Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Cannot get OpenVPN remote access to work

    OpenVPN
    2
    5
    350
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jonh001
      last edited by

      Have been working on this on and off for a month. Have even reset and started from scratch - nothing works. Hoping someone can offer some suggestions.

      • SG-1100 running latest code (23.05.1-RELEASE)
      • WAN connected to cable modem and has a pubic IP
      • LAN connected to my home LAN
      • OPT1 is my DMZ segment which I'm trying to access remotely
      • Used the OpenVPN wizard to create server (created the CA, generated the server and client certs, firewall rules...)
      • Used the Client export utility to export a config which I use on another Linux box to try to connect to (over the Internet)

      Server sees session come in - but just sits like this, never gets a virtual IP:

      d55e6682-60b6-4017-8d62-04d2b74e620d-image.png

      Client sees TLS handshake failure:

      2023-09-27 19:01:18 OpenVPN 2.5.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jul 14 2022
2023-09-27 19:01:18 library versions: OpenSSL 3.0.2 15 Mar 2022, LZO 2.10
Enter Auth Username: jonh
๐Ÿ” Enter Auth Password: ********                
2023-09-27 19:01:24 TCP/UDP: Preserving recently used remote address: [AF_INET]24.XXX.XXX.70:1194
2023-09-27 19:01:24 UDPv4 link local: (not bound)
2023-09-27 19:01:24 UDPv4 link remote: [AF_INET]24.XXX.XXX.70:1194
2023-09-27 19:02:24 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2023-09-27 19:02:24 TLS Error: TLS handshake failed
2023-09-27 19:02:24 SIGUSR1[soft,tls-error] received, process restarting

      Server config

      dev ovpns1
disable-dco
verb 1
dev-type tun
dev-node /dev/tun1
writepid /var/run/openvpn_server1.pid
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto udp4
auth SHA256
up /usr/local/sbin/ovpn-linkup
down /usr/local/sbin/ovpn-linkdown
client-connect /usr/local/sbin/openvpn.attributes.sh
client-disconnect /usr/local/sbin/openvpn.attributes.sh
local 24.XXX.XXX.70
tls-server
server 192.168.33.0 255.255.255.0
client-config-dir /var/etc/openvpn/server1/csc
verify-client-cert none
username-as-common-name
plugin /usr/local/lib/openvpn/plugins/openvpn-plugin-auth-script.so /usr/local/sbin/ovpn_auth_verify_async user TG9jYWwgRGF0YWJhc2U= false server1 1194
tls-verify "/usr/local/sbin/ovpn_auth_verify tls 'lab.XXXXXXXX.net' 1"
lport 1194
management /var/etc/openvpn/server1/sock unix
max-clients 10
push "route 192.168.22.0 255.255.255.0"
duplicate-cn
capath /var/etc/openvpn/server1/ca
cert /var/etc/openvpn/server1/cert 
key /var/etc/openvpn/server1/key 
dh /etc/dh-parameters.2048
tls-auth /var/etc/openvpn/server1/tls-auth 0
data-ciphers AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:AES-256-CBC
data-ciphers-fallback AES-256-CBC
allow-compression no
persist-remote-ip
float
topology subnet
explicit-exit-notify 1
inactive 300

      CLIENT CONFIG

      dev tun
persist-tun
persist-key
data-ciphers AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:AES-256-CBC
data-ciphers-fallback AES-256-CBC
auth SHA256
tls-client
client
resolv-retry infinite
remote lab.XXXXXXXX.net 1194 udp4
nobind
auth-user-pass
remote-cert-tls server
explicit-exit-notify

<ca>
-----BEGIN CERTIFICATE-----
MIIEHTCCAwWgAwIBAgIIF8+iABPtBtEwDQYJKoZIhvcNAQELBQAwYzEUMBIGA1UE
.....
m3L48hAotFGsoVbCul1fDuctEvee6+2E4gT818rP3DT4GZtisZIK9xqTBkTMUaRf
TA==
-----END CERTIFICATE-----
</ca>
setenv CLIENT_CERT 0
key-direction 1
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
0a142924fc4f395723509c0b034ce3d3
.....
cba5c256f1be873a4e2a3f213d159a6b
-----END OpenVPN Static key V1-----
</tls-auth>

      openvpn client command with verbosity

      2023-09-27 22:38:19 us=294029 library versions: OpenSSL 3.0.2 15 Mar 2022, LZO 2.10
Enter Auth Username: jonh
๐Ÿ” Enter Auth Password: ********                
2023-09-27 22:38:27 us=451423 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
2023-09-27 22:38:27 us=451513 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
2023-09-27 22:38:27 us=451680 Control Channel MTU parms [ L:1621 D:1172 EF:78 EB:0 ET:0 EL:3 ]
2023-09-27 22:38:27 us=514450 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
2023-09-27 22:38:27 us=514587 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1569,tun-mtu 1500,proto UDPv4,keydir 1,cipher AES-256-CBC,auth SHA256,keysize 256,tls-auth,key-method 2,tls-client'
2023-09-27 22:38:27 us=514614 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1569,tun-mtu 1500,proto UDPv4,keydir 0,cipher AES-256-CBC,auth SHA256,keysize 256,tls-auth,key-method 2,tls-server'
2023-09-27 22:38:27 us=514640 TCP/UDP: Preserving recently used remote address: [AF_INET]24.XXX.XXX.70:1194
2023-09-27 22:38:27 us=514687 Socket Buffers: R=[212992->212992] S=[212992->212992]
2023-09-27 22:38:27 us=514724 UDPv4 link local: (not bound)
2023-09-27 22:38:27 us=514746 UDPv4 link remote: [AF_INET]24.XXX.XXX.70:1194
2023-09-27 22:38:27 us=514865 UDPv4 WRITE [54] to [AF_INET]24.XXX.XXX.70:1194: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #1 ] [ ] pid=0 DATA len=0
2023-09-27 22:38:27 us=536331 UDPv4 READ [66] from [AF_INET]24.XXX.XXX.70:1194: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 pid=[ #1 ] [ 0 ] pid=0 DATA len=0
2023-09-27 22:38:27 us=536461 TLS: Initial packet from [AF_INET]24.XXX.XXX.70:1194, sid=02b91245 da09003a
2023-09-27 22:38:27 us=536559 UDPv4 WRITE [62] to [AF_INET]24.XXX.XXX.70:1194: P_ACK_V1 kid=0 pid=[ #2 ] [ 0 ]
2023-09-27 22:38:27 us=536723 UDPv4 WRITE [335] to [AF_INET]24.XXX.XXX.70:1194: P_CONTROL_V1 kid=0 pid=[ #3 ] [ ] pid=1 DATA len=281
2023-09-27 22:38:27 us=578143 UDPv4 READ [1222] from [AF_INET]24.XXX.XXX.70:1194: P_CONTROL_V1 kid=0 pid=[ #2 ] [ 1 ] pid=1 DATA len=1156
2023-09-27 22:38:27 us=578748 UDPv4 WRITE [62] to [AF_INET]24.XXX.XXX.70:1194: P_ACK_V1 kid=0 pid=[ #4 ] [ 1 ]
2023-09-27 22:38:27 us=579200 UDPv4 READ [1222] from [AF_INET]24.XXX.XXX.70:1194: P_CONTROL_V1 kid=0 pid=[ #3 ] [ 1 ] pid=2 DATA len=1156
2023-09-27 22:38:27 us=579300 UDPv4 WRITE [62] to [AF_INET]24.XXX.XXX.70:1194: P_ACK_V1 kid=0 pid=[ #5 ] [ 2 ]
2023-09-27 22:38:27 us=580235 UDPv4 READ [566] from [AF_INET]24.XXX.XXX.70:1194: P_CONTROL_V1 kid=0 pid=[ #4 ] [ 1 ] pid=3 DATA len=500
2023-09-27 22:38:27 us=581796 VERIFY OK: depth=1, CN=internal-ca, C=CA, ST=ON, L=Oakville, O=XXXXXXXX, OU=lab
2023-09-27 22:38:27 us=582006 VERIFY KU OK
2023-09-27 22:38:27 us=582051 Validating certificate extended key usage
2023-09-27 22:38:27 us=582069 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2023-09-27 22:38:27 us=582084 VERIFY EKU OK
2023-09-27 22:38:27 us=582099 VERIFY OK: depth=0, CN=lab.XXXXXXXX.net, C=CA, ST=ON, L=Oakville, O=XXXXXXXX, OU=lab
2023-09-27 22:38:27 us=582328 UDPv4 WRITE [632] to [AF_INET]24.XXX.XXX.70:1194: P_CONTROL_V1 kid=0 pid=[ #6 ] [ 3 ] pid=2 DATA len=566
2023-09-27 22:38:29 us=667242 UDPv4 WRITE [620] to [AF_INET]24.XXX.XXX.70:1194: P_CONTROL_V1 kid=0 pid=[ #7 ] [ ] pid=2 DATA len=566
2023-09-27 22:38:29 us=800671 UDPv4 READ [566] from [AF_INET]24.XXX.XXX.70:1194: P_CONTROL_V1 kid=0 pid=[ #5 ] [ 1 ] pid=3 DATA len=500
2023-09-27 22:38:29 us=800828 UDPv4 WRITE [62] to [AF_INET]24.XXX.XXX.70:1194: P_ACK_V1 kid=0 pid=[ #8 ] [ 3 ]
2023-09-27 22:38:33 us=970050 UDPv4 WRITE [620] to [AF_INET]24.XXX.XXX.70:1194: P_CONTROL_V1 kid=0 pid=[ #9 ] [ ] pid=2 DATA len=566
2023-09-27 22:38:41 us=922228 UDPv4 WRITE [620] to [AF_INET]24.XXX.XXX.70:1194: P_CONTROL_V1 kid=0 pid=[ #10 ] [ ] pid=2 DATA len=566
2023-09-27 22:38:57 us=948437 UDPv4 WRITE [620] to [AF_INET]24.XXX.XXX.70:1194: P_CONTROL_V1 kid=0 pid=[ #11 ] [ ] pid=2 DATA len=566
2023-09-27 22:39:27 us=999697 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2023-09-27 22:39:27 us=999755 TLS Error: TLS handshake failed
2023-09-27 22:39:27 us=999862 TCP/UDP: Closing socket
2023-09-27 22:39:27 us=999909 SIGUSR1[soft,tls-error] received, process restarting
2023-09-27 22:39:27 us=999938 Restart pause, 5 second(s)
2023-09-27 22:39:33 us=210 Re-using SSL/TLS context
2023-09-27 22:39:33 us=345 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
2023-09-27 22:39:33 us=365 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
2023-09-27 22:39:33 us=429 Control Channel MTU parms [ L:1621 D:1172 EF:78 EB:0 ET:0 EL:3 ]
2023-09-27 22:39:33 us=30494 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
2023-09-27 22:39:33 us=30567 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1569,tun-mtu 1500,proto UDPv4,keydir 1,cipher AES-256-CBC,auth SHA256,keysize 256,tls-auth,key-method 2,tls-client'
2023-09-27 22:39:33 us=30579 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1569,tun-mtu 1500,proto UDPv4,keydir 0,cipher AES-256-CBC,auth SHA256,keysize 256,tls-auth,key-method 2,tls-server'
2023-09-27 22:39:33 us=30591 TCP/UDP: Preserving recently used remote address: [AF_INET]24.XXX.XXX.70:1194
2023-09-27 22:39:33 us=30623 Socket Buffers: R=[212992->212992] S=[212992->212992]
2023-09-27 22:39:33 us=30633 UDPv4 link local: (not bound)
2023-09-27 22:39:33 us=30641 UDPv4 link remote: [AF_INET]24.XXX.XXX.70:1194
2023-09-27 22:39:33 us=30683 UDPv4 WRITE [54] to [AF_INET]24.XXX.XXX.70:1194: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #1 ] [ ] pid=0 DATA len=0
2023-09-27 22:39:33 us=54084 UDPv4 READ [66] from [AF_INET]24.XXX.XXX.70:1194: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 pid=[ #1 ] [ 0 ] pid=0 DATA len=0
2023-09-27 22:39:33 us=54140 TLS: Initial packet from [AF_INET]24.XXX.XXX.70:1194, sid=ac9a5e5b 81a9271b
2023-09-27 22:39:33 us=54199 UDPv4 WRITE [62] to [AF_INET]24.XXX.XXX.70:1194: P_ACK_V1 kid=0 pid=[ #2 ] [ 0 ]
2023-09-27 22:39:33 us=54325 UDPv4 WRITE [335] to [AF_INET]24.XXX.XXX.70:1194: P_CONTROL_V1 kid=0 pid=[ #3 ] [ ] pid=1 DATA len=281
2023-09-27 22:39:33 us=94234 UDPv4 READ [1222] from [AF_INET]24.XXX.XXX.70:1194: P_CONTROL_V1 kid=0 pid=[ #2 ] [ 1 ] pid=1 DATA len=1156
2023-09-27 22:39:33 us=94557 UDPv4 WRITE [62] to [AF_INET]24.XXX.XXX.70:1194: P_ACK_V1 kid=0 pid=[ #4 ] [ 1 ]
2023-09-27 22:39:33 us=95284 UDPv4 READ [1222] from [AF_INET]24.XXX.XXX.70:1194: P_CONTROL_V1 kid=0 pid=[ #3 ] [ 1 ] pid=2 DATA len=1156
2023-09-27 22:39:33 us=95334 UDPv4 WRITE [62] to [AF_INET]24.XXX.XXX.70:1194: P_ACK_V1 kid=0 pid=[ #5 ] [ 2 ]
2023-09-27 22:39:35 us=544016 UDPv4 READ [566] from [AF_INET]24.XXX.XXX.70:1194: P_CONTROL_V1 kid=0 pid=[ #5 ] [ 1 ] pid=3 DATA len=500
2023-09-27 22:39:35 us=546234 VERIFY OK: depth=1, CN=internal-ca, C=CA, ST=ON, L=Oakville, O=XXXXXXXX, OU=lab
2023-09-27 22:39:35 us=546400 VERIFY KU OK
2023-09-27 22:39:35 us=546417 Validating certificate extended key usage
2023-09-27 22:39:35 us=546427 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2023-09-27 22:39:35 us=546436 VERIFY EKU OK
2023-09-27 22:39:35 us=546445 VERIFY OK: depth=0, CN=lab.XXXXXXXX.net, C=CA, ST=ON, L=Oakville, O=XXXXXXXX, OU=lab
2023-09-27 22:39:35 us=546720 UDPv4 WRITE [632] to [AF_INET]24.XXX.XXX.70:1194: P_CONTROL_V1 kid=0 pid=[ #6 ] [ 3 ] pid=2 DATA len=566
2023-09-27 22:39:37 us=965456 UDPv4 WRITE [620] to [AF_INET]24.XXX.XXX.70:1194: P_CONTROL_V1 kid=0 pid=[ #7 ] [ ] pid=2 DATA len=566
2023-09-27 22:39:41 us=594109 UDPv4 WRITE [620] to [AF_INET]24.XXX.XXX.70:1194: P_CONTROL_V1 kid=0 pid=[ #8 ] [ ] pid=2 DATA len=566
2023-09-27 22:39:49 us=825620 UDPv4 WRITE [620] to [AF_INET]24.XXX.XXX.70:1194: P_CONTROL_V1 kid=0 pid=[ #9 ] [ ] pid=2 DATA len=566
2023-09-27 22:40:05 us=231987 UDPv4 WRITE [620] to [AF_INET]24.XXX.XXX.70:1194: P_CONTROL_V1 kid=0 pid=[ #10 ] [ ] pid=2 DATA len=566
2023-09-27 22:40:33 us=845090 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2023-09-27 22:40:33 us=845131 TLS Error: TLS handshake failed
2023-09-27 22:40:33 us=845238 TCP/UDP: Closing socket
2023-09-27 22:40:33 us=845270 SIGUSR1[soft,tls-error] received, process restarting
2023-09-27 22:40:33 us=845288 Restart pause, 5 second(s)
2023-09-27 22:40:38 us=845749 Re-using SSL/TLS context
2023-09-27 22:40:38 us=845978 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
2023-09-27 22:40:38 us=846039 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
2023-09-27 22:40:38 us=846137 Control Channel MTU parms [ L:1621 D:1172 EF:78 EB:0 ET:0 EL:3 ]
2023-09-27 22:40:39 us=104110 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
2023-09-27 22:40:39 us=104196 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1569,tun-mtu 1500,proto UDPv4,keydir 1,cipher AES-256-CBC,auth SHA256,keysize 256,tls-auth,key-method 2,tls-client'
2023-09-27 22:40:39 us=104207 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1569,tun-mtu 1500,proto UDPv4,keydir 0,cipher AES-256-CBC,auth SHA256,keysize 256,tls-auth,key-method 2,tls-server'
2023-09-27 22:40:39 us=104220 TCP/UDP: Preserving recently used remote address: [AF_INET]24.XXX.XXX.70:1194
2023-09-27 22:40:39 us=104277 Socket Buffers: R=[212992->212992] S=[212992->212992]
2023-09-27 22:40:39 us=104372 UDPv4 link local: (not bound)
2023-09-27 22:40:39 us=104399 UDPv4 link remote: [AF_INET]24.XXX.XXX.70:1194
2023-09-27 22:40:39 us=104503 UDPv4 WRITE [54] to [AF_INET]24.XXX.XXX.70:1194: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #1 ] [ ] pid=0 DATA len=0
2023-09-27 22:40:39 us=129503 UDPv4 READ [66] from [AF_INET]24.XXX.XXX.70:1194: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 pid=[ #1 ] [ 0 ] pid=0 DATA len=0
2023-09-27 22:40:39 us=129576 TLS: Initial packet from [AF_INET]24.XXX.XXX.70:1194, sid=df50a0e7 dbfb844e
2023-09-27 22:40:39 us=129633 UDPv4 WRITE [62] to [AF_INET]24.XXX.XXX.70:1194: P_ACK_V1 kid=0 pid=[ #2 ] [ 0 ]
2023-09-27 22:40:39 us=129738 UDPv4 WRITE [335] to [AF_INET]24.XXX.XXX.70:1194: P_CONTROL_V1 kid=0 pid=[ #3 ] [ ] pid=1 DATA len=281
2023-09-27 22:40:39 us=175035 UDPv4 READ [1222] from [AF_INET]24.XXX.XXX.70:1194: P_CONTROL_V1 kid=0 pid=[ #2 ] [ 1 ] pid=1 DATA len=1156
2023-09-27 22:40:39 us=175327 UDPv4 WRITE [62] to [AF_INET]24.XXX.XXX.70:1194: P_ACK_V1 kid=0 pid=[ #4 ] [ 1 ]
2023-09-27 22:40:39 us=176114 UDPv4 READ [1222] from [AF_INET]24.XXX.XXX.70:1194: P_CONTROL_V1 kid=0 pid=[ #3 ] [ 1 ] pid=2 DATA len=1156
2023-09-27 22:40:39 us=176185 UDPv4 WRITE [62] to [AF_INET]24.XXX.XXX.70:1194: P_ACK_V1 kid=0 pid=[ #5 ] [ 2 ]
2023-09-27 22:40:41 us=515862 UDPv4 READ [566] from [AF_INET]24.XXX.XXX.70:1194: P_CONTROL_V1 kid=0 pid=[ #5 ] [ 1 ] pid=3 DATA len=500
2023-09-27 22:40:41 us=517818 VERIFY OK: depth=1, CN=internal-ca, C=CA, ST=ON, L=Oakville, O=XXXXXXXX, OU=lab
2023-09-27 22:40:41 us=518054 VERIFY KU OK
2023-09-27 22:40:41 us=518082 Validating certificate extended key usage
2023-09-27 22:40:41 us=518091 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2023-09-27 22:40:41 us=518099 VERIFY EKU OK
2023-09-27 22:40:41 us=518114 VERIFY OK: depth=0, CN=lab.XXXXXXXX.net, C=CA, ST=ON, L=Oakville, O=XXXXXXXX, OU=lab
2023-09-27 22:40:41 us=518345 UDPv4 WRITE [632] to [AF_INET]24.XXX.XXX.70:1194: P_CONTROL_V1 kid=0 pid=[ #6 ] [ 3 ] pid=2 DATA len=566
2023-09-27 22:40:43 us=763172 UDPv4 WRITE [620] to [AF_INET]24.XXX.XXX.70:1194: P_CONTROL_V1 kid=0 pid=[ #7 ] [ ] pid=2 DATA len=566
2023-09-27 22:40:47 us=130865 UDPv4 WRITE [620] to [AF_INET]24.XXX.XXX.70:1194: P_CONTROL_V1 kid=0 pid=[ #8 ] [ ] pid=2 DATA len=566
2023-09-27 22:40:55 us=372922 UDPv4 WRITE [620] to [AF_INET]24.XXX.XXX.70:1194: P_CONTROL_V1 kid=0 pid=[ #9 ] [ ] pid=2 DATA len=566
2023-09-27 22:41:11 us=47440 UDPv4 WRITE [620] to [AF_INET]24.XXX.XXX.70:1194: P_CONTROL_V1 kid=0 pid=[ #10 ] [ ] pid=2 DATA len=566
^C2023-09-27 22:41:24 us=953199 event_wait : Interrupted system call (code=4)
      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @jonh001
        last edited by

        @jonh001
        What do you see in the server log with verb level 4?

        J 1 Reply Last reply Reply Quote 0
        • J
          jonh001 @viragomann
          last edited by

          @viragomann

          verb level 4

          2023-09-28 09:11:30 us=845423 Current Parameter Settings:
2023-09-28 09:11:30 us=845490   config = 'nvb-UDP4-1194-config.ovpn'
2023-09-28 09:11:30 us=845499   mode = 0
2023-09-28 09:11:30 us=845505   persist_config = DISABLED
2023-09-28 09:11:30 us=845511   persist_mode = 1
2023-09-28 09:11:30 us=845517   show_ciphers = DISABLED
2023-09-28 09:11:30 us=845522   show_digests = DISABLED
2023-09-28 09:11:30 us=845528   show_engines = DISABLED
2023-09-28 09:11:30 us=845533   genkey = DISABLED
2023-09-28 09:11:30 us=845539   genkey_filename = '[UNDEF]'
2023-09-28 09:11:30 us=845544   key_pass_file = '[UNDEF]'
2023-09-28 09:11:30 us=845550   show_tls_ciphers = DISABLED
2023-09-28 09:11:30 us=845555   connect_retry_max = 0
2023-09-28 09:11:30 us=845561 Connection profiles [0]:
2023-09-28 09:11:30 us=845567   proto = udp4
2023-09-28 09:11:30 us=845572   local = '[UNDEF]'
2023-09-28 09:11:30 us=845578   local_port = '[UNDEF]'
2023-09-28 09:11:30 us=845583   remote = 'lab.XXXXXXXX.net'
2023-09-28 09:11:30 us=845589   remote_port = '1194'
2023-09-28 09:11:30 us=845594   remote_float = DISABLED
2023-09-28 09:11:30 us=845600   bind_defined = DISABLED
2023-09-28 09:11:30 us=845605   bind_local = DISABLED
2023-09-28 09:11:30 us=845611   bind_ipv6_only = DISABLED
2023-09-28 09:11:30 us=845616   connect_retry_seconds = 5
2023-09-28 09:11:30 us=845622   connect_timeout = 120
2023-09-28 09:11:30 us=845628   socks_proxy_server = '[UNDEF]'
2023-09-28 09:11:30 us=845634   socks_proxy_port = '[UNDEF]'
2023-09-28 09:11:30 us=845639   tun_mtu = 1500
2023-09-28 09:11:30 us=845645   tun_mtu_defined = ENABLED
2023-09-28 09:11:30 us=845651   link_mtu = 1500
2023-09-28 09:11:30 us=845656   link_mtu_defined = DISABLED
2023-09-28 09:11:30 us=845662   tun_mtu_extra = 0
2023-09-28 09:11:30 us=845667   tun_mtu_extra_defined = DISABLED
2023-09-28 09:11:30 us=845673   mtu_discover_type = -1
2023-09-28 09:11:30 us=845679   fragment = 0
2023-09-28 09:11:30 us=845684   mssfix = 1450
2023-09-28 09:11:30 us=845690   explicit_exit_notification = 1
2023-09-28 09:11:30 us=845695   tls_auth_file = '[INLINE]'
2023-09-28 09:11:30 us=845701   key_direction = 1
2023-09-28 09:11:30 us=845706   tls_crypt_file = '[UNDEF]'
2023-09-28 09:11:30 us=845712   tls_crypt_v2_file = '[UNDEF]'
2023-09-28 09:11:30 us=845718 Connection profiles END
2023-09-28 09:11:30 us=845723   remote_random = DISABLED
2023-09-28 09:11:30 us=845729   ipchange = '[UNDEF]'
2023-09-28 09:11:30 us=845734   dev = 'tun'
2023-09-28 09:11:30 us=845740   dev_type = '[UNDEF]'
2023-09-28 09:11:30 us=845745   dev_node = '[UNDEF]'
2023-09-28 09:11:30 us=845751   lladdr = '[UNDEF]'
2023-09-28 09:11:30 us=845756   topology = 1
2023-09-28 09:11:30 us=845762   ifconfig_local = '[UNDEF]'
2023-09-28 09:11:30 us=845767   ifconfig_remote_netmask = '[UNDEF]'
2023-09-28 09:11:30 us=845773   ifconfig_noexec = DISABLED
2023-09-28 09:11:30 us=845779   ifconfig_nowarn = DISABLED
2023-09-28 09:11:30 us=845784   ifconfig_ipv6_local = '[UNDEF]'
2023-09-28 09:11:30 us=845790   ifconfig_ipv6_netbits = 0
2023-09-28 09:11:30 us=845795   ifconfig_ipv6_remote = '[UNDEF]'
2023-09-28 09:11:30 us=845801   shaper = 0
2023-09-28 09:11:30 us=845807   mtu_test = 0
2023-09-28 09:11:30 us=845812   mlock = DISABLED
2023-09-28 09:11:30 us=845818   keepalive_ping = 0
2023-09-28 09:11:30 us=845823   keepalive_timeout = 0
2023-09-28 09:11:30 us=845829   inactivity_timeout = 0
2023-09-28 09:11:30 us=845834   ping_send_timeout = 0
2023-09-28 09:11:30 us=845840   ping_rec_timeout = 0
2023-09-28 09:11:30 us=845845   ping_rec_timeout_action = 0
2023-09-28 09:11:30 us=845851   ping_timer_remote = DISABLED
2023-09-28 09:11:30 us=845856   remap_sigusr1 = 0
2023-09-28 09:11:30 us=845862   persist_tun = ENABLED
2023-09-28 09:11:30 us=845868   persist_local_ip = DISABLED
2023-09-28 09:11:30 us=845873   persist_remote_ip = DISABLED
2023-09-28 09:11:30 us=845879   persist_key = ENABLED
2023-09-28 09:11:30 us=845884   passtos = DISABLED
2023-09-28 09:11:30 us=845890   resolve_retry_seconds = 1000000000
2023-09-28 09:11:30 us=845895   resolve_in_advance = DISABLED
2023-09-28 09:11:30 us=845901   username = '[UNDEF]'
2023-09-28 09:11:30 us=845906   groupname = '[UNDEF]'
2023-09-28 09:11:30 us=845912   chroot_dir = '[UNDEF]'
2023-09-28 09:11:30 us=845918   cd_dir = '[UNDEF]'
2023-09-28 09:11:30 us=845923   writepid = '[UNDEF]'
2023-09-28 09:11:30 us=845929   up_script = '[UNDEF]'
2023-09-28 09:11:30 us=845934   down_script = '[UNDEF]'
2023-09-28 09:11:30 us=845940   down_pre = DISABLED
2023-09-28 09:11:30 us=845945   up_restart = DISABLED
2023-09-28 09:11:30 us=845950   up_delay = DISABLED
2023-09-28 09:11:30 us=845956   daemon = DISABLED
2023-09-28 09:11:30 us=845962   inetd = 0
2023-09-28 09:11:30 us=845967   log = DISABLED
2023-09-28 09:11:30 us=845973   suppress_timestamps = DISABLED
2023-09-28 09:11:30 us=845978   machine_readable_output = DISABLED
2023-09-28 09:11:30 us=845984   nice = 0
2023-09-28 09:11:30 us=845989   verbosity = 4
2023-09-28 09:11:30 us=845995   mute = 0
2023-09-28 09:11:30 us=846000   gremlin = 0
2023-09-28 09:11:30 us=846006   status_file = '[UNDEF]'
2023-09-28 09:11:30 us=846011   status_file_version = 1
2023-09-28 09:11:30 us=846017   status_file_update_freq = 60
2023-09-28 09:11:30 us=846023   occ = ENABLED
2023-09-28 09:11:30 us=846028   rcvbuf = 0
2023-09-28 09:11:30 us=846034   sndbuf = 0
2023-09-28 09:11:30 us=846039   mark = 0
2023-09-28 09:11:30 us=846045   sockflags = 0
2023-09-28 09:11:30 us=846051   fast_io = DISABLED
2023-09-28 09:11:30 us=846056   comp.alg = 0
2023-09-28 09:11:30 us=846062   comp.flags = 0
2023-09-28 09:11:30 us=846067   route_script = '[UNDEF]'
2023-09-28 09:11:30 us=846074   route_default_gateway = '[UNDEF]'
2023-09-28 09:11:30 us=846079   route_default_metric = 0
2023-09-28 09:11:30 us=846085   route_noexec = DISABLED
2023-09-28 09:11:30 us=846090   route_delay = 0
2023-09-28 09:11:30 us=846096   route_delay_window = 30
2023-09-28 09:11:30 us=846102   route_delay_defined = DISABLED
2023-09-28 09:11:30 us=846107   route_nopull = DISABLED
2023-09-28 09:11:30 us=846113   route_gateway_via_dhcp = DISABLED
2023-09-28 09:11:30 us=846119   allow_pull_fqdn = DISABLED
2023-09-28 09:11:30 us=846124   management_addr = '[UNDEF]'
2023-09-28 09:11:30 us=846130   management_port = '[UNDEF]'
2023-09-28 09:11:30 us=846135   management_user_pass = '[UNDEF]'
2023-09-28 09:11:30 us=846141   management_log_history_cache = 250
2023-09-28 09:11:30 us=846147   management_echo_buffer_size = 100
2023-09-28 09:11:30 us=846153   management_write_peer_info_file = '[UNDEF]'
2023-09-28 09:11:30 us=846159   management_client_user = '[UNDEF]'
2023-09-28 09:11:30 us=846164   management_client_group = '[UNDEF]'
2023-09-28 09:11:30 us=846170   management_flags = 0
2023-09-28 09:11:30 us=846176   shared_secret_file = '[UNDEF]'
2023-09-28 09:11:30 us=846181   key_direction = 1
2023-09-28 09:11:30 us=846187   ciphername = 'AES-256-CBC'
2023-09-28 09:11:30 us=846193   ncp_enabled = ENABLED
2023-09-28 09:11:30 us=846199   ncp_ciphers = 'AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:AES-256-CBC'
2023-09-28 09:11:30 us=846205   authname = 'SHA256'
2023-09-28 09:11:30 us=846210   prng_hash = 'SHA1'
2023-09-28 09:11:30 us=846216   prng_nonce_secret_len = 16
2023-09-28 09:11:30 us=846222   keysize = 0
2023-09-28 09:11:30 us=846227   engine = DISABLED
2023-09-28 09:11:30 us=846233   replay = ENABLED
2023-09-28 09:11:30 us=846239   mute_replay_warnings = DISABLED
2023-09-28 09:11:30 us=846244   replay_window = 64
2023-09-28 09:11:30 us=846250   replay_time = 15
2023-09-28 09:11:30 us=846256   packet_id_file = '[UNDEF]'
2023-09-28 09:11:30 us=846262   test_crypto = DISABLED
2023-09-28 09:11:30 us=846267   tls_server = DISABLED
2023-09-28 09:11:30 us=846273   tls_client = ENABLED
2023-09-28 09:11:30 us=846315   ca_file = '[INLINE]'
2023-09-28 09:11:30 us=846321   ca_path = '[UNDEF]'
2023-09-28 09:11:30 us=846327   dh_file = '[UNDEF]'
2023-09-28 09:11:30 us=846333   cert_file = '[UNDEF]'
2023-09-28 09:11:30 us=846339   extra_certs_file = '[UNDEF]'
2023-09-28 09:11:30 us=846353   priv_key_file = '[UNDEF]'
2023-09-28 09:11:30 us=846359   pkcs12_file = '[UNDEF]'
2023-09-28 09:11:30 us=846365   cipher_list = '[UNDEF]'
2023-09-28 09:11:30 us=846377   cipher_list_tls13 = '[UNDEF]'
2023-09-28 09:11:30 us=846383   tls_cert_profile = '[UNDEF]'
2023-09-28 09:11:30 us=846395   tls_verify = '[UNDEF]'
2023-09-28 09:11:30 us=846401   tls_export_cert = '[UNDEF]'
2023-09-28 09:11:30 us=846413   verify_x509_type = 0
2023-09-28 09:11:30 us=846419   verify_x509_name = '[UNDEF]'
2023-09-28 09:11:30 us=846425   crl_file = '[UNDEF]'
2023-09-28 09:11:30 us=846431   ns_cert_type = 0
2023-09-28 09:11:30 us=846436   remote_cert_ku[i] = 65535
2023-09-28 09:11:30 us=846448   remote_cert_ku[i] = 0
2023-09-28 09:11:30 us=846454   remote_cert_ku[i] = 0
2023-09-28 09:11:30 us=846460   remote_cert_ku[i] = 0
2023-09-28 09:11:30 us=846471   remote_cert_ku[i] = 0
2023-09-28 09:11:30 us=846478   remote_cert_ku[i] = 0
2023-09-28 09:11:30 us=846483   remote_cert_ku[i] = 0
2023-09-28 09:11:30 us=846489   remote_cert_ku[i] = 0
2023-09-28 09:11:30 us=846500   remote_cert_ku[i] = 0
2023-09-28 09:11:30 us=846507   remote_cert_ku[i] = 0
2023-09-28 09:11:30 us=846518   remote_cert_ku[i] = 0
2023-09-28 09:11:30 us=846524   remote_cert_ku[i] = 0
2023-09-28 09:11:30 us=846536   remote_cert_ku[i] = 0
2023-09-28 09:11:30 us=846542   remote_cert_ku[i] = 0
2023-09-28 09:11:30 us=846548   remote_cert_ku[i] = 0
2023-09-28 09:11:30 us=846559   remote_cert_ku[i] = 0
2023-09-28 09:11:30 us=846565   remote_cert_eku = 'TLS Web Server Authentication'
2023-09-28 09:11:30 us=846577   ssl_flags = 0
2023-09-28 09:11:30 us=846583   tls_timeout = 2
2023-09-28 09:11:30 us=846595   renegotiate_bytes = -1
2023-09-28 09:11:30 us=846601   renegotiate_packets = 0
2023-09-28 09:11:30 us=846613   renegotiate_seconds = 3600
2023-09-28 09:11:30 us=846619   handshake_window = 60
2023-09-28 09:11:30 us=846631   transition_window = 3600
2023-09-28 09:11:30 us=846637   single_session = DISABLED
2023-09-28 09:11:30 us=846648   push_peer_info = DISABLED
2023-09-28 09:11:30 us=846654   tls_exit = DISABLED
2023-09-28 09:11:30 us=846660   tls_crypt_v2_metadata = '[UNDEF]'
2023-09-28 09:11:30 us=846672   pkcs11_protected_authentication = DISABLED
2023-09-28 09:11:30 us=846678   pkcs11_protected_authentication = DISABLED
2023-09-28 09:11:30 us=846690   pkcs11_protected_authentication = DISABLED
2023-09-28 09:11:30 us=846696   pkcs11_protected_authentication = DISABLED
2023-09-28 09:11:30 us=846708   pkcs11_protected_authentication = DISABLED
2023-09-28 09:11:30 us=846714   pkcs11_protected_authentication = DISABLED
2023-09-28 09:11:30 us=846726   pkcs11_protected_authentication = DISABLED
2023-09-28 09:11:30 us=846732   pkcs11_protected_authentication = DISABLED
2023-09-28 09:11:30 us=846743   pkcs11_protected_authentication = DISABLED
2023-09-28 09:11:30 us=846753   pkcs11_protected_authentication = DISABLED
2023-09-28 09:11:30 us=846766   pkcs11_protected_authentication = DISABLED
2023-09-28 09:11:30 us=846772   pkcs11_protected_authentication = DISABLED
2023-09-28 09:11:30 us=846784   pkcs11_protected_authentication = DISABLED
2023-09-28 09:11:30 us=846790   pkcs11_protected_authentication = DISABLED
2023-09-28 09:11:30 us=846802   pkcs11_protected_authentication = DISABLED
2023-09-28 09:11:30 us=846808   pkcs11_protected_authentication = DISABLED
2023-09-28 09:11:30 us=846820   pkcs11_private_mode = 00000000
2023-09-28 09:11:30 us=846826   pkcs11_private_mode = 00000000
2023-09-28 09:11:30 us=846838   pkcs11_private_mode = 00000000
2023-09-28 09:11:30 us=846844   pkcs11_private_mode = 00000000
2023-09-28 09:11:30 us=846856   pkcs11_private_mode = 00000000
2023-09-28 09:11:30 us=846862   pkcs11_private_mode = 00000000
2023-09-28 09:11:30 us=846873   pkcs11_private_mode = 00000000
2023-09-28 09:11:30 us=846879   pkcs11_private_mode = 00000000
2023-09-28 09:11:30 us=846891   pkcs11_private_mode = 00000000
2023-09-28 09:11:30 us=846897   pkcs11_private_mode = 00000000
2023-09-28 09:11:30 us=846909   pkcs11_private_mode = 00000000
2023-09-28 09:11:30 us=846914   pkcs11_private_mode = 00000000
2023-09-28 09:11:30 us=846926   pkcs11_private_mode = 00000000
2023-09-28 09:11:30 us=846932   pkcs11_private_mode = 00000000
2023-09-28 09:11:30 us=846943   pkcs11_private_mode = 00000000
2023-09-28 09:11:30 us=846949   pkcs11_private_mode = 00000000
2023-09-28 09:11:30 us=846961   pkcs11_cert_private = DISABLED
2023-09-28 09:11:30 us=846967   pkcs11_cert_private = DISABLED
2023-09-28 09:11:30 us=846978   pkcs11_cert_private = DISABLED
2023-09-28 09:11:30 us=846984   pkcs11_cert_private = DISABLED
2023-09-28 09:11:30 us=846996   pkcs11_cert_private = DISABLED
2023-09-28 09:11:30 us=847002   pkcs11_cert_private = DISABLED
2023-09-28 09:11:30 us=847013   pkcs11_cert_private = DISABLED
2023-09-28 09:11:30 us=847019   pkcs11_cert_private = DISABLED
2023-09-28 09:11:30 us=847031   pkcs11_cert_private = DISABLED
2023-09-28 09:11:30 us=847037   pkcs11_cert_private = DISABLED
2023-09-28 09:11:30 us=847048   pkcs11_cert_private = DISABLED
2023-09-28 09:11:30 us=847054   pkcs11_cert_private = DISABLED
2023-09-28 09:11:30 us=847066   pkcs11_cert_private = DISABLED
2023-09-28 09:11:30 us=847072   pkcs11_cert_private = DISABLED
2023-09-28 09:11:30 us=847083   pkcs11_cert_private = DISABLED
2023-09-28 09:11:30 us=847089   pkcs11_cert_private = DISABLED
2023-09-28 09:11:30 us=847101   pkcs11_pin_cache_period = -1
2023-09-28 09:11:30 us=847107   pkcs11_id = '[UNDEF]'
2023-09-28 09:11:30 us=847119   pkcs11_id_management = DISABLED
2023-09-28 09:11:30 us=847131   server_network = 0.0.0.0
2023-09-28 09:11:30 us=847144   server_netmask = 0.0.0.0
2023-09-28 09:11:30 us=847156   server_network_ipv6 = ::
2023-09-28 09:11:30 us=847168   server_netbits_ipv6 = 0
2023-09-28 09:11:30 us=847175   server_bridge_ip = 0.0.0.0
2023-09-28 09:11:30 us=847187   server_bridge_netmask = 0.0.0.0
2023-09-28 09:11:30 us=847194   server_bridge_pool_start = 0.0.0.0
2023-09-28 09:11:30 us=847206   server_bridge_pool_end = 0.0.0.0
2023-09-28 09:11:30 us=847212   ifconfig_pool_defined = DISABLED
2023-09-28 09:11:30 us=847224   ifconfig_pool_start = 0.0.0.0
2023-09-28 09:11:30 us=847231   ifconfig_pool_end = 0.0.0.0
2023-09-28 09:11:30 us=847243   ifconfig_pool_netmask = 0.0.0.0
2023-09-28 09:11:30 us=847249   ifconfig_pool_persist_filename = '[UNDEF]'
2023-09-28 09:11:30 us=847261   ifconfig_pool_persist_refresh_freq = 600
2023-09-28 09:11:30 us=847267   ifconfig_ipv6_pool_defined = DISABLED
2023-09-28 09:11:30 us=847279   ifconfig_ipv6_pool_base = ::
2023-09-28 09:11:30 us=847285   ifconfig_ipv6_pool_netbits = 0
2023-09-28 09:11:30 us=847297   n_bcast_buf = 256
2023-09-28 09:11:30 us=847303   tcp_queue_limit = 64
2023-09-28 09:11:30 us=847309   real_hash_size = 256
2023-09-28 09:11:30 us=847320   virtual_hash_size = 256
2023-09-28 09:11:30 us=847326   client_connect_script = '[UNDEF]'
2023-09-28 09:11:30 us=847338   learn_address_script = '[UNDEF]'
2023-09-28 09:11:30 us=847344   client_disconnect_script = '[UNDEF]'
2023-09-28 09:11:30 us=847356   client_config_dir = '[UNDEF]'
2023-09-28 09:11:30 us=847362   ccd_exclusive = DISABLED
2023-09-28 09:11:30 us=847373   tmp_dir = '/tmp'
2023-09-28 09:11:30 us=847380   push_ifconfig_defined = DISABLED
2023-09-28 09:11:30 us=847392   push_ifconfig_local = 0.0.0.0
2023-09-28 09:11:30 us=847399   push_ifconfig_remote_netmask = 0.0.0.0
2023-09-28 09:11:30 us=847411   push_ifconfig_ipv6_defined = DISABLED
2023-09-28 09:11:30 us=847417   push_ifconfig_ipv6_local = ::/0
2023-09-28 09:11:30 us=847429   push_ifconfig_ipv6_remote = ::
2023-09-28 09:11:30 us=847435   enable_c2c = DISABLED
2023-09-28 09:11:30 us=847447   duplicate_cn = DISABLED
2023-09-28 09:11:30 us=847454   cf_max = 0
2023-09-28 09:11:30 us=847465   cf_per = 0
2023-09-28 09:11:30 us=847471   max_clients = 1024
2023-09-28 09:11:30 us=847477   max_routes_per_client = 256
2023-09-28 09:11:30 us=847489   auth_user_pass_verify_script = '[UNDEF]'
2023-09-28 09:11:30 us=847495   auth_user_pass_verify_script_via_file = DISABLED
2023-09-28 09:11:30 us=847507   auth_token_generate = DISABLED
2023-09-28 09:11:30 us=847513   auth_token_lifetime = 0
2023-09-28 09:11:30 us=847524   auth_token_secret_file = '[UNDEF]'
2023-09-28 09:11:30 us=847530   port_share_host = '[UNDEF]'
2023-09-28 09:11:30 us=847536   port_share_port = '[UNDEF]'
2023-09-28 09:11:30 us=847548   vlan_tagging = DISABLED
2023-09-28 09:11:30 us=847554   vlan_accept = all
2023-09-28 09:11:30 us=847559   vlan_pvid = 1
2023-09-28 09:11:30 us=847565   client = ENABLED
2023-09-28 09:11:30 us=847571   pull = ENABLED
2023-09-28 09:11:30 us=847576   auth_user_pass_file = 'stdin'
2023-09-28 09:11:30 us=847583 OpenVPN 2.5.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jul 14 2022
2023-09-28 09:11:30 us=847597 library versions: OpenSSL 3.0.2 15 Mar 2022, LZO 2.10
Enter Auth Username: jonh
๐Ÿ” Enter Auth Password: ********                
2023-09-28 09:11:41 us=800136 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
2023-09-28 09:11:41 us=800204 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
2023-09-28 09:11:41 us=800313 Control Channel MTU parms [ L:1621 D:1172 EF:78 EB:0 ET:0 EL:3 ]
2023-09-28 09:11:41 us=861231 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
2023-09-28 09:11:41 us=861368 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1569,tun-mtu 1500,proto UDPv4,keydir 1,cipher AES-256-CBC,auth SHA256,keysize 256,tls-auth,key-method 2,tls-client'
2023-09-28 09:11:41 us=861395 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1569,tun-mtu 1500,proto UDPv4,keydir 0,cipher AES-256-CBC,auth SHA256,keysize 256,tls-auth,key-method 2,tls-server'
2023-09-28 09:11:41 us=861422 TCP/UDP: Preserving recently used remote address: [AF_INET]24.XXX.XXX.70:1194
2023-09-28 09:11:41 us=861469 Socket Buffers: R=[212992->212992] S=[212992->212992]
2023-09-28 09:11:41 us=861512 UDPv4 link local: (not bound)
2023-09-28 09:11:41 us=861535 UDPv4 link remote: [AF_INET]24.XXX.XXX.70:1194
2023-09-28 09:11:41 us=883767 TLS: Initial packet from [AF_INET]24.XXX.XXX.70:1194, sid=9364b1cb d34c4d04
2023-09-28 09:11:44 us=4 VERIFY OK: depth=1, CN=internal-ca, C=CA, ST=ON, L=Oakville, O.XXXXXXXX, OU=lab
2023-09-28 09:11:44 us=401412 VERIFY KU OK
2023-09-28 09:11:44 us=401450 Validating certificate extended key usage
2023-09-28 09:11:44 us=401465 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2023-09-28 09:11:44 us=401495 VERIFY EKU OK
2023-09-28 09:11:44 us=401508 VERIFY OK: depth=0, CN=lab.XXXXXXXX.net, C=CA, ST=ON, L=Oakville, O.XXXXXXXX, OU=lab
2023-09-28 09:12:41 us=480977 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2023-09-28 09:12:41 us=481031 TLS Error: TLS handshake failed
2023-09-28 09:12:41 us=481159 TCP/UDP: Closing socket
2023-09-28 09:12:41 us=481203 SIGUSR1[soft,tls-error] received, process restarting
2023-09-28 09:12:41 us=481228 Restart pause, 5 second(s)
2023-09-28 09:12:46 us=481699 Re-using SSL/TLS context
2023-09-28 09:12:46 us=481912 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
2023-09-28 09:12:46 us=481944 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
2023-09-28 09:12:46 us=482046 Control Channel MTU parms [ L:1621 D:1172 EF:78 EB:0 ET:0 EL:3 ]
2023-09-28 09:12:46 us=529328 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
2023-09-28 09:12:46 us=529431 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1569,tun-mtu 1500,proto UDPv4,keydir 1,cipher AES-256-CBC,auth SHA256,keysize 256,tls-auth,key-method 2,tls-client'
2023-09-28 09:12:46 us=529459 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1569,tun-mtu 1500,proto UDPv4,keydir 0,cipher AES-256-CBC,auth SHA256,keysize 256,tls-auth,key-method 2,tls-server'
2023-09-28 09:12:46 us=529476 TCP/UDP: Preserving recently used remote address: [AF_INET]24.XXX.XXX.70:1194
2023-09-28 09:12:46 us=529523 Socket Buffers: R=[212992->212992] S=[212992->212992]
2023-09-28 09:12:46 us=529545 UDPv4 link local: (not bound)
2023-09-28 09:12:46 us=529556 UDPv4 link remote: [AF_INET]24.XXX.XXX.70:1194
2023-09-28 09:12:46 us=553920 TLS: Initial packet from [AF_INET]24.XXX.XXX.70:1194, sid=3fa5583f 729cc034
2023-09-28 09:12:46 us=600295 VERIFY OK: depth=1, CN=internal-ca, C=CA, ST=ON, L=Oakville, O.XXXXXXXX, OU=lab
2023-09-28 09:12:46 us=600483 VERIFY KU OK
2023-09-28 09:12:46 us=600511 Validating certificate extended key usage
2023-09-28 09:12:46 us=600520 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2023-09-28 09:12:46 us=600527 VERIFY EKU OK
2023-09-28 09:12:46 us=600542 VERIFY OK: depth=0, CN=lab.XXXXXXXX.net, C=CA, ST=ON, L=Oakville, O.XXXXXXXX, OU=lab
^C2023-09-28 09:12:56 us=645614 event_wait : Interrupted system call (code=4)
2023-09-28 09:12:56 us=645681 SIGTERM received, sending exit notification to peer
2023-09-28 09:12:57 us=776075 TCP/UDP: Closing socket
2023-09-28 09:12:57 us=776167 SIGTERM[soft,exit-with-notification] received, process exiting
          V 1 Reply Last reply Reply Quote 0
          • V
            viragomann @jonh001
            last edited by

            @jonh001
            This seems to be the clients log. We got this already.

            J 1 Reply Last reply Reply Quote 0
            • J
              jonh001 @viragomann
              last edited by

              @viragomann
              Sorry about that - server log attached.
              Couldn't insert it here inline because it kept being flagged as spam
              server_log.txt

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.