781000 VERIFY OK: depth=1, C=CA, ST=ON, L=Toronto, O=Foo, OU=IT, CN=Foo CA, [email protected]
2022-12-28 08:39:28 us=781000 VERIFY KU OK
2022-12-28 08:39:28 us=781000 Validating certificate extended key usage
2022-12-28 08:39:28 us=781000 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2022-12-28 08:39:28 us=781000 VERIFY EKU OK
2022-12-28 08:39:28 us=781000 VERIFY OK: depth=0, C=CA, ST=ON, L=Toronto, O=Foo, OU=IT, CN=ec-384r1, name=server, [email protected]
2022-12-28 08:39:28 us=828000 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 384 bit EC, curve secp384r1, signature: RSA-SHA256
2022-12-28 08:39:28 us=828000 [ec-384r1] Peer Connection Initiated with [AF_INET]x.y.z.136:1194
2022-12-28 08:39:28 us=828000 TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1
2022-12-28 08:39:28 us=828000 TLS: tls_multi_process: initial untrusted session promoted to trusted
2022-12-28 08:39:28 us=859000 PUSH: Received control message: 'PUSH_REPLY,route 192.168.0.0 255.255.255.0,explicit-exit-notify 1,tun-ipv6,tun-ipv6,route-gateway 10.9.0.1,topology subnet,ping 30,ping-restart 60,ifconfig-ipv6 2600:x:y:z::1008/64 2600:x:y:z::1,ifconfig 10.9.0.10 255.255.255.0,peer-id 2,auth-tokenSESS_ID,cipher AES-256-GCM,key-derivation tls-ekm'
2022-12-28 08:39:28 us=859000 Pushed option removed by filter: 'route 192.168.0.0 255.255.255.0'
2022-12-28 08:39:28 us=859000 OPTIONS IMPORT: timers and/or timeouts modified
2022-12-28 08:39:28 us=859000 OPTIONS IMPORT: explicit notify parm(s) modified
2022-12-28 08:39:28 us=859000 OPTIONS IMPORT: --ifconfig/up options modified
2022-12-28 08:39:28 us=859000 OPTIONS IMPORT: route-related options modified
2022-12-28 08:39:28 us=859000 OPTIONS IMPORT: peer-id set
2022-12-28 08:39:28 us=859000 OPTIONS IMPORT: data channel crypto options modified
2022-12-28 08:39:28 us=859000 interactive service msg_channel=680
2022-12-28 08:39:28 us=859000 open_tun
! 2022-12-28 08:39:28 us=875000 Register ring buffers failed using service: An attempt was made to perform an initialization operation when initialization has already been completed. [status=0x4df]
! 2022-12-28 08:39:28 us=875000 Failed to register {B34A7ADA-8A81-44F0-9C23-AF21CA64895D} adapter ring buffers
2022-12-28 08:39:28 us=875000 MANAGEMENT: Client disconnected
! 2022-12-28 08:39:28 us=875000 All wintun adapters on this system are currently in use or disabled.
2022-12-28 08:39:28 us=875000 Exiting due to fatal error
Not a bug only uncertainty about the internal workings.
We are using an AUTH_USER_PASS_VERIFY and a TLS_VERIFY plugin. The first one is deferred and is used for authentication with ldap. The second one is used only for logging the certificate expiry time. We are running a cluster of 3 instances with about 900 concurrent users.
It is very difficult to find out what really was happening but it seems that if the performance of the ldap request are deteriorating at a certain moment the vpn traffic gets blocked completely. If we disable the TLS_VERIFY plugin this never happens.
Is the plugin verification process waiting somehow on the deferred verification?
To Reproduce
Reproduction is very difficult.
Expected behavior
I expected, but this is maybe not true, that the 2 plugins are completely independent.
Version information (please complete the following information):
Additional context
The source code of the TLS_VERIFY plugin can be found here https://github.com/gerardborst/log-cert-expire-times/tree/1.0.5.
I also have a newer version which doesn't write to its own file but to the plugin log.
I also tried to use x509-track but discovered that the "Not After" time doesn't have an asn1 id so it isn't possible to refer to that.
Describe the bug
We run a big eduVPN installation for the Munich universities. Out of curiosity we added an additional node running OpenVPN 2.6_beta1 and DCO. We have come across a few issues that I cannot easily reproduce, but reporting neverless as discussed with Gert.
We have enabled logging (verb 3) and the logging immediately pegged the CPU at 100% (rsyslogd and systemd-journal). Within five minutes 29 million lines
12:26:54 eduvpn-n09 openvpn[147602]: d400821cdfd1c0294d1ec1b8bd15b768/2001:9e8:xxxx read TCPv6_SERVER []: Bad file descriptor (fd=-1,code=9)
have been generated (same pid, same peer IP)
To Reproduce
Unsure
Expected behavior
Connection is terminated and/or the logging is ratelimited to a sane amount
Version information (please complete the following information):
crypto_openssl.o: In function ui_reader': /home/jin/openvpn-build/generic/tmp/openvpn-2.5.4/src/openvpn/crypto_openssl.c:1068: undefined reference to
SSL_CTX_get_default_passwd_cb'
/home/jin/openvpn-build/generic/tmp/openvpn-2.5.4/src/openvpn/crypto_openssl.c:1069: undefined reference to SSL_CTX_get_default_passwd_cb_userdata' crypto_openssl.o: In function
cipher_ctx_init':
/home/jin/openvpn-build/generic/tmp/openvpn-2.5.4/src/openvpn/crypto_openssl.c:772: undefined reference to EVP_CIPHER_CTX_reset' crypto_openssl.o: In function
md_ctx_new':
/home/jin/openvpn-build/generic/tmp/openvpn-2.5.4/src/openvpn/crypto_openssl.c:942: undefined reference to EVP_MD_CTX_new' crypto_openssl.o: In function
md_ctx_init':
/home/jin/openvpn-build/generic/tmp/openvpn-2.5.4/src/openvpn/crypto_openssl.c:958: undefined reference to EVP_MD_CTX_reset' crypto_openssl.o: In function
hmac_ctx_new':
/home/jin/openvpn-build/generic/tmp/openvpn-2.5.4/src/openvpn/crypto_openssl.c:998: undefined reference to HMAC_CTX_new' crypto_openssl.o: In function
hmac_ctx_init':
/home/jin/openvpn-build/generic/tmp/openvpn-2.5.4/src/openvpn/crypto_openssl.c:1015: undefined reference to HMAC_CTX_reset' /home/jin/openvpn-build/generic/tmp/openvpn-2.5.4/src/openvpn/crypto_openssl.c:1019: undefined reference to
HMAC_size'
crypto_openssl.o: In function hmac_ctx_size': /home/jin/openvpn-build/generic/tmp/openvpn-2.5.4/src/openvpn/crypto_openssl.c:1031: undefined reference to
HMAC_size'
crypto_openssl.o: In function crypto_init_lib': /home/jin/openvpn-build/generic/tmp/openvpn-2.5.4/src/openvpn/crypto_openssl.c:155: undefined reference to
OPENSSL_init_crypto'
crypto_openssl.o: In function md_ctx_free': /home/jin/openvpn-build/generic/tmp/openvpn-2.5.4/src/openvpn/crypto_openssl.c:950: undefined reference to
EVP_MD_CTX_free'
crypto_openssl.o: In function md_ctx_cleanup': /home/jin/openvpn-build/generic/tmp/openvpn-2.5.4/src/openvpn/crypto_openssl.c:965: undefined reference to
EVP_MD_CTX_reset'
crypto_openssl.o: In function hmac_ctx_free': /home/jin/openvpn-build/generic/tmp/openvpn-2.5.4/src/openvpn/crypto_openssl.c:1006: undefined reference to
HMAC_CTX_free'
crypto_openssl.o: In function hmac_ctx_cleanup': /home/jin/openvpn-build/generic/tmp/openvpn-2.5.4/src/openvpn/crypto_openssl.c:1025: undefined reference to
HMAC_CTX_reset'
ssl_openssl.o: In function openvpn_extkey_rsa_finish': /home/jin/openvpn-build/generic/tmp/openvpn-2.5.4/src/openvpn/ssl_openssl.c:1194: undefined reference to
RSA_meth_free'
ssl_openssl.o: In function openvpn_extkey_ec_finish': /home/jin/openvpn-build/generic/tmp/openvpn-2.5.4/src/openvpn/ssl_openssl.c:1352: undefined reference to
EC_KEY_get_method'
ssl_openssl.o: In function tls_ctx_server_new': /home/jin/openvpn-build/generic/tmp/openvpn-2.5.4/src/openvpn/ssl_openssl.c:112: undefined reference to
TLS_server_method'
ssl_openssl.o: In function tls_ctx_client_new': /home/jin/openvpn-build/generic/tmp/openvpn-2.5.4/src/openvpn/ssl_openssl.c:130: undefined reference to
TLS_client_method'
ssl_openssl.o: In function tls_ctx_set_options': /home/jin/openvpn-build/generic/tmp/openvpn-2.5.4/src/openvpn/ssl_openssl.c:345: undefined reference to
SSL_CTX_set_options'
ssl_openssl.o: In function tls_ctx_restrict_ciphers_tls13': /home/jin/openvpn-build/generic/tmp/openvpn-2.5.4/src/openvpn/ssl_openssl.c:530: undefined reference to
SSL_CTX_set_ciphersuites'
ssl_openssl.o: In function tls_ctx_set_cert_profile': /home/jin/openvpn-build/generic/tmp/openvpn-2.5.4/src/openvpn/ssl_openssl.c:556: undefined reference to
SSL_CTX_set_security_level'
ssl_openssl.o: In function tls_ctx_check_cert_time': /home/jin/openvpn-build/generic/tmp/openvpn-2.5.4/src/openvpn/ssl_openssl.c:638: undefined reference to
X509_get0_notBefore'
/home/jin/openvpn-build/generic/tmp/openvpn-2.5.4/src/openvpn/ssl_openssl.c:648: undefined reference to X509_get0_notAfter' ssl_openssl.o: In function
tls_ctx_load_ecdh_params':
/home/jin/openvpn-build/generic/tmp/openvpn-2.5.4/src/openvpn/ssl_openssl.c:713: undefined reference to SSL_CTX_set_options' ssl_openssl.o: In function
sk_X509_num':
/home/jin/openvpn-build/generic/tmp/openssl-1.1.1k/include/openssl/x509.h:99: undefined reference to OPENSSL_sk_num' ssl_openssl.o: In function
sk_X509_value':
/home/jin/openvpn-build/generic/tmp/openssl-1.1.1k/include/openssl/x509.h:99: undefined reference to OPENSSL_sk_value' /home/jin/openvpn-build/generic/tmp/openssl-1.1.1k/include/openssl/x509.h:99: undefined reference to
OPENSSL_sk_value'
ssl_openssl.o: In function sk_X509_num': /home/jin/openvpn-build/generic/tmp/openssl-1.1.1k/include/openssl/x509.h:99: undefined reference to
OPENSSL_sk_num'
/home/jin/openvpn-build/generic/tmp/openssl-1.1.1k/include/openssl/x509.h:99: undefined reference to OPENSSL_sk_num' ssl_openssl.o: In function
sk_X509_value':
/home/jin/openvpn-build/generic/tmp/openssl-1.1.1k/include/openssl/x509.h:99: undefined reference to OPENSSL_sk_value' ssl_openssl.o: In function
sk_X509_num':
/home/jin/openvpn-build/generic/tmp/openssl-1.1.1k/include/openssl/x509.h:99: undefined reference to OPENSSL_sk_num' ssl_openssl.o: In function
tls_ctx_load_cert_file':
/home/jin/openvpn-build/generic/tmp/openvpn-2.5.4/src/openvpn/ssl_openssl.c:967: undefined reference to SSL_CTX_get_default_passwd_cb_userdata' /home/jin/openvpn-build/generic/tmp/openvpn-2.5.4/src/openvpn/ssl_openssl.c:967: undefined reference to
SSL_CTX_get_default_passwd_cb'
ssl_openssl.o: In function tls_ctx_load_priv_file': /home/jin/openvpn-build/generic/tmp/openvpn-2.5.4/src/openvpn/ssl_openssl.c:1036: undefined reference to
SSL_CTX_get_default_passwd_cb_userdata'
/home/jin/openvpn-build/generic/tmp/openvpn-2.5.4/src/openvpn/ssl_openssl.c:1036: undefined reference to SSL_CTX_get_default_passwd_cb' ssl_openssl.o: In function
backend_tls_ctx_reload_crl':
/home/jin/openvpn-build/generic/tmp/openvpn-2.5.4/src/openvpn/ssl_openssl.c:1091: undefined reference to X509_STORE_get0_objects' ssl_openssl.o: In function
sk_X509_OBJECT_num':
/home/jin/openvpn-build/generic/tmp/openssl-1.1.1k/include/openssl/x509_vfy.h:58: undefined reference to OPENSSL_sk_num' ssl_openssl.o: In function
sk_X509_OBJECT_value':
/home/jin/openvpn-build/generic/tmp/openssl-1.1.1k/include/openssl/x509_vfy.h:58: undefined reference to OPENSSL_sk_value' ssl_openssl.o: In function
backend_tls_ctx_reload_crl':
/home/jin/openvpn-build/generic/tmp/openvpn-2.5.4/src/openvpn/ssl_openssl.c:1096: undefined reference to X509_OBJECT_get_type' ssl_openssl.o: In function
sk_X509_OBJECT_delete':
/home/jin/openvpn-build/generic/tmp/openssl-1.1.1k/include/openssl/x509_vfy.h:58: undefined reference to OPENSSL_sk_delete' ssl_openssl.o: In function
backend_tls_ctx_reload_crl':
/home/jin/openvpn-build/generic/tmp/openvpn-2.5.4/src/openvpn/ssl_openssl.c:1099: undefined reference to X509_OBJECT_free' ssl_openssl.o: In function
tls_ctx_use_management_external_key':
/home/jin/openvpn-build/generic/tmp/openvpn-2.5.4/src/openvpn/ssl_openssl.c:1486: undefined reference to X509_get0_pubkey' ssl_openssl.o: In function
tls_ctx_use_external_ec_key':
/home/jin/openvpn-build/generic/tmp/openvpn-2.5.4/src/openvpn/ssl_openssl.c:1421: undefined reference to EC_KEY_OpenSSL' /home/jin/openvpn-build/generic/tmp/openvpn-2.5.4/src/openvpn/ssl_openssl.c:1421: undefined reference to
EC_KEY_METHOD_new'
/home/jin/openvpn-build/generic/tmp/openvpn-2.5.4/src/openvpn/ssl_openssl.c:1428: undefined reference to EC_KEY_METHOD_set_init' /home/jin/openvpn-build/generic/tmp/openvpn-2.5.4/src/openvpn/ssl_openssl.c:1429: undefined reference to
EC_KEY_METHOD_set_sign'
/home/jin/openvpn-build/generic/tmp/openvpn-2.5.4/src/openvpn/ssl_openssl.c:1431: undefined reference to EVP_PKEY_get0_EC_KEY' /home/jin/openvpn-build/generic/tmp/openvpn-2.5.4/src/openvpn/ssl_openssl.c:1437: undefined reference to
EC_KEY_set_method'
ssl_openssl.o: In function tls_ctx_use_external_rsa_key': /home/jin/openvpn-build/generic/tmp/openvpn-2.5.4/src/openvpn/ssl_openssl.c:1283: undefined reference to
EVP_PKEY_get0_RSA'
/home/jin/openvpn-build/generic/tmp/openvpn-2.5.4/src/openvpn/ssl_openssl.c:1287: undefined reference to RSA_meth_new' /home/jin/openvpn-build/generic/tmp/openvpn-2.5.4/src/openvpn/ssl_openssl.c:1290: undefined reference to
RSA_meth_set_pub_enc'
/home/jin/openvpn-build/generic/tmp/openvpn-2.5.4/src/openvpn/ssl_openssl.c:1291: undefined reference to RSA_meth_set_pub_dec' /home/jin/openvpn-build/generic/tmp/openvpn-2.5.4/src/openvpn/ssl_openssl.c:1292: undefined reference to
RSA_meth_set_priv_enc'
/home/jin/openvpn-build/generic/tmp/openvpn-2.5.4/src/openvpn/ssl_openssl.c:1293: undefined reference to RSA_meth_set_priv_dec' /home/jin/openvpn-build/generic/tmp/openvpn-2.5.4/src/openvpn/ssl_openssl.c:1294: undefined reference to
RSA_meth_set_init'
/home/jin/openvpn-build/generic/tmp/openvpn-2.5.4/src/openvpn/ssl_openssl.c:1295: undefined reference to RSA_meth_set_finish' /home/jin/openvpn-build/generic/tmp/openvpn-2.5.4/src/openvpn/ssl_openssl.c:1296: undefined reference to
RSA_meth_set0_app_data'
/home/jin/openvpn-build/generic/tmp/openvpn-2.5.4/src/openvpn/ssl_openssl.c:1309: undefined reference to RSA_get0_key' /home/jin/openvpn-build/generic/tmp/openvpn-2.5.4/src/openvpn/ssl_openssl.c:1310: undefined reference to
RSA_set0_key'
/home/jin/openvpn-build/generic/tmp/openvpn-2.5.4/src/openvpn/ssl_openssl.c:1311: undefined reference to RSA_set_flags' /home/jin/openvpn-build/generic/tmp/openvpn-2.5.4/src/openvpn/ssl_openssl.c:1314: undefined reference to
RSA_meth_free'
ssl_openssl.o: In function tls_ctx_use_external_ec_key': /home/jin/openvpn-build/generic/tmp/openvpn-2.5.4/src/openvpn/ssl_openssl.c:1439: undefined reference to
EC_KEY_METHOD_free'
/home/jin/openvpn-build/generic/tmp/openvpn-2.5.4/src/openvpn/ssl_openssl.c:1434: undefined reference to EC_KEY_METHOD_free' ssl_openssl.o: In function
tls_ctx_use_external_rsa_key':
/home/jin/openvpn-build/generic/tmp/openvpn-2.5.4/src/openvpn/ssl_openssl.c:1337: undefined reference to RSA_meth_free' /home/jin/openvpn-build/generic/tmp/openvpn-2.5.4/src/openvpn/ssl_openssl.c:1290: undefined reference to
RSA_meth_set_pub_enc'
/home/jin/openvpn-build/generic/tmp/openvpn-2.5.4/src/openvpn/ssl_openssl.c:1291: undefined reference to RSA_meth_set_pub_dec' /home/jin/openvpn-build/generic/tmp/openvpn-2.5.4/src/openvpn/ssl_openssl.c:1292: undefined reference to
RSA_meth_set_priv_enc'
/home/jin/openvpn-build/generic/tmp/openvpn-2.5.4/src/openvpn/ssl_openssl.c:1293: undefined reference to RSA_meth_set_priv_dec' /home/jin/openvpn-build/generic/tmp/openvpn-2.5.4/src/openvpn/ssl_openssl.c:1294: undefined reference to
RSA_meth_set_init'
/home/jin/openvpn-build/generic/tmp/openvpn-2.5.4/src/openvpn/ssl_openssl.c:1295: undefined reference to RSA_meth_set_finish' /home/jin/openvpn-build/generic/tmp/openvpn-2.5.4/src/openvpn/ssl_openssl.c:1296: undefined reference to
RSA_meth_set0_app_data'
ssl_openssl.o: In function sk_X509_INFO_num': /home/jin/openvpn-build/generic/tmp/openssl-1.1.1k/include/openssl/x509.h:254: undefined reference to
OPENSSL_sk_num'
ssl_openssl.o: In function sk_X509_INFO_value': /home/jin/openvpn-build/generic/tmp/openssl-1.1.1k/include/openssl/x509.h:254: undefined reference to
OPENSSL_sk_value'
ssl_openssl.o: In function sk_X509_NAME_find': /home/jin/openvpn-build/generic/tmp/openssl-1.1.1k/include/openssl/x509.h:77: undefined reference to
OPENSSL_sk_find'
ssl_openssl.o: In function sk_X509_NAME_num': /home/jin/openvpn-build/generic/tmp/openssl-1.1.1k/include/openssl/x509.h:77: undefined reference to
OPENSSL_sk_num'
ssl_openssl.o: In function sk_X509_INFO_num': /home/jin/openvpn-build/generic/tmp/openssl-1.1.1k/include/openssl/x509.h:254: undefined reference to
OPENSSL_sk_num'
ssl_openssl.o: In function sk_X509_INFO_pop_free': /home/jin/openvpn-build/generic/tmp/openssl-1.1.1k/include/openssl/x509.h:254: undefined reference to
OPENSSL_sk_pop_free'
ssl_openssl.o: In function sk_X509_NAME_new': /home/jin/openvpn-build/generic/tmp/openssl-1.1.1k/include/openssl/x509.h:77: undefined reference to
OPENSSL_sk_new'
ssl_openssl.o: In function sk_X509_NAME_push': /home/jin/openvpn-build/generic/tmp/openssl-1.1.1k/include/openssl/x509.h:77: undefined reference to
OPENSSL_sk_push'
ssl_openssl.o: In function sk_X509_NAME_num': /home/jin/openvpn-build/generic/tmp/openssl-1.1.1k/include/openssl/x509.h:77: undefined reference to
OPENSSL_sk_num'
ssl_openssl.o: In function print_cert_details': /home/jin/openvpn-build/generic/tmp/openvpn-2.5.4/src/openvpn/ssl_openssl.c:2071: undefined reference to
EVP_PKEY_get0_EC_KEY'
/home/jin/openvpn-build/generic/tmp/openvpn-2.5.4/src/openvpn/ssl_openssl.c:2073: undefined reference to EVP_PKEY_get0_EC_KEY' ssl_openssl.o: In function
show_available_tls_ciphers_list':
/home/jin/openvpn-build/generic/tmp/openvpn-2.5.4/src/openvpn/ssl_openssl.c:2161: undefined reference to TLS_method' /home/jin/openvpn-build/generic/tmp/openvpn-2.5.4/src/openvpn/ssl_openssl.c:2193: undefined reference to
SSL_get1_supported_ciphers'
ssl_openssl.o: In function sk_SSL_CIPHER_num': /home/jin/openvpn-build/generic/tmp/openssl-1.1.1k/include/openssl/ssl.h:958: undefined reference to
OPENSSL_sk_num'
ssl_openssl.o: In function sk_SSL_CIPHER_value': /home/jin/openvpn-build/generic/tmp/openssl-1.1.1k/include/openssl/ssl.h:958: undefined reference to
OPENSSL_sk_value'
ssl_openssl.o: In function sk_SSL_CIPHER_free': /home/jin/openvpn-build/generic/tmp/openssl-1.1.1k/include/openssl/ssl.h:958: undefined reference to
OPENSSL_sk_free'
ssl_openssl.o: In function get_highest_preference_tls_cipher': /home/jin/openvpn-build/generic/tmp/openvpn-2.5.4/src/openvpn/ssl_openssl.c:2275: undefined reference to
TLS_method'
ssl_openssl.o: In function openvpn_extkey_ec_finish': /home/jin/openvpn-build/generic/tmp/openvpn-2.5.4/src/openvpn/ssl_openssl.c:1353: undefined reference to
EC_KEY_METHOD_free'
ssl_openssl.o: In function tls_ctx_set_cert_profile': /home/jin/openvpn-build/generic/tmp/openvpn-2.5.4/src/openvpn/ssl_openssl.c:548: undefined reference to
SSL_CTX_set_security_level'
/home/jin/openvpn-build/generic/tmp/openvpn-2.5.4/src/openvpn/ssl_openssl.c:552: undefined reference to SSL_CTX_set_security_level' ssl_openssl.o: In function
get_ssl_library_version':
/home/jin/openvpn-build/generic/tmp/openvpn-2.5.4/src/openvpn/ssl_openssl.c:2296: undefined reference to OpenSSL_version' ssl_verify_openssl.o: In function
sk_ASN1_OBJECT_num':
/home/jin/openvpn-build/generic/tmp/openssl-1.1.1k/include/openssl/asn1.h:536: undefined reference to OPENSSL_sk_num' ssl_verify_openssl.o: In function
sk_ASN1_OBJECT_value':
/home/jin/openvpn-build/generic/tmp/openssl-1.1.1k/include/openssl/asn1.h:536: undefined reference to OPENSSL_sk_value' ssl_verify_openssl.o: In function
sk_ASN1_OBJECT_num':
/home/jin/openvpn-build/generic/tmp/openssl-1.1.1k/include/openssl/asn1.h:536: undefined reference to OPENSSL_sk_num' ssl_verify_openssl.o: In function
sk_ASN1_OBJECT_pop_free':
/home/jin/openvpn-build/generic/tmp/openssl-1.1.1k/include/openssl/asn1.h:536: undefined reference to OPENSSL_sk_pop_free' ssl_verify_openssl.o: In function
tls_verify_crl_missing':
/home/jin/openvpn-build/generic/tmp/openvpn-2.5.4/src/openvpn/ssl_verify_openssl.c:781: undefined reference to X509_STORE_get0_objects' ssl_verify_openssl.o: In function
sk_X509_OBJECT_value':
/home/jin/openvpn-build/generic/tmp/openssl-1.1.1k/include/openssl/x509_vfy.h:58: undefined reference to OPENSSL_sk_value' ssl_verify_openssl.o: In function
tls_verify_crl_missing':
/home/jin/openvpn-build/generic/tmp/openvpn-2.5.4/src/openvpn/ssl_verify_openssl.c:786: undefined reference to X509_OBJECT_get_type' ssl_verify_openssl.o: In function
sk_X509_OBJECT_num':
/home/jin/openvpn-build/generic/tmp/openssl-1.1.1k/include/openssl/x509_vfy.h:58: undefined reference to `OPENSSL_sk_num'
collect2: error: ld returned 1 exit status
make[3]: *** [Makefile:638:openvpn] 错误 1
make[3]: 离开目录“/home/jin/openvpn-build/generic/tmp/openvpn-2.5.4/src/openvpn”
make[2]: *** [Makefile:432:all-recursive] 错误 1
make[2]: 离开目录“/home/jin/openvpn-build/generic/tmp/openvpn-2.5.4/src”
make[1]: *** [Makefile:613:all-recursive] 错误 1
make[1]: 离开目录“/home/jin/openvpn-build/generic/tmp/openvpn-2.5.4”
make: *** [Makefile:501:all] 错误 2
./configure OPENSSL_LIBS="-L/home/jin/openvpn-build/generic/tmp/openssl-1.1.1k -lssl -lcrypto" OPENSSL_CFLAGS="-I/home/jin/openvpn-build/generic/tmp/openssl-1.1.1k/include/"
make -j 4
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.