Working OpenVPN (PIA) just stopped working?!
-
Jun 21 11:12:06 netbox openvpn[98932]: PO_WAIT[0,0] fd=5 rev=0x00000001 rwflags=0x0001 arg=0x006a38c0 Jun 21 11:12:06 netbox openvpn[98932]: event_wait returned 1 Jun 21 11:12:06 netbox openvpn[98932]: I/O WAIT status=0x0001 Jun 21 11:12:06 netbox openvpn[98932]: UDPv4 read returned 77 Jun 21 11:12:06 netbox openvpn[98932]: UDPv4 READ [77] from [AF_INET]198.8.80.218:1197: P_CONTROL_V1 kid=0 sid=c2c928fd 0375e529 [ 2 sid=cb33d45e 1bfb5dae ] pid=5 DATA 14030300 01011603 030028b2 0ea752f8 8fac5ba4 a792ab6c f3808d1c 7ca246a[more...] Jun 21 11:12:06 netbox openvpn[98932]: TLS: control channel, op=P_CONTROL_V1, IP=[AF_INET]198.8.80.218:1197 Jun 21 11:12:06 netbox openvpn[98932]: TLS: initial packet test, i=0 state=S_SENT_KEY, mysid=cb33d45e 1bfb5dae, rec-sid=c2c928fd 0375e529, rec-ip=[AF_INET]198.8.80.218:1197, stored-sid=c2c928fd 0375e529, stored-ip=[AF_INET]198.8.80.218:1197 Jun 21 11:12:06 netbox openvpn[98932]: TLS: found match, session[0], sid=c2c928fd 0375e529 Jun 21 11:12:06 netbox openvpn[98932]: TLS: received control channel packet s#=0 sid=c2c928fd 0375e529 Jun 21 11:12:06 netbox openvpn[98932]: ACK received for pid 2, deleting from send buffer Jun 21 11:12:06 netbox openvpn[98932]: ACK read ID 5 (buf->len=51) Jun 21 11:12:06 netbox openvpn[98932]: ACK RWBS rel->size=8 rel->packet_id=00000005 id=00000005 ret=1 Jun 21 11:12:06 netbox openvpn[98932]: ACK mark active incoming ID 5 Jun 21 11:12:06 netbox openvpn[98932]: ACK acknowledge ID 5 (ack->len=1) Jun 21 11:12:06 netbox openvpn[98932]: TLS: tls_multi_process: i=0 state=S_SENT_KEY, mysid=cb33d45e 1bfb5dae, stored-sid=c2c928fd 0375e529, stored-ip=[AF_INET]198.8.80.218:1197 Jun 21 11:12:06 netbox openvpn[98932]: TLS: tls_process: chg=0 ks=S_SENT_KEY lame=S_UNDEF to_link->len=0 wakeup=604800 Jun 21 11:12:06 netbox openvpn[98932]: ACK reliable_can_send active=0 current=0 : [3] Jun 21 11:12:06 netbox openvpn[98932]: BIO write tls_write_ciphertext 51 bytes Jun 21 11:12:06 netbox openvpn[98932]: Incoming Ciphertext -> TLS Jun 21 11:12:06 netbox openvpn[98932]: SSL state (connect): SSLv3 read finished A Jun 21 11:12:06 netbox openvpn[98932]: BIO write tls_write_plaintext 432 bytes Jun 21 11:12:06 netbox openvpn[98932]: Outgoing Plaintext -> TLS Jun 21 11:12:06 netbox openvpn[98932]: BIO read tls_read_ciphertext 461 bytes Jun 21 11:12:06 netbox openvpn[98932]: ACK mark active outgoing ID 3 Jun 21 11:12:06 netbox openvpn[98932]: Outgoing Ciphertext -> Reliable Jun 21 11:12:06 netbox openvpn[98932]: TLS: tls_process: chg=1 ks=S_SENT_KEY lame=S_UNDEF to_link->len=0 wakeup=604800 Jun 21 11:12:06 netbox openvpn[98932]: ACK reliable_can_send active=1 current=1 : [4] 3 Jun 21 11:12:06 netbox openvpn[98932]: ACK reliable_send ID 3 (size=465 to=2) Jun 21 11:12:06 netbox openvpn[98932]: ACK write ID 5 (ack->len=1, n=1) Jun 21 11:12:06 netbox openvpn[98932]: Reliable -> TCP/UDP Jun 21 11:12:06 netbox openvpn[98932]: ACK reliable_send_timeout 2 [4] 3 Jun 21 11:12:06 netbox openvpn[98932]: TLS: tls_process: timeout set to 2 Jun 21 11:12:06 netbox openvpn[98932]: TLS: tls_multi_process: i=1 state=S_INITIAL, mysid=32e160cb df968b27, stored-sid=00000000 00000000, stored-ip=[AF_UNSPEC] Jun 21 11:12:06 netbox openvpn[98932]: TLS: tls_multi_process: i=2 state=S_UNDEF, mysid=00000000 00000000, stored-sid=00000000 00000000, stored-ip=[AF_UNSPEC] Jun 21 11:12:06 netbox openvpn[98932]: PO_CTL rwflags=0x0003 ev=5 arg=0x006a38c0 Jun 21 11:12:06 netbox openvpn[98932]: PO_CTL rwflags=0x0001 ev=4 arg=0x006a26e8 Jun 21 11:12:06 netbox openvpn[98932]: I/O WAIT T?|T?|SR|SW [1/50141] Jun 21 11:12:06 netbox openvpn[98932]: PO_WAIT[0,0] fd=5 rev=0x00000004 rwflags=0x0002 arg=0x006a38c0 Jun 21 11:12:06 netbox openvpn[98932]: event_wait returned 1 Jun 21 11:12:06 netbox openvpn[98932]: I/O WAIT status=0x0002 Jun 21 11:12:06 netbox openvpn[98932]: UDPv4 WRITE [487] to [AF_INET]198.8.80.218:1197: P_CONTROL_V1 kid=0 sid=cb33d45e 1bfb5dae [ 5 sid=c2c928fd 0375e529 ] pid=3 DATA 17030301 c8e24234 a8479e50 3ffd861b fdb77985 f7533ade 4914d8aa f06cc01[more...] Jun 21 11:12:06 netbox openvpn[98932]: UDPv4 write returned 487 Jun 21 11:12:06 netbox openvpn[98932]: TLS: tls_multi_process: i=0 state=S_SENT_KEY, mysid=cb33d45e 1bfb5dae, stored-sid=c2c928fd 0375e529, stored-ip=[AF_INET]198.8.80.218:1197 Jun 21 11:12:06 netbox openvpn[98932]: TLS: tls_process: chg=0 ks=S_SENT_KEY lame=S_UNDEF to_link->len=0 wakeup=604800 Jun 21 11:12:06 netbox openvpn[98932]: ACK reliable_can_send active=1 current=0 : [4] 3 Jun 21 11:12:06 netbox openvpn[98932]: ACK reliable_send_timeout 2 [4] 3 Jun 21 11:12:06 netbox openvpn[98932]: TLS: tls_process: timeout set to 2 Jun 21 11:12:06 netbox openvpn[98932]: TLS: tls_multi_process: i=1 state=S_INITIAL, mysid=32e160cb df968b27, stored-sid=00000000 00000000, stored-ip=[AF_UNSPEC] Jun 21 11:12:06 netbox openvpn[98932]: TLS: tls_multi_process: i=2 state=S_UNDEF, mysid=00000000 00000000, stored-sid=00000000 00000000, stored-ip=[AF_UNSPEC] Jun 21 11:12:06 netbox openvpn[98932]: PO_CTL rwflags=0x0001 ev=5 arg=0x006a38c0 Jun 21 11:12:06 netbox openvpn[98932]: PO_CTL rwflags=0x0001 ev=4 arg=0x006a26e8 Jun 21 11:12:06 netbox openvpn[98932]: I/O WAIT T?|T?|SR|Sw [1/50141] Jun 21 11:12:06 netbox openvpn[98932]: PO_WAIT[0,0] fd=5 rev=0x00000001 rwflags=0x0001 arg=0x006a38c0 Jun 21 11:12:06 netbox openvpn[98932]: event_wait returned 1 Jun 21 11:12:06 netbox openvpn[98932]: I/O WAIT status=0x0001 Jun 21 11:12:06 netbox openvpn[98932]: UDPv4 read returned 256 Jun 21 11:12:06 netbox openvpn[98932]: UDPv4 READ [256] from [AF_INET]198.8.80.218:1197: P_CONTROL_V1 kid=0 sid=c2c928fd 0375e529 [ 3 sid=cb33d45e 1bfb5dae ] pid=6 DATA 17030300 e1b20ea7 52f88fac 5cfbe369 9a89d263 c3f9d664 174aaab3 0e0fb52[more...] Jun 21 11:12:06 netbox openvpn[98932]: TLS: control channel, op=P_CONTROL_V1, IP=[AF_INET]198.8.80.218:1197 Jun 21 11:12:06 netbox openvpn[98932]: TLS: initial packet test, i=0 state=S_SENT_KEY, mysid=cb33d45e 1bfb5dae, rec-sid=c2c928fd 0375e529, rec-ip=[AF_INET]198.8.80.218:1197, stored-sid=c2c928fd 0375e529, stored-ip=[AF_INET]198.8.80.218:1197 Jun 21 11:12:06 netbox openvpn[98932]: TLS: found match, session[0], sid=c2c928fd 0375e529 Jun 21 11:12:06 netbox openvpn[98932]: TLS: received control channel packet s#=0 sid=c2c928fd 0375e529 Jun 21 11:12:06 netbox openvpn[98932]: ACK received for pid 3, deleting from send buffer Jun 21 11:12:06 netbox openvpn[98932]: ACK read ID 6 (buf->len=230) Jun 21 11:12:06 netbox openvpn[98932]: ACK RWBS rel->size=8 rel->packet_id=00000006 id=00000006 ret=1 Jun 21 11:12:06 netbox openvpn[98932]: ACK mark active incoming ID 6 Jun 21 11:12:06 netbox openvpn[98932]: ACK acknowledge ID 6 (ack->len=1) Jun 21 11:12:06 netbox openvpn[98932]: TLS: tls_multi_process: i=0 state=S_SENT_KEY, mysid=cb33d45e 1bfb5dae, stored-sid=c2c928fd 0375e529, stored-ip=[AF_INET]198.8.80.218:1197 Jun 21 11:12:06 netbox openvpn[98932]: TLS: tls_process: chg=0 ks=S_SENT_KEY lame=S_UNDEF to_link->len=0 wakeup=604800 Jun 21 11:12:06 netbox openvpn[98932]: ACK reliable_can_send active=0 current=0 : [4] Jun 21 11:12:06 netbox openvpn[98932]: BIO write tls_write_ciphertext 230 bytes Jun 21 11:12:06 netbox openvpn[98932]: Incoming Ciphertext -> TLS Jun 21 11:12:06 netbox openvpn[98932]: BIO read tls_read_plaintext 201 bytes Jun 21 11:12:06 netbox openvpn[98932]: TLS -> Incoming Plaintext Jun 21 11:12:06 netbox openvpn[98932]: WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1570', remote='link-mtu 1542' Jun 21 11:12:06 netbox openvpn[98932]: WARNING: 'cipher' is used inconsistently, local='cipher AES-256-CBC', remote='cipher BF-CBC' Jun 21 11:12:06 netbox openvpn[98932]: WARNING: 'auth' is used inconsistently, local='auth SHA256', remote='auth SHA1' Jun 21 11:12:06 netbox openvpn[98932]: WARNING: 'keysize' is used inconsistently, local='keysize 256', remote='keysize 128' Jun 21 11:12:06 netbox openvpn[98932]: STATE S_GOT_KEY Jun 21 11:12:06 netbox openvpn[98932]: TLS: tls_process: chg=1 ks=S_GOT_KEY lame=S_UNDEF to_link->len=0 wakeup=604800 Jun 21 11:12:06 netbox openvpn[98932]: ACK reliable_can_send active=0 current=0 : [4] Jun 21 11:12:06 netbox openvpn[98932]: ACK write ID 6 (ack->len=1, n=1) Jun 21 11:12:06 netbox openvpn[98932]: Dedicated ACK -> TCP/UDP Jun 21 11:12:06 netbox openvpn[98932]: ACK reliable_send_timeout 604800 [4] Jun 21 11:12:06 netbox openvpn[98932]: TLS: tls_process: timeout set to 60 Jun 21 11:12:06 netbox openvpn[98932]: TLS: tls_multi_process: i=1 state=S_INITIAL, mysid=32e160cb df968b27, stored-sid=00000000 00000000, stored-ip=[AF_UNSPEC] Jun 21 11:12:06 netbox openvpn[98932]: TLS: tls_multi_process: i=2 state=S_UNDEF, mysid=00000000 00000000, stored-sid=00000000 00000000, stored-ip=[AF_UNSPEC] Jun 21 11:12:06 netbox openvpn[98932]: PO_CTL rwflags=0x0003 ev=5 arg=0x006a38c0 Jun 21 11:12:06 netbox openvpn[98932]: PO_CTL rwflags=0x0001 ev=4 arg=0x006a26e8 Jun 21 11:12:06 netbox openvpn[98932]: I/O WAIT T?|T?|SR|SW [1/50141] Jun 21 11:12:06 netbox openvpn[98932]: PO_WAIT[0,0] fd=5 rev=0x00000004 rwflags=0x0002 arg=0x006a38c0 Jun 21 11:12:06 netbox openvpn[98932]: event_wait returned 1 Jun 21 11:12:06 netbox openvpn[98932]: I/O WAIT status=0x0002 Jun 21 11:12:06 netbox openvpn[98932]: UDPv4 WRITE [22] to [AF_INET]198.8.80.218:1197: P_ACK_V1 kid=0 sid=cb33d45e 1bfb5dae [ 6 sid=c2c928fd 0375e529 ] Jun 21 11:12:06 netbox openvpn[98932]: UDPv4 write returned 22 Jun 21 11:12:06 netbox openvpn[98932]: TLS: tls_multi_process: i=0 state=S_GOT_KEY, mysid=cb33d45e 1bfb5dae, stored-sid=c2c928fd 0375e529, stored-ip=[AF_INET]198.8.80.218:1197 Jun 21 11:12:06 netbox openvpn[98932]: TLS: tls_process: chg=0 ks=S_GOT_KEY lame=S_UNDEF to_link->len=0 wakeup=604800 Jun 21 11:12:06 netbox openvpn[98932]: STATE S_ACTIVE Jun 21 11:12:06 netbox openvpn[98932]: Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 4096 bit RSA Jun 21 11:12:06 netbox openvpn[98932]: [cad10e306a226b20e547154b96cbb909] Peer Connection Initiated with [AF_INET]198.8.80.218:1197 Jun 21 11:12:06 netbox openvpn[98932]: ACK reliable_can_send active=0 current=0 : [4] Jun 21 11:12:06 netbox openvpn[98932]: TLS: tls_process: chg=1 ks=S_ACTIVE lame=S_UNDEF to_link->len=0 wakeup=604800 Jun 21 11:12:06 netbox openvpn[98932]: ACK reliable_can_send active=0 current=0 : [4] Jun 21 11:12:06 netbox openvpn[98932]: ACK reliable_send_timeout 604800 [4] Jun 21 11:12:06 netbox openvpn[98932]: TLS: tls_process: timeout set to 60 Jun 21 11:12:06 netbox openvpn[98932]: TLS: tls_multi_process: i=1 state=S_INITIAL, mysid=32e160cb df968b27, stored-sid=00000000 00000000, stored-ip=[AF_UNSPEC] Jun 21 11:12:06 netbox openvpn[98932]: TLS: tls_multi_process: i=2 state=S_UNDEF, mysid=00000000 00000000, stored-sid=00000000 00000000, stored-ip=[AF_UNSPEC] Jun 21 11:12:06 netbox openvpn[98932]: PO_CTL rwflags=0x0001 ev=5 arg=0x006a38c0 Jun 21 11:12:06 netbox openvpn[98932]: PO_CTL rwflags=0x0001 ev=4 arg=0x006a26e8 Jun 21 11:12:06 netbox openvpn[98932]: I/O WAIT T?|T?|SR|Sw [1/50141] Jun 21 11:12:07 netbox openvpn[98932]: event_wait returned 0 Jun 21 11:12:07 netbox openvpn[98932]: I/O WAIT status=0x0020 Jun 21 11:12:07 netbox openvpn[98932]: BIO write tls_write_plaintext_const 13 bytes Jun 21 11:12:07 netbox openvpn[98932]: SENT CONTROL [cad10e306a226b20e547154b96cbb909]: 'PUSH_REQUEST' (status=1) Jun 21 11:12:07 netbox openvpn[98932]: TIMER: coarse timer wakeup 0 seconds Jun 21 11:12:07 netbox openvpn[98932]: TLS: tls_multi_process: i=0 state=S_ACTIVE, mysid=cb33d45e 1bfb5dae, stored-sid=c2c928fd 0375e529, stored-ip=[AF_INET]198.8.80.218:1197 Jun 21 11:12:07 netbox openvpn[98932]: TLS: tls_process: chg=0 ks=S_ACTIVE lame=S_UNDEF to_link->len=0 wakeup=604800 Jun 21 11:12:07 netbox openvpn[98932]: ACK reliable_can_send active=0 current=0 : [4] Jun 21 11:12:07 netbox openvpn[98932]: BIO read tls_read_ciphertext 42 bytes Jun 21 11:12:07 netbox openvpn[98932]: ACK mark active outgoing ID 4 Jun 21 11:12:07 netbox openvpn[98932]: Outgoing Ciphertext -> Reliable Jun 21 11:12:07 netbox openvpn[98932]: TLS: tls_process: chg=1 ks=S_ACTIVE lame=S_UNDEF to_link->len=0 wakeup=604800 Jun 21 11:12:07 netbox openvpn[98932]: ACK reliable_can_send active=1 current=1 : [5] 4 Jun 21 11:12:07 netbox openvpn[98932]: ACK reliable_send ID 4 (size=46 to=2) Jun 21 11:12:07 netbox openvpn[98932]: Reliable -> TCP/UDP Jun 21 11:12:07 netbox openvpn[98932]: ACK reliable_send_timeout 2 [5] 4 Jun 21 11:12:07 netbox openvpn[98932]: TLS: tls_process: timeout set to 2 Jun 21 11:12:07 netbox openvpn[98932]: TLS: tls_multi_process: i=1 state=S_INITIAL, mysid=32e160cb df968b27, stored-sid=00000000 00000000, stored-ip=[AF_UNSPEC] Jun 21 11:12:07 netbox openvpn[98932]: TLS: tls_multi_process: i=2 state=S_UNDEF, mysid=00000000 00000000, stored-sid=00000000 00000000, stored-ip=[AF_UNSPEC] Jun 21 11:12:07 netbox openvpn[98932]: PO_CTL rwflags=0x0003 ev=5 arg=0x006a38c0 Jun 21 11:12:07 netbox openvpn[98932]: PO_CTL rwflags=0x0001 ev=4 arg=0x006a26e8 Jun 21 11:12:07 netbox openvpn[98932]: I/O WAIT T?|T?|SR|SW [0/0] Jun 21 11:12:07 netbox openvpn[98932]: PO_WAIT[0,0] fd=5 rev=0x00000004 rwflags=0x0002 arg=0x006a38c0 Jun 21 11:12:07 netbox openvpn[98932]: event_wait returned 1 Jun 21 11:12:07 netbox openvpn[98932]: I/O WAIT status=0x0002 Jun 21 11:12:07 netbox openvpn[98932]: UDPv4 WRITE [56] to [AF_INET]198.8.80.218:1197: P_CONTROL_V1 kid=0 sid=cb33d45e 1bfb5dae [ ] pid=4 DATA 17030300 25e24234 a8479e50 404742e8 4721ed4e f0133815 94237643 3ce16cc[more...] Jun 21 11:12:07 netbox openvpn[98932]: UDPv4 write returned 56 Jun 21 11:12:07 netbox openvpn[98932]: TIMER: coarse timer wakeup 5 seconds Jun 21 11:12:07 netbox openvpn[98932]: TLS: tls_multi_process: i=0 state=S_ACTIVE, mysid=cb33d45e 1bfb5dae, stored-sid=c2c928fd 0375e529, stored-ip=[AF_INET]198.8.80.218:1197 Jun 21 11:12:07 netbox openvpn[98932]: TLS: tls_process: chg=0 ks=S_ACTIVE lame=S_UNDEF to_link->len=0 wakeup=604800 Jun 21 11:12:07 netbox openvpn[98932]: ACK reliable_can_send active=1 current=0 : [5] 4 Jun 21 11:12:07 netbox openvpn[98932]: ACK reliable_send_timeout 2 [5] 4 Jun 21 11:12:07 netbox openvpn[98932]: TLS: tls_process: timeout set to 2 Jun 21 11:12:07 netbox openvpn[98932]: TLS: tls_multi_process: i=1 state=S_INITIAL, mysid=32e160cb df968b27, stored-sid=00000000 00000000, stored-ip=[AF_UNSPEC] Jun 21 11:12:07 netbox openvpn[98932]: TLS: tls_multi_process: i=2 state=S_UNDEF, mysid=00000000 00000000, stored-sid=00000000 00000000, stored-ip=[AF_UNSPEC] Jun 21 11:12:07 netbox openvpn[98932]: PO_CTL rwflags=0x0001 ev=5 arg=0x006a38c0 Jun 21 11:12:07 netbox openvpn[98932]: PO_CTL rwflags=0x0001 ev=4 arg=0x006a26e8 Jun 21 11:12:07 netbox openvpn[98932]: I/O WAIT T?|T?|SR|Sw [2/50141] Jun 21 11:12:07 netbox openvpn[98932]: PO_WAIT[0,0] fd=5 rev=0x00000001 rwflags=0x0001 arg=0x006a38c0 Jun 21 11:12:07 netbox openvpn[98932]: event_wait returned 1 Jun 21 11:12:07 netbox openvpn[98932]: I/O WAIT status=0x0001 Jun 21 11:12:07 netbox openvpn[98932]: UDPv4 read returned 22 Jun 21 11:12:07 netbox openvpn[98932]: UDPv4 READ [22] from [AF_INET]198.8.80.218:1197: P_ACK_V1 kid=0 sid=c2c928fd 0375e529 [ 4 sid=cb33d45e 1bfb5dae ] Jun 21 11:12:07 netbox openvpn[98932]: TLS: control channel, op=P_ACK_V1, IP=[AF_INET]198.8.80.218:1197 Jun 21 11:12:07 netbox openvpn[98932]: TLS: initial packet test, i=0 state=S_ACTIVE, mysid=cb33d45e 1bfb5dae, rec-sid=c2c928fd 0375e529, rec-ip=[AF_INET]198.8.80.218:1197, stored-sid=c2c928fd 0375e529, stored-ip=[AF_INET]198.8.80.218:1197 Jun 21 11:12:07 netbox openvpn[98932]: TLS: found match, session[0], sid=c2c928fd 0375e529 Jun 21 11:12:07 netbox openvpn[98932]: TLS: received control channel packet s#=0 sid=c2c928fd 0375e529 Jun 21 11:12:07 netbox openvpn[98932]: ACK received for pid 4, deleting from send buffer Jun 21 11:12:07 netbox openvpn[98932]: TLS: tls_multi_process: i=0 state=S_ACTIVE, mysid=cb33d45e 1bfb5dae, stored-sid=c2c928fd 0375e529, stored-ip=[AF_INET]198.8.80.218:1197 Jun 21 11:12:07 netbox openvpn[98932]: TLS: tls_process: chg=0 ks=S_ACTIVE lame=S_UNDEF to_link->len=0 wakeup=604800 Jun 21 11:12:07 netbox openvpn[98932]: ACK reliable_can_send active=0 current=0 : [5] Jun 21 11:12:07 netbox openvpn[98932]: ACK reliable_send_timeout 604800 [5] Jun 21 11:12:07 netbox openvpn[98932]: TLS: tls_process: timeout set to 59 Jun 21 11:12:07 netbox openvpn[98932]: TLS: tls_multi_process: i=1 state=S_INITIAL, mysid=32e160cb df968b27, stored-sid=00000000 00000000, stored-ip=[AF_UNSPEC] Jun 21 11:12:07 netbox openvpn[98932]: TLS: tls_multi_process: i=2 state=S_UNDEF, mysid=00000000 00000000, stored-sid=00000000 00000000, stored-ip=[AF_UNSPEC] Jun 21 11:12:07 netbox openvpn[98932]: PO_CTL rwflags=0x0001 ev=5 arg=0x006a38c0 Jun 21 11:12:07 netbox openvpn[98932]: PO_CTL rwflags=0x0001 ev=4 arg=0x006a26e8 Jun 21 11:12:07 netbox openvpn[98932]: I/O WAIT T?|T?|SR|Sw [5/50141] Jun 21 11:12:07 netbox openvpn[98932]: PO_WAIT[0,0] fd=5 rev=0x00000001 rwflags=0x0001 arg=0x006a38c0 Jun 21 11:12:07 netbox openvpn[98932]: event_wait returned 1 Jun 21 11:12:07 netbox openvpn[98932]: I/O WAIT status=0x0001 Jun 21 11:12:07 netbox openvpn[98932]: UDPv4 read returned 55 Jun 21 11:12:07 netbox openvpn[98932]: UDPv4 READ [55] from [AF_INET]198.8.80.218:1197: P_CONTROL_V1 kid=0 sid=c2c928fd 0375e529 [ ] pid=7 DATA 17030300 24b20ea7 52f88fac 5d87bb3f 3ec003eb 34ccd696 812a1c4e 0a6e7ba[more...] Jun 21 11:12:07 netbox openvpn[98932]: TLS: control channel, op=P_CONTROL_V1, IP=[AF_INET]198.8.80.218:1197 Jun 21 11:12:07 netbox openvpn[98932]: TLS: initial packet test, i=0 state=S_ACTIVE, mysid=cb33d45e 1bfb5dae, rec-sid=c2c928fd 0375e529, rec-ip=[AF_INET]198.8.80.218:1197, stored-sid=c2c928fd 0375e529, stored-ip=[AF_INET]198.8.80.218:1197 Jun 21 11:12:07 netbox openvpn[98932]: TLS: found match, session[0], sid=c2c928fd 0375e529 Jun 21 11:12:07 netbox openvpn[98932]: TLS: received control channel packet s#=0 sid=c2c928fd 0375e529 Jun 21 11:12:07 netbox openvpn[98932]: ACK read ID 7 (buf->len=41) Jun 21 11:12:07 netbox openvpn[98932]: ACK RWBS rel->size=8 rel->packet_id=00000007 id=00000007 ret=1 Jun 21 11:12:07 netbox openvpn[98932]: ACK mark active incoming ID 7 Jun 21 11:12:07 netbox openvpn[98932]: ACK acknowledge ID 7 (ack->len=1) Jun 21 11:12:07 netbox openvpn[98932]: TLS: tls_multi_process: i=0 state=S_ACTIVE, mysid=cb33d45e 1bfb5dae, stored-sid=c2c928fd 0375e529, stored-ip=[AF_INET]198.8.80.218:1197 Jun 21 11:12:07 netbox openvpn[98932]: TLS: tls_process: chg=0 ks=S_ACTIVE lame=S_UNDEF to_link->len=0 wakeup=604800 Jun 21 11:12:07 netbox openvpn[98932]: ACK reliable_can_send active=0 current=0 : [5] Jun 21 11:12:07 netbox openvpn[98932]: BIO write tls_write_ciphertext 41 bytes Jun 21 11:12:07 netbox openvpn[98932]: Incoming Ciphertext -> TLS Jun 21 11:12:07 netbox openvpn[98932]: BIO read tls_read_plaintext 12 bytes Jun 21 11:12:07 netbox openvpn[98932]: TLS -> Incoming Plaintext Jun 21 11:12:07 netbox openvpn[98932]: TLS: tls_process: chg=1 ks=S_ACTIVE lame=S_UNDEF to_link->len=0 wakeup=604800 Jun 21 11:12:07 netbox openvpn[98932]: ACK reliable_can_send active=0 current=0 : [5] Jun 21 11:12:07 netbox openvpn[98932]: ACK write ID 7 (ack->len=1, n=1) Jun 21 11:12:07 netbox openvpn[98932]: Dedicated ACK -> TCP/UDP Jun 21 11:12:07 netbox openvpn[98932]: ACK reliable_send_timeout 604800 [5] Jun 21 11:12:07 netbox openvpn[98932]: TLS: tls_process: timeout set to 59 Jun 21 11:12:07 netbox openvpn[98932]: TLS: tls_multi_process: i=1 state=S_INITIAL, mysid=32e160cb df968b27, stored-sid=00000000 00000000, stored-ip=[AF_UNSPEC] Jun 21 11:12:07 netbox openvpn[98932]: TLS: tls_multi_process: i=2 state=S_UNDEF, mysid=00000000 00000000, stored-sid=00000000 00000000, stored-ip=[AF_UNSPEC] Jun 21 11:12:07 netbox openvpn[98932]: AUTH: Received control message: AUTH_FAILED Jun 21 11:12:07 netbox openvpn[98932]: PID packet_id_free Jun 21 11:12:07 netbox openvpn[98932]: SSL alert (write): warning: close notify Jun 21 11:12:07 netbox openvpn[98932]: PID packet_id_free Jun 21 11:12:07 netbox openvpn[98932]: PID packet_id_free Jun 21 11:12:07 netbox openvpn[98932]: PID packet_id_free Jun 21 11:12:07 netbox openvpn[98932]: PID packet_id_free Jun 21 11:12:07 netbox openvpn[98932]: PID packet_id_free Jun 21 11:12:07 netbox openvpn[98932]: PID packet_id_free Jun 21 11:12:07 netbox openvpn[98932]: PID packet_id_free Jun 21 11:12:07 netbox openvpn[98932]: TCP/UDP: Closing socket Jun 21 11:12:07 netbox openvpn[98932]: PID packet_id_free Jun 21 11:12:07 netbox openvpn[98932]: SIGTERM[soft,auth-failure] received, process exiting Jun 21 11:13:00 netbox openvpn[10065]: WARNING: file '/etc/openvpn-passwd.txt' is group or others accessible
-
So you run OpenVPN 2.4.3 ?
Where did that come from, automatic update?As stated, I have had a working OpenVPN config for many months now
This seems to be your problem:
WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1570', remote='link-mtu 1542' Jun 21 11:12:00 netbox openvpn{98932}: WARNING: 'cipher' is used inconsistently, local='cipher AES-256-CBC', remote='cipher BF-CBC' Jun 21 11:12:00 netbox openvpn{98932}: WARNING: 'auth' is used inconsistently, local='auth SHA256', remote='auth SHA1' Jun 21 11:12:00 netbox openvpn{98932}: WARNING: 'keysize' is used inconsistently, local='keysize 256', remote='keysize 128'
-
pfSense 2.4.0 runs OpenVPN 2.4.x, I haven't paid attention to which .x version is released with latest BETA builds, but I haven't sideloaded anything if that's what you're asking.
The "used inconsistently" logs I think I've always gotten? The VPN server I connect to is an AES-256-CBC, SHA-256 server, as is the CA I use. Nothing changed there, on my side at least. Possibly the provider changed their config? But I doubt it because I verified their CA today and it's the same as always?
-
"WARNING: 'cipher' is used inconsistently, local='cipher AES-256-CBC', remote='cipher BF-CBC'"
I don't see how it would ever work if your not using the same ciphers..
-
Why would that have changed then?
It looks like the latest 2.4.0 BETA broke OpenVPN, but idk why it would change the cipher that the provider is using?
https://forum.pfsense.org/index.php?topic=132538.0
-
I googled it and I was right, I have always received these warnings and they are normal. This isn't the issue.
https://helpdesk.privateinternetaccess.com/hc/en-us/articles/225409027-Why-do-I-get-cipher-auth-warnings-when-I-connect-
I see the same warnings from my VPN server if a client tries to connect with a non-standard or incorrect cipher, but it always just negotiates a working cipher and continues on.
-
Today PIA (Private Internet Access) VPN stop working after years of trouble free operation. Log file show: "AUTH: Received control message: AUTH_FAILED". Does your log file show this also?
On the site of PIA I can login with credentials.
Warnings about cipher are there for a long time and seems unrelated.
Also I did not update pfSense today, so problem seems to be at PIA side. Maybe related to new OpenVPN vulnerability, https://forum.pfsense.org/index.php?topic=132534.0. -
I do have that message in my logs.
Are you on pfSense 2.4.0 BETA?
I can connect (connected as I type this) to a PIA tunnel via their windows app using the same server, encryption, SHA & RSA settings as my pfSense uses. So I'm not sure what trouble PIA would be having, it looks like their end is working just fine?
-
Yes, I am using 2.4 Beta.
I don't think their end is working fine because last week I did't changes anything to my configuration (Beta update, configuration change).
-
-
Tried VPN user/pass in auth file (how it was originally) & in GUI fields
-
Disabled IDS/IPS & cleared snort2c table to ensure it wasn't blocking anything
-
Scrubbed my zpool to ensure no corruption
-
-
Hmm, when I try to submit an ticket on the site of PIA, it shows:
High Volume Queues We are currently experiencing higher than average ticket queues due to recent Customer Support and network changes. Please be assured we will answer your ticket.
So it seems they changes something and working on it.
-
At the time I noticed the issue I was still on beta release that was more than a week old. May have been a June 13 release… I made no changes to the config or update before the connection went down.
-
You shouldn't have to neg a cipher - you should set your client to use the cipher they are using.. This is going to prevent a shitton of problems..
Its possible they changed their config so before they had multiple ciphers possible, and now they only have the BF.. Change your client to use BF and see if you can connect.
edit: I just upgraded mine to the latest build, remotely even. built on Wed Jun 21 01:52:48 CDT 2017
It rebooted and I am back on the vpn from work without any changes having to be done. Currently running 2.4.3 on work machine, and my phone can connect in just fine as well. And the vpn client I have from pfsense to my VPS is up and running as well, so clearly latest 2.4 build did not break openvpn ;)
I like the new blue login screen btw… And openpvn on this build is
Jun 21 14:18:01 openvpn 45809 OpenVPN 2.4.3 amd64-portbld-freebsd11.0 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Jun 21 2017My previous build was
Jun 21 14:17:02 openvpn 46849 OpenVPN 2.4.2 amd64-portbld-freebsd11.0 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on May 12 2017Since you did not change anything - I would think they broke something on their end. I can connect to pfsense from multiple devices, and my pfsense can as a client connect to a server I run..
-
My client is configured in a known working configuration. It's setup using the correct certificate on the correct port for the cipher and authentication that I'm using.
PIA made a post (I linked it a few posts earlier) stating that all those warnings are saying is that I'm requesting to use a cipher, auth, etc. that is non-default, but it will still work and connect in the method requested by the client. They are warnings not errors.
I did try changing my end to match the warnings, it doesn't do anything except fail with the same error sans those warnings.
-
It looks like it was on PIA's side. My desktop connection cycled, then my pfSense connection came back up with 0% packet loss. It looks like they fixed whatever it was on their end!
-
It is working again.
PIA instructions here https://helpdesk.privateinternetaccess.com/hc/en-us/articles/218984968-What-is-the-difference-between-the-OpenVPN-config-files-on-your-website- state:
"connect over UDP port 1198 with AES-128-CBC+SHA1, using the server name to connect."
And instructions here https://helpdesk.privateinternetaccess.com/hc/en-us/articles/225274288-Which-encryption-auth-settings-should-I-use-for-ports-on-your-gateways-
confirm using UDP port 1198 with AES-128-CBC and SHA1
This was my working config on a 2.4.0 beta release a week old. I did not make a change in the router config nor did I perform an update; it simply stopped working. However, I have a Tomato router that is using the same credentials, .crt, and username/password and it connects.
Strange that it was functional on a Tomato router during this 4 hour period but not on pfSense.
-
I spoke too soon. Down again on pfSense but still working on Tomato.
-
Now working on UDP port 1197 with AES-256-CBC and SHA256
-
@Presbuteros:
Strange that it was functional on a Tomato router during this 4 hour period but not on pfSense.
Yeah that's really weird, or maybe not weird I just don't know the technical details to explain the reason why. My desktop client also never had an issue connecting on the same settings to the same server that pfSense was trying to.
-
@Presbuteros:
I spoke too soon. Down again on pfSense but still working on Tomato.
Mine is still up on pfSense.
I wonder what's going on.