Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Working OpenVPN (PIA) just stopped working?!

    Scheduled Pinned Locked Moved OpenVPN
    24 Posts 5 Posters 5.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      pfBasic Banned
      last edited by

      Jun 21 11:12:06 netbox openvpn[98932]: PO_WAIT[0,0] fd=5 rev=0x00000001 rwflags=0x0001 arg=0x006a38c0 
      Jun 21 11:12:06 netbox openvpn[98932]:  event_wait returned 1
      Jun 21 11:12:06 netbox openvpn[98932]: I/O WAIT status=0x0001
      Jun 21 11:12:06 netbox openvpn[98932]: UDPv4 read returned 77
      Jun 21 11:12:06 netbox openvpn[98932]: UDPv4 READ [77] from [AF_INET]198.8.80.218:1197: P_CONTROL_V1 kid=0 sid=c2c928fd 0375e529 [ 2 sid=cb33d45e 1bfb5dae ] pid=5 DATA 14030300 01011603 030028b2 0ea752f8 8fac5ba4 a792ab6c f3808d1c 7ca246a[more...]
      Jun 21 11:12:06 netbox openvpn[98932]: TLS: control channel, op=P_CONTROL_V1, IP=[AF_INET]198.8.80.218:1197
      Jun 21 11:12:06 netbox openvpn[98932]: TLS: initial packet test, i=0 state=S_SENT_KEY, mysid=cb33d45e 1bfb5dae, rec-sid=c2c928fd 0375e529, rec-ip=[AF_INET]198.8.80.218:1197, stored-sid=c2c928fd 0375e529, stored-ip=[AF_INET]198.8.80.218:1197
      Jun 21 11:12:06 netbox openvpn[98932]: TLS: found match, session[0], sid=c2c928fd 0375e529
      Jun 21 11:12:06 netbox openvpn[98932]: TLS: received control channel packet s#=0 sid=c2c928fd 0375e529
      Jun 21 11:12:06 netbox openvpn[98932]: ACK received for pid 2, deleting from send buffer
      Jun 21 11:12:06 netbox openvpn[98932]: ACK read ID 5 (buf->len=51)
      Jun 21 11:12:06 netbox openvpn[98932]: ACK RWBS rel->size=8 rel->packet_id=00000005 id=00000005 ret=1
      Jun 21 11:12:06 netbox openvpn[98932]: ACK mark active incoming ID 5
      Jun 21 11:12:06 netbox openvpn[98932]: ACK acknowledge ID 5 (ack->len=1)
      Jun 21 11:12:06 netbox openvpn[98932]: TLS: tls_multi_process: i=0 state=S_SENT_KEY, mysid=cb33d45e 1bfb5dae, stored-sid=c2c928fd 0375e529, stored-ip=[AF_INET]198.8.80.218:1197
      Jun 21 11:12:06 netbox openvpn[98932]: TLS: tls_process: chg=0 ks=S_SENT_KEY lame=S_UNDEF to_link->len=0 wakeup=604800
      Jun 21 11:12:06 netbox openvpn[98932]: ACK reliable_can_send active=0 current=0 : [3]
      Jun 21 11:12:06 netbox openvpn[98932]: BIO write tls_write_ciphertext 51 bytes
      Jun 21 11:12:06 netbox openvpn[98932]: Incoming Ciphertext -> TLS
      Jun 21 11:12:06 netbox openvpn[98932]: SSL state (connect): SSLv3 read finished A
      Jun 21 11:12:06 netbox openvpn[98932]: BIO write tls_write_plaintext 432 bytes
      Jun 21 11:12:06 netbox openvpn[98932]: Outgoing Plaintext -> TLS
      Jun 21 11:12:06 netbox openvpn[98932]: BIO read tls_read_ciphertext 461 bytes
      Jun 21 11:12:06 netbox openvpn[98932]: ACK mark active outgoing ID 3
      Jun 21 11:12:06 netbox openvpn[98932]: Outgoing Ciphertext -> Reliable
      Jun 21 11:12:06 netbox openvpn[98932]: TLS: tls_process: chg=1 ks=S_SENT_KEY lame=S_UNDEF to_link->len=0 wakeup=604800
      Jun 21 11:12:06 netbox openvpn[98932]: ACK reliable_can_send active=1 current=1 : [4] 3
      Jun 21 11:12:06 netbox openvpn[98932]: ACK reliable_send ID 3 (size=465 to=2)
      Jun 21 11:12:06 netbox openvpn[98932]: ACK write ID 5 (ack->len=1, n=1)
      Jun 21 11:12:06 netbox openvpn[98932]: Reliable -> TCP/UDP
      Jun 21 11:12:06 netbox openvpn[98932]: ACK reliable_send_timeout 2 [4] 3
      Jun 21 11:12:06 netbox openvpn[98932]: TLS: tls_process: timeout set to 2
      Jun 21 11:12:06 netbox openvpn[98932]: TLS: tls_multi_process: i=1 state=S_INITIAL, mysid=32e160cb df968b27, stored-sid=00000000 00000000, stored-ip=[AF_UNSPEC]
      Jun 21 11:12:06 netbox openvpn[98932]: TLS: tls_multi_process: i=2 state=S_UNDEF, mysid=00000000 00000000, stored-sid=00000000 00000000, stored-ip=[AF_UNSPEC]
      Jun 21 11:12:06 netbox openvpn[98932]: PO_CTL rwflags=0x0003 ev=5 arg=0x006a38c0
      Jun 21 11:12:06 netbox openvpn[98932]: PO_CTL rwflags=0x0001 ev=4 arg=0x006a26e8
      Jun 21 11:12:06 netbox openvpn[98932]: I/O WAIT T?|T?|SR|SW [1/50141]
      Jun 21 11:12:06 netbox openvpn[98932]: PO_WAIT[0,0] fd=5 rev=0x00000004 rwflags=0x0002 arg=0x006a38c0 
      Jun 21 11:12:06 netbox openvpn[98932]:  event_wait returned 1
      Jun 21 11:12:06 netbox openvpn[98932]: I/O WAIT status=0x0002
      Jun 21 11:12:06 netbox openvpn[98932]: UDPv4 WRITE [487] to [AF_INET]198.8.80.218:1197: P_CONTROL_V1 kid=0 sid=cb33d45e 1bfb5dae [ 5 sid=c2c928fd 0375e529 ] pid=3 DATA 17030301 c8e24234 a8479e50 3ffd861b fdb77985 f7533ade 4914d8aa f06cc01[more...]
      Jun 21 11:12:06 netbox openvpn[98932]: UDPv4 write returned 487
      Jun 21 11:12:06 netbox openvpn[98932]: TLS: tls_multi_process: i=0 state=S_SENT_KEY, mysid=cb33d45e 1bfb5dae, stored-sid=c2c928fd 0375e529, stored-ip=[AF_INET]198.8.80.218:1197
      Jun 21 11:12:06 netbox openvpn[98932]: TLS: tls_process: chg=0 ks=S_SENT_KEY lame=S_UNDEF to_link->len=0 wakeup=604800
      Jun 21 11:12:06 netbox openvpn[98932]: ACK reliable_can_send active=1 current=0 : [4] 3
      Jun 21 11:12:06 netbox openvpn[98932]: ACK reliable_send_timeout 2 [4] 3
      Jun 21 11:12:06 netbox openvpn[98932]: TLS: tls_process: timeout set to 2
      Jun 21 11:12:06 netbox openvpn[98932]: TLS: tls_multi_process: i=1 state=S_INITIAL, mysid=32e160cb df968b27, stored-sid=00000000 00000000, stored-ip=[AF_UNSPEC]
      Jun 21 11:12:06 netbox openvpn[98932]: TLS: tls_multi_process: i=2 state=S_UNDEF, mysid=00000000 00000000, stored-sid=00000000 00000000, stored-ip=[AF_UNSPEC]
      Jun 21 11:12:06 netbox openvpn[98932]: PO_CTL rwflags=0x0001 ev=5 arg=0x006a38c0
      Jun 21 11:12:06 netbox openvpn[98932]: PO_CTL rwflags=0x0001 ev=4 arg=0x006a26e8
      Jun 21 11:12:06 netbox openvpn[98932]: I/O WAIT T?|T?|SR|Sw [1/50141]
      Jun 21 11:12:06 netbox openvpn[98932]: PO_WAIT[0,0] fd=5 rev=0x00000001 rwflags=0x0001 arg=0x006a38c0 
      Jun 21 11:12:06 netbox openvpn[98932]:  event_wait returned 1
      Jun 21 11:12:06 netbox openvpn[98932]: I/O WAIT status=0x0001
      Jun 21 11:12:06 netbox openvpn[98932]: UDPv4 read returned 256
      Jun 21 11:12:06 netbox openvpn[98932]: UDPv4 READ [256] from [AF_INET]198.8.80.218:1197: P_CONTROL_V1 kid=0 sid=c2c928fd 0375e529 [ 3 sid=cb33d45e 1bfb5dae ] pid=6 DATA 17030300 e1b20ea7 52f88fac 5cfbe369 9a89d263 c3f9d664 174aaab3 0e0fb52[more...]
      Jun 21 11:12:06 netbox openvpn[98932]: TLS: control channel, op=P_CONTROL_V1, IP=[AF_INET]198.8.80.218:1197
      Jun 21 11:12:06 netbox openvpn[98932]: TLS: initial packet test, i=0 state=S_SENT_KEY, mysid=cb33d45e 1bfb5dae, rec-sid=c2c928fd 0375e529, rec-ip=[AF_INET]198.8.80.218:1197, stored-sid=c2c928fd 0375e529, stored-ip=[AF_INET]198.8.80.218:1197
      Jun 21 11:12:06 netbox openvpn[98932]: TLS: found match, session[0], sid=c2c928fd 0375e529
      Jun 21 11:12:06 netbox openvpn[98932]: TLS: received control channel packet s#=0 sid=c2c928fd 0375e529
      Jun 21 11:12:06 netbox openvpn[98932]: ACK received for pid 3, deleting from send buffer
      Jun 21 11:12:06 netbox openvpn[98932]: ACK read ID 6 (buf->len=230)
      Jun 21 11:12:06 netbox openvpn[98932]: ACK RWBS rel->size=8 rel->packet_id=00000006 id=00000006 ret=1
      Jun 21 11:12:06 netbox openvpn[98932]: ACK mark active incoming ID 6
      Jun 21 11:12:06 netbox openvpn[98932]: ACK acknowledge ID 6 (ack->len=1)
      Jun 21 11:12:06 netbox openvpn[98932]: TLS: tls_multi_process: i=0 state=S_SENT_KEY, mysid=cb33d45e 1bfb5dae, stored-sid=c2c928fd 0375e529, stored-ip=[AF_INET]198.8.80.218:1197
      Jun 21 11:12:06 netbox openvpn[98932]: TLS: tls_process: chg=0 ks=S_SENT_KEY lame=S_UNDEF to_link->len=0 wakeup=604800
      Jun 21 11:12:06 netbox openvpn[98932]: ACK reliable_can_send active=0 current=0 : [4]
      Jun 21 11:12:06 netbox openvpn[98932]: BIO write tls_write_ciphertext 230 bytes
      Jun 21 11:12:06 netbox openvpn[98932]: Incoming Ciphertext -> TLS
      Jun 21 11:12:06 netbox openvpn[98932]: BIO read tls_read_plaintext 201 bytes
      Jun 21 11:12:06 netbox openvpn[98932]: TLS -> Incoming Plaintext
      Jun 21 11:12:06 netbox openvpn[98932]: WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1570', remote='link-mtu 1542'
      Jun 21 11:12:06 netbox openvpn[98932]: WARNING: 'cipher' is used inconsistently, local='cipher AES-256-CBC', remote='cipher BF-CBC'
      Jun 21 11:12:06 netbox openvpn[98932]: WARNING: 'auth' is used inconsistently, local='auth SHA256', remote='auth SHA1'
      Jun 21 11:12:06 netbox openvpn[98932]: WARNING: 'keysize' is used inconsistently, local='keysize 256', remote='keysize 128'
      Jun 21 11:12:06 netbox openvpn[98932]: STATE S_GOT_KEY
      Jun 21 11:12:06 netbox openvpn[98932]: TLS: tls_process: chg=1 ks=S_GOT_KEY lame=S_UNDEF to_link->len=0 wakeup=604800
      Jun 21 11:12:06 netbox openvpn[98932]: ACK reliable_can_send active=0 current=0 : [4]
      Jun 21 11:12:06 netbox openvpn[98932]: ACK write ID 6 (ack->len=1, n=1)
      Jun 21 11:12:06 netbox openvpn[98932]: Dedicated ACK -> TCP/UDP
      Jun 21 11:12:06 netbox openvpn[98932]: ACK reliable_send_timeout 604800 [4]
      Jun 21 11:12:06 netbox openvpn[98932]: TLS: tls_process: timeout set to 60
      Jun 21 11:12:06 netbox openvpn[98932]: TLS: tls_multi_process: i=1 state=S_INITIAL, mysid=32e160cb df968b27, stored-sid=00000000 00000000, stored-ip=[AF_UNSPEC]
      Jun 21 11:12:06 netbox openvpn[98932]: TLS: tls_multi_process: i=2 state=S_UNDEF, mysid=00000000 00000000, stored-sid=00000000 00000000, stored-ip=[AF_UNSPEC]
      Jun 21 11:12:06 netbox openvpn[98932]: PO_CTL rwflags=0x0003 ev=5 arg=0x006a38c0
      Jun 21 11:12:06 netbox openvpn[98932]: PO_CTL rwflags=0x0001 ev=4 arg=0x006a26e8
      Jun 21 11:12:06 netbox openvpn[98932]: I/O WAIT T?|T?|SR|SW [1/50141]
      Jun 21 11:12:06 netbox openvpn[98932]: PO_WAIT[0,0] fd=5 rev=0x00000004 rwflags=0x0002 arg=0x006a38c0 
      Jun 21 11:12:06 netbox openvpn[98932]:  event_wait returned 1
      Jun 21 11:12:06 netbox openvpn[98932]: I/O WAIT status=0x0002
      Jun 21 11:12:06 netbox openvpn[98932]: UDPv4 WRITE [22] to [AF_INET]198.8.80.218:1197: P_ACK_V1 kid=0 sid=cb33d45e 1bfb5dae [ 6 sid=c2c928fd 0375e529 ]
      Jun 21 11:12:06 netbox openvpn[98932]: UDPv4 write returned 22
      Jun 21 11:12:06 netbox openvpn[98932]: TLS: tls_multi_process: i=0 state=S_GOT_KEY, mysid=cb33d45e 1bfb5dae, stored-sid=c2c928fd 0375e529, stored-ip=[AF_INET]198.8.80.218:1197
      Jun 21 11:12:06 netbox openvpn[98932]: TLS: tls_process: chg=0 ks=S_GOT_KEY lame=S_UNDEF to_link->len=0 wakeup=604800
      Jun 21 11:12:06 netbox openvpn[98932]: STATE S_ACTIVE
      Jun 21 11:12:06 netbox openvpn[98932]: Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 4096 bit RSA
      Jun 21 11:12:06 netbox openvpn[98932]: [cad10e306a226b20e547154b96cbb909] Peer Connection Initiated with [AF_INET]198.8.80.218:1197
      Jun 21 11:12:06 netbox openvpn[98932]: ACK reliable_can_send active=0 current=0 : [4]
      Jun 21 11:12:06 netbox openvpn[98932]: TLS: tls_process: chg=1 ks=S_ACTIVE lame=S_UNDEF to_link->len=0 wakeup=604800
      Jun 21 11:12:06 netbox openvpn[98932]: ACK reliable_can_send active=0 current=0 : [4]
      Jun 21 11:12:06 netbox openvpn[98932]: ACK reliable_send_timeout 604800 [4]
      Jun 21 11:12:06 netbox openvpn[98932]: TLS: tls_process: timeout set to 60
      Jun 21 11:12:06 netbox openvpn[98932]: TLS: tls_multi_process: i=1 state=S_INITIAL, mysid=32e160cb df968b27, stored-sid=00000000 00000000, stored-ip=[AF_UNSPEC]
      Jun 21 11:12:06 netbox openvpn[98932]: TLS: tls_multi_process: i=2 state=S_UNDEF, mysid=00000000 00000000, stored-sid=00000000 00000000, stored-ip=[AF_UNSPEC]
      Jun 21 11:12:06 netbox openvpn[98932]: PO_CTL rwflags=0x0001 ev=5 arg=0x006a38c0
      Jun 21 11:12:06 netbox openvpn[98932]: PO_CTL rwflags=0x0001 ev=4 arg=0x006a26e8
      Jun 21 11:12:06 netbox openvpn[98932]: I/O WAIT T?|T?|SR|Sw [1/50141]
      Jun 21 11:12:07 netbox openvpn[98932]:  event_wait returned 0
      Jun 21 11:12:07 netbox openvpn[98932]: I/O WAIT status=0x0020
      Jun 21 11:12:07 netbox openvpn[98932]: BIO write tls_write_plaintext_const 13 bytes
      Jun 21 11:12:07 netbox openvpn[98932]: SENT CONTROL [cad10e306a226b20e547154b96cbb909]: 'PUSH_REQUEST' (status=1)
      Jun 21 11:12:07 netbox openvpn[98932]: TIMER: coarse timer wakeup 0 seconds
      Jun 21 11:12:07 netbox openvpn[98932]: TLS: tls_multi_process: i=0 state=S_ACTIVE, mysid=cb33d45e 1bfb5dae, stored-sid=c2c928fd 0375e529, stored-ip=[AF_INET]198.8.80.218:1197
      Jun 21 11:12:07 netbox openvpn[98932]: TLS: tls_process: chg=0 ks=S_ACTIVE lame=S_UNDEF to_link->len=0 wakeup=604800
      Jun 21 11:12:07 netbox openvpn[98932]: ACK reliable_can_send active=0 current=0 : [4]
      Jun 21 11:12:07 netbox openvpn[98932]: BIO read tls_read_ciphertext 42 bytes
      Jun 21 11:12:07 netbox openvpn[98932]: ACK mark active outgoing ID 4
      Jun 21 11:12:07 netbox openvpn[98932]: Outgoing Ciphertext -> Reliable
      Jun 21 11:12:07 netbox openvpn[98932]: TLS: tls_process: chg=1 ks=S_ACTIVE lame=S_UNDEF to_link->len=0 wakeup=604800
      Jun 21 11:12:07 netbox openvpn[98932]: ACK reliable_can_send active=1 current=1 : [5] 4
      Jun 21 11:12:07 netbox openvpn[98932]: ACK reliable_send ID 4 (size=46 to=2)
      Jun 21 11:12:07 netbox openvpn[98932]: Reliable -> TCP/UDP
      Jun 21 11:12:07 netbox openvpn[98932]: ACK reliable_send_timeout 2 [5] 4
      Jun 21 11:12:07 netbox openvpn[98932]: TLS: tls_process: timeout set to 2
      Jun 21 11:12:07 netbox openvpn[98932]: TLS: tls_multi_process: i=1 state=S_INITIAL, mysid=32e160cb df968b27, stored-sid=00000000 00000000, stored-ip=[AF_UNSPEC]
      Jun 21 11:12:07 netbox openvpn[98932]: TLS: tls_multi_process: i=2 state=S_UNDEF, mysid=00000000 00000000, stored-sid=00000000 00000000, stored-ip=[AF_UNSPEC]
      Jun 21 11:12:07 netbox openvpn[98932]: PO_CTL rwflags=0x0003 ev=5 arg=0x006a38c0
      Jun 21 11:12:07 netbox openvpn[98932]: PO_CTL rwflags=0x0001 ev=4 arg=0x006a26e8
      Jun 21 11:12:07 netbox openvpn[98932]: I/O WAIT T?|T?|SR|SW [0/0]
      Jun 21 11:12:07 netbox openvpn[98932]: PO_WAIT[0,0] fd=5 rev=0x00000004 rwflags=0x0002 arg=0x006a38c0 
      Jun 21 11:12:07 netbox openvpn[98932]:  event_wait returned 1
      Jun 21 11:12:07 netbox openvpn[98932]: I/O WAIT status=0x0002
      Jun 21 11:12:07 netbox openvpn[98932]: UDPv4 WRITE [56] to [AF_INET]198.8.80.218:1197: P_CONTROL_V1 kid=0 sid=cb33d45e 1bfb5dae [ ] pid=4 DATA 17030300 25e24234 a8479e50 404742e8 4721ed4e f0133815 94237643 3ce16cc[more...]
      Jun 21 11:12:07 netbox openvpn[98932]: UDPv4 write returned 56
      Jun 21 11:12:07 netbox openvpn[98932]: TIMER: coarse timer wakeup 5 seconds
      Jun 21 11:12:07 netbox openvpn[98932]: TLS: tls_multi_process: i=0 state=S_ACTIVE, mysid=cb33d45e 1bfb5dae, stored-sid=c2c928fd 0375e529, stored-ip=[AF_INET]198.8.80.218:1197
      Jun 21 11:12:07 netbox openvpn[98932]: TLS: tls_process: chg=0 ks=S_ACTIVE lame=S_UNDEF to_link->len=0 wakeup=604800
      Jun 21 11:12:07 netbox openvpn[98932]: ACK reliable_can_send active=1 current=0 : [5] 4
      Jun 21 11:12:07 netbox openvpn[98932]: ACK reliable_send_timeout 2 [5] 4
      Jun 21 11:12:07 netbox openvpn[98932]: TLS: tls_process: timeout set to 2
      Jun 21 11:12:07 netbox openvpn[98932]: TLS: tls_multi_process: i=1 state=S_INITIAL, mysid=32e160cb df968b27, stored-sid=00000000 00000000, stored-ip=[AF_UNSPEC]
      Jun 21 11:12:07 netbox openvpn[98932]: TLS: tls_multi_process: i=2 state=S_UNDEF, mysid=00000000 00000000, stored-sid=00000000 00000000, stored-ip=[AF_UNSPEC]
      Jun 21 11:12:07 netbox openvpn[98932]: PO_CTL rwflags=0x0001 ev=5 arg=0x006a38c0
      Jun 21 11:12:07 netbox openvpn[98932]: PO_CTL rwflags=0x0001 ev=4 arg=0x006a26e8
      Jun 21 11:12:07 netbox openvpn[98932]: I/O WAIT T?|T?|SR|Sw [2/50141]
      Jun 21 11:12:07 netbox openvpn[98932]: PO_WAIT[0,0] fd=5 rev=0x00000001 rwflags=0x0001 arg=0x006a38c0 
      Jun 21 11:12:07 netbox openvpn[98932]:  event_wait returned 1
      Jun 21 11:12:07 netbox openvpn[98932]: I/O WAIT status=0x0001
      Jun 21 11:12:07 netbox openvpn[98932]: UDPv4 read returned 22
      Jun 21 11:12:07 netbox openvpn[98932]: UDPv4 READ [22] from [AF_INET]198.8.80.218:1197: P_ACK_V1 kid=0 sid=c2c928fd 0375e529 [ 4 sid=cb33d45e 1bfb5dae ]
      Jun 21 11:12:07 netbox openvpn[98932]: TLS: control channel, op=P_ACK_V1, IP=[AF_INET]198.8.80.218:1197
      Jun 21 11:12:07 netbox openvpn[98932]: TLS: initial packet test, i=0 state=S_ACTIVE, mysid=cb33d45e 1bfb5dae, rec-sid=c2c928fd 0375e529, rec-ip=[AF_INET]198.8.80.218:1197, stored-sid=c2c928fd 0375e529, stored-ip=[AF_INET]198.8.80.218:1197
      Jun 21 11:12:07 netbox openvpn[98932]: TLS: found match, session[0], sid=c2c928fd 0375e529
      Jun 21 11:12:07 netbox openvpn[98932]: TLS: received control channel packet s#=0 sid=c2c928fd 0375e529
      Jun 21 11:12:07 netbox openvpn[98932]: ACK received for pid 4, deleting from send buffer
      Jun 21 11:12:07 netbox openvpn[98932]: TLS: tls_multi_process: i=0 state=S_ACTIVE, mysid=cb33d45e 1bfb5dae, stored-sid=c2c928fd 0375e529, stored-ip=[AF_INET]198.8.80.218:1197
      Jun 21 11:12:07 netbox openvpn[98932]: TLS: tls_process: chg=0 ks=S_ACTIVE lame=S_UNDEF to_link->len=0 wakeup=604800
      Jun 21 11:12:07 netbox openvpn[98932]: ACK reliable_can_send active=0 current=0 : [5]
      Jun 21 11:12:07 netbox openvpn[98932]: ACK reliable_send_timeout 604800 [5]
      Jun 21 11:12:07 netbox openvpn[98932]: TLS: tls_process: timeout set to 59
      Jun 21 11:12:07 netbox openvpn[98932]: TLS: tls_multi_process: i=1 state=S_INITIAL, mysid=32e160cb df968b27, stored-sid=00000000 00000000, stored-ip=[AF_UNSPEC]
      Jun 21 11:12:07 netbox openvpn[98932]: TLS: tls_multi_process: i=2 state=S_UNDEF, mysid=00000000 00000000, stored-sid=00000000 00000000, stored-ip=[AF_UNSPEC]
      Jun 21 11:12:07 netbox openvpn[98932]: PO_CTL rwflags=0x0001 ev=5 arg=0x006a38c0
      Jun 21 11:12:07 netbox openvpn[98932]: PO_CTL rwflags=0x0001 ev=4 arg=0x006a26e8
      Jun 21 11:12:07 netbox openvpn[98932]: I/O WAIT T?|T?|SR|Sw [5/50141]
      Jun 21 11:12:07 netbox openvpn[98932]: PO_WAIT[0,0] fd=5 rev=0x00000001 rwflags=0x0001 arg=0x006a38c0 
      Jun 21 11:12:07 netbox openvpn[98932]:  event_wait returned 1
      Jun 21 11:12:07 netbox openvpn[98932]: I/O WAIT status=0x0001
      Jun 21 11:12:07 netbox openvpn[98932]: UDPv4 read returned 55
      Jun 21 11:12:07 netbox openvpn[98932]: UDPv4 READ [55] from [AF_INET]198.8.80.218:1197: P_CONTROL_V1 kid=0 sid=c2c928fd 0375e529 [ ] pid=7 DATA 17030300 24b20ea7 52f88fac 5d87bb3f 3ec003eb 34ccd696 812a1c4e 0a6e7ba[more...]
      Jun 21 11:12:07 netbox openvpn[98932]: TLS: control channel, op=P_CONTROL_V1, IP=[AF_INET]198.8.80.218:1197
      Jun 21 11:12:07 netbox openvpn[98932]: TLS: initial packet test, i=0 state=S_ACTIVE, mysid=cb33d45e 1bfb5dae, rec-sid=c2c928fd 0375e529, rec-ip=[AF_INET]198.8.80.218:1197, stored-sid=c2c928fd 0375e529, stored-ip=[AF_INET]198.8.80.218:1197
      Jun 21 11:12:07 netbox openvpn[98932]: TLS: found match, session[0], sid=c2c928fd 0375e529
      Jun 21 11:12:07 netbox openvpn[98932]: TLS: received control channel packet s#=0 sid=c2c928fd 0375e529
      Jun 21 11:12:07 netbox openvpn[98932]: ACK read ID 7 (buf->len=41)
      Jun 21 11:12:07 netbox openvpn[98932]: ACK RWBS rel->size=8 rel->packet_id=00000007 id=00000007 ret=1
      Jun 21 11:12:07 netbox openvpn[98932]: ACK mark active incoming ID 7
      Jun 21 11:12:07 netbox openvpn[98932]: ACK acknowledge ID 7 (ack->len=1)
      Jun 21 11:12:07 netbox openvpn[98932]: TLS: tls_multi_process: i=0 state=S_ACTIVE, mysid=cb33d45e 1bfb5dae, stored-sid=c2c928fd 0375e529, stored-ip=[AF_INET]198.8.80.218:1197
      Jun 21 11:12:07 netbox openvpn[98932]: TLS: tls_process: chg=0 ks=S_ACTIVE lame=S_UNDEF to_link->len=0 wakeup=604800
      Jun 21 11:12:07 netbox openvpn[98932]: ACK reliable_can_send active=0 current=0 : [5]
      Jun 21 11:12:07 netbox openvpn[98932]: BIO write tls_write_ciphertext 41 bytes
      Jun 21 11:12:07 netbox openvpn[98932]: Incoming Ciphertext -> TLS
      Jun 21 11:12:07 netbox openvpn[98932]: BIO read tls_read_plaintext 12 bytes
      Jun 21 11:12:07 netbox openvpn[98932]: TLS -> Incoming Plaintext
      Jun 21 11:12:07 netbox openvpn[98932]: TLS: tls_process: chg=1 ks=S_ACTIVE lame=S_UNDEF to_link->len=0 wakeup=604800
      Jun 21 11:12:07 netbox openvpn[98932]: ACK reliable_can_send active=0 current=0 : [5]
      Jun 21 11:12:07 netbox openvpn[98932]: ACK write ID 7 (ack->len=1, n=1)
      Jun 21 11:12:07 netbox openvpn[98932]: Dedicated ACK -> TCP/UDP
      Jun 21 11:12:07 netbox openvpn[98932]: ACK reliable_send_timeout 604800 [5]
      Jun 21 11:12:07 netbox openvpn[98932]: TLS: tls_process: timeout set to 59
      Jun 21 11:12:07 netbox openvpn[98932]: TLS: tls_multi_process: i=1 state=S_INITIAL, mysid=32e160cb df968b27, stored-sid=00000000 00000000, stored-ip=[AF_UNSPEC]
      Jun 21 11:12:07 netbox openvpn[98932]: TLS: tls_multi_process: i=2 state=S_UNDEF, mysid=00000000 00000000, stored-sid=00000000 00000000, stored-ip=[AF_UNSPEC]
      Jun 21 11:12:07 netbox openvpn[98932]: AUTH: Received control message: AUTH_FAILED
      Jun 21 11:12:07 netbox openvpn[98932]: PID packet_id_free
      Jun 21 11:12:07 netbox openvpn[98932]: SSL alert (write): warning: close notify
      Jun 21 11:12:07 netbox openvpn[98932]: PID packet_id_free
      Jun 21 11:12:07 netbox openvpn[98932]: PID packet_id_free
      Jun 21 11:12:07 netbox openvpn[98932]: PID packet_id_free
      Jun 21 11:12:07 netbox openvpn[98932]: PID packet_id_free
      Jun 21 11:12:07 netbox openvpn[98932]: PID packet_id_free
      Jun 21 11:12:07 netbox openvpn[98932]: PID packet_id_free
      Jun 21 11:12:07 netbox openvpn[98932]: PID packet_id_free
      Jun 21 11:12:07 netbox openvpn[98932]: TCP/UDP: Closing socket
      Jun 21 11:12:07 netbox openvpn[98932]: PID packet_id_free
      Jun 21 11:12:07 netbox openvpn[98932]: SIGTERM[soft,auth-failure] received, process exiting
      Jun 21 11:13:00 netbox openvpn[10065]: WARNING: file '/etc/openvpn-passwd.txt' is group or others accessible
      
      1 Reply Last reply Reply Quote 0
      • PippinP
        Pippin
        last edited by

        So you run OpenVPN 2.4.3 ?
        Where did that come from, automatic update?

        As stated, I have had a working OpenVPN config for many months now

        This seems to be your problem:

        WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1570', remote='link-mtu 1542'
        Jun 21 11:12:00 netbox openvpn{98932}: WARNING: 'cipher' is used inconsistently, local='cipher AES-256-CBC', remote='cipher BF-CBC'
        Jun 21 11:12:00 netbox openvpn{98932}: WARNING: 'auth' is used inconsistently, local='auth SHA256', remote='auth SHA1'
        Jun 21 11:12:00 netbox openvpn{98932}: WARNING: 'keysize' is used inconsistently, local='keysize 256', remote='keysize 128'
        

        I gloomily came to the ironic conclusion that if you take a highly intelligent person and give them the best possible, elite education, then you will most likely wind up with an academic who is completely impervious to reality.
        Halton Arp

        1 Reply Last reply Reply Quote 0
        • P
          pfBasic Banned
          last edited by

          pfSense 2.4.0 runs OpenVPN 2.4.x, I haven't paid attention to which .x version is released with latest BETA builds, but I haven't sideloaded anything if that's what you're asking.

          The "used inconsistently" logs I think I've always gotten? The VPN server I connect to is an AES-256-CBC, SHA-256 server, as is the CA I use. Nothing changed there, on my side at least. Possibly the provider changed their config? But I doubt it because I verified their CA today and it's the same as always?

          1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator
            last edited by

            "WARNING: 'cipher' is used inconsistently, local='cipher AES-256-CBC', remote='cipher BF-CBC'"

            I don't see how it would ever work if your not using the same ciphers..

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            1 Reply Last reply Reply Quote 0
            • P
              pfBasic Banned
              last edited by

              Why would that have changed then?

              It looks like the latest 2.4.0 BETA broke OpenVPN, but idk why it would change the cipher that the provider is using?

              https://forum.pfsense.org/index.php?topic=132538.0

              1 Reply Last reply Reply Quote 0
              • P
                pfBasic Banned
                last edited by

                I googled it and I was right, I have always received these warnings and they are normal. This isn't the issue.

                https://helpdesk.privateinternetaccess.com/hc/en-us/articles/225409027-Why-do-I-get-cipher-auth-warnings-when-I-connect-

                I see the same warnings from my VPN server if a client tries to connect with a non-standard or incorrect cipher, but it always just negotiates a working cipher and continues on.

                1 Reply Last reply Reply Quote 0
                • M
                  M_Devil
                  last edited by

                  Today PIA (Private Internet Access) VPN stop working after years of trouble free operation. Log file show: "AUTH: Received control message: AUTH_FAILED". Does your log file show this also?

                  On the site of PIA I can login with credentials.
                  Warnings about cipher are there for a long time and seems unrelated.
                  Also I did not update pfSense today, so problem seems to be at PIA side. Maybe related to new OpenVPN vulnerability, https://forum.pfsense.org/index.php?topic=132534.0.

                  1 Reply Last reply Reply Quote 0
                  • P
                    pfBasic Banned
                    last edited by

                    I do have that message in my logs.

                    Are you on pfSense 2.4.0 BETA?

                    I can connect (connected as I type this) to a PIA tunnel via their windows app using the same server, encryption, SHA & RSA settings as my pfSense uses. So I'm not sure what trouble PIA would be having, it looks like their end is working just fine?

                    1 Reply Last reply Reply Quote 0
                    • M
                      M_Devil
                      last edited by

                      Yes, I am using 2.4 Beta.

                      I don't think their end is working fine because last week I did't changes anything to my configuration (Beta update, configuration change).

                      1 Reply Last reply Reply Quote 0
                      • B
                        Biscuitsntea
                        last edited by

                        • Tried VPN user/pass in auth file (how it was originally) & in GUI fields

                        • Disabled IDS/IPS & cleared snort2c table to ensure it wasn't blocking anything

                        • Scrubbed my zpool to ensure no corruption

                        1 Reply Last reply Reply Quote 0
                        • M
                          M_Devil
                          last edited by

                          Hmm, when I try to submit an ticket on the site of PIA, it shows:

                          High Volume Queues
                          
                          We are currently experiencing higher than average ticket queues due to recent Customer Support and network changes. Please be assured we will answer your ticket.
                          

                          So it seems they changes something and working on it.

                          1 Reply Last reply Reply Quote 0
                          • B
                            Biscuitsntea
                            last edited by

                            At the time I noticed the issue I was still on beta release that was more than a week old. May have been a June 13 release… I made no changes to the config or update before the connection went down.

                            1 Reply Last reply Reply Quote 0
                            • johnpozJ
                              johnpoz LAYER 8 Global Moderator
                              last edited by

                              You shouldn't have to neg a cipher - you should set your client to use the cipher they are using..  This is going to prevent a shitton of problems..

                              Its possible they changed their config so before they had multiple ciphers possible, and now they only have the BF.. Change your client to use BF and see if you can connect.

                              edit:  I just upgraded mine to the latest build, remotely even. built on Wed Jun 21 01:52:48 CDT 2017

                              It rebooted and I am back on the vpn from work without any changes having to be done.  Currently running 2.4.3 on work machine, and my phone can connect in just fine as well.  And the vpn client I have from pfsense to my VPS is up and running as well, so clearly latest 2.4 build did not break openvpn ;)

                              I like the new blue login screen btw… And openpvn on this build is
                              Jun 21 14:18:01 openvpn 45809 OpenVPN 2.4.3 amd64-portbld-freebsd11.0 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Jun 21 2017

                              My previous build was
                              Jun 21 14:17:02 openvpn 46849 OpenVPN 2.4.2 amd64-portbld-freebsd11.0 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on May 12 2017

                              Since you did not change anything - I would think they broke something on their end.  I can connect to pfsense from multiple devices, and my pfsense can as a client connect to a server I run..

                              An intelligent man is sometimes forced to be drunk to spend time with his fools
                              If you get confused: Listen to the Music Play
                              Please don't Chat/PM me for help, unless mod related
                              SG-4860 24.11 | Lab VMs 2.8, 24.11

                              1 Reply Last reply Reply Quote 0
                              • P
                                pfBasic Banned
                                last edited by

                                My client is configured in a known working configuration. It's setup using the correct certificate on the correct port for the cipher and authentication that I'm using.

                                PIA made a post (I linked it a few posts earlier) stating that all those warnings are saying is that I'm requesting to use a cipher, auth, etc. that is non-default, but it will still work and connect in the method requested by the client. They are warnings not errors.

                                I did try changing my end to match the warnings, it doesn't do anything except fail with the same error sans those warnings.

                                1 Reply Last reply Reply Quote 0
                                • P
                                  pfBasic Banned
                                  last edited by

                                  It looks like it was on PIA's side. My desktop connection cycled, then my pfSense connection came back up with 0% packet loss. It looks like they fixed whatever it was on their end!

                                  1 Reply Last reply Reply Quote 0
                                  • B
                                    Biscuitsntea
                                    last edited by

                                    It is working again.

                                    PIA instructions here https://helpdesk.privateinternetaccess.com/hc/en-us/articles/218984968-What-is-the-difference-between-the-OpenVPN-config-files-on-your-website- state:

                                    "connect over UDP port 1198 with AES-128-CBC+SHA1, using the server name to connect."

                                    And instructions here https://helpdesk.privateinternetaccess.com/hc/en-us/articles/225274288-Which-encryption-auth-settings-should-I-use-for-ports-on-your-gateways-

                                    confirm using UDP port 1198 with AES-128-CBC and SHA1

                                    This was my working config on a 2.4.0 beta release a week old. I did not make a change in the router config nor did I perform an update; it simply stopped working. However, I have a Tomato router that is using the same credentials, .crt, and username/password and it connects.

                                    Strange that it was functional on a Tomato router during this 4 hour period but not on pfSense.

                                    1 Reply Last reply Reply Quote 0
                                    • B
                                      Biscuitsntea
                                      last edited by

                                      I spoke too soon. Down again on pfSense but still working on Tomato.

                                      1 Reply Last reply Reply Quote 0
                                      • M
                                        M_Devil
                                        last edited by

                                        Now working on UDP port 1197 with AES-256-CBC and SHA256

                                        1 Reply Last reply Reply Quote 0
                                        • P
                                          pfBasic Banned
                                          last edited by

                                          @Presbuteros:

                                          Strange that it was functional on a Tomato router during this 4 hour period but not on pfSense.

                                          Yeah that's really weird, or maybe not weird I just don't know the technical details to explain the reason why. My desktop client also never had an issue connecting on the same settings to the same server that pfSense was trying to.

                                          1 Reply Last reply Reply Quote 0
                                          • P
                                            pfBasic Banned
                                            last edited by

                                            @Presbuteros:

                                            I spoke too soon. Down again on pfSense but still working on Tomato.

                                            Mine is still up on pfSense.

                                            I wonder what's going on.

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.