Code: Select all
2021-01-25 17:57:56 OpenVPN 2.5.0 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Oct 28 2020
2021-01-25 17:57:56 Windows version 10.0 (Windows 10 or greater) 64bit
2021-01-25 17:57:56 library versions: OpenSSL 1.1.1h 22 Sep 2020, LZO 2.10
Enter Management Password:
2021-01-25 17:57:56 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
2021-01-25 17:57:56 Need hold release from management interface, waiting...
2021-01-25 17:57:56 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
2021-01-25 17:57:56 MANAGEMENT: CMD 'state on'
2021-01-25 17:57:56 MANAGEMENT: CMD 'log all on'
2021-01-25 17:57:57 MANAGEMENT: CMD 'echo all on'
2021-01-25 17:57:57 MANAGEMENT: CMD 'bytecount 5'
2021-01-25 17:57:57 MANAGEMENT: CMD 'hold off'
2021-01-25 17:57:57 MANAGEMENT: CMD 'hold release'
2021-01-25 17:57:58 MANAGEMENT: CMD 'username "Auth" "jhkim"'
2021-01-25 17:57:58 MANAGEMENT: CMD 'password [...]'
2021-01-25 17:57:58 TCP/UDP: Preserving recently used remote address: [AF_INET]72.50.36.129:10440
2021-01-25 17:57:58 Socket Buffers: R=[65536->65536] S=[65536->65536]
2021-01-25 17:57:58 Attempting to establish TCP connection with [AF_INET]72.50.36.129:10440 [nonblock]
2021-01-25 17:57:58 MANAGEMENT: >STATE:1611565078,TCP_CONNECT,,,,,,
2021-01-25 17:57:58 TCP connection established with [AF_INET]72.50.36.129:10440
2021-01-25 17:57:58 TCP_CLIENT link local: (not bound)
2021-01-25 17:57:58 TCP_CLIENT link remote: [AF_INET]72.50.36.129:10440
2021-01-25 17:57:58 MANAGEMENT: >STATE:1611565078,WAIT,,,,,,
2021-01-25 17:57:58 MANAGEMENT: >STATE:1611565078,AUTH,,,,,,
2021-01-25 17:57:58 TLS: Initial packet from [AF_INET]72.50.36.129:10440, sid=5f7537e2 fe88c78e
2021-01-25 17:57:58 VERIFY KU OK
2021-01-25 17:57:58 Validating certificate extended key usage
2021-01-25 17:57:58 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2021-01-25 17:57:58 VERIFY EKU OK
2021-01-25 17:57:58 VERIFY OK: depth=0, CN=openvpn
2021-01-25 17:57:58 Connection reset, restarting [0]
2021-01-25 17:57:58 SIGUSR1[soft,connection-reset] received, process restarting
2021-01-25 17:57:58 MANAGEMENT: >STATE:1611565078,RECONNECTING,connection-reset,,,,,
2021-01-25 17:57:58 Restart pause, 5 second(s)
2021-01-25 17:58:01 MANAGEMENT: CMD 'signal SIGHUP'
2021-01-25 17:58:01 SIGHUP[hard,init_instance] received, process restarting
2021-01-25 17:58:01 MANAGEMENT: >STATE:1611565081,RECONNECTING,init_instance,,,,,
2021-01-25 17:58:01 OpenVPN 2.5.0 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Oct 28 2020
2021-01-25 17:58:01 Windows version 10.0 (Windows 10 or greater) 64bit
2021-01-25 17:58:01 library versions: OpenSSL 1.1.1h 22 Sep 2020, LZO 2.10
2021-01-25 17:58:01 Restart pause, 2 second(s)
2021-01-25 17:58:02 MANAGEMENT: CMD 'signal SIGHUP'
2021-01-25 17:58:02 SIGHUP[hard,init_instance] received, process restarting
2021-01-25 17:58:02 MANAGEMENT: >STATE:1611565082,RECONNECTING,init_instance,,,,,
2021-01-25 17:58:02 OpenVPN 2.5.0 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Oct 28 2020
2021-01-25 17:58:02 Windows version 10.0 (Windows 10 or greater) 64bit
2021-01-25 17:58:02 library versions: OpenSSL 1.1.1h 22 Sep 2020, LZO 2.10
2021-01-25 17:58:02 Restart pause, 2 second(s)
2021-01-25 17:58:02 MANAGEMENT: CMD 'signal SIGHUP'
2021-01-25 17:58:02 SIGHUP[hard,init_instance] received, process restarting
2021-01-25 17:58:02 MANAGEMENT: >STATE:1611565082,RECONNECTING,init_instance,,,,,
2021-01-25 17:58:02 OpenVPN 2.5.0 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Oct 28 2020
2021-01-25 17:58:02 Windows version 10.0 (Windows 10 or greater) 64bit
2021-01-25 17:58:02 library versions: OpenSSL 1.1.1h 22 Sep 2020, LZO 2.10
2021-01-25 17:58:02 Restart pause, 2 second(s)
2021-01-25 17:58:02 MANAGEMENT: CMD 'signal SIGHUP'
2021-01-25 17:58:02 SIGHUP[hard,init_instance] received, process restarting
2021-01-25 17:58:02 MANAGEMENT: >STATE:1611565082,RECONNECTING,init_instance,,,,,
2021-01-25 17:58:02 OpenVPN 2.5.0 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Oct 28 2020
2021-01-25 17:58:02 Windows version 10.0 (Windows 10 or greater) 64bit
2021-01-25 17:58:02 library versions: OpenSSL 1.1.1h 22 Sep 2020, LZO 2.10
2021-01-25 17:58:02 Restart pause, 2 second(s)
2021-01-25 17:58:02 MANAGEMENT: CMD 'signal SIGHUP'
2021-01-25 17:58:02 SIGHUP[hard,init_instance] received, process restarting
2021-01-25 17:58:02 MANAGEMENT: >STATE:1611565082,RECONNECTING,init_instance,,,,,
2021-01-25 17:58:02 OpenVPN 2.5.0 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Oct 28 2020
2021-01-25 17:58:02 Windows version 10.0 (Windows 10 or greater) 64bit
2021-01-25 17:58:02 library versions: OpenSSL 1.1.1h 22 Sep 2020, LZO 2.10
2021-01-25 17:58:02 Restart pause, 2 second(s)
2021-01-25 17:58:02 MANAGEMENT: CMD 'signal SIGHUP'
2021-01-25 17:58:02 SIGHUP[hard,init_instance] received, process restarting
2021-01-25 17:58:02 MANAGEMENT: >STATE:1611565082,RECONNECTING,init_instance,,,,,
2021-01-25 17:58:02 OpenVPN 2.5.0 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Oct 28 2020
2021-01-25 17:58:02 Windows version 10.0 (Windows 10 or greater) 64bit
2021-01-25 17:58:02 library versions: OpenSSL 1.1.1h 22 Sep 2020, LZO 2.10
2021-01-25 17:58:02 Restart pause, 2 second(s)
2021-01-25 17:58:03 MANAGEMENT: CMD 'signal SIGHUP'
2021-01-25 17:58:03 SIGHUP[hard,init_instance] received, process restarting
2021-01-25 17:58:03 MANAGEMENT: >STATE:1611565083,RECONNECTING,init_instance,,,,,
2021-01-25 17:58:03 OpenVPN 2.5.0 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Oct 28 2020
2021-01-25 17:58:03 Windows version 10.0 (Windows 10 or greater) 64bit
2021-01-25 17:58:03 library versions: OpenSSL 1.1.1h 22 Sep 2020, LZO 2.10
2021-01-25 17:58:03 Restart pause, 2 second(s)
2021-01-25 17:58:03 MANAGEMENT: CMD 'signal SIGHUP'
2021-01-25 17:58:03 SIGHUP[hard,init_instance] received, process restarting
2021-01-25 17:58:03 MANAGEMENT: >STATE:1611565083,RECONNECTING,init_instance,,,,,
2021-01-25 17:58:03 OpenVPN 2.5.0 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Oct 28 2020
2021-01-25 17:58:03 Windows version 10.0 (Windows 10 or greater) 64bit
2021-01-25 17:58:03 library versions: OpenSSL 1.1.1h 22 Sep 2020, LZO 2.10
2021-01-25 17:58:03 Restart pause, 2 second(s)
2021-01-25 17:58:05 TCP/UDP: Preserving recently used remote address: [AF_INET]72.50.36.129:10440
2021-01-25 17:58:05 Socket Buffers: R=[65536->65536] S=[65536->65536]
2021-01-25 17:58:05 Attempting to establish TCP connection with [AF_INET]72.50.36.129:10440 [nonblock]
2021-01-25 17:58:05 MANAGEMENT: >STATE:1611565085,TCP_CONNECT,,,,,,
2021-01-25 17:58:05 TCP connection established with [AF_INET]72.50.36.129:10440
2021-01-25 17:58:05 TCP_CLIENT link local: (not bound)
2021-01-25 17:58:05 TCP_CLIENT link remote: [AF_INET]72.50.36.129:10440
2021-01-25 17:58:05 MANAGEMENT: >STATE:1611565085,WAIT,,,,,,
2021-01-25 17:58:05 MANAGEMENT: >STATE:1611565085,AUTH,,,,,,
2021-01-25 17:58:05 TLS: Initial packet from [AF_INET]72.50.36.129:10440, sid=ed03d4d9 50212e65
2021-01-25 17:58:05 VERIFY KU OK
2021-01-25 17:58:05 Validating certificate extended key usage
2021-01-25 17:58:05 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2021-01-25 17:58:05 VERIFY EKU OK
2021-01-25 17:58:05 VERIFY OK: depth=0, CN=openvpn
2021-01-25 17:58:05 Connection reset, restarting [0]
2021-01-25 17:58:05 SIGUSR1[soft,connection-reset] received, process restarting
2021-01-25 17:58:05 MANAGEMENT: >STATE:1611565085,RECONNECTING,connection-reset,,,,,
2021-01-25 17:58:05 Restart pause, 5 second(s)
2021-01-25 17:58:10 TCP/UDP: Preserving recently used remote address: [AF_INET]72.50.36.129:10440
2021-01-25 17:58:10 Socket Buffers: R=[65536->65536] S=[65536->65536]
2021-01-25 17:58:10 Attempting to establish TCP connection with [AF_INET]72.50.36.129:10440 [nonblock]
2021-01-25 17:58:10 MANAGEMENT: >STATE:1611565090,TCP_CONNECT,,,,,,
2021-01-25 17:58:10 TCP connection established with [AF_INET]72.50.36.129:10440
2021-01-25 17:58:10 TCP_CLIENT link local: (not bound)
2021-01-25 17:58:10 TCP_CLIENT link remote: [AF_INET]72.50.36.129:10440
2021-01-25 17:58:10 MANAGEMENT: >STATE:1611565090,WAIT,,,,,,
2021-01-25 17:58:10 MANAGEMENT: >STATE:1611565090,AUTH,,,,,,
2021-01-25 17:58:10 TLS: Initial packet from [AF_INET]72.50.36.129:10440, sid=6398d389 e0dd04f2
2021-01-25 17:58:10 VERIFY KU OK
2021-01-25 17:58:10 Validating certificate extended key usage
2021-01-25 17:58:10 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2021-01-25 17:58:10 VERIFY EKU OK
2021-01-25 17:58:10 VERIFY OK: depth=0, CN=openvpn
2021-01-25 17:58:10 Connection reset, restarting [0]
2021-01-25 17:58:10 SIGUSR1[soft,connection-reset] received, process restarting
2021-01-25 17:58:10 MANAGEMENT: >STATE:1611565090,RECONNECTING,connection-reset,,,,,
2021-01-25 17:58:10 Restart pause, 5 second(s)
2021-01-25 17:58:15 TCP/UDP: Preserving recently used remote address: [AF_INET]72.50.36.129:10440
2021-01-25 17:58:15 Socket Buffers: R=[65536->65536] S=[65536->65536]
2021-01-25 17:58:15 Attempting to establish TCP connection with [AF_INET]72.50.36.129:10440 [nonblock]
2021-01-25 17:58:15 MANAGEMENT: >STATE:1611565095,TCP_CONNECT,,,,,,
2021-01-25 17:58:15 TCP connection established with [AF_INET]72.50.36.129:10440
2021-01-25 17:58:15 TCP_CLIENT link local: (not bound)
2021-01-25 17:58:15 TCP_CLIENT link remote: [AF_INET]72.50.36.129:10440
2021-01-25 17:58:15 MANAGEMENT: >STATE:1611565095,WAIT,,,,,,
2021-01-25 17:58:15 MANAGEMENT: >STATE:1611565095,AUTH,,,,,,
2021-01-25 17:58:15 TLS: Initial packet from [AF_INET]72.50.36.129:10440, sid=04943f45 750f35f4
2021-01-25 17:58:15 VERIFY KU OK
2021-01-25 17:58:15 Validating certificate extended key usage
2021-01-25 17:58:15 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2021-01-25 17:58:15 VERIFY EKU OK
2021-01-25 17:58:15 VERIFY OK: depth=0, CN=openvpn
2021-01-25 17:58:15 Connection reset, restarting [0]
2021-01-25 17:58:15 SIGUSR1[soft,connection-reset] received, process restarting
2021-01-25 17:58:15 MANAGEMENT: >STATE:1611565095,RECONNECTING,connection-reset,,,,,
2021-01-25 17:58:15 Restart pause, 5 second(s)
2021-01-25 17:58:20 TCP/UDP: Preserving recently used remote address: [AF_INET]72.50.36.129:10440
2021-01-25 17:58:20 Socket Buffers: R=[65536->65536] S=[65536->65536]
2021-01-25 17:58:20 Attempting to establish TCP connection with [AF_INET]72.50.36.129:10440 [nonblock]
2021-01-25 17:58:20 MANAGEMENT: >STATE:1611565100,TCP_CONNECT,,,,,,
2021-01-25 17:58:20 TCP connection established with [AF_INET]72.50.36.129:10440
2021-01-25 17:58:20 TCP_CLIENT link local: (not bound)
2021-01-25 17:58:20 TCP_CLIENT link remote: [AF_INET]72.50.36.129:10440
2021-01-25 17:58:20 MANAGEMENT: >STATE:1611565100,WAIT,,,,,,
2021-01-25 17:58:20 MANAGEMENT: >STATE:1611565100,AUTH,,,,,,
2021-01-25 17:58:20 TLS: Initial packet from [AF_INET]72.50.36.129:10440, sid=99667046 2a574e46
2021-01-25 17:58:20 VERIFY KU OK
2021-01-25 17:58:20 Validating certificate extended key usage
2021-01-25 17:58:20 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2021-01-25 17:58:20 VERIFY EKU OK
2021-01-25 17:58:20 VERIFY OK: depth=0, CN=openvpn
2021-01-25 17:58:20 Connection reset, restarting [0]
2021-01-25 17:58:20 SIGUSR1[soft,connection-reset] received, process restarting
2021-01-25 17:58:20 MANAGEMENT: >STATE:1611565100,RECONNECTING,connection-reset,,,,,
2021-01-25 17:58:20 Restart pause, 5 second(s)
2021-01-25 17:58:25 TCP/UDP: Preserving recently used remote address: [AF_INET]72.50.36.129:10440
2021-01-25 17:58:25 Socket Buffers: R=[65536->65536] S=[65536->65536]
2021-01-25 17:58:25 Attempting to establish TCP connection with [AF_INET]72.50.36.129:10440 [nonblock]
2021-01-25 17:58:25 MANAGEMENT: >STATE:1611565105,TCP_CONNECT,,,,,,
2021-01-25 17:58:25 TCP connection established with [AF_INET]72.50.36.129:10440
2021-01-25 17:58:25 TCP_CLIENT link local: (not bound)
2021-01-25 17:58:25 TCP_CLIENT link remote: [AF_INET]72.50.36.129:10440
2021-01-25 17:58:25 MANAGEMENT: >STATE:1611565105,WAIT,,,,,,
2021-01-25 17:58:25 MANAGEMENT: >STATE:1611565105,AUTH,,,,,,
2021-01-25 17:58:25 TLS: Initial packet from [AF_INET]72.50.36.129:10440, sid=b59594e7 b0cf1f1f
2021-01-25 17:58:25 VERIFY KU OK
2021-01-25 17:58:25 Validating certificate extended key usage
2021-01-25 17:58:25 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2021-01-25 17:58:25 VERIFY EKU OK
2021-01-25 17:58:25 VERIFY OK: depth=0, CN=openvpn
2021-01-25 17:58:25 Connection reset, restarting [0]
2021-01-25 17:58:25 SIGUSR1[soft,connection-reset] received, process restarting
2021-01-25 17:58:25 MANAGEMENT: >STATE:1611565105,RECONNECTING,connection-reset,,,,,
2021-01-25 17:58:25 Restart pause, 10 second(s)
2021-01-25 17:58:35 TCP/UDP: Preserving recently used remote address: [AF_INET]72.50.36.129:10440
2021-01-25 17:58:35 Socket Buffers: R=[65536->65536] S=[65536->65536]
2021-01-25 17:58:35 Attempting to establish TCP connection with [AF_INET]72.50.36.129:10440 [nonblock]
2021-01-25 17:58:35 MANAGEMENT: >STATE:1611565115,TCP_CONNECT,,,,,,
2021-01-25 17:58:35 TCP connection established with [AF_INET]72.50.36.129:10440
2021-01-25 17:58:35 TCP_CLIENT link local: (not bound)
2021-01-25 17:58:35 TCP_CLIENT link remote: [AF_INET]72.50.36.129:10440
2021-01-25 17:58:35 MANAGEMENT: >STATE:1611565115,WAIT,,,,,,
2021-01-25 17:58:35 MANAGEMENT: >STATE:1611565115,AUTH,,,,,,
2021-01-25 17:58:35 TLS: Initial packet from [AF_INET]72.50.36.129:10440, sid=096f44ed a6745188
2021-01-25 17:58:35 VERIFY KU OK
2021-01-25 17:58:35 Validating certificate extended key usage
2021-01-25 17:58:35 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2021-01-25 17:58:35 VERIFY EKU OK
2021-01-25 17:58:35 VERIFY OK: depth=0, CN=openvpn
2021-01-25 17:58:35 Connection reset, restarting [0]
2021-01-25 17:58:35 SIGUSR1[soft,connection-reset] received, process restarting
2021-01-25 17:58:35 MANAGEMENT: >STATE:1611565115,RECONNECTING,connection-reset,,,,,
2021-01-25 17:58:35 Restart pause, 20 second(s)
2021-01-25 17:58:55 TCP/UDP: Preserving recently used remote address: [AF_INET]72.50.36.129:10440
2021-01-25 17:58:55 Socket Buffers: R=[65536->65536] S=[65536->65536]
2021-01-25 17:58:55 Attempting to establish TCP connection with [AF_INET]72.50.36.129:10440 [nonblock]
2021-01-25 17:58:55 MANAGEMENT: >STATE:1611565135,TCP_CONNECT,,,,,,
2021-01-25 17:58:55 TCP connection established with [AF_INET]72.50.36.129:10440
2021-01-25 17:58:55 TCP_CLIENT link local: (not bound)
2021-01-25 17:58:55 TCP_CLIENT link remote: [AF_INET]72.50.36.129:10440
2021-01-25 17:58:55 MANAGEMENT: >STATE:1611565135,WAIT,,,,,,
2021-01-25 17:58:55 MANAGEMENT: >STATE:1611565135,AUTH,,,,,,
2021-01-25 17:58:55 TLS: Initial packet from [AF_INET]72.50.36.129:10440, sid=11be8186 3dfcee77
2021-01-25 17:58:56 VERIFY KU OK
2021-01-25 17:58:56 Validating certificate extended key usage
2021-01-25 17:58:56 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2021-01-25 17:58:56 VERIFY EKU OK
2021-01-25 17:58:56 VERIFY OK: depth=0, CN=openvpn
2021-01-25 17:58:56 Connection reset, restarting [0]
2021-01-25 17:58:56 SIGUSR1[soft,connection-reset] received, process restarting
2021-01-25 17:58:56 MANAGEMENT: >STATE:1611565136,RECONNECTING,connection-reset,,,,,
2021-01-25 17:58:56 Restart pause, 40 second(s)
2021-01-25 17:59:36 TCP/UDP: Preserving recently used remote address: [AF_INET]72.50.36.129:10440
2021-01-25 17:59:36 Socket Buffers: R=[65536->65536] S=[65536->65536]
2021-01-25 17:59:36 Attempting to establish TCP connection with [AF_INET]72.50.36.129:10440 [nonblock]
2021-01-25 17:59:36 MANAGEMENT: >STATE:1611565176,TCP_CONNECT,,,,,,
2021-01-25 17:59:36 TCP connection established with [AF_INET]72.50.36.129:10440
2021-01-25 17:59:36 TCP_CLIENT link local: (not bound)
2021-01-25 17:59:36 TCP_CLIENT link remote: [AF_INET]72.50.36.129:10440
2021-01-25 17:59:36 MANAGEMENT: >STATE:1611565176,WAIT,,,,,,
2021-01-25 17:59:36 MANAGEMENT: >STATE:1611565176,AUTH,,,,,,
2021-01-25 17:59:36 TLS: Initial packet from [AF_INET]72.50.36.129:10440, sid=693fd7ff b0636828
2021-01-25 17:59:36 VERIFY KU OK
2021-01-25 17:59:36 Validating certificate extended key usage
2021-01-25 17:59:36 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2021-01-25 17:59:36 VERIFY EKU OK
2021-01-25 17:59:36 VERIFY OK: depth=0, CN=openvpn
2021-01-25 17:59:36 Connection reset, restarting [0]
2021-01-25 17:59:36 SIGUSR1[soft,connection-reset] received, process restarting
2021-01-25 17:59:36 MANAGEMENT: >STATE:1611565176,RECONNECTING,connection-reset,,,,,
2021-01-25 17:59:36 Restart pause, 80 second(s)
2021-01-25 18:00:56 TCP/UDP: Preserving recently used remote address: [AF_INET]72.50.36.129:10440
2021-01-25 18:00:56 Socket Buffers: R=[65536->65536] S=[65536->65536]
2021-01-25 18:00:56 Attempting to establish TCP connection with [AF_INET]72.50.36.129:10440 [nonblock]
2021-01-25 18:00:56 MANAGEMENT: >STATE:1611565256,TCP_CONNECT,,,,,,
2021-01-25 18:00:56 TCP connection established with [AF_INET]72.50.36.129:10440
2021-01-25 18:00:56 TCP_CLIENT link local: (not bound)
2021-01-25 18:00:56 TCP_CLIENT link remote: [AF_INET]72.50.36.129:10440
2021-01-25 18:00:56 MANAGEMENT: >STATE:1611565256,WAIT,,,,,,
2021-01-25 18:00:56 Connection reset, restarting [0]
2021-01-25 18:00:56 SIGUSR1[soft,connection-reset] received, process restarting
2021-01-25 18:00:56 MANAGEMENT: >STATE:1611565256,RECONNECTING,connection-reset,,,,,
2021-01-25 18:00:56 Restart pause, 160 second(s)
2021-01-25 18:03:36 TCP/UDP: Preserving recently used remote address: [AF_INET]72.50.36.129:10440
2021-01-25 18:03:36 Socket Buffers: R=[65536->65536] S=[65536->65536]
2021-01-25 18:03:36 Attempting to establish TCP connection with [AF_INET]72.50.36.129:10440 [nonblock]
2021-01-25 18:03:36 MANAGEMENT: >STATE:1611565416,TCP_CONNECT,,,,,,
2021-01-25 18:03:36 TCP connection established with [AF_INET]72.50.36.129:10440
2021-01-25 18:03:36 TCP_CLIENT link local: (not bound)
2021-01-25 18:03:36 TCP_CLIENT link remote: [AF_INET]72.50.36.129:10440
2021-01-25 18:03:36 MANAGEMENT: >STATE:1611565416,WAIT,,,,,,
2021-01-25 18:03:36 Connection reset, restarting [0]
2021-01-25 18:03:36 SIGUSR1[soft,connection-reset] received, process restarting
2021-01-25 18:03:36 MANAGEMENT: >STATE:1611565416,RECONNECTING,connection-reset,,,,,
2021-01-25 18:03:36 Restart pause, 300 second(s)
2021-01-25 18:08:36 TCP/UDP: Preserving recently used remote address: [AF_INET]72.50.36.129:10440
2021-01-25 18:08:36 Socket Buffers: R=[65536->65536] S=[65536->65536]
2021-01-25 18:08:36 Attempting to establish TCP connection with [AF_INET]72.50.36.129:10440 [nonblock]
2021-01-25 18:08:36 MANAGEMENT: >STATE:1611565716,TCP_CONNECT,,,,,,
2021-01-25 18:08:36 TCP connection established with [AF_INET]72.50.36.129:10440
2021-01-25 18:08:36 TCP_CLIENT link local: (not bound)
2021-01-25 18:08:36 TCP_CLIENT link remote: [AF_INET]72.50.36.129:10440
2021-01-25 18:08:36 MANAGEMENT: >STATE:1611565716,WAIT,,,,,,
2021-01-25 18:08:36 Connection reset, restarting [0]
2021-01-25 18:08:36 SIGUSR1[soft,connection-reset] received, process restarting
2021-01-25 18:08:36 MANAGEMENT: >STATE:1611565716,RECONNECTING,connection-reset,,,,,
2021-01-25 18:08:36 Restart pause, 300 second(s)
2021-01-25 18:13:36 TCP/UDP: Preserving recently used remote address: [AF_INET]72.50.36.129:10440
2021-01-25 18:13:36 Socket Buffers: R=[65536->65536] S=[65536->65536]
2021-01-25 18:13:36 Attempting to establish TCP connection with [AF_INET]72.50.36.129:10440 [nonblock]
2021-01-25 18:13:36 MANAGEMENT: >STATE:1611566016,TCP_CONNECT,,,,,,
2021-01-25 18:13:36 TCP connection established with [AF_INET]72.50.36.129:10440
2021-01-25 18:13:36 TCP_CLIENT link local: (not bound)
2021-01-25 18:13:36 TCP_CLIENT link remote: [AF_INET]72.50.36.129:10440
2021-01-25 18:13:36 MANAGEMENT: >STATE:1611566016,WAIT,,,,,,
2021-01-25 18:13:36 Connection reset, restarting [0]
2021-01-25 18:13:36 SIGUSR1[soft,connection-reset] received, process restarting
2021-01-25 18:13:36 MANAGEMENT: >STATE:1611566016,RECONNECTING,connection-reset,,,,,
2021-01-25 18:13:36 Restart pause, 300 second(s)
Code: Select all
public (active)
target: default
icmp-block-inversion: no
interfaces: ens33
sources:
services: cockpit dhcpv6-client openvpn ssh
ports: 10440/tcp 1194/udp 22/tcp 21/tcp 139/tcp 445/tcp 443/tcp 80/tcp
protocols:
masquerade: yes
forward-ports:
source-ports:
icmp-blocks:
rich rules:
Code: Select all
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 72.50.36.129 netmask 255.255.255.0 broadcast 72.50.36.255
inet6 fe80::e200:7ba5:c2f1:b95 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:ff:99:1a txqueuelen 1000 (Ethernet)
RX packets 11972 bytes 8800171 (8.3 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 6057 bytes 1259254 (1.2 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 217 bytes 22728 (22.1 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 217 bytes 22728 (22.1 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500
inet 10.8.0.1 netmask 255.255.255.0 destination 10.8.0.1
inet6 fe80::8b35:b46e:9823:3e64 prefixlen 64 scopeid 0x20<link>
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 100 (UNSPEC)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 8 bytes 384 (384.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
virbr0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 192.168.122.1 netmask 255.255.255.0 broadcast 192.168.122.255
ether 52:54:00:88:73:0d txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
Здравствуйте!
Помогите, пожалуйста, с настройкой OVPN сервера на Mikrotik. Подключаюсь с windows клиента из локальной сети. (Это пока — для проверки, пробовал и через интернет, история та же самая).
Настраивал по инструкции отсюда https://wifisystem.ru/docs/mikrotik/ope … -mikrotik/
На RB2011L-IN (на прошивках 6.42.6, 6.43.4, 6.43.12) все отлично работает, но он был без настроек. На нем опробовал на всякий случай с теми же сертификатами и настройками.
А вот на офисном шлюзе RB1100AHx4 (6.43.4) что-то никак.
Вот лог подключения windows клиента:
Код: Выделить всё
Thu Feb 21 16:53:43 2019 OpenVPN 2.4.6 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Apr 26 2018
Thu Feb 21 16:53:43 2019 Windows version 6.2 (Windows 8 or greater) 64bit
Thu Feb 21 16:53:43 2019 library versions: OpenSSL 1.1.0h 27 Mar 2018, LZO 2.10
Thu Feb 21 16:53:43 2019 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25342
Thu Feb 21 16:53:43 2019 Need hold release from management interface, waiting...
Thu Feb 21 16:53:44 2019 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25342
Thu Feb 21 16:53:44 2019 MANAGEMENT: CMD 'state on'
Thu Feb 21 16:53:44 2019 MANAGEMENT: CMD 'log all on'
Thu Feb 21 16:53:44 2019 MANAGEMENT: CMD 'echo all on'
Thu Feb 21 16:53:44 2019 MANAGEMENT: CMD 'bytecount 5'
Thu Feb 21 16:53:44 2019 MANAGEMENT: CMD 'hold off'
Thu Feb 21 16:53:44 2019 MANAGEMENT: CMD 'hold release'
Thu Feb 21 16:53:44 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]192.168.1.1:65108
Thu Feb 21 16:53:44 2019 Socket Buffers: R=[65536->65536] S=[65536->65536]
Thu Feb 21 16:53:44 2019 Attempting to establish TCP connection with [AF_INET]192.168.1.1:65108 [nonblock]
Thu Feb 21 16:53:44 2019 MANAGEMENT: >STATE:1550757224,TCP_CONNECT,,,,,,
Thu Feb 21 16:53:45 2019 TCP connection established with [AF_INET]192.168.1.1:65108
Thu Feb 21 16:53:45 2019 TCP_CLIENT link local: (not bound)
Thu Feb 21 16:53:45 2019 TCP_CLIENT link remote: [AF_INET]192.168.1.1:65108
Thu Feb 21 16:53:45 2019 MANAGEMENT: >STATE:1550757225,WAIT,,,,,,
Thu Feb 21 16:53:45 2019 MANAGEMENT: >STATE:1550757225,AUTH,,,,,,
Thu Feb 21 16:53:45 2019 TLS: Initial packet from [AF_INET]192.168.1.1:65108, sid=3dc7ae63 561d2e1c
Thu Feb 21 16:53:45 2019 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Thu Feb 21 16:53:45 2019 VERIFY OK: depth=1, C=RU, ST=KrasnodarRegion, L=Armavir, O=OpenVPN, OU=changeme, CN=server, name=server, emailAddress=mail@host.domain
Thu Feb 21 16:53:45 2019 VERIFY KU OK
Thu Feb 21 16:53:45 2019 Validating certificate extended key usage
Thu Feb 21 16:53:45 2019 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Thu Feb 21 16:53:45 2019 VERIFY EKU OK
Thu Feb 21 16:53:45 2019 VERIFY OK: depth=0, C=RU, ST=KrasnodarRegion, L=Armavir, O=OpenVPN, OU=changeme, CN=server, name=server, emailAddress=mail@host.domain
Thu Feb 21 16:53:45 2019 Connection reset, restarting [0]
Thu Feb 21 16:53:45 2019 SIGUSR1[soft,connection-reset] received, process restarting
Thu Feb 21 16:53:45 2019 MANAGEMENT: >STATE:1550757225,RECONNECTING,connection-reset,,,,,
Thu Feb 21 16:53:45 2019 Restart pause, 5 second(s)
Thu Feb 21 16:53:50 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]192.168.1.1:65108
и так далее
Вот лог на микротике в это время:
Код: Выделить всё
13:07:19 ovpn,info TCP connection established from 192.168.1.167
13:07:20 ovpn,debug,error,l2tp,30544,42264,30544,15020,41924,25288,l2tp,info,25292
,debug duplicate packet, dropping
Конфиг микротика:
Код: Выделить всё
# feb/22/2019 12:32:55 by RouterOS 6.43.4
# model = RB1100x4
/interface bridge
add name=bridge1
/interface pppoe-client
add add-default-route=yes disabled=no interface=ether1 name=pppoe-out1 \
password=******** use-peer-dns=yes user=***********
/interface sstp-server
add disabled=yes name=sstp-bor*** user=bo***
/interface list
add name=WAN
add name=LAN
add name=Internet
add name=Local
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=OVPN_Pool ranges=172.30.0.1-172.30.0.253
/ppp profile
add local-address=172.30.0.1 name=OVPN_Connection remote-address=OVPN_Pool
/interface bridge port
add bridge=bridge1 hw=no interface=ether2
add bridge=bridge1 hw=no interface=ether3
add bridge=bridge1 hw=no interface=ether4
add bridge=bridge1 hw=no interface=ether5
add bridge=bridge1 hw=no interface=ether6
add bridge=bridge1 hw=no interface=ether7
add bridge=bridge1 hw=no interface=ether8
add bridge=bridge1 hw=no interface=ether9
add bridge=bridge1 hw=no interface=ether10
add bridge=bridge1 hw=no interface=ether11
add bridge=bridge1 hw=no interface=ether12
add bridge=bridge1 hw=no interface=ether13
/interface list member
add interface=pppoe-out1 list=WAN
add interface=bridge1 list=LAN
add interface=pppoe-out1 list=Internet
add interface=bridge1 list=Local
/interface ovpn-server server
set certificate=server.crt_0 default-profile=OVPN_Connection enabled=yes \
mode=ethernet port=65108 require-client-certificate=yes
/interface sstp-server server
set authentication=mschap2
/ip address
add address=192.168.1.1/24 interface=ether2 network=192.168.1.0
/ip dhcp-client
add dhcp-options=hostname,clientid interface=ether1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,77.88.8.1
/ip firewall address-list
add address=xx.xx.92.206 list="Port Scanners"
add address=xx.xx.192.81 comment=Ti*** list="RDP 1"
add address=xx.xx.188.59 comment=V*** list="RDP 1"
add address=xx.xx.153.20 comment=Ca*** list="RDP 1"
add address=xx.xx.99.120 comment=Ei*** list="RDP 1"
add address=xx.xx.125.37 comment=bo*** disabled=yes list="RDP 1"
add address=xx.xx.159.22 comment=va*** disabled=yes list="RDP 1"
add address=xx.xx.18.207 comment=de*** list="RDP 1"
add address=xx.xx.5.188 comment=Ki*** list="RDP 1"
/ip firewall filter
add action=accept chain=input comment="Permit SSTP" disabled=yes dst-port=443 \
protocol=tcp
add action=accept chain=input comment="1.5.1 Allow OpenVPN" dst-port=65108 \
in-interface=all-ethernet log=yes protocol=tcp
add action=accept chain=forward comment=\
"1.1. Forward and Input Established and Related connections" \
connection-state=established,related
add action=drop chain=forward connection-state=invalid
add action=accept chain=input connection-state=established,related
add action=drop chain=input connection-state=invalid
add action=add-src-to-address-list address-list=ddos-blacklist \
address-list-timeout=1d chain=input comment=\
"1.2. DDoS Protect - Connection Limit" connection-limit=100,32 \
in-interface-list=Internet protocol=tcp
add action=tarpit chain=input connection-limit=3,32 protocol=tcp \
src-address-list=ddos-blacklist
add action=jump chain=forward comment="1.3. DDoS Protect - SYN Flood" \
connection-state=new jump-target=SYN-Protect protocol=tcp tcp-flags=syn
add action=jump chain=input connection-state=new in-interface-list=Internet \
jump-target=SYN-Protect protocol=tcp tcp-flags=syn
add action=return chain=SYN-Protect connection-state=new limit=200,5:packet \
protocol=tcp tcp-flags=syn
add action=drop chain=SYN-Protect connection-state=new protocol=tcp \
tcp-flags=syn
add action=drop chain=input comment="1.4. Protected - Ports Scanners" \
src-address-list="Port Scanners"
add action=add-src-to-address-list address-list="Port Scanners" \
address-list-timeout=none-dynamic chain=input in-interface-list=Internet \
protocol=tcp psd=21,3s,3,1
add action=drop chain=input comment="1.5. Protected - WinBox Access" log=yes \
log-prefix="WINBOX DROP" src-address-list="Black List Winbox"
add action=add-src-to-address-list address-list="Black List Winbox" \
address-list-timeout=none-dynamic chain=input connection-state=new \
dst-port=8291 in-interface-list=Internet log=yes log-prefix=\
"BLACK WINBOX" protocol=tcp src-address-list="Winbox Stage 3"
add action=add-src-to-address-list address-list="Winbox Stage 3" \
address-list-timeout=1m chain=input connection-state=new dst-port=8291 \
in-interface-list=Internet protocol=tcp src-address-list="Winbox Stage 2"
add action=add-src-to-address-list address-list="Winbox Stage 2" \
address-list-timeout=1m chain=input connection-state=new dst-port=8291 \
in-interface-list=Internet protocol=tcp src-address-list="Winbox Stage 1"
add action=add-src-to-address-list address-list="Winbox Stage 1" \
address-list-timeout=1m chain=input connection-state=new dst-port=8291 \
in-interface-list=Internet protocol=tcp
add action=accept chain=input dst-port=8291 in-interface-list=Internet \
protocol=tcp
add action=drop chain=input comment="1.6. Protected - OpenVPN Connections" \
log=yes log-prefix="OVPN BLACK" src-address-list="Black List OpenVPN"
add action=add-src-to-address-list address-list="Black List OpenVPN" \
address-list-timeout=none-dynamic chain=input connection-state=new \
dst-port=1194 in-interface-list=Internet log=yes log-prefix="BLACK OVPN" \
protocol=tcp src-address-list="OpenVPN Stage 3"
add action=add-src-to-address-list address-list="OpenVPN Stage 3" \
address-list-timeout=1m chain=input connection-state=new dst-port=1194 \
in-interface-list=Internet protocol=tcp src-address-list=\
"OpenVPN Stage 2"
add action=add-src-to-address-list address-list="OpenVPN Stage 2" \
address-list-timeout=1m chain=input connection-state=new dst-port=1194 \
in-interface-list=Internet protocol=tcp src-address-list=\
"OpenVPN Stage 1"
add action=add-src-to-address-list address-list="OpenVPN Stage 1" \
address-list-timeout=1m chain=input connection-state=new dst-port=1194 \
in-interface-list=Internet protocol=tcp
add action=accept chain=input dst-port=1194 in-interface-list=Internet \
protocol=tcp
add action=accept chain=input comment="1.8. Access Normal Ping" \
in-interface-list=Internet limit=50/5s,2:packet protocol=icmp
add action=drop chain=input comment="1.9. Drop All Other" in-interface-list=\
Internet
add action=accept chain=forward comment="RDP 1" dst-port=3389 \
in-interface=pppoe-out1 log-prefix="RDP 1" protocol=tcp \
src-address-list="RDP 1"
add action=drop chain=forward comment="RDP 2" dst-port=3389 in-interface=\
pppoe-out1 log=yes log-prefix="RDP 2" protocol=tcp
/ip firewall nat
add action=masquerade chain=srcnat out-interface=pppoe-out1
add action=netmap chain=dstnat disabled=yes dst-port=5037 in-interface=\
pppoe-out1 protocol=tcp to-addresses=192.168.1.111 to-ports=3389
add action=netmap chain=dstnat dst-port=1234 in-interface=pppoe-out1 \
protocol=tcp to-addresses=192.168.1.93 to-ports=1234
add action=netmap chain=dstnat dst-port=12345 in-interface=pppoe-out1 \
protocol=tcp to-addresses=192.168.1.93 to-ports=12345
add action=netmap chain=dstnat dst-port=1222 in-interface=pppoe-out1 \
protocol=tcp to-addresses=192.168.1.93 to-ports=1222
add action=netmap chain=dstnat dst-port=1223 in-interface=pppoe-out1 \
protocol=tcp to-addresses=192.168.1.93 to-ports=1223
add action=netmap chain=dstnat dst-port=1224 in-interface=pppoe-out1 \
protocol=tcp to-addresses=192.168.1.93 to-ports=1224
add action=netmap chain=dstnat dst-port=1225 in-interface=pppoe-out1 \
protocol=tcp to-addresses=192.168.1.93 to-ports=1225
add action=netmap chain=dstnat dst-port=1226 in-interface=pppoe-out1 \
protocol=tcp to-addresses=192.168.1.93 to-ports=1226
add action=netmap chain=dstnat dst-port=1227 in-interface=pppoe-out1 \
protocol=tcp to-addresses=192.168.1.93 to-ports=1227
add action=netmap chain=dstnat dst-port=1420 in-interface=pppoe-out1 \
protocol=tcp to-addresses=192.168.1.93 to-ports=1420
add action=netmap chain=dstnat dst-port=5036 in-interface=pppoe-out1 \
protocol=tcp to-addresses=192.168.1.95 to-ports=3389
add action=netmap chain=dstnat dst-port=5038 in-interface=pppoe-out1 \
protocol=tcp to-addresses=192.168.1.110 to-ports=3389
add action=netmap chain=dstnat dst-port=5039 in-interface=pppoe-out1 \
protocol=tcp to-addresses=192.168.1.109 to-ports=3389
/ip route
add distance=1 dst-address=192.168.0.0/24 gateway=172.16.30.2 pref-src=\
172.16.30.1
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/ppp secret
add name=sergey***** password=******** profile=OVPN_Connection service=ovpn
Статусы сертификатов:
Вот конфиг клиента:
Код: Выделить всё
client
dev tun
proto tcp
remote 192.168.1.1 65108
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
remote-cert-tls server
cipher AES-128-CBC
verb 3
auth-user-pass "c:\\program files\\openvpn\\config\\pass65108"
Не могу понять, то ли файрвол его блокирует, то ли я что-то настроил не так. Перенастраивал два раза по разным инструкциям. Сертификаты перегенерировал на разных компьютерах. Без толку. Как думаете, в чем дело?
Последний раз редактировалось Despierto 22 фев 2019, 13:13, всего редактировалось 1 раз.
I have an android log, but don’t have an access to the server.
[18, 2023, 00:15:52] ----- OpenVPN Start -----
[18, 2023, 00:15:52] EVENT: CORE_THREAD_ACTIVE
[18, 2023, 00:15:52] OpenVPN core 3.git::081bfebe:RelWithDebInfo android arm64 64-bit PT_PROXY
[18, 2023, 00:15:52] Frame=512/2048/512 mssfix-ctrl=1250
[18, 2023, 00:15:52] UNUSED OPTIONS
4 [resolv-retry] [infinite]
5 [nobind]
6 [persist-key]
7 [persist-tun]
13 [verb] [3]
14 [route-delay] [5]
[18, 2023, 00:15:52] EVENT: RESOLVE
[18, 2023, 00:15:52] Contacting xxx.xxx.xxx.xx:1194 via TCPv4
[18, 2023, 00:15:52] EVENT: WAIT
[18, 2023, 00:15:52] Connecting to [xxx.xxx.xxx.xx]:1194 (xxx.xxx.xxx.xx) via TCPv4
[18, 2023, 00:15:52] EVENT: CONNECTING
[18, 2023, 00:15:52] Tunnel Options:V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_CLIENT,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client
[18, 2023, 00:15:52] Creds: Username/Password
[18, 2023, 00:15:52] Peer Info:
IV_VER=3.git::081bfebe:RelWithDebInfo
IV_PLAT=android
IV_NCP=2
IV_TCPNL=1
IV_PROTO=30
IV_CIPHERS=AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:BF-CBC
IV_AUTO_SESS=1
IV_GUI_VER=net.openvpn.connect.android_3.3.3-9248
IV_SSO=webauth,openurl,crtext
IV_BS64DL=1
[18, 2023, 00:15:52] VERIFY OK: depth=1, /CN=templ-OVPN-CA, signature: RSA-SHA256
[18, 2023, 00:15:52] VERIFY OK: depth=0, /CN=server-key, signature: RSA-SHA256
[18, 2023, 00:15:53] SSL Handshake: peer certificate: CN=server-key, 4096 bit RSA, cipher: DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(256) Mac=AEAD
[18, 2023, 00:15:53] Session is ACTIVE
[18, 2023, 00:15:53] Sending PUSH_REQUEST to server...
[18, 2023, 00:15:53] EVENT: GET_CONFIG
[18, 2023, 00:15:54] Sending PUSH_REQUEST to server...
[18, 2023, 00:15:54] OPTIONS:
0 [ping] [20]
1 [ping-restart] [60]
2 [topology] [subnet]
3 [route-gateway] [192.168.20.1]
4 [ifconfig] [192.168.20.250] [255.255.0.0]
[18, 2023, 00:15:54] PROTOCOL OPTIONS:
cipher: BF-CBC
digest: SHA1
key-derivation: OpenVPN PRF
compress: NONE
peer ID: -1
[18, 2023, 00:15:54] EVENT: ASSIGN_IP
[18, 2023, 00:15:54] Connected via tun
[18, 2023, 00:15:54] Per-Key Data Limit: 48000000/48000000
[18, 2023, 00:15:54] EVENT: CONNECTED info='user@xxx.xxx.xxx.xx:1194 (xxx.xxx.xxx.xx) via /TCPv4 on tun/192.168.20.250/ gw=[192.168.20.1/]'
[18, 2023, 00:15:54] EVENT: WARN info='Proto: Using a 64-bit block cipher that is vulnerable to the SWEET32 attack. Please inform your admin to upgrade to a stronger algorithm. Support for 64-bit block cipher will be dropped in the future.'
[18, 2023, 00:16:24] EVENT: CANCELLED
[18, 2023, 00:16:24] EVENT: DISCONNECTED
[18, 2023, 00:16:24] Tunnel bytes per CPU second: 0
[18, 2023, 00:16:24] ----- OpenVPN Stop -----
[18, 2023, 00:16:24] EVENT: CORE_THREAD_DONE
[18, 2023, 02:02:08] EVENT: DISCONNECTED info='Service destroyed'
[18, 2023, 10:31:26] OpenVPN core 3.git::081bfebe:RelWithDebInfo android arm64 64-bit PT_PROXY
Issue
Today I’ve tried to connect to my PiVPN throught OpenVPN on Windows and doesn’t work anymore. It continuos looping saying me Connection reset, restarting [0]
. Also on my smartphone I can’t connect to the VPN
OpenVPN GUI connection log
Tue Mar 27 18:52:52 2018 OpenVPN 2.4.5 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Mar 1 2018
Tue Mar 27 18:52:52 2018 Windows version 6.2 (Windows 8 or greater) 64bit
Tue Mar 27 18:52:52 2018 library versions: OpenSSL 1.1.0f 25 May 2017, LZO 2.10
Enter Management Password:
Tue Mar 27 18:52:52 2018 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Tue Mar 27 18:52:52 2018 Need hold release from management interface, waiting...
Tue Mar 27 18:52:53 2018 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Tue Mar 27 18:52:53 2018 MANAGEMENT: CMD 'state on'
Tue Mar 27 18:52:53 2018 MANAGEMENT: CMD 'log all on'
Tue Mar 27 18:52:53 2018 MANAGEMENT: CMD 'echo all on'
Tue Mar 27 18:52:53 2018 MANAGEMENT: CMD 'bytecount 5'
Tue Mar 27 18:52:53 2018 MANAGEMENT: CMD 'hold off'
Tue Mar 27 18:52:53 2018 MANAGEMENT: CMD 'hold release'
Tue Mar 27 18:52:53 2018 MANAGEMENT: CMD 'password [...]'
Tue Mar 27 18:52:53 2018 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Tue Mar 27 18:52:53 2018 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Tue Mar 27 18:52:53 2018 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Tue Mar 27 18:52:53 2018 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Tue Mar 27 18:52:53 2018 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Tue Mar 27 18:52:53 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]x.x.x.x:443
Tue Mar 27 18:52:53 2018 Socket Buffers: R=[65536->65536] S=[65536->65536]
Tue Mar 27 18:52:53 2018 Attempting to establish TCP connection with [AF_INET]x.x.x.x:443 [nonblock]
Tue Mar 27 18:52:53 2018 MANAGEMENT: >STATE:1522169573,TCP_CONNECT,,,,,,
Tue Mar 27 18:52:54 2018 TCP connection established with [AF_INET]x.x.x.x:443
Tue Mar 27 18:52:54 2018 TCP_CLIENT link local: (not bound)
Tue Mar 27 18:52:54 2018 TCP_CLIENT link remote: [AF_INET]x.x.x.x:443
Tue Mar 27 18:52:54 2018 MANAGEMENT: >STATE:1522169574,WAIT,,,,,,
Tue Mar 27 18:52:54 2018 Connection reset, restarting [0]
Tue Mar 27 18:52:54 2018 SIGUSR1[soft,connection-reset] received, process restarting
Tue Mar 27 18:52:54 2018 MANAGEMENT: >STATE:1522169574,RECONNECTING,connection-reset,,,,,
Tue Mar 27 18:52:54 2018 Restart pause, 5 second(s)
Have you searched for similar issues and solutions?
I’ve searched for a solution and find out I need to disable my firewall. I’ve tried disabling my router and Windows firewall but nothing changed at all
Console output of pivpn debug
::: :::
:: PiVPN Debug ::
::: :::
:: Latest Commit ::
::: :::
commit 33ed7e7012d5278162d72c3477a0d9b4345520ab
Merge: 1375fa1 30397f2
Author: redfast00 <redfast00@users.noreply.github.com>
Date: Sat Mar 24 13:39:55 2018 +0100
Merge pull request #502 from stan3/nonexecutable
Changed permission bits on text files.
::: :::
:: Recursive list of files in ::
:: /etc/openvpn/easy-rsa/pki ::
::: :::
/etc/openvpn/easy-rsa/pki/:
ca.crt
crl.pem
Default.txt
HomeVPN.ovpn
index.txt
index.txt.attr
index.txt.attr.old
index.txt.old
issued
private
serial
serial.old
ta.key
/etc/openvpn/easy-rsa/pki/issued:
HomeVPN.crt
server_sSd231cnAMeSYY5l.crt
/etc/openvpn/easy-rsa/pki/private:
ca.key
HomeVPN.key
server_sSd231cnAMeSYY5l.key
::: :::
:: Output of /etc/pivpn/* ::
::: :::
:: START /etc/pivpn/DET_PLATFORM ::
Raspbian
:: END /etc/pivpn/DET_PLATFORM ::
:: START /etc/pivpn/INSTALL_PORT ::
443
:: END /etc/pivpn/INSTALL_PORT ::
:: START /etc/pivpn/INSTALL_PROTO ::
tcp
:: END /etc/pivpn/INSTALL_PROTO ::
:: START /etc/pivpn/INSTALL_USER ::
pi
:: END /etc/pivpn/INSTALL_USER ::
:: START /etc/pivpn/NO_UFW ::
1
:: END /etc/pivpn/NO_UFW ::
:: START /etc/pivpn/pivpnINTERFACE ::
eth0
:: END /etc/pivpn/pivpnINTERFACE ::
:: START /etc/pivpn/TWO_POINT_FOUR ::
:: END /etc/pivpn/TWO_POINT_FOUR ::
::: :::
:: /etc/openvpn/easy-rsa/pki/Default.txt ::
::: :::
client
dev tun
proto tcp
remote x.x.x.x 443
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
tls-version-min 1.2
verify-x509-name server_sSd231cnAMeSYY5l name
cipher AES-256-CBC
auth SHA256
compress lz4
verb 3
::: :::
:: Debug Output Complete ::
::: :::
Console Output of sudo iptables -t nat -S
-P PREROUTING ACCEPT
-P INPUT ACCEPT
-P OUTPUT ACCEPT
-P POSTROUTING ACCEPT
-A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
Console Output of sudo iptables -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
output of sudo netstat -uanp | grep openvpn
Здравствуйте!
Есть проблема с настройкой openvpn. OpenVPN настроен и работает, то есть у меня есть доступ к удаленной сети, и я могу выполнять в ней необходимые мне операции. Однако постоянно идут пересоединения, что приводит к тому что в работе возникают затыки секунд на 5-15, что очень напрягает. Я определенно что-то сделал не так, но никак не могу понять. Ниже привожу конфиг и участок вывода openvpn.
Дистрибутив: KUbuntu 10.04
Конфиг openvpn:
Код: Выделить всё
# If you have set up more than one TAP-Win32 adapter
# on your system, you must refer to it by name.
#dev-node router
;dev tap
dev tun
client
tls-client
proto tcp
remote vpn.cmc.msu.ru
port 1194
resolv-retry infinite
ns-cert-type server
#keepalive 10 120
ca /home/mike/openvpn/bluegene/ca.crt
cert /home/mike/openvpn/bluegene/client.crt
key /home/mike/openvpn/bluegene/client.key
tls-auth /home/mike/openvpn/bluegene/ta.key 1
route-method exe
route-delay 2
ping 5
ping-restart 10
ping-timer-rem
persist-key
persist-tun
comp-lzo
verb 3
Отрывок вывода openvpn
Код: Выделить всё
Sun Sep 5 14:42:17 2010 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Sun Sep 5 14:42:17 2010 Re-using SSL/TLS context
Sun Sep 5 14:42:17 2010 LZO compression initialized
Sun Sep 5 14:42:17 2010 Control Channel MTU parms [ L:1544 D:168 EF:68 EB:0 ET:0 EL:0 ]
Sun Sep 5 14:42:17 2010 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ]
Sun Sep 5 14:42:17 2010 Local Options hash (VER=V4): 'ee93268d'
Sun Sep 5 14:42:17 2010 Expected Remote Options hash (VER=V4): 'bd577cd1'
Sun Sep 5 14:42:17 2010 Attempting to establish TCP connection with [AF_INET]212.192.248.36:1194 [nonblock]
Sun Sep 5 14:42:18 2010 TCP connection established with [AF_INET]212.192.248.36:1194
Sun Sep 5 14:42:18 2010 Socket Buffers: R=[87380->131072] S=[16384->131072]
Sun Sep 5 14:42:18 2010 TCPv4_CLIENT link local: [undef]
Sun Sep 5 14:42:18 2010 TCPv4_CLIENT link remote: [AF_INET]212.192.248.36:1194
Sun Sep 5 14:42:18 2010 TLS: Initial packet from [AF_INET]212.192.248.36:1194, sid=37de06a2 2703aa3e
Sun Sep 5 14:42:20 2010 VERIFY OK: depth=1, /C=RU/ST=Moscow/L=Moscow/O=MSU_CMC/OU=CMC/CN=*****/name=*****/emailAddress=*****
Sun Sep 5 14:42:20 2010 VERIFY OK: nsCertType=SERVER
Sun Sep 5 14:42:20 2010 VERIFY OK: depth=0, /C=RU/ST=Moscow/L=Moscow/O=MSU_CMC/CN=server/emailAddress=*****
Sun Sep 5 14:42:22 2010 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Sep 5 14:42:22 2010 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Sep 5 14:42:22 2010 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Sep 5 14:42:22 2010 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Sep 5 14:42:22 2010 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Sun Sep 5 14:42:22 2010 [server] Peer Connection Initiated with [AF_INET]212.192.248.36:1194
Sun Sep 5 14:42:24 2010 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Sun Sep 5 14:42:25 2010 PUSH: Received control message: 'PUSH_REPLY,route 10.3.0.0 255.255.0.0,route 10.6.6.96 255.255.255.240,route 10.6.7.0 255.255.255.0,dhcp-option DNS 10.3.0.1,route 10.20.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.20.205.37 10.20.205.38'
Sun Sep 5 14:42:25 2010 OPTIONS IMPORT: timers and/or timeouts modified
Sun Sep 5 14:42:25 2010 OPTIONS IMPORT: --ifconfig/up options modified
Sun Sep 5 14:42:25 2010 OPTIONS IMPORT: route options modified
Sun Sep 5 14:42:25 2010 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sun Sep 5 14:42:25 2010 Preserving previous TUN/TAP instance: tun0
Sun Sep 5 14:42:25 2010 Initialization Sequence Completed
Sun Sep 5 14:42:33 2010 Connection reset, restarting [0]
Sun Sep 5 14:42:33 2010 TCP/UDP: Closing socket
Sun Sep 5 14:42:33 2010 SIGUSR1[soft,connection-reset] received, process restarting
Sun Sep 5 14:42:33 2010 Restart pause, 5 second(s)